git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Florian Westphal <fw@strlen.de>
	Wed, 10 Sep 2025 08:02:21 +0000 (10:02 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 19 Sep 2025 14:35:50 +0000 (16:35 +0200)
commit	4c34625f7deeede449f7aa58f6eec4623dd0406f
tree	6a3f442b1db6c6ee551be174ca22803aca7927f2	tree \| snapshot
parent	259c4e86d083a8a6921b25b82c6647f91a8fbf59	commit \| diff

netfilter: nf_tables: make nft_set_do_lookup available unconditionally

[ Upstream commit 11fe5a82e53ac3581a80c88e0e35fb8a80e15f48 ]

This function was added for retpoline mitigation and is replaced by a
static inline helper if mitigations are not enabled.

Enable this helper function unconditionally so next patch can add a lookup
restart mechanism to fix possible false negatives while transactions are
in progress.

Adding lookup restarts in nft_lookup_eval doesn't work as nft_objref would
then need the same copypaste loop.

This patch is separate to ease review of the actual bug fix.

Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Stable-dep-of: b2f742c846ca ("netfilter: nf_tables: restart set lookup on base_seq change")
Signed-off-by: Sasha Levin <sashal@kernel.org>

include/net/netfilter/nf_tables_core.h		diff \| blob \| blame \| history
net/netfilter/nft_lookup.c		diff \| blob \| blame \| history