From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 25B7A3AE706; Mon, 23 Mar 2026 14:15:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774275336; cv=none; b=U1PVPGE6h1JUTI80Y/z+Ym8gWIOC66V5PWAPLe7uehsGFmhmAWhu2xYBK0Mk5Ghu6Rm/sIvdH8Rz6MNx28qzTXHcikbUEZ/WlWBqJ5EX0nB47x0Z0AfPZ/osO/rXRzqFmm10EGVjNtxvntUi+H3h8iQ0lWK3rW3LdJsyIlkAK2k= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774275336; c=relaxed/simple; bh=21B7ts7vgAEtNnjha/iUyWUZRP3pSO+TjNfepmK9dn4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lr2oshKmozifZaEzh3ztgvu4P3FaF/jIM+3PwSrDSiulQDeRhx3+bmX5vFmn8tgHq704rE72XWk0LRgSpG1Kczz24GJQrJoptnw7fPqSG4gHfrhtbKf1HVivNR9ykXjwXiG6VrJuWQLNqjqSFAKhJyUZr3lphU6DU7n23cSl2eg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=xGnfAQXq; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="xGnfAQXq" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B59BFC2BC9E; Mon, 23 Mar 2026 14:15:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1774275336; bh=21B7ts7vgAEtNnjha/iUyWUZRP3pSO+TjNfepmK9dn4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=xGnfAQXqWp+aWCezyjZpaq+Lkut2mFIR4PY73UWYZfsjLxVvfESBPg/g5XpCCytEa odparfVqWmeB7ecdMnRbFptn0PelNL/o3uL+5i/GLFuqGUBOJqNZ4LE5zKqSL/xPSg 2BbVoxopfRE42c28JwCqLgWADrl7TXdbqyX+wJQk= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Yiming Qian , Florian Westphal , Sasha Levin Subject: [PATCH 6.12 062/460] netfilter: nf_tables: always walk all pending catchall elements Date: Mon, 23 Mar 2026 14:40:58 +0100 Message-ID: <20260323134528.232251078@linuxfoundation.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260323134526.647552166@linuxfoundation.org> References: <20260323134526.647552166@linuxfoundation.org> User-Agent: quilt/0.69 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 6.12-stable review patch. If anyone has any objections, please let me know. ------------------ From: Florian Westphal [ Upstream commit 7cb9a23d7ae40a702577d3d8bacb7026f04ac2a9 ] During transaction processing we might have more than one catchall element: 1 live catchall element and 1 pending element that is coming as part of the new batch. If the map holding the catchall elements is also going away, its required to toggle all catchall elements and not just the first viable candidate. Otherwise, we get: WARNING: ./include/net/netfilter/nf_tables.h:1281 at nft_data_release+0xb7/0xe0 [nf_tables], CPU#2: nft/1404 RIP: 0010:nft_data_release+0xb7/0xe0 [nf_tables] [..] __nft_set_elem_destroy+0x106/0x380 [nf_tables] nf_tables_abort_release+0x348/0x8d0 [nf_tables] nf_tables_abort+0xcf2/0x3ac0 [nf_tables] nfnetlink_rcv_batch+0x9c9/0x20e0 [..] Fixes: 628bd3e49cba ("netfilter: nf_tables: drop map element references from preparation phase") Reported-by: Yiming Qian Signed-off-by: Florian Westphal Signed-off-by: Sasha Levin --- net/netfilter/nf_tables_api.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index c1b9b00907bbb..268d00ffee0cb 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -700,7 +700,6 @@ static void nft_map_catchall_deactivate(const struct nft_ctx *ctx, nft_set_elem_change_active(ctx->net, set, ext); nft_setelem_data_deactivate(ctx->net, set, catchall->elem); - break; } } @@ -5706,7 +5705,6 @@ static void nft_map_catchall_activate(const struct nft_ctx *ctx, nft_clear(ctx->net, ext); nft_setelem_data_activate(ctx->net, set, catchall->elem); - break; } } -- 2.51.0