From: Greg Kroah-Hartman Date: Fri, 27 Feb 2026 20:20:28 +0000 (-0500) Subject: 6.19-stable patches X-Git-Tag: v6.18.15~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=545a76645c1698f80fbcacd1d078d3e4f32d6f50;p=thirdparty%2Fkernel%2Fstable-queue.git 6.19-stable patches added patches: netfilter-nf_tables-add-.abort_skip_removal-flag-for-set-types.patch series --- diff --git a/queue-6.19/netfilter-nf_tables-add-.abort_skip_removal-flag-for-set-types.patch b/queue-6.19/netfilter-nf_tables-add-.abort_skip_removal-flag-for-set-types.patch new file mode 100644 index 0000000000..c35d3a43ed --- /dev/null +++ b/queue-6.19/netfilter-nf_tables-add-.abort_skip_removal-flag-for-set-types.patch @@ -0,0 +1,78 @@ +From f175b46d9134f708358b5404730c6dfa200fbf3c Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso +Date: Wed, 21 Jan 2026 01:08:44 +0100 +Subject: netfilter: nf_tables: add .abort_skip_removal flag for set types + +From: Pablo Neira Ayuso + +commit f175b46d9134f708358b5404730c6dfa200fbf3c upstream. + +The pipapo set backend is the only user of the .abort interface so far. +To speed up pipapo abort path, removals are skipped. + +The follow up patch updates the rbtree to use to build an array of +ordered elements, then use binary search. This needs a new .abort +interface but, unlike pipapo, it also need to undo/remove elements. + +Add a flag and use it from the pipapo set backend. + +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Florian Westphal +Cc: "Kris Karas (Bug Reporting)" +Cc: Genes Lists +Cc: Philip Müller +Signed-off-by: Greg Kroah-Hartman +--- + include/net/netfilter/nf_tables.h | 2 ++ + net/netfilter/nf_tables_api.c | 3 ++- + net/netfilter/nft_set_pipapo.c | 2 ++ + 3 files changed, 6 insertions(+), 1 deletion(-) + +--- a/include/net/netfilter/nf_tables.h ++++ b/include/net/netfilter/nf_tables.h +@@ -456,6 +456,7 @@ struct nft_set_ext; + * @init: initialize private data of new set instance + * @destroy: destroy private data of set instance + * @gc_init: initialize garbage collection ++ * @abort_skip_removal: skip removal of elements from abort path + * @elemsize: element private size + * + * Operations lookup, update and delete have simpler interfaces, are faster +@@ -513,6 +514,7 @@ struct nft_set_ops { + const struct nft_set *set); + void (*gc_init)(const struct nft_set *set); + ++ bool abort_skip_removal; + unsigned int elemsize; + }; + +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -7702,7 +7702,8 @@ static bool nft_trans_elems_new_abort(co + continue; + } + +- if (!te->set->ops->abort || nft_setelem_is_catchall(te->set, te->elems[i].priv)) ++ if (!te->set->ops->abort_skip_removal || ++ nft_setelem_is_catchall(te->set, te->elems[i].priv)) + nft_setelem_remove(ctx->net, te->set, te->elems[i].priv); + + if (!nft_setelem_is_catchall(te->set, te->elems[i].priv)) +--- a/net/netfilter/nft_set_pipapo.c ++++ b/net/netfilter/nft_set_pipapo.c +@@ -2370,6 +2370,7 @@ const struct nft_set_type nft_set_pipapo + .gc_init = nft_pipapo_gc_init, + .commit = nft_pipapo_commit, + .abort = nft_pipapo_abort, ++ .abort_skip_removal = true, + .elemsize = offsetof(struct nft_pipapo_elem, ext), + }, + }; +@@ -2394,6 +2395,7 @@ const struct nft_set_type nft_set_pipapo + .gc_init = nft_pipapo_gc_init, + .commit = nft_pipapo_commit, + .abort = nft_pipapo_abort, ++ .abort_skip_removal = true, + .elemsize = offsetof(struct nft_pipapo_elem, ext), + }, + }; diff --git a/queue-6.19/series b/queue-6.19/series new file mode 100644 index 0000000000..a4899e2eed --- /dev/null +++ b/queue-6.19/series @@ -0,0 +1 @@ +netfilter-nf_tables-add-.abort_skip_removal-flag-for-set-types.patch