linux/net at e06e1d530776eb8ffee649e738f54957eead5986 - linux - sys114

shinys000114/linux

mirror of https://github.com/hardkernel/linux.git synced 2026-06-07 19:30:30 +09:00

Files

History

Vasily Khoruzhick 5a1eeb5383 netfilter: conntrack: fix calculation of next bucket number in early_drop

commit f393808dc6 upstream.

If there's no entry to drop in bucket that corresponds to the hash,
early_drop() should look for it in other buckets. But since it increments
hash instead of bucket number, it actually looks in the same bucket 8
times: hsize is 16k by default (14 bits) and hash is 32-bit value, so
reciprocal_scale(hash, hsize) returns the same value for hash..hash+7 in
most cases.

Fix it by increasing bucket number instead of hash and rename _hash
to bucket to avoid future confusion.

Fixes: 3e86638e9a ("netfilter: conntrack: consider ct netns in early_drop logic")
Cc: <stable@vger.kernel.org> # v4.7+
Signed-off-by: Vasily Khoruzhick <vasilykh@arista.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2023-05-15 09:27:08 +09:00

..

6lowpan: iphc: reset mac_header after decompress to fix panic

2023-05-15 08:28:39 +09:00

9p: clear dangling pointers in p9stat_free

2023-05-15 09:26:32 +09:00

…

vlan: also check phy_driver ts_info for vlan's real device

2018-04-13 19:48:34 +02:00

appletalk: use IS_ENABLED() instead of checking for built-in or module

2016-09-10 21:19:10 -07:00

net: atm: Fix potential Spectre v1

2018-05-16 10:08:44 +02:00

ax25: Fix segfault after sock connection timeout

2017-02-04 09:47:09 +01:00

batman-adv: fix hardif_neigh refcount on queue_work() failure

2023-05-15 09:06:53 +09:00

Bluetooth: SMP: fix crash in unpairing

2023-05-15 09:11:48 +09:00

net: bridge: remove ipv6 zero address check in mcast queries

2023-05-15 09:14:52 +09:00

net: caif: Add a missing rcu_read_unlock() in caif_flow_cb

2023-05-12 17:13:20 +09:00

can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once

2018-01-31 12:55:50 +01:00

libceph: validate con->state at the top of try_write()

2018-05-01 15:13:09 -07:00

cgroup, netclassid: add a preemption point to write_classid

2023-05-15 09:20:01 +09:00

net: dcb: For wild-card lookups, use priority -1, not 0

2023-05-15 08:14:38 +09:00

inet: make sure to grab rcu_read_lock before using ireq->ireq_opt

2023-05-15 09:02:06 +09:00

dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock

2018-02-25 11:05:44 +01:00

KEYS: DNS: fix parsing multiple options

2023-05-12 16:29:40 +09:00

net: dsa: Do not suspend/resume closed slave_dev

2023-05-12 16:45:23 +09:00

net: introduce device min_header_len

2017-02-18 15:11:43 +01:00

hsr: fix incorrect warning

2018-04-13 19:48:29 +02:00

inet: frags: fix ip6frag_low_thresh boundary

2023-05-15 09:02:22 +09:00

net/ipv4: defensive cipso option parsing

2023-05-15 09:20:36 +09:00

ip6_tunnel: Fix encapsulation layout

2023-05-15 09:15:10 +09:00

ipx: call ipxitf_put() in ioctl error path

2017-05-25 15:44:41 +02:00

irda: Fix memory leak caused by repeated binds of irda socket

2023-05-12 17:27:16 +09:00

net/iucv: Free memory obtained by kzalloc

2018-03-31 18:11:34 +02:00

kcm: Fix use-after-free caused by clonned sockets

2018-06-13 16:16:42 +02:00

af_key: Always verify length of provided sadb_key

2018-06-16 09:52:32 +02:00

l2tp: remove configurable payload offset

2023-05-15 09:14:11 +09:00

net: ipv6: Remove l3mdev_get_saddr6

2016-09-10 23:12:53 -07:00

…

llc: set SOCK_RCU_FREE in llc_sap_add_socket()

2023-05-15 09:14:54 +09:00

mac80211: fix TX aggregation start/stop callback race

2023-05-15 09:12:37 +09:00

net: mac802154: tx: expand tailroom if necessary

2023-05-12 17:22:30 +09:00

mpls, nospec: Sanitize array index in mpls_label_ok()

2018-03-11 16:21:34 +01:00

net/ncsi: Improve HNCDSC AEN handler

2016-10-20 11:23:08 -04:00

netfilter: conntrack: fix calculation of next bucket number in early_drop

2023-05-15 09:27:08 +09:00

netlabel: check for IPV4MASK in addrinfo_get

2023-05-15 09:01:53 +09:00

netlink: Don't shift on 64 for ngroups

2023-05-12 16:46:06 +09:00

…

net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.

2023-05-12 16:29:47 +09:00

openvswitch: Remove padding from packet before L3+ conntrack processing

2018-05-30 07:50:23 +02:00

packet: refine ring v3 block size test to hold one frame

2023-05-12 17:07:55 +09:00

…

net: qrtr: Broadcast messages only from control port

2023-05-12 17:06:21 +09:00

rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp

2023-05-15 09:13:01 +09:00

Merge 4.9.100 into android-4.9

2018-05-16 11:39:34 +02:00

…

rxrpc: Only take the rwind and mtu values from latest ACK

2023-05-15 09:14:45 +09:00

net: sched: gred: pass the right attribute to gred_change_table_def()

2023-05-15 09:14:57 +09:00

sctp: fix race on sctp_id2asoc

2023-05-15 09:15:02 +09:00

strparser: Fix incorrect strp->need_bytes value.

2018-04-29 11:32:02 +02:00

nfsd: Fix an Oops in free_session()

2023-05-15 09:22:55 +09:00

switchdev: Execute bridge ndos only for bridge ports

2016-10-19 10:58:04 -04:00

tipc: fix a race condition of releasing subscriber object

2023-05-15 09:12:27 +09:00

19af5c5 dtv_demod: add AGC control for board t309 [1/1]

2019-05-06 21:14:10 +08:00

vsock: split dwork to avoid reinitializations

2023-05-12 16:57:03 +09:00

…

nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT

2023-05-15 09:11:46 +09:00

net: x25: fix one potential use-after-free issue

2018-04-13 19:48:00 +02:00

xfrm: policy: use hlist rcu variants on insert

2023-05-15 09:19:09 +09:00

compat.c

net: support compat 64-bit time in {s,g}etsockopt

2018-05-19 10:26:58 +02:00

Kconfig

add support for clang Control Flow Integrity (CFI)

2018-02-28 15:09:58 -08:00

Makefile

strparser: Stream parser for messages

2016-08-17 19:36:23 -04:00

socket.c

net: socket: fix a missing-check bug

2023-05-15 09:14:58 +09:00

sysctl_net.c

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

2016-10-06 09:52:23 -07:00