diff options
| author | Stijn Segers <foss@volatilesystems.org> | 2018-08-04 18:08:26 +0200 |
|---|---|---|
| committer | John Crispin <john@phrozen.org> | 2018-08-06 07:30:41 +0200 |
| commit | 9ce7aa325ebdc86426390b0f8adc3ea43d3b8b7d (patch) | |
| tree | 06de2110b46b413f3ad1455774c68fe07683bf3d /target/linux/generic | |
| parent | 9e1530b2a35e051664ed243efd1eac942883494a (diff) | |
| download | upstream-9ce7aa325ebdc86426390b0f8adc3ea43d3b8b7d.tar.gz upstream-9ce7aa325ebdc86426390b0f8adc3ea43d3b8b7d.tar.bz2 upstream-9ce7aa325ebdc86426390b0f8adc3ea43d3b8b7d.zip | |
kernel: bump 4.14 to 4.14.60 for 18.06
* Refreshed patches.
* Patches made redundant by changes upstream:
- target/linux/ramips/patches-4.14/0036-mtd-fix-cfi-cmdset-0002-erase-status-check.patch
* Patches accepted upstream:
- target/linux/apm821xx/patches-4.14/020-0001-crypto-crypto4xx-remove-bad-list_del.patch
- target/linux/apm821xx/patches-4.14/020-0011-crypto-crypto4xx-fix-crypto4xx_build_pdr-crypto4xx_b.patch
- target/linux/brcm63xx/patches-4.14/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch
- target/linux/brcm63xx/patches-4.14/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch
- target/linux/generic/backport-4.14/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch
- target/linux/generic/pending-4.14/900-gen_stats-fix-netlink-stats-padding.patch
The ext4 regression introduced in 4.14.55 has been fixed by 4.14.60 (commit f547aa20b4f61662ad3e1a2040bb3cc5778f19b0).
Fixes the following CVEs:
- CVE-2018-10876
- CVE-2018-10877
- CVE-2018-10879
- CVE-2018-10880
- CVE-2018-10881
- CVE-2018-10882
- CVE-2018-10883
Thanks to Stijn Tintel for the CVE list :-).
Compile-tested on: ramips/mt7621, x86/64
Run-tested on: ramips/mt7621, x86/64
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Diffstat (limited to 'target/linux/generic')
31 files changed, 137 insertions, 358 deletions
diff --git a/target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch b/target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch index 89117bd874..d9215505ee 100644 --- a/target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch +++ b/target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch @@ -65,7 +65,7 @@ Cc: Kir Kolyshkin <kir@openvz.org> * Before updating sk_refcnt, we must commit prior changes to memory --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c -@@ -1671,7 +1671,7 @@ u32 tcp_tso_autosize(const struct sock * +@@ -1683,7 +1683,7 @@ u32 tcp_tso_autosize(const struct sock * { u32 bytes, segs; @@ -74,7 +74,7 @@ Cc: Kir Kolyshkin <kir@openvz.org> sk->sk_gso_max_size - 1 - MAX_TCP_HEADER); /* Goal is to send at least one packet per ms, -@@ -2172,7 +2172,7 @@ static bool tcp_small_queue_check(struct +@@ -2184,7 +2184,7 @@ static bool tcp_small_queue_check(struct { unsigned int limit; diff --git a/target/linux/generic/backport-4.14/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch b/target/linux/generic/backport-4.14/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch deleted file mode 100644 index 06d00886f1..0000000000 --- a/target/linux/generic/backport-4.14/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch +++ /dev/null @@ -1,172 +0,0 @@ -From 9bbe60a67be5a1c6f79b3c9be5003481a50529ff Mon Sep 17 00:00:00 2001 -From: David Woodhouse <dwmw2@infradead.org> -Date: Sat, 16 Jun 2018 11:55:44 +0100 -Subject: atm: Preserve value of skb->truesize when accounting to vcc -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -ATM accounts for in-flight TX packets in sk_wmem_alloc of the VCC on -which they are to be sent. But it doesn't take ownership of those -packets from the sock (if any) which originally owned them. They should -remain owned by their actual sender until they've left the box. - -There's a hack in pskb_expand_head() to avoid adjusting skb->truesize -for certain skbs, precisely to avoid messing up sk_wmem_alloc -accounting. Ideally that hack would cover the ATM use case too, but it -doesn't — skbs which aren't owned by any sock, for example PPP control -frames, still get their truesize adjusted when the low-level ATM driver -adds headroom. - -This has always been an issue, it seems. The truesize of a packet -increases, and sk_wmem_alloc on the VCC goes negative. But this wasn't -for normal traffic, only for control frames. So I think we just got away -with it, and we probably needed to send 2GiB of LCP echo frames before -the misaccounting would ever have caused a problem and caused -atm_may_send() to start refusing packets. - -Commit 14afee4b609 ("net: convert sock.sk_wmem_alloc from atomic_t to -refcount_t") did exactly what it was intended to do, and turned this -mostly-theoretical problem into a real one, causing PPPoATM to fail -immediately as sk_wmem_alloc underflows and atm_may_send() *immediately* -starts refusing to allow new packets. - -The least intrusive solution to this problem is to stash the value of -skb->truesize that was accounted to the VCC, in a new member of the -ATM_SKB(skb) structure. Then in atm_pop_raw() subtract precisely that -value instead of the then-current value of skb->truesize. - -Fixes: 158f323b9868 ("net: adjust skb->truesize in pskb_expand_head()") -Signed-off-by: David Woodhouse <dwmw2@infradead.org> -Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> -Signed-off-by: David S. Miller <davem@davemloft.net> ---- - include/linux/atmdev.h | 15 +++++++++++++++ - net/atm/br2684.c | 3 +-- - net/atm/clip.c | 3 +-- - net/atm/common.c | 3 +-- - net/atm/lec.c | 3 +-- - net/atm/mpc.c | 3 +-- - net/atm/pppoatm.c | 3 +-- - net/atm/raw.c | 4 ++-- - 8 files changed, 23 insertions(+), 14 deletions(-) - ---- a/include/linux/atmdev.h -+++ b/include/linux/atmdev.h -@@ -214,6 +214,7 @@ struct atmphy_ops { - struct atm_skb_data { - struct atm_vcc *vcc; /* ATM VCC */ - unsigned long atm_options; /* ATM layer options */ -+ unsigned int acct_truesize; /* truesize accounted to vcc */ - }; - - #define VCC_HTABLE_SIZE 32 -@@ -241,6 +242,20 @@ void vcc_insert_socket(struct sock *sk); - - void atm_dev_release_vccs(struct atm_dev *dev); - -+static inline void atm_account_tx(struct atm_vcc *vcc, struct sk_buff *skb) -+{ -+ /* -+ * Because ATM skbs may not belong to a sock (and we don't -+ * necessarily want to), skb->truesize may be adjusted, -+ * escaping the hack in pskb_expand_head() which avoids -+ * doing so for some cases. So stash the value of truesize -+ * at the time we accounted it, and atm_pop_raw() can use -+ * that value later, in case it changes. -+ */ -+ refcount_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc); -+ ATM_SKB(skb)->acct_truesize = skb->truesize; -+ ATM_SKB(skb)->atm_options = vcc->atm_options; -+} - - static inline void atm_force_charge(struct atm_vcc *vcc,int truesize) - { ---- a/net/atm/br2684.c -+++ b/net/atm/br2684.c -@@ -252,8 +252,7 @@ static int br2684_xmit_vcc(struct sk_buf - - ATM_SKB(skb)->vcc = atmvcc = brvcc->atmvcc; - pr_debug("atm_skb(%p)->vcc(%p)->dev(%p)\n", skb, atmvcc, atmvcc->dev); -- refcount_add(skb->truesize, &sk_atm(atmvcc)->sk_wmem_alloc); -- ATM_SKB(skb)->atm_options = atmvcc->atm_options; -+ atm_account_tx(atmvcc, skb); - dev->stats.tx_packets++; - dev->stats.tx_bytes += skb->len; - ---- a/net/atm/clip.c -+++ b/net/atm/clip.c -@@ -381,8 +381,7 @@ static netdev_tx_t clip_start_xmit(struc - memcpy(here, llc_oui, sizeof(llc_oui)); - ((__be16 *) here)[3] = skb->protocol; - } -- refcount_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc); -- ATM_SKB(skb)->atm_options = vcc->atm_options; -+ atm_account_tx(vcc, skb); - entry->vccs->last_use = jiffies; - pr_debug("atm_skb(%p)->vcc(%p)->dev(%p)\n", skb, vcc, vcc->dev); - old = xchg(&entry->vccs->xoff, 1); /* assume XOFF ... */ ---- a/net/atm/common.c -+++ b/net/atm/common.c -@@ -630,10 +630,9 @@ int vcc_sendmsg(struct socket *sock, str - goto out; - } - pr_debug("%d += %d\n", sk_wmem_alloc_get(sk), skb->truesize); -- refcount_add(skb->truesize, &sk->sk_wmem_alloc); -+ atm_account_tx(vcc, skb); - - skb->dev = NULL; /* for paths shared with net_device interfaces */ -- ATM_SKB(skb)->atm_options = vcc->atm_options; - if (!copy_from_iter_full(skb_put(skb, size), size, &m->msg_iter)) { - kfree_skb(skb); - error = -EFAULT; ---- a/net/atm/lec.c -+++ b/net/atm/lec.c -@@ -182,9 +182,8 @@ lec_send(struct atm_vcc *vcc, struct sk_ - struct net_device *dev = skb->dev; - - ATM_SKB(skb)->vcc = vcc; -- ATM_SKB(skb)->atm_options = vcc->atm_options; -+ atm_account_tx(vcc, skb); - -- refcount_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc); - if (vcc->send(vcc, skb) < 0) { - dev->stats.tx_dropped++; - return; ---- a/net/atm/mpc.c -+++ b/net/atm/mpc.c -@@ -555,8 +555,7 @@ static int send_via_shortcut(struct sk_b - sizeof(struct llc_snap_hdr)); - } - -- refcount_add(skb->truesize, &sk_atm(entry->shortcut)->sk_wmem_alloc); -- ATM_SKB(skb)->atm_options = entry->shortcut->atm_options; -+ atm_account_tx(entry->shortcut, skb); - entry->shortcut->send(entry->shortcut, skb); - entry->packets_fwded++; - mpc->in_ops->put(entry); ---- a/net/atm/pppoatm.c -+++ b/net/atm/pppoatm.c -@@ -350,8 +350,7 @@ static int pppoatm_send(struct ppp_chann - return 1; - } - -- refcount_add(skb->truesize, &sk_atm(ATM_SKB(skb)->vcc)->sk_wmem_alloc); -- ATM_SKB(skb)->atm_options = ATM_SKB(skb)->vcc->atm_options; -+ atm_account_tx(vcc, skb); - pr_debug("atm_skb(%p)->vcc(%p)->dev(%p)\n", - skb, ATM_SKB(skb)->vcc, ATM_SKB(skb)->vcc->dev); - ret = ATM_SKB(skb)->vcc->send(ATM_SKB(skb)->vcc, skb) ---- a/net/atm/raw.c -+++ b/net/atm/raw.c -@@ -35,8 +35,8 @@ static void atm_pop_raw(struct atm_vcc * - struct sock *sk = sk_atm(vcc); - - pr_debug("(%d) %d -= %d\n", -- vcc->vci, sk_wmem_alloc_get(sk), skb->truesize); -- WARN_ON(refcount_sub_and_test(skb->truesize, &sk->sk_wmem_alloc)); -+ vcc->vci, sk_wmem_alloc_get(sk), ATM_SKB(skb)->acct_truesize); -+ WARN_ON(refcount_sub_and_test(ATM_SKB(skb)->acct_truesize, &sk->sk_wmem_alloc)); - dev_kfree_skb_any(skb); - sk->sk_write_space(sk); - } diff --git a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch index f2210259e8..75e86f1b46 100644 --- a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch +++ b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch @@ -265,7 +265,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } nft_chain_release_hook(&hook); } -@@ -5112,10 +5100,9 @@ static int nf_tables_commit(struct net * +@@ -5113,10 +5101,9 @@ static int nf_tables_commit(struct net * case NFT_MSG_DELCHAIN: list_del_rcu(&trans->ctx.chain->list); nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN); @@ -279,7 +279,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> break; case NFT_MSG_NEWRULE: nft_clear(trans->ctx.net, nft_trans_rule(trans)); -@@ -5252,10 +5239,9 @@ static int nf_tables_abort(struct net *n +@@ -5253,10 +5240,9 @@ static int nf_tables_abort(struct net *n } else { trans->ctx.table->use--; list_del_rcu(&trans->ctx.chain->list); @@ -293,7 +293,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } break; case NFT_MSG_DELCHAIN: -@@ -5358,7 +5344,7 @@ int nft_chain_validate_hooks(const struc +@@ -5359,7 +5345,7 @@ int nft_chain_validate_hooks(const struc if (nft_is_base_chain(chain)) { basechain = nft_base_chain(chain); @@ -302,7 +302,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; return -EOPNOTSUPP; -@@ -5840,8 +5826,7 @@ int __nft_release_basechain(struct nft_c +@@ -5841,8 +5827,7 @@ int __nft_release_basechain(struct nft_c BUG_ON(!nft_is_base_chain(ctx->chain)); @@ -312,7 +312,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) { list_del(&rule->list); ctx->chain->use--; -@@ -5870,8 +5855,7 @@ static void __nft_release_afinfo(struct +@@ -5871,8 +5856,7 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) diff --git a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch index 8266562a82..625de6b348 100644 --- a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch +++ b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch @@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) { err = nft_delobj(ctx, obj); if (err < 0) -@@ -4817,6 +4861,605 @@ static void nf_tables_obj_notify(const s +@@ -4818,6 +4862,605 @@ static void nf_tables_obj_notify(const s ctx->afi->family, ctx->report, GFP_KERNEL); } @@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq) { -@@ -4847,6 +5490,49 @@ nla_put_failure: +@@ -4848,6 +5491,49 @@ nla_put_failure: return -EMSGSIZE; } @@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb, int event) { -@@ -4999,6 +5685,21 @@ static const struct nfnl_callback nf_tab +@@ -5000,6 +5686,21 @@ static const struct nfnl_callback nf_tab .attr_count = NFTA_OBJ_MAX, .policy = nft_obj_policy, }, @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static void nft_chain_commit_update(struct nft_trans *trans) -@@ -5044,6 +5745,9 @@ static void nf_tables_commit_release(str +@@ -5045,6 +5746,9 @@ static void nf_tables_commit_release(str case NFT_MSG_DELOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } kfree(trans); } -@@ -5161,6 +5865,21 @@ static int nf_tables_commit(struct net * +@@ -5162,6 +5866,21 @@ static int nf_tables_commit(struct net * nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans), NFT_MSG_DELOBJ); break; @@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -5198,6 +5917,9 @@ static void nf_tables_abort_release(stru +@@ -5199,6 +5918,9 @@ static void nf_tables_abort_release(stru case NFT_MSG_NEWOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } kfree(trans); } -@@ -5289,6 +6011,17 @@ static int nf_tables_abort(struct net *n +@@ -5290,6 +6012,17 @@ static int nf_tables_abort(struct net *n nft_clear(trans->ctx.net, nft_trans_obj(trans)); nft_trans_destroy(trans); break; @@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -5839,6 +6572,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai +@@ -5840,6 +6573,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai /* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */ static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi) { @@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table, *nt; struct nft_chain *chain, *nc; struct nft_object *obj, *ne; -@@ -5852,6 +6586,9 @@ static void __nft_release_afinfo(struct +@@ -5853,6 +6587,9 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); @@ -1048,7 +1048,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* No packets are walking on these chains anymore. */ ctx.table = table; list_for_each_entry(chain, &table->chains, list) { -@@ -5862,6 +6599,11 @@ static void __nft_release_afinfo(struct +@@ -5863,6 +6600,11 @@ static void __nft_release_afinfo(struct nf_tables_rule_release(&ctx, rule); } } @@ -1060,7 +1060,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(set, ns, &table->sets, list) { list_del(&set->list); table->use--; -@@ -5905,6 +6647,8 @@ static int __init nf_tables_module_init( +@@ -5906,6 +6648,8 @@ static int __init nf_tables_module_init( if (err < 0) goto err3; @@ -1069,7 +1069,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> pr_info("nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>\n"); return register_pernet_subsys(&nf_tables_net_ops); err3: -@@ -5919,6 +6663,7 @@ static void __exit nf_tables_module_exit +@@ -5920,6 +6664,7 @@ static void __exit nf_tables_module_exit { unregister_pernet_subsys(&nf_tables_net_ops); nfnetlink_subsys_unregister(&nf_tables_subsys); diff --git a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch index 307749763a..9c98fa73c4 100644 --- a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch +++ b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch @@ -82,7 +82,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; -@@ -4969,7 +4966,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -4970,7 +4967,7 @@ static int nf_tables_flowtable_parse_hoo return -EINVAL; hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM])); diff --git a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch index 94e69790d8..d0863b836b 100644 --- a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch +++ b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5393,7 +5393,7 @@ static int nf_tables_getflowtable(struct +@@ -5394,7 +5394,7 @@ static int nf_tables_getflowtable(struct flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME], genmask); diff --git a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch index ce46e69d43..aeef003303 100644 --- a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch +++ b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch @@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (ret >= 0) { ctx->table->flags &= ~NFT_TABLE_F_DORMANT; nft_trans_table_enable(trans) = true; -@@ -5771,7 +5764,6 @@ static int nf_tables_commit(struct net * +@@ -5772,7 +5765,6 @@ static int nf_tables_commit(struct net * if (nft_trans_table_update(trans)) { if (!nft_trans_table_enable(trans)) { nf_tables_table_disable(net, @@ -70,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> trans->ctx.table); trans->ctx.table->flags |= NFT_TABLE_F_DORMANT; } -@@ -5933,7 +5925,6 @@ static int nf_tables_abort(struct net *n +@@ -5934,7 +5926,6 @@ static int nf_tables_abort(struct net *n if (nft_trans_table_update(trans)) { if (nft_trans_table_enable(trans)) { nf_tables_table_disable(net, diff --git a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch index 91118198ac..d7c07244fc 100644 --- a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch +++ b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch @@ -15,7 +15,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5312,8 +5312,10 @@ static int nf_tables_dump_flowtable_done +@@ -5313,8 +5313,10 @@ static int nf_tables_dump_flowtable_done if (!filter) return 0; diff --git a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch index 59bffa2ada..320a90c11c 100644 --- a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch +++ b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch @@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -2827,7 +2824,7 @@ static int nf_tables_fill_set(struct sk_ +@@ -2828,7 +2825,7 @@ static int nf_tables_fill_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -679,7 +679,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -2919,10 +2916,8 @@ static int nf_tables_dump_sets(struct sk +@@ -2920,10 +2917,8 @@ static int nf_tables_dump_sets(struct sk { const struct nft_set *set; unsigned int idx, s_idx = cb->args[0]; @@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_ctx *ctx = cb->data, ctx_set; if (cb->args[1]) -@@ -2931,51 +2926,44 @@ static int nf_tables_dump_sets(struct sk +@@ -2932,51 +2927,44 @@ static int nf_tables_dump_sets(struct sk rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -771,7 +771,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } cb->args[1] = 1; done: -@@ -3185,11 +3173,12 @@ static int nf_tables_newset(struct net * +@@ -3186,11 +3174,12 @@ static int nf_tables_newset(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -786,7 +786,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3458,12 +3447,12 @@ static int nft_ctx_init_from_elemattr(st +@@ -3459,12 +3448,12 @@ static int nft_ctx_init_from_elemattr(st if (IS_ERR(afi)) return PTR_ERR(afi); @@ -802,7 +802,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -3568,7 +3557,6 @@ static int nf_tables_dump_set(struct sk_ +@@ -3569,7 +3558,6 @@ static int nf_tables_dump_set(struct sk_ { struct nft_set_dump_ctx *dump_ctx = cb->data; struct net *net = sock_net(skb->sk); @@ -810,7 +810,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_set *set; struct nft_set_dump_args args; -@@ -3580,21 +3568,19 @@ static int nf_tables_dump_set(struct sk_ +@@ -3581,21 +3569,19 @@ static int nf_tables_dump_set(struct sk_ int event; rcu_read_lock(); @@ -841,7 +841,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } break; } -@@ -3614,7 +3600,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3615,7 +3601,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -850,7 +850,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -3716,7 +3702,7 @@ static int nf_tables_fill_setelem_info(s +@@ -3717,7 +3703,7 @@ static int nf_tables_fill_setelem_info(s goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -859,7 +859,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -3960,7 +3946,7 @@ static int nft_add_set_elem(struct nft_c +@@ -3961,7 +3947,7 @@ static int nft_add_set_elem(struct nft_c list_for_each_entry(binding, &set->bindings, list) { struct nft_ctx bind_ctx = { .net = ctx->net, @@ -868,7 +868,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> .table = ctx->table, .chain = (struct nft_chain *)binding->chain, }; -@@ -4509,7 +4495,8 @@ static int nf_tables_newobj(struct net * +@@ -4510,7 +4496,8 @@ static int nf_tables_newobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -878,7 +878,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4527,7 +4514,7 @@ static int nf_tables_newobj(struct net * +@@ -4528,7 +4515,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -887,7 +887,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4604,7 +4591,6 @@ struct nft_obj_filter { +@@ -4605,7 +4592,6 @@ struct nft_obj_filter { static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -895,7 +895,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; unsigned int idx = 0, s_idx = cb->args[0]; struct nft_obj_filter *filter = cb->data; -@@ -4619,38 +4605,37 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4620,38 +4606,37 @@ static int nf_tables_dump_obj(struct sk_ rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -960,7 +960,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } done: -@@ -4737,7 +4722,8 @@ static int nf_tables_getobj(struct net * +@@ -4738,7 +4723,8 @@ static int nf_tables_getobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4797,7 +4783,8 @@ static int nf_tables_delobj(struct net * +@@ -4798,7 +4784,8 @@ static int nf_tables_delobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4808,7 +4795,7 @@ static int nf_tables_delobj(struct net * +@@ -4809,7 +4796,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -989,7 +989,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delobj(&ctx, obj); } -@@ -4846,7 +4833,7 @@ static void nf_tables_obj_notify(const s +@@ -4847,7 +4834,7 @@ static void nf_tables_obj_notify(const s struct nft_object *obj, int event) { nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event, @@ -998,7 +998,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } /* -@@ -5036,7 +5023,7 @@ void nft_flow_table_iterate(struct net * +@@ -5037,7 +5024,7 @@ void nft_flow_table_iterate(struct net * rcu_read_lock(); list_for_each_entry_rcu(afi, &net->nft.af_info, list) { @@ -1007,7 +1007,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_rcu(flowtable, &table->flowtables, list) { iter(&flowtable->data, data); } -@@ -5084,7 +5071,8 @@ static int nf_tables_newflowtable(struct +@@ -5085,7 +5072,8 @@ static int nf_tables_newflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1017,7 +1017,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5101,7 +5089,7 @@ static int nf_tables_newflowtable(struct +@@ -5102,7 +5090,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -1026,7 +1026,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5182,7 +5170,8 @@ static int nf_tables_delflowtable(struct +@@ -5183,7 +5171,8 @@ static int nf_tables_delflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1036,7 +1036,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5193,7 +5182,7 @@ static int nf_tables_delflowtable(struct +@@ -5194,7 +5183,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1045,7 +1045,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delflowtable(&ctx, flowtable); } -@@ -5262,40 +5251,37 @@ static int nf_tables_dump_flowtable(stru +@@ -5263,40 +5252,37 @@ static int nf_tables_dump_flowtable(stru struct net *net = sock_net(skb->sk); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } done: -@@ -5380,7 +5366,8 @@ static int nf_tables_getflowtable(struct +@@ -5381,7 +5367,8 @@ static int nf_tables_getflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5423,7 +5410,7 @@ static void nf_tables_flowtable_notify(s +@@ -5424,7 +5411,7 @@ static void nf_tables_flowtable_notify(s err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, ctx->seq, event, 0, @@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (err < 0) { kfree_skb(skb); goto err; -@@ -5501,17 +5488,14 @@ static int nf_tables_flowtable_event(str +@@ -5502,17 +5489,14 @@ static int nf_tables_flowtable_event(str struct net_device *dev = netdev_notifier_info_to_dev(ptr); struct nft_flowtable *flowtable; struct nft_table *table; @@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -6532,6 +6516,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); +@@ -6533,6 +6517,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); static int __net_init nf_tables_init_net(struct net *net) { INIT_LIST_HEAD(&net->nft.af_info); @@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> INIT_LIST_HEAD(&net->nft.commit_list); net->nft.base_seq = 1; return 0; -@@ -6568,10 +6553,10 @@ static void __nft_release_afinfo(struct +@@ -6569,10 +6554,10 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, diff --git a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch index 37975ae038..0d973ac028 100644 --- a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch +++ b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch @@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static struct pernet_operations clusterip_net_ops = { --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -6522,6 +6522,12 @@ static int __net_init nf_tables_init_net +@@ -6523,6 +6523,12 @@ static int __net_init nf_tables_init_net return 0; } @@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6599,6 +6605,7 @@ static void __nft_release_afinfo(struct +@@ -6600,6 +6606,7 @@ static void __nft_release_afinfo(struct static struct pernet_operations nf_tables_net_ops = { .init = nf_tables_init_net, @@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static struct pernet_operations nfnl_log_net_ops = { --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c -@@ -1512,10 +1512,15 @@ static int __net_init nfnl_queue_net_ini +@@ -1515,10 +1515,15 @@ static int __net_init nfnl_queue_net_ini static void __net_exit nfnl_queue_net_exit(struct net *net) { diff --git a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch index 2683f5b031..0ea11524fc 100644 --- a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch +++ b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch @@ -364,7 +364,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (afi->family == family) return afi; } -@@ -5018,15 +5016,12 @@ void nft_flow_table_iterate(struct net * +@@ -5019,15 +5017,12 @@ void nft_flow_table_iterate(struct net * void *data) { struct nft_flowtable *flowtable; @@ -383,7 +383,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } rcu_read_unlock(); -@@ -6513,21 +6508,6 @@ int nft_data_dump(struct sk_buff *skb, i +@@ -6514,21 +6509,6 @@ int nft_data_dump(struct sk_buff *skb, i } EXPORT_SYMBOL_GPL(nft_data_dump); @@ -405,7 +405,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6548,8 +6528,7 @@ int __nft_release_basechain(struct nft_c +@@ -6549,8 +6529,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -415,7 +415,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6559,10 +6538,11 @@ static void __nft_release_afinfo(struct +@@ -6560,10 +6539,11 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, @@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); list_for_each_entry(flowtable, &table->flowtables, list) -@@ -6603,6 +6583,21 @@ static void __nft_release_afinfo(struct +@@ -6604,6 +6584,21 @@ static void __nft_release_afinfo(struct } } diff --git a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch index 544dfb92ab..0752d69395 100644 --- a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch +++ b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch @@ -729,7 +729,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -2926,7 +2801,7 @@ static int nf_tables_dump_sets(struct sk +@@ -2927,7 +2802,7 @@ static int nf_tables_dump_sets(struct sk list_for_each_entry_rcu(table, &net->nft.tables, list) { if (ctx->family != NFPROTO_UNSPEC && @@ -738,7 +738,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; if (ctx->table && ctx->table != table) -@@ -2947,7 +2822,7 @@ static int nf_tables_dump_sets(struct sk +@@ -2948,7 +2823,7 @@ static int nf_tables_dump_sets(struct sk ctx_set = *ctx; ctx_set.table = table; @@ -747,7 +747,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (nf_tables_fill_set(skb, &ctx_set, set, NFT_MSG_NEWSET, -@@ -3059,8 +2934,8 @@ static int nf_tables_newset(struct net * +@@ -3060,8 +2935,8 @@ static int nf_tables_newset(struct net * { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -757,7 +757,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_set *set; struct nft_ctx ctx; -@@ -3167,16 +3042,12 @@ static int nf_tables_newset(struct net * +@@ -3168,16 +3043,12 @@ static int nf_tables_newset(struct net * create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; @@ -776,7 +776,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3438,19 +3309,15 @@ static int nft_ctx_init_from_elemattr(st +@@ -3439,19 +3310,15 @@ static int nft_ctx_init_from_elemattr(st u8 genmask) { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); @@ -799,7 +799,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -3568,7 +3435,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3569,7 +3436,7 @@ static int nf_tables_dump_set(struct sk_ rcu_read_lock(); list_for_each_entry_rcu(table, &net->nft.tables, list) { if (dump_ctx->ctx.family != NFPROTO_UNSPEC && @@ -808,7 +808,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; if (table != dump_ctx->ctx.table) -@@ -3598,7 +3465,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3599,7 +3466,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -817,7 +817,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -4477,7 +4344,6 @@ static int nf_tables_newobj(struct net * +@@ -4478,7 +4345,6 @@ static int nf_tables_newobj(struct net * const struct nft_object_type *type; u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -825,7 +825,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4489,11 +4355,7 @@ static int nf_tables_newobj(struct net * +@@ -4490,11 +4356,7 @@ static int nf_tables_newobj(struct net * !nla[NFTA_OBJ_DATA]) return -EINVAL; @@ -838,7 +838,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4512,7 +4374,7 @@ static int nf_tables_newobj(struct net * +@@ -4513,7 +4375,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -847,7 +847,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4604,7 +4466,7 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4605,7 +4467,7 @@ static int nf_tables_dump_obj(struct sk_ cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -856,7 +856,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; list_for_each_entry_rcu(obj, &table->objects, list) { -@@ -4627,7 +4489,7 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4628,7 +4490,7 @@ static int nf_tables_dump_obj(struct sk_ cb->nlh->nlmsg_seq, NFT_MSG_NEWOBJ, NLM_F_MULTI | NLM_F_APPEND, @@ -865,7 +865,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> obj, reset) < 0) goto done; -@@ -4685,7 +4547,6 @@ static int nf_tables_getobj(struct net * +@@ -4686,7 +4548,6 @@ static int nf_tables_getobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; @@ -873,7 +873,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; struct nft_object *obj; struct sk_buff *skb2; -@@ -4716,11 +4577,7 @@ static int nf_tables_getobj(struct net * +@@ -4717,11 +4578,7 @@ static int nf_tables_getobj(struct net * !nla[NFTA_OBJ_TYPE]) return -EINVAL; @@ -886,7 +886,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4767,7 +4624,6 @@ static int nf_tables_delobj(struct net * +@@ -4768,7 +4625,6 @@ static int nf_tables_delobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -894,7 +894,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4777,11 +4633,7 @@ static int nf_tables_delobj(struct net * +@@ -4778,11 +4634,7 @@ static int nf_tables_delobj(struct net * !nla[NFTA_OBJ_NAME]) return -EINVAL; @@ -907,7 +907,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4793,7 +4645,7 @@ static int nf_tables_delobj(struct net * +@@ -4794,7 +4646,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -916,7 +916,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delobj(&ctx, obj); } -@@ -4978,33 +4830,31 @@ err1: +@@ -4979,33 +4831,31 @@ err1: return err; } @@ -956,7 +956,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return ERR_PTR(-EAGAIN); } #endif -@@ -5052,7 +4902,6 @@ static int nf_tables_newflowtable(struct +@@ -5053,7 +4903,6 @@ static int nf_tables_newflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -964,7 +964,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_ctx ctx; int err, i, k; -@@ -5062,12 +4911,8 @@ static int nf_tables_newflowtable(struct +@@ -5063,12 +4912,8 @@ static int nf_tables_newflowtable(struct !nla[NFTA_FLOWTABLE_HOOK]) return -EINVAL; @@ -978,7 +978,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5084,7 +4929,7 @@ static int nf_tables_newflowtable(struct +@@ -5085,7 +4930,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -987,7 +987,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5097,7 +4942,7 @@ static int nf_tables_newflowtable(struct +@@ -5098,7 +4943,7 @@ static int nf_tables_newflowtable(struct goto err1; } @@ -996,7 +996,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(type)) { err = PTR_ERR(type); goto err2; -@@ -5157,16 +5002,11 @@ static int nf_tables_delflowtable(struct +@@ -5158,16 +5003,11 @@ static int nf_tables_delflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1014,7 +1014,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5177,7 +5017,7 @@ static int nf_tables_delflowtable(struct +@@ -5178,7 +5018,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1023,7 +1023,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delflowtable(&ctx, flowtable); } -@@ -5252,7 +5092,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5253,7 +5093,7 @@ static int nf_tables_dump_flowtable(stru cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -1032,7 +1032,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -@@ -5271,7 +5111,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5272,7 +5112,7 @@ static int nf_tables_dump_flowtable(stru cb->nlh->nlmsg_seq, NFT_MSG_NEWFLOWTABLE, NLM_F_MULTI | NLM_F_APPEND, @@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> goto done; nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -@@ -5331,7 +5171,6 @@ static int nf_tables_getflowtable(struct +@@ -5332,7 +5172,6 @@ static int nf_tables_getflowtable(struct u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; struct sk_buff *skb2; int err; -@@ -5357,12 +5196,8 @@ static int nf_tables_getflowtable(struct +@@ -5358,12 +5197,8 @@ static int nf_tables_getflowtable(struct if (!nla[NFTA_FLOWTABLE_NAME]) return -EINVAL; @@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -6528,7 +6363,7 @@ int __nft_release_basechain(struct nft_c +@@ -6529,7 +6364,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6541,7 +6376,7 @@ static void __nft_release_afinfo(struct +@@ -6542,7 +6377,7 @@ static void __nft_release_afinfo(struct }; list_for_each_entry_safe(table, nt, &net->nft.tables, list) { @@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); -@@ -6593,7 +6428,7 @@ static int __net_init nf_tables_init_net +@@ -6594,7 +6429,7 @@ static int __net_init nf_tables_init_net static void __net_exit nf_tables_exit_net(struct net *net) { diff --git a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch index 0572c2fcd9..d6736d652f 100644 --- a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch +++ b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch @@ -17,7 +17,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4868,13 +4868,13 @@ void nft_flow_table_iterate(struct net * +@@ -4869,13 +4869,13 @@ void nft_flow_table_iterate(struct net * struct nft_flowtable *flowtable; const struct nft_table *table; diff --git a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch index bd935b971d..d0c6e46c9f 100644 --- a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch +++ b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch @@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5253,17 +5253,12 @@ err: +@@ -5254,17 +5254,12 @@ err: nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS); } diff --git a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch index a7ce0df5cf..89e12a5f47 100644 --- a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch +++ b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch @@ -297,7 +297,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static struct nft_set *nf_tables_set_lookup_byid(const struct net *net, const struct nlattr *nla, u8 genmask) -@@ -2705,6 +2770,9 @@ static int nf_tables_fill_set(struct sk_ +@@ -2706,6 +2771,9 @@ static int nf_tables_fill_set(struct sk_ goto nla_put_failure; if (nla_put_string(skb, NFTA_SET_NAME, set->name)) goto nla_put_failure; @@ -307,7 +307,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (set->flags != 0) if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags))) goto nla_put_failure; -@@ -3113,6 +3181,7 @@ static int nf_tables_newset(struct net * +@@ -3114,6 +3182,7 @@ static int nf_tables_newset(struct net * set->udata = udata; set->timeout = timeout; set->gc_int = gc_int; @@ -315,7 +315,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> err = ops->init(set, &desc, nla); if (err < 0) -@@ -3172,7 +3241,10 @@ static int nf_tables_delset(struct net * +@@ -3173,7 +3242,10 @@ static int nf_tables_delset(struct net * if (err < 0) return err; @@ -327,7 +327,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(set)) return PTR_ERR(set); -@@ -4232,6 +4304,21 @@ struct nft_object *nf_tables_obj_lookup( +@@ -4233,6 +4305,21 @@ struct nft_object *nf_tables_obj_lookup( } EXPORT_SYMBOL_GPL(nf_tables_obj_lookup); @@ -349,7 +349,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = { [NFTA_OBJ_TABLE] = { .type = NLA_STRING, .len = NFT_TABLE_MAXNAMELEN - 1 }, -@@ -4239,6 +4326,7 @@ static const struct nla_policy nft_obj_p +@@ -4240,6 +4327,7 @@ static const struct nla_policy nft_obj_p .len = NFT_OBJ_MAXNAMELEN - 1 }, [NFTA_OBJ_TYPE] = { .type = NLA_U32 }, [NFTA_OBJ_DATA] = { .type = NLA_NESTED }, @@ -357,7 +357,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static struct nft_object *nft_obj_init(const struct nft_ctx *ctx, -@@ -4386,6 +4474,8 @@ static int nf_tables_newobj(struct net * +@@ -4387,6 +4475,8 @@ static int nf_tables_newobj(struct net * goto err1; } obj->table = table; @@ -366,7 +366,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL); if (!obj->name) { err = -ENOMEM; -@@ -4432,7 +4522,9 @@ static int nf_tables_fill_obj_info(struc +@@ -4433,7 +4523,9 @@ static int nf_tables_fill_obj_info(struc nla_put_string(skb, NFTA_OBJ_NAME, obj->name) || nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) || nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) || @@ -377,7 +377,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> goto nla_put_failure; nlmsg_end(skb, nlh); -@@ -4630,7 +4722,7 @@ static int nf_tables_delobj(struct net * +@@ -4631,7 +4723,7 @@ static int nf_tables_delobj(struct net * u32 objtype; if (!nla[NFTA_OBJ_TYPE] || @@ -386,7 +386,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return -EINVAL; table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, -@@ -4639,7 +4731,12 @@ static int nf_tables_delobj(struct net * +@@ -4640,7 +4732,12 @@ static int nf_tables_delobj(struct net * return PTR_ERR(table); objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE])); @@ -400,7 +400,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(obj)) return PTR_ERR(obj); if (obj->use > 0) -@@ -4711,6 +4808,7 @@ static const struct nla_policy nft_flowt +@@ -4712,6 +4809,7 @@ static const struct nla_policy nft_flowt [NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING, .len = NFT_NAME_MAXLEN - 1 }, [NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED }, @@ -408,7 +408,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, -@@ -4728,6 +4826,20 @@ struct nft_flowtable *nf_tables_flowtabl +@@ -4729,6 +4827,20 @@ struct nft_flowtable *nf_tables_flowtabl } EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup); @@ -429,7 +429,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> #define NFT_FLOWTABLE_DEVICE_MAX 8 static int nf_tables_parse_devices(const struct nft_ctx *ctx, -@@ -4936,6 +5048,8 @@ static int nf_tables_newflowtable(struct +@@ -4937,6 +5049,8 @@ static int nf_tables_newflowtable(struct return -ENOMEM; flowtable->table = table; @@ -438,7 +438,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL); if (!flowtable->name) { err = -ENOMEM; -@@ -5010,8 +5124,14 @@ static int nf_tables_delflowtable(struct +@@ -5011,8 +5125,14 @@ static int nf_tables_delflowtable(struct if (IS_ERR(table)) return PTR_ERR(table); @@ -455,7 +455,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(flowtable)) return PTR_ERR(flowtable); if (flowtable->use > 0) -@@ -5044,7 +5164,9 @@ static int nf_tables_fill_flowtable_info +@@ -5045,7 +5165,9 @@ static int nf_tables_fill_flowtable_info if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) || nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || diff --git a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch index 2af2fbe284..77e4db3ed7 100644 --- a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch +++ b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch @@ -236,7 +236,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> .owner = THIS_MODULE, --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5063,40 +5063,38 @@ static int nf_tables_newflowtable(struct +@@ -5064,40 +5064,38 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -285,7 +285,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> err3: module_put(type->owner); err2: -@@ -5377,10 +5375,8 @@ err: +@@ -5378,10 +5376,8 @@ err: static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable) { diff --git a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch index 9481d16ba5..e38f22635d 100644 --- a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch +++ b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch @@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4929,7 +4929,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -4930,7 +4930,7 @@ static int nf_tables_flowtable_parse_hoo flowtable->ops[i].pf = NFPROTO_NETDEV; flowtable->ops[i].hooknum = hooknum; flowtable->ops[i].priority = priority; diff --git a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch index 2dc50f8358..2fcd663307 100644 --- a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch +++ b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch @@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> WARN_ON(!nf_flow_offload_gc_step(flow_table)); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4973,23 +4973,6 @@ static const struct nf_flowtable_type *n +@@ -4974,23 +4974,6 @@ static const struct nf_flowtable_type *n return ERR_PTR(-ENOENT); } diff --git a/target/linux/generic/hack-4.14/207-disable-modorder.patch b/target/linux/generic/hack-4.14/207-disable-modorder.patch index 5fb956c98d..8e920d1c51 100644 --- a/target/linux/generic/hack-4.14/207-disable-modorder.patch +++ b/target/linux/generic/hack-4.14/207-disable-modorder.patch @@ -15,7 +15,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> --- a/Makefile +++ b/Makefile -@@ -1227,7 +1227,6 @@ all: modules +@@ -1228,7 +1228,6 @@ all: modules PHONY += modules modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin @@ -23,7 +23,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1256,7 +1255,6 @@ _modinst_: +@@ -1257,7 +1256,6 @@ _modinst_: rm -f $(MODLIB)/build ; \ ln -s $(CURDIR) $(MODLIB)/build ; \ fi diff --git a/target/linux/generic/hack-4.14/211-host_tools_portability.patch b/target/linux/generic/hack-4.14/211-host_tools_portability.patch index 59f1479436..d806df8a5f 100644 --- a/target/linux/generic/hack-4.14/211-host_tools_portability.patch +++ b/target/linux/generic/hack-4.14/211-host_tools_portability.patch @@ -12,7 +12,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> --- a/tools/build/Build.include +++ b/tools/build/Build.include -@@ -97,4 +97,4 @@ cxx_flags = -Wp,-MD,$(depfile) -Wp,-MT,$ +@@ -98,4 +98,4 @@ cxx_flags = -Wp,-MD,$(depfile) -Wp,-MT,$ ### ## HOSTCC C flags diff --git a/target/linux/generic/hack-4.14/220-gc_sections.patch b/target/linux/generic/hack-4.14/220-gc_sections.patch index 7fd493d2ff..cdca0bdb5f 100644 --- a/target/linux/generic/hack-4.14/220-gc_sections.patch +++ b/target/linux/generic/hack-4.14/220-gc_sections.patch @@ -33,7 +33,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org> # Read KERNELRELEASE from include/config/kernel.release (if it exists) KERNELRELEASE = $(shell cat include/config/kernel.release 2> /dev/null) KERNELVERSION = $(VERSION)$(if $(PATCHLEVEL),.$(PATCHLEVEL)$(if $(SUBLEVEL),.$(SUBLEVEL)))$(EXTRAVERSION) -@@ -781,11 +786,6 @@ ifdef CONFIG_DEBUG_SECTION_MISMATCH +@@ -782,11 +787,6 @@ ifdef CONFIG_DEBUG_SECTION_MISMATCH KBUILD_CFLAGS += $(call cc-option, -fno-inline-functions-called-once) endif diff --git a/target/linux/generic/hack-4.14/902-debloat_proc.patch b/target/linux/generic/hack-4.14/902-debloat_proc.patch index 3f47d22355..65789d1b8c 100644 --- a/target/linux/generic/hack-4.14/902-debloat_proc.patch +++ b/target/linux/generic/hack-4.14/902-debloat_proc.patch @@ -232,7 +232,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> return -ENOMEM; --- a/mm/vmalloc.c +++ b/mm/vmalloc.c -@@ -2769,6 +2769,8 @@ static const struct file_operations proc +@@ -2770,6 +2770,8 @@ static const struct file_operations proc static int __init proc_vmalloc_init(void) { @@ -243,7 +243,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> } --- a/mm/vmstat.c +++ b/mm/vmstat.c -@@ -1946,10 +1946,12 @@ void __init init_mm_internals(void) +@@ -1944,10 +1944,12 @@ void __init init_mm_internals(void) start_shepherd_timer(); #endif #ifdef CONFIG_PROC_FS diff --git a/target/linux/generic/pending-4.14/102-MIPS-only-process-negative-stack-offsets-on-stack-tr.patch b/target/linux/generic/pending-4.14/102-MIPS-only-process-negative-stack-offsets-on-stack-tr.patch index cc17053121..b3dc43ea68 100644 --- a/target/linux/generic/pending-4.14/102-MIPS-only-process-negative-stack-offsets-on-stack-tr.patch +++ b/target/linux/generic/pending-4.14/102-MIPS-only-process-negative-stack-offsets-on-stack-tr.patch @@ -46,7 +46,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c -@@ -357,6 +357,8 @@ static inline int is_sp_move_ins(union m +@@ -358,6 +358,8 @@ static inline int is_sp_move_ins(union m if (ip->i_format.opcode == addiu_op || ip->i_format.opcode == daddiu_op) { diff --git a/target/linux/generic/pending-4.14/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch b/target/linux/generic/pending-4.14/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch index d8aea32b5a..9889a33cb1 100644 --- a/target/linux/generic/pending-4.14/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch +++ b/target/linux/generic/pending-4.14/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch @@ -23,7 +23,7 @@ Tested-by: Aaron Brown <aaron.f.brown@intel.com> --- a/drivers/net/ethernet/intel/e1000e/netdev.c +++ b/drivers/net/ethernet/intel/e1000e/netdev.c -@@ -5096,7 +5096,7 @@ static bool e1000e_has_link(struct e1000 +@@ -5093,7 +5093,7 @@ static bool e1000e_has_link(struct e1000 /* get_link_status is set on LSC (link status) interrupt or * Rx sequence error interrupt. get_link_status will stay @@ -32,7 +32,7 @@ Tested-by: Aaron Brown <aaron.f.brown@intel.com> * for copper adapters ONLY */ switch (hw->phy.media_type) { -@@ -5114,7 +5114,7 @@ static bool e1000e_has_link(struct e1000 +@@ -5111,7 +5111,7 @@ static bool e1000e_has_link(struct e1000 break; case e1000_media_type_internal_serdes: ret_val = hw->mac.ops.check_for_link(hw); diff --git a/target/linux/generic/pending-4.14/201-extra_optimization.patch b/target/linux/generic/pending-4.14/201-extra_optimization.patch index 445c0bd87d..b40f01d41f 100644 --- a/target/linux/generic/pending-4.14/201-extra_optimization.patch +++ b/target/linux/generic/pending-4.14/201-extra_optimization.patch @@ -14,7 +14,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> --- a/Makefile +++ b/Makefile -@@ -645,12 +645,12 @@ KBUILD_CFLAGS += $(call cc-disable-warni +@@ -646,12 +646,12 @@ KBUILD_CFLAGS += $(call cc-disable-warni ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE KBUILD_CFLAGS += $(call cc-option,-Oz,-Os) diff --git a/target/linux/generic/pending-4.14/610-netfilter_match_bypass_default_checks.patch b/target/linux/generic/pending-4.14/610-netfilter_match_bypass_default_checks.patch index 3611879609..2541230ff5 100644 --- a/target/linux/generic/pending-4.14/610-netfilter_match_bypass_default_checks.patch +++ b/target/linux/generic/pending-4.14/610-netfilter_match_bypass_default_checks.patch @@ -68,7 +68,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> if (!xt_percpu_counter_alloc(alloc_state, &e->counters)) return -ENOMEM; -@@ -817,6 +845,7 @@ copy_entries_to_user(unsigned int total_ +@@ -818,6 +846,7 @@ copy_entries_to_user(unsigned int total_ const struct xt_table_info *private = table->private; int ret = 0; const void *loc_cpu_entry; @@ -76,7 +76,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> counters = alloc_counters(table); if (IS_ERR(counters)) -@@ -844,6 +873,14 @@ copy_entries_to_user(unsigned int total_ +@@ -845,6 +874,14 @@ copy_entries_to_user(unsigned int total_ goto free_counters; } @@ -91,7 +91,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> for (i = sizeof(struct ipt_entry); i < e->target_offset; i += m->u.match_size) { -@@ -1226,12 +1263,15 @@ compat_copy_entry_to_user(struct ipt_ent +@@ -1227,12 +1264,15 @@ compat_copy_entry_to_user(struct ipt_ent compat_uint_t origsize; const struct xt_entry_match *ematch; int ret = 0; diff --git a/target/linux/generic/pending-4.14/630-packet_socket_type.patch b/target/linux/generic/pending-4.14/630-packet_socket_type.patch index e1736214f5..82e2c51afd 100644 --- a/target/linux/generic/pending-4.14/630-packet_socket_type.patch +++ b/target/linux/generic/pending-4.14/630-packet_socket_type.patch @@ -87,7 +87,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> if (!net_eq(dev_net(dev), sock_net(sk))) goto drop; -@@ -3262,6 +3264,7 @@ static int packet_create(struct net *net +@@ -3260,6 +3262,7 @@ static int packet_create(struct net *net mutex_init(&po->pg_vec_lock); po->rollover = NULL; po->prot_hook.func = packet_rcv; @@ -95,7 +95,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> if (sock->type == SOCK_PACKET) po->prot_hook.func = packet_rcv_spkt; -@@ -3875,6 +3878,16 @@ packet_setsockopt(struct socket *sock, i +@@ -3873,6 +3876,16 @@ packet_setsockopt(struct socket *sock, i po->xmit = val ? packet_direct_xmit : dev_queue_xmit; return 0; } @@ -112,7 +112,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> default: return -ENOPROTOOPT; } -@@ -3927,6 +3940,13 @@ static int packet_getsockopt(struct sock +@@ -3925,6 +3938,13 @@ static int packet_getsockopt(struct sock case PACKET_VNET_HDR: val = po->has_vnet_hdr; break; diff --git a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch index 72121eb11a..bf902875d0 100644 --- a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch +++ b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch @@ -506,7 +506,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +MODULE_ALIAS("nf-flow-table-hw"); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4916,6 +4916,14 @@ static int nf_tables_flowtable_parse_hoo +@@ -4917,6 +4917,14 @@ static int nf_tables_flowtable_parse_hoo if (err < 0) goto err1; @@ -521,7 +521,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL); if (!ops) { err = -ENOMEM; -@@ -5046,10 +5054,19 @@ static int nf_tables_newflowtable(struct +@@ -5047,10 +5055,19 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -541,7 +541,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK], flowtable); if (err < 0) -@@ -5147,7 +5164,8 @@ static int nf_tables_fill_flowtable_info +@@ -5148,7 +5165,8 @@ static int nf_tables_fill_flowtable_info nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) || nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle), diff --git a/target/linux/generic/pending-4.14/735-net-phy-at803x-fix-at8033-sgmii-mode.patch b/target/linux/generic/pending-4.14/735-net-phy-at803x-fix-at8033-sgmii-mode.patch index 381b2d09fa..0bb365a6e8 100644 --- a/target/linux/generic/pending-4.14/735-net-phy-at803x-fix-at8033-sgmii-mode.patch +++ b/target/linux/generic/pending-4.14/735-net-phy-at803x-fix-at8033-sgmii-mode.patch @@ -21,7 +21,7 @@ Signed-off-by: Roman Yeryomin <roman@advem.lv> #define AT803X_PCS_SMART_EEE_CTRL3 0x805D #define AT803X_SMART_EEE_CTRL3_LPI_TX_DELAY_SEL_MASK 0x3 -@@ -295,6 +296,27 @@ static int at803x_config_init(struct phy +@@ -292,6 +293,27 @@ static int at803x_config_init(struct phy { struct at803x_platform_data *pdata; int ret; diff --git a/target/linux/generic/pending-4.14/834-ledtrig-libata.patch b/target/linux/generic/pending-4.14/834-ledtrig-libata.patch index 280536e1e6..2eec024b72 100644 --- a/target/linux/generic/pending-4.14/834-ledtrig-libata.patch +++ b/target/linux/generic/pending-4.14/834-ledtrig-libata.patch @@ -65,7 +65,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org> /** * ata_build_rw_tf - Build ATA taskfile for given read/write request * @tf: Target ATA taskfile -@@ -5117,6 +5130,9 @@ struct ata_queued_cmd *ata_qc_new_init(s +@@ -5120,6 +5133,9 @@ struct ata_queued_cmd *ata_qc_new_init(s if (tag < 0) return NULL; } @@ -75,7 +75,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org> qc = __ata_qc_from_tag(ap, tag); qc->tag = tag; -@@ -6018,6 +6034,9 @@ struct ata_port *ata_port_alloc(struct a +@@ -6021,6 +6037,9 @@ struct ata_port *ata_port_alloc(struct a ap->stats.unhandled_irq = 1; ap->stats.idle_irq = 1; #endif @@ -85,7 +85,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org> ata_sff_port_init(ap); return ap; -@@ -6039,6 +6058,12 @@ static void ata_host_release(struct devi +@@ -6042,6 +6061,12 @@ static void ata_host_release(struct devi kfree(ap->pmp_link); kfree(ap->slave_link); @@ -98,7 +98,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org> kfree(ap); host->ports[i] = NULL; } -@@ -6485,7 +6510,23 @@ int ata_host_register(struct ata_host *h +@@ -6488,7 +6513,23 @@ int ata_host_register(struct ata_host *h host->ports[i]->print_id = atomic_inc_return(&ata_print_id); host->ports[i]->local_port_no = i + 1; } @@ -134,7 +134,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org> /* * Define if arch has non-standard setup. This is a _PCI_ standard -@@ -889,6 +892,12 @@ struct ata_port { +@@ -890,6 +893,12 @@ struct ata_port { #ifdef CONFIG_ATA_ACPI struct ata_acpi_gtm __acpi_init_gtm; /* use ata_acpi_init_gtm() */ #endif diff --git a/target/linux/generic/pending-4.14/900-gen_stats-fix-netlink-stats-padding.patch b/target/linux/generic/pending-4.14/900-gen_stats-fix-netlink-stats-padding.patch deleted file mode 100644 index f5ceecca93..0000000000 --- a/target/linux/generic/pending-4.14/900-gen_stats-fix-netlink-stats-padding.patch +++ /dev/null @@ -1,49 +0,0 @@ -The gen_stats facility will add a header for the toplevel nlattr of type -TCA_STATS2 that contains all stats added by qdisc callbacks. A reference -to this header is stored in the gnet_dump struct, and when all the -per-qdisc callbacks have finished adding their stats, the length of the -containing header will be adjusted to the right value. - -However, on architectures that need padding (i.e., that don't set -CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS), the padding nlattr is added -before the stats, which means that the stored pointer will point to the -padding, and so when the header is fixed up, the result is just a very -big padding nlattr. Because most qdiscs also supply the legacy TCA_STATS -struct, this problem has been mostly invisible, but we exposed it with -the netlink attribute-based statistics in CAKE. - -Fix the issue by fixing up the stored pointer if it points to a padding -nlattr. - -Tested-by: Pete Heist <pete@heistp.net> -Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> -Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk> ---- - net/core/gen_stats.c | 16 ++++++++++++++-- - 1 file changed, 14 insertions(+), 2 deletions(-) - ---- a/net/core/gen_stats.c -+++ b/net/core/gen_stats.c -@@ -77,8 +77,20 @@ gnet_stats_start_copy_compat(struct sk_b - d->lock = lock; - spin_lock_bh(lock); - } -- if (d->tail) -- return gnet_stats_copy(d, type, NULL, 0, padattr); -+ if (d->tail) { -+ int ret = gnet_stats_copy(d, type, NULL, 0, padattr); -+ -+ /* The initial attribute added in gnet_stats_copy() may be -+ * preceded by a padding attribute, in which case d->tail will -+ * end up pointing at the padding instead of the real attribute. -+ * Fix this so gnet_stats_finish_copy() adjusts the length of -+ * the right attribute. -+ */ -+ if (ret == 0 && d->tail->nla_type == padattr) -+ d->tail = (struct nlattr *)((char *)d->tail + -+ NLA_ALIGN(d->tail->nla_len)); -+ return ret; -+ } - - return 0; - } |