Do not solely rely on compiler optimizations to get the workaround
of having macros do nothing using an empty do-while loop. It's
inefficient.
Use ((void)0) to which the standard assert macro expands when NDEBUG
is defined.
No functional change intended.
[mcdofrenchfreis]:
Implement this patch to tree using the command:
git grep -l "do {} while (0)" | xargs sed -i "s/do {} while (0)/((void)0)/g"
Change-Id: I9615c62c46670e31ed8d0d89d195144541baa3e6
Signed-off-by: Tashfin Shakeer Rhythm <tashfinshakeerrhythm@gmail.com>
Signed-off-by: mcdofrenchfreis <xyzevan@androidist.net>
Signed-off-by: Richard Raya <rdxzv.dev@gmail.com>
[ Upstream commit a0b39e2dc7017ac667b70bdeee5293e410fab2fb ]
nft_counter_reset() resets the counter by subtracting the previously
retrieved value from the counter. This is a write operation on the
counter and as such it requires to be performed with a write sequence of
nft_counter_seq to serialize against its possible reader.
Update the packets/ bytes within write-sequence of nft_counter_seq.
Fixes: d84701ecbcd6a ("netfilter: nft_counter: rework atomic dump and reset")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 31c28919a99f5c491e3cce4fa7293b12e330e247)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
-----BEGIN PGP SIGNATURE-----
iQJNBAABCAA3FiEERFwmR4yFob14UDOYC8702P6YulgFAmcHrG8ZHHZlZ2FyZC5u
b3NzdW1Ab3JhY2xlLmNvbQAKCRALzvTY/pi6WIQuEACCYf9xCGBALlKFb0pXX3eF
oiRkceNyy5NWSndD7t9p/3d2g4YrVptGxtTZN12IltfG4wfCQ+qC/0g2Mu4ho0Yp
2ExKVaIli1t2csIjXCUUyjh3jU0JOkDwJap9n5QemACsX8zrDfKVwdlj9hw+e7vi
fBWwdfl1duK5cfVbbyvL74It4WeMnjuAYrBnMTxhYBTq56xFLrbBILl8BLxAV5NN
5wGoNCeUtj8LxUrL2qs5QoT3Bf7uoDlLnu1Ly7jDMMX34/oNh5huOjZdDFbQYxS3
DsEe6ljOYOyB/awdUhScERfxVPimumN3nHWnRJbsQhX36uXT6U7HNJah4zauchRk
UlKUSfG3YyOqKIwFH+8oGmkuCm6wZbVjVsNNkYhT804BCCHrasJ1SHXsSB9R0MpU
x3IQOoiuc33bUYrSqWAO7utvt+PwG++3GHz0XQwPfZn4DHY18/e+VNsGtQTPqzRG
tsywZVTN0DC0nO7L772nkQDb7z2mhmJGgN8q3FPbMTfp/I1phIh9C17pckfpHKAl
ippTmTMaIYDU3Rlc1g/cu363GOaXWRN4t03VSEu/BLV0IElRktUnmuBU3B/rMb+F
ItaBmhnZGXHUrulMTxDtzItrYMwx00USw6IrG3iYjob0MhhxhLVxEh0vKc7Te2w5
2FZEjj2BxinK66mJgAolZw==
=BQd/
-----END PGP SIGNATURE-----
Merge tag 'v4.14.353-openela' of https://github.com/openela/kernel-lts
This is the 4.14.353 OpenELA-Extended LTS stable release
* tag 'v4.14.353-openela' of https://github.com/openela/kernel-lts: (173 commits)
LTS: Update to 4.14.353
net: fix __dst_negative_advice() race
selftests: make order checking verbose in msg_zerocopy selftest
selftests: fix OOM in msg_zerocopy selftest
Revert "selftests/net: reap zerocopy completions passed up as ancillary data."
Revert "selftests: fix OOM in msg_zerocopy selftest"
Revert "selftests: make order checking verbose in msg_zerocopy selftest"
nvme/pci: Add APST quirk for Lenovo N60z laptop
exec: Fix ToCToU between perm check and set-uid/gid usage
drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
drm/i915: Try GGTT mmapping whole object as partial
netfilter: nf_tables: set element extended ACK reporting support
kbuild: Fix '-S -c' in x86 stack protector scripts
drm/mgag200: Set DDC timeout in milliseconds
drm/bridge: analogix_dp: properly handle zero sized AUX transactions
drm/bridge: analogix_dp: Properly log AUX CH errors
drm/bridge: analogix_dp: Reset aux channel if an error occurred
drm/bridge: analogix_dp: Check AUX_EN status when doing AUX transfer
x86/mtrr: Check if fixed MTRRs exist before saving them
tracing: Fix overflow in get_free_elt()
...
Change-Id: I0e92a979e31d4fa6c526c6b70a1b61711d9747bb
Signed-off-by: Richard Raya <rdxzv.dev@gmail.com>
commit b53c116642502b0c85ecef78bff4f826a7dd4145 upstream.
Report the element that causes problems via netlink extended ACK for set
element commands.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 61fbbac22c8ce73d0c492caf45a286c3f021c0fd)
[Vegard: fix conflict in nf_tables_getsetelem() due to missing commit
ba0e4d9917b43dfa746cbbcb4477da59aae73bd6 ("netfilter: nf_tables: get
set elements via netlink") from v4.15]
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
[ Upstream commit 782161895eb4ac45cf7cfa8db375bd4766cb8299 ]
Delete expectation path is missing a call to the nf_expect_get_id()
helper function to calculate the expectation ID, otherwise LSB of the
expectation object address is leaked to userspace.
Fixes: 3c79107631db ("netfilter: ctnetlink: don't use conntrack/expect object addresses as id")
Reported-by: zdi-disclosures@trendmicro.com
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 66e7650dbbb8e236e781c670b167edc81e771450)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
[ Upstream commit 53796b03295cf7ab1fc8600016fa6dfbf4a494a0 ]
In the context of the SCTP SNAT/DNAT handler, these calls can only
return true.
Fixes: e10d3ba4d434 ("ipvs: Fix checksumming on GSO of SCTP packets")
Signed-off-by: Ismael Luceno <iluceno@suse.de>
Acked-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@kernel.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 9340804ea465de0509a9afaeaaccf3fb74b14f9b)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
* 'linux-4.14.y' of https://github.com/openela/kernel-lts: (133 commits)
LTS: Update to 4.14.350
SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
arm64: dts: rockchip: Add sound-dai-cells for RK3368
tcp: Fix data races around icsk->icsk_af_ops.
ipv6: Fix data races around sk->sk_prot.
ipv6: annotate some data-races around sk->sk_prot
pwm: stm32: Refuse too small period requests
ftruncate: pass a signed offset
batman-adv: Don't accept TT entries for out-of-spec VIDs
batman-adv: include gfp.h for GFP_* defines
drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes
drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
hexagon: fix fadvise64_64 calling conventions
tty: mcf: MCF54418 has 10 UARTS
usb: atm: cxacru: fix endpoint checking in cxacru_bind()
usb: musb: da8xx: fix a resource leak in probe()
usb: gadget: printer: SS+ support
net: usb: ax88179_178a: improve link status logs
iio: adc: ad7266: Fix variable checking bug
mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
...
Change-Id: I0ab862e0932a48f13c64657e5456f3034b766445
Signed-off-by: Richard Raya <rdxzv.dev@gmail.com>
[ Upstream commit 7931d32955e09d0a11b1fe0b6aac1bfa061c005c ]
register store validation for NFT_DATA_VALUE is conditional, however,
the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This
only requires a new helper function to infer the register type from the
set datatype so this conditional check can be removed. Otherwise,
pointer to chain object can be leaked through the registers.
Fixes: 96518518cc41 ("netfilter: add nftables")
Reported-by: Linus Torvalds <torvalds@linuxfoundation.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 40188a25a9847dbeb7ec67517174a835a677752f)
[Vegard: fixed unrelated conflict due to missing commit
9c22bd1ab442c552e9481f1157589362887a7f47 ("netfilter: nf_tables: defer
gc run if previous batch is still pending").]
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
-----BEGIN PGP SIGNATURE-----
iQJNBAABCAA3FiEERFwmR4yFob14UDOYC8702P6YulgFAmaYMNYZHHZlZ2FyZC5u
b3NzdW1Ab3JhY2xlLmNvbQAKCRALzvTY/pi6WI+2EACbJP/GYZL4iZezt3yp9J6y
ObeobshL3ODENH9J4Rpjo7EJNdRbiJmqK07C6g3gxfEBqYhMDxYCBbhwTTvvHmu7
ezr1rmQmUlyzf2qW905a+rTawUrKztZpvZ0ycRXgfQHjX8w64salq/G5X9kJ1CZQ
0TYwhDXXYRc1yuhJkVH0+ZUP+FvSBYXY42QZQ8tRzviBKgHUqyQ2JiLN7yGXStSp
PEOCeXuEsQxkzbFU1rG7J9KXfUYndih+fiGSvuUUZF6WTHNobfkh+nrGzsdadtUp
UW9nEdHjjEhTpTr125uOGc3H2Y1rWVPrcZ9kvJBhzf4WKNBFu2v7Bc5i2/Yz/jKU
5cz7bjqpSnFOAmNe1f+pOO2oIsBk/xhAbMrPHS1eTJfUJmVL21HgDS3nXfV3yYcR
0cHH10HGf7DEx2PRh3DM53XzaiumOXY3e/eFt+syYFWtsPY0XKHjsfwLeoujCVgh
Sb6yiV1HTNg2hkGck+CQKTvHKZhSs1uE+vGSHiSTpryrsXYCTRJySSXEdiU0QpeL
c9xzRE0PrUaUKNucdimGr6EqvXL11M1I59Z3ygk8vyLGI13vSmkRZ9Sl7m0tbirA
0K1Ws2PkwuYQEOut8Esp6DJ2n38Uz3j0lnb2lreC0KbfXMvPWQfP81M1Lc+Pkpn6
Zgbbs68F6jYs0KV/iRty2A==
=RvUO
-----END PGP SIGNATURE-----
Merge tag 'v4.14.349-openela' of https://github.com/openela/kernel-lts
This is the 4.14.349 OpenELA-Extended LTS stable release
* tag 'v4.14.349-openela' of https://github.com/openela/kernel-lts: (160 commits)
LTS: Update to 4.14.349
x86/kvm: Disable all PV features on crash
x86/kvm: Disable kvmclock on all CPUs on shutdown
x86/kvm: Teardown PV features on boot CPU as well
crypto: algif_aead - fix uninitialized ctx->init
nfs: fix undefined behavior in nfs_block_bits()
ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
sparc: move struct termio to asm/termios.h
kdb: Use format-specifiers rather than memset() for padding in kdb_read()
kdb: Merge identical case statements in kdb_read()
kdb: Fix console handling when editing and tab-completing commands
kdb: Use format-strings rather than '\0' injection in kdb_read()
kdb: Fix buffer overflow during tab-complete
sparc64: Fix number of online CPUs
intel_th: pci: Add Meteor Lake-S CPU support
net/9p: fix uninit-value in p9_client_rpc()
crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
netfilter: nft_dynset: relax superfluous check on set updates
netfilter: nft_dynset: report EOPNOTSUPP on missing set feature
...
Change-Id: Idb0053e6b2186ef17f31e15fdb601ae451c81283
Signed-off-by: Richard Raya <rdxzv.dev@gmail.com>
commit 7b1394892de8d95748d05e3ee41e85edb4abbfa1 upstream.
Relax this condition to make add and update commands idempotent for sets
with no timeout. The eval function already checks if the set element
timeout is available and updates it if the update command is used.
Fixes: 22fe54d5fefc ("netfilter: nf_tables: add support for dynamic set updates")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 79e98cd78610560a6a6cf85200eb31331602f9a9)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
commit 95cd4bca7b1f4a25810f3ddfc5e767fb46931789 upstream.
If userspace requests a feature which is not available the original set
definition, then bail out with EOPNOTSUPP. If userspace sends
unsupported dynset flags (new feature not supported by this kernel),
then report EOPNOTSUPP to userspace. EINVAL should be only used to
report malformed netlink messages from userspace.
Fixes: 22fe54d5fefc ("netfilter: nf_tables: add support for dynamic set updates")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit c5c4746c8cd6d049dcbf39c811172c917ea6fb6e)
[Vegard: fix conflicts due to missing commits
8e1102d5a1596dca10f51e3de800809944f8816d ("netfilter: nf_tables: support
timeouts larger than 23 days") and b13468dc577498002cf4e62978359ff97ffcd187
("netfilter: nft_dynset: fix timeout updates on 32bit").]
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
commit 24138933b97b055d486e8064b4a1721702442a9b upstream.
There is an asymmetry between commit/abort and preparation phase if the
following conditions are met:
1. set is a verdict map ("1.2.3.4 : jump foo")
2. timeouts are enabled
In this case, following sequence is problematic:
1. element E in set S refers to chain C
2. userspace requests removal of set S
3. kernel does a set walk to decrement chain->use count for all elements
from preparation phase
4. kernel does another set walk to remove elements from the commit phase
(or another walk to do a chain->use increment for all elements from
abort phase)
If E has already expired in 1), it will be ignored during list walk, so its use count
won't have been changed.
Then, when set is culled, ->destroy callback will zap the element via
nf_tables_set_elem_destroy(), but this function is only safe for
elements that have been deactivated earlier from the preparation phase:
lack of earlier deactivate removes the element but leaks the chain use
count, which results in a WARN splat when the chain gets removed later,
plus a leak of the nft_chain structure.
Update pipapo_get() not to skip expired elements, otherwise flush
command reports bogus ENOENT errors.
Fixes: 3c4287f62044 ("nf_tables: Add set type for arbitrary concatenation of ranges")
Fixes: 8d8540c4f5e0 ("netfilter: nft_set_rbtree: add timeout support")
Fixes: 9d0982927e79 ("netfilter: nft_hash: add support for timeouts")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 94313a196b44184b5b52c1876da6a537701b425a)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
[ Upstream commit 628bd3e49cba1c066228e23d71a852c23e26da73 ]
set .destroy callback releases the references to other objects in maps.
This is very late and it results in spurious EBUSY errors. Drop refcount
from the preparation phase instead, update set backend not to drop
reference counter from set .destroy path.
Exceptions: NFT_TRANS_PREPARE_ERROR does not require to drop the
reference counter because the transaction abort path releases the map
references for each element since the set is unbound. The abort path
also deals with releasing reference counter for new elements added to
unbound sets.
Fixes: 591054469b3e ("netfilter: nf_tables: revisit chain/object refcounting from elements")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit bc9f791d2593f17e39f87c6e2b3a36549a3705b1)
[Harshit: Fixed 3 different conflicts due to missing commit:
71cc0873e0e0 ("netfilter: nf_tables: Simplify set backend selection")
and commit: 79b174ade16d ("netfilter: nf_tables: garbage collection for
stateful expressions") and commit: 88bae77d6606 ("netfilter: nf_tables:
use net_generic infra for transaction data") and these can't be
backported to 4.14.y]
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
nft_set_elem_destroy() can be called from call_rcu context. Annotate
netns and table in set object so we can populate the context object.
Moreover, pass context object to nf_tables_set_elem_destroy() from the
commit phase, since it is already available from there.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 3453c92731884bad7c4c3a0667228b964747f3d5)
[Harshit: 4.14.y had backport commit: 4e0dbab570de ("netfilter:
nf_tables: do not allow SET_ID to refer to another table") which does
add couple of things which this commit is supposed to add]
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
[Vegard: removed .family = set->table->family assignment in
nft_set_elem_destroy() as we're missing commit
36596dadf54a920d26286cf9f421fb4ef648b51f ("netfilter: nf_tables: add
single table list for all families").]
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
commit f8bb7889af58d8e74d2d61c76b1418230f1610fa upstream.
Rename:
- nft_set_elem_activate() to nft_set_elem_data_activate().
- nft_set_elem_deactivate() to nft_set_elem_data_deactivate().
To prepare for updates in the set element infrastructure to add support
for the special catch-all element.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 68b10f33a37e942bdc06b9cb313ad4e1b1f612e8)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
commit 0c2a85edd143162b3a698f31e94bf8cdc041da87 upstream.
The patch that adds support for stateful expressions in set definitions
require this.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 525561faa075cb49905783fd3e4e16b66b218846)
[Harshit: Fixed conflicts due to missing commit: dd4cbef72351
("netfilter: nf_tables: get rid of pernet families") and missing commit:
25ddad73070c ("netfilter: nf_tables: fix set double-free in abort path
and commit: 88bae77d6606 ("netfilter: nf_tables: use net_generic infra
for transaction data") in 4.14.y"]
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
[ Upstream commit 40ba1d9b4d19796afc9b7ece872f5f3e8f5e2c13 ]
The abort path can cause a double-free of an anonymous set.
Added-and-to-be-aborted rule looks like this:
udp dport { 137, 138 } drop
The to-be-aborted transaction list looks like this:
newset
newsetelem
newsetelem
rule
This gets walked in reverse order, so first pass disables the rule, the
set elements, then the set.
After synchronize_rcu(), we then destroy those in same order: rule, set
element, set element, newset.
Problem is that the anonymous set has already been bound to the rule, so
the rule (lookup expression destructor) already frees the set, when then
cause use-after-free when trying to delete the elements from this set,
then try to free the set again when handling the newset expression.
Rule releases the bound set in first place from the abort path, this
causes the use-after-free on set element removal when undoing the new
element transactions. To handle this, skip new element transaction if
set is bound from the abort path.
This is still causes the use-after-free on set element removal. To
handle this, remove transaction from the list when the set is already
bound.
Joint work with Florian Westphal.
Fixes: f6ac85858976 ("netfilter: nf_tables: unbind set in rule from commit path")
Bugzilla: https://bugzilla.netfilter.org/show_bug.cgi?id=1325
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 25ddad73070c8fd15528fe804db90f0bda0dc6ad)
[Vegard: fix conflicts due to commit 59c38c80769a5528a617ea8857049b94a4b67041
("netfilter: nf_tables: use-after-free in failing rule with bound set")
which included extra code for the NFT_MSG_NEWSETELEM case that was
added upstream in commit 40ba1d9b4d19796afc9b7ece872f5f3e8f5e2c13
("netfilter: nf_tables: fix set double-free in abort path") and
conflicts due to commit 63d921c3e52a14125f293efea5f78508c36668c1
("netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
set/chain") for the bind/true differences.]
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Add helper function to test for the NFT_SET_ANONYMOUS flag.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 408070d6ee3490da63430bc8ce13348cf2eb47ea)
[Harshit: Adding this helper commit as it would help for future commit
backports, fix conlfict reoslution due to missing commit: af26f3e2903b
("netfilter: nf_tables: unbind set in rule from commit path") which is a
later commit but applied to 4.14.y already and I have considered using
nft_is_anonymous() helper at couple of other places where the previous
backports avoided to use it as the helper wasn't present]
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
* 'linux-4.14.y' of https://github.com/openela/kernel-lts: (278 commits)
LTS: Update to 4.14.348
docs: kernel_include.py: Cope with docutils 0.21
serial: kgdboc: Fix NMI-safety problems from keyboard reset code
btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()
dm: limit the number of targets and parameter size area
Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"
LTS: Update to 4.14.347
rds: Fix build regression.
RDS: IB: Use DEFINE_PER_CPU_SHARED_ALIGNED for rds_ib_stats
af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc().
net: fix out-of-bounds access in ops_init
drm/vmwgfx: Fix invalid reads in fence signaled events
dyndbg: fix old BUG_ON in >control parser
tipc: fix UAF in error path
usb: gadget: f_fs: Fix a race condition when processing setup packets.
usb: gadget: composite: fix OS descriptors w_value logic
firewire: nosy: ensure user_length is taken into account when fetching packet contents
af_unix: Fix garbage collector racing against connect()
af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
...
Change-Id: If329d39dd4e95e14045bb7c58494c197d1352d60
Signed-off-by: Richard Raya <rdxzv.dev@gmail.com>
[ Upstream commit e10d3ba4d434ed172914617ed8d74bd411421193 ]
It was observed in the wild that pairs of consecutive packets would leave
the IPVS with the same wrong checksum, and the issue only went away when
disabling GSO.
IPVS needs to avoid computing the SCTP checksum when using GSO.
Fixes: 90017accff61 ("sctp: Add GSO support")
Co-developed-by: Firo Yang <firo.yang@suse.com>
Signed-off-by: Ismael Luceno <iluceno@suse.de>
Tested-by: Andreas Taschner <andreas.taschner@suse.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 740a06078ac58840494934ace6055eb879f267fb)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
[ Upstream commit f969eb84ce482331a991079ab7a5c4dc3b7f89bf ]
nft_unregister_expr() can concurrent with __nft_expr_type_get(),
and there is not any protection when iterate over nf_tables_expressions
list in __nft_expr_type_get(). Therefore, there is potential data-race
of nf_tables_expressions list entry.
Use list_for_each_entry_rcu() to iterate over nf_tables_expressions
list in __nft_expr_type_get(), and use rcu_read_lock() in the caller
nft_expr_type_get() to protect the entire type query process.
Fixes: ef1f7df9170d ("netfilter: nf_tables: expression ops overloading")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 939109c0a8e2a006a6cc8209e262d25065f4403a)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
[ Upstream commit 9cff126f73a7025bcb0883189b2bed90010a57d4 ]
In case that there are two types, prefer the family specify extension.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Stable-dep-of: f969eb84ce48 ("netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 97f097a8091261ffa07c8889550c4026e59b6c14)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
commit fd94d9dadee58e09b49075240fe83423eb1dcd36 upstream.
If priv->len is a multiple of 4, then dst[len / 4] can write past
the destination array which leads to stack corruption.
This construct is necessary to clean the remainder of the register
in case ->len is NOT a multiple of the register size, so make it
conditional just like nft_payload.c does.
The bug was added in 4.1 cycle and then copied/inherited when
tcp/sctp and ip option support was added.
Bug reported by Zero Day Initiative project (ZDI-CAN-21950,
ZDI-CAN-21951, ZDI-CAN-21961).
Fixes: 49499c3e6e18 ("netfilter: nf_tables: switch registers to 32 bit addressing")
Fixes: 935b7f643018 ("netfilter: nft_exthdr: add TCP option matching")
Fixes: 133dc203d77d ("netfilter: nft_exthdr: Support SCTP chunks")
Fixes: dbb5281a1f84 ("netfilter: nf_tables: add support for matching IPv4 options")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: SeongJae Park <sjpark@amazon.com>
(cherry picked from commit 806fac5f5939d55f4538ea59508a62385a1ba0ca)
[Vegard: note that nft_exthdr_ipv4_eval() was introduced in commit
dbb5281a1f84b2f93032d4864c21 ("netfilter: nf_tables: add support for
matching IPv4 options"; v5.3) and nft_exthdr_sctp_eval() was introduced
in commit 133dc203d77dff617d9c4673973ef3859be2c476 ("netfilter:
nft_exthdr: Support SCTP chunks"; v5.14); neither patch is present in
4.14, which is why these changes have been dropped compared to the
mainline patch. Also, this fixes CVE-2023-52628.]
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
commit e26d3009efda338f19016df4175f354a9bd0a4ab upstream.
Never used from userspace, disallow these parameters.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
[Keerthana: code surrounding the patch is different
because nft_set_desc is not present in v4.19-v5.10]
Signed-off-by: Keerthana K <keerthana.kalyanasundaram@broadcom.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 116b0e8e4673a5faa8a739a19b467010c4d3058c)
[Vegard: fix conflict in context due to missing commit
8e1102d5a1596dca10f51e3de800809944f8816d ("netfilter: nf_tables:
support timeouts larger than 23 days").]
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
commit 5f4fc4bd5cddb4770ab120ce44f02695c4505562 upstream.
This set combination is weird: it allows for elements to be
added/deleted, but once bound to the rule it cannot be updated anymore.
Eventually, all elements expire, leading to an empty set which cannot
be updated anymore. Reject this flags combination.
Cc: stable@vger.kernel.org
Fixes: 761da2935d6e ("netfilter: nf_tables: add set timeout API support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 9372a64fb8a9f8e9cc59a0c8fa2ab5a670384926)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
commit 16603605b667b70da974bea8216c93e7db043bf1 upstream.
Anonymous sets are never used with timeout from userspace, reject this.
Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.
Cc: stable@vger.kernel.org
Fixes: 761da2935d6e ("netfilter: nf_tables: add set timeout API support")
Reported-by: lonial con <kongln9170@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
* 'linux-4.14.y' of https://github.com/openela/kernel-lts: (186 commits)
LTS: Update to 4.14.344
binder: signal epoll threads of self-work
ANDROID: binder: Add thread->process_todo flag.
scsi: bnx2fc: Fix skb double free in bnx2fc_rcv()
scsi: bnx2fc: Remove set but not used variable 'oxid'
net: check dev->gso_max_size in gso_features_check()
driver: staging: count ashmem_range into SLAB_RECLAIMBLE
net: warn if gso_type isn't set for a GSO SKB
staging: android: ashmem: Remove use of unlikely()
ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5
ALSA: hda/realtek: Enable headset onLenovo M70/M90
ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB
ALSA: hda/realtek - ALC897 headset MIC no sound
ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
ALSA: hda/realtek - The front Mic on a HP machine doesn't work
ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662
ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662
ALSA: hda/realtek - Add Headset Mic supported for HP cPC
ALSA: hda/realtek - More constifications
...
Change-Id: I3d093c0e457ab7e7e7b98b46eb44e82b6f4636f9
Signed-off-by: Richard Raya <rdxzv.dev@gmail.com>
[ Upstream commit 7ae836a3d630e146b732fe8ef7d86b243748751f ]
A concurrently running sock_orphan() may NULL the sk_socket pointer in
between check and deref. Follow other users (like nft_meta.c for
instance) and acquire sk_callback_lock before dereferencing sk_socket.
Fixes: 0265ab44bacc ("[NETFILTER]: merge ipt_owner/ip6t_owner in xt_owner")
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
[ Upstream commit ea6cc2fd8a2b89ab6dcd096ba6dbc1ecbdf26564 ]
The XT_OWNER_SUPPL_GROUPS flag causes GIDs specified with XT_OWNER_GID
to be also checked in the supplementary groups of a process.
f_cred->group_info cannot be modified during its lifetime and f_cred
holds a reference to it so it's safe to use.
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Stable-dep-of: 7ae836a3d630 ("netfilter: xt_owner: Fix for unsafe access of sk->sk_socket")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
* 'linux-4.14.y' of https://github.com/openela/kernel-lts: (176 commits)
LTS: Update to 4.14.343
crypto: af_alg - Work around empty control messages without MSG_MORE
crypto: af_alg - Fix regression on empty requests
spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
net/bnx2x: Prevent access to a freed page in page_pool
hsr: Handle failures in module init
rds: introduce acquire/release ordering in acquire/release_in_xmit()
hsr: Fix uninit-value access in hsr_get_node()
net: hsr: fix placement of logical operator in a multi-line statement
usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
staging: greybus: fix get_channel_from_mode() failure path
serial: 8250_exar: Don't remove GPIO device on suspend
rtc: mt6397: select IRQ_DOMAIN instead of depending on it
rtc: mediatek: enhance the description for MediaTek PMIC based RTC
tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
serial: max310x: fix syntax error in IRQ error message
clk: qcom: gdsc: Add support to update GDSC transition delay
NFS: Fix an off by one in root_nfs_cat()
net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
...
Change-Id: Ib9b7d4f4fbb66b54b4fc2d35e945418da4c02331
Signed-off-by: Richard Raya <rdxzv.dev@gmail.com>
[ Upstream commit 767146637efc528b5e3d31297df115e85a2fd362 ]
UBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts
that are out of bounds for their data type.
vmlinux get_bitmap(b=75) + 712
<net/netfilter/nf_conntrack_h323_asn1.c:0>
vmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956
<net/netfilter/nf_conntrack_h323_asn1.c:592>
vmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216
<net/netfilter/nf_conntrack_h323_asn1.c:814>
vmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812
<net/netfilter/nf_conntrack_h323_asn1.c:576>
vmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216
<net/netfilter/nf_conntrack_h323_asn1.c:814>
vmlinux DecodeRasMessage() + 304
<net/netfilter/nf_conntrack_h323_asn1.c:833>
vmlinux ras_help() + 684
<net/netfilter/nf_conntrack_h323_main.c:1728>
vmlinux nf_confirm() + 188
<net/netfilter/nf_conntrack_proto.c:137>
Due to abnormal data in skb->data, the extension bitmap length
exceeds 32 when decoding ras message then uses the length to make
a shift operation. It will change into negative after several loop.
UBSAN load could detect a negative shift as an undefined behaviour
and reports exception.
So we add the protection to avoid the length exceeding 32. Or else
it will return out of range error and stop decoding.
Fixes: 5e35941d9901 ("[NETFILTER]: Add H.323 conntrack/NAT helper")
Signed-off-by: Lena Wang <lena.wang@mediatek.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 98db42191329c679f4ca52bec0b319689e1ad8cb)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
This patch fixes several out of bounds memory reads by extending
the nf_h323_error_boundary() function to work on bits as well
an check the affected parts.
Signed-off-by: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit ec8a8f3c31ddef0a7d9626c4b8a4baa30f3b80aa)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
It is bad practive to return in a macro, this patch
moves the check into a function.
Signed-off-by: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit bc7d811ace4ad39a3941089ca871633366878719)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
* 'linux-4.14.y' of https://github.com/openela/kernel-lts: (350 commits)
LTS: Update to 4.14.340
fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table()
PCI/MSI: Prevent MSI hardware interrupt number truncation
s390: use the correct count for __iowrite64_copy()
packet: move from strlcpy with unused retval to strscpy
ipv6: sr: fix possible use-after-free and null-ptr-deref
nouveau: fix function cast warnings
scsi: jazz_esp: Only build if SCSI core is builtin
RDMA/srpt: fix function pointer cast warnings
RDMA/srpt: Support specifying the srpt_service_guid parameter
IB/hfi1: Fix a memleak in init_credit_return
usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
l2tp: pass correct message length to ip6_append_data
gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
dm-crypt: don't modify the data when using authenticated encryption
mm: memcontrol: switch to rcu protection in drain_all_stock()
s390/qeth: Fix potential loss of L3-IP@ in case of network issues
virtio-blk: Ensure no requests in virtqueues before deleting vqs.
firewire: core: send bus reset promptly on gap count error
...
Change-Id: Ieafdd459ee41343bf15ed781b3e45adc2be29cc1
Signed-off-by: Richard Raya <rdxzv.dev@gmail.com>
commit c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 upstream.
The problem is in nft_byteorder_eval() where we are iterating through a
loop and writing to dst[0], dst[1], dst[2] and so on... On each
iteration we are writing 8 bytes. But dst[] is an array of u32 so each
element only has space for 4 bytes. That means that every iteration
overwrites part of the previous element.
I spotted this bug while reviewing commit caf3ef7468f7 ("netfilter:
nf_tables: prevent OOB access in nft_byteorder_eval") which is a related
issue. I think that the reason we have not detected this bug in testing
is that most of time we only write one element.
Fixes: ce1e7989d989 ("netfilter: nft_byteorder: provide 64bit le/be conversion")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
[Ajay: Modified to apply on v4.19.y]
Signed-off-by: Ajay Kaher <ajay.kaher@broadcom.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit fca41e5b687e029f69e3a35a2fa31e2560e538dc)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
[ Upstream commit d694b754894c93fb4d71a7f3699439dec111decc ]
xt_check_{match,target} expects u16, but NFTA_RULE_COMPAT_PROTO is u32.
NLA_POLICY_MAX(NLA_BE32, 65535) cannot be used because .max in
nla_policy is s16, see 3e48be05f3c7 ("netlink: add attribute range
validation to policy").
Fixes: 0ca743a55991 ("netfilter: nf_tables: add compatibility layer for x_tables")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 1d769e2dc5444c3ab3010887d7c3cda76a0310e7)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
[ Upstream commit 292781c3c5485ce33bd22b2ef1b2bed709b4d672 ]
Flag (1 << 0) is ignored is set, never used, reject it it with EINVAL
instead.
Fixes: 0ca743a55991 ("netfilter: nf_tables: add compatibility layer for x_tables")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 56fb2bf4ab8c91a2e078553497b6c5b2f1dac699)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
[ Upstream commit 259eb32971e9eb24d1777a28d82730659f50fdcb ]
Module reference is bumped for each user, this should not ever happen.
But BUG_ON check should use rcu_access_pointer() instead.
If this ever happens, do WARN_ON_ONCE() instead of BUG_ON() and
consolidate pointer check under the rcu read side lock section.
Fixes: fab4085f4e24 ("netfilter: log: nf_log_packet() as real unified interface")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit b0b2937fda85f1eaf885527518993a035cfa13bc)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
commit f342de4e2f33e0e39165d8639387aa6c19dff660 upstream.
This reverts commit e0abdadcc6e1.
core.c:nf_hook_slow assumes that the upper 16 bits of NF_DROP
verdicts contain a valid errno, i.e. -EPERM, -EHOSTUNREACH or similar,
or 0.
Due to the reverted commit, its possible to provide a positive
value, e.g. NF_ACCEPT (1), which results in use-after-free.
Its not clear to me why this commit was made.
NF_QUEUE is not used by nftables; "queue" rules in nftables
will result in use of "nft_queue" expression.
If we later need to allow specifiying errno values from userspace
(do not know why), this has to call NF_DROP_GETERR and check that
"err <= 0" holds true.
Fixes: e0abdadcc6e1 ("netfilter: nf_tables: accept QUEUE/DROP verdict parameters")
Cc: stable@vger.kernel.org
Reported-by: Notselwyn <notselwyn@pwning.tech>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 8365e9d92b85fda975a5ece7a3a139cb964018c8)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
[ Upstream commit b462579b2b86a8f5230543cadd3a4836be27baf7 ]
nftables has two types of sets/maps, one where userspace defines the
name, and anonymous sets/maps, where userspace defines a template name.
For the latter, kernel requires presence of exactly one "%d".
nftables uses "__set%d" and "__map%d" for this. The kernel will
expand the format specifier and replaces it with the smallest unused
number.
As-is, userspace could define a template name that allows to move
the set name past the 256 bytes upperlimit (post-expansion).
I don't see how this could be a problem, but I would prefer if userspace
cannot do this, so add a limit of 16 bytes for the '%d' template name.
16 bytes is the old total upper limit for set names that existed when
nf_tables was merged initially.
Fixes: 387454901bd6 ("netfilter: nf_tables: Allow set names of up to 255 chars")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit de19690509d3fe9374922b36bb5f2de25d76f75c)
[Harshit: Minor conflicts resolved - contextual changes, due to missing
commit 88bae77d6606851afe7c6d5ee ]
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
[ Upstream commit d6938c1c76c64f42363d0d1f051e1b4641c2ad40 ]
Inside decrement_ttl() upon discovering that the packet ttl has exceeded,
__IP_INC_STATS and __IP6_INC_STATS macros can be called from preemptible
context having the following backtrace:
check_preemption_disabled: 48 callbacks suppressed
BUG: using __this_cpu_add() in preemptible [00000000] code: curl/1177
caller is decrement_ttl+0x217/0x830
CPU: 5 PID: 1177 Comm: curl Not tainted 6.7.0+ #34
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0xbd/0xe0
check_preemption_disabled+0xd1/0xe0
decrement_ttl+0x217/0x830
__ip_vs_get_out_rt+0x4e0/0x1ef0
ip_vs_nat_xmit+0x205/0xcd0
ip_vs_in_hook+0x9b1/0x26a0
nf_hook_slow+0xc2/0x210
nf_hook+0x1fb/0x770
__ip_local_out+0x33b/0x640
ip_local_out+0x2a/0x490
__ip_queue_xmit+0x990/0x1d10
__tcp_transmit_skb+0x288b/0x3d10
tcp_connect+0x3466/0x5180
tcp_v4_connect+0x1535/0x1bb0
__inet_stream_connect+0x40d/0x1040
inet_stream_connect+0x57/0xa0
__sys_connect_file+0x162/0x1a0
__sys_connect+0x137/0x160
__x64_sys_connect+0x72/0xb0
do_syscall_64+0x6f/0x140
entry_SYSCALL_64_after_hwframe+0x6e/0x76
RIP: 0033:0x7fe6dbbc34e0
Use the corresponding preemption-aware variants: IP_INC_STATS and
IP6_INC_STATS.
Found by Linux Verification Center (linuxtesting.org).
Fixes: 8d8e20e2d7bb ("ipvs: Decrement ttl")
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Acked-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@kernel.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 614235859d46cae23af6120f48bca9c4250a5392)
[conflict due to missing commit bdb7cc643fc9db8d6ed9a2b9e524e27ac5882029
("ipv6: Count interface receive statistics on the ingress netdev")]
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
commit f1082dd31fe461d482d69da2a8eccfeb7bf07ac2 upstream.
An nftables family is merely a hollow container, its family just a
number and such not reliant on compile-time options other than nftables
support itself. Add an artificial check so attempts at using a family
the kernel can't support fail as early as possible. This helps user
space detect kernels which lack e.g. NFPROTO_INET.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 087d38ae0fd5a9a41b949e97601b4b0d09336f19)
[fixed conflicts due to cleanup commits and new-feature commits:
- 88bae77d6606 netfilter: nf_tables: use net_generic infra for transaction data
- f102d66b335a netfilter: nf_tables: use dedicated mutex to guard transactions
- 36dd1bcc07e5 netfilter: nf_tables: initial support for extended ACK reporting
- cac20fcdf146 netfilter: nf_tables: simplify lookup functions
- 98319cb90898 netfilter: nf_tables: get rid of struct nft_af_info abstraction
- 36596dadf54a netfilter: nf_tables: add single table list for all families]
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
* 'android-4.14-stable' of https://android.googlesource.com/kernel/common: (2966 commits)
Linux 4.14.331
net: sched: fix race condition in qdisc_graft()
scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids
ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
ext4: correct return value of ext4_convert_meta_bg
ext4: correct offset of gdb backup in non meta_bg group to update_backups
ext4: apply umask if ACL support is disabled
media: venus: hfi: fix the check to handle session buffer requirement
media: sharp: fix sharp encoding
i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
net: dsa: lan9303: consequently nested-lock physical MDIO
ALSA: info: Fix potential deadlock at disconnection
parisc/pgtable: Do not drop upper 5 address bits of physical address
parisc: Prevent booting 64-bit kernels on PA1.x machines
mcb: fix error handling for different scenarios when parsing
jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev
genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
mmc: meson-gx: Remove setting of CMD_CFG_ERROR
PM: hibernate: Clean up sync_read handling in snapshot_write_next()
PM: hibernate: Use __get_safe_page() rather than touching the list
...
Change-Id: I755d2aa7c525ace28adc4aee433572b3110ea39b
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmVbJo4ACgkQONu9yGCS
aT6MuRAArWZBUJLWHjzUgtfMQqOwp04MpBkNaYHMo+GStPLpYWPF4g/clm6rnV70
Wiu/bEhrEzGnQj8KjexsoQee08ZEEEQiadISwUNhN3+Wue1/DYku6I5dOO2SI1Xv
dOEggfV9HhFkfKCnP04JN02Fj5Ffr5051XFIearFuyNMe+C1Wc7C24QVC4KqkVBD
2jZ8P1e1dZJw6kFCjqt0WXGb35rKvbo15xeACqAb5kPGhx/EV+uBCvdRKg1W/QpA
n1Ofw6ItmIyimA6+p7QOMLmkrCeoVO3R3cRps4TCMDAUrAkOcAdekD69ql+eBwXm
8cbK8iVs19XrTgsBaPBZxADf1nBgcG/3jYakZjkJ9b61Zin3kPsEkFMzhCPVY8VN
uUeU7rDnoLfRE2FtK+msaX72v+39WCgLRBDTRwLtclqzfmPYTVGFyY7764/+8avn
j/ZX/yD71if7A3lMMd7+JtR5cT4qlaA5Juk0KeiGceYEi+Th7xtS6k5NGf5oOBWB
JFNf+51iQ/L7DbZ4Qm/CDNnfYG3bGolgLp7PYj2S2nCh+cNITClHZDjXWsRaVol9
Yq/javUI3hB2vz8p9Cu7fNMyPCOEjTcOqkx3dNFNf5for7rJa1WfixR5RZx8vfr+
/SzZCdNpCYTVCtQKS9yA4BEb6Iin1OlXV9wZ1yEucHsdkvAlTpA=
=IEGn
-----END PGP SIGNATURE-----
Merge 4.14.330 into android-4.14-stable
Changes in 4.14.330
i40e: fix potential memory leaks in i40e_remove()
tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics()
tcp_metrics: do not create an entry from tcp_init_metrics()
wifi: rtlwifi: fix EDCA limit set by BT coexistence
thermal: core: prevent potential string overflow
ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
ipv6: avoid atomic fragment on GSO packets
clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
platform/x86: wmi: Fix probe failure when failing to register WMI devices
drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs
drm/radeon: possible buffer overflow
drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe()
ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator
firmware: ti_sci: Mark driver as non removable
hwrng: geode - fix accessing registers
ARM: 9321/1: memset: cast the constant byte to unsigned char
ext4: move 'ix' sanity check to corrent position
RDMA/hfi1: Workaround truncation compilation error
sh: bios: Revive earlyprintk support
ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
mfd: dln2: Fix double put in dln2_probe
tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency
dmaengine: ti: edma: handle irq_of_parse_and_map() errors
misc: st_core: Do not call kfree_skb() under spin_lock_irqsave()
USB: usbip: fix stub_dev hub disconnect
dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc()
pcmcia: cs: fix possible hung task and memory leak pccardd()
pcmcia: ds: fix refcount leak in pcmcia_device_add()
pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
media: s3c-camif: Avoid inappropriate kfree()
media: dvb-usb-v2: af9035: fix missing unlock
pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
llc: verify mac len before reading mac header
tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
dccp: Call security_inet_conn_request() after setting IPv4 addresses.
dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
tg3: power down device only on SYSTEM_POWER_OFF
netfilter: xt_recent: fix (increase) ipv6 literal buffer length
fbdev: fsl-diu-fb: mark wr_reg_wa() static
Revert "mmc: core: Capture correct oemid-bits for eMMC cards"
btrfs: use u64 for buffer sizes in the tree search ioctls
Linux 4.14.330
Change-Id: I2bb580dc3744e11c39a496a65530feaaf5fdb08a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmVLYR4ACgkQONu9yGCS
aT448g/+LRDS1oRdCqLs2FG+Ys/l7LZOF/5qFb0hznE6O7YTJVK0r5TkSA188Z3X
xPKwkGxvbL0j1bzQahqtwERljytYN7v5RR5AZAkK7358SwDCBTrLUMp9OC6B5LeG
cVsQ8t9qHHcDvTbQDPGaLqD+DWwhMczy56g7iAO/lV0dyxxRFCkp1txSnjeRKB5c
fOnZDqvZv/9BgHfOcyaItheNRQLr2G6ldt/wXcerwN6zintUBTjKt5VrELbon//6
hyJpuc/uqu+OJykiz451OzL5C0jlWwD5/aV2zQUDGHP+8yPoWI/H8b1VNQGsAzMv
cDwNj97GU2yNaisOyOZIBWE0zMc+NZy2yjbNYVTVn7DAi4Ve88iW7fMdWmwAK7il
bjxMZ/VpKiPPykgdnHa5/05E78aSJ+5hpHP5GduI4gfU20RQUdP0Ne7AR4pXnl/q
eO8cEaZUhS6Vz90ROn7NfWGMvAif54Ru0cRnVYyObLe87BLosNiQQHwkZVXv4Moh
p2OPlTEpJuZNMXdtxp7IXTTYODoAtAngMurWdOGbOv6jpywOMohKxKmZFs2wUVla
f7BNaPu0a871PkAdbZkV8qMAWyA9QNiacUkN6Cd6aa8phwWZIbpLizdUCrwedPEM
FAFaxVGNdFMXAxaTzVppKzfKtl2ROlYlPzmHWq9K40nVyIBL8iE=
=Joup
-----END PGP SIGNATURE-----
Merge 4.14.329 into android-4.14-stable
Changes in 4.14.329
mcb: Return actual parsed size when reading chameleon table
mcb-lpc: Reallocate memory region to avoid memory overlapping
virtio_balloon: Fix endless deflation and inflation on arm64
treewide: Spelling fix in comment
igb: Fix potential memory leak in igb_add_ethtool_nfc_entry
r8152: Increase USB control msg timeout to 5000ms as per spec
tcp: fix wrong RTO timeout when received SACK reneging
gtp: uapi: fix GTPA_MAX
i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR
i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node()
i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node()
i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
perf/core: Fix potential NULL deref
NFS: Don't call generic_error_remove_page() while holding locks
ARM: 8933/1: replace Sun/Solaris style flag on section directive
drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper()
kobject: Fix slab-out-of-bounds in fill_kobj_path()
f2fs: fix to do sanity check on inode type during garbage collection
nfsd: lock_rename() needs both directories to live on the same fs
x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility
x86/mm: Simplify RESERVE_BRK()
x86/mm: Fix RESERVE_BRK() for older binutils
driver: platform: Add helper for safer setting of driver_override
rpmsg: Fix kfree() of static memory on setting driver_override
rpmsg: Fix calling device_lock() on non-initialized device
rpmsg: glink: Release driver_override
rpmsg: Fix possible refcount leak in rpmsg_register_device_override()
x86: Fix .brk attribute in linker script
ASoC: simple-card: fixup asoc_simple_probe() error handling
irqchip/stm32-exti: add missing DT IRQ flag translation
dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe
Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport
fbdev: atyfb: only use ioremap_uc() on i386 and ia64
netfilter: nfnetlink_log: silence bogus compiler warning
ASoC: rt5650: fix the wrong result of key button
fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit()
scsi: mpt3sas: Fix in error path
platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
net: chelsio: cxgb4: add an error code check in t4_load_phy_fw
ata: ahci: fix enum constants for gcc-13
remove the sx8 block driver
vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device
usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility
tty: 8250: Remove UC-257 and UC-431
tty: 8250: Add support for additional Brainboxes UC cards
tty: 8250: Add support for Brainboxes UP cards
tty: 8250: Add support for Intashield IS-100
Linux 4.14.329
Change-Id: If187990b63eb0e3467f9d483ab7638db2640d0f3
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
