From patchwork Fri Mar 15 20:34:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bethany Jamison X-Patchwork-Id: 1912702 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TxGGh5LJPz23qp for ; Sat, 16 Mar 2024 07:35:40 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rlEGz-0006ey-F6; Fri, 15 Mar 2024 20:35:26 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rlEGZ-0006WD-CK for kernel-team@lists.ubuntu.com; Fri, 15 Mar 2024 20:34:59 +0000 Received: from mail-io1-f72.google.com (mail-io1-f72.google.com [209.85.166.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 2C3693F2E2 for ; Fri, 15 Mar 2024 20:34:59 +0000 (UTC) Received: by mail-io1-f72.google.com with SMTP id ca18e2360f4ac-7cbffd468acso60629439f.0 for ; Fri, 15 Mar 2024 13:34:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710534896; x=1711139696; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ryC/wHUgvW3zSJIoj4Urtd8gROeqTxkoRxnJN2F2ROk=; b=WH5Ez7j6B5OQQ3XptUvMm3uwd8qmFrNrVtx17OG/DpOXxHJuBlZqActx1c+Rk8kZcN gPgJss+6Vl6FYoamLqjF/3bKcf8QaYYqeBOzAFAvr4ffrAIo+AsMR0KTqiqPeF6FeCsz wMwNZbotW9+llAJxAgGHKwwxUVxbyfms05Fdbm1MnQznP9I9Dqq9CzNoBEICE0oyF6wr J1HfwRxOqjqxFWW1e2KnHtNKZ+o2sGsyMtl6T6tqr7DSo+QHil4wJ/EQnsE38bnGGE8p HQOHkW/tKs2dujZIwebOTwkWM2xjYfqZK4oNU5IxA16ypJlushtZ0ckkpr7jy5e1Iaey mLCA== X-Gm-Message-State: AOJu0YxxHx1EmB2/rcIAZesQkUU2b7lumZKLOxOIbzrumZX0MdafF8Ji 0WuWURzi9iV8yFdDDJjL/n3FlJCUhvpewgJ/l7+eCL5MvwYeKvqrhvdlEnmhne7sjakED5Cyq69 IMRV6aU3nAcUe6g1JsF18SOGDdU2nqF2QhciYWLVceueg4URBi5uNz8v0Dbjhy5TBeXxTT/loNH ZM0Gm01OqtRQ== X-Received: by 2002:a5e:8812:0:b0:7cc:1a7:c62c with SMTP id l18-20020a5e8812000000b007cc01a7c62cmr1881612ioj.18.1710534896639; Fri, 15 Mar 2024 13:34:56 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHx1wUMV2um9t62we4DXPyvq79hIAYVkyEgC1mlWDMwgZb0nQrc8Fkc+OAoGzKpZtuQAYrMnQ== X-Received: by 2002:a5e:8812:0:b0:7cc:1a7:c62c with SMTP id l18-20020a5e8812000000b007cc01a7c62cmr1881592ioj.18.1710534896393; Fri, 15 Mar 2024 13:34:56 -0700 (PDT) Received: from smtp.gmail.com (104-218-69-129.dynamic.lnk.ne.allofiber.net. [104.218.69.129]) by smtp.gmail.com with ESMTPSA id w14-20020a056638138e00b00474d1b1590dsm935801jad.133.2024.03.15.13.34.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Mar 2024 13:34:56 -0700 (PDT) From: Bethany Jamison To: kernel-team@lists.ubuntu.com Subject: [SRU][M/J][PATCH 1/1] netfilter: nft_set_rbtree: skip end interval element from gc Date: Fri, 15 Mar 2024 15:34:52 -0500 Message-Id: <20240315203454.47348-2-bethany.jamison@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240315203454.47348-1-bethany.jamison@canonical.com> References: <20240315203454.47348-1-bethany.jamison@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Pablo Neira Ayuso rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active. Fixes: f718863aca46 ("netfilter: nft_set_rbtree: fix overlap expiration walk") Cc: stable@vger.kernel.org Reported-by: lonial con Signed-off-by: Pablo Neira Ayuso (cherry picked from commit 60c0c230c6f046da536d3df8b39a20b9a9fd6af0) CVE-2024-26581 Signed-off-by: Bethany Jamison --- net/netfilter/nft_set_rbtree.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c index e34662f4a71e0..5bf5572e945cc 100644 --- a/net/netfilter/nft_set_rbtree.c +++ b/net/netfilter/nft_set_rbtree.c @@ -235,7 +235,7 @@ static void nft_rbtree_gc_remove(struct net *net, struct nft_set *set, static const struct nft_rbtree_elem * nft_rbtree_gc_elem(const struct nft_set *__set, struct nft_rbtree *priv, - struct nft_rbtree_elem *rbe, u8 genmask) + struct nft_rbtree_elem *rbe) { struct nft_set *set = (struct nft_set *)__set; struct rb_node *prev = rb_prev(&rbe->node); @@ -254,7 +254,7 @@ nft_rbtree_gc_elem(const struct nft_set *__set, struct nft_rbtree *priv, while (prev) { rbe_prev = rb_entry(prev, struct nft_rbtree_elem, node); if (nft_rbtree_interval_end(rbe_prev) && - nft_set_elem_active(&rbe_prev->ext, genmask)) + nft_set_elem_active(&rbe_prev->ext, NFT_GENMASK_ANY)) break; prev = rb_prev(prev); @@ -365,7 +365,7 @@ static int __nft_rbtree_insert(const struct net *net, const struct nft_set *set, nft_set_elem_active(&rbe->ext, cur_genmask)) { const struct nft_rbtree_elem *removed_end; - removed_end = nft_rbtree_gc_elem(set, priv, rbe, genmask); + removed_end = nft_rbtree_gc_elem(set, priv, rbe); if (IS_ERR(removed_end)) return PTR_ERR(removed_end);