Search String: Display: Description: Sort:

Results:

References: [ +subject:/^(?:^\s*(re|sv|fwd|fw)[\[\]\d]*[:>-]+\s*)*\[PATCH\s+12\/26\]\s+netfilter\:\s+switch\s+nf_setsockopt\s+to\s+sockptr_t\s*$/: 9 ]

Total 9 documents matching your query.

1. Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t (score: 1)
Author: "Jason A. Donenfeld" <Jason@xxxxxxxxx>
Date: Tue, 28 Jul 2020 10:17:28 +0200
Right, I had the same reaction in reading this, but actually, his code gets rid of the sockptr_advance stuff entirely and never mutates, so even though my point about attacking those pointers was mis
/html/lvs-devel/2020-07/msg00148.html (17,965 bytes)

2. RE: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t (score: 1)
Author: David Laight <David.Laight@xxxxxxxxxx>
Date: Tue, 28 Jul 2020 08:07:11 +0000
That doesn't make (much) difference to the code paths that ignore the user-supplied length. OTOH doing the user/kernel check on the base address (not an incremented one) means that the correct copy f
/html/lvs-devel/2020-07/msg00147.html (17,351 bytes)

3. Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t (score: 1)
Author: "Jason A. Donenfeld" <Jason@xxxxxxxxx>
Date: Mon, 27 Jul 2020 18:21:21 +0200
Getting rid of sockptr_advance entirely seems like the right decision here. You still might want to make sure the addition in copy_from_sockptr_offset doesn't overflow, and return -EFAULT if it does
/html/lvs-devel/2020-07/msg00145.html (31,349 bytes)

4. Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t (score: 1)
Author: Christoph Hellwig <hch@xxxxxx>
Date: Mon, 27 Jul 2020 18:23:57 +0200
I already have a patch to use access_ok to check the whole range in init_user_sockptr.
/html/lvs-devel/2020-07/msg00144.html (14,755 bytes)

5. Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t (score: 1)
Author: "Jason A. Donenfeld" <Jason@xxxxxxxxx>
Date: Mon, 27 Jul 2020 18:16:32 +0200
I haven't seen Ido's patch, but it seems clear the issue is that you want to call `sockptr_advance(&arg, sizeof(tmp))`, and adjust sockptr_advance to take a pointer. Slight concern about the whole co
/html/lvs-devel/2020-07/msg00143.html (19,471 bytes)

6. Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t (score: 1)
Author: Christoph Hellwig <hch@xxxxxx>
Date: Mon, 27 Jul 2020 18:16:15 +0200
Can you try the patch below? -- sockptr_advance never properly worked. Replace it with _offset variants of copy_from_sockptr and copy_to_sockptr. Fixes: ba423fdaa589 ("net: add a new sockptr_t type")
/html/lvs-devel/2020-07/msg00142.html (27,322 bytes)

7. Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t (score: 1)
Author: Christoph Hellwig <hch@xxxxxx>
Date: Mon, 27 Jul 2020 17:06:01 +0200
This is another use o sockptr_advance that Ido already found a problem in. I'm looking into this at the moment..
/html/lvs-devel/2020-07/msg00140.html (17,273 bytes)

8. Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t (score: 1)
Author: "Jason A. Donenfeld" <Jason@xxxxxxxxx>
Date: Mon, 27 Jul 2020 17:03:10 +0200
Hi Christoph, Something along this path seems to have broken with this patch. An invocation of `iptables -A INPUT -m length --length 1360 -j DROP` now fails, with nf_setsockopt->do_replace->translate
/html/lvs-devel/2020-07/msg00139.html (16,874 bytes)

9. [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t (score: 1)
Author: Christoph Hellwig <hch@xxxxxx>
Date: Thu, 23 Jul 2020 08:08:54 +0200
Pass a sockptr_t to prepare for set_fs-less handling of the kernel pointer from bpf-cgroup. Signed-off-by: Christoph Hellwig <hch@xxxxxx> -- include/linux/netfilter.h | 6 ++++-- net/bridge/netfilter/
/html/lvs-devel/2020-07/msg00105.html (35,037 bytes)


This search system is powered by Namazu