Hi Pablo, Please apply the next patch against your nf tree so that it'll get applied to older stable branches too. - Kyle Zeng reported that there is a race between IPSET_CMD_ADD and IPSET_CMD_SWAP: when the schedule point was added to call_ad(), the wrong reference counter was used. For long taking operations initiated from userspace the ref_netlink reference counter must be used to exclude concurrent clashing operations. Best regards, Jozsef The following changes since commit 7153a404fb70d21097af3169354e1e5fda3fbb02: Merge tag 'nf-23-09-06' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf (2023-09-07 11:47:15 +0200) are available in the Git repository at: git://blackhole.kfki.hu/nf 5adf434ae86e34a0c for you to fetch changes up to 5adf434ae86e34a0cff2fd0aa737dab16d7f4812: netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP (2023-09-19 12:34:45 +0200) ---------------------------------------------------------------- Jozsef Kadlecsik (1): netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP net/netfilter/ipset/ip_set_core.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-)
