immediate verdict expression needs to allocate one slot in the flow offload
action array, however, immediate data expression does not need to do so.
fwd and dup expression need to allocate one slot, this is missing.
Add a new offload_action interface to report if this expression needs to
allocate one slot in the flow offload action array.
Fixes: be2861dc36d7 ("netfilter: nft_{fwd,dup}_netdev: add offload support")
Reported-and-tested-by: Nick Gregory <email address hidden>
Signed-off-by: Pablo Neira Ayuso <email address hidden>
(backported from commit b1a5983f56e371046dcf164f90bfaf704d2b89f6 net.git)
[cascardo: there is no offload_stats at struct nft_expr_ops]
CVE-2022-25636
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Andrea Righi <email address hidden>
6117db3...
by
Max Kellermann <email address hidden>
lib/iov_iter: initialize "flags" in new pipe_buffer
The functions copy_page_to_iter_pipe() and push_pipe() can both
allocate a new pipe_buffer, but the "flags" member initializer is
missing.
Fixes: 241699cd72a8 ("new iov_iter flavour: pipe-backed")
To: Alexander Viro <email address hidden>
To: <email address hidden>
To: <email address hidden>
Cc: <email address hidden>
Signed-off-by: Max Kellermann <email address hidden>
Signed-off-by: Al Viro <email address hidden>
(cherry picked from commit 9d2231c5d74e13b2a0546fee6737ee4446017903)
CVE-2022-0847
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Kamal Mostafa <email address hidden>
Acked-by: Andrea Righi <email address hidden>
