NothingOSS/android_kernel_msm-6.1_nothing_sm7635
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_msm-6.1_noth.../include
History
Pablo Neira Ayuso 8cc757d50b UPSTREAM: netfilter: nf_tables: deactivate anonymous set from preparation phase 
commit c1592a89942e9678f7d9c8030efa777c0d57edab upstream.

Toggle deleted anonymous sets as inactive in the next generation, so
users cannot perform any update on it. Clear the generation bitmask
in case the transaction is aborted.

The following KASAN splat shows a set element deletion for a bound
anonymous set that has been already removed in the same transaction.

[   64.921510] ==================================================================
[   64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables]
[   64.924745] Write of size 8 at addr dead000000000122 by task test/890
[   64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253
[   64.931120] Call Trace:
[   64.932699]  <TASK>
[   64.934292]  dump_stack_lvl+0x33/0x50
[   64.935908]  ? nf_tables_commit+0xa24/0x1490 [nf_tables]
[   64.937551]  kasan_report+0xda/0x120
[   64.939186]  ? nf_tables_commit+0xa24/0x1490 [nf_tables]
[   64.940814]  nf_tables_commit+0xa24/0x1490 [nf_tables]
[   64.942452]  ? __kasan_slab_alloc+0x2d/0x60
[   64.944070]  ? nf_tables_setelem_notify+0x190/0x190 [nf_tables]
[   64.945710]  ? kasan_set_track+0x21/0x30
[   64.947323]  nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink]
[   64.948898]  ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]

Bug: 282877000
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I536b7fbec55a5b37a57546023891a3dcfeb2c24b
2023-05-16 15:47:00 +00:00
..
acpi ACPI: video: Add auto_detect arg to __acpi_video_get_backlight_type() 2023-04-13 16:55:33 +02:00
asm-generic This is the 6.1.14 stable release 2023-02-25 15:37:47 +00:00
clocksource
crypto
drm Merge 6.1.24 into android14-6.1 2023-04-22 08:52:25 +00:00
dt-bindings
keys
kunit kunit: fix kunit_test_init_section_suites(...) 2023-02-09 11:28:08 +01:00
kvm Revert "Revert "KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode"" 2023-05-11 05:22:29 +00:00
linux ANDROID: always add the struct wireless_dev * to struct net_device 2023-05-12 15:37:37 +00:00
math-emu
media Merge 6.1.18 into android14-6.1 2023-03-21 08:22:15 +00:00
memory memory: renesas-rpc-if: Split-off private data from struct rpcif 2023-03-11 13:55:17 +01:00
misc
net UPSTREAM: netfilter: nf_tables: deactivate anonymous set from preparation phase 2023-05-16 15:47:00 +00:00
pcmcia
ras
rdma
rv
scsi Revert "Revert "scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD"" 2023-03-30 12:23:03 +01:00
soc
sound Merge 6.1.16 into android14-6.1 2023-03-13 15:45:34 +00:00
target
trace ANDROID: cgroup: Add vendor hook for cpuset. 2023-05-11 13:10:00 +00:00
uapi UPSTREAM: media: add nv12_8l128 and nv12_10be_8l128 video format. 2023-05-15 15:15:49 +00:00
ufs FROMLIST: scsi: ufs: core: Rename symbol sizeof_utp_transfer_cmd_desc() 2023-05-11 03:22:33 +00:00
vdso
video
xen x86/PVH: obtain VGA console info in Dom0 2023-04-06 12:10:39 +02:00
OWNERS