--- /dev/null
+From 7315dc1e122c85ffdfc8defffbb8f8b616c2eb1a Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Tue, 19 Dec 2023 19:44:49 +0100
+Subject: netfilter: nf_tables: skip set commit for deleted/destroyed sets
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 7315dc1e122c85ffdfc8defffbb8f8b616c2eb1a upstream.
+
+NFT_MSG_DELSET deactivates all elements in the set, skip
+set->ops->commit() to avoid the unnecessary clone (for the pipapo case)
+as well as the sync GC cycle, which could deactivate again expired
+elements in such set.
+
+Fixes: 5f68718b34a5 ("netfilter: nf_tables: GC transaction API to avoid race with control plane")
+Reported-by: Kevin Rich <kevinrich1337@gmail.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nf_tables_api.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -9849,7 +9849,7 @@ static void nft_set_commit_update(struct
+ list_for_each_entry_safe(set, next, set_update_list, pending_update) {
+ list_del_init(&set->pending_update);
+
+- if (!set->ops->commit)
++ if (!set->ops->commit || set->dead)
+ continue;
+
+ set->ops->commit(set);
tracing-fix-blocked-reader-of-snapshot-buffer.patch
wifi-cfg80211-fix-cqm-for-non-range-use.patch
wifi-nl80211-fix-deadlock-in-nl80211_set_cqm_rssi-6.6.x.patch
+netfilter-nf_tables-skip-set-commit-for-deleted-destroyed-sets.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
