Commit f325ef72 authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf



Pablo Neira Ayuso says:

====================
Netfilter/IPVS fixes for net

The following patchset contains Netfilter/IPVS fixes for net:

1) Missing structure initialization in ebtables causes splat with
   32-bit user level on a 64-bit kernel, from Francesco Ruggeri.

2) Missing dependency on nf_defrag in IPVS IPv6 codebase, from
   Andrea Claudi.

3) Fix possible use-after-free from release path of target extensions.
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 41ceb5e8 753c111f
...@@ -29,6 +29,7 @@ config IP_VS_IPV6 ...@@ -29,6 +29,7 @@ config IP_VS_IPV6
bool "IPv6 support for IPVS" bool "IPv6 support for IPVS"
depends on IPV6 = y || IP_VS = IPV6 depends on IPV6 = y || IP_VS = IPV6
select IP6_NF_IPTABLES select IP6_NF_IPTABLES
select NF_DEFRAG_IPV6
---help--- ---help---
Add IPv6 support to IPVS. Add IPv6 support to IPVS.
......
...@@ -1536,14 +1536,12 @@ ip_vs_try_to_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb, ...@@ -1536,14 +1536,12 @@ ip_vs_try_to_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb,
/* sorry, all this trouble for a no-hit :) */ /* sorry, all this trouble for a no-hit :) */
IP_VS_DBG_PKT(12, af, pp, skb, iph->off, IP_VS_DBG_PKT(12, af, pp, skb, iph->off,
"ip_vs_in: packet continues traversal as normal"); "ip_vs_in: packet continues traversal as normal");
if (iph->fragoffs) {
/* Fragment that couldn't be mapped to a conn entry /* Fragment couldn't be mapped to a conn entry */
* is missing module nf_defrag_ipv6 if (iph->fragoffs)
*/
IP_VS_DBG_RL("Unhandled frag, load nf_defrag_ipv6\n");
IP_VS_DBG_PKT(7, af, pp, skb, iph->off, IP_VS_DBG_PKT(7, af, pp, skb, iph->off,
"unhandled fragment"); "unhandled fragment");
}
*verdict = NF_ACCEPT; *verdict = NF_ACCEPT;
return 0; return 0;
} }
......
...@@ -43,6 +43,7 @@ ...@@ -43,6 +43,7 @@
#ifdef CONFIG_IP_VS_IPV6 #ifdef CONFIG_IP_VS_IPV6
#include <net/ipv6.h> #include <net/ipv6.h>
#include <net/ip6_route.h> #include <net/ip6_route.h>
#include <net/netfilter/ipv6/nf_defrag_ipv6.h>
#endif #endif
#include <net/route.h> #include <net/route.h>
#include <net/sock.h> #include <net/sock.h>
...@@ -895,6 +896,7 @@ ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest, ...@@ -895,6 +896,7 @@ ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest,
{ {
struct ip_vs_dest *dest; struct ip_vs_dest *dest;
unsigned int atype, i; unsigned int atype, i;
int ret = 0;
EnterFunction(2); EnterFunction(2);
...@@ -905,6 +907,10 @@ ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest, ...@@ -905,6 +907,10 @@ ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest,
atype & IPV6_ADDR_LINKLOCAL) && atype & IPV6_ADDR_LINKLOCAL) &&
!__ip_vs_addr_is_local_v6(svc->ipvs->net, &udest->addr.in6)) !__ip_vs_addr_is_local_v6(svc->ipvs->net, &udest->addr.in6))
return -EINVAL; return -EINVAL;
ret = nf_defrag_ipv6_enable(svc->ipvs->net);
if (ret)
return ret;
} else } else
#endif #endif
{ {
...@@ -1228,6 +1234,10 @@ ip_vs_add_service(struct netns_ipvs *ipvs, struct ip_vs_service_user_kern *u, ...@@ -1228,6 +1234,10 @@ ip_vs_add_service(struct netns_ipvs *ipvs, struct ip_vs_service_user_kern *u,
ret = -EINVAL; ret = -EINVAL;
goto out_err; goto out_err;
} }
ret = nf_defrag_ipv6_enable(ipvs->net);
if (ret)
goto out_err;
} }
#endif #endif
......
...@@ -315,6 +315,7 @@ nft_target_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr) ...@@ -315,6 +315,7 @@ nft_target_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr)
{ {
struct xt_target *target = expr->ops->data; struct xt_target *target = expr->ops->data;
void *info = nft_expr_priv(expr); void *info = nft_expr_priv(expr);
struct module *me = target->me;
struct xt_tgdtor_param par; struct xt_tgdtor_param par;
par.net = ctx->net; par.net = ctx->net;
...@@ -325,7 +326,7 @@ nft_target_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr) ...@@ -325,7 +326,7 @@ nft_target_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr)
par.target->destroy(&par); par.target->destroy(&par);
if (nft_xt_put(container_of(expr->ops, struct nft_xt, ops))) if (nft_xt_put(container_of(expr->ops, struct nft_xt, ops)))
module_put(target->me); module_put(me);
} }
static int nft_extension_dump_info(struct sk_buff *skb, int attr, static int nft_extension_dump_info(struct sk_buff *skb, int attr,
......
...@@ -1899,7 +1899,7 @@ static int __init xt_init(void) ...@@ -1899,7 +1899,7 @@ static int __init xt_init(void)
seqcount_init(&per_cpu(xt_recseq, i)); seqcount_init(&per_cpu(xt_recseq, i));
} }
xt = kmalloc_array(NFPROTO_NUMPROTO, sizeof(struct xt_af), GFP_KERNEL); xt = kcalloc(NFPROTO_NUMPROTO, sizeof(struct xt_af), GFP_KERNEL);
if (!xt) if (!xt)
return -ENOMEM; return -ENOMEM;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment