Hi Greg, On Thu, Sep 09, 2021 at 04:52:09PM +0200, Greg KH wrote: > On Thu, Sep 09, 2021 at 04:03:34PM +0200, Florian Westphal wrote: > > Hello, > > > > please consider applying these nf_tables fixes to the 5.10.y tree. > > These patches had to mangled to make them apply to 5.10.y. > > > > I've done the follwoing tests in a kasan/kmemleak enabled vm: > > 1. run upstream nft python/shell tests. > > Without patch 2 and 3 doing so results in kernel crash. > > Some tests fail but afaics those are expected to > > fail on 5.10 due to lack of feature being tested. > > 2. Tested the 'conncount' feature (its affected by last patch). > > Worked as designed. > > 3. ran nftables related kernel self tests. > > > > No kmemleak or kasan splats were seen. > > > > Eric Dumazet (1): > > netfilter: nftables: avoid potential overflows on 32bit arches > > > > Pablo Neira Ayuso (2): > > netfilter: nf_tables: initialize set before expression setup > > netfilter: nftables: clone set element expression template > > > > net/netfilter/nf_tables_api.c | 89 ++++++++++++++++++++++------------- > > net/netfilter/nft_set_hash.c | 10 ++-- > > 2 files changed, 62 insertions(+), 37 deletions(-) > > > > -- > > 2.32.0 > > > > All now queued up, thanks! Florian, thank you! My query originated from a bugreport in Debian triggering the issue with the 5.10.y kernels used. Not really needed here as Greg already queued up but: Tested-by: Salvatore Bonaccorso <carnil@xxxxxxxxxx> Regards, Salvatore