netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2214035 Upstream Status: all upstream in linus.git CVE: CVE-2023-3390
In comparison to non-rt MR!2770, there is one extra backport: d46fc894147cf ("netfilter: nf_tables: validate catch-all set elements"). It was missing in main-rt and caused a context conflict with the next one. Since it is clearly a fix to a commit which has been backported, I decided to pull it in as well instead of manually resolving the (trivial) conflict.
Signed-off-by: Phil Sutter psutter@redhat.com