Merge tag 'v6.8-rc2'

Linux 6.8-rc2 The vb2 fixes from v6.8-rc2 are needed for the work on the new vb2 delete buffers feature. Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
author: Hans Verkuil <hverkuil-cisco@xs4all.nl> 2024-01-29 08:59:23 +0100
committer: Hans Verkuil <hverkuil-cisco@xs4all.nl> 2024-01-29 08:59:23 +0100
commit: c8282f7b8523a4d37e5fefa220d93f2be06650e2 (patch)
tree: 6ec17a2ea545b174dc903f6135f5b6258a1c4e2e /net/netfilter/nft_xfrm.c
parent: 04447d48afd365a837e23cde631517f166045b9d (diff)
parent: 41bccc98fb7931d63d03f326a746ac4d429c1dd3 (diff)
download: linux-stable-c8282f7b8523a4d37e5fefa220d93f2be06650e2.tar.gz
linux-stable-c8282f7b8523a4d37e5fefa220d93f2be06650e2.tar.bz2
linux-stable-c8282f7b8523a4d37e5fefa220d93f2be06650e2.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/net/netfilter/nft_xfrm.c b/net/netfilter/nft_xfrm.c
index 452f8587adda..1c866757db55 100644
--- a/net/netfilter/nft_xfrm.c
+++ b/net/netfilter/nft_xfrm.c
@@ -235,6 +235,11 @@ static int nft_xfrm_validate(const struct nft_ctx *ctx, const struct nft_expr *e
 	const struct nft_xfrm *priv = nft_expr_priv(expr);
 	unsigned int hooks;
 
+	if (ctx->family != NFPROTO_IPV4 &&
+	    ctx->family != NFPROTO_IPV6 &&
+	    ctx->family != NFPROTO_INET)
+		return -EOPNOTSUPP;
+
 	switch (priv->dir) {
 	case XFRM_POLICY_IN:
 		hooks = (1 << NF_INET_FORWARD) |
author	Hans Verkuil <hverkuil-cisco@xs4all.nl>	2024-01-29 08:59:23 +0100
committer	Hans Verkuil <hverkuil-cisco@xs4all.nl>	2024-01-29 08:59:23 +0100
commit	c8282f7b8523a4d37e5fefa220d93f2be06650e2 (patch)
tree	6ec17a2ea545b174dc903f6135f5b6258a1c4e2e /net/netfilter/nft_xfrm.c
parent	04447d48afd365a837e23cde631517f166045b9d (diff)
parent	41bccc98fb7931d63d03f326a746ac4d429c1dd3 (diff)
download	linux-stable-c8282f7b8523a4d37e5fefa220d93f2be06650e2.tar.gz linux-stable-c8282f7b8523a4d37e5fefa220d93f2be06650e2.tar.bz2 linux-stable-c8282f7b8523a4d37e5fefa220d93f2be06650e2.zip