From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/9] Netfilter fixes for net
Date: Wed, 13 Jun 2018 12:56:51 +0200 [thread overview]
Message-ID: <20180613105700.12894-1-pablo@netfilter.org> (raw)
Hi David,
The following patchset contains Netfilter patches for your net tree:
1) Fix NULL pointer dereference from nf_nat_decode_session() if NAT is
not loaded, from Prashant Bhole.
2) Fix socket extension module autoload.
3) Don't bogusly reject sets with the NFT_SET_EVAL flag set on from
the dynset extension.
4) Fix races with nf_tables module removal and netns exit path,
patches from Florian Westphal.
5) Don't hit BUG_ON if jumpstack goes too deep, instead hit
WARN_ON_ONCE, from Taehee Yoo.
6) Another NULL pointer dereference from ctnetlink, again if NAT is
not loaded, from Florian Westphal.
7) Fix x_tables match list corruption in xt_connmark module removal
path, also from Florian.
8) nf_conncount doesn't properly deal with conntrack zones, hence
garbage collector may get rid of entries in a different zone.
From Yi-Hung Wei.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit 6892286e9c09925780fe2cb6db3585b56b71fe8e:
tcp: Do not reload skb pointer after skb_gro_receive(). (2018-06-11 20:00:56 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to 21ba8847f857028dc83a0f341e16ecc616e34740:
netfilter: nf_conncount: Fix garbage collection with zones (2018-06-12 20:07:07 +0200)
----------------------------------------------------------------
Florian Westphal (4):
netfilter: nf_tables: fix module unload race
netfilter: nf_tables: close race between netns exit and rmmod
netfilter: ctnetlink: avoid null pointer dereference
netfilter: xt_connmark: fix list corruption on rmmod
Pablo Neira Ayuso (2):
netfilter: nft_socket: fix module autoload
netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL
Prashant Bhole (1):
netfilter: fix null-ptr-deref in nf_nat_decode_session
Taehee Yoo (1):
netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
Yi-Hung Wei (1):
netfilter: nf_conncount: Fix garbage collection with zones
include/linux/netfilter.h | 2 +-
include/net/netfilter/nf_conntrack_count.h | 3 ++-
include/uapi/linux/netfilter/nf_tables.h | 2 +-
net/netfilter/nf_conncount.c | 13 +++++++++----
net/netfilter/nf_conntrack_netlink.c | 3 ++-
net/netfilter/nf_tables_api.c | 25 +++++++++++++++++++------
net/netfilter/nf_tables_core.c | 3 ++-
net/netfilter/nfnetlink.c | 10 +++++++---
net/netfilter/nft_chain_filter.c | 5 +++++
net/netfilter/nft_connlimit.c | 2 +-
net/netfilter/nft_dynset.c | 4 +---
net/netfilter/nft_socket.c | 1 +
net/netfilter/xt_connmark.c | 2 +-
13 files changed, 52 insertions(+), 23 deletions(-)
next reply other threads:[~2018-06-13 10:57 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-13 10:56 Pablo Neira Ayuso [this message]
2018-06-13 10:56 ` [PATCH 1/9] netfilter: fix null-ptr-deref in nf_nat_decode_session Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 2/9] netfilter: nft_socket: fix module autoload Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 3/9] netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 4/9] netfilter: nf_tables: fix module unload race Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 5/9] netfilter: nf_tables: close race between netns exit and rmmod Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 6/9] netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 7/9] netfilter: ctnetlink: avoid null pointer dereference Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 8/9] netfilter: xt_connmark: fix list corruption on rmmod Pablo Neira Ayuso
2018-06-13 10:57 ` [PATCH 9/9] netfilter: nf_conncount: Fix garbage collection with zones Pablo Neira Ayuso
2018-06-13 21:05 ` [PATCH 0/9] Netfilter fixes for net David Miller
-- strict thread matches above, loose matches on Subject: below --
2020-02-18 22:20 Pablo Neira Ayuso
2020-02-18 23:45 ` David Miller
2020-01-08 23:17 Pablo Neira Ayuso
2020-01-08 23:22 ` David Miller
2019-11-06 11:12 Pablo Neira Ayuso
2019-11-07 5:17 ` David Miller
2019-03-21 11:28 Pablo Neira Ayuso
2019-03-21 17:07 ` David Miller
2018-12-29 12:57 Pablo Neira Ayuso
2018-12-29 22:33 ` David Miller
2018-07-24 16:31 Pablo Neira Ayuso
2018-07-24 17:00 ` David Miller
2017-04-14 0:26 Pablo Neira Ayuso
2017-04-14 14:59 ` David Miller
2016-08-10 19:16 Pablo Neira Ayuso
2016-08-10 18:56 Pablo Neira Ayuso
2016-08-10 21:54 ` David Miller
2016-03-28 17:57 Pablo Neira Ayuso
2016-03-28 19:43 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180613105700.12894-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.