diff options
| author |   Florian Westphal <fw@strlen.de> | 2026-05-06 12:07:19 +0200 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2026-05-08 01:30:17 +0200 |
| commit | 92c603fa07bc0d6a17345de3ad7954730b8de44b (patch) | |
| tree | d103a9cd718fb5b58c7822aef531b520b189514c /tools/tracing/rtla/example/git:/ssh:/git@git.zx2c4.com | |
| parent | netfilter: ebtables: move to two-stage removal scheme (diff) | |
netfilter: ebtables: close dangling table module init race
sashiko reported for a related patch:
In modules like iptable_raw.c, [..], if register_pernet_subsys() fails,
the rollback might call kfree(rawtable_ops) before [..]
During this window, could a concurrent userspace process find the globally
visible template, trigger table_init(), [..]
The table init functions must always register the template last.
Otherwise, set/getsockopt can instantiate a table in a namespace
while the required pernet ops (contain the destructor) isn't available.
This change is also required in x_tables, handled in followup change.
Fixes: 87663c39f898 ("netfilter: ebtables: do not hook tables by default")
Reviewed-by: Tristan Madani <tristan@talencesecurity.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tools/tracing/rtla/example/git:/ssh:/git@git.zx2c4.com')
0 files changed, 0 insertions, 0 deletions