Commit 4c34625f authored Sep 10, 2025 by Florian Westphal Committed by Greg Kroah-Hartman Sep 19, 2025

netfilter: nf_tables: make nft_set_do_lookup available unconditionally



[ Upstream commit 11fe5a82 ]

This function was added for retpoline mitigation and is replaced by a
static inline helper if mitigations are not enabled.

Enable this helper function unconditionally so next patch can add a lookup
restart mechanism to fix possible false negatives while transactions are
in progress.

Adding lookup restarts in nft_lookup_eval doesn't work as nft_objref would
then need the same copypaste loop.

This patch is separate to ease review of the actual bug fix.

Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Stable-dep-of: b2f742c8 ("netfilter: nf_tables: restart set lookup on base_seq change")
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 259c4e86

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit a34fd739
· Nov 05, 2025

mentioned in commit a34fd739

mentioned in commit a34fd73937bb6e8b14551acc04bec53239d354f7

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit bdc81b76
· Nov 05, 2025

mentioned in commit bdc81b76

mentioned in commit bdc81b76cc3e91b2a805bff546c72244ef2504fd

Toggle commit list

Please to comment