From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 30 May 2022 16:24:05 +0000 (+0200)
Subject: netfilter: nf_tables: hold mutex on netns pre_exit path
X-Git-Tag: baikal/aarch64/sdk6.1~3836^2~19^2~3
X-Git-Url: https://git.baikalelectronics.ru/sdk/?a=commitdiff_plain;h=a669e8adb86a13fd522e3f4619d80500123fc268;p=kernel.git

netfilter: nf_tables: hold mutex on netns pre_exit path

clean_net() runs in workqueue while walking over the lists, grab mutex.

Fixes: 815fac68e781 ("netfilter: nftables: fix possible UAF over chains from packet path in netns")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index dcefb5f36b3af..f77414e13de1c 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -9896,7 +9896,11 @@ static int __net_init nf_tables_init_net(struct net *net)
 
 static void __net_exit nf_tables_pre_exit_net(struct net *net)
 {
+	struct nftables_pernet *nft_net = nft_pernet(net);
+
+	mutex_lock(&nft_net->commit_mutex);
 	__nft_release_hooks(net);
+	mutex_unlock(&nft_net->commit_mutex);
 }
 
 static void __net_exit nf_tables_exit_net(struct net *net)