• Taehee Yoo's avatar
    netfilter: nf_tables: release chain in flushing set · 1173678a
    Taehee Yoo authored
    [ Upstream commit 7acfda539c0b9636a58bfee56abfb3aeee806d96 ]
    
    When element of verdict map is deleted, the delete routine should
    release chain. however, flush element of verdict map routine doesn't
    release chain.
    
    test commands:
       %nft add table ip filter
       %nft add chain ip filter c1
       %nft add map ip filter map1 { type ipv4_addr : verdict \; }
       %nft add element ip filter map1 { 1 : jump c1 }
       %nft flush map ip filter map1
       %nft flush ruleset
    
    splat looks like:
    [ 4895.170899] kernel BUG at net/netfilter/nf_tables_api.c:1415!
    [ 4895.178114] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI
    [ 4895.178880] CPU: 0 PID: 1670 Comm: nft Not tainted 4.18.0+ #55
    [ 4895.178880] RIP: 0010:nf_tables_chain_destroy.isra.28+0x39/0x220 [nf_tables]
    [ 4895.178880] Code: fc ff df 53 48 89 fb 48 83 c7 50 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 09 3c 03 7f 05 e8 3e 4c 25 e1 8b 43 50 85 c0 74 02 <0f> 0b 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02
    [ 4895.228342] RSP: 0018:ffff88010b98f4c0 EFLAGS: 00010202
    [ 4895.234841] RAX: 0000000000000001 RBX: ffff8801131c6968 RCX: ffff8801146585b0
    [ 4895.234841] RDX: 1ffff10022638d37 RSI: ffff8801191a9348 RDI: ffff8801131c69b8
    [ 4895.234841] RBP: ffff8801146585a8 R08: 1ffff1002323526a R09: 0000000000000000
    [ 4895.234841] R10: 0000000000000000 R11: 0000000000000000 R12: dead000000000200
    [ 4895.234841] R13: dead000000000100 R14: ffffffffa3638af8 R15: dffffc0000000000
    [ 4895.234841] FS:  00007f6d188e6700(0000) GS:ffff88011b600000(0000) knlGS:0000000000000000
    [ 4895.234841] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [ 4895.234841] CR2: 00007ffe72b8df88 CR3: 000000010e2d4000 CR4: 00000000001006f0
    [ 4895.234841] Call Trace:
    [ 4895.234841]  nf_tables_commit+0x2704/0x2c70 [nf_tables]
    [ 4895.234841]  ? nfnetlink_rcv_batch+0xa4f/0x11b0 [nfnetlink]
    [ 4895.234841]  ? nf_tables_setelem_notify.constprop.48+0x1a0/0x1a0 [nf_tables]
    [ 4895.323824]  ? __lock_is_held+0x9d/0x130
    [ 4895.323824]  ? kasan_unpoison_shadow+0x30/0x40
    [ 4895.333299]  ? kasan_kmalloc+0xa9/0xc0
    [ 4895.333299]  ? kmem_cache_alloc_trace+0x2c0/0x310
    [ 4895.333299]  ? nfnetlink_rcv_batch+0xa4f/0x11b0 [nfnetlink]
    [ 4895.333299]  nfnetlink_rcv_batch+0xdb9/0x11b0 [nfnetlink]
    [ 4895.333299]  ? debug_show_all_locks+0x290/0x290
    [ 4895.333299]  ? nfnetlink_net_init+0x150/0x150 [nfnetlink]
    [ 4895.333299]  ? sched_clock_cpu+0xe5/0x170
    [ 4895.333299]  ? sched_clock_local+0xff/0x130
    [ 4895.333299]  ? sched_clock_cpu+0xe5/0x170
    [ 4895.333299]  ? find_held_lock+0x39/0x1b0
    [ 4895.333299]  ? sched_clock_local+0xff/0x130
    [ 4895.333299]  ? memset+0x1f/0x40
    [ 4895.333299]  ? nla_parse+0x33/0x260
    [ 4895.333299]  ? ns_capable_common+0x6e/0x110
    [ 4895.333299]  nfnetlink_rcv+0x2c0/0x310 [nfnetlink]
    [ ... ]
    
    Fixes: 59105446 ("netfilter: nf_tables: revisit chain/object refcounting from elements")
    Signed-off-by: 's avatarTaehee Yoo <ap420073@gmail.com>
    Signed-off-by: 's avatarPablo Neira Ayuso <pablo@netfilter.org>
    Signed-off-by: 's avatarSasha Levin <alexander.levin@microsoft.com>
    Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    1173678a
Name
Last commit
Last update
..
ipset Loading commit data...
ipvs Loading commit data...
Kconfig Loading commit data...
Makefile Loading commit data...
core.c Loading commit data...
nf_conntrack_acct.c Loading commit data...
nf_conntrack_amanda.c Loading commit data...
nf_conntrack_broadcast.c Loading commit data...
nf_conntrack_core.c Loading commit data...
nf_conntrack_ecache.c Loading commit data...
nf_conntrack_expect.c Loading commit data...
nf_conntrack_extend.c Loading commit data...
nf_conntrack_ftp.c Loading commit data...
nf_conntrack_h323_asn1.c Loading commit data...
nf_conntrack_h323_main.c Loading commit data...
nf_conntrack_h323_types.c Loading commit data...
nf_conntrack_helper.c Loading commit data...
nf_conntrack_irc.c Loading commit data...
nf_conntrack_l3proto_generic.c Loading commit data...
nf_conntrack_labels.c Loading commit data...
nf_conntrack_netbios_ns.c Loading commit data...
nf_conntrack_netlink.c Loading commit data...
nf_conntrack_pptp.c Loading commit data...
nf_conntrack_proto.c Loading commit data...
nf_conntrack_proto_dccp.c Loading commit data...
nf_conntrack_proto_generic.c Loading commit data...
nf_conntrack_proto_gre.c Loading commit data...
nf_conntrack_proto_sctp.c Loading commit data...
nf_conntrack_proto_tcp.c Loading commit data...
nf_conntrack_proto_udp.c Loading commit data...
nf_conntrack_sane.c Loading commit data...
nf_conntrack_seqadj.c Loading commit data...
nf_conntrack_sip.c Loading commit data...
nf_conntrack_snmp.c Loading commit data...
nf_conntrack_standalone.c Loading commit data...
nf_conntrack_tftp.c Loading commit data...
nf_conntrack_timeout.c Loading commit data...
nf_conntrack_timestamp.c Loading commit data...
nf_dup_netdev.c Loading commit data...
nf_internals.h Loading commit data...
nf_log.c Loading commit data...
nf_log_common.c Loading commit data...
nf_log_netdev.c Loading commit data...
nf_nat_amanda.c Loading commit data...
nf_nat_core.c Loading commit data...
nf_nat_ftp.c Loading commit data...
nf_nat_helper.c Loading commit data...
nf_nat_irc.c Loading commit data...
nf_nat_proto_common.c Loading commit data...
nf_nat_proto_dccp.c Loading commit data...
nf_nat_proto_sctp.c Loading commit data...
nf_nat_proto_tcp.c Loading commit data...
nf_nat_proto_udp.c Loading commit data...
nf_nat_proto_unknown.c Loading commit data...
nf_nat_redirect.c Loading commit data...
nf_nat_sip.c Loading commit data...
nf_nat_tftp.c Loading commit data...
nf_queue.c Loading commit data...
nf_sockopt.c Loading commit data...
nf_synproxy_core.c Loading commit data...
nf_tables_api.c Loading commit data...
nf_tables_core.c Loading commit data...
nf_tables_inet.c Loading commit data...
nf_tables_netdev.c Loading commit data...
nf_tables_trace.c Loading commit data...
nfnetlink.c Loading commit data...
nfnetlink_acct.c Loading commit data...
nfnetlink_cthelper.c Loading commit data...
nfnetlink_cttimeout.c Loading commit data...
nfnetlink_log.c Loading commit data...
nfnetlink_queue.c Loading commit data...
nft_bitwise.c Loading commit data...
nft_byteorder.c Loading commit data...
nft_cmp.c Loading commit data...
nft_compat.c Loading commit data...
nft_counter.c Loading commit data...
nft_ct.c Loading commit data...
nft_dup_netdev.c Loading commit data...
nft_dynset.c Loading commit data...
nft_exthdr.c Loading commit data...
nft_fib.c Loading commit data...
nft_fib_inet.c Loading commit data...
nft_fib_netdev.c Loading commit data...
nft_fwd_netdev.c Loading commit data...
nft_hash.c Loading commit data...
nft_immediate.c Loading commit data...
nft_limit.c Loading commit data...
nft_log.c Loading commit data...
nft_lookup.c Loading commit data...
nft_masq.c Loading commit data...
nft_meta.c Loading commit data...
nft_nat.c Loading commit data...
nft_numgen.c Loading commit data...
nft_objref.c Loading commit data...
nft_payload.c Loading commit data...
nft_queue.c Loading commit data...
nft_quota.c Loading commit data...
nft_range.c Loading commit data...
nft_redir.c Loading commit data...
nft_reject.c Loading commit data...
nft_reject_inet.c Loading commit data...
nft_rt.c Loading commit data...
nft_set_bitmap.c Loading commit data...
nft_set_hash.c Loading commit data...
nft_set_rbtree.c Loading commit data...
x_tables.c Loading commit data...
xt_AUDIT.c Loading commit data...
xt_CHECKSUM.c Loading commit data...
xt_CLASSIFY.c Loading commit data...
xt_CONNSECMARK.c Loading commit data...
xt_CT.c Loading commit data...
xt_DSCP.c Loading commit data...
xt_HL.c Loading commit data...
xt_HMARK.c Loading commit data...
xt_IDLETIMER.c Loading commit data...
xt_LED.c Loading commit data...
xt_LOG.c Loading commit data...
xt_NETMAP.c Loading commit data...
xt_NFLOG.c Loading commit data...
xt_NFQUEUE.c Loading commit data...
xt_RATEEST.c Loading commit data...
xt_REDIRECT.c Loading commit data...
xt_SECMARK.c Loading commit data...
xt_TCPMSS.c Loading commit data...
xt_TCPOPTSTRIP.c Loading commit data...
xt_TEE.c Loading commit data...
xt_TPROXY.c Loading commit data...
xt_TRACE.c Loading commit data...
xt_addrtype.c Loading commit data...
xt_bpf.c Loading commit data...
xt_cgroup.c Loading commit data...
xt_cluster.c Loading commit data...
xt_comment.c Loading commit data...
xt_connbytes.c Loading commit data...
xt_connlabel.c Loading commit data...
xt_connlimit.c Loading commit data...
xt_connmark.c Loading commit data...
xt_conntrack.c Loading commit data...
xt_cpu.c Loading commit data...
xt_dccp.c Loading commit data...
xt_devgroup.c Loading commit data...
xt_dscp.c Loading commit data...
xt_ecn.c Loading commit data...
xt_esp.c Loading commit data...
xt_hashlimit.c Loading commit data...
xt_helper.c Loading commit data...
xt_hl.c Loading commit data...
xt_ipcomp.c Loading commit data...
xt_iprange.c Loading commit data...
xt_ipvs.c Loading commit data...
xt_l2tp.c Loading commit data...
xt_length.c Loading commit data...
xt_limit.c Loading commit data...
xt_mac.c Loading commit data...
xt_mark.c Loading commit data...
xt_multiport.c Loading commit data...
xt_nat.c Loading commit data...
xt_nfacct.c Loading commit data...
xt_osf.c Loading commit data...
xt_owner.c Loading commit data...
xt_physdev.c Loading commit data...
xt_pkttype.c Loading commit data...
xt_policy.c Loading commit data...
xt_quota.c Loading commit data...
xt_rateest.c Loading commit data...
xt_realm.c Loading commit data...
xt_recent.c Loading commit data...
xt_repldata.h Loading commit data...
xt_sctp.c Loading commit data...
xt_set.c Loading commit data...
xt_socket.c Loading commit data...
xt_state.c Loading commit data...
xt_statistic.c Loading commit data...
xt_string.c Loading commit data...
xt_tcpmss.c Loading commit data...
xt_tcpudp.c Loading commit data...
xt_time.c Loading commit data...
xt_u32.c Loading commit data...