[PATCH net 00/12] Netfilter/IPVS fixes for net

Netdev List
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org,
	pabeni@redhat.com, edumazet@google.com, fw@strlen.de,
	horms@kernel.org
Subject: [PATCH net 00/12] Netfilter/IPVS fixes for net
Date: Sat, 16 May 2026 13:56:15 +0200	[thread overview]
Message-ID: <20260516115627.967773-1-pablo@netfilter.org> (raw)

Hi,

The following patchset contains Netfilter/IPVS fixes for net:

1) Fix small race windows in nf_ct_helper_log() when accessing helper,
   from Florian Westphal.

2) Fix potential infinite loop and race conditions in IPVS caused by
   frequent user-triggered service table changes, from Julia Anastasov.

3) Fix a race condition when dumping ipsets for restore,
   from Jozsef Kadlecsik.

4) Fix inner transport offset in IPv6 in nft_inner when extension
   headers come before the layer 4 transport header, from Yizhou Zhao.

5) Fix incorrect iteration over IPv4 ranges in several hash set types,
   from Nan Li.

6) Fix incorrect order when restoring BH in nft_inner_restore_tun_ctx(),
   from Florian Westphal.

7) Validate option array from ip6t_hbh checkpath() to fix an off-by-one
   access, from Zhengchuan Liang.

8) Fix race condition between ipset list -terse and concurrent updates,
   from Jozsef Kadlecisk.

9) Fix race condition when inserting elements into a hash bucket, also
   from Jozsef.

10) Annotate access to first free slot in hashtable, from Jozsef Kadlecsik.

11) Ensure sufficient headroom in br_netfilter neigh transmission,
    from Lorenzo Bianconi.

12) Hold reference on skb->dev in nfqueue exit path, bridge local input
    is speciall since skb->dev != state->indev, allowing for net_device
    to go away while packet is sitting in nfqueue. From Haoze Xie.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-26-05-16

Thanks.

----------------------------------------------------------------

The following changes since commit 93d809adc13001e9d3a3ceb8d1e60fae2fb740d6:

  Merge branch 'vsock-virtio-fix-vsockmon-tap-skb-construction' (2026-05-12 12:52:18 +0200)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-26-05-16

for you to fetch changes up to e196115ec330a18de415bdb9f5071aa9f08e53ce:

  netfilter: nf_queue: hold bridge skb->dev while queued (2026-05-16 13:23:01 +0200)

----------------------------------------------------------------
netfilter pull request 26-05-16

----------------------------------------------------------------
Florian Westphal (2):
      netfilter: nf_conntrack_helper: fix possible null deref during error log
      netfilter: nft_inner: release local_lock before re-enabling softirqs

Haoze Xie (1):
      netfilter: nf_queue: hold bridge skb->dev while queued

Jozsef Kadlecsik (4):
      netfilter: ipset: fix a potential dump-destroy race
      netfilter: ipset: Fix data race between add and list header in all hash types
      netfilter: ipset: Fix data race between add and dump in all hash types
      netfilter: ipset: annotate "pos" for concurrent readers/writers

Julian Anastasov (1):
      ipvs: avoid possible loop in ip_vs_dst_event on resizing

Lorenzo Bianconi (1):
      netfilter: br_netfilter: Reallocate headroom if necessary in neigh_hh_bridge()

Nan Li (1):
      netfilter: ipset: stop hash:* range iteration at end

Yizhou Zhao (1):
      netfilter: nft_inner: Fix IPv6 inner_thoff desync

Zhengchuan Liang (1):
      netfilter: ip6t_hbh: reject oversized option lists

 include/net/ip_vs.h                         |   3 +-
 include/net/neighbour.h                     |   8 +-
 include/net/netfilter/nf_queue.h            |   1 +
 net/bridge/br_netfilter_hooks.c             |   6 +-
 net/ipv6/netfilter/ip6t_hbh.c               |   4 +
 net/netfilter/ipset/ip_set_core.c           |   5 +-
 net/netfilter/ipset/ip_set_hash_gen.h       |  57 ++++++---
 net/netfilter/ipset/ip_set_hash_ipmark.c    |   6 +-
 net/netfilter/ipset/ip_set_hash_ipport.c    |   5 +-
 net/netfilter/ipset/ip_set_hash_ipportip.c  |   5 +-
 net/netfilter/ipset/ip_set_hash_ipportnet.c |   5 +-
 net/netfilter/ipvs/ip_vs_ctl.c              | 187 ++++++++++++++++++----------
 net/netfilter/nf_conntrack_helper.c         |  13 +-
 net/netfilter/nf_queue.c                    |   4 +-
 net/netfilter/nfnetlink_queue.c             |   2 +
 net/netfilter/nft_inner.c                   |   3 +-
 16 files changed, 211 insertions(+), 103 deletions(-)

next             reply	other threads:[~2026-05-16 11:56 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-16 11:56 Pablo Neira Ayuso [this message]
2026-05-16 11:56 ` [PATCH net 01/12] netfilter: nf_conntrack_helper: fix possible null deref during error log Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 02/12] ipvs: avoid possible loop in ip_vs_dst_event on resizing Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 03/12] netfilter: ipset: fix a potential dump-destroy race Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 04/12] netfilter: nft_inner: Fix IPv6 inner_thoff desync Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 05/12] netfilter: ipset: stop hash:* range iteration at end Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 06/12] netfilter: nft_inner: release local_lock before re-enabling softirqs Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 07/12] netfilter: ip6t_hbh: reject oversized option lists Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 08/12] netfilter: ipset: Fix data race between add and list header in all hash types Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 09/12] netfilter: ipset: Fix data race between add and dump " Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 10/12] netfilter: ipset: annotate "pos" for concurrent readers/writers Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 11/12] netfilter: br_netfilter: Reallocate headroom if necessary in neigh_hh_bridge() Pablo Neira Ayuso
2026-05-16 11:56 ` [PATCH net 12/12] netfilter: nf_queue: hold bridge skb->dev while queued Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260516115627.967773-1-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=fw@strlen.de \
    --cc=horms@kernel.org \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pabeni@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox