From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from orbyte.nwl.cc (orbyte.nwl.cc [151.80.46.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D095333DEC0 for ; Fri, 27 Mar 2026 10:36:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=151.80.46.58 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774607815; cv=none; b=F64vkR8xHvT6VCKa7s0WQZBQWIuigf4k5WaNtqSYseoC5N0AbJRQlsn8CdtwHmqegBnbo5/kygius8ZZBxx5ey4/Xh5SUW/z6tvQo6EMBD+Wx9O/izjo43ibVaY3FOY8qJiBz/d95ZI5s/nM8xvGYbrOcv4KqPnS55fh+ej/Ttk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774607815; c=relaxed/simple; bh=kiADp0oIVeiy85hA7sDgLExsP9t9qKCylHr0YIfxuR4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=u4LpzN4Z1tVLlJ3wniZsCfs9+ql/8P5w+RKNcjmSx2PSXAOZivrYWr5DSiWE8CM/xjys+CG9WBH4FC3lRigqx2q60gTNRps15yLjDVr/xsaUKutY38F+68ltUmOLSFlRn8tp1LnS2wYvRqc5R+CfI3/xkXVg0lybYeYbxQpVcdo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nwl.cc; spf=pass smtp.mailfrom=nwl.cc; dkim=pass (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b=oWsXXiup; arc=none smtp.client-ip=151.80.46.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nwl.cc Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nwl.cc Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b="oWsXXiup" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nwl.cc; s=mail2022; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=BUn054WgrrVQxYNeFMeRYp7kL0ePpGi/O2lo5unwhu8=; b=oWsXXiupb6HV+qlZ35NICEuWTj oaoEfsTEzIbEuKQCoPKYWnZYsugIjM3BtifJKjur/GaD6/c1XB1tNAUi6wNV35hnd9SI1KxHddTXL ehtr/drZ+MNbMC+TJl7M9SQqgHOnoW+eNH+7DgUZeKp27bzHXdPUK3g5rtKZu5/8QnCYnuUjxPiXU veZ/6p/vLgc92c7yO3AYd+Op0LtCUxYv3hTld2+qh00lyM5EdwG7GFehExEEUjJT14mRYqBXNKS1s hV5hHUf89g7iutiNLK8srcYbWRNgmLY1ttZbS0u/eX2+cYXl9/k86b2yZVyVO4JtxxluiVTSu/NX3 mCVFU8hA==; Received: from n0-1 by orbyte.nwl.cc with local (Exim 4.98.2) (envelope-from ) id 1w64YG-0000000021Z-0gGn; Fri, 27 Mar 2026 11:36:28 +0100 Date: Fri, 27 Mar 2026 11:36:28 +0100 From: Phil Sutter To: Yuan Tan Cc: security@kernel.org, pablo@netfilter.org, fw@strlen.de, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, horms@kernel.org, zhen.ni@easystack.cn, kadlec@netfilter.org, kees@kernel.org, tomapufckgml@gmail.com, dstsmallbird@foxmail.com, yifanwucs@gmail.com, stable@vger.kernel.org Subject: Re: [PATCH 1/1] netfilter: ipset: drop logically empty buckets in mtype_del Message-ID: References: Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Thu, Mar 26, 2026 at 10:50:38PM -0700, Yuan Tan wrote: > From: Yifan Wu > > mtype_del() counts empty slots below n->pos in k, but it only drops the > bucket when both n->pos and k are zero. This misses buckets whose live > entries have all been removed while n->pos still points past deleted slots. > > Treat a bucket as empty when all positions below n->pos are unused and > release it directly instead of shrinking it further. > > Fixes: 8af1c6fbd923 ("netfilter: ipset: Fix forceadd evaluation path") > Cc: stable@vger.kernel.org > Reported-by: Juefei Pu > Reported-by: Xin Liu > Signed-off-by: Yifan Wu > Co-developed-by: Yuan Tan > Signed-off-by: Yuan Tan Reviewed-by: Phil Sutter