21 Jan, 2020
1 commit
-
The bitmap allocation did not use full unsigned long sizes
when calculating the required size and that was triggered by KASAN
as slab-out-of-bounds read in several places. The patch fixes all
of them.Reported-by: syzbot+fabca5cbf5e54f3fe2de@syzkaller.appspotmail.com
Reported-by: syzbot+827ced406c9a1d9570ed@syzkaller.appspotmail.com
Reported-by: syzbot+190d63957b22ef673ea5@syzkaller.appspotmail.com
Reported-by: syzbot+dfccdb2bdb4a12ad425e@syzkaller.appspotmail.com
Reported-by: syzbot+df0d0f5895ef1f41a65b@syzkaller.appspotmail.com
Reported-by: syzbot+b08bd19bb37513357fd4@syzkaller.appspotmail.com
Reported-by: syzbot+53cdd0ec0bbabd53370a@syzkaller.appspotmail.com
Signed-off-by: Jozsef Kadlecsik
Signed-off-by: Pablo Neira Ayuso
14 Jan, 2020
1 commit
-
map->members is freed by ip_set_free() right before using it in
mtype_ext_cleanup() again. So we just have to move it down.Reported-by: syzbot+4c3cc6dbe7259dbf9054@syzkaller.appspotmail.com
Fixes: 40cd63bf33b2 ("netfilter: ipset: Support extensions which need a per data destroy function")
Acked-by: Jozsef Kadlecsik
Signed-off-by: Cong Wang
Signed-off-by: Pablo Neira Ayuso
08 Oct, 2019
1 commit
-
The inline function-specifier should not be used for static functions
defined in .c files since it bloats the kernel. Instead leave the
compiler to decide which functions to inline.While a couple of the files affected (ip_set_*_gen.h) are technically
headers, they contain templates for generating the common parts of
particular set-types and so we treat them like .c files.Signed-off-by: Jeremy Sowden
Acked-by: Jozsef Kadlecsik
Signed-off-by: Pablo Neira Ayuso
25 Jun, 2019
1 commit
-
Resolve conflict between d2912cb15bdd ("treewide: Replace GPLv2
boilerplate/reference with SPDX - rule 500") removing the GPL disclaimer
and fe03d4745675 ("Update my email address") which updates Jozsef
Kadlecsik's email.Signed-off-by: Pablo Neira Ayuso
19 Jun, 2019
1 commit
-
Based on 2 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license version 2 as
published by the free software foundationthis program is free software you can redistribute it and or modify
it under the terms of the gnu general public license version 2 as
published by the free software foundation #extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 4122 file(s).
Signed-off-by: Thomas Gleixner
Reviewed-by: Enrico Weigelt
Reviewed-by: Kate Stewart
Reviewed-by: Allison Randal
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190604081206.933168790@linutronix.de
Signed-off-by: Greg Kroah-Hartman
10 Jun, 2019
1 commit
-
It's better to use my kadlec@netfilter.org email address in
the source code. I might not be able to use
kadlec@blackhole.kfki.hu in the future.Signed-off-by: Jozsef Kadlecsik
Signed-off-by: Jozsef Kadlecsik
28 Apr, 2019
1 commit
-
After the previous commit, both ipset_nest_start() and ipset_nest_end() are
just aliases for nla_nest_start() and nla_nest_end() so that there is no
need to keep them.Signed-off-by: Michal Kubecek
Acked-by: Jozsef Kadlecsik
Signed-off-by: David S. Miller
09 Jan, 2018
2 commits
-
The matching of the counters was not taken into account, fixed.
Signed-off-by: Jozsef Kadlecsik
Signed-off-by: Pablo Neira Ayuso -
When sets are extremely large we can get softlockup during ipset -L.
We could fix this by adding cond_resched_rcu() at the right location
during iteration, but this only works if RCU nesting depth is 1.At this time entire variant->list() is called under under rcu_read_lock_bh.
This used to be a read_lock_bh() but as rcu doesn't really lock anything,
it does not appear to be needed, so remove it (ipset increments set
reference count before this, so a set deletion should not be possible).Reported-by: Li Shuang
Signed-off-by: Florian Westphal
Acked-by: Jozsef Kadlecsik
Signed-off-by: Pablo Neira Ayuso
18 Oct, 2017
1 commit
-
In preparation for unconditionally passing the struct timer_list pointer to
all timer callbacks, switch to using the new timer_setup() and from_timer()
to pass the timer pointer explicitly. This introduces a pointer back to the
struct ip_set, which is used instead of the struct timer_list .data field.Cc: Pablo Neira Ayuso
Cc: Jozsef Kadlecsik
Cc: Florian Westphal
Cc: "David S. Miller"
Cc: Stephen Hemminger
Cc: simran singhal
Cc: Muhammad Falak R Wani
Cc: netfilter-devel@vger.kernel.org
Cc: coreteam@netfilter.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook
Signed-off-by: David S. Miller
07 Apr, 2017
1 commit
-
The following Coccinelle script was used to detect this:
@r@
expression x;
void* e;
type T;
identifier f;
@@
(
*((T *)e)
|
((T *)x)[...]
|
((T*)x)->f
|- (T*)
e
)Unnecessary parantheses are also remove.
Signed-off-by: simran singhal
Reviewed-by: Stephen Hemminger
Signed-off-by: Pablo Neira Ayuso
10 Nov, 2016
4 commits
-
Use setup_timer() and instead of init_timer(), being the preferred way
of setting up a timer.Also, quoting the mod_timer() function comment:
-> mod_timer() is a more efficient way to update the expire field of an
active timer (if the timer is inactive it will be activated).Use setup_timer() and mod_timer() to setup and arm a timer, making the
code compact and easier to read.Signed-off-by: Muhammad Falak R Wani
Signed-off-by: Jozsef Kadlecsik -
Non-static (i.e. comment) extension was not counted into the memory
size. A new internal counter is introduced for this. In the case of
the hash types the sizes of the arrays are counted there as well so
that we can avoid to scan the whole set when just the header data
is requested.Signed-off-by: Jozsef Kadlecsik
-
It is better to list the set elements for all set types, thus the
header information is uniform. Element counts are therefore added
to the bitmap and list types.Signed-off-by: Jozsef Kadlecsik
-
Hash types already has it's memsize calculation code in separate
functions. Clean up and do the same for *bitmap* and *list* sets.Ported from a patch proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
28 Mar, 2016
1 commit
-
This fix adds a new reference counter (ref_netlink) for the struct ip_set.
The other reference counter (ref) can be swapped out by ip_set_swap and we
need a separate counter to keep track of references for netlink events
like dump. Using the same ref counter for dump causes a race condition
which can be demonstrated by the following script:ipset create hash_ip1 hash:ip family inet hashsize 1024 maxelem 500000 \
counters
ipset create hash_ip2 hash:ip family inet hashsize 300000 maxelem 500000 \
counters
ipset create hash_ip3 hash:ip family inet hashsize 1024 maxelem 500000 \
countersipset save &
ipset swap hash_ip3 hash_ip2
ipset destroy hash_ip3 /* will crash the machine */Swap will exchange the values of ref so destroy will see ref = 0 instead of
ref = 1. With this fix in place swap will not succeed because ipset save
still has ref_netlink on the set (ip_set_swap doesn't swap ref_netlink).Both delete and swap will error out if ref_netlink != 0 on the set.
Note: The changes to *_head functions is because previously we would
increment ref whenever we called these functions, we don't do that
anymore.Reviewed-by: Joshua Hunt
Signed-off-by: Vishwanath Pai
Signed-off-by: Jozsef Kadlecsik
Signed-off-by: Pablo Neira Ayuso
07 Nov, 2015
1 commit
-
The data extensions in ipset lacked the proper memory alignment and
thus could lead to kernel crash on several architectures. Therefore
the structures have been reorganized and alignment attributes added
where needed. The patch was tested on armv7h by Gerhard Wiesinger and
on x86_64, sparc64 by Jozsef Kadlecsik.Reported-by: Gerhard Wiesinger
Tested-by: Gerhard Wiesinger
Tested-by: Jozsef Kadlecsik
Signed-off-by: Jozsef Kadlecsik
14 Jun, 2015
2 commits
-
Signed-off-by: Jozsef Kadlecsik
-
There's nothing much required because the bitmap types use atomic
bit operations. However the logic of adding elements slightly changed:
first the MAC address updated (which is not atomic), then the element
activated (added). The extensions may call kfree_rcu() therefore we
call rcu_barrier() at module removal.Signed-off-by: Jozsef Kadlecsik
16 Sep, 2014
1 commit
-
Add skbinfo extension kernel support for the bitmap set types.
Inroduce the new revisions of bitmap_ip, bitmap_ipmac and bitmap_port set types.Signed-off-by: Anton Danilov
Signed-off-by: Jozsef Kadlecsik
22 Oct, 2013
1 commit
-
Instead of cb->data, use callback dump args only and introduce symbolic
names instead of plain numbers at accessing the argument members.Signed-off-by: Jozsef Kadlecsik
Signed-off-by: Pablo Neira Ayuso
01 Oct, 2013
7 commits
-
Signed-off-by: Jozsef Kadlecsik
-
This provides kernel support for creating bitmap ipsets with comment
support.As is the case for hashes, this incurs a penalty when flushing or
destroying the entire ipset as the entries must first be walked in order
to free the comment strings. This penalty is of course far less than the
cost of listing an ipset to userspace. Any set created without support
for comments will be flushed/destroyed as before.Signed-off-by: Oliver Smith
Signed-off-by: Jozsef Kadlecsik -
Signed-off-by: Jozsef Kadlecsik
-
Default timeout and extension offsets are moved to struct set, because
all set types supports all extensions and it makes possible to generalize
extension support.Signed-off-by: Jozsef Kadlecsik
-
Signed-off-by: Jozsef Kadlecsik
-
Reported-by: David Laight
Signed-off-by: Jozsef Kadlecsik -
Suggested-by: Pablo Neira Ayuso
Signed-off-by: Jozsef Kadlecsik
30 Apr, 2013
2 commits
-
Signed-off-by: Jozsef Kadlecsik
Signed-off-by: Pablo Neira Ayuso -
Signed-off-by: Jozsef Kadlecsik
Signed-off-by: Pablo Neira Ayuso