update kernel submodule to Ubuntu-5.15.0-77.84
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht
parent
97585a6faf
commit
6f85177a4f
@ -1,120 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
Date: Tue, 2 May 2023 10:25:24 +0200
|
||||
Subject: [PATCH] netfilter: nf_tables: deactivate anonymous set from
|
||||
preparation phase
|
||||
|
||||
Toggle deleted anonymous sets as inactive in the next generation, so
|
||||
users cannot perform any update on it. Clear the generation bitmask
|
||||
in case the transaction is aborted.
|
||||
|
||||
The following KASAN splat shows a set element deletion for a bound
|
||||
anonymous set that has been already removed in the same transaction.
|
||||
|
||||
[ 64.921510] ==================================================================
|
||||
[ 64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables]
|
||||
[ 64.924745] Write of size 8 at addr dead000000000122 by task test/890
|
||||
[ 64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253
|
||||
[ 64.931120] Call Trace:
|
||||
[ 64.932699] <TASK>
|
||||
[ 64.934292] dump_stack_lvl+0x33/0x50
|
||||
[ 64.935908] ? nf_tables_commit+0xa24/0x1490 [nf_tables]
|
||||
[ 64.937551] kasan_report+0xda/0x120
|
||||
[ 64.939186] ? nf_tables_commit+0xa24/0x1490 [nf_tables]
|
||||
[ 64.940814] nf_tables_commit+0xa24/0x1490 [nf_tables]
|
||||
[ 64.942452] ? __kasan_slab_alloc+0x2d/0x60
|
||||
[ 64.944070] ? nf_tables_setelem_notify+0x190/0x190 [nf_tables]
|
||||
[ 64.945710] ? kasan_set_track+0x21/0x30
|
||||
[ 64.947323] nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink]
|
||||
[ 64.948898] ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]
|
||||
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
||||
---
|
||||
include/net/netfilter/nf_tables.h | 1 +
|
||||
net/netfilter/nf_tables_api.c | 12 ++++++++++++
|
||||
net/netfilter/nft_dynset.c | 2 +-
|
||||
net/netfilter/nft_lookup.c | 2 +-
|
||||
net/netfilter/nft_objref.c | 2 +-
|
||||
5 files changed, 16 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
|
||||
index 80df8ff5e675..2e720a3dcdf2 100644
|
||||
--- a/include/net/netfilter/nf_tables.h
|
||||
+++ b/include/net/netfilter/nf_tables.h
|
||||
@@ -584,6 +584,7 @@ struct nft_set_binding {
|
||||
};
|
||||
|
||||
enum nft_trans_phase;
|
||||
+void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set);
|
||||
void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
|
||||
struct nft_set_binding *binding,
|
||||
enum nft_trans_phase phase);
|
||||
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
|
||||
index dc276b6802ca..c1e6f07039f1 100644
|
||||
--- a/net/netfilter/nf_tables_api.c
|
||||
+++ b/net/netfilter/nf_tables_api.c
|
||||
@@ -4787,12 +4787,24 @@ static void nf_tables_unbind_set(const struct nft_ctx *ctx, struct nft_set *set,
|
||||
}
|
||||
}
|
||||
|
||||
+void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set)
|
||||
+{
|
||||
+ if (nft_set_is_anonymous(set))
|
||||
+ nft_clear(ctx->net, set);
|
||||
+
|
||||
+ set->use++;
|
||||
+}
|
||||
+EXPORT_SYMBOL_GPL(nf_tables_activate_set);
|
||||
+
|
||||
void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
|
||||
struct nft_set_binding *binding,
|
||||
enum nft_trans_phase phase)
|
||||
{
|
||||
switch (phase) {
|
||||
case NFT_TRANS_PREPARE:
|
||||
+ if (nft_set_is_anonymous(set))
|
||||
+ nft_deactivate_next(ctx->net, set);
|
||||
+
|
||||
set->use--;
|
||||
return;
|
||||
case NFT_TRANS_ABORT:
|
||||
diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
|
||||
index 87f3af4645d9..29c7ae8789e9 100644
|
||||
--- a/net/netfilter/nft_dynset.c
|
||||
+++ b/net/netfilter/nft_dynset.c
|
||||
@@ -342,7 +342,7 @@ static void nft_dynset_activate(const struct nft_ctx *ctx,
|
||||
{
|
||||
struct nft_dynset *priv = nft_expr_priv(expr);
|
||||
|
||||
- priv->set->use++;
|
||||
+ nf_tables_activate_set(ctx, priv->set);
|
||||
}
|
||||
|
||||
static void nft_dynset_destroy(const struct nft_ctx *ctx,
|
||||
diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c
|
||||
index 90becbf5bff3..b53a9b807a46 100644
|
||||
--- a/net/netfilter/nft_lookup.c
|
||||
+++ b/net/netfilter/nft_lookup.c
|
||||
@@ -167,7 +167,7 @@ static void nft_lookup_activate(const struct nft_ctx *ctx,
|
||||
{
|
||||
struct nft_lookup *priv = nft_expr_priv(expr);
|
||||
|
||||
- priv->set->use++;
|
||||
+ nf_tables_activate_set(ctx, priv->set);
|
||||
}
|
||||
|
||||
static void nft_lookup_destroy(const struct nft_ctx *ctx,
|
||||
diff --git a/net/netfilter/nft_objref.c b/net/netfilter/nft_objref.c
|
||||
index 94b2327e71dc..3ff91bcaa5f2 100644
|
||||
--- a/net/netfilter/nft_objref.c
|
||||
+++ b/net/netfilter/nft_objref.c
|
||||
@@ -183,7 +183,7 @@ static void nft_objref_map_activate(const struct nft_ctx *ctx,
|
||||
{
|
||||
struct nft_objref_map *priv = nft_expr_priv(expr);
|
||||
|
||||
- priv->set->use++;
|
||||
+ nf_tables_activate_set(ctx, priv->set);
|
||||
}
|
||||
|
||||
static void nft_objref_map_destroy(const struct nft_ctx *ctx,
|
||||
@ -1 +1 @@
|
||||
Subproject commit 39b1ad2696b8e76f7e33aae243d20117c70b5d50
|
||||
Subproject commit ee33ef60c06953b1aab7d5fcd7369e7a9d80afef
|
||||
Loading…
Reference in New Issue
Block a user