MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-23 07:23:12 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
c47ca77fee
linux-yocto/net
History
Wang Liang c47ca77fee netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm 
[ Upstream commit 479a54ab92087318514c82428a87af2d7af1a576 ]

When send a broadcast packet to a tap device, which was added to a bridge,
br_nf_local_in() is called to confirm the conntrack. If another conntrack
with the same hash value is added to the hash table, which can be
triggered by a normal packet to a non-bridge device, the below warning
may happen.

  ------------[ cut here ]------------
  WARNING: CPU: 1 PID: 96 at net/bridge/br_netfilter_hooks.c:632 br_nf_local_in+0x168/0x200
  CPU: 1 UID: 0 PID: 96 Comm: tap_send Not tainted 6.17.0-rc2-dirty #44 PREEMPT(voluntary)
  RIP: 0010:br_nf_local_in+0x168/0x200
  Call Trace:
   <TASK>
   nf_hook_slow+0x3e/0xf0
   br_pass_frame_up+0x103/0x180
   br_handle_frame_finish+0x2de/0x5b0
   br_nf_hook_thresh+0xc0/0x120
   br_nf_pre_routing_finish+0x168/0x3a0
   br_nf_pre_routing+0x237/0x5e0
   br_handle_frame+0x1ec/0x3c0
   __netif_receive_skb_core+0x225/0x1210
   __netif_receive_skb_one_core+0x37/0xa0
   netif_receive_skb+0x36/0x160
   tun_get_user+0xa54/0x10c0
   tun_chr_write_iter+0x65/0xb0
   vfs_write+0x305/0x410
   ksys_write+0x60/0xd0
   do_syscall_64+0xa4/0x260
   entry_SYSCALL_64_after_hwframe+0x77/0x7f
   </TASK>
  ---[ end trace 0000000000000000 ]---

To solve the hash conflict, nf_ct_resolve_clash() try to merge the
conntracks, and update skb->_nfct. However, br_nf_local_in() still use the
old ct from local variable 'nfct' after confirm(), which leads to this
warning.

If confirm() does not insert the conntrack entry and return NF_DROP, the
warning may also occur. There is no need to reserve the WARN_ON_ONCE, just
remove it.

Link: https://lore.kernel.org/netdev/20250820043329.2902014-1-wangliang74@huawei.com/
Fixes: 62e7151ae3 ("netfilter: bridge: confirm multicast packets before passing them up the stack")
Suggested-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Wang Liang <wangliang74@huawei.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-09-09 18:58:06 +02:00
..
6lowpan
9p 9p/trans_fd: mark concurrent read and writes to p9_conn->err 2025-05-02 07:59:20 +02:00
802
8021q net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime 2025-07-24 08:56:34 +02:00
appletalk net: appletalk: Fix use-after-free in AARP proxy probe 2025-08-01 09:48:41 +01:00
atm atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). 2025-09-04 15:31:47 +02:00
ax25
batman-adv
bluetooth Bluetooth: hci_sync: Avoid adding default advertising on startup 2025-09-09 18:58:03 +02:00
bpf
bridge netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm 2025-09-09 18:58:06 +02:00
caif caif: reduce stack size, again 2025-08-15 12:13:40 +02:00
can can: bcm: add missing rcu read protection for procfs content 2025-05-29 11:03:19 +02:00
ceph
core net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM 2025-08-28 16:31:14 +02:00
dcb
dccp
devlink
dns_resolver
dsa net: dsa: tag_brcm: legacy: fix pskb_may_pull length 2025-06-19 15:32:16 +02:00
ethernet
ethtool ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() 2025-04-25 10:47:43 +02:00
handshake
hsr net, hsr: reject HSR frame if skb can't hold tag 2025-08-28 16:31:02 +02:00
ieee802154
ife
ipv4 net: ipv4: fix regression in local-broadcast routes 2025-09-04 15:31:45 +02:00
ipv6 netfilter: nf_reject: don't leak dst refcount for loopback packets 2025-08-28 16:31:16 +02:00
iucv
kcm net: kcm: Fix race condition in kcm_unattach() 2025-08-20 18:30:18 +02:00
key
l2tp l2tp: do not use sock_hold() in pppol2tp_session_get_sock() 2025-09-04 15:31:51 +02:00
l3mdev
lapb
llc llc: fix data loss when reading from a socket in llc_ui_recvmsg() 2025-05-29 11:03:20 +02:00
mac80211 wifi: mac80211: check basic rates validity in sta_link_apply_parameters 2025-08-20 18:30:56 +02:00
mac802154
mctp net: mctp: Prevent duplicate binds 2025-08-20 18:30:31 +02:00
mpls mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). 2025-06-27 11:11:43 +01:00
mptcp mptcp: disable add_addr retransmission when timeout is 0 2025-08-28 16:31:07 +02:00
ncsi net: ncsi: Fix buffer overflow in fetching version id 2025-08-20 18:30:38 +02:00
netfilter netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps 2025-08-20 18:30:28 +02:00
netlabel calipso: unlock rcu before returning -EAFNOSUPPORT 2025-06-19 15:32:37 +02:00
netlink net: better track kernel sockets lifetime 2025-08-20 18:30:56 +02:00
netrom
nfc NFC: nci: uart: Set tty->disc_data only in success path 2025-06-27 11:11:21 +01:00
nsh
openvswitch net: openvswitch: Fix the dead loop of MPLS parse 2025-06-19 15:31:55 +02:00
packet net/packet: fix a race in packet_set_ring() and packet_notifier() 2025-08-15 12:14:09 +02:00
phonet phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() 2025-07-24 08:56:24 +02:00
psample
qrtr
rds net: better track kernel sockets lifetime 2025-08-20 18:30:56 +02:00
rfkill
rose net: rose: fix a typo in rose_clear_routes() 2025-09-04 15:31:55 +02:00
rxrpc rxrpc: Fix transmission of an abort in response to an abort 2025-07-24 08:56:35 +02:00
sched net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate 2025-08-28 16:31:15 +02:00
sctp sctp: initialize more fields in sctp_v6_from_sk() 2025-09-04 15:31:51 +02:00
smc net/smc: fix UAF on smcsk after smc_listen_out() 2025-08-28 16:31:14 +02:00
strparser
sunrpc net: better track kernel sockets lifetime 2025-08-20 18:30:56 +02:00
switchdev
tipc tipc: Fix use-after-free in tipc_conn_close(). 2025-07-17 18:37:05 +02:00
tls tls: fix handling of zero-length records on the rx_list 2025-08-28 16:31:11 +02:00
unix af_unix: Don't set -ECONNRESET for consumed OOB skb. 2025-07-06 11:01:40 +02:00
vmw_vsock vsock/virtio: Validate length in packet header before skb_put() 2025-08-28 16:30:59 +02:00
wireless wifi: cfg80211: fix use-after-free in cmp_bss() 2025-09-09 18:58:05 +02:00
x25
xdp xsk: Fix race condition in AF_XDP generic RX path 2025-05-09 09:50:38 +02:00
xfrm xfrm: Duplicate SPI Handling 2025-08-20 18:30:34 +02:00
compat.c
devres.c
Kconfig
Kconfig.debug
Makefile
socket.c
sysctl_net.c