NothingOSS/android_kernel_msm-6.1_nothing_sm7635
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_msm-6.1_noth.../include/net
History
Pablo Neira Ayuso 8cc757d50b UPSTREAM: netfilter: nf_tables: deactivate anonymous set from preparation phase 
commit c1592a89942e9678f7d9c8030efa777c0d57edab upstream.

Toggle deleted anonymous sets as inactive in the next generation, so
users cannot perform any update on it. Clear the generation bitmask
in case the transaction is aborted.

The following KASAN splat shows a set element deletion for a bound
anonymous set that has been already removed in the same transaction.

[   64.921510] ==================================================================
[   64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables]
[   64.924745] Write of size 8 at addr dead000000000122 by task test/890
[   64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253
[   64.931120] Call Trace:
[   64.932699]  <TASK>
[   64.934292]  dump_stack_lvl+0x33/0x50
[   64.935908]  ? nf_tables_commit+0xa24/0x1490 [nf_tables]
[   64.937551]  kasan_report+0xda/0x120
[   64.939186]  ? nf_tables_commit+0xa24/0x1490 [nf_tables]
[   64.940814]  nf_tables_commit+0xa24/0x1490 [nf_tables]
[   64.942452]  ? __kasan_slab_alloc+0x2d/0x60
[   64.944070]  ? nf_tables_setelem_notify+0x190/0x190 [nf_tables]
[   64.945710]  ? kasan_set_track+0x21/0x30
[   64.947323]  nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink]
[   64.948898]  ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]

Bug: 282877000
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I536b7fbec55a5b37a57546023891a3dcfeb2c24b
2023-05-16 15:47:00 +00:00
..
9p
bluetooth Bluetooth: Fix printing errors if LE Connection times out 2023-04-20 12:35:09 +02:00
caif
iucv
netfilter UPSTREAM: netfilter: nf_tables: deactivate anonymous set from preparation phase 2023-05-16 15:47:00 +00:00
netns Revert "Revert "netfilter: ctnetlink: make event listener tracking global"" 2023-03-30 12:23:02 +01:00
nfc
phonet
sctp sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop 2023-03-11 13:55:26 +01:00
tc_act net/sched: transition act_pedit to rcu and percpu stats 2023-03-11 13:55:28 +01:00
6lowpan.h
act_api.h
addrconf.h
af_ieee802154.h
af_rxrpc.h
af_unix.h
af_vsock.h
ah.h
amt.h
arp.h
atmclip.h
ax25.h
ax88796.h
bareudp.h
bond_3ad.h
bond_alb.h
bond_options.h
bonding.h bonding: fix ns validation on backup slaves 2023-04-20 12:35:08 +02:00
bpf_sk_storage.h
busy_poll.h
calipso.h
cfg80211-wext.h
cfg80211.h ANDROID: always add the struct wireless_dev * to struct net_device 2023-05-12 15:37:37 +00:00
cfg802154.h
checksum.h
cipso_ipv4.h
cls_cgroup.h
codel.h
codel_impl.h
codel_qdisc.h
compat.h
datalink.h
dcbevent.h
dcbnl.h
devlink.h
dropreason.h
dsa.h
dsfield.h
dst.h net: add atomic_long_t to net_device_stats fields 2022-12-31 13:33:02 +01:00
dst_cache.h
dst_metadata.h
dst_ops.h
erspan.h
esp.h
espintcp.h
ethoc.h
failover.h
fib_notifier.h
fib_rules.h
firewire.h
flow.h
flow_dissector.h
flow_offload.h
fou.h
fq.h
fq_impl.h
garp.h
gen_stats.h
genetlink.h
geneve.h
gre.h
gro.h
gro_cells.h
gtp.h
gue.h
hwbm.h
icmp.h
ieee80211_radiotap.h
ieee802154_netdev.h
if_inet6.h
ife.h
ila.h
inet6_connection_sock.h
inet6_hashtables.h
inet_common.h
inet_connection_sock.h
inet_dscp.h
inet_ecn.h
inet_frag.h
inet_hashtables.h tcp: Add TIME_WAIT sockets in bhash2. 2023-01-12 12:02:15 +01:00
inet_sock.h
inet_timewait_sock.h tcp: Add TIME_WAIT sockets in bhash2. 2023-01-12 12:02:15 +01:00
inetpeer.h
ioam6.h
ip.h
ip6_checksum.h
ip6_fib.h
ip6_route.h
ip6_tunnel.h
ip_fib.h
ip_tunnels.h
ip_vs.h ipvs: use u64_stats_t for the per-cpu counters 2022-12-31 13:32:26 +01:00
ipcomp.h
ipconfig.h
ipv6.h
ipv6_frag.h
ipv6_stubs.h
iw_handler.h
kcm.h
l3mdev.h
lag.h
lapb.h
lib80211.h
llc.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
lwtunnel.h
mac80211.h wifi: mac80211: Proper mark iTXQs for resumption 2023-02-01 08:34:35 +01:00
mac802154.h
macsec.h
mctp.h
mctpdevice.h
mip6.h
mld.h
mpls.h
mpls_iptunnel.h
mptcp.h mptcp: remove MPTCP 'ifdef' in TCP SYN cookies 2023-01-07 11:11:44 +01:00
mrp.h mrp: introduce active flags to prevent UAF when applicant uninit 2022-12-31 13:33:02 +01:00
ncsi.h
ndisc.h
neighbour.h net: neigh: decrement the family specific qlen 2022-11-18 10:29:50 +00:00
net_debug.h
net_failover.h
net_namespace.h
net_ratelimit.h
net_trackers.h
netevent.h
netlabel.h
netlink.h
netprio_cgroup.h
netrom.h
nexthop.h
nl802154.h
nsh.h
p8022.h
page_pool.h
pie.h
ping.h inet: ping: use hlist_nulls rcu iterator during lookup 2022-12-01 12:42:46 +01:00
pkt_cls.h
pkt_sched.h
pptp.h
protocol.h
psample.h
psnap.h
raw.h Revert "Revert "raw: Fix NULL deref in raw_get_next()."" 2023-05-11 05:22:29 +00:00
rawv6.h
red.h
regulatory.h
request_sock.h
rose.h
route.h
rpl.h
rsi_91x.h
rtnetlink.h
rtnh.h
sch_generic.h net/sched: sch_taprio: fix possible use-after-free 2023-02-01 08:34:19 +01:00
scm.h
secure_seq.h
seg6.h
seg6_hmac.h
seg6_local.h
selftests.h
slhc_vj.h
smc.h
snmp.h
sock.h net: add sock_init_data_uid() 2023-03-10 09:33:01 +01:00
sock_reuseport.h soreuseport: Fix socket selection for SO_INCOMING_CPU. 2022-12-31 13:32:04 +01:00
Space.h
stp.h
strparser.h
switchdev.h
tcp.h bpf, sockmap: Fix missing BPF_F_INGRESS flag when using apply_bytes 2022-12-31 13:32:20 +01:00
tcp_states.h
TEST_MAPPING
timewait_sock.h
tipc.h
tls.h
tls_toe.h
transp_v6.h
tso.h
tun_proto.h
udp.h
udp_tunnel.h
udplite.h
vsock_addr.h
vxlan.h
wext.h
x25.h
x25device.h
xdp.h
xdp_priv.h
xdp_sock.h
xdp_sock_drv.h
xfrm.h FROMLIST: xfrm: Skip checking of already-verified secpath entries 2023-04-14 12:37:23 +00:00
xsk_buff_pool.h