From: "Mike Pagano" <mpagano@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/linux-patches:6.3 commit in: /
Date: Thu, 11 May 2023 16:15:06 +0000 (UTC) [thread overview]
Message-ID: <1683821674.8642c56064afcb9f7db671bc0bab71679edab6ad.mpagano@gentoo> (raw)
commit: 8642c56064afcb9f7db671bc0bab71679edab6ad
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Thu May 11 16:14:34 2023 +0000
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Thu May 11 16:14:34 2023 +0000
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=8642c560
Remove redundant patch
Removed:
1520_nf-tables-make-deleted-anon-sets-inactive.patch
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
0000_README | 4 -
...nf-tables-make-deleted-anon-sets-inactive.patch | 121 ---------------------
2 files changed, 125 deletions(-)
diff --git a/0000_README b/0000_README
index d1663380..e13e9146 100644
--- a/0000_README
+++ b/0000_README
@@ -59,10 +59,6 @@ Patch: 1510_fs-enable-link-security-restrictions-by-default.patch
From: http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch/
Desc: Enable link security restrictions by default.
-Patch: 1520_fs-enable-link-security-restrictions-by-default.patch
-From: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c1592a89942e9678f7d9c8030efa777c0d57edab
-Desc: netfilter: nf_tables: deactivate anonymous set from preparation phase
-
Patch: 1700_sparc-address-warray-bound-warnings.patch
From: https://github.com/KSPP/linux/issues/109
Desc: Address -Warray-bounds warnings
diff --git a/1520_nf-tables-make-deleted-anon-sets-inactive.patch b/1520_nf-tables-make-deleted-anon-sets-inactive.patch
deleted file mode 100644
index cd75de5c..00000000
--- a/1520_nf-tables-make-deleted-anon-sets-inactive.patch
+++ /dev/null
@@ -1,121 +0,0 @@
-From c1592a89942e9678f7d9c8030efa777c0d57edab Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Tue, 2 May 2023 10:25:24 +0200
-Subject: netfilter: nf_tables: deactivate anonymous set from preparation phase
-
-Toggle deleted anonymous sets as inactive in the next generation, so
-users cannot perform any update on it. Clear the generation bitmask
-in case the transaction is aborted.
-
-The following KASAN splat shows a set element deletion for a bound
-anonymous set that has been already removed in the same transaction.
-
-[ 64.921510] ==================================================================
-[ 64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables]
-[ 64.924745] Write of size 8 at addr dead000000000122 by task test/890
-[ 64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253
-[ 64.931120] Call Trace:
-[ 64.932699] <TASK>
-[ 64.934292] dump_stack_lvl+0x33/0x50
-[ 64.935908] ? nf_tables_commit+0xa24/0x1490 [nf_tables]
-[ 64.937551] kasan_report+0xda/0x120
-[ 64.939186] ? nf_tables_commit+0xa24/0x1490 [nf_tables]
-[ 64.940814] nf_tables_commit+0xa24/0x1490 [nf_tables]
-[ 64.942452] ? __kasan_slab_alloc+0x2d/0x60
-[ 64.944070] ? nf_tables_setelem_notify+0x190/0x190 [nf_tables]
-[ 64.945710] ? kasan_set_track+0x21/0x30
-[ 64.947323] nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink]
-[ 64.948898] ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]
-
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- include/net/netfilter/nf_tables.h | 1 +
- net/netfilter/nf_tables_api.c | 12 ++++++++++++
- net/netfilter/nft_dynset.c | 2 +-
- net/netfilter/nft_lookup.c | 2 +-
- net/netfilter/nft_objref.c | 2 +-
- 5 files changed, 16 insertions(+), 3 deletions(-)
-
-diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
-index 3ed21d2d56590..2e24ea1d744c2 100644
---- a/include/net/netfilter/nf_tables.h
-+++ b/include/net/netfilter/nf_tables.h
-@@ -619,6 +619,7 @@ struct nft_set_binding {
- };
-
- enum nft_trans_phase;
-+void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set);
- void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
- struct nft_set_binding *binding,
- enum nft_trans_phase phase);
-diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
-index 8b6c61a2196cb..59fb8320ab4d7 100644
---- a/net/netfilter/nf_tables_api.c
-+++ b/net/netfilter/nf_tables_api.c
-@@ -5127,12 +5127,24 @@ static void nf_tables_unbind_set(const struct nft_ctx *ctx, struct nft_set *set,
- }
- }
-
-+void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set)
-+{
-+ if (nft_set_is_anonymous(set))
-+ nft_clear(ctx->net, set);
-+
-+ set->use++;
-+}
-+EXPORT_SYMBOL_GPL(nf_tables_activate_set);
-+
- void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
- struct nft_set_binding *binding,
- enum nft_trans_phase phase)
- {
- switch (phase) {
- case NFT_TRANS_PREPARE:
-+ if (nft_set_is_anonymous(set))
-+ nft_deactivate_next(ctx->net, set);
-+
- set->use--;
- return;
- case NFT_TRANS_ABORT:
-diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
-index 274579b1696e0..bd19c7aec92ee 100644
---- a/net/netfilter/nft_dynset.c
-+++ b/net/netfilter/nft_dynset.c
-@@ -342,7 +342,7 @@ static void nft_dynset_activate(const struct nft_ctx *ctx,
- {
- struct nft_dynset *priv = nft_expr_priv(expr);
-
-- priv->set->use++;
-+ nf_tables_activate_set(ctx, priv->set);
- }
-
- static void nft_dynset_destroy(const struct nft_ctx *ctx,
-diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c
-index cecf8ab90e58f..03ef4fdaa460b 100644
---- a/net/netfilter/nft_lookup.c
-+++ b/net/netfilter/nft_lookup.c
-@@ -167,7 +167,7 @@ static void nft_lookup_activate(const struct nft_ctx *ctx,
- {
- struct nft_lookup *priv = nft_expr_priv(expr);
-
-- priv->set->use++;
-+ nf_tables_activate_set(ctx, priv->set);
- }
-
- static void nft_lookup_destroy(const struct nft_ctx *ctx,
-diff --git a/net/netfilter/nft_objref.c b/net/netfilter/nft_objref.c
-index cb37169608bab..a48dd5b5d45b1 100644
---- a/net/netfilter/nft_objref.c
-+++ b/net/netfilter/nft_objref.c
-@@ -185,7 +185,7 @@ static void nft_objref_map_activate(const struct nft_ctx *ctx,
- {
- struct nft_objref_map *priv = nft_expr_priv(expr);
-
-- priv->set->use++;
-+ nf_tables_activate_set(ctx, priv->set);
- }
-
- static void nft_objref_map_destroy(const struct nft_ctx *ctx,
---
-cgit
-
next reply other threads:[~2023-05-11 16:15 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-11 16:15 Mike Pagano [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-07-11 18:38 [gentoo-commits] proj/linux-patches:6.3 commit in: / Mike Pagano
2023-07-05 20:37 Mike Pagano
2023-07-05 20:27 Mike Pagano
2023-07-04 14:15 Mike Pagano
2023-07-04 13:06 Mike Pagano
2023-07-01 18:21 Mike Pagano
2023-06-28 10:25 Mike Pagano
2023-06-21 14:53 Alice Ferrazzi
2023-06-14 10:16 Mike Pagano
2023-06-09 12:04 Mike Pagano
2023-06-09 11:29 Mike Pagano
2023-06-05 11:47 Mike Pagano
2023-06-02 15:09 Mike Pagano
2023-05-30 16:59 Mike Pagano
2023-05-30 16:50 Mike Pagano
2023-05-28 14:51 Mike Pagano
2023-05-24 17:04 Mike Pagano
2023-05-17 13:16 Mike Pagano
2023-05-11 14:47 Mike Pagano
2023-05-10 17:46 Mike Pagano
2023-05-01 0:00 Alice Ferrazzi
2023-04-28 19:29 Mike Pagano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1683821674.8642c56064afcb9f7db671bc0bab71679edab6ad.mpagano@gentoo \
--to=mpagano@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox