[PATCH -stable,5.4 0/1] Netfilter fix for -stable

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH -stable,5.4 0/1] Netfilter fix for -stable
@ 2025-06-04 23:28 Pablo Neira Ayuso
  2025-06-04 23:28 ` [PATCH -stable,5.4 1/1] netfilter: nft_socket: fix sk refcount leaks Pablo Neira Ayuso
  2025-06-04 23:35 ` [PATCH -stable,5.4 0/1] Netfilter fix for -stable Pablo Neira Ayuso
  0 siblings, 2 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2025-06-04 23:28 UTC (permalink / raw)
  To: netfilter-devel; +Cc: gregkh, sashal, stable

Hi Greg, Sasha,

This batch contains backported fixes for 6.1 -stable.

The following list shows the backported patch, I am using original commit
IDs for reference:

1) 039b1f4f24ec ("netfilter: nft_socket: fix erroneous socket assignment")

   this is to fix a sk memleak.

Please, apply,
Thanks.

Florian Westphal (1):
  netfilter: nft_socket: fix sk refcount leaks

 net/netfilter/nft_socket.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

-- 
2.30.2


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH -stable,5.4 1/1] netfilter: nft_socket: fix sk refcount leaks
  2025-06-04 23:28 [PATCH -stable,5.4 0/1] Netfilter fix for -stable Pablo Neira Ayuso
@ 2025-06-04 23:28 ` Pablo Neira Ayuso
  2025-06-04 23:35 ` [PATCH -stable,5.4 0/1] Netfilter fix for -stable Pablo Neira Ayuso
  1 sibling, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2025-06-04 23:28 UTC (permalink / raw)
  To: netfilter-devel; +Cc: gregkh, sashal, stable

From: Florian Westphal <fw@strlen.de>

commit 8b26ff7af8c32cb4148b3e147c52f9e4c695209c upstream.

We must put 'sk' reference before returning.

Fixes: 039b1f4f24ec ("netfilter: nft_socket: fix erroneous socket assignment")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nft_socket.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/netfilter/nft_socket.c b/net/netfilter/nft_socket.c
index c7b78e4ef459..46d11f943795 100644
--- a/net/netfilter/nft_socket.c
+++ b/net/netfilter/nft_socket.c
@@ -69,7 +69,7 @@ static void nft_socket_eval(const struct nft_expr *expr,
 			*dest = sk->sk_mark;
 		} else {
 			regs->verdict.code = NFT_BREAK;
-			return;
+			goto out_put_sk;
 		}
 		break;
 	default:
@@ -77,6 +77,7 @@ static void nft_socket_eval(const struct nft_expr *expr,
 		regs->verdict.code = NFT_BREAK;
 	}
 
+out_put_sk:
 	if (sk != skb->sk)
 		sock_gen_put(sk);
 }
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH -stable,5.4 0/1] Netfilter fix for -stable
  2025-06-04 23:28 [PATCH -stable,5.4 0/1] Netfilter fix for -stable Pablo Neira Ayuso
  2025-06-04 23:28 ` [PATCH -stable,5.4 1/1] netfilter: nft_socket: fix sk refcount leaks Pablo Neira Ayuso
@ 2025-06-04 23:35 ` Pablo Neira Ayuso
  1 sibling, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2025-06-04 23:35 UTC (permalink / raw)
  To: netfilter-devel; +Cc: gregkh, sashal, stable

On Thu, Jun 05, 2025 at 01:28:16AM +0200, Pablo Neira Ayuso wrote:
> Hi Greg, Sasha,
> 
> This batch contains backported fixes for 6.1 -stable.
> 
> The following list shows the backported patch, I am using original commit
> IDs for reference:
> 
> 1) 039b1f4f24ec ("netfilter: nft_socket: fix erroneous socket assignment")

Apologies, original commit actually is:

     8b26ff7af8c3 ("netfilter: nft_socket: fix sk refcount leaks")

>    this is to fix a sk memleak.
> 
> Please, apply,
> Thanks.
> 
> Florian Westphal (1):
>   netfilter: nft_socket: fix sk refcount leaks
> 
>  net/netfilter/nft_socket.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> -- 
> 2.30.2
> 
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-06-04 23:35 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-04 23:28 [PATCH -stable,5.4 0/1] Netfilter fix for -stable Pablo Neira Ayuso
2025-06-04 23:28 ` [PATCH -stable,5.4 1/1] netfilter: nft_socket: fix sk refcount leaks Pablo Neira Ayuso
2025-06-04 23:35 ` [PATCH -stable,5.4 0/1] Netfilter fix for -stable Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.