linux-next

mirror of https://github.com/edk2-porting/linux-next.git synced 2025-01-21 12:04:03 +08:00

Mainline Linux tree for various devices, only for fun :)

Go to file

Stefano Brivio 33d077996a netfilter: nft_set_rbtree: Don't account for expired elements on insertion While checking the validity of insertion in __nft_rbtree_insert(), we currently ignore conflicting elements and intervals only if they are not active within the next generation. However, if we consider expired elements and intervals as potentially conflicting and overlapping, we'll return error for entries that should be added instead. This is particularly visible with garbage collection intervals that are comparable with the element timeout itself, as reported by Mike Dillinger. Other than the simple issue of denying insertion of valid entries, this might also result in insertion of a single element (opening or closing) out of a given interval. With single entries (that are inserted as intervals of size 1), this leads in turn to the creation of new intervals. For example: # nft add element t s { 192.0.2.1 } # nft list ruleset [...] elements = { 192.0.2.1-255.255.255.255 } Always ignore expired elements active in the next generation, while checking for conflicts. It might be more convenient to introduce a new macro that covers both inactive and expired items, as this type of check also appears quite frequently in other set back-ends. This is however beyond the scope of this fix and can be deferred to a separate patch. Other than the overlap detection cases introduced by commit `7c84d41416` ("netfilter: nft_set_rbtree: Detect partial overlaps on insertion"), we also have to cover the original conflict check dealing with conflicts between two intervals of size 1, which was introduced before support for timeout was introduced. This won't return an error to the user as -EEXIST is masked by nft if NLM_F_EXCL is not given, but would result in a silent failure adding the entry. Reported-by: Mike Dillinger <miked@softtalker.com> Cc: <stable@vger.kernel.org> # 5.6.x Fixes: `8d8540c4f5` ("netfilter: nft_set_rbtree: add timeout support") Fixes: `7c84d41416` ("netfilter: nft_set_rbtree: Detect partial overlaps on insertion") Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>		2020-06-08 20:42:00 +02:00
arch	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-next	2020-06-07 17:25:29 -07:00
block	for-5.8/drivers-2020-06-01	2020-06-02 15:37:03 -07:00
certs	.gitignore: add SPDX License Identifier	2020-03-25 11:50:48 +01:00
crypto	crypto: engine - do not requeue in case of fatal error	2020-05-28 17:27:52 +10:00
Documentation	This is the bulk of pin control changes for the v5.8	2020-06-07 16:13:43 -07:00
drivers	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-06-07 17:27:45 -07:00
fs	Tag summary	2020-06-07 16:04:49 -07:00
include	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-06-07 17:27:45 -07:00
init	Kbuild updates for v5.8	2020-06-06 12:00:25 -07:00
ipc	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-06-03 16:27:18 -07:00
kernel	Char/Misc driver patches for 5.8-rc1	2020-06-07 10:59:32 -07:00
lib	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-06-07 17:27:45 -07:00
LICENSES	LICENSES: Rename other to deprecated	2019-05-03 06:34:32 -06:00
mm	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-next	2020-06-07 17:25:29 -07:00
net	netfilter: nft_set_rbtree: Don't account for expired elements on insertion	2020-06-08 20:42:00 +02:00
samples	Kbuild updates for v5.8	2020-06-06 12:00:25 -07:00
scripts	Fix for arch/sh build regression with newer binutils, removal of SH5,	2020-06-06 15:22:01 -07:00
security	Tag summary	2020-06-07 16:04:49 -07:00
sound	powerpc updates for 5.8	2020-06-05 12:39:30 -07:00
tools	Intel Icelake NTB support, Intel driver bug fixes, and lots of bug fixes	2020-06-07 16:08:41 -07:00
usr	bpfilter: match bit size of bpfilter_umh to that of the kernel	2020-05-17 18:52:01 +09:00
virt	A fair amount of stuff this time around, dominated by yet another massive	2020-06-01 15:45:27 -07:00
.clang-format	block: add bio_for_each_bvec_all()	2020-05-25 11:25:24 +02:00
.cocciconfig	scripts: add Linux .cocciconfig for coccinelle	2016-07-22 12:13:39 +02:00
.get_maintainer.ignore	Opt out of scripts/get_maintainer.pl	2019-05-16 10:53:40 -07:00
.gitattributes	.gitattributes: use 'dts' diff driver for dts files	2019-12-04 19:44:11 -08:00
.gitignore	modpost: generate vmlinux.symvers and reuse it for the second modpost	2020-06-06 23:38:12 +09:00
.mailmap	A fair amount of stuff this time around, dominated by yet another massive	2020-06-01 15:45:27 -07:00
COPYING	COPYING: state that all contributions really are covered by this file	2020-02-10 13:32:20 -08:00
CREDITS	mailmap: change email for Ricardo Ribalda	2020-05-25 18:59:59 -06:00
Kbuild	kbuild: rename hostprogs-y/always to hostprogs/always-y	2020-02-04 01:53:07 +09:00
Kconfig	kbuild: ensure full rebuild when the compiler is updated	2020-05-12 13:28:33 +09:00
MAINTAINERS	This is the bulk of pin control changes for the v5.8	2020-06-07 16:13:43 -07:00
Makefile	Kbuild updates for v5.8	2020-06-06 12:00:25 -07:00
README	Drop all 00-INDEX files from Documentation/	2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.