MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 15:03:53 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
11a24528d0
linux-yocto/net
History
Florian Westphal 51e8531371 netfilter: nf_reject: don't leak dst refcount for loopback packets 
[ Upstream commit 91a79b792204313153e1bdbbe5acbfc28903b3a5 ]

recent patches to add a WARN() when replacing skb dst entry found an
old bug:

WARNING: include/linux/skbuff.h:1165 skb_dst_check_unset include/linux/skbuff.h:1164 [inline]
WARNING: include/linux/skbuff.h:1165 skb_dst_set include/linux/skbuff.h:1210 [inline]
WARNING: include/linux/skbuff.h:1165 nf_reject_fill_skb_dst+0x2a4/0x330 net/ipv4/netfilter/nf_reject_ipv4.c:234
[..]
Call Trace:
 nf_send_unreach+0x17b/0x6e0 net/ipv4/netfilter/nf_reject_ipv4.c:325
 nft_reject_inet_eval+0x4bc/0x690 net/netfilter/nft_reject_inet.c:27
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 ..

This is because blamed commit forgot about loopback packets.
Such packets already have a dst_entry attached, even at PRE_ROUTING stage.

Instead of checking hook just check if the skb already has a route
attached to it.

Fixes: f53b9b0bdc ("netfilter: introduce support for reject at prerouting stage")
Signed-off-by: Florian Westphal <fw@strlen.de>
Link: https://patch.msgid.link/20250820123707.10671-1-fw@strlen.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-08-28 16:31:16 +02:00
..
6lowpan
9p 9p/trans_fd: mark concurrent read and writes to p9_conn->err 2025-05-02 07:59:20 +02:00
802
8021q net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime 2025-07-24 08:56:34 +02:00
appletalk net: appletalk: Fix use-after-free in AARP proxy probe 2025-08-01 09:48:41 +01:00
atm atm: clip: Fix NULL pointer dereference in vcc_sendmsg() 2025-07-17 18:37:06 +02:00
ax25 ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt 2025-02-21 14:01:16 +01:00
batman-adv batman-adv: Ignore own maximum aggregation size during RX 2025-03-28 22:03:31 +01:00
bluetooth Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() 2025-08-28 16:31:13 +02:00
bpf bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() 2025-02-27 04:30:18 -08:00
bridge net: bridge: fix soft lockup in br_multicast_query_expired() 2025-08-28 16:31:12 +02:00
caif caif: reduce stack size, again 2025-08-15 12:13:40 +02:00
can can: bcm: add missing rcu read protection for procfs content 2025-05-29 11:03:19 +02:00
ceph
core net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM 2025-08-28 16:31:14 +02:00
dcb
dccp
devlink devlink: fix xa_alloc_cyclic() error handling 2025-03-28 22:03:27 +01:00
dns_resolver
dsa net: dsa: tag_brcm: legacy: fix pskb_may_pull length 2025-06-19 15:32:16 +02:00
ethernet
ethtool ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() 2025-04-25 10:47:43 +02:00
handshake
hsr net, hsr: reject HSR frame if skb can't hold tag 2025-08-28 16:31:02 +02:00
ieee802154
ife
ipv4 netfilter: nf_reject: don't leak dst refcount for loopback packets 2025-08-28 16:31:16 +02:00
ipv6 netfilter: nf_reject: don't leak dst refcount for loopback packets 2025-08-28 16:31:16 +02:00
iucv
kcm net: kcm: Fix race condition in kcm_unattach() 2025-08-20 18:30:18 +02:00
key
l2tp ipv6: replace ipcm6_init calls with ipcm6_init_sk 2025-06-27 11:11:41 +01:00
l3mdev
lapb
llc llc: fix data loss when reading from a socket in llc_ui_recvmsg() 2025-05-29 11:03:20 +02:00
mac80211 wifi: mac80211: check basic rates validity in sta_link_apply_parameters 2025-08-20 18:30:56 +02:00
mac802154
mctp net: mctp: Prevent duplicate binds 2025-08-20 18:30:31 +02:00
mpls mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). 2025-06-27 11:11:43 +01:00
mptcp mptcp: disable add_addr retransmission when timeout is 0 2025-08-28 16:31:07 +02:00
ncsi net: ncsi: Fix buffer overflow in fetching version id 2025-08-20 18:30:38 +02:00
netfilter netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps 2025-08-20 18:30:28 +02:00
netlabel calipso: unlock rcu before returning -EAFNOSUPPORT 2025-06-19 15:32:37 +02:00
netlink net: better track kernel sockets lifetime 2025-08-20 18:30:56 +02:00
netrom
nfc NFC: nci: uart: Set tty->disc_data only in success path 2025-06-27 11:11:21 +01:00
nsh
openvswitch net: openvswitch: Fix the dead loop of MPLS parse 2025-06-19 15:31:55 +02:00
packet net/packet: fix a race in packet_set_ring() and packet_notifier() 2025-08-15 12:14:09 +02:00
phonet phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() 2025-07-24 08:56:24 +02:00
psample
qrtr
rds net: better track kernel sockets lifetime 2025-08-20 18:30:56 +02:00
rfkill
rose rose: fix dangling neighbour pointers in rose_rt_device_down() 2025-07-10 16:04:53 +02:00
rxrpc rxrpc: Fix transmission of an abort in response to an abort 2025-07-24 08:56:35 +02:00
sched net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate 2025-08-28 16:31:15 +02:00
sctp sctp: linearize cloned gso packets in sctp_rcv 2025-08-20 18:30:18 +02:00
smc net/smc: fix UAF on smcsk after smc_listen_out() 2025-08-28 16:31:14 +02:00
strparser strparser: Add read_sock callback 2025-02-27 04:30:19 -08:00
sunrpc net: better track kernel sockets lifetime 2025-08-20 18:30:56 +02:00
switchdev net: switchdev: Convert blocking notification chain to a raw one 2025-03-22 12:54:12 -07:00
tipc tipc: Fix use-after-free in tipc_conn_close(). 2025-07-17 18:37:05 +02:00
tls tls: fix handling of zero-length records on the rx_list 2025-08-28 16:31:11 +02:00
unix af_unix: Don't set -ECONNRESET for consumed OOB skb. 2025-07-06 11:01:40 +02:00
vmw_vsock vsock/virtio: Validate length in packet header before skb_put() 2025-08-28 16:30:59 +02:00
wireless wifi: cfg80211: reject HTC bit for management frames 2025-08-20 18:30:29 +02:00
x25
xdp xsk: Fix race condition in AF_XDP generic RX path 2025-05-09 09:50:38 +02:00
xfrm xfrm: Duplicate SPI Handling 2025-08-20 18:30:34 +02:00
compat.c
devres.c
Kconfig
Kconfig.debug
Makefile
socket.c
sysctl_net.c