Cover Letter Detail
Show a cover letter.
GET /api/1.1/covers/2230650/?format=api
{ "id": 2230650, "url": "http://patchwork.ozlabs.org/api/1.1/covers/2230650/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/cover/177750472539.3004201.15967003942391945312@talencesecurity.com/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/1.1/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<177750472539.3004201.15967003942391945312@talencesecurity.com>", "date": "2026-04-29T23:18:45", "name": "[v2,0/2] netfilter: fix NULL ops dereference in iptable lazy init", "submitter": { "id": 93179, "url": "http://patchwork.ozlabs.org/api/1.1/people/93179/?format=api", "name": "Tristan Madani", "email": "tristmd@gmail.com" }, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/cover/177750472539.3004201.15967003942391945312@talencesecurity.com/mbox/", "series": [ { "id": 502165, "url": "http://patchwork.ozlabs.org/api/1.1/series/502165/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=502165", "date": "2026-04-29T23:18:45", "name": "netfilter: fix NULL ops dereference in iptable lazy init", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/502165/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/covers/2230650/comments/", "headers": { "Return-Path": "\n <netfilter-devel+bounces-12309-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "netfilter-devel@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=caWg3WXG;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c15:e001:75::12fc:5321; helo=sin.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12309-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=\"caWg3WXG\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=209.85.221.47", "smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=gmail.com" ], "Received": [ "from sin.lore.kernel.org (sin.lore.kernel.org\n [IPv6:2600:3c15:e001:75::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5YCS1ZrZz1yGq\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 30 Apr 2026 09:19:00 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sin.lore.kernel.org (Postfix) with ESMTP id 787A73009E28\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 23:18:55 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 6E19939BFE6;\n\tWed, 29 Apr 2026 23:18:50 +0000 (UTC)", "from mail-wr1-f47.google.com (mail-wr1-f47.google.com\n [209.85.221.47])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 98EE3376463\n\tfor <netfilter-devel@vger.kernel.org>; Wed, 29 Apr 2026 23:18:48 +0000 (UTC)", "by mail-wr1-f47.google.com with SMTP id\n ffacd0b85a97d-43eb012ac4fso179899f8f.0\n for <netfilter-devel@vger.kernel.org>;\n Wed, 29 Apr 2026 16:18:48 -0700 (PDT)", "from debian ([2001:41d0:303:db6b::])\n by smtp.gmail.com with ESMTPSA id\n ffacd0b85a97d-447b76e5c00sm8707525f8f.25.2026.04.29.16.18.45\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 29 Apr 2026 16:18:46 -0700 (PDT)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777504730; cv=none;\n b=Fo8RGz++f8VjbYcUvnuGmVkSQuC/1QTZBcOPWoyHvzKhcSau+sDkgf7c/YikKMIDUUkijRxPgwKNqpP0aXG/6VmSBhaiqXicHpnT43ZKty8o90xCPmQ0wQFAI0+fQgMvsrOdhm7uuWR+8PmI7MSiWEH0IHhnKZVo9hZC3JDMKMU=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777504730; c=relaxed/simple;\n\tbh=Zj6EyFrG27dVsJjtN+0O1fbv1ApMVh3gWAYYHZskTM4=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t Content-Type:MIME-Version;\n b=WpQjdqhZ7qPrVnbeKvgTKjafSaI0xYXWXgY5Gefftv4JGPSyF/GN40iF0atDoS9DPr6WkmI/n26oQn9oc71AIxYwVKp9bNVkHcew1Owa2RfR1G2QemhhQAI9pNgfw0r4wYu+aKlSHcI/atdGIA+OkI9Mr54o/mCyGkw37h+Wq1U=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com;\n spf=pass smtp.mailfrom=gmail.com;\n dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=caWg3WXG; arc=none smtp.client-ip=209.85.221.47", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1777504727; x=1778109527;\n darn=vger.kernel.org;\n h=mime-version:content-transfer-encoding:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=FuEsegkyryEZOXO6Gpz2sASCEUkFJVzUSqqEieVk9oU=;\n b=caWg3WXGKp44I12qv99rvWt3QFDrvhK/4kKfOurlP6az3hjb+gCKmYyvkucX5fIQU6\n n1N+lJi0AmbB+CPJqEVm/cgL01toJgNx5Ew9fFroeKy+jrsrbVD5PNPSJUfUbXSKfoBa\n Hq3ZHZ782d7aqnluvlOUZ96GxIQ4uxclYLEc7YxIxESHlctCZNgcavc+ODNCAYzrSOa2\n DD+jntWqvSmymvxTja2zMx38cReuXZoZ0HmmY0KKH03lWi60rNhZ10YC0nV9hAon7wU9\n y8Shzg0113ny1P5hxFAAfNYFUR1zt9Ko38voHpYeW4b1uD7kkKiZFZTFh72vzaOl2qOu\n c4eA==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777504727; x=1778109527;\n h=mime-version:content-transfer-encoding:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=FuEsegkyryEZOXO6Gpz2sASCEUkFJVzUSqqEieVk9oU=;\n b=WkqE4Q8hTN2w9EQBDqvughQHfmMUIkg7fj/8x8rxthDWiwT97D1RKb8TiWToaUfjPe\n lBS1D0rwJeDejB8Yveruf1J97NPLdBEHkO7BiAVYzdzH28AvL1M91KBzmNY21BSWOkry\n M3CyjaA25HeSB/NV3IDw1m/dqZR7BGhL3ExidEfchmB+0bWIzVGz36dL/hza0mBEEKSy\n mnk3eGykg2kNSVUJcsOJfxiiIlbejVjal2p8OYEFMkG0uGVB5fJt3ly3nOG4qk6e3DAR\n u5QtzJeQi13ScbzrIH2qveirbSExiYL8t2vsRxiN7an2k2LXnskGkSlPg7pwJLcBfGt+\n 8Kug==", "X-Forwarded-Encrypted": "i=1;\n AFNElJ91dcjvDp+M5ta/TQB+fdBnYD2KvN8u1JaCzodEJshEM1bNmx3x9Ts1tGIdWaNpBPi1QVKAGThy2Pl5mvOL3Xg=@vger.kernel.org", "X-Gm-Message-State": "AOJu0Yztzk7caY1JJq703b2dcttBqEqfs+E6TnuXxvw1KdJcrmxJy/oA\n\taZkX9n+CW7mzvJl4EuaJmqUnwcjuuTdVVjsN9wv23IHp/xOHAOFoeBY=", "X-Gm-Gg": "AeBDiet8byLq0T+pbZhqhD3lGHwNAboeeSfzgjT7AYVMB1PYFTwLjrW+SFWOpj9ytse\n\tj/r8FcJEob5UyG96QgKdPPjQvWeYLuDXhDIzUdU3BvKeYRnqe4lLlJjEanSm5NBSMhMLRa1y7/7\n\t22cKVM5Hz5G+YaKDdyIQ6G3cSvtA5IhahEMPTNa3hMyPXGmHDUXOat4PrwW9mNn5vAykdzAUwnV\n\tzy6e38t9AtBBYg/9o2BojEjk1YiSXEnH7sVJMeMuyOkF4BVINypfgHdmB1Vk2mYN8dlbpa8Grio\n\t6oPl2wTlQq3d5cwGOXNW/z3Uz0xwFqwkX8X9HgMroc0I4tSsOu+chbWipy/s5wC5rsxa5HWNhdm\n\tWaJ1lqeprYOEldTDi+NezSJa7zY3+oRlNviSs+OFfAgAjuok7VXIPR7aPBlA8JkURSwwFoCAAtB\n\t1l0Cmwym5meBbZXQ==", "X-Received": "by 2002:a05:6000:26c2:b0:43d:71f4:7ed4 with SMTP id\n ffacd0b85a97d-4493d4120c0mr627963f8f.15.1777504726704;\n Wed, 29 Apr 2026 16:18:46 -0700 (PDT)", "From": "Tristan Madani <tristmd@gmail.com>", "X-Google-Original-From": "Tristan Madani <tristan@talencesecurity.com>", "To": "Pablo Neira Ayuso <pablo@netfilter.org>", "Cc": "Phil Sutter <phil@nwl.cc>, Florian Westphal <fw@strlen.de>,\n netfilter-devel@vger.kernel.org, netdev@vger.kernel.org,\n stable@vger.kernel.org, linux-kernel@vger.kernel.org", "Subject": "\n [PATCH v2 0/2] netfilter: fix NULL ops dereference in iptable lazy init", "Date": "Wed, 29 Apr 2026 23:18:45 -0000", "Message-ID": "<177750472539.3004201.15967003942391945312@talencesecurity.com>", "In-Reply-To": "<20260429175613.1459342-1-tristmd@gmail.com>", "References": "<20260429175613.1459342-1-tristmd@gmail.com>", "Content-Type": "text/plain; charset=\"utf-8\"", "Content-Transfer-Encoding": "7bit", "Precedence": "bulk", "X-Mailing-List": "netfilter-devel@vger.kernel.org", "List-Id": "<netfilter-devel.vger.kernel.org>", "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0" }, "content": "v1 moved the ops allocation before xt_register_table(), but as Phil\nSutter pointed out, new_table->ops is still assigned after the table\nbecomes visible via list_add() inside xt_register_table(). The race\nwindow was reduced but not eliminated.\n\nv2 takes a different approach: guard the pre_exit path against a NULL\nops pointer. If cleanup_net races against lazy table init and finds the\ntable before ops has been assigned, it simply skips the\nnf_unregister_net_hooks() call. The register path will either complete\nnormally or fail and clean up via __ipt_unregister_table().\n\nv1: https://lore.kernel.org/netdev/20260429175613.1459342-1-tristmd@gmail.com/\n\nTristan Madani (2):\n netfilter: ip_tables: guard ipt_unregister_table_pre_exit against NULL ops\n netfilter: ip6_tables: guard ip6t_unregister_table_pre_exit against NULL ops\n\n net/ipv4/netfilter/ip_tables.c | 2 +-\n net/ipv6/netfilter/ip6_tables.c | 2 +-\n 2 files changed, 2 insertions(+), 2 deletions(-)" }