github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 05:55:44 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
Linux kernel source tree
984,316 Commits 1 Branch 933 Tags 20 GiB
C 97%
Assembly 1%
Shell 0.6%
Rust 0.5%
Python 0.4%
Other 0.3%
9e7dcb88ec
Go to file
Thadeu Lima de Souza Cascardo 9e7dcb88ec netfilter: nf_tables: do not allow CHAIN_ID to refer to another table 
commit 95f466d223 upstream.

When doing lookups for chains on the same batch by using its ID, a chain
from a different table can be used. If a rule is added to a table but
refers to a chain in a different table, it will be linked to the chain in
table2, but would have expressions referring to objects in table1.

Then, when table1 is removed, the rule will not be removed as its linked to
a chain in table2. When expressions in the rule are processed or removed,
that will lead to a use-after-free.

When looking for chains by ID, use the table that was used for the lookup
by name, and only return chains belonging to that same table.

Fixes: 837830a4b4 ("netfilter: nf_tables: add NFTA_RULE_CHAIN_ID attribute")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-08-21 15:15:27 +02:00
arch arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC 2022-08-21 15:15:27 +02:00
block block: Fix handling of offline queues in blk_mq_alloc_request_hctx() 2022-06-22 14:13:17 +02:00
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist 2022-06-22 14:13:17 +02:00
crypto crypto: memneq - move into lib/ 2022-06-22 14:13:18 +02:00
Documentation x86/speculation: Add RSB VM Exit protections 2022-08-11 13:06:47 +02:00
drivers usb: dwc3: gadget: fix high speed multiplier setting 2022-08-21 15:15:27 +02:00
fs fuse: limit nsec 2022-08-21 15:15:25 +02:00
include USB: HCD: Fix URB giveback issue in tasklet function 2022-08-21 15:15:26 +02:00
init Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug 2022-06-09 10:21:25 +02:00
ipc ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() 2022-06-09 10:21:17 +02:00
kernel lockdep: Allow tuning tracing capacity constants. 2022-08-21 15:15:27 +02:00
lib lockdep: Allow tuning tracing capacity constants. 2022-08-21 15:15:27 +02:00
LICENSES
mm mm/mremap: hold the rmap lock in write mode when moving page table entries. 2022-08-21 15:15:21 +02:00
net netfilter: nf_tables: do not allow CHAIN_ID to refer to another table 2022-08-21 15:15:27 +02:00
samples x86: Prepare inline-asm for straight-line-speculation 2022-07-25 11:26:29 +02:00
scripts x86/retbleed: Add fine grained Kconfig knobs 2022-07-25 11:26:50 +02:00
security lockdown: Fix kexec lockdown bypass with ima policy 2022-07-29 17:19:06 +02:00
sound ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED 2022-08-21 15:15:22 +02:00
tools x86/speculation: Add RSB VM Exit protections 2022-08-11 13:06:47 +02:00
usr usr/include/Makefile: add linux/nfc.h to the compile-test coverage 2022-02-01 17:25:48 +01:00
virt KVM: Don't null dereference ops->destroy 2022-07-29 17:19:23 +02:00
.clang-format RDMA 5.10 pull request 2020-10-17 11:18:18 -07:00
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore kbuild: generate Module.symvers only when vmlinux exists 2021-05-19 10:12:59 +02:00
.mailmap mailmap: add two more addresses of Uwe Kleine-König 2020-12-06 10:19:07 -08:00
COPYING
CREDITS MAINTAINERS: Move Jason Cooper to CREDITS 2020-11-30 10:20:34 +01:00
Kbuild
Kconfig
MAINTAINERS MAINTAINERS: add Amir as xfs maintainer for 5.10.y 2022-07-02 16:39:22 +02:00
Makefile Makefile: link with -z noexecstack --no-warn-rwx-segments 2022-08-21 15:15:18 +02:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.