kernel: Copy patches from kernel 4.14 to 4.19

This just copies the files from the kernel 4.14 specific folders into
the kernel 4.19 specific folder, no changes are done to the files in
this commit.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

1 files changed, 200 insertions, 0 deletions

diff --git a/target/linux/generic/backport-4.19/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch b/target/linux/generic/backport-4.19/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch
new file mode 100644
index 0000000000..fcf54e9858
--- /dev/null
+++ b/target/linux/generic/backport-4.19/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch
@@ -0,0 +1,200 @@
+From b0f38338aef2dae5ade3c16acf713737e3b15a73 Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Sun, 3 Dec 2017 00:58:47 +0100
+Subject: [PATCH 05/11] netfilter: reduce size of hook entry point locations
+
+struct net contains:
+
+struct nf_hook_entries __rcu *hooks[NFPROTO_NUMPROTO][NF_MAX_HOOKS];
+
+which store the hook entry point locations for the various protocol
+families and the hooks.
+
+Using array results in compact c code when doing accesses, i.e.
+  x = rcu_dereference(net->nf.hooks[pf][hook]);
+
+but its also wasting a lot of memory, as most families are
+not used.
+
+So split the array into those families that are used, which
+are only 5 (instead of 13).  In most cases, the 'pf' argument is
+constant, i.e. gcc removes switch statement.
+
+struct net before:
+ /* size: 5184, cachelines: 81, members: 46 */
+after:
+ /* size: 4672, cachelines: 73, members: 46 */
+
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ include/linux/netfilter.h       | 24 ++++++++++++++++++++++--
+ include/net/netns/netfilter.h   |  6 +++++-
+ net/bridge/br_netfilter_hooks.c |  2 +-
+ net/netfilter/core.c            | 38 ++++++++++++++++++++++++++++++--------
+ net/netfilter/nf_queue.c        | 21 +++++++++++++++++++--
+ 5 files changed, 77 insertions(+), 14 deletions(-)
+
+--- a/include/linux/netfilter.h
++++ b/include/linux/netfilter.h
+@@ -195,7 +195,7 @@ static inline int nf_hook(u_int8_t pf, u
+ 			  struct net_device *indev, struct net_device *outdev,
+ 			  int (*okfn)(struct net *, struct sock *, struct sk_buff *))
+ {
+-	struct nf_hook_entries *hook_head;
++	struct nf_hook_entries *hook_head = NULL;
+ 	int ret = 1;
+ 
+ #ifdef HAVE_JUMP_LABEL
+@@ -206,7 +206,27 @@ static inline int nf_hook(u_int8_t pf, u
+ #endif
+ 
+ 	rcu_read_lock();
+-	hook_head = rcu_dereference(net->nf.hooks[pf][hook]);
++	switch (pf) {
++	case NFPROTO_IPV4:
++		hook_head = rcu_dereference(net->nf.hooks_ipv4[hook]);
++		break;
++	case NFPROTO_IPV6:
++		hook_head = rcu_dereference(net->nf.hooks_ipv6[hook]);
++		break;
++	case NFPROTO_ARP:
++		hook_head = rcu_dereference(net->nf.hooks_arp[hook]);
++		break;
++	case NFPROTO_BRIDGE:
++		hook_head = rcu_dereference(net->nf.hooks_bridge[hook]);
++		break;
++	case NFPROTO_DECNET:
++		hook_head = rcu_dereference(net->nf.hooks_decnet[hook]);
++		break;
++	default:
++		WARN_ON_ONCE(1);
++		break;
++	}
++
+ 	if (hook_head) {
+ 		struct nf_hook_state state;
+ 
+--- a/include/net/netns/netfilter.h
++++ b/include/net/netns/netfilter.h
+@@ -17,7 +17,11 @@ struct netns_nf {
+ #ifdef CONFIG_SYSCTL
+ 	struct ctl_table_header *nf_log_dir_header;
+ #endif
+-	struct nf_hook_entries __rcu *hooks[NFPROTO_NUMPROTO][NF_MAX_HOOKS];
++	struct nf_hook_entries __rcu *hooks_ipv4[NF_MAX_HOOKS];
++	struct nf_hook_entries __rcu *hooks_ipv6[NF_MAX_HOOKS];
++	struct nf_hook_entries __rcu *hooks_arp[NF_MAX_HOOKS];
++	struct nf_hook_entries __rcu *hooks_bridge[NF_MAX_HOOKS];
++	struct nf_hook_entries __rcu *hooks_decnet[NF_MAX_HOOKS];
+ #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4)
+ 	bool			defrag_ipv4;
+ #endif
+--- a/net/bridge/br_netfilter_hooks.c
++++ b/net/bridge/br_netfilter_hooks.c
+@@ -992,7 +992,7 @@ int br_nf_hook_thresh(unsigned int hook,
+ 	unsigned int i;
+ 	int ret;
+ 
+-	e = rcu_dereference(net->nf.hooks[NFPROTO_BRIDGE][hook]);
++	e = rcu_dereference(net->nf.hooks_bridge[hook]);
+ 	if (!e)
+ 		return okfn(net, sk, skb);
+ 
+--- a/net/netfilter/core.c
++++ b/net/netfilter/core.c
+@@ -264,8 +264,23 @@ out_assign:
+ 
+ static struct nf_hook_entries __rcu **nf_hook_entry_head(struct net *net, const struct nf_hook_ops *reg)
+ {
+-	if (reg->pf != NFPROTO_NETDEV)
+-		return net->nf.hooks[reg->pf]+reg->hooknum;
++	switch (reg->pf) {
++	case NFPROTO_NETDEV:
++		break;
++	case NFPROTO_ARP:
++		return net->nf.hooks_arp + reg->hooknum;
++	case NFPROTO_BRIDGE:
++		return net->nf.hooks_bridge + reg->hooknum;
++	case NFPROTO_IPV4:
++		return net->nf.hooks_ipv4 + reg->hooknum;
++	case NFPROTO_IPV6:
++		return net->nf.hooks_ipv6 + reg->hooknum;
++	case NFPROTO_DECNET:
++		return net->nf.hooks_decnet + reg->hooknum;
++	default:
++		WARN_ON_ONCE(1);
++		return NULL;
++	}
+ 
+ #ifdef CONFIG_NETFILTER_INGRESS
+ 	if (reg->hooknum == NF_NETDEV_INGRESS) {
+@@ -534,14 +549,21 @@ void (*nf_nat_decode_session_hook)(struc
+ EXPORT_SYMBOL(nf_nat_decode_session_hook);
+ #endif
+ 
+-static int __net_init netfilter_net_init(struct net *net)
++static void __net_init __netfilter_net_init(struct nf_hook_entries *e[NF_MAX_HOOKS])
+ {
+-	int i, h;
++	int h;
+ 
+-	for (i = 0; i < ARRAY_SIZE(net->nf.hooks); i++) {
+-		for (h = 0; h < NF_MAX_HOOKS; h++)
+-			RCU_INIT_POINTER(net->nf.hooks[i][h], NULL);
+-	}
++	for (h = 0; h < NF_MAX_HOOKS; h++)
++		RCU_INIT_POINTER(e[h], NULL);
++}
++
++static int __net_init netfilter_net_init(struct net *net)
++{
++	__netfilter_net_init(net->nf.hooks_ipv4);
++	__netfilter_net_init(net->nf.hooks_ipv6);
++	__netfilter_net_init(net->nf.hooks_arp);
++	__netfilter_net_init(net->nf.hooks_bridge);
++	__netfilter_net_init(net->nf.hooks_decnet);
+ 
+ #ifdef CONFIG_PROC_FS
+ 	net->nf.proc_netfilter = proc_net_mkdir(net, "netfilter",
+--- a/net/netfilter/nf_queue.c
++++ b/net/netfilter/nf_queue.c
+@@ -201,6 +201,23 @@ repeat:
+ 	return NF_ACCEPT;
+ }
+ 
++static struct nf_hook_entries *nf_hook_entries_head(const struct net *net, u8 pf, u8 hooknum)
++{
++	switch (pf) {
++	case NFPROTO_BRIDGE:
++		return rcu_dereference(net->nf.hooks_bridge[hooknum]);
++	case NFPROTO_IPV4:
++		return rcu_dereference(net->nf.hooks_ipv4[hooknum]);
++	case NFPROTO_IPV6:
++		return rcu_dereference(net->nf.hooks_ipv6[hooknum]);
++	default:
++		WARN_ON_ONCE(1);
++		return NULL;
++	}
++
++	return NULL;
++}
++
+ /* Caller must hold rcu read-side lock */
+ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
+ {
+@@ -216,12 +233,12 @@ void nf_reinject(struct nf_queue_entry *
+ 	net = entry->state.net;
+ 	pf = entry->state.pf;
+ 
+-	hooks = rcu_dereference(net->nf.hooks[pf][entry->state.hook]);
++	hooks = nf_hook_entries_head(net, pf, entry->state.hook);
+ 
+ 	nf_queue_entry_release_refs(entry);
+ 
+ 	i = entry->hook_index;
+-	if (WARN_ON_ONCE(i >= hooks->num_hook_entries)) {
++	if (WARN_ON_ONCE(!hooks || i >= hooks->num_hook_entries)) {
+ 		kfree_skb(skb);
+ 		kfree(entry);
+ 		return;