Hi Sasha,
This commit requires:
commit 14fb07130c7ddd257e30079b87499b3f89097b09
Author: Florian Westphal <fw@xxxxxxxxx>
Date: Tue Aug 20 11:56:13 2024 +0200
netfilter: nf_tables: allow loads only when register is initialized
so either drop it or pull-in this dependency for 6.11
Thanks.
On Wed, Sep 25, 2024 at 07:24:30AM -0400, Sasha Levin wrote:
> From: Florian Westphal <fw@xxxxxxxxx>
>
> [ Upstream commit c88baabf16d1ef74ab8832de9761226406af5507 ]
>
> revert commit 4c905f6740a3 ("netfilter: nf_tables: initialize registers in
> nft_do_chain()").
>
> Previous patch makes sure that loads from uninitialized registers are
> detected from the control plane. in this case rule blob auto-zeroes
> registers. Thus the explicit zeroing is not needed anymore.
>
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
> ---
> net/netfilter/nf_tables_core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
> index a48d5f0e2f3e1..75598520b0fa0 100644
> --- a/net/netfilter/nf_tables_core.c
> +++ b/net/netfilter/nf_tables_core.c
> @@ -256,7 +256,7 @@ nft_do_chain(struct nft_pktinfo *pkt, void *priv)
> const struct net *net = nft_net(pkt);
> const struct nft_expr *expr, *last;
> const struct nft_rule_dp *rule;
> - struct nft_regs regs = {};
> + struct nft_regs regs;
> unsigned int stackptr = 0;
> struct nft_jumpstack jumpstack[NFT_JUMP_STACK_SIZE];
> bool genbit = READ_ONCE(net->nft.gencursor);
> --
> 2.43.0
>
