Pavel Tikhomirov 0af8c09c89 netfilter: x_tables: fix percpu counter block leak on error path when creating new netns ... Here is the stack where we allocate percpu counter block: +-< __alloc_percpu +-< xt_percpu_counter_alloc +-< find_check_entry # {arp,ip,ip6}_tables.c +-< translate_table And it can be leaked on this code path: +-> ip6t_register_table +-> translate_table # allocates percpu counter block +-> xt_register_table # fails there is no freeing of the counter block on xt_register_table fail. Note: xt_percpu_counter_free should be called to free it like we do in do_replace through cleanup_entry helper (or in __ip6t_unregister_table). Probability of hitting this error path is low AFAICS (xt_register_table can only return ENOMEM here, as it is not replacing anything, as we are creating new netns, and it is hard to imagine that all previous allocations succeeded and after that one in xt_register_table failed). But it's worth fixing even the rare leak. Fixes: 71ae0dff02 ("netfilter: xtables: use percpu rule counters") Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>		2023-02-22 10:11:27 +01:00
..
ila	genetlink: start to validate reserved header bytes	2022-08-29 12:47:15 +01:00
netfilter	netfilter: x_tables: fix percpu counter block leak on error path when creating new netns	2023-02-22 10:11:27 +01:00
addrconf_core.c	net: rename reference+tracking helpers	2022-06-09 21:52:55 -07:00
addrconf.c	ip/ip6_gre: Fix non-point-to-point tunnel not generating IPv6 link local address	2023-02-01 19:52:22 -08:00
addrlabel.c	ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network	2022-11-07 12:26:15 +00:00
af_inet6.c	net: Return errno in sk->sk_prot->get_port().	2022-11-21 13:05:39 +00:00
ah6.c	xfrm: ah: add extack to ah_init_state, ah6_init_state	2022-09-29 07:17:59 +02:00
anycast.c
calipso.c
datagram.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-12-13 09:49:29 +01:00
esp6_offload.c	Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next	2022-11-29 20:50:51 -08:00
esp6.c	Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next	2022-10-03 07:52:13 +01:00
exthdrs_core.c
exthdrs_offload.c
exthdrs.c
fib6_notifier.c
fib6_rules.c
fou6.c
icmp.c	icmp: Fix data-races around sysctl_icmp_echo_enable_probe.	2022-07-13 12:56:49 +01:00
inet6_connection_sock.c
inet6_hashtables.c	tcp: Access &tcp_hashinfo via net.	2022-09-20 10:21:49 -07:00
ioam6_iptunnel.c
ioam6.c	genetlink: start to validate reserved header bytes	2022-08-29 12:47:15 +01:00
ip6_checksum.c
ip6_fib.c	ipv6: fib6_new_sernum() optimization	2022-11-16 12:42:00 +00:00
ip6_flowlabel.c	treewide: use get_random_u32() when possible	2022-10-11 17:42:58 -06:00
ip6_gre.c	ipv6: tunnels: use DEV_STATS_INC()	2022-11-16 12:48:44 +00:00
ip6_icmp.c
ip6_input.c	tcp/udp: Make early_demux back namespacified.	2022-07-15 18:50:35 -07:00
ip6_offload.c	IPv6/GRO: generic helper to remove temporary HBH/jumbo header in driver	2022-12-12 15:41:44 -08:00
ip6_offload.h
ip6_output.c	ipv6: fix reachability confirmation with proxy_ndp	2023-01-23 11:17:37 +00:00
ip6_tunnel.c	ipv6: tunnels: use DEV_STATS_INC()	2022-11-16 12:48:44 +00:00
ip6_udp_tunnel.c
ip6_vti.c	ipv6: tunnels: use DEV_STATS_INC()	2022-11-16 12:48:44 +00:00
ip6mr.c	treewide: Convert del_timer*() to timer_shutdown*()	2022-12-25 13:38:09 -08:00
ipcomp6.c	xfrm: ipcomp: add extack to ipcomp{4,6}_init_state	2022-09-29 07:18:00 +02:00
ipv6_sockglue.c	inet6: Clean up failure path in do_ipv6_setsockopt().	2022-10-24 09:40:39 +01:00
Kconfig	crypto: lib - make the sha1 library optional	2022-07-15 16:43:59 +08:00
Makefile
mcast_snoop.c
mcast.c	treewide: use get_random_u32_below() instead of deprecated function	2022-11-18 02:15:15 +01:00
mip6.c	xfrm: mip6: add extack to mip6_destopt_init_state, mip6_rthdr_init_state	2022-09-29 07:18:01 +02:00
ndisc.c	net: fix potential refcount leak in ndisc_router_discovery()	2022-08-15 11:40:28 +01:00
netfilter.c	netfilter: Use l3mdev flow key when re-routing mangled packets	2022-05-16 13:03:29 +02:00
output_core.c	treewide: use get_random_u32_{above,below}() instead of manual loop	2022-11-18 02:15:22 +01:00
ping.c	inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().	2022-10-24 09:40:38 +01:00
proc.c
protocol.c
raw.c	ipv6: raw: Deduct extension header length in rawv6_push_pending_frames	2023-01-11 12:49:13 +00:00
reassembly.c	net: dropreason: add SKB_DROP_REASON_DUP_FRAG	2022-10-31 20:14:26 -07:00
route.c	treewide: use get_random_u32_below() instead of deprecated function	2022-11-18 02:15:15 +01:00
rpl_iptunnel.c
rpl.c
seg6_hmac.c	net: ipv6: unexport __init-annotated seg6_hmac_net_init()	2022-06-28 21:23:30 -07:00
seg6_iptunnel.c	seg6: add support for SRv6 H.L2Encaps.Red behavior	2022-07-29 12:14:03 +01:00
seg6_local.c	net: Remove the obsolte u64_stats_fetch_*_irq() users (net).	2022-10-28 20:13:54 -07:00
seg6.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-09-08 18:38:30 +02:00
sit.c	ipv6/sit: use DEV_STATS_INC() to avoid data-races	2022-11-16 12:48:44 +00:00
syncookies.c	tcp: Fix data-races around sysctl_tcp_syncookies.	2022-07-18 12:21:54 +01:00
sysctl_net_ipv6.c
tcp_ipv6.c	net/tcp: Do cleanup on tcp_md5_key_copy() failure	2022-12-01 15:53:05 -08:00
tcpv6_offload.c
tunnel6.c
udp_impl.h	tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().	2022-10-12 17:50:37 -07:00
udp_offload.c	udp: allow header check for dodgy GSO_UDP_L4 packets.	2022-12-12 09:29:56 +00:00
udp.c	udp: Access &udp_table via net.	2022-11-16 09:43:35 +00:00
udplite.c	tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().	2022-10-12 17:50:37 -07:00
xfrm6_input.c
xfrm6_output.c
xfrm6_policy.c	xfrm: Fix ignored return value in xfrm6_init()	2022-11-22 07:16:34 +01:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c	xfrm: tunnel: add extack to ipip_init_state, xfrm6_tunnel_init_state	2022-09-29 07:18:00 +02:00