From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/9] Netfilter fixes for net
Date: Tue, 24 Jul 2018 18:31:24 +0200 [thread overview]
Message-ID: <20180724163133.14586-1-pablo@netfilter.org> (raw)
Hi David,
The following patchset contains Netfilter fixes for net:
1) Make sure we don't go over the maximum jump stack boundary,
from Taehee Yoo.
2) Missing rcu_barrier() in hash and rbtree sets, also from Taehee.
3) Missing check to nul-node in rbtree timeout routine, from Taehee.
4) Use dev->name from flowtable to fix a memleak, from Florian.
5) Oneliner to free flowtable object on removal, from Florian.
6) Memleak in chain rename transaction, again from Florian.
7) Don't allow two chains to use the same name in the same
transaction, from Florian.
8) handle DCCP SYNC/SYNCACK as invalid, this triggers an
uninitialized timer in conntrack reported by syzbot, from Florian.
9) Fix leak in case netlink_dump_start() fails, from Florian.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit 1992d99882afda6dc17f9d49c06150856a91282f:
net/smc: take sock lock in smc_ioctl() (2018-07-16 14:45:13 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to 90fd131afc565159c9e0ea742f082b337e10f8c6:
netfilter: nf_tables: move dumper state allocation into ->start (2018-07-24 00:36:33 +0200)
----------------------------------------------------------------
Florian Westphal (6):
netfilter: nf_tables: use dev->name directly
netfilter: nf_tables: free flow table struct too
netfilter: nf_tables: fix memory leaks on chain rename
netfilter: nf_tables: don't allow to rename to already-pending name
netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
netfilter: nf_tables: move dumper state allocation into ->start
Taehee Yoo (3):
netfilter: nf_tables: fix jumpstack depth validation
netfilter: nft_set_hash: add rcu_barrier() in the nft_rhash_destroy()
netfilter: nft_set_rbtree: fix panic when destroying set by GC
include/net/netfilter/nf_tables.h | 5 +-
net/netfilter/nf_conntrack_proto_dccp.c | 8 +-
net/netfilter/nf_tables_api.c | 304 +++++++++++++++++---------------
net/netfilter/nft_immediate.c | 3 +
net/netfilter/nft_lookup.c | 13 +-
net/netfilter/nft_set_hash.c | 1 +
net/netfilter/nft_set_rbtree.c | 7 +-
7 files changed, 191 insertions(+), 150 deletions(-)
next reply other threads:[~2018-07-24 16:31 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-24 16:31 Pablo Neira Ayuso [this message]
2018-07-24 16:31 ` [PATCH 1/9] netfilter: nf_tables: fix jumpstack depth validation Pablo Neira Ayuso
2018-07-24 16:31 ` [PATCH 2/9] netfilter: nft_set_hash: add rcu_barrier() in the nft_rhash_destroy() Pablo Neira Ayuso
2018-07-24 16:31 ` [PATCH 3/9] netfilter: nft_set_rbtree: fix panic when destroying set by GC Pablo Neira Ayuso
2018-07-24 16:31 ` [PATCH 4/9] netfilter: nf_tables: use dev->name directly Pablo Neira Ayuso
2018-07-24 16:31 ` [PATCH 5/9] netfilter: nf_tables: free flow table struct too Pablo Neira Ayuso
2018-07-24 16:31 ` [PATCH 6/9] netfilter: nf_tables: fix memory leaks on chain rename Pablo Neira Ayuso
2018-07-24 16:31 ` [PATCH 7/9] netfilter: nf_tables: don't allow to rename to already-pending name Pablo Neira Ayuso
2018-07-24 16:31 ` [PATCH 8/9] netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Pablo Neira Ayuso
2018-07-24 16:31 ` [PATCH 9/9] netfilter: nf_tables: move dumper state allocation into ->start Pablo Neira Ayuso
2018-07-24 17:00 ` [PATCH 0/9] Netfilter fixes for net David Miller
-- strict thread matches above, loose matches on Subject: below --
2020-02-18 22:20 Pablo Neira Ayuso
2020-02-18 23:45 ` David Miller
2020-01-08 23:17 Pablo Neira Ayuso
2020-01-08 23:22 ` David Miller
2019-11-06 11:12 Pablo Neira Ayuso
2019-11-07 5:17 ` David Miller
2019-03-21 11:28 Pablo Neira Ayuso
2019-03-21 17:07 ` David Miller
2018-12-29 12:57 Pablo Neira Ayuso
2018-12-29 22:33 ` David Miller
2018-06-13 10:56 Pablo Neira Ayuso
2018-06-13 21:05 ` David Miller
2017-04-14 0:26 Pablo Neira Ayuso
2017-04-14 14:59 ` David Miller
2016-08-10 19:16 Pablo Neira Ayuso
2016-08-10 18:56 Pablo Neira Ayuso
2016-08-10 21:54 ` David Miller
2016-03-28 17:57 Pablo Neira Ayuso
2016-03-28 19:43 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180724163133.14586-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).