Commit 71229d04 authored Nov 02, 2021 by Jakub Kicinski

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

Pablo Neira Ayuso says:

====================
Netfilter/IPVS fixes for net

1) Fix mac address UAF reported by KASAN in nfnetlink_queue,
   from Florian Westphal.

2) Autoload genetlink IPVS on demand, from Thomas Weissschuh.

* git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf:
  ipvs: autoload ipvs on genl access
  netfilter: nfnetlink_queue: fix OOB when mac header was cleared
====================

Link: https://lore.kernel.org/r/20211101221528.236114-1-pablo@netfilter.org


Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parents d52bcb47 2199f562

net/netfilter/ipvs/ip_vs_ctl.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -48,6 +48,8 @@

		#include <net/ip_vs.h>

		MODULE_ALIAS_GENL_FAMILY(IPVS_GENL_NAME);

		/* semaphore for IPVS sockopts. And, [gs]etsockopt may sleep. */
		static DEFINE_MUTEX(__ip_vs_mutex);

net/netfilter/nfnetlink_queue.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -560,7 +560,7 @@ nfqnl_build_packet_message(struct net net, struct nfqnl_instance queue,
		goto nla_put_failure;

		if (indev && entskb->dev &&
		entskb->mac_header != entskb->network_header) {
		skb_mac_header_was_set(entskb)) {
		struct nfqnl_msg_packet_hw phw;
		int len;