mirror of
https://github.com/torvalds/linux.git
synced 2026-05-12 16:18:45 +02:00
1ee3b19a26
-----BEGIN PGP SIGNATURE----- iQJdBAABCABHFiEEgKkgxbID4Gn1hq6fcJGo2a1f9gAFAmnWgxgbFIAAAAAABAAO bWFudTIsMi41KzEuMTEsMiwyDRxmd0BzdHJsZW4uZGUACgkQcJGo2a1f9gCNGhAA pX/Vn2Z6pfoNfL2Zq2pC8ZfcO+FrJUZEhPjzVTaGcsLefaOgOjQosDW3fAGSrLUj D7BbtEj4CN5aoietbuS73HCaRfxgP7Q9M0ZVHV9n4LdEjVP93XOiddXEpRazqrvq CmrdQxgtp1w43JcLuEzB20dYt6CEFiFbmqc7QWF8LPW3np1sfiw6dRaGeMTg9K9z avcDQwYmKzQfPvKezdJD8qvXDHvIv0RLcoxzwzDwyk5Z1Glqh6s0jyZO6p6Rxm1M q6dcEzOwqp+u4wrKCHqoxru94rfICZYi2eFxvaJNddiSDQuGBx0iDmwsS1QsEzU2 PC1wv9TDD2J5r4ZsLOSUZWuWEe2SzSu665sxQE+HKmMcn9KPz16Cnm7gaelg0y7c TroeJiW65kYBcmI5iozAxTNwSLBd3VnQ90rIxJxY+BEz3Q34xtild8U+HfAiVAal I/EURRTN4tEy6zgN10ciqtexx5z6hIbSAOjcIUrvq4J1Lupf3802mMPgiunMSCYm hK5ejbTgR0iCLdHUbz5Vu6O3II5D3l9UlWn21wx3mfzDD4lTFRWhXAQkpwN6qZgP bqcNfwLYifnqVaQB/od4UE5tRugo2zs1uTfJNtyiMFUUOgietDcSVDJnOTScUinH yHZjf+7mxc/7Nfk9VhqbzcrbGgibsIssy4TaSSqqxX4= =ybYL -----END PGP SIGNATURE----- Merge tag 'nf-26-04-08' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf Florian Westphal says: ==================== netfilter updates for net I only included crash fixes, as we're closer to a release, rest will be handled via -next. 1) Fix a NULL pointer dereference in ip_vs_add_service error path, from Weiming Shi, bug added in 6.2 development cycle. 2) Don't leak kernel data bytes from allocator to userspace: nfnetlink_log needs to init the trailing NLMSG_DONE terminator. From Xiang Mei. 3) xt_multiport match lacks range validation, bogus userspace request will cause out-of-bounds read. From Ren Wei. 4) ip6t_eui64 match must reject packets with invalid mac header before calling eth_hdr. Make existing check unconditional. From Zhengchuan Liang. 5) nft_ct timeout policies are free'd via kfree() while they may still be reachable by other cpus that process a conntrack object that uses such a timeout policy. Existing reaping of entries is not sufficient because it doesn't wait for a grace period. Use kfree_rcu(). From Tuan Do. 6/7) Make nfnetlink_queue hash table per queue. As-is we can hit a page fault in case underlying page of removed element was free'd. Per-queue hash prevents parallel lookups. This comes with a test case that demonstrates the bug, from Fernando Fernandez Mancera. * tag 'nf-26-04-08' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: selftests: nft_queue.sh: add a parallel stress test netfilter: nfnetlink_queue: make hash table per queue netfilter: nft_ct: fix use-after-free in timeout object destroy netfilter: ip6t_eui64: reject invalid MAC header for all packets netfilter: xt_multiport: validate range encoding in checkentry netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator ipvs: fix NULL deref in ip_vs_add_service error path ==================== Link: https://patch.msgid.link/20260408163512.30537-1-fw@strlen.de Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
||
|---|---|---|
| .. | ||
| acpi | ||
| asm-generic | ||
| clocksource | ||
| crypto | ||
| cxl | ||
| drm | ||
| dt-bindings | ||
| hyperv | ||
| keys | ||
| kunit | ||
| kvm | ||
| linux | ||
| math-emu | ||
| media | ||
| memory | ||
| misc | ||
| net | ||
| pcmcia | ||
| ras | ||
| rdma | ||
| rv | ||
| scsi | ||
| soc | ||
| sound | ||
| target | ||
| trace | ||
| uapi | ||
| ufs | ||
| vdso | ||
| video | ||
| xen | ||
| Kbuild | ||