mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net/netfilter
History
Pablo Neira Ayuso e31eb7d9b7 netfilter: nf_tables: split async and sync catchall in two functions 
[ Upstream commit 8837ba3e58 ]

list_for_each_entry_safe() does not work for the async case which runs
under RCU, therefore, split GC logic for catchall in two functions
instead, one for each of the sync and async GC variants.

The catchall sync GC variant never sees a _DEAD bit set on ever, thus,
this handling is removed in such case, moreover, allocate GC sync batch
via GFP_KERNEL.

Fixes: 93995bf4af ("netfilter: nf_tables: remove catchall element in GC sync path")
Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-11-28 17:15:06 +00:00
..
ipset netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP 2023-10-06 13:15:57 +02:00
ipvs net: prevent address rewrite in kernel_bind() 2023-10-19 23:10:56 +02:00
Kconfig
Makefile
core.c netfilter: conntrack: fix possible bug_on with enable_hooks=1 2023-05-10 08:50:39 +02:00
nf_bpf_link.c
nf_conncount.c
nf_conntrack_acct.c
nf_conntrack_amanda.c
nf_conntrack_bpf.c netfilter, bpf: Adjust timeouts of non-confirmed CTs in bpf_ct_insert_entry() 2023-10-06 13:15:53 +02:00
nf_conntrack_broadcast.c
nf_conntrack_core.c netfilter: conntrack: don't fold port numbers into addresses before hashing 2023-07-05 14:42:16 +02:00
nf_conntrack_ecache.c
nf_conntrack_expect.c
nf_conntrack_extend.c netfilter: conntrack: fix extension size table 2023-10-06 13:15:49 +02:00
nf_conntrack_ftp.c
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: conntrack: Avoid nf_ct_helper_hash uses after free 2023-07-05 14:42:15 +02:00
nf_conntrack_irc.c
nf_conntrack_labels.c
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT 2023-05-17 14:15:57 +02:00
nf_conntrack_ovs.c
nf_conntrack_pptp.c
nf_conntrack_proto.c
nf_conntrack_proto_dccp.c netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one 2023-06-26 13:26:39 +02:00
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c netfilter: conntrack: gre: don't set assured flag for clash entries 2023-07-05 14:42:15 +02:00
nf_conntrack_proto_icmp.c
nf_conntrack_proto_icmpv6.c
nf_conntrack_proto_sctp.c netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp 2023-10-10 22:03:02 +02:00
nf_conntrack_proto_tcp.c
nf_conntrack_proto_udp.c
nf_conntrack_sane.c
nf_conntrack_seqadj.c
nf_conntrack_sip.c netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. 2023-06-26 17:18:48 +02:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c netfilter: conntrack: fix possible bug_on with enable_hooks=1 2023-05-10 08:50:39 +02:00
nf_conntrack_tftp.c
nf_conntrack_timeout.c
nf_conntrack_timestamp.c
nf_dup_netdev.c
nf_flow_table_core.c netfilter: flowtable: GC pushes back packets to classic path 2023-11-02 09:36:55 +01:00
nf_flow_table_inet.c
nf_flow_table_ip.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-06-15 22:19:41 -07:00
nf_flow_table_offload.c
nf_flow_table_procfs.c
nf_hooks_lwtunnel.c
nf_internals.h
nf_log.c
nf_log_syslog.c
nf_nat_amanda.c
nf_nat_bpf.c
nf_nat_core.c netfilter: snat: evict closing tcp entries on reply tuple collision 2023-06-26 08:05:57 +02:00
nf_nat_ftp.c
nf_nat_helper.c
nf_nat_irc.c
nf_nat_masquerade.c
nf_nat_ovs.c
nf_nat_proto.c
nf_nat_redirect.c netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses 2023-11-20 11:57:24 +01:00
nf_nat_sip.c
nf_nat_tftp.c
nf_queue.c
nf_sockopt.c
nf_synproxy_core.c
nf_tables_api.c netfilter: nf_tables: split async and sync catchall in two functions 2023-11-28 17:15:06 +00:00
nf_tables_core.c
nf_tables_offload.c
nf_tables_trace.c
nfnetlink.c netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM 2023-06-08 04:00:02 +02:00
nfnetlink_acct.c
nfnetlink_cthelper.c
nfnetlink_cttimeout.c
nfnetlink_hook.c
nfnetlink_log.c netfilter: nfnetlink_log: silence bogus compiler warning 2023-11-08 14:08:59 +01:00
nfnetlink_osf.c netfilter: nfnetlink_osf: avoid OOB read 2023-09-19 12:30:20 +02:00
nfnetlink_queue.c net: move gso declarations and functions to their own files 2023-06-10 00:11:41 -07:00
nft_bitwise.c netfilter pull request 23-06-26 2023-06-26 12:59:18 -07:00
nft_byteorder.c netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 2023-11-28 17:14:56 +00:00
nft_chain_filter.c netfilter: nf_tables: always release netdev hooks from notifier 2023-05-10 08:50:18 +02:00
nft_chain_nat.c
nft_chain_route.c
nft_cmp.c
nft_compat.c
nft_connlimit.c
nft_counter.c
nft_ct.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_ct_fast.c netfilter: nf_tables: fix ct untracked match breakage 2023-05-03 13:49:08 +02:00
nft_dup_netdev.c
nft_dynset.c netfilter: nft_dynset: disallow object maps 2023-08-16 00:05:15 +02:00
nft_exthdr.c netfilter: nftables: exthdr: fix 4-byte stack OOB write 2023-09-19 12:30:20 +02:00
nft_fib.c
nft_fib_inet.c
nft_fib_netdev.c
nft_flow_offload.c netfilter: nf_tables: report use refcount overflow 2023-07-05 14:42:15 +02:00
nft_fwd_netdev.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_hash.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_immediate.c netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR 2023-07-26 16:48:49 +02:00
nft_inner.c nf_tables: fix NULL pointer dereference in nft_inner_init() 2023-10-25 12:16:15 +02:00
nft_last.c
nft_limit.c
nft_log.c
nft_lookup.c netfilter: nf_tables: relax set/map validation checks 2023-05-18 08:48:54 +02:00
nft_masq.c
nft_meta.c netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 2023-11-28 17:14:56 +00:00
nft_nat.c
nft_numgen.c
nft_objref.c netfilter: nf_tables: report use refcount overflow 2023-07-05 14:42:15 +02:00
nft_osf.c
nft_payload.c netfilter: nft_payload: fix wrong mac header matching 2023-10-25 12:16:12 +02:00
nft_queue.c
nft_quota.c
nft_range.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_redir.c
nft_reject.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_reject_inet.c
nft_reject_netdev.c
nft_rt.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_set_bitmap.c netfilter: nf_tables: drop map element references from preparation phase 2023-06-20 22:43:40 +02:00
nft_set_hash.c netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration 2023-10-06 13:15:46 +02:00
nft_set_pipapo.c netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails 2023-10-06 13:15:46 +02:00
nft_set_pipapo.h
nft_set_pipapo_avx2.c
nft_set_pipapo_avx2.h
nft_set_rbtree.c netfilter: nft_set_rbtree: .deactivate fails if element has expired 2023-10-25 12:16:15 +02:00
nft_socket.c net: annotate data-races around sk->sk_mark 2023-07-29 18:13:41 +01:00
nft_synproxy.c
nft_tproxy.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_tunnel.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_xfrm.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
utils.c
x_tables.c
xt_AUDIT.c
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_CONNSECMARK.c
xt_CT.c
xt_DSCP.c
xt_HL.c
xt_HMARK.c
xt_IDLETIMER.c
xt_LED.c leds: Change led_trigger_blink[_oneshot]() delay parameters to pass-by-value 2023-05-25 12:16:27 +01:00
xt_LOG.c
xt_MASQUERADE.c
xt_NETMAP.c
xt_NFLOG.c
xt_NFQUEUE.c
xt_RATEEST.c
xt_REDIRECT.c
xt_SECMARK.c
xt_TCPMSS.c
xt_TCPOPTSTRIP.c
xt_TEE.c
xt_TPROXY.c
xt_TRACE.c
xt_addrtype.c
xt_bpf.c
xt_cgroup.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlabel.c
xt_connlimit.c
xt_connmark.c
xt_conntrack.c
xt_cpu.c
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c
xt_helper.c
xt_hl.c
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_length.c
xt_limit.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_nat.c
xt_nfacct.c
xt_osf.c netfilter: nfnetlink_osf: fix module autoload 2023-06-20 22:43:42 +02:00
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_realm.c
xt_recent.c netfilter: xt_recent: fix (increase) ipv6 literal buffer length 2023-11-20 11:57:24 +01:00
xt_repldata.h
xt_sctp.c netfilter: xt_sctp: validate the flag_info count 2023-09-13 09:53:49 +02:00
xt_set.c
xt_socket.c net: annotate data-races around sk->sk_mark 2023-07-29 18:13:41 +01:00
xt_state.c
xt_statistic.c
xt_string.c
xt_tcpmss.c
xt_tcpudp.c
xt_time.c
xt_u32.c netfilter: xt_u32: validate user space input 2023-09-13 09:53:49 +02:00