Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/net
History
Florian Westphal 91a79b7922 netfilter: nf_reject: don't leak dst refcount for loopback packets 
recent patches to add a WARN() when replacing skb dst entry found an
old bug:

WARNING: include/linux/skbuff.h:1165 skb_dst_check_unset include/linux/skbuff.h:1164 [inline]
WARNING: include/linux/skbuff.h:1165 skb_dst_set include/linux/skbuff.h:1210 [inline]
WARNING: include/linux/skbuff.h:1165 nf_reject_fill_skb_dst+0x2a4/0x330 net/ipv4/netfilter/nf_reject_ipv4.c:234
[..]
Call Trace:
 nf_send_unreach+0x17b/0x6e0 net/ipv4/netfilter/nf_reject_ipv4.c:325
 nft_reject_inet_eval+0x4bc/0x690 net/netfilter/nft_reject_inet.c:27
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 ..

This is because blamed commit forgot about loopback packets.
Such packets already have a dst_entry attached, even at PRE_ROUTING stage.

Instead of checking hook just check if the skb already has a route
attached to it.

Fixes: f53b9b0bdc ("netfilter: introduce support for reject at prerouting stage")
Signed-off-by: Florian Westphal <fw@strlen.de>
Link: https://patch.msgid.link/20250820123707.10671-1-fw@strlen.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2025-08-21 10:02:00 -07:00
..
6lowpan
9p
802
8021q
appletalk
atm
ax25
batman-adv
bluetooth Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() 2025-08-15 10:13:09 -04:00
bpf
bridge net: bridge: fix soft lockup in br_multicast_query_expired() 2025-08-14 17:49:33 -07:00
caif
can
ceph
core net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM 2025-08-18 17:20:06 -07:00
dcb
devlink devlink: let driver opt out of automatic phys_port_name generation 2025-08-12 13:23:39 -07:00
dns_resolver
dsa
ethernet
ethtool
handshake
hsr net, hsr: reject HSR frame if skb can't hold tag 2025-08-20 19:31:25 -07:00
ieee802154
ife
ipv4 netfilter: nf_reject: don't leak dst refcount for loopback packets 2025-08-21 10:02:00 -07:00
ipv6 netfilter: nf_reject: don't leak dst refcount for loopback packets 2025-08-21 10:02:00 -07:00
iucv
kcm net: kcm: Fix race condition in kcm_unattach() 2025-08-13 18:18:33 -07:00
key
l2tp
l3mdev
lapb
llc
mac80211
mac802154
mctp net: mctp: Fix bad kfree_skb in bind lookup test 2025-08-13 17:07:34 -07:00
mpls
mptcp mptcp: disable add_addr retransmission when timeout is 0 2025-08-18 17:39:58 -07:00
ncsi
netfilter netfilter: nf_tables: reject duplicate device on updates 2025-08-13 08:34:55 +02:00
netlabel
netlink
netrom
nfc
nsh
openvswitch
packet
phonet
psample
qrtr
rds
rfkill
rose
rxrpc
sched net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate 2025-08-20 19:27:08 -07:00
sctp sctp: linearize cloned gso packets in sctp_rcv 2025-08-08 13:08:06 -07:00
shaper
smc net/smc: fix UAF on smcsk after smc_listen_out() 2025-08-19 18:27:16 -07:00
strparser
sunrpc nfsd-6.17 fixes: 2025-08-11 07:38:55 -07:00
switchdev
tipc
tls tls: fix handling of zero-length records on the rx_list 2025-08-21 07:52:30 -07:00
unix
vmw_vsock vsock: Do not allow binding to VMADDR_PORT_ANY 2025-08-08 12:55:00 -07:00
wireless
x25
xdp
xfrm
Kconfig
Kconfig.debug
Makefile
compat.c
devres.c
socket.c
sysctl_net.c