diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2018-11-01 17:57:55 +0100 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2018-12-15 12:50:06 +0100 |
commit | 52a82ce3dd901a1536c7d7d9d963e9c2d761c816 (patch) | |
tree | 79020fb59420fcea7bdc4b12272f7251e101fe64 /target/linux/generic/backport-4.19/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch | |
parent | a272af75cd8c67d265400f96c1e6bb172315c23c (diff) | |
download | upstream-52a82ce3dd901a1536c7d7d9d963e9c2d761c816.tar.gz upstream-52a82ce3dd901a1536c7d7d9d963e9c2d761c816.tar.bz2 upstream-52a82ce3dd901a1536c7d7d9d963e9c2d761c816.zip |
kernel: Copy patches from kernel 4.14 to 4.19
This just copies the files from the kernel 4.14 specific folders into
the kernel 4.19 specific folder, no changes are done to the files in
this commit.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'target/linux/generic/backport-4.19/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch')
-rw-r--r-- | target/linux/generic/backport-4.19/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/target/linux/generic/backport-4.19/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch b/target/linux/generic/backport-4.19/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch new file mode 100644 index 0000000000..4b4206502c --- /dev/null +++ b/target/linux/generic/backport-4.19/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch @@ -0,0 +1,47 @@ +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Thu, 1 Feb 2018 18:49:00 +0100 +Subject: [PATCH] netfilter: nft_flow_offload: wait for garbage collector + to run after cleanup + +If netdevice goes down, then flowtable entries are scheduled to be +removed. Wait for garbage collector to have a chance to run so it can +delete them from the hashtable. + +The flush call might sleep, so hold the nfnl mutex from +nft_flow_table_iterate() instead of rcu read side lock. The use of the +nfnl mutex is also implicitly fixing races between updates via nfnetlink +and netdevice event. + +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -4886,13 +4886,13 @@ void nft_flow_table_iterate(struct net * + struct nft_flowtable *flowtable; + const struct nft_table *table; + +- rcu_read_lock(); +- list_for_each_entry_rcu(table, &net->nft.tables, list) { +- list_for_each_entry_rcu(flowtable, &table->flowtables, list) { ++ nfnl_lock(NFNL_SUBSYS_NFTABLES); ++ list_for_each_entry(table, &net->nft.tables, list) { ++ list_for_each_entry(flowtable, &table->flowtables, list) { + iter(&flowtable->data, data); + } + } +- rcu_read_unlock(); ++ nfnl_unlock(NFNL_SUBSYS_NFTABLES); + } + EXPORT_SYMBOL_GPL(nft_flow_table_iterate); + +--- a/net/netfilter/nft_flow_offload.c ++++ b/net/netfilter/nft_flow_offload.c +@@ -208,6 +208,7 @@ static void nft_flow_offload_iterate_cle + void *data) + { + nf_flow_table_iterate(flowtable, flow_offload_iterate_cleanup, data); ++ flush_delayed_work(&flowtable->gc_work); + } + + static int flow_offload_netdev_event(struct notifier_block *this, |