korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 04:18:39 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,156,581 Commits 111 Branches 5,164 Tags 3.4 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
b6b6e43047
Go to file
Florian Westphal b6b6e43047 netfilter: nf_tables: prefer nft_chain_validate 
commit cff3bd012a upstream.

nft_chain_validate already performs loop detection because a cycle will
result in a call stack overflow (ctx->level >= NFT_JUMP_STACK_SIZE).

It also follows maps via ->validate callback in nft_lookup, so there
appears no reason to iterate the maps again.

nf_tables_check_loops() and all its helper functions can be removed.
This improves ruleset load time significantly, from 23s down to 12s.

This also fixes a crash bug. Old loop detection code can result in
unbounded recursion:

BUG: TASK stack guard page was hit at ....
Oops: stack guard page: 0000 [#1] PREEMPT SMP KASAN
CPU: 4 PID: 1539 Comm: nft Not tainted 6.10.0-rc5+ #1
[..]

with a suitable ruleset during validation of register stores.

I can't see any actual reason to attempt to check for this from
nft_validate_register_store(), at this point the transaction is still in
progress, so we don't have a full picture of the rule graph.

For nf-next it might make sense to either remove it or make this depend
on table->validate_state in case we could catch an error earlier
(for improved error reporting to userspace).

Fixes: 20a69341f2 ("netfilter: nf_tables: add netlink set API")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-08-14 13:53:03 +02:00
arch x86/mtrr: Check if fixed MTRRs exist before saving them 2024-08-14 13:52:59 +02:00
block block/mq-deadline: Fix the tag reservation code 2024-08-14 13:53:02 +02:00
certs certs: Fix build error when PKCS#11 URI contains semicolon 2023-02-09 11:28:11 +01:00
crypto crypto: aead,cipher - zeroize key buffer after use 2024-07-11 12:47:05 +02:00
Documentation smb3: fix setting SecurityFlags when encryption is required 2024-08-14 13:52:59 +02:00
drivers Revert "drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update" 2024-08-14 13:53:01 +02:00
fs xfs: fix log recovery buffer allocation for the legacy h_size fixup 2024-08-14 13:53:02 +02:00
include netfilter: nf_tables: allow clone callbacks to sleep 2024-08-14 13:53:03 +02:00
init rust: SHADOW_CALL_STACK is incompatible with Rust 2024-08-11 12:35:59 +02:00
io_uring io_uring: fix io_match_task must_hold 2024-08-03 08:49:53 +02:00
ipc sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table) 2024-08-11 12:35:51 +02:00
kernel sched/smt: Fix unbalance sched_smt_present dec/inc 2024-08-14 13:53:00 +02:00
lib kobject_uevent: Fix OOB access within zap_modalias_env() 2024-08-03 08:49:39 +02:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm mm/hugetlb: fix potential race in __update_and_free_hugetlb_folio() 2024-08-14 13:53:02 +02:00
net netfilter: nf_tables: prefer nft_chain_validate 2024-08-14 13:53:03 +02:00
rust rust: macros: fix soundness issue in module! macro 2024-05-17 11:56:17 +02:00
samples work around gcc bugs with 'asm goto' with outputs 2024-02-23 09:12:28 +01:00
scripts kbuild: avoid build error when single DTB is turned into composite DTB 2024-08-03 08:49:48 +02:00
security apparmor: Fix null pointer deref when receiving skb during sock creation 2024-08-03 08:49:50 +02:00
sound ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx 2024-08-14 13:52:58 +02:00
tools tools headers arm64: Sync arm64's cputype.h with the kernel sources 2024-08-14 13:53:02 +02:00
usr usr/gen_init_cpio.c: remove unnecessary -1 values from int file 2022-10-03 14:21:44 -07:00
virt KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() 2024-06-27 13:46:21 +02:00
.clang-format inet: ping: use hlist_nulls rcu iterator during lookup 2022-12-01 12:42:46 +01:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
.mailmap 9 hotfixes. 6 for MM, 3 for other areas. Four of these patches address 2022-12-10 17:10:52 -08:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Remove Michal Marek from Kbuild maintainers 2022-11-16 14:53:00 +09:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS MAINTAINERS: add leah to 6.1 MAINTAINERS file 2024-05-17 11:56:16 +02:00
Makefile Linux 6.1.104 2024-08-11 12:36:02 +02:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.