Re: [PATCH 5.10.y 0/3] netfilter: nf_tables fixes for 5.10.y

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Sep 09, 2021 at 04:03:34PM +0200, Florian Westphal wrote:
> Hello,
> 
> please consider applying these nf_tables fixes to the 5.10.y tree.
> These patches had to mangled to make them apply to 5.10.y.
> 
> I've done the follwoing tests in a kasan/kmemleak enabled vm:
> 1. run upstream nft python/shell tests.
>    Without patch 2 and 3 doing so results in kernel crash.
>    Some tests fail but afaics those are expected to
>    fail on 5.10 due to lack of feature being tested.
> 2. Tested the 'conncount' feature (its affected by last patch).
>    Worked as designed.
> 3. ran nftables related kernel self tests.
> 
> No kmemleak or kasan splats were seen.
> 
> Eric Dumazet (1):
>   netfilter: nftables: avoid potential overflows on 32bit arches
> 
> Pablo Neira Ayuso (2):
>   netfilter: nf_tables: initialize set before expression setup
>   netfilter: nftables: clone set element expression template
> 
>  net/netfilter/nf_tables_api.c | 89 ++++++++++++++++++++++-------------
>  net/netfilter/nft_set_hash.c  | 10 ++--
>  2 files changed, 62 insertions(+), 37 deletions(-)
> 
> -- 
> 2.32.0
> 

All now queued up, thanks!

greg k-h



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux