Re: [REGRESSION] 6.19.4 stable netfilter / nftables [resolved]
From: Florian Westphal
Date: Tue Mar 03 2026 - 13:45:14 EST
Jindrich Makovicka <makovick@xxxxxxxxx> wrote:
> > > commit 12b1681793e9b7552495290785a3570c539f409d
> > > Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> > > Date: Fri Feb 6 13:33:46 2026 +0100
> > >
> > > netfilter: nft_set_rbtree: validate open interval overlap
> > >
> > > Example set definition is here:
> > >
> > > https://bugzilla.kernel.org/show_bug.cgi?id=221158
> >
> > Does that problem happen with 7.0-rc2 as well? This is important to
> > know
> > to determine if this is a general problem or a backporting problem.
> >
>
> Yes, the same problem shows up with 7.0-rc2. I updated the bugzilla
> attachment to reproduce the bug just by feeding it to nft,
>
> # uname -a
> Linux holly 7.0.0-rc2 #25 SMP PREEMPT_DYNAMIC Tue Mar 3 18:17:21 CET
> 2026 x86_64 GNU/Linux
> # nft -f test-full.nft
> test-full.nft:1643:1-25: Error: Could not process rule: File exists
> 12.14.179.24-12.14.179.31,
> ^^^^^^^^^^^^^^^^^^^^^^^^^
Pablo, it looks like the is a discrepancy between the comment and the
code. Comment talks about 'open interval', but it checks that some
start interval was found instead of checking that the OPEN_INTERVAL
bit is raised:
diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c
--- a/net/netfilter/nft_set_rbtree.c
+++ b/net/netfilter/nft_set_rbtree.c
@@ -556,7 +556,8 @@ static int __nft_rbtree_insert(const struct net *net, const struct nft_set *set,
/* - start element overlaps an open interval but end element is new:
* partial overlap, reported as -ENOEMPTY.
*/
- if (!rbe_ge && priv->start_rbe_cookie && nft_rbtree_interval_end(new))
+ if (!rbe_ge && priv->start_rbe_cookie & NFT_RBTREE_OPEN_INTERVAL &&
+ nft_rbtree_interval_end(new))
return -ENOTEMPTY;
Does that look correct to you?