From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Liping Zhang <zlpnobody@163.com>
Cc: netfilter-devel@vger.kernel.org, Liping Zhang <zlpnobody@gmail.com>
Subject: Re: [PATCH nf 0/3] netfilter: nf_tables: fix some bugs related to dynset
Date: Thu, 27 Oct 2016 18:23:08 +0200 [thread overview]
Message-ID: <20161027162308.GA9934@salvia> (raw)
In-Reply-To: <1477133486-60686-1-git-send-email-zlpnobody@163.com>
On Sat, Oct 22, 2016 at 06:51:23PM +0800, Liping Zhang wrote:
> From: Liping Zhang <zlpnobody@gmail.com>
>
> Suppose that the user input the following nft rules, then a dynset expr is
> created:
> # nft add rule filter output flow table test { ip daddr counter }
>
> But actually, there are some bugs exist in kernel:
> 1. If CONFIG_NFT_SET_HASH is not enabled, kernel panic will happen
> 2. In extreme case, i.e. memory is exhausted, then expr clone will
> fail, this will cause module refcnt leak, memory leak and incorrect
> set's nelems
> 3. Packets may race when create the new element, and these *racing*
> packets will not be handled properly.
>
> This patch set is aimed to fix these problems.
Series applied, thanks!
prev parent reply other threads:[~2016-10-27 16:23 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-22 10:51 [PATCH nf 0/3] netfilter: nf_tables: fix some bugs related to dynset Liping Zhang
2016-10-22 10:51 ` [PATCH nf 1/3] netfilter: nft_dynset: fix panic if NFT_SET_HASH is not enabled Liping Zhang
2016-10-25 14:25 ` Liping Zhang
2016-10-26 13:14 ` Liping Zhang
2016-10-22 10:51 ` [PATCH nf 2/3] netfilter: nf_tables: fix *leak* when expr clone fail Liping Zhang
2016-10-22 10:51 ` [PATCH nf 3/3] netfilter: nf_tables: fix race when create new element in dynset Liping Zhang
2016-10-27 16:23 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161027162308.GA9934@salvia \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=zlpnobody@163.com \
--cc=zlpnobody@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.