diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-05-30 18:24:05 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-06-28 10:28:16 +0200 |
| commit | 8b7454dd984a75d0eaa6a02940c65cd3671fcddc (patch) | |
| tree | 2c8261dc60151ed62f5cf3d3f99479867851a4a5 | |
| parent | 9e8d927cfa564e5a00cd287bd66fac6d45f0af39 (diff) | |
netfilter: nf_tables: hold mutex on netns pre_exit path
commit 3923b1e4406680d57da7e873da77b1683035d83f upstream.
clean_net() runs in workqueue while walking over the lists, grab mutex.
Fixes: 767d1216bff8 ("netfilter: nftables: fix possible UAF over chains from packet path in netns")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 9f9a5a3b4c99..e59cad1f7a36 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -8983,7 +8983,9 @@ static int __net_init nf_tables_init_net(struct net *net) static void __net_exit nf_tables_pre_exit_net(struct net *net) { + mutex_lock(&net->nft.commit_mutex); __nft_release_hooks(net); + mutex_unlock(&net->nft.commit_mutex); } static void __net_exit nf_tables_exit_net(struct net *net) |