diff options
| author | HsiuWen Yen <y.hsiuwen@gmail.com> | 2019-06-21 00:44:42 +0800 |
|---|---|---|
| committer | Felix Fietkau <nbd@nbd.name> | 2019-09-26 10:22:13 +0200 |
| commit | ac04be82c447e3a24bbd05387b76228673b7729b (patch) | |
| tree | 7e82e7d16e4e00f5a27fcfdba9d49e308a29859d /target/linux/generic/hack-4.14/647-netfilter-flow-acct.patch | |
| parent | 9200b4a6a085e145696cba9056c4f536014536c0 (diff) | |
| download | upstream-ac04be82c447e3a24bbd05387b76228673b7729b.tar.gz upstream-ac04be82c447e3a24bbd05387b76228673b7729b.tar.bz2 upstream-ac04be82c447e3a24bbd05387b76228673b7729b.zip | |
netfilter: fix crash in flow offload by adding netns support
Commit fcb41decf6c6 ("config: enable some useful features on
!SMALL_FLASH devices") enabled netns, which in turn lead to the crash in
the flow offload target.
When the flow offloading framework intends to delete a flow from the
hardware table, it is necessary to retrieve the namespace from
nf_flowtable->ft_net. However, no one ever wrote the namespace into
nf_flowtable->ft_net in advance. So the framework will mistakenly use a
NULL namespace to execute dev_get_by_index_rcu(net, ifindex), leading to
the kernel panic.
Ref: FS#2321
Fixes: fcb41decf6c6 ("config: enable some useful features on !SMALL_FLASH devices")
Tested-by: Simon Tretter <simon@mediaarchitectu.re>
Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com>
[merged patch into offload patch, fix for 4.19, SOB fix, commit subj/msg touches]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry-picked from commit d344591e72e5ca96a2bf70a2df38961553185ce8)
Diffstat (limited to 'target/linux/generic/hack-4.14/647-netfilter-flow-acct.patch')
0 files changed, 0 insertions, 0 deletions