From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org
Subject: [PATCH net 0/8] Netfilter fixes for net
Date: Fri, 7 May 2021 19:47:31 +0200 [thread overview]
Message-ID: <20210507174739.1850-1-pablo@netfilter.org> (raw)
Hi,
The following patchset contains Netfilter fixes for your net tree:
1) Add SECMARK revision 1 to fix incorrect layout that prevents
from remove rule with this target, from Phil Sutter.
2) Fix pernet exit path spat in arptables, from Florian Westphal.
3) Missing rcu_read_unlock() for unknown nfnetlink callbacks,
reported by syzbot, from Eric Dumazet.
4) Missing check for skb_header_pointer() NULL pointer in
nfnetlink_osf.
5) Remove BUG_ON() after skb_header_pointer() from packet path
in several conntrack helper and the TCP tracker.
6) Fix memleak in the new object error path of userdata.
7) Avoid overflows in nft_hash_buckets(), reported by syzbot,
also from Eric.
8) Avoid overflows in 32bit arches, from Eric.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks!
----------------------------------------------------------------
The following changes since commit bd1af6b5fffd36c12997bd48d61d39dc5796fa7b:
Documentation: ABI: sysfs-class-net-qmi: document pass-through file (2021-05-03 13:40:17 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to 6c8774a94e6ad26f29ef103c8671f55c255c6201:
netfilter: nftables: avoid potential overflows on 32bit arches (2021-05-07 10:01:39 +0200)
----------------------------------------------------------------
Eric Dumazet (3):
netfilter: nfnetlink: add a missing rcu_read_unlock()
netfilter: nftables: avoid overflows in nft_hash_buckets()
netfilter: nftables: avoid potential overflows on 32bit arches
Florian Westphal (1):
netfilter: arptables: use pernet ops struct during unregister
Pablo Neira Ayuso (4):
netfilter: xt_SECMARK: add new revision to fix structure layout
netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check
netfilter: remove BUG_ON() after skb_header_pointer()
netfilter: nftables: Fix a memleak from userdata error path in new objects
include/linux/netfilter_arp/arp_tables.h | 3 +-
include/uapi/linux/netfilter/xt_SECMARK.h | 6 +++
net/ipv4/netfilter/arp_tables.c | 5 +-
net/ipv4/netfilter/arptable_filter.c | 2 +-
net/netfilter/nf_conntrack_ftp.c | 5 +-
net/netfilter/nf_conntrack_h323_main.c | 3 +-
net/netfilter/nf_conntrack_irc.c | 5 +-
net/netfilter/nf_conntrack_pptp.c | 4 +-
net/netfilter/nf_conntrack_proto_tcp.c | 6 ++-
net/netfilter/nf_conntrack_sane.c | 5 +-
net/netfilter/nf_tables_api.c | 11 ++--
net/netfilter/nfnetlink.c | 1 +
net/netfilter/nfnetlink_osf.c | 2 +
net/netfilter/nft_set_hash.c | 20 ++++---
net/netfilter/xt_SECMARK.c | 88 ++++++++++++++++++++++++-------
15 files changed, 124 insertions(+), 42 deletions(-)
next reply other threads:[~2021-05-07 17:47 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-07 17:47 Pablo Neira Ayuso [this message]
2021-05-07 17:47 ` [PATCH net 1/8] netfilter: xt_SECMARK: add new revision to fix structure layout Pablo Neira Ayuso
2021-05-07 23:20 ` patchwork-bot+netdevbpf
2021-05-07 17:47 ` [PATCH net 2/8] netfilter: arptables: use pernet ops struct during unregister Pablo Neira Ayuso
2021-05-07 17:47 ` [PATCH net 3/8] netfilter: nfnetlink: add a missing rcu_read_unlock() Pablo Neira Ayuso
2021-05-07 17:47 ` [PATCH net 4/8] netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check Pablo Neira Ayuso
2021-05-07 17:47 ` [PATCH net 5/8] netfilter: remove BUG_ON() after skb_header_pointer() Pablo Neira Ayuso
2021-05-07 17:47 ` [PATCH net 6/8] netfilter: nftables: Fix a memleak from userdata error path in new objects Pablo Neira Ayuso
2021-05-07 17:47 ` [PATCH net 7/8] netfilter: nftables: avoid overflows in nft_hash_buckets() Pablo Neira Ayuso
2021-05-07 17:47 ` [PATCH net 8/8] netfilter: nftables: avoid potential overflows on 32bit arches Pablo Neira Ayuso
2021-06-22 21:59 [PATCH net 0/8] Netfilter fixes for net Pablo Neira Ayuso
2021-06-22 22:41 ` David Miller
2021-06-22 23:06 ` Pablo Neira Ayuso
2022-01-27 23:52 Pablo Neira Ayuso
2022-03-01 21:53 Pablo Neira Ayuso
2022-08-09 22:05 Pablo Neira Ayuso
2022-08-10 4:27 ` Jakub Kicinski
2022-08-10 7:59 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210507174739.1850-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.