lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: 
 <175999800951.3823315.17284395638131592357.git-patchwork-notify@kernel.org>
Date: Thu, 09 Oct 2025 08:20:09 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Florian Westphal <fw@...len.de>
Cc: netdev@...r.kernel.org, pabeni@...hat.com, davem@...emloft.net,
 edumazet@...gle.com, kuba@...nel.org, netfilter-devel@...r.kernel.org,
 pablo@...filter.org
Subject: Re: [PATCH net 1/4] netfilter: nft_objref: validate objref and
 objrefmap
 expressions

Hello:

This series was applied to netdev/net.git (main)
by Florian Westphal <fw@...len.de>:

On Wed,  8 Oct 2025 14:59:39 +0200 you wrote:
> From: Fernando Fernandez Mancera <fmancera@...e.de>
> 
> Referencing a synproxy stateful object from OUTPUT hook causes kernel
> crash due to infinite recursive calls:
> 
> BUG: TASK stack guard page was hit at 000000008bda5b8c (stack is 000000003ab1c4a5..00000000494d8b12)
> [...]
> Call Trace:
>  __find_rr_leaf+0x99/0x230
>  fib6_table_lookup+0x13b/0x2d0
>  ip6_pol_route+0xa4/0x400
>  fib6_rule_lookup+0x156/0x240
>  ip6_route_output_flags+0xc6/0x150
>  __nf_ip6_route+0x23/0x50
>  synproxy_send_tcp_ipv6+0x106/0x200
>  synproxy_send_client_synack_ipv6+0x1aa/0x1f0
>  nft_synproxy_do_eval+0x263/0x310
>  nft_do_chain+0x5a8/0x5f0 [nf_tables
>  nft_do_chain_inet+0x98/0x110
>  nf_hook_slow+0x43/0xc0
>  __ip6_local_out+0xf0/0x170
>  ip6_local_out+0x17/0x70
>  synproxy_send_tcp_ipv6+0x1a2/0x200
>  synproxy_send_client_synack_ipv6+0x1aa/0x1f0
> [...]
> 
> [...]

Here is the summary with links:
  - [net,1/4] netfilter: nft_objref: validate objref and objrefmap expressions
    https://git.kernel.org/netdev/net/c/f359b809d54c
  - [net,2/4] bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu()
    https://git.kernel.org/netdev/net/c/bbf0c98b3ad9
  - [net,3/4] selftests: netfilter: nft_fib.sh: fix spurious test failures
    https://git.kernel.org/netdev/net/c/a126ab6b26f1
  - [net,4/4] selftests: netfilter: query conntrack state to check for port clash resolution
    https://git.kernel.org/netdev/net/c/e84945bdc619

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ