From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 3 Jan 2024 10:29:05 +0000 (+0100)
Subject: 6.6-stable patches
X-Git-Tag: v5.10.206~17
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=47c8210d0ce3ce06a26a8867d2b65ed1f021cf26;p=thirdparty%2Fkernel%2Fstable-queue.git

6.6-stable patches

added patches:
	netfilter-nf_tables-skip-set-commit-for-deleted-destroyed-sets.patch
---

diff --git a/queue-6.6/netfilter-nf_tables-skip-set-commit-for-deleted-destroyed-sets.patch b/queue-6.6/netfilter-nf_tables-skip-set-commit-for-deleted-destroyed-sets.patch
new file mode 100644
index 00000000000..2a745fd79b5
--- /dev/null
+++ b/queue-6.6/netfilter-nf_tables-skip-set-commit-for-deleted-destroyed-sets.patch
@@ -0,0 +1,33 @@
+From 7315dc1e122c85ffdfc8defffbb8f8b616c2eb1a Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Tue, 19 Dec 2023 19:44:49 +0100
+Subject: netfilter: nf_tables: skip set commit for deleted/destroyed sets
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 7315dc1e122c85ffdfc8defffbb8f8b616c2eb1a upstream.
+
+NFT_MSG_DELSET deactivates all elements in the set, skip
+set->ops->commit() to avoid the unnecessary clone (for the pipapo case)
+as well as the sync GC cycle, which could deactivate again expired
+elements in such set.
+
+Fixes: 5f68718b34a5 ("netfilter: nf_tables: GC transaction API to avoid race with control plane")
+Reported-by: Kevin Rich <kevinrich1337@gmail.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nf_tables_api.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -9849,7 +9849,7 @@ static void nft_set_commit_update(struct
+ 	list_for_each_entry_safe(set, next, set_update_list, pending_update) {
+ 		list_del_init(&set->pending_update);
+ 
+-		if (!set->ops->commit)
++		if (!set->ops->commit || set->dead)
+ 			continue;
+ 
+ 		set->ops->commit(set);
diff --git a/queue-6.6/series b/queue-6.6/series
index fce2f08781d..3855305dd88 100644
--- a/queue-6.6/series
+++ b/queue-6.6/series
@@ -46,3 +46,4 @@ ftrace-fix-modification-of-direct_function-hash-while-in-use.patch
 tracing-fix-blocked-reader-of-snapshot-buffer.patch
 wifi-cfg80211-fix-cqm-for-non-range-use.patch
 wifi-nl80211-fix-deadlock-in-nl80211_set_cqm_rssi-6.6.x.patch
+netfilter-nf_tables-skip-set-commit-for-deleted-destroyed-sets.patch