Re: [PATCH] netfilter: nf_tables: fix use-after-free on ops->dev

Next message: Andy Shevchenko: "Re: [PATCH v7 6/6] iio: imu: st_lsm6dsx: Add support for rotation sensor"
Previous message: Dmitry Baryshkov: "[PATCH] drm/msm: restore GEM-related IOCTLs for KMS devices"
In reply to: Phil Sutter: "Re: [PATCH] netfilter: nf_tables: fix use-after-free on ops-&gt;dev"
Next in thread: Helen Koike: "Re: [PATCH] netfilter: nf_tables: fix use-after-free on ops-&gt;dev"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Florian Westphal

Date: Wed Mar 04 2026 - 08:39:05 EST

Phil Sutter <phil@xxxxxx> wrote:
> > And *THIS* looks buggy.
> > Shouldn't that simply be:
> > if (!match || ops)
> > continue;

FWIW I can't get the reproducer to trigger a splat with this change.
I've fed this to syzbot to double-check.

> You're right, the 'changename' check in NETDEV_REGISTER is not needed
> because even if not changing names one should skip if already
> registered. Actually, this indicates a bug unless handling
> NETDEV_CHANGENAME. Maybe add a WARN_ON_ONCE()?

Well, it does trigger, afaics.