Hi Greg,
On Thu, Sep 09, 2021 at 04:52:09PM +0200, Greg KH wrote:
On Thu, Sep 09, 2021 at 04:03:34PM +0200, Florian Westphal wrote:
Hello,
please consider applying these nf_tables fixes to the 5.10.y tree. These patches had to mangled to make them apply to 5.10.y.
I've done the follwoing tests in a kasan/kmemleak enabled vm:
- run upstream nft python/shell tests. Without patch 2 and 3 doing so results in kernel crash. Some tests fail but afaics those are expected to fail on 5.10 due to lack of feature being tested.
- Tested the 'conncount' feature (its affected by last patch). Worked as designed.
- ran nftables related kernel self tests.
No kmemleak or kasan splats were seen.
Eric Dumazet (1): netfilter: nftables: avoid potential overflows on 32bit arches
Pablo Neira Ayuso (2): netfilter: nf_tables: initialize set before expression setup netfilter: nftables: clone set element expression template
net/netfilter/nf_tables_api.c | 89 ++++++++++++++++++++++------------- net/netfilter/nft_set_hash.c | 10 ++-- 2 files changed, 62 insertions(+), 37 deletions(-)
-- 2.32.0
All now queued up, thanks!
Florian, thank you! My query originated from a bugreport in Debian triggering the issue with the 5.10.y kernels used.
Not really needed here as Greg already queued up but:
Tested-by: Salvatore Bonaccorso carnil@debian.org
Regards, Salvatore