netfilter: nf_tables: fix netdev hook allocation memleak with dormant tables - kernel/linux.git

diff options

author	Florian Westphal <fw@strlen.de>	2026-04-29 09:21:35 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2026-04-30 09:03:22 +0300
commit	63bac027860308d1344f761cb47aabb3b30973fd (patch)
tree	912a0f2415b60262501a36e17e853e1d5be320af /include/linux
parent	8bedb6c46945752a688d9b0cf2021e0e68b1876c (diff)
download	linux-63bac027860308d1344f761cb47aabb3b30973fd.tar.xz

netfilter: nf_tables: fix netdev hook allocation memleak with dormant tables

sashiko says: could the related code in __nf_tables_abort() leak the struct nft_hook objects when the table is dormant? In __nf_tables_abort(), when rolling back a NEWCHAIN transaction that updates hooks, the code conditionally unregisters and frees the hooks only if the table is not dormant [..] if (!(table->flags & NFT_TABLE_F_DORMANT)) { nft_netdev_unregister_hooks(net, &nft_trans_chain_hooks(trans), true); } ... nft_trans_destroy(trans); Unfortunately netdev family mixes hook registration and allocation. Push table struct down and only check for the flag to unregister. Fixes: 216e7bf7402c ("netfilter: nf_tables: skip netdev hook unregistration if table is dormant") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'include/linux')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: