[SRU,Bionic,0/1] Fix kernel panic in netfilter

Message ID	20190221104243.7704-1-kai.heng.feng@canonical.com
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> From: Kai-Heng Feng <kai.heng.feng@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [SRU] [Bionic] [PATCH 0/1] Fix kernel panic in netfilter Date: Thu, 21 Feb 2019 18:42:42 +0800 Message-Id: <20190221104243.7704-1-kai.heng.feng@canonical.com> Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>
Series	Fix kernel panic in netfilter \| expand [SRU,Bionic,0/1] Fix kernel panic in netfilter [1/1] netfilter: ipset: Fix wraparound in hash:net types

Message ID

20190221104243.7704-1-kai.heng.feng@canonical.com

Headers

From: Kai-Heng Feng <kai.heng.feng@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU] [Bionic] [PATCH 0/1] Fix kernel panic in netfilter
Date: Thu, 21 Feb 2019 18:42:42 +0800
Message-Id: <20190221104243.7704-1-kai.heng.feng@canonical.com>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

Series

Fix kernel panic in netfilter | expand

Message

Kai-Heng Feng Feb. 21, 2019, 10:42 a.m. UTC

BugLink: https://bugs.launchpad.net/bugs/1811394

[Impact]
ipset-nuclear script [1] casues a kernel panic.

[Fix]
"Fix wraparound bug which could lead to memory exhaustion when adding an
x.x.x.x-255.255.255.255 range to any hash:*net* types."

[Test]
User feedbacked this patch solves the issue.

[Regression Potential]
Low. It's also in upstream stable v4.14.

[1] https://github.com/DevelopersPL/pkgbuild/blob/master/ipset-nuclear/ipset-nuclear

Jozsef Kadlecsik (1):
  netfilter: ipset: Fix wraparound in hash:*net* types

 net/netfilter/ipset/ip_set_hash_ipportnet.c  | 26 +++++++--------
 net/netfilter/ipset/ip_set_hash_net.c        |  9 +++--
 net/netfilter/ipset/ip_set_hash_netiface.c   |  9 +++--
 net/netfilter/ipset/ip_set_hash_netnet.c     | 28 ++++++++--------
 net/netfilter/ipset/ip_set_hash_netport.c    | 19 ++++++-----
 net/netfilter/ipset/ip_set_hash_netportnet.c | 35 ++++++++++----------
 6 files changed, 63 insertions(+), 63 deletions(-)

Comments

Khalid Elmously March 4, 2019, 1:58 a.m. UTC | #1

On 2019-02-21 18:42:42 , Kai-Heng Feng wrote:
> BugLink: https://bugs.launchpad.net/bugs/1811394
> 
> [Impact]
> ipset-nuclear script [1] casues a kernel panic.
> 
> [Fix]
> "Fix wraparound bug which could lead to memory exhaustion when adding an
> x.x.x.x-255.255.255.255 range to any hash:*net* types."
> 
> [Test]
> User feedbacked this patch solves the issue.
> 
> [Regression Potential]
> Low. It's also in upstream stable v4.14.
> 
> [1] https://github.com/DevelopersPL/pkgbuild/blob/master/ipset-nuclear/ipset-nuclear
> 
> Jozsef Kadlecsik (1):
>   netfilter: ipset: Fix wraparound in hash:*net* types
> 
>  net/netfilter/ipset/ip_set_hash_ipportnet.c  | 26 +++++++--------
>  net/netfilter/ipset/ip_set_hash_net.c        |  9 +++--
>  net/netfilter/ipset/ip_set_hash_netiface.c   |  9 +++--
>  net/netfilter/ipset/ip_set_hash_netnet.c     | 28 ++++++++--------
>  net/netfilter/ipset/ip_set_hash_netport.c    | 19 ++++++-----
>  net/netfilter/ipset/ip_set_hash_netportnet.c | 35 ++++++++++----------
>  6 files changed, 63 insertions(+), 63 deletions(-)
> 
> -- 
> 2.17.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team