Re: [PATCH net 1/8] netfilter: revalidate bridge ports

From: patchwork-bot+netdevbpf@kernel.org
Date: 2026-06-11 10:40:17
Also in: netfilter-devel

Hello:

This series was applied to netdev/net.git (main)
by Pablo Neira Ayuso [off-list ref]:

On Wed, 10 Jun 2026 18:16:21 +0200 you wrote:

From: Florian Westphal <fw@strlen.de>

ebt_redirect_tg() dereferences br_port_get_rcu() return without a
NULL check, causing a kernel panic when the bridge port has been
removed between the original hook invocation and an NFQUEUE
reinject.

[...]

Here is the summary with links:
  - [net,1/8] netfilter: revalidate bridge ports
    https://git.kernel.org/netdev/net/c/ccb9fd4b8753
  - [net,2/8] netfilter: nf_tables_offload: drop device refcount on error
    https://git.kernel.org/netdev/net/c/efc542561729
  - [net,3/8] netfilter: nf_conntrack: destroy stale expectfn expectations on unregister
    https://git.kernel.org/netdev/net/c/c3009418f9fa
  - [net,4/8] netfilter: x_tables: avoid leaking percpu counter pointers
    https://git.kernel.org/netdev/net/c/f7f2fbb0e893
  - [net,5/8] netfilter: nf_log: validate MAC header was set before dumping it
    https://git.kernel.org/netdev/net/c/a84b6fedbc97
  - [net,6/8] netfilter: nft_exthdr: fix register tracking for F_PRESENT flag
    https://git.kernel.org/netdev/net/c/772cecf198da
  - [net,7/8] netfilter: nft_fib: fix stale stack leak via the OIFNAME register
    https://git.kernel.org/netdev/net/c/ab185e0c4fb8
  - [net,8/8] netfilter: nft_meta_bridge: fix stale stack leak via IIFHWADDR register
    https://git.kernel.org/netdev/net/c/c7d573551f92

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help