netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path

jira VUlN-597
subsystem-sync netfilter:nf_tables 4.18.0-553
commit-author Pablo Neira Ayuso <pablo@netfilter.org>
commit 6a33d8b
upstream-diff Due to previous code syncronizations much of this code was
already present.  Branch 8_10 used as the source of truth.

Netlink event path is missing a synchronization point with GC
transactions. Add GC sequence number update to netns release path and
netlink event path, any GC transaction losing race will be discarded.

Fixes: 5f68718 ("netfilter: nf_tables: GC transaction API to avoid race with control plane")
	Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
	Signed-off-by: Florian Westphal <fw@strlen.de>
(cherry picked from commit 6a33d8b)
	Signed-off-by: Greg Rose <g.v.rose@ciq.com>

Author: gvrose8192

net/netfilter/nf_tables_api.c

@@ -8138,18 +8138,18 @@ static void nft_set_commit_update(struct list_head *set_update_list)
 
 static unsigned int nft_gc_seq_begin(struct nftables_pernet *nft_net)
 {
-        unsigned int gc_seq;
+	unsigned int gc_seq;
 
-        /* Bump gc counter, it becomes odd, this is the busy mark. */
-        gc_seq = READ_ONCE(nft_net->gc_seq);
-        WRITE_ONCE(nft_net->gc_seq, ++gc_seq);
+	/* Bump gc counter, it becomes odd, this is the busy mark. */
+	gc_seq = READ_ONCE(nft_net->gc_seq);
+	WRITE_ONCE(nft_net->gc_seq, ++gc_seq);
 
-        return gc_seq;
+	return gc_seq;
 }
 
 static void nft_gc_seq_end(struct nftables_pernet *nft_net, unsigned int gc_seq)
 {
-        WRITE_ONCE(nft_net->gc_seq, ++gc_seq);
+	WRITE_ONCE(nft_net->gc_seq, ++gc_seq);
 }
 
 static int nf_tables_commit(struct net *net, struct sk_buff *skb)
@@ -8600,8 +8600,8 @@ static int nf_tables_abort(struct net *net, struct sk_buff *skb,
 	int ret;
 
 	gc_seq = nft_gc_seq_begin(nft_net);
-        ret = __nf_tables_abort(net, action);
-        nft_gc_seq_end(nft_net, gc_seq);
+	ret = __nf_tables_abort(net, action);
+	nft_gc_seq_end(nft_net, gc_seq);
 	mutex_unlock(&net->nft_commit_mutex);
 
 	return ret;
@@ -9254,17 +9254,17 @@ static void __net_exit nf_tables_exit_net(struct net *net)
 	gc_seq = nft_gc_seq_begin(nft_net);
 
 	if (!list_empty(&net->nft.commit_list) ||
-	    !list_empty(&net->nft_module_list))
-		__nf_tables_abort(net, NFNL_ABORT_NONE);
+            !list_empty(&net->nft_module_list))
+                __nf_tables_abort(net, NFNL_ABORT_NONE);
 
 	__nft_release_tables(net);
 
 	nft_gc_seq_end(nft_net, gc_seq);
 
 	mutex_unlock(&net->nft_commit_mutex);
-	WARN_ON_ONCE(!list_empty(&net->nft.tables));
-	WARN_ON_ONCE(!list_empty(&net->nft_module_list));
-	WARN_ON_ONCE(!list_empty(&net->nft_notify_list));
+        WARN_ON_ONCE(!list_empty(&net->nft.tables));
+        WARN_ON_ONCE(!list_empty(&net->nft_module_list));
+        WARN_ON_ONCE(!list_empty(&net->nft_notify_list));
 }
 
 static void nf_tables_exit_batch(struct list_head *net_exit_list)