From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org,
pabeni@redhat.com, edumazet@google.com, fw@strlen.de
Subject: [PATCH net 0/6] Netfilter fixes for net
Date: Wed, 15 Nov 2023 19:45:08 +0100 [thread overview]
Message-ID: <20231115184514.8965-1-pablo@netfilter.org> (raw)
Hi,
The following patchset contains Netfilter fixes for net:
1) Remove unused variable causing compilation warning in nft_set_rbtree,
from Yang Li. This unused variable is a left over from previous
merge window.
2) Possible return of uninitialized in nf_conntrack_bridge, from
Linkui Xiao. This is there since nf_conntrack_bridge is available.
3) Fix incorrect pointer math in nft_byteorder, from Dan Carpenter.
Problem has been there since 2016.
4) Fix bogus error in destroy set element command. Problem is there
since this new destroy command was added.
5) Fix race condition in ipset between swap and destroy commands and
add/del/test control plane. This problem is there since ipset was
merged.
6) Split async and sync catchall GC in two function to fix unsafe
iteration over RCU. This is a fix-for-fix that was included in
the previous pull request.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-23-11-15
Thanks.
----------------------------------------------------------------
The following changes since commit 4b7b492615cf3017190f55444f7016812b66611d:
af_unix: fix use-after-free in unix_stream_read_actor() (2023-11-14 10:51:13 +0100)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-23-11-15
for you to fetch changes up to 8837ba3e58ea1e3d09ae36db80b1e80853aada95:
netfilter: nf_tables: split async and sync catchall in two functions (2023-11-14 16:16:21 +0100)
----------------------------------------------------------------
netfilter pull request 23-11-15
----------------------------------------------------------------
Dan Carpenter (1):
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
Jozsef Kadlecsik (1):
netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test
Linkui Xiao (1):
netfilter: nf_conntrack_bridge: initialize err to 0
Pablo Neira Ayuso (2):
netfilter: nf_tables: bogus ENOENT when destroying element which does not exist
netfilter: nf_tables: split async and sync catchall in two functions
Yang Li (1):
netfilter: nft_set_rbtree: Remove unused variable nft_net
include/net/netfilter/nf_tables.h | 4 +-
net/bridge/netfilter/nf_conntrack_bridge.c | 2 +-
net/netfilter/ipset/ip_set_core.c | 14 +++----
net/netfilter/nf_tables_api.c | 60 ++++++++++++++++--------------
net/netfilter/nft_byteorder.c | 5 ++-
net/netfilter/nft_meta.c | 2 +-
net/netfilter/nft_set_rbtree.c | 2 -
7 files changed, 47 insertions(+), 42 deletions(-)
next reply other threads:[~2023-11-15 18:45 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-15 18:45 Pablo Neira Ayuso [this message]
2023-11-15 18:45 ` [PATCH net 1/6] netfilter: nft_set_rbtree: Remove unused variable nft_net Pablo Neira Ayuso
2023-11-16 10:29 ` patchwork-bot+netdevbpf
2023-11-15 18:45 ` [PATCH net 2/6] netfilter: nf_conntrack_bridge: initialize err to 0 Pablo Neira Ayuso
2023-11-15 18:45 ` [PATCH net 3/6] netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() Pablo Neira Ayuso
2023-11-15 18:45 ` [PATCH net 4/6] netfilter: nf_tables: bogus ENOENT when destroying element which does not exist Pablo Neira Ayuso
2023-11-15 18:45 ` [PATCH net 5/6] netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test Pablo Neira Ayuso
2023-11-15 18:45 ` [PATCH net 6/6] netfilter: nf_tables: split async and sync catchall in two functions Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2024-04-04 10:43 [PATCH net 0/6] Netfilter fixes for net Pablo Neira Ayuso
2024-01-31 22:59 Pablo Neira Ayuso
2024-01-24 19:12 Pablo Neira Ayuso
2023-12-06 18:03 Pablo Neira Ayuso
2023-07-05 23:04 Pablo Neira Ayuso
2023-06-27 6:52 Pablo Neira Ayuso
2022-02-10 23:10 Pablo Neira Ayuso
2022-02-04 15:18 Pablo Neira Ayuso
2021-07-23 15:54 Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231115184514.8965-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.