lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b40f03126ec8380704d7ff1b7364a977196ef083.camel@redhat.com>
Date: Thu, 08 Feb 2024 09:50:55 +0100
From: Paolo Abeni <pabeni@...hat.com>
To: Pablo Neira Ayuso <pablo@...filter.org>
Cc: davem@...emloft.net, netdev@...r.kernel.org, kuba@...nel.org, 
	edumazet@...gle.com, fw@...len.de, netfilter-devel@...r.kernel.org
Subject: Re: [PATCH net 05/13] netfilter: ipset: Missing gc cancellations
 fixed

Hi,

On Thu, 2024-02-08 at 06:48 +0100, Thorsten Leemhuis wrote:
> On 08.02.24 00:37, Pablo Neira Ayuso wrote:
> > From: Jozsef Kadlecsik <kadlec@...filter.org>
> > 
> > The patch fdb8e12cc2cc ("netfilter: ipset: fix performance regression
> > in swap operation") missed to add the calls to gc cancellations
> > at the error path of create operations and at module unload. Also,
> > because the half of the destroy operations now executed by a
> > function registered by call_rcu(), neither NFNL_SUBSYS_IPSET mutex
> > or rcu read lock is held and therefore the checking of them results
> > false warnings.
> > 
> > Reported-by: syzbot+52bbc0ad036f6f0d4a25@...kaller.appspotmail.com
> > Reported-by: Brad Spengler <spender@...ecurity.net>
> > Reported-by: Стас Ничипорович <stasn77@...il.com>
> > Fixes: fdb8e12cc2cc ("netfilter: ipset: fix performance regression in swap operation")
> 
> FWIW, in case anyone cares: that afaics should be
> 
>  Fixes: 97f7cf1cd80e ("netfilter: ipset: fix performance regression in swap operation")
> 
> instead, as noted yesterday elsewhere[1].
> 
> Ciao, Thorsten
> 
> [1] https://lore.kernel.org/all/07cf1cf8-825e-47b9-9837-f91ae958dd6b@leemhuis.info/

I think it would be better to update the commit message, to help stable
teams. 

Unless you absolutely need series in today PR, could you please send
out a v2? Note that if v2 comes soon enough it can still land into the
mentioned PR.

Thanks,

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ