diff mbox series

[net,01/13] netfilter: nft_compat: narrow down revision to unsigned 8-bits

Message ID 20240208112834.1433-2-pablo@netfilter.org (mailing list archive)
State Accepted
Commit 36fa8d697132b4bed2312d700310e8a78b000c84
Delegated to: Netdev Maintainers
Headers show
Series [net,01/13] netfilter: nft_compat: narrow down revision to unsigned 8-bits | expand

Checks

Context Check Description
netdev/series_format success Pull request is its own cover letter
netdev/tree_selection success Clearly marked for net
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag present in non-next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 1020 this patch: 1020
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers warning 1 maintainers not CCed: coreteam@netfilter.org
netdev/build_clang success Errors and warnings before: 1036 this patch: 1036
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 1037 this patch: 1037
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 24 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Pablo Neira Ayuso Feb. 8, 2024, 11:28 a.m. UTC 
xt_find_revision() expects u8, restrict it to this datatype.

Fixes: 0ca743a55991 ("netfilter: nf_tables: add compatibility layer for x_tables")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nft_compat.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

patchwork-bot+netdevbpf@kernel.org Feb. 8, 2024, 12:30 p.m. UTC | #1 
Hello:

This series was applied to netdev/net.git (main)
by Pablo Neira Ayuso <pablo@netfilter.org>:

On Thu,  8 Feb 2024 12:28:22 +0100 you wrote:
> xt_find_revision() expects u8, restrict it to this datatype.
> 
> Fixes: 0ca743a55991 ("netfilter: nf_tables: add compatibility layer for x_tables")
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> ---
>  net/netfilter/nft_compat.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)

Here is the summary with links:
  - [net,01/13] netfilter: nft_compat: narrow down revision to unsigned 8-bits
    https://git.kernel.org/netdev/net/c/36fa8d697132
  - [net,02/13] netfilter: nft_compat: reject unused compat flag
    https://git.kernel.org/netdev/net/c/292781c3c548
  - [net,03/13] netfilter: nft_compat: restrict match/target protocol to u16
    https://git.kernel.org/netdev/net/c/d694b754894c
  - [net,04/13] netfilter: nft_set_pipapo: remove static in nft_pipapo_get()
    https://git.kernel.org/netdev/net/c/ab0beafd52b9
  - [net,05/13] netfilter: ipset: Missing gc cancellations fixed
    https://git.kernel.org/netdev/net/c/27c5a095e251
  - [net,06/13] netfilter: ctnetlink: fix filtering for zone 0
    https://git.kernel.org/netdev/net/c/fa173a1b4e3f
  - [net,07/13] netfilter: nft_ct: reject direction for ct id
    https://git.kernel.org/netdev/net/c/38ed1c7062ad
  - [net,08/13] netfilter: nf_tables: use timestamp to check for set element timeout
    https://git.kernel.org/netdev/net/c/7395dfacfff6
  - [net,09/13] netfilter: nfnetlink_queue: un-break NF_REPEAT
    https://git.kernel.org/netdev/net/c/f82777e8ce6c
  - [net,10/13] netfilter: nft_set_rbtree: skip end interval element from gc
    https://git.kernel.org/netdev/net/c/60c0c230c6f0
  - [net,11/13] netfilter: nft_set_pipapo: store index in scratch maps
    https://git.kernel.org/netdev/net/c/76313d1a4aa9
  - [net,12/13] netfilter: nft_set_pipapo: add helper to release pcpu scratch area
    https://git.kernel.org/netdev/net/c/47b1c03c3c1a
  - [net,13/13] netfilter: nft_set_pipapo: remove scratch_aligned pointer
    https://git.kernel.org/netdev/net/c/5a8cdf6fd860

You are awesome, thank you!
Paolo Abeni Feb. 8, 2024, 2:51 p.m. UTC | #2 
On Thu, 2024-02-08 at 12:30 +0000, patchwork-bot+netdevbpf@kernel.org
wrote:
> Hello:
> 
> This series was applied to netdev/net.git (main)
> by Pablo Neira Ayuso <pablo@netfilter.org>:
> 
> On Thu,  8 Feb 2024 12:28:22 +0100 you wrote:
> > xt_find_revision() expects u8, restrict it to this datatype.
> > 
> > Fixes: 0ca743a55991 ("netfilter: nf_tables: add compatibility layer for x_tables")
> > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> > ---
> >  net/netfilter/nft_compat.c | 6 +++---
> >  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> Here is the summary with links:
>   - [net,01/13] netfilter: nft_compat: narrow down revision to unsigned 8-bits
>     https://git.kernel.org/netdev/net/c/36fa8d697132
>   - [net,02/13] netfilter: nft_compat: reject unused compat flag
>     https://git.kernel.org/netdev/net/c/292781c3c548
>   - [net,03/13] netfilter: nft_compat: restrict match/target protocol to u16
>     https://git.kernel.org/netdev/net/c/d694b754894c
>   - [net,04/13] netfilter: nft_set_pipapo: remove static in nft_pipapo_get()
>     https://git.kernel.org/netdev/net/c/ab0beafd52b9
>   - [net,05/13] netfilter: ipset: Missing gc cancellations fixed
>     https://git.kernel.org/netdev/net/c/27c5a095e251
>   - [net,06/13] netfilter: ctnetlink: fix filtering for zone 0
>     https://git.kernel.org/netdev/net/c/fa173a1b4e3f
>   - [net,07/13] netfilter: nft_ct: reject direction for ct id
>     https://git.kernel.org/netdev/net/c/38ed1c7062ad
>   - [net,08/13] netfilter: nf_tables: use timestamp to check for set element timeout
>     https://git.kernel.org/netdev/net/c/7395dfacfff6
>   - [net,09/13] netfilter: nfnetlink_queue: un-break NF_REPEAT
>     https://git.kernel.org/netdev/net/c/f82777e8ce6c
>   - [net,10/13] netfilter: nft_set_rbtree: skip end interval element from gc
>     https://git.kernel.org/netdev/net/c/60c0c230c6f0
>   - [net,11/13] netfilter: nft_set_pipapo: store index in scratch maps
>     https://git.kernel.org/netdev/net/c/76313d1a4aa9
>   - [net,12/13] netfilter: nft_set_pipapo: add helper to release pcpu scratch area
>     https://git.kernel.org/netdev/net/c/47b1c03c3c1a
>   - [net,13/13] netfilter: nft_set_pipapo: remove scratch_aligned pointer
>     https://git.kernel.org/netdev/net/c/5a8cdf6fd860
> 
> You are awesome, thank you!

FTR, the patchwork bot went wild, I pulled _v2_ 

Cheers,

Paolo
diff mbox series

Patch

diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
index f0eeda97bfcd..001b6841a4b6 100644
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
@@ -135,7 +135,7 @@  static void nft_target_eval_bridge(const struct nft_expr *expr,
 
 static const struct nla_policy nft_target_policy[NFTA_TARGET_MAX + 1] = {
 	[NFTA_TARGET_NAME]	= { .type = NLA_NUL_STRING },
-	[NFTA_TARGET_REV]	= { .type = NLA_U32 },
+	[NFTA_TARGET_REV]	= NLA_POLICY_MAX(NLA_BE32, 255),
 	[NFTA_TARGET_INFO]	= { .type = NLA_BINARY },
 };
 
@@ -419,7 +419,7 @@  static void nft_match_eval(const struct nft_expr *expr,
 
 static const struct nla_policy nft_match_policy[NFTA_MATCH_MAX + 1] = {
 	[NFTA_MATCH_NAME]	= { .type = NLA_NUL_STRING },
-	[NFTA_MATCH_REV]	= { .type = NLA_U32 },
+	[NFTA_MATCH_REV]	= NLA_POLICY_MAX(NLA_BE32, 255),
 	[NFTA_MATCH_INFO]	= { .type = NLA_BINARY },
 };
 
@@ -724,7 +724,7 @@  static int nfnl_compat_get_rcu(struct sk_buff *skb,
 static const struct nla_policy nfnl_compat_policy_get[NFTA_COMPAT_MAX+1] = {
 	[NFTA_COMPAT_NAME]	= { .type = NLA_NUL_STRING,
 				    .len = NFT_COMPAT_NAME_MAX-1 },
-	[NFTA_COMPAT_REV]	= { .type = NLA_U32 },
+	[NFTA_COMPAT_REV]	= NLA_POLICY_MAX(NLA_BE32, 255),
 	[NFTA_COMPAT_TYPE]	= { .type = NLA_U32 },
 };