netfilter: nf_tables: hold mutex on netns pre_exit path

ummakynes · ummakynes · commit 3923b1e44066 · 2022-05-31T23:13:10.000+02:00
clean_net() runs in workqueue while walking over the lists, grab mutex. Fixes: 767d121 ("netfilter: nftables: fix possible UAF over chains from packet path in netns") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
@@ -9896,7 +9896,11 @@ static int __net_init nf_tables_init_net(struct net *net)
 
 static void __net_exit nf_tables_pre_exit_net(struct net *net)
 {
+	struct nftables_pernet *nft_net = nft_pernet(net);
+
+	mutex_lock(&nft_net->commit_mutex);
 	__nft_release_hooks(net);
+	mutex_unlock(&nft_net->commit_mutex);
 }
 
 static void __net_exit nf_tables_exit_net(struct net *net)

Original file line number	Diff line number	Diff line change
`@@ -9896,7 +9896,11 @@ static int __net_init nf_tables_init_net(struct net *net)`
`9896`	`9896`
`9897`	`9897`	`static void __net_exit nf_tables_pre_exit_net(struct net *net)`
`9898`	`9898`	`{`
	`9899`	`+ struct nftables_pernet *nft_net = nft_pernet(net);`
	`9900`	`+`
	`9901`	`+ mutex_lock(&nft_net->commit_mutex);`
`9899`	`9902`	`__nft_release_hooks(net);`
	`9903`	`+ mutex_unlock(&nft_net->commit_mutex);`
`9900`	`9904`	`}`
`9901`	`9905`
`9902`	`9906`	`static void __net_exit nf_tables_exit_net(struct net *net)`