[PATCH -stable,4.19 0/2] netfilter stable fixes for 4.19

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH -stable,4.19 0/2] netfilter stable fixes for 4.19
@ 2023-09-18 12:06 Pablo Neira Ayuso
  2023-09-18 12:06 ` [PATCH -stable,4.19 1/2] netfilter: nft_flow_offload: fix underflow in flowtable reference counter Pablo Neira Ayuso
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2023-09-18 12:06 UTC (permalink / raw)
  To: netfilter-devel; +Cc: gregkh, stable, sashal

Hi Greg, Sasha,

This batch contains a fixes for 4.19:

1) Missing fix in 4.19, you can cherry-pick it from
   8ca79606cdfd ("netfilter: nft_flow_offload: fix underflow in flowtable reference counter")

2) Oneliner that includes missing chunk in 4.19 backport.
   Fixes: 1df28fde1270 ("netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain") in 4.19
   This patch you have to manually apply it.

Thanks.

Pablo Neira Ayuso (1):
  netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable deactivatation

wenxu (1):
  netfilter: nft_flow_offload: fix underflow in flowtable reference counter

 net/netfilter/nf_tables_api.c    | 1 +
 net/netfilter/nft_flow_offload.c | 3 ---
 2 files changed, 1 insertion(+), 3 deletions(-)

-- 
2.30.2


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH -stable,4.19 1/2] netfilter: nft_flow_offload: fix underflow in flowtable reference counter
  2023-09-18 12:06 [PATCH -stable,4.19 0/2] netfilter stable fixes for 4.19 Pablo Neira Ayuso
@ 2023-09-18 12:06 ` Pablo Neira Ayuso
  2023-09-18 12:06 ` [PATCH -stable,4.19 2/2] netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable deactivatation Pablo Neira Ayuso
  2023-09-18 12:28 ` [PATCH -stable,4.19 0/2] netfilter stable fixes for 4.19 Greg KH
  2 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2023-09-18 12:06 UTC (permalink / raw)
  To: netfilter-devel; +Cc: gregkh, stable, sashal

From: wenxu <wenxu@ucloud.cn>

commit 8ca79606cdfde2e37ee4f0707b9d1874a6f0eb38 upstream.

The .deactivate and .activate interfaces already deal with the reference
counter. Otherwise, this results in spurious "Device is busy" errors.

Fixes: a3c90f7a2323 ("netfilter: nf_tables: flow offload expression")
Signed-off-by: wenxu <wenxu@ucloud.cn>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nft_flow_offload.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c
index 7055088e91c2..ec35a41c7262 100644
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
@@ -197,9 +197,6 @@ static void nft_flow_offload_activate(const struct nft_ctx *ctx,
 static void nft_flow_offload_destroy(const struct nft_ctx *ctx,
 				     const struct nft_expr *expr)
 {
-	struct nft_flow_offload *priv = nft_expr_priv(expr);
-
-	priv->flowtable->use--;
 	nf_ct_netns_put(ctx->net, ctx->family);
 }
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH -stable,4.19 2/2] netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable deactivatation
  2023-09-18 12:06 [PATCH -stable,4.19 0/2] netfilter stable fixes for 4.19 Pablo Neira Ayuso
  2023-09-18 12:06 ` [PATCH -stable,4.19 1/2] netfilter: nft_flow_offload: fix underflow in flowtable reference counter Pablo Neira Ayuso
@ 2023-09-18 12:06 ` Pablo Neira Ayuso
  2023-09-18 12:28 ` [PATCH -stable,4.19 0/2] netfilter stable fixes for 4.19 Greg KH
  2 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2023-09-18 12:06 UTC (permalink / raw)
  To: netfilter-devel; +Cc: gregkh, stable, sashal

commit 26b5a5712eb85e253724e56a54c17f8519bd8e4e upstream.

Missing NFT_TRANS_PREPARE_ERROR in 1df28fde1270 ("netfilter: nf_tables: add
NFT_TRANS_PREPARE_ERROR to deal with bound set/chain") in 4.19.

Fixes: 1df28fde1270 ("netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain") in 4.19
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_tables_api.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index eeadb638f448..0ff8f1006c6b 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5555,6 +5555,7 @@ void nf_tables_deactivate_flowtable(const struct nft_ctx *ctx,
 				    enum nft_trans_phase phase)
 {
 	switch (phase) {
+	case NFT_TRANS_PREPARE_ERROR:
 	case NFT_TRANS_PREPARE:
 	case NFT_TRANS_ABORT:
 	case NFT_TRANS_RELEASE:
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH -stable,4.19 0/2] netfilter stable fixes for 4.19
  2023-09-18 12:06 [PATCH -stable,4.19 0/2] netfilter stable fixes for 4.19 Pablo Neira Ayuso
  2023-09-18 12:06 ` [PATCH -stable,4.19 1/2] netfilter: nft_flow_offload: fix underflow in flowtable reference counter Pablo Neira Ayuso
  2023-09-18 12:06 ` [PATCH -stable,4.19 2/2] netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable deactivatation Pablo Neira Ayuso
@ 2023-09-18 12:28 ` Greg KH
  2 siblings, 0 replies; 5+ messages in thread
From: Greg KH @ 2023-09-18 12:28 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter-devel, stable, sashal

On Mon, Sep 18, 2023 at 02:06:54PM +0200, Pablo Neira Ayuso wrote:
> Hi Greg, Sasha,
> 
> This batch contains a fixes for 4.19:
> 
> 1) Missing fix in 4.19, you can cherry-pick it from
>    8ca79606cdfd ("netfilter: nft_flow_offload: fix underflow in flowtable reference counter")
> 
> 2) Oneliner that includes missing chunk in 4.19 backport.
>    Fixes: 1df28fde1270 ("netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain") in 4.19
>    This patch you have to manually apply it.

All now queued up, thanks.

greg k-h

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH -stable,4.19 0/2] netfilter stable fixes for 4.19
@ 2023-08-12 22:09 Pablo Neira Ayuso
  0 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2023-08-12 22:09 UTC (permalink / raw)
  To: netfilter-devel; +Cc: gregkh, stable, sashal

Hi Greg, Sasha,

This is a backport of:

  faff4e4ecd28 ("netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush")
  1689f25924ad ("netfilter: nf_tables: report use refcount overflow")

for -stable 4.19.

Please, apply.

Thanks.

Laura Garcia Liebana (1):
  netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush

Pablo Neira Ayuso (1):
  netfilter: nf_tables: report use refcount overflow

 include/net/netfilter/nf_tables.h |  35 +++++-
 net/netfilter/nf_tables_api.c     | 180 ++++++++++++++++++++----------
 net/netfilter/nft_flow_offload.c  |  23 +++-
 net/netfilter/nft_objref.c        |   8 +-
 4 files changed, 177 insertions(+), 69 deletions(-)

-- 
2.30.2


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2023-09-18 12:30 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-18 12:06 [PATCH -stable,4.19 0/2] netfilter stable fixes for 4.19 Pablo Neira Ayuso
2023-09-18 12:06 ` [PATCH -stable,4.19 1/2] netfilter: nft_flow_offload: fix underflow in flowtable reference counter Pablo Neira Ayuso
2023-09-18 12:06 ` [PATCH -stable,4.19 2/2] netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable deactivatation Pablo Neira Ayuso
2023-09-18 12:28 ` [PATCH -stable,4.19 0/2] netfilter stable fixes for 4.19 Greg KH
  -- strict thread matches above, loose matches on Subject: below --
2023-08-12 22:09 Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).