netfilter: nft_set_pipapo: skip inactive elements during set walk

jira VULN-4132
cve CVE-2023-6817
commit-author Florian Westphal <[email protected]>
commit 317eb96
upstream-diff The change itself is the same as upstream, but there was
              a minor conflict in code surrounding the change because
              this kernel hasn't moved set element objects into the
              transaction yet.

Otherwise set elements can be deactivated twice which will cause a crash.

	Reported-by: Xingyuan Mo <[email protected]>
Fixes: 3c4287f ("nf_tables: Add set type for arbitrary concatenation of ranges")
	Signed-off-by: Florian Westphal <[email protected]>
	Signed-off-by: Pablo Neira Ayuso <[email protected]>
(cherry picked from commit 317eb96)
	Signed-off-by: Brett Mastbergen <[email protected]>

Author: bmastbergen

net/netfilter/nft_set_pipapo.c

@@ -1874,6 +1874,9 @@ static void nft_pipapo_walk(const struct nft_ctx *ctx, struct nft_set *set,
 
 		elem.priv = e;
 
+		if (!nft_set_elem_active(&e->ext, iter->genmask))
+			goto cont;
+
 		iter->err = iter->fn(ctx, set, iter, &elem);
 		if (iter->err < 0)
 			goto out;