Re: [PATCH nf] netfilter: nf_tables: prevent nf_skb_duplicated corruption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH nf] netfilter: nf_tables: prevent nf_skb_duplicated corruption
From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Date: Fri, 27 Sep 2024 13:57:43 +0200
Cc: "David S . Miller" <davem@xxxxxxxxxxxxx>, Jakub Kicinski <kuba@xxxxxxxxxx>, Paolo Abeni <pabeni@xxxxxxxxxx>, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxx, coreteam@xxxxxxxxxxxxx, eric.dumazet@xxxxxxxxx, syzbot <syzkaller@xxxxxxxxxxxxxxxx>
In-reply-to: <20240926185611.3988042-1-edumazet@google.com>

On Thu, Sep 26, 2024 at 06:56:11PM +0000, Eric Dumazet wrote:
> syzbot found that nf_dup_ipv4() or nf_dup_ipv6() could write
> per-cpu variable nf_skb_duplicated in an unsafe way [1].
> 
> Disabling preemption as hinted by the splat is not enough,
> we have to disable soft interrupts as well.

Applied, thanks

References:
- [PATCH nf] netfilter: nf_tables: prevent nf_skb_duplicated corruption
  - From: Eric Dumazet

Prev by Date: Re: [nf PATCH] selftests: netfilter: Fix nft_audit.sh for newer nft binaries
Next by Date: Re: [PATCH] selftests: netfilter: Add missing resturn value.
Previous by thread: [PATCH nf] netfilter: nf_tables: prevent nf_skb_duplicated corruption
Next by thread: [PATCH] selftests: netfilter: Add missing resturn value.
Index(es):
- Date
- Thread

[Index of Archives] [Netfitler Users] [Berkeley Packet Filter] [LARTC] [Bugtraq] [Yosemite Forum]

Powered by Linux