[PATCH net 0/5] netfilter: bugfixes for net

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Florian Westphal <fw@strlen.de>
To: <netdev@vger.kernel.org>
Cc: netfilter-devel@vger.kernel.org, Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Florian Westphal <fw@strlen.de>
Subject: [PATCH net 0/5] netfilter: bugfixes for net
Date: Wed, 21 Sep 2022 09:38:20 +0200	[thread overview]
Message-ID: <20220921073825.4658-1-fw@strlen.de> (raw)

Hello,

The following set contains netfilter fixes for the *net* tree.

Regressions (rc only):
recent ebtables crash fix was incomplete, it added a memory leak.

The patch to fix possible buffer overrun for BIG TCP in ftp conntrack
tried to be too clever, we cannot re-use ct->lock: NAT engine might
grab it again -> deadlock.  Revert back to a global spinlock.
Both from myself.

Remove the documentation for the recently removed
'nf_conntrack_helper' sysctl as well, from Pablo Neira.

The static_branch_inc() that guards the 'chain stats enabled' path
needs to be deferred further, until the entire transaction was created.
From Tetsuo Handa.

Older bugs:
Since 5.3:
nf_tables_addchain may leak pcpu memory in error path when
offloading fails. Also from Tetsuo Handa.

Please consider pulling these changes from
  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git

----------------------------------------------------------------
The following changes since commit 603ccb3aca717d04a4b1a04e3a7bc3b91eba33e8:

  MAINTAINERS: Add myself as a reviewer for Qualcomm ETHQOS Ethernet driver (2022-09-20 13:42:55 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git master

for you to fetch changes up to d25088932227680988a6b794221e031a7232f137:

  netfilter: nf_ct_ftp: fix deadlock when nat rewrite is needed (2022-09-20 23:50:03 +0200)

----------------------------------------------------------------
Florian Westphal (2):
      netfilter: ebtables: fix memory leak when blob is malformed
      netfilter: nf_ct_ftp: fix deadlock when nat rewrite is needed

Pablo Neira Ayuso (1):
      netfilter: conntrack: remove nf_conntrack_helper documentation

Tetsuo Handa (2):
      netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()
      netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()

 Documentation/networking/nf_conntrack-sysctl.rst | 9 ---------
 net/bridge/netfilter/ebtables.c                  | 4 +++-
 net/netfilter/nf_conntrack_ftp.c                 | 6 ++++--
 net/netfilter/nf_tables_api.c                    | 8 ++++----
 4 files changed, 11 insertions(+), 16 deletions(-)

next             reply	other threads:[~2022-09-21  7:38 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-21  7:38 Florian Westphal [this message]
2022-09-21  7:38 ` [PATCH net 1/5] netfilter: conntrack: remove nf_conntrack_helper documentation Florian Westphal
2022-09-21  8:20   ` patchwork-bot+netdevbpf
2022-09-21  7:38 ` [PATCH net 2/5] netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain() Florian Westphal
2022-09-21  7:38 ` [PATCH net 3/5] netfilter: nf_tables: fix percpu memory leak " Florian Westphal
2022-09-21  7:38 ` [PATCH net 4/5] netfilter: ebtables: fix memory leak when blob is malformed Florian Westphal
2022-09-21  7:38 ` [PATCH net 5/5] netfilter: nf_ct_ftp: fix deadlock when nat rewrite is needed Florian Westphal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220921073825.4658-1-fw@strlen.de \
    --to=fw@strlen.de \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pabeni@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.