aboutsummaryrefslogtreecommitdiffstats
path: root/queue-6.8/netfilter-nf_tables-missing-iterator-type-in-lookup-.patch
diff options
context:
space:
mode:
Diffstat (limited to 'queue-6.8/netfilter-nf_tables-missing-iterator-type-in-lookup-.patch')
-rw-r--r--queue-6.8/netfilter-nf_tables-missing-iterator-type-in-lookup-.patch49
1 files changed, 49 insertions, 0 deletions
diff --git a/queue-6.8/netfilter-nf_tables-missing-iterator-type-in-lookup-.patch b/queue-6.8/netfilter-nf_tables-missing-iterator-type-in-lookup-.patch
new file mode 100644
index 0000000000..d651ab4ab9
--- /dev/null
+++ b/queue-6.8/netfilter-nf_tables-missing-iterator-type-in-lookup-.patch
@@ -0,0 +1,49 @@
+From eda3ba19371abd3591e25adebf7f16d478e57dcb Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 17 Apr 2024 17:43:01 +0200
+Subject: netfilter: nf_tables: missing iterator type in lookup walk
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+[ Upstream commit efefd4f00c967d00ad7abe092554ffbb70c1a793 ]
+
+Add missing decorator type to lookup expression and tighten WARN_ON_ONCE
+check in pipapo to spot earlier that this is unset.
+
+Fixes: 29b359cf6d95 ("netfilter: nft_set_pipapo: walk over current view on netlink dump")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/netfilter/nft_lookup.c | 1 +
+ net/netfilter/nft_set_pipapo.c | 3 ++-
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c
+index 870e5b113d13e..87c18eddb0689 100644
+--- a/net/netfilter/nft_lookup.c
++++ b/net/netfilter/nft_lookup.c
+@@ -216,6 +216,7 @@ static int nft_lookup_validate(const struct nft_ctx *ctx,
+ return 0;
+
+ iter.genmask = nft_genmask_next(ctx->net);
++ iter.type = NFT_ITER_UPDATE;
+ iter.skip = 0;
+ iter.count = 0;
+ iter.err = 0;
+diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c
+index 979b5e80c400b..c91efad49c6d5 100644
+--- a/net/netfilter/nft_set_pipapo.c
++++ b/net/netfilter/nft_set_pipapo.c
+@@ -2048,7 +2048,8 @@ static void nft_pipapo_walk(const struct nft_ctx *ctx, struct nft_set *set,
+ const struct nft_pipapo_field *f;
+ int i, r;
+
+- WARN_ON_ONCE(iter->type == NFT_ITER_UNSPEC);
++ WARN_ON_ONCE(iter->type != NFT_ITER_READ &&
++ iter->type != NFT_ITER_UPDATE);
+
+ rcu_read_lock();
+ if (iter->type == NFT_ITER_READ)
+--
+2.43.0
+
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-17 23:54:58 +0000