This patch fixes a bug in patch 5/5 (netfilter: nft_dynset: dynamic stateful expression instantiation), we need to make sure the expr extension exists without using it to avoid a crash with normal set updates. If possible, please simply fold it into 5/5. Thanks! commit 6609a3aad8ad8c1e60a4b757d626aeb69fae8066 Author: Patrick McHardy <kaber@xxxxxxxxx> Date: Sun Apr 12 21:24:31 2015 +0100 netfilter: nft_dynset: make sure expr extension exists before using it Fix a crash when using dynset without an expression. Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx> diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c index 311e21c..513a8ef 100644 --- a/net/netfilter/nft_dynset.c +++ b/net/netfilter/nft_dynset.c @@ -68,7 +68,9 @@ static void nft_dynset_eval(const struct nft_expr *expr, if (set->ops->update(set, ®s->data[priv->sreg_key], nft_dynset_new, expr, regs, &ext)) { - sexpr = nft_set_ext_expr(ext); + sexpr = NULL; + if (nft_set_ext_exists(ext, NFT_SET_EXT_EXPR)) + sexpr = nft_set_ext_expr(ext); if (priv->op == NFT_DYNSET_OP_UPDATE && nft_set_ext_exists(ext, NFT_SET_EXT_EXPIRATION)) { -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html