From f323e941f3a6dcec0bf7da450a2539eb6305d3ce Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 27 Feb 2025 04:07:16 -0800
Subject: [PATCH] 6.1-stable patches

added patches:
	netfilter-allow-exp-not-to-be-removed-in-nf_ct_find_expectation.patch
---
 ...be-removed-in-nf_ct_find_expectation.patch | 89 +++++++++++++++++++
 queue-6.1/series                              |  1 +
 2 files changed, 90 insertions(+)
 create mode 100644 queue-6.1/netfilter-allow-exp-not-to-be-removed-in-nf_ct_find_expectation.patch

diff --git a/queue-6.1/netfilter-allow-exp-not-to-be-removed-in-nf_ct_find_expectation.patch b/queue-6.1/netfilter-allow-exp-not-to-be-removed-in-nf_ct_find_expectation.patch
new file mode 100644
index 0000000000..0029ffbeea
--- /dev/null
+++ b/queue-6.1/netfilter-allow-exp-not-to-be-removed-in-nf_ct_find_expectation.patch
@@ -0,0 +1,89 @@
+From 4914109a8e1e494c6aa9852f9e84ec77a5fc643f Mon Sep 17 00:00:00 2001
+From: Xin Long <lucien.xin@gmail.com>
+Date: Sun, 16 Jul 2023 17:09:17 -0400
+Subject: netfilter: allow exp not to be removed in nf_ct_find_expectation
+
+From: Xin Long <lucien.xin@gmail.com>
+
+commit 4914109a8e1e494c6aa9852f9e84ec77a5fc643f upstream.
+
+Currently nf_conntrack_in() calling nf_ct_find_expectation() will
+remove the exp from the hash table. However, in some scenario, we
+expect the exp not to be removed when the created ct will not be
+confirmed, like in OVS and TC conntrack in the following patches.
+
+This patch allows exp not to be removed by setting IPS_CONFIRMED
+in the status of the tmpl.
+
+Signed-off-by: Xin Long <lucien.xin@gmail.com>
+Acked-by: Aaron Conole <aconole@redhat.com>
+Acked-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/net/netfilter/nf_conntrack_expect.h |    2 +-
+ net/netfilter/nf_conntrack_core.c           |    2 +-
+ net/netfilter/nf_conntrack_expect.c         |    4 ++--
+ net/netfilter/nft_ct.c                      |    2 ++
+ 4 files changed, 6 insertions(+), 4 deletions(-)
+
+--- a/include/net/netfilter/nf_conntrack_expect.h
++++ b/include/net/netfilter/nf_conntrack_expect.h
+@@ -100,7 +100,7 @@ nf_ct_expect_find_get(struct net *net,
+ struct nf_conntrack_expect *
+ nf_ct_find_expectation(struct net *net,
+ 		       const struct nf_conntrack_zone *zone,
+-		       const struct nf_conntrack_tuple *tuple);
++		       const struct nf_conntrack_tuple *tuple, bool unlink);
+ 
+ void nf_ct_unlink_expect_report(struct nf_conntrack_expect *exp,
+ 				u32 portid, int report);
+--- a/net/netfilter/nf_conntrack_core.c
++++ b/net/netfilter/nf_conntrack_core.c
+@@ -1770,7 +1770,7 @@ init_conntrack(struct net *net, struct n
+ 	cnet = nf_ct_pernet(net);
+ 	if (cnet->expect_count) {
+ 		spin_lock_bh(&nf_conntrack_expect_lock);
+-		exp = nf_ct_find_expectation(net, zone, tuple);
++		exp = nf_ct_find_expectation(net, zone, tuple, !tmpl || nf_ct_is_confirmed(tmpl));
+ 		if (exp) {
+ 			pr_debug("expectation arrives ct=%p exp=%p\n",
+ 				 ct, exp);
+--- a/net/netfilter/nf_conntrack_expect.c
++++ b/net/netfilter/nf_conntrack_expect.c
+@@ -171,7 +171,7 @@ EXPORT_SYMBOL_GPL(nf_ct_expect_find_get)
+ struct nf_conntrack_expect *
+ nf_ct_find_expectation(struct net *net,
+ 		       const struct nf_conntrack_zone *zone,
+-		       const struct nf_conntrack_tuple *tuple)
++		       const struct nf_conntrack_tuple *tuple, bool unlink)
+ {
+ 	struct nf_conntrack_net *cnet = nf_ct_pernet(net);
+ 	struct nf_conntrack_expect *i, *exp = NULL;
+@@ -211,7 +211,7 @@ nf_ct_find_expectation(struct net *net,
+ 		     !refcount_inc_not_zero(&exp->master->ct_general.use)))
+ 		return NULL;
+ 
+-	if (exp->flags & NF_CT_EXPECT_PERMANENT) {
++	if (exp->flags & NF_CT_EXPECT_PERMANENT || !unlink) {
+ 		refcount_inc(&exp->use);
+ 		return exp;
+ 	} else if (del_timer(&exp->timeout)) {
+--- a/net/netfilter/nft_ct.c
++++ b/net/netfilter/nft_ct.c
+@@ -272,6 +272,7 @@ static void nft_ct_set_zone_eval(const s
+ 			regs->verdict.code = NF_DROP;
+ 			return;
+ 		}
++		__set_bit(IPS_CONFIRMED_BIT, &ct->status);
+ 	}
+ 
+ 	nf_ct_set(skb, ct, IP_CT_NEW);
+@@ -378,6 +379,7 @@ static bool nft_ct_tmpl_alloc_pcpu(void)
+ 			return false;
+ 		}
+ 
++		__set_bit(IPS_CONFIRMED_BIT, &tmp->status);
+ 		per_cpu(nft_ct_pcpu_template, cpu) = tmp;
+ 	}
+ 
diff --git a/queue-6.1/series b/queue-6.1/series
index b86d72fd0d..e4955ccadd 100644
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -93,3 +93,4 @@ block-bfq-fix-bfqq-uaf-in-bfq_limit_depth.patch
 media-mediatek-vcodec-fix-h264-multi-stateless-decoder-smatch-warning.patch
 spi-atmel-quadspi-avoid-overwriting-delay-register-settings.patch
 spi-atmel-quadspi-fix-wrong-register-value-written-to-mr.patch
+netfilter-allow-exp-not-to-be-removed-in-nf_ct_find_expectation.patch
-- 
2.47.2