| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Mar 2022 22:53:29 +0100
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel@...r.kernel.org
Cc: davem@...emloft.net, netdev@...r.kernel.org, kuba@...nel.org
Subject: [PATCH net 0/8] Netfilter fixes for net
Hi,
The following patchset contains Netfilter fixes for net:
1) Use kfree_rcu(ptr, rcu) variant, using kfree_rcu(ptr) was not
intentional. From Eric Dumazet.
2) Use-after-free in netfilter hook core, from Eric Dumazet.
3) Missing rcu read lock side for netfilter egress hook,
from Florian Westphal.
4) nf_queue assume state->sk is full socket while it might not be.
Invoke sock_gen_put(), from Florian Westphal.
5) Add selftest to exercise the reported KASAN splat in 4)
6) Fix possible use-after-free in nf_queue in case sk_refcnt is 0.
Also from Florian.
7) Use input interface index only for hardware offload, not for
the software plane. This breaks tc ct action. Patch from Paul Blakey.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit 277f2bb14361790a70e4b3c649e794b75a91a597:
ibmvnic: schedule failover only if vioctl fails (2022-02-22 17:06:27 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git HEAD
for you to fetch changes up to db6140e5e35a48405e669353bd54042c1d4c3841:
net/sched: act_ct: Fix flow table lookup failure with no originating ifindex (2022-03-01 22:08:31 +0100)
----------------------------------------------------------------
Eric Dumazet (2):
netfilter: nf_tables: prefer kfree_rcu(ptr, rcu) variant
netfilter: fix use-after-free in __nf_register_net_hook()
Florian Westphal (5):
netfilter: egress: silence egress hook lockdep splats
netfilter: nf_queue: don't assume sk is full socket
selftests: netfilter: add nfqueue TCP_NEW_SYN_RECV socket race test
netfilter: nf_queue: fix possible use-after-free
netfilter: nf_queue: handle socket prefetch
Paul Blakey (1):
net/sched: act_ct: Fix flow table lookup failure with no originating ifindex
include/linux/netfilter_netdev.h | 4 +
include/net/netfilter/nf_flow_table.h | 6 +-
include/net/netfilter/nf_queue.h | 2 +-
net/netfilter/core.c | 5 +-
net/netfilter/nf_flow_table_offload.c | 6 +-
net/netfilter/nf_queue.c | 36 +++++-
net/netfilter/nf_tables_api.c | 4 +-
net/netfilter/nfnetlink_queue.c | 12 +-
net/sched/act_ct.c | 13 ++-
tools/testing/selftests/netfilter/.gitignore | 1 +
tools/testing/selftests/netfilter/Makefile | 2 +-
tools/testing/selftests/netfilter/connect_close.c | 136 ++++++++++++++++++++++
tools/testing/selftests/netfilter/nft_queue.sh | 19 +++
13 files changed, 226 insertions(+), 20 deletions(-)
create mode 100644 tools/testing/selftests/netfilter/connect_close.c
Powered by blists - more mailing lists