From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/4] Netfilter fixes for net
Date: Mon, 11 Aug 2014 19:06:15 +0200
Message-ID: <1407776779-9113-1-git-send-email-pablo@netfilter.org> (raw)
Hi David,
The following patchset contains fixes for your net tree, they are:
1) Unitialize the set element key and data from the commit path,
otherwise this leaks chain refcount if the transaction is aborted,
reported by Thomas Graf.
2) Fix crash when updating chains without no counters in nf_tables,
this slipped through in the new transaction infrastructure, reported
by Matteo Croce.
3) Replace all mutex_lock_interruptible() by mutex_lock() in the Netfilter
tree, suggested by Patrick McHardy. This implicitly fixes the problem
that Eric Dumazet reported in: http://patchwork.ozlabs.org/patch/373076/
4) Fix error return code in nf_tables when deleting set element in
nf_tables if the transaction cannot be allocated, from Julia Lawall.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks!
----------------------------------------------------------------
The following changes since commit 33caee39925b887a99a2400dc5c980097c3573f9:
Merge branch 'akpm' (patchbomb from Andrew Morton) (2014-08-06 21:14:42 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
for you to fetch changes up to 609ccf087747de48ef52160f93e0df864c532a61:
netfilter: nf_tables: fix error return code (2014-08-08 16:47:29 +0200)
----------------------------------------------------------------
Julia Lawall (1):
netfilter: nf_tables: fix error return code
Pablo Neira Ayuso (3):
netfilter: nf_tables: uninitialize element key/data from the commit path
netfilter: nf_tables: don't update chain with unset counters
netfilter: don't use mutex_lock_interruptible()
net/bridge/netfilter/ebtables.c | 10 ++-------
net/netfilter/core.c | 11 ++-------
net/netfilter/ipvs/ip_vs_ctl.c | 19 ++++------------
net/netfilter/nf_sockopt.c | 8 ++-----
net/netfilter/nf_tables_api.c | 30 ++++++++++++++-----------
net/netfilter/x_tables.c | 47 ++++++++++-----------------------------
6 files changed, 39 insertions(+), 86 deletions(-)
next reply index
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-11 17:06 Pablo Neira Ayuso [this message]
2014-08-11 17:06 ` [PATCH 1/4] netfilter: nf_tables: uninitialize element key/data from the commit path Pablo Neira Ayuso
2014-08-11 17:06 ` [PATCH 2/4] netfilter: nf_tables: don't update chain with unset counters Pablo Neira Ayuso
2014-08-11 17:06 ` [PATCH 3/4] netfilter: don't use mutex_lock_interruptible() Pablo Neira Ayuso
2014-08-11 17:06 ` [PATCH 4/4] netfilter: nf_tables: fix error return code Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2020-10-13 23:45 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
2020-10-14 3:07 ` Jakub Kicinski
2020-10-07 0:10 Pablo Neira Ayuso
2020-10-09 19:19 ` Jakub Kicinski
2020-06-14 21:52 Pablo Neira Ayuso
2020-06-15 20:27 ` David Miller
2020-03-20 13:51 Pablo Neira Ayuso
2020-03-21 2:34 ` David Miller
2019-12-26 16:39 Pablo Neira Ayuso
2019-12-26 21:11 ` David Miller
2017-05-29 11:34 Pablo Neira Ayuso
2017-05-30 3:20 ` David Miller
2017-03-03 19:22 Pablo Neira Ayuso
2017-03-04 4:41 ` David Miller
2016-09-13 9:05 Pablo Neira Ayuso
2016-09-13 15:17 ` David Miller
2015-10-19 18:22 Pablo Neira Ayuso
2015-10-22 2:27 ` David Miller
2015-09-18 9:17 Pablo Neira Ayuso
2015-09-21 5:32 ` David Miller
2015-05-16 18:47 Pablo Neira Ayuso
2015-05-16 20:45 ` David Miller
2013-04-12 10:13 [PATCH 0/4] netfilter " Pablo Neira Ayuso
2013-04-12 18:28 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1407776779-9113-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Netfilter-Devel Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \
netfilter-devel@vger.kernel.org
public-inbox-index netfilter-devel
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git