|
Revision tags: v6.6.25, v6.6.24, v6.6.23, v6.6.16, v6.6.15, v6.6.14, v6.6.13, v6.6.12, v6.6.11, v6.6.10, v6.6.9, v6.6.8, v6.6.7, v6.6.6, v6.6.5, v6.6.4, v6.6.3, v6.6.2, v6.5.11, v6.6.1, v6.5.10, v6.6, v6.5.9, v6.5.8, v6.5.7, v6.5.6, v6.5.5, v6.5.4, v6.5.3, v6.5.2, v6.1.51, v6.5.1, v6.1.50, v6.5, v6.1.49, v6.1.48, v6.1.46, v6.1.45, v6.1.44, v6.1.43, v6.1.42, v6.1.41, v6.1.40, v6.1.39, v6.1.38, v6.1.37, v6.1.36, v6.4, v6.1.35, v6.1.34, v6.1.33 |
|
| #
a1a64a15 |
| 07-Jun-2023 |
Pablo Neira Ayuso <pablo@netfilter.org> |
netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
If caller reports ENOMEM, then stop iterating over the batch and send a
single netlink message to userspace to report OOM.
Fixes
netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
If caller reports ENOMEM, then stop iterating over the batch and send a
single netlink message to userspace to report OOM.
Fixes: cbb8125eb40b ("netfilter: nfnetlink: deliver netlink errors on batch completion")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
show more ...
|
|
Revision tags: v6.1.32, v6.1.31, v6.1.30, v6.1.29, v6.1.28, v6.1.27, v6.1.26, v6.3, v6.1.25 |
|
| #
9a32e985 |
| 13-Apr-2023 |
Florian Westphal <fw@strlen.de> |
netfilter: nf_tables: don't write table validation state without mutex
The ->cleanup callback needs to be removed, this doesn't work anymore as
the transaction mutex is already released in the ->abo
netfilter: nf_tables: don't write table validation state without mutex
The ->cleanup callback needs to be removed, this doesn't work anymore as
the transaction mutex is already released in the ->abort function.
Just do it after a successful validation pass, this either happens
from commit or abort phases where transaction mutex is held.
Fixes: f102d66b335a ("netfilter: nf_tables: use dedicated mutex to guard transactions")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
show more ...
|
|
Revision tags: v6.1.24, v6.1.23, v6.1.22, v6.1.21, v6.1.20, v6.1.19, v6.1.18, v6.1.17, v6.1.16, v6.1.15, v6.1.14, v6.1.13 |
|
| #
fdf64911 |
| 20-Feb-2023 |
Florian Westphal <fw@strlen.de> |
netfilter: ctnetlink: make event listener tracking global
pernet tracking doesn't work correctly because other netns might have
set NETLINK_LISTEN_ALL_NSID on its event socket.
In this case its exp
netfilter: ctnetlink: make event listener tracking global
pernet tracking doesn't work correctly because other netns might have
set NETLINK_LISTEN_ALL_NSID on its event socket.
In this case its expected that events originating in other net
namespaces are also received.
Making pernet-tracking work while also honoring NETLINK_LISTEN_ALL_NSID
requires much more intrusive changes both in netlink and nfnetlink,
f.e. adding a 'setsockopt' callback that lets nfnetlink know that the
event socket entered (or left) ALL_NSID mode.
Move to global tracking instead: if there is an event socket anywhere
on the system, all net namespaces which have conntrack enabled and
use autobind mode will allocate the ecache extension.
netlink_has_listeners() returns false only if the given group has no
subscribers in any net namespace, the 'net' argument passed to
nfnetlink_has_listeners is only used to derive the protocol (nfnetlink),
it has no other effect.
For proper NETLINK_LISTEN_ALL_NSID-aware pernet tracking of event
listeners a new netlink_has_net_listeners() is also needed.
Fixes: 90d1daa45849 ("netfilter: conntrack: add nf_conntrack_events autodetect mode")
Reported-by: Bryce Kahle <bryce.kahle@datadoghq.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
show more ...
|
|
Revision tags: v6.2, v6.1.12, v6.1.11, v6.1.10, v6.1.9, v6.1.8, v6.1.7, v6.1.6, v6.1.5, v6.0.19, v6.0.18, v6.1.4, v6.1.3, v6.0.17, v6.1.2, v6.0.16, v6.1.1, v6.0.15, v6.0.14, v6.0.13, v6.1, v6.0.12, v6.0.11, v6.0.10, v5.15.80, v6.0.9, v5.15.79, v6.0.8, v5.15.78, v6.0.7, v5.15.77 |
|
| #
03832a32 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
show more ...
|
|
Revision tags: v5.15.76, v6.0.6, v6.0.5, v5.15.75, v6.0.4, v6.0.3, v6.0.2, v5.15.74, v5.15.73, v6.0.1, v5.15.72, v6.0, v5.15.71, v5.15.70, v5.15.69, v5.15.68, v5.15.67, v5.15.66, v5.15.65, v5.15.64, v5.15.63, v5.15.62, v5.15.61, v5.15.60 |
|
| #
0b2f3212 |
| 05-Aug-2022 |
Florian Westphal <fw@strlen.de> |
netfilter: nfnetlink: re-enable conntrack expectation events
To avoid allocation of the conntrack extension area when possible,
the default behaviour was changed to only allocate the event extension
netfilter: nfnetlink: re-enable conntrack expectation events
To avoid allocation of the conntrack extension area when possible,
the default behaviour was changed to only allocate the event extension
if a userspace program is subscribed to a notification group.
Problem is that while 'conntrack -E' does enable the event allocation
behind the scenes, 'conntrack -E expect' does not: no expectation events
are delivered unless user sets
"net.netfilter.nf_conntrack_events" back to 1 (always on).
Fix the autodetection to also consider EXP type group.
We need to track the 6 event groups (3+3, new/update/destroy for events and
for expectations each) independently, else we'd disable events again
if an expectation group becomes empty while there is still an active
event group.
Fixes: 2794cdb0b97b ("netfilter: nfnetlink: allow to detect if ctnetlink listeners exist")
Reported-by: Yi Chen <yiche@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
show more ...
|
|
Revision tags: v5.15.59, v5.19, v5.15.58, v5.15.57, v5.15.56, v5.15.55, v5.15.54, v5.15.53, v5.15.52, v5.15.51, v5.15.50 |
|
| #
ec6f2ff0 |
| 23-Jun-2022 |
Florian Westphal <fw@strlen.de> |
netfilter: nfnetlink: add missing __be16 cast
Sparse flags this as suspicious, because this compares
integer with a be16 with no conversion.
Its a compat check for old userspace that sends host byt
netfilter: nfnetlink: add missing __be16 cast
Sparse flags this as suspicious, because this compares
integer with a be16 with no conversion.
Its a compat check for old userspace that sends host byte order,
so force a be16 cast here.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
show more ...
|
|
Revision tags: v5.15.49, v5.15.48, v5.15.47, v5.15.46, v5.15.45, v5.15.44, v5.15.43, v5.15.42, v5.18 |
|
| #
ffd219ef |
| 19-May-2022 |
Florian Westphal <fw@strlen.de> |
netfilter: nfnetlink: fix warn in nfnetlink_unbind
syzbot reports following warn:
WARNING: CPU: 0 PID: 3600 at net/netfilter/nfnetlink.c:703 nfnetlink_unbind+0x357/0x3b0 net/netfilter/nfnetlink.c:69
netfilter: nfnetlink: fix warn in nfnetlink_unbind
syzbot reports following warn:
WARNING: CPU: 0 PID: 3600 at net/netfilter/nfnetlink.c:703 nfnetlink_unbind+0x357/0x3b0 net/netfilter/nfnetlink.c:694
The syzbot generated program does this:
socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = 3
setsockopt(3, SOL_NETLINK, NETLINK_DROP_MEMBERSHIP, [1], 4) = 0
... which triggers 'WARN_ON_ONCE(nfnlnet->ctnetlink_listeners == 0)' check.
Instead of counting, just enable reporting for every bind request
and check if we still have listeners on unbind.
While at it, also add the needed bounds check on nfnl_group2type[]
access.
Reported-by: <syzbot+4903218f7fba0a2d6226@syzkaller.appspotmail.com>
Reported-by: <syzbot+afd2d80e495f96049571@syzkaller.appspotmail.com>
Fixes: 2794cdb0b97b ("netfilter: nfnetlink: allow to detect if ctnetlink listeners exist")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
show more ...
|
|
Revision tags: v5.15.41, v5.15.40, v5.15.39, v5.15.38, v5.15.37, v5.15.36 |
|
| #
2794cdb0 |
| 25-Apr-2022 |
Florian Westphal <fw@strlen.de> |
netfilter: nfnetlink: allow to detect if ctnetlink listeners exist
At this time, every new conntrack gets the 'event cache extension'
enabled for it.
This is because the 'net.netfilter.nf_conntrack
netfilter: nfnetlink: allow to detect if ctnetlink listeners exist
At this time, every new conntrack gets the 'event cache extension'
enabled for it.
This is because the 'net.netfilter.nf_conntrack_events' sysctl defaults
to 1.
Changing the default to 0 means that commands that rely on the event
notification extension, e.g. 'conntrack -E' or conntrackd, stop working.
We COULD detect if there is a listener by means of
'nfnetlink_has_listeners()' and only add the extension if this is true.
The downside is a dependency from conntrack module to nfnetlink module.
This adds a different way: inc/dec a counter whenever a ctnetlink group
is being (un)subscribed and toggle a flag in struct net.
Next patches will take advantage of this and will only add the event
extension if the flag is set.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
show more ...
|
| #
e62cb1c0 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
| #
e62cb1c0 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
| #
e62cb1c0 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
| #
e62cb1c0 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
| #
e62cb1c0 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
| #
e62cb1c0 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
| #
e62cb1c0 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
| #
e62cb1c0 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
| #
e62cb1c0 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
| #
e62cb1c0 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
| #
e62cb1c0 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
| #
e62cb1c0 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
| #
e62cb1c0 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
| #
e62cb1c0 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
| #
e62cb1c0 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
| #
e62cb1c0 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
| #
e62cb1c0 |
| 02-Nov-2022 |
Ziyang Xuan <william.xuanziyang@huawei.com> |
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv
netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
[ Upstream commit 03832a32bf8ff0a8305d94ddd3979835a807248f ]
When type is NFNL_CB_MUTEX and -EAGAIN error occur in nfnetlink_rcv_msg(),
it does not execute nfnl_unlock(). That would trigger potential dead lock.
Fixes: 50f2db9e368f ("netfilter: nfnetlink: consolidate callback types")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|