diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2018-11-01 18:01:44 +0100 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2018-12-15 14:28:48 +0100 |
commit | 9261e7447ea7b8d33b70ff6ea008f2041a88e255 (patch) | |
tree | c9af04326ac9953a33fc8fd3e852c11fc1eb4df3 /target/linux/generic/pending-4.19/611-netfilter_match_bypass_default_table.patch | |
parent | 52a82ce3dd901a1536c7d7d9d963e9c2d761c816 (diff) | |
download | upstream-9261e7447ea7b8d33b70ff6ea008f2041a88e255.tar.gz upstream-9261e7447ea7b8d33b70ff6ea008f2041a88e255.tar.bz2 upstream-9261e7447ea7b8d33b70ff6ea008f2041a88e255.zip |
kernel: Make the patches apply on top of 4.19
This makes the patches which were just copied in the previous commit
apply on top of kernel 4.19.
The patches in the backports-4.19 folder were checked if they are really
in kernel 4.19 based on the title and only removed if they were found in
the upstream kernel.
The following additional patches form the pending folder went into
upstream Linux 4.19:
pending-4.19/171-usb-dwc2-Fix-inefficient-copy-of-unaligned-buffers.patch
pending-4.19/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch
pending-4.19/478-mtd-spi-nor-Add-support-for-XM25QH64A-and-XM25QH128A.patch
pending-4.19/479-mtd-spi-nor-add-eon-en25qh32.patch
pending-4.19/950-tty-serial-exar-generalize-rs485-setup.patch
pending-4.19/340-MIPS-mm-remove-mips_dma_mapping_error.patch
Bigger changes were introduced to the m25p80 spi nor driver, as far as I
saw it in the new code, it now has the functionality provided in this
patch:
pending-4.19/450-mtd-m25p80-allow-fallback-from-spi_flash_read-to-reg.patch
Part of this patch went upstream independent of OpenWrt:
hack-4.19/220-gc_sections.patch
This patch was reworked to match the changes done upstream.
The MIPS DMA API changed a lot, this patch was rewritten to match the
new DMA handling:
pending-4.19/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch
I did bigger manual changes to the following patches and I am not 100% sure if they are all correct:
pending-4.19/0931-w1-gpio-fix-problem-with-platfom-data-in-w1-gpio.patch
pending-4.19/411-mtd-partial_eraseblock_write.patch
pending-4.19/600-netfilter_conntrack_flush.patch
pending-4.19/611-netfilter_match_bypass_default_table.patch
pending-4.19/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch
hack-4.19/211-host_tools_portability.patch
hack-4.19/221-module_exports.patch
hack-4.19/321-powerpc_crtsavres_prereq.patch
hack-4.19/902-debloat_proc.patch
This is based on patchset from Marko Ratkaj <marko.ratkaj@sartura.hr>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'target/linux/generic/pending-4.19/611-netfilter_match_bypass_default_table.patch')
-rw-r--r-- | target/linux/generic/pending-4.19/611-netfilter_match_bypass_default_table.patch | 63 |
1 files changed, 29 insertions, 34 deletions
diff --git a/target/linux/generic/pending-4.19/611-netfilter_match_bypass_default_table.patch b/target/linux/generic/pending-4.19/611-netfilter_match_bypass_default_table.patch index 11f07e12b3..ba976b0751 100644 --- a/target/linux/generic/pending-4.19/611-netfilter_match_bypass_default_table.patch +++ b/target/linux/generic/pending-4.19/611-netfilter_match_bypass_default_table.patch @@ -8,7 +8,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c -@@ -248,6 +248,33 @@ struct ipt_entry *ipt_next_entry(const s +@@ -249,6 +249,33 @@ struct ipt_entry *ipt_next_entry(const s return (void *)entry + entry->next_offset; } @@ -42,35 +42,15 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> /* Returns one of the generic firewall policies, like NF_ACCEPT. */ unsigned int ipt_do_table(struct sk_buff *skb, -@@ -268,24 +295,8 @@ ipt_do_table(struct sk_buff *skb, +@@ -269,27 +296,28 @@ ipt_do_table(struct sk_buff *skb, unsigned int addend; /* Initialization */ -- stackidx = 0; -- ip = ip_hdr(skb); -- indev = state->in ? state->in->name : nulldevname; -- outdev = state->out ? state->out->name : nulldevname; -- /* We handle fragments by dealing with the first fragment as -- * if it was a normal packet. All other fragments are treated -- * normally, except that they will NEVER match rules that ask -- * things we don't know, ie. tcp syn flag or ports). If the -- * rule is also a fragment-specific rule, non-fragments won't -- * match it. */ -- acpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET; -- acpar.thoff = ip_hdrlen(skb); -- acpar.hotdrop = false; -- acpar.state = state; -- - WARN_ON(!(table->valid_hooks & (1 << hook))); - local_bh_disable(); -- addend = xt_write_recseq_begin(); - private = table->private; - cpu = smp_processor_id(); - /* -@@ -294,6 +305,23 @@ ipt_do_table(struct sk_buff *skb, - */ - smp_read_barrier_depends(); - table_base = private->entries; ++ WARN_ON(!(table->valid_hooks & (1 << hook))); ++ local_bh_disable(); ++ private = READ_ONCE(table->private); /* Address dependency. */ ++ cpu = smp_processor_id(); ++ table_base = private->entries; + + e = get_entry(table_base, private->hook_entry[hook]); + if (ipt_handle_default_rule(e, &verdict)) { @@ -82,16 +62,31 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> + return verdict; + } + -+ stackidx = 0; -+ ip = ip_hdr(skb); -+ indev = state->in ? state->in->name : nulldevname; -+ outdev = state->out ? state->out->name : nulldevname; -+ -+ addend = xt_write_recseq_begin(); + stackidx = 0; + ip = ip_hdr(skb); + indev = state->in ? state->in->name : nulldevname; + outdev = state->out ? state->out->name : nulldevname; +- /* We handle fragments by dealing with the first fragment as +- * if it was a normal packet. All other fragments are treated +- * normally, except that they will NEVER match rules that ask +- * things we don't know, ie. tcp syn flag or ports). If the +- * rule is also a fragment-specific rule, non-fragments won't +- * match it. */ +- acpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET; +- acpar.thoff = ip_hdrlen(skb); +- acpar.hotdrop = false; +- acpar.state = state; + +- WARN_ON(!(table->valid_hooks & (1 << hook))); +- local_bh_disable(); + addend = xt_write_recseq_begin(); +- private = READ_ONCE(table->private); /* Address dependency. */ +- cpu = smp_processor_id(); +- table_base = private->entries; jumpstack = (struct ipt_entry **)private->jumpstack[cpu]; /* Switch to alternate jumpstack if we're being invoked via TEE. -@@ -306,7 +334,16 @@ ipt_do_table(struct sk_buff *skb, +@@ -302,7 +330,16 @@ ipt_do_table(struct sk_buff *skb, if (static_key_false(&xt_tee_enabled)) jumpstack += private->stacksize * __this_cpu_read(nf_skb_duplicated); |