iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f9a43007d3
linux/net
History
Pablo Neira Ayuso f9a43007d3 netfilter: nf_tables: double hook unregistration in netns path 
__nft_release_hooks() is called from pre_netns exit path which
unregisters the hooks, then the NETDEV_UNREGISTER event is triggered
which unregisters the hooks again.

[  565.221461] WARNING: CPU: 18 PID: 193 at net/netfilter/core.c:495 __nf_unregister_net_hook+0x247/0x270
[...]
[  565.246890] CPU: 18 PID: 193 Comm: kworker/u64:1 Tainted: G            E     5.18.0-rc7+ #27
[  565.253682] Workqueue: netns cleanup_net
[  565.257059] RIP: 0010:__nf_unregister_net_hook+0x247/0x270
[...]
[  565.297120] Call Trace:
[  565.300900]  <TASK>
[  565.304683]  nf_tables_flowtable_event+0x16a/0x220 [nf_tables]
[  565.308518]  raw_notifier_call_chain+0x63/0x80
[  565.312386]  unregister_netdevice_many+0x54f/0xb50

Unregister and destroy netdev hook from netns pre_exit via kfree_rcu
so the NETDEV_UNREGISTER path see unregistered hooks.

Fixes: 767d1216bf ("netfilter: nftables: fix possible UAF over chains from packet path in netns")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2022-05-31 23:13:10 +02:00
..
6lowpan
9p
802
8021q net: add netif_inherit_tso_max() 2022-05-06 12:07:56 +01:00
appletalk net: remove noblock parameter from skb_recv_datagram() 2022-04-06 13:45:26 +01:00
atm net: SO_RCVMARK socket option for SO_MARK with recvmsg() 2022-04-28 13:08:15 -07:00
ax25 ax25: merge repeat codes in ax25_dev_device_down() 2022-05-17 12:24:16 +02:00
batman-adv net: wrap the wireless pointers in struct net_device in an ifdef 2022-05-22 21:51:54 +01:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-23 21:19:17 -07:00
bpf Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2022-05-23 16:07:14 -07:00
bpfilter
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-19 11:23:59 -07:00
caif net: remove noblock parameter from skb_recv_datagram() 2022-04-06 13:45:26 +01:00
can can: isotp: isotp_bind(): do not validate unused address information 2022-05-19 22:11:28 +02:00
ceph libceph: fix misleading ceph_osdc_cancel_request() comment 2022-05-18 21:21:29 +02:00
core net, neigh: Set lower cap for neigh_managed_work rearming 2022-05-25 22:00:48 -07:00
dcb
dccp net: Add a second bind table hashed by port and address 2022-05-20 18:16:24 -07:00
decnet dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown 2022-05-17 18:03:23 -07:00
dns_resolver
dsa net: dsa: OF-ware slave_mii_bus 2022-05-23 12:27:53 +01:00
ethernet net: ethernet: set default assignment identifier to NET_NAME_ENUM 2022-04-07 21:04:03 -07:00
ethtool ethtool: Add 10base-T1L link mode entry 2022-05-01 17:45:35 +01:00
hsr
ieee802154 net: SO_RCVMARK socket option for SO_MARK with recvmsg() 2022-04-28 13:08:15 -07:00
ife
ipv4 net: ipv4: Avoid bounds check warning 2022-05-30 21:21:12 -07:00
ipv6 net/ipv6: Expand and rename accept_unsolicited_na to accept_untracked_na 2022-05-31 11:36:57 +02:00
iucv net: remove noblock parameter from skb_recv_datagram() 2022-04-06 13:45:26 +01:00
kcm
key Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-19 11:23:59 -07:00
l2tp l2tp: use add READ_ONCE() to fetch sk->sk_bound_dev_if 2022-05-16 10:31:06 +01:00
l3mdev l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 2022-04-15 14:27:24 -07:00
lapb
llc llc: only change llc->dev when bind() succeeds 2022-03-25 16:55:41 -07:00
mac80211 wireless-next patches for v5.19 2022-05-19 13:01:08 -07:00
mac802154 net: mac802154: Fix symbol durations 2022-04-30 20:29:47 +02:00
mctp Networking changes for 5.19. 2022-05-25 12:22:58 -07:00
mpls net: mpls: fix memdup.cocci warning 2022-04-07 21:06:41 -07:00
mptcp Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2022-05-23 16:07:14 -07:00
ncsi
netfilter netfilter: nf_tables: double hook unregistration in netns path 2022-05-31 23:13:10 +02:00
netlabel netlabel: fix out-of-bounds memory accesses 2022-03-21 10:59:11 +00:00
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-12 16:15:30 -07:00
netrom net: remove noblock parameter from skb_recv_datagram() 2022-04-06 13:45:26 +01:00
nfc net: nfc: Directly use ida_alloc()/free() 2022-05-28 15:28:47 +01:00
nsh
openvswitch openvswitch: fix OOB access in reserve_sfa_size() 2022-04-15 11:50:02 +01:00
packet net: SO_RCVMARK socket option for SO_MARK with recvmsg() 2022-04-28 13:08:15 -07:00
phonet net: remove noblock parameter from recvmsg() entities 2022-04-12 15:00:25 +02:00
psample
qrtr net: remove noblock parameter from skb_recv_datagram() 2022-04-06 13:45:26 +01:00
rds net: rds: use maybe_get_net() when acquiring refcount on TCP sockets 2022-05-05 16:44:49 -07:00
rfkill rfkill: make new event layout opt-in 2022-03-18 13:09:17 +02:00
rose ROSE: Remove unused code and clean up some inconsistent indenting 2022-05-09 17:19:27 -07:00
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-23 21:19:17 -07:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-19 11:23:59 -07:00
sctp stcp: Use memset_after() to zero sctp_stream_out_ext 2022-05-20 17:42:53 -07:00
smc net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *" 2022-05-28 12:36:26 +01:00
strparser
sunrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-19 11:23:59 -07:00
switchdev
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-23 10:53:49 -07:00
tls net: tls: fix messing up lists when bpf enabled 2022-05-19 17:55:06 -07:00
unix Networking changes for 5.19. 2022-05-25 12:22:58 -07:00
vmw_vsock vsock/virtio: add support for device suspend/resume 2022-05-02 16:04:34 -07:00
wireless wireless-next patches for v5.19 2022-05-19 13:01:08 -07:00
x25 x25: remove redundant pointer dev 2022-05-10 11:59:22 +02:00
xdp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-04-28 13:02:01 -07:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-19 11:23:59 -07:00
compat.c
devres.c
Kconfig
Kconfig.debug net: add CONFIG_DEBUG_NET 2022-05-11 12:43:10 +01:00
Makefile
socket.c Networking changes for 5.19. 2022-05-25 12:22:58 -07:00
sysctl_net.c