On Fri, Apr 04, 2014 at 05:57:45PM +0200, Thomas Graf wrote: > All xtables variants suffer from the defect that the copy_to_user() > to copy the counters to user memory may fail after the table has > already been exchanged and thus exposed. Return an error at this > point will result in freeing the already exposed table. Any > subsequent packet processing will result in a kernel panic. > > We can't copy the counters before exposing the new tables as we > want provide the counter state after the old table has been > unhooked. Therefore convert this into a silent error. Applied, thanks Thomas. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
