-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEjF9xRqF1emXiQiqU1w0aZmrPKyEFAmoIV2cACgkQ1w0aZmrP
KyGYYg//TAfAeQbuVfui3eZLCyKg/J9QyPpyoTMC2X+Waow4Ui+t+PJyez59tjT2
xtuNBI6PSwbEQj7oXU0Yz7J6f2e6wkSn6VtcSBe0ACOshVQ40tVWdtOh3RHOrtUI
tPf4HiZZayM6uLz2abWW7mIAWRt7uSAj6PTTe1X5E1GeIY+rnebjo/iNE912wHGs
HbeshARbiPXofo3D0TzEV90/Kc4Xx98Js4FeNUP7328pP2MdqErSbM96QVmgbqpQ
/eY2+wUSJeIJ1jfVQxhkBG0qJf1LRCXAYvmXD5adU3mq4v450DRzquzWwW5e5vuO
PHLvbyfaB49tmuitAlrAWmouY8LQ6IeOYegh50RAAzlRSy0/+tLRLI85ny1MH8IV
y30B4XCId9NL2A61J8P3jUcnjEpnKl8548Qnr2Ql2Mn3mKM3cXT2LI0uFobBNl+0
67oefbuhDiQbLVRahpUKKskeu/dpFVeiEzG4QNIjjXgcwc0LPZr20WUQdZORrSob
dq5oJ9rBK6phIR6JK5lfGMyE1Uy7TZp+K18YkyvGsAwNz/YSqMgqPpsE/2nsJxlL
1ifmcCdCr1zhU4jd+b3dUR7Bjob08dcE5/kXPWKr6Bir/74hisZoYrYQti09De0l
d2secQ5O7iTRvjD4z4vjQjgaIqN2OlcpWouxnljrTx18B82H7Ps=
=rsHV
-----END PGP SIGNATURE-----
Merge tag 'nf-26-05-16' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Pablo Neira Ayuso says:
====================
Netfilter/IPVS fixes for net
The following patchset contains Netfilter/IPVS fixes for net:
1) Fix small race windows in nf_ct_helper_log() when accessing helper,
from Florian Westphal.
2) Fix potential infinite loop and race conditions in IPVS caused by
frequent user-triggered service table changes, from Julia Anastasov.
3) Fix a race condition when dumping ipsets for restore,
from Jozsef Kadlecsik.
4) Fix inner transport offset in IPv6 in nft_inner when extension
headers come before the layer 4 transport header, from Yizhou Zhao.
5) Fix incorrect iteration over IPv4 ranges in several hash set types,
from Nan Li.
6) Fix incorrect order when restoring BH in nft_inner_restore_tun_ctx(),
from Florian Westphal.
7) Validate option array from ip6t_hbh checkpath() to fix an off-by-one
access, from Zhengchuan Liang.
8) Fix race condition between ipset list -terse and concurrent updates,
from Jozsef Kadlecisk.
9) Fix race condition when inserting elements into a hash bucket, also
from Jozsef.
10) Annotate access to first free slot in hashtable, from Jozsef Kadlecsik.
11) Ensure sufficient headroom in br_netfilter neigh transmission,
from Lorenzo Bianconi.
12) Hold reference on skb->dev in nfqueue exit path, bridge local input
is speciall since skb->dev != state->indev, allowing for net_device
to go away while packet is sitting in nfqueue. From Haoze Xie.
* tag 'nf-26-05-16' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
netfilter: nf_queue: hold bridge skb->dev while queued
netfilter: br_netfilter: Reallocate headroom if necessary in neigh_hh_bridge()
netfilter: ipset: annotate "pos" for concurrent readers/writers
netfilter: ipset: Fix data race between add and dump in all hash types
netfilter: ipset: Fix data race between add and list header in all hash types
netfilter: ip6t_hbh: reject oversized option lists
netfilter: nft_inner: release local_lock before re-enabling softirqs
netfilter: ipset: stop hash:* range iteration at end
netfilter: nft_inner: Fix IPv6 inner_thoff desync
netfilter: ipset: fix a potential dump-destroy race
ipvs: avoid possible loop in ip_vs_dst_event on resizing
netfilter: nf_conntrack_helper: fix possible null deref during error log
====================
Link: https://patch.msgid.link/20260516115627.967773-1-pablo@netfilter.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
317bbe5301