diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-16 16:54:42 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-16 16:54:42 +0100 |
| commit | 0a644a1a5d417e190a96cf7a788fcaf7d0557873 (patch) | |
| tree | 7521da037eb1178b2cb45fb51d96014ececba9a6 /queue-5.4 | |
| parent | 027ac97878e5d15d51f7dcd47a3e42f536792126 (diff) | |
| download | stable-queue-0a644a1a5d417e190a96cf7a788fcaf7d0557873.tar.gz | |
5.4-stable patches
added patches:
netfilter-nft_set_rbtree-skip-end-interval-element-from-gc.patch
Diffstat (limited to 'queue-5.4')
| -rw-r--r-- | queue-5.4/netfilter-nft_set_rbtree-skip-end-interval-element-from-gc.patch | 52 | ||||
| -rw-r--r-- | queue-5.4/series | 1 |
2 files changed, 53 insertions, 0 deletions
diff --git a/queue-5.4/netfilter-nft_set_rbtree-skip-end-interval-element-from-gc.patch b/queue-5.4/netfilter-nft_set_rbtree-skip-end-interval-element-from-gc.patch new file mode 100644 index 0000000000..9e3c6e0219 --- /dev/null +++ b/queue-5.4/netfilter-nft_set_rbtree-skip-end-interval-element-from-gc.patch @@ -0,0 +1,52 @@ +From 60c0c230c6f046da536d3df8b39a20b9a9fd6af0 Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Wed, 7 Feb 2024 18:49:51 +0100 +Subject: netfilter: nft_set_rbtree: skip end interval element from gc + +From: Pablo Neira Ayuso <pablo@netfilter.org> + +commit 60c0c230c6f046da536d3df8b39a20b9a9fd6af0 upstream. + +rbtree lazy gc on insert might collect an end interval element that has +been just added in this transactions, skip end interval elements that +are not yet active. + +Fixes: f718863aca46 ("netfilter: nft_set_rbtree: fix overlap expiration walk") +Cc: stable@vger.kernel.org +Reported-by: lonial con <kongln9170@gmail.com> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + net/netfilter/nft_set_rbtree.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +--- a/net/netfilter/nft_set_rbtree.c ++++ b/net/netfilter/nft_set_rbtree.c +@@ -237,8 +237,7 @@ static void nft_rbtree_gc_remove(struct + + static int nft_rbtree_gc_elem(const struct nft_set *__set, + struct nft_rbtree *priv, +- struct nft_rbtree_elem *rbe, +- u8 genmask) ++ struct nft_rbtree_elem *rbe) + { + struct nft_set *set = (struct nft_set *)__set; + struct rb_node *prev = rb_prev(&rbe->node); +@@ -257,7 +256,7 @@ static int nft_rbtree_gc_elem(const stru + while (prev) { + rbe_prev = rb_entry(prev, struct nft_rbtree_elem, node); + if (nft_rbtree_interval_end(rbe_prev) && +- nft_set_elem_active(&rbe_prev->ext, genmask)) ++ nft_set_elem_active(&rbe_prev->ext, NFT_GENMASK_ANY)) + break; + + prev = rb_prev(prev); +@@ -365,7 +364,7 @@ static int __nft_rbtree_insert(const str + */ + if (nft_set_elem_expired(&rbe->ext) && + nft_set_elem_active(&rbe->ext, cur_genmask)) { +- err = nft_rbtree_gc_elem(set, priv, rbe, genmask); ++ err = nft_rbtree_gc_elem(set, priv, rbe); + if (err < 0) + return err; + diff --git a/queue-5.4/series b/queue-5.4/series index 29bab991a6..82c3b879c4 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -200,3 +200,4 @@ input-atkbd-skip-atkbd_cmd_setleds-when-skipping-atkbd_cmd_getid.patch vhost-use-kzalloc-instead-of-kmalloc-followed-by-memset.patch net-stmmac-xgmac-use-define-for-string-constants.patch net-stmmac-xgmac-fix-a-typo-of-register-name-in-dpp-safety-handling.patch +netfilter-nft_set_rbtree-skip-end-interval-element-from-gc.patch |