{"id":2218772,"url":"http://patchwork.ozlabs.org/api/1.0/patches/2218772/?format=json","project":{"id":15,"url":"http://patchwork.ozlabs.org/api/1.0/projects/15/?format=json","name":"Ubuntu Kernel","link_name":"ubuntu-kernel","list_id":"kernel-team.lists.ubuntu.com","list_email":"kernel-team@lists.ubuntu.com","web_url":null,"scm_url":null,"webscm_url":null},"msgid":"<20260401215945.1178081-1-tim.whisonant@canonical.com>","date":"2026-04-01T21:59:44","name":"[SRU,J,1/2] netfilter: nf_tables: de-constify set commit ops function argument","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"26fb66d6b0616ec90c8d76642397803f807047e8","submitter":{"id":89903,"url":"http://patchwork.ozlabs.org/api/1.0/people/89903/?format=json","name":"Tim Whisonant","email":"tim.whisonant@canonical.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/20260401215945.1178081-1-tim.whisonant@canonical.com/mbox/","series":[{"id":498398,"url":"http://patchwork.ozlabs.org/api/1.0/series/498398/?format=json","date":"2026-04-01T21:59:44","name":"CVE-2026-23351","version":1,"mbox":"http://patchwork.ozlabs.org/series/498398/mbox/"}],"check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2218772/checks/","tags":{},"headers":{"Return-Path":"<kernel-team-bounces@lists.ubuntu.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (4096-bit key;\n unprotected) header.d=canonical.com header.i=@canonical.com\n header.a=rsa-sha256 header.s=20251003 header.b=PFGAMgUx;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fmJnC5ycvz1yKh\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 02 Apr 2026 08:59:59 +1100 (AEDT)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1w83bM-0007RO-QG; Wed, 01 Apr 2026 21:59:52 +0000","from smtp-relay-internal-0.internal ([10.131.114.225]\n helo=smtp-relay-internal-0.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from <tim.whisonant@canonical.com>)\n id 1w83bL-0007QZ-Ni\n for kernel-team@lists.ubuntu.com; Wed, 01 Apr 2026 21:59:51 +0000","from mail-oi1-f199.google.com (mail-oi1-f199.google.com\n [209.85.167.199])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 91BD23F645\n for <kernel-team@lists.ubuntu.com>; Wed,  1 Apr 2026 21:59:51 +0000 (UTC)","by mail-oi1-f199.google.com with SMTP id\n 5614622812f47-467dceb8e77so1080364b6e.1\n for <kernel-team@lists.ubuntu.com>; Wed, 01 Apr 2026 14:59:51 -0700 (PDT)","from localhost (104-6-108-11.lightspeed.frokca.sbcglobal.net.\n [104.6.108.11]) by smtp.gmail.com with ESMTPSA id\n 5614622812f47-46d92a552f2sm531655b6e.11.2026.04.01.14.59.46\n for <kernel-team@lists.ubuntu.com>\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 01 Apr 2026 14:59:47 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;\n s=20251003; t=1775080791;\n bh=ITzxRI7jTW37Hz/wTPVtNeoibJJ3qbW4qyYMX2M6Wrs=;\n h=From:To:Subject:Date:Message-ID:In-Reply-To:References:\n MIME-Version;\n b=PFGAMgUx44kRFFojfw7JRyyJrWgMifB2siik9XOAzIZvVZTpGbltg+B7fDpt/B2bJ\n l8VfLoAnNz+H2zV6qWrFRNd+4QLaGkfSr36Pn4Qrw6tRNMvGVRS/y0KTQ38AJCEd6z\n KLvouXPln7twJoUklQmzw3EgZpZeUDTWn9G6x53nn1+Nd3BXtaCKuGlaqBpvs4JZim\n QbxT/lEg5oua+TH3gLarAr0S3OchLDUI28js3RRBB6IWM+yl9X00IHK7dKmPStzotC\n sVyphk8yxq+t6NZNm8zumhAC3IFh1YvLcTBmQ/3oNxnqQYIkVQWalFfSF8cphNpSIb\n fx3dGUF4CoqOlwmnyA2gnyNE6L9cydedA1YdZE5vhQDWtQ8RWseQ1h6Bs3dFqVPhJ/\n 7BogoSrNrdOOm+bo/axfaIb+LGatil5j7WLGc6BRR3YRoWaBejhRV5F/bPEnaLAT9L\n gusIzQgboZf4bBFZOMQKF4FZUNI7bHy42SD2JpTeNjiouFNtbEPb5YbPG9vKW9Q2jN\n LM2jTpMNQOUc16GSgevas1Rg9MxZvlAfHbA7jJBDEOV7MuVK6q+EdTMNL7P4AObAbo\n 1/eD1pAQIYfpC3bjQfQ43ttv/V4JE2VCW+6mTIypAw22qbqpZv5KP/KD9YF9xnIDA2\n vqMfMG8nfzaXyS3T1pcAcYys=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775080789; x=1775685589;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to\n :cc:subject:date:message-id:reply-to;\n bh=ITzxRI7jTW37Hz/wTPVtNeoibJJ3qbW4qyYMX2M6Wrs=;\n b=cGrzjD8P/3ivOIKLDrqki4fhhPzkDx9f2vcckrYXil9qmFwZcR7ApgT60ZnrRY7P63\n doHJ4//9WEb1SQHXRoTSYRH+OLmBoltq2JO9p5YMtbNqeRz10u8dPTEDsTqrBZUCLoRs\n olq/LQa2GpcCmHOA7v2naWzWE0jbVlBLJf1jUk0EYpu9V2/xBU0GJY+y6h9n3vAIdsKx\n 0qgmrm1iO//KovbG/QmrqOuSROYaCcGfpxZTU76W6buz5OIsaTzQJVMHNBIOeVUHIQWx\n 3t5esrZJu7x0g78bKf4HgwKfblPYHh9fyR1kBdTdB8yCLfIRPAMNDwQGGqLFkqoIi53u\n XulQ==","X-Gm-Message-State":"AOJu0YxG7gLtt3dVK7sPQ3/p+fF05S6m0JajtTNzTKMzC/2khNBBET0N\n 80XpGcG3t4PxlAqEe2IUbFWXqXEU3I6WqytaIXT28Dx4FlRSaOGSc/ikQ/mSE5D91g6gaPgob3F\n UGhyb8tcI1yANXf0yL+wIc9Bp8X/uyi4g12R5M97Zuw62F+fNMSIaYVnMa5G9K9vBGBYHBtJnuQ\n fLLvpVj1qYVhMpzg==","X-Gm-Gg":"ATEYQzx7kkBf9zP6G2HBXzsHqyN/JezldMKlyziyl80ssteZBAbsiizCTVm54nWqJ6G\n 8v43dqk/2PxbiQSmMS/iVqweLzMbWeS55bIOEy1q06NhV5ymt7E9XfptEvajEaGqMwif5H+fqvi\n MYVOm9mhLpwBt88RtRRKeTKPK0Lv6HcV/JEv6g7dAle7pDixXAST7YXrqqdSlWUUR2N9a/fsT6m\n Gcx3DWFvYcgECNWFykrfnbNExUD0umQaRUKupoy8V3ELrhUExWe+U+wen+r2UaILabEiXLAJ5nr\n ZlPtGVtio3dY5w9RgsqB8C5/UUZPVvycR5LPoUvuj0zz3enn1gRC8T0emHFEgsREhP0E/Wqi450\n 1C8O6S/JJA2wzozCgylkssKi9O98wR2BB74JUnnMgGnK+Vi6N6pfhKql7EDol/xt73pmSvuVq+5\n cHig==","X-Received":["by 2002:a05:6808:4fdf:b0:468:776:1e92 with SMTP id\n 5614622812f47-46ae014b153mr2715171b6e.36.1775080789601;\n Wed, 01 Apr 2026 14:59:49 -0700 (PDT)","by 2002:a05:6808:4fdf:b0:468:776:1e92 with SMTP id\n 5614622812f47-46ae014b153mr2715155b6e.36.1775080789142;\n Wed, 01 Apr 2026 14:59:49 -0700 (PDT)"],"From":"Tim Whisonant <tim.whisonant@canonical.com>","To":"kernel-team@lists.ubuntu.com","Subject":"[SRU][J][PATCH 1/2] netfilter: nf_tables: de-constify set commit ops\n function argument","Date":"Wed,  1 Apr 2026 14:59:44 -0700","Message-ID":"<20260401215945.1178081-1-tim.whisonant@canonical.com>","X-Mailer":"git-send-email 2.43.0","In-Reply-To":"<20260401215940.1178046-1-tim.whisonant@canonical.com>","References":"<20260401215940.1178046-1-tim.whisonant@canonical.com>","MIME-Version":"1.0","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions <kernel-team.lists.ubuntu.com>","List-Unsubscribe":"<https://lists.ubuntu.com/mailman/options/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>","List-Archive":"<https://lists.ubuntu.com/archives/kernel-team>","List-Post":"<mailto:kernel-team@lists.ubuntu.com>","List-Help":"<mailto:kernel-team-request@lists.ubuntu.com?subject=help>","List-Subscribe":"<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"},"content":"From: Florian Westphal <fw@strlen.de>\n\nThe set backend using this already has to work around this via ugly\ncast, don't spread this pattern.\n\nSigned-off-by: Florian Westphal <fw@strlen.de>\n(cherry picked from commit 256001672153af5786c6ca148114693d7d76d836)\nCVE-2026-23351\nSigned-off-by: Tim Whisonant <tim.whisonant@canonical.com>\n---\n include/net/netfilter/nf_tables.h | 2 +-\n net/netfilter/nft_set_pipapo.c    | 7 +++----\n 2 files changed, 4 insertions(+), 5 deletions(-)","diff":"diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h\nindex 41be9a6b21dcc..1296dbcf675ec 100644\n--- a/include/net/netfilter/nf_tables.h\n+++ b/include/net/netfilter/nf_tables.h\n@@ -455,7 +455,7 @@ struct nft_set_ops {\n \t\t\t\t\t       const struct nft_set *set,\n \t\t\t\t\t       const struct nft_set_elem *elem,\n \t\t\t\t\t       unsigned int flags);\n-\tvoid\t\t\t\t(*commit)(const struct nft_set *set);\n+\tvoid\t\t\t\t(*commit)(struct nft_set *set);\n \tvoid\t\t\t\t(*abort)(const struct nft_set *set);\n \tu64\t\t\t\t(*privsize)(const struct nlattr * const nla[],\n \t\t\t\t\t\t    const struct nft_set_desc *desc);\ndiff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c\nindex 100ebb7c4b2ad..12e077fb8f4e8 100644\n--- a/net/netfilter/nft_set_pipapo.c\n+++ b/net/netfilter/nft_set_pipapo.c\n@@ -1578,12 +1578,11 @@ static void nft_pipapo_gc_deactivate(struct net *net, struct nft_set *set,\n \n /**\n  * pipapo_gc() - Drop expired entries from set, destroy start and end elements\n- * @_set:\tnftables API set representation\n+ * @set:\tnftables API set representation\n  * @m:\t\tMatching data\n  */\n-static void pipapo_gc(const struct nft_set *_set, struct nft_pipapo_match *m)\n+static void pipapo_gc(struct nft_set *set, struct nft_pipapo_match *m)\n {\n-\tstruct nft_set *set = (struct nft_set *) _set;\n \tstruct nft_pipapo *priv = nft_set_priv(set);\n \tstruct net *net = read_pnet(&set->net);\n \tu64 tstamp = nft_net_tstamp(net);\n@@ -1698,7 +1697,7 @@ static void pipapo_reclaim_match(struct rcu_head *rcu)\n  * We also need to create a new working copy for subsequent insertions and\n  * deletions.\n  */\n-static void nft_pipapo_commit(const struct nft_set *set)\n+static void nft_pipapo_commit(struct nft_set *set)\n {\n \tstruct nft_pipapo *priv = nft_set_priv(set);\n \tstruct nft_pipapo_match *new_clone, *old;\n","prefixes":["SRU","J","1/2"]}