{"id":2227439,"url":"http://patchwork.ozlabs.org/api/patches/2227439/?format=json","web_url":"http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/20260423181144.3513587-2-tim.whisonant@canonical.com/","project":{"id":15,"url":"http://patchwork.ozlabs.org/api/projects/15/?format=json","name":"Ubuntu Kernel","link_name":"ubuntu-kernel","list_id":"kernel-team.lists.ubuntu.com","list_email":"kernel-team@lists.ubuntu.com","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260423181144.3513587-2-tim.whisonant@canonical.com>","list_archive_url":null,"date":"2026-04-23T18:11:41","name":"[SRU,J,1/1] netfilter: nf_tables: always walk all pending catchall elements","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"679c54ff6825cedf83eec4795972aded27d21978","submitter":{"id":89903,"url":"http://patchwork.ozlabs.org/api/people/89903/?format=json","name":"Tim Whisonant","email":"tim.whisonant@canonical.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/20260423181144.3513587-2-tim.whisonant@canonical.com/mbox/","series":[{"id":501231,"url":"http://patchwork.ozlabs.org/api/series/501231/?format=json","web_url":"http://patchwork.ozlabs.org/project/ubuntu-kernel/list/?series=501231","date":"2026-04-23T18:11:40","name":"[SRU,J,1/1] netfilter: nf_tables: always walk all pending catchall elements","version":1,"mbox":"http://patchwork.ozlabs.org/series/501231/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2227439/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2227439/checks/","tags":{},"related":[],"headers":{"Return-Path":"<kernel-team-bounces@lists.ubuntu.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (4096-bit key;\n unprotected) header.d=canonical.com header.i=@canonical.com\n header.a=rsa-sha256 header.s=20251003 header.b=U3a89kCE;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g1kh33qGRz1yGs\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 24 Apr 2026 04:12:02 +1000 (AEST)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1wFyWr-0005lj-FW; Thu, 23 Apr 2026 18:11:57 +0000","from smtp-relay-internal-0.internal ([10.131.114.225]\n helo=smtp-relay-internal-0.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from <tim.whisonant@canonical.com>)\n id 1wFyWp-0005k4-7C\n for kernel-team@lists.ubuntu.com; Thu, 23 Apr 2026 18:11:55 +0000","from mail-ot1-f71.google.com (mail-ot1-f71.google.com\n [209.85.210.71])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 1BCAA3FEB7\n for <kernel-team@lists.ubuntu.com>; Thu, 23 Apr 2026 18:11:55 +0000 (UTC)","by mail-ot1-f71.google.com with SMTP id\n 46e09a7af769-7dbd1866b66so16682184a34.1\n for <kernel-team@lists.ubuntu.com>; Thu, 23 Apr 2026 11:11:55 -0700 (PDT)","from localhost (104-6-108-11.lightspeed.frokca.sbcglobal.net.\n [104.6.108.11]) by smtp.gmail.com with ESMTPSA id\n 46e09a7af769-7dcd5408b5asm8014858a34.11.2026.04.23.11.11.51\n for <kernel-team@lists.ubuntu.com>\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Thu, 23 Apr 2026 11:11:52 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;\n s=20251003; t=1776967915;\n bh=xYmwWD6DuUSLka3W86vGru+EP7KqzL5Uo1hJSUMfFqk=;\n h=From:To:Subject:Date:Message-ID:In-Reply-To:References:\n MIME-Version;\n b=U3a89kCE4DDx2kEptjr/ckpAfSMcvhZR6eiJznoJRiERqssl4l6ENsAA/Vc7iMjld\n f5j1phiShC/VqZ/Ef5MYoX2O893eS3M+sD/I6qulO/1QVsjVnSifFEdL14vZJ09Ryv\n N5EzQQ3TbajD/U9LxlawkUf00b448OO6jYQTzJbX+sF9dguo73rSLu3KA3IublpAJv\n XOve5Kh1aUr/VZ9QQTlc1JcRmocwqpu3/PveAabx6AonSnoCjENlvgSDAQUjlZCui2\n yvJA4/OjVF0FyJ4KT5MTlikokn6xgZqy2xqKRBfJbtmw3QpIWXmtOGP+40bxIN5wOZ\n h1BWDveFQG+leDrNh7WYOUskRqgHoXVOP8PxDwT73o1Bd9Kc5mv7aof5hFwiHp+Nrx\n X43ZHKlmt2VQOh+9z12bc2ESlo9tpjJYvFH6LcQom05X736fCR8sTCqsXpDML7mFfT\n 0m6l/r2lKKg0I5/enmCJ9BlrbPIgYaugSOq5HgGlO6nIWrMczkSCBMqaMrR309Hyyn\n qq/9gn9ZFRGmx5COLi5zmfDCF2a1ikrv2UbbIy7NTgaS779Q2O/BlpBoSTNfDPpZzL\n 8Kc2BQkdMb05EDBBfcCYaww5/RXeFvOzNypbz/v287RpSVLBTsm1wl5l4N5xtpO0R7\n IFHQKFMDMLTbe19qzQ67qV0o=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776967913; x=1777572713;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to\n :cc:subject:date:message-id:reply-to;\n bh=xYmwWD6DuUSLka3W86vGru+EP7KqzL5Uo1hJSUMfFqk=;\n b=f/snoq0K0uTg+JZZ/Io3nLx0Mf7eJVwg4n6hnEH/yLkly5RUc25QOxaYrb/WIH3Lq6\n xN8bBUHerspjtsx81cx5KW2KzyrxLN8XEhW4/txgLe9GO9xtjJd8+I4daU6PxEa2Gcoz\n sfuLe2unPOa/6tyFLGt8wE6Tbs2CRiQFPaZyyln8YLQK6/hnd5PWLXG14JvX65MYgoiH\n urGCzog93savfahgmg7/GhIjVRlYtG37sI4jObRcctuUv2pUTbOQanhLsTphG+UZyXEy\n OgQnT4crsvWAsatWyhlfXI8A2xLp1f8DXd5gx48vvJSPN4q5KVpF56dn04pIn+N0kBzV\n lupg==","X-Gm-Message-State":"AOJu0YyKfvFVxDpyLlpOfvEpeGmR/Df0idLP/eMGCFNZpjt6nKL4fYh0\n 5LVqRdUztI3WUBPX56+DeQlgk/hP8vmeZRcbPvL3LlJ+pXXpMfJI3BCL26ZY1bIUg96u+amMNPM\n YyL9pmVxgxU09hWBCny0MC7701LLrO6mkwxDfxMrBYXDbqbgIAWzYeyoGbQaJCmNI5L6sE2hyG2\n rceAjJcHHrVKvSOQ==","X-Gm-Gg":"AeBDiesOvHpiTaKxVC7NNn1RTZfwBGS9rZjPCLXozvnU2UL47+WZgd2iIotlgyIfSM/\n lnUvn9WOJk7FFU6JNlvR15vFHxSSP/MaQEaOqYRbmRzRhWOk02CEbnxf00uSZyCTLcoGBoQJy+p\n zMS1NavUsecgsVHo4c6yzn3gGyuVoe4bDN5BsYgOrzCLDpSOs43ihKpbJaQj7LZWU5rhAW7T/RY\n SSgNWbrsLyu/EnRIM8SGkOFAafpCWmkRWtahCHRPesFFoV92Fwquw4WQ04yxN/WVAiwjh8yMbF7\n vp4sw+i5yeuEqc/LE3jmeTGOpPNp8MqPPfDy4JiR7Cc36NZjhkMnyLViqgUd2jqLgXsqpChNgdn\n cs4cR+eXT7WxZIKG9Mnq6OsGu9Xz884Y6hROZRmHdw9QCF1FCkzrhuVbsgb75mpjQmmQvjKEAbG\n 3iQIRle/MMuRT3","X-Received":["by 2002:a05:6830:2b08:b0:7d9:71fa:3079 with SMTP id\n 46e09a7af769-7dc950ea563mr17283560a34.10.1776967912980;\n Thu, 23 Apr 2026 11:11:52 -0700 (PDT)","by 2002:a05:6830:2b08:b0:7d9:71fa:3079 with SMTP id\n 46e09a7af769-7dc950ea563mr17283541a34.10.1776967912642;\n Thu, 23 Apr 2026 11:11:52 -0700 (PDT)"],"From":"Tim Whisonant <tim.whisonant@canonical.com>","To":"kernel-team@lists.ubuntu.com","Subject":"[SRU][J][PATCH 1/1] netfilter: nf_tables: always walk all pending\n catchall elements","Date":"Thu, 23 Apr 2026 11:11:41 -0700","Message-ID":"<20260423181144.3513587-2-tim.whisonant@canonical.com>","X-Mailer":"git-send-email 2.43.0","In-Reply-To":"<20260423181144.3513587-1-tim.whisonant@canonical.com>","References":"<20260423181144.3513587-1-tim.whisonant@canonical.com>","MIME-Version":"1.0","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions <kernel-team.lists.ubuntu.com>","List-Unsubscribe":"<https://lists.ubuntu.com/mailman/options/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>","List-Archive":"<https://lists.ubuntu.com/archives/kernel-team>","List-Post":"<mailto:kernel-team@lists.ubuntu.com>","List-Help":"<mailto:kernel-team-request@lists.ubuntu.com?subject=help>","List-Subscribe":"<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"},"content":"From: Florian Westphal <fw@strlen.de>\n\nDuring transaction processing we might have more than one catchall element:\n1 live catchall element and 1 pending element that is coming as part of the\nnew batch.\n\nIf the map holding the catchall elements is also going away, its\nrequired to toggle all catchall elements and not just the first viable\ncandidate.\n\nOtherwise, we get:\n WARNING: ./include/net/netfilter/nf_tables.h:1281 at nft_data_release+0xb7/0xe0 [nf_tables], CPU#2: nft/1404\n RIP: 0010:nft_data_release+0xb7/0xe0 [nf_tables]\n [..]\n __nft_set_elem_destroy+0x106/0x380 [nf_tables]\n nf_tables_abort_release+0x348/0x8d0 [nf_tables]\n nf_tables_abort+0xcf2/0x3ac0 [nf_tables]\n nfnetlink_rcv_batch+0x9c9/0x20e0 [..]\n\nFixes: 628bd3e49cba (\"netfilter: nf_tables: drop map element references from preparation phase\")\nReported-by: Yiming Qian <yimingqian591@gmail.com>\nSigned-off-by: Florian Westphal <fw@strlen.de>\n(backported from commit 7cb9a23d7ae40a702577d3d8bacb7026f04ac2a9)\n[tswhison: context adjustment due to missing commit\n0e1ea651c97 (\"netfilter: nf_tables: shrink memory consumption of set elements\")]\nCVE-2026-23278\nSigned-off-by: Tim Whisonant <tim.whisonant@canonical.com>\n---\n net/netfilter/nf_tables_api.c | 2 --\n 1 file changed, 2 deletions(-)","diff":"diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c\nindex 49fc22db42d62..69b44106c6c5a 100644\n--- a/net/netfilter/nf_tables_api.c\n+++ b/net/netfilter/nf_tables_api.c\n@@ -627,7 +627,6 @@ static void nft_map_catchall_deactivate(const struct nft_ctx *ctx,\n \t\telem.priv = catchall->elem;\n \t\tnft_set_elem_change_active(ctx->net, set, ext);\n \t\tnft_setelem_data_deactivate(ctx->net, set, &elem);\n-\t\tbreak;\n \t}\n }\n \n@@ -5171,7 +5170,6 @@ static void nft_map_catchall_activate(const struct nft_ctx *ctx,\n \t\tnft_clear(ctx->net, ext);\n \t\telem.priv = catchall->elem;\n \t\tnft_setelem_data_activate(ctx->net, set, &elem);\n-\t\tbreak;\n \t}\n }\n \n","prefixes":["SRU","J","1/1"]}