[PATCH net 00/12] Netfilter/IPVS fixes for net

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org,
	pabeni@redhat.com, edumazet@google.com, fw@strlen.de,
	horms@kernel.org
Subject: [PATCH net 00/12] Netfilter/IPVS fixes for net
Date: Sat, 16 May 2026 13:56:15 +0200	[thread overview]
Message-ID: <20260516115627.967773-1-pablo@netfilter.org> (raw)

Hi,

The following patchset contains Netfilter/IPVS fixes for net:

1) Fix small race windows in nf_ct_helper_log() when accessing helper,
   from Florian Westphal.

2) Fix potential infinite loop and race conditions in IPVS caused by
   frequent user-triggered service table changes, from Julia Anastasov.

3) Fix a race condition when dumping ipsets for restore,
   from Jozsef Kadlecsik.

4) Fix inner transport offset in IPv6 in nft_inner when extension
   headers come before the layer 4 transport header, from Yizhou Zhao.

5) Fix incorrect iteration over IPv4 ranges in several hash set types,
   from Nan Li.

6) Fix incorrect order when restoring BH in nft_inner_restore_tun_ctx(),
   from Florian Westphal.

7) Validate option array from ip6t_hbh checkpath() to fix an off-by-one
   access, from Zhengchuan Liang.

8) Fix race condition between ipset list -terse and concurrent updates,
   from Jozsef Kadlecisk.

9) Fix race condition when inserting elements into a hash bucket, also
   from Jozsef.

10) Annotate access to first free slot in hashtable, from Jozsef Kadlecsik.

11) Ensure sufficient headroom in br_netfilter neigh transmission,
    from Lorenzo Bianconi.

12) Hold reference on skb->dev in nfqueue exit path, bridge local input
    is speciall since skb->dev != state->indev, allowing for net_device
    to go away while packet is sitting in nfqueue. From Haoze Xie.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-26-05-16

Thanks.

----------------------------------------------------------------

The following changes since commit 93d809adc13001e9d3a3ceb8d1e60fae2fb740d6:

  Merge branch 'vsock-virtio-fix-vsockmon-tap-skb-construction' (2026-05-12 12:52:18 +0200)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-26-05-16

for you to fetch changes up to e196115ec330a18de415bdb9f5071aa9f08e53ce:

  netfilter: nf_queue: hold bridge skb->dev while queued (2026-05-16 13:23:01 +0200)

----------------------------------------------------------------
netfilter pull request 26-05-16

----------------------------------------------------------------
Florian Westphal (2):
      netfilter: nf_conntrack_helper: fix possible null deref during error log
      netfilter: nft_inner: release local_lock before re-enabling softirqs

Haoze Xie (1):
      netfilter: nf_queue: hold bridge skb->dev while queued

Jozsef Kadlecsik (4):
      netfilter: ipset: fix a potential dump-destroy race
      netfilter: ipset: Fix data race between add and list header in all hash types
      netfilter: ipset: Fix data race between add and dump in all hash types
      netfilter: ipset: annotate "pos" for concurrent readers/writers

Julian Anastasov (1):
      ipvs: avoid possible loop in ip_vs_dst_event on resizing

Lorenzo Bianconi (1):
      netfilter: br_netfilter: Reallocate headroom if necessary in neigh_hh_bridge()

Nan Li (1):
      netfilter: ipset: stop hash:* range iteration at end

Yizhou Zhao (1):
      netfilter: nft_inner: Fix IPv6 inner_thoff desync

Zhengchuan Liang (1):
      netfilter: ip6t_hbh: reject oversized option lists

 include/net/ip_vs.h                         |   3 +-
 include/net/neighbour.h                     |   8 +-
 include/net/netfilter/nf_queue.h            |   1 +
 net/bridge/br_netfilter_hooks.c             |   6 +-
 net/ipv6/netfilter/ip6t_hbh.c               |   4 +
 net/netfilter/ipset/ip_set_core.c           |   5 +-
 net/netfilter/ipset/ip_set_hash_gen.h       |  57 ++++++---
 net/netfilter/ipset/ip_set_hash_ipmark.c    |   6 +-
 net/netfilter/ipset/ip_set_hash_ipport.c    |   5 +-
 net/netfilter/ipset/ip_set_hash_ipportip.c  |   5 +-
 net/netfilter/ipset/ip_set_hash_ipportnet.c |   5 +-
 net/netfilter/ipvs/ip_vs_ctl.c              | 187 ++++++++++++++++++----------
 net/netfilter/nf_conntrack_helper.c         |  13 +-
 net/netfilter/nf_queue.c                    |   4 +-
 net/netfilter/nfnetlink_queue.c             |   2 +
 net/netfilter/nft_inner.c                   |   3 +-
 16 files changed, 211 insertions(+), 103 deletions(-)

next             reply	other threads:[~2026-05-16 11:56 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-16 11:56 Pablo Neira Ayuso [this message]
2026-05-16 11:56 ` [PATCH net 01/12] netfilter: nf_conntrack_helper: fix possible null deref during error log Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 02/12] ipvs: avoid possible loop in ip_vs_dst_event on resizing Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 03/12] netfilter: ipset: fix a potential dump-destroy race Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 04/12] netfilter: nft_inner: Fix IPv6 inner_thoff desync Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 05/12] netfilter: ipset: stop hash:* range iteration at end Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 06/12] netfilter: nft_inner: release local_lock before re-enabling softirqs Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 07/12] netfilter: ip6t_hbh: reject oversized option lists Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 08/12] netfilter: ipset: Fix data race between add and list header in all hash types Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 09/12] netfilter: ipset: Fix data race between add and dump " Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 10/12] netfilter: ipset: annotate "pos" for concurrent readers/writers Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 11/12] netfilter: br_netfilter: Reallocate headroom if necessary in neigh_hh_bridge() Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 12/12] netfilter: nf_queue: hold bridge skb->dev while queued Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260516115627.967773-1-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=fw@strlen.de \
    --cc=horms@kernel.org \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pabeni@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.