Skip to content

Commit a45e688

Browse files
ummakynesummakynes
committed
netfilter: nf_tables: release batch on table validation from abort path
Unlike early commit path stage which triggers a call to abort, an explicit release of the batch is required on abort, otherwise mutex is released and commit_list remains in place. Add WARN_ON_ONCE to ensure commit_list is empty from the abort path before releasing the mutex. After this patch, commit_list is always assumed to be empty before grabbing the mutex, therefore 03c1f1e ("netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()") only needs to release the pending modules for registration. Cc: [email protected] Fixes: c0391b6 ("netfilter: nf_tables: missing validation from the abort path") Signed-off-by: Pablo Neira Ayuso <[email protected]>
1 parent 72076fc commit a45e688

File tree

1 file changed

+10
-5
lines changed

1 file changed

+10
-5
lines changed

net/netfilter/nf_tables_api.c

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10455,10 +10455,11 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action)
1045510455
struct nft_trans *trans, *next;
1045610456
LIST_HEAD(set_update_list);
1045710457
struct nft_trans_elem *te;
10458+
int err = 0;
1045810459

1045910460
if (action == NFNL_ABORT_VALIDATE &&
1046010461
nf_tables_validate(net) < 0)
10461-
return -EAGAIN;
10462+
err = -EAGAIN;
1046210463

1046310464
list_for_each_entry_safe_reverse(trans, next, &nft_net->commit_list,
1046410465
list) {
@@ -10655,7 +10656,7 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action)
1065510656
else
1065610657
nf_tables_module_autoload_cleanup(net);
1065710658

10658-
return 0;
10659+
return err;
1065910660
}
1066010661

1066110662
static int nf_tables_abort(struct net *net, struct sk_buff *skb,
@@ -10668,6 +10669,9 @@ static int nf_tables_abort(struct net *net, struct sk_buff *skb,
1066810669
gc_seq = nft_gc_seq_begin(nft_net);
1066910670
ret = __nf_tables_abort(net, action);
1067010671
nft_gc_seq_end(nft_net, gc_seq);
10672+
10673+
WARN_ON_ONCE(!list_empty(&nft_net->commit_list));
10674+
1067110675
mutex_unlock(&nft_net->commit_mutex);
1067210676

1067310677
return ret;
@@ -11473,9 +11477,10 @@ static void __net_exit nf_tables_exit_net(struct net *net)
1147311477

1147411478
gc_seq = nft_gc_seq_begin(nft_net);
1147511479

11476-
if (!list_empty(&nft_net->commit_list) ||
11477-
!list_empty(&nft_net->module_list))
11478-
__nf_tables_abort(net, NFNL_ABORT_NONE);
11480+
WARN_ON_ONCE(!list_empty(&nft_net->commit_list));
11481+
11482+
if (!list_empty(&nft_net->module_list))
11483+
nf_tables_module_autoload_cleanup(net);
1147911484

1148011485
__nft_release_tables(net);
1148111486

0 commit comments

Comments
 (0)