netfilter: nf_tables: can't fail after linking rule into active rule list - openslx/kernel-qcow2-linux.git

diff options

author	Florian Westphal	2018-04-10 09:30:27 +0200
committer	Pablo Neira Ayuso	2018-04-16 17:47:26 +0200
commit	569ccae68b38654f04b6842b034aa33857f605fe (patch)
tree	4223504432e7e88caa9f8b4275c06259794720a6 /drivers
parent	netfilter: fix CONFIG_NF_REJECT_IPV6=m link error (diff)
download	kernel-qcow2-linux-569ccae68b38654f04b6842b034aa33857f605fe.tar.gz kernel-qcow2-linux-569ccae68b38654f04b6842b034aa33857f605fe.tar.xz kernel-qcow2-linux-569ccae68b38654f04b6842b034aa33857f605fe.zip

netfilter: nf_tables: can't fail after linking rule into active rule list

rules in nftables a free'd using kfree, but protected by rcu, i.e. we must wait for a grace period to elapse. Normal removal patch does this, but nf_tables_newrule() doesn't obey this rule during error handling. It calls nft_trans_rule_add() *after* linking rule, and, if that fails to allocate memory, it unlinks the rule and then kfree() it -- this is unsafe. Switch order -- first add rule to transaction list, THEN link it to public list. Note: nft_trans_rule_add() uses GFP_KERNEL; it will not fail so this is not a problem in practice (spotted only during code review). Fixes: 0628b123c96d12 ("netfilter: nfnetlink: add batch support and use it from nf_tables") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'drivers')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: