From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 18 Sep 2023 12:17:23 +0000 (+0200)
Subject: 4.19-stable patches
X-Git-Tag: v5.10.195~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=06524b294dd74bbd89dfd737ca8a6052d09d780e;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	netfilter-nf_tables-missing-nft_trans_prepare_error-in-flowtable-deactivatation.patch
	netfilter-nft_flow_offload-fix-underflow-in-flowtable-reference-counter.patch
---

diff --git a/queue-4.19/netfilter-nf_tables-missing-nft_trans_prepare_error-in-flowtable-deactivatation.patch b/queue-4.19/netfilter-nf_tables-missing-nft_trans_prepare_error-in-flowtable-deactivatation.patch
new file mode 100644
index 00000000000..96e36795716
--- /dev/null
+++ b/queue-4.19/netfilter-nf_tables-missing-nft_trans_prepare_error-in-flowtable-deactivatation.patch
@@ -0,0 +1,32 @@
+From stable-owner@vger.kernel.org Mon Sep 18 14:08:09 2023
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Mon, 18 Sep 2023 14:06:56 +0200
+Subject: netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable deactivatation
+To: netfilter-devel@vger.kernel.org
+Cc: gregkh@linuxfoundation.org, stable@vger.kernel.org, sashal@kernel.org
+Message-ID: <20230918120656.218135-3-pablo@netfilter.org>
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 26b5a5712eb85e253724e56a54c17f8519bd8e4e upstream.
+
+Missing NFT_TRANS_PREPARE_ERROR in 1df28fde1270 ("netfilter: nf_tables: add
+NFT_TRANS_PREPARE_ERROR to deal with bound set/chain") in 4.19.
+
+Fixes: 1df28fde1270 ("netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain") in 4.19
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nf_tables_api.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -5555,6 +5555,7 @@ void nf_tables_deactivate_flowtable(cons
+ 				    enum nft_trans_phase phase)
+ {
+ 	switch (phase) {
++	case NFT_TRANS_PREPARE_ERROR:
+ 	case NFT_TRANS_PREPARE:
+ 	case NFT_TRANS_ABORT:
+ 	case NFT_TRANS_RELEASE:
diff --git a/queue-4.19/netfilter-nft_flow_offload-fix-underflow-in-flowtable-reference-counter.patch b/queue-4.19/netfilter-nft_flow_offload-fix-underflow-in-flowtable-reference-counter.patch
new file mode 100644
index 00000000000..f1f7b9ad53f
--- /dev/null
+++ b/queue-4.19/netfilter-nft_flow_offload-fix-underflow-in-flowtable-reference-counter.patch
@@ -0,0 +1,35 @@
+From stable-owner@vger.kernel.org Mon Sep 18 14:08:09 2023
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Mon, 18 Sep 2023 14:06:55 +0200
+Subject: netfilter: nft_flow_offload: fix underflow in flowtable reference counter
+To: netfilter-devel@vger.kernel.org
+Cc: gregkh@linuxfoundation.org, stable@vger.kernel.org, sashal@kernel.org
+Message-ID: <20230918120656.218135-2-pablo@netfilter.org>
+
+From: wenxu <wenxu@ucloud.cn>
+
+commit 8ca79606cdfde2e37ee4f0707b9d1874a6f0eb38 upstream.
+
+The .deactivate and .activate interfaces already deal with the reference
+counter. Otherwise, this results in spurious "Device is busy" errors.
+
+Fixes: a3c90f7a2323 ("netfilter: nf_tables: flow offload expression")
+Signed-off-by: wenxu <wenxu@ucloud.cn>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nft_flow_offload.c |    3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/net/netfilter/nft_flow_offload.c
++++ b/net/netfilter/nft_flow_offload.c
+@@ -197,9 +197,6 @@ static void nft_flow_offload_activate(co
+ static void nft_flow_offload_destroy(const struct nft_ctx *ctx,
+ 				     const struct nft_expr *expr)
+ {
+-	struct nft_flow_offload *priv = nft_expr_priv(expr);
+-
+-	priv->flowtable->use--;
+ 	nf_ct_netns_put(ctx->net, ctx->family);
+ }
+ 
diff --git a/queue-4.19/series b/queue-4.19/series
index 4ee68a551b5..07ec0fd66bf 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -43,6 +43,8 @@ reiserfs-check-the-return-value-from-__getblk.patch
 eventfd-export-eventfd_ctx_do_read.patch
 eventfd-prevent-underflow-for-eventfd-semaphores.patch
 new-helper-lookup_positive_unlocked.patch
+netfilter-nft_flow_offload-fix-underflow-in-flowtable-reference-counter.patch
+netfilter-nf_tables-missing-nft_trans_prepare_error-in-flowtable-deactivatation.patch
 fs-fix-error-checking-for-d_hash_and_lookup.patch
 cpufreq-powernow-k8-use-related_cpus-instead-of-cpus.patch
 bpf-clear-the-probe_addr-for-uprobe.patch