netfilter: nf_tables: hold mutex on netns pre_exit path

clean_net() runs in workqueue while walking over the lists, grab mutex. Fixes: 767d1216bff8 ("netfilter: nftables: fix possible UAF over chains from packet path in netns") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2022-05-30 18:24:05 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2022-05-31 23:13:10 +0200
commit: 3923b1e4406680d57da7e873da77b1683035d83f (patch)
tree: 007a0067530e3399f299eda20c7498d2306c2cce /net
parent: fecf31ee395b0295f2d7260aa29946b7605f7c85 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index dcefb5f36b3a..f77414e13de1 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -9896,7 +9896,11 @@ static int __net_init nf_tables_init_net(struct net *net)
 
 static void __net_exit nf_tables_pre_exit_net(struct net *net)
 {
+	struct nftables_pernet *nft_net = nft_pernet(net);
+
+	mutex_lock(&nft_net->commit_mutex);
 	__nft_release_hooks(net);
+	mutex_unlock(&nft_net->commit_mutex);
 }
 
 static void __net_exit nf_tables_exit_net(struct net *net)
author	Pablo Neira Ayuso <pablo@netfilter.org>	2022-05-30 18:24:05 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2022-05-31 23:13:10 +0200
commit	3923b1e4406680d57da7e873da77b1683035d83f (patch)
tree	007a0067530e3399f299eda20c7498d2306c2cce /net
parent	fecf31ee395b0295f2d7260aa29946b7605f7c85 (diff)