The following patchset contains Netfilter fixes for net: 1. Fix spurious -EEXIST error from userspace due to padding holes, this was broken since 4.9 days when 'ignore duplicate entries on insert' feature was added. 2. Fix a sched-while-atomic bug, present since 5.19. 3. Properly remove elements if they lack an "end range". nft userspace always sets an end range attribute, even when its the same as the start, but the abi doesn't have such a restriction. Always broken since it was added in 5.6, all three from myself. 4 + 5: Bound chain needs to be skipped in netns release and on rule flush paths, from Pablo Neira. The following changes since commit ac528649f7c63bc233cc0d33cff11f767cc666e3: Merge branch 'net-support-stp-on-bridge-in-non-root-netns' (2023-07-20 10:46:33 +0200) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-23-07-20 for you to fetch changes up to 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8: netfilter: nf_tables: skip bound chain on rule flush (2023-07-20 17:21:11 +0200) ---------------------------------------------------------------- netfilter pull request 2023-07-20 ---------------------------------------------------------------- Florian Westphal (3): netfilter: nf_tables: fix spurious set element insertion failure netfilter: nf_tables: can't schedule in nft_chain_validate netfilter: nft_set_pipapo: fix improper element removal Pablo Neira Ayuso (2): netfilter: nf_tables: skip bound chain in netns release path netfilter: nf_tables: skip bound chain on rule flush net/netfilter/nf_tables_api.c | 12 ++++++++++-- net/netfilter/nft_set_pipapo.c | 6 +++++- 2 files changed, 15 insertions(+), 3 deletions(-)
