Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fb60bccc authored Oct 09, 2017 by David S. Miller

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf



Pablo Neira Ayuso says:

====================
Netfilter/IPVS fixes for net

The following patchset contains Netfilter/IPVS fixes for your net tree,
they are:

1) Fix packet drops due to incorrect ECN handling in IPVS, from Vadim
   Fedorenko.

2) Fix splat with mark restoration in xt_socket with non-full-sock,
   patch from Subash Abhinov Kasiviswanathan.

3) ipset bogusly bails out when adding IPv4 range containing more than
   2^31 addresses, from Jozsef Kadlecsik.

4) Incorrect pernet unregistration order in ipset, from Florian Westphal.

5) Races between dump and swap in ipset results in BUG_ON splats, from
   Ross Lagerwall.

6) Fix chain renames in nf_tables, from JingPiao Chen.

7) Fix race in pernet codepath with ebtables table registration, from
   Artem Savkov.

8) Memory leak in error path in set name allocation in nf_tables, patch
   from Arvind Yadav.

9) Don't dump chain counters if they are not available, this fixes a
   crash when listing the ruleset.

10) Fix out of bound memory read in strlcpy() in x_tables compat code,
    from Eric Dumazet.

11) Make sure we only process TCP packets in SYNPROXY hooks, patch from
    Lin Zhang.

12) Cannot load rules incrementally anymore after xt_bpf with pinned
    objects, added in revision 1. From Shmulik Ladkani.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

parents 5766cd68 98589a09

include/linux/bpf.h

+5 −0

Original line number	Diff line number	Diff line
		@@ -368,6 +368,11 @@ static inline void __bpf_prog_uncharge(struct user_struct *user, u32 pages)
		{
		}

		static inline int bpf_obj_get_user(const char __user *pathname)
		{
		return -EOPNOTSUPP;
		}

		static inline struct net_device __dev_map_lookup_elem(struct bpf_map map,
		u32 key)
		{

include/linux/netfilter_bridge/ebtables.h

+4 −3

Original line number	Diff line number	Diff line
		@@ -108,9 +108,10 @@ struct ebt_table {

		#define EBT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) & \
		~(__alignof__(struct _xt_align)-1))
		extern struct ebt_table ebt_register_table(struct net net,
		extern int ebt_register_table(struct net *net,
		const struct ebt_table *table,
		const struct nf_hook_ops *);
		const struct nf_hook_ops *ops,
		struct ebt_table **res);
		extern void ebt_unregister_table(struct net net, struct ebt_table table,
		const struct nf_hook_ops *);
		extern unsigned int ebt_do_table(struct sk_buff *skb,

include/uapi/linux/netfilter/xt_bpf.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -23,6 +23,7 @@ enum xt_bpf_modes {
		XT_BPF_MODE_FD_PINNED,
		XT_BPF_MODE_FD_ELF,
		};
		#define XT_BPF_MODE_PATH_PINNED XT_BPF_MODE_FD_PINNED

		struct xt_bpf_info_v1 {
		__u16 mode;

kernel/bpf/inode.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -363,6 +363,7 @@ int bpf_obj_get_user(const char __user *pathname)
		putname(pname);
		return ret;
		}
		EXPORT_SYMBOL_GPL(bpf_obj_get_user);

		static void bpf_evict_inode(struct inode *inode)
		{

net/bridge/netfilter/ebtable_broute.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -65,8 +65,8 @@ static int ebt_broute(struct sk_buff *skb)

		static int __net_init broute_net_init(struct net *net)
		{
		net->xt.broute_table = ebt_register_table(net, &broute_table, NULL);
		return PTR_ERR_OR_ZERO(net->xt.broute_table);
		return ebt_register_table(net, &broute_table, NULL,
		&net->xt.broute_table);
		}

		static void __net_exit broute_net_exit(struct net *net)