Re: WARNING in __proc_create

On Fri, Mar 9, 2018 at 1:59 PM, syzbot wrote: > Hello, > > syzbot hit the following crash on net-next commit > 617aebe6a97efa539cc4b8a52adccd89596e6be0 (Sun Feb 4 00:25:42 2018 +) > Merge tag 'usercopy-v4.16-rc1' of >

Re: WARNING in __proc_create

On Fri, Mar 9, 2018 at 2:58 PM, Eric Dumazet wrote: > > > On 03/09/2018 02:56 PM, Eric Dumazet wrote: > >> >> I sent a patch a while back, but Pablo/Florian wanted more than that >> simple fix. >> >> We also need to filter special characters like '/' proc_create_data()

Re: WARNING in __proc_create

On 03/09/2018 02:48 PM, Cong Wang wrote: On Fri, Mar 9, 2018 at 1:59 PM, syzbot wrote: Hello, syzbot hit the following crash on net-next commit 617aebe6a97efa539cc4b8a52adccd89596e6be0 (Sun Feb 4 00:25:42 2018 +) Merge tag

Re: WARNING in __proc_create

Cong Wang wrote: > On Fri, Mar 9, 2018 at 2:58 PM, Eric Dumazet wrote: > > > > > > On 03/09/2018 02:56 PM, Eric Dumazet wrote: > > > >> > >> I sent a patch a while back, but Pablo/Florian wanted more than that > >> simple fix. > >> > >> We also

Re: WARNING in __proc_create

On 03/09/2018 02:56 PM, Eric Dumazet wrote: I sent a patch a while back, but Pablo/Florian wanted more than that simple fix. We also need to filter special characters like '/' Or maybe I am mixing with something else. Yes, Florian mentioned that we also had to reject "." and ".." --

[PATCH nf] netfilter: x_tables: add and use xt_check_proc_name

recent and hashlimit both create /proc files, but only check that name is 0 terminated. This can trigger WARN() from procfs when name is "" or "/". Add helper for this and then use it for both. Cc: Eric Dumazet Reported-by: Eric Dumazet

Re: WARNING in __proc_create

Eric Dumazet wrote: > >>fs/proc/generic.c:354 > > > >We need to reject empty names. > > > > I sent a patch a while back, but Pablo/Florian wanted more than that simple > fix. > > We also need to filter special characters like '/' > > Or maybe I am mixing with something

Re: WARNING in __proc_create

On 03/09/2018 03:05 PM, Cong Wang wrote: BTW, the warning itself is all about empty names, so perhaps it's better to fix them separately. Huh ? You want more syzbot reports ? I do not. I unblocked this report today [1], you can be sure that as soon as syzbot gets the correct tag

Re: WARNING in __proc_create

On Fri, Mar 9, 2018 at 3:21 PM, Eric Dumazet wrote: > > > On 03/09/2018 03:05 PM, Cong Wang wrote: >> >> >> BTW, the warning itself is all about empty names, so perhaps >> it's better to fix them separately. > > > Huh ? You want more syzbot reports ? I do not. I always

Re: WARNING in __proc_create

On 03/09/2018 03:32 PM, Cong Wang wrote: On Fri, Mar 9, 2018 at 3:21 PM, Eric Dumazet wrote: On 03/09/2018 03:05 PM, Cong Wang wrote: BTW, the warning itself is all about empty names, so perhaps it's better to fix them separately. Huh ? You want more syzbot

[PATCH libnftnl] src: support for NFT_CT_{SRC,DST}_{IP,IP6}

Signed-off-by: Pablo Neira Ayuso --- include/linux/netfilter/nf_tables.h | 12 ++-- src/expr/ct.c | 6 +- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/include/linux/netfilter/nf_tables.h

[PATCH nft] ct: support for NFT_CT_{SRC,DST}_{IP,IP6}

Signed-off-by: Pablo Neira Ayuso --- include/ct.h| 3 +-- include/linux/netfilter/nf_tables.h | 12 ++-- src/ct.c| 21 +++-- src/evaluate.c | 2 +- src/netlink_delinearize.c

Re: Port triggering

Stéphane Veyret wrote: > Hi, > > I saw that patches have been written some years ago for port > triggering in Netfilter, but no such feature is currently available in > the kernel. Is there any reason for that? If I write and submit such a > patch as Xtables-addons module,

Re: [PATCH nf-next] netfilter: nft_ct: add NFT_CT_{SRC,DST}_{IP,IP6}

Pablo Neira Ayuso wrote: > All existing keys, except the NFT_CT_SRC and NFT_CT_DST are assumed to > have strict datatypes. This is causing problems with sets and > concatenations given the specific length of these keys is not known. Acked-by: Florian Westphal

[PATCH nf-next] netfilter: nft_ct: add NFT_CT_{SRC,DST}_{IP,IP6}

All existing keys, except the NFT_CT_SRC and NFT_CT_DST are assumed to have strict datatypes. This is causing problems with sets and concatenations given the specific length of these keys is not known. Signed-off-by: Pablo Neira Ayuso --- @Florian: I know we've been trying

Re: Port triggering

Hi, Please tell me if my message was posted in the wrong place, or if I don't use the right title convention… Thank you, -- Bien cordialement, / Plej kore, Stéphane Veyret -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to

[PATCH nf v4] netfilter: bridge: ebt_among: add more missing match size checks

ebt_among is special, it has a dynamic match size and is exempt from the central size checks. commit c4585a2823edf ("bridge: ebt_among: add missing match size checks") added validation for pool size, but missed fact that the macros ebt_among_wh_src/dst can already return out-of-bound result

Re: [PATCH nf v4] netfilter: bridge: ebt_among: add more missing match size checks

On 03/09/2018 02:03 AM, Florian Westphal wrote: ebt_among is special, it has a dynamic match size and is exempt from the central size checks. commit c4585a2823edf ("bridge: ebt_among: add missing match size checks") added validation for pool size, but missed fact that the macros

[PATCH nf v5] netfilter: bridge: ebt_among: add more missing match size checks

ebt_among is special, it has a dynamic match size and is exempt from the central size checks. commit c4585a2823edf ("bridge: ebt_among: add missing match size checks") added validation for pool size, but missed fact that the macros ebt_among_wh_src/dst can already return out-of-bound result

[PATCH] tests: shell: fix tests for deletion via handle attribute

Fetch object, chain and set handles and with '-a' option and then delete them. Signed-off-by: Harsha Sharma --- tests/shell/testcases/chains/0016delete_handle_0 | 20 ++- .../testcases/optionals/delete_object_handles_0| 39 --

Re: [PATCH] rule: print handle attribute in more clearer manner

On Thu, Mar 08, 2018 at 10:16:13PM +0530, Harsha Sharma wrote: > Print handles in this way: > > table ip filter { # handle 2 > } > Similarly, for chain, set and object handles Applied, thanks Harsha. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a

Re: [PATCH nf v5] netfilter: bridge: ebt_among: add more missing match size checks

On 03/09/2018 05:27 AM, Florian Westphal wrote: ebt_among is special, it has a dynamic match size and is exempt from the central size checks. commit c4585a2823edf ("bridge: ebt_among: add missing match size checks") added validation for pool size, but missed fact that the macros

Re: [PATCH nft] tests: shell: autogenerate dump verification

On Wed, Mar 07, 2018 at 10:51:10PM +0100, Laura Garcia Liebana wrote: > Complete the automated shell tests with the verification of > the test file dump, only for positive tests and if the test > execution was successful. > > It's able to generate the dump file with the -g option. > Example: > >

Re: [PATCH] tests: shell: fix tests for deletion via handle attribute

On Fri, Mar 09, 2018 at 07:52:28PM +0530, Harsha Sharma wrote: > Fetch object, chain and set handles and with '-a' option and then delete > them. Applied, thanks Harsha. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to