OrgACRN
/
acrn-kernel
mirror of https://github.com/projectacrn/acrn-kernel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

netfilter: nftables: bogus check for netlink portID with table owner 

The existing branch checks for 0 != table->nlpid which always evaluates
true for tables that have an owner.

Fixes: 6001a930ce ("netfilter: nftables: introduce table ownership")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso 2021-03-04 04:00:09 +01:00
parent 2888b080d0
commit bd1777b3a8
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
net/netfilter/nf_tables_api.c
View File

@ -9083,13 +9083,12 @@ static void __nft_release_table(struct net *net, struct nft_table *table)
nf_tables_table_destroy(&ctx); nf_tables_table_destroy(&ctx);
} }
static void __nft_release_tables(struct net *net, u32 nlpid) static void __nft_release_tables(struct net *net)
{ {
struct nft_table *table, *nt; struct nft_table *table, *nt;
list_for_each_entry_safe(table, nt, &net->nft.tables, list) { list_for_each_entry_safe(table, nt, &net->nft.tables, list) {
if (nft_table_has_owner(table) && if (nft_table_has_owner(table))
nlpid != table->nlpid)
continue; continue;
__nft_release_table(net, table); __nft_release_table(net, table);
@ -9155,7 +9154,7 @@ static void __net_exit nf_tables_exit_net(struct net *net)
mutex_lock(&net->nft.commit_mutex); mutex_lock(&net->nft.commit_mutex);
if (!list_empty(&net->nft.commit_list)) if (!list_empty(&net->nft.commit_list))
__nf_tables_abort(net, NFNL_ABORT_NONE); __nf_tables_abort(net, NFNL_ABORT_NONE);
__nft_release_tables(net, 0); __nft_release_tables(net);
mutex_unlock(&net->nft.commit_mutex); mutex_unlock(&net->nft.commit_mutex);
WARN_ON_ONCE(!list_empty(&net->nft.tables)); WARN_ON_ONCE(!list_empty(&net->nft.tables));
WARN_ON_ONCE(!list_empty(&net->nft.module_list)); WARN_ON_ONCE(!list_empty(&net->nft.module_list));