From: Pablo Neira Ayuso <pablo@netfilter.org>
To: "Reshetova, Elena" <elena.reshetova@intel.com>
Cc: "netfilter-devel@vger.kernel.org"
<netfilter-devel@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"kadlec@blackhole.kfki.hu" <kadlec@blackhole.kfki.hu>,
"peterz@infradead.org" <peterz@infradead.org>,
"keescook@chromium.org" <keescook@chromium.org>
Subject: Re: [PATCH 0/7] net, netfilter refcounter conversions
Date: Fri, 17 Mar 2017 12:50:41 +0100 [thread overview]
Message-ID: <20170317115041.GA4979@salvia> (raw)
In-Reply-To: <2236FBA76BA1254E88B949DDB74E612B41C59A26@IRSMSX102.ger.corp.intel.com>
On Thu, Mar 16, 2017 at 07:52:19AM +0000, Reshetova, Elena wrote:
>
> > On Wed, Mar 15, 2017 at 01:10:38PM +0200, Elena Reshetova wrote:
> > > This series, for the netfilter subsystem, replaces atomic_t reference
> > > counters with the new refcount_t type and API (see include/linux/refcount.h).
> > > By doing this we prevent intentional or accidental
> > > underflows or overflows that can led to use-after-free vulnerabilities.
> > >
> > > Please take the series to your tree if there are no run-time issues.
> >
> > Could you collapse all of your patches into one single? They are all
> > part of the same logical change to me.
> >
> > > 21 files changed, 85 insertions(+), 75 deletions(-)
> >
> > The diffstat is small enough to do what I'm asking.
>
> Sure. The reason why they are separated is that it is easier to
> review them this way IMO and find mistakes (I found many after I
> split all networking patches into one per variable). But I guess
> for merge, it is easier to have them collapsed, so I am going to
> send you a new version shortly.
In my particular case, collapsing them is good so the Netfilter batch
I pass up to David becomes smaller. Thanks!
prev parent reply other threads:[~2017-03-17 11:52 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-15 11:10 [PATCH 0/7] net, netfilter refcounter conversions Elena Reshetova
2017-03-15 11:10 ` [PATCH 1/7] net, netfilter: convert ip_vs_conn.refcnt from atomic_t to refcount_t Elena Reshetova
2017-03-18 2:52 ` kbuild test robot
2017-03-15 11:10 ` [PATCH 2/7] net, netfilter: convert ip_vs_dest.refcnt " Elena Reshetova
2017-03-15 11:10 ` [PATCH 3/7] net, netfilter: convert ctnl_timeout.refcnt " Elena Reshetova
2017-03-15 11:10 ` [PATCH 4/7] net, netfilter: convert nf_acct.refcnt " Elena Reshetova
2017-03-15 11:10 ` [PATCH 5/7] net, netfilter: convert nf_conntrack_expect.use " Elena Reshetova
2017-03-15 11:10 ` [PATCH 6/7] net, netfilter: convert nfulnl_instance.use " Elena Reshetova
2017-03-15 11:10 ` [PATCH 7/7] net, netfilter: convert clusterip_config.refcount and clusterip_config.entries " Elena Reshetova
2017-03-15 13:02 ` [PATCH 0/7] net, netfilter refcounter conversions Pablo Neira Ayuso
2017-03-16 7:52 ` Reshetova, Elena
2017-03-17 11:50 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170317115041.GA4979@salvia \
--to=pablo@netfilter.org \
--cc=elena.reshetova@intel.com \
--cc=kadlec@blackhole.kfki.hu \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=peterz@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).