diff --git a/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch b/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch index fe6f40a..08e3783 100644 --- a/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch +++ b/patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch @@ -14,10 +14,10 @@ Signed-off-by: Fabian Grünbichler 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/dev.c b/net/core/dev.c -index fce980d531bd..5079a3851798 100644 +index 404125e7a57a..365707a07058 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -10257,7 +10257,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list) +@@ -10258,7 +10258,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list) if (time_after(jiffies, warning_time + READ_ONCE(netdev_unregister_timeout_secs) * HZ)) { list_for_each_entry(dev, list, todo_list) { diff --git a/patches/kernel/0008-netfilter-nf_tables-deactivate-anonymous-set-from-pr.patch b/patches/kernel/0008-netfilter-nf_tables-deactivate-anonymous-set-from-pr.patch deleted file mode 100644 index dca4e0d..0000000 --- a/patches/kernel/0008-netfilter-nf_tables-deactivate-anonymous-set-from-pr.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Tue, 2 May 2023 10:25:24 +0200 -Subject: [PATCH] netfilter: nf_tables: deactivate anonymous set from - preparation phase - -Toggle deleted anonymous sets as inactive in the next generation, so -users cannot perform any update on it. Clear the generation bitmask -in case the transaction is aborted. - -The following KASAN splat shows a set element deletion for a bound -anonymous set that has been already removed in the same transaction. - -[ 64.921510] ================================================================== -[ 64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables] -[ 64.924745] Write of size 8 at addr dead000000000122 by task test/890 -[ 64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253 -[ 64.931120] Call Trace: -[ 64.932699] -[ 64.934292] dump_stack_lvl+0x33/0x50 -[ 64.935908] ? nf_tables_commit+0xa24/0x1490 [nf_tables] -[ 64.937551] kasan_report+0xda/0x120 -[ 64.939186] ? nf_tables_commit+0xa24/0x1490 [nf_tables] -[ 64.940814] nf_tables_commit+0xa24/0x1490 [nf_tables] -[ 64.942452] ? __kasan_slab_alloc+0x2d/0x60 -[ 64.944070] ? nf_tables_setelem_notify+0x190/0x190 [nf_tables] -[ 64.945710] ? kasan_set_track+0x21/0x30 -[ 64.947323] nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink] -[ 64.948898] ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink] - -Signed-off-by: Pablo Neira Ayuso -Signed-off-by: Thomas Lamprecht ---- - include/net/netfilter/nf_tables.h | 1 + - net/netfilter/nf_tables_api.c | 12 ++++++++++++ - net/netfilter/nft_dynset.c | 2 +- - net/netfilter/nft_lookup.c | 2 +- - net/netfilter/nft_objref.c | 2 +- - 5 files changed, 16 insertions(+), 3 deletions(-) - -diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h -index 9430128aae99..06815130e861 100644 ---- a/include/net/netfilter/nf_tables.h -+++ b/include/net/netfilter/nf_tables.h -@@ -619,6 +619,7 @@ struct nft_set_binding { - }; - - enum nft_trans_phase; -+void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set); - void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set, - struct nft_set_binding *binding, - enum nft_trans_phase phase); -diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c -index 6023c9f72cdc..26255c2a6692 100644 ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -4932,12 +4932,24 @@ static void nf_tables_unbind_set(const struct nft_ctx *ctx, struct nft_set *set, - } - } - -+void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set) -+{ -+ if (nft_set_is_anonymous(set)) -+ nft_clear(ctx->net, set); -+ -+ set->use++; -+} -+EXPORT_SYMBOL_GPL(nf_tables_activate_set); -+ - void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set, - struct nft_set_binding *binding, - enum nft_trans_phase phase) - { - switch (phase) { - case NFT_TRANS_PREPARE: -+ if (nft_set_is_anonymous(set)) -+ nft_deactivate_next(ctx->net, set); -+ - set->use--; - return; - case NFT_TRANS_ABORT: -diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c -index 274579b1696e..bd19c7aec92e 100644 ---- a/net/netfilter/nft_dynset.c -+++ b/net/netfilter/nft_dynset.c -@@ -342,7 +342,7 @@ static void nft_dynset_activate(const struct nft_ctx *ctx, - { - struct nft_dynset *priv = nft_expr_priv(expr); - -- priv->set->use++; -+ nf_tables_activate_set(ctx, priv->set); - } - - static void nft_dynset_destroy(const struct nft_ctx *ctx, -diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c -index cae5a6724163..925392bab58a 100644 ---- a/net/netfilter/nft_lookup.c -+++ b/net/netfilter/nft_lookup.c -@@ -167,7 +167,7 @@ static void nft_lookup_activate(const struct nft_ctx *ctx, - { - struct nft_lookup *priv = nft_expr_priv(expr); - -- priv->set->use++; -+ nf_tables_activate_set(ctx, priv->set); - } - - static void nft_lookup_destroy(const struct nft_ctx *ctx, -diff --git a/net/netfilter/nft_objref.c b/net/netfilter/nft_objref.c -index 7b01aa2ef653..d985d361ed8a 100644 ---- a/net/netfilter/nft_objref.c -+++ b/net/netfilter/nft_objref.c -@@ -185,7 +185,7 @@ static void nft_objref_map_activate(const struct nft_ctx *ctx, - { - struct nft_objref_map *priv = nft_expr_priv(expr); - -- priv->set->use++; -+ nf_tables_activate_set(ctx, priv->set); - } - - static void nft_objref_map_destroy(const struct nft_ctx *ctx,