From 9e5a6999e52d7fc4561497d5f6a260dd5f3634c0 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sun, 1 Sep 2024 11:42:14 +0200 Subject: [PATCH] drop a netfilter patch from 5.4 and 5.10 The follow-up fixes would not apply, and so these commits shouldn't be applied either. --- ...ipv6-fragments-to-arrive-on-differen.patch | 46 --- ...nf_defrag_ipv6-use-net_generic-infra.patch | 264 ------------------ queue-5.10/series | 2 - ...ipv6-fragments-to-arrive-on-differen.patch | 46 --- ...nf_defrag_ipv6-use-net_generic-infra.patch | 264 ------------------ queue-5.4/series | 2 - 6 files changed, 624 deletions(-) delete mode 100644 queue-5.10/netfilter-allow-ipv6-fragments-to-arrive-on-differen.patch delete mode 100644 queue-5.10/netfilter-nf_defrag_ipv6-use-net_generic-infra.patch delete mode 100644 queue-5.4/netfilter-allow-ipv6-fragments-to-arrive-on-differen.patch delete mode 100644 queue-5.4/netfilter-nf_defrag_ipv6-use-net_generic-infra.patch diff --git a/queue-5.10/netfilter-allow-ipv6-fragments-to-arrive-on-differen.patch b/queue-5.10/netfilter-allow-ipv6-fragments-to-arrive-on-differen.patch deleted file mode 100644 index faa493ca2cb..00000000000 --- a/queue-5.10/netfilter-allow-ipv6-fragments-to-arrive-on-differen.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 087501643bc2fb347e799289b538675a1d4ec218 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Tue, 6 Aug 2024 12:40:52 +0100 -Subject: netfilter: allow ipv6 fragments to arrive on different devices - -From: Tom Hughes - -[ Upstream commit 3cd740b985963f874a1a094f1969e998b9d05554 ] - -Commit 264640fc2c5f4 ("ipv6: distinguish frag queues by device -for multicast and link-local packets") modified the ipv6 fragment -reassembly logic to distinguish frag queues by device for multicast -and link-local packets but in fact only the main reassembly code -limits the use of the device to those address types and the netfilter -reassembly code uses the device for all packets. - -This means that if fragments of a packet arrive on different interfaces -then netfilter will fail to reassemble them and the fragments will be -expired without going any further through the filters. - -Fixes: 648700f76b03 ("inet: frags: use rhashtables for reassembly units") -Signed-off-by: Tom Hughes -Signed-off-by: Pablo Neira Ayuso -Signed-off-by: Sasha Levin ---- - net/ipv6/netfilter/nf_conntrack_reasm.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c -index a0108415275fe..73c0b92bdf0ac 100644 ---- a/net/ipv6/netfilter/nf_conntrack_reasm.c -+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c -@@ -155,6 +155,10 @@ static struct frag_queue *fq_find(struct net *net, __be32 id, u32 user, - }; - struct inet_frag_queue *q; - -+ if (!(ipv6_addr_type(&hdr->daddr) & (IPV6_ADDR_MULTICAST | -+ IPV6_ADDR_LINKLOCAL))) -+ key.iif = 0; -+ - q = inet_frag_find(nf_frag->fqdir, &key); - if (!q) - return NULL; --- -2.43.0 - diff --git a/queue-5.10/netfilter-nf_defrag_ipv6-use-net_generic-infra.patch b/queue-5.10/netfilter-nf_defrag_ipv6-use-net_generic-infra.patch deleted file mode 100644 index 3204e502b2d..00000000000 --- a/queue-5.10/netfilter-nf_defrag_ipv6-use-net_generic-infra.patch +++ /dev/null @@ -1,264 +0,0 @@ -From 862bc61697b69b021572388af4cb114aba0a4838 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Thu, 1 Apr 2021 16:11:07 +0200 -Subject: netfilter: nf_defrag_ipv6: use net_generic infra - -From: Florian Westphal - -[ Upstream commit 8b0adbe3e38dbe5aae9edf6f5159ffdca7cfbdf1 ] - -This allows followup patch to remove these members from struct net. - -Signed-off-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso -Stable-dep-of: 3cd740b98596 ("netfilter: allow ipv6 fragments to arrive on different devices") -Signed-off-by: Sasha Levin ---- - include/net/netfilter/ipv6/nf_defrag_ipv6.h | 6 ++ - net/ipv6/netfilter/nf_conntrack_reasm.c | 68 +++++++++++---------- - net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 15 +++-- - 3 files changed, 52 insertions(+), 37 deletions(-) - -diff --git a/include/net/netfilter/ipv6/nf_defrag_ipv6.h b/include/net/netfilter/ipv6/nf_defrag_ipv6.h -index 6d31cd0411434..ece923e2035b5 100644 ---- a/include/net/netfilter/ipv6/nf_defrag_ipv6.h -+++ b/include/net/netfilter/ipv6/nf_defrag_ipv6.h -@@ -13,4 +13,10 @@ int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user); - - struct inet_frags_ctl; - -+struct nft_ct_frag6_pernet { -+ struct ctl_table_header *nf_frag_frags_hdr; -+ struct fqdir *fqdir; -+ unsigned int users; -+}; -+ - #endif /* _NF_DEFRAG_IPV6_H */ -diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c -index c129ad334eb39..a0108415275fe 100644 ---- a/net/ipv6/netfilter/nf_conntrack_reasm.c -+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c -@@ -15,28 +15,13 @@ - #include - #include - #include --#include --#include --#include - #include --#include - #include --#include - #include --#include --#include - #include - --#include --#include - #include - --#include --#include --#include --#include --#include --#include - #include - #include - #include -@@ -44,11 +29,18 @@ - #include - #include - #include -+#include - - static const char nf_frags_cache_name[] = "nf-frags"; - -+unsigned int nf_frag_pernet_id __read_mostly; - static struct inet_frags nf_frags; - -+static struct nft_ct_frag6_pernet *nf_frag_pernet(struct net *net) -+{ -+ return net_generic(net, nf_frag_pernet_id); -+} -+ - #ifdef CONFIG_SYSCTL - - static struct ctl_table nf_ct_frag6_sysctl_table[] = { -@@ -75,6 +67,7 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = { - - static int nf_ct_frag6_sysctl_register(struct net *net) - { -+ struct nft_ct_frag6_pernet *nf_frag; - struct ctl_table *table; - struct ctl_table_header *hdr; - -@@ -86,18 +79,20 @@ static int nf_ct_frag6_sysctl_register(struct net *net) - goto err_alloc; - } - -- table[0].data = &net->nf_frag.fqdir->timeout; -- table[1].data = &net->nf_frag.fqdir->low_thresh; -- table[1].extra2 = &net->nf_frag.fqdir->high_thresh; -- table[2].data = &net->nf_frag.fqdir->high_thresh; -- table[2].extra1 = &net->nf_frag.fqdir->low_thresh; -- table[2].extra2 = &init_net.nf_frag.fqdir->high_thresh; -+ nf_frag = nf_frag_pernet(net); -+ -+ table[0].data = &nf_frag->fqdir->timeout; -+ table[1].data = &nf_frag->fqdir->low_thresh; -+ table[1].extra2 = &nf_frag->fqdir->high_thresh; -+ table[2].data = &nf_frag->fqdir->high_thresh; -+ table[2].extra1 = &nf_frag->fqdir->low_thresh; -+ table[2].extra2 = &nf_frag->fqdir->high_thresh; - - hdr = register_net_sysctl(net, "net/netfilter", table); - if (hdr == NULL) - goto err_reg; - -- net->nf_frag_frags_hdr = hdr; -+ nf_frag->nf_frag_frags_hdr = hdr; - return 0; - - err_reg: -@@ -109,10 +104,11 @@ static int nf_ct_frag6_sysctl_register(struct net *net) - - static void __net_exit nf_ct_frags6_sysctl_unregister(struct net *net) - { -+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net); - struct ctl_table *table; - -- table = net->nf_frag_frags_hdr->ctl_table_arg; -- unregister_net_sysctl_table(net->nf_frag_frags_hdr); -+ table = nf_frag->nf_frag_frags_hdr->ctl_table_arg; -+ unregister_net_sysctl_table(nf_frag->nf_frag_frags_hdr); - if (!net_eq(net, &init_net)) - kfree(table); - } -@@ -149,6 +145,7 @@ static void nf_ct_frag6_expire(struct timer_list *t) - static struct frag_queue *fq_find(struct net *net, __be32 id, u32 user, - const struct ipv6hdr *hdr, int iif) - { -+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net); - struct frag_v6_compare_key key = { - .id = id, - .saddr = hdr->saddr, -@@ -158,7 +155,7 @@ static struct frag_queue *fq_find(struct net *net, __be32 id, u32 user, - }; - struct inet_frag_queue *q; - -- q = inet_frag_find(net->nf_frag.fqdir, &key); -+ q = inet_frag_find(nf_frag->fqdir, &key); - if (!q) - return NULL; - -@@ -495,37 +492,44 @@ EXPORT_SYMBOL_GPL(nf_ct_frag6_gather); - - static int nf_ct_net_init(struct net *net) - { -+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net); - int res; - -- res = fqdir_init(&net->nf_frag.fqdir, &nf_frags, net); -+ res = fqdir_init(&nf_frag->fqdir, &nf_frags, net); - if (res < 0) - return res; - -- net->nf_frag.fqdir->high_thresh = IPV6_FRAG_HIGH_THRESH; -- net->nf_frag.fqdir->low_thresh = IPV6_FRAG_LOW_THRESH; -- net->nf_frag.fqdir->timeout = IPV6_FRAG_TIMEOUT; -+ nf_frag->fqdir->high_thresh = IPV6_FRAG_HIGH_THRESH; -+ nf_frag->fqdir->low_thresh = IPV6_FRAG_LOW_THRESH; -+ nf_frag->fqdir->timeout = IPV6_FRAG_TIMEOUT; - - res = nf_ct_frag6_sysctl_register(net); - if (res < 0) -- fqdir_exit(net->nf_frag.fqdir); -+ fqdir_exit(nf_frag->fqdir); - return res; - } - - static void nf_ct_net_pre_exit(struct net *net) - { -- fqdir_pre_exit(net->nf_frag.fqdir); -+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net); -+ -+ fqdir_pre_exit(nf_frag->fqdir); - } - - static void nf_ct_net_exit(struct net *net) - { -+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net); -+ - nf_ct_frags6_sysctl_unregister(net); -- fqdir_exit(net->nf_frag.fqdir); -+ fqdir_exit(nf_frag->fqdir); - } - - static struct pernet_operations nf_ct_net_ops = { - .init = nf_ct_net_init, - .pre_exit = nf_ct_net_pre_exit, - .exit = nf_ct_net_exit, -+ .id = &nf_frag_pernet_id, -+ .size = sizeof(struct nft_ct_frag6_pernet), - }; - - static const struct rhashtable_params nfct_rhash_params = { -diff --git a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c -index 6646a87fb5dc1..402dc4ca9504f 100644 ---- a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c -+++ b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c -@@ -25,6 +25,8 @@ - #include - #include - -+extern unsigned int nf_frag_pernet_id; -+ - static DEFINE_MUTEX(defrag6_mutex); - - static enum ip6_defrag_users nf_ct6_defrag_user(unsigned int hooknum, -@@ -89,10 +91,12 @@ static const struct nf_hook_ops ipv6_defrag_ops[] = { - - static void __net_exit defrag6_net_exit(struct net *net) - { -- if (net->nf.defrag_ipv6) { -+ struct nft_ct_frag6_pernet *nf_frag = net_generic(net, nf_frag_pernet_id); -+ -+ if (nf_frag->users) { - nf_unregister_net_hooks(net, ipv6_defrag_ops, - ARRAY_SIZE(ipv6_defrag_ops)); -- net->nf.defrag_ipv6 = false; -+ nf_frag->users = 0; - } - } - -@@ -130,21 +134,22 @@ static void __exit nf_defrag_fini(void) - - int nf_defrag_ipv6_enable(struct net *net) - { -+ struct nft_ct_frag6_pernet *nf_frag = net_generic(net, nf_frag_pernet_id); - int err = 0; - - might_sleep(); - -- if (net->nf.defrag_ipv6) -+ if (nf_frag->users) - return 0; - - mutex_lock(&defrag6_mutex); -- if (net->nf.defrag_ipv6) -+ if (nf_frag->users) - goto out_unlock; - - err = nf_register_net_hooks(net, ipv6_defrag_ops, - ARRAY_SIZE(ipv6_defrag_ops)); - if (err == 0) -- net->nf.defrag_ipv6 = true; -+ nf_frag->users = 1; - - out_unlock: - mutex_unlock(&defrag6_mutex); --- -2.43.0 - diff --git a/queue-5.10/series b/queue-5.10/series index 6d10beda7ea..b3081f5e0bf 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -24,8 +24,6 @@ net-dsa-vsc73xx-pass-value-in-phy_write-operation.patch net-dsa-vsc73xx-use-read_poll_timeout-instead-delay-.patch net-dsa-vsc73xx-check-busy-flag-in-mdio-operations.patch mptcp-correct-mptcp_subflow_attr_ssn_offset-reserved.patch -netfilter-nf_defrag_ipv6-use-net_generic-infra.patch -netfilter-allow-ipv6-fragments-to-arrive-on-differen.patch netfilter-flowtable-initialise-extack-before-use.patch net-hns3-fix-wrong-use-of-semaphore-up.patch net-hns3-fix-a-deadlock-problem-when-config-tc-durin.patch diff --git a/queue-5.4/netfilter-allow-ipv6-fragments-to-arrive-on-differen.patch b/queue-5.4/netfilter-allow-ipv6-fragments-to-arrive-on-differen.patch deleted file mode 100644 index 3b75ab96994..00000000000 --- a/queue-5.4/netfilter-allow-ipv6-fragments-to-arrive-on-differen.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 33b64cb513359df11f7e2931f56c55f0efeebf2a Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Tue, 6 Aug 2024 12:40:52 +0100 -Subject: netfilter: allow ipv6 fragments to arrive on different devices - -From: Tom Hughes - -[ Upstream commit 3cd740b985963f874a1a094f1969e998b9d05554 ] - -Commit 264640fc2c5f4 ("ipv6: distinguish frag queues by device -for multicast and link-local packets") modified the ipv6 fragment -reassembly logic to distinguish frag queues by device for multicast -and link-local packets but in fact only the main reassembly code -limits the use of the device to those address types and the netfilter -reassembly code uses the device for all packets. - -This means that if fragments of a packet arrive on different interfaces -then netfilter will fail to reassemble them and the fragments will be -expired without going any further through the filters. - -Fixes: 648700f76b03 ("inet: frags: use rhashtables for reassembly units") -Signed-off-by: Tom Hughes -Signed-off-by: Pablo Neira Ayuso -Signed-off-by: Sasha Levin ---- - net/ipv6/netfilter/nf_conntrack_reasm.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c -index 24ec295454940..db4592ada9491 100644 ---- a/net/ipv6/netfilter/nf_conntrack_reasm.c -+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c -@@ -155,6 +155,10 @@ static struct frag_queue *fq_find(struct net *net, __be32 id, u32 user, - }; - struct inet_frag_queue *q; - -+ if (!(ipv6_addr_type(&hdr->daddr) & (IPV6_ADDR_MULTICAST | -+ IPV6_ADDR_LINKLOCAL))) -+ key.iif = 0; -+ - q = inet_frag_find(nf_frag->fqdir, &key); - if (!q) - return NULL; --- -2.43.0 - diff --git a/queue-5.4/netfilter-nf_defrag_ipv6-use-net_generic-infra.patch b/queue-5.4/netfilter-nf_defrag_ipv6-use-net_generic-infra.patch deleted file mode 100644 index 36635c39961..00000000000 --- a/queue-5.4/netfilter-nf_defrag_ipv6-use-net_generic-infra.patch +++ /dev/null @@ -1,264 +0,0 @@ -From 90a4f908c0a2bcb903bfa33cae72c235c4559c24 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Thu, 1 Apr 2021 16:11:07 +0200 -Subject: netfilter: nf_defrag_ipv6: use net_generic infra - -From: Florian Westphal - -[ Upstream commit 8b0adbe3e38dbe5aae9edf6f5159ffdca7cfbdf1 ] - -This allows followup patch to remove these members from struct net. - -Signed-off-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso -Stable-dep-of: 3cd740b98596 ("netfilter: allow ipv6 fragments to arrive on different devices") -Signed-off-by: Sasha Levin ---- - include/net/netfilter/ipv6/nf_defrag_ipv6.h | 6 ++ - net/ipv6/netfilter/nf_conntrack_reasm.c | 68 +++++++++++---------- - net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 15 +++-- - 3 files changed, 52 insertions(+), 37 deletions(-) - -diff --git a/include/net/netfilter/ipv6/nf_defrag_ipv6.h b/include/net/netfilter/ipv6/nf_defrag_ipv6.h -index 6d31cd0411434..ece923e2035b5 100644 ---- a/include/net/netfilter/ipv6/nf_defrag_ipv6.h -+++ b/include/net/netfilter/ipv6/nf_defrag_ipv6.h -@@ -13,4 +13,10 @@ int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user); - - struct inet_frags_ctl; - -+struct nft_ct_frag6_pernet { -+ struct ctl_table_header *nf_frag_frags_hdr; -+ struct fqdir *fqdir; -+ unsigned int users; -+}; -+ - #endif /* _NF_DEFRAG_IPV6_H */ -diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c -index fed9666a2f7da..24ec295454940 100644 ---- a/net/ipv6/netfilter/nf_conntrack_reasm.c -+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c -@@ -15,28 +15,13 @@ - #include - #include - #include --#include --#include --#include - #include --#include - #include --#include - #include --#include --#include - #include - --#include --#include - #include - --#include --#include --#include --#include --#include --#include - #include - #include - #include -@@ -44,11 +29,18 @@ - #include - #include - #include -+#include - - static const char nf_frags_cache_name[] = "nf-frags"; - -+unsigned int nf_frag_pernet_id __read_mostly; - static struct inet_frags nf_frags; - -+static struct nft_ct_frag6_pernet *nf_frag_pernet(struct net *net) -+{ -+ return net_generic(net, nf_frag_pernet_id); -+} -+ - #ifdef CONFIG_SYSCTL - - static struct ctl_table nf_ct_frag6_sysctl_table[] = { -@@ -75,6 +67,7 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = { - - static int nf_ct_frag6_sysctl_register(struct net *net) - { -+ struct nft_ct_frag6_pernet *nf_frag; - struct ctl_table *table; - struct ctl_table_header *hdr; - -@@ -86,18 +79,20 @@ static int nf_ct_frag6_sysctl_register(struct net *net) - goto err_alloc; - } - -- table[0].data = &net->nf_frag.fqdir->timeout; -- table[1].data = &net->nf_frag.fqdir->low_thresh; -- table[1].extra2 = &net->nf_frag.fqdir->high_thresh; -- table[2].data = &net->nf_frag.fqdir->high_thresh; -- table[2].extra1 = &net->nf_frag.fqdir->low_thresh; -- table[2].extra2 = &init_net.nf_frag.fqdir->high_thresh; -+ nf_frag = nf_frag_pernet(net); -+ -+ table[0].data = &nf_frag->fqdir->timeout; -+ table[1].data = &nf_frag->fqdir->low_thresh; -+ table[1].extra2 = &nf_frag->fqdir->high_thresh; -+ table[2].data = &nf_frag->fqdir->high_thresh; -+ table[2].extra1 = &nf_frag->fqdir->low_thresh; -+ table[2].extra2 = &nf_frag->fqdir->high_thresh; - - hdr = register_net_sysctl(net, "net/netfilter", table); - if (hdr == NULL) - goto err_reg; - -- net->nf_frag_frags_hdr = hdr; -+ nf_frag->nf_frag_frags_hdr = hdr; - return 0; - - err_reg: -@@ -109,10 +104,11 @@ static int nf_ct_frag6_sysctl_register(struct net *net) - - static void __net_exit nf_ct_frags6_sysctl_unregister(struct net *net) - { -+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net); - struct ctl_table *table; - -- table = net->nf_frag_frags_hdr->ctl_table_arg; -- unregister_net_sysctl_table(net->nf_frag_frags_hdr); -+ table = nf_frag->nf_frag_frags_hdr->ctl_table_arg; -+ unregister_net_sysctl_table(nf_frag->nf_frag_frags_hdr); - if (!net_eq(net, &init_net)) - kfree(table); - } -@@ -149,6 +145,7 @@ static void nf_ct_frag6_expire(struct timer_list *t) - static struct frag_queue *fq_find(struct net *net, __be32 id, u32 user, - const struct ipv6hdr *hdr, int iif) - { -+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net); - struct frag_v6_compare_key key = { - .id = id, - .saddr = hdr->saddr, -@@ -158,7 +155,7 @@ static struct frag_queue *fq_find(struct net *net, __be32 id, u32 user, - }; - struct inet_frag_queue *q; - -- q = inet_frag_find(net->nf_frag.fqdir, &key); -+ q = inet_frag_find(nf_frag->fqdir, &key); - if (!q) - return NULL; - -@@ -485,37 +482,44 @@ EXPORT_SYMBOL_GPL(nf_ct_frag6_gather); - - static int nf_ct_net_init(struct net *net) - { -+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net); - int res; - -- res = fqdir_init(&net->nf_frag.fqdir, &nf_frags, net); -+ res = fqdir_init(&nf_frag->fqdir, &nf_frags, net); - if (res < 0) - return res; - -- net->nf_frag.fqdir->high_thresh = IPV6_FRAG_HIGH_THRESH; -- net->nf_frag.fqdir->low_thresh = IPV6_FRAG_LOW_THRESH; -- net->nf_frag.fqdir->timeout = IPV6_FRAG_TIMEOUT; -+ nf_frag->fqdir->high_thresh = IPV6_FRAG_HIGH_THRESH; -+ nf_frag->fqdir->low_thresh = IPV6_FRAG_LOW_THRESH; -+ nf_frag->fqdir->timeout = IPV6_FRAG_TIMEOUT; - - res = nf_ct_frag6_sysctl_register(net); - if (res < 0) -- fqdir_exit(net->nf_frag.fqdir); -+ fqdir_exit(nf_frag->fqdir); - return res; - } - - static void nf_ct_net_pre_exit(struct net *net) - { -- fqdir_pre_exit(net->nf_frag.fqdir); -+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net); -+ -+ fqdir_pre_exit(nf_frag->fqdir); - } - - static void nf_ct_net_exit(struct net *net) - { -+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net); -+ - nf_ct_frags6_sysctl_unregister(net); -- fqdir_exit(net->nf_frag.fqdir); -+ fqdir_exit(nf_frag->fqdir); - } - - static struct pernet_operations nf_ct_net_ops = { - .init = nf_ct_net_init, - .pre_exit = nf_ct_net_pre_exit, - .exit = nf_ct_net_exit, -+ .id = &nf_frag_pernet_id, -+ .size = sizeof(struct nft_ct_frag6_pernet), - }; - - static const struct rhashtable_params nfct_rhash_params = { -diff --git a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c -index 6646a87fb5dc1..402dc4ca9504f 100644 ---- a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c -+++ b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c -@@ -25,6 +25,8 @@ - #include - #include - -+extern unsigned int nf_frag_pernet_id; -+ - static DEFINE_MUTEX(defrag6_mutex); - - static enum ip6_defrag_users nf_ct6_defrag_user(unsigned int hooknum, -@@ -89,10 +91,12 @@ static const struct nf_hook_ops ipv6_defrag_ops[] = { - - static void __net_exit defrag6_net_exit(struct net *net) - { -- if (net->nf.defrag_ipv6) { -+ struct nft_ct_frag6_pernet *nf_frag = net_generic(net, nf_frag_pernet_id); -+ -+ if (nf_frag->users) { - nf_unregister_net_hooks(net, ipv6_defrag_ops, - ARRAY_SIZE(ipv6_defrag_ops)); -- net->nf.defrag_ipv6 = false; -+ nf_frag->users = 0; - } - } - -@@ -130,21 +134,22 @@ static void __exit nf_defrag_fini(void) - - int nf_defrag_ipv6_enable(struct net *net) - { -+ struct nft_ct_frag6_pernet *nf_frag = net_generic(net, nf_frag_pernet_id); - int err = 0; - - might_sleep(); - -- if (net->nf.defrag_ipv6) -+ if (nf_frag->users) - return 0; - - mutex_lock(&defrag6_mutex); -- if (net->nf.defrag_ipv6) -+ if (nf_frag->users) - goto out_unlock; - - err = nf_register_net_hooks(net, ipv6_defrag_ops, - ARRAY_SIZE(ipv6_defrag_ops)); - if (err == 0) -- net->nf.defrag_ipv6 = true; -+ nf_frag->users = 1; - - out_unlock: - mutex_unlock(&defrag6_mutex); --- -2.43.0 - diff --git a/queue-5.4/series b/queue-5.4/series index 242af8039b7..b58d6a75233 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -26,8 +26,6 @@ net-axienet-upgrade-descriptors-to-hold-64-bit-addre.patch net-axienet-autodetect-64-bit-dma-capability.patch net-axienet-fix-register-defines-comment-description.patch net-dsa-vsc73xx-pass-value-in-phy_write-operation.patch -netfilter-nf_defrag_ipv6-use-net_generic-infra.patch -netfilter-allow-ipv6-fragments-to-arrive-on-differen.patch net-hns3-fix-a-deadlock-problem-when-config-tc-durin.patch alsa-hda-realtek-fix-noise-from-speakers-on-lenovo-i.patch ssb-fix-division-by-zero-issue-in-ssb_calc_clock_rat.patch -- 2.47.3