diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-07-23 16:24:46 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2023-07-26 16:48:49 +0200 |
| commit | 0a771f7b266b02d262900c75f1e175c7fe76fec2 (patch) | |
| tree | 423d50a9a9b24b3c51754383e5511f2a51ed2369 /security/selinux/hooks.c | |
| parent | f718863aca469a109895cb855e6b81fff4827d71 (diff) | |
netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
On error when building the rule, the immediate expression unbinds the
chain, hence objects can be deactivated by the transaction records.
Otherwise, it is possible to trigger the following warning:
WARNING: CPU: 3 PID: 915 at net/netfilter/nf_tables_api.c:2013 nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
CPU: 3 PID: 915 Comm: chain-bind-err- Not tainted 6.1.39 #1
RIP: 0010:nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
Fixes: 4bedf9eee016 ("netfilter: nf_tables: fix chain binding transaction logic")
Reported-by: Kevin Rich <kevinrich1337@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'security/selinux/hooks.c')
0 files changed, 0 insertions, 0 deletions