--- /dev/null
+From 30c1d25b9870d551be42535067d5481668b5e6f3 Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Mon, 11 Aug 2025 12:26:10 +0200
+Subject: netfilter: nft_set_pipapo: fix null deref for empty set
+
+From: Florian Westphal <fw@strlen.de>
+
+commit 30c1d25b9870d551be42535067d5481668b5e6f3 upstream.
+
+Blamed commit broke the check for a null scratch map:
+ - if (unlikely(!m || !*raw_cpu_ptr(m->scratch)))
+ + if (unlikely(!raw_cpu_ptr(m->scratch)))
+
+This should have been "if (!*raw_ ...)".
+Use the pattern of the avx2 version which is more readable.
+
+This can only be reproduced if avx2 support isn't available.
+
+Fixes: d8d871a35ca9 ("netfilter: nft_set_pipapo: merge pipapo_get/lookup")
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nft_set_pipapo.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/net/netfilter/nft_set_pipapo.c
++++ b/net/netfilter/nft_set_pipapo.c
+@@ -426,10 +426,9 @@ static struct nft_pipapo_elem *pipapo_ge
+
+ local_bh_disable();
+
+- if (unlikely(!raw_cpu_ptr(m->scratch)))
+- goto out;
+-
+ scratch = *raw_cpu_ptr(m->scratch);
++ if (unlikely(!scratch))
++ goto out;
+
+ map_index = scratch->map_index;
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
