netfilter: nf_tables: fix memory leaks on chain rename
authorFlorian Westphal <fw@strlen.de>
Tue, 17 Jul 2018 05:17:55 +0000 (07:17 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 5 Sep 2018 07:26:27 +0000 (09:26 +0200)
commit4a0144a43c526e6d8d274fce2e4241854ef8712c
tree204da4eca47ad87f753edaf07c3de72f9214501f
parente3476a6da5d87215ca6e1c9629fec6b5e73c785d
netfilter: nf_tables: fix memory leaks on chain rename

[ Upstream commit 9f8aac0be21ed5f99bd5ba0ff315d710737d1794 ]

The new name is stored in the transaction metadata, on commit,
the pointers to the old and new names are swapped.

Therefore in abort and commit case we have to free the
pointer in the chain_trans container.

In commit case, the pointer can be used by another cpu that
is currently dumping the renamed chain, thus kfree needs to
happen after waiting for rcu readers to complete.

Fixes: b7263e071a ("netfilter: nf_tables: Allow chain name of up to 255 chars")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/netfilter/nf_tables_api.c