Re: linux-next: Tree for Sep 27

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On (09/27/16 19:03), Sergey Senozhatsky wrote:
> Hello,
> 
> On (09/27/16 16:40), Stephen Rothwell wrote:
> > 
> > Changes since 20160923:
> > 
> 
> seems that commit e3b37f11e6e4e6b6 ("netfilter: replace list_head with
> single linked list") breaks the build on !CONFIG_NETFILTER_INGRESS systems
> accessing ->nf_hooks_ingress
> 
> static void nf_set_hooks_head(struct net *net, const struct nf_hook_ops *reg,
>                              struct nf_hook_entry *entry)
> {
>        switch (reg->pf) {
>        case NFPROTO_NETDEV:
>                /* We already checked in nf_register_net_hook() that this is
>                 * used from ingress.
>                 */
>                rcu_assign_pointer(reg->dev->nf_hooks_ingress, entry);
> 					^^^^^^^^^^^^^^^^^^^^


so I see two commits in linux-next now that fix the commit in question in
two patches

 : commit 7816ec564ec40ae20bb7925f733a181cad0cc491 ("netfilter: accommodate
 : different kconfig in nf_set_hooks_head")
 :
 :    When CONFIG_NETFILTER_INGRESS is unset (or no), we need to handle
 :    the request for registration properly by dropping the hook.  This
 :    releases the entry during the set.
 :
 :    Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list")

and

 : commit 5119e4381a90fabd3442bde02707cbd9e5d7367a ("netfilter: Fix potential
 : null pointer dereference")
 :
 :    It's possible for nf_hook_entry_head to return NULL.  If two
 :    nf_unregister_net_hook calls happen simultaneously with a single hook
 :    entry in the list, both will enter the nf_hook_mutex critical section.
 :    The first will successfully delete the head, but the second will see
 :    this NULL pointer and attempt to dereference.
 :
 :    This fix ensures that no null pointer dereference could occur when such
 :    a condition happens.
 :
 :    Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list")


do you guys plan to fold those into "e3b37f11e6e4" (a preferred way)
or will send it out as 3 separate patches (um, why) ?

	-ss
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux