Cover Letter Detail
Show a cover letter.
GET /api/1.1/covers/2230381/?format=api
{ "id": 2230381, "url": "http://patchwork.ozlabs.org/api/1.1/covers/2230381/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/cover/20260429175613.1459342-1-tristmd@gmail.com/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/1.1/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<20260429175613.1459342-1-tristmd@gmail.com>", "date": "2026-04-29T17:56:10", "name": "[0/2] netfilter: fix NULL ops race in iptable lazy init", "submitter": { "id": 93179, "url": "http://patchwork.ozlabs.org/api/1.1/people/93179/?format=api", "name": "Tristan Madani", "email": "tristmd@gmail.com" }, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/cover/20260429175613.1459342-1-tristmd@gmail.com/mbox/", "series": [ { "id": 502119, "url": "http://patchwork.ozlabs.org/api/1.1/series/502119/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=502119", "date": "2026-04-29T17:56:10", "name": "netfilter: fix NULL ops race in iptable lazy init", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/502119/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/covers/2230381/comments/", "headers": { "Return-Path": "\n <netfilter-devel+bounces-12301-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "netfilter-devel@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=TUoc0w6z;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c04:e001:36c::12fc:5321; helo=tor.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12301-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=\"TUoc0w6z\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=209.85.221.50", "smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=gmail.com" ], "Received": [ "from tor.lore.kernel.org (tor.lore.kernel.org\n [IPv6:2600:3c04:e001:36c::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5Q3P4rhgz1xqf\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 30 Apr 2026 03:56:33 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id A9F5F3025170\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 17:56:23 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 73ABD41325C;\n\tWed, 29 Apr 2026 17:56:18 +0000 (UTC)", "from mail-wr1-f50.google.com (mail-wr1-f50.google.com\n [209.85.221.50])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 6874538CFF1\n\tfor <netfilter-devel@vger.kernel.org>; Wed, 29 Apr 2026 17:56:16 +0000 (UTC)", "by mail-wr1-f50.google.com with SMTP id\n ffacd0b85a97d-43fe608cb92so48063f8f.2\n for <netfilter-devel@vger.kernel.org>;\n Wed, 29 Apr 2026 10:56:16 -0700 (PDT)", "from debian.. ([2001:41d0:303:db6b::])\n by smtp.gmail.com with ESMTPSA id\n ffacd0b85a97d-447b3d48517sm6183750f8f.5.2026.04.29.10.56.13\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 29 Apr 2026 10:56:13 -0700 (PDT)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777485377; cv=none;\n b=egAkwHJ2VDnRa7LMz6w/xY76fCtuPOnJy+kUPaQRHHLhNYBc0lnRfH9nvyRPIiFt4EHz74p9TInoQmQPwW+eNOo6GE4A4uHnlp/QRNcMoNtJWXSU7zQRUD2gIjzf3btcNgjV1R6QGbGU4FosMQuhrNyj938hxP80YMRKGNTjCmc=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777485377; c=relaxed/simple;\n\tbh=3OxTu4QNmh4FcfaWOckhLbkPnokTjOz1m2MKBETIPtI=;\n\th=From:To:Cc:Subject:Date:Message-ID:MIME-Version;\n b=DoI9P9hoV+lk8JV0RUlhi++C3q55shYLihpNgBdBMgIriopzEPMkE39SzNllwxzJM+hcpq03EbSwn8cl8JpVdIR3KVEKVFdbIZbbDefqHdbx+kDf+F0M4kit1MfcQgUNujyLGrZLVHOYaW1+1f8QgO5HZwbDzDveoBzmXW9Pg30=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com;\n spf=pass smtp.mailfrom=gmail.com;\n dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=TUoc0w6z; arc=none smtp.client-ip=209.85.221.50", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1777485375; x=1778090175;\n darn=vger.kernel.org;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:from:to:cc:subject:date:message-id:reply-to;\n bh=r4NsrOL1q9Am89S8Z+OaW8+HqXPWLvbAymgwFLwuQBI=;\n b=TUoc0w6z/793eup5Y2+Wx9TN1zDZbPFz7ps9hUwk1FFnuKRsVcFPeL+2Gq8TFj89xb\n 7Skqkqp11WXWfyvxwc5pt52RHGC0dZLWcwch9vNGyG4875Z+B/wyt9li1PAtEMgabhX2\n NAZURJLcsimuTEDpkjqf4u+CE231mnvJGzJBVSK6Lg9KcJck9Il4jsOXaFuZ9LInqSCe\n zJWqpPTf6ZIbfuCglXtkTCD2xaLMo3D+gOFzvPhMhx6XwGIJjDlNbJDFyu4yG1fGYpm1\n /AUJxiXGWdnk2TS1xCTzSN9l5Lk0i9gSlOZbQHCgZzLJ6292xcU5CEItS1RBXWvh3iwc\n HJYQ==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777485375; x=1778090175;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=r4NsrOL1q9Am89S8Z+OaW8+HqXPWLvbAymgwFLwuQBI=;\n b=DhArQ+ZicPo4i9xZ2QxQqkCG4Vb/LerV1ov+7mV4l8a/c7IFoFADPd2EwY/owidv4A\n /NUuH0HMPM4enI+9QTbjhjxFmT6KfaC8VePFZPrDvxoB9cRhwHGa9no5/rOfhOGqFm/q\n 6Aki8M1J16vs1fsQB7ZnGfCvlXldV0D0wsTy/KoF1lL1EVgIohB9F3LeTnAnNBiqbLTj\n r89rNTsaoi51Y2Q9mdznUp3dSqJthUBFagTE1u153L4/E71wdu3uScL0gI1hH7cltjvV\n aLeyXzPXMYQ+A1190AdQlbwqFTriGzFdo97ZSHhdC2LxY5xjD2weANzyH/PIu70wOzgs\n 2yiQ==", "X-Forwarded-Encrypted": "i=1;\n AFNElJ8yY+j3SyAwqAcndlRIG+/X0nF711IwwmUpSRtDNVIhyLbBNcfdWbGBaz8tf5ttrVENOeHIo7WBWLnMqLsjYh8=@vger.kernel.org", "X-Gm-Message-State": "AOJu0Yyf/DFqp8vrOKwPVEYFyCy42JcJOV3jJ9Rkw/K8MPaHWTB8A+X/\n\tkwCKMcQg2IkAN64JeH3+F95g6Xse3DEkmNo902NHWU+yIla4Kw9qgDU=", "X-Gm-Gg": "AeBDieubqcsy8Dbpp/rnmpRlmGkrIwL2zOz27Mt6Ztt3JBPYlULBAc4y6+dysYMNhth\n\t5BW09xhhJl0+vSds4sPjxusHYVR5DoRETnqG0Lujg6VXtzFmQA5Sa9VYPOwYkIhXTvL7jPD9ssA\n\tkg6NPRW+5JensYZwIAv81vah/aTvQTddSax+TMd2I4Ip6flh0TZjE5C0yepyvPvVIGgzgTHc0nG\n\tErRIgg2peMw2+ob3APyLT9G8NJUPURgeg1USX9ryXoLJEZ6+M0WkiyfDxKnHRCVUfUxDoN5tkz4\n\tGVwEGn7uoQFA1l7Bni+5qXHNtUi9L9WY3Gl9ZHQMZu9qVqD8dBBYktlv1PPGEchDGEYOjRWc5cP\n\tVmEEPcNkqRS6KsGwtJSJbPmVCG/1LZbqiIvBobk364PjAc+glaz3d1pDerM1nuOdugM6GbLMCck\n\tsjRt4=", "X-Received": "by 2002:a05:6000:2305:b0:441:3144:efc5 with SMTP id\n ffacd0b85a97d-4464a1682b5mr16117702f8f.42.1777485374554;\n Wed, 29 Apr 2026 10:56:14 -0700 (PDT)", "From": "Tristan Madani <tristmd@gmail.com>", "To": "Pablo Neira Ayuso <pablo@netfilter.org>", "Cc": "Florian Westphal <fw@strlen.de>,\n\tPhil Sutter <phil@nwl.cc>,\n\tnetfilter-devel@vger.kernel.org,\n\tnetdev@vger.kernel.org,\n\tstable@vger.kernel.org,\n\tlinux-kernel@vger.kernel.org,\n\tTristan Madani <tristan@talencesecurity.com>", "Subject": "[PATCH 0/2] netfilter: fix NULL ops race in iptable lazy init", "Date": "Wed, 29 Apr 2026 17:56:10 +0000", "Message-ID": "<20260429175613.1459342-1-tristmd@gmail.com>", "X-Mailer": "git-send-email 2.47.3", "Precedence": "bulk", "X-Mailing-List": "netfilter-devel@vger.kernel.org", "List-Id": "<netfilter-devel.vger.kernel.org>", "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit" }, "content": "From: Tristan Madani <tristan@talencesecurity.com>\n\nipt_register_table() and ip6t_register_table() call xt_register_table()\nwhich adds the new table to the per-netns list, making it visible to\nother code paths. Only afterwards do they allocate the per-net copy of\nhook ops via kmemdup_array(). This leaves a window where the table is\nfindable via xt_find_table() but has ops=NULL.\n\nIf cleanup_net runs during this window (racing namespace teardown against\nlazy table init), ipt_unregister_table_pre_exit() /\nip6t_unregister_table_pre_exit() finds the table and passes the NULL ops\npointer to nf_unregister_net_hooks(), causing a general protection fault.\n\nFix both ip_tables.c and ip6_tables.c by moving the ops allocation\nbefore xt_register_table(), so the table is never in the list with a\nNULL ops pointer.\n\nTristan Madani (2):\n netfilter: ip_tables: allocate hook ops before making table visible\n netfilter: ip6_tables: allocate hook ops before making table visible\n\n net/ipv4/netfilter/ip_tables.c | 31 ++++++++++++++++---------------\n net/ipv6/netfilter/ip6_tables.c | 28 ++++++++++++++++------------\n 2 files changed, 32 insertions(+), 27 deletions(-)" }