Re: [PATCH net-next 13/27] bridge: use __vlan_hwaccel helpers

On 2016/12/14 0:11, Michał Mirosław wrote: > On Tue, Dec 13, 2016 at 03:59:46PM +0300, Sergei Shtylyov wrote: >> Hello! >> >> On 12/13/2016 3:12 AM, Michał Mirosław wrote: >> >>> This removes assumption than vlan_tci != 0 when tag is present. >>> >>> Signed-off-by: Michał Mirosław >>> --- >>> net

[PATCH nft] netlink_linearize: fix IPv6 layer 4 checksum mangling

In IPv6 there is no checksum field, so we have to trigger layer 4 checksum mangling when layer 3 pseudoheader fields are updated inconditionally. Signed-off-by: Pablo Neira Ayuso --- Kernel patch is following up soon for nf. src/netlink_linearize.c | 9 - 1 file changed, 4 insertions(+)

[PATCH nft] tests: py: update quota and payload

Include new consumed field for quota, and check for csum_flags in payload. Signed-off-by: Pablo Neira Ayuso --- Sorry for breaking these tests. tests/py/any/quota.t.payload | 26 +- tests/py/bridge/ether.t.payload| 2 +- tests/py/inet/udp.t.payload.inet | 4

[PATCH nft] mnl: don't send empty set elements netlink message to kernel

The following command: # nft --debug=mnl add rule x y flow table xyz { ip saddr timeout 30s counter } breaks with EINVAL. The following netlink message is causing the problem: ... -- | 44 || message length | | 02572 | R--- || ty

Re: [PATCH nf] netfilter: nf_tables: fix oob access

Pablo Neira Ayuso wrote: > On Tue, Dec 13, 2016 at 01:59:33PM +0100, Florian Westphal wrote: > > BUG: KASAN: slab-out-of-bounds in nf_tables_rule_destroy+0xf1/0x130 at addr > > 88006a4c35c8 > > Read of size 8 by task nft/1607 > > > > When we've destroyed last valid expr, nft_expr_next() retu

Re: [PATCH] ARM: add cmpxchg64 helper for ARMv7-M

On Sat, Dec 10, 2016 at 01:32:34PM +0100, Pablo Neira Ayuso wrote: > Hi Arnd, > > On Sat, Dec 10, 2016 at 11:36:34AM +0100, Arnd Bergmann wrote: > > A change to the netfilter code in net-next introduced the first caller of > > cmpxchg64 that can get built on ARMv7-M, leading to an error from the >

Re: [PATCH nf] netfilter: nf_tables: fix oob access

On Tue, Dec 13, 2016 at 01:59:33PM +0100, Florian Westphal wrote: > BUG: KASAN: slab-out-of-bounds in nf_tables_rule_destroy+0xf1/0x130 at addr > 88006a4c35c8 > Read of size 8 by task nft/1607 > > When we've destroyed last valid expr, nft_expr_next() returns an invalid expr. > We must not der

Re: [PATCH net-next 13/27] bridge: use __vlan_hwaccel helpers

On Tue, Dec 13, 2016 at 03:59:46PM +0300, Sergei Shtylyov wrote: > Hello! > > On 12/13/2016 3:12 AM, Michał Mirosław wrote: > > > This removes assumption than vlan_tci != 0 when tag is present. > > > > Signed-off-by: Michał Mirosław > > --- > > net/bridge/br_netfilter_hooks.c | 14

Re: [PATCH net-next 13/27] bridge: use __vlan_hwaccel helpers

Hello! On 12/13/2016 3:12 AM, Michał Mirosław wrote: This removes assumption than vlan_tci != 0 when tag is present. Signed-off-by: Michał Mirosław --- net/bridge/br_netfilter_hooks.c | 14 -- net/bridge/br_private.h | 2 +- net/bridge/br_vlan.c| 6 +++--- 3

[PATCH nf] netfilter: nf_tables: fix oob access

BUG: KASAN: slab-out-of-bounds in nf_tables_rule_destroy+0xf1/0x130 at addr 88006a4c35c8 Read of size 8 by task nft/1607 When we've destroyed last valid expr, nft_expr_next() returns an invalid expr. We must not dereference it unless it passes != nft_expr_last() check. Signed-off-by: Florian