diff options
26 files changed, 123 insertions, 188 deletions
diff --git a/include/kernel-version.mk b/include/kernel-version.mk index 64dd4259b2..31cc1be273 100644 --- a/include/kernel-version.mk +++ b/include/kernel-version.mk @@ -4,13 +4,13 @@ LINUX_RELEASE?=1 LINUX_VERSION-3.18 = .71 LINUX_VERSION-4.4 = .121 -LINUX_VERSION-4.14 = .59 LINUX_VERSION-4.9 = .117 +LINUX_VERSION-4.14 = .60 LINUX_KERNEL_HASH-3.18.71 = 5abc9778ad44ce02ed6c8ab52ece8a21c6d20d21f6ed8a19287b4a38a50c1240 LINUX_KERNEL_HASH-4.4.121 = 44a88268b5088dc326b30c9b9133ac35a9a200b636b7268d08f32abeae6ca729 -LINUX_KERNEL_HASH-4.14.59 = 7ec633c661bba941239e340bb35391d356eda541fb4c323d07034d09d05b319b LINUX_KERNEL_HASH-4.9.117 = 8232ea326ac5784d71baa09c0cd7806a2674f8449c0be73e2ae341e6880279b0 +LINUX_KERNEL_HASH-4.14.60 = 6ce143258fba2e1f543ff56802e047d7d3a741f746b9c947dd088d4a2873b295 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1)))) sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1))))))) diff --git a/target/linux/ath79/patches-4.14/910-unaligned_access_hacks.patch b/target/linux/ath79/patches-4.14/910-unaligned_access_hacks.patch index fc9dce2d85..0954c87894 100644 --- a/target/linux/ath79/patches-4.14/910-unaligned_access_hacks.patch +++ b/target/linux/ath79/patches-4.14/910-unaligned_access_hacks.patch @@ -737,7 +737,7 @@ EXPORT_SYMBOL(xfrm_parse_spi); --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -3854,14 +3854,16 @@ static bool tcp_parse_aligned_timestamp( +@@ -3858,14 +3858,16 @@ static bool tcp_parse_aligned_timestamp( { const __be32 *ptr = (const __be32 *)(th + 1); diff --git a/target/linux/cns3xxx/patches-4.14/130-Extend-PCIE_BUS_PEER2PEER-to-set-MRSS-128-to-fix-CNS3xxx-BM-DMA..patch b/target/linux/cns3xxx/patches-4.14/130-Extend-PCIE_BUS_PEER2PEER-to-set-MRSS-128-to-fix-CNS3xxx-BM-DMA..patch index 42430ead4c..45946e3d67 100644 --- a/target/linux/cns3xxx/patches-4.14/130-Extend-PCIE_BUS_PEER2PEER-to-set-MRSS-128-to-fix-CNS3xxx-BM-DMA..patch +++ b/target/linux/cns3xxx/patches-4.14/130-Extend-PCIE_BUS_PEER2PEER-to-set-MRSS-128-to-fix-CNS3xxx-BM-DMA..patch @@ -1,6 +1,6 @@ --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c -@@ -2303,7 +2303,8 @@ static void pcie_write_mrrs(struct pci_d +@@ -2305,7 +2305,8 @@ static void pcie_write_mrrs(struct pci_d /* In the "safe" case, do not configure the MRRS. There appear to be * issues with setting MRRS to 0 on a number of devices. */ diff --git a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch index f2210259e8..75e86f1b46 100644 --- a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch +++ b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch @@ -265,7 +265,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } nft_chain_release_hook(&hook); } -@@ -5112,10 +5100,9 @@ static int nf_tables_commit(struct net * +@@ -5113,10 +5101,9 @@ static int nf_tables_commit(struct net * case NFT_MSG_DELCHAIN: list_del_rcu(&trans->ctx.chain->list); nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN); @@ -279,7 +279,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> break; case NFT_MSG_NEWRULE: nft_clear(trans->ctx.net, nft_trans_rule(trans)); -@@ -5252,10 +5239,9 @@ static int nf_tables_abort(struct net *n +@@ -5253,10 +5240,9 @@ static int nf_tables_abort(struct net *n } else { trans->ctx.table->use--; list_del_rcu(&trans->ctx.chain->list); @@ -293,7 +293,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } break; case NFT_MSG_DELCHAIN: -@@ -5358,7 +5344,7 @@ int nft_chain_validate_hooks(const struc +@@ -5359,7 +5345,7 @@ int nft_chain_validate_hooks(const struc if (nft_is_base_chain(chain)) { basechain = nft_base_chain(chain); @@ -302,7 +302,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; return -EOPNOTSUPP; -@@ -5840,8 +5826,7 @@ int __nft_release_basechain(struct nft_c +@@ -5841,8 +5827,7 @@ int __nft_release_basechain(struct nft_c BUG_ON(!nft_is_base_chain(ctx->chain)); @@ -312,7 +312,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) { list_del(&rule->list); ctx->chain->use--; -@@ -5870,8 +5855,7 @@ static void __nft_release_afinfo(struct +@@ -5871,8 +5856,7 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) diff --git a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch index 8266562a82..625de6b348 100644 --- a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch +++ b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch @@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) { err = nft_delobj(ctx, obj); if (err < 0) -@@ -4817,6 +4861,605 @@ static void nf_tables_obj_notify(const s +@@ -4818,6 +4862,605 @@ static void nf_tables_obj_notify(const s ctx->afi->family, ctx->report, GFP_KERNEL); } @@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq) { -@@ -4847,6 +5490,49 @@ nla_put_failure: +@@ -4848,6 +5491,49 @@ nla_put_failure: return -EMSGSIZE; } @@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb, int event) { -@@ -4999,6 +5685,21 @@ static const struct nfnl_callback nf_tab +@@ -5000,6 +5686,21 @@ static const struct nfnl_callback nf_tab .attr_count = NFTA_OBJ_MAX, .policy = nft_obj_policy, }, @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static void nft_chain_commit_update(struct nft_trans *trans) -@@ -5044,6 +5745,9 @@ static void nf_tables_commit_release(str +@@ -5045,6 +5746,9 @@ static void nf_tables_commit_release(str case NFT_MSG_DELOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } kfree(trans); } -@@ -5161,6 +5865,21 @@ static int nf_tables_commit(struct net * +@@ -5162,6 +5866,21 @@ static int nf_tables_commit(struct net * nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans), NFT_MSG_DELOBJ); break; @@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -5198,6 +5917,9 @@ static void nf_tables_abort_release(stru +@@ -5199,6 +5918,9 @@ static void nf_tables_abort_release(stru case NFT_MSG_NEWOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } kfree(trans); } -@@ -5289,6 +6011,17 @@ static int nf_tables_abort(struct net *n +@@ -5290,6 +6012,17 @@ static int nf_tables_abort(struct net *n nft_clear(trans->ctx.net, nft_trans_obj(trans)); nft_trans_destroy(trans); break; @@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -5839,6 +6572,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai +@@ -5840,6 +6573,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai /* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */ static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi) { @@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table, *nt; struct nft_chain *chain, *nc; struct nft_object *obj, *ne; -@@ -5852,6 +6586,9 @@ static void __nft_release_afinfo(struct +@@ -5853,6 +6587,9 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); @@ -1048,7 +1048,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* No packets are walking on these chains anymore. */ ctx.table = table; list_for_each_entry(chain, &table->chains, list) { -@@ -5862,6 +6599,11 @@ static void __nft_release_afinfo(struct +@@ -5863,6 +6600,11 @@ static void __nft_release_afinfo(struct nf_tables_rule_release(&ctx, rule); } } @@ -1060,7 +1060,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(set, ns, &table->sets, list) { list_del(&set->list); table->use--; -@@ -5905,6 +6647,8 @@ static int __init nf_tables_module_init( +@@ -5906,6 +6648,8 @@ static int __init nf_tables_module_init( if (err < 0) goto err3; @@ -1069,7 +1069,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> pr_info("nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>\n"); return register_pernet_subsys(&nf_tables_net_ops); err3: -@@ -5919,6 +6663,7 @@ static void __exit nf_tables_module_exit +@@ -5920,6 +6664,7 @@ static void __exit nf_tables_module_exit { unregister_pernet_subsys(&nf_tables_net_ops); nfnetlink_subsys_unregister(&nf_tables_subsys); diff --git a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch index 307749763a..9c98fa73c4 100644 --- a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch +++ b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch @@ -82,7 +82,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; -@@ -4969,7 +4966,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -4970,7 +4967,7 @@ static int nf_tables_flowtable_parse_hoo return -EINVAL; hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM])); diff --git a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch index 94e69790d8..d0863b836b 100644 --- a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch +++ b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5393,7 +5393,7 @@ static int nf_tables_getflowtable(struct +@@ -5394,7 +5394,7 @@ static int nf_tables_getflowtable(struct flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME], genmask); diff --git a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch index ce46e69d43..aeef003303 100644 --- a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch +++ b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch @@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (ret >= 0) { ctx->table->flags &= ~NFT_TABLE_F_DORMANT; nft_trans_table_enable(trans) = true; -@@ -5771,7 +5764,6 @@ static int nf_tables_commit(struct net * +@@ -5772,7 +5765,6 @@ static int nf_tables_commit(struct net * if (nft_trans_table_update(trans)) { if (!nft_trans_table_enable(trans)) { nf_tables_table_disable(net, @@ -70,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> trans->ctx.table); trans->ctx.table->flags |= NFT_TABLE_F_DORMANT; } -@@ -5933,7 +5925,6 @@ static int nf_tables_abort(struct net *n +@@ -5934,7 +5926,6 @@ static int nf_tables_abort(struct net *n if (nft_trans_table_update(trans)) { if (nft_trans_table_enable(trans)) { nf_tables_table_disable(net, diff --git a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch index 91118198ac..d7c07244fc 100644 --- a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch +++ b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch @@ -15,7 +15,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5312,8 +5312,10 @@ static int nf_tables_dump_flowtable_done +@@ -5313,8 +5313,10 @@ static int nf_tables_dump_flowtable_done if (!filter) return 0; diff --git a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch index 59bffa2ada..320a90c11c 100644 --- a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch +++ b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch @@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -2827,7 +2824,7 @@ static int nf_tables_fill_set(struct sk_ +@@ -2828,7 +2825,7 @@ static int nf_tables_fill_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -679,7 +679,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -2919,10 +2916,8 @@ static int nf_tables_dump_sets(struct sk +@@ -2920,10 +2917,8 @@ static int nf_tables_dump_sets(struct sk { const struct nft_set *set; unsigned int idx, s_idx = cb->args[0]; @@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_ctx *ctx = cb->data, ctx_set; if (cb->args[1]) -@@ -2931,51 +2926,44 @@ static int nf_tables_dump_sets(struct sk +@@ -2932,51 +2927,44 @@ static int nf_tables_dump_sets(struct sk rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -771,7 +771,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } cb->args[1] = 1; done: -@@ -3185,11 +3173,12 @@ static int nf_tables_newset(struct net * +@@ -3186,11 +3174,12 @@ static int nf_tables_newset(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -786,7 +786,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3458,12 +3447,12 @@ static int nft_ctx_init_from_elemattr(st +@@ -3459,12 +3448,12 @@ static int nft_ctx_init_from_elemattr(st if (IS_ERR(afi)) return PTR_ERR(afi); @@ -802,7 +802,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -3568,7 +3557,6 @@ static int nf_tables_dump_set(struct sk_ +@@ -3569,7 +3558,6 @@ static int nf_tables_dump_set(struct sk_ { struct nft_set_dump_ctx *dump_ctx = cb->data; struct net *net = sock_net(skb->sk); @@ -810,7 +810,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_set *set; struct nft_set_dump_args args; -@@ -3580,21 +3568,19 @@ static int nf_tables_dump_set(struct sk_ +@@ -3581,21 +3569,19 @@ static int nf_tables_dump_set(struct sk_ int event; rcu_read_lock(); @@ -841,7 +841,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } break; } -@@ -3614,7 +3600,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3615,7 +3601,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -850,7 +850,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -3716,7 +3702,7 @@ static int nf_tables_fill_setelem_info(s +@@ -3717,7 +3703,7 @@ static int nf_tables_fill_setelem_info(s goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -859,7 +859,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -3960,7 +3946,7 @@ static int nft_add_set_elem(struct nft_c +@@ -3961,7 +3947,7 @@ static int nft_add_set_elem(struct nft_c list_for_each_entry(binding, &set->bindings, list) { struct nft_ctx bind_ctx = { .net = ctx->net, @@ -868,7 +868,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> .table = ctx->table, .chain = (struct nft_chain *)binding->chain, }; -@@ -4509,7 +4495,8 @@ static int nf_tables_newobj(struct net * +@@ -4510,7 +4496,8 @@ static int nf_tables_newobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -878,7 +878,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4527,7 +4514,7 @@ static int nf_tables_newobj(struct net * +@@ -4528,7 +4515,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -887,7 +887,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4604,7 +4591,6 @@ struct nft_obj_filter { +@@ -4605,7 +4592,6 @@ struct nft_obj_filter { static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -895,7 +895,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; unsigned int idx = 0, s_idx = cb->args[0]; struct nft_obj_filter *filter = cb->data; -@@ -4619,38 +4605,37 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4620,38 +4606,37 @@ static int nf_tables_dump_obj(struct sk_ rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -960,7 +960,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } done: -@@ -4737,7 +4722,8 @@ static int nf_tables_getobj(struct net * +@@ -4738,7 +4723,8 @@ static int nf_tables_getobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4797,7 +4783,8 @@ static int nf_tables_delobj(struct net * +@@ -4798,7 +4784,8 @@ static int nf_tables_delobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4808,7 +4795,7 @@ static int nf_tables_delobj(struct net * +@@ -4809,7 +4796,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -989,7 +989,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delobj(&ctx, obj); } -@@ -4846,7 +4833,7 @@ static void nf_tables_obj_notify(const s +@@ -4847,7 +4834,7 @@ static void nf_tables_obj_notify(const s struct nft_object *obj, int event) { nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event, @@ -998,7 +998,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } /* -@@ -5036,7 +5023,7 @@ void nft_flow_table_iterate(struct net * +@@ -5037,7 +5024,7 @@ void nft_flow_table_iterate(struct net * rcu_read_lock(); list_for_each_entry_rcu(afi, &net->nft.af_info, list) { @@ -1007,7 +1007,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_rcu(flowtable, &table->flowtables, list) { iter(&flowtable->data, data); } -@@ -5084,7 +5071,8 @@ static int nf_tables_newflowtable(struct +@@ -5085,7 +5072,8 @@ static int nf_tables_newflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1017,7 +1017,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5101,7 +5089,7 @@ static int nf_tables_newflowtable(struct +@@ -5102,7 +5090,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -1026,7 +1026,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5182,7 +5170,8 @@ static int nf_tables_delflowtable(struct +@@ -5183,7 +5171,8 @@ static int nf_tables_delflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1036,7 +1036,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5193,7 +5182,7 @@ static int nf_tables_delflowtable(struct +@@ -5194,7 +5183,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1045,7 +1045,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delflowtable(&ctx, flowtable); } -@@ -5262,40 +5251,37 @@ static int nf_tables_dump_flowtable(stru +@@ -5263,40 +5252,37 @@ static int nf_tables_dump_flowtable(stru struct net *net = sock_net(skb->sk); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } done: -@@ -5380,7 +5366,8 @@ static int nf_tables_getflowtable(struct +@@ -5381,7 +5367,8 @@ static int nf_tables_getflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5423,7 +5410,7 @@ static void nf_tables_flowtable_notify(s +@@ -5424,7 +5411,7 @@ static void nf_tables_flowtable_notify(s err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, ctx->seq, event, 0, @@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (err < 0) { kfree_skb(skb); goto err; -@@ -5501,17 +5488,14 @@ static int nf_tables_flowtable_event(str +@@ -5502,17 +5489,14 @@ static int nf_tables_flowtable_event(str struct net_device *dev = netdev_notifier_info_to_dev(ptr); struct nft_flowtable *flowtable; struct nft_table *table; @@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -6532,6 +6516,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); +@@ -6533,6 +6517,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); static int __net_init nf_tables_init_net(struct net *net) { INIT_LIST_HEAD(&net->nft.af_info); @@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> INIT_LIST_HEAD(&net->nft.commit_list); net->nft.base_seq = 1; return 0; -@@ -6568,10 +6553,10 @@ static void __nft_release_afinfo(struct +@@ -6569,10 +6554,10 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, diff --git a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch index 5c942e3a54..0d973ac028 100644 --- a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch +++ b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch @@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static struct pernet_operations clusterip_net_ops = { --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -6522,6 +6522,12 @@ static int __net_init nf_tables_init_net +@@ -6523,6 +6523,12 @@ static int __net_init nf_tables_init_net return 0; } @@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6599,6 +6605,7 @@ static void __nft_release_afinfo(struct +@@ -6600,6 +6606,7 @@ static void __nft_release_afinfo(struct static struct pernet_operations nf_tables_net_ops = { .init = nf_tables_init_net, diff --git a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch index 2683f5b031..0ea11524fc 100644 --- a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch +++ b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch @@ -364,7 +364,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (afi->family == family) return afi; } -@@ -5018,15 +5016,12 @@ void nft_flow_table_iterate(struct net * +@@ -5019,15 +5017,12 @@ void nft_flow_table_iterate(struct net * void *data) { struct nft_flowtable *flowtable; @@ -383,7 +383,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } rcu_read_unlock(); -@@ -6513,21 +6508,6 @@ int nft_data_dump(struct sk_buff *skb, i +@@ -6514,21 +6509,6 @@ int nft_data_dump(struct sk_buff *skb, i } EXPORT_SYMBOL_GPL(nft_data_dump); @@ -405,7 +405,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6548,8 +6528,7 @@ int __nft_release_basechain(struct nft_c +@@ -6549,8 +6529,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -415,7 +415,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6559,10 +6538,11 @@ static void __nft_release_afinfo(struct +@@ -6560,10 +6539,11 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, @@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); list_for_each_entry(flowtable, &table->flowtables, list) -@@ -6603,6 +6583,21 @@ static void __nft_release_afinfo(struct +@@ -6604,6 +6584,21 @@ static void __nft_release_afinfo(struct } } diff --git a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch index 544dfb92ab..0752d69395 100644 --- a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch +++ b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch @@ -729,7 +729,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -2926,7 +2801,7 @@ static int nf_tables_dump_sets(struct sk +@@ -2927,7 +2802,7 @@ static int nf_tables_dump_sets(struct sk list_for_each_entry_rcu(table, &net->nft.tables, list) { if (ctx->family != NFPROTO_UNSPEC && @@ -738,7 +738,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; if (ctx->table && ctx->table != table) -@@ -2947,7 +2822,7 @@ static int nf_tables_dump_sets(struct sk +@@ -2948,7 +2823,7 @@ static int nf_tables_dump_sets(struct sk ctx_set = *ctx; ctx_set.table = table; @@ -747,7 +747,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (nf_tables_fill_set(skb, &ctx_set, set, NFT_MSG_NEWSET, -@@ -3059,8 +2934,8 @@ static int nf_tables_newset(struct net * +@@ -3060,8 +2935,8 @@ static int nf_tables_newset(struct net * { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -757,7 +757,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_set *set; struct nft_ctx ctx; -@@ -3167,16 +3042,12 @@ static int nf_tables_newset(struct net * +@@ -3168,16 +3043,12 @@ static int nf_tables_newset(struct net * create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; @@ -776,7 +776,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3438,19 +3309,15 @@ static int nft_ctx_init_from_elemattr(st +@@ -3439,19 +3310,15 @@ static int nft_ctx_init_from_elemattr(st u8 genmask) { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); @@ -799,7 +799,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -3568,7 +3435,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3569,7 +3436,7 @@ static int nf_tables_dump_set(struct sk_ rcu_read_lock(); list_for_each_entry_rcu(table, &net->nft.tables, list) { if (dump_ctx->ctx.family != NFPROTO_UNSPEC && @@ -808,7 +808,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; if (table != dump_ctx->ctx.table) -@@ -3598,7 +3465,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3599,7 +3466,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -817,7 +817,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -4477,7 +4344,6 @@ static int nf_tables_newobj(struct net * +@@ -4478,7 +4345,6 @@ static int nf_tables_newobj(struct net * const struct nft_object_type *type; u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -825,7 +825,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4489,11 +4355,7 @@ static int nf_tables_newobj(struct net * +@@ -4490,11 +4356,7 @@ static int nf_tables_newobj(struct net * !nla[NFTA_OBJ_DATA]) return -EINVAL; @@ -838,7 +838,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4512,7 +4374,7 @@ static int nf_tables_newobj(struct net * +@@ -4513,7 +4375,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -847,7 +847,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4604,7 +4466,7 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4605,7 +4467,7 @@ static int nf_tables_dump_obj(struct sk_ cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -856,7 +856,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; list_for_each_entry_rcu(obj, &table->objects, list) { -@@ -4627,7 +4489,7 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4628,7 +4490,7 @@ static int nf_tables_dump_obj(struct sk_ cb->nlh->nlmsg_seq, NFT_MSG_NEWOBJ, NLM_F_MULTI | NLM_F_APPEND, @@ -865,7 +865,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> obj, reset) < 0) goto done; -@@ -4685,7 +4547,6 @@ static int nf_tables_getobj(struct net * +@@ -4686,7 +4548,6 @@ static int nf_tables_getobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; @@ -873,7 +873,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; struct nft_object *obj; struct sk_buff *skb2; -@@ -4716,11 +4577,7 @@ static int nf_tables_getobj(struct net * +@@ -4717,11 +4578,7 @@ static int nf_tables_getobj(struct net * !nla[NFTA_OBJ_TYPE]) return -EINVAL; @@ -886,7 +886,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4767,7 +4624,6 @@ static int nf_tables_delobj(struct net * +@@ -4768,7 +4625,6 @@ static int nf_tables_delobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -894,7 +894,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4777,11 +4633,7 @@ static int nf_tables_delobj(struct net * +@@ -4778,11 +4634,7 @@ static int nf_tables_delobj(struct net * !nla[NFTA_OBJ_NAME]) return -EINVAL; @@ -907,7 +907,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4793,7 +4645,7 @@ static int nf_tables_delobj(struct net * +@@ -4794,7 +4646,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -916,7 +916,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delobj(&ctx, obj); } -@@ -4978,33 +4830,31 @@ err1: +@@ -4979,33 +4831,31 @@ err1: return err; } @@ -956,7 +956,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return ERR_PTR(-EAGAIN); } #endif -@@ -5052,7 +4902,6 @@ static int nf_tables_newflowtable(struct +@@ -5053,7 +4903,6 @@ static int nf_tables_newflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -964,7 +964,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_ctx ctx; int err, i, k; -@@ -5062,12 +4911,8 @@ static int nf_tables_newflowtable(struct +@@ -5063,12 +4912,8 @@ static int nf_tables_newflowtable(struct !nla[NFTA_FLOWTABLE_HOOK]) return -EINVAL; @@ -978,7 +978,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5084,7 +4929,7 @@ static int nf_tables_newflowtable(struct +@@ -5085,7 +4930,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -987,7 +987,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5097,7 +4942,7 @@ static int nf_tables_newflowtable(struct +@@ -5098,7 +4943,7 @@ static int nf_tables_newflowtable(struct goto err1; } @@ -996,7 +996,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(type)) { err = PTR_ERR(type); goto err2; -@@ -5157,16 +5002,11 @@ static int nf_tables_delflowtable(struct +@@ -5158,16 +5003,11 @@ static int nf_tables_delflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1014,7 +1014,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5177,7 +5017,7 @@ static int nf_tables_delflowtable(struct +@@ -5178,7 +5018,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1023,7 +1023,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delflowtable(&ctx, flowtable); } -@@ -5252,7 +5092,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5253,7 +5093,7 @@ static int nf_tables_dump_flowtable(stru cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -1032,7 +1032,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -@@ -5271,7 +5111,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5272,7 +5112,7 @@ static int nf_tables_dump_flowtable(stru cb->nlh->nlmsg_seq, NFT_MSG_NEWFLOWTABLE, NLM_F_MULTI | NLM_F_APPEND, @@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> goto done; nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -@@ -5331,7 +5171,6 @@ static int nf_tables_getflowtable(struct +@@ -5332,7 +5172,6 @@ static int nf_tables_getflowtable(struct u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; struct sk_buff *skb2; int err; -@@ -5357,12 +5196,8 @@ static int nf_tables_getflowtable(struct +@@ -5358,12 +5197,8 @@ static int nf_tables_getflowtable(struct if (!nla[NFTA_FLOWTABLE_NAME]) return -EINVAL; @@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -6528,7 +6363,7 @@ int __nft_release_basechain(struct nft_c +@@ -6529,7 +6364,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6541,7 +6376,7 @@ static void __nft_release_afinfo(struct +@@ -6542,7 +6377,7 @@ static void __nft_release_afinfo(struct }; list_for_each_entry_safe(table, nt, &net->nft.tables, list) { @@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); -@@ -6593,7 +6428,7 @@ static int __net_init nf_tables_init_net +@@ -6594,7 +6429,7 @@ static int __net_init nf_tables_init_net static void __net_exit nf_tables_exit_net(struct net *net) { diff --git a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch index 0572c2fcd9..d6736d652f 100644 --- a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch +++ b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch @@ -17,7 +17,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4868,13 +4868,13 @@ void nft_flow_table_iterate(struct net * +@@ -4869,13 +4869,13 @@ void nft_flow_table_iterate(struct net * struct nft_flowtable *flowtable; const struct nft_table *table; diff --git a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch index bd935b971d..d0c6e46c9f 100644 --- a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch +++ b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch @@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5253,17 +5253,12 @@ err: +@@ -5254,17 +5254,12 @@ err: nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS); } diff --git a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch index a7ce0df5cf..89e12a5f47 100644 --- a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch +++ b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch @@ -297,7 +297,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static struct nft_set *nf_tables_set_lookup_byid(const struct net *net, const struct nlattr *nla, u8 genmask) -@@ -2705,6 +2770,9 @@ static int nf_tables_fill_set(struct sk_ +@@ -2706,6 +2771,9 @@ static int nf_tables_fill_set(struct sk_ goto nla_put_failure; if (nla_put_string(skb, NFTA_SET_NAME, set->name)) goto nla_put_failure; @@ -307,7 +307,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (set->flags != 0) if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags))) goto nla_put_failure; -@@ -3113,6 +3181,7 @@ static int nf_tables_newset(struct net * +@@ -3114,6 +3182,7 @@ static int nf_tables_newset(struct net * set->udata = udata; set->timeout = timeout; set->gc_int = gc_int; @@ -315,7 +315,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> err = ops->init(set, &desc, nla); if (err < 0) -@@ -3172,7 +3241,10 @@ static int nf_tables_delset(struct net * +@@ -3173,7 +3242,10 @@ static int nf_tables_delset(struct net * if (err < 0) return err; @@ -327,7 +327,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(set)) return PTR_ERR(set); -@@ -4232,6 +4304,21 @@ struct nft_object *nf_tables_obj_lookup( +@@ -4233,6 +4305,21 @@ struct nft_object *nf_tables_obj_lookup( } EXPORT_SYMBOL_GPL(nf_tables_obj_lookup); @@ -349,7 +349,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = { [NFTA_OBJ_TABLE] = { .type = NLA_STRING, .len = NFT_TABLE_MAXNAMELEN - 1 }, -@@ -4239,6 +4326,7 @@ static const struct nla_policy nft_obj_p +@@ -4240,6 +4327,7 @@ static const struct nla_policy nft_obj_p .len = NFT_OBJ_MAXNAMELEN - 1 }, [NFTA_OBJ_TYPE] = { .type = NLA_U32 }, [NFTA_OBJ_DATA] = { .type = NLA_NESTED }, @@ -357,7 +357,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static struct nft_object *nft_obj_init(const struct nft_ctx *ctx, -@@ -4386,6 +4474,8 @@ static int nf_tables_newobj(struct net * +@@ -4387,6 +4475,8 @@ static int nf_tables_newobj(struct net * goto err1; } obj->table = table; @@ -366,7 +366,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL); if (!obj->name) { err = -ENOMEM; -@@ -4432,7 +4522,9 @@ static int nf_tables_fill_obj_info(struc +@@ -4433,7 +4523,9 @@ static int nf_tables_fill_obj_info(struc nla_put_string(skb, NFTA_OBJ_NAME, obj->name) || nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) || nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) || @@ -377,7 +377,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> goto nla_put_failure; nlmsg_end(skb, nlh); -@@ -4630,7 +4722,7 @@ static int nf_tables_delobj(struct net * +@@ -4631,7 +4723,7 @@ static int nf_tables_delobj(struct net * u32 objtype; if (!nla[NFTA_OBJ_TYPE] || @@ -386,7 +386,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return -EINVAL; table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, -@@ -4639,7 +4731,12 @@ static int nf_tables_delobj(struct net * +@@ -4640,7 +4732,12 @@ static int nf_tables_delobj(struct net * return PTR_ERR(table); objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE])); @@ -400,7 +400,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(obj)) return PTR_ERR(obj); if (obj->use > 0) -@@ -4711,6 +4808,7 @@ static const struct nla_policy nft_flowt +@@ -4712,6 +4809,7 @@ static const struct nla_policy nft_flowt [NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING, .len = NFT_NAME_MAXLEN - 1 }, [NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED }, @@ -408,7 +408,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, -@@ -4728,6 +4826,20 @@ struct nft_flowtable *nf_tables_flowtabl +@@ -4729,6 +4827,20 @@ struct nft_flowtable *nf_tables_flowtabl } EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup); @@ -429,7 +429,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> #define NFT_FLOWTABLE_DEVICE_MAX 8 static int nf_tables_parse_devices(const struct nft_ctx *ctx, -@@ -4936,6 +5048,8 @@ static int nf_tables_newflowtable(struct +@@ -4937,6 +5049,8 @@ static int nf_tables_newflowtable(struct return -ENOMEM; flowtable->table = table; @@ -438,7 +438,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL); if (!flowtable->name) { err = -ENOMEM; -@@ -5010,8 +5124,14 @@ static int nf_tables_delflowtable(struct +@@ -5011,8 +5125,14 @@ static int nf_tables_delflowtable(struct if (IS_ERR(table)) return PTR_ERR(table); @@ -455,7 +455,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(flowtable)) return PTR_ERR(flowtable); if (flowtable->use > 0) -@@ -5044,7 +5164,9 @@ static int nf_tables_fill_flowtable_info +@@ -5045,7 +5165,9 @@ static int nf_tables_fill_flowtable_info if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) || nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || diff --git a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch index 2af2fbe284..77e4db3ed7 100644 --- a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch +++ b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch @@ -236,7 +236,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> .owner = THIS_MODULE, --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5063,40 +5063,38 @@ static int nf_tables_newflowtable(struct +@@ -5064,40 +5064,38 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -285,7 +285,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> err3: module_put(type->owner); err2: -@@ -5377,10 +5375,8 @@ err: +@@ -5378,10 +5376,8 @@ err: static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable) { diff --git a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch index 9481d16ba5..e38f22635d 100644 --- a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch +++ b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch @@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4929,7 +4929,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -4930,7 +4930,7 @@ static int nf_tables_flowtable_parse_hoo flowtable->ops[i].pf = NFPROTO_NETDEV; flowtable->ops[i].hooknum = hooknum; flowtable->ops[i].priority = priority; diff --git a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch index 2dc50f8358..2fcd663307 100644 --- a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch +++ b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch @@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> WARN_ON(!nf_flow_offload_gc_step(flow_table)); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4973,23 +4973,6 @@ static const struct nf_flowtable_type *n +@@ -4974,23 +4974,6 @@ static const struct nf_flowtable_type *n return ERR_PTR(-ENOENT); } diff --git a/target/linux/generic/backport-4.14/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch b/target/linux/generic/backport-4.14/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch deleted file mode 100644 index 8e63189e80..0000000000 --- a/target/linux/generic/backport-4.14/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 5012284700775a4e6e3fbe7eac4c543c4874b559 Mon Sep 17 00:00:00 2001 -From: Theodore Ts'o <tytso@mit.edu> -Date: Sat, 28 Jul 2018 08:12:04 -0400 -Subject: [PATCH] ext4: fix check to prevent initializing reserved inodes - -Commit 8844618d8aa7: "ext4: only look at the bg_flags field if it is -valid" will complain if block group zero does not have the -EXT4_BG_INODE_ZEROED flag set. Unfortunately, this is not correct, -since a freshly created file system has this flag cleared. It gets -almost immediately after the file system is mounted read-write --- but -the following somewhat unlikely sequence will end up triggering a -false positive report of a corrupted file system: - - mkfs.ext4 /dev/vdc - mount -o ro /dev/vdc /vdc - mount -o remount,rw /dev/vdc - -Instead, when initializing the inode table for block group zero, test -to make sure that itable_unused count is not too large, since that is -the case that will result in some or all of the reserved inodes -getting cleared. - -This fixes the failures reported by Eric Whiteney when running -generic/230 and generic/231 in the the nojournal test case. - -Fixes: 8844618d8aa7 ("ext4: only look at the bg_flags field if it is valid") -Reported-by: Eric Whitney <enwlinux@gmail.com> -Signed-off-by: Theodore Ts'o <tytso@mit.edu> ---- - fs/ext4/ialloc.c | 5 ++++- - fs/ext4/super.c | 8 +------- - 2 files changed, 5 insertions(+), 8 deletions(-) - ---- a/fs/ext4/ialloc.c -+++ b/fs/ext4/ialloc.c -@@ -1394,7 +1394,10 @@ int ext4_init_inode_table(struct super_b - ext4_itable_unused_count(sb, gdp)), - sbi->s_inodes_per_block); - -- if ((used_blks < 0) || (used_blks > sbi->s_itb_per_group)) { -+ if ((used_blks < 0) || (used_blks > sbi->s_itb_per_group) || -+ ((group == 0) && ((EXT4_INODES_PER_GROUP(sb) - -+ ext4_itable_unused_count(sb, gdp)) < -+ EXT4_FIRST_INO(sb)))) { - ext4_error(sb, "Something is wrong with group %u: " - "used itable blocks: %d; " - "itable unused count: %u", ---- a/fs/ext4/super.c -+++ b/fs/ext4/super.c -@@ -3103,14 +3103,8 @@ static ext4_group_t ext4_has_uninit_itab - if (!gdp) - continue; - -- if (gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_ZEROED)) -- continue; -- if (group != 0) -+ if (!(gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_ZEROED))) - break; -- ext4_error(sb, "Inode table for bg 0 marked as " -- "needing zeroing"); -- if (sb_rdonly(sb)) -- return ngroups; - } - - return group; diff --git a/target/linux/generic/hack-4.14/902-debloat_proc.patch b/target/linux/generic/hack-4.14/902-debloat_proc.patch index 4f5fb7022c..65789d1b8c 100644 --- a/target/linux/generic/hack-4.14/902-debloat_proc.patch +++ b/target/linux/generic/hack-4.14/902-debloat_proc.patch @@ -232,7 +232,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> return -ENOMEM; --- a/mm/vmalloc.c +++ b/mm/vmalloc.c -@@ -2769,6 +2769,8 @@ static const struct file_operations proc +@@ -2770,6 +2770,8 @@ static const struct file_operations proc static int __init proc_vmalloc_init(void) { diff --git a/target/linux/generic/pending-4.14/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch b/target/linux/generic/pending-4.14/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch index d8aea32b5a..9889a33cb1 100644 --- a/target/linux/generic/pending-4.14/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch +++ b/target/linux/generic/pending-4.14/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch @@ -23,7 +23,7 @@ Tested-by: Aaron Brown <aaron.f.brown@intel.com> --- a/drivers/net/ethernet/intel/e1000e/netdev.c +++ b/drivers/net/ethernet/intel/e1000e/netdev.c -@@ -5096,7 +5096,7 @@ static bool e1000e_has_link(struct e1000 +@@ -5093,7 +5093,7 @@ static bool e1000e_has_link(struct e1000 /* get_link_status is set on LSC (link status) interrupt or * Rx sequence error interrupt. get_link_status will stay @@ -32,7 +32,7 @@ Tested-by: Aaron Brown <aaron.f.brown@intel.com> * for copper adapters ONLY */ switch (hw->phy.media_type) { -@@ -5114,7 +5114,7 @@ static bool e1000e_has_link(struct e1000 +@@ -5111,7 +5111,7 @@ static bool e1000e_has_link(struct e1000 break; case e1000_media_type_internal_serdes: ret_val = hw->mac.ops.check_for_link(hw); diff --git a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch index 72121eb11a..bf902875d0 100644 --- a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch +++ b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch @@ -506,7 +506,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +MODULE_ALIAS("nf-flow-table-hw"); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4916,6 +4916,14 @@ static int nf_tables_flowtable_parse_hoo +@@ -4917,6 +4917,14 @@ static int nf_tables_flowtable_parse_hoo if (err < 0) goto err1; @@ -521,7 +521,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL); if (!ops) { err = -ENOMEM; -@@ -5046,10 +5054,19 @@ static int nf_tables_newflowtable(struct +@@ -5047,10 +5055,19 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -541,7 +541,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK], flowtable); if (err < 0) -@@ -5147,7 +5164,8 @@ static int nf_tables_fill_flowtable_info +@@ -5148,7 +5165,8 @@ static int nf_tables_fill_flowtable_info nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) || nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle), diff --git a/target/linux/generic/pending-4.14/735-net-phy-at803x-fix-at8033-sgmii-mode.patch b/target/linux/generic/pending-4.14/735-net-phy-at803x-fix-at8033-sgmii-mode.patch index 381b2d09fa..8c5c21b1bc 100644 --- a/target/linux/generic/pending-4.14/735-net-phy-at803x-fix-at8033-sgmii-mode.patch +++ b/target/linux/generic/pending-4.14/735-net-phy-at803x-fix-at8033-sgmii-mode.patch @@ -21,7 +21,7 @@ Signed-off-by: Roman Yeryomin <roman@advem.lv> #define AT803X_PCS_SMART_EEE_CTRL3 0x805D #define AT803X_SMART_EEE_CTRL3_LPI_TX_DELAY_SEL_MASK 0x3 -@@ -295,6 +296,27 @@ static int at803x_config_init(struct phy +@@ -293,6 +294,27 @@ static int at803x_config_init(struct phy { struct at803x_platform_data *pdata; int ret; diff --git a/target/linux/mvebu/patches-4.14/408-sfp-move-module-eeprom-ethtool-access-into-netdev-co.patch b/target/linux/mvebu/patches-4.14/408-sfp-move-module-eeprom-ethtool-access-into-netdev-co.patch index 3012fae3d0..51b6a62ce4 100644 --- a/target/linux/mvebu/patches-4.14/408-sfp-move-module-eeprom-ethtool-access-into-netdev-co.patch +++ b/target/linux/mvebu/patches-4.14/408-sfp-move-module-eeprom-ethtool-access-into-netdev-co.patch @@ -49,7 +49,7 @@ Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk> }; --- a/drivers/net/phy/phylink.c +++ b/drivers/net/phy/phylink.c -@@ -1040,34 +1040,6 @@ int phylink_ethtool_set_pauseparam(struc +@@ -1042,34 +1042,6 @@ int phylink_ethtool_set_pauseparam(struc } EXPORT_SYMBOL_GPL(phylink_ethtool_set_pauseparam); diff --git a/target/linux/mvebu/patches-4.14/409-sfp-use-netdev-sfp_bus-for-start-stop.patch b/target/linux/mvebu/patches-4.14/409-sfp-use-netdev-sfp_bus-for-start-stop.patch index 7023b57a51..d0b4480f38 100644 --- a/target/linux/mvebu/patches-4.14/409-sfp-use-netdev-sfp_bus-for-start-stop.patch +++ b/target/linux/mvebu/patches-4.14/409-sfp-use-netdev-sfp_bus-for-start-stop.patch @@ -10,7 +10,7 @@ Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk> --- a/drivers/net/phy/phylink.c +++ b/drivers/net/phy/phylink.c -@@ -755,8 +755,8 @@ void phylink_start(struct phylink *pl) +@@ -757,8 +757,8 @@ void phylink_start(struct phylink *pl) clear_bit(PHYLINK_DISABLE_STOPPED, &pl->phylink_disable_state); phylink_run_resolve(pl); @@ -21,7 +21,7 @@ Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk> if (pl->phydev) phy_start(pl->phydev); } -@@ -768,8 +768,8 @@ void phylink_stop(struct phylink *pl) +@@ -770,8 +770,8 @@ void phylink_stop(struct phylink *pl) if (pl->phydev) phy_stop(pl->phydev); |