Cover Letter Detail
Show a cover letter.
GET /api/1.2/covers/2232013/?format=api
{ "id": 2232013, "url": "http://patchwork.ozlabs.org/api/1.2/covers/2232013/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/cover/20260502075639.7440-1-fw@strlen.de/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/1.2/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260502075639.7440-1-fw@strlen.de>", "list_archive_url": null, "date": "2026-05-02T07:56:34", "name": "[nf,0/5] netfilter: xtables: fix module unload and teardown races", "submitter": { "id": 1025, "url": "http://patchwork.ozlabs.org/api/1.2/people/1025/?format=api", "name": "Florian Westphal", "email": "fw@strlen.de" }, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/cover/20260502075639.7440-1-fw@strlen.de/mbox/", "series": [ { "id": 502515, "url": "http://patchwork.ozlabs.org/api/1.2/series/502515/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=502515", "date": "2026-05-02T07:56:34", "name": "netfilter: xtables: fix module unload and teardown races", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/502515/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/covers/2232013/comments/", "headers": { "Return-Path": "\n <netfilter-devel+bounces-12389-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "netfilter-devel@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12389-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=91.216.245.30", "smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=strlen.de", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=Chamillionaire.breakpoint.cc" ], "Received": [ "from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g70cD4zJkz1yJ0\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 02 May 2026 17:57:00 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 31D21301E3DE\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 2 May 2026 07:56:50 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 8674B2FE582;\n\tSat, 2 May 2026 07:56:49 +0000 (UTC)", "from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc\n [91.216.245.30])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id B5A9A54652\n\tfor <netfilter-devel@vger.kernel.org>; Sat, 2 May 2026 07:56:47 +0000 (UTC)", "by Chamillionaire.breakpoint.cc (Postfix, from userid 1003)\n\tid BDBA1605BD; Sat, 02 May 2026 09:56:45 +0200 (CEST)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777708609; cv=none;\n b=VJykvtPdGhiiSub7JTJGfbSWMOa0WX8xrH8095XAwyVR7mnlqzz9ZEU8PBOxBsNy55LqfUljXJObIpQUwWbL6F44Tr4pqjuIcT5uHkuG10i2LVLJnPzfa/a1BInOtpc3gIP6zas0avtijj6rIs14qknFLIMhgYP4Ut8lPKX83pw=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777708609; c=relaxed/simple;\n\tbh=NXhrytk3agRuEAb3+AyYspuZoXLUP0F5bkQNXIIAivc=;\n\th=From:To:Cc:Subject:Date:Message-ID:MIME-Version;\n b=P0Tp/cz//W7JZOJjfmrdVrwDFzNKdKjIP+CEAG9YdwwyT6Dnruqgaji1wJJBl2sDn3894W4ZRhBXAtf3BmJbaRCqOV04WZmav8kIa2TbEvl+It9qkvyYsQJPSL5raUY46XXtOCFA22MSpzDYnp4ZTUut8v4r8uV39mqT7N+CeGM=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=strlen.de;\n spf=pass smtp.mailfrom=Chamillionaire.breakpoint.cc;\n arc=none smtp.client-ip=91.216.245.30", "From": "Florian Westphal <fw@strlen.de>", "To": "<netfilter-devel@vger.kernel.org>", "Cc": "tristan@talencesecurity.com,\n\tFlorian Westphal <fw@strlen.de>", "Subject": "[PATCH nf 0/5] netfilter: xtables: fix module unload and teardown\n races", "Date": "Sat, 2 May 2026 09:56:34 +0200", "Message-ID": "<20260502075639.7440-1-fw@strlen.de>", "X-Mailer": "git-send-email 2.53.0", "Precedence": "bulk", "X-Mailing-List": "netfilter-devel@vger.kernel.org", "List-Id": "<netfilter-devel.vger.kernel.org>", "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit" }, "content": "1) Fixes a potential NULL dereference in xtables hook unregistration during\nnetwork namespace exit. Allocate hook operations within xtables core\n*before* registering the table to avoid exposing a table with NULL\noperations. Ensure tables stop processing packets before teardown\nif hook registration fails.\n\n2) Refactor xtables to use a single `xt_unregister_table_pre_exit` function.\nEliminate code duplication by centralizing table unregistration logic\nwithin the xtables core. ebtables cannot be changed due to incompatibility.\n\n3) Unregister netfilter table templates before module removal. This prevents\na race condition where userspace instantiates a new table after the pernet\nunreg removed the current table.\n\n4) Add `xtables_unregister_table_exit` to fully unregister netfilter tables\nduring module removal. Unlink the table from dying lists, then free hook\noperations. Fixes an issue where userspace couldn't re-instantiate tables\nafter `rmmod`.\n\n5) Refactor ebtables table removal to a two-stage scheme, mirroring recent\nx_tables updates. Ensure table operations assignment happens while holding\nthe ebt mutex.\n\nFlorian Westphal (5):\n netfilter: xtables: allocate hook ops while under mutex\n netfilter: x_tables: add and use xt_unregister_table_pre_exit\n netfilter: x_tables: unregister the templates first\n netfilter: x_tables: add and use xtables_unregister_table_exit\n netfilter: ebtables: move to two-stage removal scheme\n\n include/linux/netfilter/x_tables.h | 4 +-\n include/linux/netfilter_arp/arp_tables.h | 1 -\n include/linux/netfilter_ipv4/ip_tables.h | 1 -\n include/linux/netfilter_ipv6/ip6_tables.h | 1 -\n net/bridge/netfilter/ebtable_broute.c | 2 +-\n net/bridge/netfilter/ebtable_nat.c | 2 +-\n net/bridge/netfilter/ebtables.c | 52 +++++---\n net/ipv4/netfilter/arp_tables.c | 53 ++------\n net/ipv4/netfilter/arptable_filter.c | 4 +-\n net/ipv4/netfilter/ip_tables.c | 59 ++-------\n net/ipv4/netfilter/iptable_filter.c | 4 +-\n net/ipv4/netfilter/iptable_mangle.c | 4 +-\n net/ipv4/netfilter/iptable_nat.c | 1 +\n net/ipv4/netfilter/iptable_raw.c | 4 +-\n net/ipv4/netfilter/iptable_security.c | 4 +-\n net/ipv6/netfilter/ip6_tables.c | 56 ++-------\n net/ipv6/netfilter/ip6table_filter.c | 4 +-\n net/ipv6/netfilter/ip6table_mangle.c | 4 +-\n net/ipv6/netfilter/ip6table_nat.c | 1 +\n net/ipv6/netfilter/ip6table_raw.c | 4 +-\n net/ipv6/netfilter/ip6table_security.c | 4 +-\n net/netfilter/x_tables.c | 144 +++++++++++++++++++---\n 22 files changed, 205 insertions(+), 208 deletions(-)" }