---[ end trace 89cb022ec57f7bd1 ]---
Wolfgang Bumiller (2):
net sched actions: fix access to uninitialized data
net sched actions: fix refcount decrement on error
net/sched/act_api.c | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
--
2.11.0
Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---
net/sched/act_api.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index b70aa57319ea..8cc883c063f0 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@
->init() then
* ACT_P_CREATED is not returned (a zero is).
*/
Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---
Note that I'm unsure about this patch. The hangups weren't very reliable
and I couldn't actually reproduce them when building from git/master (as
I can only test a
> On April 19, 2017 at 1:32 PM Jamal Hadi Salim <j...@mojatatu.com> wrote:
>
>
> On 17-04-19 04:09 AM, Wolfgang Bumiller wrote:
>
> This solves one issue, but I am afraid the issue Cong mentioned is a
> possibility still.
> Lets say user did a replace and tr
On Wed, Apr 12, 2017 at 09:27:31PM -0700, Cong Wang wrote:
> On Wed, Apr 12, 2017 at 7:21 AM, Wolfgang Bumiller
> <w.bumil...@proxmox.com> wrote:
> > If memory allocation for nla_memdup_cookie() fails
> > module_put has to be guarded by the same condition as it was
>
On Thu, Apr 13, 2017 at 11:03:37AM -0700, Cong Wang wrote:
> On Thu, Apr 13, 2017 at 1:06 AM, Wolfgang Bumiller
> <w.bumil...@proxmox.com> wrote:
> > On Wed, Apr 12, 2017 at 09:27:31PM -0700, Cong Wang wrote:
> >> Instead of duplicating code, you can add the check
&g
early and assign it on
success at the end.
CVE-2017-7979
Fixes: 1045ba77a596 ("net sched actions: Add support for user cookies")
Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
Acked-by: Jamal Hadi Salim <j...@mojatatu.com>
---
This replaces both patches of the previo
> On April 15, 2017 at 8:20 PM Cong Wang <xiyou.wangc...@gmail.com> wrote:
>
>
> On Fri, Apr 14, 2017 at 2:08 AM, Wolfgang Bumiller
> <w.bumil...@proxmox.com> wrote:
> > Before I do that - trying to wrap my head around the interdependencies
> >
Whether the reference count has to be decremented depends
on whether the policy was created. If TCA_ACT_COOKIE is
passed and an error occurs there, the same condition still
has to be honored.
Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
Cc: Jamal Hadi Salim <j...@mojatatu.co
Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
Acked-by: Cong Wang <xiyou.wangc...@gmail.com>
Acked-by: Jamal Hadi Salim <j...@mojatatu.com>
---
(same as v1)
net/sched/act_api.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sched/act
> On April 19, 2017 at 8:23 AM Cong Wang wrote:
>
>
> On Tue, Apr 18, 2017 at 7:21 PM, Jamal Hadi Salim wrote:
> > Indeed. Allocate the cookie before init? That way, we fail early
> > and dont need to worry about restoring anything.
>
> No,
Changes:
* Fixed up commit message
* Removed not really related iproute2 patch from this thread.
This fixes an oob read in em_nbyte and allows 'layer 0' in cmp and
nbyte and em_text to actually match layer 0 rather than being the same
as specifying layer 1.
Wolfgang Bumiller (2):
net
-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---
(Resent as separate thread)
tc/emp_ematch.l | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tc/emp_ematch.l b/tc/emp_ematch.l
index dc106759..d7a99304 100644
--- a/tc/emp_ematch.l
+++ b/tc/emp_ematch.l
@@ -137,7
'ptr' is shifted by the offset and then validated,
the memcmp should not add it a second time.
Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---
No changes in this patch
net/sched/em_nbyte.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sched/em_nby
TCF_LAYER_LINK and TCF_LAYER_NETWORK returned the same pointer as
skb->data points to the network header.
Use skb_mac_header instead.
Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---
Only change: fixed up commit message
Previous comment:
Alternatively this could return
On Tue, Jan 23, 2018 at 10:30:09AM +0100, Jiri Benc wrote:
> On Mon, 22 Jan 2018 23:25:41 +0100, Christian Brauner wrote:
> > This is not necessarily true in scenarios where I move a network device
> > via RTM_NEWLINK + IFLA_NET_NS_PID into a network namespace I haven't
> > created. Here is an
On Mon, Jan 29, 2018 at 08:07:23AM -0800, Stephen Hemminger wrote:
> On Mon, 29 Jan 2018 12:13:11 +0100
> Wolfgang Bumiller <w.bumil...@proxmox.com> wrote:
>
> > The 'parse_action_control()' helper advances the argument
> > pointers to past its parsed action al
The 'parse_action_control()' helper advances the argument
pointers to past its parsed action already, so don't
advance it further in 'act_parse_polic()'.
Fixes: e67aba559581 ("tc: actions: add helpers to parse and print control
actions")
Signed-off-by: Wolfgang Bumiller <w.bumil..
TCF_LAYER_LINK and TCF_LAYER_NETWORK returned the same pointer as
skb->data points to the network header.
Use skb_mac_header instead.
Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---
Alternatively this could return skb->head directly, but
'sk_buff->mac_header' is docu
'ptr' is shifted by the offset and then validated,
the memcmp should not add it a second time.
Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---
net/sched/em_nbyte.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sched/em_nbyte.c b/net/sched/em_nbyte.c
memcmp the
entire a byte sequence at once.
Wolfgang Bumiller (1; 2):
tc/lexer: let quotes actually start strings
tc/emp_ematch.l | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
net: sched: em_nbyte: don't add the data offset twice
net_sched: fix TCF_LAYER_LINK case
-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---
tc/emp_ematch.l | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tc/emp_ematch.l b/tc/emp_ematch.l
index dc106759..d7a99304 100644
--- a/tc/emp_ematch.l
+++ b/tc/emp_ematch.l
@@ -137,7
and perform the destruction.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199289
Fixes: 6fd6ce2056de ("ipv6: Do not depend on rt->n in ip6_finish_output2().")
Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---
I do feel bad about moving the unlock call
David Miller wrote:
> From: Wolfgang Bumiller <w.bumil...@proxmox.com>
> Date: Tue, 10 Apr 2018 11:15:14 +0200
>
> > diff --git a/net/core/neighbour.c b/net/core/neighbour.c
> > index 7b7a14abba28..601df647588c 100644
> > --- a/net/core/neighbour.c
> > +
and perform the destruction.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199289
Fixes: 6fd6ce2056de ("ipv6: Do not depend on rt->n in ip6_finish_output2().")
Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---
Changes to v1:
* Renamed 'pneigh_ifdown' to 'pneig
25 matches
Mail list logo