From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 16 Feb 2024 15:55:20 +0000 (+0100)
Subject: 6.1-stable patches
X-Git-Tag: v6.1.78~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=339b183bc3bf17dfc87a9d734860752c1133241f;p=thirdparty%2Fkernel%2Fstable-queue.git

6.1-stable patches

added patches:
	netfilter-nft_set_rbtree-skip-end-interval-element-from-gc.patch
---

diff --git a/queue-6.1/netfilter-nft_set_rbtree-skip-end-interval-element-from-gc.patch b/queue-6.1/netfilter-nft_set_rbtree-skip-end-interval-element-from-gc.patch
new file mode 100644
index 00000000000..d6c44257f8e
--- /dev/null
+++ b/queue-6.1/netfilter-nft_set_rbtree-skip-end-interval-element-from-gc.patch
@@ -0,0 +1,51 @@
+From 60c0c230c6f046da536d3df8b39a20b9a9fd6af0 Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Wed, 7 Feb 2024 18:49:51 +0100
+Subject: netfilter: nft_set_rbtree: skip end interval element from gc
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 60c0c230c6f046da536d3df8b39a20b9a9fd6af0 upstream.
+
+rbtree lazy gc on insert might collect an end interval element that has
+been just added in this transactions, skip end interval elements that
+are not yet active.
+
+Fixes: f718863aca46 ("netfilter: nft_set_rbtree: fix overlap expiration walk")
+Cc: stable@vger.kernel.org
+Reported-by: lonial con <kongln9170@gmail.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nft_set_rbtree.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/net/netfilter/nft_set_rbtree.c
++++ b/net/netfilter/nft_set_rbtree.c
+@@ -235,7 +235,7 @@ static void nft_rbtree_gc_remove(struct
+ 
+ static const struct nft_rbtree_elem *
+ nft_rbtree_gc_elem(const struct nft_set *__set, struct nft_rbtree *priv,
+-		   struct nft_rbtree_elem *rbe, u8 genmask)
++		   struct nft_rbtree_elem *rbe)
+ {
+ 	struct nft_set *set = (struct nft_set *)__set;
+ 	struct rb_node *prev = rb_prev(&rbe->node);
+@@ -254,7 +254,7 @@ nft_rbtree_gc_elem(const struct nft_set
+ 	while (prev) {
+ 		rbe_prev = rb_entry(prev, struct nft_rbtree_elem, node);
+ 		if (nft_rbtree_interval_end(rbe_prev) &&
+-		    nft_set_elem_active(&rbe_prev->ext, genmask))
++		    nft_set_elem_active(&rbe_prev->ext, NFT_GENMASK_ANY))
+ 			break;
+ 
+ 		prev = rb_prev(prev);
+@@ -365,7 +365,7 @@ static int __nft_rbtree_insert(const str
+ 		    nft_set_elem_active(&rbe->ext, cur_genmask)) {
+ 			const struct nft_rbtree_elem *removed_end;
+ 
+-			removed_end = nft_rbtree_gc_elem(set, priv, rbe, genmask);
++			removed_end = nft_rbtree_gc_elem(set, priv, rbe);
+ 			if (IS_ERR(removed_end))
+ 				return PTR_ERR(removed_end);
+ 
diff --git a/queue-6.1/series b/queue-6.1/series
index 56073941e4a..c40e98be681 100644
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -63,3 +63,4 @@ clocksource-skip-watchdog-check-for-large-watchdog-intervals.patch
 net-stmmac-xgmac-use-define-for-string-constants.patch
 alsa-usb-audio-sort-quirk-table-entries.patch
 net-stmmac-xgmac-fix-a-typo-of-register-name-in-dpp-safety-handling.patch
+netfilter-nft_set_rbtree-skip-end-interval-element-from-gc.patch