MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 23:13:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
c6a3b81c36
linux-yocto/net/ipv4
History
Florian Westphal 7b8b503c06 netfilter: nf_reject: don't leak dst refcount for loopback packets 
[ Upstream commit 91a79b792204313153e1bdbbe5acbfc28903b3a5 ]

recent patches to add a WARN() when replacing skb dst entry found an
old bug:

WARNING: include/linux/skbuff.h:1165 skb_dst_check_unset include/linux/skbuff.h:1164 [inline]
WARNING: include/linux/skbuff.h:1165 skb_dst_set include/linux/skbuff.h:1210 [inline]
WARNING: include/linux/skbuff.h:1165 nf_reject_fill_skb_dst+0x2a4/0x330 net/ipv4/netfilter/nf_reject_ipv4.c:234
[..]
Call Trace:
 nf_send_unreach+0x17b/0x6e0 net/ipv4/netfilter/nf_reject_ipv4.c:325
 nft_reject_inet_eval+0x4bc/0x690 net/netfilter/nft_reject_inet.c:27
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 ..

This is because blamed commit forgot about loopback packets.
Such packets already have a dst_entry attached, even at PRE_ROUTING stage.

Instead of checking hook just check if the skb already has a route
attached to it.

Fixes: f53b9b0bdc ("netfilter: introduce support for reject at prerouting stage")
Signed-off-by: Florian Westphal <fw@strlen.de>
Link: https://patch.msgid.link/20250820123707.10671-1-fw@strlen.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-08-28 16:22:59 +02:00
..
bpfilter
netfilter netfilter: nf_reject: don't leak dst refcount for loopback packets 2025-08-28 16:22:59 +02:00
af_inet.c net: inet: do not leave a dangling sk pointer in inet_create() 2024-12-14 19:48:27 +01:00
ah4.c
arp.c arp: use RCU protection in arp_xmit() 2025-03-13 12:47:22 +01:00
bpf_tcp_ca.c
cipso_ipv4.c cipso: fix total option length computation 2024-07-05 09:12:37 +02:00
datagram.c udp: Update reuse->has_conns under reuseport_lock. 2022-10-30 09:41:19 +01:00
devinet.c ipv4: use RCU protection in inet_select_addr() 2025-03-13 12:47:21 +01:00
esp4_offload.c xfrm: Linearize the skb after offloading if needed. 2023-06-28 10:28:11 +02:00
esp4.c net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP 2024-08-19 05:40:44 +02:00
fib_frontend.c ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config(). 2025-06-04 14:37:02 +02:00
fib_lookup.h
fib_notifier.c
fib_rules.c ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure(). 2025-06-04 14:37:05 +02:00
fib_semantics.c net: Add l3mdev index to flow struct and avoid oif reset for port devices 2024-10-17 15:08:35 +02:00
fib_trie.c ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config(). 2025-06-04 14:37:02 +02:00
fou.c fou: remove warn in gue_gro_receive on unsupported protocol 2025-02-01 18:22:31 +01:00
gre_demux.c
gre_offload.c gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers 2024-09-12 11:06:47 +02:00
icmp.c icmp: guard against too small mtu 2023-04-20 12:10:21 +02:00
igmp.c bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument 2024-03-26 18:21:53 -04:00
inet_connection_sock.c tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). 2025-05-02 07:41:04 +02:00
inet_diag.c inet_diag: Initialize pad field in struct inet_diag_req_v2 2024-07-18 13:05:42 +02:00
inet_fragment.c inet: inet_defrag: prevent sk release while still in use 2024-10-17 15:07:37 +02:00
inet_hashtables.c net/ipv4: fix type mismatch in inet_ehash_locks_alloc() causing build failure 2025-06-27 11:04:23 +01:00
inet_timewait_sock.c tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() 2024-05-02 16:23:45 +02:00
inetpeer.c
ip_forward.c
ip_fragment.c inet: inet_defrag: prevent sk release while still in use 2024-10-17 15:07:37 +02:00
ip_gre.c net: Handle l3mdev in ip_tunnel_init_flow 2024-10-17 15:08:38 +02:00
ip_input.c net: use indirect call helpers for dst_input 2025-03-13 12:47:32 +01:00
ip_options.c
ip_output.c net: use indirect call helpers for dst_output 2025-03-13 12:47:32 +01:00
ip_sockglue.c bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument 2024-03-26 18:21:53 -04:00
ip_tunnel_core.c net: fix geneve_opt length integer overflow 2025-04-10 14:31:01 +02:00
ip_tunnel.c ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() 2025-02-01 18:22:33 +01:00
ip_vti.c ip_vti: fix potential slab-use-after-free in decode_session6 2023-08-26 15:26:52 +02:00
ipcomp.c
ipconfig.c
ipip.c
ipmr_base.c ipmr: do not call mr_mfc_uses_dev() for unres entries 2025-03-13 12:46:57 +01:00
ipmr.c ipmr: fix tables suspicious RCU usage 2024-12-14 19:48:05 +01:00
Kconfig tcp: configurable source port perturb table size 2022-12-02 17:40:05 +01:00
Makefile bpf: Clean up sockmap related Kconfigs 2025-06-27 11:04:09 +01:00
metrics.c ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() 2023-02-01 08:23:24 +01:00
netfilter.c
netlink.c
nexthop.c net: nexthop: Initialize all fields in dumped nexthops 2024-08-19 05:41:04 +02:00
ping.c
proc.c
protocol.c
raw_diag.c
raw.c ipv{4,6}/raw: fix output xfrm lookup wrt protocol 2023-06-05 09:07:04 +02:00
route.c net: ipv4: fix incorrect MTU in broadcast routes 2025-08-28 16:22:43 +02:00
syncookies.c tcp: fix cookie_init_timestamp() overflows 2023-11-20 11:06:46 +01:00
sysctl_net_ipv4.c net: Introduce net.ipv4.tcp_migrate_req. 2023-07-27 08:44:42 +02:00
tcp_bbr.c
tcp_bic.c
tcp_bpf.c net: Rename ->stream_memory_read to ->sock_is_readable 2025-06-27 11:04:09 +01:00
tcp_cdg.c tcp: cdg: allow tcp_cdg_release() to be called multiple times 2022-11-25 17:45:55 +01:00
tcp_cong.c
tcp_cubic.c
tcp_dctcp.c tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). 2024-06-16 13:32:27 +02:00
tcp_dctcp.h
tcp_diag.c
tcp_fastopen.c tcp: annotate data-races around fastopenq.max_qlen 2023-07-27 08:44:43 +02:00
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range 2025-08-28 16:22:32 +02:00
tcp_ipv4.c tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process 2024-10-17 15:08:12 +02:00
tcp_lp.c
tcp_metrics.c tcp_metrics: validate source addr length 2024-07-18 13:05:41 +02:00
tcp_minisocks.c tcp: Defer ts_recent changes until req is owned 2025-03-13 12:47:32 +01:00
tcp_nv.c
tcp_offload.c net-timestamp: support TCP GSO case for a few missing flags 2025-03-13 12:47:40 +01:00
tcp_output.c tcp: check space before adding MPTCP SYN options 2024-12-19 18:06:08 +01:00
tcp_rate.c
tcp_recovery.c tcp: fix excessive TLP and RACK timeouts from HZ rounding 2023-10-25 11:54:20 +02:00
tcp_scalable.c
tcp_timer.c tcp: avoid too many retransmit packets 2024-07-18 13:05:47 +02:00
tcp_ulp.c net/ulp: use consistent error code when blocking ULP 2023-01-24 07:20:01 +01:00
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tcp.c net: Rename ->stream_memory_read to ->sock_is_readable 2025-06-27 11:04:09 +01:00
tunnel4.c
udp_bpf.c
udp_diag.c
udp_impl.h
udp_offload.c udp: also consider secpath when evaluating ipsec use for checksumming 2025-08-28 16:22:39 +02:00
udp_tunnel_core.c net/tunnel: wait until all sk_user_data reader finish before releasing the sock 2023-01-14 10:15:43 +01:00
udp_tunnel_nic.c
udp_tunnel_stub.c
udp.c udp: gso: do not drop small packets when PMTU reduces 2025-03-13 12:47:04 +01:00
udplite.c udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated(). 2023-05-30 12:57:57 +01:00
xfrm4_input.c xfrm: Preserve vlan tags for transport mode software GRO 2024-05-17 11:48:06 +02:00
xfrm4_output.c
xfrm4_policy.c xfrm: respect ip protocols rules criteria when performing dst lookups 2024-11-08 16:21:59 +01:00
xfrm4_protocol.c
xfrm4_state.c
xfrm4_tunnel.c