netfilter pull request nf-26-02-05

-----BEGIN PGP SIGNATURE-----
 
 iQJdBAABCABHFiEEgKkgxbID4Gn1hq6fcJGo2a1f9gAFAmmESMYbFIAAAAAABAAO
 bWFudTIsMi41KzEuMTEsMiwyDRxmd0BzdHJsZW4uZGUACgkQcJGo2a1f9gBgYQ//
 T/dMF552rXb0waQdllgXzMKV0Q7dHx1KsBKpYh2FRd+84Dg0WGsIcXsrSKY8nJU6
 Q9zMgG6e6Z8RDbILX0BOs0DZh0rxhDnIBKu+nPexOJqxtY9xJxM1TWYaya+d+Nem
 CFQs0PZ337lcUaPn/dPDeSty7AMHVSNfaUkKUIm2uHj1nPU8a2yam3IQQkgiuhZQ
 TZ3ZMez2hx0Z9inqaBAxZkvqM4Vdr2O2e4htkCreGoTxocb9I7VkixUHkg22EJuy
 j9T3ezNnmrJKXAlYPCBjaSuLWANXY+kqLk1BzWp/GDJB+Qk0bY9Sec9/aUQYMLVS
 vllAKtX/x9DdwG5R2adQ8vmLFs0F2KzlJ2hoKZeSgy/ubmoNxL8UNc1+PcNJqNFt
 ot7Wy86FteHPSB4lJPBYLgZETXxID2hxTujrCwYYgIr1VKOfPifXuA9q7lgfl271
 gL+GKEzagMjNIqRgdZacSL8UHMfkpowU+4f6DyUx5gAOi1Gm+sR/M3PEKaVn4VgX
 f1FzY1D3/SMo24OA9ISCfsmz/ypJOqzXiGzs+0VnsQhWxozATcG7efNrttNVzuqf
 ZP2+BkWWxd0jpZL06aNDQI6Srvrmo/oWznrsDydK9o7kdE61bUlSJN+1V7Uotty7
 bYVH5bgC2/Zvo+ZWz7ZrFfbCtMqPA9jyaIZGEE96yIY=
 =eIZs
 -----END PGP SIGNATURE-----

Merge tag 'nf-26-02-05' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Florian Westphal says:

====================
netfilter: update for net

This is one last-minute crash fix for nf_tables, from Andrew Fasano:

Logical check is inverted, this makes kernel fail to correctly undo
the transaction, leading to a use-after-free.

* tag 'nf-26-02-05' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate()
====================

Link: https://patch.msgid.link/20260205074450.3187-1-fw@strlen.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

net/netfilter/nf_tables_api.c

@@ -5914,7 +5914,7 @@ static void nft_map_catchall_activate(const struct nft_ctx *ctx,
 
 	list_for_each_entry(catchall, &set->catchall_list, list) {
 		ext = nft_set_elem_ext(set, catchall->elem);
-		if (!nft_set_elem_active(ext, genmask))
+		if (nft_set_elem_active(ext, genmask))
 			continue;
 
 		nft_clear(ctx->net, ext);