lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200407021848.626df832@redhat.com>
Date:   Tue, 7 Apr 2020 02:18:48 +0200
From:   Stefano Brivio <sbrivio@...hat.com>
To:     Sasha Levin <sashal@...nel.org>
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Pablo Neira Ayuso <pablo@...filter.org>,
        Phil Sutter <phil@....cc>, netfilter-devel@...r.kernel.org,
        coreteam@...filter.org, netdev@...r.kernel.org
Subject: Re: [PATCH AUTOSEL 5.5 27/35] netfilter: nf_tables: Allow set
 back-ends to report partial overlaps on insertion

Hi Sasha,

On Mon,  6 Apr 2020 20:00:49 -0400
Sasha Levin <sashal@...nel.org> wrote:

> From: Pablo Neira Ayuso <pablo@...filter.org>
> 
> [ Upstream commit 8c2d45b2b65ca1f215244be1c600236e83f9815f ]

This patch, together with 28/35 and 29/35 in this series, and all the
equivalent patches for 5.4 and 4.19, that is:
	[PATCH AUTOSEL 5.5 27/35] netfilter: nf_tables: Allow set back-ends to report partial overlaps on insertion
	[PATCH AUTOSEL 5.5 28/35] netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start()
	[PATCH AUTOSEL 5.5 29/35] netfilter: nft_set_rbtree: Detect partial overlaps on insertion
	[PATCH AUTOSEL 5.4 24/32] netfilter: nf_tables: Allow set back-ends to report partial overlaps on insertion
	[PATCH AUTOSEL 5.4 25/32] netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start()
	[PATCH AUTOSEL 5.4 26/32] netfilter: nft_set_rbtree: Detect partial overlaps on insertion
	[PATCH AUTOSEL 4.19 08/13] netfilter: nf_tables: Allow set back-ends to report partial overlaps on insertion
	[PATCH AUTOSEL 4.19 09/13] netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start()
	[PATCH AUTOSEL 4.19 10/13] netfilter: nft_set_rbtree: Detect partial overlaps on insertion

should only be backported together with nf.git commit
	72239f2795fa ("netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion")

as they would otherwise introduce a regression. In general, those changes
are not really relevant before 5.6, as nft_set_pipapo wasn't there and the
main purpose here is to make the nft_set_rbtree back-end consistent with it:
they also prevent a malfunction in nft_set_rbtree itself, but nothing that
would be triggered using 'nft' alone, and no memory badnesses or critical
issues whatsoever. So it's also safe to drop them, in my opinion.

Also patches for 4.14 and 4.9:
	[PATCH AUTOSEL 4.14 6/9] netfilter: nf_tables: Allow set back-ends to report partial overlaps on insertion
	[PATCH AUTOSEL 4.9 3/5] netfilter: nf_tables: Allow set back-ends to report partial overlaps on insertion

can safely be dropped, because there are no set back-ends there, without
the following patches, that use this way of reporting a partial overlap.

I'm used to not Cc: stable on networking patches (Dave's net.git),
but I guess I should instead if they go through nf.git (Pablo's tree),
right?

-- 
Stefano

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ