netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM

[ Upstream commit a1a64a1 ] If caller reports ENOMEM, then stop iterating over the batch and send a single netlink message to userspace to report OOM. Fixes: cbb8125 ("netfilter: nfnetlink: deliver netlink errors on batch completion") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
scpcom · Jun 21, 2023 · 133b73d · 133b73d
1 parent e4188f8
commit 133b73d
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
@@ -528,7 +528,8 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
 			 * processed, this avoids that the same error is
 			 * reported several times when replaying the batch.
 			 */
-			if (nfnl_err_add(&err_list, nlh, err, &extack) < 0) {
+			if (err == -ENOMEM ||
+			    nfnl_err_add(&err_list, nlh, err, &extack) < 0) {
 				/* We failed to enqueue an error, reset the
 				 * list of errors and send OOM to userspace
 				 * pointing to the batch header.