| Message ID | 1675725865-3724-1-git-send-email-bodong@nvidia.com |
|---|---|
| Headers | show
Return-Path: <kernel-team-bounces@lists.ubuntu.com> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256 header.s=selector2 header.b=YRp2r+AT; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4P9j5w04mhz23r8 for <incoming@patchwork.ozlabs.org>; Tue, 7 Feb 2023 10:24:52 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from <kernel-team-bounces@lists.ubuntu.com>) id 1pPAqq-0005SF-UZ; Mon, 06 Feb 2023 23:24:44 +0000 Received: from mail-bn1nam02on2042.outbound.protection.outlook.com ([40.107.212.42] helo=NAM02-BN1-obe.outbound.protection.outlook.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from <bodong@nvidia.com>) id 1pPAqp-0005Ry-C5 for kernel-team@lists.ubuntu.com; Mon, 06 Feb 2023 23:24:43 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZHHBmAYPucsL59HlYI1bJ45hv9T+GYf9fsxLNMfNH+Gk5hFOq29OFtlG5kfNQbzQv5U9zNEGxbuwGtk+dbmWMlCtdLykwMcIzpRxJnP/nu/JEgAxAD9cH+fqJgNMqx8f3Z434xktDiviszAyOTHDRIleHfcABcm55UT8XWRFVoZ/12hUeWSkxkNtJXmOVi8tA2sOVAJiwcOsOcVsiy1jKgyNgZ1bflbz93sb0+NCUNhuVPvjFrRtAdpuD/2RzlQq12tlg+DCvSocp0KIHeSkRfR2JIjpnI/mREaI/7PPHeM3pTb9Kn1oTkQKuAnIYnotB3Kav2bA506+3PWAEkfhZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=i595eDcNFCaIUWAOMh6K+MX7NLCgV38OIenIkBTeHhE=; b=dN84SABkLtxgGsj+Kpm4b4QGlnM9UeBhC84nYQMhjCpMsPy4DV8PYoDMIUI7ks0OxlVE2zSkhcIs3xhYUP7siauArwkj/f0ooTcBLrCtdvPfKhmVtn9UqJvEAwom8YtHLIllCvZJ5OwTRSbVNZsU7wvsQyDkeaBUAZZ70fxYd7FMdtZE7cTEi18oW8cK1aKYmxNv7ZbFKidyy5ZWA/0t8lxfoHYikQDZ+GwlOq10XGsLjcpOyhNPuJabLdLxqOQstrx78fDIxAMrW7cf1iltWxDJ9fFry9AsoyLCCGWGieGDfNr7kio62KdjE69Y61Z7ckcYNLFkipZeEmHb1eWUVQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.160) smtp.rcpttodomain=lists.ubuntu.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i595eDcNFCaIUWAOMh6K+MX7NLCgV38OIenIkBTeHhE=; b=YRp2r+ATwlIzztsm4Qdef3bkKLa84iUHsJlX7qauyZgHWYsKdUnt1vJUjkTAQYvQ3MZmZNaDdxWI/N/E0gGhydFOgWzwlBNrDPMFCLjZp4wBUpWlvnb69uu4m7d++Uv398yILg79DtLm48L+LbuY156ro9T048dCRL1rNugdiZguQHbSbZEdaLNtg2fWuK49kiGbhHBdLFEZjbAc2zAHP47+1SMm3xK1mwtrPYHLRkqGkS9MyO0tRYRnUukAvopa+5z+ct8A2HSBrrdA8J9w3iRCbhs2FVVXNc2oxxFkuGHBNsx/ByVQXsA3WKZTFlxqE256IK1NLPbpDRTlIuqB+A== Received: from BN9PR03CA0537.namprd03.prod.outlook.com (2603:10b6:408:131::32) by SA3PR12MB7974.namprd12.prod.outlook.com (2603:10b6:806:307::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.31; Mon, 6 Feb 2023 23:24:40 +0000 Received: from BN8NAM11FT097.eop-nam11.prod.protection.outlook.com (2603:10b6:408:131:cafe::92) by BN9PR03CA0537.outlook.office365.com (2603:10b6:408:131::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.35 via Frontend Transport; Mon, 6 Feb 2023 23:24:40 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.160) by BN8NAM11FT097.mail.protection.outlook.com (10.13.176.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.34 via Frontend Transport; Mon, 6 Feb 2023 23:24:39 +0000 Received: from rnnvmail202.nvidia.com (10.129.68.7) by mail.nvidia.com (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.36; Mon, 6 Feb 2023 15:24:29 -0800 Received: from rnnvmail203.nvidia.com (10.129.68.9) by rnnvmail202.nvidia.com (10.129.68.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.36; Mon, 6 Feb 2023 15:24:29 -0800 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.129.68.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.36 via Frontend Transport; Mon, 6 Feb 2023 15:24:29 -0800 Received: from sw-mtx-016.mtx.labs.mlnx. (sw-mtx-016.mtx.labs.mlnx [10.9.150.102]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 316NOQwq003953; Tue, 7 Feb 2023 01:24:26 +0200 From: Bodong Wang <bodong@nvidia.com> To: <kernel-team@lists.ubuntu.com> Subject: [SRU][F:linux-bluefield][PATCH 0/3] Fix nft_do_chain crash when doing DDOS attack Date: Mon, 6 Feb 2023 17:24:22 -0600 Message-ID: <1675725865-3724-1-git-send-email-bodong@nvidia.com> X-Mailer: git-send-email 1.8.3.1 MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM11FT097:EE_|SA3PR12MB7974:EE_ X-MS-Office365-Filtering-Correlation-Id: 45a7c159-295f-408f-78c9-08db089951ce X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: zKw4usAPdxXeoMo77SHyCu5mvKwil0uc6MC3Dmh9P0gU+MXqmX+//IzVeg6mw8dcqUXIoNeAAmrHjFVhhBKJWE8BJ8BfXkdhvR2aic4yqwhlmllRLT/jLmvvnTUgAXrd4MpHeGlvY7t5hKX8z/QkEbf1VFH4fkOukNjpD/iYSIy1PwY6qCxJQwWuR84EmpZWQGXL7JR5OS36XmGMAlM6dBIgks99aNw3WKEpdRNgyElsLmgnjG+0tR53DuP/2kvppEebLBLf7d/9r0dxQ55XCgYso6iBN98Hf68km5RNlga/wWm8h1f9slV7BwCHTPpAzoZmVhL86IOfBNiWjsspXMhJuJr2b0HHolpKryfr9lPFhrZxVb/HOKrWCtjXdfKEqNOEGhrZA3yznZc9bso5pUsRzbEUqt5kXy7e5jog2GwlWgxrmbdHTGaXWINU+yL0U2iTC9TfkG7iutG1ulJubWOkzADdJEtAcL6nxV+hXJeKM5TcpMbN0r0fayBOHlZI4OTg/OgDgW68P935AAdMvkEEL1eYudj6I1IYvM6q+d4MiTIQS5qhfUKUcTHKCyucOIKq3XzcjRpTConkvQa0VsSuIqgaoNuizKukiZiuPcs9arWh/zhAuQRRX8zr6Fd5AK1WNVC05I3QoIF57GiVyOzWVG3GHWbzNuJ7kh/8BeZ4/KK7XBxJGcODjayj/8UmKL4FOcqlNC9m5Tc15SNd5g== X-Forefront-Antispam-Report: CIP:216.228.117.160; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge1.nvidia.com; CAT:NONE; SFS:(13230025)(4636009)(346002)(376002)(39860400002)(136003)(396003)(451199018)(40470700004)(46966006)(36840700001)(5660300002)(356005)(186003)(82310400005)(2616005)(47076005)(8936002)(82740400003)(107886003)(70586007)(6666004)(70206006)(83380400001)(36860700001)(336012)(7636003)(6916009)(4326008)(8676002)(26005)(41300700001)(478600001)(54906003)(40460700003)(86362001)(40480700001)(36756003)(316002)(4744005)(2906002); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Feb 2023 23:24:39.6530 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 45a7c159-295f-408f-78c9-08db089951ce X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.160]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT097.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR12MB7974 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com> List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>, <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe> List-Archive: <https://lists.ubuntu.com/archives/kernel-team> List-Post: <mailto:kernel-team@lists.ubuntu.com> List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help> List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>, <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe> Cc: vlad@nvidia.com, bodong@nvidia.com, witu@nvidia.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com> |
| Series |
Fix nft_do_chain crash when doing DDOS attack
|
expand
|
Second commit is missing the cherry-pick line. Aside from that:
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
On 07.02.23 00:24, Bodong Wang wrote: > When doing DDOS attack on port 22, there is deference of an uninitialized > pointer from nf_tables. > > The patches addressed the uninitialized pointers. > > Pablo Neira Ayuso (3): > netfilter: nf_tables: constify nft_reg_load{8, 16, 64}() > netfilter: nft_set_bitmap: initialize set element extension in lookups > netfilter: nf_tables: do not update stateful expressions if lookup is > inverted > > include/net/netfilter/nf_tables.h | 8 ++++---- > net/netfilter/nft_lookup.c | 12 +++++++----- > net/netfilter/nft_set_bitmap.c | 1 + > 3 files changed, 12 insertions(+), 9 deletions(-) > v2 labelled as v1 around...
When doing DDOS attack on port 22, there is deference of an uninitialized pointer from nf_tables. The patches addressed the uninitialized pointers. Pablo Neira Ayuso (3): netfilter: nf_tables: constify nft_reg_load{8, 16, 64}() netfilter: nft_set_bitmap: initialize set element extension in lookups netfilter: nf_tables: do not update stateful expressions if lookup is inverted include/net/netfilter/nf_tables.h | 8 ++++---- net/netfilter/nft_lookup.c | 12 +++++++----- net/netfilter/nft_set_bitmap.c | 1 + 3 files changed, 12 insertions(+), 9 deletions(-)