mbox

[net,0/3] Netfilter fixes for net

Message ID 20240822001707.2116-1-pablo@netfilter.org (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show

Pull-request

git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-24-08-22

Message

Pablo Neira Ayuso Aug. 22, 2024, 12:17 a.m. UTC
Hi,

The following patchset contains Netfilter fixes for net:

Patch #1 disable BH when collecting stats via hardware offload to ensure
	 concurrent updates from packet path do not result in losing stats.
	 From Sebastian Andrzej Siewior.

Patch #2 uses write seqcount to reset counters serialize against reader.
	 Also from Sebastian Andrzej Siewior.

Patch #3 ensures vlan header is in place before accessing its fields,
	 according to KMSAN splat triggered by syzbot.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-24-08-22

Thanks.

----------------------------------------------------------------

The following changes since commit 807067bf014d4a3ae2cc55bd3de16f22a01eb580:

  kcm: Serialise kcm_sendmsg() for the same socket. (2024-08-19 18:36:12 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-24-08-22

for you to fetch changes up to 0509ac6c6a9a282ade4ad79b04665395691f73b1:

  netfilter: flowtable: validate vlan header (2024-08-21 23:42:49 +0200)

----------------------------------------------------------------
netfilter pull request 24-08-22

----------------------------------------------------------------
Pablo Neira Ayuso (1):
      netfilter: flowtable: validate vlan header

Sebastian Andrzej Siewior (2):
      netfilter: nft_counter: Disable BH in nft_counter_offload_stats().
      netfilter: nft_counter: Synchronize nft_counter_reset() against reader.

 net/netfilter/nf_flow_table_inet.c | 3 +++
 net/netfilter/nf_flow_table_ip.c   | 3 +++
 net/netfilter/nft_counter.c        | 9 +++++++--
 3 files changed, 13 insertions(+), 2 deletions(-)