Hello, please consider applying these nf_tables fixes to the 5.10.y tree. These patches had to mangled to make them apply to 5.10.y. I've done the follwoing tests in a kasan/kmemleak enabled vm: 1. run upstream nft python/shell tests. Without patch 2 and 3 doing so results in kernel crash. Some tests fail but afaics those are expected to fail on 5.10 due to lack of feature being tested. 2. Tested the 'conncount' feature (its affected by last patch). Worked as designed. 3. ran nftables related kernel self tests. No kmemleak or kasan splats were seen. Eric Dumazet (1): netfilter: nftables: avoid potential overflows on 32bit arches Pablo Neira Ayuso (2): netfilter: nf_tables: initialize set before expression setup netfilter: nftables: clone set element expression template net/netfilter/nf_tables_api.c | 89 ++++++++++++++++++++++------------- net/netfilter/nft_set_hash.c | 10 ++-- 2 files changed, 62 insertions(+), 37 deletions(-) -- 2.32.0
