Hi Pablo,
Please apply the next patch to the nf tree. Brad Spengler reported that
huge range of consecutive elements could result soft lockup errors due
to the long execution time. The patch limits and enforces the maximal size
of such ranges. Previous version did not take into account that 64bit
division isn't allowed on 32bit systems.
Best regards,
Jozsef
The following changes since commit 832df96d5f957d42fd9eb9660519a0c51fe8538e:
Merge branch 'sctp-pmtu-probe' (2021-07-25 23:06:21 +0100)
are available in the Git repository at:
git://blackhole.kfki.hu/nf eeae0a4c9f8992
for you to fetch changes up to eeae0a4c9f899291f6ec461efdc0f2f75791ea0b:
netfilter: ipset: Limit the maximal range of consecutive elements to add/delete (2021-07-28 16:42:13 +0200)
----------------------------------------------------------------
Jozsef Kadlecsik (1):
netfilter: ipset: Limit the maximal range of consecutive elements to add/delete
include/linux/netfilter/ipset/ip_set.h | 3 +++
net/netfilter/ipset/ip_set_hash_ip.c | 9 ++++++++-
net/netfilter/ipset/ip_set_hash_ipmark.c | 10 +++++++++-
net/netfilter/ipset/ip_set_hash_ipport.c | 3 +++
net/netfilter/ipset/ip_set_hash_ipportip.c | 3 +++
net/netfilter/ipset/ip_set_hash_ipportnet.c | 3 +++
net/netfilter/ipset/ip_set_hash_net.c | 11 ++++++++++-
net/netfilter/ipset/ip_set_hash_netiface.c | 10 +++++++++-
net/netfilter/ipset/ip_set_hash_netnet.c | 16 +++++++++++++++-
net/netfilter/ipset/ip_set_hash_netport.c | 11 ++++++++++-
net/netfilter/ipset/ip_set_hash_netportnet.c | 16 +++++++++++++++-
11 files changed, 88 insertions(+), 7 deletions(-)
