--- /dev/null
+From stable-owner@vger.kernel.org Mon Sep 18 14:08:09 2023
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Mon, 18 Sep 2023 14:06:56 +0200
+Subject: netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable deactivatation
+To: netfilter-devel@vger.kernel.org
+Cc: gregkh@linuxfoundation.org, stable@vger.kernel.org, sashal@kernel.org
+Message-ID: <20230918120656.218135-3-pablo@netfilter.org>
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 26b5a5712eb85e253724e56a54c17f8519bd8e4e upstream.
+
+Missing NFT_TRANS_PREPARE_ERROR in 1df28fde1270 ("netfilter: nf_tables: add
+NFT_TRANS_PREPARE_ERROR to deal with bound set/chain") in 4.19.
+
+Fixes: 1df28fde1270 ("netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain") in 4.19
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nf_tables_api.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -5555,6 +5555,7 @@ void nf_tables_deactivate_flowtable(cons
+ enum nft_trans_phase phase)
+ {
+ switch (phase) {
++ case NFT_TRANS_PREPARE_ERROR:
+ case NFT_TRANS_PREPARE:
+ case NFT_TRANS_ABORT:
+ case NFT_TRANS_RELEASE:
--- /dev/null
+From stable-owner@vger.kernel.org Mon Sep 18 14:08:09 2023
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Mon, 18 Sep 2023 14:06:55 +0200
+Subject: netfilter: nft_flow_offload: fix underflow in flowtable reference counter
+To: netfilter-devel@vger.kernel.org
+Cc: gregkh@linuxfoundation.org, stable@vger.kernel.org, sashal@kernel.org
+Message-ID: <20230918120656.218135-2-pablo@netfilter.org>
+
+From: wenxu <wenxu@ucloud.cn>
+
+commit 8ca79606cdfde2e37ee4f0707b9d1874a6f0eb38 upstream.
+
+The .deactivate and .activate interfaces already deal with the reference
+counter. Otherwise, this results in spurious "Device is busy" errors.
+
+Fixes: a3c90f7a2323 ("netfilter: nf_tables: flow offload expression")
+Signed-off-by: wenxu <wenxu@ucloud.cn>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nft_flow_offload.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/net/netfilter/nft_flow_offload.c
++++ b/net/netfilter/nft_flow_offload.c
+@@ -197,9 +197,6 @@ static void nft_flow_offload_activate(co
+ static void nft_flow_offload_destroy(const struct nft_ctx *ctx,
+ const struct nft_expr *expr)
+ {
+- struct nft_flow_offload *priv = nft_expr_priv(expr);
+-
+- priv->flowtable->use--;
+ nf_ct_netns_put(ctx->net, ctx->family);
+ }
+
eventfd-export-eventfd_ctx_do_read.patch
eventfd-prevent-underflow-for-eventfd-semaphores.patch
new-helper-lookup_positive_unlocked.patch
+netfilter-nft_flow_offload-fix-underflow-in-flowtable-reference-counter.patch
+netfilter-nf_tables-missing-nft_trans_prepare_error-in-flowtable-deactivatation.patch
fs-fix-error-checking-for-d_hash_and_lookup.patch
cpufreq-powernow-k8-use-related_cpus-instead-of-cpus.patch
bpf-clear-the-probe_addr-for-uprobe.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
