Hi, On Tue, Oct 04 2016, Sergey Senozhatsky wrote: > On (09/27/16 19:03), Sergey Senozhatsky wrote: >> Hello, >> >> On (09/27/16 16:40), Stephen Rothwell wrote: >> > >> > Changes since 20160923: >> > >> >> seems that commit e3b37f11e6e4e6b6 ("netfilter: replace list_head with >> single linked list") breaks the build on !CONFIG_NETFILTER_INGRESS systems >> accessing ->nf_hooks_ingress this commit is now in mainline as e3b37f11e6e4e6b6f02cc762f182ce233d2c1c9d and it breaks my build: net/netfilter/core.c: In function 'nf_set_hooks_head': net/netfilter/core.c:96:3: error: 'struct net_device' has no member named 'nf_hooks_ingress' Are the fixes (see below) on the way to mainline too? Thanks. -Michal >> >> static void nf_set_hooks_head(struct net *net, const struct nf_hook_ops *reg, >> struct nf_hook_entry *entry) >> { >> switch (reg->pf) { >> case NFPROTO_NETDEV: >> /* We already checked in nf_register_net_hook() that this is >> * used from ingress. >> */ >> rcu_assign_pointer(reg->dev->nf_hooks_ingress, entry); >> ^^^^^^^^^^^^^^^^^^^^ > > > so I see two commits in linux-next now that fix the commit in question in > two patches > > : commit 7816ec564ec40ae20bb7925f733a181cad0cc491 ("netfilter: accommodate > : different kconfig in nf_set_hooks_head") > : > : When CONFIG_NETFILTER_INGRESS is unset (or no), we need to handle > : the request for registration properly by dropping the hook. This > : releases the entry during the set. > : > : Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list") > > and > > : commit 5119e4381a90fabd3442bde02707cbd9e5d7367a ("netfilter: Fix potential > : null pointer dereference") > : > : It's possible for nf_hook_entry_head to return NULL. If two > : nf_unregister_net_hook calls happen simultaneously with a single hook > : entry in the list, both will enter the nf_hook_mutex critical section. > : The first will successfully delete the head, but the second will see > : this NULL pointer and attempt to dereference. > : > : This fix ensures that no null pointer dereference could occur when such > : a condition happens. > : > : Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list") > > > do you guys plan to fold those into "e3b37f11e6e4" (a preferred way) > or will send it out as 3 separate patches (um, why) ? > > -ss -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html