From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Jeff Wu <wujiafu@gmail.com>,
Florian Westphal <fw@strlen.de>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Michal Kubecek <mkubecek@suse.cz>
Subject: [PATCH 4.4 30/74] netfilter: x_tables: speed up jump target validation
Date: Mon, 29 Jan 2018 13:56:35 +0100 [thread overview]
Message-ID: <20180129123848.967336367@linuxfoundation.org> (raw)
In-Reply-To: <20180129123847.507563674@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal <fw@strlen.de>
commit f4dc77713f8016d2e8a3295e1c9c53a21f296def upstream.
The dummy ruleset I used to test the original validation change was broken,
most rules were unreachable and were not tested by mark_source_chains().
In some cases rulesets that used to load in a few seconds now require
several minutes.
sample ruleset that shows the behaviour:
echo "*filter"
for i in $(seq 0 100000);do
printf ":chain_%06x - [0:0]\n" $i
done
for i in $(seq 0 100000);do
printf -- "-A INPUT -j chain_%06x\n" $i
printf -- "-A INPUT -j chain_%06x\n" $i
printf -- "-A INPUT -j chain_%06x\n" $i
done
echo COMMIT
[ pipe result into iptables-restore ]
This ruleset will be about 74mbyte in size, with ~500k searches
though all 500k[1] rule entries. iptables-restore will take forever
(gave up after 10 minutes)
Instead of always searching the entire blob for a match, fill an
array with the start offsets of every single ipt_entry struct,
then do a binary search to check if the jump target is present or not.
After this change ruleset restore times get again close to what one
gets when reverting 36472341017529e (~3 seconds on my workstation).
[1] every user-defined rule gets an implicit RETURN, so we get
300k jumps + 100k userchains + 100k returns -> 500k rule entries
Fixes: 36472341017529e ("netfilter: x_tables: validate targets of jumps")
Reported-by: Jeff Wu <wujiafu@gmail.com>
Tested-by: Jeff Wu <wujiafu@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/netfilter/x_tables.h | 4 ++
net/ipv4/netfilter/arp_tables.c | 47 ++++++++++++++++++----------------
net/ipv4/netfilter/ip_tables.c | 45 +++++++++++++++++----------------
net/ipv6/netfilter/ip6_tables.c | 45 +++++++++++++++++----------------
net/netfilter/x_tables.c | 50 +++++++++++++++++++++++++++++++++++++
5 files changed, 127 insertions(+), 64 deletions(-)
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -243,6 +243,10 @@ int xt_check_entry_offsets(const void *b
unsigned int target_offset,
unsigned int next_offset);
+unsigned int *xt_alloc_entry_offsets(unsigned int size);
+bool xt_find_jump_offset(const unsigned int *offsets,
+ unsigned int target, unsigned int size);
+
int xt_check_match(struct xt_mtchk_param *, unsigned int size, u_int8_t proto,
bool inv_proto);
int xt_check_target(struct xt_tgchk_param *, unsigned int size, u_int8_t proto,
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -367,23 +367,12 @@ static inline bool unconditional(const s
memcmp(&e->arp, &uncond, sizeof(uncond)) == 0;
}
-static bool find_jump_target(const struct xt_table_info *t,
- const struct arpt_entry *target)
-{
- struct arpt_entry *iter;
-
- xt_entry_foreach(iter, t->entries, t->size) {
- if (iter == target)
- return true;
- }
- return false;
-}
-
/* Figures out from what hook each rule can be called: returns 0 if
* there are loops. Puts hook bitmask in comefrom.
*/
static int mark_source_chains(const struct xt_table_info *newinfo,
- unsigned int valid_hooks, void *entry0)
+ unsigned int valid_hooks, void *entry0,
+ unsigned int *offsets)
{
unsigned int hook;
@@ -472,10 +461,11 @@ static int mark_source_chains(const stru
/* This a jump; chase it. */
duprintf("Jump rule %u -> %u\n",
pos, newpos);
+ if (!xt_find_jump_offset(offsets, newpos,
+ newinfo->number))
+ return 0;
e = (struct arpt_entry *)
(entry0 + newpos);
- if (!find_jump_target(newinfo, e))
- return 0;
} else {
/* ... this is a fallthru */
newpos = pos + e->next_offset;
@@ -642,6 +632,7 @@ static int translate_table(struct xt_tab
const struct arpt_replace *repl)
{
struct arpt_entry *iter;
+ unsigned int *offsets;
unsigned int i;
int ret = 0;
@@ -655,6 +646,9 @@ static int translate_table(struct xt_tab
}
duprintf("translate_table: size %u\n", newinfo->size);
+ offsets = xt_alloc_entry_offsets(newinfo->number);
+ if (!offsets)
+ return -ENOMEM;
i = 0;
/* Walk through entries, checking offsets. */
@@ -665,7 +659,9 @@ static int translate_table(struct xt_tab
repl->underflow,
repl->valid_hooks);
if (ret != 0)
- break;
+ goto out_free;
+ if (i < repl->num_entries)
+ offsets[i] = (void *)iter - entry0;
++i;
if (strcmp(arpt_get_target(iter)->u.user.name,
XT_ERROR_TARGET) == 0)
@@ -673,12 +669,13 @@ static int translate_table(struct xt_tab
}
duprintf("translate_table: ARPT_ENTRY_ITERATE gives %d\n", ret);
if (ret != 0)
- return ret;
+ goto out_free;
+ ret = -EINVAL;
if (i != repl->num_entries) {
duprintf("translate_table: %u not %u entries\n",
i, repl->num_entries);
- return -EINVAL;
+ goto out_free;
}
/* Check hooks all assigned */
@@ -689,17 +686,20 @@ static int translate_table(struct xt_tab
if (newinfo->hook_entry[i] == 0xFFFFFFFF) {
duprintf("Invalid hook entry %u %u\n",
i, repl->hook_entry[i]);
- return -EINVAL;
+ goto out_free;
}
if (newinfo->underflow[i] == 0xFFFFFFFF) {
duprintf("Invalid underflow %u %u\n",
i, repl->underflow[i]);
- return -EINVAL;
+ goto out_free;
}
}
- if (!mark_source_chains(newinfo, repl->valid_hooks, entry0))
- return -ELOOP;
+ if (!mark_source_chains(newinfo, repl->valid_hooks, entry0, offsets)) {
+ ret = -ELOOP;
+ goto out_free;
+ }
+ kvfree(offsets);
/* Finally, each sanity check must pass */
i = 0;
@@ -720,6 +720,9 @@ static int translate_table(struct xt_tab
}
return ret;
+ out_free:
+ kvfree(offsets);
+ return ret;
}
static void get_counters(const struct xt_table_info *t,
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -443,23 +443,12 @@ ipt_do_table(struct sk_buff *skb,
#endif
}
-static bool find_jump_target(const struct xt_table_info *t,
- const struct ipt_entry *target)
-{
- struct ipt_entry *iter;
-
- xt_entry_foreach(iter, t->entries, t->size) {
- if (iter == target)
- return true;
- }
- return false;
-}
-
/* Figures out from what hook each rule can be called: returns 0 if
there are loops. Puts hook bitmask in comefrom. */
static int
mark_source_chains(const struct xt_table_info *newinfo,
- unsigned int valid_hooks, void *entry0)
+ unsigned int valid_hooks, void *entry0,
+ unsigned int *offsets)
{
unsigned int hook;
@@ -552,10 +541,11 @@ mark_source_chains(const struct xt_table
/* This a jump; chase it. */
duprintf("Jump rule %u -> %u\n",
pos, newpos);
+ if (!xt_find_jump_offset(offsets, newpos,
+ newinfo->number))
+ return 0;
e = (struct ipt_entry *)
(entry0 + newpos);
- if (!find_jump_target(newinfo, e))
- return 0;
} else {
/* ... this is a fallthru */
newpos = pos + e->next_offset;
@@ -811,6 +801,7 @@ translate_table(struct net *net, struct
const struct ipt_replace *repl)
{
struct ipt_entry *iter;
+ unsigned int *offsets;
unsigned int i;
int ret = 0;
@@ -824,6 +815,9 @@ translate_table(struct net *net, struct
}
duprintf("translate_table: size %u\n", newinfo->size);
+ offsets = xt_alloc_entry_offsets(newinfo->number);
+ if (!offsets)
+ return -ENOMEM;
i = 0;
/* Walk through entries, checking offsets. */
xt_entry_foreach(iter, entry0, newinfo->size) {
@@ -833,17 +827,20 @@ translate_table(struct net *net, struct
repl->underflow,
repl->valid_hooks);
if (ret != 0)
- return ret;
+ goto out_free;
+ if (i < repl->num_entries)
+ offsets[i] = (void *)iter - entry0;
++i;
if (strcmp(ipt_get_target(iter)->u.user.name,
XT_ERROR_TARGET) == 0)
++newinfo->stacksize;
}
+ ret = -EINVAL;
if (i != repl->num_entries) {
duprintf("translate_table: %u not %u entries\n",
i, repl->num_entries);
- return -EINVAL;
+ goto out_free;
}
/* Check hooks all assigned */
@@ -854,17 +851,20 @@ translate_table(struct net *net, struct
if (newinfo->hook_entry[i] == 0xFFFFFFFF) {
duprintf("Invalid hook entry %u %u\n",
i, repl->hook_entry[i]);
- return -EINVAL;
+ goto out_free;
}
if (newinfo->underflow[i] == 0xFFFFFFFF) {
duprintf("Invalid underflow %u %u\n",
i, repl->underflow[i]);
- return -EINVAL;
+ goto out_free;
}
}
- if (!mark_source_chains(newinfo, repl->valid_hooks, entry0))
- return -ELOOP;
+ if (!mark_source_chains(newinfo, repl->valid_hooks, entry0, offsets)) {
+ ret = -ELOOP;
+ goto out_free;
+ }
+ kvfree(offsets);
/* Finally, each sanity check must pass */
i = 0;
@@ -885,6 +885,9 @@ translate_table(struct net *net, struct
}
return ret;
+ out_free:
+ kvfree(offsets);
+ return ret;
}
static void
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -455,23 +455,12 @@ ip6t_do_table(struct sk_buff *skb,
#endif
}
-static bool find_jump_target(const struct xt_table_info *t,
- const struct ip6t_entry *target)
-{
- struct ip6t_entry *iter;
-
- xt_entry_foreach(iter, t->entries, t->size) {
- if (iter == target)
- return true;
- }
- return false;
-}
-
/* Figures out from what hook each rule can be called: returns 0 if
there are loops. Puts hook bitmask in comefrom. */
static int
mark_source_chains(const struct xt_table_info *newinfo,
- unsigned int valid_hooks, void *entry0)
+ unsigned int valid_hooks, void *entry0,
+ unsigned int *offsets)
{
unsigned int hook;
@@ -564,10 +553,11 @@ mark_source_chains(const struct xt_table
/* This a jump; chase it. */
duprintf("Jump rule %u -> %u\n",
pos, newpos);
+ if (!xt_find_jump_offset(offsets, newpos,
+ newinfo->number))
+ return 0;
e = (struct ip6t_entry *)
(entry0 + newpos);
- if (!find_jump_target(newinfo, e))
- return 0;
} else {
/* ... this is a fallthru */
newpos = pos + e->next_offset;
@@ -823,6 +813,7 @@ translate_table(struct net *net, struct
const struct ip6t_replace *repl)
{
struct ip6t_entry *iter;
+ unsigned int *offsets;
unsigned int i;
int ret = 0;
@@ -836,6 +827,9 @@ translate_table(struct net *net, struct
}
duprintf("translate_table: size %u\n", newinfo->size);
+ offsets = xt_alloc_entry_offsets(newinfo->number);
+ if (!offsets)
+ return -ENOMEM;
i = 0;
/* Walk through entries, checking offsets. */
xt_entry_foreach(iter, entry0, newinfo->size) {
@@ -845,17 +839,20 @@ translate_table(struct net *net, struct
repl->underflow,
repl->valid_hooks);
if (ret != 0)
- return ret;
+ goto out_free;
+ if (i < repl->num_entries)
+ offsets[i] = (void *)iter - entry0;
++i;
if (strcmp(ip6t_get_target(iter)->u.user.name,
XT_ERROR_TARGET) == 0)
++newinfo->stacksize;
}
+ ret = -EINVAL;
if (i != repl->num_entries) {
duprintf("translate_table: %u not %u entries\n",
i, repl->num_entries);
- return -EINVAL;
+ goto out_free;
}
/* Check hooks all assigned */
@@ -866,17 +863,20 @@ translate_table(struct net *net, struct
if (newinfo->hook_entry[i] == 0xFFFFFFFF) {
duprintf("Invalid hook entry %u %u\n",
i, repl->hook_entry[i]);
- return -EINVAL;
+ goto out_free;
}
if (newinfo->underflow[i] == 0xFFFFFFFF) {
duprintf("Invalid underflow %u %u\n",
i, repl->underflow[i]);
- return -EINVAL;
+ goto out_free;
}
}
- if (!mark_source_chains(newinfo, repl->valid_hooks, entry0))
- return -ELOOP;
+ if (!mark_source_chains(newinfo, repl->valid_hooks, entry0, offsets)) {
+ ret = -ELOOP;
+ goto out_free;
+ }
+ kvfree(offsets);
/* Finally, each sanity check must pass */
i = 0;
@@ -897,6 +897,9 @@ translate_table(struct net *net, struct
}
return ret;
+ out_free:
+ kvfree(offsets);
+ return ret;
}
static void
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -701,6 +701,56 @@ int xt_check_entry_offsets(const void *b
}
EXPORT_SYMBOL(xt_check_entry_offsets);
+/**
+ * xt_alloc_entry_offsets - allocate array to store rule head offsets
+ *
+ * @size: number of entries
+ *
+ * Return: NULL or kmalloc'd or vmalloc'd array
+ */
+unsigned int *xt_alloc_entry_offsets(unsigned int size)
+{
+ unsigned int *off;
+
+ off = kcalloc(size, sizeof(unsigned int), GFP_KERNEL | __GFP_NOWARN);
+
+ if (off)
+ return off;
+
+ if (size < (SIZE_MAX / sizeof(unsigned int)))
+ off = vmalloc(size * sizeof(unsigned int));
+
+ return off;
+}
+EXPORT_SYMBOL(xt_alloc_entry_offsets);
+
+/**
+ * xt_find_jump_offset - check if target is a valid jump offset
+ *
+ * @offsets: array containing all valid rule start offsets of a rule blob
+ * @target: the jump target to search for
+ * @size: entries in @offset
+ */
+bool xt_find_jump_offset(const unsigned int *offsets,
+ unsigned int target, unsigned int size)
+{
+ int m, low = 0, hi = size;
+
+ while (hi > low) {
+ m = (low + hi) / 2u;
+
+ if (offsets[m] > target)
+ hi = m;
+ else if (offsets[m] < target)
+ low = m + 1;
+ else
+ return true;
+ }
+
+ return false;
+}
+EXPORT_SYMBOL(xt_find_jump_offset);
+
int xt_check_target(struct xt_tgchk_param *par,
unsigned int size, u_int8_t proto, bool inv_proto)
{
next prev parent reply other threads:[~2018-01-29 12:56 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-29 12:56 [PATCH 4.4 00/74] 4.4.114-stable review Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 01/74] x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 02/74] usbip: prevent vhci_hcd driver from leaking a socket pointer address Greg Kroah-Hartman
2018-02-03 8:30 ` Eric Biggers
2018-02-05 14:58 ` Shuah Khan
2018-01-29 12:56 ` [PATCH 4.4 03/74] usbip: Fix implicit fallthrough warning Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 04/74] usbip: Fix potential format overflow in userspace tools Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 05/74] x86/microcode/intel: Fix BDW late-loading revision check Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 06/74] x86/cpu/intel: Introduce macros for Intel family numbers Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 07/74] x86/retpoline: Fill RSB on context switch for affected CPUs Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 08/74] sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 09/74] can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 10/74] can: af_can: canfd_rcv(): " Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 11/74] PM / sleep: declare __tracedata symbols as char[] rather than char Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 12/74] time: Avoid undefined behaviour in ktime_add_safe() Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 13/74] timers: Plug locking race vs. timer migration Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 14/74] Prevent timer value 0 for MWAITX Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 15/74] drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 16/74] drivers: base: cacheinfo: fix boot error message when acpi is enabled Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 17/74] PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 18/74] PCI: layerscape: Fix MSG TLP drop setting Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 19/74] mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 20/74] fs/select: add vmalloc fallback for select(2) Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 21/74] mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 22/74] hwpoison, memcg: forcibly uncharge LRU pages Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 23/74] cma: fix calculation of aligned offset Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 24/74] mm, page_alloc: fix potential false positive in __zone_watermark_ok Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 25/74] ipc: msg, make msgrcv work with LONG_MIN Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 26/74] x86/ioapic: Fix incorrect pointers in ioapic_setup_resources() Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 27/74] ACPI / processor: Avoid reserving IO regions too early Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 28/74] ACPI / scan: Prefer devices without _HID/_CID for _ADR matching Greg Kroah-Hartman
2018-02-01 8:46 ` Jiri Slaby
2018-02-01 8:57 ` Jiri Slaby
2018-02-01 10:29 ` Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 29/74] ACPICA: Namespace: fix operand cache leak Greg Kroah-Hartman
2018-01-29 12:56 ` Greg Kroah-Hartman [this message]
2018-01-29 12:56 ` [PATCH 4.4 31/74] netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 32/74] netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 33/74] netfilter: nf_ct_expect: remove the redundant slash when policy name is empty Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 34/74] netfilter: nfnetlink_queue: reject verdict request from different portid Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 35/74] netfilter: restart search if moved to other chain Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 36/74] netfilter: nf_conntrack_sip: extend request line validation Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 37/74] netfilter: use fwmark_reflect in nf_send_reset Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 38/74] netfilter: fix IS_ERR_VALUE usage Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 39/74] netfilter: nfnetlink_cthelper: Add missing permission checks Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 40/74] netfilter: xt_osf: " Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 41/74] ext2: Dont clear SGID when inheriting ACLs Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 42/74] reiserfs: fix race in prealloc discard Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 43/74] reiserfs: dont preallocate blocks for extended attributes Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 44/74] reiserfs: Dont clear SGID when inheriting ACLs Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 45/74] fs/fcntl: f_setown, avoid undefined behaviour Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 46/74] scsi: libiscsi: fix shifting of DID_REQUEUE host byte Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 47/74] Revert "module: Add retpoline tag to VERMAGIC" Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 48/74] Input: trackpoint - force 3 buttons if 0 button is reported Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 49/74] usb: usbip: Fix possible deadlocks reported by lockdep Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 50/74] usbip: fix stub_rx: get_pipe() to validate endpoint number Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 51/74] usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 52/74] usbip: prevent leaking socket pointer address in messages Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 53/74] um: link vmlinux with -no-pie Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 4.4 54/74] vsyscall: Fix permissions for emulate mode with KAISER/PTI Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 55/74] eventpoll.h: add missing epoll event masks Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 56/74] x86/microcode/intel: Extend BDW late-loading further with LLC size check Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 57/74] hrtimer: Reset hrtimer cpu base proper on CPU hotplug Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 58/74] dccp: dont restart ccid2_hc_tx_rto_expire() if sk in closed state Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 59/74] ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 60/74] ipv6: fix udpv6 sendmsg crash caused by too small MTU Greg Kroah-Hartman
2018-02-19 19:46 ` Ben Hutchings
2018-02-19 19:52 ` Ben Hutchings
2018-02-19 20:06 ` Eric Dumazet
2018-01-29 12:57 ` [PATCH 4.4 61/74] ipv6: ip6_make_skb() needs to clear cork.base.dst Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 62/74] lan78xx: Fix failure in USB Full Speed Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 63/74] net: igmp: fix source address check for IGMPv3 reports Greg Kroah-Hartman
2018-01-30 13:22 ` Florian Wolters
2018-01-30 13:33 ` Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 64/74] tcp: __tcp_hdrlen() helper Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 65/74] net: qdisc_pkt_len_init() should be more robust Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 66/74] pppoe: take ->needed_headroom of lower device into account on xmit Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 67/74] r8169: fix memory corruption on retrieval of hardware statistics Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 68/74] sctp: do not allow the v4 socket to bind a v4mapped v6 address Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 69/74] sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 70/74] vmxnet3: repair memory leak Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 71/74] net: Allow neigh contructor functions ability to modify the primary_key Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 72/74] ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 73/74] flow_dissector: properly cap thoff field Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 4.4 74/74] net: tcp: close sock if net namespace is exiting Greg Kroah-Hartman
2018-01-29 21:30 ` [PATCH 4.4 00/74] 4.4.114-stable review Nathan Chancellor
2018-01-30 7:37 ` Greg Kroah-Hartman
2018-01-29 23:57 ` Shuah Khan
2018-01-30 10:05 ` Naresh Kamboju
2018-01-30 14:20 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180129123848.967336367@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=fw@strlen.de \
--cc=linux-kernel@vger.kernel.org \
--cc=mkubecek@suse.cz \
--cc=pablo@netfilter.org \
--cc=stable@vger.kernel.org \
--cc=wujiafu@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).