netfilter: nf_tables: release new hooks on unsupported flowtable flags

stable inclusion from stable-v5.10.122 commit 67e2d448733c2480ea5f5e9def6392f3615c836d category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5W6OE Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=67e2d448733c2480ea5f5e9def6392f3615c836d -------------------------------- [ Upstream commit c271cc9f ] Release the list of new hooks that are pending to be registered in case that unsupported flowtable flags are provided. Fixes: 78d9f48f ("netfilter: nf_tables: add devices to existing flowtable") Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: N Sasha Levin <sashal@kernel.org> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com> Reviewed-by: N Wei Li <liwei391@huawei.com>

netfilter: nf_tables: release new hooks on unsupported flowtable flags
stable inclusion from stable-v5.10.122 commit 67e2d448733c2480ea5f5e9def6392f3615c836d category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5W6OE Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=67e2d448733c2480ea5f5e9def6392f3615c836d -------------------------------- [ Upstream commit c271cc9f ] Release the list of new hooks that are pending to be registered in case that unsupported flowtable flags are provided. Fixes: 78d9f48f ("netfilter: nf_tables: add devices to existing flowtable") Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: N Sasha Levin <sashal@kernel.org> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com> Reviewed-by: N Wei Li <liwei391@huawei.com>
0abdae69 · Pablo Neira Ayuso · Zheng Zengkai · e8d2ea6b · 0abdae69
隐藏空白更改
内联并排

Showing with 8 addition and 4 deletion

net/netfilter/nf_tables_api.c net/netfilter/nf_tables_api.c +8 -4

未找到文件。
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -6708,11 +6708,15 @@ static int nft_flowtable_update(struct nft_ctx *ctx, const struct nlmsghdr *nlh,

 	if (nla[NFTA_FLOWTABLE_FLAGS]) {
 		flags = ntohl(nla_get_be32(nla[NFTA_FLOWTABLE_FLAGS]));
-		if (flags & ~NFT_FLOWTABLE_MASK)
-			return -EOPNOTSUPP;
+		if (flags & ~NFT_FLOWTABLE_MASK) {
+			err = -EOPNOTSUPP;
+			goto err_flowtable_update_hook;
+		}
 		if ((flowtable->data.flags & NFT_FLOWTABLE_HW_OFFLOAD) ^
-		    (flags & NFT_FLOWTABLE_HW_OFFLOAD))
-			return -EOPNOTSUPP;
+		    (flags & NFT_FLOWTABLE_HW_OFFLOAD)) {
+			err = -EOPNOTSUPP;
+			goto err_flowtable_update_hook;
+		}
 	} else {
 		flags = flowtable->data.flags;
 	}