Hi Greg,
On Wed, Jul 05, 2023 at 10:23:27PM +0200, Florian Westphal wrote:
Greg KH gregkh@linuxfoundation.org wrote:
On Wed, Jul 05, 2023 at 04:14:11PM +0200, Pablo Neira Ayuso wrote:
[ 3e70489721b6c870252c9082c496703677240f53 ]
Otherwise a dangling reference to a rule object that is gone remains in the set binding list.
Fixes: 26b5a5712eb8 ("netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain") Signed-off-by: Pablo Neira Ayuso pablo@netfilter.org
net/netfilter/nf_tables_api.c | 2 ++ 1 file changed, 2 insertions(+)
But what about kernels newer than 5.15? Surely this is also needed there as this only is going to first show up in 6.5-rc1, which hasn't been released yet.
Yes, do you need a backport? The commit cherry-picks cleanly to 6.1.y, 6.2.y and 6.3.y.
Yes, if possible please cherry-pick:
3e70489721b6 ("netfilter: nf_tables: unbind non-anonymous set if rule construction fails")
to: 6.1.y 6.2.y 6.3.y
Thanks.