* [PATCH nft 1/2] netfilter: nf_conntrack_sip: fix missing expect put in REGISTER path [not found] <20260506121618.578443-1-lixiasong1@huawei.com> @ 2026-05-06 12:16 ` Li Xiasong 2026-05-06 13:33 ` Florian Westphal 2026-05-06 12:16 ` [PATCH nft 2/2] netfilter: nft_ct: fix missing expect put in obj eval Li Xiasong 1 sibling, 1 reply; 4+ messages in thread From: Li Xiasong @ 2026-05-06 12:16 UTC (permalink / raw) To: netfilter-devel Cc: stable, Pablo Neira Ayuso, Florian Westphal, Phil Sutter, coreteam, yuehaibing, zhangchangzhong, weiyongjun1 process_register_request() allocates an expectation, but the !helper error path returns NF_DROP without nf_ct_expect_put(exp). Add the missing put to balance nf_ct_expect_alloc() on this path. Fixes: e14575fa7529 ("netfilter: nf_conntrack: use rcu accessors where needed") Cc: stable@vger.kernel.org Signed-off-by: Li Xiasong <lixiasong1@huawei.com> --- net/netfilter/nf_conntrack_sip.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c index 1eb55907d470..a895bc836e1b 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c @@ -1377,8 +1377,10 @@ static int process_register_request(struct sk_buff *skb, unsigned int protoff, saddr = &ct->tuplehash[!dir].tuple.src.u3; helper = rcu_dereference(nfct_help(ct)->helper); - if (!helper) + if (!helper) { + nf_ct_expect_put(exp); return NF_DROP; + } nf_ct_expect_init(exp, SIP_EXPECT_SIGNALLING, nf_ct_l3num(ct), saddr, &daddr, proto, NULL, &port); -- 2.34.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH nft 1/2] netfilter: nf_conntrack_sip: fix missing expect put in REGISTER path 2026-05-06 12:16 ` [PATCH nft 1/2] netfilter: nf_conntrack_sip: fix missing expect put in REGISTER path Li Xiasong @ 2026-05-06 13:33 ` Florian Westphal 2026-05-06 14:50 ` Pablo Neira Ayuso 0 siblings, 1 reply; 4+ messages in thread From: Florian Westphal @ 2026-05-06 13:33 UTC (permalink / raw) To: Li Xiasong Cc: netfilter-devel, stable, Pablo Neira Ayuso, Phil Sutter, coreteam, yuehaibing, zhangchangzhong, weiyongjun1 Li Xiasong <lixiasong1@huawei.com> wrote: > process_register_request() allocates an expectation, but the !helper > error path returns NF_DROP without nf_ct_expect_put(exp). > > Add the missing put to balance nf_ct_expect_alloc() on this path. > > Fixes: e14575fa7529 ("netfilter: nf_conntrack: use rcu accessors where needed") > Cc: stable@vger.kernel.org > Signed-off-by: Li Xiasong <lixiasong1@huawei.com> > --- > net/netfilter/nf_conntrack_sip.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c > index 1eb55907d470..a895bc836e1b 100644 > --- a/net/netfilter/nf_conntrack_sip.c > +++ b/net/netfilter/nf_conntrack_sip.c > @@ -1377,8 +1377,10 @@ static int process_register_request(struct sk_buff *skb, unsigned int protoff, > saddr = &ct->tuplehash[!dir].tuple.src.u3; > > helper = rcu_dereference(nfct_help(ct)->helper); > - if (!helper) > + if (!helper) { > + nf_ct_expect_put(exp); > return NF_DROP; > + } I think it would be simpler to move the rcu defer to before exp allocation instead. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH nft 1/2] netfilter: nf_conntrack_sip: fix missing expect put in REGISTER path 2026-05-06 13:33 ` Florian Westphal @ 2026-05-06 14:50 ` Pablo Neira Ayuso 0 siblings, 0 replies; 4+ messages in thread From: Pablo Neira Ayuso @ 2026-05-06 14:50 UTC (permalink / raw) To: Florian Westphal Cc: Li Xiasong, netfilter-devel, stable, Phil Sutter, coreteam, yuehaibing, zhangchangzhong, weiyongjun1 On Wed, May 06, 2026 at 03:33:12PM +0200, Florian Westphal wrote: > Li Xiasong <lixiasong1@huawei.com> wrote: > > process_register_request() allocates an expectation, but the !helper > > error path returns NF_DROP without nf_ct_expect_put(exp). > > > > Add the missing put to balance nf_ct_expect_alloc() on this path. > > > > Fixes: e14575fa7529 ("netfilter: nf_conntrack: use rcu accessors where needed") > > Cc: stable@vger.kernel.org > > Signed-off-by: Li Xiasong <lixiasong1@huawei.com> > > --- > > net/netfilter/nf_conntrack_sip.c | 4 +++- > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c > > index 1eb55907d470..a895bc836e1b 100644 > > --- a/net/netfilter/nf_conntrack_sip.c > > +++ b/net/netfilter/nf_conntrack_sip.c > > @@ -1377,8 +1377,10 @@ static int process_register_request(struct sk_buff *skb, unsigned int protoff, > > saddr = &ct->tuplehash[!dir].tuple.src.u3; > > > > helper = rcu_dereference(nfct_help(ct)->helper); > > - if (!helper) > > + if (!helper) { > > + nf_ct_expect_put(exp); > > return NF_DROP; > > + } > > I think it would be simpler to move the rcu defer to before > exp allocation instead. Agreed. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH nft 2/2] netfilter: nft_ct: fix missing expect put in obj eval [not found] <20260506121618.578443-1-lixiasong1@huawei.com> 2026-05-06 12:16 ` [PATCH nft 1/2] netfilter: nf_conntrack_sip: fix missing expect put in REGISTER path Li Xiasong @ 2026-05-06 12:16 ` Li Xiasong 1 sibling, 0 replies; 4+ messages in thread From: Li Xiasong @ 2026-05-06 12:16 UTC (permalink / raw) To: netfilter-devel Cc: stable, Pablo Neira Ayuso, Florian Westphal, Phil Sutter, coreteam, yuehaibing, zhangchangzhong, weiyongjun1 nft_ct_expect_obj_eval() allocates an expectation and may call nf_ct_expect_related(), but never drops its local reference. Add nf_ct_expect_put(exp) before return to balance allocation. Fixes: 857b46027d6f ("netfilter: nft_ct: add ct expectations support") Cc: stable@vger.kernel.org Signed-off-by: Li Xiasong <lixiasong1@huawei.com> --- net/netfilter/nft_ct.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c index 60ee8d932fcb..fa2cc556331c 100644 --- a/net/netfilter/nft_ct.c +++ b/net/netfilter/nft_ct.c @@ -1334,6 +1334,8 @@ static void nft_ct_expect_obj_eval(struct nft_object *obj, if (nf_ct_expect_related(exp, 0) != 0) regs->verdict.code = NF_DROP; + + nf_ct_expect_put(exp); } static const struct nla_policy nft_ct_expect_policy[NFTA_CT_EXPECT_MAX + 1] = { -- 2.34.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-05-06 14:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20260506121618.578443-1-lixiasong1@huawei.com>
2026-05-06 12:16 ` [PATCH nft 1/2] netfilter: nf_conntrack_sip: fix missing expect put in REGISTER path Li Xiasong
2026-05-06 13:33 ` Florian Westphal
2026-05-06 14:50 ` Pablo Neira Ayuso
2026-05-06 12:16 ` [PATCH nft 2/2] netfilter: nft_ct: fix missing expect put in obj eval Li Xiasong
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox