Commit 6badad1c authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 



Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Missing netlink attribute sanity check for NFTA_OSF_DREG,
   from Florian Westphal.

2) Use bitmap infrastructure in ipset to fix KASAN slab-out-of-bounds
   reads, from Jozsef Kadlecsik.

3) Missing initial CLOSED state in new sctp connection through
   ctnetlink events, from Jiri Wiesner.

4) Missing check for NFT_CHAIN_HW_OFFLOAD in nf_tables offload
   indirect block infrastructure, from wenxu.

5) Add __nft_chain_type_get() to sanity check family and chain type.

6) Autoload modules from the nf_tables abort path to fix races
   reported by syzbot.

7) Remove unnecessary skb->csum update on inet_proto_csum_replace16(),
   from Praveen Chaudhary.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 722943a5 189c9b1e

include/linux/netfilter/ipset/ip_set.h

+0 −7
Original line number Diff line number Diff line
@@ -426,13 +426,6 @@ ip6addrptr(const struct sk_buff *skb, bool src, struct in6_addr *addr) 
	       sizeof(*addr));

}



/* Calculate the bytes required to store the inclusive range of a-b */

static inline int

bitmap_bytes(u32 a, u32 b)

{

	return 4 * ((((b - a + 8) / 8) + 3) / 4);

}



/* How often should the gc be run by default */

#define IPSET_GC_TIME			(3 * 60)

include/linux/netfilter/nfnetlink.h

+1 −1
Original line number Diff line number Diff line
@@ -31,7 +31,7 @@ struct nfnetlink_subsystem { 
	const struct nfnl_callback *cb;	/* callback for individual types */

	struct module *owner;

	int (*commit)(struct net *net, struct sk_buff *skb);

	int (*abort)(struct net *net, struct sk_buff *skb);

	int (*abort)(struct net *net, struct sk_buff *skb, bool autoload);

	void (*cleanup)(struct net *net);

	bool (*valid_genid)(struct net *net, u32 genid);

};

include/net/netns/nftables.h

+1 −0
Original line number Diff line number Diff line
@@ -7,6 +7,7 @@ 
struct netns_nftables {

	struct list_head	tables;

	struct list_head	commit_list;

	struct list_head	module_list;

	struct mutex		commit_mutex;

	unsigned int		base_seq;

	u8			gencursor;

net/core/utils.c

+17 −3
Original line number Diff line number Diff line
@@ -438,6 +438,23 @@ void inet_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb, 
}

EXPORT_SYMBOL(inet_proto_csum_replace4);



/**

 * inet_proto_csum_replace16 - update layer 4 header checksum field

 * @sum: Layer 4 header checksum field

 * @skb: sk_buff for the packet

 * @from: old IPv6 address

 * @to: new IPv6 address

 * @pseudohdr: True if layer 4 header checksum includes pseudoheader

 *

 * Update layer 4 header as per the update in IPv6 src/dst address.

 *

 * There is no need to update skb->csum in this function, because update in two

 * fields a.) IPv6 src/dst address and b.) L4 header checksum cancels each other

 * for skb->csum calculation. Whereas inet_proto_csum_replace4 function needs to

 * update skb->csum, because update in 3 fields a.) IPv4 src/dst address,

 * b.) IPv4 Header checksum and c.) L4 header checksum results in same diff as

 * L4 Header checksum for skb->csum calculation.

 */

void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb,

			       const __be32 *from, const __be32 *to,

			       bool pseudohdr)
@@ -449,9 +466,6 @@ void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb, 
	if (skb->ip_summed != CHECKSUM_PARTIAL) {

		*sum = csum_fold(csum_partial(diff, sizeof(diff),

				 ~csum_unfold(*sum)));

		if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr)

			skb->csum = ~csum_partial(diff, sizeof(diff),

						  ~skb->csum);

	} else if (pseudohdr)

		*sum = ~csum_fold(csum_partial(diff, sizeof(diff),

				  csum_unfold(*sum)));

net/netfilter/ipset/ip_set_bitmap_gen.h

+1 −1
Original line number Diff line number Diff line
@@ -75,7 +75,7 @@ mtype_flush(struct ip_set *set) 


	if (set->extensions & IPSET_EXT_DESTROY)

		mtype_ext_cleanup(set);

	memset(map->members, 0, map->memsize);

	bitmap_zero(map->members, map->elements);

	set->elements = 0;

	set->ext_size = 0;

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE