git.itanic.dy.fi Git - linux-stable/commit

author	Florian Westphal <fw@strlen.de>
	Sat, 27 May 2023 16:08:11 +0000 (18:08 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 30 May 2023 11:38:38 +0000 (12:38 +0100)
commit	f7f4a20c401efc95168471e5df599b7f8b0c19df
tree	a65d63d025ef6c29ca9d59303a57ae29986b252e	tree \| snapshot
parent	4e0dbab570defe5b747578cbea8e07f9d0709bec	commit \| diff

netfilter: nf_tables: fix register ordering

[ d209df3e7f7002d9099fdb0f6df0f972b4386a63 ]

[ We hit the trace described in commit message with the
kselftest/nft_trans_stress.sh. This patch diverges from the upstream one
since kernel 4.14 does not have following symbols:
nft_chain_filter_init, nf_tables_flowtable_notifier ]

We must register nfnetlink ops last, as that exposes nf_tables to
userspace. Without this, we could theoretically get nfnetlink request
before net->nft state has been initialized.

Fixes: 99633ab29b213 ("netfilter: nf_tables: complete net namespace support")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
[apanyaki: backport to v4.14-stable]
Signed-off-by: Andrew Paniakin <apanyaki@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>