From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Brad Spengler <spender@grsecurity.net>,
Jozsef Kadlecsik <kadlec@netfilter.org>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.10 065/162] netfilter: ipset: Limit the maximal range of consecutive elements to add/delete
Date: Wed, 30 Nov 2022 19:22:26 +0100 [thread overview]
Message-ID: <20221130180530.267439907@linuxfoundation.org> (raw)
In-Reply-To: <20221130180528.466039523@linuxfoundation.org>
From: Jozsef Kadlecsik <kadlec@netfilter.org>
[ Upstream commit 5f7b51bf09baca8e4f80cbe879536842bafb5f31 ]
The range size of consecutive elements were not limited. Thus one could
define a huge range which may result soft lockup errors due to the long
execution time. Now the range size is limited to 2^20 entries.
Reported-by: Brad Spengler <spender@grsecurity.net>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Stable-dep-of: c7aa1a76d4a0 ("netfilter: ipset: regression in ip_set_hash_ip.c")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/netfilter/ipset/ip_set.h | 3 +++
net/netfilter/ipset/ip_set_hash_ip.c | 9 ++++++++-
net/netfilter/ipset/ip_set_hash_ipmark.c | 10 +++++++++-
net/netfilter/ipset/ip_set_hash_ipport.c | 3 +++
net/netfilter/ipset/ip_set_hash_ipportip.c | 3 +++
net/netfilter/ipset/ip_set_hash_ipportnet.c | 3 +++
net/netfilter/ipset/ip_set_hash_net.c | 11 ++++++++++-
net/netfilter/ipset/ip_set_hash_netiface.c | 10 +++++++++-
net/netfilter/ipset/ip_set_hash_netnet.c | 16 +++++++++++++++-
net/netfilter/ipset/ip_set_hash_netport.c | 11 ++++++++++-
net/netfilter/ipset/ip_set_hash_netportnet.c | 16 +++++++++++++++-
11 files changed, 88 insertions(+), 7 deletions(-)
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h
index ab192720e2d6..53c9a17ecb3e 100644
--- a/include/linux/netfilter/ipset/ip_set.h
+++ b/include/linux/netfilter/ipset/ip_set.h
@@ -198,6 +198,9 @@ struct ip_set_region {
u32 elements; /* Number of elements vs timeout */
};
+/* Max range where every element is added/deleted in one step */
+#define IPSET_MAX_RANGE (1<<20)
+
/* The core set type structure */
struct ip_set_type {
struct list_head list;
diff --git a/net/netfilter/ipset/ip_set_hash_ip.c b/net/netfilter/ipset/ip_set_hash_ip.c
index 5d6d68eaf6a9..361f4fd69bf4 100644
--- a/net/netfilter/ipset/ip_set_hash_ip.c
+++ b/net/netfilter/ipset/ip_set_hash_ip.c
@@ -131,8 +131,11 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[],
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to);
if (ret)
return ret;
- if (ip > ip_to)
+ if (ip > ip_to) {
+ if (ip_to == 0)
+ return -IPSET_ERR_HASH_ELEM;
swap(ip, ip_to);
+ }
} else if (tb[IPSET_ATTR_CIDR]) {
u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
@@ -143,6 +146,10 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[],
hosts = h->netmask == 32 ? 1 : 2 << (32 - h->netmask - 1);
+ /* 64bit division is not allowed on 32bit */
+ if (((u64)ip_to - ip + 1) >> (32 - h->netmask) > IPSET_MAX_RANGE)
+ return -ERANGE;
+
if (retried) {
ip = ntohl(h->next.ip);
e.ip = htonl(ip);
diff --git a/net/netfilter/ipset/ip_set_hash_ipmark.c b/net/netfilter/ipset/ip_set_hash_ipmark.c
index aba1df617d6e..eefce34a34f0 100644
--- a/net/netfilter/ipset/ip_set_hash_ipmark.c
+++ b/net/netfilter/ipset/ip_set_hash_ipmark.c
@@ -120,6 +120,8 @@ hash_ipmark4_uadt(struct ip_set *set, struct nlattr *tb[],
e.mark = ntohl(nla_get_be32(tb[IPSET_ATTR_MARK]));
e.mark &= h->markmask;
+ if (e.mark == 0 && e.ip == 0)
+ return -IPSET_ERR_HASH_ELEM;
if (adt == IPSET_TEST ||
!(tb[IPSET_ATTR_IP_TO] || tb[IPSET_ATTR_CIDR])) {
@@ -132,8 +134,11 @@ hash_ipmark4_uadt(struct ip_set *set, struct nlattr *tb[],
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to);
if (ret)
return ret;
- if (ip > ip_to)
+ if (ip > ip_to) {
+ if (e.mark == 0 && ip_to == 0)
+ return -IPSET_ERR_HASH_ELEM;
swap(ip, ip_to);
+ }
} else if (tb[IPSET_ATTR_CIDR]) {
u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
@@ -142,6 +147,9 @@ hash_ipmark4_uadt(struct ip_set *set, struct nlattr *tb[],
ip_set_mask_from_to(ip, ip_to, cidr);
}
+ if (((u64)ip_to - ip + 1) > IPSET_MAX_RANGE)
+ return -ERANGE;
+
if (retried)
ip = ntohl(h->next.ip);
for (; ip <= ip_to; ip++) {
diff --git a/net/netfilter/ipset/ip_set_hash_ipport.c b/net/netfilter/ipset/ip_set_hash_ipport.c
index 1ff228717e29..4a54e9e8ae59 100644
--- a/net/netfilter/ipset/ip_set_hash_ipport.c
+++ b/net/netfilter/ipset/ip_set_hash_ipport.c
@@ -172,6 +172,9 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[],
swap(port, port_to);
}
+ if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE)
+ return -ERANGE;
+
if (retried)
ip = ntohl(h->next.ip);
for (; ip <= ip_to; ip++) {
diff --git a/net/netfilter/ipset/ip_set_hash_ipportip.c b/net/netfilter/ipset/ip_set_hash_ipportip.c
index fa88afd812fa..09737de5ecc3 100644
--- a/net/netfilter/ipset/ip_set_hash_ipportip.c
+++ b/net/netfilter/ipset/ip_set_hash_ipportip.c
@@ -179,6 +179,9 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[],
swap(port, port_to);
}
+ if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE)
+ return -ERANGE;
+
if (retried)
ip = ntohl(h->next.ip);
for (; ip <= ip_to; ip++) {
diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c
index eef6ecfcb409..02685371a682 100644
--- a/net/netfilter/ipset/ip_set_hash_ipportnet.c
+++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c
@@ -252,6 +252,9 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
swap(port, port_to);
}
+ if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE)
+ return -ERANGE;
+
ip2_to = ip2_from;
if (tb[IPSET_ATTR_IP2_TO]) {
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2_TO], &ip2_to);
diff --git a/net/netfilter/ipset/ip_set_hash_net.c b/net/netfilter/ipset/ip_set_hash_net.c
index 136cf0781d3a..9d1beaacb973 100644
--- a/net/netfilter/ipset/ip_set_hash_net.c
+++ b/net/netfilter/ipset/ip_set_hash_net.c
@@ -139,7 +139,7 @@ hash_net4_uadt(struct ip_set *set, struct nlattr *tb[],
ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_net4_elem e = { .cidr = HOST_MASK };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
- u32 ip = 0, ip_to = 0;
+ u32 ip = 0, ip_to = 0, ipn, n = 0;
int ret;
if (tb[IPSET_ATTR_LINENO])
@@ -187,6 +187,15 @@ hash_net4_uadt(struct ip_set *set, struct nlattr *tb[],
if (ip + UINT_MAX == ip_to)
return -IPSET_ERR_HASH_RANGE;
}
+ ipn = ip;
+ do {
+ ipn = ip_set_range_to_cidr(ipn, ip_to, &e.cidr);
+ n++;
+ } while (ipn++ < ip_to);
+
+ if (n > IPSET_MAX_RANGE)
+ return -ERANGE;
+
if (retried)
ip = ntohl(h->next.ip);
do {
diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c
index be5e95a0d876..c3ada9c63fa3 100644
--- a/net/netfilter/ipset/ip_set_hash_netiface.c
+++ b/net/netfilter/ipset/ip_set_hash_netiface.c
@@ -201,7 +201,7 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_netiface4_elem e = { .cidr = HOST_MASK, .elem = 1 };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
- u32 ip = 0, ip_to = 0;
+ u32 ip = 0, ip_to = 0, ipn, n = 0;
int ret;
if (tb[IPSET_ATTR_LINENO])
@@ -255,6 +255,14 @@ hash_netiface4_uadt(struct ip_set *set, struct nlattr *tb[],
} else {
ip_set_mask_from_to(ip, ip_to, e.cidr);
}
+ ipn = ip;
+ do {
+ ipn = ip_set_range_to_cidr(ipn, ip_to, &e.cidr);
+ n++;
+ } while (ipn++ < ip_to);
+
+ if (n > IPSET_MAX_RANGE)
+ return -ERANGE;
if (retried)
ip = ntohl(h->next.ip);
diff --git a/net/netfilter/ipset/ip_set_hash_netnet.c b/net/netfilter/ipset/ip_set_hash_netnet.c
index da4ef910b12d..b1411bc91a40 100644
--- a/net/netfilter/ipset/ip_set_hash_netnet.c
+++ b/net/netfilter/ipset/ip_set_hash_netnet.c
@@ -167,7 +167,8 @@ hash_netnet4_uadt(struct ip_set *set, struct nlattr *tb[],
struct hash_netnet4_elem e = { };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
u32 ip = 0, ip_to = 0;
- u32 ip2 = 0, ip2_from = 0, ip2_to = 0;
+ u32 ip2 = 0, ip2_from = 0, ip2_to = 0, ipn;
+ u64 n = 0, m = 0;
int ret;
if (tb[IPSET_ATTR_LINENO])
@@ -243,6 +244,19 @@ hash_netnet4_uadt(struct ip_set *set, struct nlattr *tb[],
} else {
ip_set_mask_from_to(ip2_from, ip2_to, e.cidr[1]);
}
+ ipn = ip;
+ do {
+ ipn = ip_set_range_to_cidr(ipn, ip_to, &e.cidr[0]);
+ n++;
+ } while (ipn++ < ip_to);
+ ipn = ip2_from;
+ do {
+ ipn = ip_set_range_to_cidr(ipn, ip2_to, &e.cidr[1]);
+ m++;
+ } while (ipn++ < ip2_to);
+
+ if (n*m > IPSET_MAX_RANGE)
+ return -ERANGE;
if (retried) {
ip = ntohl(h->next.ip[0]);
diff --git a/net/netfilter/ipset/ip_set_hash_netport.c b/net/netfilter/ipset/ip_set_hash_netport.c
index 34448df80fb9..d26d13528fe8 100644
--- a/net/netfilter/ipset/ip_set_hash_netport.c
+++ b/net/netfilter/ipset/ip_set_hash_netport.c
@@ -157,7 +157,8 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[],
ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_netport4_elem e = { .cidr = HOST_MASK - 1 };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
- u32 port, port_to, p = 0, ip = 0, ip_to = 0;
+ u32 port, port_to, p = 0, ip = 0, ip_to = 0, ipn;
+ u64 n = 0;
bool with_ports = false;
u8 cidr;
int ret;
@@ -234,6 +235,14 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[],
} else {
ip_set_mask_from_to(ip, ip_to, e.cidr + 1);
}
+ ipn = ip;
+ do {
+ ipn = ip_set_range_to_cidr(ipn, ip_to, &cidr);
+ n++;
+ } while (ipn++ < ip_to);
+
+ if (n*(port_to - port + 1) > IPSET_MAX_RANGE)
+ return -ERANGE;
if (retried) {
ip = ntohl(h->next.ip);
diff --git a/net/netfilter/ipset/ip_set_hash_netportnet.c b/net/netfilter/ipset/ip_set_hash_netportnet.c
index 934c1712cba8..6446f4fccc72 100644
--- a/net/netfilter/ipset/ip_set_hash_netportnet.c
+++ b/net/netfilter/ipset/ip_set_hash_netportnet.c
@@ -181,7 +181,8 @@ hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
struct hash_netportnet4_elem e = { };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
u32 ip = 0, ip_to = 0, p = 0, port, port_to;
- u32 ip2_from = 0, ip2_to = 0, ip2;
+ u32 ip2_from = 0, ip2_to = 0, ip2, ipn;
+ u64 n = 0, m = 0;
bool with_ports = false;
int ret;
@@ -283,6 +284,19 @@ hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
} else {
ip_set_mask_from_to(ip2_from, ip2_to, e.cidr[1]);
}
+ ipn = ip;
+ do {
+ ipn = ip_set_range_to_cidr(ipn, ip_to, &e.cidr[0]);
+ n++;
+ } while (ipn++ < ip_to);
+ ipn = ip2_from;
+ do {
+ ipn = ip_set_range_to_cidr(ipn, ip2_to, &e.cidr[1]);
+ m++;
+ } while (ipn++ < ip2_to);
+
+ if (n*m*(port_to - port + 1) > IPSET_MAX_RANGE)
+ return -ERANGE;
if (retried) {
ip = ntohl(h->next.ip[0]);
--
2.35.1
next prev parent reply other threads:[~2022-11-30 18:27 UTC|newest]
Thread overview: 174+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-30 18:21 [PATCH 5.10 000/162] 5.10.157-rc1 review Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 001/162] scsi: scsi_transport_sas: Fix error handling in sas_phy_add() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 002/162] ata: libata-scsi: simplify __ata_scsi_queuecmd() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 003/162] ata: libata-core: do not issue non-internal commands once EH is pending Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 004/162] bridge: switchdev: Notify about VLAN protocol changes Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 005/162] bridge: switchdev: Fix memory leaks when changing VLAN protocol Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 006/162] drm/display: Dont assume dual mode adaptors support i2c sub-addressing Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 007/162] nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 008/162] nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 009/162] speakup: Generate speakupmap.h automatically Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 010/162] speakup: replace utils u_char with unsigned char Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 011/162] iio: ms5611: Simplify IO callback parameters Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 012/162] iio: pressure: ms5611: fixed value compensation bug Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 013/162] ceph: do not update snapshot context when there is no new snapshot Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 014/162] ceph: avoid putting the realm twice when decoding snaps fails Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 015/162] wifi: mac80211: fix memory free error when registering wiphy fail Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 016/162] wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 017/162] riscv: dts: sifive unleashed: Add PWM controlled LEDs Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 018/162] audit: fix undefined behavior in bit shift for AUDIT_BIT Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 019/162] wifi: airo: do not assign -1 to unsigned char Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 020/162] wifi: mac80211: Fix ack frame idr leak when mesh has no route Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 021/162] spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 022/162] selftests/bpf: Add verifier test for release_reference() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 023/162] Revert "net: macsec: report real_dev features when HW offloading is enabled" Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 024/162] platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 025/162] scsi: ibmvfc: Avoid path failures during live migration Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 026/162] scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 027/162] drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 028/162] block, bfq: fix null pointer dereference in bfq_bio_bfqg() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 029/162] arm64/syscall: Include asm/ptrace.h in syscall_wrapper header Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 030/162] RISC-V: vdso: Do not add missing symbols to version section in linker script Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 031/162] MIPS: pic32: treat port as signed integer Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 032/162] xfrm: fix "disable_policy" on ipv4 early demux Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 033/162] xfrm: replay: Fix ESN wrap around for GSO Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 034/162] af_key: Fix send_acquire race with pfkey_register Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 035/162] ARM: dts: am335x-pcm-953: Define fixed regulators in root node Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 036/162] ASoC: hdac_hda: fix hda pcm buffer overflow issue Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 037/162] ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.10 038/162] ASoC: soc-pcm: Dont zero TDM masks in __soc_pcm_open() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 039/162] scsi: storvsc: Fix handling of srb_status and capacity change events Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 040/162] regulator: core: fix kobject release warning and memory leak in regulator_register() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 041/162] spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 042/162] regulator: core: fix UAF in destroy_regulator() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 043/162] bus: sunxi-rsb: Support atomic transfers Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 044/162] tee: optee: fix possible memory leak in optee_register_device() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 045/162] ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 046/162] net: liquidio: simplify if expression Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 047/162] rxrpc: Allow list of in-use local UDP endpoints to be viewed in /proc Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 048/162] rxrpc: Use refcount_t rather than atomic_t Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 049/162] rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975] Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 050/162] nfc/nci: fix race with opening and closing Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 051/162] net: pch_gbe: fix potential memleak in pch_gbe_tx_queue() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 052/162] 9p/fd: fix issue of list_del corruption in p9_fd_cancel() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 053/162] netfilter: conntrack: Fix data-races around ct mark Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 054/162] ARM: mxs: fix memory leak in mxs_machine_init() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 055/162] ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 056/162] net: ethernet: mtk_eth_soc: fix error handling in mtk_open() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 057/162] net/mlx4: Check retval of mlx4_bitmap_init Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 058/162] net/qla3xxx: fix potential memleak in ql3xxx_send() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 059/162] net: pch_gbe: fix pci device refcount leak while module exiting Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 060/162] nfp: fill splittable of devlink_port_attrs correctly Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 061/162] nfp: add port from netdev validation for EEPROM access Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 062/162] macsec: Fix invalid error code set Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 063/162] Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 064/162] Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() Greg Kroah-Hartman
2022-11-30 18:22 ` Greg Kroah-Hartman [this message]
2022-11-30 18:22 ` [PATCH 5.10 066/162] netfilter: ipset: regression in ip_set_hash_ip.c Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 067/162] net/mlx5: Fix FW tracer timestamp calculation Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 068/162] net/mlx5: Fix handling of entry refcount when command is not issued to FW Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 069/162] tipc: set con sock in tipc_conn_alloc Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 070/162] tipc: add an extra conn_get " Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 071/162] tipc: check skb_linearize() return value in tipc_disc_rcv() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 072/162] xfrm: Fix ignored return value in xfrm6_init() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 073/162] sfc: fix potential memleak in __ef100_hard_start_xmit() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 074/162] net: sched: allow act_ct to be built without NF_NAT Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 075/162] NFC: nci: fix memory leak in nci_rx_data_packet() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 076/162] regulator: twl6030: re-add TWL6032_SUBCLASS Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 077/162] bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 078/162] dma-buf: fix racing conflict of dma_heap_add() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 079/162] netfilter: flowtable_offload: add missing locking Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 080/162] dccp/tcp: Reset saddr on failure after inet6?_hash_connect() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 081/162] ipv4: Fix error return code in fib_table_insert() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 082/162] s390/dasd: fix no record found for raw_track_access Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 083/162] net: arcnet: Fix RESET flag handling Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 084/162] arcnet: fix potential memory leak in com20020_probe() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 085/162] nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 086/162] nfc: st-nci: fix memory leaks " Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 087/162] net: thunderx: Fix the ACPI memory leak Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 088/162] s390/crashdump: fix TOD programmable field size Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 089/162] net: enetc: manage ENETC_F_QBV in priv->active_offloads only when enabled Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 090/162] net: enetc: cache accesses to &priv->si->hw Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 091/162] net: enetc: preserve TX ring priority across reconfiguration Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 092/162] lib/vdso: use "grep -E" instead of "egrep" Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 093/162] usb: dwc3: exynos: Fix remove() function Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 094/162] ext4: fix use-after-free in ext4_ext_shift_extents Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 095/162] arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 096/162] kbuild: fix -Wimplicit-function-declaration in license_is_gpl_compatible Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 097/162] iio: light: apds9960: fix wrong register for gesture gain Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.10 098/162] iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 099/162] init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 100/162] nios2: add FORCE for vmlinuz.gz Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 101/162] KVM: x86: emulator: update the emulation mode after rsm Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 102/162] mmc: sdhci-brcmstb: Re-organize flags Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 103/162] mmc: sdhci-brcmstb: Enable Clock Gating to save power Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 104/162] mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 105/162] usb: cdns3: Add support for DRD CDNSP Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 106/162] usb: cdnsp: Device side header file for CDNSP driver Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 107/162] ceph: make ceph_create_session_msg a global symbol Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 108/162] ceph: make iterate_sessions " Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 109/162] ceph: flush mdlog before umounting Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 110/162] ceph: flush the mdlog before waiting on unsafe reqs Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 111/162] ceph: fix off by one bugs in unsafe_request_wait() Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 112/162] ceph: put the requests/sessions when it fails to alloc memory Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 113/162] ceph: fix possible NULL pointer dereference for req->r_session Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 114/162] ceph: Use kcalloc for allocating multiple elements Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 115/162] ceph: fix NULL pointer dereference for req->r_session Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 116/162] usb: dwc3: gadget: conditionally remove requests Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 117/162] usb: dwc3: gadget: Return -ESHUTDOWN on ep disable Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 118/162] usb: dwc3: gadget: Clear ep descriptor last Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 119/162] nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 120/162] gcov: clang: fix the buffer overflow issue Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 121/162] mm: vmscan: fix extreme overreclaim and swap floods Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 122/162] KVM: x86: nSVM: leave nested mode on vCPU free Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 123/162] KVM: x86: remove exit_int_info warning in svm_handle_exit Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 124/162] x86/ioremap: Fix page aligned size calculation in __ioremap_caller() Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 125/162] binder: avoid potential data leakage when copying txn Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 126/162] binder: read pre-translated fds from sender buffer Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 127/162] binder: defer copies of pre-patched txn data Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 128/162] binder: fix pointer cast warning Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 129/162] binder: Address corner cases in deferred copy and fixup Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 130/162] binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0 Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 131/162] Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 132/162] ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 133/162] serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 134/162] Input: goodix - try resetting the controller when no config is set Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 135/162] Input: soc_button_array - add use_low_level_irq module parameter Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 136/162] Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 137/162] xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 138/162] xen/platform-pci: add missing free_irq() in error path Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 139/162] platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 140/162] platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 141/162] zonefs: fix zone report size in __zonefs_io_error() Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 142/162] platform/x86: hp-wmi: Ignore Smart Experience App event Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 143/162] tcp: configurable source port perturb table size Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 144/162] net: usb: qmi_wwan: add Telit 0x103a composition Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 145/162] gpu: host1x: Avoid trying to use GART on Tegra20 Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 146/162] dm integrity: flush the journal on suspend Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 147/162] dm integrity: clear " Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 148/162] wifi: wilc1000: validate pairwise and authentication suite offsets Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 149/162] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 150/162] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 151/162] wifi: wilc1000: validate number of channels Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 152/162] genirq/msi: Shutdown managed interrupts with unsatifiable affinities Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 153/162] genirq: Always limit the affinity to online CPUs Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 154/162] irqchip/gic-v3: Always trust the managed affinity provided by the core code Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 155/162] genirq: Take the proposed affinity at face value if force==true Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 156/162] btrfs: free btrfs_path before copying root refs to userspace Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 157/162] btrfs: free btrfs_path before copying fspath " Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.10 158/162] btrfs: free btrfs_path before copying subvol info " Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.10 159/162] btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs() Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.10 160/162] drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.10 161/162] drm/amdgpu: always register an MMU notifier for userptr Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.10 162/162] drm/i915: fix TLB invalidation for Gen12 video and compute engines Greg Kroah-Hartman
2022-11-30 19:38 ` [PATCH 5.10 000/162] 5.10.157-rc1 review Pavel Machek
2022-11-30 20:13 ` Florian Fainelli
2022-12-01 1:01 ` Shuah Khan
2022-12-01 11:19 ` Sudip Mukherjee
2022-12-01 11:21 ` Rudi Heitbaum
2022-12-01 16:47 ` Naresh Kamboju
2022-12-02 1:44 ` Guenter Roeck
2022-12-02 11:49 ` Pavel Machek
2022-12-02 12:39 ` Greg Kroah-Hartman
2022-12-02 12:41 ` Greg Kroah-Hartman
2022-12-02 12:48 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221130180530.267439907@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=kadlec@netfilter.org \
--cc=pablo@netfilter.org \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=spender@grsecurity.net \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox