From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org,
pabeni@redhat.com, edumazet@google.com, fw@strlen.de,
horms@kernel.org
Subject: [PATCH net 0/9] Netfilter/IPVS fixes for net
Date: Mon, 1 Jun 2026 13:59:14 +0200 [thread overview]
Message-ID: <20260601115923.433946-1-pablo@netfilter.org> (raw)
Hi,
The following patchset contains Netfilter/IPVS fixes for net:
1) Fix splat with PREEMPT_RCU because smp_processor_id() in nfqueue,
from Fernando Fernandez Mancera.
2) Fix possible use of pointer to old IPVS scheduler after RCU grace
period when editing service, from Julian Anastasov.
3) Fix possible forever RCU walk over rt->fib6_siblings in nft_fib6,
if rt is unlinked mid-iteration, apparently same issue happens in
the fib6 core. From Jiayuan Chen.
4) Add mutex to guard refcount in synproxy infrastructure, since
concurrent hook {un}registration can happen.
From Fernando Fernandez Mancera.
5) Bail out if IRC conntrack helper fails to parse a command, do not
try parsing using other command handlers, from Florian Westphal.
This fixes a possible out-of-bound read.
6) Possible use-after-free in nft_tunnel by releasing template dst
after all references has been dropped, from Tristan Madani.
7) Ignore conntrack template in nft_ct, from Jiayuan Chen.
8) Missing skb_ensure_writable() in ebt_snat, Yiming Qian.
9) Remove multi-register byteorder support, this allows for kernel
stack info leak, from Florian Westphal.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-26-06-01
Thanks.
----------------------------------------------------------------
The following changes since commit 78ef59e7a6459b16f8102e0ee1c718443323d1af:
Merge branch 'wireguard-fixes-for-7-1-rc6' (2026-05-29 13:01:31 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-26-06-01
for you to fetch changes up to bb061d3de41707415269be75ebf700efb03ec212:
netfilter: nft_byteorder: remove multi-register support (2026-06-01 13:43:53 +0200)
----------------------------------------------------------------
netfilter pull request 26-06-01
----------------------------------------------------------------
Fernando Fernandez Mancera (2):
netfilter: xt_NFQUEUE: prefer raw_smp_processor_id
netfilter: synproxy: add mutex to guard hook reference counting
Florian Westphal (2):
netfilter: conntrack_irc: fix possible out-of-bounds read
netfilter: nft_byteorder: remove multi-register support
Jiayuan Chen (2):
netfilter: nft_fib_ipv6: bail out of sibling walk if rt got unlinked
netfilter: nft_ct: bail out on template ct in get eval
Julian Anastasov (1):
ipvs: clear the svc scheduler ptr early on edit
Tristan Madani (1):
netfilter: nft_tunnel: fix use-after-free on object destroy
Yiming Qian (1):
netfilter: bridge: make ebt_snat ARP rewrite writable
include/net/ip_vs.h | 3 +--
net/bridge/netfilter/ebt_snat.c | 3 +++
net/ipv6/netfilter/nft_fib_ipv6.c | 3 +++
net/netfilter/ipvs/ip_vs_ctl.c | 13 ++++++----
net/netfilter/ipvs/ip_vs_sched.c | 14 +++++------
net/netfilter/nf_conntrack_irc.c | 4 +--
net/netfilter/nf_synproxy_core.c | 24 +++++++++++++-----
net/netfilter/nft_byteorder.c | 51 +++++++++++++++------------------------
net/netfilter/nft_ct.c | 8 +++---
net/netfilter/nft_ct_fast.c | 2 +-
net/netfilter/nft_tunnel.c | 2 +-
net/netfilter/xt_NFQUEUE.c | 2 +-
12 files changed, 68 insertions(+), 61 deletions(-)
next reply other threads:[~2026-06-01 11:59 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-01 11:59 Pablo Neira Ayuso [this message]
2026-06-01 11:59 ` [PATCH net 1/9] netfilter: xt_NFQUEUE: prefer raw_smp_processor_id Pablo Neira Ayuso
2026-06-01 11:59 ` [PATCH net 2/9] ipvs: clear the svc scheduler ptr early on edit Pablo Neira Ayuso
2026-06-01 11:59 ` [PATCH net 3/9] netfilter: nft_fib_ipv6: bail out of sibling walk if rt got unlinked Pablo Neira Ayuso
2026-06-01 11:59 ` [PATCH net 4/9] netfilter: synproxy: add mutex to guard hook reference counting Pablo Neira Ayuso
2026-06-01 11:59 ` [PATCH net 5/9] netfilter: conntrack_irc: fix possible out-of-bounds read Pablo Neira Ayuso
2026-06-01 11:59 ` [PATCH net 6/9] netfilter: nft_tunnel: fix use-after-free on object destroy Pablo Neira Ayuso
2026-06-01 11:59 ` [PATCH net 7/9] netfilter: nft_ct: bail out on template ct in get eval Pablo Neira Ayuso
2026-06-01 11:59 ` [PATCH net 8/9] netfilter: bridge: make ebt_snat ARP rewrite writable Pablo Neira Ayuso
2026-06-01 11:59 ` [PATCH net 9/9] netfilter: nft_byteorder: remove multi-register support Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260601115923.433946-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox