Hello,
syzbot hit the following crash on
https://github.com/google/kmsan.git/master commit
a7f95e9c8a95e9fbb388c3999b61a17667cd3bbe (Sat Apr 21 13:50:22 2018 +)
kmsan: disable assembly checksums
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=5c06e318fc558cc27823
So far
Hello,
syzbot hit the following crash on
https://github.com/google/kmsan.git/master commit
d2d741e5d1898dfde1a75ea3d29a9a3e2edf0617 (Sun Apr 22 15:05:22 2018 +)
kmsan: add initialization for shmem pages
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=3e9695f147fb529aa9bc
Hello,
syzbot hit the following crash on
https://github.com/google/kmsan.git/master commit
d2d741e5d1898dfde1a75ea3d29a9a3e2edf0617 (Sun Apr 22 15:05:22 2018 +)
kmsan: add initialization for shmem pages
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=3dfdea57819073a04f21
This patch adds some test-cases to "libip6t_srh.t" for matching previous SID,
next SID, and last SID.
Signed-off-by: Ahmed Abdelsalam
---
extensions/libip6t_srh.t | 4
1 file changed, 4 insertions(+)
diff --git a/extensions/libip6t_srh.t b/extensions/libip6t_srh.t
This patch extends the libip6t_srh shared library to support matching
previous SID, next SID, and last SID.
Signed-off-by: Ahmed Abdelsalam
---
extensions/libip6t_srh.c| 65 -
include/linux/netfilter_ipv6/ip6t_srh.h | 22
The modulus in the hash function was limited to > 1 as initially
there was no sense to create a hashing of just one element.
Nevertheless, there are certain cases specially for load balancing
where this case needs to be addressed.
This patch fixes the following error.
Error: Could not process
IPv6 Segment Routing Header (SRH) contains a list of SIDs to be crossed by
SR encapsulated packet. Each SID is encoded as an IPv6 prefix.
When a Firewall receives an SR encapsulated packet, it should be able to
identify which node previously processed the packet (previous SID), which
node is
Signed-off-by: Florian Westphal
---
extensions/libebt_pkttype.c | 119 +++
extensions/libebt_pkttype.txlate | 20 +++
iptables/xtables-eb.c| 1 +
3 files changed, 140 insertions(+)
create mode 100644
Signed-off-by: Florian Westphal
---
extensions/libebt_vlan.c | 226 ++
extensions/libebt_vlan.txlate | 11 ++
iptables/xtables-eb.c | 1 +
3 files changed, 238 insertions(+)
create mode 100644 extensions/libebt_vlan.c
Hi David,
The following patchset contains Netfilter/IPVS fixes for your net tree,
they are:
1) Fix SIP conntrack with phones sending session descriptions for different
media types but same port numbers, from Florian Westphal.
2) Fix incorrect rtnl_lock mutex logic from IPVS sync thread, from
From: Florian Westphal
Callum Sinclair reported SIP IP Phone errors that he tracked down to
such phones sending session descriptions for different media types but
with same port numbers.
The expect core will only 'refresh' existing expectation if it is
from same master AND same
From: Florian Westphal
set->name must be free'd here in case ops->init fails.
Fixes: 387454901bd6 ("netfilter: nf_tables: Allow set names of up to 255 chars")
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
From: Taehee Yoo
When chain name is changed, nft_chain_commit_update is called.
In the nft_chain_commit_update, trans->ctx.chain->name has old chain name
and nft_trans_chain_name(trans) has new chain name.
If new chain name is longer than old chain name, KASAN warns
From: Florian Westphal
Dmitry reports 32bit ebtables on 64bit kernel got broken by
a recent change that returns -EINVAL when ruleset has no entries.
ebtables however only counts user-defined chains, so for the
initial table nentries will be 0.
Don't try to allocate the compat
From: Cong Wang
The following memory leak is false postive:
unreferenced object 0x8f37f156fb38 (size 128):
comm "softirq", pid 0, jiffies 4294899665 (age 11.292s)
hex dump (first 32 bytes):
6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
From: Stephen Rothwell
After merging the netfilter tree, today's linux-next build (powerpc
ppc64_defconfig) failed like this:
net/netfilter/nf_conntrack_extend.c: In function 'nf_ct_ext_add':
net/netfilter/nf_conntrack_extend.c:74:2: error: implicit declaration of
From: Jack Ma
With the addition of bit-shift operations, we are able to shift
ct/skbmark based on user requirements. However, this change might also
cause the most left/right hand- side mark to be accidentially lost
during shift operations.
This patch adds the
Move these options inside the scope of the 'if' NF_TABLES and
NF_TABLES_IPV6 dependencies. This patch fixes:
net/ipv6/netfilter/nft_chain_nat_ipv6.o: In function `nft_nat_do_chain':
>> net/ipv6/netfilter/nft_chain_nat_ipv6.c:37: undefined reference to
>> `nft_do_chain'
These structures have different layout, fill xt_connmark_tginfo2 with
old fields in xt_connmark_tginfo1. Based on patch from Jack Ma.
Fixes: 472a73e00757 ("netfilter: xt_conntrack: Support bit-shifting for
CONNMARK & MARK targets.")
Signed-off-by: Pablo Neira Ayuso
---
On Mon, Apr 23, 2018 at 05:48:22AM -0500, Ahmed Abdelsalam wrote:
> IPv6 Segment Routing Header (SRH) contains a list of SIDs to be crossed by
> SR encapsulated packet. Each SID is encoded as an IPv6 prefix.
>
> When a Firewall receives an SR encapsulated packet, it should be able to
> identify
On Mon, 23 Apr 2018 22:08:44 +0200
Florian Westphal wrote:
> Ahmed Abdelsalam wrote:
> > > > @@ -50,6 +62,12 @@ struct ip6t_srh {
> > > > __u8segs_left;
> > > > __u8last_entry;
> > > > __u16
From: Pablo Neira Ayuso
Date: Mon, 23 Apr 2018 19:57:02 +0200
> The following patchset contains Netfilter/IPVS fixes for your net tree,
> they are:
...
> You can pull these changes from:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Pulled, thank you.
tbl->entries is not initialized after kmalloc(), therefore
causes an uninit-value warning in ip_vs_lblc_check_expire()
as reported by syzbot.
Reported-by:
Cc: Simon Horman
Cc: Julian Anastasov
Cc: Pablo
Ahmed Abdelsalam wrote:
> > > @@ -50,6 +62,12 @@ struct ip6t_srh {
> > > __u8segs_left;
> > > __u8last_entry;
> > > __u16 tag;
> > > + struct in6_addr psid_addr;
> > > + struct in6_addr nsid_addr;
Similarly, tbl->entries is not initialized after kmalloc(),
therefore causes an uninit-value warning in ip_vs_lblc_check_expire(),
as reported by syzbot.
Reported-by:
Cc: Simon Horman
Cc: Julian Anastasov
On Mon, 23 Apr 2018 19:30:47 +0200
Pablo Neira Ayuso wrote:
> On Mon, Apr 23, 2018 at 05:48:22AM -0500, Ahmed Abdelsalam wrote:
> > Signed-off-by: Ahmed Abdelsalam
> > ---
> > include/uapi/linux/netfilter_ipv6/ip6t_srh.h | 22 +--
> >
This patch adds a new feature to iptables that allow bitshifting for
--restore,set and save-mark operations. This allows existing logic
operators (and, or and xor) and mask to co-operate with new bitshift
operations.
The intention is to provide uses with more fexible uses of skb->mark
and
Simplify function footprint.
Signed-off-by: Pablo Neira Ayuso
---
include/netlink.h | 78 ++---
src/netlink.c | 127 +-
src/rule.c| 87 -
3
Remove dead code, callers always need this to dump all of the existing
chains.
Signed-off-by: Pablo Neira Ayuso
---
src/netlink.c | 16 +---
1 file changed, 1 insertion(+), 15 deletions(-)
diff --git a/src/netlink.c b/src/netlink.c
index
Not needed anymore.
Signed-off-by: Pablo Neira Ayuso
---
include/netlink.h | 18 ++
src/netlink.c | 23 ---
src/rule.c| 18 +++---
3 files changed, 21 insertions(+), 38 deletions(-)
diff --git a/include/netlink.h
Signed-off-by: Pablo Neira Ayuso
---
include/netlink.h | 4
1 file changed, 4 deletions(-)
diff --git a/include/netlink.h b/include/netlink.h
index 58b37d3cd572..92bae138bf91 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -110,10 +110,6 @@ extern void
This patch adds a new feature to iptables that allow bitshifting for
--restore,set and save-mark operations. This allows existing logic
operators (and, or and xor) and mask to co-operate with new bitshift
operations.
The intention is to provide uses with more fexible uses of skb->mark
and
Hello,
On Mon, 23 Apr 2018, Cong Wang wrote:
> tbl->entries is not initialized after kmalloc(), therefore
> causes an uninit-value warning in ip_vs_lblc_check_expire()
> as reported by syzbot.
>
> Reported-by:
> Cc: Simon Horman
Hello,
On Mon, 23 Apr 2018, Cong Wang wrote:
> Similarly, tbl->entries is not initialized after kmalloc(),
> therefore causes an uninit-value warning in ip_vs_lblc_check_expire(),
> as reported by syzbot.
>
> Reported-by:
> Cc:
34 matches
Mail list logo