Skip to content

Commit 0ebc106

Browse files
ummakynesFlorian Westphal
ummakynes
authored and
Florian Westphal
committed
netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
Bail out with EOPNOTSUPP when adding rule to bound chain via NFTA_RULE_CHAIN_ID. The following warning splat is shown when adding a rule to a deleted bound chain: WARNING: CPU: 2 PID: 13692 at net/netfilter/nf_tables_api.c:2013 nf_tables_chain_destroy+0x1f7/0x210 [nf_tables] CPU: 2 PID: 13692 Comm: chain-bound-rul Not tainted 6.1.39 #1 RIP: 0010:nf_tables_chain_destroy+0x1f7/0x210 [nf_tables] Fixes: d0e2c7d ("netfilter: nf_tables: add NFT_CHAIN_BINDING") Reported-by: Kevin Rich <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]> Signed-off-by: Florian Westphal <[email protected]>
1 parent 0a771f7 commit 0ebc106

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

net/netfilter/nf_tables_api.c

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3811,8 +3811,6 @@ static int nf_tables_newrule(struct sk_buff *skb, const struct nfnl_info *info,
38113811
NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_CHAIN]);
38123812
return PTR_ERR(chain);
38133813
}
3814-
if (nft_chain_is_bound(chain))
3815-
return -EOPNOTSUPP;
38163814

38173815
} else if (nla[NFTA_RULE_CHAIN_ID]) {
38183816
chain = nft_chain_lookup_byid(net, table, nla[NFTA_RULE_CHAIN_ID],
@@ -3825,6 +3823,9 @@ static int nf_tables_newrule(struct sk_buff *skb, const struct nfnl_info *info,
38253823
return -EINVAL;
38263824
}
38273825

3826+
if (nft_chain_is_bound(chain))
3827+
return -EOPNOTSUPP;
3828+
38283829
if (nla[NFTA_RULE_HANDLE]) {
38293830
handle = be64_to_cpu(nla_get_be64(nla[NFTA_RULE_HANDLE]));
38303831
rule = __nft_rule_lookup(chain, handle);

0 commit comments

Comments
 (0)