kernel / kernel-source

Clone
Source Code
GIT

Files

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   SLE12-SP5
  2.   patches.kabi
  3.   netfilter-preserve-KABI-for-struct-nft_set.patch
Blob Blame History Raw 
From 6c08892259f70aedb151bb8b209d00df58fead21 Mon Sep 17 00:00:00 2001
From: Denis Kirjanov <denis.kirjanov@suse.com>
Date: Mon, 8 Jan 2024 15:29:12 +0300
Subject: [PATCH] netfilter: preserve KABI for struct nft_set
Patch-mainline: never, KABI workaround
References: bsc#1202095 CVE-2022-2586
---
 include/net/netfilter/nf_tables.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index ed965c62240e..072c30a72751 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -384,8 +384,6 @@ struct nft_set {
 	struct list_head		list;
 	struct list_head		bindings;
 	char				name[NFT_SET_MAXNAMELEN];
-	struct nft_table		*table;
-	possible_net_t			net;
 	u32				ktype;
 	u32				dtype;
 	u32				objtype;
@@ -403,6 +401,10 @@ struct nft_set {
 					genmask:2;
 	u8				klen;
 	u8				dlen;
+#ifndef __GENKSYMS__
+	struct nft_table		*table;
+	possible_net_t			net;
+#endif
 	unsigned char			data[]
 		__attribute__((aligned(__alignof__(u64))));
 };
-- 
2.16.4
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.