Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
jira LE-1907 cve CVE-2024-26925 Rebuild_History Non-Buildable kernel-4.18.0-553.16.1.el8_10 commit-author Pablo Neira Ayuso <[email protected]> commit 0d459e2 Empty-Commit: Cherry-Pick Conflicts during history rebuild. Will be included in final tarball splat. Ref for failed cherry-pick at: ciq/ciq_backports/kernel-4.18.0-553.16.1.el8_10/0d459e2f.failed The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called. Cc: [email protected] Fixes: 7203443 ("netfilter: nf_tables: GC transaction race with abort path") Reported-by: Kuan-Ting Chen <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]> (cherry picked from commit 0d459e2) Signed-off-by: Jonathan Maple <[email protected]> # Conflicts: # net/netfilter/nf_tables_api.c
- Loading branch information