[{"id":3687982,"web_url":"http://patchwork.ozlabs.org/comment/3687982/","msgid":"<afzXDEIOvOSfHC34@strlen.de>","list_archive_url":null,"date":"2026-05-07T18:16:44","subject":"Re: [PATCH nft v2 0/2] netfilter: fix expectation reference leaks","submitter":{"id":1025,"url":"http://patchwork.ozlabs.org/api/people/1025/","name":"Florian Westphal","email":"fw@strlen.de"},"content":"Li Xiasong <lixiasong1@huawei.com> wrote:\n> this series fixes two expectation reference leaks in netfilter.\n\nNo need to resend, but [PATCH nft] means: 'this is nftables.git' (i.e.\nuserspace).  This should be [PATCH v2 nf].\n\n> The first patch simplifies SIP REGISTER handling by validating helper\n> availability before expectation allocation, removing an early-return\n> leak path.\n> \n> The second patch adds a missing nf_ct_expect_put() in nft_ct expectation\n> object evaluation to balance the allocation reference.\n\nThanks for v2.  Reviewed-by: Florian Westphal <fw@strlen.de>","headers":{"Return-Path":"\n <netfilter-devel+bounces-12483-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c09:e001:a7::12fc:5321; helo=sto.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12483-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=91.216.245.30","smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=strlen.de","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=strlen.de"],"Received":["from sto.lore.kernel.org (sto.lore.kernel.org\n [IPv6:2600:3c09:e001:a7::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4gBL7C732Lz1yKd\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 08 May 2026 04:16:55 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sto.lore.kernel.org (Postfix) with ESMTP id E2F68300A304\n\tfor <incoming@patchwork.ozlabs.org>; Thu,  7 May 2026 18:16:52 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id D7B7431F9A1;\n\tThu,  7 May 2026 18:16:51 +0000 (UTC)","from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc\n [91.216.245.30])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 2CABD287510\n\tfor <netfilter-devel@vger.kernel.org>; Thu,  7 May 2026 18:16:48 +0000 (UTC)","by Chamillionaire.breakpoint.cc (Postfix, from userid 1003)\n\tid 2A03060D43; Thu, 07 May 2026 20:16:46 +0200 (CEST)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1778177811; cv=none;\n b=deNdBJ3Fa2czLrSdurVYLGI828wIaTbzYWLenobu4klKWVdwxvLUspVQ+rH8MAfklGUx3VzIhmoMmpVc82GcjprRaBTsca01chA0KWhi4wd/a0DaeqjLD2/DHDcTyxsT5G5fio/cYhLOHwQ4UJ2OXaaDejfmKEIcRRw+mVaH5OE=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1778177811; c=relaxed/simple;\n\tbh=qkpkbOiwdijebO1HF11k5pC3+A3GSR7yt1fJQnj5WsA=;\n\th=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:\n\t Content-Type:Content-Disposition:In-Reply-To;\n b=GL/N9B0E9Aqn5v9SUDUvnR2jMoFp/xkcER2r+DF+S8/VdZRjJr2nPsNSnHXd/QrOYP6Hz88PqgNL+B48X/0NpsO9CLEgkOJEIgmESPt/cw6fvk2MuJDjNVP6zS79EWbaPFAlV0E8tHqUGvhwfAfwpjh0vRnkjzT1bwH/uoc1td4=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=strlen.de;\n spf=pass smtp.mailfrom=strlen.de; arc=none smtp.client-ip=91.216.245.30","Date":"Thu, 7 May 2026 20:16:44 +0200","From":"Florian Westphal <fw@strlen.de>","To":"Li Xiasong <lixiasong1@huawei.com>","Cc":"netfilter-devel@vger.kernel.org,\n\tPablo Neira Ayuso <pablo@netfilter.org>, Phil Sutter <phil@nwl.cc>,\n\tcoreteam@netfilter.org, yuehaibing@huawei.com,\n\tzhangchangzhong@huawei.com, weiyongjun1@huawei.com","Subject":"Re: [PATCH nft v2 0/2] netfilter: fix expectation reference leaks","Message-ID":"<afzXDEIOvOSfHC34@strlen.de>","References":"<20260507140423.3734545-1-lixiasong1@huawei.com>","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"<netfilter-devel.vger.kernel.org>","List-Subscribe":"<mailto:netfilter-devel+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:netfilter-devel+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Type":"text/plain; charset=us-ascii","Content-Disposition":"inline","In-Reply-To":"<20260507140423.3734545-1-lixiasong1@huawei.com>"}}]