)]}'
{
  "commit": "bd0bc52873451a03da2b184ae661c933b45a34e1",
  "tree": "15e4f991185967a2fb0eb9a9bd3f9e1448f1f5d7",
  "parents": [
    "e1d779f9a514b8e89a4661da858601d143841c0c"
  ],
  "author": {
    "name": "Pablo Neira Ayuso",
    "email": "pablo@netfilter.org",
    "time": "Tue Mar 17 20:00:26 2026 +0100"
  },
  "committer": {
    "name": "Chenglong Tang",
    "email": "chenglongtang@google.com",
    "time": "Wed Apr 15 22:10:40 2026 -0700"
  },
  "message": "netfilter: nf_tables: release flowtable after rcu grace period on error\n\n[ Upstream commit d73f4b53aaaea4c95f245e491aa5eeb8a21874ce ]\n\nCall synchronize_rcu() after unregistering the hooks from error path,\nsince a hook that already refers to this flowtable can be already\nregistered, exposing this flowtable to packet path and nfnetlink_hook\ncontrol plane.\n\nThis error path is rare, it should only happen by reaching the maximum\nnumber hooks or by failing to set up to hardware offload, just call\nsynchronize_rcu().\n\nThere is a check for already used device hooks by different flowtable\nthat could result in EEXIST at this late stage. The hook parser can be\nupdated to perform this check earlier to this error path really becomes\nrarely exercised.\n\nUncovered by KASAN reported as use-after-free from nfnetlink_hook path\nwhen dumping hooks.\n\nBUG\u003db/500321842\nTEST\u003dpresubmit\nRELEASE_NOTE\u003dFixed KCTF-7e3955b in the Linux kernel.\n\nFixes: 3b49e2e94e6e (\"netfilter: nf_tables: add flow table netlink frontend\")\nReported-by: Yiming Qian \u003cyimingqian591@gmail.com\u003e\nChange-Id: Ie828d439c7a56b916c762820ac98e9d1685af437\nSigned-off-by: Pablo Neira Ayuso \u003cpablo@netfilter.org\u003e\nSigned-off-by: Florian Westphal \u003cfw@strlen.de\u003e\nReviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/144543\nReviewed-by: Kevin Berry \u003ckpberry@google.com\u003e\nTested-by: Cusky Presubmit Bot \u003cpresubmit@cos-infra-prod.iam.gserviceaccount.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "268d00ffee0cb3aec7af5943c6e888250efa63c4",
      "old_mode": 33188,
      "old_path": "net/netfilter/nf_tables_api.c",
      "new_id": "4c88804080029ca90b9dde0e4b03a6a502fe3a68",
      "new_mode": 33188,
      "new_path": "net/netfilter/nf_tables_api.c"
    }
  ]
}