From: Florian Westphal <fw@strlen.de>
To: <netdev@vger.kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
<netfilter-devel@vger.kernel.org>,
pablo@netfilter.org
Subject: [PATCH net 0/4] netfilter: updates for net
Date: Wed, 4 Mar 2026 18:29:36 +0100 [thread overview]
Message-ID: <20260304172940.24948-1-fw@strlen.de> (raw)
Hi,
The following patchset contains Netfilter fixes for *net*:
1) Fix a bug with vlan headers in the flowtable infrastructure.
Existing code uses skb_vlan_push() helper, but that helper
requires skb->data to point to the MAC header, which isn't the
case for flowtables. Switch to a new helper, modeled on the
existing PPPoE helper. From Eric Woudstra. This bug was added
in v6.19-rc1.
2) Inseo An reported a bug with the set element handling in nf_tables:
When set cannot accept more elements, we unlink and immediately free
an element that was inserted into a public data structure, freeing it
without waiting for RCU grace period. Fix this by doing the
increment earlier and by deferring possible unlink-and-free to the
existing abort path, which performs the needed synchronize_rcu before
free. From Pablo Neira Ayuso. This is an ancient bug, dating back to
kernel 4.10.
3) syzbot reported WARN_ON() splat in nf_tables that occurs on memory
allocation failure. Fix this by a new iterator annotation:
The affected walker does not need to clone the data structure and
can just use the live version if no clone exists yet.
Also from Pablo. This bug existed since 6.10 days.
4) Ancient forever bug in nft_pipapo data structure:
The garbage collection logic to remove expired elements is broken.
We must unlink from data structure and can only hand the freeing
to call_rcu after the clone/live pointers of the data structures
have been swapped. Else, readers can observe the free'd element.
Reported by Yiming Qian.
Please, pull these changes from:
The following changes since commit fbdfa8da05b6ae44114fc4f9b3e83e1736fd411c:
selftests: tc-testing: fix list_categories() crash on list type (2026-03-04 05:42:57 +0000)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-26-03-04
for you to fetch changes up to 41c5c0124bd9528c32c9ebd5f8b8f8eb800e77c3:
netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (2026-03-04 15:39:33 +0100)
----------------------------------------------------------------
netfilter pull request nf-26-03-04
----------------------------------------------------------------
Eric Woudstra (1):
netfilter: nf_flow_table_ip: Introduce nf_flow_vlan_push()
Florian Westphal (1):
netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
Pablo Neira Ayuso (2):
netfilter: nf_tables: unconditionally bump set->nelems before insertion
netfilter: nf_tables: clone set on flush only
include/net/netfilter/nf_tables.h | 7 ++++
net/netfilter/nf_flow_table_ip.c | 25 ++++++++++++-
net/netfilter/nf_tables_api.c | 45 ++++++++++++----------
net/netfilter/nft_set_hash.c | 1 +
net/netfilter/nft_set_pipapo.c | 62 ++++++++++++++++++++++++++-----
net/netfilter/nft_set_pipapo.h | 2 +
net/netfilter/nft_set_rbtree.c | 8 ++--
7 files changed, 115 insertions(+), 35 deletions(-)
--
2.52.0
next reply other threads:[~2026-03-04 17:29 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-04 17:29 Florian Westphal [this message]
2026-03-04 17:29 ` [PATCH net 1/4] netfilter: nf_flow_table_ip: Introduce nf_flow_vlan_push() Florian Westphal
2026-03-04 17:29 ` [PATCH net 2/4] netfilter: nf_tables: unconditionally bump set->nelems before insertion Florian Westphal
2026-03-04 17:29 ` [PATCH net 3/4] netfilter: nf_tables: clone set on flush only Florian Westphal
2026-03-04 17:29 ` [PATCH net 4/4] netfilter: nft_set_pipapo: split gc into unlink and reclaim phase Florian Westphal
2026-03-04 21:57 ` [PATCH net 0/4] netfilter: updates for net Pablo Neira Ayuso
2026-03-05 9:05 ` Florian Westphal
2026-03-05 9:40 ` Pablo Neira Ayuso
2026-03-05 12:20 ` Florian Westphal
2026-03-05 12:21 ` Florian Westphal
-- strict thread matches above, loose matches on Subject: below --
2025-12-10 11:07 Florian Westphal
2025-10-08 12:59 Florian Westphal
2023-10-18 12:55 Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260304172940.24948-1-fw@strlen.de \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox