[PATCH -stable,6.5 0/5] Netfilter stable fixes for 6.5

Hi Greg, Sasha,

The following list shows patches that you can cherry-pick to -stable 6.5. I am using original commit IDs for reference:

1) 7ab9d0827af8 ("netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention")

2) 4e5f5b47d8de ("netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC")

3) 1d16d80d4230 ("netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails")

4) 7606622f20da ("netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration")

5) 44a76f08f7ca ("netfilter: nf_tables: fix memleak when more than 255 elements expired")

Please, apply.

Thanks.

Florian Westphal (1): netfilter: nf_tables: fix memleak when more than 255 elements expired

Pablo Neira Ayuso (4): netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration

include/net/netfilter/nf_tables.h | 7 ++++--- net/netfilter/nf_tables_api.c | 32 ++++++++++++++++++++++++++----- net/netfilter/nft_set_hash.c | 11 ++++------- net/netfilter/nft_set_pipapo.c | 4 ++-- net/netfilter/nft_set_rbtree.c | 8 +++----- 5 files changed, 40 insertions(+), 22 deletions(-)