On (09/27/16 19:03), Sergey Senozhatsky wrote:

Hello,

On (09/27/16 16:40), Stephen Rothwell wrote:

quoted

Changes since 20160923:

seems that commit e3b37f11e6e4e6b6 ("netfilter: replace list_head with
single linked list") breaks the build on !CONFIG_NETFILTER_INGRESS systems
accessing ->nf_hooks_ingress

static void nf_set_hooks_head(struct net *net, const struct nf_hook_ops *reg,
                             struct nf_hook_entry *entry)
{
       switch (reg->pf) {
       case NFPROTO_NETDEV:
               /* We already checked in nf_register_net_hook() that this is
                * used from ingress.
                */
               rcu_assign_pointer(reg->dev->nf_hooks_ingress, entry);
					^^^^^^^^^^^^^^^^^^^^

so I see two commits in linux-next now that fix the commit in question in
two patches

 : commit 7816ec564ec40ae20bb7925f733a181cad0cc491 ("netfilter: accommodate
 : different kconfig in nf_set_hooks_head")
 :
 :    When CONFIG_NETFILTER_INGRESS is unset (or no), we need to handle
 :    the request for registration properly by dropping the hook.  This
 :    releases the entry during the set.
 :
 :    Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list")

and

 : commit 5119e4381a90fabd3442bde02707cbd9e5d7367a ("netfilter: Fix potential
 : null pointer dereference")
 :
 :    It's possible for nf_hook_entry_head to return NULL.  If two
 :    nf_unregister_net_hook calls happen simultaneously with a single hook
 :    entry in the list, both will enter the nf_hook_mutex critical section.
 :    The first will successfully delete the head, but the second will see
 :    this NULL pointer and attempt to dereference.
 :
 :    This fix ensures that no null pointer dereference could occur when such
 :    a condition happens.
 :
 :    Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list")


do you guys plan to fold those into "e3b37f11e6e4" (a preferred way)
or will send it out as 3 separate patches (um, why) ?

	-ss