{"id":2226555,"url":"http://patchwork.ozlabs.org/api/patches/2226555/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/aa7edd8cd7d1c5d337d5b6bfb0747d1829862296.1776819297.git.zcliangcn@gmail.com/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<aa7edd8cd7d1c5d337d5b6bfb0747d1829862296.1776819297.git.zcliangcn@gmail.com>","list_archive_url":null,"date":"2026-04-22T15:41:41","name":"[nf,1/1] netfilter: ipset: keep comment extensions private on resize","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"8253d8435b33783608ddf9e6806233c77dbb88dc","submitter":{"id":92912,"url":"http://patchwork.ozlabs.org/api/people/92912/?format=json","name":"Ren Wei","email":"n05ec@lzu.edu.cn"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/aa7edd8cd7d1c5d337d5b6bfb0747d1829862296.1776819297.git.zcliangcn@gmail.com/mbox/","series":[{"id":501036,"url":"http://patchwork.ozlabs.org/api/series/501036/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=501036","date":"2026-04-22T15:41:41","name":"[nf,1/1] netfilter: ipset: keep comment extensions private on resize","version":1,"mbox":"http://patchwork.ozlabs.org/series/501036/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2226555/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2226555/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n <netfilter-devel+bounces-12139-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12139-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=209.97.182.222","smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=lzu.edu.cn","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=lzu.edu.cn"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g13c34HP8z1yD5\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 23 Apr 2026 01:51:15 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 88D2B3058153\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 22 Apr 2026 15:49:51 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id CCAEA365A0B;\n\tWed, 22 Apr 2026 15:49:40 +0000 (UTC)","from zg8tmja5ljk3lje4mi4ymjia.icoremail.net\n (zg8tmja5ljk3lje4mi4ymjia.icoremail.net [209.97.182.222])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id F2BB53783A0\n\tfor <netfilter-devel@vger.kernel.org>; Wed, 22 Apr 2026 15:49:34 +0000 (UTC)","from enjou-Legion-Y7000P-2019.coin-barley.ts.net (unknown\n [172.23.56.36])\n\tby app1 (Coremail) with SMTP id ygmowAAHe_v27ehpevPaAA--.16893S3;\n\tWed, 22 Apr 2026 23:49:21 +0800 (CST)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776872979; cv=none;\n b=ifUwhUoYq8abwUVt35BFNZYVi8GCRboNLE0VPhyjLI9meGln9GFLrMJ5XDuvG34frmYiDvO+PLrnBlt37R6spgQrcYlXtGMAQfEW+6CZJPQxj85WZqet2fE5GlK6OTsWFCt6HG/IiMCQeja+bX+7MKXbuPZ46O9y1oQPMus4Gno=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776872979; c=relaxed/simple;\n\tbh=tWcZQ66fX8VN+MMQvWY55GqEOT5Ec5ncMvI8xiZ8EEA=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=nQaRbqUfsLVVxOomsA+XTW2+2knA5Gzvm8w0qd7C95ypROQzeGi9W0WsU4FgEe9AwWWyAhpu2/UQN88ZMuN5gO33SddBQMmsLCZIqQo870yIXePvOokaiLeFJVVMs3OCLzn83R47MZkdeRXuFh8P9t1liPKEGWaH6s6tmU12G+0=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=lzu.edu.cn;\n spf=pass smtp.mailfrom=lzu.edu.cn; arc=none smtp.client-ip=209.97.182.222","From":"Ren Wei <n05ec@lzu.edu.cn>","To":"netfilter-devel@vger.kernel.org","Cc":"pablo@netfilter.org,\n\tfw@strlen.de,\n\tphil@nwl.cc,\n\tdavem@davemloft.net,\n\tedumazet@google.com,\n\tkuba@kernel.org,\n\tpabeni@redhat.com,\n\thorms@kernel.org,\n\tkees@kernel.org,\n\tyuantan098@gmail.com,\n\tkadlec@netfilter.org,\n\tyifanwucs@gmail.com,\n\tzhen.ni@easystack.cn,\n\ttomapufckgml@gmail.com,\n\tbird@lzu.edu.cn,\n\tzcliangcn@gmail.com,\n\tn05ec@lzu.edu.cn","Subject":"[PATCH nf 1/1] netfilter: ipset: keep comment extensions private on\n resize","Date":"Wed, 22 Apr 2026 23:41:41 +0800","Message-ID":"\n <aa7edd8cd7d1c5d337d5b6bfb0747d1829862296.1776819297.git.zcliangcn@gmail.com>","X-Mailer":"git-send-email 2.51.0","In-Reply-To":"<cover.1776819297.git.zcliangcn@gmail.com>","References":"<cover.1776819297.git.zcliangcn@gmail.com>","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"<netfilter-devel.vger.kernel.org>","List-Subscribe":"<mailto:netfilter-devel+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:netfilter-devel+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-CM-TRANSID":"ygmowAAHe_v27ehpevPaAA--.16893S3","X-Coremail-Antispam":"1UD129KBjvJXoW3JFyxGFWUZF13tw1DZrW5Wrg_yoW7tr1fpF\n\t15C347trn5WF47CrWkAw4xZryYgan5Cr17J34fW3sayw1Dtrs5tanYkrySv3WUGryUKrWr\n\tJ3W5Ka909r15WaDanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2\n\t9KBjDU0xBIdaVrnRJUUUB21xkIjI8I6I8E6xAIw20EY4v20xvaj40_Wr0E3s1l1IIY67AE\n\tw4v_Jr0_Jr4l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0rcxSw2x7M28EF7xvwVC0I7IYx2\n\tIY67AKxVW5JVW7JwA2z4x0Y4vE2Ix0cI8IcVCY1x0267AKxVW8Jr0_Cr1UM28EF7xvwVC2\n\tz280aVAFwI0_GcCE3s1l84ACjcxK6I8E87Iv6xkF7I0E14v26rxl6s0DM2AIxVAIcxkEcV\n\tAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40Ex7xfMcIj6xIIjxv20xvE14v26r10\n\t6r15McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7v_Jr0_Gr1lF7xvr2IYc2Ij64\n\tvIr41lF7I21c0EjII2zVCS5cI20VAGYxC7M4IIrI8v6xkF7I0E8cxan2IY04v7MxkF7I0E\n\tn4kS14v26r4a6rW5MxkIecxEwVCm-wCF04k20xvY0x0EwIxGrwCF04k20xvE74AGY7Cv6c\n\tx26r48MxC20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E5I8CrVAFwI0_Jr0_Jr4lx2IqxVCj\n\tr7xvwVAFwI0_JrI_JrWlx4CE17CEb7AF67AKxVW8ZVWrXwCIc40Y0x0EwIxGrwCI42IY6x\n\tIIjxv20xvE14v26r1j6r1xMIIF0xvE2Ix0cI8IcVCY1x0267AKxVWxJVW8Jr1lIxAIcVCF\n\t04k26cxKx2IYs7xG6r1j6r1xMIIF0xvEx4A2jsIE14v26r1j6r4UMIIF0xvEx4A2jsIEc7\n\tCjxVAFwI0_Gr1j6F4UJbIYCTnIWIevJa73UjIFyTuYvjfUUxR6UUUUU","X-CM-SenderInfo":"zqqvvuo6o23hxhgxhubq/1tbiAQ0FCWnoi2EIXAAAs-"},"content":"From: Zhengchuan Liang <zcliangcn@gmail.com>\n\nHash resize rebuilds the table by copying live elements into a new\ntable, while comment data is stored outside of the element body.\n\nRecreate the comment extension for resized entries so the new table\ndoes not share comment storage with the retired table. Once resize\ngives each table its own comment data again, the old table can return\nto destroying its extensions in the normal teardown paths.\n\nThis keeps comment lifetime and accounting consistent across resize\nand the follow-up gc, dump, add, del and flush paths.\n\nFixes: f66ee0410b1c (\"netfilter: ipset: Fix \"INFO: rcu detected stall in hash_xxx\" reports\")\nCc: stable@kernel.org\nReported-by: Yuan Tan <yuantan098@gmail.com>\nReported-by: Yifan Wu <yifanwucs@gmail.com>\nReported-by: Juefei Pu <tomapufckgml@gmail.com>\nReported-by: Xin Liu <bird@lzu.edu.cn>\nSigned-off-by: Zhengchuan Liang <zcliangcn@gmail.com>\nSigned-off-by: Ren Wei <n05ec@lzu.edu.cn>\n---\n include/linux/netfilter/ipset/ip_set.h |  1 +\n net/netfilter/ipset/ip_set_core.c      | 36 ++++++++++++++++++++++++++\n net/netfilter/ipset/ip_set_hash_gen.h  | 15 ++++++-----\n 3 files changed, 46 insertions(+), 6 deletions(-)","diff":"diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h\nindex b98331572ad2..c3620899744c 100644\n--- a/include/linux/netfilter/ipset/ip_set.h\n+++ b/include/linux/netfilter/ipset/ip_set.h\n@@ -336,6 +336,7 @@ extern size_t ip_set_elem_len(struct ip_set *set, struct nlattr *tb[],\n \t\t\t      size_t len, size_t align);\n extern int ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[],\n \t\t\t\t struct ip_set_ext *ext);\n+extern int ip_set_ext_copy(struct ip_set *set, void *dst, const void *src);\n extern int ip_set_put_extensions(struct sk_buff *skb, const struct ip_set *set,\n \t\t\t\t const void *e, bool active);\n extern bool ip_set_match_extensions(struct ip_set *set,\ndiff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c\nindex c5a26236a0bb..0f5994ffec96 100644\n--- a/net/netfilter/ipset/ip_set_core.c\n+++ b/net/netfilter/ipset/ip_set_core.c\n@@ -367,6 +367,42 @@ ip_set_init_comment(struct ip_set *set, struct ip_set_comment *comment,\n }\n EXPORT_SYMBOL_GPL(ip_set_init_comment);\n \n+static int\n+ip_set_copy_comment(struct ip_set *set, struct ip_set_comment *dst,\n+\t\t    const struct ip_set_comment *src)\n+{\n+\tstruct ip_set_comment_rcu *c, *newc;\n+\tsize_t len;\n+\n+\tRCU_INIT_POINTER(dst->c, NULL);\n+\n+\tc = rcu_dereference_bh(src->c);\n+\tif (!c)\n+\t\treturn 0;\n+\n+\tlen = strlen(c->str);\n+\tnewc = kmalloc(sizeof(*newc) + len + 1, GFP_ATOMIC);\n+\tif (unlikely(!newc))\n+\t\treturn -ENOMEM;\n+\n+\tmemcpy(newc->str, c->str, len + 1);\n+\tset->ext_size += sizeof(*newc) + len + 1;\n+\trcu_assign_pointer(dst->c, newc);\n+\n+\treturn 0;\n+}\n+\n+int\n+ip_set_ext_copy(struct ip_set *set, void *dst, const void *src)\n+{\n+\tif (SET_WITH_COMMENT(set))\n+\t\treturn ip_set_copy_comment(set, ext_comment(dst, set),\n+\t\t\t\t\t   ext_comment(src, set));\n+\n+\treturn 0;\n+}\n+EXPORT_SYMBOL_GPL(ip_set_ext_copy);\n+\n /* Used only when dumping a set, protected by rcu_read_lock() */\n static int\n ip_set_put_comment(struct sk_buff *skb, const struct ip_set_comment *comment)\ndiff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h\nindex b79e5dd2af03..b937a478f5ac 100644\n--- a/net/netfilter/ipset/ip_set_hash_gen.h\n+++ b/net/netfilter/ipset/ip_set_hash_gen.h\n@@ -584,7 +584,7 @@ mtype_gc(struct work_struct *work)\n \n \tif (atomic_dec_and_test(&t->uref) && atomic_read(&t->ref)) {\n \t\tpr_debug(\"Table destroy after resize by expire: %p\\n\", t);\n-\t\tmtype_ahash_destroy(set, t, false);\n+\t\tmtype_ahash_destroy(set, t, true);\n \t}\n \n \tqueue_delayed_work(system_power_efficient_wq, &gc->dwork, next_run);\n@@ -743,6 +743,9 @@ mtype_resize(struct ip_set *set, bool retried)\n \t\t\t\t}\n \t\t\t\td = ahash_data(m, m->pos, dsize);\n \t\t\t\tmemcpy(d, data, dsize);\n+\t\t\t\tret = ip_set_ext_copy(set, d, data);\n+\t\t\t\tif (ret < 0)\n+\t\t\t\t\tgoto cleanup;\n \t\t\t\tset_bit(m->pos++, m->used);\n \t\t\t\tt->hregion[nr].elements++;\n #ifdef IP_SET_HASH_WITH_NETS\n@@ -778,7 +781,7 @@ mtype_resize(struct ip_set *set, bool retried)\n \t/* If there's nobody else using the table, destroy it */\n \tif (atomic_dec_and_test(&orig->uref)) {\n \t\tpr_debug(\"Table destroy by resize %p\\n\", orig);\n-\t\tmtype_ahash_destroy(set, orig, false);\n+\t\tmtype_ahash_destroy(set, orig, true);\n \t}\n \n out:\n@@ -791,7 +794,7 @@ mtype_resize(struct ip_set *set, bool retried)\n \trcu_read_unlock_bh();\n \tatomic_set(&orig->ref, 0);\n \tatomic_dec(&orig->uref);\n-\tmtype_ahash_destroy(set, t, false);\n+\tmtype_ahash_destroy(set, t, true);\n \tif (ret == -EAGAIN)\n \t\tgoto retry;\n \tgoto out;\n@@ -1023,7 +1026,7 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n out:\n \tif (atomic_dec_and_test(&t->uref) && atomic_read(&t->ref)) {\n \t\tpr_debug(\"Table destroy after resize by add: %p\\n\", t);\n-\t\tmtype_ahash_destroy(set, t, false);\n+\t\tmtype_ahash_destroy(set, t, true);\n \t}\n \treturn ret;\n }\n@@ -1135,7 +1138,7 @@ mtype_del(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n \t}\n \tif (atomic_dec_and_test(&t->uref) && atomic_read(&t->ref)) {\n \t\tpr_debug(\"Table destroy after resize by del: %p\\n\", t);\n-\t\tmtype_ahash_destroy(set, t, false);\n+\t\tmtype_ahash_destroy(set, t, true);\n \t}\n \treturn ret;\n }\n@@ -1341,7 +1344,7 @@ mtype_uref(struct ip_set *set, struct netlink_callback *cb, bool start)\n \t\tif (atomic_dec_and_test(&t->uref) && atomic_read(&t->ref)) {\n \t\t\tpr_debug(\"Table destroy after resize \"\n \t\t\t\t \" by dump: %p\\n\", t);\n-\t\t\tmtype_ahash_destroy(set, t, false);\n+\t\t\tmtype_ahash_destroy(set, t, true);\n \t\t}\n \t\tcb->args[IPSET_CB_PRIVATE] = 0;\n \t}\n","prefixes":["nf","1/1"]}