netfilter: arptables: use pernet ops struct during unregister

Florian Westphal · ummakynes · commit 43016d02cf6e · 2021-05-03T23:04:01.000+02:00
Like with iptables and ebtables, hook unregistration has to use the pernet ops struct, not the template. This triggered following splat: hook not found, pf 3 num 0 WARNING: CPU: 0 PID: 224 at net/netfilter/core.c:480 __nf_unregister_net_hook+0x1eb/0x610 net/netfilter/core.c:480 [..] nf_unregister_net_hook net/netfilter/core.c:502 [inline] nf_unregister_net_hooks+0x117/0x160 net/netfilter/core.c:576 arpt_unregister_table_pre_exit+0x67/0x80 net/ipv4/netfilter/arp_tables.c:1565 Fixes: f9006ac ("netfilter: arp_tables: pass table pointer via nf_hook_ops") Reported-by: syzbot+dcccba8a1e41a38cb9df@syzkaller.appspotmail.com Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
@@ -53,8 +53,7 @@ int arpt_register_table(struct net *net, const struct xt_table *table,
 			const struct arpt_replace *repl,
 			const struct nf_hook_ops *ops);
 void arpt_unregister_table(struct net *net, const char *name);
-void arpt_unregister_table_pre_exit(struct net *net, const char *name,
-				    const struct nf_hook_ops *ops);
+void arpt_unregister_table_pre_exit(struct net *net, const char *name);
 extern unsigned int arpt_do_table(struct sk_buff *skb,
 				  const struct nf_hook_state *state,
 				  struct xt_table *table);
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
@@ -1556,13 +1556,12 @@ int arpt_register_table(struct net *net,
 	return ret;
 }
 
-void arpt_unregister_table_pre_exit(struct net *net, const char *name,
-				    const struct nf_hook_ops *ops)
+void arpt_unregister_table_pre_exit(struct net *net, const char *name)
 {
 	struct xt_table *table = xt_find_table(net, NFPROTO_ARP, name);
 
 	if (table)
-		nf_unregister_net_hooks(net, ops, hweight32(table->valid_hooks));
+		nf_unregister_net_hooks(net, table->ops, hweight32(table->valid_hooks));
 }
 EXPORT_SYMBOL(arpt_unregister_table_pre_exit);
 
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c
@@ -54,7 +54,7 @@ static int __net_init arptable_filter_table_init(struct net *net)
 
 static void __net_exit arptable_filter_net_pre_exit(struct net *net)
 {
-	arpt_unregister_table_pre_exit(net, "filter", arpfilter_ops);
+	arpt_unregister_table_pre_exit(net, "filter");
 }
 
 static void __net_exit arptable_filter_net_exit(struct net *net)

Original file line number	Diff line number	Diff line change
`@@ -1556,13 +1556,12 @@ int arpt_register_table(struct net *net,`
`1556`	`1556`	`return ret;`
`1557`	`1557`	`}`
`1558`	`1558`
`1559`		`-void arpt_unregister_table_pre_exit(struct net net, const char name,`
`1560`		`- const struct nf_hook_ops *ops)`
	`1559`	`+void arpt_unregister_table_pre_exit(struct net net, const char name)`
`1561`	`1560`	`{`
`1562`	`1561`	`struct xt_table *table = xt_find_table(net, NFPROTO_ARP, name);`
`1563`	`1562`
`1564`	`1563`	`if (table)`
`1565`		`- nf_unregister_net_hooks(net, ops, hweight32(table->valid_hooks));`
	`1564`	`+ nf_unregister_net_hooks(net, table->ops, hweight32(table->valid_hooks));`
`1566`	`1565`	`}`
`1567`	`1566`	`EXPORT_SYMBOL(arpt_unregister_table_pre_exit);`
`1568`	`1567`
Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ static int __net_init arptable_filter_table_init(struct net *net)`
`54`	`54`
`55`	`55`	`static void __net_exit arptable_filter_net_pre_exit(struct net *net)`
`56`	`56`	`{`
`57`		`- arpt_unregister_table_pre_exit(net, "filter", arpfilter_ops);`
	`57`	`+ arpt_unregister_table_pre_exit(net, "filter");`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`static void __net_exit arptable_filter_net_exit(struct net *net)`