Re: [PATCH v2] netfilter: nft_set_pipapo: move clone allocation to insert/removal path

[Greg KH <gregkh@linuxfoundation.org>]

On Wed, Mar 04, 2026 at 07:08:12AM -0800, Natarajan KV wrote:
> Move pipapo_clone() from the commit/abort callbacks to the
> insert and removal paths via pipapo_maybe_clone(), which creates
> the working copy on demand and can propagate allocation failures.
> 
> Previously, pipapo_clone() was called from nft_pipapo_commit() and
> nft_pipapo_abort() which return void, making it impossible to
> report allocation failures. When pipapo_clone() failed during abort,
> the stale clone persisted with dirty == true, causing subsequent
> commits to promote a clone containing freed element references --
> a use-after-free.
> 
> With this change:
>  - pipapo_maybe_clone() allocates the clone lazily on first insert,
>    deactivate, walk(UPDATE), or remove. Allocation failure returns
>    NULL and propagates -ENOMEM to the caller.
>  - nft_pipapo_commit() simply swaps clone to match and sets clone
>    to NULL. No allocation needed.
>  - nft_pipapo_abort() simply frees the clone and sets it to NULL.
>    No allocation needed.
>  - The dirty flag is removed; clone != NULL indicates pending changes.
>  - nft_pipapo_init() no longer pre-allocates a clone.
> 
> This is a backport adaptation of the mainline on-demand clone refactor
> series from commit a590f4760922 ("netfilter: nft_set_pipapo: move
> prove_locking helper around") through commit 532aec7e878b
> ("netfilter: nft_set_pipapo: remove dirty flag") to the 6.6.x
> stable tree, preserving the 6.6.x function signatures and API
> conventions.


I would prefer to take the backport of these 6 patches.  That's not many
at all, we've taken series much much larger than that in the past.  That
way we can properly track and document exactly what commits get
backported to where, to make fixes and bug tracking easier.

So can you send the full series and not just one patch?

thanks,

greg k-h