Received: by 10.223.176.5 with SMTP id f5csp1399490wra;
        Wed, 31 Jan 2018 05:59:55 -0800 (PST)
X-Google-Smtp-Source: AH8x225PcAfgLlqGOFO/FxNFf3+IvD5jSACwlKgueEMAT29SLKJZcnj4DfBfvrzmOiXWHY8mNnF1
X-Received: by 10.99.97.200 with SMTP id v191mr27025052pgb.121.1517407195379;
        Wed, 31 Jan 2018 05:59:55 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517407195; cv=none;
        d=google.com; s=arc-20160816;
        b=lKZpVLq2hmjQAaKCTzWtMzyV8U7EiIXo1bWE4wdidXni4cKFyNNgJrZTfPKIQR1Mku
         of9CrrTHrnRSp82G9Y2kIknhQ08Gw4MsvIlJOqzwmeK425Nh70HvJT4CT6W5wcEm+BqF
         6ff+Z/KAtBIJBHUtnSEPCYeZ8PM6ta3IhT6tbGPXLtd5cgI66s1sM4ZGBZZAlDFBx7Ko
         AMBu3SZUH4FdJvSoPGuKcB3tLushEbr6TxrCQ+yOgOBiv6pt6XIj92JaUrIyVElUfJfb
         OFvEaSHDdEXdROamCaGPMsI+py0biHxQVNqqbb+00a8W37VC/WAnHwpEJHHSoaM0m/UP
         z/9g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=N2fTC7F5jdpc4UTLGP4liA5U8pvoywE+0tUy5TA9Nmo=;
        b=j2fzKYHBzME3l3FJ0/WGzSevVRqKRSgwCvW15IU94c9lAJhNekV/XU07xLY444y1E2
         gOnE01Zd2Rttz8+euE7D+Zvaw/VVKAIHrKHtThaDBj2xJGwlVO2dUNF+bJs/B6eqMl32
         7B+JDhu3iTaHBMN9oq32CKUuXkpxQW/rsW2FKPclKYttnTrVi87dTZ0+1sEL2M+WGm/R
         aHvcSdcm1vDK2n6pkgYlIoNT9INksSnEnhKcfDKfpuby0oWOGPtFzqeuR5YA9m1A3eRW
         5aE5379dCTHJLiC3/4BuTHWA3vciLfW2Ek73e1lJNHCfz0m+9ST7fEpO5tUxJAPBmHSe
         UgSg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y8si11290507pgr.74.2018.01.31.05.59.40;
        Wed, 31 Jan 2018 05:59:55 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752837AbeAaN6o (ORCPT <rfc822;sujaykul91@gmail.com>
        + 99 others); Wed, 31 Jan 2018 08:58:44 -0500
Received: from mail.us.es ([193.147.175.20]:38850 "EHLO mail.us.es"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752460AbeAaN6m (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 31 Jan 2018 08:58:42 -0500
Received: from antivirus1-rhel7.int (unknown [192.168.2.11])
        by mail.us.es (Postfix) with ESMTP id CF9E71176AA
        for <linux-kernel@vger.kernel.org>; Wed, 31 Jan 2018 14:58:40 +0100 (CET)
Received: from antivirus1-rhel7.int (localhost [127.0.0.1])
        by antivirus1-rhel7.int (Postfix) with ESMTP id C0E5BDA3AF
        for <linux-kernel@vger.kernel.org>; Wed, 31 Jan 2018 14:58:40 +0100 (CET)
Received: by antivirus1-rhel7.int (Postfix, from userid 99)
        id B6543DA3A8; Wed, 31 Jan 2018 14:58:40 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on antivirus1-rhel7.int
X-Spam-Level: 
X-Spam-Status: No, score=-108.0 required=7.5 tests=ALL_TRUSTED,BAYES_50,
        HEADER_FROM_DIFFERENT_DOMAINS,SMTPAUTH_US2,USER_IN_WHITELIST
        autolearn=disabled version=3.4.1
Received: from antivirus1-rhel7.int (localhost [127.0.0.1])
        by antivirus1-rhel7.int (Postfix) with ESMTP id C571FDA729;
        Wed, 31 Jan 2018 14:58:38 +0100 (CET)
Received: from 192.168.1.97 (192.168.1.97)
 by antivirus1-rhel7.int (F-Secure/fsigk_smtp/550/antivirus1-rhel7.int);
 Wed, 31 Jan 2018 14:58:38 +0100 (CET)
X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int)
Received: from us.es (129.166.216.87.static.jazztel.es [87.216.166.129])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        (Authenticated sender: 1984lsi)
        by entrada.int (Postfix) with ESMTPSA id 793FD41E4817;
        Wed, 31 Jan 2018 14:58:38 +0100 (CET)
Date:   Wed, 31 Jan 2018 14:58:37 +0100
X-SMTPAUTHUS: auth mail.us.es
From:   Pablo Neira Ayuso <pablo@netfilter.org>
To:     Dmitry Vyukov <dvyukov@google.com>
Cc:     kadlec@blackhole.kfki.hu, fw@strlen.de, davem@davemloft.net,
        andreyknvl@google.com, Kees Cook <keescook@chromium.org>,
        netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] netfilter: fix pointer leaks to userspace
Message-ID: <20180131135837.44tveylwax3nju7j@salvia>
References: <20180129122120.230279-1-dvyukov@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180129122120.230279-1-dvyukov@google.com>
User-Agent: NeoMutt/20170113 (1.7.2)
X-Virus-Scanned: ClamAV using ClamSMTP
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Jan 29, 2018 at 01:21:20PM +0100, Dmitry Vyukov wrote:
> Several netfilter matches and targets put kernel pointers into
> info objects, but don't set usersize in descriptors.
> This leads to kernel pointer leaks if a match/target is set
> and then read back to userspace.
> 
> Properly set usersize for these matches/targets.
> 
> Found with manual code inspection.

Applied, thanks!

I think this fixes:

ec2318904965 xtables: extend matches and targets with .usersize

So I'm going to add the Fixes: tag here, no problem.