Re: [PATCH 5.10.y 0/3] netfilter: nf_tables fixes for 5.10.y

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Greg,

On Thu, Sep 09, 2021 at 04:52:09PM +0200, Greg KH wrote:
> On Thu, Sep 09, 2021 at 04:03:34PM +0200, Florian Westphal wrote:
> > Hello,
> > 
> > please consider applying these nf_tables fixes to the 5.10.y tree.
> > These patches had to mangled to make them apply to 5.10.y.
> > 
> > I've done the follwoing tests in a kasan/kmemleak enabled vm:
> > 1. run upstream nft python/shell tests.
> >    Without patch 2 and 3 doing so results in kernel crash.
> >    Some tests fail but afaics those are expected to
> >    fail on 5.10 due to lack of feature being tested.
> > 2. Tested the 'conncount' feature (its affected by last patch).
> >    Worked as designed.
> > 3. ran nftables related kernel self tests.
> > 
> > No kmemleak or kasan splats were seen.
> > 
> > Eric Dumazet (1):
> >   netfilter: nftables: avoid potential overflows on 32bit arches
> > 
> > Pablo Neira Ayuso (2):
> >   netfilter: nf_tables: initialize set before expression setup
> >   netfilter: nftables: clone set element expression template
> > 
> >  net/netfilter/nf_tables_api.c | 89 ++++++++++++++++++++++-------------
> >  net/netfilter/nft_set_hash.c  | 10 ++--
> >  2 files changed, 62 insertions(+), 37 deletions(-)
> > 
> > -- 
> > 2.32.0
> > 
> 
> All now queued up, thanks!

Florian, thank you! My query originated from a bugreport in Debian
triggering the issue with the 5.10.y kernels used.

Not really needed here as Greg already queued up but:

Tested-by: Salvatore Bonaccorso <carnil@xxxxxxxxxx>

Regards,
Salvatore



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux