mirror of
https://github.com/torvalds/linux.git
synced 2026-06-05 13:06:59 +02:00
67d7ae3340
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEjF9xRqF1emXiQiqU1w0aZmrPKyEFAmnwhAAACgkQ1w0aZmrP KyGSsxAAh1gE5UmUum0Q9x0K0a3C+Vh07c2YRw4zuI6sy0xh0W0ZQongj5p5QQUA dL8b9pAZkV0Kr0WKhOTDvz5HhUFNWH0I/5hppwJ94Swx0PcEq4P+PZ+8eEYH7jfp 7bxSJu4vsjzGxn4qP6lzI221ICDsiifQisDE1+J0HyNyfV0Qr9oUIkW3usxiJsnP IsIMp/zk/9PNC+IOSlQCEwl7tO/86p5g1XyCOP/WUCDa2DfpfBTPWAueMTTacN8r Wgk+Butf6xJe7OfteGMJ07kg2oyqUr4pFiwoKog+MxV0EDQCQgm15t10AtYJl4D9 IIHVBIw4e7MgwlS0P/F5Vhb860U+gguaGuwLx/UPW4QyUV8fkT+ileIvAZdxd15i RDwPup0Q+8fKeY9WnIOdvBpdPHh1T7UgrppoVwwwj6PxQZHCf6R6EgvtlftBNVyI Zlys4rSwtDG8pbPngVPoIZlPYGMnlx0IljXiQCijHVtnU61afp7D7Rv/gH+Se+N8 2p9ne5rQ7MRevYdH07etWbMPmlZ/nbgbha9+hCC5jvZceyhekC7TCxfi2PtswGon uW1RQhuemZnHHvmtPzsQrHOddwCv7FmozKankdLoEfnYIfjkNywbJCAAnuD7jCg+ s0utZwXb7uarQszEb7PMy3bCuHoKzqRy8ICw6SDBw2Vc7x2HFQk= =E/L6 -----END PGP SIGNATURE----- Merge tag 'nf-26-04-28' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for net: 1) IEEE1394 ARP payload contains no target hardware address in the ARP packet. Apparently, arp_tables was never updated to deal with IEEE1394 ARP properly. To deal with this, return no match in case the target hardware address selector is used, either for inverse or normal match. Moreover, arpt_mangle disallows mangling of the target hardware and IP address because, it is not worth to adjust the offset calculation to fix this, we suspect no users of arp_tables for this family. 2) Use list_del_rcu() to delete device hooks in nf_tables, this hook list is RCU protected, concurrent netlink dump readers can be walking on this list, fix it by adding a helper function and use it for consistency. From Florian Westphal. 3) Add list_splice_rcu(), this is useful for joining the local list of new device hooks to the RCU protected hook list in chain and flowtable. Reviewed by Paul E. McKenney. 4) Use list_splice_rcu() to publish the new device hooks in chain and flowtable to fix concurrent netlink dump traversal. 5) Add a new hook transaction object to track device hook deletions. The current approach moves device hooks to be deleted around during the preparation phase, this breaks concurrent RCU reader via netlink dump. This new hook transaction is combined with NFT_HOOK_REMOVE flag to annotate hooks for removal in the preparation phase. 6) xt_policy inbound policy check in strict mode can lead to out-of-bound access of the secpath array due to incorrect. The iteration over the secpath needs to be reversed in the inbound to check for the human readable policy, expecting inner in first position and outer in second position, the secpath from inbound actually stores outer in first position then in second position. From Jiexun Wang. 7) Fix possible zero shift in nft_bitwise triggering UBSAN splat, reject zero shift from control plane, from Kai Ma. 8) Replace simple_strtoul() in the conntrack SIP helper since it relies on nul-terminated strings. From Florian Westphal. * tag 'nf-26-04-28' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: netfilter: nf_conntrack_sip: don't use simple_strtoul netfilter: reject zero shift in nft_bitwise netfilter: xt_policy: fix strict mode inbound policy matching netfilter: nf_tables: add hook transactions for device deletions netfilter: nf_tables: join hook list via splice_list_rcu() in commit phase rculist: add list_splice_rcu() for private lists netfilter: nf_tables: use list_del_rcu for netlink hooks netfilter: arp_tables: fix IEEE1394 ARP payload parsing ==================== Link: https://patch.msgid.link/20260428095840.51961-1-pablo@netfilter.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
||
|---|---|---|
| .. | ||
| netfilter | ||
| af_inet.c | ||
| ah4.c | ||
| arp.c | ||
| bpf_tcp_ca.c | ||
| cipso_ipv4.c | ||
| datagram.c | ||
| devinet.c | ||
| esp4_offload.c | ||
| esp4.c | ||
| fib_frontend.c | ||
| fib_lookup.h | ||
| fib_notifier.c | ||
| fib_rules.c | ||
| fib_semantics.c | ||
| fib_trie.c | ||
| fou_bpf.c | ||
| fou_core.c | ||
| fou_nl.c | ||
| fou_nl.h | ||
| gre_demux.c | ||
| gre_offload.c | ||
| icmp.c | ||
| igmp_internal.h | ||
| igmp.c | ||
| inet_connection_sock.c | ||
| inet_diag.c | ||
| inet_fragment.c | ||
| inet_hashtables.c | ||
| inet_timewait_sock.c | ||
| inetpeer.c | ||
| ip_forward.c | ||
| ip_fragment.c | ||
| ip_gre.c | ||
| ip_input.c | ||
| ip_options.c | ||
| ip_output.c | ||
| ip_sockglue.c | ||
| ip_tunnel_core.c | ||
| ip_tunnel.c | ||
| ip_vti.c | ||
| ipcomp.c | ||
| ipconfig.c | ||
| ipip.c | ||
| ipmr_base.c | ||
| ipmr.c | ||
| Kconfig | ||
| Makefile | ||
| metrics.c | ||
| netfilter.c | ||
| netlink.c | ||
| nexthop.c | ||
| ping.c | ||
| proc.c | ||
| protocol.c | ||
| raw_diag.c | ||
| raw.c | ||
| route.c | ||
| syncookies.c | ||
| sysctl_net_ipv4.c | ||
| tcp_ao.c | ||
| tcp_bbr.c | ||
| tcp_bic.c | ||
| tcp_bpf.c | ||
| tcp_cdg.c | ||
| tcp_cong.c | ||
| tcp_cubic.c | ||
| tcp_dctcp.c | ||
| tcp_dctcp.h | ||
| tcp_diag.c | ||
| tcp_fastopen.c | ||
| tcp_highspeed.c | ||
| tcp_htcp.c | ||
| tcp_hybla.c | ||
| tcp_illinois.c | ||
| tcp_input.c | ||
| tcp_ipv4.c | ||
| tcp_lp.c | ||
| tcp_metrics.c | ||
| tcp_minisocks.c | ||
| tcp_nv.c | ||
| tcp_offload.c | ||
| tcp_output.c | ||
| tcp_plb.c | ||
| tcp_recovery.c | ||
| tcp_scalable.c | ||
| tcp_sigpool.c | ||
| tcp_timer.c | ||
| tcp_ulp.c | ||
| tcp_vegas.c | ||
| tcp_vegas.h | ||
| tcp_veno.c | ||
| tcp_westwood.c | ||
| tcp_yeah.c | ||
| tcp.c | ||
| tunnel4.c | ||
| udp_bpf.c | ||
| udp_diag.c | ||
| udp_offload.c | ||
| udp_tunnel_core.c | ||
| udp_tunnel_nic.c | ||
| udp_tunnel_stub.c | ||
| udp.c | ||
| xfrm4_input.c | ||
| xfrm4_output.c | ||
| xfrm4_policy.c | ||
| xfrm4_protocol.c | ||
| xfrm4_state.c | ||
| xfrm4_tunnel.c | ||