From: Linus Torvalds <[email protected]> Date: Sat, 14 May 2016 11:24:08 -0700 (PDT)
> > From: Linus Torvalds <[email protected]> > Date: Sat, 14 May 2016 11:11:44 -0700 > Subject: [PATCH] nf_conntrack: avoid kernel pointer value leak in slab name > > The slab name ends up being visible in the directory structure under > /sys, and even if you don't have access rights to the file you can see > the filenames. > > Just use a 64-bit counter instead of the pointer to the 'net' structure > to generate a unique name. > > This code will go away in 4.7 when the conntrack code moves to a single > kmemcache, but this is the backportable simple solution to avoiding > leaking kernel pointers to user space. > > Signed-off-by: Linus Torvalds <[email protected]> > Acked-by: Eric Dumazet <[email protected]> > Cc: [email protected] Applied, thanks.
