netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
[ Upstream commit f969eb84ce482331a991079ab7a5c4dc3b7f89bf ]
nft_unregister_expr() can concurrent with __nft_expr_type_get(),
and there is not any protection when iterate over nf_tables_expressions
list in __nft_expr_type_get(). Therefore, there is potential data-race
of nf_tables_expressions list entry.
Use list_for_each_entry_rcu() to iterate over nf_tables_expressions
list in __nft_expr_type_get(), and use rcu_read_lock() in the caller
nft_expr_type_get() to protect the entire type query process.
BUG=b/342563242
TEST=presubmit
RELEASE_NOTE=Fixes CVE-2024-27020 in the Linux kernel
cos-patch: security-high
Fixes: ef1f7df9170d ("netfilter: nf_tables: expression ops overloading")
Change-Id: I5d438acff8b8663d2866c56c1c4f8d1d82597275
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Michael Kochera <kochera@google.com>
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/73176
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Oleksandr Tymoshenko <ovt@google.com>
1 file changed
