From: Sasha Levin <sashal@kernel.org>
Date: Fri, 15 Sep 2023 13:18:11 +0000 (+0200)
Subject: netfilter: nf_tables: disable toggling dormant table state more than once
X-Git-Tag: archive/raspbian/6.1.55-1+rpi1^2~46
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=ce84d91ebac90ccf4ed92e04a0878a2aed92f37e;p=linux.git

netfilter: nf_tables: disable toggling dormant table state more than once

[ Upstream commit c9bd26513b3a11b3adb3c2ed8a31a01a87173ff1 ]

nft -f -<<EOF
add table ip t
add table ip t { flags dormant; }
add chain ip t c { type filter hook input priority 0; }
add table ip t
EOF

Triggers a splat from nf core on next table delete because we lose
track of right hook register state:

WARNING: CPU: 2 PID: 1597 at net/netfilter/core.c:501 __nf_unregister_net_hook
RIP: 0010:__nf_unregister_net_hook+0x41b/0x570
 nf_unregister_net_hook+0xb4/0xf0
 __nf_tables_unregister_hook+0x160/0x1d0
[..]

The above should have table in *active* state, but in fact no
hooks were registered.

Reject on/off/on games rather than attempting to fix this.

Fixes: 179d9ba5559a ("netfilter: nf_tables: fix table flag updates")
Reported-by: "Lee, Cherie-Anne" <cherie.lee@starlabs.sg>
Cc: Bing-Jhong Billy Jheng <billy@starlabs.sg>
Cc: info@starlabs.sg
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name netfilter-nf_tables-disable-toggling-dormant-table-s.patch
---

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 521f8c3cb69..1d6a37430ff 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1211,6 +1211,10 @@ static int nf_tables_updtable(struct nft_ctx *ctx)
 	     flags & NFT_TABLE_F_OWNER))
 		return -EOPNOTSUPP;
 
+	/* No dormant off/on/off/on games in single transaction */
+	if (ctx->table->flags & __NFT_TABLE_F_UPDATE)
+		return -EINVAL;
+
 	trans = nft_trans_alloc(ctx, NFT_MSG_NEWTABLE,
 				sizeof(struct nft_trans_table));
 	if (trans == NULL)