netfilter: nf_tables: set dormant flag on hook register failure

We need to set the dormant flag again if we fail to register the hooks. During memory pressure hook registration can fail and we end up with a table marked as active but no registered hooks. On table/base chain deletion, nf_tables will attempt to unregister the hook again which yields a warn splat from the nftables core. Reported-and-tested-by: syzbot+de4025c006ec68ac56fc@syzkaller.appspotmail.com Fixes: 179d9ba5559a ("netfilter: nf_tables: fix table flag updates") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2024-02-19 16:58:04 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2024-02-22 00:14:54 +0100
commit: bccebf64701735533c8db37773eeacc6566cc8ec (patch)
tree: 944245466e377ff05502e58159cdbd588df00d86 /net/netfilter
parent: 40b9385dd8e6a0515e1c9cd06a277483556b7286 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index f8e3f70c35bd..90038d778f37 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1251,6 +1251,7 @@ static int nf_tables_updtable(struct nft_ctx *ctx)
 	return 0;
 
 err_register_hooks:
+	ctx->table->flags |= NFT_TABLE_F_DORMANT;
 	nft_trans_destroy(trans);
 	return ret;
 }
author	Florian Westphal <fw@strlen.de>	2024-02-19 16:58:04 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2024-02-22 00:14:54 +0100
commit	bccebf64701735533c8db37773eeacc6566cc8ec (patch)
tree	944245466e377ff05502e58159cdbd588df00d86 /net/netfilter
parent	40b9385dd8e6a0515e1c9cd06a277483556b7286 (diff)