Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2229652/?format=api
{ "id": 2229652, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2229652/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260428151913.584739-5-kadlec@netfilter.org/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/1.1/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<20260428151913.584739-5-kadlec@netfilter.org>", "date": "2026-04-28T15:19:12", "name": "[4/5] netfilter: ipset: skip gc when resize is in progress", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": true, "hash": "989c9db1f24aa0988a2fa726c0bb3394fffe531d", "submitter": { "id": 77226, "url": "http://patchwork.ozlabs.org/api/1.1/people/77226/?format=api", "name": "Jozsef Kadlecsik", "email": "kadlec@netfilter.org" }, "delegate": { "id": 11902, "url": "http://patchwork.ozlabs.org/api/1.1/users/11902/?format=api", "username": "strlen", "first_name": "Florian", "last_name": "Westphal", "email": "fw@strlen.de" }, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260428151913.584739-5-kadlec@netfilter.org/mbox/", "series": [ { "id": 501876, "url": "http://patchwork.ozlabs.org/api/1.1/series/501876/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=501876", "date": "2026-04-28T15:19:09", "name": "netfilter: ipset fixes", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/501876/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2229652/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2229652/checks/", "tags": {}, "headers": { "Return-Path": "\n <netfilter-devel+bounces-12256-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "netfilter-devel@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=blackhole.kfki.hu header.i=@blackhole.kfki.hu\n header.a=rsa-sha256 header.s=20151130 header.b=XaBWTjNB;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12256-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (1024-bit key) header.d=blackhole.kfki.hu\n header.i=@blackhole.kfki.hu header.b=\"XaBWTjNB\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=148.6.0.50", "smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=blackhole.kfki.hu" ], "Received": [ "from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4kcq5k2Mz1xvV\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 01:19:39 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 9E1FE301456F\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 15:19:28 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 7A6303AEF20;\n\tTue, 28 Apr 2026 15:19:27 +0000 (UTC)", "from smtp-out.kfki.hu (smtp-out.kfki.hu [148.6.0.50])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id C0945309DB5\n\tfor <netfilter-devel@vger.kernel.org>; Tue, 28 Apr 2026 15:19:22 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n\tby smtp1.kfki.hu (Postfix) with ESMTP id 4g4kcM4Dv5zGFDMb;\n\tTue, 28 Apr 2026 17:19:15 +0200 (CEST)", "from smtp1.kfki.hu ([127.0.0.1])\n by localhost (smtp1.kfki.hu [127.0.0.1]) (amavis, port 10026) with ESMTP\n id 4vnbmP7glSEG; Tue, 28 Apr 2026 17:19:13 +0200 (CEST)", "from mentat.rmki.kfki.hu (unknown [148.6.40.64])\n\t(Authenticated sender: kadlecsik.jozsef@wigner.hu)\n\tby smtp1.kfki.hu (Postfix) with ESMTPSA id 4g4kcK5CyRzGFDMp;\n\tTue, 28 Apr 2026 17:19:13 +0200 (CEST)", "by mentat.rmki.kfki.hu (Postfix, from userid 1000)\n\tid 7F4DE1413C9; Tue, 28 Apr 2026 17:19:13 +0200 (CEST)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777389565; cv=none;\n b=pjmEBSxeoqW4c1VThOJ5Tq7dnyKufWwI1NjpWapkFjMiV1vfRy+NN0ty3YA4G51m7wX+zONBJsB70XO4Ciij7Lcg6Li7uww+3TeqK37cYVXaNi7IWnW+xHOp6Pk44wRh6wvOVFPCP5YutKorJp3x+lROJTxgAmWktS2utJz4gjo=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777389565; c=relaxed/simple;\n\tbh=YMRdv06tjqMZu25GDu9ffERX/S8SHNcfCse75p9+4xE=;\n\th=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:\n\t MIME-Version;\n b=UDpRzMMhRxaYJ20qC4sOB8v70qybcwD0wtPYO2qieHGi0+uknaZTBt/BnatwafUKkiihVyJlf8V1naa2H0RaRFUKOtDUS/yuTJxvqGAKW2GxHShNPYmVTo5vSyeGuIFKryBwNsWwd96+7uNc2bHSUL5g2gFlZqN4SsFX0LX6AxA=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org;\n spf=pass smtp.mailfrom=blackhole.kfki.hu;\n dkim=pass (1024-bit key) header.d=blackhole.kfki.hu\n header.i=@blackhole.kfki.hu header.b=XaBWTjNB;\n arc=none smtp.client-ip=148.6.0.50", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=\n\tblackhole.kfki.hu; h=mime-version:references:in-reply-to\n\t:x-mailer:message-id:date:date:from:from:received:received\n\t:received; s=20151130; t=1777389553; x=1779203954; bh=0sqpPnatiz\n\trNd068vYgtXE27SpHermu69ZnJ7wzsIzA=; b=XaBWTjNB1XbPLrNBSv5wOgswhn\n\tvN7hBrO1MYQQ8gS0ao+BUaEDJxx7KRoV+b0WI6v1+SuGR5ZBi72ewkzD+C2vKD7B\n\tl9hGnH2q0LPEr4p9ZJ2yXWSdJQJ7NxJl9IfXnmv9/VRVzxiPerFZkD58bB13iQeu\n\tawGFlR9A3ypAZrmqk=", "X-Virus-Scanned": "Debian amavis at smtp1.kfki.hu", "From": "Jozsef Kadlecsik <kadlec@netfilter.org>", "To": "netfilter-devel@vger.kernel.org", "Cc": "Pablo Neira Ayuso <pablo@netfilter.org>", "Subject": "[PATCH 4/5] netfilter: ipset: skip gc when resize is in progress", "Date": "Tue, 28 Apr 2026 17:19:12 +0200", "Message-Id": "<20260428151913.584739-5-kadlec@netfilter.org>", "X-Mailer": "git-send-email 2.39.5", "In-Reply-To": "<20260428151913.584739-1-kadlec@netfilter.org>", "References": "<20260428151913.584739-1-kadlec@netfilter.org>", "Precedence": "bulk", "X-Mailing-List": "netfilter-devel@vger.kernel.org", "List-Id": "<netfilter-devel.vger.kernel.org>", "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "quoted-printable" }, "content": "Zhengchuan Liang reported that because resize does not copy\nthe comment extension into the resized set but uses it's pointer,\nongoing gc can free the extension in the original set which then\nresults stale pointer in the resized one. The proposed patch was\nto recreate the extensions for every element in the resized set.\nIt is both expensive and wastes memory, so better skip gc\nwhen resizing in progress detected: resizing will destroy\nthe original set anyway, so doing gc on it unnecessary.\n\nReported by: Zhengchuan Liang <zcliangcn@gmail.com>\nSigned-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>\n---\n net/netfilter/ipset/ip_set_hash_gen.h | 8 +++++++-\n 1 file changed, 7 insertions(+), 1 deletion(-)", "diff": "diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h\nindex 04e4627ddfc1..cc490460c52b 100644\n--- a/net/netfilter/ipset/ip_set_hash_gen.h\n+++ b/net/netfilter/ipset/ip_set_hash_gen.h\n@@ -508,6 +508,8 @@ mtype_gc_do(struct ip_set *set, struct htype *h, struct htable *t, u32 r)\n \t\t\tdata = ahash_data(n, j, dsize);\n \t\t\tif (!ip_set_timeout_expired(ext_timeout(data, set)))\n \t\t\t\tcontinue;\n+\t\t\tif (atomic_read(&t->ref))\n+\t\t\t\tgoto resize_in_progress;\n \t\t\tpr_debug(\"expired %u/%u\\n\", i, j);\n \t\t\tclear_bit(j, n->used);\n \t\t\tsmp_mb__after_atomic();\n@@ -552,6 +554,7 @@ mtype_gc_do(struct ip_set *set, struct htype *h, struct htable *t, u32 r)\n \t\t\tkfree_rcu(n, rcu);\n \t\t}\n \t}\n+resize_in_progress:\n \tspin_unlock_bh(&t->hregion[r].lock);\n }\n \n@@ -672,7 +675,10 @@ mtype_resize(struct ip_set *set, bool retried)\n \t\tspin_lock_init(&t->hregion[i].lock);\n \n \t/* There can't be another parallel resizing,\n-\t * but dumping, gc, kernel side add/del are possible\n+\t * but dumping, kernel side add/del are possible.\n+\t * gc must detect ongoing resize when comments are in use\n+\t * in order not to free the comment extension area shared\n+\t * between the original and resized sets.\n \t */\n \torig = ipset_dereference_bh_nfnl(h->table);\n \tatomic_set(&orig->ref, 1);\n", "prefixes": [ "4/5" ] }