[{"id":3678113,"web_url":"http://patchwork.ozlabs.org/comment/3678113/","msgid":"<46239684-3c91-42d9-b7e1-5d90c3169053@redhat.com>","list_archive_url":null,"date":"2026-04-16T11:36:10","subject":"Re: [PATCH net 14/14] netfilter: nf_tables: add hook transactions for\n device deletions","submitter":{"id":67312,"url":"http://patchwork.ozlabs.org/api/people/67312/","name":"Paolo Abeni","email":"pabeni@redhat.com"},"content":"On 4/16/26 3:31 AM, Pablo Neira Ayuso wrote:\n> @@ -10920,9 +11007,8 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)\n>  \t\t\t\tnf_tables_chain_notify(&ctx, NFT_MSG_DELCHAIN,\n>  \t\t\t\t\t\t       &nft_trans_chain_hooks(trans));\n\nAI notes that nf_tables_chain_notify() can now receive struct\nnft_trans_hook arguments and it ends up calling nft_dump_basechain_hook\nwhich expects nft_hook, possibly causing out-of-bounds slab read when\naccessing hook->ifname.\n\nIt looks real to me. Possibly worthy strip this patch from the PR?\n\n/P","headers":{"Return-Path":"\n <netfilter-devel+bounces-11965-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=L1/22gGF;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=google header.b=Jx/g9tNB;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-11965-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com\n header.b=\"L1/22gGF\";\n\tdkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com\n header.b=\"Jx/g9tNB\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=170.10.133.124","smtp.subspace.kernel.org;\n dmarc=pass (p=quarantine dis=none) header.from=redhat.com","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=redhat.com"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fxGKf4ZHLz1yCv\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 16 Apr 2026 21:40:38 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 695C9306C87E\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 16 Apr 2026 11:36:20 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 7DEC23ACA6E;\n\tThu, 16 Apr 2026 11:36:19 +0000 (UTC)","from us-smtp-delivery-124.mimecast.com\n (us-smtp-delivery-124.mimecast.com [170.10.133.124])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id AA31A3A7F50\n\tfor <netfilter-devel@vger.kernel.org>; Thu, 16 Apr 2026 11:36:17 +0000 (UTC)","from mail-wm1-f70.google.com (mail-wm1-f70.google.com\n [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS\n (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id\n us-mta-478-qYeWDY3oMdqHMvrbx749fw-1; Thu, 16 Apr 2026 07:36:14 -0400","by mail-wm1-f70.google.com with SMTP id\n 5b1f17b1804b1-488d6ebe9cfso53668435e9.2\n        for <netfilter-devel@vger.kernel.org>;\n Thu, 16 Apr 2026 04:36:14 -0700 (PDT)","from [192.168.88.32] ([150.228.93.122])\n        by smtp.gmail.com with ESMTPSA id\n 5b1f17b1804b1-488f582368dsm56423145e9.11.2026.04.16.04.36.11\n        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);\n        Thu, 16 Apr 2026 04:36:12 -0700 (PDT)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776339379; cv=none;\n b=FsKArd54H5IHS7oTN6O+KHjMkZh4vBLVsLh5o8I1NLLuOjAQRo0yA4+wTbuRfUnL+0y4ti1Fw4eXDJ40vBtpoKFrG/yCOTdMdFpDkSNa0LXVvfNxUWoLHkSFXWjAGhwRfHg3/MeXlD8hLeh+TU9EajSY36Kpu05uZ767tAnsHo0=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776339379; c=relaxed/simple;\n\tbh=ATPXPRSUwMhlt8ECwRArkbXzpHSbMy5MlkubYNi7w9s=;\n\th=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:\n\t In-Reply-To:Content-Type;\n b=Z3rVZwl8qw+tkle3X+HqnXGeNQOVUUOTHF4s1uao0tzbMIQpTuxqIGJdD6EEWpAaBZUDLRpmPD2BchwQDV74rZ+PugxSpaDldTJ1FBMp5B9Do/1wkJrc24nFhGYJA4ZKtpnnECfZtoVDXxqUrouHvHnOsqghAzakSMrocjqQPDQ=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=quarantine dis=none) header.from=redhat.com;\n spf=pass smtp.mailfrom=redhat.com;\n dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com\n header.b=L1/22gGF;\n dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com\n header.b=Jx/g9tNB; arc=none smtp.client-ip=170.10.133.124","DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n\ts=mimecast20190719; t=1776339376;\n\th=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n\t to:to:cc:cc:mime-version:mime-version:content-type:content-type:\n\t content-transfer-encoding:content-transfer-encoding:\n\t in-reply-to:in-reply-to:references:references;\n\tbh=gwhKAmoYjds9QSiVSsV9iNgED3v7mL/c4iVZV29Op3E=;\n\tb=L1/22gGF6nPVw1e/mCWysQeTHGeqV++uZ0EALF2ysOnkVKi/1AMUMVYKO3eFcbFpaK1ZHb\n\tRLiBLcG5TuvHIisTnqUntAnxpgGkZcXqEd8+hndxj2fTW0lNxn8n5pRIGhY2e2WpfqU4uZ\n\tMuk7WLzD1iMFPcgWNGtc9bmTqweHsCQ=","v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=redhat.com; s=google; t=1776339373; x=1776944173;\n darn=vger.kernel.org;\n        h=content-transfer-encoding:in-reply-to:from:content-language\n         :references:cc:to:subject:user-agent:mime-version:date:message-id\n         :from:to:cc:subject:date:message-id:reply-to;\n        bh=gwhKAmoYjds9QSiVSsV9iNgED3v7mL/c4iVZV29Op3E=;\n        b=Jx/g9tNBMqQi/0CCFeq0Cu0mvKaxMyk6pS9vZlHJEoSG0PDbMimi3OuNdFpwiq+4C0\n         lrAqsndP3gbbpCkhKRAeFk+BPtTt5dSZAK28niw6t5g/DVW6bDUIq7mSPkJ7OlZkMeur\n         sN8yQzjBzVpFBebIMUMHA0iGBRbHf4YvT66VaECDkWBrqOvq23V6obS5miZLbQjwcRzV\n         MNHwjEIcwvQBjCnSpJ6p2LBOuMm1tvD52vdpVRcl4bP4q+s82ZpNNR8lzcVPCOGcTNGm\n         Bp9n6C/rnaZ7qhQcnk5VPH+qwArUZxE8yIM+a1dPp6sctLNFzvUiMF6Xhs2uA1mDPIel\n         bAkw=="],"X-MC-Unique":"qYeWDY3oMdqHMvrbx749fw-1","X-Mimecast-MFC-AGG-ID":"qYeWDY3oMdqHMvrbx749fw_1776339373","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=1e100.net; s=20251104; t=1776339373; x=1776944173;\n        h=content-transfer-encoding:in-reply-to:from:content-language\n         :references:cc:to:subject:user-agent:mime-version:date:message-id\n         :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id\n         :reply-to;\n        bh=gwhKAmoYjds9QSiVSsV9iNgED3v7mL/c4iVZV29Op3E=;\n        b=FuZdMqFSKPeGFpkic1FsIxQqrFYGRAg12KurZ4mULdPotOINPDIrFG/yvqkMTjRf/3\n         VZMVcX6wavZ2IG22xwa95MTsJ+d6UDFofewJNCBbfDVqtgm6YuLansfW46aljNJsCp+u\n         xwPLCrDb3hp5Qyw2ayfwo2JtaTWtaoPCQ3td1vKJCq5idDbdWtiGPMArD4L0n/5lGzjk\n         m4CbFLe2P25wi9hFbbz8eos2CtH0MArL6J6EYcyZ5rDaUHt2l+PPSB7XKwqF5rnyEws2\n         nBmls9Ik/qa2ZJ1QMXrJ1iILGlpLXyft3+OOAi1Bmm56cQ7732FbekUwCtgRjaaSWwea\n         PnIQ==","X-Forwarded-Encrypted":"i=1;\n AFNElJ+HMnHWkXYwKkV1guxAFUO4QXDQlG4P2h1STU6aB5xIiuSrAAQFXOjV6jwIdnmxUon+bzqGKbE+dBL4OU1T+ds=@vger.kernel.org","X-Gm-Message-State":"AOJu0Yy+lMizVO8wpxVvuT6Qh1aFjW5GmNXGuO/VyBN2h0JD782HM2e9\n\tYVcjTZBaRU3jpMukJDkLM1YBeB4zicnjKgnT6IK2T7zXhB1FAcnaqHxWDsyh9Pq4CA1ll3/a/Ob\n\tPamgZau5L4Vl7N2NqpjgNLZLDZAnpw/sZZk/FL7KewTo/SrIvZiVWGfvCDOZdSPA7O8BnsA==","X-Gm-Gg":"AeBDiet4CWyLHZerwLgvnpYsaxQ7NJnT+/GVsuV3k2EhpoH6MsaItlPRCEmT6dWcgAH\n\tGozM5CBNgfWKhMODw8GfPwxdH8QXU6AzG2CkPEnukKfRK38YX8p6cZzaD21m0itJMcVGilYiGts\n\t/D5XS69SlVbbljJoqqdNWN02PtpXU9mkV/JZ9A/IM+j92kfcVMwp4ikaqssuFVgoViluFnKSNxY\n\tluyzv13q0hsOm66nn+vQnMOQVJnVZACj3oeb66W72CG7nmUEuOXZvHYOWCXzYvhwjPesd0zcvbD\n\tQL7mt1X4A5tQMnl4FQ6NCKl7+ZVrf9qMiIbfTcdosqzdh90HsqmmH6q45Un/3YwrTEiOkRIA+FT\n\tEpMB0L1Kl+kVwKwTIN9aqVs9rAmbcUcMwZXsiAIE/wZf6PaMCK3t3RCm+pnoDM7V4CMY=","X-Received":["by 2002:a05:600c:5249:b0:480:1d0b:2d32 with SMTP id\n 5b1f17b1804b1-488d67fcf67mr326261795e9.12.1776339373383;\n        Thu, 16 Apr 2026 04:36:13 -0700 (PDT)","by 2002:a05:600c:5249:b0:480:1d0b:2d32 with SMTP id\n 5b1f17b1804b1-488d67fcf67mr326261255e9.12.1776339372865;\n        Thu, 16 Apr 2026 04:36:12 -0700 (PDT)"],"Message-ID":"<46239684-3c91-42d9-b7e1-5d90c3169053@redhat.com>","Date":"Thu, 16 Apr 2026 13:36:10 +0200","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"<netfilter-devel.vger.kernel.org>","List-Subscribe":"<mailto:netfilter-devel+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:netfilter-devel+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","User-Agent":"Mozilla Thunderbird","Subject":"Re: [PATCH net 14/14] netfilter: nf_tables: add hook transactions for\n device deletions","To":"Pablo Neira Ayuso <pablo@netfilter.org>, netfilter-devel@vger.kernel.org","Cc":"davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org,\n edumazet@google.com, fw@strlen.de, horms@kernel.org","References":"<20260416013101.221555-1-pablo@netfilter.org>\n <20260416013101.221555-15-pablo@netfilter.org>","Content-Language":"en-US","From":"Paolo Abeni <pabeni@redhat.com>","In-Reply-To":"<20260416013101.221555-15-pablo@netfilter.org>","Content-Type":"text/plain; charset=UTF-8","Content-Transfer-Encoding":"7bit"}}]