From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/9] Netfilter fixes for net
Date: Wed, 13 Jun 2018 12:56:51 +0200 [thread overview]
Message-ID: <20180613105700.12894-1-pablo@netfilter.org> (raw)
Hi David,
The following patchset contains Netfilter patches for your net tree:
1) Fix NULL pointer dereference from nf_nat_decode_session() if NAT is
not loaded, from Prashant Bhole.
2) Fix socket extension module autoload.
3) Don't bogusly reject sets with the NFT_SET_EVAL flag set on from
the dynset extension.
4) Fix races with nf_tables module removal and netns exit path,
patches from Florian Westphal.
5) Don't hit BUG_ON if jumpstack goes too deep, instead hit
WARN_ON_ONCE, from Taehee Yoo.
6) Another NULL pointer dereference from ctnetlink, again if NAT is
not loaded, from Florian Westphal.
7) Fix x_tables match list corruption in xt_connmark module removal
path, also from Florian.
8) nf_conncount doesn't properly deal with conntrack zones, hence
garbage collector may get rid of entries in a different zone.
From Yi-Hung Wei.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit 6892286e9c09925780fe2cb6db3585b56b71fe8e:
tcp: Do not reload skb pointer after skb_gro_receive(). (2018-06-11 20:00:56 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to 21ba8847f857028dc83a0f341e16ecc616e34740:
netfilter: nf_conncount: Fix garbage collection with zones (2018-06-12 20:07:07 +0200)
----------------------------------------------------------------
Florian Westphal (4):
netfilter: nf_tables: fix module unload race
netfilter: nf_tables: close race between netns exit and rmmod
netfilter: ctnetlink: avoid null pointer dereference
netfilter: xt_connmark: fix list corruption on rmmod
Pablo Neira Ayuso (2):
netfilter: nft_socket: fix module autoload
netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL
Prashant Bhole (1):
netfilter: fix null-ptr-deref in nf_nat_decode_session
Taehee Yoo (1):
netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
Yi-Hung Wei (1):
netfilter: nf_conncount: Fix garbage collection with zones
include/linux/netfilter.h | 2 +-
include/net/netfilter/nf_conntrack_count.h | 3 ++-
include/uapi/linux/netfilter/nf_tables.h | 2 +-
net/netfilter/nf_conncount.c | 13 +++++++++----
net/netfilter/nf_conntrack_netlink.c | 3 ++-
net/netfilter/nf_tables_api.c | 25 +++++++++++++++++++------
net/netfilter/nf_tables_core.c | 3 ++-
net/netfilter/nfnetlink.c | 10 +++++++---
net/netfilter/nft_chain_filter.c | 5 +++++
net/netfilter/nft_connlimit.c | 2 +-
net/netfilter/nft_dynset.c | 4 +---
net/netfilter/nft_socket.c | 1 +
net/netfilter/xt_connmark.c | 2 +-
13 files changed, 52 insertions(+), 23 deletions(-)
next reply other threads:[~2018-06-13 10:56 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-13 10:56 Pablo Neira Ayuso [this message]
2018-06-13 10:56 ` [PATCH 1/9] netfilter: fix null-ptr-deref in nf_nat_decode_session Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 2/9] netfilter: nft_socket: fix module autoload Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 3/9] netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 4/9] netfilter: nf_tables: fix module unload race Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 5/9] netfilter: nf_tables: close race between netns exit and rmmod Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 6/9] netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 7/9] netfilter: ctnetlink: avoid null pointer dereference Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 8/9] netfilter: xt_connmark: fix list corruption on rmmod Pablo Neira Ayuso
2018-06-13 10:57 ` [PATCH 9/9] netfilter: nf_conncount: Fix garbage collection with zones Pablo Neira Ayuso
2018-06-13 21:05 ` [PATCH 0/9] Netfilter fixes for net David Miller
-- strict thread matches above, loose matches on Subject: below --
2020-02-18 22:20 Pablo Neira Ayuso
2020-02-18 23:45 ` David Miller
2020-01-08 23:17 Pablo Neira Ayuso
2020-01-08 23:22 ` David Miller
2019-11-06 11:12 Pablo Neira Ayuso
2019-11-07 5:17 ` David Miller
2019-03-21 11:28 Pablo Neira Ayuso
2019-03-21 17:07 ` David Miller
2018-12-29 12:57 Pablo Neira Ayuso
2018-12-29 22:33 ` David Miller
2018-07-24 16:31 Pablo Neira Ayuso
2018-07-24 17:00 ` David Miller
2017-04-14 0:26 Pablo Neira Ayuso
2017-04-14 14:59 ` David Miller
2016-08-10 19:16 Pablo Neira Ayuso
2016-08-10 18:56 Pablo Neira Ayuso
2016-08-10 21:54 ` David Miller
2016-03-28 17:57 Pablo Neira Ayuso
2016-03-28 19:43 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180613105700.12894-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).