On Thu, Sep 09, 2021 at 04:03:34PM +0200, Florian Westphal wrote: > Hello, > > please consider applying these nf_tables fixes to the 5.10.y tree. > These patches had to mangled to make them apply to 5.10.y. > > I've done the follwoing tests in a kasan/kmemleak enabled vm: > 1. run upstream nft python/shell tests. > Without patch 2 and 3 doing so results in kernel crash. > Some tests fail but afaics those are expected to > fail on 5.10 due to lack of feature being tested. > 2. Tested the 'conncount' feature (its affected by last patch). > Worked as designed. > 3. ran nftables related kernel self tests. > > No kmemleak or kasan splats were seen. > > Eric Dumazet (1): > netfilter: nftables: avoid potential overflows on 32bit arches > > Pablo Neira Ayuso (2): > netfilter: nf_tables: initialize set before expression setup > netfilter: nftables: clone set element expression template > > net/netfilter/nf_tables_api.c | 89 ++++++++++++++++++++++------------- > net/netfilter/nft_set_hash.c | 10 ++-- > 2 files changed, 62 insertions(+), 37 deletions(-) > > -- > 2.32.0 > All now queued up, thanks! greg k-h
