Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1930980ybl;
        Tue, 3 Dec 2019 15:12:22 -0800 (PST)
X-Google-Smtp-Source: APXvYqw+us3JuRTLV3LjEdVuCLbidP9dLthh3uXA9EV3f50X5ZZ2rusLN4P4l4/aQoFYoCcEV3wF
X-Received: by 2002:aca:a9cc:: with SMTP id s195mr102985oie.158.1575414742244;
        Tue, 03 Dec 2019 15:12:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1575414742; cv=none;
        d=google.com; s=arc-20160816;
        b=FSTGflCZADZOwMtlaIfh0mj8VlPaRF7Sdu5ZV41Is1Lz6sieLzJ++cryF5igNaLJjH
         fS81qoZ449jvWZGujukAYCa7uqrZvSJd76dmjgOK1NRFgRqCs1GEngsmyOsl+5v+5fV0
         Lfkth8QqkJ0kGGhsIVEFJJlStTRjN7owPB93PZI2fi726t2Yy3kY/mrGve3AEhx7fQqp
         ObBPaBts/LhL8tVwZE5vJAVl14RHRBYa8/LO8BlNy+1lIfw3HxRylo5BRfCjQVgOwGWH
         6/3MAIfCfLphMikK1TLwFwiTV4m2nwmoEkz8OwLQHU7ZR0sla2/mzdajfTpyOf/VNgjp
         0CRQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=pRI2S9NugUgs73hCYqUi7eERDyhOWNmSYNiCFL1L76o=;
        b=valYwrcxI8J9eemeRJAisQ7Kp78dAxyZrwE6s7J4SEmGgNaDjRxlb8H5cGH7qLvAMI
         nA2YROsOMFhswWDutse5i4ql00hzJWgypqNVbCkDS69VQrBXfI6OXB+muNUm63UdKzO/
         S3quykw2uTtkLyDnuoi80p1zwvb1ChO/QXz6V//CF4iiWsfNvHwklslnV/cKNlggo5o7
         U8iX52kTy2Bj0wGwKoVUfYQxaEtR8Vn/1k/cscdS1/BtSieCbx17F9rgDV8gTgdROHXZ
         JBs1FKBZePm0G85KpDICRpZ9HLnxg3YFX6qhTGC09ENhV9T8GBTLTE2Eqd17mBj4Vg1w
         7tqQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=mu89n6nW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y1si2148100otk.159.2019.12.03.15.12.06;
        Tue, 03 Dec 2019 15:12:22 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=mu89n6nW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728724AbfLCWmz (ORCPT <rfc822;tluu11sec@gmail.com> + 99 others);
        Tue, 3 Dec 2019 17:42:55 -0500
Received: from mail.kernel.org ([198.145.29.99]:58042 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728343AbfLCWmx (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Dec 2019 17:42:53 -0500
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 144B920803;
        Tue,  3 Dec 2019 22:42:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1575412973;
        bh=kL71wP3leg6UsZPFuAZ/oDTnuSVOuvvCd5M1TGU+M5c=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=mu89n6nWCB4/x7Ga+9ezMC+jNWG2sUaybFgAoL5trYiYA5FDqsyw1yImU5mZTgo+9
         MJLqxn0DySULuKjd3Yrct6KtI0HaF58AdxG8KkKrmm7NkMogaxyrxVXQuD/POH8aKi
         1PS1zBDRHHOPHsRQyygjl0z68QHJ0zFKxoBDi1NA=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Pablo Neira Ayuso <pablo@netfilter.org>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.3 048/135] netfilter: nf_tables: bogus EOPNOTSUPP on basechain update
Date:   Tue,  3 Dec 2019 23:34:48 +0100
Message-Id: <20191203213019.092932734@linuxfoundation.org>
X-Mailer: git-send-email 2.24.0
In-Reply-To: <20191203213005.828543156@linuxfoundation.org>
References: <20191203213005.828543156@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Pablo Neira Ayuso <pablo@netfilter.org>

[ Upstream commit 1ed012f6fd83e7ee7efd22e2c32f23efff015b30 ]

Userspace never includes the NFT_BASE_CHAIN flag, this flag is inferred
from the NFTA_CHAIN_HOOK atribute. The chain update path does not allow
to update flags at this stage, the existing sanity check bogusly hits
EOPNOTSUPP in the basechain case if the offload flag is set on.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/netfilter/nf_tables_api.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 3b81323fa0171..5dbc6bfb532cd 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1922,6 +1922,7 @@ static int nf_tables_newchain(struct net *net, struct sock *nlsk,
 		if (nlh->nlmsg_flags & NLM_F_REPLACE)
 			return -EOPNOTSUPP;
 
+		flags |= chain->flags & NFT_BASE_CHAIN;
 		return nf_tables_updchain(&ctx, genmask, policy, flags);
 	}
 
-- 
2.20.1