From 9261e7447ea7b8d33b70ff6ea008f2041a88e255 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Thu, 1 Nov 2018 18:01:44 +0100 Subject: kernel: Make the patches apply on top of 4.19 This makes the patches which were just copied in the previous commit apply on top of kernel 4.19. The patches in the backports-4.19 folder were checked if they are really in kernel 4.19 based on the title and only removed if they were found in the upstream kernel. The following additional patches form the pending folder went into upstream Linux 4.19: pending-4.19/171-usb-dwc2-Fix-inefficient-copy-of-unaligned-buffers.patch pending-4.19/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch pending-4.19/478-mtd-spi-nor-Add-support-for-XM25QH64A-and-XM25QH128A.patch pending-4.19/479-mtd-spi-nor-add-eon-en25qh32.patch pending-4.19/950-tty-serial-exar-generalize-rs485-setup.patch pending-4.19/340-MIPS-mm-remove-mips_dma_mapping_error.patch Bigger changes were introduced to the m25p80 spi nor driver, as far as I saw it in the new code, it now has the functionality provided in this patch: pending-4.19/450-mtd-m25p80-allow-fallback-from-spi_flash_read-to-reg.patch Part of this patch went upstream independent of OpenWrt: hack-4.19/220-gc_sections.patch This patch was reworked to match the changes done upstream. The MIPS DMA API changed a lot, this patch was rewritten to match the new DMA handling: pending-4.19/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch I did bigger manual changes to the following patches and I am not 100% sure if they are all correct: pending-4.19/0931-w1-gpio-fix-problem-with-platfom-data-in-w1-gpio.patch pending-4.19/411-mtd-partial_eraseblock_write.patch pending-4.19/600-netfilter_conntrack_flush.patch pending-4.19/611-netfilter_match_bypass_default_table.patch pending-4.19/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch hack-4.19/211-host_tools_portability.patch hack-4.19/221-module_exports.patch hack-4.19/321-powerpc_crtsavres_prereq.patch hack-4.19/902-debloat_proc.patch This is based on patchset from Marko Ratkaj Signed-off-by: Hauke Mehrtens --- include/kernel-version.mk | 2 + .../backport-4.19/011-kbuild-export-SUBARCH.patch | 16 +- ...macro-for-controlling-warnings-to-linux-c.patch | 140 -- ...tribute-alias-warning-for-SYSCALL_DEFINEx.patch | 88 -- .../020-backport_netfilter_rtcache.patch | 4 +- .../025-tcp-allow-drivers-to-tweak-TSQ-logic.patch | 85 -- ...ial-option-fix-dwm-158-3g-modem-interface.patch | 42 - ...d-support-for-host-mode-external-vbus-sup.patch | 109 -- ...wc2-dwc2_vbus_supply_init-fix-error-check.patch | 55 - ...de-adding-master-MTD-out-of-mtd_add_devic.patch | 74 - ...-get-rid-of-the-mtd_add_device_partitions.patch | 93 -- ...ons-add-of_match_table-parser-matching-fo.patch | 200 --- ...ofpart-parser-to-fixed-partitions-as-it-f.patch | 74 - ...-add-of_match_table-with-fixed-partitions.patch | 44 - ...de-adding-registering-partitions-to-the-p.patch | 168 --- ...xpart-improve-handling-TRX-partition-size.patch | 70 - ...part-add-of_match_table-with-a-new-DT-bin.patch | 39 - ...-trx-add-of_match_table-with-the-new-DT-b.patch | 37 - ...ons-use-DT-info-for-parsing-partitions-wi.patch | 102 -- ...-original-flags-for-every-struct-mtd_info.patch | 6 +- ...-calculating-partition-boundaries-when-ch.patch | 4 +- ...nable-master-mode-for-BCM54210E-and-B5021.patch | 50 - ...adcom-support-new-device-flag-for-setting.patch | 54 - ...-Enable-working-over-slow-can_sleep-GPIOs.patch | 84 -- ...net-bridge-add-support-for-port-isolation.patch | 145 -- ...er.h-prevent-redefinition-of-struct-ethhd.patch | 55 - ...lter-add-defines-for-arp-decnet-max-hooks.patch | 67 - ...ore-make-nf_unregister_net_hooks-simple-w.patch | 91 -- ...ore-remove-synchronize_net-call-if-nfqueu.patch | 116 -- ...6-netfilter-core-free-hooks-with-call_rcu.patch | 132 -- ...reduce-size-of-hook-entry-point-locations.patch | 200 --- ...reduce-hook-array-sizes-to-what-is-needed.patch | 95 -- ...on-t-allocate-space-for-decnet-hooks-unle.patch | 67 - ...on-t-allocate-space-for-arp-bridge-hooks-.patch | 165 --- ...ore-pass-hook-number-family-and-device-to.patch | 98 -- ....16-netfilter-core-add-nf_remove_net_hook.patch | 44 - ...ore-pass-family-as-parameter-to-nf_remove.patch | 51 - ...ore-support-for-NFPROTO_INET-hook-registr.patch | 129 -- ...f_tables-explicit-nft_set_pktinfo-call-fr.patch | 291 ---- ...ore-only-allow-one-nat-hook-per-hook-poin.patch | 146 -- ...f_tables_inet-don-t-use-multihook-infrast.patch | 161 --- ...f_tables-remove-multihook-chains-and-fami.patch | 390 ------ ...ove-checksum-indirection-to-struct-nf_ipv.patch | 171 --- ...ove-checksum_partial-indirection-to-struc.patch | 204 --- ...emove-saveroute-indirection-in-struct-nf_.patch | 232 ---- ...ove-route-indirection-to-struct-nf_ipv6_o.patch | 349 ----- ...ove-reroute-indirection-to-struct-nf_ipv6.patch | 223 --- ...emove-route_key_size-field-in-struct-nf_a.patch | 94 -- ...emove-struct-nf_afinfo-and-its-helper-fun.patch | 173 --- ...ter-nf_tables_arp-don-t-set-forward-chain.patch | 20 - ...f_tables-remove-hooks-from-family-definit.patch | 233 ---- ...emove-defensive-check-on-malformed-packet.patch | 302 ---- .../314-v4.16-netfilter-meta-secpath-support.patch | 101 -- ...onntrack-move-nf_ct_netns_-get-put-to-cor.patch | 142 -- ...r-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch | 169 --- ...nf_tables-add-flow-table-netlink-frontend.patch | 1079 --------------- ...ter-add-generic-flow-table-infrastructure.patch | 586 -------- ....16-netfilter-flow-table-support-for-IPv4.patch | 334 ----- ....16-netfilter-flow-table-support-for-IPv6.patch | 354 ----- ...low-table-support-for-the-mixed-IPv4-IPv6.patch | 141 -- ...tfilter-nf_tables-flow-offload-expression.patch | 332 ----- ...f_tables-remove-nhooks-field-from-struct-.patch | 113 -- ...f_tables-fix-a-typo-in-nf_tables_getflowt.patch | 22 - ...r-improve-flow-table-Kconfig-dependencies.patch | 106 -- ...f_tables-remove-flag-field-from-struct-nf.patch | 59 - ...f_tables-no-need-for-struct-nft_af_info-t.patch | 80 -- ...f_tables-remove-struct-nft_af_info-parame.patch | 60 - ...f_tables-fix-potential-NULL-ptr-deref-in-.patch | 30 - ...f_tables-add-single-table-list-for-all-fa.patch | 1450 -------------------- ...15-netfilter-exit_net-cleanup-check-added.patch | 100 -- ...lter-nf_tables-get-rid-of-pernet-families.patch | 598 -------- ...f_tables-get-rid-of-struct-nft_af_info-ab.patch | 1204 ---------------- ...ft_flow_offload-wait-for-garbage-collecto.patch | 47 - ...ft_flow_offload-no-need-to-flush-entries-.patch | 29 - ...ft_flow_offload-move-flowtable-cleanup-ro.patch | 97 -- ...16-netfilter-nf_tables-fix-flowtable-free.patch | 140 -- ...ft_flow_offload-handle-netdevice-events-f.patch | 8 +- ...f_tables-allocate-handle-and-delete-objec.patch | 468 ------- ...f_flow_offload-fix-use-after-free-and-a-r.patch | 95 -- ...lowtable-infrastructure-depends-on-NETFIL.patch | 73 - ...v4.16-netfilter-remove-duplicated-include.patch | 29 - ...f_flow_table-use-IP_CT_DIR_-values-for-FL.patch | 35 - ...nf_flow_table-clean-up-flow_offload_alloc.patch | 118 -- ...4.18-ipv6-make-ip6_dst_mtu_forward-inline.patch | 80 -- ...f_flow_table-cache-mtu-in-struct-flow_off.patch | 145 -- ...f_flow_table-rename-nf_flow_table.c-to-nf.patch | 952 ------------- ...f_flow_table-move-ipv4-offload-hook-code-.patch | 522 ------- ...f_flow_table-move-ip-header-check-out-of-.patch | 32 - ...f_flow_table-move-ipv6-offload-hook-code-.patch | 483 ------- ...f_flow_table-relax-mixed-ipv4-ipv6-flowta.patch | 23 - ...f_flow_table-move-init-code-to-nf_flow_ta.patch | 298 ---- ...f_flow_table-fix-priv-pointer-for-netdev-.patch | 22 - ...f_flow_table-track-flow-tables-in-nf_flow.patch | 114 -- ...f_flow_table-make-flow_offload_dead-inlin.patch | 38 - ...f_flow_table-add-a-new-flow-state-for-tea.patch | 83 -- ...f_flow_table-in-flow_offload_lookup-skip-.patch | 36 - ...f_flow_table-add-support-for-sending-flow.patch | 99 -- ...f_flow_table-tear-down-TCP-flows-if-RST-o.patch | 81 -- ...f_flow_table-fix-checksum-when-handling-D.patch | 19 - ...f_flow_table-clean-up-and-fix-dst-handlin.patch | 8 +- ...f_flow_table-add-missing-condition-for-TC.patch | 48 - ...f_flow_table-fix-offloading-connections-w.patch | 23 - ...etfilter-nf_flow_table-attach-dst-to-skbs.patch | 49 - ...f_flow_table-fix-offloaded-connection-tim.patch | 10 +- ...f_flow_table-fix-up-ct-state-of-flows-aft.patch | 2 +- ...6-leds-trigger-Introduce-a-NETDEV-trigger.patch | 588 -------- ...e-re-linking-of-inodes-correctly-while-re.patch | 10 +- target/linux/generic/config-4.19 | 264 ++++ .../generic/files/drivers/net/phy/swconfig_leds.c | 23 +- .../generic/hack-4.19/202-reduce_module_size.patch | 4 +- .../linux/generic/hack-4.19/204-module_strip.patch | 38 +- .../generic/hack-4.19/207-disable-modorder.patch | 6 +- .../hack-4.19/210-darwin_scripts_include.patch | 12 - .../hack-4.19/211-host_tools_portability.patch | 2 +- .../linux/generic/hack-4.19/220-gc_sections.patch | 226 ++- .../generic/hack-4.19/221-module_exports.patch | 34 +- .../hack-4.19/230-openwrt_lzma_options.patch | 8 +- .../generic/hack-4.19/250-netfilter_depends.patch | 4 +- .../generic/hack-4.19/251-sound_kconfig.patch | 18 +- .../generic/hack-4.19/259-regmap_dynamic.patch | 14 +- .../hack-4.19/260-crypto_test_dependencies.patch | 6 +- .../linux/generic/hack-4.19/280-rfkill-stubs.patch | 2 +- .../hack-4.19/301-mips_image_cmdline_hack.patch | 2 +- .../hack-4.19/321-powerpc_crtsavres_prereq.patch | 9 +- .../640-bridge-only-accept-EAP-locally.patch | 4 +- .../hack-4.19/647-netfilter-flow-acct.patch | 2 +- .../650-netfilter-add-xt_OFFLOAD-target.patch | 16 +- .../hack-4.19/651-wireless_mesh_header.patch | 2 +- .../generic/hack-4.19/660-fq_codel_defaults.patch | 2 +- .../hack-4.19/661-use_fq_codel_by_default.patch | 16 +- .../generic/hack-4.19/662-remove_pfifo_fast.patch | 172 ++- .../hack-4.19/700-swconfig_switch_drivers.patch | 6 +- .../hack-4.19/702-phy_add_aneg_done_function.patch | 4 +- .../linux/generic/hack-4.19/721-phy_packets.patch | 30 +- .../hack-4.19/773-bgmac-add-srab-switch.patch | 6 +- .../generic/hack-4.19/835-misc-owl_loader.patch | 6 +- .../generic/hack-4.19/901-debloat_sock_diag.patch | 20 +- .../linux/generic/hack-4.19/902-debloat_proc.patch | 126 +- .../generic/hack-4.19/904-debloat_dma_buf.patch | 6 +- .../generic/hack-4.19/910-kobject_uevent.patch | 2 +- .../911-kobject_add_broadcast_uevent.patch | 8 +- ...1-always-create-console-node-in-initramfs.patch | 6 +- target/linux/generic/hack-4.19/930-crashlog.patch | 22 +- ...-fix-problem-with-platfom-data-in-w1-gpio.patch | 24 +- ...rocess-negative-stack-offsets-on-stack-tr.patch | 2 +- .../pending-4.19/110-ehci_hcd_ignore_oc.patch | 12 +- ...c_node_mem_map-with-ARCH_PFN_OFFSET-calcu.patch | 2 +- ...o_set_value_cansleep-for-setting-chipsele.patch | 2 +- ...-bridge_allow_receiption_on_disabled_port.patch | 4 +- ...t-add-generic-parsing-of-linux-part-probe.patch | 18 +- ...Fix-inefficient-copy-of-unaligned-buffers.patch | 50 - ...180-net-phy-at803x-add-support-for-AT8032.patch | 16 +- ...x-wrong-comment-related-to-link-detection.patch | 43 - .../pending-4.19/201-extra_optimization.patch | 2 +- .../pending-4.19/203-kallsyms_uncompressed.patch | 22 +- .../pending-4.19/205-backtrace_module_info.patch | 6 +- .../pending-4.19/220-optimize_inlining.patch | 18 +- .../pending-4.19/300-mips_expose_boot_raw.patch | 4 +- .../pending-4.19/304-mips_disable_fpu.patch | 4 +- .../pending-4.19/307-mips_highmem_offset.patch | 2 +- .../generic/pending-4.19/308-mips32r2_tune.patch | 2 +- .../pending-4.19/332-arc-add-OWRTDTB-section.patch | 4 +- ...340-MIPS-mm-remove-mips_dma_mapping_error.patch | 32 - ...m-remove-no-op-dma_map_ops-where-possible.patch | 160 +-- .../400-mtd-add-rootfs-split-support.patch | 8 +- ...port-for-different-partition-parser-types.patch | 4 +- ...mtd-parsers-for-rootfs-and-firmware-split.patch | 4 +- .../403-mtd-hook-mtdsplit-to-Kbuild.patch | 2 +- .../404-mtd-add-more-helper-functions.patch | 6 +- .../411-mtd-partial_eraseblock_write.patch | 106 +- .../412-mtd-partial_eraseblock_unlock.patch | 2 +- .../430-mtd-add-myloader-partition-parser.patch | 2 +- .../generic/pending-4.19/440-block2mtd_init.patch | 20 +- .../generic/pending-4.19/441-block2mtd_probe.patch | 8 +- ...allow-fallback-from-spi_flash_read-to-reg.patch | 36 - ...-allow-NOR-driver-to-write-fewer-bytes-th.patch | 4 +- .../460-mtd-cfi_cmdset_0002-no-erase_suspend.patch | 2 +- ..._cmdset_0002-add-buffer-write-cmd-timeout.patch | 2 +- ...465-m25p80-mx-disable-software-protection.patch | 14 +- ...spi-nor-fix-Spansion-regressions-aliased-.patch | 14 +- ...-support-limiting-4K-sectors-support-base.patch | 2 +- ...mtd-spi-nor-Add-Winbond-w25q128jv-support.patch | 2 +- .../476-mtd-spi-nor-add-eon-en25q128.patch | 4 +- .../477-mtd-add-spi-nor-add-mx25u3235f.patch | 2 +- ...-Add-support-for-XM25QH64A-and-XM25QH128A.patch | 30 - .../479-mtd-spi-nor-add-eon-en25qh32.patch | 10 - .../480-mtd-set-rootfs-to-be-root-dev.patch | 2 +- ...tach-mtd-device-named-ubi-or-data-on-boot.patch | 4 +- ...-mounting-ubi0-rootfs-in-init-do_mounts.c.patch | 4 +- .../494-mtd-ubi-add-EOF-marker-support.patch | 2 +- .../495-mtd-core-add-get_mtd_device_by_node.patch | 4 +- ...tdconcat-add-dt-driver-for-concat-devices.patch | 2 +- .../530-jffs2_make_lzma_available.patch | 6 +- ...1-ubifs-fix-default-compression-selection.patch | 8 +- ...ption-to-create-UBI-FS-version-4-on-empty.patch | 2 +- .../600-netfilter_conntrack_flush.patch | 43 +- ...610-netfilter_match_bypass_default_checks.patch | 12 +- .../611-netfilter_match_bypass_default_table.patch | 63 +- .../612-netfilter_match_reduce_memory_access.patch | 2 +- .../613-netfilter_optional_tcp_window_check.patch | 6 +- .../pending-4.19/616-net_optimize_xfrm_calls.patch | 4 +- ...ed-codel-do-not-defer-queue-length-update.patch | 4 +- .../pending-4.19/630-packet_socket_type.patch | 16 +- ...f_flow_table-add-hardware-offload-support.patch | 47 +- ...f_flow_table-support-hw-offload-through-v.patch | 8 +- ...8021q-support-hardware-flow-table-offload.patch | 4 +- ...ridge-support-hardware-flow-table-offload.patch | 4 +- ...pppoe-support-hardware-flow-table-offload.patch | 6 +- ...f_flow_table-rework-hardware-offload-time.patch | 2 +- .../pending-4.19/655-increase_skb_pad.patch | 2 +- .../666-Add-support-for-MAP-E-FMRs-mesh-mode.patch | 28 +- ...jecting-with-source-address-failed-policy.patch | 86 +- ...-defines-for-_POLICY_FAILED-until-all-cod.patch | 4 +- ...80-NET-skip-GRO-for-foreign-MAC-addresses.patch | 26 +- .../681-NET-add-of_get_mac_address_mtd.patch | 8 +- .../generic/pending-4.19/701-phy_extension.patch | 2 +- ...-add-detach-callback-to-struct-phy_driver.patch | 4 +- ...t-phy-at803x-allow-to-configure-via-pdata.patch | 12 +- .../735-net-phy-at803x-fix-at8033-sgmii-mode.patch | 2 +- ...-net-phy-at803x-allow-to-configure-via-dt.patch | 6 +- .../810-pci_disable_common_quirks.patch | 36 +- .../811-pci_disable_usb_common_quirks.patch | 18 +- .../generic/pending-4.19/834-ledtrig-libata.patch | 12 +- .../generic/pending-4.19/920-mangle_bootargs.patch | 6 +- ...50-tty-serial-exar-generalize-rs485-setup.patch | 76 - 225 files changed, 1181 insertions(+), 19291 deletions(-) delete mode 100644 target/linux/generic/backport-4.19/012-kbuild-add-macro-for-controlling-warnings-to-linux-c.patch delete mode 100644 target/linux/generic/backport-4.19/013-disable-Wattribute-alias-warning-for-SYSCALL_DEFINEx.patch delete mode 100644 target/linux/generic/backport-4.19/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch delete mode 100644 target/linux/generic/backport-4.19/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch delete mode 100644 target/linux/generic/backport-4.19/030-v4.17-0001-usb-dwc2-add-support-for-host-mode-external-vbus-sup.patch delete mode 100644 target/linux/generic/backport-4.19/030-v4.17-0002-usb-dwc2-dwc2_vbus_supply_init-fix-error-check.patch delete mode 100644 target/linux/generic/backport-4.19/040-v4.17-0001-mtd-move-code-adding-master-MTD-out-of-mtd_add_devic.patch delete mode 100644 target/linux/generic/backport-4.19/040-v4.17-0002-mtd-get-rid-of-the-mtd_add_device_partitions.patch delete mode 100644 target/linux/generic/backport-4.19/041-v4.17-0001-mtd-partitions-add-of_match_table-parser-matching-fo.patch delete mode 100644 target/linux/generic/backport-4.19/041-v4.17-0002-mtd-rename-ofpart-parser-to-fixed-partitions-as-it-f.patch delete mode 100644 target/linux/generic/backport-4.19/041-v4.17-0003-mtd-ofpart-add-of_match_table-with-fixed-partitions.patch delete mode 100644 target/linux/generic/backport-4.19/042-v4.18-0001-mtd-move-code-adding-registering-partitions-to-the-p.patch delete mode 100644 target/linux/generic/backport-4.19/043-v4.18-mtd-bcm47xxpart-improve-handling-TRX-partition-size.patch delete mode 100644 target/linux/generic/backport-4.19/044-v4.18-mtd-bcm47xxpart-add-of_match_table-with-a-new-DT-bin.patch delete mode 100644 target/linux/generic/backport-4.19/045-v4.19-mtd-parsers-trx-add-of_match_table-with-the-new-DT-b.patch delete mode 100644 target/linux/generic/backport-4.19/046-v4.19-mtd-partitions-use-DT-info-for-parsing-partitions-wi.patch delete mode 100644 target/linux/generic/backport-4.19/071-v4.15-0001-net-bgmac-enable-master-mode-for-BCM54210E-and-B5021.patch delete mode 100644 target/linux/generic/backport-4.19/076-v4.15-0001-net-phy-broadcom-support-new-device-flag-for-setting.patch delete mode 100644 target/linux/generic/backport-4.19/085-v4.16-0001-i2c-gpio-Enable-working-over-slow-can_sleep-GPIOs.patch delete mode 100644 target/linux/generic/backport-4.19/090-net-bridge-add-support-for-port-isolation.patch delete mode 100644 target/linux/generic/backport-4.19/272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch delete mode 100644 target/linux/generic/backport-4.19/289-v4.16-netfilter-add-defines-for-arp-decnet-max-hooks.patch delete mode 100644 target/linux/generic/backport-4.19/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch delete mode 100644 target/linux/generic/backport-4.19/291-v4.16-netfilter-core-remove-synchronize_net-call-if-nfqueu.patch delete mode 100644 target/linux/generic/backport-4.19/292-v4.16-netfilter-core-free-hooks-with-call_rcu.patch delete mode 100644 target/linux/generic/backport-4.19/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch delete mode 100644 target/linux/generic/backport-4.19/294-v4.16-netfilter-reduce-hook-array-sizes-to-what-is-needed.patch delete mode 100644 target/linux/generic/backport-4.19/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch delete mode 100644 target/linux/generic/backport-4.19/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch delete mode 100644 target/linux/generic/backport-4.19/297-v4.16-netfilter-core-pass-hook-number-family-and-device-to.patch delete mode 100644 target/linux/generic/backport-4.19/298-v4.16-netfilter-core-add-nf_remove_net_hook.patch delete mode 100644 target/linux/generic/backport-4.19/298-v4.16-netfilter-core-pass-family-as-parameter-to-nf_remove.patch delete mode 100644 target/linux/generic/backport-4.19/299-v4.16-netfilter-core-support-for-NFPROTO_INET-hook-registr.patch delete mode 100644 target/linux/generic/backport-4.19/300-v4.16-netfilter-nf_tables-explicit-nft_set_pktinfo-call-fr.patch delete mode 100644 target/linux/generic/backport-4.19/301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch delete mode 100644 target/linux/generic/backport-4.19/302-v4.16-netfilter-nf_tables_inet-don-t-use-multihook-infrast.patch delete mode 100644 target/linux/generic/backport-4.19/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch delete mode 100644 target/linux/generic/backport-4.19/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch delete mode 100644 target/linux/generic/backport-4.19/305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch delete mode 100644 target/linux/generic/backport-4.19/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch delete mode 100644 target/linux/generic/backport-4.19/307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch delete mode 100644 target/linux/generic/backport-4.19/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch delete mode 100644 target/linux/generic/backport-4.19/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch delete mode 100644 target/linux/generic/backport-4.19/310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch delete mode 100644 target/linux/generic/backport-4.19/311-v4.16-netfilter-nf_tables_arp-don-t-set-forward-chain.patch delete mode 100644 target/linux/generic/backport-4.19/312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch delete mode 100644 target/linux/generic/backport-4.19/313-v4.16-netfilter-remove-defensive-check-on-malformed-packet.patch delete mode 100644 target/linux/generic/backport-4.19/314-v4.16-netfilter-meta-secpath-support.patch delete mode 100644 target/linux/generic/backport-4.19/315-v4.15-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch delete mode 100644 target/linux/generic/backport-4.19/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch delete mode 100644 target/linux/generic/backport-4.19/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch delete mode 100644 target/linux/generic/backport-4.19/322-v4.16-netfilter-add-generic-flow-table-infrastructure.patch delete mode 100644 target/linux/generic/backport-4.19/323-v4.16-netfilter-flow-table-support-for-IPv4.patch delete mode 100644 target/linux/generic/backport-4.19/324-v4.16-netfilter-flow-table-support-for-IPv6.patch delete mode 100644 target/linux/generic/backport-4.19/325-v4.16-netfilter-flow-table-support-for-the-mixed-IPv4-IPv6.patch delete mode 100644 target/linux/generic/backport-4.19/326-v4.16-netfilter-nf_tables-flow-offload-expression.patch delete mode 100644 target/linux/generic/backport-4.19/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch delete mode 100644 target/linux/generic/backport-4.19/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch delete mode 100644 target/linux/generic/backport-4.19/329-v4.16-netfilter-improve-flow-table-Kconfig-dependencies.patch delete mode 100644 target/linux/generic/backport-4.19/330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch delete mode 100644 target/linux/generic/backport-4.19/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch delete mode 100644 target/linux/generic/backport-4.19/332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch delete mode 100644 target/linux/generic/backport-4.19/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch delete mode 100644 target/linux/generic/backport-4.19/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch delete mode 100644 target/linux/generic/backport-4.19/336-v4.15-netfilter-exit_net-cleanup-check-added.patch delete mode 100644 target/linux/generic/backport-4.19/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch delete mode 100644 target/linux/generic/backport-4.19/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch delete mode 100644 target/linux/generic/backport-4.19/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch delete mode 100644 target/linux/generic/backport-4.19/340-v4.16-netfilter-nft_flow_offload-no-need-to-flush-entries-.patch delete mode 100644 target/linux/generic/backport-4.19/341-v4.16-netfilter-nft_flow_offload-move-flowtable-cleanup-ro.patch delete mode 100644 target/linux/generic/backport-4.19/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch delete mode 100644 target/linux/generic/backport-4.19/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch delete mode 100644 target/linux/generic/backport-4.19/345-v4.16-netfilter-nf_flow_offload-fix-use-after-free-and-a-r.patch delete mode 100644 target/linux/generic/backport-4.19/346-v4.16-netfilter-flowtable-infrastructure-depends-on-NETFIL.patch delete mode 100644 target/linux/generic/backport-4.19/347-v4.16-netfilter-remove-duplicated-include.patch delete mode 100644 target/linux/generic/backport-4.19/348-v4.18-netfilter-nf_flow_table-use-IP_CT_DIR_-values-for-FL.patch delete mode 100644 target/linux/generic/backport-4.19/349-v4.18-netfilter-nf_flow_table-clean-up-flow_offload_alloc.patch delete mode 100644 target/linux/generic/backport-4.19/350-v4.18-ipv6-make-ip6_dst_mtu_forward-inline.patch delete mode 100644 target/linux/generic/backport-4.19/351-v4.18-netfilter-nf_flow_table-cache-mtu-in-struct-flow_off.patch delete mode 100644 target/linux/generic/backport-4.19/352-v4.18-netfilter-nf_flow_table-rename-nf_flow_table.c-to-nf.patch delete mode 100644 target/linux/generic/backport-4.19/353-v4.18-netfilter-nf_flow_table-move-ipv4-offload-hook-code-.patch delete mode 100644 target/linux/generic/backport-4.19/354-v4.18-netfilter-nf_flow_table-move-ip-header-check-out-of-.patch delete mode 100644 target/linux/generic/backport-4.19/355-v4.18-netfilter-nf_flow_table-move-ipv6-offload-hook-code-.patch delete mode 100644 target/linux/generic/backport-4.19/356-v4.18-netfilter-nf_flow_table-relax-mixed-ipv4-ipv6-flowta.patch delete mode 100644 target/linux/generic/backport-4.19/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch delete mode 100644 target/linux/generic/backport-4.19/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch delete mode 100644 target/linux/generic/backport-4.19/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch delete mode 100644 target/linux/generic/backport-4.19/360-v4.18-netfilter-nf_flow_table-make-flow_offload_dead-inlin.patch delete mode 100644 target/linux/generic/backport-4.19/361-v4.18-netfilter-nf_flow_table-add-a-new-flow-state-for-tea.patch delete mode 100644 target/linux/generic/backport-4.19/362-v4.18-netfilter-nf_flow_table-in-flow_offload_lookup-skip-.patch delete mode 100644 target/linux/generic/backport-4.19/363-v4.18-netfilter-nf_flow_table-add-support-for-sending-flow.patch delete mode 100644 target/linux/generic/backport-4.19/364-v4.18-netfilter-nf_flow_table-tear-down-TCP-flows-if-RST-o.patch delete mode 100644 target/linux/generic/backport-4.19/365-v4.16-netfilter-nf_flow_table-fix-checksum-when-handling-D.patch delete mode 100644 target/linux/generic/backport-4.19/367-v4.18-netfilter-nf_flow_table-add-missing-condition-for-TC.patch delete mode 100644 target/linux/generic/backport-4.19/368-v4.18-netfilter-nf_flow_table-fix-offloading-connections-w.patch delete mode 100644 target/linux/generic/backport-4.19/369-v4.18-netfilter-nf_flow_table-attach-dst-to-skbs.patch delete mode 100644 target/linux/generic/backport-4.19/400-v4.16-leds-trigger-Introduce-a-NETDEV-trigger.patch delete mode 100644 target/linux/generic/pending-4.19/171-usb-dwc2-Fix-inefficient-copy-of-unaligned-buffers.patch delete mode 100644 target/linux/generic/pending-4.19/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch delete mode 100644 target/linux/generic/pending-4.19/340-MIPS-mm-remove-mips_dma_mapping_error.patch delete mode 100644 target/linux/generic/pending-4.19/450-mtd-m25p80-allow-fallback-from-spi_flash_read-to-reg.patch delete mode 100644 target/linux/generic/pending-4.19/478-mtd-spi-nor-Add-support-for-XM25QH64A-and-XM25QH128A.patch delete mode 100644 target/linux/generic/pending-4.19/479-mtd-spi-nor-add-eon-en25qh32.patch delete mode 100644 target/linux/generic/pending-4.19/950-tty-serial-exar-generalize-rs485-setup.patch diff --git a/include/kernel-version.mk b/include/kernel-version.mk index 7433b31078..dda480613c 100644 --- a/include/kernel-version.mk +++ b/include/kernel-version.mk @@ -5,10 +5,12 @@ LINUX_RELEASE?=1 LINUX_VERSION-3.18 = .129 LINUX_VERSION-4.9 = .145 LINUX_VERSION-4.14 = .88 +LINUX_VERSION-4.19 = .9 LINUX_KERNEL_HASH-3.18.129 = 8d420b58593a74109175be781da2320a341baec9aaa186da31ad508d3f377e72 LINUX_KERNEL_HASH-4.9.145 = 6901ca37e8c305a2f26c598952338b4dc2481ca5a9d0bf71e2b71730a5b5bc5e LINUX_KERNEL_HASH-4.14.88 = b0f0b8c76708eab6caf3009702e531d40a243b152922ee1f9a441316f226f52d +LINUX_KERNEL_HASH-4.19.9 = fc116cc6829c73944215d3b3ac0fc368dde9e8235b456744afffde001269dbf2 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1)))) sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1))))))) diff --git a/target/linux/generic/backport-4.19/011-kbuild-export-SUBARCH.patch b/target/linux/generic/backport-4.19/011-kbuild-export-SUBARCH.patch index 3df01c34b1..b5f654906a 100644 --- a/target/linux/generic/backport-4.19/011-kbuild-export-SUBARCH.patch +++ b/target/linux/generic/backport-4.19/011-kbuild-export-SUBARCH.patch @@ -10,14 +10,14 @@ Signed-off-by: Felix Fietkau --- a/Makefile +++ b/Makefile -@@ -428,8 +428,8 @@ KBUILD_CFLAGS_MODULE := -DMODULE - KBUILD_LDFLAGS_MODULE := -T $(srctree)/scripts/module-common.lds +@@ -431,8 +431,8 @@ KBUILD_LDFLAGS_MODULE := -T $(srctree)/s + KBUILD_LDFLAGS := GCC_PLUGINS_CFLAGS := --export ARCH SRCARCH CONFIG_SHELL HOSTCC HOSTCFLAGS CROSS_COMPILE AS LD CC --export CPP AR NM STRIP OBJCOPY OBJDUMP HOSTLDFLAGS HOST_LOADLIBES -+export ARCH SRCARCH SUBARCH CONFIG_SHELL HOSTCC HOSTCFLAGS CROSS_COMPILE AS LD -+export CC CPP AR NM STRIP OBJCOPY OBJDUMP HOSTLDFLAGS HOST_LOADLIBES - export MAKE AWK GENKSYMS INSTALLKERNEL PERL PYTHON UTS_MACHINE - export HOSTCXX HOSTCXXFLAGS LDFLAGS_MODULE CHECK CHECKFLAGS +-export ARCH SRCARCH CONFIG_SHELL HOSTCC KBUILD_HOSTCFLAGS CROSS_COMPILE AS LD CC +-export CPP AR NM STRIP OBJCOPY OBJDUMP KBUILD_HOSTLDFLAGS KBUILD_HOSTLDLIBS ++export ARCH SRCARCH SUBARCH CONFIG_SHELL HOSTCC KBUILD_HOSTCFLAGS CROSS_COMPILE AS LD ++export CC CPP AR NM STRIP OBJCOPY OBJDUMP KBUILD_HOSTLDFLAGS KBUILD_HOSTLDLIBS + export MAKE LEX YACC AWK GENKSYMS INSTALLKERNEL PERL PYTHON PYTHON2 PYTHON3 UTS_MACHINE + export HOSTCXX KBUILD_HOSTCXXFLAGS LDFLAGS_MODULE CHECK CHECKFLAGS diff --git a/target/linux/generic/backport-4.19/012-kbuild-add-macro-for-controlling-warnings-to-linux-c.patch b/target/linux/generic/backport-4.19/012-kbuild-add-macro-for-controlling-warnings-to-linux-c.patch deleted file mode 100644 index 7617c2e5f5..0000000000 --- a/target/linux/generic/backport-4.19/012-kbuild-add-macro-for-controlling-warnings-to-linux-c.patch +++ /dev/null @@ -1,140 +0,0 @@ -From: Arnd Bergmann -Date: Tue, 19 Jun 2018 13:14:56 -0700 -Subject: [PATCH] kbuild: add macro for controlling warnings to - linux/compiler.h - -I have occasionally run into a situation where it would make sense to -control a compiler warning from a source file rather than doing so from -a Makefile using the $(cc-disable-warning, ...) or $(cc-option, ...) -helpers. - -The approach here is similar to what glibc uses, using __diag() and -related macros to encapsulate a _Pragma("GCC diagnostic ...") statement -that gets turned into the respective "#pragma GCC diagnostic ..." by -the preprocessor when the macro gets expanded. - -Like glibc, I also have an argument to pass the affected compiler -version, but decided to actually evaluate that one. For now, this -supports GCC_4_6, GCC_4_7, GCC_4_8, GCC_4_9, GCC_5, GCC_6, GCC_7, -GCC_8 and GCC_9. Adding support for CLANG_5 and other interesting -versions is straightforward here. GNU compilers starting with gcc-4.2 -could support it in principle, but "#pragma GCC diagnostic push" -was only added in gcc-4.6, so it seems simpler to not deal with those -at all. The same versions show a large number of warnings already, -so it seems easier to just leave it at that and not do a more -fine-grained control for them. - -The use cases I found so far include: - -- turning off the gcc-8 -Wattribute-alias warning inside of the - SYSCALL_DEFINEx() macro without having to do it globally. - -- Reducing the build time for a simple re-make after a change, - once we move the warnings from ./Makefile and - ./scripts/Makefile.extrawarn into linux/compiler.h - -- More control over the warnings based on other configurations, - using preprocessor syntax instead of Makefile syntax. This should make - it easier for the average developer to understand and change things. - -- Adding an easy way to turn the W=1 option on unconditionally - for a subdirectory or a specific file. This has been requested - by several developers in the past that want to have their subsystems - W=1 clean. - -- Integrating clang better into the build systems. Clang supports - more warnings than GCC, and we probably want to classify them - as default, W=1, W=2 etc, but there are cases in which the - warnings should be classified differently due to excessive false - positives from one or the other compiler. - -- Adding a way to turn the default warnings into errors (e.g. using - a new "make E=0" tag) while not also turning the W=1 warnings into - errors. - -This patch for now just adds the minimal infrastructure in order to -do the first of the list above. As the #pragma GCC diagnostic -takes precedence over command line options, the next step would be -to convert a lot of the individual Makefiles that set nonstandard -options to use __diag() instead. - -[paul.burton@mips.com: - - Rebase atop current master. - - Add __diag_GCC, or more generally __diag_, abstraction to - avoid code outside of linux/compiler-gcc.h needing to duplicate - knowledge about different GCC versions. - - Add a comment argument to __diag_{ignore,warn,error} which isn't - used in the expansion of the macros but serves to push people to - document the reason for using them - per feedback from Kees Cook. - - Translate severity to GCC-specific pragmas in linux/compiler-gcc.h - rather than using GCC-specific in linux/compiler_types.h. - - Drop all but GCC 8 macros, since we only need to define macros for - versions that we need to introduce pragmas for, and as of this - series that's just GCC 8. - - Capitalize comments in linux/compiler-gcc.h to match the style of - the rest of the file. - - Line up macro definitions with tabs in linux/compiler-gcc.h.] - -Signed-off-by: Arnd Bergmann -Signed-off-by: Paul Burton -Tested-by: Christophe Leroy -Tested-by: Stafford Horne -Signed-off-by: Masahiro Yamada ---- - ---- a/include/linux/compiler-gcc.h -+++ b/include/linux/compiler-gcc.h -@@ -358,3 +358,28 @@ - * code - */ - #define uninitialized_var(x) x = x -+ -+/* -+ * Turn individual warnings and errors on and off locally, depending -+ * on version. -+ */ -+#define __diag_GCC(version, severity, s) \ -+ __diag_GCC_ ## version(__diag_GCC_ ## severity s) -+ -+/* Severity used in pragma directives */ -+#define __diag_GCC_ignore ignored -+#define __diag_GCC_warn warning -+#define __diag_GCC_error error -+ -+/* Compilers before gcc-4.6 do not understand "#pragma GCC diagnostic push" */ -+#if GCC_VERSION >= 40600 -+#define __diag_str1(s) #s -+#define __diag_str(s) __diag_str1(s) -+#define __diag(s) _Pragma(__diag_str(GCC diagnostic s)) -+#endif -+ -+#if GCC_VERSION >= 80000 -+#define __diag_GCC_8(s) __diag(s) -+#else -+#define __diag_GCC_8(s) -+#endif ---- a/include/linux/compiler_types.h -+++ b/include/linux/compiler_types.h -@@ -283,4 +283,22 @@ struct ftrace_likely_data { - # define __native_word(t) (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long)) - #endif - -+#ifndef __diag -+#define __diag(string) -+#endif -+ -+#ifndef __diag_GCC -+#define __diag_GCC(version, severity, string) -+#endif -+ -+#define __diag_push() __diag(push) -+#define __diag_pop() __diag(pop) -+ -+#define __diag_ignore(compiler, version, option, comment) \ -+ __diag_ ## compiler(version, ignore, option) -+#define __diag_warn(compiler, version, option, comment) \ -+ __diag_ ## compiler(version, warn, option) -+#define __diag_error(compiler, version, option, comment) \ -+ __diag_ ## compiler(version, error, option) -+ - #endif /* __LINUX_COMPILER_TYPES_H */ diff --git a/target/linux/generic/backport-4.19/013-disable-Wattribute-alias-warning-for-SYSCALL_DEFINEx.patch b/target/linux/generic/backport-4.19/013-disable-Wattribute-alias-warning-for-SYSCALL_DEFINEx.patch deleted file mode 100644 index 2440ed8c0d..0000000000 --- a/target/linux/generic/backport-4.19/013-disable-Wattribute-alias-warning-for-SYSCALL_DEFINEx.patch +++ /dev/null @@ -1,88 +0,0 @@ -From: Arnd Bergmann -Date: Tue, 19 Jun 2018 13:14:57 -0700 -Subject: [PATCH] disable -Wattribute-alias warning for SYSCALL_DEFINEx() - -gcc-8 warns for every single definition of a system call entry -point, e.g.: - -include/linux/compat.h:56:18: error: 'compat_sys_rt_sigprocmask' alias between functions of incompatible types 'long int(int, compat_sigset_t *, compat_sigset_t *, compat_size_t)' {aka 'long int(int, struct *, struct *, unsigned int)'} and 'long int(long int, long int, long int, long int)' [-Werror=attribute-alias] - asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))\ - ^~~~~~~~~~ -include/linux/compat.h:45:2: note: in expansion of macro 'COMPAT_SYSCALL_DEFINEx' - COMPAT_SYSCALL_DEFINEx(4, _##name, __VA_ARGS__) - ^~~~~~~~~~~~~~~~~~~~~~ -kernel/signal.c:2601:1: note: in expansion of macro 'COMPAT_SYSCALL_DEFINE4' - COMPAT_SYSCALL_DEFINE4(rt_sigprocmask, int, how, compat_sigset_t __user *, nset, - ^~~~~~~~~~~~~~~~~~~~~~ -include/linux/compat.h:60:18: note: aliased declaration here - asmlinkage long compat_SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__))\ - ^~~~~~~~~~ - -The new warning seems reasonable in principle, but it doesn't -help us here, since we rely on the type mismatch to sanitize the -system call arguments. After I reported this as GCC PR82435, a new --Wno-attribute-alias option was added that could be used to turn the -warning off globally on the command line, but I'd prefer to do it a -little more fine-grained. - -Interestingly, turning a warning off and on again inside of -a single macro doesn't always work, in this case I had to add -an extra statement inbetween and decided to copy the __SC_TEST -one from the native syscall to the compat syscall macro. See -https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83256 for more details -about this. - -[paul.burton@mips.com: - - Rebase atop current master. - - Split GCC & version arguments to __diag_ignore() in order to match - changes to the preceding patch. - - Add the comment argument to match the preceding patch.] - -Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82435 -Signed-off-by: Arnd Bergmann -Signed-off-by: Paul Burton -Tested-by: Christophe Leroy -Tested-by: Stafford Horne -Signed-off-by: Masahiro Yamada ---- - ---- a/include/linux/compat.h -+++ b/include/linux/compat.h -@@ -48,6 +48,9 @@ - COMPAT_SYSCALL_DEFINEx(6, _##name, __VA_ARGS__) - - #define COMPAT_SYSCALL_DEFINEx(x, name, ...) \ -+ __diag_push(); \ -+ __diag_ignore(GCC, 8, "-Wattribute-alias", \ -+ "Type aliasing is used to sanitize syscall arguments");\ - asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))\ - __attribute__((alias(__stringify(compat_SyS##name)))); \ - static inline long C_SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__));\ -@@ -56,6 +59,7 @@ - { \ - return C_SYSC##name(__MAP(x,__SC_DELOUSE,__VA_ARGS__)); \ - } \ -+ __diag_pop(); \ - static inline long C_SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)) - - #ifndef compat_user_stack_pointer ---- a/include/linux/syscalls.h -+++ b/include/linux/syscalls.h -@@ -208,6 +208,9 @@ static inline int is_syscall_trace_event - - #define __PROTECT(...) asmlinkage_protect(__VA_ARGS__) - #define __SYSCALL_DEFINEx(x, name, ...) \ -+ __diag_push(); \ -+ __diag_ignore(GCC, 8, "-Wattribute-alias", \ -+ "Type aliasing is used to sanitize syscall arguments");\ - asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) \ - __attribute__((alias(__stringify(SyS##name)))); \ - static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \ -@@ -219,6 +222,7 @@ static inline int is_syscall_trace_event - __PROTECT(x, ret,__MAP(x,__SC_ARGS,__VA_ARGS__)); \ - return ret; \ - } \ -+ __diag_pop(); \ - static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)) - - /* diff --git a/target/linux/generic/backport-4.19/020-backport_netfilter_rtcache.patch b/target/linux/generic/backport-4.19/020-backport_netfilter_rtcache.patch index 8a6fba4307..32b43082be 100644 --- a/target/linux/generic/backport-4.19/020-backport_netfilter_rtcache.patch +++ b/target/linux/generic/backport-4.19/020-backport_netfilter_rtcache.patch @@ -94,7 +94,7 @@ Signed-off-by: Florian Westphal +} --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig -@@ -118,6 +118,18 @@ config NF_CONNTRACK_EVENTS +@@ -135,6 +135,18 @@ config NF_CONNTRACK_EVENTS If unsure, say `N'. @@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal depends on NETFILTER_ADVANCED --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile -@@ -19,6 +19,9 @@ obj-$(CONFIG_NETFILTER_NETLINK_LOG) += n +@@ -25,6 +25,9 @@ obj-$(CONFIG_NETFILTER_NETLINK_OSF) += n # connection tracking obj-$(CONFIG_NF_CONNTRACK) += nf_conntrack.o diff --git a/target/linux/generic/backport-4.19/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch b/target/linux/generic/backport-4.19/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch deleted file mode 100644 index d9215505ee..0000000000 --- a/target/linux/generic/backport-4.19/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch +++ /dev/null @@ -1,85 +0,0 @@ -From: Eric Dumazet -Date: Sat, 11 Nov 2017 15:54:12 -0800 -Subject: [PATCH] tcp: allow drivers to tweak TSQ logic -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -I had many reports that TSQ logic breaks wifi aggregation. - -Current logic is to allow up to 1 ms of bytes to be queued into qdisc -and drivers queues. - -But Wifi aggregation needs a bigger budget to allow bigger rates to -be discovered by various TCP Congestion Controls algorithms. - -This patch adds an extra socket field, allowing wifi drivers to select -another log scale to derive TCP Small Queue credit from current pacing -rate. - -Initial value is 10, meaning that this patch does not change current -behavior. - -We expect wifi drivers to set this field to smaller values (tests have -been done with values from 6 to 9) - -They would have to use following template : - -if (skb->sk && skb->sk->sk_pacing_shift != MY_PACING_SHIFT) - skb->sk->sk_pacing_shift = MY_PACING_SHIFT; - -Ref: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1670041 -Signed-off-by: Eric Dumazet -Cc: Johannes Berg -Cc: Toke Høiland-Jørgensen -Cc: Kir Kolyshkin ---- ---- a/include/net/sock.h -+++ b/include/net/sock.h -@@ -267,6 +267,7 @@ struct sock_common { - * @sk_gso_type: GSO type (e.g. %SKB_GSO_TCPV4) - * @sk_gso_max_size: Maximum GSO segment size to build - * @sk_gso_max_segs: Maximum number of GSO segments -+ * @sk_pacing_shift: scaling factor for TCP Small Queues - * @sk_lingertime: %SO_LINGER l_linger setting - * @sk_backlog: always used with the per-socket spinlock held - * @sk_callback_lock: used with the callbacks in the end of this struct -@@ -445,6 +446,8 @@ struct sock { - sk_type : 16; - #define SK_PROTOCOL_MAX U8_MAX - u16 sk_gso_max_segs; -+#define sk_pacing_shift sk_pacing_shift /* for backport checks */ -+ u8 sk_pacing_shift; - unsigned long sk_lingertime; - struct proto *sk_prot_creator; - rwlock_t sk_callback_lock; ---- a/net/core/sock.c -+++ b/net/core/sock.c -@@ -2739,6 +2739,7 @@ void sock_init_data(struct socket *sock, - - sk->sk_max_pacing_rate = ~0U; - sk->sk_pacing_rate = ~0U; -+ sk->sk_pacing_shift = 10; - sk->sk_incoming_cpu = -1; - /* - * Before updating sk_refcnt, we must commit prior changes to memory ---- a/net/ipv4/tcp_output.c -+++ b/net/ipv4/tcp_output.c -@@ -1683,7 +1683,7 @@ u32 tcp_tso_autosize(const struct sock * - { - u32 bytes, segs; - -- bytes = min(sk->sk_pacing_rate >> 10, -+ bytes = min(sk->sk_pacing_rate >> sk->sk_pacing_shift, - sk->sk_gso_max_size - 1 - MAX_TCP_HEADER); - - /* Goal is to send at least one packet per ms, -@@ -2184,7 +2184,7 @@ static bool tcp_small_queue_check(struct - { - unsigned int limit; - -- limit = max(2 * skb->truesize, sk->sk_pacing_rate >> 10); -+ limit = max(2 * skb->truesize, sk->sk_pacing_rate >> sk->sk_pacing_shift); - limit = min_t(u32, limit, sysctl_tcp_limit_output_bytes); - limit <<= factor; - diff --git a/target/linux/generic/backport-4.19/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch b/target/linux/generic/backport-4.19/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch deleted file mode 100644 index 4201ab1744..0000000000 --- a/target/linux/generic/backport-4.19/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 4d304a6fe93538ce356b4593dc43476b50c023e7 Mon Sep 17 00:00:00 2001 -From: Giuseppe Lippolis -Date: Mon, 23 Apr 2018 09:03:06 +0200 -Subject: USB: serial: option: blacklist unused dwm-158 interfaces - -The dwm-158 interface 4 and 5 doesn't answer to the AT commands -and doesn't appears a option interface. -Tested on openwrt distribution (kernel 4.14 using the old blacklist -definitions). - -Lars Melin also writes: - - Blacklisting interface 4 and 5 is correct because: - - MI_00 D-Link Mobile Broadband Device (cdc_ether) - MI_02 D-Link HSPA+DataCard Diagnostics Interface (also ppp modem) - MI_03 D-Link HSPA+DataCard NMEA Device - MI_04 D-Link HSPA+DataCard Speech Port - MI_05 D-Link HSPA+DataCard Debug Port - MI_06 USB Mass Storage Device - -Signed-off-by: Giuseppe Lippolis -[ johan: add Lars's comment on the interface layout and reword summary ] -Cc: Lars Melin -Cc: Dan Williams -Signed-off-by: Johan Hovold ---- - drivers/usb/serial/option.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/drivers/usb/serial/option.c -+++ b/drivers/usb/serial/option.c -@@ -1927,7 +1927,8 @@ static const struct usb_device_id option - { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d01, 0xff) }, /* D-Link DWM-156 (variant) */ - { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d02, 0xff) }, - { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d03, 0xff) }, -- { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d04, 0xff) }, /* D-Link DWM-158 */ -+ { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d04, 0xff), /* D-Link DWM-158 */ -+ .driver_info = RSVD(4) | RSVD(5) }, - { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d0e, 0xff) }, /* D-Link DWM-157 C1 */ - { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7e19, 0xff), /* D-Link DWM-221 B1 */ - .driver_info = RSVD(4) }, diff --git a/target/linux/generic/backport-4.19/030-v4.17-0001-usb-dwc2-add-support-for-host-mode-external-vbus-sup.patch b/target/linux/generic/backport-4.19/030-v4.17-0001-usb-dwc2-add-support-for-host-mode-external-vbus-sup.patch deleted file mode 100644 index a17844f5e6..0000000000 --- a/target/linux/generic/backport-4.19/030-v4.17-0001-usb-dwc2-add-support-for-host-mode-external-vbus-sup.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 531ef5ebea96394ddb7f554d4d88e017dde30a59 Mon Sep 17 00:00:00 2001 -From: Amelie Delaunay -Date: Tue, 13 Feb 2018 09:28:12 +0100 -Subject: [PATCH] usb: dwc2: add support for host mode external vbus supply - -This patch adds a way to enable an external vbus supply in host mode, -when dwc2 drvvbus signal is not used. - -This patch is very similar to the one done in U-Boot dwc2 driver [1]. It -also adds dynamic vbus supply management depending on the role and state -of the core. - -[1] https://lists.denx.de/pipermail/u-boot/2017-March/283434.html - -Signed-off-by: Amelie Delaunay -Signed-off-by: Felipe Balbi ---- - drivers/usb/dwc2/core.h | 2 ++ - drivers/usb/dwc2/hcd.c | 26 ++++++++++++++++++++++++++ - 2 files changed, 28 insertions(+) - ---- a/drivers/usb/dwc2/core.h -+++ b/drivers/usb/dwc2/core.h -@@ -777,6 +777,7 @@ struct dwc2_hregs_backup { - * @plat: The platform specific configuration data. This can be - * removed once all SoCs support usb transceiver. - * @supplies: Definition of USB power supplies -+ * @vbus_supply: Regulator supplying vbus. - * @phyif: PHY interface width - * @lock: Spinlock that protects all the driver data structures - * @priv: Stores a pointer to the struct usb_hcd -@@ -914,6 +915,7 @@ struct dwc2_hsotg { - struct usb_phy *uphy; - struct dwc2_hsotg_plat *plat; - struct regulator_bulk_data supplies[DWC2_NUM_SUPPLIES]; -+ struct regulator *vbus_supply; - u32 phyif; - - spinlock_t lock; ---- a/drivers/usb/dwc2/hcd.c -+++ b/drivers/usb/dwc2/hcd.c -@@ -359,6 +359,23 @@ static void dwc2_gusbcfg_init(struct dwc - dwc2_writel(usbcfg, hsotg->regs + GUSBCFG); - } - -+static int dwc2_vbus_supply_init(struct dwc2_hsotg *hsotg) -+{ -+ hsotg->vbus_supply = devm_regulator_get_optional(hsotg->dev, "vbus"); -+ if (IS_ERR(hsotg->vbus_supply)) -+ return 0; -+ -+ return regulator_enable(hsotg->vbus_supply); -+} -+ -+static int dwc2_vbus_supply_exit(struct dwc2_hsotg *hsotg) -+{ -+ if (hsotg->vbus_supply) -+ return regulator_disable(hsotg->vbus_supply); -+ -+ return 0; -+} -+ - /** - * dwc2_enable_host_interrupts() - Enables the Host mode interrupts - * -@@ -3342,6 +3359,7 @@ static void dwc2_conn_id_status_change(s - - /* B-Device connector (Device Mode) */ - if (gotgctl & GOTGCTL_CONID_B) { -+ dwc2_vbus_supply_exit(hsotg); - /* Wait for switch to device mode */ - dev_dbg(hsotg->dev, "connId B\n"); - if (hsotg->bus_suspended) { -@@ -4448,6 +4466,9 @@ static int _dwc2_hcd_start(struct usb_hc - } - - spin_unlock_irqrestore(&hsotg->lock, flags); -+ -+ dwc2_vbus_supply_init(hsotg); -+ - return 0; - } - -@@ -4475,6 +4496,8 @@ static void _dwc2_hcd_stop(struct usb_hc - clear_bit(HCD_FLAG_HW_ACCESSIBLE, &hcd->flags); - spin_unlock_irqrestore(&hsotg->lock, flags); - -+ dwc2_vbus_supply_exit(hsotg); -+ - usleep_range(1000, 3000); - } - -@@ -4511,6 +4534,7 @@ static int _dwc2_hcd_suspend(struct usb_ - hprt0 |= HPRT0_SUSP; - hprt0 &= ~HPRT0_PWR; - dwc2_writel(hprt0, hsotg->regs + HPRT0); -+ dwc2_vbus_supply_exit(hsotg); - } - - /* Enter hibernation */ -@@ -4591,6 +4615,8 @@ static int _dwc2_hcd_resume(struct usb_h - spin_unlock_irqrestore(&hsotg->lock, flags); - dwc2_port_resume(hsotg); - } else { -+ dwc2_vbus_supply_init(hsotg); -+ - /* Wait for controller to correctly update D+/D- level */ - usleep_range(3000, 5000); - diff --git a/target/linux/generic/backport-4.19/030-v4.17-0002-usb-dwc2-dwc2_vbus_supply_init-fix-error-check.patch b/target/linux/generic/backport-4.19/030-v4.17-0002-usb-dwc2-dwc2_vbus_supply_init-fix-error-check.patch deleted file mode 100644 index 59ab805cf6..0000000000 --- a/target/linux/generic/backport-4.19/030-v4.17-0002-usb-dwc2-dwc2_vbus_supply_init-fix-error-check.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 438fea2a6325933868aebc20279e2669c9a21207 Mon Sep 17 00:00:00 2001 -From: Tomeu Vizoso -Date: Mon, 26 Mar 2018 11:00:01 +0200 -Subject: [PATCH] usb: dwc2: dwc2_vbus_supply_init: fix error check - -devm_regulator_get_optional returns -ENODEV if the regulator isn't -there, so if that's the case we have to make sure not to leave -ENODEV -in the regulator pointer. - -Also, make sure we return 0 in that case, but correctly propagate any -other errors. Also propagate the error from _dwc2_hcd_start. - -Fixes: 531ef5ebea96 ("usb: dwc2: add support for host mode external vbus supply") -Cc: Amelie Delaunay -Reviewed-by: Amelie Delaunay -Reviewed-by: Heiko Stuebner -Reviewed-by: Grigor Tovmasyan -Tested-by: Heiko Stuebner -Acked-by: Minas Harutyunyan -Signed-off-by: Tomeu Vizoso -Signed-off-by: Felipe Balbi ---- - drivers/usb/dwc2/hcd.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - ---- a/drivers/usb/dwc2/hcd.c -+++ b/drivers/usb/dwc2/hcd.c -@@ -361,9 +361,14 @@ static void dwc2_gusbcfg_init(struct dwc - - static int dwc2_vbus_supply_init(struct dwc2_hsotg *hsotg) - { -+ int ret; -+ - hsotg->vbus_supply = devm_regulator_get_optional(hsotg->dev, "vbus"); -- if (IS_ERR(hsotg->vbus_supply)) -- return 0; -+ if (IS_ERR(hsotg->vbus_supply)) { -+ ret = PTR_ERR(hsotg->vbus_supply); -+ hsotg->vbus_supply = NULL; -+ return ret == -ENODEV ? 0 : ret; -+ } - - return regulator_enable(hsotg->vbus_supply); - } -@@ -4467,9 +4472,7 @@ static int _dwc2_hcd_start(struct usb_hc - - spin_unlock_irqrestore(&hsotg->lock, flags); - -- dwc2_vbus_supply_init(hsotg); -- -- return 0; -+ return dwc2_vbus_supply_init(hsotg); - } - - /* diff --git a/target/linux/generic/backport-4.19/040-v4.17-0001-mtd-move-code-adding-master-MTD-out-of-mtd_add_devic.patch b/target/linux/generic/backport-4.19/040-v4.17-0001-mtd-move-code-adding-master-MTD-out-of-mtd_add_devic.patch deleted file mode 100644 index df6429776f..0000000000 --- a/target/linux/generic/backport-4.19/040-v4.17-0001-mtd-move-code-adding-master-MTD-out-of-mtd_add_devic.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 2c77c57d22adb05b21cdb333a0c42bdfa0e19835 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Tue, 16 Jan 2018 16:45:41 +0100 -Subject: [PATCH] mtd: move code adding master MTD out of - mtd_add_device_partitions() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This change is a small cleanup of mtd_device_parse_register(). When -using MTD_PARTITIONED_MASTER it makes sure a master MTD is registered -before dealing with partitions. The advantage of this is not mixing -code handling master MTD with code handling partitions. - -This commit doesn't change any behavior except from a slightly different -failure code path. The new code may need to call del_mtd_device when -something goes wrong. - -Signed-off-by: Rafał Miłecki -Signed-off-by: Boris Brezillon ---- - drivers/mtd/mtdcore.c | 25 +++++++++++++------------ - 1 file changed, 13 insertions(+), 12 deletions(-) - ---- a/drivers/mtd/mtdcore.c -+++ b/drivers/mtd/mtdcore.c -@@ -641,20 +641,12 @@ static int mtd_add_device_partitions(str - { - const struct mtd_partition *real_parts = parts->parts; - int nbparts = parts->nr_parts; -- int ret; - -- if (nbparts == 0 || IS_ENABLED(CONFIG_MTD_PARTITIONED_MASTER)) { -- ret = add_mtd_device(mtd); -- if (ret) -- return ret; -- } -+ if (!nbparts && !device_is_registered(&mtd->dev)) -+ return add_mtd_device(mtd); - -- if (nbparts > 0) { -- ret = add_mtd_partitions(mtd, real_parts, nbparts); -- if (ret && IS_ENABLED(CONFIG_MTD_PARTITIONED_MASTER)) -- del_mtd_device(mtd); -- return ret; -- } -+ if (nbparts > 0) -+ return add_mtd_partitions(mtd, real_parts, nbparts); - - return 0; - } -@@ -714,6 +706,12 @@ int mtd_device_parse_register(struct mtd - - mtd_set_dev_defaults(mtd); - -+ if (IS_ENABLED(CONFIG_MTD_PARTITIONED_MASTER)) { -+ ret = add_mtd_device(mtd); -+ if (ret) -+ return ret; -+ } -+ - memset(&parsed, 0, sizeof(parsed)); - - ret = parse_mtd_partitions(mtd, types, &parsed, parser_data); -@@ -753,6 +751,9 @@ int mtd_device_parse_register(struct mtd - out: - /* Cleanup any parsed partitions */ - mtd_part_parser_cleanup(&parsed); -+ if (ret && device_is_registered(&mtd->dev)) -+ del_mtd_device(mtd); -+ - return ret; - } - EXPORT_SYMBOL_GPL(mtd_device_parse_register); diff --git a/target/linux/generic/backport-4.19/040-v4.17-0002-mtd-get-rid-of-the-mtd_add_device_partitions.patch b/target/linux/generic/backport-4.19/040-v4.17-0002-mtd-get-rid-of-the-mtd_add_device_partitions.patch deleted file mode 100644 index 1042e674c3..0000000000 --- a/target/linux/generic/backport-4.19/040-v4.17-0002-mtd-get-rid-of-the-mtd_add_device_partitions.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 0dbe4ea78d69756efeb0bba0764f6bd4a9ee9567 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Tue, 16 Jan 2018 16:45:42 +0100 -Subject: [PATCH] mtd: get rid of the mtd_add_device_partitions() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This simplifies code a bit by: -1) Avoiding an extra (tiny) function -2) Checking for amount of parsed (found) partitions just once -3) Avoiding clearing/filling struct mtd_partitions manually - -With this commit proper functions are called directly from the -mtd_device_parse_register(). It doesn't need to use minor tricks like -memsetting struct to 0 to trigger an expected -mtd_add_device_partitions() behavior. - -Signed-off-by: Rafał Miłecki -Signed-off-by: Boris Brezillon ---- - drivers/mtd/mtdcore.c | 43 ++++++++++++------------------------------- - 1 file changed, 12 insertions(+), 31 deletions(-) - ---- a/drivers/mtd/mtdcore.c -+++ b/drivers/mtd/mtdcore.c -@@ -636,21 +636,6 @@ out_error: - return ret; - } - --static int mtd_add_device_partitions(struct mtd_info *mtd, -- struct mtd_partitions *parts) --{ -- const struct mtd_partition *real_parts = parts->parts; -- int nbparts = parts->nr_parts; -- -- if (!nbparts && !device_is_registered(&mtd->dev)) -- return add_mtd_device(mtd); -- -- if (nbparts > 0) -- return add_mtd_partitions(mtd, real_parts, nbparts); -- -- return 0; --} -- - /* - * Set a few defaults based on the parent devices, if not provided by the - * driver -@@ -701,7 +686,7 @@ int mtd_device_parse_register(struct mtd - const struct mtd_partition *parts, - int nr_parts) - { -- struct mtd_partitions parsed; -+ struct mtd_partitions parsed = { }; - int ret; - - mtd_set_dev_defaults(mtd); -@@ -712,24 +697,20 @@ int mtd_device_parse_register(struct mtd - return ret; - } - -- memset(&parsed, 0, sizeof(parsed)); -- -+ /* Prefer parsed partitions over driver-provided fallback */ - ret = parse_mtd_partitions(mtd, types, &parsed, parser_data); -- if ((ret < 0 || parsed.nr_parts == 0) && parts && nr_parts) { -- /* Fall back to driver-provided partitions */ -- parsed = (struct mtd_partitions){ -- .parts = parts, -- .nr_parts = nr_parts, -- }; -- } else if (ret < 0) { -- /* Didn't come up with parsed OR fallback partitions */ -- pr_info("mtd: failed to find partitions; one or more parsers reports errors (%d)\n", -- ret); -- /* Don't abort on errors; we can still use unpartitioned MTD */ -- memset(&parsed, 0, sizeof(parsed)); -+ if (!ret && parsed.nr_parts) { -+ parts = parsed.parts; -+ nr_parts = parsed.nr_parts; - } - -- ret = mtd_add_device_partitions(mtd, &parsed); -+ if (nr_parts) -+ ret = add_mtd_partitions(mtd, parts, nr_parts); -+ else if (!device_is_registered(&mtd->dev)) -+ ret = add_mtd_device(mtd); -+ else -+ ret = 0; -+ - if (ret) - goto out; - diff --git a/target/linux/generic/backport-4.19/041-v4.17-0001-mtd-partitions-add-of_match_table-parser-matching-fo.patch b/target/linux/generic/backport-4.19/041-v4.17-0001-mtd-partitions-add-of_match_table-parser-matching-fo.patch deleted file mode 100644 index bd39a2625e..0000000000 --- a/target/linux/generic/backport-4.19/041-v4.17-0001-mtd-partitions-add-of_match_table-parser-matching-fo.patch +++ /dev/null @@ -1,200 +0,0 @@ -From 5b644aa012f67fd211138a067b9f351f30bdcc60 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Wed, 14 Mar 2018 13:10:42 +0100 -Subject: [PATCH] mtd: partitions: add of_match_table parser matching for the - "ofpart" type -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -In order to properly support compatibility strings as described in the -bindings/mtd/partition.txt "ofpart" type should be treated as an -indication for looking into OF. MTD should check "compatible" property -and search for a matching parser rather than blindly trying the one -supporting "fixed-partitions". - -It also means that existing "fixed-partitions" parser should get renamed -to use a more meaningful name. - -This commit achievies that aim by introducing a new mtd_part_of_parse(). -It works by looking for a matching parser for every string in the -"compatibility" property (starting with the most specific one). - -Please note that driver-specified parsers still take a precedence. It's -assumed that driver providing a parser type has a good reason for that -(e.g. having platform data with device-specific info). Also doing -otherwise could break existing setups. The same applies to using default -parsers (including "cmdlinepart") as some overwrite DT data with cmdline -argument. - -Partition parsers can now provide an of_match_table to enable -flash<-->parser matching via device tree as documented in the -mtd/partition.txt. - -This support is currently limited to built-in parsers as it uses -request_module() and friends. This should be sufficient for most cases -though as compiling parsers as modules isn't a common choice. - -Signed-off-by: Brian Norris -Signed-off-by: Rafał Miłecki -Tested-by: Peter Rosin -Reviewed-by: Richard Weinberger -Signed-off-by: Boris Brezillon ---- - drivers/mtd/mtdpart.c | 116 +++++++++++++++++++++++++++++++++++++---- - include/linux/mtd/partitions.h | 1 + - 2 files changed, 108 insertions(+), 9 deletions(-) - ---- a/drivers/mtd/mtdpart.c -+++ b/drivers/mtd/mtdpart.c -@@ -30,6 +30,7 @@ - #include - #include - #include -+#include - - #include "mtdcore.h" - -@@ -894,6 +895,92 @@ static int mtd_part_do_parse(struct mtd_ - } - - /** -+ * mtd_part_get_compatible_parser - find MTD parser by a compatible string -+ * -+ * @compat: compatible string describing partitions in a device tree -+ * -+ * MTD parsers can specify supported partitions by providing a table of -+ * compatibility strings. This function finds a parser that advertises support -+ * for a passed value of "compatible". -+ */ -+static struct mtd_part_parser *mtd_part_get_compatible_parser(const char *compat) -+{ -+ struct mtd_part_parser *p, *ret = NULL; -+ -+ spin_lock(&part_parser_lock); -+ -+ list_for_each_entry(p, &part_parsers, list) { -+ const struct of_device_id *matches; -+ -+ matches = p->of_match_table; -+ if (!matches) -+ continue; -+ -+ for (; matches->compatible[0]; matches++) { -+ if (!strcmp(matches->compatible, compat) && -+ try_module_get(p->owner)) { -+ ret = p; -+ break; -+ } -+ } -+ -+ if (ret) -+ break; -+ } -+ -+ spin_unlock(&part_parser_lock); -+ -+ return ret; -+} -+ -+static int mtd_part_of_parse(struct mtd_info *master, -+ struct mtd_partitions *pparts) -+{ -+ struct mtd_part_parser *parser; -+ struct device_node *np; -+ struct property *prop; -+ const char *compat; -+ const char *fixed = "ofpart"; -+ int ret, err = 0; -+ -+ np = of_get_child_by_name(mtd_get_of_node(master), "partitions"); -+ of_property_for_each_string(np, "compatible", prop, compat) { -+ parser = mtd_part_get_compatible_parser(compat); -+ if (!parser) -+ continue; -+ ret = mtd_part_do_parse(parser, master, pparts, NULL); -+ if (ret > 0) { -+ of_node_put(np); -+ return ret; -+ } -+ mtd_part_parser_put(parser); -+ if (ret < 0 && !err) -+ err = ret; -+ } -+ of_node_put(np); -+ -+ /* -+ * For backward compatibility we have to try the "ofpart" -+ * parser. It supports old DT format with partitions specified as a -+ * direct subnodes of a flash device DT node without any compatibility -+ * specified we could match. -+ */ -+ parser = mtd_part_parser_get(fixed); -+ if (!parser && !request_module("%s", fixed)) -+ parser = mtd_part_parser_get(fixed); -+ if (parser) { -+ ret = mtd_part_do_parse(parser, master, pparts, NULL); -+ if (ret > 0) -+ return ret; -+ mtd_part_parser_put(parser); -+ if (ret < 0 && !err) -+ err = ret; -+ } -+ -+ return err; -+} -+ -+/** - * parse_mtd_partitions - parse MTD partitions - * @master: the master partition (describes whole MTD device) - * @types: names of partition parsers to try or %NULL -@@ -925,19 +1012,30 @@ int parse_mtd_partitions(struct mtd_info - types = default_mtd_part_types; - - for ( ; *types; types++) { -- pr_debug("%s: parsing partitions %s\n", master->name, *types); -- parser = mtd_part_parser_get(*types); -- if (!parser && !request_module("%s", *types)) -+ /* -+ * ofpart is a special type that means OF partitioning info -+ * should be used. It requires a bit different logic so it is -+ * handled in a separated function. -+ */ -+ if (!strcmp(*types, "ofpart")) { -+ ret = mtd_part_of_parse(master, pparts); -+ } else { -+ pr_debug("%s: parsing partitions %s\n", master->name, -+ *types); - parser = mtd_part_parser_get(*types); -- pr_debug("%s: got parser %s\n", master->name, -- parser ? parser->name : NULL); -- if (!parser) -- continue; -- ret = mtd_part_do_parse(parser, master, pparts, data); -+ if (!parser && !request_module("%s", *types)) -+ parser = mtd_part_parser_get(*types); -+ pr_debug("%s: got parser %s\n", master->name, -+ parser ? parser->name : NULL); -+ if (!parser) -+ continue; -+ ret = mtd_part_do_parse(parser, master, pparts, data); -+ if (ret <= 0) -+ mtd_part_parser_put(parser); -+ } - /* Found partitions! */ - if (ret > 0) - return 0; -- mtd_part_parser_put(parser); - /* - * Stash the first error we see; only report it if no parser - * succeeds ---- a/include/linux/mtd/partitions.h -+++ b/include/linux/mtd/partitions.h -@@ -77,6 +77,7 @@ struct mtd_part_parser { - struct list_head list; - struct module *owner; - const char *name; -+ const struct of_device_id *of_match_table; - int (*parse_fn)(struct mtd_info *, const struct mtd_partition **, - struct mtd_part_parser_data *); - void (*cleanup)(const struct mtd_partition *pparts, int nr_parts); diff --git a/target/linux/generic/backport-4.19/041-v4.17-0002-mtd-rename-ofpart-parser-to-fixed-partitions-as-it-f.patch b/target/linux/generic/backport-4.19/041-v4.17-0002-mtd-rename-ofpart-parser-to-fixed-partitions-as-it-f.patch deleted file mode 100644 index 66b67d7676..0000000000 --- a/target/linux/generic/backport-4.19/041-v4.17-0002-mtd-rename-ofpart-parser-to-fixed-partitions-as-it-f.patch +++ /dev/null @@ -1,74 +0,0 @@ -From c0faf43482e7f7dfb6d61847cb93d17748560b24 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Wed, 14 Mar 2018 13:10:43 +0100 -Subject: [PATCH] mtd: rename "ofpart" parser to "fixed-partitions" as it fits - it better -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Type "ofpart" means that OF should be used to get partitioning info and -this driver supports "fixed-partitions" binding only. Renaming it should -lead to less confusion especially when parsers for new compatibility -strings start to appear. - -Signed-off-by: Rafał Miłecki -Reviewed-by: Richard Weinberger -Signed-off-by: Boris Brezillon ---- - drivers/mtd/mtdpart.c | 4 ++-- - drivers/mtd/ofpart.c | 11 ++++++----- - 2 files changed, 8 insertions(+), 7 deletions(-) - ---- a/drivers/mtd/mtdpart.c -+++ b/drivers/mtd/mtdpart.c -@@ -940,7 +940,7 @@ static int mtd_part_of_parse(struct mtd_ - struct device_node *np; - struct property *prop; - const char *compat; -- const char *fixed = "ofpart"; -+ const char *fixed = "fixed-partitions"; - int ret, err = 0; - - np = of_get_child_by_name(mtd_get_of_node(master), "partitions"); -@@ -960,7 +960,7 @@ static int mtd_part_of_parse(struct mtd_ - of_node_put(np); - - /* -- * For backward compatibility we have to try the "ofpart" -+ * For backward compatibility we have to try the "fixed-partitions" - * parser. It supports old DT format with partitions specified as a - * direct subnodes of a flash device DT node without any compatibility - * specified we could match. ---- a/drivers/mtd/ofpart.c -+++ b/drivers/mtd/ofpart.c -@@ -25,9 +25,9 @@ static bool node_has_compatible(struct d - return of_get_property(pp, "compatible", NULL); - } - --static int parse_ofpart_partitions(struct mtd_info *master, -- const struct mtd_partition **pparts, -- struct mtd_part_parser_data *data) -+static int parse_fixed_partitions(struct mtd_info *master, -+ const struct mtd_partition **pparts, -+ struct mtd_part_parser_data *data) - { - struct mtd_partition *parts; - struct device_node *mtd_node; -@@ -141,8 +141,8 @@ ofpart_none: - } - - static struct mtd_part_parser ofpart_parser = { -- .parse_fn = parse_ofpart_partitions, -- .name = "ofpart", -+ .parse_fn = parse_fixed_partitions, -+ .name = "fixed-partitions", - }; - - static int parse_ofoldpart_partitions(struct mtd_info *master, -@@ -229,4 +229,5 @@ MODULE_AUTHOR("Vitaly Wool, David Gibson - * with the same name. Since we provide the ofoldpart parser, we should have - * the corresponding alias. - */ -+MODULE_ALIAS("fixed-partitions"); - MODULE_ALIAS("ofoldpart"); diff --git a/target/linux/generic/backport-4.19/041-v4.17-0003-mtd-ofpart-add-of_match_table-with-fixed-partitions.patch b/target/linux/generic/backport-4.19/041-v4.17-0003-mtd-ofpart-add-of_match_table-with-fixed-partitions.patch deleted file mode 100644 index d6958c3eac..0000000000 --- a/target/linux/generic/backport-4.19/041-v4.17-0003-mtd-ofpart-add-of_match_table-with-fixed-partitions.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 97b0c7c0df3efd7048ed39d7e2dee34cafd55887 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Wed, 14 Mar 2018 13:10:44 +0100 -Subject: [PATCH] mtd: ofpart: add of_match_table with "fixed-partitions" -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This allows using this parser with any flash driver that takes care of -setting of_node (using mtd_set_of_node helper) correctly. Up to now -support for "fixed-partitions" DT compatibility string was working only -with flash drivers that were specifying "ofpart" (manually or by letting -mtd use the default set of parsers). - -This matches existing bindings documentation. - -Signed-off-by: Rafał Miłecki -Reviewed-by: Brian Norris -Tested-by: Brian Norris -Reviewed-by: Richard Weinberger -Signed-off-by: Boris Brezillon ---- - drivers/mtd/ofpart.c | 7 +++++++ - 1 file changed, 7 insertions(+) - ---- a/drivers/mtd/ofpart.c -+++ b/drivers/mtd/ofpart.c -@@ -140,9 +140,16 @@ ofpart_none: - return ret; - } - -+static const struct of_device_id parse_ofpart_match_table[] = { -+ { .compatible = "fixed-partitions" }, -+ {}, -+}; -+MODULE_DEVICE_TABLE(of, parse_ofpart_match_table); -+ - static struct mtd_part_parser ofpart_parser = { - .parse_fn = parse_fixed_partitions, - .name = "fixed-partitions", -+ .of_match_table = parse_ofpart_match_table, - }; - - static int parse_ofoldpart_partitions(struct mtd_info *master, diff --git a/target/linux/generic/backport-4.19/042-v4.18-0001-mtd-move-code-adding-registering-partitions-to-the-p.patch b/target/linux/generic/backport-4.19/042-v4.18-0001-mtd-move-code-adding-registering-partitions-to-the-p.patch deleted file mode 100644 index 83077431b8..0000000000 --- a/target/linux/generic/backport-4.19/042-v4.18-0001-mtd-move-code-adding-registering-partitions-to-the-p.patch +++ /dev/null @@ -1,168 +0,0 @@ -From 5ac67ce36cfe38b4c104a42ce52c5c8d526f1c95 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Tue, 27 Mar 2018 22:35:41 +0200 -Subject: [PATCH] mtd: move code adding (registering) partitions to the - parse_mtd_partitions() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This commit slightly simplifies the code. Every parse_mtd_partitions() -caller (out of two existing ones) had to add partitions & cleanup parser -on its own. This moves that responsibility into the function. - -That change also allows dropping struct mtd_partitions argument. - -There is one minor behavior change caused by this cleanup. If -parse_mtd_partitions() fails to add partitions (add_mtd_partitions() -return an error) then mtd_device_parse_register() will still try to -add (register) fallback partitions. It's a real corner case affecting -one of uncommon error paths and shouldn't cause any harm. - -Signed-off-by: Rafał Miłecki -Signed-off-by: Boris Brezillon ---- - drivers/mtd/mtdcore.c | 14 ++++---------- - drivers/mtd/mtdcore.h | 1 - - drivers/mtd/mtdpart.c | 44 ++++++++++++++++---------------------------- - 3 files changed, 20 insertions(+), 39 deletions(-) - ---- a/drivers/mtd/mtdcore.c -+++ b/drivers/mtd/mtdcore.c -@@ -686,7 +686,6 @@ int mtd_device_parse_register(struct mtd - const struct mtd_partition *parts, - int nr_parts) - { -- struct mtd_partitions parsed = { }; - int ret; - - mtd_set_dev_defaults(mtd); -@@ -698,13 +697,10 @@ int mtd_device_parse_register(struct mtd - } - - /* Prefer parsed partitions over driver-provided fallback */ -- ret = parse_mtd_partitions(mtd, types, &parsed, parser_data); -- if (!ret && parsed.nr_parts) { -- parts = parsed.parts; -- nr_parts = parsed.nr_parts; -- } -- -- if (nr_parts) -+ ret = parse_mtd_partitions(mtd, types, parser_data); -+ if (ret > 0) -+ ret = 0; -+ else if (nr_parts) - ret = add_mtd_partitions(mtd, parts, nr_parts); - else if (!device_is_registered(&mtd->dev)) - ret = add_mtd_device(mtd); -@@ -730,8 +726,6 @@ int mtd_device_parse_register(struct mtd - } - - out: -- /* Cleanup any parsed partitions */ -- mtd_part_parser_cleanup(&parsed); - if (ret && device_is_registered(&mtd->dev)) - del_mtd_device(mtd); - ---- a/drivers/mtd/mtdcore.h -+++ b/drivers/mtd/mtdcore.h -@@ -15,7 +15,6 @@ int del_mtd_partitions(struct mtd_info * - struct mtd_partitions; - - int parse_mtd_partitions(struct mtd_info *master, const char * const *types, -- struct mtd_partitions *pparts, - struct mtd_part_parser_data *data); - - void mtd_part_parser_cleanup(struct mtd_partitions *parts); ---- a/drivers/mtd/mtdpart.c -+++ b/drivers/mtd/mtdpart.c -@@ -383,20 +383,7 @@ static inline void free_partition(struct - */ - static int mtd_parse_part(struct mtd_part *slave, const char *const *types) - { -- struct mtd_partitions parsed; -- int err; -- -- err = parse_mtd_partitions(&slave->mtd, types, &parsed, NULL); -- if (err) -- return err; -- else if (!parsed.nr_parts) -- return -ENOENT; -- -- err = add_mtd_partitions(&slave->mtd, parsed.parts, parsed.nr_parts); -- -- mtd_part_parser_cleanup(&parsed); -- -- return err; -+ return parse_mtd_partitions(&slave->mtd, types, NULL); - } - - static struct mtd_part *allocate_partition(struct mtd_info *parent, -@@ -981,30 +968,27 @@ static int mtd_part_of_parse(struct mtd_ - } - - /** -- * parse_mtd_partitions - parse MTD partitions -+ * parse_mtd_partitions - parse and register MTD partitions -+ * - * @master: the master partition (describes whole MTD device) - * @types: names of partition parsers to try or %NULL -- * @pparts: info about partitions found is returned here - * @data: MTD partition parser-specific data - * -- * This function tries to find partition on MTD device @master. It uses MTD -- * partition parsers, specified in @types. However, if @types is %NULL, then -- * the default list of parsers is used. The default list contains only the -+ * This function tries to find & register partitions on MTD device @master. It -+ * uses MTD partition parsers, specified in @types. However, if @types is %NULL, -+ * then the default list of parsers is used. The default list contains only the - * "cmdlinepart" and "ofpart" parsers ATM. - * Note: If there are more then one parser in @types, the kernel only takes the - * partitions parsed out by the first parser. - * - * This function may return: - * o a negative error code in case of failure -- * o zero otherwise, and @pparts will describe the partitions, number of -- * partitions, and the parser which parsed them. Caller must release -- * resources with mtd_part_parser_cleanup() when finished with the returned -- * data. -+ * o number of found partitions otherwise - */ - int parse_mtd_partitions(struct mtd_info *master, const char *const *types, -- struct mtd_partitions *pparts, - struct mtd_part_parser_data *data) - { -+ struct mtd_partitions pparts = { }; - struct mtd_part_parser *parser; - int ret, err = 0; - -@@ -1018,7 +1002,7 @@ int parse_mtd_partitions(struct mtd_info - * handled in a separated function. - */ - if (!strcmp(*types, "ofpart")) { -- ret = mtd_part_of_parse(master, pparts); -+ ret = mtd_part_of_parse(master, &pparts); - } else { - pr_debug("%s: parsing partitions %s\n", master->name, - *types); -@@ -1029,13 +1013,17 @@ int parse_mtd_partitions(struct mtd_info - parser ? parser->name : NULL); - if (!parser) - continue; -- ret = mtd_part_do_parse(parser, master, pparts, data); -+ ret = mtd_part_do_parse(parser, master, &pparts, data); - if (ret <= 0) - mtd_part_parser_put(parser); - } - /* Found partitions! */ -- if (ret > 0) -- return 0; -+ if (ret > 0) { -+ err = add_mtd_partitions(master, pparts.parts, -+ pparts.nr_parts); -+ mtd_part_parser_cleanup(&pparts); -+ return err ? err : pparts.nr_parts; -+ } - /* - * Stash the first error we see; only report it if no parser - * succeeds diff --git a/target/linux/generic/backport-4.19/043-v4.18-mtd-bcm47xxpart-improve-handling-TRX-partition-size.patch b/target/linux/generic/backport-4.19/043-v4.18-mtd-bcm47xxpart-improve-handling-TRX-partition-size.patch deleted file mode 100644 index e08f8dad32..0000000000 --- a/target/linux/generic/backport-4.19/043-v4.18-mtd-bcm47xxpart-improve-handling-TRX-partition-size.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 237ea0d4762cc14d0fc80e80d61f0f08e1050c7f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Thu, 12 Apr 2018 07:24:52 +0200 -Subject: [PATCH] mtd: bcm47xxpart: improve handling TRX partition size -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When bcm47xxpart finds a TRX partition (container) it's supposed to jump -to the end of it and keep looking for more partitions. TRX and its -subpartitions are handled by a separate parser. - -The problem with old code was relying on the length specified in a TRX -header. That isn't reliable as TRX is commonly modified to have checksum -cover only non-changing subpartitions. Otherwise modifying e.g. a rootfs -would result in CRC32 mismatch and bootloader refusing to boot a -firmware. - -Fix it by trying better to figure out a real TRX size. We can securely -assume that TRX has to cover all subpartitions and the last one is at -least of a block size in size. Then compare it with a length field. - -This makes code more optimal & reliable thanks to skipping data that -shouldn't be parsed. - -Signed-off-by: Rafał Miłecki -Signed-off-by: Boris Brezillon ---- - drivers/mtd/bcm47xxpart.c | 22 ++++++++++++++++++---- - 1 file changed, 18 insertions(+), 4 deletions(-) - ---- a/drivers/mtd/bcm47xxpart.c -+++ b/drivers/mtd/bcm47xxpart.c -@@ -186,6 +186,8 @@ static int bcm47xxpart_parse(struct mtd_ - /* TRX */ - if (buf[0x000 / 4] == TRX_MAGIC) { - struct trx_header *trx; -+ uint32_t last_subpart; -+ uint32_t trx_size; - - if (trx_num >= ARRAY_SIZE(trx_parts)) - pr_warn("No enough space to store another TRX found at 0x%X\n", -@@ -195,11 +197,23 @@ static int bcm47xxpart_parse(struct mtd_ - bcm47xxpart_add_part(&parts[curr_part++], "firmware", - offset, 0); - -- /* Jump to the end of TRX */ -+ /* -+ * Try to find TRX size. The "length" field isn't fully -+ * reliable as it could be decreased to make CRC32 cover -+ * only part of TRX data. It's commonly used as checksum -+ * can't cover e.g. ever-changing rootfs partition. -+ * Use offsets as helpers for assuming min TRX size. -+ */ - trx = (struct trx_header *)buf; -- offset = roundup(offset + trx->length, blocksize); -- /* Next loop iteration will increase the offset */ -- offset -= blocksize; -+ last_subpart = max3(trx->offset[0], trx->offset[1], -+ trx->offset[2]); -+ trx_size = max(trx->length, last_subpart + blocksize); -+ -+ /* -+ * Skip the TRX data. Decrease offset by block size as -+ * the next loop iteration will increase it. -+ */ -+ offset += roundup(trx_size, blocksize) - blocksize; - continue; - } - diff --git a/target/linux/generic/backport-4.19/044-v4.18-mtd-bcm47xxpart-add-of_match_table-with-a-new-DT-bin.patch b/target/linux/generic/backport-4.19/044-v4.18-mtd-bcm47xxpart-add-of_match_table-with-a-new-DT-bin.patch deleted file mode 100644 index de0ff1f818..0000000000 --- a/target/linux/generic/backport-4.19/044-v4.18-mtd-bcm47xxpart-add-of_match_table-with-a-new-DT-bin.patch +++ /dev/null @@ -1,39 +0,0 @@ -From cf589ce71e84d3b8811c65740645af254c5248c0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Wed, 9 May 2018 10:17:29 +0200 -Subject: [PATCH] mtd: bcm47xxpart: add of_match_table with a new DT binding -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This allows using bcm47xxpart parser to find partitions on flash -described in DT using the "brcm,bcm947xx-cfe-partitions" compatible -property. It means this parser doesn't have to be explicitly selected by -a flash driver anymore. It can be used e.g. together with a generic -m25p80 / spi-nor if device is just properly described. - -Signed-off-by: Rafał Miłecki -Signed-off-by: Boris Brezillon ---- - drivers/mtd/bcm47xxpart.c | 7 +++++++ - 1 file changed, 7 insertions(+) - ---- a/drivers/mtd/bcm47xxpart.c -+++ b/drivers/mtd/bcm47xxpart.c -@@ -304,9 +304,16 @@ static int bcm47xxpart_parse(struct mtd_ - return curr_part; - }; - -+static const struct of_device_id bcm47xxpart_of_match_table[] = { -+ { .compatible = "brcm,bcm947xx-cfe-partitions" }, -+ {}, -+}; -+MODULE_DEVICE_TABLE(of, bcm47xxpart_of_match_table); -+ - static struct mtd_part_parser bcm47xxpart_mtd_parser = { - .parse_fn = bcm47xxpart_parse, - .name = "bcm47xxpart", -+ .of_match_table = bcm47xxpart_of_match_table, - }; - module_mtd_part_parser(bcm47xxpart_mtd_parser); - diff --git a/target/linux/generic/backport-4.19/045-v4.19-mtd-parsers-trx-add-of_match_table-with-the-new-DT-b.patch b/target/linux/generic/backport-4.19/045-v4.19-mtd-parsers-trx-add-of_match_table-with-the-new-DT-b.patch deleted file mode 100644 index 5841dd55f3..0000000000 --- a/target/linux/generic/backport-4.19/045-v4.19-mtd-parsers-trx-add-of_match_table-with-the-new-DT-b.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 98534a58c8a40cdc9e3bcb04d74719fbcedfeb52 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Tue, 26 Jun 2018 00:05:08 +0200 -Subject: [PATCH] mtd: parsers: trx: add of_match_table with the new DT binding -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This allows using TRX parser to find TRX partitions on flash device -described in DT using a proper binding. It's useful for devices storing -firmware on a separated flash and having rootfs partition in it. - -Signed-off-by: Rafał Miłecki -Signed-off-by: Boris Brezillon ---- - drivers/mtd/parsers/parser_trx.c | 7 +++++++ - 1 file changed, 7 insertions(+) - ---- a/drivers/mtd/parsers/parser_trx.c -+++ b/drivers/mtd/parsers/parser_trx.c -@@ -116,9 +116,16 @@ static int parser_trx_parse(struct mtd_i - return i; - }; - -+static const struct of_device_id mtd_parser_trx_of_match_table[] = { -+ { .compatible = "brcm,trx" }, -+ {}, -+}; -+MODULE_DEVICE_TABLE(of, mtd_parser_trx_of_match_table); -+ - static struct mtd_part_parser mtd_parser_trx = { - .parse_fn = parser_trx_parse, - .name = "trx", -+ .of_match_table = mtd_parser_trx_of_match_table, - }; - module_mtd_part_parser(mtd_parser_trx); - diff --git a/target/linux/generic/backport-4.19/046-v4.19-mtd-partitions-use-DT-info-for-parsing-partitions-wi.patch b/target/linux/generic/backport-4.19/046-v4.19-mtd-partitions-use-DT-info-for-parsing-partitions-wi.patch deleted file mode 100644 index 1bb3563f15..0000000000 --- a/target/linux/generic/backport-4.19/046-v4.19-mtd-partitions-use-DT-info-for-parsing-partitions-wi.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 76a832254ab05502c9394cc51ded6f0abe0e0bee Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Fri, 13 Jul 2018 16:32:21 +0200 -Subject: [PATCH] mtd: partitions: use DT info for parsing partitions with - "compatible" prop -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -So far only flash devices could be described in DT regarding partitions -parsing. That could be done with "partitions" subnode and a proper -"compatible" string. - -Some devices may use hierarchical (multi-level) layouts and may mix used -layouts (fixed and dynamic). Describing that in DT is done by specifying -"compatible" for DT-represented partition plus optionally more -properties and/or subnodes. - -To support such layouts each DT partition has to be checked for -additional description. - -Please note this implementation will work in parallel with support for -partition type specified for non-DT setups. That already works since -commit 1a0915be1926 ("mtd: partitions: add support for partition -parsers"). - -Signed-off-by: Rafał Miłecki -Signed-off-by: Boris Brezillon ---- - drivers/mtd/mtdpart.c | 33 +++++++++++++-------------------- - 1 file changed, 13 insertions(+), 20 deletions(-) - ---- a/drivers/mtd/mtdpart.c -+++ b/drivers/mtd/mtdpart.c -@@ -370,22 +370,6 @@ static inline void free_partition(struct - kfree(p); - } - --/** -- * mtd_parse_part - parse MTD partition looking for subpartitions -- * -- * @slave: part that is supposed to be a container and should be parsed -- * @types: NULL-terminated array with names of partition parsers to try -- * -- * Some partitions are kind of containers with extra subpartitions (volumes). -- * There can be various formats of such containers. This function tries to use -- * specified parsers to analyze given partition and registers found -- * subpartitions on success. -- */ --static int mtd_parse_part(struct mtd_part *slave, const char *const *types) --{ -- return parse_mtd_partitions(&slave->mtd, types, NULL); --} -- - static struct mtd_part *allocate_partition(struct mtd_info *parent, - const struct mtd_partition *part, int partno, - uint64_t cur_offset) -@@ -783,8 +767,8 @@ int add_mtd_partitions(struct mtd_info * - - add_mtd_device(&slave->mtd); - mtd_add_partition_attrs(slave); -- if (parts[i].types) -- mtd_parse_part(slave, parts[i].types); -+ /* Look for subpartitions */ -+ parse_mtd_partitions(&slave->mtd, parts[i].types, NULL); - - cur_offset = slave->offset + slave->mtd.size; - } -@@ -860,6 +844,12 @@ static const char * const default_mtd_pa - NULL - }; - -+/* Check DT only when looking for subpartitions. */ -+static const char * const default_subpartition_types[] = { -+ "ofpart", -+ NULL -+}; -+ - static int mtd_part_do_parse(struct mtd_part_parser *parser, - struct mtd_info *master, - struct mtd_partitions *pparts, -@@ -930,7 +920,9 @@ static int mtd_part_of_parse(struct mtd_ - const char *fixed = "fixed-partitions"; - int ret, err = 0; - -- np = of_get_child_by_name(mtd_get_of_node(master), "partitions"); -+ np = mtd_get_of_node(master); -+ if (!mtd_is_partition(master)) -+ np = of_get_child_by_name(np, "partitions"); - of_property_for_each_string(np, "compatible", prop, compat) { - parser = mtd_part_get_compatible_parser(compat); - if (!parser) -@@ -993,7 +985,8 @@ int parse_mtd_partitions(struct mtd_info - int ret, err = 0; - - if (!types) -- types = default_mtd_part_types; -+ types = mtd_is_partition(master) ? default_subpartition_types : -+ default_mtd_part_types; - - for ( ; *types; types++) { - /* diff --git a/target/linux/generic/backport-4.19/047-v4.21-mtd-keep-original-flags-for-every-struct-mtd_info.patch b/target/linux/generic/backport-4.19/047-v4.21-mtd-keep-original-flags-for-every-struct-mtd_info.patch index 7f90cf946a..d587c9ec07 100644 --- a/target/linux/generic/backport-4.19/047-v4.21-mtd-keep-original-flags-for-every-struct-mtd_info.patch +++ b/target/linux/generic/backport-4.19/047-v4.21-mtd-keep-original-flags-for-every-struct-mtd_info.patch @@ -25,7 +25,7 @@ Signed-off-by: Boris Brezillon --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c -@@ -650,6 +650,8 @@ static void mtd_set_dev_defaults(struct +@@ -665,6 +665,8 @@ static void mtd_set_dev_defaults(struct } else { pr_debug("mtd device won't show a device symlink in sysfs\n"); } @@ -36,7 +36,7 @@ Signed-off-by: Boris Brezillon /** --- a/drivers/mtd/mtdpart.c +++ b/drivers/mtd/mtdpart.c -@@ -394,7 +394,8 @@ static struct mtd_part *allocate_partiti +@@ -346,7 +346,8 @@ static struct mtd_part *allocate_partiti /* set up the MTD object for this partition */ slave->mtd.type = parent->type; @@ -48,7 +48,7 @@ Signed-off-by: Boris Brezillon slave->mtd.writebufsize = parent->writebufsize; --- a/include/linux/mtd/mtd.h +++ b/include/linux/mtd/mtd.h -@@ -218,6 +218,7 @@ struct mtd_debug_info { +@@ -207,6 +207,7 @@ struct mtd_debug_info { struct mtd_info { u_char type; uint32_t flags; diff --git a/target/linux/generic/backport-4.19/048-v4.21-mtd-improve-calculating-partition-boundaries-when-ch.patch b/target/linux/generic/backport-4.19/048-v4.21-mtd-improve-calculating-partition-boundaries-when-ch.patch index 58163e6935..9bd07186d3 100644 --- a/target/linux/generic/backport-4.19/048-v4.21-mtd-improve-calculating-partition-boundaries-when-ch.patch +++ b/target/linux/generic/backport-4.19/048-v4.21-mtd-improve-calculating-partition-boundaries-when-ch.patch @@ -35,7 +35,7 @@ Signed-off-by: Boris Brezillon /* * MTD methods which simply translate the effective address and pass through -@@ -562,7 +571,7 @@ static struct mtd_part *allocate_partiti +@@ -514,7 +523,7 @@ static struct mtd_part *allocate_partiti if (!(slave->mtd.flags & MTD_NO_ERASE)) wr_alignment = slave->mtd.erasesize; @@ -44,7 +44,7 @@ Signed-off-by: Boris Brezillon remainder = do_div(tmp, wr_alignment); if ((slave->mtd.flags & MTD_WRITEABLE) && remainder) { /* Doesn't start on a boundary of major erase size */ -@@ -573,7 +582,7 @@ static struct mtd_part *allocate_partiti +@@ -525,7 +534,7 @@ static struct mtd_part *allocate_partiti part->name); } diff --git a/target/linux/generic/backport-4.19/071-v4.15-0001-net-bgmac-enable-master-mode-for-BCM54210E-and-B5021.patch b/target/linux/generic/backport-4.19/071-v4.15-0001-net-bgmac-enable-master-mode-for-BCM54210E-and-B5021.patch deleted file mode 100644 index db239e0a00..0000000000 --- a/target/linux/generic/backport-4.19/071-v4.15-0001-net-bgmac-enable-master-mode-for-BCM54210E-and-B5021.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 12acd136913ccdf394eeb2bc8686ff5505368119 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Thu, 12 Oct 2017 10:21:26 +0200 -Subject: [PATCH] net: bgmac: enable master mode for BCM54210E and B50212E PHYs -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -There are 4 very similar PHYs: -0x600d84a1: BCM54210E (rev B0) -0x600d84a2: BCM54210E (rev B1) -0x600d84a5: B50212E (rev B0) -0x600d84a6: B50212E (rev B1) -that need setting master mode manually. It's because they run in slave -mode by default with Automatic Slave/Master configuration disabled which -can lead to unreliable connection with massive ping loss. - -So far it was reported for a board with BCM47189 SoC and B50212E B1 PHY -connected to the bgmac supported ethernet device. Telling PHY driver to -setup PHY properly solves this issue. - -Signed-off-by: Rafał Miłecki -Signed-off-by: David S. Miller ---- - drivers/net/ethernet/broadcom/bgmac-bcma.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - ---- a/drivers/net/ethernet/broadcom/bgmac-bcma.c -+++ b/drivers/net/ethernet/broadcom/bgmac-bcma.c -@@ -184,13 +184,19 @@ static int bgmac_probe(struct bcma_devic - - if (!bgmac_is_bcm4707_family(core) && - !(ci->id == BCMA_CHIP_ID_BCM53573 && core->core_unit == 1)) { -+ struct phy_device *phydev; -+ - mii_bus = bcma_mdio_mii_register(bgmac); - if (IS_ERR(mii_bus)) { - err = PTR_ERR(mii_bus); - goto err; - } -- - bgmac->mii_bus = mii_bus; -+ -+ phydev = mdiobus_get_phy(bgmac->mii_bus, bgmac->phyaddr); -+ if (ci->id == BCMA_CHIP_ID_BCM53573 && phydev && -+ (phydev->drv->phy_id & phydev->drv->phy_id_mask) == PHY_ID_BCM54210E) -+ phydev->dev_flags |= PHY_BRCM_EN_MASTER_MODE; - } - - if (core->bus->hosttype == BCMA_HOSTTYPE_PCI) { diff --git a/target/linux/generic/backport-4.19/076-v4.15-0001-net-phy-broadcom-support-new-device-flag-for-setting.patch b/target/linux/generic/backport-4.19/076-v4.15-0001-net-phy-broadcom-support-new-device-flag-for-setting.patch deleted file mode 100644 index a22d272656..0000000000 --- a/target/linux/generic/backport-4.19/076-v4.15-0001-net-phy-broadcom-support-new-device-flag-for-setting.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 2355a6546a053b1c16ebefd6ce1f0cccc00e1da5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= -Date: Thu, 12 Oct 2017 10:21:25 +0200 -Subject: [PATCH] net: phy: broadcom: support new device flag for setting - master mode -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Some of Broadcom's PHYs run by default in slave mode with Automatic -Slave/Master configuration disabled. It stops them from working properly -with some devices. - -So far it has been verified for BCM54210E and BCM50212E which don't -work well with Intel's I217-LM and I218-LM: -http://ark.intel.com/products/60019/Intel-Ethernet-Connection-I217-LM -http://ark.intel.com/products/71307/Intel-Ethernet-Connection-I218-LM -I was told there is massive ping loss. - -This commit adds support for a new flag which can be set by an ethernet -driver to fixup PHY setup. - -Signed-off-by: Rafał Miłecki -Signed-off-by: David S. Miller ---- - drivers/net/phy/broadcom.c | 6 ++++++ - include/linux/brcmphy.h | 1 + - 2 files changed, 7 insertions(+) - ---- a/drivers/net/phy/broadcom.c -+++ b/drivers/net/phy/broadcom.c -@@ -43,6 +43,12 @@ static int bcm54210e_config_init(struct - val &= ~BCM54810_SHD_CLK_CTL_GTXCLK_EN; - bcm_phy_write_shadow(phydev, BCM54810_SHD_CLK_CTL, val); - -+ if (phydev->dev_flags & PHY_BRCM_EN_MASTER_MODE) { -+ val = phy_read(phydev, MII_CTRL1000); -+ val |= CTL1000_AS_MASTER | CTL1000_ENABLE_MASTER; -+ phy_write(phydev, MII_CTRL1000, val); -+ } -+ - return 0; - } - ---- a/include/linux/brcmphy.h -+++ b/include/linux/brcmphy.h -@@ -64,6 +64,7 @@ - #define PHY_BRCM_EXT_IBND_TX_ENABLE 0x00002000 - #define PHY_BRCM_CLEAR_RGMII_MODE 0x00004000 - #define PHY_BRCM_DIS_TXCRXC_NOENRGY 0x00008000 -+#define PHY_BRCM_EN_MASTER_MODE 0x00010000 - - /* Broadcom BCM7xxx specific workarounds */ - #define PHY_BRCM_7XXX_REV(x) (((x) >> 8) & 0xff) diff --git a/target/linux/generic/backport-4.19/085-v4.16-0001-i2c-gpio-Enable-working-over-slow-can_sleep-GPIOs.patch b/target/linux/generic/backport-4.19/085-v4.16-0001-i2c-gpio-Enable-working-over-slow-can_sleep-GPIOs.patch deleted file mode 100644 index ead6675e0b..0000000000 --- a/target/linux/generic/backport-4.19/085-v4.16-0001-i2c-gpio-Enable-working-over-slow-can_sleep-GPIOs.patch +++ /dev/null @@ -1,84 +0,0 @@ -From f11a04464ae57e8db1bb7634547842b43e36a898 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= -Date: Fri, 22 Dec 2017 22:47:16 +0100 -Subject: i2c: gpio: Enable working over slow can_sleep GPIOs -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -"Slow" GPIOs (usually those connected over an SPI or an I2C bus) are, -well, slow in their operation. It is generally a good idea to avoid -using them for time-critical operation, but sometimes the hardware just -sucks, and the software has to cope. In addition to that, the I2C bus -itself does not actually define any strict timing limits; the bus is -free to go all the way down to DC. The timeouts (and therefore the -slowest acceptable frequency) are present only in SMBus. - -The `can_sleep` is IMHO a wrong concept to use here. My SPI-to-quad-UART -chip (MAX14830) is connected via a 26MHz SPI bus, and it happily drives -SCL at 200kHz (5µs pulses) during my benchmarks. That's faster than the -maximal allowed speed of the traditional I2C. - -The previous version of this code did not really block operation over -slow GPIO pins, anyway. Instead, it just resorted to printing a warning -with a backtrace each time a GPIO pin was accessed, thereby slowing -things down even more. - -Finally, it's not just me. A similar patch was originally submitted in -2015 [1]. - -[1] https://patchwork.ozlabs.org/patch/450956/ - -Signed-off-by: Jan Kundrát -Acked-by: Uwe Kleine-König -Signed-off-by: Wolfram Sang ---- - drivers/i2c/busses/i2c-gpio.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - ---- a/drivers/i2c/busses/i2c-gpio.c -+++ b/drivers/i2c/busses/i2c-gpio.c -@@ -44,7 +44,7 @@ static void i2c_gpio_setsda_val(void *da - { - struct i2c_gpio_platform_data *pdata = data; - -- gpio_set_value(pdata->sda_pin, state); -+ gpio_set_value_cansleep(pdata->sda_pin, state); - } - - /* Toggle SCL by changing the direction of the pin. */ -@@ -68,21 +68,21 @@ static void i2c_gpio_setscl_val(void *da - { - struct i2c_gpio_platform_data *pdata = data; - -- gpio_set_value(pdata->scl_pin, state); -+ gpio_set_value_cansleep(pdata->scl_pin, state); - } - - static int i2c_gpio_getsda(void *data) - { - struct i2c_gpio_platform_data *pdata = data; - -- return gpio_get_value(pdata->sda_pin); -+ return gpio_get_value_cansleep(pdata->sda_pin); - } - - static int i2c_gpio_getscl(void *data) - { - struct i2c_gpio_platform_data *pdata = data; - -- return gpio_get_value(pdata->scl_pin); -+ return gpio_get_value_cansleep(pdata->scl_pin); - } - - static int of_i2c_gpio_get_pins(struct device_node *np, -@@ -175,6 +175,9 @@ static int i2c_gpio_probe(struct platfor - memcpy(pdata, dev_get_platdata(&pdev->dev), sizeof(*pdata)); - } - -+ if (gpiod_cansleep(gpio_to_desc(pdata->sda_pin)) || gpiod_cansleep(gpio_to_desc(pdata->scl_pin))) -+ dev_warn(&pdev->dev, "Slow GPIO pins might wreak havoc into I2C/SMBus bus timing"); -+ - if (pdata->sda_is_open_drain) { - gpio_direction_output(pdata->sda_pin, 1); - bit_data->setsda = i2c_gpio_setsda_val; diff --git a/target/linux/generic/backport-4.19/090-net-bridge-add-support-for-port-isolation.patch b/target/linux/generic/backport-4.19/090-net-bridge-add-support-for-port-isolation.patch deleted file mode 100644 index 6237177a45..0000000000 --- a/target/linux/generic/backport-4.19/090-net-bridge-add-support-for-port-isolation.patch +++ /dev/null @@ -1,145 +0,0 @@ -From: Nikolay Aleksandrov -Date: Thu, 24 May 2018 11:56:48 +0300 -Subject: [PATCH] net: bridge: add support for port isolation - -This patch adds support for a new port flag - BR_ISOLATED. If it is set -then isolated ports cannot communicate between each other, but they can -still communicate with non-isolated ports. The same can be achieved via -ACLs but they can't scale with large number of ports and also the -complexity of the rules grows. This feature can be used to achieve -isolated vlan functionality (similar to pvlan) as well, though currently -it will be port-wide (for all vlans on the port). The new test in -should_deliver uses data that is already cache hot and the new boolean -is used to avoid an additional source port test in should_deliver. - -Signed-off-by: Nikolay Aleksandrov -Reviewed-by: Toshiaki Makita -Signed-off-by: David S. Miller ---- - ---- a/include/uapi/linux/if_link.h -+++ b/include/uapi/linux/if_link.h -@@ -326,6 +326,8 @@ enum { - IFLA_BRPORT_MCAST_TO_UCAST, - IFLA_BRPORT_VLAN_TUNNEL, - IFLA_BRPORT_BCAST_FLOOD, -+ IFLA_BRPORT_NEIGH_SUPPRESS, -+ IFLA_BRPORT_ISOLATED, - __IFLA_BRPORT_MAX - }; - #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1) ---- a/net/bridge/br_forward.c -+++ b/net/bridge/br_forward.c -@@ -30,7 +30,8 @@ static inline int should_deliver(const s - vg = nbp_vlan_group_rcu(p); - return ((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) && - br_allowed_egress(vg, skb) && p->state == BR_STATE_FORWARDING && -- nbp_switchdev_allowed_egress(p, skb); -+ nbp_switchdev_allowed_egress(p, skb) && -+ !br_skb_isolated(p, skb); - } - - int br_dev_queue_push_xmit(struct net *net, struct sock *sk, struct sk_buff *skb) ---- a/net/bridge/br_input.c -+++ b/net/bridge/br_input.c -@@ -170,6 +170,7 @@ int br_handle_frame_finish(struct net *n - goto drop; - - BR_INPUT_SKB_CB(skb)->brdev = br->dev; -+ BR_INPUT_SKB_CB(skb)->src_port_isolated = !!(p->flags & BR_ISOLATED); - - if (IS_ENABLED(CONFIG_INET) && skb->protocol == htons(ETH_P_ARP)) - br_do_proxy_arp(skb, br, vid, p); ---- a/net/bridge/br_netlink.c -+++ b/net/bridge/br_netlink.c -@@ -138,6 +138,7 @@ static inline size_t br_port_info_size(v - + nla_total_size(1) /* IFLA_BRPORT_PROXYARP */ - + nla_total_size(1) /* IFLA_BRPORT_PROXYARP_WIFI */ - + nla_total_size(1) /* IFLA_BRPORT_VLAN_TUNNEL */ -+ + nla_total_size(1) /* IFLA_BRPORT_ISOLATED */ - + nla_total_size(sizeof(struct ifla_bridge_id)) /* IFLA_BRPORT_ROOT_ID */ - + nla_total_size(sizeof(struct ifla_bridge_id)) /* IFLA_BRPORT_BRIDGE_ID */ - + nla_total_size(sizeof(u16)) /* IFLA_BRPORT_DESIGNATED_PORT */ -@@ -208,7 +209,8 @@ static int br_port_fill_attrs(struct sk_ - p->topology_change_ack) || - nla_put_u8(skb, IFLA_BRPORT_CONFIG_PENDING, p->config_pending) || - nla_put_u8(skb, IFLA_BRPORT_VLAN_TUNNEL, !!(p->flags & -- BR_VLAN_TUNNEL))) -+ BR_VLAN_TUNNEL)) || -+ nla_put_u8(skb, IFLA_BRPORT_ISOLATED, !!(p->flags & BR_ISOLATED))) - return -EMSGSIZE; - - timerval = br_timer_value(&p->message_age_timer); -@@ -637,6 +639,7 @@ static const struct nla_policy br_port_p - [IFLA_BRPORT_MCAST_TO_UCAST] = { .type = NLA_U8 }, - [IFLA_BRPORT_MCAST_FLOOD] = { .type = NLA_U8 }, - [IFLA_BRPORT_BCAST_FLOOD] = { .type = NLA_U8 }, -+ [IFLA_BRPORT_ISOLATED] = { .type = NLA_U8 }, - }; - - /* Change the state of the port and notify spanning tree */ -@@ -773,6 +776,11 @@ static int br_setport(struct net_bridge_ - return err; - } - #endif -+ -+ err = br_set_port_flag(p, tb, IFLA_BRPORT_ISOLATED, BR_ISOLATED); -+ if (err) -+ return err; -+ - br_port_flags_change(p, old_flags ^ p->flags); - return 0; - } ---- a/net/bridge/br_private.h -+++ b/net/bridge/br_private.h -@@ -407,6 +407,7 @@ struct br_input_skb_cb { - #endif - - bool proxyarp_replied; -+ bool src_port_isolated; - - #ifdef CONFIG_BRIDGE_VLAN_FILTERING - bool vlan_filtered; -@@ -554,6 +555,14 @@ int br_forward_finish(struct net *net, s - void br_flood(struct net_bridge *br, struct sk_buff *skb, - enum br_pkt_type pkt_type, bool local_rcv, bool local_orig); - -+/* return true if both source port and dest port are isolated */ -+static inline bool br_skb_isolated(const struct net_bridge_port *to, -+ const struct sk_buff *skb) -+{ -+ return BR_INPUT_SKB_CB(skb)->src_port_isolated && -+ (to->flags & BR_ISOLATED); -+} -+ - /* br_if.c */ - void br_port_carrier_check(struct net_bridge_port *p); - int br_add_bridge(struct net *net, const char *name); ---- a/net/bridge/br_sysfs_if.c -+++ b/net/bridge/br_sysfs_if.c -@@ -174,6 +174,7 @@ BRPORT_ATTR_FLAG(proxyarp, BR_PROXYARP); - BRPORT_ATTR_FLAG(proxyarp_wifi, BR_PROXYARP_WIFI); - BRPORT_ATTR_FLAG(multicast_flood, BR_MCAST_FLOOD); - BRPORT_ATTR_FLAG(broadcast_flood, BR_BCAST_FLOOD); -+BRPORT_ATTR_FLAG(isolated, BR_ISOLATED); - - #ifdef CONFIG_BRIDGE_IGMP_SNOOPING - static ssize_t show_multicast_router(struct net_bridge_port *p, char *buf) -@@ -223,6 +224,7 @@ static const struct brport_attribute *br - &brport_attr_proxyarp_wifi, - &brport_attr_multicast_flood, - &brport_attr_broadcast_flood, -+ &brport_attr_isolated, - NULL - }; - ---- a/include/linux/if_bridge.h -+++ b/include/linux/if_bridge.h -@@ -49,6 +49,7 @@ struct br_ip_list { - #define BR_MULTICAST_TO_UNICAST BIT(12) - #define BR_VLAN_TUNNEL BIT(13) - #define BR_BCAST_FLOOD BIT(14) -+#define BR_ISOLATED BIT(16) - - #define BR_DEFAULT_AGEING_TIME (300 * HZ) - diff --git a/target/linux/generic/backport-4.19/272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch b/target/linux/generic/backport-4.19/272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch deleted file mode 100644 index 45039ce133..0000000000 --- a/target/linux/generic/backport-4.19/272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 649affd04813c43e0a72886517fcfccd63230981 Mon Sep 17 00:00:00 2001 -From: Hauke Mehrtens -Date: Mon, 29 Jun 2015 16:53:03 +0200 -Subject: uapi/if_ether.h: prevent redefinition of struct ethhdr - -Musl provides its own ethhdr struct definition. Add a guard to prevent -its definition of the appropriate musl header has already been included. - -glibc does not implement this header, but when glibc will implement this -they can just define __UAPI_DEF_ETHHDR 0 to make it work with the -kernel. - -Signed-off-by: Hauke Mehrtens ---- - include/uapi/linux/if_ether.h | 3 +++ - include/uapi/linux/libc-compat.h | 6 ++++++ - 2 files changed, 9 insertions(+) - ---- a/include/uapi/linux/if_ether.h -+++ b/include/uapi/linux/if_ether.h -@@ -23,6 +23,7 @@ - #define _UAPI_LINUX_IF_ETHER_H - - #include -+#include - - /* - * IEEE 802.3 Ethernet magic constants. The frame sizes omit the preamble -@@ -150,11 +151,13 @@ - * This is an Ethernet frame header. - */ - -+#if __UAPI_DEF_ETHHDR - struct ethhdr { - unsigned char h_dest[ETH_ALEN]; /* destination eth addr */ - unsigned char h_source[ETH_ALEN]; /* source ether addr */ - __be16 h_proto; /* packet type ID field */ - } __attribute__((packed)); -+#endif - - - #endif /* _UAPI_LINUX_IF_ETHER_H */ ---- a/include/uapi/linux/libc-compat.h -+++ b/include/uapi/linux/libc-compat.h -@@ -264,4 +264,10 @@ - - #endif /* __GLIBC__ */ - -+/* Definitions for if_ether.h */ -+/* allow libcs like musl to deactivate this, glibc does not implement this. */ -+#ifndef __UAPI_DEF_ETHHDR -+#define __UAPI_DEF_ETHHDR 1 -+#endif -+ - #endif /* _UAPI_LIBC_COMPAT_H */ diff --git a/target/linux/generic/backport-4.19/289-v4.16-netfilter-add-defines-for-arp-decnet-max-hooks.patch b/target/linux/generic/backport-4.19/289-v4.16-netfilter-add-defines-for-arp-decnet-max-hooks.patch deleted file mode 100644 index f7898d4f30..0000000000 --- a/target/linux/generic/backport-4.19/289-v4.16-netfilter-add-defines-for-arp-decnet-max-hooks.patch +++ /dev/null @@ -1,67 +0,0 @@ -From e58f33cc84bc089c430ac955f3cad6380ae98591 Mon Sep 17 00:00:00 2001 -From: Florian Westphal -Date: Thu, 7 Dec 2017 16:28:23 +0100 -Subject: [PATCH] netfilter: add defines for arp/decnet max hooks - -The kernel already has defines for this, but they are in uapi exposed -headers. - -Including these from netns.h causes build errors and also adds unneeded -dependencies on heads that we don't need. - -So move these defines to netfilter_defs.h and place the uapi ones -in ifndef __KERNEL__ to keep them for userspace. - -Signed-off-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso ---- - include/linux/netfilter_defs.h | 6 ++++++ - include/uapi/linux/netfilter_arp.h | 3 +++ - include/uapi/linux/netfilter_decnet.h | 4 +++- - 3 files changed, 12 insertions(+), 1 deletion(-) - ---- a/include/linux/netfilter_defs.h -+++ b/include/linux/netfilter_defs.h -@@ -7,4 +7,10 @@ - /* Largest hook number + 1, see uapi/linux/netfilter_decnet.h */ - #define NF_MAX_HOOKS 8 - -+/* in/out/forward only */ -+#define NF_ARP_NUMHOOKS 3 -+ -+/* max hook is NF_DN_ROUTE (6), also see uapi/linux/netfilter_decnet.h */ -+#define NF_DN_NUMHOOKS 7 -+ - #endif ---- a/include/uapi/linux/netfilter_arp.h -+++ b/include/uapi/linux/netfilter_arp.h -@@ -15,6 +15,9 @@ - #define NF_ARP_IN 0 - #define NF_ARP_OUT 1 - #define NF_ARP_FORWARD 2 -+ -+#ifndef __KERNEL__ - #define NF_ARP_NUMHOOKS 3 -+#endif - - #endif /* __LINUX_ARP_NETFILTER_H */ ---- a/include/uapi/linux/netfilter_decnet.h -+++ b/include/uapi/linux/netfilter_decnet.h -@@ -24,6 +24,9 @@ - #define NFC_DN_IF_IN 0x0004 - /* Output device. */ - #define NFC_DN_IF_OUT 0x0008 -+ -+/* kernel define is in netfilter_defs.h */ -+#define NF_DN_NUMHOOKS 7 - #endif /* ! __KERNEL__ */ - - /* DECnet Hooks */ -@@ -41,7 +44,6 @@ - #define NF_DN_HELLO 5 - /* Input Routing Packets */ - #define NF_DN_ROUTE 6 --#define NF_DN_NUMHOOKS 7 - - enum nf_dn_hook_priorities { - NF_DN_PRI_FIRST = INT_MIN, diff --git a/target/linux/generic/backport-4.19/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch b/target/linux/generic/backport-4.19/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch deleted file mode 100644 index 35800c4acf..0000000000 --- a/target/linux/generic/backport-4.19/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 4e645b47c4f000a503b9c90163ad905786b9bc1d Mon Sep 17 00:00:00 2001 -From: Florian Westphal -Date: Fri, 1 Dec 2017 00:21:02 +0100 -Subject: [PATCH 02/11] netfilter: core: make nf_unregister_net_hooks simple - wrapper again - -This reverts commit d3ad2c17b4047 -("netfilter: core: batch nf_unregister_net_hooks synchronize_net calls"). - -Nothing wrong with it. However, followup patch will delay freeing of hooks -with call_rcu, so all synchronize_net() calls become obsolete and there -is no need anymore for this batching. - -This revert causes a temporary performance degradation when destroying -network namespace, but its resolved with the upcoming call_rcu conversion. - -Signed-off-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso ---- - net/netfilter/core.c | 59 +++------------------------------------------------- - 1 file changed, 3 insertions(+), 56 deletions(-) - ---- a/net/netfilter/core.c -+++ b/net/netfilter/core.c -@@ -395,63 +395,10 @@ EXPORT_SYMBOL(nf_register_net_hooks); - void nf_unregister_net_hooks(struct net *net, const struct nf_hook_ops *reg, - unsigned int hookcount) - { -- struct nf_hook_entries *to_free[16], *p; -- struct nf_hook_entries __rcu **pp; -- unsigned int i, j, n; -+ unsigned int i; - -- mutex_lock(&nf_hook_mutex); -- for (i = 0; i < hookcount; i++) { -- pp = nf_hook_entry_head(net, ®[i]); -- if (!pp) -- continue; -- -- p = nf_entry_dereference(*pp); -- if (WARN_ON_ONCE(!p)) -- continue; -- __nf_unregister_net_hook(p, ®[i]); -- } -- mutex_unlock(&nf_hook_mutex); -- -- do { -- n = min_t(unsigned int, hookcount, ARRAY_SIZE(to_free)); -- -- mutex_lock(&nf_hook_mutex); -- -- for (i = 0, j = 0; i < hookcount && j < n; i++) { -- pp = nf_hook_entry_head(net, ®[i]); -- if (!pp) -- continue; -- -- p = nf_entry_dereference(*pp); -- if (!p) -- continue; -- -- to_free[j] = __nf_hook_entries_try_shrink(pp); -- if (to_free[j]) -- ++j; -- } -- -- mutex_unlock(&nf_hook_mutex); -- -- if (j) { -- unsigned int nfq; -- -- synchronize_net(); -- -- /* need 2nd synchronize_net() if nfqueue is used, skb -- * can get reinjected right before nf_queue_hook_drop() -- */ -- nfq = nf_queue_nf_hook_drop(net); -- if (nfq) -- synchronize_net(); -- -- for (i = 0; i < j; i++) -- kvfree(to_free[i]); -- } -- -- reg += n; -- hookcount -= n; -- } while (hookcount > 0); -+ for (i = 0; i < hookcount; i++) -+ nf_unregister_net_hook(net, ®[i]); - } - EXPORT_SYMBOL(nf_unregister_net_hooks); - diff --git a/target/linux/generic/backport-4.19/291-v4.16-netfilter-core-remove-synchronize_net-call-if-nfqueu.patch b/target/linux/generic/backport-4.19/291-v4.16-netfilter-core-remove-synchronize_net-call-if-nfqueu.patch deleted file mode 100644 index 0ac5783624..0000000000 --- a/target/linux/generic/backport-4.19/291-v4.16-netfilter-core-remove-synchronize_net-call-if-nfqueu.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 26888dfd7e7454686b8d3ea9ba5045d5f236e4d7 Mon Sep 17 00:00:00 2001 -From: Florian Westphal -Date: Fri, 1 Dec 2017 00:21:03 +0100 -Subject: [PATCH 03/11] netfilter: core: remove synchronize_net call if nfqueue - is used - -since commit 960632ece6949b ("netfilter: convert hook list to an array") -nfqueue no longer stores a pointer to the hook that caused the packet -to be queued. Therefore no extra synchronize_net() call is needed after -dropping the packets enqueued by the old rule blob. - -Signed-off-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso ---- - include/net/netfilter/nf_queue.h | 2 +- - net/netfilter/core.c | 6 +----- - net/netfilter/nf_internals.h | 2 +- - net/netfilter/nf_queue.c | 7 ++----- - net/netfilter/nfnetlink_queue.c | 9 ++------- - 5 files changed, 7 insertions(+), 19 deletions(-) - ---- a/include/net/netfilter/nf_queue.h -+++ b/include/net/netfilter/nf_queue.h -@@ -25,7 +25,7 @@ struct nf_queue_entry { - struct nf_queue_handler { - int (*outfn)(struct nf_queue_entry *entry, - unsigned int queuenum); -- unsigned int (*nf_hook_drop)(struct net *net); -+ void (*nf_hook_drop)(struct net *net); - }; - - void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh); ---- a/net/netfilter/core.c -+++ b/net/netfilter/core.c -@@ -341,7 +341,6 @@ void nf_unregister_net_hook(struct net * - { - struct nf_hook_entries __rcu **pp; - struct nf_hook_entries *p; -- unsigned int nfq; - - pp = nf_hook_entry_head(net, reg); - if (!pp) -@@ -364,10 +363,7 @@ void nf_unregister_net_hook(struct net * - - synchronize_net(); - -- /* other cpu might still process nfqueue verdict that used reg */ -- nfq = nf_queue_nf_hook_drop(net); -- if (nfq) -- synchronize_net(); -+ nf_queue_nf_hook_drop(net); - kvfree(p); - } - EXPORT_SYMBOL(nf_unregister_net_hook); ---- a/net/netfilter/nf_internals.h -+++ b/net/netfilter/nf_internals.h -@@ -10,7 +10,7 @@ - int nf_queue(struct sk_buff *skb, struct nf_hook_state *state, - const struct nf_hook_entries *entries, unsigned int index, - unsigned int verdict); --unsigned int nf_queue_nf_hook_drop(struct net *net); -+void nf_queue_nf_hook_drop(struct net *net); - - /* nf_log.c */ - int __init netfilter_log_init(void); ---- a/net/netfilter/nf_queue.c -+++ b/net/netfilter/nf_queue.c -@@ -96,18 +96,15 @@ void nf_queue_entry_get_refs(struct nf_q - } - EXPORT_SYMBOL_GPL(nf_queue_entry_get_refs); - --unsigned int nf_queue_nf_hook_drop(struct net *net) -+void nf_queue_nf_hook_drop(struct net *net) - { - const struct nf_queue_handler *qh; -- unsigned int count = 0; - - rcu_read_lock(); - qh = rcu_dereference(net->nf.queue_handler); - if (qh) -- count = qh->nf_hook_drop(net); -+ qh->nf_hook_drop(net); - rcu_read_unlock(); -- -- return count; - } - EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop); - ---- a/net/netfilter/nfnetlink_queue.c -+++ b/net/netfilter/nfnetlink_queue.c -@@ -941,23 +941,18 @@ static struct notifier_block nfqnl_dev_n - .notifier_call = nfqnl_rcv_dev_event, - }; - --static unsigned int nfqnl_nf_hook_drop(struct net *net) -+static void nfqnl_nf_hook_drop(struct net *net) - { - struct nfnl_queue_net *q = nfnl_queue_pernet(net); -- unsigned int instances = 0; - int i; - - for (i = 0; i < INSTANCE_BUCKETS; i++) { - struct nfqnl_instance *inst; - struct hlist_head *head = &q->instance_table[i]; - -- hlist_for_each_entry_rcu(inst, head, hlist) { -+ hlist_for_each_entry_rcu(inst, head, hlist) - nfqnl_flush(inst, NULL, 0); -- instances++; -- } - } -- -- return instances; - } - - static int diff --git a/target/linux/generic/backport-4.19/292-v4.16-netfilter-core-free-hooks-with-call_rcu.patch b/target/linux/generic/backport-4.19/292-v4.16-netfilter-core-free-hooks-with-call_rcu.patch deleted file mode 100644 index 5eca73552b..0000000000 --- a/target/linux/generic/backport-4.19/292-v4.16-netfilter-core-free-hooks-with-call_rcu.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 8c873e2199700c2de7dbd5eedb9d90d5f109462b Mon Sep 17 00:00:00 2001 -From: Florian Westphal -Date: Fri, 1 Dec 2017 00:21:04 +0100 -Subject: [PATCH 04/11] netfilter: core: free hooks with call_rcu - -Giuseppe Scrivano says: - "SELinux, if enabled, registers for each new network namespace 6 - netfilter hooks." - -Cost for this is high. With synchronize_net() removed: - "The net benefit on an SMP machine with two cores is that creating a - new network namespace takes -40% of the original time." - -This patch replaces synchronize_net+kvfree with call_rcu(). -We store rcu_head at the tail of a structure that has no fixed layout, -i.e. we cannot use offsetof() to compute the start of the original -allocation. Thus store this information right after the rcu head. - -We could simplify this by just placing the rcu_head at the start -of struct nf_hook_entries. However, this structure is used in -packet processing hotpath, so only place what is needed for that -at the beginning of the struct. - -Reported-by: Giuseppe Scrivano -Signed-off-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso ---- - include/linux/netfilter.h | 19 +++++++++++++++---- - net/netfilter/core.c | 34 ++++++++++++++++++++++++++++------ - 2 files changed, 43 insertions(+), 10 deletions(-) - ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -77,17 +77,28 @@ struct nf_hook_entry { - void *priv; - }; - -+struct nf_hook_entries_rcu_head { -+ struct rcu_head head; -+ void *allocation; -+}; -+ - struct nf_hook_entries { - u16 num_hook_entries; - /* padding */ - struct nf_hook_entry hooks[]; - -- /* trailer: pointers to original orig_ops of each hook. -- * -- * This is not part of struct nf_hook_entry since its only -- * needed in slow path (hook register/unregister). -+ /* trailer: pointers to original orig_ops of each hook, -+ * followed by rcu_head and scratch space used for freeing -+ * the structure via call_rcu. - * -+ * This is not part of struct nf_hook_entry since its only -+ * needed in slow path (hook register/unregister): - * const struct nf_hook_ops *orig_ops[] -+ * -+ * For the same reason, we store this at end -- its -+ * only needed when a hook is deleted, not during -+ * packet path processing: -+ * struct nf_hook_entries_rcu_head head - */ - }; - ---- a/net/netfilter/core.c -+++ b/net/netfilter/core.c -@@ -74,7 +74,8 @@ static struct nf_hook_entries *allocate_ - struct nf_hook_entries *e; - size_t alloc = sizeof(*e) + - sizeof(struct nf_hook_entry) * num + -- sizeof(struct nf_hook_ops *) * num; -+ sizeof(struct nf_hook_ops *) * num + -+ sizeof(struct nf_hook_entries_rcu_head); - - if (num == 0) - return NULL; -@@ -85,6 +86,30 @@ static struct nf_hook_entries *allocate_ - return e; - } - -+static void __nf_hook_entries_free(struct rcu_head *h) -+{ -+ struct nf_hook_entries_rcu_head *head; -+ -+ head = container_of(h, struct nf_hook_entries_rcu_head, head); -+ kvfree(head->allocation); -+} -+ -+static void nf_hook_entries_free(struct nf_hook_entries *e) -+{ -+ struct nf_hook_entries_rcu_head *head; -+ struct nf_hook_ops **ops; -+ unsigned int num; -+ -+ if (!e) -+ return; -+ -+ num = e->num_hook_entries; -+ ops = nf_hook_entries_get_hook_ops(e); -+ head = (void *)&ops[num]; -+ head->allocation = e; -+ call_rcu(&head->head, __nf_hook_entries_free); -+} -+ - static unsigned int accept_all(void *priv, - struct sk_buff *skb, - const struct nf_hook_state *state) -@@ -291,9 +316,8 @@ int nf_register_net_hook(struct net *net - #ifdef HAVE_JUMP_LABEL - static_key_slow_inc(&nf_hooks_needed[reg->pf][reg->hooknum]); - #endif -- synchronize_net(); - BUG_ON(p == new_hooks); -- kvfree(p); -+ nf_hook_entries_free(p); - return 0; - } - EXPORT_SYMBOL(nf_register_net_hook); -@@ -361,10 +385,8 @@ void nf_unregister_net_hook(struct net * - if (!p) - return; - -- synchronize_net(); -- - nf_queue_nf_hook_drop(net); -- kvfree(p); -+ nf_hook_entries_free(p); - } - EXPORT_SYMBOL(nf_unregister_net_hook); - diff --git a/target/linux/generic/backport-4.19/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch b/target/linux/generic/backport-4.19/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch deleted file mode 100644 index fcf54e9858..0000000000 --- a/target/linux/generic/backport-4.19/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch +++ /dev/null @@ -1,200 +0,0 @@ -From b0f38338aef2dae5ade3c16acf713737e3b15a73 Mon Sep 17 00:00:00 2001 -From: Florian Westphal -Date: Sun, 3 Dec 2017 00:58:47 +0100 -Subject: [PATCH 05/11] netfilter: reduce size of hook entry point locations - -struct net contains: - -struct nf_hook_entries __rcu *hooks[NFPROTO_NUMPROTO][NF_MAX_HOOKS]; - -which store the hook entry point locations for the various protocol -families and the hooks. - -Using array results in compact c code when doing accesses, i.e. - x = rcu_dereference(net->nf.hooks[pf][hook]); - -but its also wasting a lot of memory, as most families are -not used. - -So split the array into those families that are used, which -are only 5 (instead of 13). In most cases, the 'pf' argument is -constant, i.e. gcc removes switch statement. - -struct net before: - /* size: 5184, cachelines: 81, members: 46 */ -after: - /* size: 4672, cachelines: 73, members: 46 */ - -Signed-off-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso ---- - include/linux/netfilter.h | 24 ++++++++++++++++++++++-- - include/net/netns/netfilter.h | 6 +++++- - net/bridge/br_netfilter_hooks.c | 2 +- - net/netfilter/core.c | 38 ++++++++++++++++++++++++++++++-------- - net/netfilter/nf_queue.c | 21 +++++++++++++++++++-- - 5 files changed, 77 insertions(+), 14 deletions(-) - ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -195,7 +195,7 @@ static inline int nf_hook(u_int8_t pf, u - struct net_device *indev, struct net_device *outdev, - int (*okfn)(struct net *, struct sock *, struct sk_buff *)) - { -- struct nf_hook_entries *hook_head; -+ struct nf_hook_entries *hook_head = NULL; - int ret = 1; - - #ifdef HAVE_JUMP_LABEL -@@ -206,7 +206,27 @@ static inline int nf_hook(u_int8_t pf, u - #endif - - rcu_read_lock(); -- hook_head = rcu_dereference(net->nf.hooks[pf][hook]); -+ switch (pf) { -+ case NFPROTO_IPV4: -+ hook_head = rcu_dereference(net->nf.hooks_ipv4[hook]); -+ break; -+ case NFPROTO_IPV6: -+ hook_head = rcu_dereference(net->nf.hooks_ipv6[hook]); -+ break; -+ case NFPROTO_ARP: -+ hook_head = rcu_dereference(net->nf.hooks_arp[hook]); -+ break; -+ case NFPROTO_BRIDGE: -+ hook_head = rcu_dereference(net->nf.hooks_bridge[hook]); -+ break; -+ case NFPROTO_DECNET: -+ hook_head = rcu_dereference(net->nf.hooks_decnet[hook]); -+ break; -+ default: -+ WARN_ON_ONCE(1); -+ break; -+ } -+ - if (hook_head) { - struct nf_hook_state state; - ---- a/include/net/netns/netfilter.h -+++ b/include/net/netns/netfilter.h -@@ -17,7 +17,11 @@ struct netns_nf { - #ifdef CONFIG_SYSCTL - struct ctl_table_header *nf_log_dir_header; - #endif -- struct nf_hook_entries __rcu *hooks[NFPROTO_NUMPROTO][NF_MAX_HOOKS]; -+ struct nf_hook_entries __rcu *hooks_ipv4[NF_MAX_HOOKS]; -+ struct nf_hook_entries __rcu *hooks_ipv6[NF_MAX_HOOKS]; -+ struct nf_hook_entries __rcu *hooks_arp[NF_MAX_HOOKS]; -+ struct nf_hook_entries __rcu *hooks_bridge[NF_MAX_HOOKS]; -+ struct nf_hook_entries __rcu *hooks_decnet[NF_MAX_HOOKS]; - #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4) - bool defrag_ipv4; - #endif ---- a/net/bridge/br_netfilter_hooks.c -+++ b/net/bridge/br_netfilter_hooks.c -@@ -992,7 +992,7 @@ int br_nf_hook_thresh(unsigned int hook, - unsigned int i; - int ret; - -- e = rcu_dereference(net->nf.hooks[NFPROTO_BRIDGE][hook]); -+ e = rcu_dereference(net->nf.hooks_bridge[hook]); - if (!e) - return okfn(net, sk, skb); - ---- a/net/netfilter/core.c -+++ b/net/netfilter/core.c -@@ -264,8 +264,23 @@ out_assign: - - static struct nf_hook_entries __rcu **nf_hook_entry_head(struct net *net, const struct nf_hook_ops *reg) - { -- if (reg->pf != NFPROTO_NETDEV) -- return net->nf.hooks[reg->pf]+reg->hooknum; -+ switch (reg->pf) { -+ case NFPROTO_NETDEV: -+ break; -+ case NFPROTO_ARP: -+ return net->nf.hooks_arp + reg->hooknum; -+ case NFPROTO_BRIDGE: -+ return net->nf.hooks_bridge + reg->hooknum; -+ case NFPROTO_IPV4: -+ return net->nf.hooks_ipv4 + reg->hooknum; -+ case NFPROTO_IPV6: -+ return net->nf.hooks_ipv6 + reg->hooknum; -+ case NFPROTO_DECNET: -+ return net->nf.hooks_decnet + reg->hooknum; -+ default: -+ WARN_ON_ONCE(1); -+ return NULL; -+ } - - #ifdef CONFIG_NETFILTER_INGRESS - if (reg->hooknum == NF_NETDEV_INGRESS) { -@@ -534,14 +549,21 @@ void (*nf_nat_decode_session_hook)(struc - EXPORT_SYMBOL(nf_nat_decode_session_hook); - #endif - --static int __net_init netfilter_net_init(struct net *net) -+static void __net_init __netfilter_net_init(struct nf_hook_entries *e[NF_MAX_HOOKS]) - { -- int i, h; -+ int h; - -- for (i = 0; i < ARRAY_SIZE(net->nf.hooks); i++) { -- for (h = 0; h < NF_MAX_HOOKS; h++) -- RCU_INIT_POINTER(net->nf.hooks[i][h], NULL); -- } -+ for (h = 0; h < NF_MAX_HOOKS; h++) -+ RCU_INIT_POINTER(e[h], NULL); -+} -+ -+static int __net_init netfilter_net_init(struct net *net) -+{ -+ __netfilter_net_init(net->nf.hooks_ipv4); -+ __netfilter_net_init(net->nf.hooks_ipv6); -+ __netfilter_net_init(net->nf.hooks_arp); -+ __netfilter_net_init(net->nf.hooks_bridge); -+ __netfilter_net_init(net->nf.hooks_decnet); - - #ifdef CONFIG_PROC_FS - net->nf.proc_netfilter = proc_net_mkdir(net, "netfilter", ---- a/net/netfilter/nf_queue.c -+++ b/net/netfilter/nf_queue.c -@@ -201,6 +201,23 @@ repeat: - return NF_ACCEPT; - } - -+static struct nf_hook_entries *nf_hook_entries_head(const struct net *net, u8 pf, u8 hooknum) -+{ -+ switch (pf) { -+ case NFPROTO_BRIDGE: -+ return rcu_dereference(net->nf.hooks_bridge[hooknum]); -+ case NFPROTO_IPV4: -+ return rcu_dereference(net->nf.hooks_ipv4[hooknum]); -+ case NFPROTO_IPV6: -+ return rcu_dereference(net->nf.hooks_ipv6[hooknum]); -+ default: -+ WARN_ON_ONCE(1); -+ return NULL; -+ } -+ -+ return NULL; -+} -+ - /* Caller must hold rcu read-side lock */ - void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) - { -@@ -216,12 +233,12 @@ void nf_reinject(struct nf_queue_entry * - net = entry->state.net; - pf = entry->state.pf; - -- hooks = rcu_dereference(net->nf.hooks[pf][entry->state.hook]); -+ hooks = nf_hook_entries_head(net, pf, entry->state.hook); - - nf_queue_entry_release_refs(entry); - - i = entry->hook_index; -- if (WARN_ON_ONCE(i >= hooks->num_hook_entries)) { -+ if (WARN_ON_ONCE(!hooks || i >= hooks->num_hook_entries)) { - kfree_skb(skb); - kfree(entry); - return; diff --git a/target/linux/generic/backport-4.19/294-v4.16-netfilter-reduce-hook-array-sizes-to-what-is-needed.patch b/target/linux/generic/backport-4.19/294-v4.16-netfilter-reduce-hook-array-sizes-to-what-is-needed.patch deleted file mode 100644 index d9009b8e1f..0000000000 --- a/target/linux/generic/backport-4.19/294-v4.16-netfilter-reduce-hook-array-sizes-to-what-is-needed.patch +++ /dev/null @@ -1,95 +0,0 @@ -From ef57170bbfdd6958281011332b1fd237712f69f0 Mon Sep 17 00:00:00 2001 -From: Florian Westphal -Date: Thu, 7 Dec 2017 16:28:24 +0100 -Subject: [PATCH 06/11] netfilter: reduce hook array sizes to what is needed - -Not all families share the same hook count, adjust sizes to what is -needed. - -struct net before: -/* size: 6592, cachelines: 103, members: 46 */ -after: -/* size: 5952, cachelines: 93, members: 46 */ - -Signed-off-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso ---- - include/net/netns/netfilter.h | 10 +++++----- - net/netfilter/core.c | 24 +++++++++++++++++------- - 2 files changed, 22 insertions(+), 12 deletions(-) - ---- a/include/net/netns/netfilter.h -+++ b/include/net/netns/netfilter.h -@@ -17,11 +17,11 @@ struct netns_nf { - #ifdef CONFIG_SYSCTL - struct ctl_table_header *nf_log_dir_header; - #endif -- struct nf_hook_entries __rcu *hooks_ipv4[NF_MAX_HOOKS]; -- struct nf_hook_entries __rcu *hooks_ipv6[NF_MAX_HOOKS]; -- struct nf_hook_entries __rcu *hooks_arp[NF_MAX_HOOKS]; -- struct nf_hook_entries __rcu *hooks_bridge[NF_MAX_HOOKS]; -- struct nf_hook_entries __rcu *hooks_decnet[NF_MAX_HOOKS]; -+ struct nf_hook_entries __rcu *hooks_ipv4[NF_INET_NUMHOOKS]; -+ struct nf_hook_entries __rcu *hooks_ipv6[NF_INET_NUMHOOKS]; -+ struct nf_hook_entries __rcu *hooks_arp[NF_ARP_NUMHOOKS]; -+ struct nf_hook_entries __rcu *hooks_bridge[NF_INET_NUMHOOKS]; -+ struct nf_hook_entries __rcu *hooks_decnet[NF_DN_NUMHOOKS]; - #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4) - bool defrag_ipv4; - #endif ---- a/net/netfilter/core.c -+++ b/net/netfilter/core.c -@@ -268,14 +268,24 @@ static struct nf_hook_entries __rcu **nf - case NFPROTO_NETDEV: - break; - case NFPROTO_ARP: -+ if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_arp) <= reg->hooknum)) -+ return NULL; - return net->nf.hooks_arp + reg->hooknum; - case NFPROTO_BRIDGE: -+ if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_bridge) <= reg->hooknum)) -+ return NULL; - return net->nf.hooks_bridge + reg->hooknum; - case NFPROTO_IPV4: -+ if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv4) <= reg->hooknum)) -+ return NULL; - return net->nf.hooks_ipv4 + reg->hooknum; - case NFPROTO_IPV6: -+ if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv6) <= reg->hooknum)) -+ return NULL; - return net->nf.hooks_ipv6 + reg->hooknum; - case NFPROTO_DECNET: -+ if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_decnet) <= reg->hooknum)) -+ return NULL; - return net->nf.hooks_decnet + reg->hooknum; - default: - WARN_ON_ONCE(1); -@@ -549,21 +559,21 @@ void (*nf_nat_decode_session_hook)(struc - EXPORT_SYMBOL(nf_nat_decode_session_hook); - #endif - --static void __net_init __netfilter_net_init(struct nf_hook_entries *e[NF_MAX_HOOKS]) -+static void __net_init __netfilter_net_init(struct nf_hook_entries **e, int max) - { - int h; - -- for (h = 0; h < NF_MAX_HOOKS; h++) -+ for (h = 0; h < max; h++) - RCU_INIT_POINTER(e[h], NULL); - } - - static int __net_init netfilter_net_init(struct net *net) - { -- __netfilter_net_init(net->nf.hooks_ipv4); -- __netfilter_net_init(net->nf.hooks_ipv6); -- __netfilter_net_init(net->nf.hooks_arp); -- __netfilter_net_init(net->nf.hooks_bridge); -- __netfilter_net_init(net->nf.hooks_decnet); -+ __netfilter_net_init(net->nf.hooks_ipv4, ARRAY_SIZE(net->nf.hooks_ipv4)); -+ __netfilter_net_init(net->nf.hooks_ipv6, ARRAY_SIZE(net->nf.hooks_ipv6)); -+ __netfilter_net_init(net->nf.hooks_arp, ARRAY_SIZE(net->nf.hooks_arp)); -+ __netfilter_net_init(net->nf.hooks_bridge, ARRAY_SIZE(net->nf.hooks_bridge)); -+ __netfilter_net_init(net->nf.hooks_decnet, ARRAY_SIZE(net->nf.hooks_decnet)); - - #ifdef CONFIG_PROC_FS - net->nf.proc_netfilter = proc_net_mkdir(net, "netfilter", diff --git a/target/linux/generic/backport-4.19/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch b/target/linux/generic/backport-4.19/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch deleted file mode 100644 index 26a93c40ae..0000000000 --- a/target/linux/generic/backport-4.19/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch +++ /dev/null @@ -1,67 +0,0 @@ -From bb4badf3a3dc81190f7c1c1fa063cdefb18df45f Mon Sep 17 00:00:00 2001 -From: Florian Westphal -Date: Thu, 7 Dec 2017 16:28:25 +0100 -Subject: [PATCH 07/11] netfilter: don't allocate space for decnet hooks unless - needed - -no need to define hook points if the family isn't supported. - -Signed-off-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso ---- - include/linux/netfilter.h | 2 ++ - include/net/netns/netfilter.h | 2 ++ - net/netfilter/core.c | 4 ++++ - 3 files changed, 8 insertions(+) - ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -219,9 +219,11 @@ static inline int nf_hook(u_int8_t pf, u - case NFPROTO_BRIDGE: - hook_head = rcu_dereference(net->nf.hooks_bridge[hook]); - break; -+#if IS_ENABLED(CONFIG_DECNET) - case NFPROTO_DECNET: - hook_head = rcu_dereference(net->nf.hooks_decnet[hook]); - break; -+#endif - default: - WARN_ON_ONCE(1); - break; ---- a/include/net/netns/netfilter.h -+++ b/include/net/netns/netfilter.h -@@ -21,7 +21,9 @@ struct netns_nf { - struct nf_hook_entries __rcu *hooks_ipv6[NF_INET_NUMHOOKS]; - struct nf_hook_entries __rcu *hooks_arp[NF_ARP_NUMHOOKS]; - struct nf_hook_entries __rcu *hooks_bridge[NF_INET_NUMHOOKS]; -+#if IS_ENABLED(CONFIG_DECNET) - struct nf_hook_entries __rcu *hooks_decnet[NF_DN_NUMHOOKS]; -+#endif - #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4) - bool defrag_ipv4; - #endif ---- a/net/netfilter/core.c -+++ b/net/netfilter/core.c -@@ -283,10 +283,12 @@ static struct nf_hook_entries __rcu **nf - if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv6) <= reg->hooknum)) - return NULL; - return net->nf.hooks_ipv6 + reg->hooknum; -+#if IS_ENABLED(CONFIG_DECNET) - case NFPROTO_DECNET: - if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_decnet) <= reg->hooknum)) - return NULL; - return net->nf.hooks_decnet + reg->hooknum; -+#endif - default: - WARN_ON_ONCE(1); - return NULL; -@@ -573,7 +575,9 @@ static int __net_init netfilter_net_init - __netfilter_net_init(net->nf.hooks_ipv6, ARRAY_SIZE(net->nf.hooks_ipv6)); - __netfilter_net_init(net->nf.hooks_arp, ARRAY_SIZE(net->nf.hooks_arp)); - __netfilter_net_init(net->nf.hooks_bridge, ARRAY_SIZE(net->nf.hooks_bridge)); -+#if IS_ENABLED(CONFIG_DECNET) - __netfilter_net_init(net->nf.hooks_decnet, ARRAY_SIZE(net->nf.hooks_decnet)); -+#endif - - #ifdef CONFIG_PROC_FS - net->nf.proc_netfilter = proc_net_mkdir(net, "netfilter", diff --git a/target/linux/generic/backport-4.19/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch b/target/linux/generic/backport-4.19/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch deleted file mode 100644 index 9444f6bb48..0000000000 --- a/target/linux/generic/backport-4.19/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch +++ /dev/null @@ -1,165 +0,0 @@ -From 2a95183a5e0375df756efb2ca37602d71e8455f9 Mon Sep 17 00:00:00 2001 -From: Florian Westphal -Date: Thu, 7 Dec 2017 16:28:26 +0100 -Subject: [PATCH 08/11] netfilter: don't allocate space for arp/bridge hooks - unless needed - -no need to define hook points if the family isn't supported. -Because we need these hooks for either nftables, arp/ebtables -or the 'call-iptables' hack we have in the bridge layer add two -new dependencies, NETFILTER_FAMILY_{ARP,BRIDGE}, and have the -users select them. - -Signed-off-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso ---- - include/linux/netfilter.h | 4 ++++ - include/net/netns/netfilter.h | 4 ++++ - net/Kconfig | 1 + - net/bridge/netfilter/Kconfig | 2 ++ - net/ipv4/netfilter/Kconfig | 2 ++ - net/netfilter/Kconfig | 6 ++++++ - net/netfilter/core.c | 8 ++++++++ - net/netfilter/nf_queue.c | 2 ++ - 8 files changed, 29 insertions(+) - ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -214,10 +214,14 @@ static inline int nf_hook(u_int8_t pf, u - hook_head = rcu_dereference(net->nf.hooks_ipv6[hook]); - break; - case NFPROTO_ARP: -+#ifdef CONFIG_NETFILTER_FAMILY_ARP - hook_head = rcu_dereference(net->nf.hooks_arp[hook]); -+#endif - break; - case NFPROTO_BRIDGE: -+#ifdef CONFIG_NETFILTER_FAMILY_BRIDGE - hook_head = rcu_dereference(net->nf.hooks_bridge[hook]); -+#endif - break; - #if IS_ENABLED(CONFIG_DECNET) - case NFPROTO_DECNET: ---- a/include/net/netns/netfilter.h -+++ b/include/net/netns/netfilter.h -@@ -19,8 +19,12 @@ struct netns_nf { - #endif - struct nf_hook_entries __rcu *hooks_ipv4[NF_INET_NUMHOOKS]; - struct nf_hook_entries __rcu *hooks_ipv6[NF_INET_NUMHOOKS]; -+#ifdef CONFIG_NETFILTER_FAMILY_ARP - struct nf_hook_entries __rcu *hooks_arp[NF_ARP_NUMHOOKS]; -+#endif -+#ifdef CONFIG_NETFILTER_FAMILY_BRIDGE - struct nf_hook_entries __rcu *hooks_bridge[NF_INET_NUMHOOKS]; -+#endif - #if IS_ENABLED(CONFIG_DECNET) - struct nf_hook_entries __rcu *hooks_decnet[NF_DN_NUMHOOKS]; - #endif ---- a/net/Kconfig -+++ b/net/Kconfig -@@ -182,6 +182,7 @@ config BRIDGE_NETFILTER - depends on BRIDGE - depends on NETFILTER && INET - depends on NETFILTER_ADVANCED -+ select NETFILTER_FAMILY_BRIDGE - default m - ---help--- - Enabling this option will let arptables resp. iptables see bridged ---- a/net/bridge/netfilter/Kconfig -+++ b/net/bridge/netfilter/Kconfig -@@ -4,6 +4,7 @@ - # - menuconfig NF_TABLES_BRIDGE - depends on BRIDGE && NETFILTER && NF_TABLES -+ select NETFILTER_FAMILY_BRIDGE - tristate "Ethernet Bridge nf_tables support" - - if NF_TABLES_BRIDGE -@@ -29,6 +30,7 @@ endif # NF_TABLES_BRIDGE - menuconfig BRIDGE_NF_EBTABLES - tristate "Ethernet Bridge tables (ebtables) support" - depends on BRIDGE && NETFILTER && NETFILTER_XTABLES -+ select NETFILTER_FAMILY_BRIDGE - help - ebtables is a general, extensible frame/packet identification - framework. Say 'Y' or 'M' here if you want to do Ethernet ---- a/net/ipv4/netfilter/Kconfig -+++ b/net/ipv4/netfilter/Kconfig -@@ -72,6 +72,7 @@ endif # NF_TABLES_IPV4 - - config NF_TABLES_ARP - tristate "ARP nf_tables support" -+ select NETFILTER_FAMILY_ARP - help - This option enables the ARP support for nf_tables. - -@@ -392,6 +393,7 @@ endif # IP_NF_IPTABLES - config IP_NF_ARPTABLES - tristate "ARP tables support" - select NETFILTER_XTABLES -+ select NETFILTER_FAMILY_ARP - depends on NETFILTER_ADVANCED - help - arptables is a general, extensible packet identification framework. ---- a/net/netfilter/Kconfig -+++ b/net/netfilter/Kconfig -@@ -12,6 +12,12 @@ config NETFILTER_INGRESS - config NETFILTER_NETLINK - tristate - -+config NETFILTER_FAMILY_BRIDGE -+ bool -+ -+config NETFILTER_FAMILY_ARP -+ bool -+ - config NETFILTER_NETLINK_ACCT - tristate "Netfilter NFACCT over NFNETLINK interface" - depends on NETFILTER_ADVANCED ---- a/net/netfilter/core.c -+++ b/net/netfilter/core.c -@@ -267,14 +267,18 @@ static struct nf_hook_entries __rcu **nf - switch (reg->pf) { - case NFPROTO_NETDEV: - break; -+#ifdef CONFIG_NETFILTER_FAMILY_ARP - case NFPROTO_ARP: - if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_arp) <= reg->hooknum)) - return NULL; - return net->nf.hooks_arp + reg->hooknum; -+#endif -+#ifdef CONFIG_NETFILTER_FAMILY_BRIDGE - case NFPROTO_BRIDGE: - if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_bridge) <= reg->hooknum)) - return NULL; - return net->nf.hooks_bridge + reg->hooknum; -+#endif - case NFPROTO_IPV4: - if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv4) <= reg->hooknum)) - return NULL; -@@ -573,8 +577,12 @@ static int __net_init netfilter_net_init - { - __netfilter_net_init(net->nf.hooks_ipv4, ARRAY_SIZE(net->nf.hooks_ipv4)); - __netfilter_net_init(net->nf.hooks_ipv6, ARRAY_SIZE(net->nf.hooks_ipv6)); -+#ifdef CONFIG_NETFILTER_FAMILY_ARP - __netfilter_net_init(net->nf.hooks_arp, ARRAY_SIZE(net->nf.hooks_arp)); -+#endif -+#ifdef CONFIG_NETFILTER_FAMILY_BRIDGE - __netfilter_net_init(net->nf.hooks_bridge, ARRAY_SIZE(net->nf.hooks_bridge)); -+#endif - #if IS_ENABLED(CONFIG_DECNET) - __netfilter_net_init(net->nf.hooks_decnet, ARRAY_SIZE(net->nf.hooks_decnet)); - #endif ---- a/net/netfilter/nf_queue.c -+++ b/net/netfilter/nf_queue.c -@@ -204,8 +204,10 @@ repeat: - static struct nf_hook_entries *nf_hook_entries_head(const struct net *net, u8 pf, u8 hooknum) - { - switch (pf) { -+#ifdef CONFIG_NETFILTER_FAMILY_BRIDGE - case NFPROTO_BRIDGE: - return rcu_dereference(net->nf.hooks_bridge[hooknum]); -+#endif - case NFPROTO_IPV4: - return rcu_dereference(net->nf.hooks_ipv4[hooknum]); - case NFPROTO_IPV6: diff --git a/target/linux/generic/backport-4.19/297-v4.16-netfilter-core-pass-hook-number-family-and-device-to.patch b/target/linux/generic/backport-4.19/297-v4.16-netfilter-core-pass-hook-number-family-and-device-to.patch deleted file mode 100644 index 7d450f95f0..0000000000 --- a/target/linux/generic/backport-4.19/297-v4.16-netfilter-core-pass-hook-number-family-and-device-to.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 62a0fe46e2aaba1812d3cbcae014a41539f9eb09 Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Sat, 9 Dec 2017 15:23:51 +0100 -Subject: [PATCH 09/11] netfilter: core: pass hook number, family and device to - nf_find_hook_list() - -Instead of passing struct nf_hook_ops, this is needed by follow up -patches to handle NFPROTO_INET from the core. - -Signed-off-by: Pablo Neira Ayuso ---- - net/netfilter/core.c | 36 +++++++++++++++++++----------------- - 1 file changed, 19 insertions(+), 17 deletions(-) - ---- a/net/netfilter/core.c -+++ b/net/netfilter/core.c -@@ -262,36 +262,38 @@ out_assign: - return old; - } - --static struct nf_hook_entries __rcu **nf_hook_entry_head(struct net *net, const struct nf_hook_ops *reg) -+static struct nf_hook_entries __rcu ** -+nf_hook_entry_head(struct net *net, int pf, unsigned int hooknum, -+ struct net_device *dev) - { -- switch (reg->pf) { -+ switch (pf) { - case NFPROTO_NETDEV: - break; - #ifdef CONFIG_NETFILTER_FAMILY_ARP - case NFPROTO_ARP: -- if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_arp) <= reg->hooknum)) -+ if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_arp) <= hooknum)) - return NULL; -- return net->nf.hooks_arp + reg->hooknum; -+ return net->nf.hooks_arp + hooknum; - #endif - #ifdef CONFIG_NETFILTER_FAMILY_BRIDGE - case NFPROTO_BRIDGE: -- if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_bridge) <= reg->hooknum)) -+ if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_bridge) <= hooknum)) - return NULL; -- return net->nf.hooks_bridge + reg->hooknum; -+ return net->nf.hooks_bridge + hooknum; - #endif - case NFPROTO_IPV4: -- if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv4) <= reg->hooknum)) -+ if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv4) <= hooknum)) - return NULL; -- return net->nf.hooks_ipv4 + reg->hooknum; -+ return net->nf.hooks_ipv4 + hooknum; - case NFPROTO_IPV6: -- if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv6) <= reg->hooknum)) -+ if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv6) <= hooknum)) - return NULL; -- return net->nf.hooks_ipv6 + reg->hooknum; -+ return net->nf.hooks_ipv6 + hooknum; - #if IS_ENABLED(CONFIG_DECNET) - case NFPROTO_DECNET: -- if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_decnet) <= reg->hooknum)) -+ if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_decnet) <= hooknum)) - return NULL; -- return net->nf.hooks_decnet + reg->hooknum; -+ return net->nf.hooks_decnet + hooknum; - #endif - default: - WARN_ON_ONCE(1); -@@ -299,9 +301,9 @@ static struct nf_hook_entries __rcu **nf - } - - #ifdef CONFIG_NETFILTER_INGRESS -- if (reg->hooknum == NF_NETDEV_INGRESS) { -- if (reg->dev && dev_net(reg->dev) == net) -- return ®->dev->nf_hooks_ingress; -+ if (hooknum == NF_NETDEV_INGRESS) { -+ if (dev && dev_net(dev) == net) -+ return &dev->nf_hooks_ingress; - } - #endif - WARN_ON_ONCE(1); -@@ -323,7 +325,7 @@ int nf_register_net_hook(struct net *net - return -EINVAL; - } - -- pp = nf_hook_entry_head(net, reg); -+ pp = nf_hook_entry_head(net, reg->pf, reg->hooknum, reg->dev); - if (!pp) - return -EINVAL; - -@@ -397,7 +399,7 @@ void nf_unregister_net_hook(struct net * - struct nf_hook_entries __rcu **pp; - struct nf_hook_entries *p; - -- pp = nf_hook_entry_head(net, reg); -+ pp = nf_hook_entry_head(net, reg->pf, reg->hooknum, reg->dev); - if (!pp) - return; - diff --git a/target/linux/generic/backport-4.19/298-v4.16-netfilter-core-add-nf_remove_net_hook.patch b/target/linux/generic/backport-4.19/298-v4.16-netfilter-core-add-nf_remove_net_hook.patch deleted file mode 100644 index 8fea44b359..0000000000 --- a/target/linux/generic/backport-4.19/298-v4.16-netfilter-core-add-nf_remove_net_hook.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 3d3cdc38e8c265a9f9d3825e823e772872bca1b8 Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Sat, 9 Dec 2017 15:19:14 +0100 -Subject: [PATCH 01/11] netfilter: core: add nf_remove_net_hook - -Just a cleanup, __nf_unregister_net_hook() is used by a follow up patch -when handling NFPROTO_INET as a real family from the core. - -Signed-off-by: Pablo Neira Ayuso ---- - net/netfilter/core.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - ---- a/net/netfilter/core.c -+++ b/net/netfilter/core.c -@@ -356,7 +356,7 @@ int nf_register_net_hook(struct net *net - EXPORT_SYMBOL(nf_register_net_hook); - - /* -- * __nf_unregister_net_hook - remove a hook from blob -+ * nf_remove_net_hook - remove a hook from blob - * - * @oldp: current address of hook blob - * @unreg: hook to unregister -@@ -364,8 +364,8 @@ EXPORT_SYMBOL(nf_register_net_hook); - * This cannot fail, hook unregistration must always succeed. - * Therefore replace the to-be-removed hook with a dummy hook. - */ --static void __nf_unregister_net_hook(struct nf_hook_entries *old, -- const struct nf_hook_ops *unreg) -+static void nf_remove_net_hook(struct nf_hook_entries *old, -+ const struct nf_hook_ops *unreg) - { - struct nf_hook_ops **orig_ops; - bool found = false; -@@ -411,7 +411,7 @@ void nf_unregister_net_hook(struct net * - return; - } - -- __nf_unregister_net_hook(p, reg); -+ nf_remove_net_hook(p, reg); - - p = __nf_hook_entries_try_shrink(pp); - mutex_unlock(&nf_hook_mutex); diff --git a/target/linux/generic/backport-4.19/298-v4.16-netfilter-core-pass-family-as-parameter-to-nf_remove.patch b/target/linux/generic/backport-4.19/298-v4.16-netfilter-core-pass-family-as-parameter-to-nf_remove.patch deleted file mode 100644 index 4c52635c13..0000000000 --- a/target/linux/generic/backport-4.19/298-v4.16-netfilter-core-pass-family-as-parameter-to-nf_remove.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 30259408118f550f5969fda19c0d67020d21eda8 Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Sat, 9 Dec 2017 15:26:37 +0100 -Subject: [PATCH 10/11] netfilter: core: pass family as parameter to - nf_remove_net_hook() - -So static_key_slow_dec applies to the family behind NFPROTO_INET. - -Signed-off-by: Pablo Neira Ayuso ---- - net/netfilter/core.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - ---- a/net/netfilter/core.c -+++ b/net/netfilter/core.c -@@ -365,7 +365,7 @@ EXPORT_SYMBOL(nf_register_net_hook); - * Therefore replace the to-be-removed hook with a dummy hook. - */ - static void nf_remove_net_hook(struct nf_hook_entries *old, -- const struct nf_hook_ops *unreg) -+ const struct nf_hook_ops *unreg, int pf) - { - struct nf_hook_ops **orig_ops; - bool found = false; -@@ -383,14 +383,14 @@ static void nf_remove_net_hook(struct nf - - if (found) { - #ifdef CONFIG_NETFILTER_INGRESS -- if (unreg->pf == NFPROTO_NETDEV && unreg->hooknum == NF_NETDEV_INGRESS) -+ if (pf == NFPROTO_NETDEV && unreg->hooknum == NF_NETDEV_INGRESS) - net_dec_ingress_queue(); - #endif - #ifdef HAVE_JUMP_LABEL -- static_key_slow_dec(&nf_hooks_needed[unreg->pf][unreg->hooknum]); -+ static_key_slow_dec(&nf_hooks_needed[pf][unreg->hooknum]); - #endif - } else { -- WARN_ONCE(1, "hook not found, pf %d num %d", unreg->pf, unreg->hooknum); -+ WARN_ONCE(1, "hook not found, pf %d num %d", pf, unreg->hooknum); - } - } - -@@ -411,7 +411,7 @@ void nf_unregister_net_hook(struct net * - return; - } - -- nf_remove_net_hook(p, reg); -+ nf_remove_net_hook(p, reg, reg->pf); - - p = __nf_hook_entries_try_shrink(pp); - mutex_unlock(&nf_hook_mutex); diff --git a/target/linux/generic/backport-4.19/299-v4.16-netfilter-core-support-for-NFPROTO_INET-hook-registr.patch b/target/linux/generic/backport-4.19/299-v4.16-netfilter-core-support-for-NFPROTO_INET-hook-registr.patch deleted file mode 100644 index b112855132..0000000000 --- a/target/linux/generic/backport-4.19/299-v4.16-netfilter-core-support-for-NFPROTO_INET-hook-registr.patch +++ /dev/null @@ -1,129 +0,0 @@ -From cb7ccd835ebb333669e400f99c650e4f3abf11c0 Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Sat, 9 Dec 2017 15:30:26 +0100 -Subject: [PATCH 11/11] netfilter: core: support for NFPROTO_INET hook - registration - -Expand NFPROTO_INET in two hook registrations, one for NFPROTO_IPV4 and -another for NFPROTO_IPV6. Hence, we handle NFPROTO_INET from the core. - -Signed-off-by: Pablo Neira Ayuso ---- - net/netfilter/core.c | 53 +++++++++++++++++++++++++++++++++++++++++++--------- - 1 file changed, 44 insertions(+), 9 deletions(-) - ---- a/net/netfilter/core.c -+++ b/net/netfilter/core.c -@@ -310,12 +310,13 @@ nf_hook_entry_head(struct net *net, int - return NULL; - } - --int nf_register_net_hook(struct net *net, const struct nf_hook_ops *reg) -+static int __nf_register_net_hook(struct net *net, int pf, -+ const struct nf_hook_ops *reg) - { - struct nf_hook_entries *p, *new_hooks; - struct nf_hook_entries __rcu **pp; - -- if (reg->pf == NFPROTO_NETDEV) { -+ if (pf == NFPROTO_NETDEV) { - #ifndef CONFIG_NETFILTER_INGRESS - if (reg->hooknum == NF_NETDEV_INGRESS) - return -EOPNOTSUPP; -@@ -325,7 +326,7 @@ int nf_register_net_hook(struct net *net - return -EINVAL; - } - -- pp = nf_hook_entry_head(net, reg->pf, reg->hooknum, reg->dev); -+ pp = nf_hook_entry_head(net, pf, reg->hooknum, reg->dev); - if (!pp) - return -EINVAL; - -@@ -343,17 +344,16 @@ int nf_register_net_hook(struct net *net - - hooks_validate(new_hooks); - #ifdef CONFIG_NETFILTER_INGRESS -- if (reg->pf == NFPROTO_NETDEV && reg->hooknum == NF_NETDEV_INGRESS) -+ if (pf == NFPROTO_NETDEV && reg->hooknum == NF_NETDEV_INGRESS) - net_inc_ingress_queue(); - #endif - #ifdef HAVE_JUMP_LABEL -- static_key_slow_inc(&nf_hooks_needed[reg->pf][reg->hooknum]); -+ static_key_slow_inc(&nf_hooks_needed[pf][reg->hooknum]); - #endif - BUG_ON(p == new_hooks); - nf_hook_entries_free(p); - return 0; - } --EXPORT_SYMBOL(nf_register_net_hook); - - /* - * nf_remove_net_hook - remove a hook from blob -@@ -394,12 +394,13 @@ static void nf_remove_net_hook(struct nf - } - } - --void nf_unregister_net_hook(struct net *net, const struct nf_hook_ops *reg) -+void __nf_unregister_net_hook(struct net *net, int pf, -+ const struct nf_hook_ops *reg) - { - struct nf_hook_entries __rcu **pp; - struct nf_hook_entries *p; - -- pp = nf_hook_entry_head(net, reg->pf, reg->hooknum, reg->dev); -+ pp = nf_hook_entry_head(net, pf, reg->hooknum, reg->dev); - if (!pp) - return; - -@@ -411,7 +412,7 @@ void nf_unregister_net_hook(struct net * - return; - } - -- nf_remove_net_hook(p, reg, reg->pf); -+ nf_remove_net_hook(p, reg, pf); - - p = __nf_hook_entries_try_shrink(pp); - mutex_unlock(&nf_hook_mutex); -@@ -421,8 +422,42 @@ void nf_unregister_net_hook(struct net * - nf_queue_nf_hook_drop(net); - nf_hook_entries_free(p); - } -+ -+void nf_unregister_net_hook(struct net *net, const struct nf_hook_ops *reg) -+{ -+ if (reg->pf == NFPROTO_INET) { -+ __nf_unregister_net_hook(net, NFPROTO_IPV4, reg); -+ __nf_unregister_net_hook(net, NFPROTO_IPV6, reg); -+ } else { -+ __nf_unregister_net_hook(net, reg->pf, reg); -+ } -+} - EXPORT_SYMBOL(nf_unregister_net_hook); - -+int nf_register_net_hook(struct net *net, const struct nf_hook_ops *reg) -+{ -+ int err; -+ -+ if (reg->pf == NFPROTO_INET) { -+ err = __nf_register_net_hook(net, NFPROTO_IPV4, reg); -+ if (err < 0) -+ return err; -+ -+ err = __nf_register_net_hook(net, NFPROTO_IPV6, reg); -+ if (err < 0) { -+ __nf_unregister_net_hook(net, NFPROTO_IPV4, reg); -+ return err; -+ } -+ } else { -+ err = __nf_register_net_hook(net, reg->pf, reg); -+ if (err < 0) -+ return err; -+ } -+ -+ return 0; -+} -+EXPORT_SYMBOL(nf_register_net_hook); -+ - int nf_register_net_hooks(struct net *net, const struct nf_hook_ops *reg, - unsigned int n) - { diff --git a/target/linux/generic/backport-4.19/300-v4.16-netfilter-nf_tables-explicit-nft_set_pktinfo-call-fr.patch b/target/linux/generic/backport-4.19/300-v4.16-netfilter-nf_tables-explicit-nft_set_pktinfo-call-fr.patch deleted file mode 100644 index c0cb5bbeba..0000000000 --- a/target/linux/generic/backport-4.19/300-v4.16-netfilter-nf_tables-explicit-nft_set_pktinfo-call-fr.patch +++ /dev/null @@ -1,291 +0,0 @@ -From: Pablo Neira Ayuso -Date: Sun, 10 Dec 2017 01:43:14 +0100 -Subject: [PATCH] netfilter: nf_tables: explicit nft_set_pktinfo() call from - hook path - -Instead of calling this function from the family specific variant, this -reduces the code size in the fast path for the netdev, bridge and inet -families. After this change, we must call nft_set_pktinfo() upfront from -the chain hook indirection. - -Before: - - text data bss dec hex filename - 2145 208 0 2353 931 net/netfilter/nf_tables_netdev.o - -After: - - text data bss dec hex filename - 2125 208 0 2333 91d net/netfilter/nf_tables_netdev.o - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/net/netfilter/nf_tables.h -+++ b/include/net/netfilter/nf_tables.h -@@ -54,8 +54,8 @@ static inline void nft_set_pktinfo(struc - pkt->xt.state = state; - } - --static inline void nft_set_pktinfo_proto_unspec(struct nft_pktinfo *pkt, -- struct sk_buff *skb) -+static inline void nft_set_pktinfo_unspec(struct nft_pktinfo *pkt, -+ struct sk_buff *skb) - { - pkt->tprot_set = false; - pkt->tprot = 0; -@@ -63,14 +63,6 @@ static inline void nft_set_pktinfo_proto - pkt->xt.fragoff = 0; - } - --static inline void nft_set_pktinfo_unspec(struct nft_pktinfo *pkt, -- struct sk_buff *skb, -- const struct nf_hook_state *state) --{ -- nft_set_pktinfo(pkt, skb, state); -- nft_set_pktinfo_proto_unspec(pkt, skb); --} -- - /** - * struct nft_verdict - nf_tables verdict - * ---- a/include/net/netfilter/nf_tables_ipv4.h -+++ b/include/net/netfilter/nf_tables_ipv4.h -@@ -5,15 +5,11 @@ - #include - #include - --static inline void --nft_set_pktinfo_ipv4(struct nft_pktinfo *pkt, -- struct sk_buff *skb, -- const struct nf_hook_state *state) -+static inline void nft_set_pktinfo_ipv4(struct nft_pktinfo *pkt, -+ struct sk_buff *skb) - { - struct iphdr *ip; - -- nft_set_pktinfo(pkt, skb, state); -- - ip = ip_hdr(pkt->skb); - pkt->tprot_set = true; - pkt->tprot = ip->protocol; -@@ -21,10 +17,8 @@ nft_set_pktinfo_ipv4(struct nft_pktinfo - pkt->xt.fragoff = ntohs(ip->frag_off) & IP_OFFSET; - } - --static inline int --__nft_set_pktinfo_ipv4_validate(struct nft_pktinfo *pkt, -- struct sk_buff *skb, -- const struct nf_hook_state *state) -+static inline int __nft_set_pktinfo_ipv4_validate(struct nft_pktinfo *pkt, -+ struct sk_buff *skb) - { - struct iphdr *iph, _iph; - u32 len, thoff; -@@ -52,14 +46,11 @@ __nft_set_pktinfo_ipv4_validate(struct n - return 0; - } - --static inline void --nft_set_pktinfo_ipv4_validate(struct nft_pktinfo *pkt, -- struct sk_buff *skb, -- const struct nf_hook_state *state) -+static inline void nft_set_pktinfo_ipv4_validate(struct nft_pktinfo *pkt, -+ struct sk_buff *skb) - { -- nft_set_pktinfo(pkt, skb, state); -- if (__nft_set_pktinfo_ipv4_validate(pkt, skb, state) < 0) -- nft_set_pktinfo_proto_unspec(pkt, skb); -+ if (__nft_set_pktinfo_ipv4_validate(pkt, skb) < 0) -+ nft_set_pktinfo_unspec(pkt, skb); - } - - extern struct nft_af_info nft_af_ipv4; ---- a/include/net/netfilter/nf_tables_ipv6.h -+++ b/include/net/netfilter/nf_tables_ipv6.h -@@ -5,20 +5,16 @@ - #include - #include - --static inline void --nft_set_pktinfo_ipv6(struct nft_pktinfo *pkt, -- struct sk_buff *skb, -- const struct nf_hook_state *state) -+static inline void nft_set_pktinfo_ipv6(struct nft_pktinfo *pkt, -+ struct sk_buff *skb) - { - unsigned int flags = IP6_FH_F_AUTH; - int protohdr, thoff = 0; - unsigned short frag_off; - -- nft_set_pktinfo(pkt, skb, state); -- - protohdr = ipv6_find_hdr(pkt->skb, &thoff, -1, &frag_off, &flags); - if (protohdr < 0) { -- nft_set_pktinfo_proto_unspec(pkt, skb); -+ nft_set_pktinfo_unspec(pkt, skb); - return; - } - -@@ -28,10 +24,8 @@ nft_set_pktinfo_ipv6(struct nft_pktinfo - pkt->xt.fragoff = frag_off; - } - --static inline int --__nft_set_pktinfo_ipv6_validate(struct nft_pktinfo *pkt, -- struct sk_buff *skb, -- const struct nf_hook_state *state) -+static inline int __nft_set_pktinfo_ipv6_validate(struct nft_pktinfo *pkt, -+ struct sk_buff *skb) - { - #if IS_ENABLED(CONFIG_IPV6) - unsigned int flags = IP6_FH_F_AUTH; -@@ -68,14 +62,11 @@ __nft_set_pktinfo_ipv6_validate(struct n - #endif - } - --static inline void --nft_set_pktinfo_ipv6_validate(struct nft_pktinfo *pkt, -- struct sk_buff *skb, -- const struct nf_hook_state *state) -+static inline void nft_set_pktinfo_ipv6_validate(struct nft_pktinfo *pkt, -+ struct sk_buff *skb) - { -- nft_set_pktinfo(pkt, skb, state); -- if (__nft_set_pktinfo_ipv6_validate(pkt, skb, state) < 0) -- nft_set_pktinfo_proto_unspec(pkt, skb); -+ if (__nft_set_pktinfo_ipv6_validate(pkt, skb) < 0) -+ nft_set_pktinfo_unspec(pkt, skb); - } - - extern struct nft_af_info nft_af_ipv6; ---- a/net/bridge/netfilter/nf_tables_bridge.c -+++ b/net/bridge/netfilter/nf_tables_bridge.c -@@ -25,15 +25,17 @@ nft_do_chain_bridge(void *priv, - { - struct nft_pktinfo pkt; - -+ nft_set_pktinfo(&pkt, skb, state); -+ - switch (eth_hdr(skb)->h_proto) { - case htons(ETH_P_IP): -- nft_set_pktinfo_ipv4_validate(&pkt, skb, state); -+ nft_set_pktinfo_ipv4_validate(&pkt, skb); - break; - case htons(ETH_P_IPV6): -- nft_set_pktinfo_ipv6_validate(&pkt, skb, state); -+ nft_set_pktinfo_ipv6_validate(&pkt, skb); - break; - default: -- nft_set_pktinfo_unspec(&pkt, skb, state); -+ nft_set_pktinfo_unspec(&pkt, skb); - break; - } - ---- a/net/ipv4/netfilter/nf_tables_arp.c -+++ b/net/ipv4/netfilter/nf_tables_arp.c -@@ -21,7 +21,8 @@ nft_do_chain_arp(void *priv, - { - struct nft_pktinfo pkt; - -- nft_set_pktinfo_unspec(&pkt, skb, state); -+ nft_set_pktinfo(&pkt, skb, state); -+ nft_set_pktinfo_unspec(&pkt, skb); - - return nft_do_chain(&pkt, priv); - } ---- a/net/ipv4/netfilter/nf_tables_ipv4.c -+++ b/net/ipv4/netfilter/nf_tables_ipv4.c -@@ -24,7 +24,8 @@ static unsigned int nft_do_chain_ipv4(vo - { - struct nft_pktinfo pkt; - -- nft_set_pktinfo_ipv4(&pkt, skb, state); -+ nft_set_pktinfo(&pkt, skb, state); -+ nft_set_pktinfo_ipv4(&pkt, skb); - - return nft_do_chain(&pkt, priv); - } ---- a/net/ipv4/netfilter/nft_chain_nat_ipv4.c -+++ b/net/ipv4/netfilter/nft_chain_nat_ipv4.c -@@ -33,7 +33,8 @@ static unsigned int nft_nat_do_chain(voi - { - struct nft_pktinfo pkt; - -- nft_set_pktinfo_ipv4(&pkt, skb, state); -+ nft_set_pktinfo(&pkt, skb, state); -+ nft_set_pktinfo_ipv4(&pkt, skb); - - return nft_do_chain(&pkt, priv); - } ---- a/net/ipv4/netfilter/nft_chain_route_ipv4.c -+++ b/net/ipv4/netfilter/nft_chain_route_ipv4.c -@@ -38,7 +38,8 @@ static unsigned int nf_route_table_hook( - ip_hdrlen(skb) < sizeof(struct iphdr)) - return NF_ACCEPT; - -- nft_set_pktinfo_ipv4(&pkt, skb, state); -+ nft_set_pktinfo(&pkt, skb, state); -+ nft_set_pktinfo_ipv4(&pkt, skb); - - mark = skb->mark; - iph = ip_hdr(skb); ---- a/net/ipv6/netfilter/nf_tables_ipv6.c -+++ b/net/ipv6/netfilter/nf_tables_ipv6.c -@@ -22,7 +22,8 @@ static unsigned int nft_do_chain_ipv6(vo - { - struct nft_pktinfo pkt; - -- nft_set_pktinfo_ipv6(&pkt, skb, state); -+ nft_set_pktinfo(&pkt, skb, state); -+ nft_set_pktinfo_ipv6(&pkt, skb); - - return nft_do_chain(&pkt, priv); - } ---- a/net/ipv6/netfilter/nft_chain_nat_ipv6.c -+++ b/net/ipv6/netfilter/nft_chain_nat_ipv6.c -@@ -31,7 +31,8 @@ static unsigned int nft_nat_do_chain(voi - { - struct nft_pktinfo pkt; - -- nft_set_pktinfo_ipv6(&pkt, skb, state); -+ nft_set_pktinfo(&pkt, skb, state); -+ nft_set_pktinfo_ipv6(&pkt, skb); - - return nft_do_chain(&pkt, priv); - } ---- a/net/ipv6/netfilter/nft_chain_route_ipv6.c -+++ b/net/ipv6/netfilter/nft_chain_route_ipv6.c -@@ -33,7 +33,8 @@ static unsigned int nf_route_table_hook( - u32 mark, flowlabel; - int err; - -- nft_set_pktinfo_ipv6(&pkt, skb, state); -+ nft_set_pktinfo(&pkt, skb, state); -+ nft_set_pktinfo_ipv6(&pkt, skb); - - /* save source/dest address, mark, hoplimit, flowlabel, priority */ - memcpy(&saddr, &ipv6_hdr(skb)->saddr, sizeof(saddr)); ---- a/net/netfilter/nf_tables_netdev.c -+++ b/net/netfilter/nf_tables_netdev.c -@@ -21,15 +21,17 @@ nft_do_chain_netdev(void *priv, struct s - { - struct nft_pktinfo pkt; - -+ nft_set_pktinfo(&pkt, skb, state); -+ - switch (skb->protocol) { - case htons(ETH_P_IP): -- nft_set_pktinfo_ipv4_validate(&pkt, skb, state); -+ nft_set_pktinfo_ipv4_validate(&pkt, skb); - break; - case htons(ETH_P_IPV6): -- nft_set_pktinfo_ipv6_validate(&pkt, skb, state); -+ nft_set_pktinfo_ipv6_validate(&pkt, skb); - break; - default: -- nft_set_pktinfo_unspec(&pkt, skb, state); -+ nft_set_pktinfo_unspec(&pkt, skb); - break; - } - diff --git a/target/linux/generic/backport-4.19/301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch b/target/linux/generic/backport-4.19/301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch deleted file mode 100644 index 05888a070e..0000000000 --- a/target/linux/generic/backport-4.19/301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch +++ /dev/null @@ -1,146 +0,0 @@ -From: Florian Westphal -Date: Fri, 8 Dec 2017 17:01:54 +0100 -Subject: [PATCH] netfilter: core: only allow one nat hook per hook point - -The netfilter NAT core cannot deal with more than one NAT hook per hook -location (prerouting, input ...), because the NAT hooks install a NAT null -binding in case the iptables nat table (iptable_nat hooks) or the -corresponding nftables chain (nft nat hooks) doesn't specify a nat -transformation. - -Null bindings are needed to detect port collsisions between NAT-ed and -non-NAT-ed connections. - -This causes nftables NAT rules to not work when iptable_nat module is -loaded, and vice versa because nat binding has already been attached -when the second nat hook is consulted. - -The netfilter core is not really the correct location to handle this -(hooks are just hooks, the core has no notion of what kinds of side - effects a hook implements), but its the only place where we can check -for conflicts between both iptables hooks and nftables hooks without -adding dependencies. - -So add nat annotation to hook_ops to describe those hooks that will -add NAT bindings and then make core reject if such a hook already exists. -The annotation fills a padding hole, in case further restrictions appar -we might change this to a 'u8 type' instead of bool. - -iptables error if nft nat hook active: -iptables -t nat -A POSTROUTING -j MASQUERADE -iptables v1.4.21: can't initialize iptables table `nat': File exists -Perhaps iptables or your kernel needs to be upgraded. - -nftables error if iptables nat table present: -nft -f /etc/nftables/ipv4-nat -/usr/etc/nftables/ipv4-nat:3:1-2: Error: Could not process rule: File exists -table nat { -^^ - -Signed-off-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -67,6 +67,7 @@ struct nf_hook_ops { - struct net_device *dev; - void *priv; - u_int8_t pf; -+ bool nat_hook; - unsigned int hooknum; - /* Hooks are ordered in ascending priority. */ - int priority; ---- a/net/ipv4/netfilter/iptable_nat.c -+++ b/net/ipv4/netfilter/iptable_nat.c -@@ -72,6 +72,7 @@ static const struct nf_hook_ops nf_nat_i - { - .hook = iptable_nat_ipv4_in, - .pf = NFPROTO_IPV4, -+ .nat_hook = true, - .hooknum = NF_INET_PRE_ROUTING, - .priority = NF_IP_PRI_NAT_DST, - }, -@@ -79,6 +80,7 @@ static const struct nf_hook_ops nf_nat_i - { - .hook = iptable_nat_ipv4_out, - .pf = NFPROTO_IPV4, -+ .nat_hook = true, - .hooknum = NF_INET_POST_ROUTING, - .priority = NF_IP_PRI_NAT_SRC, - }, -@@ -86,6 +88,7 @@ static const struct nf_hook_ops nf_nat_i - { - .hook = iptable_nat_ipv4_local_fn, - .pf = NFPROTO_IPV4, -+ .nat_hook = true, - .hooknum = NF_INET_LOCAL_OUT, - .priority = NF_IP_PRI_NAT_DST, - }, -@@ -93,6 +96,7 @@ static const struct nf_hook_ops nf_nat_i - { - .hook = iptable_nat_ipv4_fn, - .pf = NFPROTO_IPV4, -+ .nat_hook = true, - .hooknum = NF_INET_LOCAL_IN, - .priority = NF_IP_PRI_NAT_SRC, - }, ---- a/net/ipv6/netfilter/ip6table_nat.c -+++ b/net/ipv6/netfilter/ip6table_nat.c -@@ -74,6 +74,7 @@ static const struct nf_hook_ops nf_nat_i - { - .hook = ip6table_nat_in, - .pf = NFPROTO_IPV6, -+ .nat_hook = true, - .hooknum = NF_INET_PRE_ROUTING, - .priority = NF_IP6_PRI_NAT_DST, - }, -@@ -81,6 +82,7 @@ static const struct nf_hook_ops nf_nat_i - { - .hook = ip6table_nat_out, - .pf = NFPROTO_IPV6, -+ .nat_hook = true, - .hooknum = NF_INET_POST_ROUTING, - .priority = NF_IP6_PRI_NAT_SRC, - }, -@@ -88,12 +90,14 @@ static const struct nf_hook_ops nf_nat_i - { - .hook = ip6table_nat_local_fn, - .pf = NFPROTO_IPV6, -+ .nat_hook = true, - .hooknum = NF_INET_LOCAL_OUT, - .priority = NF_IP6_PRI_NAT_DST, - }, - /* After packet filtering, change source */ - { - .hook = ip6table_nat_fn, -+ .nat_hook = true, - .pf = NFPROTO_IPV6, - .hooknum = NF_INET_LOCAL_IN, - .priority = NF_IP6_PRI_NAT_SRC, ---- a/net/netfilter/core.c -+++ b/net/netfilter/core.c -@@ -160,6 +160,12 @@ nf_hook_entries_grow(const struct nf_hoo - ++i; - continue; - } -+ -+ if (reg->nat_hook && orig_ops[i]->nat_hook) { -+ kvfree(new); -+ return ERR_PTR(-EEXIST); -+ } -+ - if (inserted || reg->priority > orig_ops[i]->priority) { - new_ops[nhooks] = (void *)orig_ops[i]; - new->hooks[nhooks] = old->hooks[i]; ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -1431,6 +1431,8 @@ static int nf_tables_addchain(struct nft - ops->hook = hookfn; - if (afi->hook_ops_init) - afi->hook_ops_init(ops, i); -+ if (basechain->type->type == NFT_CHAIN_T_NAT) -+ ops->nat_hook = true; - } - - chain->flags |= NFT_BASE_CHAIN; diff --git a/target/linux/generic/backport-4.19/302-v4.16-netfilter-nf_tables_inet-don-t-use-multihook-infrast.patch b/target/linux/generic/backport-4.19/302-v4.16-netfilter-nf_tables_inet-don-t-use-multihook-infrast.patch deleted file mode 100644 index 17d8b21a0f..0000000000 --- a/target/linux/generic/backport-4.19/302-v4.16-netfilter-nf_tables_inet-don-t-use-multihook-infrast.patch +++ /dev/null @@ -1,161 +0,0 @@ -From: Pablo Neira Ayuso -Date: Sat, 9 Dec 2017 15:36:24 +0100 -Subject: [PATCH] netfilter: nf_tables_inet: don't use multihook infrastructure - anymore - -Use new native NFPROTO_INET support in netfilter core, this gets rid of -ad-hoc code in the nf_tables API codebase. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/net/netfilter/nf_tables_ipv4.h -+++ b/include/net/netfilter/nf_tables_ipv4.h -@@ -53,6 +53,4 @@ static inline void nft_set_pktinfo_ipv4_ - nft_set_pktinfo_unspec(pkt, skb); - } - --extern struct nft_af_info nft_af_ipv4; -- - #endif ---- a/include/net/netfilter/nf_tables_ipv6.h -+++ b/include/net/netfilter/nf_tables_ipv6.h -@@ -69,6 +69,4 @@ static inline void nft_set_pktinfo_ipv6_ - nft_set_pktinfo_unspec(pkt, skb); - } - --extern struct nft_af_info nft_af_ipv6; -- - #endif ---- a/net/ipv4/netfilter/nf_tables_ipv4.c -+++ b/net/ipv4/netfilter/nf_tables_ipv4.c -@@ -45,7 +45,7 @@ static unsigned int nft_ipv4_output(void - return nft_do_chain_ipv4(priv, skb, state); - } - --struct nft_af_info nft_af_ipv4 __read_mostly = { -+static struct nft_af_info nft_af_ipv4 __read_mostly = { - .family = NFPROTO_IPV4, - .nhooks = NF_INET_NUMHOOKS, - .owner = THIS_MODULE, -@@ -58,7 +58,6 @@ struct nft_af_info nft_af_ipv4 __read_mo - [NF_INET_POST_ROUTING] = nft_do_chain_ipv4, - }, - }; --EXPORT_SYMBOL_GPL(nft_af_ipv4); - - static int nf_tables_ipv4_init_net(struct net *net) - { ---- a/net/ipv6/netfilter/nf_tables_ipv6.c -+++ b/net/ipv6/netfilter/nf_tables_ipv6.c -@@ -42,7 +42,7 @@ static unsigned int nft_ipv6_output(void - return nft_do_chain_ipv6(priv, skb, state); - } - --struct nft_af_info nft_af_ipv6 __read_mostly = { -+static struct nft_af_info nft_af_ipv6 __read_mostly = { - .family = NFPROTO_IPV6, - .nhooks = NF_INET_NUMHOOKS, - .owner = THIS_MODULE, -@@ -55,7 +55,6 @@ struct nft_af_info nft_af_ipv6 __read_mo - [NF_INET_POST_ROUTING] = nft_do_chain_ipv6, - }, - }; --EXPORT_SYMBOL_GPL(nft_af_ipv6); - - static int nf_tables_ipv6_init_net(struct net *net) - { ---- a/net/netfilter/nf_tables_inet.c -+++ b/net/netfilter/nf_tables_inet.c -@@ -9,6 +9,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -16,26 +17,71 @@ - #include - #include - --static void nft_inet_hook_ops_init(struct nf_hook_ops *ops, unsigned int n) -+static unsigned int nft_do_chain_inet(void *priv, struct sk_buff *skb, -+ const struct nf_hook_state *state) - { -- struct nft_af_info *afi; -+ struct nft_pktinfo pkt; - -- if (n == 1) -- afi = &nft_af_ipv4; -- else -- afi = &nft_af_ipv6; -- -- ops->pf = afi->family; -- if (afi->hooks[ops->hooknum]) -- ops->hook = afi->hooks[ops->hooknum]; -+ nft_set_pktinfo(&pkt, skb, state); -+ -+ switch (state->pf) { -+ case NFPROTO_IPV4: -+ nft_set_pktinfo_ipv4(&pkt, skb); -+ break; -+ case NFPROTO_IPV6: -+ nft_set_pktinfo_ipv6(&pkt, skb); -+ break; -+ default: -+ break; -+ } -+ -+ return nft_do_chain(&pkt, priv); -+} -+ -+static unsigned int nft_inet_output(void *priv, struct sk_buff *skb, -+ const struct nf_hook_state *state) -+{ -+ struct nft_pktinfo pkt; -+ -+ nft_set_pktinfo(&pkt, skb, state); -+ -+ switch (state->pf) { -+ case NFPROTO_IPV4: -+ if (unlikely(skb->len < sizeof(struct iphdr) || -+ ip_hdr(skb)->ihl < sizeof(struct iphdr) / 4)) { -+ if (net_ratelimit()) -+ pr_info("ignoring short SOCK_RAW packet\n"); -+ return NF_ACCEPT; -+ } -+ nft_set_pktinfo_ipv4(&pkt, skb); -+ break; -+ case NFPROTO_IPV6: -+ if (unlikely(skb->len < sizeof(struct ipv6hdr))) { -+ if (net_ratelimit()) -+ pr_info("ignoring short SOCK_RAW packet\n"); -+ return NF_ACCEPT; -+ } -+ nft_set_pktinfo_ipv6(&pkt, skb); -+ break; -+ default: -+ break; -+ } -+ -+ return nft_do_chain(&pkt, priv); - } - - static struct nft_af_info nft_af_inet __read_mostly = { - .family = NFPROTO_INET, - .nhooks = NF_INET_NUMHOOKS, - .owner = THIS_MODULE, -- .nops = 2, -- .hook_ops_init = nft_inet_hook_ops_init, -+ .nops = 1, -+ .hooks = { -+ [NF_INET_LOCAL_IN] = nft_do_chain_inet, -+ [NF_INET_LOCAL_OUT] = nft_inet_output, -+ [NF_INET_FORWARD] = nft_do_chain_inet, -+ [NF_INET_PRE_ROUTING] = nft_do_chain_inet, -+ [NF_INET_POST_ROUTING] = nft_do_chain_inet, -+ }, - }; - - static int __net_init nf_tables_inet_init_net(struct net *net) diff --git a/target/linux/generic/backport-4.19/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch b/target/linux/generic/backport-4.19/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch deleted file mode 100644 index 0db6262fd9..0000000000 --- a/target/linux/generic/backport-4.19/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch +++ /dev/null @@ -1,390 +0,0 @@ -From: Pablo Neira Ayuso -Date: Sat, 9 Dec 2017 15:40:25 +0100 -Subject: [PATCH] netfilter: nf_tables: remove multihook chains and families - -Since NFPROTO_INET is handled from the core, we don't need to maintain -extra infrastructure in nf_tables to handle the double hook -registration, one for IPv4 and another for IPv6. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/net/netfilter/nf_tables.h -+++ b/include/net/netfilter/nf_tables.h -@@ -897,8 +897,6 @@ struct nft_stats { - struct u64_stats_sync syncp; - }; - --#define NFT_HOOK_OPS_MAX 2 -- - /** - * struct nft_base_chain - nf_tables base chain - * -@@ -910,7 +908,7 @@ struct nft_stats { - * @dev_name: device name that this base chain is attached to (if any) - */ - struct nft_base_chain { -- struct nf_hook_ops ops[NFT_HOOK_OPS_MAX]; -+ struct nf_hook_ops ops; - const struct nf_chain_type *type; - u8 policy; - u8 flags; -@@ -971,8 +969,6 @@ enum nft_af_flags { - * @owner: module owner - * @tables: used internally - * @flags: family flags -- * @nops: number of hook ops in this family -- * @hook_ops_init: initialization function for chain hook ops - * @hooks: hookfn overrides for packet validation - */ - struct nft_af_info { -@@ -982,9 +978,6 @@ struct nft_af_info { - struct module *owner; - struct list_head tables; - u32 flags; -- unsigned int nops; -- void (*hook_ops_init)(struct nf_hook_ops *, -- unsigned int); - nf_hookfn *hooks[NF_MAX_HOOKS]; - }; - ---- a/net/bridge/netfilter/nf_tables_bridge.c -+++ b/net/bridge/netfilter/nf_tables_bridge.c -@@ -46,7 +46,6 @@ static struct nft_af_info nft_af_bridge - .family = NFPROTO_BRIDGE, - .nhooks = NF_BR_NUMHOOKS, - .owner = THIS_MODULE, -- .nops = 1, - .hooks = { - [NF_BR_PRE_ROUTING] = nft_do_chain_bridge, - [NF_BR_LOCAL_IN] = nft_do_chain_bridge, ---- a/net/ipv4/netfilter/nf_tables_arp.c -+++ b/net/ipv4/netfilter/nf_tables_arp.c -@@ -31,7 +31,6 @@ static struct nft_af_info nft_af_arp __r - .family = NFPROTO_ARP, - .nhooks = NF_ARP_NUMHOOKS, - .owner = THIS_MODULE, -- .nops = 1, - .hooks = { - [NF_ARP_IN] = nft_do_chain_arp, - [NF_ARP_OUT] = nft_do_chain_arp, ---- a/net/ipv4/netfilter/nf_tables_ipv4.c -+++ b/net/ipv4/netfilter/nf_tables_ipv4.c -@@ -49,7 +49,6 @@ static struct nft_af_info nft_af_ipv4 __ - .family = NFPROTO_IPV4, - .nhooks = NF_INET_NUMHOOKS, - .owner = THIS_MODULE, -- .nops = 1, - .hooks = { - [NF_INET_LOCAL_IN] = nft_do_chain_ipv4, - [NF_INET_LOCAL_OUT] = nft_ipv4_output, ---- a/net/ipv6/netfilter/nf_tables_ipv6.c -+++ b/net/ipv6/netfilter/nf_tables_ipv6.c -@@ -46,7 +46,6 @@ static struct nft_af_info nft_af_ipv6 __ - .family = NFPROTO_IPV6, - .nhooks = NF_INET_NUMHOOKS, - .owner = THIS_MODULE, -- .nops = 1, - .hooks = { - [NF_INET_LOCAL_IN] = nft_do_chain_ipv6, - [NF_INET_LOCAL_OUT] = nft_ipv6_output, ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -139,29 +139,26 @@ static void nft_trans_destroy(struct nft - kfree(trans); - } - --static int nf_tables_register_hooks(struct net *net, -- const struct nft_table *table, -- struct nft_chain *chain, -- unsigned int hook_nops) -+static int nf_tables_register_hook(struct net *net, -+ const struct nft_table *table, -+ struct nft_chain *chain) - { - if (table->flags & NFT_TABLE_F_DORMANT || - !nft_is_base_chain(chain)) - return 0; - -- return nf_register_net_hooks(net, nft_base_chain(chain)->ops, -- hook_nops); -+ return nf_register_net_hook(net, &nft_base_chain(chain)->ops); - } - --static void nf_tables_unregister_hooks(struct net *net, -- const struct nft_table *table, -- struct nft_chain *chain, -- unsigned int hook_nops) -+static void nf_tables_unregister_hook(struct net *net, -+ const struct nft_table *table, -+ struct nft_chain *chain) - { - if (table->flags & NFT_TABLE_F_DORMANT || - !nft_is_base_chain(chain)) - return; - -- nf_unregister_net_hooks(net, nft_base_chain(chain)->ops, hook_nops); -+ nf_unregister_net_hook(net, &nft_base_chain(chain)->ops); - } - - static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type) -@@ -624,8 +621,7 @@ static void _nf_tables_table_disable(str - if (cnt && i++ == cnt) - break; - -- nf_unregister_net_hooks(net, nft_base_chain(chain)->ops, -- afi->nops); -+ nf_unregister_net_hook(net, &nft_base_chain(chain)->ops); - } - } - -@@ -642,8 +638,7 @@ static int nf_tables_table_enable(struct - if (!nft_is_base_chain(chain)) - continue; - -- err = nf_register_net_hooks(net, nft_base_chain(chain)->ops, -- afi->nops); -+ err = nf_register_net_hook(net, &nft_base_chain(chain)->ops); - if (err < 0) - goto err; - -@@ -1055,7 +1050,7 @@ static int nf_tables_fill_chain_info(str - - if (nft_is_base_chain(chain)) { - const struct nft_base_chain *basechain = nft_base_chain(chain); -- const struct nf_hook_ops *ops = &basechain->ops[0]; -+ const struct nf_hook_ops *ops = &basechain->ops; - struct nlattr *nest; - - nest = nla_nest_start(skb, NFTA_CHAIN_HOOK); -@@ -1283,8 +1278,8 @@ static void nf_tables_chain_destroy(stru - free_percpu(basechain->stats); - if (basechain->stats) - static_branch_dec(&nft_counters_enabled); -- if (basechain->ops[0].dev != NULL) -- dev_put(basechain->ops[0].dev); -+ if (basechain->ops.dev != NULL) -+ dev_put(basechain->ops.dev); - kfree(chain->name); - kfree(basechain); - } else { -@@ -1380,7 +1375,6 @@ static int nf_tables_addchain(struct nft - struct nft_stats __percpu *stats; - struct net *net = ctx->net; - struct nft_chain *chain; -- unsigned int i; - int err; - - if (table->use == UINT_MAX) -@@ -1419,21 +1413,18 @@ static int nf_tables_addchain(struct nft - basechain->type = hook.type; - chain = &basechain->chain; - -- for (i = 0; i < afi->nops; i++) { -- ops = &basechain->ops[i]; -- ops->pf = family; -- ops->hooknum = hook.num; -- ops->priority = hook.priority; -- ops->priv = chain; -- ops->hook = afi->hooks[ops->hooknum]; -- ops->dev = hook.dev; -- if (hookfn) -- ops->hook = hookfn; -- if (afi->hook_ops_init) -- afi->hook_ops_init(ops, i); -- if (basechain->type->type == NFT_CHAIN_T_NAT) -- ops->nat_hook = true; -- } -+ ops = &basechain->ops; -+ ops->pf = family; -+ ops->hooknum = hook.num; -+ ops->priority = hook.priority; -+ ops->priv = chain; -+ ops->hook = afi->hooks[ops->hooknum]; -+ ops->dev = hook.dev; -+ if (hookfn) -+ ops->hook = hookfn; -+ -+ if (basechain->type->type == NFT_CHAIN_T_NAT) -+ ops->nat_hook = true; - - chain->flags |= NFT_BASE_CHAIN; - basechain->policy = policy; -@@ -1451,7 +1442,7 @@ static int nf_tables_addchain(struct nft - goto err1; - } - -- err = nf_tables_register_hooks(net, table, chain, afi->nops); -+ err = nf_tables_register_hook(net, table, chain); - if (err < 0) - goto err1; - -@@ -1465,7 +1456,7 @@ static int nf_tables_addchain(struct nft - - return 0; - err2: -- nf_tables_unregister_hooks(net, table, chain, afi->nops); -+ nf_tables_unregister_hook(net, table, chain); - err1: - nf_tables_chain_destroy(chain); - -@@ -1478,13 +1469,12 @@ static int nf_tables_updchain(struct nft - const struct nlattr * const *nla = ctx->nla; - struct nft_table *table = ctx->table; - struct nft_chain *chain = ctx->chain; -- struct nft_af_info *afi = ctx->afi; - struct nft_base_chain *basechain; - struct nft_stats *stats = NULL; - struct nft_chain_hook hook; - struct nf_hook_ops *ops; - struct nft_trans *trans; -- int err, i; -+ int err; - - if (nla[NFTA_CHAIN_HOOK]) { - if (!nft_is_base_chain(chain)) -@@ -1501,14 +1491,12 @@ static int nf_tables_updchain(struct nft - return -EBUSY; - } - -- for (i = 0; i < afi->nops; i++) { -- ops = &basechain->ops[i]; -- if (ops->hooknum != hook.num || -- ops->priority != hook.priority || -- ops->dev != hook.dev) { -- nft_chain_release_hook(&hook); -- return -EBUSY; -- } -+ ops = &basechain->ops; -+ if (ops->hooknum != hook.num || -+ ops->priority != hook.priority || -+ ops->dev != hook.dev) { -+ nft_chain_release_hook(&hook); -+ return -EBUSY; - } - nft_chain_release_hook(&hook); - } -@@ -5135,10 +5123,9 @@ static int nf_tables_commit(struct net * - case NFT_MSG_DELCHAIN: - list_del_rcu(&trans->ctx.chain->list); - nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN); -- nf_tables_unregister_hooks(trans->ctx.net, -- trans->ctx.table, -- trans->ctx.chain, -- trans->ctx.afi->nops); -+ nf_tables_unregister_hook(trans->ctx.net, -+ trans->ctx.table, -+ trans->ctx.chain); - break; - case NFT_MSG_NEWRULE: - nft_clear(trans->ctx.net, nft_trans_rule(trans)); -@@ -5275,10 +5262,9 @@ static int nf_tables_abort(struct net *n - } else { - trans->ctx.table->use--; - list_del_rcu(&trans->ctx.chain->list); -- nf_tables_unregister_hooks(trans->ctx.net, -- trans->ctx.table, -- trans->ctx.chain, -- trans->ctx.afi->nops); -+ nf_tables_unregister_hook(trans->ctx.net, -+ trans->ctx.table, -+ trans->ctx.chain); - } - break; - case NFT_MSG_DELCHAIN: -@@ -5381,7 +5367,7 @@ int nft_chain_validate_hooks(const struc - if (nft_is_base_chain(chain)) { - basechain = nft_base_chain(chain); - -- if ((1 << basechain->ops[0].hooknum) & hook_flags) -+ if ((1 << basechain->ops.hooknum) & hook_flags) - return 0; - - return -EOPNOTSUPP; -@@ -5863,8 +5849,7 @@ int __nft_release_basechain(struct nft_c - - BUG_ON(!nft_is_base_chain(ctx->chain)); - -- nf_tables_unregister_hooks(ctx->net, ctx->chain->table, ctx->chain, -- ctx->afi->nops); -+ nf_tables_unregister_hook(ctx->net, ctx->chain->table, ctx->chain); - list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) { - list_del(&rule->list); - ctx->chain->use--; -@@ -5893,8 +5878,7 @@ static void __nft_release_afinfo(struct - - list_for_each_entry_safe(table, nt, &afi->tables, list) { - list_for_each_entry(chain, &table->chains, list) -- nf_tables_unregister_hooks(net, table, chain, -- afi->nops); -+ nf_tables_unregister_hook(net, table, chain); - /* No packets are walking on these chains anymore. */ - ctx.table = table; - list_for_each_entry(chain, &table->chains, list) { ---- a/net/netfilter/nf_tables_inet.c -+++ b/net/netfilter/nf_tables_inet.c -@@ -74,7 +74,6 @@ static struct nft_af_info nft_af_inet __ - .family = NFPROTO_INET, - .nhooks = NF_INET_NUMHOOKS, - .owner = THIS_MODULE, -- .nops = 1, - .hooks = { - [NF_INET_LOCAL_IN] = nft_do_chain_inet, - [NF_INET_LOCAL_OUT] = nft_inet_output, ---- a/net/netfilter/nf_tables_netdev.c -+++ b/net/netfilter/nf_tables_netdev.c -@@ -43,7 +43,6 @@ static struct nft_af_info nft_af_netdev - .nhooks = NF_NETDEV_NUMHOOKS, - .owner = THIS_MODULE, - .flags = NFT_AF_NEEDS_DEV, -- .nops = 1, - .hooks = { - [NF_NETDEV_INGRESS] = nft_do_chain_netdev, - }, -@@ -98,7 +97,7 @@ static void nft_netdev_event(unsigned lo - __nft_release_basechain(ctx); - break; - case NETDEV_CHANGENAME: -- if (dev->ifindex != basechain->ops[0].dev->ifindex) -+ if (dev->ifindex != basechain->ops.dev->ifindex) - return; - - strncpy(basechain->dev_name, dev->name, IFNAMSIZ); ---- a/net/netfilter/nft_compat.c -+++ b/net/netfilter/nft_compat.c -@@ -186,7 +186,7 @@ nft_target_set_tgchk_param(struct xt_tgc - if (nft_is_base_chain(ctx->chain)) { - const struct nft_base_chain *basechain = - nft_base_chain(ctx->chain); -- const struct nf_hook_ops *ops = &basechain->ops[0]; -+ const struct nf_hook_ops *ops = &basechain->ops; - - par->hook_mask = 1 << ops->hooknum; - } else { -@@ -317,7 +317,7 @@ static int nft_target_validate(const str - if (nft_is_base_chain(ctx->chain)) { - const struct nft_base_chain *basechain = - nft_base_chain(ctx->chain); -- const struct nf_hook_ops *ops = &basechain->ops[0]; -+ const struct nf_hook_ops *ops = &basechain->ops; - - hook_mask = 1 << ops->hooknum; - if (target->hooks && !(hook_mask & target->hooks)) -@@ -414,7 +414,7 @@ nft_match_set_mtchk_param(struct xt_mtch - if (nft_is_base_chain(ctx->chain)) { - const struct nft_base_chain *basechain = - nft_base_chain(ctx->chain); -- const struct nf_hook_ops *ops = &basechain->ops[0]; -+ const struct nf_hook_ops *ops = &basechain->ops; - - par->hook_mask = 1 << ops->hooknum; - } else { -@@ -564,7 +564,7 @@ static int nft_match_validate(const stru - if (nft_is_base_chain(ctx->chain)) { - const struct nft_base_chain *basechain = - nft_base_chain(ctx->chain); -- const struct nf_hook_ops *ops = &basechain->ops[0]; -+ const struct nf_hook_ops *ops = &basechain->ops; - - hook_mask = 1 << ops->hooknum; - if (match->hooks && !(hook_mask & match->hooks)) diff --git a/target/linux/generic/backport-4.19/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch b/target/linux/generic/backport-4.19/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch deleted file mode 100644 index 458ddd4172..0000000000 --- a/target/linux/generic/backport-4.19/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch +++ /dev/null @@ -1,171 +0,0 @@ -From: Pablo Neira Ayuso -Date: Mon, 27 Nov 2017 21:55:14 +0100 -Subject: [PATCH] netfilter: move checksum indirection to struct nf_ipv6_ops - -We cannot make a direct call to nf_ip6_checksum() because that would -result in autoloading the 'ipv6' module because of symbol dependencies. -Therefore, define checksum indirection in nf_ipv6_ops where this really -belongs to. - -For IPv4, we can indeed make a direct function call, which is faster, -given IPv4 is built-in in the networking code by default. Still, -CONFIG_INET=n and CONFIG_NETFILTER=y is possible, so define empty inline -stub for IPv4 in such case. - -Signed-off-by: Pablo Neira Ayuso ---- - create mode 100644 net/netfilter/utils.c - ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -311,8 +311,6 @@ struct nf_queue_entry; - - struct nf_afinfo { - unsigned short family; -- __sum16 (*checksum)(struct sk_buff *skb, unsigned int hook, -- unsigned int dataoff, u_int8_t protocol); - __sum16 (*checksum_partial)(struct sk_buff *skb, - unsigned int hook, - unsigned int dataoff, -@@ -333,20 +331,9 @@ static inline const struct nf_afinfo *nf - return rcu_dereference(nf_afinfo[family]); - } - --static inline __sum16 --nf_checksum(struct sk_buff *skb, unsigned int hook, unsigned int dataoff, -- u_int8_t protocol, unsigned short family) --{ -- const struct nf_afinfo *afinfo; -- __sum16 csum = 0; -- -- rcu_read_lock(); -- afinfo = nf_get_afinfo(family); -- if (afinfo) -- csum = afinfo->checksum(skb, hook, dataoff, protocol); -- rcu_read_unlock(); -- return csum; --} -+__sum16 nf_checksum(struct sk_buff *skb, unsigned int hook, -+ unsigned int dataoff, u_int8_t protocol, -+ unsigned short family); - - static inline __sum16 - nf_checksum_partial(struct sk_buff *skb, unsigned int hook, ---- a/include/linux/netfilter_ipv4.h -+++ b/include/linux/netfilter_ipv4.h -@@ -7,6 +7,16 @@ - #include - - int ip_route_me_harder(struct net *net, struct sk_buff *skb, unsigned addr_type); -+ -+#ifdef CONFIG_INET - __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, - unsigned int dataoff, u_int8_t protocol); -+#else -+static inline __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, -+ unsigned int dataoff, u_int8_t protocol) -+{ -+ return 0; -+} -+#endif /* CONFIG_INET */ -+ - #endif /*__LINUX_IP_NETFILTER_H*/ ---- a/include/linux/netfilter_ipv6.h -+++ b/include/linux/netfilter_ipv6.h -@@ -19,6 +19,8 @@ struct nf_ipv6_ops { - void (*route_input)(struct sk_buff *skb); - int (*fragment)(struct net *net, struct sock *sk, struct sk_buff *skb, - int (*output)(struct net *, struct sock *, struct sk_buff *)); -+ __sum16 (*checksum)(struct sk_buff *skb, unsigned int hook, -+ unsigned int dataoff, u_int8_t protocol); - }; - - #ifdef CONFIG_NETFILTER ---- a/net/bridge/netfilter/nf_tables_bridge.c -+++ b/net/bridge/netfilter/nf_tables_bridge.c -@@ -106,12 +106,6 @@ static int nf_br_reroute(struct net *net - return 0; - } - --static __sum16 nf_br_checksum(struct sk_buff *skb, unsigned int hook, -- unsigned int dataoff, u_int8_t protocol) --{ -- return 0; --} -- - static __sum16 nf_br_checksum_partial(struct sk_buff *skb, unsigned int hook, - unsigned int dataoff, unsigned int len, - u_int8_t protocol) -@@ -127,7 +121,6 @@ static int nf_br_route(struct net *net, - - static const struct nf_afinfo nf_br_afinfo = { - .family = AF_BRIDGE, -- .checksum = nf_br_checksum, - .checksum_partial = nf_br_checksum_partial, - .route = nf_br_route, - .saveroute = nf_br_saveroute, ---- a/net/ipv4/netfilter.c -+++ b/net/ipv4/netfilter.c -@@ -188,7 +188,6 @@ static int nf_ip_route(struct net *net, - - static const struct nf_afinfo nf_ip_afinfo = { - .family = AF_INET, -- .checksum = nf_ip_checksum, - .checksum_partial = nf_ip_checksum_partial, - .route = nf_ip_route, - .saveroute = nf_ip_saveroute, ---- a/net/ipv6/netfilter.c -+++ b/net/ipv6/netfilter.c -@@ -193,12 +193,12 @@ static __sum16 nf_ip6_checksum_partial(s - static const struct nf_ipv6_ops ipv6ops = { - .chk_addr = ipv6_chk_addr, - .route_input = ip6_route_input, -- .fragment = ip6_fragment -+ .fragment = ip6_fragment, -+ .checksum = nf_ip6_checksum, - }; - - static const struct nf_afinfo nf_ip6_afinfo = { - .family = AF_INET6, -- .checksum = nf_ip6_checksum, - .checksum_partial = nf_ip6_checksum_partial, - .route = nf_ip6_route, - .saveroute = nf_ip6_saveroute, ---- a/net/netfilter/Makefile -+++ b/net/netfilter/Makefile -@@ -1,5 +1,5 @@ - # SPDX-License-Identifier: GPL-2.0 --netfilter-objs := core.o nf_log.o nf_queue.o nf_sockopt.o -+netfilter-objs := core.o nf_log.o nf_queue.o nf_sockopt.o utils.o - - nf_conntrack-y := nf_conntrack_core.o nf_conntrack_standalone.o nf_conntrack_expect.o nf_conntrack_helper.o nf_conntrack_proto.o nf_conntrack_l3proto_generic.o nf_conntrack_proto_generic.o nf_conntrack_proto_tcp.o nf_conntrack_proto_udp.o nf_conntrack_extend.o nf_conntrack_acct.o nf_conntrack_seqadj.o - nf_conntrack-$(CONFIG_NF_CONNTRACK_TIMEOUT) += nf_conntrack_timeout.o ---- /dev/null -+++ b/net/netfilter/utils.c -@@ -0,0 +1,26 @@ -+#include -+#include -+#include -+#include -+ -+__sum16 nf_checksum(struct sk_buff *skb, unsigned int hook, -+ unsigned int dataoff, u_int8_t protocol, -+ unsigned short family) -+{ -+ const struct nf_ipv6_ops *v6ops; -+ __sum16 csum = 0; -+ -+ switch (family) { -+ case AF_INET: -+ csum = nf_ip_checksum(skb, hook, dataoff, protocol); -+ break; -+ case AF_INET6: -+ v6ops = rcu_dereference(nf_ipv6_ops); -+ if (v6ops) -+ csum = v6ops->checksum(skb, hook, dataoff, protocol); -+ break; -+ } -+ -+ return csum; -+} -+EXPORT_SYMBOL_GPL(nf_checksum); diff --git a/target/linux/generic/backport-4.19/305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch b/target/linux/generic/backport-4.19/305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch deleted file mode 100644 index 19a0aacb45..0000000000 --- a/target/linux/generic/backport-4.19/305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch +++ /dev/null @@ -1,204 +0,0 @@ -From: Pablo Neira Ayuso -Date: Wed, 20 Dec 2017 16:04:18 +0100 -Subject: [PATCH] netfilter: move checksum_partial indirection to struct - nf_ipv6_ops - -We cannot make a direct call to nf_ip6_checksum_partial() because that -would result in autoloading the 'ipv6' module because of symbol -dependencies. Therefore, define checksum_partial indirection in -nf_ipv6_ops where this really belongs to. - -For IPv4, we can indeed make a direct function call, which is faster, -given IPv4 is built-in in the networking code by default. Still, -CONFIG_INET=n and CONFIG_NETFILTER=y is possible, so define empty inline -stub for IPv4 in such case. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -311,11 +311,6 @@ struct nf_queue_entry; - - struct nf_afinfo { - unsigned short family; -- __sum16 (*checksum_partial)(struct sk_buff *skb, -- unsigned int hook, -- unsigned int dataoff, -- unsigned int len, -- u_int8_t protocol); - int (*route)(struct net *net, struct dst_entry **dst, - struct flowi *fl, bool strict); - void (*saveroute)(const struct sk_buff *skb, -@@ -335,22 +330,9 @@ __sum16 nf_checksum(struct sk_buff *skb, - unsigned int dataoff, u_int8_t protocol, - unsigned short family); - --static inline __sum16 --nf_checksum_partial(struct sk_buff *skb, unsigned int hook, -- unsigned int dataoff, unsigned int len, -- u_int8_t protocol, unsigned short family) --{ -- const struct nf_afinfo *afinfo; -- __sum16 csum = 0; -- -- rcu_read_lock(); -- afinfo = nf_get_afinfo(family); -- if (afinfo) -- csum = afinfo->checksum_partial(skb, hook, dataoff, len, -- protocol); -- rcu_read_unlock(); -- return csum; --} -+__sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook, -+ unsigned int dataoff, unsigned int len, -+ u_int8_t protocol, unsigned short family); - - int nf_register_afinfo(const struct nf_afinfo *afinfo); - void nf_unregister_afinfo(const struct nf_afinfo *afinfo); ---- a/include/linux/netfilter_ipv4.h -+++ b/include/linux/netfilter_ipv4.h -@@ -11,12 +11,23 @@ int ip_route_me_harder(struct net *net, - #ifdef CONFIG_INET - __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, - unsigned int dataoff, u_int8_t protocol); -+__sum16 nf_ip_checksum_partial(struct sk_buff *skb, unsigned int hook, -+ unsigned int dataoff, unsigned int len, -+ u_int8_t protocol); - #else - static inline __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, - unsigned int dataoff, u_int8_t protocol) - { - return 0; - } -+static inline __sum16 nf_ip_checksum_partial(struct sk_buff *skb, -+ unsigned int hook, -+ unsigned int dataoff, -+ unsigned int len, -+ u_int8_t protocol) -+{ -+ return 0; -+} - #endif /* CONFIG_INET */ - - #endif /*__LINUX_IP_NETFILTER_H*/ ---- a/include/linux/netfilter_ipv6.h -+++ b/include/linux/netfilter_ipv6.h -@@ -21,6 +21,9 @@ struct nf_ipv6_ops { - int (*output)(struct net *, struct sock *, struct sk_buff *)); - __sum16 (*checksum)(struct sk_buff *skb, unsigned int hook, - unsigned int dataoff, u_int8_t protocol); -+ __sum16 (*checksum_partial)(struct sk_buff *skb, unsigned int hook, -+ unsigned int dataoff, unsigned int len, -+ u_int8_t protocol); - }; - - #ifdef CONFIG_NETFILTER ---- a/net/bridge/netfilter/nf_tables_bridge.c -+++ b/net/bridge/netfilter/nf_tables_bridge.c -@@ -106,13 +106,6 @@ static int nf_br_reroute(struct net *net - return 0; - } - --static __sum16 nf_br_checksum_partial(struct sk_buff *skb, unsigned int hook, -- unsigned int dataoff, unsigned int len, -- u_int8_t protocol) --{ -- return 0; --} -- - static int nf_br_route(struct net *net, struct dst_entry **dst, - struct flowi *fl, bool strict __always_unused) - { -@@ -121,7 +114,6 @@ static int nf_br_route(struct net *net, - - static const struct nf_afinfo nf_br_afinfo = { - .family = AF_BRIDGE, -- .checksum_partial = nf_br_checksum_partial, - .route = nf_br_route, - .saveroute = nf_br_saveroute, - .reroute = nf_br_reroute, ---- a/net/ipv4/netfilter.c -+++ b/net/ipv4/netfilter.c -@@ -155,9 +155,9 @@ __sum16 nf_ip_checksum(struct sk_buff *s - } - EXPORT_SYMBOL(nf_ip_checksum); - --static __sum16 nf_ip_checksum_partial(struct sk_buff *skb, unsigned int hook, -- unsigned int dataoff, unsigned int len, -- u_int8_t protocol) -+__sum16 nf_ip_checksum_partial(struct sk_buff *skb, unsigned int hook, -+ unsigned int dataoff, unsigned int len, -+ u_int8_t protocol) - { - const struct iphdr *iph = ip_hdr(skb); - __sum16 csum = 0; -@@ -175,6 +175,7 @@ static __sum16 nf_ip_checksum_partial(st - } - return csum; - } -+EXPORT_SYMBOL_GPL(nf_ip_checksum_partial); - - static int nf_ip_route(struct net *net, struct dst_entry **dst, - struct flowi *fl, bool strict __always_unused) -@@ -188,7 +189,6 @@ static int nf_ip_route(struct net *net, - - static const struct nf_afinfo nf_ip_afinfo = { - .family = AF_INET, -- .checksum_partial = nf_ip_checksum_partial, - .route = nf_ip_route, - .saveroute = nf_ip_saveroute, - .reroute = nf_ip_reroute, ---- a/net/ipv6/netfilter.c -+++ b/net/ipv6/netfilter.c -@@ -191,15 +191,15 @@ static __sum16 nf_ip6_checksum_partial(s - }; - - static const struct nf_ipv6_ops ipv6ops = { -- .chk_addr = ipv6_chk_addr, -- .route_input = ip6_route_input, -- .fragment = ip6_fragment, -- .checksum = nf_ip6_checksum, -+ .chk_addr = ipv6_chk_addr, -+ .route_input = ip6_route_input, -+ .fragment = ip6_fragment, -+ .checksum = nf_ip6_checksum, -+ .checksum_partial = nf_ip6_checksum_partial, - }; - - static const struct nf_afinfo nf_ip6_afinfo = { - .family = AF_INET6, -- .checksum_partial = nf_ip6_checksum_partial, - .route = nf_ip6_route, - .saveroute = nf_ip6_saveroute, - .reroute = nf_ip6_reroute, ---- a/net/netfilter/utils.c -+++ b/net/netfilter/utils.c -@@ -24,3 +24,27 @@ __sum16 nf_checksum(struct sk_buff *skb, - return csum; - } - EXPORT_SYMBOL_GPL(nf_checksum); -+ -+__sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook, -+ unsigned int dataoff, unsigned int len, -+ u_int8_t protocol, unsigned short family) -+{ -+ const struct nf_ipv6_ops *v6ops; -+ __sum16 csum = 0; -+ -+ switch (family) { -+ case AF_INET: -+ csum = nf_ip_checksum_partial(skb, hook, dataoff, len, -+ protocol); -+ break; -+ case AF_INET6: -+ v6ops = rcu_dereference(nf_ipv6_ops); -+ if (v6ops) -+ csum = v6ops->checksum_partial(skb, hook, dataoff, len, -+ protocol); -+ break; -+ } -+ -+ return csum; -+} -+EXPORT_SYMBOL_GPL(nf_checksum_partial); diff --git a/target/linux/generic/backport-4.19/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch b/target/linux/generic/backport-4.19/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch deleted file mode 100644 index 75de3c84fe..0000000000 --- a/target/linux/generic/backport-4.19/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch +++ /dev/null @@ -1,232 +0,0 @@ -From: Pablo Neira Ayuso -Date: Wed, 20 Dec 2017 16:12:55 +0100 -Subject: [PATCH] netfilter: remove saveroute indirection in struct nf_afinfo - -This is only used by nf_queue.c and this function comes with no symbol -dependencies with IPv6, it just refers to structure layouts. Therefore, -we can replace it by a direct function call from where it belongs. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -313,8 +313,6 @@ struct nf_afinfo { - unsigned short family; - int (*route)(struct net *net, struct dst_entry **dst, - struct flowi *fl, bool strict); -- void (*saveroute)(const struct sk_buff *skb, -- struct nf_queue_entry *entry); - int (*reroute)(struct net *net, struct sk_buff *skb, - const struct nf_queue_entry *entry); - int route_key_size; ---- a/include/linux/netfilter_ipv4.h -+++ b/include/linux/netfilter_ipv4.h -@@ -6,6 +6,16 @@ - - #include - -+/* Extra routing may needed on local out, as the QUEUE target never returns -+ * control to the table. -+ */ -+struct ip_rt_info { -+ __be32 daddr; -+ __be32 saddr; -+ u_int8_t tos; -+ u_int32_t mark; -+}; -+ - int ip_route_me_harder(struct net *net, struct sk_buff *skb, unsigned addr_type); - - #ifdef CONFIG_INET ---- a/include/linux/netfilter_ipv6.h -+++ b/include/linux/netfilter_ipv6.h -@@ -9,6 +9,15 @@ - - #include - -+/* Extra routing may needed on local out, as the QUEUE target never returns -+ * control to the table. -+ */ -+struct ip6_rt_info { -+ struct in6_addr daddr; -+ struct in6_addr saddr; -+ u_int32_t mark; -+}; -+ - /* - * Hook functions for ipv6 to allow xt_* modules to be built-in even - * if IPv6 is a module. ---- a/net/bridge/netfilter/nf_tables_bridge.c -+++ b/net/bridge/netfilter/nf_tables_bridge.c -@@ -95,11 +95,6 @@ static const struct nf_chain_type filter - (1 << NF_BR_POST_ROUTING), - }; - --static void nf_br_saveroute(const struct sk_buff *skb, -- struct nf_queue_entry *entry) --{ --} -- - static int nf_br_reroute(struct net *net, struct sk_buff *skb, - const struct nf_queue_entry *entry) - { -@@ -115,7 +110,6 @@ static int nf_br_route(struct net *net, - static const struct nf_afinfo nf_br_afinfo = { - .family = AF_BRIDGE, - .route = nf_br_route, -- .saveroute = nf_br_saveroute, - .reroute = nf_br_reroute, - .route_key_size = 0, - }; ---- a/net/ipv4/netfilter.c -+++ b/net/ipv4/netfilter.c -@@ -80,33 +80,6 @@ int ip_route_me_harder(struct net *net, - } - EXPORT_SYMBOL(ip_route_me_harder); - --/* -- * Extra routing may needed on local out, as the QUEUE target never -- * returns control to the table. -- */ -- --struct ip_rt_info { -- __be32 daddr; -- __be32 saddr; -- u_int8_t tos; -- u_int32_t mark; --}; -- --static void nf_ip_saveroute(const struct sk_buff *skb, -- struct nf_queue_entry *entry) --{ -- struct ip_rt_info *rt_info = nf_queue_entry_reroute(entry); -- -- if (entry->state.hook == NF_INET_LOCAL_OUT) { -- const struct iphdr *iph = ip_hdr(skb); -- -- rt_info->tos = iph->tos; -- rt_info->daddr = iph->daddr; -- rt_info->saddr = iph->saddr; -- rt_info->mark = skb->mark; -- } --} -- - static int nf_ip_reroute(struct net *net, struct sk_buff *skb, - const struct nf_queue_entry *entry) - { -@@ -190,7 +163,6 @@ static int nf_ip_route(struct net *net, - static const struct nf_afinfo nf_ip_afinfo = { - .family = AF_INET, - .route = nf_ip_route, -- .saveroute = nf_ip_saveroute, - .reroute = nf_ip_reroute, - .route_key_size = sizeof(struct ip_rt_info), - }; ---- a/net/ipv6/netfilter.c -+++ b/net/ipv6/netfilter.c -@@ -69,31 +69,6 @@ int ip6_route_me_harder(struct net *net, - } - EXPORT_SYMBOL(ip6_route_me_harder); - --/* -- * Extra routing may needed on local out, as the QUEUE target never -- * returns control to the table. -- */ -- --struct ip6_rt_info { -- struct in6_addr daddr; -- struct in6_addr saddr; -- u_int32_t mark; --}; -- --static void nf_ip6_saveroute(const struct sk_buff *skb, -- struct nf_queue_entry *entry) --{ -- struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry); -- -- if (entry->state.hook == NF_INET_LOCAL_OUT) { -- const struct ipv6hdr *iph = ipv6_hdr(skb); -- -- rt_info->daddr = iph->daddr; -- rt_info->saddr = iph->saddr; -- rt_info->mark = skb->mark; -- } --} -- - static int nf_ip6_reroute(struct net *net, struct sk_buff *skb, - const struct nf_queue_entry *entry) - { -@@ -201,7 +176,6 @@ static const struct nf_ipv6_ops ipv6ops - static const struct nf_afinfo nf_ip6_afinfo = { - .family = AF_INET6, - .route = nf_ip6_route, -- .saveroute = nf_ip6_saveroute, - .reroute = nf_ip6_reroute, - .route_key_size = sizeof(struct ip6_rt_info), - }; ---- a/net/netfilter/nf_queue.c -+++ b/net/netfilter/nf_queue.c -@@ -10,6 +10,8 @@ - #include - #include - #include -+#include -+#include - #include - #include - #include -@@ -108,6 +110,35 @@ void nf_queue_nf_hook_drop(struct net *n - } - EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop); - -+static void nf_ip_saveroute(const struct sk_buff *skb, -+ struct nf_queue_entry *entry) -+{ -+ struct ip_rt_info *rt_info = nf_queue_entry_reroute(entry); -+ -+ if (entry->state.hook == NF_INET_LOCAL_OUT) { -+ const struct iphdr *iph = ip_hdr(skb); -+ -+ rt_info->tos = iph->tos; -+ rt_info->daddr = iph->daddr; -+ rt_info->saddr = iph->saddr; -+ rt_info->mark = skb->mark; -+ } -+} -+ -+static void nf_ip6_saveroute(const struct sk_buff *skb, -+ struct nf_queue_entry *entry) -+{ -+ struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry); -+ -+ if (entry->state.hook == NF_INET_LOCAL_OUT) { -+ const struct ipv6hdr *iph = ipv6_hdr(skb); -+ -+ rt_info->daddr = iph->daddr; -+ rt_info->saddr = iph->saddr; -+ rt_info->mark = skb->mark; -+ } -+} -+ - static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, - const struct nf_hook_entries *entries, - unsigned int index, unsigned int queuenum) -@@ -144,7 +175,16 @@ static int __nf_queue(struct sk_buff *sk - - nf_queue_entry_get_refs(entry); - skb_dst_force(skb); -- afinfo->saveroute(skb, entry); -+ -+ switch (entry->state.pf) { -+ case AF_INET: -+ nf_ip_saveroute(skb, entry); -+ break; -+ case AF_INET6: -+ nf_ip6_saveroute(skb, entry); -+ break; -+ } -+ - status = qh->outfn(entry, queuenum); - - if (status < 0) { diff --git a/target/linux/generic/backport-4.19/307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch b/target/linux/generic/backport-4.19/307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch deleted file mode 100644 index b98aac0fff..0000000000 --- a/target/linux/generic/backport-4.19/307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch +++ /dev/null @@ -1,349 +0,0 @@ -From: Pablo Neira Ayuso -Date: Mon, 27 Nov 2017 22:29:52 +0100 -Subject: [PATCH] netfilter: move route indirection to struct nf_ipv6_ops - -We cannot make a direct call to nf_ip6_route() because that would result -in autoloading the 'ipv6' module because of symbol dependencies. -Therefore, define route indirection in nf_ipv6_ops where this really -belongs to. - -For IPv4, we can indeed make a direct function call, which is faster, -given IPv4 is built-in in the networking code by default. Still, -CONFIG_INET=n and CONFIG_NETFILTER=y is possible, so define empty inline -stub for IPv4 in such case. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -311,8 +311,6 @@ struct nf_queue_entry; - - struct nf_afinfo { - unsigned short family; -- int (*route)(struct net *net, struct dst_entry **dst, -- struct flowi *fl, bool strict); - int (*reroute)(struct net *net, struct sk_buff *skb, - const struct nf_queue_entry *entry); - int route_key_size; -@@ -331,6 +329,8 @@ __sum16 nf_checksum(struct sk_buff *skb, - __sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook, - unsigned int dataoff, unsigned int len, - u_int8_t protocol, unsigned short family); -+int nf_route(struct net *net, struct dst_entry **dst, struct flowi *fl, -+ bool strict, unsigned short family); - - int nf_register_afinfo(const struct nf_afinfo *afinfo); - void nf_unregister_afinfo(const struct nf_afinfo *afinfo); ---- a/include/linux/netfilter_ipv4.h -+++ b/include/linux/netfilter_ipv4.h -@@ -24,6 +24,8 @@ __sum16 nf_ip_checksum(struct sk_buff *s - __sum16 nf_ip_checksum_partial(struct sk_buff *skb, unsigned int hook, - unsigned int dataoff, unsigned int len, - u_int8_t protocol); -+int nf_ip_route(struct net *net, struct dst_entry **dst, struct flowi *fl, -+ bool strict); - #else - static inline __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, - unsigned int dataoff, u_int8_t protocol) -@@ -38,6 +40,11 @@ static inline __sum16 nf_ip_checksum_par - { - return 0; - } -+static inline int nf_ip_route(struct net *net, struct dst_entry **dst, -+ struct flowi *fl, bool strict) -+{ -+ return -EOPNOTSUPP; -+} - #endif /* CONFIG_INET */ - - #endif /*__LINUX_IP_NETFILTER_H*/ ---- a/include/linux/netfilter_ipv6.h -+++ b/include/linux/netfilter_ipv6.h -@@ -33,6 +33,8 @@ struct nf_ipv6_ops { - __sum16 (*checksum_partial)(struct sk_buff *skb, unsigned int hook, - unsigned int dataoff, unsigned int len, - u_int8_t protocol); -+ int (*route)(struct net *net, struct dst_entry **dst, struct flowi *fl, -+ bool strict); - }; - - #ifdef CONFIG_NETFILTER ---- a/net/bridge/netfilter/nf_tables_bridge.c -+++ b/net/bridge/netfilter/nf_tables_bridge.c -@@ -101,15 +101,8 @@ static int nf_br_reroute(struct net *net - return 0; - } - --static int nf_br_route(struct net *net, struct dst_entry **dst, -- struct flowi *fl, bool strict __always_unused) --{ -- return 0; --} -- - static const struct nf_afinfo nf_br_afinfo = { - .family = AF_BRIDGE, -- .route = nf_br_route, - .reroute = nf_br_reroute, - .route_key_size = 0, - }; ---- a/net/ipv4/netfilter.c -+++ b/net/ipv4/netfilter.c -@@ -150,8 +150,8 @@ __sum16 nf_ip_checksum_partial(struct sk - } - EXPORT_SYMBOL_GPL(nf_ip_checksum_partial); - --static int nf_ip_route(struct net *net, struct dst_entry **dst, -- struct flowi *fl, bool strict __always_unused) -+int nf_ip_route(struct net *net, struct dst_entry **dst, struct flowi *fl, -+ bool strict __always_unused) - { - struct rtable *rt = ip_route_output_key(net, &fl->u.ip4); - if (IS_ERR(rt)) -@@ -159,10 +159,10 @@ static int nf_ip_route(struct net *net, - *dst = &rt->dst; - return 0; - } -+EXPORT_SYMBOL_GPL(nf_ip_route); - - static const struct nf_afinfo nf_ip_afinfo = { - .family = AF_INET, -- .route = nf_ip_route, - .reroute = nf_ip_reroute, - .route_key_size = sizeof(struct ip_rt_info), - }; ---- a/net/ipv6/netfilter.c -+++ b/net/ipv6/netfilter.c -@@ -171,11 +171,11 @@ static const struct nf_ipv6_ops ipv6ops - .fragment = ip6_fragment, - .checksum = nf_ip6_checksum, - .checksum_partial = nf_ip6_checksum_partial, -+ .route = nf_ip6_route, - }; - - static const struct nf_afinfo nf_ip6_afinfo = { - .family = AF_INET6, -- .route = nf_ip6_route, - .reroute = nf_ip6_reroute, - .route_key_size = sizeof(struct ip6_rt_info), - }; ---- a/net/ipv6/netfilter/nft_fib_ipv6.c -+++ b/net/ipv6/netfilter/nft_fib_ipv6.c -@@ -60,7 +60,6 @@ static u32 __nft_fib6_eval_type(const st - { - const struct net_device *dev = NULL; - const struct nf_ipv6_ops *v6ops; -- const struct nf_afinfo *afinfo; - int route_err, addrtype; - struct rt6_info *rt; - struct flowi6 fl6 = { -@@ -69,8 +68,8 @@ static u32 __nft_fib6_eval_type(const st - }; - u32 ret = 0; - -- afinfo = nf_get_afinfo(NFPROTO_IPV6); -- if (!afinfo) -+ v6ops = nf_get_ipv6_ops(); -+ if (!v6ops) - return RTN_UNREACHABLE; - - if (priv->flags & NFTA_FIB_F_IIF) -@@ -80,12 +79,11 @@ static u32 __nft_fib6_eval_type(const st - - nft_fib6_flowi_init(&fl6, priv, pkt, dev, iph); - -- v6ops = nf_get_ipv6_ops(); -- if (dev && v6ops && v6ops->chk_addr(nft_net(pkt), &fl6.daddr, dev, true)) -+ if (dev && v6ops->chk_addr(nft_net(pkt), &fl6.daddr, dev, true)) - ret = RTN_LOCAL; - -- route_err = afinfo->route(nft_net(pkt), (struct dst_entry **)&rt, -- flowi6_to_flowi(&fl6), false); -+ route_err = v6ops->route(nft_net(pkt), (struct dst_entry **)&rt, -+ flowi6_to_flowi(&fl6), false); - if (route_err) - goto err; - ---- a/net/netfilter/nf_conntrack_h323_main.c -+++ b/net/netfilter/nf_conntrack_h323_main.c -@@ -24,6 +24,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -732,14 +733,8 @@ static int callforward_do_filter(struct - const union nf_inet_addr *dst, - u_int8_t family) - { -- const struct nf_afinfo *afinfo; - int ret = 0; - -- /* rcu_read_lock()ed by nf_hook_thresh */ -- afinfo = nf_get_afinfo(family); -- if (!afinfo) -- return 0; -- - switch (family) { - case AF_INET: { - struct flowi4 fl1, fl2; -@@ -750,10 +745,10 @@ static int callforward_do_filter(struct - - memset(&fl2, 0, sizeof(fl2)); - fl2.daddr = dst->ip; -- if (!afinfo->route(net, (struct dst_entry **)&rt1, -- flowi4_to_flowi(&fl1), false)) { -- if (!afinfo->route(net, (struct dst_entry **)&rt2, -- flowi4_to_flowi(&fl2), false)) { -+ if (!nf_ip_route(net, (struct dst_entry **)&rt1, -+ flowi4_to_flowi(&fl1), false)) { -+ if (!nf_ip_route(net, (struct dst_entry **)&rt2, -+ flowi4_to_flowi(&fl2), false)) { - if (rt_nexthop(rt1, fl1.daddr) == - rt_nexthop(rt2, fl2.daddr) && - rt1->dst.dev == rt2->dst.dev) -@@ -766,18 +761,23 @@ static int callforward_do_filter(struct - } - #if IS_ENABLED(CONFIG_NF_CONNTRACK_IPV6) - case AF_INET6: { -- struct flowi6 fl1, fl2; -+ const struct nf_ipv6_ops *v6ops; - struct rt6_info *rt1, *rt2; -+ struct flowi6 fl1, fl2; -+ -+ v6ops = nf_get_ipv6_ops(); -+ if (!v6ops) -+ return 0; - - memset(&fl1, 0, sizeof(fl1)); - fl1.daddr = src->in6; - - memset(&fl2, 0, sizeof(fl2)); - fl2.daddr = dst->in6; -- if (!afinfo->route(net, (struct dst_entry **)&rt1, -- flowi6_to_flowi(&fl1), false)) { -- if (!afinfo->route(net, (struct dst_entry **)&rt2, -- flowi6_to_flowi(&fl2), false)) { -+ if (!v6ops->route(net, (struct dst_entry **)&rt1, -+ flowi6_to_flowi(&fl1), false)) { -+ if (!v6ops->route(net, (struct dst_entry **)&rt2, -+ flowi6_to_flowi(&fl2), false)) { - if (ipv6_addr_equal(rt6_nexthop(rt1, &fl1.daddr), - rt6_nexthop(rt2, &fl2.daddr)) && - rt1->dst.dev == rt2->dst.dev) ---- a/net/netfilter/nft_rt.c -+++ b/net/netfilter/nft_rt.c -@@ -27,7 +27,7 @@ static u16 get_tcpmss(const struct nft_p - { - u32 minlen = sizeof(struct ipv6hdr), mtu = dst_mtu(skbdst); - const struct sk_buff *skb = pkt->skb; -- const struct nf_afinfo *ai; -+ struct dst_entry *dst = NULL; - struct flowi fl; - - memset(&fl, 0, sizeof(fl)); -@@ -43,15 +43,10 @@ static u16 get_tcpmss(const struct nft_p - break; - } - -- ai = nf_get_afinfo(nft_pf(pkt)); -- if (ai) { -- struct dst_entry *dst = NULL; -- -- ai->route(nft_net(pkt), &dst, &fl, false); -- if (dst) { -- mtu = min(mtu, dst_mtu(dst)); -- dst_release(dst); -- } -+ nf_route(nft_net(pkt), &dst, &fl, false, nft_pf(pkt)); -+ if (dst) { -+ mtu = min(mtu, dst_mtu(dst)); -+ dst_release(dst); - } - - if (mtu <= minlen || mtu > 0xffff) ---- a/net/netfilter/utils.c -+++ b/net/netfilter/utils.c -@@ -48,3 +48,24 @@ __sum16 nf_checksum_partial(struct sk_bu - return csum; - } - EXPORT_SYMBOL_GPL(nf_checksum_partial); -+ -+int nf_route(struct net *net, struct dst_entry **dst, struct flowi *fl, -+ bool strict, unsigned short family) -+{ -+ const struct nf_ipv6_ops *v6ops; -+ int ret = 0; -+ -+ switch (family) { -+ case AF_INET: -+ ret = nf_ip_route(net, dst, fl, strict); -+ break; -+ case AF_INET6: -+ v6ops = rcu_dereference(nf_ipv6_ops); -+ if (v6ops) -+ ret = v6ops->route(net, dst, fl, strict); -+ break; -+ } -+ -+ return ret; -+} -+EXPORT_SYMBOL_GPL(nf_route); ---- a/net/netfilter/xt_TCPMSS.c -+++ b/net/netfilter/xt_TCPMSS.c -@@ -48,7 +48,6 @@ static u_int32_t tcpmss_reverse_mtu(stru - unsigned int family) - { - struct flowi fl; -- const struct nf_afinfo *ai; - struct rtable *rt = NULL; - u_int32_t mtu = ~0U; - -@@ -62,10 +61,8 @@ static u_int32_t tcpmss_reverse_mtu(stru - memset(fl6, 0, sizeof(*fl6)); - fl6->daddr = ipv6_hdr(skb)->saddr; - } -- ai = nf_get_afinfo(family); -- if (ai != NULL) -- ai->route(net, (struct dst_entry **)&rt, &fl, false); - -+ nf_route(net, (struct dst_entry **)&rt, &fl, false, family); - if (rt != NULL) { - mtu = dst_mtu(&rt->dst); - dst_release(&rt->dst); ---- a/net/netfilter/xt_addrtype.c -+++ b/net/netfilter/xt_addrtype.c -@@ -36,7 +36,7 @@ MODULE_ALIAS("ip6t_addrtype"); - static u32 match_lookup_rt6(struct net *net, const struct net_device *dev, - const struct in6_addr *addr, u16 mask) - { -- const struct nf_afinfo *afinfo; -+ const struct nf_ipv6_ops *v6ops; - struct flowi6 flow; - struct rt6_info *rt; - u32 ret = 0; -@@ -47,17 +47,14 @@ static u32 match_lookup_rt6(struct net * - if (dev) - flow.flowi6_oif = dev->ifindex; - -- afinfo = nf_get_afinfo(NFPROTO_IPV6); -- if (afinfo != NULL) { -- const struct nf_ipv6_ops *v6ops; -- -+ v6ops = nf_get_ipv6_ops(); -+ if (v6ops) { - if (dev && (mask & XT_ADDRTYPE_LOCAL)) { -- v6ops = nf_get_ipv6_ops(); -- if (v6ops && v6ops->chk_addr(net, addr, dev, true)) -+ if (v6ops->chk_addr(net, addr, dev, true)) - ret = XT_ADDRTYPE_LOCAL; - } -- route_err = afinfo->route(net, (struct dst_entry **)&rt, -- flowi6_to_flowi(&flow), false); -+ route_err = v6ops->route(net, (struct dst_entry **)&rt, -+ flowi6_to_flowi(&flow), false); - } else { - route_err = 1; - } diff --git a/target/linux/generic/backport-4.19/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch b/target/linux/generic/backport-4.19/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch deleted file mode 100644 index 5dbd1a4cea..0000000000 --- a/target/linux/generic/backport-4.19/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch +++ /dev/null @@ -1,223 +0,0 @@ -From: Pablo Neira Ayuso -Date: Mon, 27 Nov 2017 22:50:26 +0100 -Subject: [PATCH] netfilter: move reroute indirection to struct nf_ipv6_ops - -We cannot make a direct call to nf_ip6_reroute() because that would result -in autoloading the 'ipv6' module because of symbol dependencies. -Therefore, define reroute indirection in nf_ipv6_ops where this really -belongs to. - -For IPv4, we can indeed make a direct function call, which is faster, -given IPv4 is built-in in the networking code by default. Still, -CONFIG_INET=n and CONFIG_NETFILTER=y is possible, so define empty inline -stub for IPv4 in such case. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -311,8 +311,6 @@ struct nf_queue_entry; - - struct nf_afinfo { - unsigned short family; -- int (*reroute)(struct net *net, struct sk_buff *skb, -- const struct nf_queue_entry *entry); - int route_key_size; - }; - -@@ -331,6 +329,7 @@ __sum16 nf_checksum_partial(struct sk_bu - u_int8_t protocol, unsigned short family); - int nf_route(struct net *net, struct dst_entry **dst, struct flowi *fl, - bool strict, unsigned short family); -+int nf_reroute(struct sk_buff *skb, struct nf_queue_entry *entry); - - int nf_register_afinfo(const struct nf_afinfo *afinfo); - void nf_unregister_afinfo(const struct nf_afinfo *afinfo); ---- a/include/linux/netfilter_ipv4.h -+++ b/include/linux/netfilter_ipv4.h -@@ -18,6 +18,8 @@ struct ip_rt_info { - - int ip_route_me_harder(struct net *net, struct sk_buff *skb, unsigned addr_type); - -+struct nf_queue_entry; -+ - #ifdef CONFIG_INET - __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, - unsigned int dataoff, u_int8_t protocol); -@@ -26,6 +28,7 @@ __sum16 nf_ip_checksum_partial(struct sk - u_int8_t protocol); - int nf_ip_route(struct net *net, struct dst_entry **dst, struct flowi *fl, - bool strict); -+int nf_ip_reroute(struct sk_buff *skb, const struct nf_queue_entry *entry); - #else - static inline __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, - unsigned int dataoff, u_int8_t protocol) -@@ -45,6 +48,11 @@ static inline int nf_ip_route(struct net - { - return -EOPNOTSUPP; - } -+static inline int nf_ip_reroute(struct sk_buff *skb, -+ const struct nf_queue_entry *entry) -+{ -+ return -EOPNOTSUPP; -+} - #endif /* CONFIG_INET */ - - #endif /*__LINUX_IP_NETFILTER_H*/ ---- a/include/linux/netfilter_ipv6.h -+++ b/include/linux/netfilter_ipv6.h -@@ -18,6 +18,8 @@ struct ip6_rt_info { - u_int32_t mark; - }; - -+struct nf_queue_entry; -+ - /* - * Hook functions for ipv6 to allow xt_* modules to be built-in even - * if IPv6 is a module. -@@ -35,6 +37,7 @@ struct nf_ipv6_ops { - u_int8_t protocol); - int (*route)(struct net *net, struct dst_entry **dst, struct flowi *fl, - bool strict); -+ int (*reroute)(struct sk_buff *skb, const struct nf_queue_entry *entry); - }; - - #ifdef CONFIG_NETFILTER ---- a/net/bridge/netfilter/nf_tables_bridge.c -+++ b/net/bridge/netfilter/nf_tables_bridge.c -@@ -95,15 +95,8 @@ static const struct nf_chain_type filter - (1 << NF_BR_POST_ROUTING), - }; - --static int nf_br_reroute(struct net *net, struct sk_buff *skb, -- const struct nf_queue_entry *entry) --{ -- return 0; --} -- - static const struct nf_afinfo nf_br_afinfo = { - .family = AF_BRIDGE, -- .reroute = nf_br_reroute, - .route_key_size = 0, - }; - ---- a/net/ipv4/netfilter.c -+++ b/net/ipv4/netfilter.c -@@ -80,8 +80,7 @@ int ip_route_me_harder(struct net *net, - } - EXPORT_SYMBOL(ip_route_me_harder); - --static int nf_ip_reroute(struct net *net, struct sk_buff *skb, -- const struct nf_queue_entry *entry) -+int nf_ip_reroute(struct sk_buff *skb, const struct nf_queue_entry *entry) - { - const struct ip_rt_info *rt_info = nf_queue_entry_reroute(entry); - -@@ -92,10 +91,12 @@ static int nf_ip_reroute(struct net *net - skb->mark == rt_info->mark && - iph->daddr == rt_info->daddr && - iph->saddr == rt_info->saddr)) -- return ip_route_me_harder(net, skb, RTN_UNSPEC); -+ return ip_route_me_harder(entry->state.net, skb, -+ RTN_UNSPEC); - } - return 0; - } -+EXPORT_SYMBOL_GPL(nf_ip_reroute); - - __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, - unsigned int dataoff, u_int8_t protocol) -@@ -163,7 +164,6 @@ EXPORT_SYMBOL_GPL(nf_ip_route); - - static const struct nf_afinfo nf_ip_afinfo = { - .family = AF_INET, -- .reroute = nf_ip_reroute, - .route_key_size = sizeof(struct ip_rt_info), - }; - ---- a/net/ipv6/netfilter.c -+++ b/net/ipv6/netfilter.c -@@ -69,7 +69,7 @@ int ip6_route_me_harder(struct net *net, - } - EXPORT_SYMBOL(ip6_route_me_harder); - --static int nf_ip6_reroute(struct net *net, struct sk_buff *skb, -+static int nf_ip6_reroute(struct sk_buff *skb, - const struct nf_queue_entry *entry) - { - struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry); -@@ -79,7 +79,7 @@ static int nf_ip6_reroute(struct net *ne - if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || - !ipv6_addr_equal(&iph->saddr, &rt_info->saddr) || - skb->mark != rt_info->mark) -- return ip6_route_me_harder(net, skb); -+ return ip6_route_me_harder(entry->state.net, skb); - } - return 0; - } -@@ -172,11 +172,11 @@ static const struct nf_ipv6_ops ipv6ops - .checksum = nf_ip6_checksum, - .checksum_partial = nf_ip6_checksum_partial, - .route = nf_ip6_route, -+ .reroute = nf_ip6_reroute, - }; - - static const struct nf_afinfo nf_ip6_afinfo = { - .family = AF_INET6, -- .reroute = nf_ip6_reroute, - .route_key_size = sizeof(struct ip6_rt_info), - }; - ---- a/net/netfilter/nf_queue.c -+++ b/net/netfilter/nf_queue.c -@@ -266,7 +266,6 @@ void nf_reinject(struct nf_queue_entry * - const struct nf_hook_entry *hook_entry; - const struct nf_hook_entries *hooks; - struct sk_buff *skb = entry->skb; -- const struct nf_afinfo *afinfo; - const struct net *net; - unsigned int i; - int err; -@@ -293,8 +292,7 @@ void nf_reinject(struct nf_queue_entry * - verdict = nf_hook_entry_hookfn(hook_entry, skb, &entry->state); - - if (verdict == NF_ACCEPT) { -- afinfo = nf_get_afinfo(entry->state.pf); -- if (!afinfo || afinfo->reroute(entry->state.net, skb, entry) < 0) -+ if (nf_reroute(skb, entry) < 0) - verdict = NF_DROP; - } - ---- a/net/netfilter/utils.c -+++ b/net/netfilter/utils.c -@@ -2,6 +2,7 @@ - #include - #include - #include -+#include - - __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook, - unsigned int dataoff, u_int8_t protocol, -@@ -69,3 +70,21 @@ int nf_route(struct net *net, struct dst - return ret; - } - EXPORT_SYMBOL_GPL(nf_route); -+ -+int nf_reroute(struct sk_buff *skb, struct nf_queue_entry *entry) -+{ -+ const struct nf_ipv6_ops *v6ops; -+ int ret = 0; -+ -+ switch (entry->state.pf) { -+ case AF_INET: -+ ret = nf_ip_reroute(skb, entry); -+ break; -+ case AF_INET6: -+ v6ops = rcu_dereference(nf_ipv6_ops); -+ if (v6ops) -+ ret = v6ops->reroute(skb, entry); -+ break; -+ } -+ return ret; -+} diff --git a/target/linux/generic/backport-4.19/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch b/target/linux/generic/backport-4.19/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch deleted file mode 100644 index 21381b7e6b..0000000000 --- a/target/linux/generic/backport-4.19/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch +++ /dev/null @@ -1,94 +0,0 @@ -From: Pablo Neira Ayuso -Date: Mon, 27 Nov 2017 22:58:37 +0100 -Subject: [PATCH] netfilter: remove route_key_size field in struct nf_afinfo - -This is only needed by nf_queue, place this code where it belongs. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -311,7 +311,6 @@ struct nf_queue_entry; - - struct nf_afinfo { - unsigned short family; -- int route_key_size; - }; - - extern const struct nf_afinfo __rcu *nf_afinfo[NFPROTO_NUMPROTO]; ---- a/net/ipv4/netfilter.c -+++ b/net/ipv4/netfilter.c -@@ -164,7 +164,6 @@ EXPORT_SYMBOL_GPL(nf_ip_route); - - static const struct nf_afinfo nf_ip_afinfo = { - .family = AF_INET, -- .route_key_size = sizeof(struct ip_rt_info), - }; - - static int __init ipv4_netfilter_init(void) ---- a/net/ipv6/netfilter.c -+++ b/net/ipv6/netfilter.c -@@ -177,7 +177,6 @@ static const struct nf_ipv6_ops ipv6ops - - static const struct nf_afinfo nf_ip6_afinfo = { - .family = AF_INET6, -- .route_key_size = sizeof(struct ip6_rt_info), - }; - - int __init ipv6_netfilter_init(void) ---- a/net/netfilter/nf_queue.c -+++ b/net/netfilter/nf_queue.c -@@ -15,6 +15,8 @@ - #include - #include - #include -+#include -+#include - #include - #include - #include -@@ -145,9 +147,9 @@ static int __nf_queue(struct sk_buff *sk - { - int status = -ENOENT; - struct nf_queue_entry *entry = NULL; -- const struct nf_afinfo *afinfo; - const struct nf_queue_handler *qh; - struct net *net = state->net; -+ unsigned int route_key_size; - - /* QUEUE == DROP if no one is waiting, to be safe. */ - qh = rcu_dereference(net->nf.queue_handler); -@@ -156,11 +158,19 @@ static int __nf_queue(struct sk_buff *sk - goto err; - } - -- afinfo = nf_get_afinfo(state->pf); -- if (!afinfo) -- goto err; -+ switch (state->pf) { -+ case AF_INET: -+ route_key_size = sizeof(struct ip_rt_info); -+ break; -+ case AF_INET6: -+ route_key_size = sizeof(struct ip6_rt_info); -+ break; -+ default: -+ route_key_size = 0; -+ break; -+ } - -- entry = kmalloc(sizeof(*entry) + afinfo->route_key_size, GFP_ATOMIC); -+ entry = kmalloc(sizeof(*entry) + route_key_size, GFP_ATOMIC); - if (!entry) { - status = -ENOMEM; - goto err; -@@ -170,7 +180,7 @@ static int __nf_queue(struct sk_buff *sk - .skb = skb, - .state = *state, - .hook_index = index, -- .size = sizeof(*entry) + afinfo->route_key_size, -+ .size = sizeof(*entry) + route_key_size, - }; - - nf_queue_entry_get_refs(entry); diff --git a/target/linux/generic/backport-4.19/310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch b/target/linux/generic/backport-4.19/310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch deleted file mode 100644 index 0ca58f9988..0000000000 --- a/target/linux/generic/backport-4.19/310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch +++ /dev/null @@ -1,173 +0,0 @@ -From: Pablo Neira Ayuso -Date: Sat, 9 Dec 2017 17:05:53 +0100 -Subject: [PATCH] netfilter: remove struct nf_afinfo and its helper functions - -This abstraction has no clients anymore, remove it. - -This is what remains from previous authors, so correct copyright -statement after recent modifications and code removal. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -309,16 +309,6 @@ int skb_make_writable(struct sk_buff *sk - struct flowi; - struct nf_queue_entry; - --struct nf_afinfo { -- unsigned short family; --}; -- --extern const struct nf_afinfo __rcu *nf_afinfo[NFPROTO_NUMPROTO]; --static inline const struct nf_afinfo *nf_get_afinfo(unsigned short family) --{ -- return rcu_dereference(nf_afinfo[family]); --} -- - __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook, - unsigned int dataoff, u_int8_t protocol, - unsigned short family); -@@ -330,9 +320,6 @@ int nf_route(struct net *net, struct dst - bool strict, unsigned short family); - int nf_reroute(struct sk_buff *skb, struct nf_queue_entry *entry); - --int nf_register_afinfo(const struct nf_afinfo *afinfo); --void nf_unregister_afinfo(const struct nf_afinfo *afinfo); -- - #include - extern void (*nf_nat_decode_session_hook)(struct sk_buff *, struct flowi *); - ---- a/net/bridge/netfilter/nf_tables_bridge.c -+++ b/net/bridge/netfilter/nf_tables_bridge.c -@@ -95,30 +95,23 @@ static const struct nf_chain_type filter - (1 << NF_BR_POST_ROUTING), - }; - --static const struct nf_afinfo nf_br_afinfo = { -- .family = AF_BRIDGE, -- .route_key_size = 0, --}; -- - static int __init nf_tables_bridge_init(void) - { - int ret; - -- nf_register_afinfo(&nf_br_afinfo); - ret = nft_register_chain_type(&filter_bridge); - if (ret < 0) -- goto err1; -+ return ret; - - ret = register_pernet_subsys(&nf_tables_bridge_net_ops); - if (ret < 0) -- goto err2; -+ goto err_register_subsys; - - return ret; - --err2: -+err_register_subsys: - nft_unregister_chain_type(&filter_bridge); --err1: -- nf_unregister_afinfo(&nf_br_afinfo); -+ - return ret; - } - -@@ -126,7 +119,6 @@ static void __exit nf_tables_bridge_exit - { - unregister_pernet_subsys(&nf_tables_bridge_net_ops); - nft_unregister_chain_type(&filter_bridge); -- nf_unregister_afinfo(&nf_br_afinfo); - } - - module_init(nf_tables_bridge_init); ---- a/net/ipv4/netfilter.c -+++ b/net/ipv4/netfilter.c -@@ -161,13 +161,3 @@ int nf_ip_route(struct net *net, struct - return 0; - } - EXPORT_SYMBOL_GPL(nf_ip_route); -- --static const struct nf_afinfo nf_ip_afinfo = { -- .family = AF_INET, --}; -- --static int __init ipv4_netfilter_init(void) --{ -- return nf_register_afinfo(&nf_ip_afinfo); --} --subsys_initcall(ipv4_netfilter_init); ---- a/net/ipv6/netfilter.c -+++ b/net/ipv6/netfilter.c -@@ -175,14 +175,10 @@ static const struct nf_ipv6_ops ipv6ops - .reroute = nf_ip6_reroute, - }; - --static const struct nf_afinfo nf_ip6_afinfo = { -- .family = AF_INET6, --}; -- - int __init ipv6_netfilter_init(void) - { - RCU_INIT_POINTER(nf_ipv6_ops, &ipv6ops); -- return nf_register_afinfo(&nf_ip6_afinfo); -+ return 0; - } - - /* This can be called from inet6_init() on errors, so it cannot -@@ -191,5 +187,4 @@ int __init ipv6_netfilter_init(void) - void ipv6_netfilter_fini(void) - { - RCU_INIT_POINTER(nf_ipv6_ops, NULL); -- nf_unregister_afinfo(&nf_ip6_afinfo); - } ---- a/net/netfilter/core.c -+++ b/net/netfilter/core.c -@@ -4,8 +4,7 @@ - * Thanks to Rob `CmdrTaco' Malda for not influencing this code in any - * way. - * -- * Rusty Russell (C)2000 -- This code is GPL. -- * Patrick McHardy (c) 2006-2012 -+ * This code is GPL. - */ - #include - #include -@@ -28,34 +27,12 @@ - - #include "nf_internals.h" - --static DEFINE_MUTEX(afinfo_mutex); -- --const struct nf_afinfo __rcu *nf_afinfo[NFPROTO_NUMPROTO] __read_mostly; --EXPORT_SYMBOL(nf_afinfo); - const struct nf_ipv6_ops __rcu *nf_ipv6_ops __read_mostly; - EXPORT_SYMBOL_GPL(nf_ipv6_ops); - - DEFINE_PER_CPU(bool, nf_skb_duplicated); - EXPORT_SYMBOL_GPL(nf_skb_duplicated); - --int nf_register_afinfo(const struct nf_afinfo *afinfo) --{ -- mutex_lock(&afinfo_mutex); -- RCU_INIT_POINTER(nf_afinfo[afinfo->family], afinfo); -- mutex_unlock(&afinfo_mutex); -- return 0; --} --EXPORT_SYMBOL_GPL(nf_register_afinfo); -- --void nf_unregister_afinfo(const struct nf_afinfo *afinfo) --{ -- mutex_lock(&afinfo_mutex); -- RCU_INIT_POINTER(nf_afinfo[afinfo->family], NULL); -- mutex_unlock(&afinfo_mutex); -- synchronize_rcu(); --} --EXPORT_SYMBOL_GPL(nf_unregister_afinfo); -- - #ifdef HAVE_JUMP_LABEL - struct static_key nf_hooks_needed[NFPROTO_NUMPROTO][NF_MAX_HOOKS]; - EXPORT_SYMBOL(nf_hooks_needed); diff --git a/target/linux/generic/backport-4.19/311-v4.16-netfilter-nf_tables_arp-don-t-set-forward-chain.patch b/target/linux/generic/backport-4.19/311-v4.16-netfilter-nf_tables_arp-don-t-set-forward-chain.patch deleted file mode 100644 index 10ce26dc8e..0000000000 --- a/target/linux/generic/backport-4.19/311-v4.16-netfilter-nf_tables_arp-don-t-set-forward-chain.patch +++ /dev/null @@ -1,20 +0,0 @@ -From: Pablo Neira Ayuso -Date: Sun, 10 Dec 2017 01:42:58 +0100 -Subject: [PATCH] netfilter: nf_tables_arp: don't set forward chain - -46928a0b49f3 ("netfilter: nf_tables: remove multihook chains and -families") already removed this, this is a leftover. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/net/ipv4/netfilter/nf_tables_arp.c -+++ b/net/ipv4/netfilter/nf_tables_arp.c -@@ -34,7 +34,6 @@ static struct nft_af_info nft_af_arp __r - .hooks = { - [NF_ARP_IN] = nft_do_chain_arp, - [NF_ARP_OUT] = nft_do_chain_arp, -- [NF_ARP_FORWARD] = nft_do_chain_arp, - }, - }; - diff --git a/target/linux/generic/backport-4.19/312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch b/target/linux/generic/backport-4.19/312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch deleted file mode 100644 index 3ee8ad9d33..0000000000 --- a/target/linux/generic/backport-4.19/312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch +++ /dev/null @@ -1,233 +0,0 @@ -From: Pablo Neira Ayuso -Date: Sat, 9 Dec 2017 15:43:17 +0100 -Subject: [PATCH] netfilter: nf_tables: remove hooks from family definition - -They don't belong to the family definition, move them to the filter -chain type definition instead. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/net/netfilter/nf_tables.h -+++ b/include/net/netfilter/nf_tables.h -@@ -875,7 +875,7 @@ enum nft_chain_type { - * @family: address family - * @owner: module owner - * @hook_mask: mask of valid hooks -- * @hooks: hookfn overrides -+ * @hooks: array of hook functions - */ - struct nf_chain_type { - const char *name; -@@ -969,7 +969,6 @@ enum nft_af_flags { - * @owner: module owner - * @tables: used internally - * @flags: family flags -- * @hooks: hookfn overrides for packet validation - */ - struct nft_af_info { - struct list_head list; -@@ -978,7 +977,6 @@ struct nft_af_info { - struct module *owner; - struct list_head tables; - u32 flags; -- nf_hookfn *hooks[NF_MAX_HOOKS]; - }; - - int nft_register_afinfo(struct net *, struct nft_af_info *); ---- a/net/bridge/netfilter/nf_tables_bridge.c -+++ b/net/bridge/netfilter/nf_tables_bridge.c -@@ -46,13 +46,6 @@ static struct nft_af_info nft_af_bridge - .family = NFPROTO_BRIDGE, - .nhooks = NF_BR_NUMHOOKS, - .owner = THIS_MODULE, -- .hooks = { -- [NF_BR_PRE_ROUTING] = nft_do_chain_bridge, -- [NF_BR_LOCAL_IN] = nft_do_chain_bridge, -- [NF_BR_FORWARD] = nft_do_chain_bridge, -- [NF_BR_LOCAL_OUT] = nft_do_chain_bridge, -- [NF_BR_POST_ROUTING] = nft_do_chain_bridge, -- }, - }; - - static int nf_tables_bridge_init_net(struct net *net) -@@ -93,6 +86,13 @@ static const struct nf_chain_type filter - (1 << NF_BR_FORWARD) | - (1 << NF_BR_LOCAL_OUT) | - (1 << NF_BR_POST_ROUTING), -+ .hooks = { -+ [NF_BR_PRE_ROUTING] = nft_do_chain_bridge, -+ [NF_BR_LOCAL_IN] = nft_do_chain_bridge, -+ [NF_BR_FORWARD] = nft_do_chain_bridge, -+ [NF_BR_LOCAL_OUT] = nft_do_chain_bridge, -+ [NF_BR_POST_ROUTING] = nft_do_chain_bridge, -+ }, - }; - - static int __init nf_tables_bridge_init(void) ---- a/net/ipv4/netfilter/nf_tables_arp.c -+++ b/net/ipv4/netfilter/nf_tables_arp.c -@@ -31,10 +31,6 @@ static struct nft_af_info nft_af_arp __r - .family = NFPROTO_ARP, - .nhooks = NF_ARP_NUMHOOKS, - .owner = THIS_MODULE, -- .hooks = { -- [NF_ARP_IN] = nft_do_chain_arp, -- [NF_ARP_OUT] = nft_do_chain_arp, -- }, - }; - - static int nf_tables_arp_init_net(struct net *net) -@@ -72,6 +68,10 @@ static const struct nf_chain_type filter - .owner = THIS_MODULE, - .hook_mask = (1 << NF_ARP_IN) | - (1 << NF_ARP_OUT), -+ .hooks = { -+ [NF_ARP_IN] = nft_do_chain_arp, -+ [NF_ARP_OUT] = nft_do_chain_arp, -+ }, - }; - - static int __init nf_tables_arp_init(void) ---- a/net/ipv4/netfilter/nf_tables_ipv4.c -+++ b/net/ipv4/netfilter/nf_tables_ipv4.c -@@ -49,13 +49,6 @@ static struct nft_af_info nft_af_ipv4 __ - .family = NFPROTO_IPV4, - .nhooks = NF_INET_NUMHOOKS, - .owner = THIS_MODULE, -- .hooks = { -- [NF_INET_LOCAL_IN] = nft_do_chain_ipv4, -- [NF_INET_LOCAL_OUT] = nft_ipv4_output, -- [NF_INET_FORWARD] = nft_do_chain_ipv4, -- [NF_INET_PRE_ROUTING] = nft_do_chain_ipv4, -- [NF_INET_POST_ROUTING] = nft_do_chain_ipv4, -- }, - }; - - static int nf_tables_ipv4_init_net(struct net *net) -@@ -96,6 +89,13 @@ static const struct nf_chain_type filter - (1 << NF_INET_FORWARD) | - (1 << NF_INET_PRE_ROUTING) | - (1 << NF_INET_POST_ROUTING), -+ .hooks = { -+ [NF_INET_LOCAL_IN] = nft_do_chain_ipv4, -+ [NF_INET_LOCAL_OUT] = nft_ipv4_output, -+ [NF_INET_FORWARD] = nft_do_chain_ipv4, -+ [NF_INET_PRE_ROUTING] = nft_do_chain_ipv4, -+ [NF_INET_POST_ROUTING] = nft_do_chain_ipv4, -+ }, - }; - - static int __init nf_tables_ipv4_init(void) ---- a/net/ipv6/netfilter/nf_tables_ipv6.c -+++ b/net/ipv6/netfilter/nf_tables_ipv6.c -@@ -46,13 +46,6 @@ static struct nft_af_info nft_af_ipv6 __ - .family = NFPROTO_IPV6, - .nhooks = NF_INET_NUMHOOKS, - .owner = THIS_MODULE, -- .hooks = { -- [NF_INET_LOCAL_IN] = nft_do_chain_ipv6, -- [NF_INET_LOCAL_OUT] = nft_ipv6_output, -- [NF_INET_FORWARD] = nft_do_chain_ipv6, -- [NF_INET_PRE_ROUTING] = nft_do_chain_ipv6, -- [NF_INET_POST_ROUTING] = nft_do_chain_ipv6, -- }, - }; - - static int nf_tables_ipv6_init_net(struct net *net) -@@ -93,6 +86,13 @@ static const struct nf_chain_type filter - (1 << NF_INET_FORWARD) | - (1 << NF_INET_PRE_ROUTING) | - (1 << NF_INET_POST_ROUTING), -+ .hooks = { -+ [NF_INET_LOCAL_IN] = nft_do_chain_ipv6, -+ [NF_INET_LOCAL_OUT] = nft_ipv6_output, -+ [NF_INET_FORWARD] = nft_do_chain_ipv6, -+ [NF_INET_PRE_ROUTING] = nft_do_chain_ipv6, -+ [NF_INET_POST_ROUTING] = nft_do_chain_ipv6, -+ }, - }; - - static int __init nf_tables_ipv6_init(void) ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -1383,7 +1383,6 @@ static int nf_tables_addchain(struct nft - if (nla[NFTA_CHAIN_HOOK]) { - struct nft_chain_hook hook; - struct nf_hook_ops *ops; -- nf_hookfn *hookfn; - - err = nft_chain_parse_hook(net, nla, afi, &hook, create); - if (err < 0) -@@ -1409,7 +1408,6 @@ static int nf_tables_addchain(struct nft - static_branch_inc(&nft_counters_enabled); - } - -- hookfn = hook.type->hooks[hook.num]; - basechain->type = hook.type; - chain = &basechain->chain; - -@@ -1418,10 +1416,8 @@ static int nf_tables_addchain(struct nft - ops->hooknum = hook.num; - ops->priority = hook.priority; - ops->priv = chain; -- ops->hook = afi->hooks[ops->hooknum]; -+ ops->hook = hook.type->hooks[ops->hooknum]; - ops->dev = hook.dev; -- if (hookfn) -- ops->hook = hookfn; - - if (basechain->type->type == NFT_CHAIN_T_NAT) - ops->nat_hook = true; ---- a/net/netfilter/nf_tables_inet.c -+++ b/net/netfilter/nf_tables_inet.c -@@ -74,13 +74,6 @@ static struct nft_af_info nft_af_inet __ - .family = NFPROTO_INET, - .nhooks = NF_INET_NUMHOOKS, - .owner = THIS_MODULE, -- .hooks = { -- [NF_INET_LOCAL_IN] = nft_do_chain_inet, -- [NF_INET_LOCAL_OUT] = nft_inet_output, -- [NF_INET_FORWARD] = nft_do_chain_inet, -- [NF_INET_PRE_ROUTING] = nft_do_chain_inet, -- [NF_INET_POST_ROUTING] = nft_do_chain_inet, -- }, - }; - - static int __net_init nf_tables_inet_init_net(struct net *net) -@@ -121,6 +114,13 @@ static const struct nf_chain_type filter - (1 << NF_INET_FORWARD) | - (1 << NF_INET_PRE_ROUTING) | - (1 << NF_INET_POST_ROUTING), -+ .hooks = { -+ [NF_INET_LOCAL_IN] = nft_do_chain_inet, -+ [NF_INET_LOCAL_OUT] = nft_inet_output, -+ [NF_INET_FORWARD] = nft_do_chain_inet, -+ [NF_INET_PRE_ROUTING] = nft_do_chain_inet, -+ [NF_INET_POST_ROUTING] = nft_do_chain_inet, -+ }, - }; - - static int __init nf_tables_inet_init(void) ---- a/net/netfilter/nf_tables_netdev.c -+++ b/net/netfilter/nf_tables_netdev.c -@@ -43,9 +43,6 @@ static struct nft_af_info nft_af_netdev - .nhooks = NF_NETDEV_NUMHOOKS, - .owner = THIS_MODULE, - .flags = NFT_AF_NEEDS_DEV, -- .hooks = { -- [NF_NETDEV_INGRESS] = nft_do_chain_netdev, -- }, - }; - - static int nf_tables_netdev_init_net(struct net *net) -@@ -82,6 +79,9 @@ static const struct nf_chain_type nft_fi - .family = NFPROTO_NETDEV, - .owner = THIS_MODULE, - .hook_mask = (1 << NF_NETDEV_INGRESS), -+ .hooks = { -+ [NF_NETDEV_INGRESS] = nft_do_chain_netdev, -+ }, - }; - - static void nft_netdev_event(unsigned long event, struct net_device *dev, diff --git a/target/linux/generic/backport-4.19/313-v4.16-netfilter-remove-defensive-check-on-malformed-packet.patch b/target/linux/generic/backport-4.19/313-v4.16-netfilter-remove-defensive-check-on-malformed-packet.patch deleted file mode 100644 index 5e56d0dc49..0000000000 --- a/target/linux/generic/backport-4.19/313-v4.16-netfilter-remove-defensive-check-on-malformed-packet.patch +++ /dev/null @@ -1,302 +0,0 @@ -From: Pablo Neira Ayuso -Date: Sat, 30 Dec 2017 22:41:46 +0100 -Subject: [PATCH] netfilter: remove defensive check on malformed packets from - raw sockets - -Users cannot forge malformed IPv4/IPv6 headers via raw sockets that they -can inject into the stack. Specifically, not for IPv4 since 55888dfb6ba7 -("AF_RAW: Augment raw_send_hdrinc to expand skb to fit iphdr->ihl -(v2)"). IPv6 raw sockets also ensure that packets have a well-formed -IPv6 header available in the skbuff. - -At quick glance, br_netfilter also validates layer 3 headers and it -drops malformed both IPv4 and IPv6 packets. - -Therefore, let's remove this defensive check all over the place. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/net/ipv4/netfilter/iptable_filter.c -+++ b/net/ipv4/netfilter/iptable_filter.c -@@ -38,12 +38,6 @@ static unsigned int - iptable_filter_hook(void *priv, struct sk_buff *skb, - const struct nf_hook_state *state) - { -- if (state->hook == NF_INET_LOCAL_OUT && -- (skb->len < sizeof(struct iphdr) || -- ip_hdrlen(skb) < sizeof(struct iphdr))) -- /* root is playing with raw sockets. */ -- return NF_ACCEPT; -- - return ipt_do_table(skb, state, state->net->ipv4.iptable_filter); - } - ---- a/net/ipv4/netfilter/iptable_mangle.c -+++ b/net/ipv4/netfilter/iptable_mangle.c -@@ -49,11 +49,6 @@ ipt_mangle_out(struct sk_buff *skb, cons - u_int32_t mark; - int err; - -- /* root is playing with raw sockets. */ -- if (skb->len < sizeof(struct iphdr) || -- ip_hdrlen(skb) < sizeof(struct iphdr)) -- return NF_ACCEPT; -- - /* Save things which could affect route */ - mark = skb->mark; - iph = ip_hdr(skb); ---- a/net/ipv4/netfilter/iptable_raw.c -+++ b/net/ipv4/netfilter/iptable_raw.c -@@ -26,12 +26,6 @@ static unsigned int - iptable_raw_hook(void *priv, struct sk_buff *skb, - const struct nf_hook_state *state) - { -- if (state->hook == NF_INET_LOCAL_OUT && -- (skb->len < sizeof(struct iphdr) || -- ip_hdrlen(skb) < sizeof(struct iphdr))) -- /* root is playing with raw sockets. */ -- return NF_ACCEPT; -- - return ipt_do_table(skb, state, state->net->ipv4.iptable_raw); - } - ---- a/net/ipv4/netfilter/iptable_security.c -+++ b/net/ipv4/netfilter/iptable_security.c -@@ -43,12 +43,6 @@ static unsigned int - iptable_security_hook(void *priv, struct sk_buff *skb, - const struct nf_hook_state *state) - { -- if (state->hook == NF_INET_LOCAL_OUT && -- (skb->len < sizeof(struct iphdr) || -- ip_hdrlen(skb) < sizeof(struct iphdr))) -- /* Somebody is playing with raw sockets. */ -- return NF_ACCEPT; -- - return ipt_do_table(skb, state, state->net->ipv4.iptable_security); - } - ---- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c -+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c -@@ -154,11 +154,6 @@ static unsigned int ipv4_conntrack_local - struct sk_buff *skb, - const struct nf_hook_state *state) - { -- /* root is playing with raw sockets. */ -- if (skb->len < sizeof(struct iphdr) || -- ip_hdrlen(skb) < sizeof(struct iphdr)) -- return NF_ACCEPT; -- - if (ip_is_fragment(ip_hdr(skb))) { /* IP_NODEFRAG setsockopt set */ - enum ip_conntrack_info ctinfo; - struct nf_conn *tmpl; ---- a/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c -+++ b/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c -@@ -355,11 +355,6 @@ nf_nat_ipv4_out(void *priv, struct sk_bu - #endif - unsigned int ret; - -- /* root is playing with raw sockets. */ -- if (skb->len < sizeof(struct iphdr) || -- ip_hdrlen(skb) < sizeof(struct iphdr)) -- return NF_ACCEPT; -- - ret = nf_nat_ipv4_fn(priv, skb, state, do_chain); - #ifdef CONFIG_XFRM - if (ret != NF_DROP && ret != NF_STOLEN && -@@ -395,11 +390,6 @@ nf_nat_ipv4_local_fn(void *priv, struct - unsigned int ret; - int err; - -- /* root is playing with raw sockets. */ -- if (skb->len < sizeof(struct iphdr) || -- ip_hdrlen(skb) < sizeof(struct iphdr)) -- return NF_ACCEPT; -- - ret = nf_nat_ipv4_fn(priv, skb, state, do_chain); - if (ret != NF_DROP && ret != NF_STOLEN && - (ct = nf_ct_get(skb, &ctinfo)) != NULL) { ---- a/net/ipv4/netfilter/nf_tables_ipv4.c -+++ b/net/ipv4/netfilter/nf_tables_ipv4.c -@@ -30,21 +30,6 @@ static unsigned int nft_do_chain_ipv4(vo - return nft_do_chain(&pkt, priv); - } - --static unsigned int nft_ipv4_output(void *priv, -- struct sk_buff *skb, -- const struct nf_hook_state *state) --{ -- if (unlikely(skb->len < sizeof(struct iphdr) || -- ip_hdr(skb)->ihl < sizeof(struct iphdr) / 4)) { -- if (net_ratelimit()) -- pr_info("nf_tables_ipv4: ignoring short SOCK_RAW " -- "packet\n"); -- return NF_ACCEPT; -- } -- -- return nft_do_chain_ipv4(priv, skb, state); --} -- - static struct nft_af_info nft_af_ipv4 __read_mostly = { - .family = NFPROTO_IPV4, - .nhooks = NF_INET_NUMHOOKS, -@@ -91,7 +76,7 @@ static const struct nf_chain_type filter - (1 << NF_INET_POST_ROUTING), - .hooks = { - [NF_INET_LOCAL_IN] = nft_do_chain_ipv4, -- [NF_INET_LOCAL_OUT] = nft_ipv4_output, -+ [NF_INET_LOCAL_OUT] = nft_do_chain_ipv4, - [NF_INET_FORWARD] = nft_do_chain_ipv4, - [NF_INET_PRE_ROUTING] = nft_do_chain_ipv4, - [NF_INET_POST_ROUTING] = nft_do_chain_ipv4, ---- a/net/ipv4/netfilter/nft_chain_route_ipv4.c -+++ b/net/ipv4/netfilter/nft_chain_route_ipv4.c -@@ -33,11 +33,6 @@ static unsigned int nf_route_table_hook( - const struct iphdr *iph; - int err; - -- /* root is playing with raw sockets. */ -- if (skb->len < sizeof(struct iphdr) || -- ip_hdrlen(skb) < sizeof(struct iphdr)) -- return NF_ACCEPT; -- - nft_set_pktinfo(&pkt, skb, state); - nft_set_pktinfo_ipv4(&pkt, skb); - ---- a/net/ipv6/netfilter/ip6table_mangle.c -+++ b/net/ipv6/netfilter/ip6table_mangle.c -@@ -42,14 +42,6 @@ ip6t_mangle_out(struct sk_buff *skb, con - u_int8_t hop_limit; - u_int32_t flowlabel, mark; - int err; --#if 0 -- /* root is playing with raw sockets. */ -- if (skb->len < sizeof(struct iphdr) || -- ip_hdrlen(skb) < sizeof(struct iphdr)) { -- net_warn_ratelimited("ip6t_hook: happy cracking\n"); -- return NF_ACCEPT; -- } --#endif - - /* save source/dest address, mark, hoplimit, flowlabel, priority, */ - memcpy(&saddr, &ipv6_hdr(skb)->saddr, sizeof(saddr)); ---- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c -+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c -@@ -176,11 +176,6 @@ static unsigned int ipv6_conntrack_local - struct sk_buff *skb, - const struct nf_hook_state *state) - { -- /* root is playing with raw sockets. */ -- if (skb->len < sizeof(struct ipv6hdr)) { -- net_notice_ratelimited("ipv6_conntrack_local: packet too short\n"); -- return NF_ACCEPT; -- } - return nf_conntrack_in(state->net, PF_INET6, state->hook, skb); - } - ---- a/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c -+++ b/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c -@@ -372,10 +372,6 @@ nf_nat_ipv6_out(void *priv, struct sk_bu - #endif - unsigned int ret; - -- /* root is playing with raw sockets. */ -- if (skb->len < sizeof(struct ipv6hdr)) -- return NF_ACCEPT; -- - ret = nf_nat_ipv6_fn(priv, skb, state, do_chain); - #ifdef CONFIG_XFRM - if (ret != NF_DROP && ret != NF_STOLEN && -@@ -411,10 +407,6 @@ nf_nat_ipv6_local_fn(void *priv, struct - unsigned int ret; - int err; - -- /* root is playing with raw sockets. */ -- if (skb->len < sizeof(struct ipv6hdr)) -- return NF_ACCEPT; -- - ret = nf_nat_ipv6_fn(priv, skb, state, do_chain); - if (ret != NF_DROP && ret != NF_STOLEN && - (ct = nf_ct_get(skb, &ctinfo)) != NULL) { ---- a/net/ipv6/netfilter/nf_tables_ipv6.c -+++ b/net/ipv6/netfilter/nf_tables_ipv6.c -@@ -28,20 +28,6 @@ static unsigned int nft_do_chain_ipv6(vo - return nft_do_chain(&pkt, priv); - } - --static unsigned int nft_ipv6_output(void *priv, -- struct sk_buff *skb, -- const struct nf_hook_state *state) --{ -- if (unlikely(skb->len < sizeof(struct ipv6hdr))) { -- if (net_ratelimit()) -- pr_info("nf_tables_ipv6: ignoring short SOCK_RAW " -- "packet\n"); -- return NF_ACCEPT; -- } -- -- return nft_do_chain_ipv6(priv, skb, state); --} -- - static struct nft_af_info nft_af_ipv6 __read_mostly = { - .family = NFPROTO_IPV6, - .nhooks = NF_INET_NUMHOOKS, -@@ -88,7 +74,7 @@ static const struct nf_chain_type filter - (1 << NF_INET_POST_ROUTING), - .hooks = { - [NF_INET_LOCAL_IN] = nft_do_chain_ipv6, -- [NF_INET_LOCAL_OUT] = nft_ipv6_output, -+ [NF_INET_LOCAL_OUT] = nft_do_chain_ipv6, - [NF_INET_FORWARD] = nft_do_chain_ipv6, - [NF_INET_PRE_ROUTING] = nft_do_chain_ipv6, - [NF_INET_POST_ROUTING] = nft_do_chain_ipv6, ---- a/net/netfilter/nf_tables_inet.c -+++ b/net/netfilter/nf_tables_inet.c -@@ -38,38 +38,6 @@ static unsigned int nft_do_chain_inet(vo - return nft_do_chain(&pkt, priv); - } - --static unsigned int nft_inet_output(void *priv, struct sk_buff *skb, -- const struct nf_hook_state *state) --{ -- struct nft_pktinfo pkt; -- -- nft_set_pktinfo(&pkt, skb, state); -- -- switch (state->pf) { -- case NFPROTO_IPV4: -- if (unlikely(skb->len < sizeof(struct iphdr) || -- ip_hdr(skb)->ihl < sizeof(struct iphdr) / 4)) { -- if (net_ratelimit()) -- pr_info("ignoring short SOCK_RAW packet\n"); -- return NF_ACCEPT; -- } -- nft_set_pktinfo_ipv4(&pkt, skb); -- break; -- case NFPROTO_IPV6: -- if (unlikely(skb->len < sizeof(struct ipv6hdr))) { -- if (net_ratelimit()) -- pr_info("ignoring short SOCK_RAW packet\n"); -- return NF_ACCEPT; -- } -- nft_set_pktinfo_ipv6(&pkt, skb); -- break; -- default: -- break; -- } -- -- return nft_do_chain(&pkt, priv); --} -- - static struct nft_af_info nft_af_inet __read_mostly = { - .family = NFPROTO_INET, - .nhooks = NF_INET_NUMHOOKS, -@@ -116,7 +84,7 @@ static const struct nf_chain_type filter - (1 << NF_INET_POST_ROUTING), - .hooks = { - [NF_INET_LOCAL_IN] = nft_do_chain_inet, -- [NF_INET_LOCAL_OUT] = nft_inet_output, -+ [NF_INET_LOCAL_OUT] = nft_do_chain_inet, - [NF_INET_FORWARD] = nft_do_chain_inet, - [NF_INET_PRE_ROUTING] = nft_do_chain_inet, - [NF_INET_POST_ROUTING] = nft_do_chain_inet, diff --git a/target/linux/generic/backport-4.19/314-v4.16-netfilter-meta-secpath-support.patch b/target/linux/generic/backport-4.19/314-v4.16-netfilter-meta-secpath-support.patch deleted file mode 100644 index 7aab67fc2c..0000000000 --- a/target/linux/generic/backport-4.19/314-v4.16-netfilter-meta-secpath-support.patch +++ /dev/null @@ -1,101 +0,0 @@ -From: Florian Westphal -Date: Wed, 6 Dec 2017 16:18:16 +0100 -Subject: [PATCH] netfilter: meta: secpath support - -replacement for iptables "-m policy --dir in --policy {ipsec,none}". - -Signed-off-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/uapi/linux/netfilter/nf_tables.h -+++ b/include/uapi/linux/netfilter/nf_tables.h -@@ -777,6 +777,7 @@ enum nft_exthdr_attributes { - * @NFT_META_OIFGROUP: packet output interface group - * @NFT_META_CGROUP: socket control group (skb->sk->sk_classid) - * @NFT_META_PRANDOM: a 32bit pseudo-random number -+ * @NFT_META_SECPATH: boolean, secpath_exists (!!skb->sp) - */ - enum nft_meta_keys { - NFT_META_LEN, -@@ -804,6 +805,7 @@ enum nft_meta_keys { - NFT_META_OIFGROUP, - NFT_META_CGROUP, - NFT_META_PRANDOM, -+ NFT_META_SECPATH, - }; - - /** ---- a/net/netfilter/nft_meta.c -+++ b/net/netfilter/nft_meta.c -@@ -210,6 +210,11 @@ void nft_meta_get_eval(const struct nft_ - *dest = prandom_u32_state(state); - break; - } -+#ifdef CONFIG_XFRM -+ case NFT_META_SECPATH: -+ nft_reg_store8(dest, !!skb->sp); -+ break; -+#endif - default: - WARN_ON(1); - goto err; -@@ -310,6 +315,11 @@ int nft_meta_get_init(const struct nft_c - prandom_init_once(&nft_prandom_state); - len = sizeof(u32); - break; -+#ifdef CONFIG_XFRM -+ case NFT_META_SECPATH: -+ len = sizeof(u8); -+ break; -+#endif - default: - return -EOPNOTSUPP; - } -@@ -320,6 +330,38 @@ int nft_meta_get_init(const struct nft_c - } - EXPORT_SYMBOL_GPL(nft_meta_get_init); - -+static int nft_meta_get_validate(const struct nft_ctx *ctx, -+ const struct nft_expr *expr, -+ const struct nft_data **data) -+{ -+#ifdef CONFIG_XFRM -+ const struct nft_meta *priv = nft_expr_priv(expr); -+ unsigned int hooks; -+ -+ if (priv->key != NFT_META_SECPATH) -+ return 0; -+ -+ switch (ctx->afi->family) { -+ case NFPROTO_NETDEV: -+ hooks = 1 << NF_NETDEV_INGRESS; -+ break; -+ case NFPROTO_IPV4: -+ case NFPROTO_IPV6: -+ case NFPROTO_INET: -+ hooks = (1 << NF_INET_PRE_ROUTING) | -+ (1 << NF_INET_LOCAL_IN) | -+ (1 << NF_INET_FORWARD); -+ break; -+ default: -+ return -EOPNOTSUPP; -+ } -+ -+ return nft_chain_validate_hooks(ctx->chain, hooks); -+#else -+ return 0; -+#endif -+} -+ - int nft_meta_set_validate(const struct nft_ctx *ctx, - const struct nft_expr *expr, - const struct nft_data **data) -@@ -436,6 +478,7 @@ static const struct nft_expr_ops nft_met - .eval = nft_meta_get_eval, - .init = nft_meta_get_init, - .dump = nft_meta_get_dump, -+ .validate = nft_meta_get_validate, - }; - - static const struct nft_expr_ops nft_meta_set_ops = { diff --git a/target/linux/generic/backport-4.19/315-v4.15-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch b/target/linux/generic/backport-4.19/315-v4.15-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch deleted file mode 100644 index 7f6e90470a..0000000000 --- a/target/linux/generic/backport-4.19/315-v4.15-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch +++ /dev/null @@ -1,142 +0,0 @@ -From: Pablo Neira Ayuso -Date: Fri, 3 Nov 2017 16:26:32 +0100 -Subject: [PATCH] netfilter: conntrack: move nf_ct_netns_{get,put}() to core - -So we can call this from other expression that need conntrack in place -to work. - -Signed-off-by: Pablo Neira Ayuso -Acked-by: Florian Westphal ---- - ---- a/net/netfilter/nf_conntrack_proto.c -+++ b/net/netfilter/nf_conntrack_proto.c -@@ -125,7 +125,7 @@ void nf_ct_l3proto_module_put(unsigned s - } - EXPORT_SYMBOL_GPL(nf_ct_l3proto_module_put); - --int nf_ct_netns_get(struct net *net, u8 nfproto) -+static int nf_ct_netns_do_get(struct net *net, u8 nfproto) - { - const struct nf_conntrack_l3proto *l3proto; - int ret; -@@ -150,9 +150,33 @@ int nf_ct_netns_get(struct net *net, u8 - - return ret; - } -+ -+int nf_ct_netns_get(struct net *net, u8 nfproto) -+{ -+ int err; -+ -+ if (nfproto == NFPROTO_INET) { -+ err = nf_ct_netns_do_get(net, NFPROTO_IPV4); -+ if (err < 0) -+ goto err1; -+ err = nf_ct_netns_do_get(net, NFPROTO_IPV6); -+ if (err < 0) -+ goto err2; -+ } else { -+ err = nf_ct_netns_do_get(net, nfproto); -+ if (err < 0) -+ goto err1; -+ } -+ return 0; -+ -+err2: -+ nf_ct_netns_put(net, NFPROTO_IPV4); -+err1: -+ return err; -+} - EXPORT_SYMBOL_GPL(nf_ct_netns_get); - --void nf_ct_netns_put(struct net *net, u8 nfproto) -+static void nf_ct_netns_do_put(struct net *net, u8 nfproto) - { - const struct nf_conntrack_l3proto *l3proto; - -@@ -171,6 +195,15 @@ void nf_ct_netns_put(struct net *net, u8 - - nf_ct_l3proto_module_put(nfproto); - } -+ -+void nf_ct_netns_put(struct net *net, uint8_t nfproto) -+{ -+ if (nfproto == NFPROTO_INET) { -+ nf_ct_netns_do_put(net, NFPROTO_IPV4); -+ nf_ct_netns_do_put(net, NFPROTO_IPV6); -+ } else -+ nf_ct_netns_do_put(net, nfproto); -+} - EXPORT_SYMBOL_GPL(nf_ct_netns_put); - - const struct nf_conntrack_l4proto * ---- a/net/netfilter/nft_ct.c -+++ b/net/netfilter/nft_ct.c -@@ -312,39 +312,6 @@ static const struct nla_policy nft_ct_po - [NFTA_CT_SREG] = { .type = NLA_U32 }, - }; - --static int nft_ct_netns_get(struct net *net, uint8_t family) --{ -- int err; -- -- if (family == NFPROTO_INET) { -- err = nf_ct_netns_get(net, NFPROTO_IPV4); -- if (err < 0) -- goto err1; -- err = nf_ct_netns_get(net, NFPROTO_IPV6); -- if (err < 0) -- goto err2; -- } else { -- err = nf_ct_netns_get(net, family); -- if (err < 0) -- goto err1; -- } -- return 0; -- --err2: -- nf_ct_netns_put(net, NFPROTO_IPV4); --err1: -- return err; --} -- --static void nft_ct_netns_put(struct net *net, uint8_t family) --{ -- if (family == NFPROTO_INET) { -- nf_ct_netns_put(net, NFPROTO_IPV4); -- nf_ct_netns_put(net, NFPROTO_IPV6); -- } else -- nf_ct_netns_put(net, family); --} -- - #ifdef CONFIG_NF_CONNTRACK_ZONES - static void nft_ct_tmpl_put_pcpu(void) - { -@@ -489,7 +456,7 @@ static int nft_ct_get_init(const struct - if (err < 0) - return err; - -- err = nft_ct_netns_get(ctx->net, ctx->afi->family); -+ err = nf_ct_netns_get(ctx->net, ctx->afi->family); - if (err < 0) - return err; - -@@ -583,7 +550,7 @@ static int nft_ct_set_init(const struct - if (err < 0) - goto err1; - -- err = nft_ct_netns_get(ctx->net, ctx->afi->family); -+ err = nf_ct_netns_get(ctx->net, ctx->afi->family); - if (err < 0) - goto err1; - -@@ -606,7 +573,7 @@ static void nft_ct_set_destroy(const str - struct nft_ct *priv = nft_expr_priv(expr); - - __nft_ct_set_destroy(ctx, priv); -- nft_ct_netns_put(ctx->net, ctx->afi->family); -+ nf_ct_netns_put(ctx->net, ctx->afi->family); - } - - static int nft_ct_get_dump(struct sk_buff *skb, const struct nft_expr *expr) diff --git a/target/linux/generic/backport-4.19/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch b/target/linux/generic/backport-4.19/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch deleted file mode 100644 index 7788dd1434..0000000000 --- a/target/linux/generic/backport-4.19/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch +++ /dev/null @@ -1,169 +0,0 @@ -From: Pablo Neira Ayuso -Date: Sun, 7 Jan 2018 01:03:56 +0100 -Subject: [PATCH] netfilter: nf_conntrack: add IPS_OFFLOAD status bit - -This new bit tells us that the conntrack entry is owned by the flow -table offload infrastructure. - - # cat /proc/net/nf_conntrack - ipv4 2 tcp 6 src=10.141.10.2 dst=147.75.205.195 sport=36392 dport=443 src=147.75.205.195 dst=192.168.2.195 sport=443 dport=36392 [OFFLOAD] mark=0 zone=0 use=2 - -Note the [OFFLOAD] tag in the listing. - -The timer of such conntrack entries look like stopped from userspace. -In practise, to make sure the conntrack entry does not go away, the -conntrack timer is periodically set to an arbitrary large value that -gets refreshed on every iteration from the garbage collector, so it -never expires- and they display no internal state in the case of TCP -flows. This allows us to save a bitcheck from the packet path via -nf_ct_is_expired(). - -Conntrack entries that have been offloaded to the flow table -infrastructure cannot be deleted/flushed via ctnetlink. The flow table -infrastructure is also responsible for releasing this conntrack entry. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/uapi/linux/netfilter/nf_conntrack_common.h -+++ b/include/uapi/linux/netfilter/nf_conntrack_common.h -@@ -101,12 +101,16 @@ enum ip_conntrack_status { - IPS_HELPER_BIT = 13, - IPS_HELPER = (1 << IPS_HELPER_BIT), - -+ /* Conntrack has been offloaded to flow table. */ -+ IPS_OFFLOAD_BIT = 14, -+ IPS_OFFLOAD = (1 << IPS_OFFLOAD_BIT), -+ - /* Be careful here, modifying these bits can make things messy, - * so don't let users modify them directly. - */ - IPS_UNCHANGEABLE_MASK = (IPS_NAT_DONE_MASK | IPS_NAT_MASK | - IPS_EXPECTED | IPS_CONFIRMED | IPS_DYING | -- IPS_SEQ_ADJUST | IPS_TEMPLATE), -+ IPS_SEQ_ADJUST | IPS_TEMPLATE | IPS_OFFLOAD), - - __IPS_MAX_BIT = 14, - }; ---- a/net/netfilter/nf_conntrack_core.c -+++ b/net/netfilter/nf_conntrack_core.c -@@ -901,6 +901,9 @@ static unsigned int early_drop_list(stru - hlist_nulls_for_each_entry_rcu(h, n, head, hnnode) { - tmp = nf_ct_tuplehash_to_ctrack(h); - -+ if (test_bit(IPS_OFFLOAD_BIT, &tmp->status)) -+ continue; -+ - if (nf_ct_is_expired(tmp)) { - nf_ct_gc_expired(tmp); - continue; -@@ -978,6 +981,18 @@ static bool gc_worker_can_early_drop(con - return false; - } - -+#define DAY (86400 * HZ) -+ -+/* Set an arbitrary timeout large enough not to ever expire, this save -+ * us a check for the IPS_OFFLOAD_BIT from the packet path via -+ * nf_ct_is_expired(). -+ */ -+static void nf_ct_offload_timeout(struct nf_conn *ct) -+{ -+ if (nf_ct_expires(ct) < DAY / 2) -+ ct->timeout = nfct_time_stamp + DAY; -+} -+ - static void gc_worker(struct work_struct *work) - { - unsigned int min_interval = max(HZ / GC_MAX_BUCKETS_DIV, 1u); -@@ -1014,6 +1029,11 @@ static void gc_worker(struct work_struct - tmp = nf_ct_tuplehash_to_ctrack(h); - - scanned++; -+ if (test_bit(IPS_OFFLOAD_BIT, &tmp->status)) { -+ nf_ct_offload_timeout(tmp); -+ continue; -+ } -+ - if (nf_ct_is_expired(tmp)) { - nf_ct_gc_expired(tmp); - expired_count++; ---- a/net/netfilter/nf_conntrack_netlink.c -+++ b/net/netfilter/nf_conntrack_netlink.c -@@ -1120,6 +1120,14 @@ static const struct nla_policy ct_nla_po - .len = NF_CT_LABELS_MAX_SIZE }, - }; - -+static int ctnetlink_flush_iterate(struct nf_conn *ct, void *data) -+{ -+ if (test_bit(IPS_OFFLOAD_BIT, &ct->status)) -+ return 0; -+ -+ return ctnetlink_filter_match(ct, data); -+} -+ - static int ctnetlink_flush_conntrack(struct net *net, - const struct nlattr * const cda[], - u32 portid, int report) -@@ -1132,7 +1140,7 @@ static int ctnetlink_flush_conntrack(str - return PTR_ERR(filter); - } - -- nf_ct_iterate_cleanup_net(net, ctnetlink_filter_match, filter, -+ nf_ct_iterate_cleanup_net(net, ctnetlink_flush_iterate, filter, - portid, report); - kfree(filter); - -@@ -1178,6 +1186,11 @@ static int ctnetlink_del_conntrack(struc - - ct = nf_ct_tuplehash_to_ctrack(h); - -+ if (test_bit(IPS_OFFLOAD_BIT, &ct->status)) { -+ nf_ct_put(ct); -+ return -EBUSY; -+ } -+ - if (cda[CTA_ID]) { - u_int32_t id = ntohl(nla_get_be32(cda[CTA_ID])); - if (id != (u32)(unsigned long)ct) { ---- a/net/netfilter/nf_conntrack_proto_tcp.c -+++ b/net/netfilter/nf_conntrack_proto_tcp.c -@@ -305,6 +305,9 @@ static bool tcp_invert_tuple(struct nf_c - /* Print out the private part of the conntrack. */ - static void tcp_print_conntrack(struct seq_file *s, struct nf_conn *ct) - { -+ if (test_bit(IPS_OFFLOAD_BIT, &ct->status)) -+ return; -+ - seq_printf(s, "%s ", tcp_conntrack_names[ct->proto.tcp.state]); - } - #endif ---- a/net/netfilter/nf_conntrack_standalone.c -+++ b/net/netfilter/nf_conntrack_standalone.c -@@ -309,10 +309,12 @@ static int ct_seq_show(struct seq_file * - WARN_ON(!l4proto); - - ret = -ENOSPC; -- seq_printf(s, "%-8s %u %-8s %u %ld ", -+ seq_printf(s, "%-8s %u %-8s %u ", - l3proto_name(l3proto->l3proto), nf_ct_l3num(ct), -- l4proto_name(l4proto->l4proto), nf_ct_protonum(ct), -- nf_ct_expires(ct) / HZ); -+ l4proto_name(l4proto->l4proto), nf_ct_protonum(ct)); -+ -+ if (!test_bit(IPS_OFFLOAD_BIT, &ct->status)) -+ seq_printf(s, "%ld ", nf_ct_expires(ct) / HZ); - - if (l4proto->print_conntrack) - l4proto->print_conntrack(s, ct); -@@ -339,7 +341,9 @@ static int ct_seq_show(struct seq_file * - if (seq_print_acct(s, ct, IP_CT_DIR_REPLY)) - goto release; - -- if (test_bit(IPS_ASSURED_BIT, &ct->status)) -+ if (test_bit(IPS_OFFLOAD_BIT, &ct->status)) -+ seq_puts(s, "[OFFLOAD] "); -+ else if (test_bit(IPS_ASSURED_BIT, &ct->status)) - seq_puts(s, "[ASSURED] "); - - if (seq_has_overflowed(s)) diff --git a/target/linux/generic/backport-4.19/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch b/target/linux/generic/backport-4.19/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch deleted file mode 100644 index 1c16bbae4e..0000000000 --- a/target/linux/generic/backport-4.19/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch +++ /dev/null @@ -1,1079 +0,0 @@ -From: Pablo Neira Ayuso -Date: Sun, 7 Jan 2018 01:04:07 +0100 -Subject: [PATCH] netfilter: nf_tables: add flow table netlink frontend - -This patch introduces a netlink control plane to create, delete and dump -flow tables. Flow tables are identified by name, this name is used from -rules to refer to an specific flow table. Flow tables use the rhashtable -class and a generic garbage collector to remove expired entries. - -This also adds the infrastructure to add different flow table types, so -we can add one for each layer 3 protocol family. - -Signed-off-by: Pablo Neira Ayuso ---- - create mode 100644 include/net/netfilter/nf_flow_table.h - ---- /dev/null -+++ b/include/net/netfilter/nf_flow_table.h -@@ -0,0 +1,23 @@ -+#ifndef _NF_FLOW_TABLE_H -+#define _NF_FLOW_TABLE_H -+ -+#include -+ -+struct nf_flowtable; -+ -+struct nf_flowtable_type { -+ struct list_head list; -+ int family; -+ void (*gc)(struct work_struct *work); -+ const struct rhashtable_params *params; -+ nf_hookfn *hook; -+ struct module *owner; -+}; -+ -+struct nf_flowtable { -+ struct rhashtable rhashtable; -+ const struct nf_flowtable_type *type; -+ struct delayed_work gc_work; -+}; -+ -+#endif /* _FLOW_OFFLOAD_H */ ---- a/include/net/netfilter/nf_tables.h -+++ b/include/net/netfilter/nf_tables.h -@@ -9,6 +9,7 @@ - #include - #include - #include -+#include - #include - - #define NFT_JUMP_STACK_SIZE 16 -@@ -938,6 +939,7 @@ unsigned int nft_do_chain(struct nft_pkt - * @chains: chains in the table - * @sets: sets in the table - * @objects: stateful objects in the table -+ * @flowtables: flow tables in the table - * @hgenerator: handle generator state - * @use: number of chain references to this table - * @flags: table flag (see enum nft_table_flags) -@@ -949,6 +951,7 @@ struct nft_table { - struct list_head chains; - struct list_head sets; - struct list_head objects; -+ struct list_head flowtables; - u64 hgenerator; - u32 use; - u16 flags:14, -@@ -1080,6 +1083,44 @@ int nft_register_obj(struct nft_object_t - void nft_unregister_obj(struct nft_object_type *obj_type); - - /** -+ * struct nft_flowtable - nf_tables flow table -+ * -+ * @list: flow table list node in table list -+ * @table: the table the flow table is contained in -+ * @name: name of this flow table -+ * @hooknum: hook number -+ * @priority: hook priority -+ * @ops_len: number of hooks in array -+ * @genmask: generation mask -+ * @use: number of references to this flow table -+ * @data: rhashtable and garbage collector -+ * @ops: array of hooks -+ */ -+struct nft_flowtable { -+ struct list_head list; -+ struct nft_table *table; -+ char *name; -+ int hooknum; -+ int priority; -+ int ops_len; -+ u32 genmask:2, -+ use:30; -+ /* runtime data below here */ -+ struct nf_hook_ops *ops ____cacheline_aligned; -+ struct nf_flowtable data; -+}; -+ -+struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, -+ const struct nlattr *nla, -+ u8 genmask); -+void nft_flow_table_iterate(struct net *net, -+ void (*iter)(struct nf_flowtable *flowtable, void *data), -+ void *data); -+ -+void nft_register_flowtable_type(struct nf_flowtable_type *type); -+void nft_unregister_flowtable_type(struct nf_flowtable_type *type); -+ -+/** - * struct nft_traceinfo - nft tracing information and state - * - * @pkt: pktinfo currently processed -@@ -1315,4 +1356,11 @@ struct nft_trans_obj { - #define nft_trans_obj(trans) \ - (((struct nft_trans_obj *)trans->data)->obj) - -+struct nft_trans_flowtable { -+ struct nft_flowtable *flowtable; -+}; -+ -+#define nft_trans_flowtable(trans) \ -+ (((struct nft_trans_flowtable *)trans->data)->flowtable) -+ - #endif /* _NET_NF_TABLES_H */ ---- a/include/uapi/linux/netfilter/nf_tables.h -+++ b/include/uapi/linux/netfilter/nf_tables.h -@@ -92,6 +92,9 @@ enum nft_verdicts { - * @NFT_MSG_GETOBJ: get a stateful object (enum nft_obj_attributes) - * @NFT_MSG_DELOBJ: delete a stateful object (enum nft_obj_attributes) - * @NFT_MSG_GETOBJ_RESET: get and reset a stateful object (enum nft_obj_attributes) -+ * @NFT_MSG_NEWFLOWTABLE: add new flow table (enum nft_flowtable_attributes) -+ * @NFT_MSG_GETFLOWTABLE: get flow table (enum nft_flowtable_attributes) -+ * @NFT_MSG_DELFLOWTABLE: delete flow table (enum nft_flowtable_attributes) - */ - enum nf_tables_msg_types { - NFT_MSG_NEWTABLE, -@@ -116,6 +119,9 @@ enum nf_tables_msg_types { - NFT_MSG_GETOBJ, - NFT_MSG_DELOBJ, - NFT_MSG_GETOBJ_RESET, -+ NFT_MSG_NEWFLOWTABLE, -+ NFT_MSG_GETFLOWTABLE, -+ NFT_MSG_DELFLOWTABLE, - NFT_MSG_MAX, - }; - -@@ -1310,6 +1316,53 @@ enum nft_object_attributes { - #define NFTA_OBJ_MAX (__NFTA_OBJ_MAX - 1) - - /** -+ * enum nft_flowtable_attributes - nf_tables flow table netlink attributes -+ * -+ * @NFTA_FLOWTABLE_TABLE: name of the table containing the expression (NLA_STRING) -+ * @NFTA_FLOWTABLE_NAME: name of this flow table (NLA_STRING) -+ * @NFTA_FLOWTABLE_HOOK: netfilter hook configuration(NLA_U32) -+ * @NFTA_FLOWTABLE_USE: number of references to this flow table (NLA_U32) -+ */ -+enum nft_flowtable_attributes { -+ NFTA_FLOWTABLE_UNSPEC, -+ NFTA_FLOWTABLE_TABLE, -+ NFTA_FLOWTABLE_NAME, -+ NFTA_FLOWTABLE_HOOK, -+ NFTA_FLOWTABLE_USE, -+ __NFTA_FLOWTABLE_MAX -+}; -+#define NFTA_FLOWTABLE_MAX (__NFTA_FLOWTABLE_MAX - 1) -+ -+/** -+ * enum nft_flowtable_hook_attributes - nf_tables flow table hook netlink attributes -+ * -+ * @NFTA_FLOWTABLE_HOOK_NUM: netfilter hook number (NLA_U32) -+ * @NFTA_FLOWTABLE_HOOK_PRIORITY: netfilter hook priority (NLA_U32) -+ * @NFTA_FLOWTABLE_HOOK_DEVS: input devices this flow table is bound to (NLA_NESTED) -+ */ -+enum nft_flowtable_hook_attributes { -+ NFTA_FLOWTABLE_HOOK_UNSPEC, -+ NFTA_FLOWTABLE_HOOK_NUM, -+ NFTA_FLOWTABLE_HOOK_PRIORITY, -+ NFTA_FLOWTABLE_HOOK_DEVS, -+ __NFTA_FLOWTABLE_HOOK_MAX -+}; -+#define NFTA_FLOWTABLE_HOOK_MAX (__NFTA_FLOWTABLE_HOOK_MAX - 1) -+ -+/** -+ * enum nft_device_attributes - nf_tables device netlink attributes -+ * -+ * @NFTA_DEVICE_NAME: name of this device (NLA_STRING) -+ */ -+enum nft_devices_attributes { -+ NFTA_DEVICE_UNSPEC, -+ NFTA_DEVICE_NAME, -+ __NFTA_DEVICE_MAX -+}; -+#define NFTA_DEVICE_MAX (__NFTA_DEVICE_MAX - 1) -+ -+ -+/** - * enum nft_trace_attributes - nf_tables trace netlink attributes - * - * @NFTA_TRACE_TABLE: name of the table (NLA_STRING) ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -17,6 +17,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -24,6 +25,7 @@ - - static LIST_HEAD(nf_tables_expressions); - static LIST_HEAD(nf_tables_objects); -+static LIST_HEAD(nf_tables_flowtables); - - /** - * nft_register_afinfo - register nf_tables address family info -@@ -374,6 +376,40 @@ static int nft_delobj(struct nft_ctx *ct - return err; - } - -+static int nft_trans_flowtable_add(struct nft_ctx *ctx, int msg_type, -+ struct nft_flowtable *flowtable) -+{ -+ struct nft_trans *trans; -+ -+ trans = nft_trans_alloc(ctx, msg_type, -+ sizeof(struct nft_trans_flowtable)); -+ if (trans == NULL) -+ return -ENOMEM; -+ -+ if (msg_type == NFT_MSG_NEWFLOWTABLE) -+ nft_activate_next(ctx->net, flowtable); -+ -+ nft_trans_flowtable(trans) = flowtable; -+ list_add_tail(&trans->list, &ctx->net->nft.commit_list); -+ -+ return 0; -+} -+ -+static int nft_delflowtable(struct nft_ctx *ctx, -+ struct nft_flowtable *flowtable) -+{ -+ int err; -+ -+ err = nft_trans_flowtable_add(ctx, NFT_MSG_DELFLOWTABLE, flowtable); -+ if (err < 0) -+ return err; -+ -+ nft_deactivate_next(ctx->net, flowtable); -+ ctx->table->use--; -+ -+ return err; -+} -+ - /* - * Tables - */ -@@ -757,6 +793,7 @@ static int nf_tables_newtable(struct net - INIT_LIST_HEAD(&table->chains); - INIT_LIST_HEAD(&table->sets); - INIT_LIST_HEAD(&table->objects); -+ INIT_LIST_HEAD(&table->flowtables); - table->flags = flags; - - nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -@@ -778,10 +815,11 @@ err1: - - static int nft_flush_table(struct nft_ctx *ctx) - { -- int err; -+ struct nft_flowtable *flowtable, *nft; - struct nft_chain *chain, *nc; - struct nft_object *obj, *ne; - struct nft_set *set, *ns; -+ int err; - - list_for_each_entry(chain, &ctx->table->chains, list) { - if (!nft_is_active_next(ctx->net, chain)) -@@ -807,6 +845,12 @@ static int nft_flush_table(struct nft_ct - goto out; - } - -+ list_for_each_entry_safe(flowtable, nft, &ctx->table->flowtables, list) { -+ err = nft_delflowtable(ctx, flowtable); -+ if (err < 0) -+ goto out; -+ } -+ - list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) { - err = nft_delobj(ctx, obj); - if (err < 0) -@@ -4835,6 +4879,605 @@ static void nf_tables_obj_notify(const s - ctx->afi->family, ctx->report, GFP_KERNEL); - } - -+/* -+ * Flow tables -+ */ -+void nft_register_flowtable_type(struct nf_flowtable_type *type) -+{ -+ nfnl_lock(NFNL_SUBSYS_NFTABLES); -+ list_add_tail_rcu(&type->list, &nf_tables_flowtables); -+ nfnl_unlock(NFNL_SUBSYS_NFTABLES); -+} -+EXPORT_SYMBOL_GPL(nft_register_flowtable_type); -+ -+void nft_unregister_flowtable_type(struct nf_flowtable_type *type) -+{ -+ nfnl_lock(NFNL_SUBSYS_NFTABLES); -+ list_del_rcu(&type->list); -+ nfnl_unlock(NFNL_SUBSYS_NFTABLES); -+} -+EXPORT_SYMBOL_GPL(nft_unregister_flowtable_type); -+ -+static const struct nla_policy nft_flowtable_policy[NFTA_FLOWTABLE_MAX + 1] = { -+ [NFTA_FLOWTABLE_TABLE] = { .type = NLA_STRING, -+ .len = NFT_NAME_MAXLEN - 1 }, -+ [NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING, -+ .len = NFT_NAME_MAXLEN - 1 }, -+ [NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED }, -+}; -+ -+struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, -+ const struct nlattr *nla, -+ u8 genmask) -+{ -+ struct nft_flowtable *flowtable; -+ -+ list_for_each_entry(flowtable, &table->flowtables, list) { -+ if (!nla_strcmp(nla, flowtable->name) && -+ nft_active_genmask(flowtable, genmask)) -+ return flowtable; -+ } -+ return ERR_PTR(-ENOENT); -+} -+EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup); -+ -+#define NFT_FLOWTABLE_DEVICE_MAX 8 -+ -+static int nf_tables_parse_devices(const struct nft_ctx *ctx, -+ const struct nlattr *attr, -+ struct net_device *dev_array[], int *len) -+{ -+ const struct nlattr *tmp; -+ struct net_device *dev; -+ char ifname[IFNAMSIZ]; -+ int rem, n = 0, err; -+ -+ nla_for_each_nested(tmp, attr, rem) { -+ if (nla_type(tmp) != NFTA_DEVICE_NAME) { -+ err = -EINVAL; -+ goto err1; -+ } -+ -+ nla_strlcpy(ifname, tmp, IFNAMSIZ); -+ dev = dev_get_by_name(ctx->net, ifname); -+ if (!dev) { -+ err = -ENOENT; -+ goto err1; -+ } -+ -+ dev_array[n++] = dev; -+ if (n == NFT_FLOWTABLE_DEVICE_MAX) { -+ err = -EFBIG; -+ goto err1; -+ } -+ } -+ if (!len) -+ return -EINVAL; -+ -+ err = 0; -+err1: -+ *len = n; -+ return err; -+} -+ -+static const struct nla_policy nft_flowtable_hook_policy[NFTA_FLOWTABLE_HOOK_MAX + 1] = { -+ [NFTA_FLOWTABLE_HOOK_NUM] = { .type = NLA_U32 }, -+ [NFTA_FLOWTABLE_HOOK_PRIORITY] = { .type = NLA_U32 }, -+ [NFTA_FLOWTABLE_HOOK_DEVS] = { .type = NLA_NESTED }, -+}; -+ -+static int nf_tables_flowtable_parse_hook(const struct nft_ctx *ctx, -+ const struct nlattr *attr, -+ struct nft_flowtable *flowtable) -+{ -+ struct net_device *dev_array[NFT_FLOWTABLE_DEVICE_MAX]; -+ struct nlattr *tb[NFTA_FLOWTABLE_HOOK_MAX + 1]; -+ struct nf_hook_ops *ops; -+ int hooknum, priority; -+ int err, n = 0, i; -+ -+ err = nla_parse_nested(tb, NFTA_FLOWTABLE_HOOK_MAX, attr, -+ nft_flowtable_hook_policy, NULL); -+ if (err < 0) -+ return err; -+ -+ if (!tb[NFTA_FLOWTABLE_HOOK_NUM] || -+ !tb[NFTA_FLOWTABLE_HOOK_PRIORITY] || -+ !tb[NFTA_FLOWTABLE_HOOK_DEVS]) -+ return -EINVAL; -+ -+ hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM])); -+ if (hooknum >= ctx->afi->nhooks) -+ return -EINVAL; -+ -+ priority = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_PRIORITY])); -+ -+ err = nf_tables_parse_devices(ctx, tb[NFTA_FLOWTABLE_HOOK_DEVS], -+ dev_array, &n); -+ if (err < 0) -+ goto err1; -+ -+ ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL); -+ if (!ops) { -+ err = -ENOMEM; -+ goto err1; -+ } -+ -+ flowtable->ops = ops; -+ flowtable->ops_len = n; -+ -+ for (i = 0; i < n; i++) { -+ flowtable->ops[i].pf = NFPROTO_NETDEV; -+ flowtable->ops[i].hooknum = hooknum; -+ flowtable->ops[i].priority = priority; -+ flowtable->ops[i].priv = &flowtable->data.rhashtable; -+ flowtable->ops[i].hook = flowtable->data.type->hook; -+ flowtable->ops[i].dev = dev_array[i]; -+ } -+ -+ err = 0; -+err1: -+ for (i = 0; i < n; i++) -+ dev_put(dev_array[i]); -+ -+ return err; -+} -+ -+static const struct nf_flowtable_type * -+__nft_flowtable_type_get(const struct nft_af_info *afi) -+{ -+ const struct nf_flowtable_type *type; -+ -+ list_for_each_entry(type, &nf_tables_flowtables, list) { -+ if (afi->family == type->family) -+ return type; -+ } -+ return NULL; -+} -+ -+static const struct nf_flowtable_type * -+nft_flowtable_type_get(const struct nft_af_info *afi) -+{ -+ const struct nf_flowtable_type *type; -+ -+ type = __nft_flowtable_type_get(afi); -+ if (type != NULL && try_module_get(type->owner)) -+ return type; -+ -+#ifdef CONFIG_MODULES -+ if (type == NULL) { -+ nfnl_unlock(NFNL_SUBSYS_NFTABLES); -+ request_module("nf-flowtable-%u", afi->family); -+ nfnl_lock(NFNL_SUBSYS_NFTABLES); -+ if (__nft_flowtable_type_get(afi)) -+ return ERR_PTR(-EAGAIN); -+ } -+#endif -+ return ERR_PTR(-ENOENT); -+} -+ -+void nft_flow_table_iterate(struct net *net, -+ void (*iter)(struct nf_flowtable *flowtable, void *data), -+ void *data) -+{ -+ struct nft_flowtable *flowtable; -+ const struct nft_af_info *afi; -+ const struct nft_table *table; -+ -+ rcu_read_lock(); -+ list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -+ list_for_each_entry_rcu(table, &afi->tables, list) { -+ list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -+ iter(&flowtable->data, data); -+ } -+ } -+ } -+ rcu_read_unlock(); -+} -+EXPORT_SYMBOL_GPL(nft_flow_table_iterate); -+ -+static void nft_unregister_flowtable_net_hooks(struct net *net, -+ struct nft_flowtable *flowtable) -+{ -+ int i; -+ -+ for (i = 0; i < flowtable->ops_len; i++) { -+ if (!flowtable->ops[i].dev) -+ continue; -+ -+ nf_unregister_net_hook(net, &flowtable->ops[i]); -+ } -+} -+ -+static int nf_tables_newflowtable(struct net *net, struct sock *nlsk, -+ struct sk_buff *skb, -+ const struct nlmsghdr *nlh, -+ const struct nlattr * const nla[], -+ struct netlink_ext_ack *extack) -+{ -+ const struct nfgenmsg *nfmsg = nlmsg_data(nlh); -+ const struct nf_flowtable_type *type; -+ u8 genmask = nft_genmask_next(net); -+ int family = nfmsg->nfgen_family; -+ struct nft_flowtable *flowtable; -+ struct nft_af_info *afi; -+ struct nft_table *table; -+ struct nft_ctx ctx; -+ int err, i, k; -+ -+ if (!nla[NFTA_FLOWTABLE_TABLE] || -+ !nla[NFTA_FLOWTABLE_NAME] || -+ !nla[NFTA_FLOWTABLE_HOOK]) -+ return -EINVAL; -+ -+ afi = nf_tables_afinfo_lookup(net, family, true); -+ if (IS_ERR(afi)) -+ return PTR_ERR(afi); -+ -+ table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); -+ if (IS_ERR(table)) -+ return PTR_ERR(table); -+ -+ flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME], -+ genmask); -+ if (IS_ERR(flowtable)) { -+ err = PTR_ERR(flowtable); -+ if (err != -ENOENT) -+ return err; -+ } else { -+ if (nlh->nlmsg_flags & NLM_F_EXCL) -+ return -EEXIST; -+ -+ return 0; -+ } -+ -+ nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ -+ flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); -+ if (!flowtable) -+ return -ENOMEM; -+ -+ flowtable->table = table; -+ flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL); -+ if (!flowtable->name) { -+ err = -ENOMEM; -+ goto err1; -+ } -+ -+ type = nft_flowtable_type_get(afi); -+ if (IS_ERR(type)) { -+ err = PTR_ERR(type); -+ goto err2; -+ } -+ -+ flowtable->data.type = type; -+ err = rhashtable_init(&flowtable->data.rhashtable, type->params); -+ if (err < 0) -+ goto err3; -+ -+ err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK], -+ flowtable); -+ if (err < 0) -+ goto err3; -+ -+ for (i = 0; i < flowtable->ops_len; i++) { -+ err = nf_register_net_hook(net, &flowtable->ops[i]); -+ if (err < 0) -+ goto err4; -+ } -+ -+ err = nft_trans_flowtable_add(&ctx, NFT_MSG_NEWFLOWTABLE, flowtable); -+ if (err < 0) -+ goto err5; -+ -+ INIT_DEFERRABLE_WORK(&flowtable->data.gc_work, type->gc); -+ queue_delayed_work(system_power_efficient_wq, -+ &flowtable->data.gc_work, HZ); -+ -+ list_add_tail_rcu(&flowtable->list, &table->flowtables); -+ table->use++; -+ -+ return 0; -+err5: -+ i = flowtable->ops_len; -+err4: -+ for (k = i - 1; k >= 0; k--) -+ nf_unregister_net_hook(net, &flowtable->ops[i]); -+ -+ kfree(flowtable->ops); -+err3: -+ module_put(type->owner); -+err2: -+ kfree(flowtable->name); -+err1: -+ kfree(flowtable); -+ return err; -+} -+ -+static int nf_tables_delflowtable(struct net *net, struct sock *nlsk, -+ struct sk_buff *skb, -+ const struct nlmsghdr *nlh, -+ const struct nlattr * const nla[], -+ struct netlink_ext_ack *extack) -+{ -+ const struct nfgenmsg *nfmsg = nlmsg_data(nlh); -+ u8 genmask = nft_genmask_next(net); -+ int family = nfmsg->nfgen_family; -+ struct nft_flowtable *flowtable; -+ struct nft_af_info *afi; -+ struct nft_table *table; -+ struct nft_ctx ctx; -+ -+ afi = nf_tables_afinfo_lookup(net, family, true); -+ if (IS_ERR(afi)) -+ return PTR_ERR(afi); -+ -+ table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); -+ if (IS_ERR(table)) -+ return PTR_ERR(table); -+ -+ flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME], -+ genmask); -+ if (IS_ERR(flowtable)) -+ return PTR_ERR(flowtable); -+ if (flowtable->use > 0) -+ return -EBUSY; -+ -+ nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ -+ return nft_delflowtable(&ctx, flowtable); -+} -+ -+static int nf_tables_fill_flowtable_info(struct sk_buff *skb, struct net *net, -+ u32 portid, u32 seq, int event, -+ u32 flags, int family, -+ struct nft_flowtable *flowtable) -+{ -+ struct nlattr *nest, *nest_devs; -+ struct nfgenmsg *nfmsg; -+ struct nlmsghdr *nlh; -+ int i; -+ -+ event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event); -+ nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct nfgenmsg), flags); -+ if (nlh == NULL) -+ goto nla_put_failure; -+ -+ nfmsg = nlmsg_data(nlh); -+ nfmsg->nfgen_family = family; -+ nfmsg->version = NFNETLINK_V0; -+ nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -+ -+ if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) || -+ nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || -+ nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use))) -+ goto nla_put_failure; -+ -+ nest = nla_nest_start(skb, NFTA_FLOWTABLE_HOOK); -+ if (nla_put_be32(skb, NFTA_FLOWTABLE_HOOK_NUM, htonl(flowtable->hooknum)) || -+ nla_put_be32(skb, NFTA_FLOWTABLE_HOOK_PRIORITY, htonl(flowtable->priority))) -+ goto nla_put_failure; -+ -+ nest_devs = nla_nest_start(skb, NFTA_FLOWTABLE_HOOK_DEVS); -+ if (!nest_devs) -+ goto nla_put_failure; -+ -+ for (i = 0; i < flowtable->ops_len; i++) { -+ if (flowtable->ops[i].dev && -+ nla_put_string(skb, NFTA_DEVICE_NAME, -+ flowtable->ops[i].dev->name)) -+ goto nla_put_failure; -+ } -+ nla_nest_end(skb, nest_devs); -+ nla_nest_end(skb, nest); -+ -+ nlmsg_end(skb, nlh); -+ return 0; -+ -+nla_put_failure: -+ nlmsg_trim(skb, nlh); -+ return -1; -+} -+ -+struct nft_flowtable_filter { -+ char *table; -+}; -+ -+static int nf_tables_dump_flowtable(struct sk_buff *skb, -+ struct netlink_callback *cb) -+{ -+ const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); -+ struct nft_flowtable_filter *filter = cb->data; -+ unsigned int idx = 0, s_idx = cb->args[0]; -+ struct net *net = sock_net(skb->sk); -+ int family = nfmsg->nfgen_family; -+ struct nft_flowtable *flowtable; -+ const struct nft_af_info *afi; -+ const struct nft_table *table; -+ -+ rcu_read_lock(); -+ cb->seq = net->nft.base_seq; -+ -+ list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -+ if (family != NFPROTO_UNSPEC && family != afi->family) -+ continue; -+ -+ list_for_each_entry_rcu(table, &afi->tables, list) { -+ list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -+ if (!nft_is_active(net, flowtable)) -+ goto cont; -+ if (idx < s_idx) -+ goto cont; -+ if (idx > s_idx) -+ memset(&cb->args[1], 0, -+ sizeof(cb->args) - sizeof(cb->args[0])); -+ if (filter && filter->table[0] && -+ strcmp(filter->table, table->name)) -+ goto cont; -+ -+ if (nf_tables_fill_flowtable_info(skb, net, NETLINK_CB(cb->skb).portid, -+ cb->nlh->nlmsg_seq, -+ NFT_MSG_NEWFLOWTABLE, -+ NLM_F_MULTI | NLM_F_APPEND, -+ afi->family, flowtable) < 0) -+ goto done; -+ -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+cont: -+ idx++; -+ } -+ } -+ } -+done: -+ rcu_read_unlock(); -+ -+ cb->args[0] = idx; -+ return skb->len; -+} -+ -+static int nf_tables_dump_flowtable_done(struct netlink_callback *cb) -+{ -+ struct nft_flowtable_filter *filter = cb->data; -+ -+ if (!filter) -+ return 0; -+ -+ kfree(filter->table); -+ kfree(filter); -+ -+ return 0; -+} -+ -+static struct nft_flowtable_filter * -+nft_flowtable_filter_alloc(const struct nlattr * const nla[]) -+{ -+ struct nft_flowtable_filter *filter; -+ -+ filter = kzalloc(sizeof(*filter), GFP_KERNEL); -+ if (!filter) -+ return ERR_PTR(-ENOMEM); -+ -+ if (nla[NFTA_FLOWTABLE_TABLE]) { -+ filter->table = nla_strdup(nla[NFTA_FLOWTABLE_TABLE], -+ GFP_KERNEL); -+ if (!filter->table) { -+ kfree(filter); -+ return ERR_PTR(-ENOMEM); -+ } -+ } -+ return filter; -+} -+ -+static int nf_tables_getflowtable(struct net *net, struct sock *nlsk, -+ struct sk_buff *skb, -+ const struct nlmsghdr *nlh, -+ const struct nlattr * const nla[], -+ struct netlink_ext_ack *extack) -+{ -+ const struct nfgenmsg *nfmsg = nlmsg_data(nlh); -+ u8 genmask = nft_genmask_cur(net); -+ int family = nfmsg->nfgen_family; -+ struct nft_flowtable *flowtable; -+ const struct nft_af_info *afi; -+ const struct nft_table *table; -+ struct sk_buff *skb2; -+ int err; -+ -+ if (nlh->nlmsg_flags & NLM_F_DUMP) { -+ struct netlink_dump_control c = { -+ .dump = nf_tables_dump_flowtable, -+ .done = nf_tables_dump_flowtable_done, -+ }; -+ -+ if (nla[NFTA_FLOWTABLE_TABLE]) { -+ struct nft_flowtable_filter *filter; -+ -+ filter = nft_flowtable_filter_alloc(nla); -+ if (IS_ERR(filter)) -+ return -ENOMEM; -+ -+ c.data = filter; -+ } -+ return netlink_dump_start(nlsk, skb, nlh, &c); -+ } -+ -+ if (!nla[NFTA_FLOWTABLE_NAME]) -+ return -EINVAL; -+ -+ afi = nf_tables_afinfo_lookup(net, family, false); -+ if (IS_ERR(afi)) -+ return PTR_ERR(afi); -+ -+ table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); -+ if (IS_ERR(table)) -+ return PTR_ERR(table); -+ -+ flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME], -+ genmask); -+ if (IS_ERR(table)) -+ return PTR_ERR(flowtable); -+ -+ skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); -+ if (!skb2) -+ return -ENOMEM; -+ -+ err = nf_tables_fill_flowtable_info(skb2, net, NETLINK_CB(skb).portid, -+ nlh->nlmsg_seq, -+ NFT_MSG_NEWFLOWTABLE, 0, family, -+ flowtable); -+ if (err < 0) -+ goto err; -+ -+ return nlmsg_unicast(nlsk, skb2, NETLINK_CB(skb).portid); -+err: -+ kfree_skb(skb2); -+ return err; -+} -+ -+static void nf_tables_flowtable_notify(struct nft_ctx *ctx, -+ struct nft_flowtable *flowtable, -+ int event) -+{ -+ struct sk_buff *skb; -+ int err; -+ -+ if (ctx->report && -+ !nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES)) -+ return; -+ -+ skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); -+ if (skb == NULL) -+ goto err; -+ -+ err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, -+ ctx->seq, event, 0, -+ ctx->afi->family, flowtable); -+ if (err < 0) { -+ kfree_skb(skb); -+ goto err; -+ } -+ -+ nfnetlink_send(skb, ctx->net, ctx->portid, NFNLGRP_NFTABLES, -+ ctx->report, GFP_KERNEL); -+ return; -+err: -+ nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS); -+} -+ -+static void nft_flowtable_destroy(void *ptr, void *arg) -+{ -+ kfree(ptr); -+} -+ -+static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable) -+{ -+ cancel_delayed_work_sync(&flowtable->data.gc_work); -+ kfree(flowtable->name); -+ rhashtable_free_and_destroy(&flowtable->data.rhashtable, -+ nft_flowtable_destroy, NULL); -+ module_put(flowtable->data.type->owner); -+} -+ - static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net, - u32 portid, u32 seq) - { -@@ -4865,6 +5508,49 @@ nla_put_failure: - return -EMSGSIZE; - } - -+static void nft_flowtable_event(unsigned long event, struct net_device *dev, -+ struct nft_flowtable *flowtable) -+{ -+ int i; -+ -+ for (i = 0; i < flowtable->ops_len; i++) { -+ if (flowtable->ops[i].dev != dev) -+ continue; -+ -+ nf_unregister_net_hook(dev_net(dev), &flowtable->ops[i]); -+ flowtable->ops[i].dev = NULL; -+ break; -+ } -+} -+ -+static int nf_tables_flowtable_event(struct notifier_block *this, -+ unsigned long event, void *ptr) -+{ -+ struct net_device *dev = netdev_notifier_info_to_dev(ptr); -+ struct nft_flowtable *flowtable; -+ struct nft_table *table; -+ struct nft_af_info *afi; -+ -+ if (event != NETDEV_UNREGISTER) -+ return 0; -+ -+ nfnl_lock(NFNL_SUBSYS_NFTABLES); -+ list_for_each_entry(afi, &dev_net(dev)->nft.af_info, list) { -+ list_for_each_entry(table, &afi->tables, list) { -+ list_for_each_entry(flowtable, &table->flowtables, list) { -+ nft_flowtable_event(event, dev, flowtable); -+ } -+ } -+ } -+ nfnl_unlock(NFNL_SUBSYS_NFTABLES); -+ -+ return NOTIFY_DONE; -+} -+ -+static struct notifier_block nf_tables_flowtable_notifier = { -+ .notifier_call = nf_tables_flowtable_event, -+}; -+ - static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb, - int event) - { -@@ -5017,6 +5703,21 @@ static const struct nfnl_callback nf_tab - .attr_count = NFTA_OBJ_MAX, - .policy = nft_obj_policy, - }, -+ [NFT_MSG_NEWFLOWTABLE] = { -+ .call_batch = nf_tables_newflowtable, -+ .attr_count = NFTA_FLOWTABLE_MAX, -+ .policy = nft_flowtable_policy, -+ }, -+ [NFT_MSG_GETFLOWTABLE] = { -+ .call = nf_tables_getflowtable, -+ .attr_count = NFTA_FLOWTABLE_MAX, -+ .policy = nft_flowtable_policy, -+ }, -+ [NFT_MSG_DELFLOWTABLE] = { -+ .call_batch = nf_tables_delflowtable, -+ .attr_count = NFTA_FLOWTABLE_MAX, -+ .policy = nft_flowtable_policy, -+ }, - }; - - static void nft_chain_commit_update(struct nft_trans *trans) -@@ -5065,6 +5766,9 @@ static void nf_tables_commit_release(str - case NFT_MSG_DELOBJ: - nft_obj_destroy(nft_trans_obj(trans)); - break; -+ case NFT_MSG_DELFLOWTABLE: -+ nf_tables_flowtable_destroy(nft_trans_flowtable(trans)); -+ break; - } - kfree(trans); - } -@@ -5184,6 +5888,21 @@ static int nf_tables_commit(struct net * - nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans), - NFT_MSG_DELOBJ); - break; -+ case NFT_MSG_NEWFLOWTABLE: -+ nft_clear(net, nft_trans_flowtable(trans)); -+ nf_tables_flowtable_notify(&trans->ctx, -+ nft_trans_flowtable(trans), -+ NFT_MSG_NEWFLOWTABLE); -+ nft_trans_destroy(trans); -+ break; -+ case NFT_MSG_DELFLOWTABLE: -+ list_del_rcu(&nft_trans_flowtable(trans)->list); -+ nf_tables_flowtable_notify(&trans->ctx, -+ nft_trans_flowtable(trans), -+ NFT_MSG_DELFLOWTABLE); -+ nft_unregister_flowtable_net_hooks(net, -+ nft_trans_flowtable(trans)); -+ break; - } - } - -@@ -5221,6 +5940,9 @@ static void nf_tables_abort_release(stru - case NFT_MSG_NEWOBJ: - nft_obj_destroy(nft_trans_obj(trans)); - break; -+ case NFT_MSG_NEWFLOWTABLE: -+ nf_tables_flowtable_destroy(nft_trans_flowtable(trans)); -+ break; - } - kfree(trans); - } -@@ -5312,6 +6034,17 @@ static int nf_tables_abort(struct net *n - nft_clear(trans->ctx.net, nft_trans_obj(trans)); - nft_trans_destroy(trans); - break; -+ case NFT_MSG_NEWFLOWTABLE: -+ trans->ctx.table->use--; -+ list_del_rcu(&nft_trans_flowtable(trans)->list); -+ nft_unregister_flowtable_net_hooks(net, -+ nft_trans_flowtable(trans)); -+ break; -+ case NFT_MSG_DELFLOWTABLE: -+ trans->ctx.table->use++; -+ nft_clear(trans->ctx.net, nft_trans_flowtable(trans)); -+ nft_trans_destroy(trans); -+ break; - } - } - -@@ -5862,6 +6595,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai - /* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */ - static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi) - { -+ struct nft_flowtable *flowtable, *nf; - struct nft_table *table, *nt; - struct nft_chain *chain, *nc; - struct nft_object *obj, *ne; -@@ -5875,6 +6609,9 @@ static void __nft_release_afinfo(struct - list_for_each_entry_safe(table, nt, &afi->tables, list) { - list_for_each_entry(chain, &table->chains, list) - nf_tables_unregister_hook(net, table, chain); -+ list_for_each_entry(flowtable, &table->flowtables, list) -+ nf_unregister_net_hooks(net, flowtable->ops, -+ flowtable->ops_len); - /* No packets are walking on these chains anymore. */ - ctx.table = table; - list_for_each_entry(chain, &table->chains, list) { -@@ -5885,6 +6622,11 @@ static void __nft_release_afinfo(struct - nf_tables_rule_release(&ctx, rule); - } - } -+ list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) { -+ list_del(&flowtable->list); -+ table->use--; -+ nf_tables_flowtable_destroy(flowtable); -+ } - list_for_each_entry_safe(set, ns, &table->sets, list) { - list_del(&set->list); - table->use--; -@@ -5928,6 +6670,8 @@ static int __init nf_tables_module_init( - if (err < 0) - goto err3; - -+ register_netdevice_notifier(&nf_tables_flowtable_notifier); -+ - pr_info("nf_tables: (c) 2007-2009 Patrick McHardy \n"); - return register_pernet_subsys(&nf_tables_net_ops); - err3: -@@ -5942,6 +6686,7 @@ static void __exit nf_tables_module_exit - { - unregister_pernet_subsys(&nf_tables_net_ops); - nfnetlink_subsys_unregister(&nf_tables_subsys); -+ unregister_netdevice_notifier(&nf_tables_flowtable_notifier); - rcu_barrier(); - nf_tables_core_module_exit(); - kfree(info); diff --git a/target/linux/generic/backport-4.19/322-v4.16-netfilter-add-generic-flow-table-infrastructure.patch b/target/linux/generic/backport-4.19/322-v4.16-netfilter-add-generic-flow-table-infrastructure.patch deleted file mode 100644 index 16de9571a8..0000000000 --- a/target/linux/generic/backport-4.19/322-v4.16-netfilter-add-generic-flow-table-infrastructure.patch +++ /dev/null @@ -1,586 +0,0 @@ -From: Pablo Neira Ayuso -Date: Sun, 7 Jan 2018 01:04:11 +0100 -Subject: [PATCH] netfilter: add generic flow table infrastructure - -This patch defines the API to interact with flow tables, this allows to -add, delete and lookup for entries in the flow table. This also adds the -generic garbage code that removes entries that have expired, ie. no -traffic has been seen for a while. - -Users of the flow table infrastructure can delete entries via -flow_offload_dead(), which sets the dying bit, this signals the garbage -collector to release an entry from user context. - -Signed-off-by: Pablo Neira Ayuso ---- - create mode 100644 net/netfilter/nf_flow_table.c - ---- a/include/net/netfilter/nf_flow_table.h -+++ b/include/net/netfilter/nf_flow_table.h -@@ -1,7 +1,12 @@ - #ifndef _NF_FLOW_TABLE_H - #define _NF_FLOW_TABLE_H - -+#include -+#include -+#include - #include -+#include -+#include - - struct nf_flowtable; - -@@ -20,4 +25,93 @@ struct nf_flowtable { - struct delayed_work gc_work; - }; - -+enum flow_offload_tuple_dir { -+ FLOW_OFFLOAD_DIR_ORIGINAL, -+ FLOW_OFFLOAD_DIR_REPLY, -+ __FLOW_OFFLOAD_DIR_MAX = FLOW_OFFLOAD_DIR_REPLY, -+}; -+#define FLOW_OFFLOAD_DIR_MAX (__FLOW_OFFLOAD_DIR_MAX + 1) -+ -+struct flow_offload_tuple { -+ union { -+ struct in_addr src_v4; -+ struct in6_addr src_v6; -+ }; -+ union { -+ struct in_addr dst_v4; -+ struct in6_addr dst_v6; -+ }; -+ struct { -+ __be16 src_port; -+ __be16 dst_port; -+ }; -+ -+ int iifidx; -+ -+ u8 l3proto; -+ u8 l4proto; -+ u8 dir; -+ -+ int oifidx; -+ -+ struct dst_entry *dst_cache; -+}; -+ -+struct flow_offload_tuple_rhash { -+ struct rhash_head node; -+ struct flow_offload_tuple tuple; -+}; -+ -+#define FLOW_OFFLOAD_SNAT 0x1 -+#define FLOW_OFFLOAD_DNAT 0x2 -+#define FLOW_OFFLOAD_DYING 0x4 -+ -+struct flow_offload { -+ struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX]; -+ u32 flags; -+ union { -+ /* Your private driver data here. */ -+ u32 timeout; -+ }; -+}; -+ -+#define NF_FLOW_TIMEOUT (30 * HZ) -+ -+struct nf_flow_route { -+ struct { -+ struct dst_entry *dst; -+ int ifindex; -+ } tuple[FLOW_OFFLOAD_DIR_MAX]; -+}; -+ -+struct flow_offload *flow_offload_alloc(struct nf_conn *ct, -+ struct nf_flow_route *route); -+void flow_offload_free(struct flow_offload *flow); -+ -+int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow); -+void flow_offload_del(struct nf_flowtable *flow_table, struct flow_offload *flow); -+struct flow_offload_tuple_rhash *flow_offload_lookup(struct nf_flowtable *flow_table, -+ struct flow_offload_tuple *tuple); -+int nf_flow_table_iterate(struct nf_flowtable *flow_table, -+ void (*iter)(struct flow_offload *flow, void *data), -+ void *data); -+void nf_flow_offload_work_gc(struct work_struct *work); -+extern const struct rhashtable_params nf_flow_offload_rhash_params; -+ -+void flow_offload_dead(struct flow_offload *flow); -+ -+int nf_flow_snat_port(const struct flow_offload *flow, -+ struct sk_buff *skb, unsigned int thoff, -+ u8 protocol, enum flow_offload_tuple_dir dir); -+int nf_flow_dnat_port(const struct flow_offload *flow, -+ struct sk_buff *skb, unsigned int thoff, -+ u8 protocol, enum flow_offload_tuple_dir dir); -+ -+struct flow_ports { -+ __be16 source, dest; -+}; -+ -+#define MODULE_ALIAS_NF_FLOWTABLE(family) \ -+ MODULE_ALIAS("nf-flowtable-" __stringify(family)) -+ - #endif /* _FLOW_OFFLOAD_H */ ---- a/net/netfilter/Kconfig -+++ b/net/netfilter/Kconfig -@@ -667,6 +667,13 @@ endif # NF_TABLES_NETDEV - - endif # NF_TABLES - -+config NF_FLOW_TABLE -+ tristate "Netfilter flow table module" -+ help -+ This option adds the flow table core infrastructure. -+ -+ To compile it as a module, choose M here. -+ - config NETFILTER_XTABLES - tristate "Netfilter Xtables support (required for ip_tables)" - default m if NETFILTER_ADVANCED=n ---- a/net/netfilter/Makefile -+++ b/net/netfilter/Makefile -@@ -110,6 +110,9 @@ obj-$(CONFIG_NFT_FIB_NETDEV) += nft_fib_ - obj-$(CONFIG_NFT_DUP_NETDEV) += nft_dup_netdev.o - obj-$(CONFIG_NFT_FWD_NETDEV) += nft_fwd_netdev.o - -+# flow table infrastructure -+obj-$(CONFIG_NF_FLOW_TABLE) += nf_flow_table.o -+ - # generic X tables - obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o - ---- /dev/null -+++ b/net/netfilter/nf_flow_table.c -@@ -0,0 +1,429 @@ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+struct flow_offload_entry { -+ struct flow_offload flow; -+ struct nf_conn *ct; -+ struct rcu_head rcu_head; -+}; -+ -+struct flow_offload * -+flow_offload_alloc(struct nf_conn *ct, struct nf_flow_route *route) -+{ -+ struct flow_offload_entry *entry; -+ struct flow_offload *flow; -+ -+ if (unlikely(nf_ct_is_dying(ct) || -+ !atomic_inc_not_zero(&ct->ct_general.use))) -+ return NULL; -+ -+ entry = kzalloc(sizeof(*entry), GFP_ATOMIC); -+ if (!entry) -+ goto err_ct_refcnt; -+ -+ flow = &entry->flow; -+ -+ if (!dst_hold_safe(route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst)) -+ goto err_dst_cache_original; -+ -+ if (!dst_hold_safe(route->tuple[FLOW_OFFLOAD_DIR_REPLY].dst)) -+ goto err_dst_cache_reply; -+ -+ entry->ct = ct; -+ -+ switch (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num) { -+ case NFPROTO_IPV4: -+ flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_v4 = -+ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.in; -+ flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_v4 = -+ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.in; -+ flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.src_v4 = -+ ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.in; -+ flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_v4 = -+ ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.in; -+ break; -+ case NFPROTO_IPV6: -+ flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_v6 = -+ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.in6; -+ flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_v6 = -+ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.in6; -+ flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.src_v6 = -+ ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.in6; -+ flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_v6 = -+ ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.in6; -+ break; -+ } -+ -+ flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.l3proto = -+ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; -+ flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.l4proto = -+ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum; -+ flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.l3proto = -+ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; -+ flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.l4proto = -+ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum; -+ -+ flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_cache = -+ route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst; -+ flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_cache = -+ route->tuple[FLOW_OFFLOAD_DIR_REPLY].dst; -+ -+ flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_port = -+ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.tcp.port; -+ flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_port = -+ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.tcp.port; -+ flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.src_port = -+ ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u.tcp.port; -+ flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_port = -+ ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.tcp.port; -+ -+ flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dir = -+ FLOW_OFFLOAD_DIR_ORIGINAL; -+ flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dir = -+ FLOW_OFFLOAD_DIR_REPLY; -+ -+ flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.iifidx = -+ route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].ifindex; -+ flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.oifidx = -+ route->tuple[FLOW_OFFLOAD_DIR_REPLY].ifindex; -+ flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.iifidx = -+ route->tuple[FLOW_OFFLOAD_DIR_REPLY].ifindex; -+ flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.oifidx = -+ route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].ifindex; -+ -+ if (ct->status & IPS_SRC_NAT) -+ flow->flags |= FLOW_OFFLOAD_SNAT; -+ else if (ct->status & IPS_DST_NAT) -+ flow->flags |= FLOW_OFFLOAD_DNAT; -+ -+ return flow; -+ -+err_dst_cache_reply: -+ dst_release(route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst); -+err_dst_cache_original: -+ kfree(entry); -+err_ct_refcnt: -+ nf_ct_put(ct); -+ -+ return NULL; -+} -+EXPORT_SYMBOL_GPL(flow_offload_alloc); -+ -+void flow_offload_free(struct flow_offload *flow) -+{ -+ struct flow_offload_entry *e; -+ -+ dst_release(flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_cache); -+ dst_release(flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_cache); -+ e = container_of(flow, struct flow_offload_entry, flow); -+ kfree(e); -+} -+EXPORT_SYMBOL_GPL(flow_offload_free); -+ -+void flow_offload_dead(struct flow_offload *flow) -+{ -+ flow->flags |= FLOW_OFFLOAD_DYING; -+} -+EXPORT_SYMBOL_GPL(flow_offload_dead); -+ -+int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow) -+{ -+ flow->timeout = (u32)jiffies; -+ -+ rhashtable_insert_fast(&flow_table->rhashtable, -+ &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node, -+ *flow_table->type->params); -+ rhashtable_insert_fast(&flow_table->rhashtable, -+ &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node, -+ *flow_table->type->params); -+ return 0; -+} -+EXPORT_SYMBOL_GPL(flow_offload_add); -+ -+void flow_offload_del(struct nf_flowtable *flow_table, -+ struct flow_offload *flow) -+{ -+ struct flow_offload_entry *e; -+ -+ rhashtable_remove_fast(&flow_table->rhashtable, -+ &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node, -+ *flow_table->type->params); -+ rhashtable_remove_fast(&flow_table->rhashtable, -+ &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node, -+ *flow_table->type->params); -+ -+ e = container_of(flow, struct flow_offload_entry, flow); -+ kfree_rcu(e, rcu_head); -+} -+EXPORT_SYMBOL_GPL(flow_offload_del); -+ -+struct flow_offload_tuple_rhash * -+flow_offload_lookup(struct nf_flowtable *flow_table, -+ struct flow_offload_tuple *tuple) -+{ -+ return rhashtable_lookup_fast(&flow_table->rhashtable, tuple, -+ *flow_table->type->params); -+} -+EXPORT_SYMBOL_GPL(flow_offload_lookup); -+ -+static void nf_flow_release_ct(const struct flow_offload *flow) -+{ -+ struct flow_offload_entry *e; -+ -+ e = container_of(flow, struct flow_offload_entry, flow); -+ nf_ct_delete(e->ct, 0, 0); -+ nf_ct_put(e->ct); -+} -+ -+int nf_flow_table_iterate(struct nf_flowtable *flow_table, -+ void (*iter)(struct flow_offload *flow, void *data), -+ void *data) -+{ -+ struct flow_offload_tuple_rhash *tuplehash; -+ struct rhashtable_iter hti; -+ struct flow_offload *flow; -+ int err; -+ -+ err = rhashtable_walk_init(&flow_table->rhashtable, &hti, GFP_KERNEL); -+ if (err) -+ return err; -+ -+ rhashtable_walk_start(&hti); -+ -+ while ((tuplehash = rhashtable_walk_next(&hti))) { -+ if (IS_ERR(tuplehash)) { -+ err = PTR_ERR(tuplehash); -+ if (err != -EAGAIN) -+ goto out; -+ -+ continue; -+ } -+ if (tuplehash->tuple.dir) -+ continue; -+ -+ flow = container_of(tuplehash, struct flow_offload, tuplehash[0]); -+ -+ iter(flow, data); -+ } -+out: -+ rhashtable_walk_stop(&hti); -+ rhashtable_walk_exit(&hti); -+ -+ return err; -+} -+EXPORT_SYMBOL_GPL(nf_flow_table_iterate); -+ -+static inline bool nf_flow_has_expired(const struct flow_offload *flow) -+{ -+ return (__s32)(flow->timeout - (u32)jiffies) <= 0; -+} -+ -+static inline bool nf_flow_is_dying(const struct flow_offload *flow) -+{ -+ return flow->flags & FLOW_OFFLOAD_DYING; -+} -+ -+void nf_flow_offload_work_gc(struct work_struct *work) -+{ -+ struct flow_offload_tuple_rhash *tuplehash; -+ struct nf_flowtable *flow_table; -+ struct rhashtable_iter hti; -+ struct flow_offload *flow; -+ int err; -+ -+ flow_table = container_of(work, struct nf_flowtable, gc_work.work); -+ -+ err = rhashtable_walk_init(&flow_table->rhashtable, &hti, GFP_KERNEL); -+ if (err) -+ goto schedule; -+ -+ rhashtable_walk_start(&hti); -+ -+ while ((tuplehash = rhashtable_walk_next(&hti))) { -+ if (IS_ERR(tuplehash)) { -+ err = PTR_ERR(tuplehash); -+ if (err != -EAGAIN) -+ goto out; -+ -+ continue; -+ } -+ if (tuplehash->tuple.dir) -+ continue; -+ -+ flow = container_of(tuplehash, struct flow_offload, tuplehash[0]); -+ -+ if (nf_flow_has_expired(flow) || -+ nf_flow_is_dying(flow)) { -+ flow_offload_del(flow_table, flow); -+ nf_flow_release_ct(flow); -+ } -+ } -+out: -+ rhashtable_walk_stop(&hti); -+ rhashtable_walk_exit(&hti); -+schedule: -+ queue_delayed_work(system_power_efficient_wq, &flow_table->gc_work, HZ); -+} -+EXPORT_SYMBOL_GPL(nf_flow_offload_work_gc); -+ -+static u32 flow_offload_hash(const void *data, u32 len, u32 seed) -+{ -+ const struct flow_offload_tuple *tuple = data; -+ -+ return jhash(tuple, offsetof(struct flow_offload_tuple, dir), seed); -+} -+ -+static u32 flow_offload_hash_obj(const void *data, u32 len, u32 seed) -+{ -+ const struct flow_offload_tuple_rhash *tuplehash = data; -+ -+ return jhash(&tuplehash->tuple, offsetof(struct flow_offload_tuple, dir), seed); -+} -+ -+static int flow_offload_hash_cmp(struct rhashtable_compare_arg *arg, -+ const void *ptr) -+{ -+ const struct flow_offload_tuple *tuple = arg->key; -+ const struct flow_offload_tuple_rhash *x = ptr; -+ -+ if (memcmp(&x->tuple, tuple, offsetof(struct flow_offload_tuple, dir))) -+ return 1; -+ -+ return 0; -+} -+ -+const struct rhashtable_params nf_flow_offload_rhash_params = { -+ .head_offset = offsetof(struct flow_offload_tuple_rhash, node), -+ .hashfn = flow_offload_hash, -+ .obj_hashfn = flow_offload_hash_obj, -+ .obj_cmpfn = flow_offload_hash_cmp, -+ .automatic_shrinking = true, -+}; -+EXPORT_SYMBOL_GPL(nf_flow_offload_rhash_params); -+ -+static int nf_flow_nat_port_tcp(struct sk_buff *skb, unsigned int thoff, -+ __be16 port, __be16 new_port) -+{ -+ struct tcphdr *tcph; -+ -+ if (!pskb_may_pull(skb, thoff + sizeof(*tcph)) || -+ skb_try_make_writable(skb, thoff + sizeof(*tcph))) -+ return -1; -+ -+ tcph = (void *)(skb_network_header(skb) + thoff); -+ inet_proto_csum_replace2(&tcph->check, skb, port, new_port, true); -+ -+ return 0; -+} -+ -+static int nf_flow_nat_port_udp(struct sk_buff *skb, unsigned int thoff, -+ __be16 port, __be16 new_port) -+{ -+ struct udphdr *udph; -+ -+ if (!pskb_may_pull(skb, thoff + sizeof(*udph)) || -+ skb_try_make_writable(skb, thoff + sizeof(*udph))) -+ return -1; -+ -+ udph = (void *)(skb_network_header(skb) + thoff); -+ if (udph->check || skb->ip_summed == CHECKSUM_PARTIAL) { -+ inet_proto_csum_replace2(&udph->check, skb, port, -+ new_port, true); -+ if (!udph->check) -+ udph->check = CSUM_MANGLED_0; -+ } -+ -+ return 0; -+} -+ -+static int nf_flow_nat_port(struct sk_buff *skb, unsigned int thoff, -+ u8 protocol, __be16 port, __be16 new_port) -+{ -+ switch (protocol) { -+ case IPPROTO_TCP: -+ if (nf_flow_nat_port_tcp(skb, thoff, port, new_port) < 0) -+ return NF_DROP; -+ break; -+ case IPPROTO_UDP: -+ if (nf_flow_nat_port_udp(skb, thoff, port, new_port) < 0) -+ return NF_DROP; -+ break; -+ } -+ -+ return 0; -+} -+ -+int nf_flow_snat_port(const struct flow_offload *flow, -+ struct sk_buff *skb, unsigned int thoff, -+ u8 protocol, enum flow_offload_tuple_dir dir) -+{ -+ struct flow_ports *hdr; -+ __be16 port, new_port; -+ -+ if (!pskb_may_pull(skb, thoff + sizeof(*hdr)) || -+ skb_try_make_writable(skb, thoff + sizeof(*hdr))) -+ return -1; -+ -+ hdr = (void *)(skb_network_header(skb) + thoff); -+ -+ switch (dir) { -+ case FLOW_OFFLOAD_DIR_ORIGINAL: -+ port = hdr->source; -+ new_port = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_port; -+ hdr->source = new_port; -+ break; -+ case FLOW_OFFLOAD_DIR_REPLY: -+ port = hdr->dest; -+ new_port = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_port; -+ hdr->dest = new_port; -+ break; -+ default: -+ return -1; -+ } -+ -+ return nf_flow_nat_port(skb, thoff, protocol, port, new_port); -+} -+EXPORT_SYMBOL_GPL(nf_flow_snat_port); -+ -+int nf_flow_dnat_port(const struct flow_offload *flow, -+ struct sk_buff *skb, unsigned int thoff, -+ u8 protocol, enum flow_offload_tuple_dir dir) -+{ -+ struct flow_ports *hdr; -+ __be16 port, new_port; -+ -+ if (!pskb_may_pull(skb, thoff + sizeof(*hdr)) || -+ skb_try_make_writable(skb, thoff + sizeof(*hdr))) -+ return -1; -+ -+ hdr = (void *)(skb_network_header(skb) + thoff); -+ -+ switch (dir) { -+ case FLOW_OFFLOAD_DIR_ORIGINAL: -+ port = hdr->dest; -+ new_port = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.src_port; -+ hdr->dest = new_port; -+ break; -+ case FLOW_OFFLOAD_DIR_REPLY: -+ port = hdr->source; -+ new_port = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_port; -+ hdr->source = new_port; -+ break; -+ default: -+ return -1; -+ } -+ -+ return nf_flow_nat_port(skb, thoff, protocol, port, new_port); -+} -+EXPORT_SYMBOL_GPL(nf_flow_dnat_port); -+ -+MODULE_LICENSE("GPL"); -+MODULE_AUTHOR("Pablo Neira Ayuso "); diff --git a/target/linux/generic/backport-4.19/323-v4.16-netfilter-flow-table-support-for-IPv4.patch b/target/linux/generic/backport-4.19/323-v4.16-netfilter-flow-table-support-for-IPv4.patch deleted file mode 100644 index 50d9039c12..0000000000 --- a/target/linux/generic/backport-4.19/323-v4.16-netfilter-flow-table-support-for-IPv4.patch +++ /dev/null @@ -1,334 +0,0 @@ -From: Pablo Neira Ayuso -Date: Sun, 7 Jan 2018 01:04:15 +0100 -Subject: [PATCH] netfilter: flow table support for IPv4 - -This patch adds the IPv4 flow table type, that implements the datapath -flow table to forward IPv4 traffic. Rationale is: - -1) Look up for the packet in the flow table, from the ingress hook. -2) If there's a hit, decrement ttl and pass it on to the neighbour layer - for transmission. -3) If there's a miss, packet is passed up to the classic forwarding - path. - -This patch also supports layer 3 source and destination NAT. - -Signed-off-by: Pablo Neira Ayuso ---- - create mode 100644 net/ipv4/netfilter/nf_flow_table_ipv4.c - ---- a/net/ipv4/netfilter/Kconfig -+++ b/net/ipv4/netfilter/Kconfig -@@ -78,6 +78,14 @@ config NF_TABLES_ARP - - endif # NF_TABLES - -+config NF_FLOW_TABLE_IPV4 -+ select NF_FLOW_TABLE -+ tristate "Netfilter flow table IPv4 module" -+ help -+ This option adds the flow table IPv4 support. -+ -+ To compile it as a module, choose M here. -+ - config NF_DUP_IPV4 - tristate "Netfilter IPv4 packet duplication to alternate destination" - depends on !NF_CONNTRACK || NF_CONNTRACK ---- a/net/ipv4/netfilter/Makefile -+++ b/net/ipv4/netfilter/Makefile -@@ -43,6 +43,9 @@ obj-$(CONFIG_NFT_REDIR_IPV4) += nft_redi - obj-$(CONFIG_NFT_DUP_IPV4) += nft_dup_ipv4.o - obj-$(CONFIG_NF_TABLES_ARP) += nf_tables_arp.o - -+# flow table support -+obj-$(CONFIG_NF_FLOW_TABLE_IPV4) += nf_flow_table_ipv4.o -+ - # generic IP tables - obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o - ---- /dev/null -+++ b/net/ipv4/netfilter/nf_flow_table_ipv4.c -@@ -0,0 +1,283 @@ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+/* For layer 4 checksum field offset. */ -+#include -+#include -+ -+static int nf_flow_nat_ip_tcp(struct sk_buff *skb, unsigned int thoff, -+ __be32 addr, __be32 new_addr) -+{ -+ struct tcphdr *tcph; -+ -+ if (!pskb_may_pull(skb, thoff + sizeof(*tcph)) || -+ skb_try_make_writable(skb, thoff + sizeof(*tcph))) -+ return -1; -+ -+ tcph = (void *)(skb_network_header(skb) + thoff); -+ inet_proto_csum_replace4(&tcph->check, skb, addr, new_addr, true); -+ -+ return 0; -+} -+ -+static int nf_flow_nat_ip_udp(struct sk_buff *skb, unsigned int thoff, -+ __be32 addr, __be32 new_addr) -+{ -+ struct udphdr *udph; -+ -+ if (!pskb_may_pull(skb, thoff + sizeof(*udph)) || -+ skb_try_make_writable(skb, thoff + sizeof(*udph))) -+ return -1; -+ -+ udph = (void *)(skb_network_header(skb) + thoff); -+ if (udph->check || skb->ip_summed == CHECKSUM_PARTIAL) { -+ inet_proto_csum_replace4(&udph->check, skb, addr, -+ new_addr, true); -+ if (!udph->check) -+ udph->check = CSUM_MANGLED_0; -+ } -+ -+ return 0; -+} -+ -+static int nf_flow_nat_ip_l4proto(struct sk_buff *skb, struct iphdr *iph, -+ unsigned int thoff, __be32 addr, -+ __be32 new_addr) -+{ -+ switch (iph->protocol) { -+ case IPPROTO_TCP: -+ if (nf_flow_nat_ip_tcp(skb, thoff, addr, new_addr) < 0) -+ return NF_DROP; -+ break; -+ case IPPROTO_UDP: -+ if (nf_flow_nat_ip_udp(skb, thoff, addr, new_addr) < 0) -+ return NF_DROP; -+ break; -+ } -+ -+ return 0; -+} -+ -+static int nf_flow_snat_ip(const struct flow_offload *flow, struct sk_buff *skb, -+ struct iphdr *iph, unsigned int thoff, -+ enum flow_offload_tuple_dir dir) -+{ -+ __be32 addr, new_addr; -+ -+ switch (dir) { -+ case FLOW_OFFLOAD_DIR_ORIGINAL: -+ addr = iph->saddr; -+ new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_v4.s_addr; -+ iph->saddr = new_addr; -+ break; -+ case FLOW_OFFLOAD_DIR_REPLY: -+ addr = iph->daddr; -+ new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_v4.s_addr; -+ iph->daddr = new_addr; -+ break; -+ default: -+ return -1; -+ } -+ csum_replace4(&iph->check, addr, new_addr); -+ -+ return nf_flow_nat_ip_l4proto(skb, iph, thoff, addr, new_addr); -+} -+ -+static int nf_flow_dnat_ip(const struct flow_offload *flow, struct sk_buff *skb, -+ struct iphdr *iph, unsigned int thoff, -+ enum flow_offload_tuple_dir dir) -+{ -+ __be32 addr, new_addr; -+ -+ switch (dir) { -+ case FLOW_OFFLOAD_DIR_ORIGINAL: -+ addr = iph->daddr; -+ new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.src_v4.s_addr; -+ iph->daddr = new_addr; -+ break; -+ case FLOW_OFFLOAD_DIR_REPLY: -+ addr = iph->saddr; -+ new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_v4.s_addr; -+ iph->saddr = new_addr; -+ break; -+ default: -+ return -1; -+ } -+ -+ return nf_flow_nat_ip_l4proto(skb, iph, thoff, addr, new_addr); -+} -+ -+static int nf_flow_nat_ip(const struct flow_offload *flow, struct sk_buff *skb, -+ enum flow_offload_tuple_dir dir) -+{ -+ struct iphdr *iph = ip_hdr(skb); -+ unsigned int thoff = iph->ihl * 4; -+ -+ if (flow->flags & FLOW_OFFLOAD_SNAT && -+ (nf_flow_snat_port(flow, skb, thoff, iph->protocol, dir) < 0 || -+ nf_flow_snat_ip(flow, skb, iph, thoff, dir) < 0)) -+ return -1; -+ if (flow->flags & FLOW_OFFLOAD_DNAT && -+ (nf_flow_dnat_port(flow, skb, thoff, iph->protocol, dir) < 0 || -+ nf_flow_dnat_ip(flow, skb, iph, thoff, dir) < 0)) -+ return -1; -+ -+ return 0; -+} -+ -+static bool ip_has_options(unsigned int thoff) -+{ -+ return thoff != sizeof(struct iphdr); -+} -+ -+static int nf_flow_tuple_ip(struct sk_buff *skb, const struct net_device *dev, -+ struct flow_offload_tuple *tuple) -+{ -+ struct flow_ports *ports; -+ unsigned int thoff; -+ struct iphdr *iph; -+ -+ if (!pskb_may_pull(skb, sizeof(*iph))) -+ return -1; -+ -+ iph = ip_hdr(skb); -+ thoff = iph->ihl * 4; -+ -+ if (ip_is_fragment(iph) || -+ unlikely(ip_has_options(thoff))) -+ return -1; -+ -+ if (iph->protocol != IPPROTO_TCP && -+ iph->protocol != IPPROTO_UDP) -+ return -1; -+ -+ thoff = iph->ihl * 4; -+ if (!pskb_may_pull(skb, thoff + sizeof(*ports))) -+ return -1; -+ -+ ports = (struct flow_ports *)(skb_network_header(skb) + thoff); -+ -+ tuple->src_v4.s_addr = iph->saddr; -+ tuple->dst_v4.s_addr = iph->daddr; -+ tuple->src_port = ports->source; -+ tuple->dst_port = ports->dest; -+ tuple->l3proto = AF_INET; -+ tuple->l4proto = iph->protocol; -+ tuple->iifidx = dev->ifindex; -+ -+ return 0; -+} -+ -+/* Based on ip_exceeds_mtu(). */ -+static bool __nf_flow_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu) -+{ -+ if (skb->len <= mtu) -+ return false; -+ -+ if ((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) -+ return false; -+ -+ if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu)) -+ return false; -+ -+ return true; -+} -+ -+static bool nf_flow_exceeds_mtu(struct sk_buff *skb, const struct rtable *rt) -+{ -+ u32 mtu; -+ -+ mtu = ip_dst_mtu_maybe_forward(&rt->dst, true); -+ if (__nf_flow_exceeds_mtu(skb, mtu)) -+ return true; -+ -+ return false; -+} -+ -+static unsigned int -+nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, -+ const struct nf_hook_state *state) -+{ -+ struct flow_offload_tuple_rhash *tuplehash; -+ struct nf_flowtable *flow_table = priv; -+ struct flow_offload_tuple tuple = {}; -+ enum flow_offload_tuple_dir dir; -+ struct flow_offload *flow; -+ struct net_device *outdev; -+ const struct rtable *rt; -+ struct iphdr *iph; -+ __be32 nexthop; -+ -+ if (skb->protocol != htons(ETH_P_IP)) -+ return NF_ACCEPT; -+ -+ if (nf_flow_tuple_ip(skb, state->in, &tuple) < 0) -+ return NF_ACCEPT; -+ -+ tuplehash = flow_offload_lookup(flow_table, &tuple); -+ if (tuplehash == NULL) -+ return NF_ACCEPT; -+ -+ outdev = dev_get_by_index_rcu(state->net, tuplehash->tuple.oifidx); -+ if (!outdev) -+ return NF_ACCEPT; -+ -+ dir = tuplehash->tuple.dir; -+ flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); -+ -+ rt = (const struct rtable *)flow->tuplehash[dir].tuple.dst_cache; -+ if (unlikely(nf_flow_exceeds_mtu(skb, rt))) -+ return NF_ACCEPT; -+ -+ if (skb_try_make_writable(skb, sizeof(*iph))) -+ return NF_DROP; -+ -+ if (flow->flags & (FLOW_OFFLOAD_SNAT | FLOW_OFFLOAD_DNAT) && -+ nf_flow_nat_ip(flow, skb, dir) < 0) -+ return NF_DROP; -+ -+ flow->timeout = (u32)jiffies + NF_FLOW_TIMEOUT; -+ iph = ip_hdr(skb); -+ ip_decrease_ttl(iph); -+ -+ skb->dev = outdev; -+ nexthop = rt_nexthop(rt, flow->tuplehash[!dir].tuple.src_v4.s_addr); -+ neigh_xmit(NEIGH_ARP_TABLE, outdev, &nexthop, skb); -+ -+ return NF_STOLEN; -+} -+ -+static struct nf_flowtable_type flowtable_ipv4 = { -+ .family = NFPROTO_IPV4, -+ .params = &nf_flow_offload_rhash_params, -+ .gc = nf_flow_offload_work_gc, -+ .hook = nf_flow_offload_ip_hook, -+ .owner = THIS_MODULE, -+}; -+ -+static int __init nf_flow_ipv4_module_init(void) -+{ -+ nft_register_flowtable_type(&flowtable_ipv4); -+ -+ return 0; -+} -+ -+static void __exit nf_flow_ipv4_module_exit(void) -+{ -+ nft_unregister_flowtable_type(&flowtable_ipv4); -+} -+ -+module_init(nf_flow_ipv4_module_init); -+module_exit(nf_flow_ipv4_module_exit); -+ -+MODULE_LICENSE("GPL"); -+MODULE_AUTHOR("Pablo Neira Ayuso "); -+MODULE_ALIAS_NF_FLOWTABLE(AF_INET); diff --git a/target/linux/generic/backport-4.19/324-v4.16-netfilter-flow-table-support-for-IPv6.patch b/target/linux/generic/backport-4.19/324-v4.16-netfilter-flow-table-support-for-IPv6.patch deleted file mode 100644 index 3e7db09068..0000000000 --- a/target/linux/generic/backport-4.19/324-v4.16-netfilter-flow-table-support-for-IPv6.patch +++ /dev/null @@ -1,354 +0,0 @@ -From: Pablo Neira Ayuso -Date: Sun, 7 Jan 2018 01:04:19 +0100 -Subject: [PATCH] netfilter: flow table support for IPv6 - -This patch adds the IPv6 flow table type, that implements the datapath -flow table to forward IPv6 traffic. - -This patch exports ip6_dst_mtu_forward() that is required to check for -mtu to pass up packets that need PMTUD handling to the classic -forwarding path. - -Signed-off-by: Pablo Neira Ayuso ---- - create mode 100644 net/ipv6/netfilter/nf_flow_table_ipv6.c - ---- a/include/net/ipv6.h -+++ b/include/net/ipv6.h -@@ -889,6 +889,8 @@ static inline struct sk_buff *ip6_finish - &inet6_sk(sk)->cork); - } - -+unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst); -+ - int ip6_dst_lookup(struct net *net, struct sock *sk, struct dst_entry **dst, - struct flowi6 *fl6); - struct dst_entry *ip6_dst_lookup_flow(const struct sock *sk, struct flowi6 *fl6, ---- a/net/ipv6/ip6_output.c -+++ b/net/ipv6/ip6_output.c -@@ -381,7 +381,7 @@ static inline int ip6_forward_finish(str - return dst_output(net, sk, skb); - } - --static unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst) -+unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst) - { - unsigned int mtu; - struct inet6_dev *idev; -@@ -401,6 +401,7 @@ static unsigned int ip6_dst_mtu_forward( - - return mtu; - } -+EXPORT_SYMBOL_GPL(ip6_dst_mtu_forward); - - static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu) - { ---- a/net/ipv6/netfilter/Kconfig -+++ b/net/ipv6/netfilter/Kconfig -@@ -99,6 +99,14 @@ config NFT_FIB_IPV6 - endif # NF_TABLES_IPV6 - endif # NF_TABLES - -+config NF_FLOW_TABLE_IPV6 -+ select NF_FLOW_TABLE -+ tristate "Netfilter flow table IPv6 module" -+ help -+ This option adds the flow table IPv6 support. -+ -+ To compile it as a module, choose M here. -+ - config NF_DUP_IPV6 - tristate "Netfilter IPv6 packet duplication to alternate destination" - depends on !NF_CONNTRACK || NF_CONNTRACK ---- a/net/ipv6/netfilter/Makefile -+++ b/net/ipv6/netfilter/Makefile -@@ -45,6 +45,9 @@ obj-$(CONFIG_NFT_REDIR_IPV6) += nft_redi - obj-$(CONFIG_NFT_DUP_IPV6) += nft_dup_ipv6.o - obj-$(CONFIG_NFT_FIB_IPV6) += nft_fib_ipv6.o - -+# flow table support -+obj-$(CONFIG_NF_FLOW_TABLE_IPV6) += nf_flow_table_ipv6.o -+ - # matches - obj-$(CONFIG_IP6_NF_MATCH_AH) += ip6t_ah.o - obj-$(CONFIG_IP6_NF_MATCH_EUI64) += ip6t_eui64.o ---- /dev/null -+++ b/net/ipv6/netfilter/nf_flow_table_ipv6.c -@@ -0,0 +1,277 @@ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+/* For layer 4 checksum field offset. */ -+#include -+#include -+ -+static int nf_flow_nat_ipv6_tcp(struct sk_buff *skb, unsigned int thoff, -+ struct in6_addr *addr, -+ struct in6_addr *new_addr) -+{ -+ struct tcphdr *tcph; -+ -+ if (!pskb_may_pull(skb, thoff + sizeof(*tcph)) || -+ skb_try_make_writable(skb, thoff + sizeof(*tcph))) -+ return -1; -+ -+ tcph = (void *)(skb_network_header(skb) + thoff); -+ inet_proto_csum_replace16(&tcph->check, skb, addr->s6_addr32, -+ new_addr->s6_addr32, true); -+ -+ return 0; -+} -+ -+static int nf_flow_nat_ipv6_udp(struct sk_buff *skb, unsigned int thoff, -+ struct in6_addr *addr, -+ struct in6_addr *new_addr) -+{ -+ struct udphdr *udph; -+ -+ if (!pskb_may_pull(skb, thoff + sizeof(*udph)) || -+ skb_try_make_writable(skb, thoff + sizeof(*udph))) -+ return -1; -+ -+ udph = (void *)(skb_network_header(skb) + thoff); -+ if (udph->check || skb->ip_summed == CHECKSUM_PARTIAL) { -+ inet_proto_csum_replace16(&udph->check, skb, addr->s6_addr32, -+ new_addr->s6_addr32, true); -+ if (!udph->check) -+ udph->check = CSUM_MANGLED_0; -+ } -+ -+ return 0; -+} -+ -+static int nf_flow_nat_ipv6_l4proto(struct sk_buff *skb, struct ipv6hdr *ip6h, -+ unsigned int thoff, struct in6_addr *addr, -+ struct in6_addr *new_addr) -+{ -+ switch (ip6h->nexthdr) { -+ case IPPROTO_TCP: -+ if (nf_flow_nat_ipv6_tcp(skb, thoff, addr, new_addr) < 0) -+ return NF_DROP; -+ break; -+ case IPPROTO_UDP: -+ if (nf_flow_nat_ipv6_udp(skb, thoff, addr, new_addr) < 0) -+ return NF_DROP; -+ break; -+ } -+ -+ return 0; -+} -+ -+static int nf_flow_snat_ipv6(const struct flow_offload *flow, -+ struct sk_buff *skb, struct ipv6hdr *ip6h, -+ unsigned int thoff, -+ enum flow_offload_tuple_dir dir) -+{ -+ struct in6_addr addr, new_addr; -+ -+ switch (dir) { -+ case FLOW_OFFLOAD_DIR_ORIGINAL: -+ addr = ip6h->saddr; -+ new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_v6; -+ ip6h->saddr = new_addr; -+ break; -+ case FLOW_OFFLOAD_DIR_REPLY: -+ addr = ip6h->daddr; -+ new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_v6; -+ ip6h->daddr = new_addr; -+ break; -+ default: -+ return -1; -+ } -+ -+ return nf_flow_nat_ipv6_l4proto(skb, ip6h, thoff, &addr, &new_addr); -+} -+ -+static int nf_flow_dnat_ipv6(const struct flow_offload *flow, -+ struct sk_buff *skb, struct ipv6hdr *ip6h, -+ unsigned int thoff, -+ enum flow_offload_tuple_dir dir) -+{ -+ struct in6_addr addr, new_addr; -+ -+ switch (dir) { -+ case FLOW_OFFLOAD_DIR_ORIGINAL: -+ addr = ip6h->daddr; -+ new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.src_v6; -+ ip6h->daddr = new_addr; -+ break; -+ case FLOW_OFFLOAD_DIR_REPLY: -+ addr = ip6h->saddr; -+ new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_v6; -+ ip6h->saddr = new_addr; -+ break; -+ default: -+ return -1; -+ } -+ -+ return nf_flow_nat_ipv6_l4proto(skb, ip6h, thoff, &addr, &new_addr); -+} -+ -+static int nf_flow_nat_ipv6(const struct flow_offload *flow, -+ struct sk_buff *skb, -+ enum flow_offload_tuple_dir dir) -+{ -+ struct ipv6hdr *ip6h = ipv6_hdr(skb); -+ unsigned int thoff = sizeof(*ip6h); -+ -+ if (flow->flags & FLOW_OFFLOAD_SNAT && -+ (nf_flow_snat_port(flow, skb, thoff, ip6h->nexthdr, dir) < 0 || -+ nf_flow_snat_ipv6(flow, skb, ip6h, thoff, dir) < 0)) -+ return -1; -+ if (flow->flags & FLOW_OFFLOAD_DNAT && -+ (nf_flow_dnat_port(flow, skb, thoff, ip6h->nexthdr, dir) < 0 || -+ nf_flow_dnat_ipv6(flow, skb, ip6h, thoff, dir) < 0)) -+ return -1; -+ -+ return 0; -+} -+ -+static int nf_flow_tuple_ipv6(struct sk_buff *skb, const struct net_device *dev, -+ struct flow_offload_tuple *tuple) -+{ -+ struct flow_ports *ports; -+ struct ipv6hdr *ip6h; -+ unsigned int thoff; -+ -+ if (!pskb_may_pull(skb, sizeof(*ip6h))) -+ return -1; -+ -+ ip6h = ipv6_hdr(skb); -+ -+ if (ip6h->nexthdr != IPPROTO_TCP && -+ ip6h->nexthdr != IPPROTO_UDP) -+ return -1; -+ -+ thoff = sizeof(*ip6h); -+ if (!pskb_may_pull(skb, thoff + sizeof(*ports))) -+ return -1; -+ -+ ports = (struct flow_ports *)(skb_network_header(skb) + thoff); -+ -+ tuple->src_v6 = ip6h->saddr; -+ tuple->dst_v6 = ip6h->daddr; -+ tuple->src_port = ports->source; -+ tuple->dst_port = ports->dest; -+ tuple->l3proto = AF_INET6; -+ tuple->l4proto = ip6h->nexthdr; -+ tuple->iifidx = dev->ifindex; -+ -+ return 0; -+} -+ -+/* Based on ip_exceeds_mtu(). */ -+static bool __nf_flow_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu) -+{ -+ if (skb->len <= mtu) -+ return false; -+ -+ if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu)) -+ return false; -+ -+ return true; -+} -+ -+static bool nf_flow_exceeds_mtu(struct sk_buff *skb, const struct rt6_info *rt) -+{ -+ u32 mtu; -+ -+ mtu = ip6_dst_mtu_forward(&rt->dst); -+ if (__nf_flow_exceeds_mtu(skb, mtu)) -+ return true; -+ -+ return false; -+} -+ -+static unsigned int -+nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, -+ const struct nf_hook_state *state) -+{ -+ struct flow_offload_tuple_rhash *tuplehash; -+ struct nf_flowtable *flow_table = priv; -+ struct flow_offload_tuple tuple = {}; -+ enum flow_offload_tuple_dir dir; -+ struct flow_offload *flow; -+ struct net_device *outdev; -+ struct in6_addr *nexthop; -+ struct ipv6hdr *ip6h; -+ struct rt6_info *rt; -+ -+ if (skb->protocol != htons(ETH_P_IPV6)) -+ return NF_ACCEPT; -+ -+ if (nf_flow_tuple_ipv6(skb, state->in, &tuple) < 0) -+ return NF_ACCEPT; -+ -+ tuplehash = flow_offload_lookup(flow_table, &tuple); -+ if (tuplehash == NULL) -+ return NF_ACCEPT; -+ -+ outdev = dev_get_by_index_rcu(state->net, tuplehash->tuple.oifidx); -+ if (!outdev) -+ return NF_ACCEPT; -+ -+ dir = tuplehash->tuple.dir; -+ flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); -+ -+ rt = (struct rt6_info *)flow->tuplehash[dir].tuple.dst_cache; -+ if (unlikely(nf_flow_exceeds_mtu(skb, rt))) -+ return NF_ACCEPT; -+ -+ if (skb_try_make_writable(skb, sizeof(*ip6h))) -+ return NF_DROP; -+ -+ if (flow->flags & (FLOW_OFFLOAD_SNAT | FLOW_OFFLOAD_DNAT) && -+ nf_flow_nat_ipv6(flow, skb, dir) < 0) -+ return NF_DROP; -+ -+ flow->timeout = (u32)jiffies + NF_FLOW_TIMEOUT; -+ ip6h = ipv6_hdr(skb); -+ ip6h->hop_limit--; -+ -+ skb->dev = outdev; -+ nexthop = rt6_nexthop(rt, &flow->tuplehash[!dir].tuple.src_v6); -+ neigh_xmit(NEIGH_ND_TABLE, outdev, nexthop, skb); -+ -+ return NF_STOLEN; -+} -+ -+static struct nf_flowtable_type flowtable_ipv6 = { -+ .family = NFPROTO_IPV6, -+ .params = &nf_flow_offload_rhash_params, -+ .gc = nf_flow_offload_work_gc, -+ .hook = nf_flow_offload_ipv6_hook, -+ .owner = THIS_MODULE, -+}; -+ -+static int __init nf_flow_ipv6_module_init(void) -+{ -+ nft_register_flowtable_type(&flowtable_ipv6); -+ -+ return 0; -+} -+ -+static void __exit nf_flow_ipv6_module_exit(void) -+{ -+ nft_unregister_flowtable_type(&flowtable_ipv6); -+} -+ -+module_init(nf_flow_ipv6_module_init); -+module_exit(nf_flow_ipv6_module_exit); -+ -+MODULE_LICENSE("GPL"); -+MODULE_AUTHOR("Pablo Neira Ayuso "); -+MODULE_ALIAS_NF_FLOWTABLE(AF_INET6); diff --git a/target/linux/generic/backport-4.19/325-v4.16-netfilter-flow-table-support-for-the-mixed-IPv4-IPv6.patch b/target/linux/generic/backport-4.19/325-v4.16-netfilter-flow-table-support-for-the-mixed-IPv4-IPv6.patch deleted file mode 100644 index 04948d88ab..0000000000 --- a/target/linux/generic/backport-4.19/325-v4.16-netfilter-flow-table-support-for-the-mixed-IPv4-IPv6.patch +++ /dev/null @@ -1,141 +0,0 @@ -From: Pablo Neira Ayuso -Date: Sun, 7 Jan 2018 01:04:22 +0100 -Subject: [PATCH] netfilter: flow table support for the mixed IPv4/IPv6 family - -This patch adds the IPv6 flow table type, that implements the datapath -flow table to forward IPv6 traffic. - -Signed-off-by: Pablo Neira Ayuso ---- - create mode 100644 net/netfilter/nf_flow_table_inet.c - ---- a/include/net/netfilter/nf_flow_table.h -+++ b/include/net/netfilter/nf_flow_table.h -@@ -111,6 +111,11 @@ struct flow_ports { - __be16 source, dest; - }; - -+unsigned int nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, -+ const struct nf_hook_state *state); -+unsigned int nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, -+ const struct nf_hook_state *state); -+ - #define MODULE_ALIAS_NF_FLOWTABLE(family) \ - MODULE_ALIAS("nf-flowtable-" __stringify(family)) - ---- a/net/ipv4/netfilter/nf_flow_table_ipv4.c -+++ b/net/ipv4/netfilter/nf_flow_table_ipv4.c -@@ -202,7 +202,7 @@ static bool nf_flow_exceeds_mtu(struct s - return false; - } - --static unsigned int -+unsigned int - nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, - const struct nf_hook_state *state) - { -@@ -254,6 +254,7 @@ nf_flow_offload_ip_hook(void *priv, stru - - return NF_STOLEN; - } -+EXPORT_SYMBOL_GPL(nf_flow_offload_ip_hook); - - static struct nf_flowtable_type flowtable_ipv4 = { - .family = NFPROTO_IPV4, ---- a/net/ipv6/netfilter/nf_flow_table_ipv6.c -+++ b/net/ipv6/netfilter/nf_flow_table_ipv6.c -@@ -196,7 +196,7 @@ static bool nf_flow_exceeds_mtu(struct s - return false; - } - --static unsigned int -+unsigned int - nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, - const struct nf_hook_state *state) - { -@@ -248,6 +248,7 @@ nf_flow_offload_ipv6_hook(void *priv, st - - return NF_STOLEN; - } -+EXPORT_SYMBOL_GPL(nf_flow_offload_ipv6_hook); - - static struct nf_flowtable_type flowtable_ipv6 = { - .family = NFPROTO_IPV6, ---- a/net/netfilter/Kconfig -+++ b/net/netfilter/Kconfig -@@ -667,6 +667,14 @@ endif # NF_TABLES_NETDEV - - endif # NF_TABLES - -+config NF_FLOW_TABLE_INET -+ select NF_FLOW_TABLE -+ tristate "Netfilter flow table mixed IPv4/IPv6 module" -+ help -+ This option adds the flow table mixed IPv4/IPv6 support. -+ -+ To compile it as a module, choose M here. -+ - config NF_FLOW_TABLE - tristate "Netfilter flow table module" - help ---- a/net/netfilter/Makefile -+++ b/net/netfilter/Makefile -@@ -112,6 +112,7 @@ obj-$(CONFIG_NFT_FWD_NETDEV) += nft_fwd_ - - # flow table infrastructure - obj-$(CONFIG_NF_FLOW_TABLE) += nf_flow_table.o -+obj-$(CONFIG_NF_FLOW_TABLE_INET) += nf_flow_table_inet.o - - # generic X tables - obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o ---- /dev/null -+++ b/net/netfilter/nf_flow_table_inet.c -@@ -0,0 +1,48 @@ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+static unsigned int -+nf_flow_offload_inet_hook(void *priv, struct sk_buff *skb, -+ const struct nf_hook_state *state) -+{ -+ switch (skb->protocol) { -+ case htons(ETH_P_IP): -+ return nf_flow_offload_ip_hook(priv, skb, state); -+ case htons(ETH_P_IPV6): -+ return nf_flow_offload_ipv6_hook(priv, skb, state); -+ } -+ -+ return NF_ACCEPT; -+} -+ -+static struct nf_flowtable_type flowtable_inet = { -+ .family = NFPROTO_INET, -+ .params = &nf_flow_offload_rhash_params, -+ .gc = nf_flow_offload_work_gc, -+ .hook = nf_flow_offload_inet_hook, -+ .owner = THIS_MODULE, -+}; -+ -+static int __init nf_flow_inet_module_init(void) -+{ -+ nft_register_flowtable_type(&flowtable_inet); -+ -+ return 0; -+} -+ -+static void __exit nf_flow_inet_module_exit(void) -+{ -+ nft_unregister_flowtable_type(&flowtable_inet); -+} -+ -+module_init(nf_flow_inet_module_init); -+module_exit(nf_flow_inet_module_exit); -+ -+MODULE_LICENSE("GPL"); -+MODULE_AUTHOR("Pablo Neira Ayuso "); -+MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */ diff --git a/target/linux/generic/backport-4.19/326-v4.16-netfilter-nf_tables-flow-offload-expression.patch b/target/linux/generic/backport-4.19/326-v4.16-netfilter-nf_tables-flow-offload-expression.patch deleted file mode 100644 index 0decc34105..0000000000 --- a/target/linux/generic/backport-4.19/326-v4.16-netfilter-nf_tables-flow-offload-expression.patch +++ /dev/null @@ -1,332 +0,0 @@ -From: Pablo Neira Ayuso -Date: Sun, 7 Jan 2018 01:04:26 +0100 -Subject: [PATCH] netfilter: nf_tables: flow offload expression - -Add new instruction for the nf_tables VM that allows us to specify what -flows are offloaded into a given flow table via name. This new -instruction creates the flow entry and adds it to the flow table. - -Only established flows, ie. we have seen traffic in both directions, are -added to the flow table. You can still decide to offload entries at a -later stage via packet counting or checking the ct status in case you -want to offload assured conntracks. - -This new extension depends on the conntrack subsystem. - -Signed-off-by: Pablo Neira Ayuso ---- - create mode 100644 net/netfilter/nft_flow_offload.c - ---- a/include/uapi/linux/netfilter/nf_tables.h -+++ b/include/uapi/linux/netfilter/nf_tables.h -@@ -957,6 +957,17 @@ enum nft_ct_attributes { - }; - #define NFTA_CT_MAX (__NFTA_CT_MAX - 1) - -+/** -+ * enum nft_flow_attributes - ct offload expression attributes -+ * @NFTA_FLOW_TABLE_NAME: flow table name (NLA_STRING) -+ */ -+enum nft_offload_attributes { -+ NFTA_FLOW_UNSPEC, -+ NFTA_FLOW_TABLE_NAME, -+ __NFTA_FLOW_MAX, -+}; -+#define NFTA_FLOW_MAX (__NFTA_FLOW_MAX - 1) -+ - enum nft_limit_type { - NFT_LIMIT_PKTS, - NFT_LIMIT_PKT_BYTES ---- a/net/netfilter/Kconfig -+++ b/net/netfilter/Kconfig -@@ -515,6 +515,13 @@ config NFT_CT - This option adds the "ct" expression that you can use to match - connection tracking information such as the flow state. - -+config NFT_FLOW_OFFLOAD -+ depends on NF_CONNTRACK -+ tristate "Netfilter nf_tables hardware flow offload module" -+ help -+ This option adds the "flow_offload" expression that you can use to -+ choose what flows are placed into the hardware. -+ - config NFT_SET_RBTREE - tristate "Netfilter nf_tables rbtree set module" - help ---- a/net/netfilter/Makefile -+++ b/net/netfilter/Makefile -@@ -87,6 +87,7 @@ obj-$(CONFIG_NFT_META) += nft_meta.o - obj-$(CONFIG_NFT_RT) += nft_rt.o - obj-$(CONFIG_NFT_NUMGEN) += nft_numgen.o - obj-$(CONFIG_NFT_CT) += nft_ct.o -+obj-$(CONFIG_NFT_FLOW_OFFLOAD) += nft_flow_offload.o - obj-$(CONFIG_NFT_LIMIT) += nft_limit.o - obj-$(CONFIG_NFT_NAT) += nft_nat.o - obj-$(CONFIG_NFT_OBJREF) += nft_objref.o ---- /dev/null -+++ b/net/netfilter/nft_flow_offload.c -@@ -0,0 +1,264 @@ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include /* for ipv4 options. */ -+#include -+#include -+#include -+#include -+#include -+ -+struct nft_flow_offload { -+ struct nft_flowtable *flowtable; -+}; -+ -+static int nft_flow_route(const struct nft_pktinfo *pkt, -+ const struct nf_conn *ct, -+ struct nf_flow_route *route, -+ enum ip_conntrack_dir dir) -+{ -+ struct dst_entry *this_dst = skb_dst(pkt->skb); -+ struct dst_entry *other_dst = NULL; -+ struct flowi fl; -+ -+ memset(&fl, 0, sizeof(fl)); -+ switch (nft_pf(pkt)) { -+ case NFPROTO_IPV4: -+ fl.u.ip4.daddr = ct->tuplehash[!dir].tuple.dst.u3.ip; -+ break; -+ case NFPROTO_IPV6: -+ fl.u.ip6.daddr = ct->tuplehash[!dir].tuple.dst.u3.in6; -+ break; -+ } -+ -+ nf_route(nft_net(pkt), &other_dst, &fl, false, nft_pf(pkt)); -+ if (!other_dst) -+ return -ENOENT; -+ -+ route->tuple[dir].dst = this_dst; -+ route->tuple[dir].ifindex = nft_in(pkt)->ifindex; -+ route->tuple[!dir].dst = other_dst; -+ route->tuple[!dir].ifindex = nft_out(pkt)->ifindex; -+ -+ return 0; -+} -+ -+static bool nft_flow_offload_skip(struct sk_buff *skb) -+{ -+ struct ip_options *opt = &(IPCB(skb)->opt); -+ -+ if (unlikely(opt->optlen)) -+ return true; -+ if (skb_sec_path(skb)) -+ return true; -+ -+ return false; -+} -+ -+static void nft_flow_offload_eval(const struct nft_expr *expr, -+ struct nft_regs *regs, -+ const struct nft_pktinfo *pkt) -+{ -+ struct nft_flow_offload *priv = nft_expr_priv(expr); -+ struct nf_flowtable *flowtable = &priv->flowtable->data; -+ enum ip_conntrack_info ctinfo; -+ struct nf_flow_route route; -+ struct flow_offload *flow; -+ enum ip_conntrack_dir dir; -+ struct nf_conn *ct; -+ int ret; -+ -+ if (nft_flow_offload_skip(pkt->skb)) -+ goto out; -+ -+ ct = nf_ct_get(pkt->skb, &ctinfo); -+ if (!ct) -+ goto out; -+ -+ switch (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum) { -+ case IPPROTO_TCP: -+ case IPPROTO_UDP: -+ break; -+ default: -+ goto out; -+ } -+ -+ if (test_bit(IPS_HELPER_BIT, &ct->status)) -+ goto out; -+ -+ if (ctinfo == IP_CT_NEW || -+ ctinfo == IP_CT_RELATED) -+ goto out; -+ -+ if (test_and_set_bit(IPS_OFFLOAD_BIT, &ct->status)) -+ goto out; -+ -+ dir = CTINFO2DIR(ctinfo); -+ if (nft_flow_route(pkt, ct, &route, dir) < 0) -+ goto err_flow_route; -+ -+ flow = flow_offload_alloc(ct, &route); -+ if (!flow) -+ goto err_flow_alloc; -+ -+ ret = flow_offload_add(flowtable, flow); -+ if (ret < 0) -+ goto err_flow_add; -+ -+ return; -+ -+err_flow_add: -+ flow_offload_free(flow); -+err_flow_alloc: -+ dst_release(route.tuple[!dir].dst); -+err_flow_route: -+ clear_bit(IPS_OFFLOAD_BIT, &ct->status); -+out: -+ regs->verdict.code = NFT_BREAK; -+} -+ -+static int nft_flow_offload_validate(const struct nft_ctx *ctx, -+ const struct nft_expr *expr, -+ const struct nft_data **data) -+{ -+ unsigned int hook_mask = (1 << NF_INET_FORWARD); -+ -+ return nft_chain_validate_hooks(ctx->chain, hook_mask); -+} -+ -+static int nft_flow_offload_init(const struct nft_ctx *ctx, -+ const struct nft_expr *expr, -+ const struct nlattr * const tb[]) -+{ -+ struct nft_flow_offload *priv = nft_expr_priv(expr); -+ u8 genmask = nft_genmask_next(ctx->net); -+ struct nft_flowtable *flowtable; -+ -+ if (!tb[NFTA_FLOW_TABLE_NAME]) -+ return -EINVAL; -+ -+ flowtable = nf_tables_flowtable_lookup(ctx->table, -+ tb[NFTA_FLOW_TABLE_NAME], -+ genmask); -+ if (IS_ERR(flowtable)) -+ return PTR_ERR(flowtable); -+ -+ priv->flowtable = flowtable; -+ flowtable->use++; -+ -+ return nf_ct_netns_get(ctx->net, ctx->afi->family); -+} -+ -+static void nft_flow_offload_destroy(const struct nft_ctx *ctx, -+ const struct nft_expr *expr) -+{ -+ struct nft_flow_offload *priv = nft_expr_priv(expr); -+ -+ priv->flowtable->use--; -+ nf_ct_netns_put(ctx->net, ctx->afi->family); -+} -+ -+static int nft_flow_offload_dump(struct sk_buff *skb, const struct nft_expr *expr) -+{ -+ struct nft_flow_offload *priv = nft_expr_priv(expr); -+ -+ if (nla_put_string(skb, NFTA_FLOW_TABLE_NAME, priv->flowtable->name)) -+ goto nla_put_failure; -+ -+ return 0; -+ -+nla_put_failure: -+ return -1; -+} -+ -+static struct nft_expr_type nft_flow_offload_type; -+static const struct nft_expr_ops nft_flow_offload_ops = { -+ .type = &nft_flow_offload_type, -+ .size = NFT_EXPR_SIZE(sizeof(struct nft_flow_offload)), -+ .eval = nft_flow_offload_eval, -+ .init = nft_flow_offload_init, -+ .destroy = nft_flow_offload_destroy, -+ .validate = nft_flow_offload_validate, -+ .dump = nft_flow_offload_dump, -+}; -+ -+static struct nft_expr_type nft_flow_offload_type __read_mostly = { -+ .name = "flow_offload", -+ .ops = &nft_flow_offload_ops, -+ .maxattr = NFTA_FLOW_MAX, -+ .owner = THIS_MODULE, -+}; -+ -+static void flow_offload_iterate_cleanup(struct flow_offload *flow, void *data) -+{ -+ struct net_device *dev = data; -+ -+ if (dev && flow->tuplehash[0].tuple.iifidx != dev->ifindex) -+ return; -+ -+ flow_offload_dead(flow); -+} -+ -+static void nft_flow_offload_iterate_cleanup(struct nf_flowtable *flowtable, -+ void *data) -+{ -+ nf_flow_table_iterate(flowtable, flow_offload_iterate_cleanup, data); -+} -+ -+static int flow_offload_netdev_event(struct notifier_block *this, -+ unsigned long event, void *ptr) -+{ -+ struct net_device *dev = netdev_notifier_info_to_dev(ptr); -+ -+ if (event != NETDEV_DOWN) -+ return NOTIFY_DONE; -+ -+ nft_flow_table_iterate(dev_net(dev), nft_flow_offload_iterate_cleanup, dev); -+ -+ return NOTIFY_DONE; -+} -+ -+static struct notifier_block flow_offload_netdev_notifier = { -+ .notifier_call = flow_offload_netdev_event, -+}; -+ -+static int __init nft_flow_offload_module_init(void) -+{ -+ int err; -+ -+ register_netdevice_notifier(&flow_offload_netdev_notifier); -+ -+ err = nft_register_expr(&nft_flow_offload_type); -+ if (err < 0) -+ goto register_expr; -+ -+ return 0; -+ -+register_expr: -+ unregister_netdevice_notifier(&flow_offload_netdev_notifier); -+ return err; -+} -+ -+static void __exit nft_flow_offload_module_exit(void) -+{ -+ struct net *net; -+ -+ nft_unregister_expr(&nft_flow_offload_type); -+ unregister_netdevice_notifier(&flow_offload_netdev_notifier); -+ rtnl_lock(); -+ for_each_net(net) -+ nft_flow_table_iterate(net, nft_flow_offload_iterate_cleanup, NULL); -+ rtnl_unlock(); -+} -+ -+module_init(nft_flow_offload_module_init); -+module_exit(nft_flow_offload_module_exit); -+ -+MODULE_LICENSE("GPL"); -+MODULE_AUTHOR("Pablo Neira Ayuso "); -+MODULE_ALIAS_NFT_EXPR("flow_offload"); diff --git a/target/linux/generic/backport-4.19/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch b/target/linux/generic/backport-4.19/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch deleted file mode 100644 index 7d13a59424..0000000000 --- a/target/linux/generic/backport-4.19/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch +++ /dev/null @@ -1,113 +0,0 @@ -From: Pablo Neira Ayuso -Date: Tue, 19 Dec 2017 13:53:45 +0100 -Subject: [PATCH] netfilter: nf_tables: remove nhooks field from struct - nft_af_info - -We already validate the hook through bitmask, so this check is -superfluous. When removing this, this patch is also fixing a bug in the -new flowtable codebase, since ctx->afi points to the table family -instead of the netdev family which is where the flowtable is really -hooked in. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/net/netfilter/nf_tables.h -+++ b/include/net/netfilter/nf_tables.h -@@ -968,7 +968,6 @@ enum nft_af_flags { - * - * @list: used internally - * @family: address family -- * @nhooks: number of hooks in this family - * @owner: module owner - * @tables: used internally - * @flags: family flags -@@ -976,7 +975,6 @@ enum nft_af_flags { - struct nft_af_info { - struct list_head list; - int family; -- unsigned int nhooks; - struct module *owner; - struct list_head tables; - u32 flags; ---- a/net/bridge/netfilter/nf_tables_bridge.c -+++ b/net/bridge/netfilter/nf_tables_bridge.c -@@ -44,7 +44,6 @@ nft_do_chain_bridge(void *priv, - - static struct nft_af_info nft_af_bridge __read_mostly = { - .family = NFPROTO_BRIDGE, -- .nhooks = NF_BR_NUMHOOKS, - .owner = THIS_MODULE, - }; - ---- a/net/ipv4/netfilter/nf_tables_arp.c -+++ b/net/ipv4/netfilter/nf_tables_arp.c -@@ -29,7 +29,6 @@ nft_do_chain_arp(void *priv, - - static struct nft_af_info nft_af_arp __read_mostly = { - .family = NFPROTO_ARP, -- .nhooks = NF_ARP_NUMHOOKS, - .owner = THIS_MODULE, - }; - ---- a/net/ipv4/netfilter/nf_tables_ipv4.c -+++ b/net/ipv4/netfilter/nf_tables_ipv4.c -@@ -32,7 +32,6 @@ static unsigned int nft_do_chain_ipv4(vo - - static struct nft_af_info nft_af_ipv4 __read_mostly = { - .family = NFPROTO_IPV4, -- .nhooks = NF_INET_NUMHOOKS, - .owner = THIS_MODULE, - }; - ---- a/net/ipv6/netfilter/nf_tables_ipv6.c -+++ b/net/ipv6/netfilter/nf_tables_ipv6.c -@@ -30,7 +30,6 @@ static unsigned int nft_do_chain_ipv6(vo - - static struct nft_af_info nft_af_ipv6 __read_mostly = { - .family = NFPROTO_IPV6, -- .nhooks = NF_INET_NUMHOOKS, - .owner = THIS_MODULE, - }; - ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -1359,9 +1359,6 @@ static int nft_chain_parse_hook(struct n - return -EINVAL; - - hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM])); -- if (hook->num >= afi->nhooks) -- return -EINVAL; -- - hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); - - type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; -@@ -4987,7 +4984,7 @@ static int nf_tables_flowtable_parse_hoo - return -EINVAL; - - hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM])); -- if (hooknum >= ctx->afi->nhooks) -+ if (hooknum != NF_NETDEV_INGRESS) - return -EINVAL; - - priority = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_PRIORITY])); ---- a/net/netfilter/nf_tables_inet.c -+++ b/net/netfilter/nf_tables_inet.c -@@ -40,7 +40,6 @@ static unsigned int nft_do_chain_inet(vo - - static struct nft_af_info nft_af_inet __read_mostly = { - .family = NFPROTO_INET, -- .nhooks = NF_INET_NUMHOOKS, - .owner = THIS_MODULE, - }; - ---- a/net/netfilter/nf_tables_netdev.c -+++ b/net/netfilter/nf_tables_netdev.c -@@ -40,7 +40,6 @@ nft_do_chain_netdev(void *priv, struct s - - static struct nft_af_info nft_af_netdev __read_mostly = { - .family = NFPROTO_NETDEV, -- .nhooks = NF_NETDEV_NUMHOOKS, - .owner = THIS_MODULE, - .flags = NFT_AF_NEEDS_DEV, - }; diff --git a/target/linux/generic/backport-4.19/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch b/target/linux/generic/backport-4.19/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch deleted file mode 100644 index 62bca05110..0000000000 --- a/target/linux/generic/backport-4.19/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: Wei Yongjun -Date: Wed, 10 Jan 2018 07:04:54 +0000 -Subject: [PATCH] netfilter: nf_tables: fix a typo in nf_tables_getflowtable() - -Fix a typo, we should check 'flowtable' instead of 'table'. - -Fixes: 3b49e2e94e6e ("netfilter: nf_tables: add flow table netlink frontend") -Signed-off-by: Wei Yongjun -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -5411,7 +5411,7 @@ static int nf_tables_getflowtable(struct - - flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME], - genmask); -- if (IS_ERR(table)) -+ if (IS_ERR(flowtable)) - return PTR_ERR(flowtable); - - skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); diff --git a/target/linux/generic/backport-4.19/329-v4.16-netfilter-improve-flow-table-Kconfig-dependencies.patch b/target/linux/generic/backport-4.19/329-v4.16-netfilter-improve-flow-table-Kconfig-dependencies.patch deleted file mode 100644 index 0d5cd3bb4f..0000000000 --- a/target/linux/generic/backport-4.19/329-v4.16-netfilter-improve-flow-table-Kconfig-dependencies.patch +++ /dev/null @@ -1,106 +0,0 @@ -From: Arnd Bergmann -Date: Wed, 10 Jan 2018 18:10:59 +0100 -Subject: [PATCH] netfilter: improve flow table Kconfig dependencies - -The newly added NF_FLOW_TABLE options cause some build failures in -randconfig kernels: - -- when CONFIG_NF_CONNTRACK is disabled, or is a loadable module but - NF_FLOW_TABLE is built-in: - - In file included from net/netfilter/nf_flow_table.c:8:0: - include/net/netfilter/nf_conntrack.h:59:22: error: field 'ct_general' has incomplete type - struct nf_conntrack ct_general; - include/net/netfilter/nf_conntrack.h: In function 'nf_ct_get': - include/net/netfilter/nf_conntrack.h:148:15: error: 'const struct sk_buff' has no member named '_nfct' - include/net/netfilter/nf_conntrack.h: In function 'nf_ct_put': - include/net/netfilter/nf_conntrack.h:157:2: error: implicit declaration of function 'nf_conntrack_put'; did you mean 'nf_ct_put'? [-Werror=implicit-function-declaration] - - net/netfilter/nf_flow_table.o: In function `nf_flow_offload_work_gc': - (.text+0x1540): undefined reference to `nf_ct_delete' - -- when CONFIG_NF_TABLES is disabled: - - In file included from net/ipv6/netfilter/nf_flow_table_ipv6.c:13:0: - include/net/netfilter/nf_tables.h: In function 'nft_gencursor_next': - include/net/netfilter/nf_tables.h:1189:14: error: 'const struct net' has no member named 'nft'; did you mean 'nf'? - - - when CONFIG_NF_FLOW_TABLE_INET is enabled, but NF_FLOW_TABLE_IPV4 - or NF_FLOW_TABLE_IPV6 are not, or are loadable modules - - net/netfilter/nf_flow_table_inet.o: In function `nf_flow_offload_inet_hook': - nf_flow_table_inet.c:(.text+0x94): undefined reference to `nf_flow_offload_ipv6_hook' - nf_flow_table_inet.c:(.text+0x40): undefined reference to `nf_flow_offload_ip_hook' - -- when CONFIG_NF_FLOW_TABLES is disabled, but the other options are - enabled: - - net/netfilter/nf_flow_table_inet.o: In function `nf_flow_offload_inet_hook': - nf_flow_table_inet.c:(.text+0x6c): undefined reference to `nf_flow_offload_ipv6_hook' - net/netfilter/nf_flow_table_inet.o: In function `nf_flow_inet_module_exit': - nf_flow_table_inet.c:(.exit.text+0x8): undefined reference to `nft_unregister_flowtable_type' - net/netfilter/nf_flow_table_inet.o: In function `nf_flow_inet_module_init': - nf_flow_table_inet.c:(.init.text+0x8): undefined reference to `nft_register_flowtable_type' - net/ipv4/netfilter/nf_flow_table_ipv4.o: In function `nf_flow_ipv4_module_exit': - nf_flow_table_ipv4.c:(.exit.text+0x8): undefined reference to `nft_unregister_flowtable_type' - net/ipv4/netfilter/nf_flow_table_ipv4.o: In function `nf_flow_ipv4_module_init': - nf_flow_table_ipv4.c:(.init.text+0x8): undefined reference to `nft_register_flowtable_type' - -This adds additional Kconfig dependencies to ensure that NF_CONNTRACK and NF_TABLES -are always visible from NF_FLOW_TABLE, and that the internal dependencies between -the four new modules are met. - -Fixes: 7c23b629a808 ("netfilter: flow table support for the mixed IPv4/IPv6 family") -Fixes: 0995210753a2 ("netfilter: flow table support for IPv6") -Fixes: 97add9f0d66d ("netfilter: flow table support for IPv4") -Signed-off-by: Arnd Bergmann -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/net/ipv4/netfilter/Kconfig -+++ b/net/ipv4/netfilter/Kconfig -@@ -79,8 +79,9 @@ config NF_TABLES_ARP - endif # NF_TABLES - - config NF_FLOW_TABLE_IPV4 -- select NF_FLOW_TABLE - tristate "Netfilter flow table IPv4 module" -+ depends on NF_CONNTRACK && NF_TABLES -+ select NF_FLOW_TABLE - help - This option adds the flow table IPv4 support. - ---- a/net/ipv6/netfilter/Kconfig -+++ b/net/ipv6/netfilter/Kconfig -@@ -100,8 +100,9 @@ endif # NF_TABLES_IPV6 - endif # NF_TABLES - - config NF_FLOW_TABLE_IPV6 -- select NF_FLOW_TABLE - tristate "Netfilter flow table IPv6 module" -+ depends on NF_CONNTRACK && NF_TABLES -+ select NF_FLOW_TABLE - help - This option adds the flow table IPv6 support. - ---- a/net/netfilter/Kconfig -+++ b/net/netfilter/Kconfig -@@ -675,8 +675,9 @@ endif # NF_TABLES_NETDEV - endif # NF_TABLES - - config NF_FLOW_TABLE_INET -- select NF_FLOW_TABLE - tristate "Netfilter flow table mixed IPv4/IPv6 module" -+ depends on NF_FLOW_TABLE_IPV4 && NF_FLOW_TABLE_IPV6 -+ select NF_FLOW_TABLE - help - This option adds the flow table mixed IPv4/IPv6 support. - -@@ -684,6 +685,7 @@ config NF_FLOW_TABLE_INET - - config NF_FLOW_TABLE - tristate "Netfilter flow table module" -+ depends on NF_CONNTRACK && NF_TABLES - help - This option adds the flow table core infrastructure. - diff --git a/target/linux/generic/backport-4.19/330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch b/target/linux/generic/backport-4.19/330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch deleted file mode 100644 index c599ad79c2..0000000000 --- a/target/linux/generic/backport-4.19/330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch +++ /dev/null @@ -1,59 +0,0 @@ -From: Pablo Neira Ayuso -Date: Tue, 19 Dec 2017 14:07:52 +0100 -Subject: [PATCH] netfilter: nf_tables: remove flag field from struct - nft_af_info - -Replace it by a direct check for the netdev protocol family. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/net/netfilter/nf_tables.h -+++ b/include/net/netfilter/nf_tables.h -@@ -959,10 +959,6 @@ struct nft_table { - char *name; - }; - --enum nft_af_flags { -- NFT_AF_NEEDS_DEV = (1 << 0), --}; -- - /** - * struct nft_af_info - nf_tables address family info - * -@@ -970,14 +966,12 @@ enum nft_af_flags { - * @family: address family - * @owner: module owner - * @tables: used internally -- * @flags: family flags - */ - struct nft_af_info { - struct list_head list; - int family; - struct module *owner; - struct list_head tables; -- u32 flags; - }; - - int nft_register_afinfo(struct net *, struct nft_af_info *); ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -1376,7 +1376,7 @@ static int nft_chain_parse_hook(struct n - hook->type = type; - - hook->dev = NULL; -- if (afi->flags & NFT_AF_NEEDS_DEV) { -+ if (afi->family == NFPROTO_NETDEV) { - char ifname[IFNAMSIZ]; - - if (!ha[NFTA_HOOK_DEV]) { ---- a/net/netfilter/nf_tables_netdev.c -+++ b/net/netfilter/nf_tables_netdev.c -@@ -41,7 +41,6 @@ nft_do_chain_netdev(void *priv, struct s - static struct nft_af_info nft_af_netdev __read_mostly = { - .family = NFPROTO_NETDEV, - .owner = THIS_MODULE, -- .flags = NFT_AF_NEEDS_DEV, - }; - - static int nf_tables_netdev_init_net(struct net *net) diff --git a/target/linux/generic/backport-4.19/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch b/target/linux/generic/backport-4.19/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch deleted file mode 100644 index 35c75a201e..0000000000 --- a/target/linux/generic/backport-4.19/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch +++ /dev/null @@ -1,80 +0,0 @@ -From: Pablo Neira Ayuso -Date: Tue, 19 Dec 2017 12:17:52 +0100 -Subject: [PATCH] netfilter: nf_tables: no need for struct nft_af_info to - enable/disable table - -nf_tables_table_enable() and nf_tables_table_disable() take a pointer to -struct nft_af_info that is never used, remove it. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -640,10 +640,7 @@ err: - return err; - } - --static void _nf_tables_table_disable(struct net *net, -- const struct nft_af_info *afi, -- struct nft_table *table, -- u32 cnt) -+static void nft_table_disable(struct net *net, struct nft_table *table, u32 cnt) - { - struct nft_chain *chain; - u32 i = 0; -@@ -661,9 +658,7 @@ static void _nf_tables_table_disable(str - } - } - --static int nf_tables_table_enable(struct net *net, -- const struct nft_af_info *afi, -- struct nft_table *table) -+static int nf_tables_table_enable(struct net *net, struct nft_table *table) - { - struct nft_chain *chain; - int err, i = 0; -@@ -683,15 +678,13 @@ static int nf_tables_table_enable(struct - return 0; - err: - if (i) -- _nf_tables_table_disable(net, afi, table, i); -+ nft_table_disable(net, table, i); - return err; - } - --static void nf_tables_table_disable(struct net *net, -- const struct nft_af_info *afi, -- struct nft_table *table) -+static void nf_tables_table_disable(struct net *net, struct nft_table *table) - { -- _nf_tables_table_disable(net, afi, table, 0); -+ nft_table_disable(net, table, 0); - } - - static int nf_tables_updtable(struct nft_ctx *ctx) -@@ -720,7 +713,7 @@ static int nf_tables_updtable(struct nft - nft_trans_table_enable(trans) = false; - } else if (!(flags & NFT_TABLE_F_DORMANT) && - ctx->table->flags & NFT_TABLE_F_DORMANT) { -- ret = nf_tables_table_enable(ctx->net, ctx->afi, ctx->table); -+ ret = nf_tables_table_enable(ctx->net, ctx->table); - if (ret >= 0) { - ctx->table->flags &= ~NFT_TABLE_F_DORMANT; - nft_trans_table_enable(trans) = true; -@@ -5792,7 +5785,6 @@ static int nf_tables_commit(struct net * - if (nft_trans_table_update(trans)) { - if (!nft_trans_table_enable(trans)) { - nf_tables_table_disable(net, -- trans->ctx.afi, - trans->ctx.table); - trans->ctx.table->flags |= NFT_TABLE_F_DORMANT; - } -@@ -5956,7 +5948,6 @@ static int nf_tables_abort(struct net *n - if (nft_trans_table_update(trans)) { - if (nft_trans_table_enable(trans)) { - nf_tables_table_disable(net, -- trans->ctx.afi, - trans->ctx.table); - trans->ctx.table->flags |= NFT_TABLE_F_DORMANT; - } diff --git a/target/linux/generic/backport-4.19/332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch b/target/linux/generic/backport-4.19/332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch deleted file mode 100644 index 086178ae20..0000000000 --- a/target/linux/generic/backport-4.19/332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch +++ /dev/null @@ -1,60 +0,0 @@ -From: Pablo Neira Ayuso -Date: Tue, 19 Dec 2017 13:40:22 +0100 -Subject: [PATCH] netfilter: nf_tables: remove struct nft_af_info parameter in - nf_tables_chain_type_lookup() - -Pass family number instead, this comes in preparation for the removal of -struct nft_af_info. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -452,7 +452,7 @@ static inline u64 nf_tables_alloc_handle - static const struct nf_chain_type *chain_type[NFPROTO_NUMPROTO][NFT_CHAIN_T_MAX]; - - static const struct nf_chain_type * --__nf_tables_chain_type_lookup(int family, const struct nlattr *nla) -+__nf_tables_chain_type_lookup(const struct nlattr *nla, u8 family) - { - int i; - -@@ -465,22 +465,20 @@ __nf_tables_chain_type_lookup(int family - } - - static const struct nf_chain_type * --nf_tables_chain_type_lookup(const struct nft_af_info *afi, -- const struct nlattr *nla, -- bool autoload) -+nf_tables_chain_type_lookup(const struct nlattr *nla, u8 family, bool autoload) - { - const struct nf_chain_type *type; - -- type = __nf_tables_chain_type_lookup(afi->family, nla); -+ type = __nf_tables_chain_type_lookup(nla, family); - if (type != NULL) - return type; - #ifdef CONFIG_MODULES - if (autoload) { - nfnl_unlock(NFNL_SUBSYS_NFTABLES); -- request_module("nft-chain-%u-%.*s", afi->family, -+ request_module("nft-chain-%u-%.*s", family, - nla_len(nla), (const char *)nla_data(nla)); - nfnl_lock(NFNL_SUBSYS_NFTABLES); -- type = __nf_tables_chain_type_lookup(afi->family, nla); -+ type = __nf_tables_chain_type_lookup(nla, family); - if (type != NULL) - return ERR_PTR(-EAGAIN); - } -@@ -1356,8 +1354,8 @@ static int nft_chain_parse_hook(struct n - - type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; - if (nla[NFTA_CHAIN_TYPE]) { -- type = nf_tables_chain_type_lookup(afi, nla[NFTA_CHAIN_TYPE], -- create); -+ type = nf_tables_chain_type_lookup(nla[NFTA_CHAIN_TYPE], -+ afi->family, create); - if (IS_ERR(type)) - return PTR_ERR(type); - } diff --git a/target/linux/generic/backport-4.19/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch b/target/linux/generic/backport-4.19/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch deleted file mode 100644 index d140a33518..0000000000 --- a/target/linux/generic/backport-4.19/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Hangbin Liu -Date: Mon, 25 Dec 2017 11:34:54 +0800 -Subject: [PATCH] netfilter: nf_tables: fix potential NULL-ptr deref in - nf_tables_dump_obj_done() - -If there is no NFTA_OBJ_TABLE and NFTA_OBJ_TYPE, the c.data will be NULL in -nf_tables_getobj(). So before free filter->table in nf_tables_dump_obj_done(), -we need to check if filter is NULL first. - -Fixes: e46abbcc05aa ("netfilter: nf_tables: Allow table names of up to 255 chars") -Signed-off-by: Hangbin Liu -Acked-by: Phil Sutter -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -5330,8 +5330,10 @@ static int nf_tables_dump_flowtable_done - if (!filter) - return 0; - -- kfree(filter->table); -- kfree(filter); -+ if (filter) { -+ kfree(filter->table); -+ kfree(filter); -+ } - - return 0; - } diff --git a/target/linux/generic/backport-4.19/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch b/target/linux/generic/backport-4.19/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch deleted file mode 100644 index 59ec44a482..0000000000 --- a/target/linux/generic/backport-4.19/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch +++ /dev/null @@ -1,1450 +0,0 @@ -From: Pablo Neira Ayuso -Date: Tue, 9 Jan 2018 02:38:03 +0100 -Subject: [PATCH] netfilter: nf_tables: add single table list for all families - -Place all existing user defined tables in struct net *, instead of -having one list per family. This saves us from one level of indentation -in netlink dump functions. - -Place pointer to struct nft_af_info in struct nft_table temporarily, as -we still need this to put back reference module reference counter on -table removal. - -This patch comes in preparation for the removal of struct nft_af_info. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/net/netfilter/nf_tables.h -+++ b/include/net/netfilter/nf_tables.h -@@ -143,22 +143,22 @@ static inline void nft_data_debug(const - * struct nft_ctx - nf_tables rule/set context - * - * @net: net namespace -- * @afi: address family info - * @table: the table the chain is contained in - * @chain: the chain the rule is contained in - * @nla: netlink attributes - * @portid: netlink portID of the original message - * @seq: netlink sequence number -+ * @family: protocol family - * @report: notify via unicast netlink message - */ - struct nft_ctx { - struct net *net; -- struct nft_af_info *afi; - struct nft_table *table; - struct nft_chain *chain; - const struct nlattr * const *nla; - u32 portid; - u32 seq; -+ u8 family; - bool report; - }; - -@@ -944,6 +944,7 @@ unsigned int nft_do_chain(struct nft_pkt - * @use: number of chain references to this table - * @flags: table flag (see enum nft_table_flags) - * @genmask: generation mask -+ * @afinfo: address family info - * @name: name of the table - */ - struct nft_table { -@@ -956,6 +957,7 @@ struct nft_table { - u32 use; - u16 flags:14, - genmask:2; -+ struct nft_af_info *afi; - char *name; - }; - -@@ -965,13 +967,11 @@ struct nft_table { - * @list: used internally - * @family: address family - * @owner: module owner -- * @tables: used internally - */ - struct nft_af_info { - struct list_head list; - int family; - struct module *owner; -- struct list_head tables; - }; - - int nft_register_afinfo(struct net *, struct nft_af_info *); ---- a/include/net/netns/nftables.h -+++ b/include/net/netns/nftables.h -@@ -8,6 +8,7 @@ struct nft_af_info; - - struct netns_nftables { - struct list_head af_info; -+ struct list_head tables; - struct list_head commit_list; - struct nft_af_info *ipv4; - struct nft_af_info *ipv6; ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -37,7 +37,6 @@ static LIST_HEAD(nf_tables_flowtables); - */ - int nft_register_afinfo(struct net *net, struct nft_af_info *afi) - { -- INIT_LIST_HEAD(&afi->tables); - nfnl_lock(NFNL_SUBSYS_NFTABLES); - list_add_tail_rcu(&afi->list, &net->nft.af_info); - nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -99,13 +98,13 @@ static void nft_ctx_init(struct nft_ctx - struct net *net, - const struct sk_buff *skb, - const struct nlmsghdr *nlh, -- struct nft_af_info *afi, -+ u8 family, - struct nft_table *table, - struct nft_chain *chain, - const struct nlattr * const *nla) - { - ctx->net = net; -- ctx->afi = afi; -+ ctx->family = family; - ctx->table = table; - ctx->chain = chain; - ctx->nla = nla; -@@ -414,30 +413,31 @@ static int nft_delflowtable(struct nft_c - * Tables - */ - --static struct nft_table *nft_table_lookup(const struct nft_af_info *afi, -+static struct nft_table *nft_table_lookup(const struct net *net, - const struct nlattr *nla, -- u8 genmask) -+ u8 family, u8 genmask) - { - struct nft_table *table; - -- list_for_each_entry(table, &afi->tables, list) { -+ list_for_each_entry(table, &net->nft.tables, list) { - if (!nla_strcmp(nla, table->name) && -+ table->afi->family == family && - nft_active_genmask(table, genmask)) - return table; - } - return NULL; - } - --static struct nft_table *nf_tables_table_lookup(const struct nft_af_info *afi, -+static struct nft_table *nf_tables_table_lookup(const struct net *net, - const struct nlattr *nla, -- u8 genmask) -+ u8 family, u8 genmask) - { - struct nft_table *table; - - if (nla == NULL) - return ERR_PTR(-EINVAL); - -- table = nft_table_lookup(afi, nla, genmask); -+ table = nft_table_lookup(net, nla, family, genmask); - if (table != NULL) - return table; - -@@ -536,7 +536,7 @@ static void nf_tables_table_notify(const - goto err; - - err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq, -- event, 0, ctx->afi->family, ctx->table); -+ event, 0, ctx->family, ctx->table); - if (err < 0) { - kfree_skb(skb); - goto err; -@@ -553,7 +553,6 @@ static int nf_tables_dump_tables(struct - struct netlink_callback *cb) - { - const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); -- const struct nft_af_info *afi; - const struct nft_table *table; - unsigned int idx = 0, s_idx = cb->args[0]; - struct net *net = sock_net(skb->sk); -@@ -562,30 +561,27 @@ static int nf_tables_dump_tables(struct - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (family != NFPROTO_UNSPEC && family != afi->family) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (family != NFPROTO_UNSPEC && family != table->afi->family) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- if (idx < s_idx) -- goto cont; -- if (idx > s_idx) -- memset(&cb->args[1], 0, -- sizeof(cb->args) - sizeof(cb->args[0])); -- if (!nft_is_active(net, table)) -- continue; -- if (nf_tables_fill_table_info(skb, net, -- NETLINK_CB(cb->skb).portid, -- cb->nlh->nlmsg_seq, -- NFT_MSG_NEWTABLE, -- NLM_F_MULTI, -- afi->family, table) < 0) -- goto done; -+ if (idx < s_idx) -+ goto cont; -+ if (idx > s_idx) -+ memset(&cb->args[1], 0, -+ sizeof(cb->args) - sizeof(cb->args[0])); -+ if (!nft_is_active(net, table)) -+ continue; -+ if (nf_tables_fill_table_info(skb, net, -+ NETLINK_CB(cb->skb).portid, -+ cb->nlh->nlmsg_seq, -+ NFT_MSG_NEWTABLE, NLM_F_MULTI, -+ table->afi->family, table) < 0) -+ goto done; - -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -+ idx++; - } - done: - rcu_read_unlock(); -@@ -617,7 +613,8 @@ static int nf_tables_gettable(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_TABLE_NAME], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -748,7 +745,7 @@ static int nf_tables_newtable(struct net - return PTR_ERR(afi); - - name = nla[NFTA_TABLE_NAME]; -- table = nf_tables_table_lookup(afi, name, genmask); -+ table = nf_tables_table_lookup(net, name, afi->family, genmask); - if (IS_ERR(table)) { - if (PTR_ERR(table) != -ENOENT) - return PTR_ERR(table); -@@ -758,7 +755,7 @@ static int nf_tables_newtable(struct net - if (nlh->nlmsg_flags & NLM_F_REPLACE) - return -EOPNOTSUPP; - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - return nf_tables_updtable(&ctx); - } - -@@ -785,14 +782,15 @@ static int nf_tables_newtable(struct net - INIT_LIST_HEAD(&table->sets); - INIT_LIST_HEAD(&table->objects); - INIT_LIST_HEAD(&table->flowtables); -+ table->afi = afi; - table->flags = flags; - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE); - if (err < 0) - goto err4; - -- list_add_tail_rcu(&table->list, &afi->tables); -+ list_add_tail_rcu(&table->list, &net->nft.tables); - return 0; - err4: - kfree(table->name); -@@ -866,30 +864,28 @@ out: - - static int nft_flush(struct nft_ctx *ctx, int family) - { -- struct nft_af_info *afi; - struct nft_table *table, *nt; - const struct nlattr * const *nla = ctx->nla; - int err = 0; - -- list_for_each_entry(afi, &ctx->net->nft.af_info, list) { -- if (family != AF_UNSPEC && afi->family != family) -+ list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) { -+ if (family != AF_UNSPEC && table->afi->family != family) - continue; - -- ctx->afi = afi; -- list_for_each_entry_safe(table, nt, &afi->tables, list) { -- if (!nft_is_active_next(ctx->net, table)) -- continue; -+ ctx->family = table->afi->family; - -- if (nla[NFTA_TABLE_NAME] && -- nla_strcmp(nla[NFTA_TABLE_NAME], table->name) != 0) -- continue; -+ if (!nft_is_active_next(ctx->net, table)) -+ continue; - -- ctx->table = table; -+ if (nla[NFTA_TABLE_NAME] && -+ nla_strcmp(nla[NFTA_TABLE_NAME], table->name) != 0) -+ continue; - -- err = nft_flush_table(ctx); -- if (err < 0) -- goto out; -- } -+ ctx->table = table; -+ -+ err = nft_flush_table(ctx); -+ if (err < 0) -+ goto out; - } - out: - return err; -@@ -907,7 +903,7 @@ static int nf_tables_deltable(struct net - int family = nfmsg->nfgen_family; - struct nft_ctx ctx; - -- nft_ctx_init(&ctx, net, skb, nlh, NULL, NULL, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, 0, NULL, NULL, nla); - if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL) - return nft_flush(&ctx, family); - -@@ -915,7 +911,8 @@ static int nf_tables_deltable(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_TABLE_NAME], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -923,7 +920,7 @@ static int nf_tables_deltable(struct net - table->use > 0) - return -EBUSY; - -- ctx.afi = afi; -+ ctx.family = afi->family; - ctx.table = table; - - return nft_flush_table(&ctx); -@@ -935,7 +932,7 @@ static void nf_tables_table_destroy(stru - - kfree(ctx->table->name); - kfree(ctx->table); -- module_put(ctx->afi->owner); -+ module_put(ctx->table->afi->owner); - } - - int nft_register_chain_type(const struct nf_chain_type *ctype) -@@ -1136,7 +1133,7 @@ static void nf_tables_chain_notify(const - goto err; - - err = nf_tables_fill_chain_info(skb, ctx->net, ctx->portid, ctx->seq, -- event, 0, ctx->afi->family, ctx->table, -+ event, 0, ctx->family, ctx->table, - ctx->chain); - if (err < 0) { - kfree_skb(skb); -@@ -1154,7 +1151,6 @@ static int nf_tables_dump_chains(struct - struct netlink_callback *cb) - { - const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); -- const struct nft_af_info *afi; - const struct nft_table *table; - const struct nft_chain *chain; - unsigned int idx = 0, s_idx = cb->args[0]; -@@ -1164,31 +1160,30 @@ static int nf_tables_dump_chains(struct - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (family != NFPROTO_UNSPEC && family != afi->family) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (family != NFPROTO_UNSPEC && family != table->afi->family) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- list_for_each_entry_rcu(chain, &table->chains, list) { -- if (idx < s_idx) -- goto cont; -- if (idx > s_idx) -- memset(&cb->args[1], 0, -- sizeof(cb->args) - sizeof(cb->args[0])); -- if (!nft_is_active(net, chain)) -- continue; -- if (nf_tables_fill_chain_info(skb, net, -- NETLINK_CB(cb->skb).portid, -- cb->nlh->nlmsg_seq, -- NFT_MSG_NEWCHAIN, -- NLM_F_MULTI, -- afi->family, table, chain) < 0) -- goto done; -+ list_for_each_entry_rcu(chain, &table->chains, list) { -+ if (idx < s_idx) -+ goto cont; -+ if (idx > s_idx) -+ memset(&cb->args[1], 0, -+ sizeof(cb->args) - sizeof(cb->args[0])); -+ if (!nft_is_active(net, chain)) -+ continue; -+ if (nf_tables_fill_chain_info(skb, net, -+ NETLINK_CB(cb->skb).portid, -+ cb->nlh->nlmsg_seq, -+ NFT_MSG_NEWCHAIN, -+ NLM_F_MULTI, -+ table->afi->family, table, -+ chain) < 0) -+ goto done; - -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -+ idx++; - } - } - done: -@@ -1222,7 +1217,8 @@ static int nf_tables_getchain(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_CHAIN_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -1332,8 +1328,8 @@ struct nft_chain_hook { - - static int nft_chain_parse_hook(struct net *net, - const struct nlattr * const nla[], -- struct nft_af_info *afi, -- struct nft_chain_hook *hook, bool create) -+ struct nft_chain_hook *hook, u8 family, -+ bool create) - { - struct nlattr *ha[NFTA_HOOK_MAX + 1]; - const struct nf_chain_type *type; -@@ -1352,10 +1348,10 @@ static int nft_chain_parse_hook(struct n - hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM])); - hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); - -- type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; -+ type = chain_type[family][NFT_CHAIN_T_DEFAULT]; - if (nla[NFTA_CHAIN_TYPE]) { - type = nf_tables_chain_type_lookup(nla[NFTA_CHAIN_TYPE], -- afi->family, create); -+ family, create); - if (IS_ERR(type)) - return PTR_ERR(type); - } -@@ -1367,7 +1363,7 @@ static int nft_chain_parse_hook(struct n - hook->type = type; - - hook->dev = NULL; -- if (afi->family == NFPROTO_NETDEV) { -+ if (family == NFPROTO_NETDEV) { - char ifname[IFNAMSIZ]; - - if (!ha[NFTA_HOOK_DEV]) { -@@ -1402,7 +1398,6 @@ static int nf_tables_addchain(struct nft - { - const struct nlattr * const *nla = ctx->nla; - struct nft_table *table = ctx->table; -- struct nft_af_info *afi = ctx->afi; - struct nft_base_chain *basechain; - struct nft_stats __percpu *stats; - struct net *net = ctx->net; -@@ -1416,7 +1411,7 @@ static int nf_tables_addchain(struct nft - struct nft_chain_hook hook; - struct nf_hook_ops *ops; - -- err = nft_chain_parse_hook(net, nla, afi, &hook, create); -+ err = nft_chain_parse_hook(net, nla, &hook, family, create); - if (err < 0) - return err; - -@@ -1508,7 +1503,7 @@ static int nf_tables_updchain(struct nft - if (!nft_is_base_chain(chain)) - return -EBUSY; - -- err = nft_chain_parse_hook(ctx->net, nla, ctx->afi, &hook, -+ err = nft_chain_parse_hook(ctx->net, nla, &hook, ctx->family, - create); - if (err < 0) - return err; -@@ -1618,7 +1613,8 @@ static int nf_tables_newchain(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_CHAIN_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -1658,7 +1654,7 @@ static int nf_tables_newchain(struct net - } - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); - - if (chain != NULL) { - if (nlh->nlmsg_flags & NLM_F_EXCL) -@@ -1692,7 +1688,8 @@ static int nf_tables_delchain(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_CHAIN_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -1704,7 +1701,7 @@ static int nf_tables_delchain(struct net - chain->use > 0) - return -EBUSY; - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); - - use = chain->use; - list_for_each_entry(rule, &chain->rules, list) { -@@ -1869,7 +1866,7 @@ static int nf_tables_expr_parse(const st - if (err < 0) - return err; - -- type = nft_expr_type_get(ctx->afi->family, tb[NFTA_EXPR_NAME]); -+ type = nft_expr_type_get(ctx->family, tb[NFTA_EXPR_NAME]); - if (IS_ERR(type)) - return PTR_ERR(type); - -@@ -2093,7 +2090,7 @@ static void nf_tables_rule_notify(const - goto err; - - err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq, -- event, 0, ctx->afi->family, ctx->table, -+ event, 0, ctx->family, ctx->table, - ctx->chain, rule); - if (err < 0) { - kfree_skb(skb); -@@ -2117,7 +2114,6 @@ static int nf_tables_dump_rules(struct s - { - const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); - const struct nft_rule_dump_ctx *ctx = cb->data; -- const struct nft_af_info *afi; - const struct nft_table *table; - const struct nft_chain *chain; - const struct nft_rule *rule; -@@ -2128,39 +2124,37 @@ static int nf_tables_dump_rules(struct s - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (family != NFPROTO_UNSPEC && family != afi->family) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (family != NFPROTO_UNSPEC && family != table->afi->family) -+ continue; -+ -+ if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- if (ctx && ctx->table && -- strcmp(ctx->table, table->name) != 0) -+ list_for_each_entry_rcu(chain, &table->chains, list) { -+ if (ctx && ctx->chain && -+ strcmp(ctx->chain, chain->name) != 0) - continue; - -- list_for_each_entry_rcu(chain, &table->chains, list) { -- if (ctx && ctx->chain && -- strcmp(ctx->chain, chain->name) != 0) -- continue; -- -- list_for_each_entry_rcu(rule, &chain->rules, list) { -- if (!nft_is_active(net, rule)) -- goto cont; -- if (idx < s_idx) -- goto cont; -- if (idx > s_idx) -- memset(&cb->args[1], 0, -- sizeof(cb->args) - sizeof(cb->args[0])); -- if (nf_tables_fill_rule_info(skb, net, NETLINK_CB(cb->skb).portid, -- cb->nlh->nlmsg_seq, -- NFT_MSG_NEWRULE, -- NLM_F_MULTI | NLM_F_APPEND, -- afi->family, table, chain, rule) < 0) -- goto done; -+ list_for_each_entry_rcu(rule, &chain->rules, list) { -+ if (!nft_is_active(net, rule)) -+ goto cont; -+ if (idx < s_idx) -+ goto cont; -+ if (idx > s_idx) -+ memset(&cb->args[1], 0, -+ sizeof(cb->args) - sizeof(cb->args[0])); -+ if (nf_tables_fill_rule_info(skb, net, NETLINK_CB(cb->skb).portid, -+ cb->nlh->nlmsg_seq, -+ NFT_MSG_NEWRULE, -+ NLM_F_MULTI | NLM_F_APPEND, -+ table->afi->family, -+ table, chain, rule) < 0) -+ goto done; - -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -+ idx++; - } - } - } -@@ -2238,7 +2232,8 @@ static int nf_tables_getrule(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_RULE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -2322,7 +2317,8 @@ static int nf_tables_newrule(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_RULE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -2361,7 +2357,7 @@ static int nf_tables_newrule(struct net - return PTR_ERR(old_rule); - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); - - n = 0; - size = 0; -@@ -2501,7 +2497,8 @@ static int nf_tables_delrule(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_RULE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -2512,7 +2509,7 @@ static int nf_tables_delrule(struct net - return PTR_ERR(chain); - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); - - if (chain) { - if (nla[NFTA_RULE_HANDLE]) { -@@ -2710,13 +2707,13 @@ static int nft_ctx_init_from_setattr(str - if (afi == NULL) - return -EAFNOSUPPORT; - -- table = nf_tables_table_lookup(afi, nla[NFTA_SET_TABLE], -- genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], -+ afi->family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - } - -- nft_ctx_init(ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); - return 0; - } - -@@ -2844,7 +2841,7 @@ static int nf_tables_fill_set(struct sk_ - goto nla_put_failure; - - nfmsg = nlmsg_data(nlh); -- nfmsg->nfgen_family = ctx->afi->family; -+ nfmsg->nfgen_family = ctx->family; - nfmsg->version = NFNETLINK_V0; - nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); - -@@ -2936,10 +2933,8 @@ static int nf_tables_dump_sets(struct sk - { - const struct nft_set *set; - unsigned int idx, s_idx = cb->args[0]; -- struct nft_af_info *afi; - struct nft_table *table, *cur_table = (struct nft_table *)cb->args[2]; - struct net *net = sock_net(skb->sk); -- int cur_family = cb->args[3]; - struct nft_ctx *ctx = cb->data, ctx_set; - - if (cb->args[1]) -@@ -2948,51 +2943,44 @@ static int nf_tables_dump_sets(struct sk - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (ctx->afi && ctx->afi != afi) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (ctx->family != NFPROTO_UNSPEC && -+ ctx->family != table->afi->family) - continue; - -- if (cur_family) { -- if (afi->family != cur_family) -- continue; -+ if (ctx->table && ctx->table != table) -+ continue; - -- cur_family = 0; -- } -- list_for_each_entry_rcu(table, &afi->tables, list) { -- if (ctx->table && ctx->table != table) -+ if (cur_table) { -+ if (cur_table != table) - continue; - -- if (cur_table) { -- if (cur_table != table) -- continue; -+ cur_table = NULL; -+ } -+ idx = 0; -+ list_for_each_entry_rcu(set, &table->sets, list) { -+ if (idx < s_idx) -+ goto cont; -+ if (!nft_is_active(net, set)) -+ goto cont; - -- cur_table = NULL; -+ ctx_set = *ctx; -+ ctx_set.table = table; -+ ctx_set.family = table->afi->family; -+ -+ if (nf_tables_fill_set(skb, &ctx_set, set, -+ NFT_MSG_NEWSET, -+ NLM_F_MULTI) < 0) { -+ cb->args[0] = idx; -+ cb->args[2] = (unsigned long) table; -+ goto done; - } -- idx = 0; -- list_for_each_entry_rcu(set, &table->sets, list) { -- if (idx < s_idx) -- goto cont; -- if (!nft_is_active(net, set)) -- goto cont; -- -- ctx_set = *ctx; -- ctx_set.table = table; -- ctx_set.afi = afi; -- if (nf_tables_fill_set(skb, &ctx_set, set, -- NFT_MSG_NEWSET, -- NLM_F_MULTI) < 0) { -- cb->args[0] = idx; -- cb->args[2] = (unsigned long) table; -- cb->args[3] = afi->family; -- goto done; -- } -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -- if (s_idx) -- s_idx = 0; -+ idx++; - } -+ if (s_idx) -+ s_idx = 0; - } - cb->args[1] = 1; - done: -@@ -3202,11 +3190,12 @@ static int nf_tables_newset(struct net * - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_SET_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - - set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); - if (IS_ERR(set)) { -@@ -3475,12 +3464,12 @@ static int nft_ctx_init_from_elemattr(st - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_SET_ELEM_LIST_TABLE], -- genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_SET_ELEM_LIST_TABLE], -+ afi->family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -- nft_ctx_init(ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); - return 0; - } - -@@ -3585,7 +3574,6 @@ static int nf_tables_dump_set(struct sk_ - { - struct nft_set_dump_ctx *dump_ctx = cb->data; - struct net *net = sock_net(skb->sk); -- struct nft_af_info *afi; - struct nft_table *table; - struct nft_set *set; - struct nft_set_dump_args args; -@@ -3597,21 +3585,19 @@ static int nf_tables_dump_set(struct sk_ - int event; - - rcu_read_lock(); -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (afi != dump_ctx->ctx.afi) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (dump_ctx->ctx.family != NFPROTO_UNSPEC && -+ dump_ctx->ctx.family != table->afi->family) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- if (table != dump_ctx->ctx.table) -- continue; -+ if (table != dump_ctx->ctx.table) -+ continue; - -- list_for_each_entry_rcu(set, &table->sets, list) { -- if (set == dump_ctx->set) { -- set_found = true; -- break; -- } -+ list_for_each_entry_rcu(set, &table->sets, list) { -+ if (set == dump_ctx->set) { -+ set_found = true; -+ break; - } -- break; - } - break; - } -@@ -3631,7 +3617,7 @@ static int nf_tables_dump_set(struct sk_ - goto nla_put_failure; - - nfmsg = nlmsg_data(nlh); -- nfmsg->nfgen_family = afi->family; -+ nfmsg->nfgen_family = table->afi->family; - nfmsg->version = NFNETLINK_V0; - nfmsg->res_id = htons(net->nft.base_seq & 0xffff); - -@@ -3733,7 +3719,7 @@ static int nf_tables_fill_setelem_info(s - goto nla_put_failure; - - nfmsg = nlmsg_data(nlh); -- nfmsg->nfgen_family = ctx->afi->family; -+ nfmsg->nfgen_family = ctx->family; - nfmsg->version = NFNETLINK_V0; - nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); - -@@ -3977,7 +3963,7 @@ static int nft_add_set_elem(struct nft_c - list_for_each_entry(binding, &set->bindings, list) { - struct nft_ctx bind_ctx = { - .net = ctx->net, -- .afi = ctx->afi, -+ .family = ctx->family, - .table = ctx->table, - .chain = (struct nft_chain *)binding->chain, - }; -@@ -4527,7 +4513,8 @@ static int nf_tables_newobj(struct net * - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_OBJ_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -4545,7 +4532,7 @@ static int nf_tables_newobj(struct net * - return 0; - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - - type = nft_obj_type_get(objtype); - if (IS_ERR(type)) -@@ -4622,7 +4609,6 @@ struct nft_obj_filter { - static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) - { - const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); -- const struct nft_af_info *afi; - const struct nft_table *table; - unsigned int idx = 0, s_idx = cb->args[0]; - struct nft_obj_filter *filter = cb->data; -@@ -4637,38 +4623,37 @@ static int nf_tables_dump_obj(struct sk_ - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (family != NFPROTO_UNSPEC && family != afi->family) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (family != NFPROTO_UNSPEC && family != table->afi->family) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- list_for_each_entry_rcu(obj, &table->objects, list) { -- if (!nft_is_active(net, obj)) -- goto cont; -- if (idx < s_idx) -- goto cont; -- if (idx > s_idx) -- memset(&cb->args[1], 0, -- sizeof(cb->args) - sizeof(cb->args[0])); -- if (filter && filter->table && -- strcmp(filter->table, table->name)) -- goto cont; -- if (filter && -- filter->type != NFT_OBJECT_UNSPEC && -- obj->ops->type->type != filter->type) -- goto cont; -+ list_for_each_entry_rcu(obj, &table->objects, list) { -+ if (!nft_is_active(net, obj)) -+ goto cont; -+ if (idx < s_idx) -+ goto cont; -+ if (idx > s_idx) -+ memset(&cb->args[1], 0, -+ sizeof(cb->args) - sizeof(cb->args[0])); -+ if (filter && filter->table && -+ strcmp(filter->table, table->name)) -+ goto cont; -+ if (filter && -+ filter->type != NFT_OBJECT_UNSPEC && -+ obj->ops->type->type != filter->type) -+ goto cont; - -- if (nf_tables_fill_obj_info(skb, net, NETLINK_CB(cb->skb).portid, -- cb->nlh->nlmsg_seq, -- NFT_MSG_NEWOBJ, -- NLM_F_MULTI | NLM_F_APPEND, -- afi->family, table, obj, reset) < 0) -- goto done; -+ if (nf_tables_fill_obj_info(skb, net, NETLINK_CB(cb->skb).portid, -+ cb->nlh->nlmsg_seq, -+ NFT_MSG_NEWOBJ, -+ NLM_F_MULTI | NLM_F_APPEND, -+ table->afi->family, table, -+ obj, reset) < 0) -+ goto done; - -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -+ idx++; - } - } - done: -@@ -4755,7 +4740,8 @@ static int nf_tables_getobj(struct net * - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_OBJ_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -4815,7 +4801,8 @@ static int nf_tables_delobj(struct net * - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_OBJ_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -4826,7 +4813,7 @@ static int nf_tables_delobj(struct net * - if (obj->use > 0) - return -EBUSY; - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - - return nft_delobj(&ctx, obj); - } -@@ -4864,7 +4851,7 @@ static void nf_tables_obj_notify(const s - struct nft_object *obj, int event) - { - nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event, -- ctx->afi->family, ctx->report, GFP_KERNEL); -+ ctx->family, ctx->report, GFP_KERNEL); - } - - /* -@@ -5054,7 +5041,7 @@ void nft_flow_table_iterate(struct net * - - rcu_read_lock(); - list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- list_for_each_entry_rcu(table, &afi->tables, list) { -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { - list_for_each_entry_rcu(flowtable, &table->flowtables, list) { - iter(&flowtable->data, data); - } -@@ -5102,7 +5089,8 @@ static int nf_tables_newflowtable(struct - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], -+ afi->family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -5119,7 +5107,7 @@ static int nf_tables_newflowtable(struct - return 0; - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - - flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); - if (!flowtable) -@@ -5200,7 +5188,8 @@ static int nf_tables_delflowtable(struct - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], -+ afi->family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -5211,7 +5200,7 @@ static int nf_tables_delflowtable(struct - if (flowtable->use > 0) - return -EBUSY; - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - - return nft_delflowtable(&ctx, flowtable); - } -@@ -5280,40 +5269,37 @@ static int nf_tables_dump_flowtable(stru - struct net *net = sock_net(skb->sk); - int family = nfmsg->nfgen_family; - struct nft_flowtable *flowtable; -- const struct nft_af_info *afi; - const struct nft_table *table; - - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (family != NFPROTO_UNSPEC && family != afi->family) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (family != NFPROTO_UNSPEC && family != table->afi->family) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -- if (!nft_is_active(net, flowtable)) -- goto cont; -- if (idx < s_idx) -- goto cont; -- if (idx > s_idx) -- memset(&cb->args[1], 0, -- sizeof(cb->args) - sizeof(cb->args[0])); -- if (filter && filter->table[0] && -- strcmp(filter->table, table->name)) -- goto cont; -+ list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -+ if (!nft_is_active(net, flowtable)) -+ goto cont; -+ if (idx < s_idx) -+ goto cont; -+ if (idx > s_idx) -+ memset(&cb->args[1], 0, -+ sizeof(cb->args) - sizeof(cb->args[0])); -+ if (filter && filter->table && -+ strcmp(filter->table, table->name)) -+ goto cont; - -- if (nf_tables_fill_flowtable_info(skb, net, NETLINK_CB(cb->skb).portid, -- cb->nlh->nlmsg_seq, -- NFT_MSG_NEWFLOWTABLE, -- NLM_F_MULTI | NLM_F_APPEND, -- afi->family, flowtable) < 0) -- goto done; -+ if (nf_tables_fill_flowtable_info(skb, net, NETLINK_CB(cb->skb).portid, -+ cb->nlh->nlmsg_seq, -+ NFT_MSG_NEWFLOWTABLE, -+ NLM_F_MULTI | NLM_F_APPEND, -+ table->afi->family, flowtable) < 0) -+ goto done; - -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -+ idx++; - } - } - done: -@@ -5398,7 +5384,8 @@ static int nf_tables_getflowtable(struct - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], -+ afi->family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -5441,7 +5428,7 @@ static void nf_tables_flowtable_notify(s - - err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, - ctx->seq, event, 0, -- ctx->afi->family, flowtable); -+ ctx->family, flowtable); - if (err < 0) { - kfree_skb(skb); - goto err; -@@ -5519,17 +5506,14 @@ static int nf_tables_flowtable_event(str - struct net_device *dev = netdev_notifier_info_to_dev(ptr); - struct nft_flowtable *flowtable; - struct nft_table *table; -- struct nft_af_info *afi; - - if (event != NETDEV_UNREGISTER) - return 0; - - nfnl_lock(NFNL_SUBSYS_NFTABLES); -- list_for_each_entry(afi, &dev_net(dev)->nft.af_info, list) { -- list_for_each_entry(table, &afi->tables, list) { -- list_for_each_entry(flowtable, &table->flowtables, list) { -- nft_flowtable_event(event, dev, flowtable); -- } -+ list_for_each_entry(table, &dev_net(dev)->nft.tables, list) { -+ list_for_each_entry(flowtable, &table->flowtables, list) { -+ nft_flowtable_event(event, dev, flowtable); - } - } - nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -6555,6 +6539,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); - static int __net_init nf_tables_init_net(struct net *net) - { - INIT_LIST_HEAD(&net->nft.af_info); -+ INIT_LIST_HEAD(&net->nft.tables); - INIT_LIST_HEAD(&net->nft.commit_list); - net->nft.base_seq = 1; - return 0; -@@ -6591,10 +6576,10 @@ static void __nft_release_afinfo(struct - struct nft_set *set, *ns; - struct nft_ctx ctx = { - .net = net, -- .afi = afi, -+ .family = afi->family, - }; - -- list_for_each_entry_safe(table, nt, &afi->tables, list) { -+ list_for_each_entry_safe(table, nt, &net->nft.tables, list) { - list_for_each_entry(chain, &table->chains, list) - nf_tables_unregister_hook(net, table, chain); - list_for_each_entry(flowtable, &table->flowtables, list) ---- a/net/netfilter/nf_tables_netdev.c -+++ b/net/netfilter/nf_tables_netdev.c -@@ -107,7 +107,6 @@ static int nf_tables_netdev_event(struct - unsigned long event, void *ptr) - { - struct net_device *dev = netdev_notifier_info_to_dev(ptr); -- struct nft_af_info *afi; - struct nft_table *table; - struct nft_chain *chain, *nr; - struct nft_ctx ctx = { -@@ -119,20 +118,18 @@ static int nf_tables_netdev_event(struct - return NOTIFY_DONE; - - nfnl_lock(NFNL_SUBSYS_NFTABLES); -- list_for_each_entry(afi, &dev_net(dev)->nft.af_info, list) { -- ctx.afi = afi; -- if (afi->family != NFPROTO_NETDEV) -+ list_for_each_entry(table, &ctx.net->nft.tables, list) { -+ if (table->afi->family != NFPROTO_NETDEV) - continue; - -- list_for_each_entry(table, &afi->tables, list) { -- ctx.table = table; -- list_for_each_entry_safe(chain, nr, &table->chains, list) { -- if (!nft_is_base_chain(chain)) -- continue; -+ ctx.family = table->afi->family; -+ ctx.table = table; -+ list_for_each_entry_safe(chain, nr, &table->chains, list) { -+ if (!nft_is_base_chain(chain)) -+ continue; - -- ctx.chain = chain; -- nft_netdev_event(event, dev, &ctx); -- } -+ ctx.chain = chain; -+ nft_netdev_event(event, dev, &ctx); - } - } - nfnl_unlock(NFNL_SUBSYS_NFTABLES); ---- a/net/netfilter/nft_compat.c -+++ b/net/netfilter/nft_compat.c -@@ -161,7 +161,7 @@ nft_target_set_tgchk_param(struct xt_tgc - { - par->net = ctx->net; - par->table = ctx->table->name; -- switch (ctx->afi->family) { -+ switch (ctx->family) { - case AF_INET: - entry->e4.ip.proto = proto; - entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0; -@@ -192,7 +192,7 @@ nft_target_set_tgchk_param(struct xt_tgc - } else { - par->hook_mask = 0; - } -- par->family = ctx->afi->family; -+ par->family = ctx->family; - par->nft_compat = true; - } - -@@ -282,7 +282,7 @@ nft_target_destroy(const struct nft_ctx - par.net = ctx->net; - par.target = target; - par.targinfo = info; -- par.family = ctx->afi->family; -+ par.family = ctx->family; - if (par.target->destroy != NULL) - par.target->destroy(&par); - -@@ -389,7 +389,7 @@ nft_match_set_mtchk_param(struct xt_mtch - { - par->net = ctx->net; - par->table = ctx->table->name; -- switch (ctx->afi->family) { -+ switch (ctx->family) { - case AF_INET: - entry->e4.ip.proto = proto; - entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0; -@@ -420,7 +420,7 @@ nft_match_set_mtchk_param(struct xt_mtch - } else { - par->hook_mask = 0; - } -- par->family = ctx->afi->family; -+ par->family = ctx->family; - par->nft_compat = true; - } - -@@ -502,7 +502,7 @@ __nft_match_destroy(const struct nft_ctx - par.net = ctx->net; - par.match = match; - par.matchinfo = info; -- par.family = ctx->afi->family; -+ par.family = ctx->family; - if (par.match->destroy != NULL) - par.match->destroy(&par); - -@@ -732,7 +732,7 @@ nft_match_select_ops(const struct nft_ct - - mt_name = nla_data(tb[NFTA_MATCH_NAME]); - rev = ntohl(nla_get_be32(tb[NFTA_MATCH_REV])); -- family = ctx->afi->family; -+ family = ctx->family; - - /* Re-use the existing match if it's already loaded. */ - list_for_each_entry(nft_match, &nft_match_list, head) { -@@ -823,7 +823,7 @@ nft_target_select_ops(const struct nft_c - - tg_name = nla_data(tb[NFTA_TARGET_NAME]); - rev = ntohl(nla_get_be32(tb[NFTA_TARGET_REV])); -- family = ctx->afi->family; -+ family = ctx->family; - - if (strcmp(tg_name, XT_ERROR_TARGET) == 0 || - strcmp(tg_name, XT_STANDARD_TARGET) == 0 || ---- a/net/netfilter/nft_ct.c -+++ b/net/netfilter/nft_ct.c -@@ -405,7 +405,7 @@ static int nft_ct_get_init(const struct - if (tb[NFTA_CT_DIRECTION] == NULL) - return -EINVAL; - -- switch (ctx->afi->family) { -+ switch (ctx->family) { - case NFPROTO_IPV4: - len = FIELD_SIZEOF(struct nf_conntrack_tuple, - src.u3.ip); -@@ -456,7 +456,7 @@ static int nft_ct_get_init(const struct - if (err < 0) - return err; - -- err = nf_ct_netns_get(ctx->net, ctx->afi->family); -+ err = nf_ct_netns_get(ctx->net, ctx->family); - if (err < 0) - return err; - -@@ -550,7 +550,7 @@ static int nft_ct_set_init(const struct - if (err < 0) - goto err1; - -- err = nf_ct_netns_get(ctx->net, ctx->afi->family); -+ err = nf_ct_netns_get(ctx->net, ctx->family); - if (err < 0) - goto err1; - -@@ -564,7 +564,7 @@ err1: - static void nft_ct_get_destroy(const struct nft_ctx *ctx, - const struct nft_expr *expr) - { -- nf_ct_netns_put(ctx->net, ctx->afi->family); -+ nf_ct_netns_put(ctx->net, ctx->family); - } - - static void nft_ct_set_destroy(const struct nft_ctx *ctx, -@@ -573,7 +573,7 @@ static void nft_ct_set_destroy(const str - struct nft_ct *priv = nft_expr_priv(expr); - - __nft_ct_set_destroy(ctx, priv); -- nf_ct_netns_put(ctx->net, ctx->afi->family); -+ nf_ct_netns_put(ctx->net, ctx->family); - } - - static int nft_ct_get_dump(struct sk_buff *skb, const struct nft_expr *expr) -@@ -734,7 +734,7 @@ static int nft_ct_helper_obj_init(const - struct nft_ct_helper_obj *priv = nft_obj_data(obj); - struct nf_conntrack_helper *help4, *help6; - char name[NF_CT_HELPER_NAME_LEN]; -- int family = ctx->afi->family; -+ int family = ctx->family; - - if (!tb[NFTA_CT_HELPER_NAME] || !tb[NFTA_CT_HELPER_L4PROTO]) - return -EINVAL; -@@ -753,14 +753,14 @@ static int nft_ct_helper_obj_init(const - - switch (family) { - case NFPROTO_IPV4: -- if (ctx->afi->family == NFPROTO_IPV6) -+ if (ctx->family == NFPROTO_IPV6) - return -EINVAL; - - help4 = nf_conntrack_helper_try_module_get(name, family, - priv->l4proto); - break; - case NFPROTO_IPV6: -- if (ctx->afi->family == NFPROTO_IPV4) -+ if (ctx->family == NFPROTO_IPV4) - return -EINVAL; - - help6 = nf_conntrack_helper_try_module_get(name, family, ---- a/net/netfilter/nft_flow_offload.c -+++ b/net/netfilter/nft_flow_offload.c -@@ -151,7 +151,7 @@ static int nft_flow_offload_init(const s - priv->flowtable = flowtable; - flowtable->use++; - -- return nf_ct_netns_get(ctx->net, ctx->afi->family); -+ return nf_ct_netns_get(ctx->net, ctx->family); - } - - static void nft_flow_offload_destroy(const struct nft_ctx *ctx, -@@ -160,7 +160,7 @@ static void nft_flow_offload_destroy(con - struct nft_flow_offload *priv = nft_expr_priv(expr); - - priv->flowtable->use--; -- nf_ct_netns_put(ctx->net, ctx->afi->family); -+ nf_ct_netns_put(ctx->net, ctx->family); - } - - static int nft_flow_offload_dump(struct sk_buff *skb, const struct nft_expr *expr) ---- a/net/netfilter/nft_log.c -+++ b/net/netfilter/nft_log.c -@@ -112,7 +112,7 @@ static int nft_log_init(const struct nft - break; - } - -- err = nf_logger_find_get(ctx->afi->family, li->type); -+ err = nf_logger_find_get(ctx->family, li->type); - if (err < 0) - goto err1; - -@@ -133,7 +133,7 @@ static void nft_log_destroy(const struct - if (priv->prefix != nft_log_null_prefix) - kfree(priv->prefix); - -- nf_logger_put(ctx->afi->family, li->type); -+ nf_logger_put(ctx->family, li->type); - } - - static int nft_log_dump(struct sk_buff *skb, const struct nft_expr *expr) ---- a/net/netfilter/nft_masq.c -+++ b/net/netfilter/nft_masq.c -@@ -73,7 +73,7 @@ int nft_masq_init(const struct nft_ctx * - } - } - -- return nf_ct_netns_get(ctx->net, ctx->afi->family); -+ return nf_ct_netns_get(ctx->net, ctx->family); - } - EXPORT_SYMBOL_GPL(nft_masq_init); - ---- a/net/netfilter/nft_meta.c -+++ b/net/netfilter/nft_meta.c -@@ -341,7 +341,7 @@ static int nft_meta_get_validate(const s - if (priv->key != NFT_META_SECPATH) - return 0; - -- switch (ctx->afi->family) { -+ switch (ctx->family) { - case NFPROTO_NETDEV: - hooks = 1 << NF_NETDEV_INGRESS; - break; -@@ -372,7 +372,7 @@ int nft_meta_set_validate(const struct n - if (priv->key != NFT_META_PKTTYPE) - return 0; - -- switch (ctx->afi->family) { -+ switch (ctx->family) { - case NFPROTO_BRIDGE: - hooks = 1 << NF_BR_PRE_ROUTING; - break; ---- a/net/netfilter/nft_nat.c -+++ b/net/netfilter/nft_nat.c -@@ -142,7 +142,7 @@ static int nft_nat_init(const struct nft - return -EINVAL; - - family = ntohl(nla_get_be32(tb[NFTA_NAT_FAMILY])); -- if (family != ctx->afi->family) -+ if (family != ctx->family) - return -EOPNOTSUPP; - - switch (family) { ---- a/net/netfilter/nft_redir.c -+++ b/net/netfilter/nft_redir.c -@@ -75,7 +75,7 @@ int nft_redir_init(const struct nft_ctx - return -EINVAL; - } - -- return nf_ct_netns_get(ctx->net, ctx->afi->family); -+ return nf_ct_netns_get(ctx->net, ctx->family); - } - EXPORT_SYMBOL_GPL(nft_redir_init); - diff --git a/target/linux/generic/backport-4.19/336-v4.15-netfilter-exit_net-cleanup-check-added.patch b/target/linux/generic/backport-4.19/336-v4.15-netfilter-exit_net-cleanup-check-added.patch deleted file mode 100644 index 5938a9ba5a..0000000000 --- a/target/linux/generic/backport-4.19/336-v4.15-netfilter-exit_net-cleanup-check-added.patch +++ /dev/null @@ -1,100 +0,0 @@ -From: Vasily Averin -Date: Sun, 12 Nov 2017 14:32:37 +0300 -Subject: [PATCH] netfilter: exit_net cleanup check added - -Be sure that lists initialized in net_init hook was return to initial -state. - -Signed-off-by: Vasily Averin -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/net/ipv4/netfilter/ipt_CLUSTERIP.c -+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c -@@ -834,6 +834,7 @@ static void clusterip_net_exit(struct ne - cn->procdir = NULL; - #endif - nf_unregister_net_hook(net, &cip_arp_ops); -+ WARN_ON_ONCE(!list_empty(&cn->configs)); - } - - static struct pernet_operations clusterip_net_ops = { ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -6545,6 +6545,12 @@ static int __net_init nf_tables_init_net - return 0; - } - -+static void __net_exit nf_tables_exit_net(struct net *net) -+{ -+ WARN_ON_ONCE(!list_empty(&net->nft.af_info)); -+ WARN_ON_ONCE(!list_empty(&net->nft.commit_list)); -+} -+ - int __nft_release_basechain(struct nft_ctx *ctx) - { - struct nft_rule *rule, *nr; -@@ -6622,6 +6628,7 @@ static void __nft_release_afinfo(struct - - static struct pernet_operations nf_tables_net_ops = { - .init = nf_tables_init_net, -+ .exit = nf_tables_exit_net, - }; - - static int __init nf_tables_module_init(void) ---- a/net/netfilter/nfnetlink_log.c -+++ b/net/netfilter/nfnetlink_log.c -@@ -1093,10 +1093,15 @@ static int __net_init nfnl_log_net_init( - - static void __net_exit nfnl_log_net_exit(struct net *net) - { -+ struct nfnl_log_net *log = nfnl_log_pernet(net); -+ unsigned int i; -+ - #ifdef CONFIG_PROC_FS - remove_proc_entry("nfnetlink_log", net->nf.proc_netfilter); - #endif - nf_log_unset(net, &nfulnl_logger); -+ for (i = 0; i < INSTANCE_BUCKETS; i++) -+ WARN_ON_ONCE(!hlist_empty(&log->instance_table[i])); - } - - static struct pernet_operations nfnl_log_net_ops = { ---- a/net/netfilter/nfnetlink_queue.c -+++ b/net/netfilter/nfnetlink_queue.c -@@ -1510,10 +1510,15 @@ static int __net_init nfnl_queue_net_ini - - static void __net_exit nfnl_queue_net_exit(struct net *net) - { -+ struct nfnl_queue_net *q = nfnl_queue_pernet(net); -+ unsigned int i; -+ - nf_unregister_queue_handler(net); - #ifdef CONFIG_PROC_FS - remove_proc_entry("nfnetlink_queue", net->nf.proc_netfilter); - #endif -+ for (i = 0; i < INSTANCE_BUCKETS; i++) -+ WARN_ON_ONCE(!hlist_empty(&q->instance_table[i])); - } - - static void nfnl_queue_net_exit_batch(struct list_head *net_exit_list) ---- a/net/netfilter/x_tables.c -+++ b/net/netfilter/x_tables.c -@@ -1785,8 +1785,17 @@ static int __net_init xt_net_init(struct - return 0; - } - -+static void __net_exit xt_net_exit(struct net *net) -+{ -+ int i; -+ -+ for (i = 0; i < NFPROTO_NUMPROTO; i++) -+ WARN_ON_ONCE(!list_empty(&net->xt.tables[i])); -+} -+ - static struct pernet_operations xt_net_ops = { - .init = xt_net_init, -+ .exit = xt_net_exit, - }; - - static int __init xt_init(void) diff --git a/target/linux/generic/backport-4.19/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch b/target/linux/generic/backport-4.19/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch deleted file mode 100644 index de5c2409b3..0000000000 --- a/target/linux/generic/backport-4.19/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch +++ /dev/null @@ -1,598 +0,0 @@ -From: Pablo Neira Ayuso -Date: Tue, 9 Jan 2018 02:42:11 +0100 -Subject: [PATCH] netfilter: nf_tables: get rid of pernet families - -Now that we have a single table list for each netns, we can get rid of -one pointer per family and the global afinfo list, thus, shrinking -struct netns for nftables that now becomes 64 bytes smaller. - -And call __nft_release_afinfo() from __net_exit path accordingly to -release netnamespace objects on removal. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/net/netfilter/nf_tables.h -+++ b/include/net/netfilter/nf_tables.h -@@ -974,8 +974,8 @@ struct nft_af_info { - struct module *owner; - }; - --int nft_register_afinfo(struct net *, struct nft_af_info *); --void nft_unregister_afinfo(struct net *, struct nft_af_info *); -+int nft_register_afinfo(struct nft_af_info *); -+void nft_unregister_afinfo(struct nft_af_info *); - - int nft_register_chain_type(const struct nf_chain_type *); - void nft_unregister_chain_type(const struct nf_chain_type *); ---- a/include/net/netns/nftables.h -+++ b/include/net/netns/nftables.h -@@ -7,15 +7,8 @@ - struct nft_af_info; - - struct netns_nftables { -- struct list_head af_info; - struct list_head tables; - struct list_head commit_list; -- struct nft_af_info *ipv4; -- struct nft_af_info *ipv6; -- struct nft_af_info *inet; -- struct nft_af_info *arp; -- struct nft_af_info *bridge; -- struct nft_af_info *netdev; - unsigned int base_seq; - u8 gencursor; - }; ---- a/net/bridge/netfilter/nf_tables_bridge.c -+++ b/net/bridge/netfilter/nf_tables_bridge.c -@@ -47,34 +47,6 @@ static struct nft_af_info nft_af_bridge - .owner = THIS_MODULE, - }; - --static int nf_tables_bridge_init_net(struct net *net) --{ -- net->nft.bridge = kmalloc(sizeof(struct nft_af_info), GFP_KERNEL); -- if (net->nft.bridge == NULL) -- return -ENOMEM; -- -- memcpy(net->nft.bridge, &nft_af_bridge, sizeof(nft_af_bridge)); -- -- if (nft_register_afinfo(net, net->nft.bridge) < 0) -- goto err; -- -- return 0; --err: -- kfree(net->nft.bridge); -- return -ENOMEM; --} -- --static void nf_tables_bridge_exit_net(struct net *net) --{ -- nft_unregister_afinfo(net, net->nft.bridge); -- kfree(net->nft.bridge); --} -- --static struct pernet_operations nf_tables_bridge_net_ops = { -- .init = nf_tables_bridge_init_net, -- .exit = nf_tables_bridge_exit_net, --}; -- - static const struct nf_chain_type filter_bridge = { - .name = "filter", - .type = NFT_CHAIN_T_DEFAULT, -@@ -98,17 +70,17 @@ static int __init nf_tables_bridge_init( - { - int ret; - -- ret = nft_register_chain_type(&filter_bridge); -+ ret = nft_register_afinfo(&nft_af_bridge); - if (ret < 0) - return ret; - -- ret = register_pernet_subsys(&nf_tables_bridge_net_ops); -+ ret = nft_register_chain_type(&filter_bridge); - if (ret < 0) -- goto err_register_subsys; -+ goto err_register_chain; - - return ret; - --err_register_subsys: -+err_register_chain: - nft_unregister_chain_type(&filter_bridge); - - return ret; -@@ -116,8 +88,8 @@ err_register_subsys: - - static void __exit nf_tables_bridge_exit(void) - { -- unregister_pernet_subsys(&nf_tables_bridge_net_ops); - nft_unregister_chain_type(&filter_bridge); -+ nft_unregister_afinfo(&nft_af_bridge); - } - - module_init(nf_tables_bridge_init); ---- a/net/ipv4/netfilter/nf_tables_arp.c -+++ b/net/ipv4/netfilter/nf_tables_arp.c -@@ -32,34 +32,6 @@ static struct nft_af_info nft_af_arp __r - .owner = THIS_MODULE, - }; - --static int nf_tables_arp_init_net(struct net *net) --{ -- net->nft.arp = kmalloc(sizeof(struct nft_af_info), GFP_KERNEL); -- if (net->nft.arp== NULL) -- return -ENOMEM; -- -- memcpy(net->nft.arp, &nft_af_arp, sizeof(nft_af_arp)); -- -- if (nft_register_afinfo(net, net->nft.arp) < 0) -- goto err; -- -- return 0; --err: -- kfree(net->nft.arp); -- return -ENOMEM; --} -- --static void nf_tables_arp_exit_net(struct net *net) --{ -- nft_unregister_afinfo(net, net->nft.arp); -- kfree(net->nft.arp); --} -- --static struct pernet_operations nf_tables_arp_net_ops = { -- .init = nf_tables_arp_init_net, -- .exit = nf_tables_arp_exit_net, --}; -- - static const struct nf_chain_type filter_arp = { - .name = "filter", - .type = NFT_CHAIN_T_DEFAULT, -@@ -77,21 +49,26 @@ static int __init nf_tables_arp_init(voi - { - int ret; - -- ret = nft_register_chain_type(&filter_arp); -+ ret = nft_register_afinfo(&nft_af_arp); - if (ret < 0) - return ret; - -- ret = register_pernet_subsys(&nf_tables_arp_net_ops); -+ ret = nft_register_chain_type(&filter_arp); - if (ret < 0) -- nft_unregister_chain_type(&filter_arp); -+ goto err_register_chain; -+ -+ return 0; -+ -+err_register_chain: -+ nft_unregister_chain_type(&filter_arp); - - return ret; - } - - static void __exit nf_tables_arp_exit(void) - { -- unregister_pernet_subsys(&nf_tables_arp_net_ops); - nft_unregister_chain_type(&filter_arp); -+ nft_unregister_afinfo(&nft_af_arp); - } - - module_init(nf_tables_arp_init); ---- a/net/ipv4/netfilter/nf_tables_ipv4.c -+++ b/net/ipv4/netfilter/nf_tables_ipv4.c -@@ -35,34 +35,6 @@ static struct nft_af_info nft_af_ipv4 __ - .owner = THIS_MODULE, - }; - --static int nf_tables_ipv4_init_net(struct net *net) --{ -- net->nft.ipv4 = kmalloc(sizeof(struct nft_af_info), GFP_KERNEL); -- if (net->nft.ipv4 == NULL) -- return -ENOMEM; -- -- memcpy(net->nft.ipv4, &nft_af_ipv4, sizeof(nft_af_ipv4)); -- -- if (nft_register_afinfo(net, net->nft.ipv4) < 0) -- goto err; -- -- return 0; --err: -- kfree(net->nft.ipv4); -- return -ENOMEM; --} -- --static void nf_tables_ipv4_exit_net(struct net *net) --{ -- nft_unregister_afinfo(net, net->nft.ipv4); -- kfree(net->nft.ipv4); --} -- --static struct pernet_operations nf_tables_ipv4_net_ops = { -- .init = nf_tables_ipv4_init_net, -- .exit = nf_tables_ipv4_exit_net, --}; -- - static const struct nf_chain_type filter_ipv4 = { - .name = "filter", - .type = NFT_CHAIN_T_DEFAULT, -@@ -86,21 +58,25 @@ static int __init nf_tables_ipv4_init(vo - { - int ret; - -- ret = nft_register_chain_type(&filter_ipv4); -+ ret = nft_register_afinfo(&nft_af_ipv4); - if (ret < 0) - return ret; - -- ret = register_pernet_subsys(&nf_tables_ipv4_net_ops); -+ ret = nft_register_chain_type(&filter_ipv4); - if (ret < 0) -- nft_unregister_chain_type(&filter_ipv4); -+ goto err_register_chain; -+ -+ return 0; - -+err_register_chain: -+ nft_unregister_afinfo(&nft_af_ipv4); - return ret; - } - - static void __exit nf_tables_ipv4_exit(void) - { -- unregister_pernet_subsys(&nf_tables_ipv4_net_ops); - nft_unregister_chain_type(&filter_ipv4); -+ nft_unregister_afinfo(&nft_af_ipv4); - } - - module_init(nf_tables_ipv4_init); ---- a/net/ipv6/netfilter/nf_tables_ipv6.c -+++ b/net/ipv6/netfilter/nf_tables_ipv6.c -@@ -33,34 +33,6 @@ static struct nft_af_info nft_af_ipv6 __ - .owner = THIS_MODULE, - }; - --static int nf_tables_ipv6_init_net(struct net *net) --{ -- net->nft.ipv6 = kmalloc(sizeof(struct nft_af_info), GFP_KERNEL); -- if (net->nft.ipv6 == NULL) -- return -ENOMEM; -- -- memcpy(net->nft.ipv6, &nft_af_ipv6, sizeof(nft_af_ipv6)); -- -- if (nft_register_afinfo(net, net->nft.ipv6) < 0) -- goto err; -- -- return 0; --err: -- kfree(net->nft.ipv6); -- return -ENOMEM; --} -- --static void nf_tables_ipv6_exit_net(struct net *net) --{ -- nft_unregister_afinfo(net, net->nft.ipv6); -- kfree(net->nft.ipv6); --} -- --static struct pernet_operations nf_tables_ipv6_net_ops = { -- .init = nf_tables_ipv6_init_net, -- .exit = nf_tables_ipv6_exit_net, --}; -- - static const struct nf_chain_type filter_ipv6 = { - .name = "filter", - .type = NFT_CHAIN_T_DEFAULT, -@@ -84,20 +56,24 @@ static int __init nf_tables_ipv6_init(vo - { - int ret; - -- ret = nft_register_chain_type(&filter_ipv6); -+ ret = nft_register_afinfo(&nft_af_ipv6); - if (ret < 0) - return ret; - -- ret = register_pernet_subsys(&nf_tables_ipv6_net_ops); -+ ret = nft_register_chain_type(&filter_ipv6); - if (ret < 0) -- nft_unregister_chain_type(&filter_ipv6); -+ goto err_register_chain; -+ -+ return 0; - -+err_register_chain: -+ nft_unregister_afinfo(&nft_af_ipv6); - return ret; - } - - static void __exit nf_tables_ipv6_exit(void) - { -- unregister_pernet_subsys(&nf_tables_ipv6_net_ops); -+ nft_unregister_afinfo(&nft_af_ipv6); - nft_unregister_chain_type(&filter_ipv6); - } - ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -26,6 +26,7 @@ - static LIST_HEAD(nf_tables_expressions); - static LIST_HEAD(nf_tables_objects); - static LIST_HEAD(nf_tables_flowtables); -+static LIST_HEAD(nf_tables_af_info); - - /** - * nft_register_afinfo - register nf_tables address family info -@@ -35,17 +36,15 @@ static LIST_HEAD(nf_tables_flowtables); - * Register the address family for use with nf_tables. Returns zero on - * success or a negative errno code otherwise. - */ --int nft_register_afinfo(struct net *net, struct nft_af_info *afi) -+int nft_register_afinfo(struct nft_af_info *afi) - { - nfnl_lock(NFNL_SUBSYS_NFTABLES); -- list_add_tail_rcu(&afi->list, &net->nft.af_info); -+ list_add_tail_rcu(&afi->list, &nf_tables_af_info); - nfnl_unlock(NFNL_SUBSYS_NFTABLES); - return 0; - } - EXPORT_SYMBOL_GPL(nft_register_afinfo); - --static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi); -- - /** - * nft_unregister_afinfo - unregister nf_tables address family info - * -@@ -53,10 +52,9 @@ static void __nft_release_afinfo(struct - * - * Unregister the address family for use with nf_tables. - */ --void nft_unregister_afinfo(struct net *net, struct nft_af_info *afi) -+void nft_unregister_afinfo(struct nft_af_info *afi) - { - nfnl_lock(NFNL_SUBSYS_NFTABLES); -- __nft_release_afinfo(net, afi); - list_del_rcu(&afi->list); - nfnl_unlock(NFNL_SUBSYS_NFTABLES); - } -@@ -66,7 +64,7 @@ static struct nft_af_info *nft_afinfo_lo - { - struct nft_af_info *afi; - -- list_for_each_entry(afi, &net->nft.af_info, list) { -+ list_for_each_entry(afi, &nf_tables_af_info, list) { - if (afi->family == family) - return afi; - } -@@ -5036,15 +5034,12 @@ void nft_flow_table_iterate(struct net * - void *data) - { - struct nft_flowtable *flowtable; -- const struct nft_af_info *afi; - const struct nft_table *table; - - rcu_read_lock(); -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- list_for_each_entry_rcu(table, &net->nft.tables, list) { -- list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -- iter(&flowtable->data, data); -- } -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -+ iter(&flowtable->data, data); - } - } - rcu_read_unlock(); -@@ -6536,21 +6531,6 @@ int nft_data_dump(struct sk_buff *skb, i - } - EXPORT_SYMBOL_GPL(nft_data_dump); - --static int __net_init nf_tables_init_net(struct net *net) --{ -- INIT_LIST_HEAD(&net->nft.af_info); -- INIT_LIST_HEAD(&net->nft.tables); -- INIT_LIST_HEAD(&net->nft.commit_list); -- net->nft.base_seq = 1; -- return 0; --} -- --static void __net_exit nf_tables_exit_net(struct net *net) --{ -- WARN_ON_ONCE(!list_empty(&net->nft.af_info)); -- WARN_ON_ONCE(!list_empty(&net->nft.commit_list)); --} -- - int __nft_release_basechain(struct nft_ctx *ctx) - { - struct nft_rule *rule, *nr; -@@ -6571,8 +6551,7 @@ int __nft_release_basechain(struct nft_c - } - EXPORT_SYMBOL_GPL(__nft_release_basechain); - --/* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */ --static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi) -+static void __nft_release_afinfo(struct net *net) - { - struct nft_flowtable *flowtable, *nf; - struct nft_table *table, *nt; -@@ -6582,10 +6561,11 @@ static void __nft_release_afinfo(struct - struct nft_set *set, *ns; - struct nft_ctx ctx = { - .net = net, -- .family = afi->family, - }; - - list_for_each_entry_safe(table, nt, &net->nft.tables, list) { -+ ctx.family = table->afi->family; -+ - list_for_each_entry(chain, &table->chains, list) - nf_tables_unregister_hook(net, table, chain); - list_for_each_entry(flowtable, &table->flowtables, list) -@@ -6626,6 +6606,21 @@ static void __nft_release_afinfo(struct - } - } - -+static int __net_init nf_tables_init_net(struct net *net) -+{ -+ INIT_LIST_HEAD(&net->nft.tables); -+ INIT_LIST_HEAD(&net->nft.commit_list); -+ net->nft.base_seq = 1; -+ return 0; -+} -+ -+static void __net_exit nf_tables_exit_net(struct net *net) -+{ -+ __nft_release_afinfo(net); -+ WARN_ON_ONCE(!list_empty(&net->nft.tables)); -+ WARN_ON_ONCE(!list_empty(&net->nft.commit_list)); -+} -+ - static struct pernet_operations nf_tables_net_ops = { - .init = nf_tables_init_net, - .exit = nf_tables_exit_net, ---- a/net/netfilter/nf_tables_inet.c -+++ b/net/netfilter/nf_tables_inet.c -@@ -43,34 +43,6 @@ static struct nft_af_info nft_af_inet __ - .owner = THIS_MODULE, - }; - --static int __net_init nf_tables_inet_init_net(struct net *net) --{ -- net->nft.inet = kmalloc(sizeof(struct nft_af_info), GFP_KERNEL); -- if (net->nft.inet == NULL) -- return -ENOMEM; -- memcpy(net->nft.inet, &nft_af_inet, sizeof(nft_af_inet)); -- -- if (nft_register_afinfo(net, net->nft.inet) < 0) -- goto err; -- -- return 0; -- --err: -- kfree(net->nft.inet); -- return -ENOMEM; --} -- --static void __net_exit nf_tables_inet_exit_net(struct net *net) --{ -- nft_unregister_afinfo(net, net->nft.inet); -- kfree(net->nft.inet); --} -- --static struct pernet_operations nf_tables_inet_net_ops = { -- .init = nf_tables_inet_init_net, -- .exit = nf_tables_inet_exit_net, --}; -- - static const struct nf_chain_type filter_inet = { - .name = "filter", - .type = NFT_CHAIN_T_DEFAULT, -@@ -94,21 +66,24 @@ static int __init nf_tables_inet_init(vo - { - int ret; - -- ret = nft_register_chain_type(&filter_inet); -- if (ret < 0) -+ if (nft_register_afinfo(&nft_af_inet) < 0) - return ret; - -- ret = register_pernet_subsys(&nf_tables_inet_net_ops); -+ ret = nft_register_chain_type(&filter_inet); - if (ret < 0) -- nft_unregister_chain_type(&filter_inet); -+ goto err_register_chain; -+ -+ return ret; - -+err_register_chain: -+ nft_unregister_afinfo(&nft_af_inet); - return ret; - } - - static void __exit nf_tables_inet_exit(void) - { -- unregister_pernet_subsys(&nf_tables_inet_net_ops); - nft_unregister_chain_type(&filter_inet); -+ nft_unregister_afinfo(&nft_af_inet); - } - - module_init(nf_tables_inet_init); ---- a/net/netfilter/nf_tables_netdev.c -+++ b/net/netfilter/nf_tables_netdev.c -@@ -43,34 +43,6 @@ static struct nft_af_info nft_af_netdev - .owner = THIS_MODULE, - }; - --static int nf_tables_netdev_init_net(struct net *net) --{ -- net->nft.netdev = kmalloc(sizeof(struct nft_af_info), GFP_KERNEL); -- if (net->nft.netdev == NULL) -- return -ENOMEM; -- -- memcpy(net->nft.netdev, &nft_af_netdev, sizeof(nft_af_netdev)); -- -- if (nft_register_afinfo(net, net->nft.netdev) < 0) -- goto err; -- -- return 0; --err: -- kfree(net->nft.netdev); -- return -ENOMEM; --} -- --static void nf_tables_netdev_exit_net(struct net *net) --{ -- nft_unregister_afinfo(net, net->nft.netdev); -- kfree(net->nft.netdev); --} -- --static struct pernet_operations nf_tables_netdev_net_ops = { -- .init = nf_tables_netdev_init_net, -- .exit = nf_tables_netdev_exit_net, --}; -- - static const struct nf_chain_type nft_filter_chain_netdev = { - .name = "filter", - .type = NFT_CHAIN_T_DEFAULT, -@@ -145,32 +117,32 @@ static int __init nf_tables_netdev_init( - { - int ret; - -- ret = nft_register_chain_type(&nft_filter_chain_netdev); -- if (ret) -+ if (nft_register_afinfo(&nft_af_netdev) < 0) - return ret; - -- ret = register_pernet_subsys(&nf_tables_netdev_net_ops); -+ ret = nft_register_chain_type(&nft_filter_chain_netdev); - if (ret) -- goto err1; -+ goto err_register_chain_type; - - ret = register_netdevice_notifier(&nf_tables_netdev_notifier); - if (ret) -- goto err2; -+ goto err_register_netdevice_notifier; - - return 0; - --err2: -- unregister_pernet_subsys(&nf_tables_netdev_net_ops); --err1: -+err_register_netdevice_notifier: - nft_unregister_chain_type(&nft_filter_chain_netdev); -+err_register_chain_type: -+ nft_unregister_afinfo(&nft_af_netdev); -+ - return ret; - } - - static void __exit nf_tables_netdev_exit(void) - { - unregister_netdevice_notifier(&nf_tables_netdev_notifier); -- unregister_pernet_subsys(&nf_tables_netdev_net_ops); - nft_unregister_chain_type(&nft_filter_chain_netdev); -+ nft_unregister_afinfo(&nft_af_netdev); - } - - module_init(nf_tables_netdev_init); diff --git a/target/linux/generic/backport-4.19/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch b/target/linux/generic/backport-4.19/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch deleted file mode 100644 index e5ed45c1c6..0000000000 --- a/target/linux/generic/backport-4.19/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch +++ /dev/null @@ -1,1204 +0,0 @@ -From: Pablo Neira Ayuso -Date: Tue, 9 Jan 2018 02:48:47 +0100 -Subject: [PATCH] netfilter: nf_tables: get rid of struct nft_af_info - abstraction - -Remove the infrastructure to register/unregister nft_af_info structure, -this structure stores no useful information anymore. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/net/netfilter/nf_tables.h -+++ b/include/net/netfilter/nf_tables.h -@@ -955,28 +955,12 @@ struct nft_table { - struct list_head flowtables; - u64 hgenerator; - u32 use; -- u16 flags:14, -+ u16 family:6, -+ flags:8, - genmask:2; -- struct nft_af_info *afi; - char *name; - }; - --/** -- * struct nft_af_info - nf_tables address family info -- * -- * @list: used internally -- * @family: address family -- * @owner: module owner -- */ --struct nft_af_info { -- struct list_head list; -- int family; -- struct module *owner; --}; -- --int nft_register_afinfo(struct nft_af_info *); --void nft_unregister_afinfo(struct nft_af_info *); -- - int nft_register_chain_type(const struct nf_chain_type *); - void nft_unregister_chain_type(const struct nf_chain_type *); - -@@ -1144,9 +1128,6 @@ void nft_trace_notify(struct nft_tracein - #define nft_dereference(p) \ - nfnl_dereference(p, NFNL_SUBSYS_NFTABLES) - --#define MODULE_ALIAS_NFT_FAMILY(family) \ -- MODULE_ALIAS("nft-afinfo-" __stringify(family)) -- - #define MODULE_ALIAS_NFT_CHAIN(family, name) \ - MODULE_ALIAS("nft-chain-" __stringify(family) "-" name) - ---- a/net/bridge/netfilter/nf_tables_bridge.c -+++ b/net/bridge/netfilter/nf_tables_bridge.c -@@ -42,11 +42,6 @@ nft_do_chain_bridge(void *priv, - return nft_do_chain(&pkt, priv); - } - --static struct nft_af_info nft_af_bridge __read_mostly = { -- .family = NFPROTO_BRIDGE, -- .owner = THIS_MODULE, --}; -- - static const struct nf_chain_type filter_bridge = { - .name = "filter", - .type = NFT_CHAIN_T_DEFAULT, -@@ -68,28 +63,12 @@ static const struct nf_chain_type filter - - static int __init nf_tables_bridge_init(void) - { -- int ret; -- -- ret = nft_register_afinfo(&nft_af_bridge); -- if (ret < 0) -- return ret; -- -- ret = nft_register_chain_type(&filter_bridge); -- if (ret < 0) -- goto err_register_chain; -- -- return ret; -- --err_register_chain: -- nft_unregister_chain_type(&filter_bridge); -- -- return ret; -+ return nft_register_chain_type(&filter_bridge); - } - - static void __exit nf_tables_bridge_exit(void) - { - nft_unregister_chain_type(&filter_bridge); -- nft_unregister_afinfo(&nft_af_bridge); - } - - module_init(nf_tables_bridge_init); -@@ -97,4 +76,4 @@ module_exit(nf_tables_bridge_exit); - - MODULE_LICENSE("GPL"); - MODULE_AUTHOR("Patrick McHardy "); --MODULE_ALIAS_NFT_FAMILY(AF_BRIDGE); -+MODULE_ALIAS_NFT_CHAIN(AF_BRIDGE, "filter"); ---- a/net/ipv4/netfilter/nf_tables_arp.c -+++ b/net/ipv4/netfilter/nf_tables_arp.c -@@ -27,11 +27,6 @@ nft_do_chain_arp(void *priv, - return nft_do_chain(&pkt, priv); - } - --static struct nft_af_info nft_af_arp __read_mostly = { -- .family = NFPROTO_ARP, -- .owner = THIS_MODULE, --}; -- - static const struct nf_chain_type filter_arp = { - .name = "filter", - .type = NFT_CHAIN_T_DEFAULT, -@@ -47,28 +42,12 @@ static const struct nf_chain_type filter - - static int __init nf_tables_arp_init(void) - { -- int ret; -- -- ret = nft_register_afinfo(&nft_af_arp); -- if (ret < 0) -- return ret; -- -- ret = nft_register_chain_type(&filter_arp); -- if (ret < 0) -- goto err_register_chain; -- -- return 0; -- --err_register_chain: -- nft_unregister_chain_type(&filter_arp); -- -- return ret; -+ return nft_register_chain_type(&filter_arp); - } - - static void __exit nf_tables_arp_exit(void) - { - nft_unregister_chain_type(&filter_arp); -- nft_unregister_afinfo(&nft_af_arp); - } - - module_init(nf_tables_arp_init); -@@ -76,4 +55,4 @@ module_exit(nf_tables_arp_exit); - - MODULE_LICENSE("GPL"); - MODULE_AUTHOR("Patrick McHardy "); --MODULE_ALIAS_NFT_FAMILY(3); /* NFPROTO_ARP */ -+MODULE_ALIAS_NFT_CHAIN(3, "filter"); /* NFPROTO_ARP */ ---- a/net/ipv4/netfilter/nf_tables_ipv4.c -+++ b/net/ipv4/netfilter/nf_tables_ipv4.c -@@ -30,11 +30,6 @@ static unsigned int nft_do_chain_ipv4(vo - return nft_do_chain(&pkt, priv); - } - --static struct nft_af_info nft_af_ipv4 __read_mostly = { -- .family = NFPROTO_IPV4, -- .owner = THIS_MODULE, --}; -- - static const struct nf_chain_type filter_ipv4 = { - .name = "filter", - .type = NFT_CHAIN_T_DEFAULT, -@@ -56,27 +51,12 @@ static const struct nf_chain_type filter - - static int __init nf_tables_ipv4_init(void) - { -- int ret; -- -- ret = nft_register_afinfo(&nft_af_ipv4); -- if (ret < 0) -- return ret; -- -- ret = nft_register_chain_type(&filter_ipv4); -- if (ret < 0) -- goto err_register_chain; -- -- return 0; -- --err_register_chain: -- nft_unregister_afinfo(&nft_af_ipv4); -- return ret; -+ return nft_register_chain_type(&filter_ipv4); - } - - static void __exit nf_tables_ipv4_exit(void) - { - nft_unregister_chain_type(&filter_ipv4); -- nft_unregister_afinfo(&nft_af_ipv4); - } - - module_init(nf_tables_ipv4_init); -@@ -84,4 +64,4 @@ module_exit(nf_tables_ipv4_exit); - - MODULE_LICENSE("GPL"); - MODULE_AUTHOR("Patrick McHardy "); --MODULE_ALIAS_NFT_FAMILY(AF_INET); -+MODULE_ALIAS_NFT_CHAIN(AF_INET, "filter"); ---- a/net/ipv6/netfilter/nf_tables_ipv6.c -+++ b/net/ipv6/netfilter/nf_tables_ipv6.c -@@ -28,11 +28,6 @@ static unsigned int nft_do_chain_ipv6(vo - return nft_do_chain(&pkt, priv); - } - --static struct nft_af_info nft_af_ipv6 __read_mostly = { -- .family = NFPROTO_IPV6, -- .owner = THIS_MODULE, --}; -- - static const struct nf_chain_type filter_ipv6 = { - .name = "filter", - .type = NFT_CHAIN_T_DEFAULT, -@@ -54,26 +49,11 @@ static const struct nf_chain_type filter - - static int __init nf_tables_ipv6_init(void) - { -- int ret; -- -- ret = nft_register_afinfo(&nft_af_ipv6); -- if (ret < 0) -- return ret; -- -- ret = nft_register_chain_type(&filter_ipv6); -- if (ret < 0) -- goto err_register_chain; -- -- return 0; -- --err_register_chain: -- nft_unregister_afinfo(&nft_af_ipv6); -- return ret; -+ return nft_register_chain_type(&filter_ipv6); - } - - static void __exit nf_tables_ipv6_exit(void) - { -- nft_unregister_afinfo(&nft_af_ipv6); - nft_unregister_chain_type(&filter_ipv6); - } - -@@ -82,4 +62,4 @@ module_exit(nf_tables_ipv6_exit); - - MODULE_LICENSE("GPL"); - MODULE_AUTHOR("Patrick McHardy "); --MODULE_ALIAS_NFT_FAMILY(AF_INET6); -+MODULE_ALIAS_NFT_CHAIN(AF_INET6, "filter"); ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -26,71 +26,6 @@ - static LIST_HEAD(nf_tables_expressions); - static LIST_HEAD(nf_tables_objects); - static LIST_HEAD(nf_tables_flowtables); --static LIST_HEAD(nf_tables_af_info); -- --/** -- * nft_register_afinfo - register nf_tables address family info -- * -- * @afi: address family info to register -- * -- * Register the address family for use with nf_tables. Returns zero on -- * success or a negative errno code otherwise. -- */ --int nft_register_afinfo(struct nft_af_info *afi) --{ -- nfnl_lock(NFNL_SUBSYS_NFTABLES); -- list_add_tail_rcu(&afi->list, &nf_tables_af_info); -- nfnl_unlock(NFNL_SUBSYS_NFTABLES); -- return 0; --} --EXPORT_SYMBOL_GPL(nft_register_afinfo); -- --/** -- * nft_unregister_afinfo - unregister nf_tables address family info -- * -- * @afi: address family info to unregister -- * -- * Unregister the address family for use with nf_tables. -- */ --void nft_unregister_afinfo(struct nft_af_info *afi) --{ -- nfnl_lock(NFNL_SUBSYS_NFTABLES); -- list_del_rcu(&afi->list); -- nfnl_unlock(NFNL_SUBSYS_NFTABLES); --} --EXPORT_SYMBOL_GPL(nft_unregister_afinfo); -- --static struct nft_af_info *nft_afinfo_lookup(struct net *net, int family) --{ -- struct nft_af_info *afi; -- -- list_for_each_entry(afi, &nf_tables_af_info, list) { -- if (afi->family == family) -- return afi; -- } -- return NULL; --} -- --static struct nft_af_info * --nf_tables_afinfo_lookup(struct net *net, int family, bool autoload) --{ -- struct nft_af_info *afi; -- -- afi = nft_afinfo_lookup(net, family); -- if (afi != NULL) -- return afi; --#ifdef CONFIG_MODULES -- if (autoload) { -- nfnl_unlock(NFNL_SUBSYS_NFTABLES); -- request_module("nft-afinfo-%u", family); -- nfnl_lock(NFNL_SUBSYS_NFTABLES); -- afi = nft_afinfo_lookup(net, family); -- if (afi != NULL) -- return ERR_PTR(-EAGAIN); -- } --#endif -- return ERR_PTR(-EAFNOSUPPORT); --} - - static void nft_ctx_init(struct nft_ctx *ctx, - struct net *net, -@@ -419,7 +354,7 @@ static struct nft_table *nft_table_looku - - list_for_each_entry(table, &net->nft.tables, list) { - if (!nla_strcmp(nla, table->name) && -- table->afi->family == family && -+ table->family == family && - nft_active_genmask(table, genmask)) - return table; - } -@@ -560,7 +495,7 @@ static int nf_tables_dump_tables(struct - cb->seq = net->nft.base_seq; - - list_for_each_entry_rcu(table, &net->nft.tables, list) { -- if (family != NFPROTO_UNSPEC && family != table->afi->family) -+ if (family != NFPROTO_UNSPEC && family != table->family) - continue; - - if (idx < s_idx) -@@ -574,7 +509,7 @@ static int nf_tables_dump_tables(struct - NETLINK_CB(cb->skb).portid, - cb->nlh->nlmsg_seq, - NFT_MSG_NEWTABLE, NLM_F_MULTI, -- table->afi->family, table) < 0) -+ table->family, table) < 0) - goto done; - - nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -@@ -594,7 +529,6 @@ static int nf_tables_gettable(struct net - { - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); - u8 genmask = nft_genmask_cur(net); -- const struct nft_af_info *afi; - const struct nft_table *table; - struct sk_buff *skb2; - int family = nfmsg->nfgen_family; -@@ -607,11 +541,7 @@ static int nf_tables_gettable(struct net - return netlink_dump_start(nlsk, skb, nlh, &c); - } - -- afi = nf_tables_afinfo_lookup(net, family, false); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- -- table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], afi->family, -+ table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], family, - genmask); - if (IS_ERR(table)) - return PTR_ERR(table); -@@ -731,19 +661,14 @@ static int nf_tables_newtable(struct net - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); - u8 genmask = nft_genmask_next(net); - const struct nlattr *name; -- struct nft_af_info *afi; - struct nft_table *table; - int family = nfmsg->nfgen_family; - u32 flags = 0; - struct nft_ctx ctx; - int err; - -- afi = nf_tables_afinfo_lookup(net, family, true); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- - name = nla[NFTA_TABLE_NAME]; -- table = nf_tables_table_lookup(net, name, afi->family, genmask); -+ table = nf_tables_table_lookup(net, name, family, genmask); - if (IS_ERR(table)) { - if (PTR_ERR(table) != -ENOENT) - return PTR_ERR(table); -@@ -753,7 +678,7 @@ static int nf_tables_newtable(struct net - if (nlh->nlmsg_flags & NLM_F_REPLACE) - return -EOPNOTSUPP; - -- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); - return nf_tables_updtable(&ctx); - } - -@@ -763,40 +688,34 @@ static int nf_tables_newtable(struct net - return -EINVAL; - } - -- err = -EAFNOSUPPORT; -- if (!try_module_get(afi->owner)) -- goto err1; -- - err = -ENOMEM; - table = kzalloc(sizeof(*table), GFP_KERNEL); - if (table == NULL) -- goto err2; -+ goto err_kzalloc; - - table->name = nla_strdup(name, GFP_KERNEL); - if (table->name == NULL) -- goto err3; -+ goto err_strdup; - - INIT_LIST_HEAD(&table->chains); - INIT_LIST_HEAD(&table->sets); - INIT_LIST_HEAD(&table->objects); - INIT_LIST_HEAD(&table->flowtables); -- table->afi = afi; -+ table->family = family; - table->flags = flags; - -- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); - err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE); - if (err < 0) -- goto err4; -+ goto err_trans; - - list_add_tail_rcu(&table->list, &net->nft.tables); - return 0; --err4: -+err_trans: - kfree(table->name); --err3: -+err_strdup: - kfree(table); --err2: -- module_put(afi->owner); --err1: -+err_kzalloc: - return err; - } - -@@ -867,10 +786,10 @@ static int nft_flush(struct nft_ctx *ctx - int err = 0; - - list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) { -- if (family != AF_UNSPEC && table->afi->family != family) -+ if (family != AF_UNSPEC && table->family != family) - continue; - -- ctx->family = table->afi->family; -+ ctx->family = table->family; - - if (!nft_is_active_next(ctx->net, table)) - continue; -@@ -896,7 +815,6 @@ static int nf_tables_deltable(struct net - { - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); - u8 genmask = nft_genmask_next(net); -- struct nft_af_info *afi; - struct nft_table *table; - int family = nfmsg->nfgen_family; - struct nft_ctx ctx; -@@ -905,11 +823,7 @@ static int nf_tables_deltable(struct net - if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL) - return nft_flush(&ctx, family); - -- afi = nf_tables_afinfo_lookup(net, family, false); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- -- table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], afi->family, -+ table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], family, - genmask); - if (IS_ERR(table)) - return PTR_ERR(table); -@@ -918,7 +832,7 @@ static int nf_tables_deltable(struct net - table->use > 0) - return -EBUSY; - -- ctx.family = afi->family; -+ ctx.family = family; - ctx.table = table; - - return nft_flush_table(&ctx); -@@ -930,7 +844,6 @@ static void nf_tables_table_destroy(stru - - kfree(ctx->table->name); - kfree(ctx->table); -- module_put(ctx->table->afi->owner); - } - - int nft_register_chain_type(const struct nf_chain_type *ctype) -@@ -1159,7 +1072,7 @@ static int nf_tables_dump_chains(struct - cb->seq = net->nft.base_seq; - - list_for_each_entry_rcu(table, &net->nft.tables, list) { -- if (family != NFPROTO_UNSPEC && family != table->afi->family) -+ if (family != NFPROTO_UNSPEC && family != table->family) - continue; - - list_for_each_entry_rcu(chain, &table->chains, list) { -@@ -1175,7 +1088,7 @@ static int nf_tables_dump_chains(struct - cb->nlh->nlmsg_seq, - NFT_MSG_NEWCHAIN, - NLM_F_MULTI, -- table->afi->family, table, -+ table->family, table, - chain) < 0) - goto done; - -@@ -1197,7 +1110,6 @@ static int nf_tables_getchain(struct net - { - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); - u8 genmask = nft_genmask_cur(net); -- const struct nft_af_info *afi; - const struct nft_table *table; - const struct nft_chain *chain; - struct sk_buff *skb2; -@@ -1211,11 +1123,7 @@ static int nf_tables_getchain(struct net - return netlink_dump_start(nlsk, skb, nlh, &c); - } - -- afi = nf_tables_afinfo_lookup(net, family, false); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- -- table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, -+ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, - genmask); - if (IS_ERR(table)) - return PTR_ERR(table); -@@ -1597,7 +1505,6 @@ static int nf_tables_newchain(struct net - const struct nlattr * uninitialized_var(name); - u8 genmask = nft_genmask_next(net); - int family = nfmsg->nfgen_family; -- struct nft_af_info *afi; - struct nft_table *table; - struct nft_chain *chain; - u8 policy = NF_ACCEPT; -@@ -1607,11 +1514,7 @@ static int nf_tables_newchain(struct net - - create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; - -- afi = nf_tables_afinfo_lookup(net, family, true); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- -- table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, -+ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, - genmask); - if (IS_ERR(table)) - return PTR_ERR(table); -@@ -1652,7 +1555,7 @@ static int nf_tables_newchain(struct net - } - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); - - if (chain != NULL) { - if (nlh->nlmsg_flags & NLM_F_EXCL) -@@ -1673,7 +1576,6 @@ static int nf_tables_delchain(struct net - { - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); - u8 genmask = nft_genmask_next(net); -- struct nft_af_info *afi; - struct nft_table *table; - struct nft_chain *chain; - struct nft_rule *rule; -@@ -1682,11 +1584,7 @@ static int nf_tables_delchain(struct net - u32 use; - int err; - -- afi = nf_tables_afinfo_lookup(net, family, false); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- -- table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, -+ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, - genmask); - if (IS_ERR(table)) - return PTR_ERR(table); -@@ -1699,7 +1597,7 @@ static int nf_tables_delchain(struct net - chain->use > 0) - return -EBUSY; - -- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); - - use = chain->use; - list_for_each_entry(rule, &chain->rules, list) { -@@ -2123,7 +2021,7 @@ static int nf_tables_dump_rules(struct s - cb->seq = net->nft.base_seq; - - list_for_each_entry_rcu(table, &net->nft.tables, list) { -- if (family != NFPROTO_UNSPEC && family != table->afi->family) -+ if (family != NFPROTO_UNSPEC && family != table->family) - continue; - - if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0) -@@ -2146,7 +2044,7 @@ static int nf_tables_dump_rules(struct s - cb->nlh->nlmsg_seq, - NFT_MSG_NEWRULE, - NLM_F_MULTI | NLM_F_APPEND, -- table->afi->family, -+ table->family, - table, chain, rule) < 0) - goto done; - -@@ -2182,7 +2080,6 @@ static int nf_tables_getrule(struct net - { - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); - u8 genmask = nft_genmask_cur(net); -- const struct nft_af_info *afi; - const struct nft_table *table; - const struct nft_chain *chain; - const struct nft_rule *rule; -@@ -2226,11 +2123,7 @@ static int nf_tables_getrule(struct net - return netlink_dump_start(nlsk, skb, nlh, &c); - } - -- afi = nf_tables_afinfo_lookup(net, family, false); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- -- table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, -+ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family, - genmask); - if (IS_ERR(table)) - return PTR_ERR(table); -@@ -2295,7 +2188,7 @@ static int nf_tables_newrule(struct net - { - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); - u8 genmask = nft_genmask_next(net); -- struct nft_af_info *afi; -+ int family = nfmsg->nfgen_family; - struct nft_table *table; - struct nft_chain *chain; - struct nft_rule *rule, *old_rule = NULL; -@@ -2311,11 +2204,7 @@ static int nf_tables_newrule(struct net - - create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; - -- afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, create); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- -- table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, -+ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family, - genmask); - if (IS_ERR(table)) - return PTR_ERR(table); -@@ -2355,7 +2244,7 @@ static int nf_tables_newrule(struct net - return PTR_ERR(old_rule); - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); - - n = 0; - size = 0; -@@ -2484,18 +2373,13 @@ static int nf_tables_delrule(struct net - { - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); - u8 genmask = nft_genmask_next(net); -- struct nft_af_info *afi; - struct nft_table *table; - struct nft_chain *chain = NULL; - struct nft_rule *rule; - int family = nfmsg->nfgen_family, err = 0; - struct nft_ctx ctx; - -- afi = nf_tables_afinfo_lookup(net, family, false); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- -- table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, -+ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family, - genmask); - if (IS_ERR(table)) - return PTR_ERR(table); -@@ -2507,7 +2391,7 @@ static int nf_tables_delrule(struct net - return PTR_ERR(chain); - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); - - if (chain) { - if (nla[NFTA_RULE_HANDLE]) { -@@ -2692,26 +2576,17 @@ static int nft_ctx_init_from_setattr(str - u8 genmask) - { - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); -- struct nft_af_info *afi = NULL; -+ int family = nfmsg->nfgen_family; - struct nft_table *table = NULL; - -- if (nfmsg->nfgen_family != NFPROTO_UNSPEC) { -- afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, false); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- } -- - if (nla[NFTA_SET_TABLE] != NULL) { -- if (afi == NULL) -- return -EAFNOSUPPORT; -- - table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], -- afi->family, genmask); -+ family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - } - -- nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); -+ nft_ctx_init(ctx, net, skb, nlh, family, table, NULL, nla); - return 0; - } - -@@ -2943,7 +2818,7 @@ static int nf_tables_dump_sets(struct sk - - list_for_each_entry_rcu(table, &net->nft.tables, list) { - if (ctx->family != NFPROTO_UNSPEC && -- ctx->family != table->afi->family) -+ ctx->family != table->family) - continue; - - if (ctx->table && ctx->table != table) -@@ -2964,7 +2839,7 @@ static int nf_tables_dump_sets(struct sk - - ctx_set = *ctx; - ctx_set.table = table; -- ctx_set.family = table->afi->family; -+ ctx_set.family = table->family; - - if (nf_tables_fill_set(skb, &ctx_set, set, - NFT_MSG_NEWSET, -@@ -3076,8 +2951,8 @@ static int nf_tables_newset(struct net * - { - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); - u8 genmask = nft_genmask_next(net); -+ int family = nfmsg->nfgen_family; - const struct nft_set_ops *ops; -- struct nft_af_info *afi; - struct nft_table *table; - struct nft_set *set; - struct nft_ctx ctx; -@@ -3184,16 +3059,12 @@ static int nf_tables_newset(struct net * - - create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; - -- afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, create); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- -- table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], afi->family, -+ table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], family, - genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); - - set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); - if (IS_ERR(set)) { -@@ -3455,19 +3326,15 @@ static int nft_ctx_init_from_elemattr(st - u8 genmask) - { - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); -- struct nft_af_info *afi; -+ int family = nfmsg->nfgen_family; - struct nft_table *table; - -- afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, false); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- - table = nf_tables_table_lookup(net, nla[NFTA_SET_ELEM_LIST_TABLE], -- afi->family, genmask); -+ family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -- nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); -+ nft_ctx_init(ctx, net, skb, nlh, family, table, NULL, nla); - return 0; - } - -@@ -3585,7 +3452,7 @@ static int nf_tables_dump_set(struct sk_ - rcu_read_lock(); - list_for_each_entry_rcu(table, &net->nft.tables, list) { - if (dump_ctx->ctx.family != NFPROTO_UNSPEC && -- dump_ctx->ctx.family != table->afi->family) -+ dump_ctx->ctx.family != table->family) - continue; - - if (table != dump_ctx->ctx.table) -@@ -3615,7 +3482,7 @@ static int nf_tables_dump_set(struct sk_ - goto nla_put_failure; - - nfmsg = nlmsg_data(nlh); -- nfmsg->nfgen_family = table->afi->family; -+ nfmsg->nfgen_family = table->family; - nfmsg->version = NFNETLINK_V0; - nfmsg->res_id = htons(net->nft.base_seq & 0xffff); - -@@ -4495,7 +4362,6 @@ static int nf_tables_newobj(struct net * - const struct nft_object_type *type; - u8 genmask = nft_genmask_next(net); - int family = nfmsg->nfgen_family; -- struct nft_af_info *afi; - struct nft_table *table; - struct nft_object *obj; - struct nft_ctx ctx; -@@ -4507,11 +4373,7 @@ static int nf_tables_newobj(struct net * - !nla[NFTA_OBJ_DATA]) - return -EINVAL; - -- afi = nf_tables_afinfo_lookup(net, family, true); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- -- table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, -+ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, - genmask); - if (IS_ERR(table)) - return PTR_ERR(table); -@@ -4530,7 +4392,7 @@ static int nf_tables_newobj(struct net * - return 0; - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); - - type = nft_obj_type_get(objtype); - if (IS_ERR(type)) -@@ -4622,7 +4484,7 @@ static int nf_tables_dump_obj(struct sk_ - cb->seq = net->nft.base_seq; - - list_for_each_entry_rcu(table, &net->nft.tables, list) { -- if (family != NFPROTO_UNSPEC && family != table->afi->family) -+ if (family != NFPROTO_UNSPEC && family != table->family) - continue; - - list_for_each_entry_rcu(obj, &table->objects, list) { -@@ -4645,7 +4507,7 @@ static int nf_tables_dump_obj(struct sk_ - cb->nlh->nlmsg_seq, - NFT_MSG_NEWOBJ, - NLM_F_MULTI | NLM_F_APPEND, -- table->afi->family, table, -+ table->family, table, - obj, reset) < 0) - goto done; - -@@ -4703,7 +4565,6 @@ static int nf_tables_getobj(struct net * - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); - u8 genmask = nft_genmask_cur(net); - int family = nfmsg->nfgen_family; -- const struct nft_af_info *afi; - const struct nft_table *table; - struct nft_object *obj; - struct sk_buff *skb2; -@@ -4734,11 +4595,7 @@ static int nf_tables_getobj(struct net * - !nla[NFTA_OBJ_TYPE]) - return -EINVAL; - -- afi = nf_tables_afinfo_lookup(net, family, false); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- -- table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, -+ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, - genmask); - if (IS_ERR(table)) - return PTR_ERR(table); -@@ -4785,7 +4642,6 @@ static int nf_tables_delobj(struct net * - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); - u8 genmask = nft_genmask_next(net); - int family = nfmsg->nfgen_family; -- struct nft_af_info *afi; - struct nft_table *table; - struct nft_object *obj; - struct nft_ctx ctx; -@@ -4795,11 +4651,7 @@ static int nf_tables_delobj(struct net * - !nla[NFTA_OBJ_NAME]) - return -EINVAL; - -- afi = nf_tables_afinfo_lookup(net, family, true); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- -- table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, -+ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, - genmask); - if (IS_ERR(table)) - return PTR_ERR(table); -@@ -4811,7 +4663,7 @@ static int nf_tables_delobj(struct net * - if (obj->use > 0) - return -EBUSY; - -- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); - - return nft_delobj(&ctx, obj); - } -@@ -4996,33 +4848,31 @@ err1: - return err; - } - --static const struct nf_flowtable_type * --__nft_flowtable_type_get(const struct nft_af_info *afi) -+static const struct nf_flowtable_type *__nft_flowtable_type_get(u8 family) - { - const struct nf_flowtable_type *type; - - list_for_each_entry(type, &nf_tables_flowtables, list) { -- if (afi->family == type->family) -+ if (family == type->family) - return type; - } - return NULL; - } - --static const struct nf_flowtable_type * --nft_flowtable_type_get(const struct nft_af_info *afi) -+static const struct nf_flowtable_type *nft_flowtable_type_get(u8 family) - { - const struct nf_flowtable_type *type; - -- type = __nft_flowtable_type_get(afi); -+ type = __nft_flowtable_type_get(family); - if (type != NULL && try_module_get(type->owner)) - return type; - - #ifdef CONFIG_MODULES - if (type == NULL) { - nfnl_unlock(NFNL_SUBSYS_NFTABLES); -- request_module("nf-flowtable-%u", afi->family); -+ request_module("nf-flowtable-%u", family); - nfnl_lock(NFNL_SUBSYS_NFTABLES); -- if (__nft_flowtable_type_get(afi)) -+ if (__nft_flowtable_type_get(family)) - return ERR_PTR(-EAGAIN); - } - #endif -@@ -5070,7 +4920,6 @@ static int nf_tables_newflowtable(struct - u8 genmask = nft_genmask_next(net); - int family = nfmsg->nfgen_family; - struct nft_flowtable *flowtable; -- struct nft_af_info *afi; - struct nft_table *table; - struct nft_ctx ctx; - int err, i, k; -@@ -5080,12 +4929,8 @@ static int nf_tables_newflowtable(struct - !nla[NFTA_FLOWTABLE_HOOK]) - return -EINVAL; - -- afi = nf_tables_afinfo_lookup(net, family, true); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- - table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], -- afi->family, genmask); -+ family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -5102,7 +4947,7 @@ static int nf_tables_newflowtable(struct - return 0; - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); - - flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); - if (!flowtable) -@@ -5115,7 +4960,7 @@ static int nf_tables_newflowtable(struct - goto err1; - } - -- type = nft_flowtable_type_get(afi); -+ type = nft_flowtable_type_get(family); - if (IS_ERR(type)) { - err = PTR_ERR(type); - goto err2; -@@ -5175,16 +5020,11 @@ static int nf_tables_delflowtable(struct - u8 genmask = nft_genmask_next(net); - int family = nfmsg->nfgen_family; - struct nft_flowtable *flowtable; -- struct nft_af_info *afi; - struct nft_table *table; - struct nft_ctx ctx; - -- afi = nf_tables_afinfo_lookup(net, family, true); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- - table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], -- afi->family, genmask); -+ family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -5195,7 +5035,7 @@ static int nf_tables_delflowtable(struct - if (flowtable->use > 0) - return -EBUSY; - -- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); - - return nft_delflowtable(&ctx, flowtable); - } -@@ -5270,7 +5110,7 @@ static int nf_tables_dump_flowtable(stru - cb->seq = net->nft.base_seq; - - list_for_each_entry_rcu(table, &net->nft.tables, list) { -- if (family != NFPROTO_UNSPEC && family != table->afi->family) -+ if (family != NFPROTO_UNSPEC && family != table->family) - continue; - - list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -@@ -5289,7 +5129,7 @@ static int nf_tables_dump_flowtable(stru - cb->nlh->nlmsg_seq, - NFT_MSG_NEWFLOWTABLE, - NLM_F_MULTI | NLM_F_APPEND, -- table->afi->family, flowtable) < 0) -+ table->family, flowtable) < 0) - goto done; - - nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -@@ -5349,7 +5189,6 @@ static int nf_tables_getflowtable(struct - u8 genmask = nft_genmask_cur(net); - int family = nfmsg->nfgen_family; - struct nft_flowtable *flowtable; -- const struct nft_af_info *afi; - const struct nft_table *table; - struct sk_buff *skb2; - int err; -@@ -5375,12 +5214,8 @@ static int nf_tables_getflowtable(struct - if (!nla[NFTA_FLOWTABLE_NAME]) - return -EINVAL; - -- afi = nf_tables_afinfo_lookup(net, family, false); -- if (IS_ERR(afi)) -- return PTR_ERR(afi); -- - table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], -- afi->family, genmask); -+ family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -6551,7 +6386,7 @@ int __nft_release_basechain(struct nft_c - } - EXPORT_SYMBOL_GPL(__nft_release_basechain); - --static void __nft_release_afinfo(struct net *net) -+static void __nft_release_tables(struct net *net) - { - struct nft_flowtable *flowtable, *nf; - struct nft_table *table, *nt; -@@ -6564,7 +6399,7 @@ static void __nft_release_afinfo(struct - }; - - list_for_each_entry_safe(table, nt, &net->nft.tables, list) { -- ctx.family = table->afi->family; -+ ctx.family = table->family; - - list_for_each_entry(chain, &table->chains, list) - nf_tables_unregister_hook(net, table, chain); -@@ -6616,7 +6451,7 @@ static int __net_init nf_tables_init_net - - static void __net_exit nf_tables_exit_net(struct net *net) - { -- __nft_release_afinfo(net); -+ __nft_release_tables(net); - WARN_ON_ONCE(!list_empty(&net->nft.tables)); - WARN_ON_ONCE(!list_empty(&net->nft.commit_list)); - } ---- a/net/netfilter/nf_tables_inet.c -+++ b/net/netfilter/nf_tables_inet.c -@@ -38,11 +38,6 @@ static unsigned int nft_do_chain_inet(vo - return nft_do_chain(&pkt, priv); - } - --static struct nft_af_info nft_af_inet __read_mostly = { -- .family = NFPROTO_INET, -- .owner = THIS_MODULE, --}; -- - static const struct nf_chain_type filter_inet = { - .name = "filter", - .type = NFT_CHAIN_T_DEFAULT, -@@ -64,26 +59,12 @@ static const struct nf_chain_type filter - - static int __init nf_tables_inet_init(void) - { -- int ret; -- -- if (nft_register_afinfo(&nft_af_inet) < 0) -- return ret; -- -- ret = nft_register_chain_type(&filter_inet); -- if (ret < 0) -- goto err_register_chain; -- -- return ret; -- --err_register_chain: -- nft_unregister_afinfo(&nft_af_inet); -- return ret; -+ return nft_register_chain_type(&filter_inet); - } - - static void __exit nf_tables_inet_exit(void) - { - nft_unregister_chain_type(&filter_inet); -- nft_unregister_afinfo(&nft_af_inet); - } - - module_init(nf_tables_inet_init); -@@ -91,4 +72,4 @@ module_exit(nf_tables_inet_exit); - - MODULE_LICENSE("GPL"); - MODULE_AUTHOR("Patrick McHardy "); --MODULE_ALIAS_NFT_FAMILY(1); -+MODULE_ALIAS_NFT_CHAIN(1, "filter"); ---- a/net/netfilter/nf_tables_netdev.c -+++ b/net/netfilter/nf_tables_netdev.c -@@ -38,11 +38,6 @@ nft_do_chain_netdev(void *priv, struct s - return nft_do_chain(&pkt, priv); - } - --static struct nft_af_info nft_af_netdev __read_mostly = { -- .family = NFPROTO_NETDEV, -- .owner = THIS_MODULE, --}; -- - static const struct nf_chain_type nft_filter_chain_netdev = { - .name = "filter", - .type = NFT_CHAIN_T_DEFAULT, -@@ -91,10 +86,10 @@ static int nf_tables_netdev_event(struct - - nfnl_lock(NFNL_SUBSYS_NFTABLES); - list_for_each_entry(table, &ctx.net->nft.tables, list) { -- if (table->afi->family != NFPROTO_NETDEV) -+ if (table->family != NFPROTO_NETDEV) - continue; - -- ctx.family = table->afi->family; -+ ctx.family = table->family; - ctx.table = table; - list_for_each_entry_safe(chain, nr, &table->chains, list) { - if (!nft_is_base_chain(chain)) -@@ -117,12 +112,9 @@ static int __init nf_tables_netdev_init( - { - int ret; - -- if (nft_register_afinfo(&nft_af_netdev) < 0) -- return ret; -- - ret = nft_register_chain_type(&nft_filter_chain_netdev); - if (ret) -- goto err_register_chain_type; -+ return ret; - - ret = register_netdevice_notifier(&nf_tables_netdev_notifier); - if (ret) -@@ -132,8 +124,6 @@ static int __init nf_tables_netdev_init( - - err_register_netdevice_notifier: - nft_unregister_chain_type(&nft_filter_chain_netdev); --err_register_chain_type: -- nft_unregister_afinfo(&nft_af_netdev); - - return ret; - } -@@ -142,7 +132,6 @@ static void __exit nf_tables_netdev_exit - { - unregister_netdevice_notifier(&nf_tables_netdev_notifier); - nft_unregister_chain_type(&nft_filter_chain_netdev); -- nft_unregister_afinfo(&nft_af_netdev); - } - - module_init(nf_tables_netdev_init); -@@ -150,4 +139,4 @@ module_exit(nf_tables_netdev_exit); - - MODULE_LICENSE("GPL"); - MODULE_AUTHOR("Pablo Neira Ayuso "); --MODULE_ALIAS_NFT_FAMILY(5); /* NFPROTO_NETDEV */ -+MODULE_ALIAS_NFT_CHAIN(5, "filter"); /* NFPROTO_NETDEV */ diff --git a/target/linux/generic/backport-4.19/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch b/target/linux/generic/backport-4.19/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch deleted file mode 100644 index 4b4206502c..0000000000 --- a/target/linux/generic/backport-4.19/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch +++ /dev/null @@ -1,47 +0,0 @@ -From: Pablo Neira Ayuso -Date: Thu, 1 Feb 2018 18:49:00 +0100 -Subject: [PATCH] netfilter: nft_flow_offload: wait for garbage collector - to run after cleanup - -If netdevice goes down, then flowtable entries are scheduled to be -removed. Wait for garbage collector to have a chance to run so it can -delete them from the hashtable. - -The flush call might sleep, so hold the nfnl mutex from -nft_flow_table_iterate() instead of rcu read side lock. The use of the -nfnl mutex is also implicitly fixing races between updates via nfnetlink -and netdevice event. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -4886,13 +4886,13 @@ void nft_flow_table_iterate(struct net * - struct nft_flowtable *flowtable; - const struct nft_table *table; - -- rcu_read_lock(); -- list_for_each_entry_rcu(table, &net->nft.tables, list) { -- list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -+ nfnl_lock(NFNL_SUBSYS_NFTABLES); -+ list_for_each_entry(table, &net->nft.tables, list) { -+ list_for_each_entry(flowtable, &table->flowtables, list) { - iter(&flowtable->data, data); - } - } -- rcu_read_unlock(); -+ nfnl_unlock(NFNL_SUBSYS_NFTABLES); - } - EXPORT_SYMBOL_GPL(nft_flow_table_iterate); - ---- a/net/netfilter/nft_flow_offload.c -+++ b/net/netfilter/nft_flow_offload.c -@@ -208,6 +208,7 @@ static void nft_flow_offload_iterate_cle - void *data) - { - nf_flow_table_iterate(flowtable, flow_offload_iterate_cleanup, data); -+ flush_delayed_work(&flowtable->gc_work); - } - - static int flow_offload_netdev_event(struct notifier_block *this, diff --git a/target/linux/generic/backport-4.19/340-v4.16-netfilter-nft_flow_offload-no-need-to-flush-entries-.patch b/target/linux/generic/backport-4.19/340-v4.16-netfilter-nft_flow_offload-no-need-to-flush-entries-.patch deleted file mode 100644 index 539550d542..0000000000 --- a/target/linux/generic/backport-4.19/340-v4.16-netfilter-nft_flow_offload-no-need-to-flush-entries-.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: Pablo Neira Ayuso -Date: Thu, 1 Feb 2018 18:49:01 +0100 -Subject: [PATCH] netfilter: nft_flow_offload: no need to flush entries on - module removal - -nft_flow_offload module removal does not require to flush existing -flowtables, it is valid to remove this module while keeping flowtables -around. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/net/netfilter/nft_flow_offload.c -+++ b/net/netfilter/nft_flow_offload.c -@@ -247,14 +247,8 @@ register_expr: - - static void __exit nft_flow_offload_module_exit(void) - { -- struct net *net; -- - nft_unregister_expr(&nft_flow_offload_type); - unregister_netdevice_notifier(&flow_offload_netdev_notifier); -- rtnl_lock(); -- for_each_net(net) -- nft_flow_table_iterate(net, nft_flow_offload_iterate_cleanup, NULL); -- rtnl_unlock(); - } - - module_init(nft_flow_offload_module_init); diff --git a/target/linux/generic/backport-4.19/341-v4.16-netfilter-nft_flow_offload-move-flowtable-cleanup-ro.patch b/target/linux/generic/backport-4.19/341-v4.16-netfilter-nft_flow_offload-move-flowtable-cleanup-ro.patch deleted file mode 100644 index 9ee0ad5936..0000000000 --- a/target/linux/generic/backport-4.19/341-v4.16-netfilter-nft_flow_offload-move-flowtable-cleanup-ro.patch +++ /dev/null @@ -1,97 +0,0 @@ -From: Pablo Neira Ayuso -Date: Tue, 23 Jan 2018 17:46:09 +0100 -Subject: [PATCH] netfilter: nft_flow_offload: move flowtable cleanup - routines to nf_flow_table - -Move the flowtable cleanup routines to nf_flow_table and expose the -nf_flow_table_cleanup() helper function. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/net/netfilter/nf_flow_table.h -+++ b/include/net/netfilter/nf_flow_table.h -@@ -95,6 +95,9 @@ struct flow_offload_tuple_rhash *flow_of - int nf_flow_table_iterate(struct nf_flowtable *flow_table, - void (*iter)(struct flow_offload *flow, void *data), - void *data); -+ -+void nf_flow_table_cleanup(struct net *net, struct net_device *dev); -+ - void nf_flow_offload_work_gc(struct work_struct *work); - extern const struct rhashtable_params nf_flow_offload_rhash_params; - ---- a/net/netfilter/nf_flow_table.c -+++ b/net/netfilter/nf_flow_table.c -@@ -4,6 +4,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -425,5 +426,28 @@ int nf_flow_dnat_port(const struct flow_ - } - EXPORT_SYMBOL_GPL(nf_flow_dnat_port); - -+static void nf_flow_table_do_cleanup(struct flow_offload *flow, void *data) -+{ -+ struct net_device *dev = data; -+ -+ if (dev && flow->tuplehash[0].tuple.iifidx != dev->ifindex) -+ return; -+ -+ flow_offload_dead(flow); -+} -+ -+static void nf_flow_table_iterate_cleanup(struct nf_flowtable *flowtable, -+ void *data) -+{ -+ nf_flow_table_iterate(flowtable, nf_flow_table_do_cleanup, data); -+ flush_delayed_work(&flowtable->gc_work); -+} -+ -+void nf_flow_table_cleanup(struct net *net, struct net_device *dev) -+{ -+ nft_flow_table_iterate(net, nf_flow_table_iterate_cleanup, dev); -+} -+EXPORT_SYMBOL_GPL(nf_flow_table_cleanup); -+ - MODULE_LICENSE("GPL"); - MODULE_AUTHOR("Pablo Neira Ayuso "); ---- a/net/netfilter/nft_flow_offload.c -+++ b/net/netfilter/nft_flow_offload.c -@@ -194,23 +194,6 @@ static struct nft_expr_type nft_flow_off - .owner = THIS_MODULE, - }; - --static void flow_offload_iterate_cleanup(struct flow_offload *flow, void *data) --{ -- struct net_device *dev = data; -- -- if (dev && flow->tuplehash[0].tuple.iifidx != dev->ifindex) -- return; -- -- flow_offload_dead(flow); --} -- --static void nft_flow_offload_iterate_cleanup(struct nf_flowtable *flowtable, -- void *data) --{ -- nf_flow_table_iterate(flowtable, flow_offload_iterate_cleanup, data); -- flush_delayed_work(&flowtable->gc_work); --} -- - static int flow_offload_netdev_event(struct notifier_block *this, - unsigned long event, void *ptr) - { -@@ -219,7 +202,7 @@ static int flow_offload_netdev_event(str - if (event != NETDEV_DOWN) - return NOTIFY_DONE; - -- nft_flow_table_iterate(dev_net(dev), nft_flow_offload_iterate_cleanup, dev); -+ nf_flow_table_cleanup(dev_net(dev), dev); - - return NOTIFY_DONE; - } diff --git a/target/linux/generic/backport-4.19/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch b/target/linux/generic/backport-4.19/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch deleted file mode 100644 index 670d2ca6d4..0000000000 --- a/target/linux/generic/backport-4.19/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch +++ /dev/null @@ -1,140 +0,0 @@ -From: Pablo Neira Ayuso -Date: Mon, 5 Feb 2018 21:44:50 +0100 -Subject: [PATCH] netfilter: nf_tables: fix flowtable free - -Every flow_offload entry is added into the table twice. Because of this, -rhashtable_free_and_destroy can't be used, since it would call kfree for -each flow_offload object twice. - -This patch adds a call to nf_flow_table_iterate_cleanup() to schedule -removal of entries, then there is an explicitly invocation of the -garbage collector to clean up resources. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/net/netfilter/nf_flow_table.h -+++ b/include/net/netfilter/nf_flow_table.h -@@ -14,6 +14,7 @@ struct nf_flowtable_type { - struct list_head list; - int family; - void (*gc)(struct work_struct *work); -+ void (*free)(struct nf_flowtable *ft); - const struct rhashtable_params *params; - nf_hookfn *hook; - struct module *owner; -@@ -98,6 +99,7 @@ int nf_flow_table_iterate(struct nf_flow - - void nf_flow_table_cleanup(struct net *net, struct net_device *dev); - -+void nf_flow_table_free(struct nf_flowtable *flow_table); - void nf_flow_offload_work_gc(struct work_struct *work); - extern const struct rhashtable_params nf_flow_offload_rhash_params; - ---- a/net/ipv4/netfilter/nf_flow_table_ipv4.c -+++ b/net/ipv4/netfilter/nf_flow_table_ipv4.c -@@ -260,6 +260,7 @@ static struct nf_flowtable_type flowtabl - .family = NFPROTO_IPV4, - .params = &nf_flow_offload_rhash_params, - .gc = nf_flow_offload_work_gc, -+ .free = nf_flow_table_free, - .hook = nf_flow_offload_ip_hook, - .owner = THIS_MODULE, - }; ---- a/net/ipv6/netfilter/nf_flow_table_ipv6.c -+++ b/net/ipv6/netfilter/nf_flow_table_ipv6.c -@@ -254,6 +254,7 @@ static struct nf_flowtable_type flowtabl - .family = NFPROTO_IPV6, - .params = &nf_flow_offload_rhash_params, - .gc = nf_flow_offload_work_gc, -+ .free = nf_flow_table_free, - .hook = nf_flow_offload_ipv6_hook, - .owner = THIS_MODULE, - }; ---- a/net/netfilter/nf_flow_table.c -+++ b/net/netfilter/nf_flow_table.c -@@ -232,19 +232,16 @@ static inline bool nf_flow_is_dying(cons - return flow->flags & FLOW_OFFLOAD_DYING; - } - --void nf_flow_offload_work_gc(struct work_struct *work) -+static int nf_flow_offload_gc_step(struct nf_flowtable *flow_table) - { - struct flow_offload_tuple_rhash *tuplehash; -- struct nf_flowtable *flow_table; - struct rhashtable_iter hti; - struct flow_offload *flow; - int err; - -- flow_table = container_of(work, struct nf_flowtable, gc_work.work); -- - err = rhashtable_walk_init(&flow_table->rhashtable, &hti, GFP_KERNEL); - if (err) -- goto schedule; -+ return 0; - - rhashtable_walk_start(&hti); - -@@ -270,7 +267,16 @@ void nf_flow_offload_work_gc(struct work - out: - rhashtable_walk_stop(&hti); - rhashtable_walk_exit(&hti); --schedule: -+ -+ return 1; -+} -+ -+void nf_flow_offload_work_gc(struct work_struct *work) -+{ -+ struct nf_flowtable *flow_table; -+ -+ flow_table = container_of(work, struct nf_flowtable, gc_work.work); -+ nf_flow_offload_gc_step(flow_table); - queue_delayed_work(system_power_efficient_wq, &flow_table->gc_work, HZ); - } - EXPORT_SYMBOL_GPL(nf_flow_offload_work_gc); -@@ -449,5 +455,12 @@ void nf_flow_table_cleanup(struct net *n - } - EXPORT_SYMBOL_GPL(nf_flow_table_cleanup); - -+void nf_flow_table_free(struct nf_flowtable *flow_table) -+{ -+ nf_flow_table_iterate(flow_table, nf_flow_table_do_cleanup, NULL); -+ WARN_ON(!nf_flow_offload_gc_step(flow_table)); -+} -+EXPORT_SYMBOL_GPL(nf_flow_table_free); -+ - MODULE_LICENSE("GPL"); - MODULE_AUTHOR("Pablo Neira Ayuso "); ---- a/net/netfilter/nf_flow_table_inet.c -+++ b/net/netfilter/nf_flow_table_inet.c -@@ -24,6 +24,7 @@ static struct nf_flowtable_type flowtabl - .family = NFPROTO_INET, - .params = &nf_flow_offload_rhash_params, - .gc = nf_flow_offload_work_gc, -+ .free = nf_flow_table_free, - .hook = nf_flow_offload_inet_hook, - .owner = THIS_MODULE, - }; ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -5271,17 +5271,12 @@ err: - nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS); - } - --static void nft_flowtable_destroy(void *ptr, void *arg) --{ -- kfree(ptr); --} -- - static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable) - { - cancel_delayed_work_sync(&flowtable->data.gc_work); - kfree(flowtable->name); -- rhashtable_free_and_destroy(&flowtable->data.rhashtable, -- nft_flowtable_destroy, NULL); -+ flowtable->data.type->free(&flowtable->data); -+ rhashtable_destroy(&flowtable->data.rhashtable); - module_put(flowtable->data.type->owner); - } - diff --git a/target/linux/generic/backport-4.19/343-netfilter-nft_flow_offload-handle-netdevice-events-f.patch b/target/linux/generic/backport-4.19/343-netfilter-nft_flow_offload-handle-netdevice-events-f.patch index 7f35cd7c60..0badce1b73 100644 --- a/target/linux/generic/backport-4.19/343-netfilter-nft_flow_offload-handle-netdevice-events-f.patch +++ b/target/linux/generic/backport-4.19/343-netfilter-nft_flow_offload-handle-netdevice-events-f.patch @@ -8,9 +8,9 @@ Move the code that deals with device events to the core. Signed-off-by: Pablo Neira Ayuso --- ---- a/net/netfilter/nf_flow_table.c -+++ b/net/netfilter/nf_flow_table.c -@@ -462,5 +462,35 @@ void nf_flow_table_free(struct nf_flowta +--- a/net/netfilter/nf_flow_table_core.c ++++ b/net/netfilter/nf_flow_table_core.c +@@ -519,5 +519,35 @@ void nf_flow_table_free(struct nf_flowta } EXPORT_SYMBOL_GPL(nf_flow_table_free); @@ -48,7 +48,7 @@ Signed-off-by: Pablo Neira Ayuso MODULE_AUTHOR("Pablo Neira Ayuso "); --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c -@@ -194,44 +194,14 @@ static struct nft_expr_type nft_flow_off +@@ -193,44 +193,14 @@ static struct nft_expr_type nft_flow_off .owner = THIS_MODULE, }; diff --git a/target/linux/generic/backport-4.19/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch b/target/linux/generic/backport-4.19/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch deleted file mode 100644 index 98ec5d1b7c..0000000000 --- a/target/linux/generic/backport-4.19/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch +++ /dev/null @@ -1,468 +0,0 @@ -From: Harsha Sharma -Date: Wed, 27 Dec 2017 00:59:00 +0530 -Subject: [PATCH] netfilter: nf_tables: allocate handle and delete objects via - handle - -This patch allows deletion of objects via unique handle which can be -listed via '-a' option. - -Signed-off-by: Harsha Sharma -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/include/net/netfilter/nf_tables.h -+++ b/include/net/netfilter/nf_tables.h -@@ -370,6 +370,7 @@ void nft_unregister_set(struct nft_set_t - * @list: table set list node - * @bindings: list of set bindings - * @name: name of the set -+ * @handle: unique handle of the set - * @ktype: key type (numeric type defined by userspace, not used in the kernel) - * @dtype: data type (verdict or numeric type defined by userspace) - * @objtype: object type (see NFT_OBJECT_* definitions) -@@ -392,6 +393,7 @@ struct nft_set { - struct list_head list; - struct list_head bindings; - char *name; -+ u64 handle; - u32 ktype; - u32 dtype; - u32 objtype; -@@ -941,6 +943,7 @@ unsigned int nft_do_chain(struct nft_pkt - * @objects: stateful objects in the table - * @flowtables: flow tables in the table - * @hgenerator: handle generator state -+ * @handle: table handle - * @use: number of chain references to this table - * @flags: table flag (see enum nft_table_flags) - * @genmask: generation mask -@@ -954,6 +957,7 @@ struct nft_table { - struct list_head objects; - struct list_head flowtables; - u64 hgenerator; -+ u64 handle; - u32 use; - u16 family:6, - flags:8, -@@ -978,9 +982,9 @@ int nft_verdict_dump(struct sk_buff *skb - * @name: name of this stateful object - * @genmask: generation mask - * @use: number of references to this stateful object -- * @data: object data, layout depends on type -+ * @handle: unique object handle - * @ops: object operations -- * @data: pointer to object data -+ * @data: object data, layout depends on type - */ - struct nft_object { - struct list_head list; -@@ -988,6 +992,7 @@ struct nft_object { - struct nft_table *table; - u32 genmask:2, - use:30; -+ u64 handle; - /* runtime data below here */ - const struct nft_object_ops *ops ____cacheline_aligned; - unsigned char data[] -@@ -1069,6 +1074,7 @@ void nft_unregister_obj(struct nft_objec - * @ops_len: number of hooks in array - * @genmask: generation mask - * @use: number of references to this flow table -+ * @handle: unique object handle - * @data: rhashtable and garbage collector - * @ops: array of hooks - */ -@@ -1081,6 +1087,7 @@ struct nft_flowtable { - int ops_len; - u32 genmask:2, - use:30; -+ u64 handle; - /* runtime data below here */ - struct nf_hook_ops *ops ____cacheline_aligned; - struct nf_flowtable data; ---- a/include/uapi/linux/netfilter/nf_tables.h -+++ b/include/uapi/linux/netfilter/nf_tables.h -@@ -174,6 +174,8 @@ enum nft_table_attributes { - NFTA_TABLE_NAME, - NFTA_TABLE_FLAGS, - NFTA_TABLE_USE, -+ NFTA_TABLE_HANDLE, -+ NFTA_TABLE_PAD, - __NFTA_TABLE_MAX - }; - #define NFTA_TABLE_MAX (__NFTA_TABLE_MAX - 1) -@@ -317,6 +319,7 @@ enum nft_set_desc_attributes { - * @NFTA_SET_GC_INTERVAL: garbage collection interval (NLA_U32) - * @NFTA_SET_USERDATA: user data (NLA_BINARY) - * @NFTA_SET_OBJ_TYPE: stateful object type (NLA_U32: NFT_OBJECT_*) -+ * @NFTA_SET_HANDLE: set handle (NLA_U64) - */ - enum nft_set_attributes { - NFTA_SET_UNSPEC, -@@ -335,6 +338,7 @@ enum nft_set_attributes { - NFTA_SET_USERDATA, - NFTA_SET_PAD, - NFTA_SET_OBJ_TYPE, -+ NFTA_SET_HANDLE, - __NFTA_SET_MAX - }; - #define NFTA_SET_MAX (__NFTA_SET_MAX - 1) -@@ -1314,6 +1318,7 @@ enum nft_ct_helper_attributes { - * @NFTA_OBJ_TYPE: stateful object type (NLA_U32) - * @NFTA_OBJ_DATA: stateful object data (NLA_NESTED) - * @NFTA_OBJ_USE: number of references to this expression (NLA_U32) -+ * @NFTA_OBJ_HANDLE: object handle (NLA_U64) - */ - enum nft_object_attributes { - NFTA_OBJ_UNSPEC, -@@ -1322,6 +1327,8 @@ enum nft_object_attributes { - NFTA_OBJ_TYPE, - NFTA_OBJ_DATA, - NFTA_OBJ_USE, -+ NFTA_OBJ_HANDLE, -+ NFTA_OBJ_PAD, - __NFTA_OBJ_MAX - }; - #define NFTA_OBJ_MAX (__NFTA_OBJ_MAX - 1) -@@ -1333,6 +1340,7 @@ enum nft_object_attributes { - * @NFTA_FLOWTABLE_NAME: name of this flow table (NLA_STRING) - * @NFTA_FLOWTABLE_HOOK: netfilter hook configuration(NLA_U32) - * @NFTA_FLOWTABLE_USE: number of references to this flow table (NLA_U32) -+ * @NFTA_FLOWTABLE_HANDLE: object handle (NLA_U64) - */ - enum nft_flowtable_attributes { - NFTA_FLOWTABLE_UNSPEC, -@@ -1340,6 +1348,8 @@ enum nft_flowtable_attributes { - NFTA_FLOWTABLE_NAME, - NFTA_FLOWTABLE_HOOK, - NFTA_FLOWTABLE_USE, -+ NFTA_FLOWTABLE_HANDLE, -+ NFTA_FLOWTABLE_PAD, - __NFTA_FLOWTABLE_MAX - }; - #define NFTA_FLOWTABLE_MAX (__NFTA_FLOWTABLE_MAX - 1) ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -26,6 +26,7 @@ - static LIST_HEAD(nf_tables_expressions); - static LIST_HEAD(nf_tables_objects); - static LIST_HEAD(nf_tables_flowtables); -+static u64 table_handle; - - static void nft_ctx_init(struct nft_ctx *ctx, - struct net *net, -@@ -361,6 +362,20 @@ static struct nft_table *nft_table_looku - return NULL; - } - -+static struct nft_table *nft_table_lookup_byhandle(const struct net *net, -+ const struct nlattr *nla, -+ u8 genmask) -+{ -+ struct nft_table *table; -+ -+ list_for_each_entry(table, &net->nft.tables, list) { -+ if (be64_to_cpu(nla_get_be64(nla)) == table->handle && -+ nft_active_genmask(table, genmask)) -+ return table; -+ } -+ return NULL; -+} -+ - static struct nft_table *nf_tables_table_lookup(const struct net *net, - const struct nlattr *nla, - u8 family, u8 genmask) -@@ -377,6 +392,22 @@ static struct nft_table *nf_tables_table - return ERR_PTR(-ENOENT); - } - -+static struct nft_table *nf_tables_table_lookup_byhandle(const struct net *net, -+ const struct nlattr *nla, -+ u8 genmask) -+{ -+ struct nft_table *table; -+ -+ if (nla == NULL) -+ return ERR_PTR(-EINVAL); -+ -+ table = nft_table_lookup_byhandle(net, nla, genmask); -+ if (table != NULL) -+ return table; -+ -+ return ERR_PTR(-ENOENT); -+} -+ - static inline u64 nf_tables_alloc_handle(struct nft_table *table) - { - return ++table->hgenerator; -@@ -423,6 +454,7 @@ static const struct nla_policy nft_table - [NFTA_TABLE_NAME] = { .type = NLA_STRING, - .len = NFT_TABLE_MAXNAMELEN - 1 }, - [NFTA_TABLE_FLAGS] = { .type = NLA_U32 }, -+ [NFTA_TABLE_HANDLE] = { .type = NLA_U64 }, - }; - - static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net, -@@ -444,7 +476,9 @@ static int nf_tables_fill_table_info(str - - if (nla_put_string(skb, NFTA_TABLE_NAME, table->name) || - nla_put_be32(skb, NFTA_TABLE_FLAGS, htonl(table->flags)) || -- nla_put_be32(skb, NFTA_TABLE_USE, htonl(table->use))) -+ nla_put_be32(skb, NFTA_TABLE_USE, htonl(table->use)) || -+ nla_put_be64(skb, NFTA_TABLE_HANDLE, cpu_to_be64(table->handle), -+ NFTA_TABLE_PAD)) - goto nla_put_failure; - - nlmsg_end(skb, nlh); -@@ -703,6 +737,7 @@ static int nf_tables_newtable(struct net - INIT_LIST_HEAD(&table->flowtables); - table->family = family; - table->flags = flags; -+ table->handle = ++table_handle; - - nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); - err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE); -@@ -820,11 +855,18 @@ static int nf_tables_deltable(struct net - struct nft_ctx ctx; - - nft_ctx_init(&ctx, net, skb, nlh, 0, NULL, NULL, nla); -- if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL) -+ if (family == AF_UNSPEC || -+ (!nla[NFTA_TABLE_NAME] && !nla[NFTA_TABLE_HANDLE])) - return nft_flush(&ctx, family); - -- table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], family, -- genmask); -+ if (nla[NFTA_TABLE_HANDLE]) -+ table = nf_tables_table_lookup_byhandle(net, -+ nla[NFTA_TABLE_HANDLE], -+ genmask); -+ else -+ table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], -+ family, genmask); -+ - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -1581,6 +1623,7 @@ static int nf_tables_delchain(struct net - struct nft_rule *rule; - int family = nfmsg->nfgen_family; - struct nft_ctx ctx; -+ u64 handle; - u32 use; - int err; - -@@ -1589,7 +1632,12 @@ static int nf_tables_delchain(struct net - if (IS_ERR(table)) - return PTR_ERR(table); - -- chain = nf_tables_chain_lookup(table, nla[NFTA_CHAIN_NAME], genmask); -+ if (nla[NFTA_CHAIN_HANDLE]) { -+ handle = be64_to_cpu(nla_get_be64(nla[NFTA_CHAIN_HANDLE])); -+ chain = nf_tables_chain_lookup_byhandle(table, handle, genmask); -+ } else { -+ chain = nf_tables_chain_lookup(table, nla[NFTA_CHAIN_NAME], genmask); -+ } - if (IS_ERR(chain)) - return PTR_ERR(chain); - -@@ -2563,6 +2611,7 @@ static const struct nla_policy nft_set_p - [NFTA_SET_USERDATA] = { .type = NLA_BINARY, - .len = NFT_USERDATA_MAXLEN }, - [NFTA_SET_OBJ_TYPE] = { .type = NLA_U32 }, -+ [NFTA_SET_HANDLE] = { .type = NLA_U64 }, - }; - - static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = { -@@ -2606,6 +2655,22 @@ static struct nft_set *nf_tables_set_loo - return ERR_PTR(-ENOENT); - } - -+static struct nft_set *nf_tables_set_lookup_byhandle(const struct nft_table *table, -+ const struct nlattr *nla, u8 genmask) -+{ -+ struct nft_set *set; -+ -+ if (nla == NULL) -+ return ERR_PTR(-EINVAL); -+ -+ list_for_each_entry(set, &table->sets, list) { -+ if (be64_to_cpu(nla_get_be64(nla)) == set->handle && -+ nft_active_genmask(set, genmask)) -+ return set; -+ } -+ return ERR_PTR(-ENOENT); -+} -+ - static struct nft_set *nf_tables_set_lookup_byid(const struct net *net, - const struct nlattr *nla, - u8 genmask) -@@ -2722,6 +2787,9 @@ static int nf_tables_fill_set(struct sk_ - goto nla_put_failure; - if (nla_put_string(skb, NFTA_SET_NAME, set->name)) - goto nla_put_failure; -+ if (nla_put_be64(skb, NFTA_SET_HANDLE, cpu_to_be64(set->handle), -+ NFTA_SET_PAD)) -+ goto nla_put_failure; - if (set->flags != 0) - if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags))) - goto nla_put_failure; -@@ -3130,6 +3198,7 @@ static int nf_tables_newset(struct net * - set->udata = udata; - set->timeout = timeout; - set->gc_int = gc_int; -+ set->handle = nf_tables_alloc_handle(table); - - err = ops->init(set, &desc, nla); - if (err < 0) -@@ -3189,7 +3258,10 @@ static int nf_tables_delset(struct net * - if (err < 0) - return err; - -- set = nf_tables_set_lookup(ctx.table, nla[NFTA_SET_NAME], genmask); -+ if (nla[NFTA_SET_HANDLE]) -+ set = nf_tables_set_lookup_byhandle(ctx.table, nla[NFTA_SET_HANDLE], genmask); -+ else -+ set = nf_tables_set_lookup(ctx.table, nla[NFTA_SET_NAME], genmask); - if (IS_ERR(set)) - return PTR_ERR(set); - -@@ -4250,6 +4322,21 @@ struct nft_object *nf_tables_obj_lookup( - } - EXPORT_SYMBOL_GPL(nf_tables_obj_lookup); - -+struct nft_object *nf_tables_obj_lookup_byhandle(const struct nft_table *table, -+ const struct nlattr *nla, -+ u32 objtype, u8 genmask) -+{ -+ struct nft_object *obj; -+ -+ list_for_each_entry(obj, &table->objects, list) { -+ if (be64_to_cpu(nla_get_be64(nla)) == obj->handle && -+ objtype == obj->ops->type->type && -+ nft_active_genmask(obj, genmask)) -+ return obj; -+ } -+ return ERR_PTR(-ENOENT); -+} -+ - static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = { - [NFTA_OBJ_TABLE] = { .type = NLA_STRING, - .len = NFT_TABLE_MAXNAMELEN - 1 }, -@@ -4257,6 +4344,7 @@ static const struct nla_policy nft_obj_p - .len = NFT_OBJ_MAXNAMELEN - 1 }, - [NFTA_OBJ_TYPE] = { .type = NLA_U32 }, - [NFTA_OBJ_DATA] = { .type = NLA_NESTED }, -+ [NFTA_OBJ_HANDLE] = { .type = NLA_U64}, - }; - - static struct nft_object *nft_obj_init(const struct nft_ctx *ctx, -@@ -4404,6 +4492,8 @@ static int nf_tables_newobj(struct net * - goto err1; - } - obj->table = table; -+ obj->handle = nf_tables_alloc_handle(table); -+ - obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL); - if (!obj->name) { - err = -ENOMEM; -@@ -4450,7 +4540,9 @@ static int nf_tables_fill_obj_info(struc - nla_put_string(skb, NFTA_OBJ_NAME, obj->name) || - nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) || - nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) || -- nft_object_dump(skb, NFTA_OBJ_DATA, obj, reset)) -+ nft_object_dump(skb, NFTA_OBJ_DATA, obj, reset) || -+ nla_put_be64(skb, NFTA_OBJ_HANDLE, cpu_to_be64(obj->handle), -+ NFTA_OBJ_PAD)) - goto nla_put_failure; - - nlmsg_end(skb, nlh); -@@ -4648,7 +4740,7 @@ static int nf_tables_delobj(struct net * - u32 objtype; - - if (!nla[NFTA_OBJ_TYPE] || -- !nla[NFTA_OBJ_NAME]) -+ (!nla[NFTA_OBJ_NAME] && !nla[NFTA_OBJ_HANDLE])) - return -EINVAL; - - table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, -@@ -4657,7 +4749,12 @@ static int nf_tables_delobj(struct net * - return PTR_ERR(table); - - objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE])); -- obj = nf_tables_obj_lookup(table, nla[NFTA_OBJ_NAME], objtype, genmask); -+ if (nla[NFTA_OBJ_HANDLE]) -+ obj = nf_tables_obj_lookup_byhandle(table, nla[NFTA_OBJ_HANDLE], -+ objtype, genmask); -+ else -+ obj = nf_tables_obj_lookup(table, nla[NFTA_OBJ_NAME], -+ objtype, genmask); - if (IS_ERR(obj)) - return PTR_ERR(obj); - if (obj->use > 0) -@@ -4729,6 +4826,7 @@ static const struct nla_policy nft_flowt - [NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING, - .len = NFT_NAME_MAXLEN - 1 }, - [NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED }, -+ [NFTA_FLOWTABLE_HANDLE] = { .type = NLA_U64 }, - }; - - struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, -@@ -4746,6 +4844,20 @@ struct nft_flowtable *nf_tables_flowtabl - } - EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup); - -+struct nft_flowtable * -+nf_tables_flowtable_lookup_byhandle(const struct nft_table *table, -+ const struct nlattr *nla, u8 genmask) -+{ -+ struct nft_flowtable *flowtable; -+ -+ list_for_each_entry(flowtable, &table->flowtables, list) { -+ if (be64_to_cpu(nla_get_be64(nla)) == flowtable->handle && -+ nft_active_genmask(flowtable, genmask)) -+ return flowtable; -+ } -+ return ERR_PTR(-ENOENT); -+} -+ - #define NFT_FLOWTABLE_DEVICE_MAX 8 - - static int nf_tables_parse_devices(const struct nft_ctx *ctx, -@@ -4954,6 +5066,8 @@ static int nf_tables_newflowtable(struct - return -ENOMEM; - - flowtable->table = table; -+ flowtable->handle = nf_tables_alloc_handle(table); -+ - flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL); - if (!flowtable->name) { - err = -ENOMEM; -@@ -5028,8 +5142,14 @@ static int nf_tables_delflowtable(struct - if (IS_ERR(table)) - return PTR_ERR(table); - -- flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME], -- genmask); -+ if (nla[NFTA_FLOWTABLE_HANDLE]) -+ flowtable = nf_tables_flowtable_lookup_byhandle(table, -+ nla[NFTA_FLOWTABLE_HANDLE], -+ genmask); -+ else -+ flowtable = nf_tables_flowtable_lookup(table, -+ nla[NFTA_FLOWTABLE_NAME], -+ genmask); - if (IS_ERR(flowtable)) - return PTR_ERR(flowtable); - if (flowtable->use > 0) -@@ -5062,7 +5182,9 @@ static int nf_tables_fill_flowtable_info - - if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) || - nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || -- nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use))) -+ nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) || -+ nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle), -+ NFTA_FLOWTABLE_PAD)) - goto nla_put_failure; - - nest = nla_nest_start(skb, NFTA_FLOWTABLE_HOOK); diff --git a/target/linux/generic/backport-4.19/345-v4.16-netfilter-nf_flow_offload-fix-use-after-free-and-a-r.patch b/target/linux/generic/backport-4.19/345-v4.16-netfilter-nf_flow_offload-fix-use-after-free-and-a-r.patch deleted file mode 100644 index 331f22d19a..0000000000 --- a/target/linux/generic/backport-4.19/345-v4.16-netfilter-nf_flow_offload-fix-use-after-free-and-a-r.patch +++ /dev/null @@ -1,95 +0,0 @@ -From: Felix Fietkau -Date: Wed, 7 Feb 2018 09:23:25 +0100 -Subject: [PATCH] netfilter: nf_flow_offload: fix use-after-free and a resource - leak - -flow_offload_del frees the flow, so all associated resource must be -freed before. - -Since the ct entry in struct flow_offload_entry was allocated by -flow_offload_alloc, it should be freed by flow_offload_free to take care -of the error handling path when flow_offload_add fails. - -While at it, make flow_offload_del static, since it should never be -called directly, only from the gc step - -Signed-off-by: Felix Fietkau ---- - ---- a/include/net/netfilter/nf_flow_table.h -+++ b/include/net/netfilter/nf_flow_table.h -@@ -90,7 +90,6 @@ struct flow_offload *flow_offload_alloc( - void flow_offload_free(struct flow_offload *flow); - - int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow); --void flow_offload_del(struct nf_flowtable *flow_table, struct flow_offload *flow); - struct flow_offload_tuple_rhash *flow_offload_lookup(struct nf_flowtable *flow_table, - struct flow_offload_tuple *tuple); - int nf_flow_table_iterate(struct nf_flowtable *flow_table, ---- a/net/netfilter/nf_flow_table.c -+++ b/net/netfilter/nf_flow_table.c -@@ -125,7 +125,9 @@ void flow_offload_free(struct flow_offlo - dst_release(flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_cache); - dst_release(flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_cache); - e = container_of(flow, struct flow_offload_entry, flow); -- kfree(e); -+ nf_ct_delete(e->ct, 0, 0); -+ nf_ct_put(e->ct); -+ kfree_rcu(e, rcu_head); - } - EXPORT_SYMBOL_GPL(flow_offload_free); - -@@ -149,11 +151,9 @@ int flow_offload_add(struct nf_flowtable - } - EXPORT_SYMBOL_GPL(flow_offload_add); - --void flow_offload_del(struct nf_flowtable *flow_table, -- struct flow_offload *flow) -+static void flow_offload_del(struct nf_flowtable *flow_table, -+ struct flow_offload *flow) - { -- struct flow_offload_entry *e; -- - rhashtable_remove_fast(&flow_table->rhashtable, - &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node, - *flow_table->type->params); -@@ -161,10 +161,8 @@ void flow_offload_del(struct nf_flowtabl - &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node, - *flow_table->type->params); - -- e = container_of(flow, struct flow_offload_entry, flow); -- kfree_rcu(e, rcu_head); -+ flow_offload_free(flow); - } --EXPORT_SYMBOL_GPL(flow_offload_del); - - struct flow_offload_tuple_rhash * - flow_offload_lookup(struct nf_flowtable *flow_table, -@@ -175,15 +173,6 @@ flow_offload_lookup(struct nf_flowtable - } - EXPORT_SYMBOL_GPL(flow_offload_lookup); - --static void nf_flow_release_ct(const struct flow_offload *flow) --{ -- struct flow_offload_entry *e; -- -- e = container_of(flow, struct flow_offload_entry, flow); -- nf_ct_delete(e->ct, 0, 0); -- nf_ct_put(e->ct); --} -- - int nf_flow_table_iterate(struct nf_flowtable *flow_table, - void (*iter)(struct flow_offload *flow, void *data), - void *data) -@@ -259,10 +248,8 @@ static int nf_flow_offload_gc_step(struc - flow = container_of(tuplehash, struct flow_offload, tuplehash[0]); - - if (nf_flow_has_expired(flow) || -- nf_flow_is_dying(flow)) { -+ nf_flow_is_dying(flow)) - flow_offload_del(flow_table, flow); -- nf_flow_release_ct(flow); -- } - } - out: - rhashtable_walk_stop(&hti); diff --git a/target/linux/generic/backport-4.19/346-v4.16-netfilter-flowtable-infrastructure-depends-on-NETFIL.patch b/target/linux/generic/backport-4.19/346-v4.16-netfilter-flowtable-infrastructure-depends-on-NETFIL.patch deleted file mode 100644 index bb8c2d3e5a..0000000000 --- a/target/linux/generic/backport-4.19/346-v4.16-netfilter-flowtable-infrastructure-depends-on-NETFIL.patch +++ /dev/null @@ -1,73 +0,0 @@ -From: Pablo Neira Ayuso -Date: Wed, 31 Jan 2018 18:13:39 +0100 -Subject: [PATCH] netfilter: flowtable infrastructure depends on - NETFILTER_INGRESS - -config NF_FLOW_TABLE depends on NETFILTER_INGRESS. If users forget to -enable this toggle, flowtable registration fails with EOPNOTSUPP. - -Moreover, turn 'select NF_FLOW_TABLE' in every flowtable family flavour -into dependency instead, otherwise this new dependency on -NETFILTER_INGRESS causes a warning. This also allows us to remove the -explicit dependency between family flowtables <-> NF_TABLES and -NF_CONNTRACK, given they depend on the NF_FLOW_TABLE core that already -expresses the general dependencies for this new infrastructure. - -Moreover, NF_FLOW_TABLE_INET depends on NF_FLOW_TABLE_IPV4 and -NF_FLOWTABLE_IPV6, which already depends on NF_FLOW_TABLE. So we can get -rid of direct dependency with NF_FLOW_TABLE. - -In general, let's avoid 'select', it just makes things more complicated. - -Reported-by: John Crispin -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/net/ipv4/netfilter/Kconfig -+++ b/net/ipv4/netfilter/Kconfig -@@ -80,8 +80,7 @@ endif # NF_TABLES - - config NF_FLOW_TABLE_IPV4 - tristate "Netfilter flow table IPv4 module" -- depends on NF_CONNTRACK && NF_TABLES -- select NF_FLOW_TABLE -+ depends on NF_FLOW_TABLE - help - This option adds the flow table IPv4 support. - ---- a/net/ipv6/netfilter/Kconfig -+++ b/net/ipv6/netfilter/Kconfig -@@ -101,8 +101,7 @@ endif # NF_TABLES - - config NF_FLOW_TABLE_IPV6 - tristate "Netfilter flow table IPv6 module" -- depends on NF_CONNTRACK && NF_TABLES -- select NF_FLOW_TABLE -+ depends on NF_FLOW_TABLE - help - This option adds the flow table IPv6 support. - ---- a/net/netfilter/Kconfig -+++ b/net/netfilter/Kconfig -@@ -676,8 +676,8 @@ endif # NF_TABLES - - config NF_FLOW_TABLE_INET - tristate "Netfilter flow table mixed IPv4/IPv6 module" -- depends on NF_FLOW_TABLE_IPV4 && NF_FLOW_TABLE_IPV6 -- select NF_FLOW_TABLE -+ depends on NF_FLOW_TABLE_IPV4 -+ depends on NF_FLOW_TABLE_IPV6 - help - This option adds the flow table mixed IPv4/IPv6 support. - -@@ -685,7 +685,9 @@ config NF_FLOW_TABLE_INET - - config NF_FLOW_TABLE - tristate "Netfilter flow table module" -- depends on NF_CONNTRACK && NF_TABLES -+ depends on NETFILTER_INGRESS -+ depends on NF_CONNTRACK -+ depends on NF_TABLES - help - This option adds the flow table core infrastructure. - diff --git a/target/linux/generic/backport-4.19/347-v4.16-netfilter-remove-duplicated-include.patch b/target/linux/generic/backport-4.19/347-v4.16-netfilter-remove-duplicated-include.patch deleted file mode 100644 index c8a0972725..0000000000 --- a/target/linux/generic/backport-4.19/347-v4.16-netfilter-remove-duplicated-include.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: Wei Yongjun -Date: Wed, 10 Jan 2018 13:06:46 +0000 -Subject: [PATCH] netfilter: remove duplicated include - -Signed-off-by: Wei Yongjun -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/net/ipv6/netfilter/nf_flow_table_ipv6.c -+++ b/net/ipv6/netfilter/nf_flow_table_ipv6.c -@@ -5,7 +5,6 @@ - #include - #include - #include --#include - #include - #include - #include ---- a/net/netfilter/nf_queue.c -+++ b/net/netfilter/nf_queue.c -@@ -15,8 +15,6 @@ - #include - #include - #include --#include --#include - #include - #include - #include diff --git a/target/linux/generic/backport-4.19/348-v4.18-netfilter-nf_flow_table-use-IP_CT_DIR_-values-for-FL.patch b/target/linux/generic/backport-4.19/348-v4.18-netfilter-nf_flow_table-use-IP_CT_DIR_-values-for-FL.patch deleted file mode 100644 index 382b33c078..0000000000 --- a/target/linux/generic/backport-4.19/348-v4.18-netfilter-nf_flow_table-use-IP_CT_DIR_-values-for-FL.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Felix Fietkau -Date: Fri, 16 Feb 2018 09:41:18 +0100 -Subject: [PATCH] netfilter: nf_flow_table: use IP_CT_DIR_* values for - FLOW_OFFLOAD_DIR_* - -Simplifies further code cleanups - -Signed-off-by: Felix Fietkau ---- - ---- a/include/net/netfilter/nf_flow_table.h -+++ b/include/net/netfilter/nf_flow_table.h -@@ -6,6 +6,7 @@ - #include - #include - #include -+#include - #include - - struct nf_flowtable; -@@ -27,11 +28,10 @@ struct nf_flowtable { - }; - - enum flow_offload_tuple_dir { -- FLOW_OFFLOAD_DIR_ORIGINAL, -- FLOW_OFFLOAD_DIR_REPLY, -- __FLOW_OFFLOAD_DIR_MAX = FLOW_OFFLOAD_DIR_REPLY, -+ FLOW_OFFLOAD_DIR_ORIGINAL = IP_CT_DIR_ORIGINAL, -+ FLOW_OFFLOAD_DIR_REPLY = IP_CT_DIR_REPLY, -+ FLOW_OFFLOAD_DIR_MAX = IP_CT_DIR_MAX - }; --#define FLOW_OFFLOAD_DIR_MAX (__FLOW_OFFLOAD_DIR_MAX + 1) - - struct flow_offload_tuple { - union { diff --git a/target/linux/generic/backport-4.19/349-v4.18-netfilter-nf_flow_table-clean-up-flow_offload_alloc.patch b/target/linux/generic/backport-4.19/349-v4.18-netfilter-nf_flow_table-clean-up-flow_offload_alloc.patch deleted file mode 100644 index 39ea757f04..0000000000 --- a/target/linux/generic/backport-4.19/349-v4.18-netfilter-nf_flow_table-clean-up-flow_offload_alloc.patch +++ /dev/null @@ -1,118 +0,0 @@ -From: Felix Fietkau -Date: Fri, 16 Feb 2018 09:42:32 +0100 -Subject: [PATCH] netfilter: nf_flow_table: clean up flow_offload_alloc - -Reduce code duplication and make it much easier to read - -Signed-off-by: Felix Fietkau ---- - ---- a/net/netfilter/nf_flow_table.c -+++ b/net/netfilter/nf_flow_table.c -@@ -16,6 +16,38 @@ struct flow_offload_entry { - struct rcu_head rcu_head; - }; - -+static void -+flow_offload_fill_dir(struct flow_offload *flow, struct nf_conn *ct, -+ struct nf_flow_route *route, -+ enum flow_offload_tuple_dir dir) -+{ -+ struct flow_offload_tuple *ft = &flow->tuplehash[dir].tuple; -+ struct nf_conntrack_tuple *ctt = &ct->tuplehash[dir].tuple; -+ -+ ft->dir = dir; -+ -+ switch (ctt->src.l3num) { -+ case NFPROTO_IPV4: -+ ft->src_v4 = ctt->src.u3.in; -+ ft->dst_v4 = ctt->dst.u3.in; -+ break; -+ case NFPROTO_IPV6: -+ ft->src_v6 = ctt->src.u3.in6; -+ ft->dst_v6 = ctt->dst.u3.in6; -+ break; -+ } -+ -+ ft->l3proto = ctt->src.l3num; -+ ft->l4proto = ctt->dst.protonum; -+ ft->src_port = ctt->src.u.tcp.port; -+ ft->dst_port = ctt->dst.u.tcp.port; -+ -+ ft->iifidx = route->tuple[dir].ifindex; -+ ft->oifidx = route->tuple[!dir].ifindex; -+ -+ ft->dst_cache = route->tuple[dir].dst; -+} -+ - struct flow_offload * - flow_offload_alloc(struct nf_conn *ct, struct nf_flow_route *route) - { -@@ -40,65 +72,8 @@ flow_offload_alloc(struct nf_conn *ct, s - - entry->ct = ct; - -- switch (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num) { -- case NFPROTO_IPV4: -- flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_v4 = -- ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.in; -- flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_v4 = -- ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.in; -- flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.src_v4 = -- ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.in; -- flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_v4 = -- ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.in; -- break; -- case NFPROTO_IPV6: -- flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_v6 = -- ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.in6; -- flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_v6 = -- ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.in6; -- flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.src_v6 = -- ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.in6; -- flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_v6 = -- ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.in6; -- break; -- } -- -- flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.l3proto = -- ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; -- flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.l4proto = -- ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum; -- flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.l3proto = -- ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; -- flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.l4proto = -- ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum; -- -- flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_cache = -- route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst; -- flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_cache = -- route->tuple[FLOW_OFFLOAD_DIR_REPLY].dst; -- -- flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_port = -- ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.tcp.port; -- flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_port = -- ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.tcp.port; -- flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.src_port = -- ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u.tcp.port; -- flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_port = -- ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.tcp.port; -- -- flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dir = -- FLOW_OFFLOAD_DIR_ORIGINAL; -- flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dir = -- FLOW_OFFLOAD_DIR_REPLY; -- -- flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.iifidx = -- route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].ifindex; -- flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.oifidx = -- route->tuple[FLOW_OFFLOAD_DIR_REPLY].ifindex; -- flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.iifidx = -- route->tuple[FLOW_OFFLOAD_DIR_REPLY].ifindex; -- flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.oifidx = -- route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].ifindex; -+ flow_offload_fill_dir(flow, ct, route, FLOW_OFFLOAD_DIR_ORIGINAL); -+ flow_offload_fill_dir(flow, ct, route, FLOW_OFFLOAD_DIR_REPLY); - - if (ct->status & IPS_SRC_NAT) - flow->flags |= FLOW_OFFLOAD_SNAT; diff --git a/target/linux/generic/backport-4.19/350-v4.18-ipv6-make-ip6_dst_mtu_forward-inline.patch b/target/linux/generic/backport-4.19/350-v4.18-ipv6-make-ip6_dst_mtu_forward-inline.patch deleted file mode 100644 index daa4d3b3d8..0000000000 --- a/target/linux/generic/backport-4.19/350-v4.18-ipv6-make-ip6_dst_mtu_forward-inline.patch +++ /dev/null @@ -1,80 +0,0 @@ -From: Felix Fietkau -Date: Fri, 16 Feb 2018 10:54:24 +0100 -Subject: [PATCH] ipv6: make ip6_dst_mtu_forward inline - -Removes a direct dependency on ipv6.ko - -Signed-off-by: Felix Fietkau ---- - ---- a/include/net/ip6_route.h -+++ b/include/net/ip6_route.h -@@ -252,4 +252,26 @@ static inline bool rt6_duplicate_nexthop - ipv6_addr_equal(&a->rt6i_gateway, &b->rt6i_gateway) && - !lwtunnel_cmp_encap(a->dst.lwtstate, b->dst.lwtstate); - } -+ -+static inline unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst) -+{ -+ unsigned int mtu; -+ struct inet6_dev *idev; -+ -+ if (dst_metric_locked(dst, RTAX_MTU)) { -+ mtu = dst_metric_raw(dst, RTAX_MTU); -+ if (mtu) -+ return mtu; -+ } -+ -+ mtu = IPV6_MIN_MTU; -+ rcu_read_lock(); -+ idev = __in6_dev_get(dst->dev); -+ if (idev) -+ mtu = idev->cnf.mtu6; -+ rcu_read_unlock(); -+ -+ return mtu; -+} -+ - #endif ---- a/include/net/ipv6.h -+++ b/include/net/ipv6.h -@@ -889,8 +889,6 @@ static inline struct sk_buff *ip6_finish - &inet6_sk(sk)->cork); - } - --unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst); -- - int ip6_dst_lookup(struct net *net, struct sock *sk, struct dst_entry **dst, - struct flowi6 *fl6); - struct dst_entry *ip6_dst_lookup_flow(const struct sock *sk, struct flowi6 *fl6, ---- a/net/ipv6/ip6_output.c -+++ b/net/ipv6/ip6_output.c -@@ -381,28 +381,6 @@ static inline int ip6_forward_finish(str - return dst_output(net, sk, skb); - } - --unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst) --{ -- unsigned int mtu; -- struct inet6_dev *idev; -- -- if (dst_metric_locked(dst, RTAX_MTU)) { -- mtu = dst_metric_raw(dst, RTAX_MTU); -- if (mtu) -- return mtu; -- } -- -- mtu = IPV6_MIN_MTU; -- rcu_read_lock(); -- idev = __in6_dev_get(dst->dev); -- if (idev) -- mtu = idev->cnf.mtu6; -- rcu_read_unlock(); -- -- return mtu; --} --EXPORT_SYMBOL_GPL(ip6_dst_mtu_forward); -- - static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu) - { - if (skb->len <= mtu) diff --git a/target/linux/generic/backport-4.19/351-v4.18-netfilter-nf_flow_table-cache-mtu-in-struct-flow_off.patch b/target/linux/generic/backport-4.19/351-v4.18-netfilter-nf_flow_table-cache-mtu-in-struct-flow_off.patch deleted file mode 100644 index e2015e72ac..0000000000 --- a/target/linux/generic/backport-4.19/351-v4.18-netfilter-nf_flow_table-cache-mtu-in-struct-flow_off.patch +++ /dev/null @@ -1,145 +0,0 @@ -From: Felix Fietkau -Date: Fri, 16 Feb 2018 10:57:23 +0100 -Subject: [PATCH] netfilter: nf_flow_table: cache mtu in struct - flow_offload_tuple - -Reduces the number of cache lines touched in the offload forwarding path - -Signed-off-by: Felix Fietkau ---- - ---- a/include/net/netfilter/nf_flow_table.h -+++ b/include/net/netfilter/nf_flow_table.h -@@ -55,6 +55,8 @@ struct flow_offload_tuple { - - int oifidx; - -+ u16 mtu; -+ - struct dst_entry *dst_cache; - }; - ---- a/net/ipv4/netfilter/nf_flow_table_ipv4.c -+++ b/net/ipv4/netfilter/nf_flow_table_ipv4.c -@@ -177,7 +177,7 @@ static int nf_flow_tuple_ip(struct sk_bu - } - - /* Based on ip_exceeds_mtu(). */ --static bool __nf_flow_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu) -+static bool nf_flow_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu) - { - if (skb->len <= mtu) - return false; -@@ -191,17 +191,6 @@ static bool __nf_flow_exceeds_mtu(const - return true; - } - --static bool nf_flow_exceeds_mtu(struct sk_buff *skb, const struct rtable *rt) --{ -- u32 mtu; -- -- mtu = ip_dst_mtu_maybe_forward(&rt->dst, true); -- if (__nf_flow_exceeds_mtu(skb, mtu)) -- return true; -- -- return false; --} -- - unsigned int - nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, - const struct nf_hook_state *state) -@@ -232,9 +221,9 @@ nf_flow_offload_ip_hook(void *priv, stru - - dir = tuplehash->tuple.dir; - flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); -- - rt = (const struct rtable *)flow->tuplehash[dir].tuple.dst_cache; -- if (unlikely(nf_flow_exceeds_mtu(skb, rt))) -+ -+ if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu))) - return NF_ACCEPT; - - if (skb_try_make_writable(skb, sizeof(*iph))) ---- a/net/ipv6/netfilter/nf_flow_table_ipv6.c -+++ b/net/ipv6/netfilter/nf_flow_table_ipv6.c -@@ -173,7 +173,7 @@ static int nf_flow_tuple_ipv6(struct sk_ - } - - /* Based on ip_exceeds_mtu(). */ --static bool __nf_flow_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu) -+static bool nf_flow_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu) - { - if (skb->len <= mtu) - return false; -@@ -184,17 +184,6 @@ static bool __nf_flow_exceeds_mtu(const - return true; - } - --static bool nf_flow_exceeds_mtu(struct sk_buff *skb, const struct rt6_info *rt) --{ -- u32 mtu; -- -- mtu = ip6_dst_mtu_forward(&rt->dst); -- if (__nf_flow_exceeds_mtu(skb, mtu)) -- return true; -- -- return false; --} -- - unsigned int - nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, - const struct nf_hook_state *state) -@@ -225,9 +214,9 @@ nf_flow_offload_ipv6_hook(void *priv, st - - dir = tuplehash->tuple.dir; - flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); -- - rt = (struct rt6_info *)flow->tuplehash[dir].tuple.dst_cache; -- if (unlikely(nf_flow_exceeds_mtu(skb, rt))) -+ -+ if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu))) - return NF_ACCEPT; - - if (skb_try_make_writable(skb, sizeof(*ip6h))) ---- a/net/netfilter/nf_flow_table.c -+++ b/net/netfilter/nf_flow_table.c -@@ -4,6 +4,8 @@ - #include - #include - #include -+#include -+#include - #include - #include - #include -@@ -23,6 +25,7 @@ flow_offload_fill_dir(struct flow_offloa - { - struct flow_offload_tuple *ft = &flow->tuplehash[dir].tuple; - struct nf_conntrack_tuple *ctt = &ct->tuplehash[dir].tuple; -+ struct dst_entry *dst = route->tuple[dir].dst; - - ft->dir = dir; - -@@ -30,10 +33,12 @@ flow_offload_fill_dir(struct flow_offloa - case NFPROTO_IPV4: - ft->src_v4 = ctt->src.u3.in; - ft->dst_v4 = ctt->dst.u3.in; -+ ft->mtu = ip_dst_mtu_maybe_forward(dst, true); - break; - case NFPROTO_IPV6: - ft->src_v6 = ctt->src.u3.in6; - ft->dst_v6 = ctt->dst.u3.in6; -+ ft->mtu = ip6_dst_mtu_forward(dst); - break; - } - -@@ -44,8 +49,7 @@ flow_offload_fill_dir(struct flow_offloa - - ft->iifidx = route->tuple[dir].ifindex; - ft->oifidx = route->tuple[!dir].ifindex; -- -- ft->dst_cache = route->tuple[dir].dst; -+ ft->dst_cache = dst; - } - - struct flow_offload * diff --git a/target/linux/generic/backport-4.19/352-v4.18-netfilter-nf_flow_table-rename-nf_flow_table.c-to-nf.patch b/target/linux/generic/backport-4.19/352-v4.18-netfilter-nf_flow_table-rename-nf_flow_table.c-to-nf.patch deleted file mode 100644 index 5df56dd643..0000000000 --- a/target/linux/generic/backport-4.19/352-v4.18-netfilter-nf_flow_table-rename-nf_flow_table.c-to-nf.patch +++ /dev/null @@ -1,952 +0,0 @@ -From: Felix Fietkau -Date: Fri, 16 Feb 2018 11:08:47 +0100 -Subject: [PATCH] netfilter: nf_flow_table: rename nf_flow_table.c to - nf_flow_table_core.c - -Preparation for adding more code to the same module - -Signed-off-by: Felix Fietkau ---- - rename net/netfilter/{nf_flow_table.c => nf_flow_table_core.c} (100%) - ---- a/net/netfilter/Makefile -+++ b/net/netfilter/Makefile -@@ -113,6 +113,8 @@ obj-$(CONFIG_NFT_FWD_NETDEV) += nft_fwd_ - - # flow table infrastructure - obj-$(CONFIG_NF_FLOW_TABLE) += nf_flow_table.o -+nf_flow_table-objs := nf_flow_table_core.o -+ - obj-$(CONFIG_NF_FLOW_TABLE_INET) += nf_flow_table_inet.o - - # generic X tables ---- a/net/netfilter/nf_flow_table.c -+++ /dev/null -@@ -1,462 +0,0 @@ --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include -- --struct flow_offload_entry { -- struct flow_offload flow; -- struct nf_conn *ct; -- struct rcu_head rcu_head; --}; -- --static void --flow_offload_fill_dir(struct flow_offload *flow, struct nf_conn *ct, -- struct nf_flow_route *route, -- enum flow_offload_tuple_dir dir) --{ -- struct flow_offload_tuple *ft = &flow->tuplehash[dir].tuple; -- struct nf_conntrack_tuple *ctt = &ct->tuplehash[dir].tuple; -- struct dst_entry *dst = route->tuple[dir].dst; -- -- ft->dir = dir; -- -- switch (ctt->src.l3num) { -- case NFPROTO_IPV4: -- ft->src_v4 = ctt->src.u3.in; -- ft->dst_v4 = ctt->dst.u3.in; -- ft->mtu = ip_dst_mtu_maybe_forward(dst, true); -- break; -- case NFPROTO_IPV6: -- ft->src_v6 = ctt->src.u3.in6; -- ft->dst_v6 = ctt->dst.u3.in6; -- ft->mtu = ip6_dst_mtu_forward(dst); -- break; -- } -- -- ft->l3proto = ctt->src.l3num; -- ft->l4proto = ctt->dst.protonum; -- ft->src_port = ctt->src.u.tcp.port; -- ft->dst_port = ctt->dst.u.tcp.port; -- -- ft->iifidx = route->tuple[dir].ifindex; -- ft->oifidx = route->tuple[!dir].ifindex; -- ft->dst_cache = dst; --} -- --struct flow_offload * --flow_offload_alloc(struct nf_conn *ct, struct nf_flow_route *route) --{ -- struct flow_offload_entry *entry; -- struct flow_offload *flow; -- -- if (unlikely(nf_ct_is_dying(ct) || -- !atomic_inc_not_zero(&ct->ct_general.use))) -- return NULL; -- -- entry = kzalloc(sizeof(*entry), GFP_ATOMIC); -- if (!entry) -- goto err_ct_refcnt; -- -- flow = &entry->flow; -- -- if (!dst_hold_safe(route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst)) -- goto err_dst_cache_original; -- -- if (!dst_hold_safe(route->tuple[FLOW_OFFLOAD_DIR_REPLY].dst)) -- goto err_dst_cache_reply; -- -- entry->ct = ct; -- -- flow_offload_fill_dir(flow, ct, route, FLOW_OFFLOAD_DIR_ORIGINAL); -- flow_offload_fill_dir(flow, ct, route, FLOW_OFFLOAD_DIR_REPLY); -- -- if (ct->status & IPS_SRC_NAT) -- flow->flags |= FLOW_OFFLOAD_SNAT; -- else if (ct->status & IPS_DST_NAT) -- flow->flags |= FLOW_OFFLOAD_DNAT; -- -- return flow; -- --err_dst_cache_reply: -- dst_release(route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst); --err_dst_cache_original: -- kfree(entry); --err_ct_refcnt: -- nf_ct_put(ct); -- -- return NULL; --} --EXPORT_SYMBOL_GPL(flow_offload_alloc); -- --void flow_offload_free(struct flow_offload *flow) --{ -- struct flow_offload_entry *e; -- -- dst_release(flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_cache); -- dst_release(flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_cache); -- e = container_of(flow, struct flow_offload_entry, flow); -- nf_ct_delete(e->ct, 0, 0); -- nf_ct_put(e->ct); -- kfree_rcu(e, rcu_head); --} --EXPORT_SYMBOL_GPL(flow_offload_free); -- --void flow_offload_dead(struct flow_offload *flow) --{ -- flow->flags |= FLOW_OFFLOAD_DYING; --} --EXPORT_SYMBOL_GPL(flow_offload_dead); -- --int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow) --{ -- flow->timeout = (u32)jiffies; -- -- rhashtable_insert_fast(&flow_table->rhashtable, -- &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node, -- *flow_table->type->params); -- rhashtable_insert_fast(&flow_table->rhashtable, -- &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node, -- *flow_table->type->params); -- return 0; --} --EXPORT_SYMBOL_GPL(flow_offload_add); -- --static void flow_offload_del(struct nf_flowtable *flow_table, -- struct flow_offload *flow) --{ -- rhashtable_remove_fast(&flow_table->rhashtable, -- &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node, -- *flow_table->type->params); -- rhashtable_remove_fast(&flow_table->rhashtable, -- &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node, -- *flow_table->type->params); -- -- flow_offload_free(flow); --} -- --struct flow_offload_tuple_rhash * --flow_offload_lookup(struct nf_flowtable *flow_table, -- struct flow_offload_tuple *tuple) --{ -- return rhashtable_lookup_fast(&flow_table->rhashtable, tuple, -- *flow_table->type->params); --} --EXPORT_SYMBOL_GPL(flow_offload_lookup); -- --int nf_flow_table_iterate(struct nf_flowtable *flow_table, -- void (*iter)(struct flow_offload *flow, void *data), -- void *data) --{ -- struct flow_offload_tuple_rhash *tuplehash; -- struct rhashtable_iter hti; -- struct flow_offload *flow; -- int err; -- -- err = rhashtable_walk_init(&flow_table->rhashtable, &hti, GFP_KERNEL); -- if (err) -- return err; -- -- rhashtable_walk_start(&hti); -- -- while ((tuplehash = rhashtable_walk_next(&hti))) { -- if (IS_ERR(tuplehash)) { -- err = PTR_ERR(tuplehash); -- if (err != -EAGAIN) -- goto out; -- -- continue; -- } -- if (tuplehash->tuple.dir) -- continue; -- -- flow = container_of(tuplehash, struct flow_offload, tuplehash[0]); -- -- iter(flow, data); -- } --out: -- rhashtable_walk_stop(&hti); -- rhashtable_walk_exit(&hti); -- -- return err; --} --EXPORT_SYMBOL_GPL(nf_flow_table_iterate); -- --static inline bool nf_flow_has_expired(const struct flow_offload *flow) --{ -- return (__s32)(flow->timeout - (u32)jiffies) <= 0; --} -- --static inline bool nf_flow_is_dying(const struct flow_offload *flow) --{ -- return flow->flags & FLOW_OFFLOAD_DYING; --} -- --static int nf_flow_offload_gc_step(struct nf_flowtable *flow_table) --{ -- struct flow_offload_tuple_rhash *tuplehash; -- struct rhashtable_iter hti; -- struct flow_offload *flow; -- int err; -- -- err = rhashtable_walk_init(&flow_table->rhashtable, &hti, GFP_KERNEL); -- if (err) -- return 0; -- -- rhashtable_walk_start(&hti); -- -- while ((tuplehash = rhashtable_walk_next(&hti))) { -- if (IS_ERR(tuplehash)) { -- err = PTR_ERR(tuplehash); -- if (err != -EAGAIN) -- goto out; -- -- continue; -- } -- if (tuplehash->tuple.dir) -- continue; -- -- flow = container_of(tuplehash, struct flow_offload, tuplehash[0]); -- -- if (nf_flow_has_expired(flow) || -- nf_flow_is_dying(flow)) -- flow_offload_del(flow_table, flow); -- } --out: -- rhashtable_walk_stop(&hti); -- rhashtable_walk_exit(&hti); -- -- return 1; --} -- --void nf_flow_offload_work_gc(struct work_struct *work) --{ -- struct nf_flowtable *flow_table; -- -- flow_table = container_of(work, struct nf_flowtable, gc_work.work); -- nf_flow_offload_gc_step(flow_table); -- queue_delayed_work(system_power_efficient_wq, &flow_table->gc_work, HZ); --} --EXPORT_SYMBOL_GPL(nf_flow_offload_work_gc); -- --static u32 flow_offload_hash(const void *data, u32 len, u32 seed) --{ -- const struct flow_offload_tuple *tuple = data; -- -- return jhash(tuple, offsetof(struct flow_offload_tuple, dir), seed); --} -- --static u32 flow_offload_hash_obj(const void *data, u32 len, u32 seed) --{ -- const struct flow_offload_tuple_rhash *tuplehash = data; -- -- return jhash(&tuplehash->tuple, offsetof(struct flow_offload_tuple, dir), seed); --} -- --static int flow_offload_hash_cmp(struct rhashtable_compare_arg *arg, -- const void *ptr) --{ -- const struct flow_offload_tuple *tuple = arg->key; -- const struct flow_offload_tuple_rhash *x = ptr; -- -- if (memcmp(&x->tuple, tuple, offsetof(struct flow_offload_tuple, dir))) -- return 1; -- -- return 0; --} -- --const struct rhashtable_params nf_flow_offload_rhash_params = { -- .head_offset = offsetof(struct flow_offload_tuple_rhash, node), -- .hashfn = flow_offload_hash, -- .obj_hashfn = flow_offload_hash_obj, -- .obj_cmpfn = flow_offload_hash_cmp, -- .automatic_shrinking = true, --}; --EXPORT_SYMBOL_GPL(nf_flow_offload_rhash_params); -- --static int nf_flow_nat_port_tcp(struct sk_buff *skb, unsigned int thoff, -- __be16 port, __be16 new_port) --{ -- struct tcphdr *tcph; -- -- if (!pskb_may_pull(skb, thoff + sizeof(*tcph)) || -- skb_try_make_writable(skb, thoff + sizeof(*tcph))) -- return -1; -- -- tcph = (void *)(skb_network_header(skb) + thoff); -- inet_proto_csum_replace2(&tcph->check, skb, port, new_port, true); -- -- return 0; --} -- --static int nf_flow_nat_port_udp(struct sk_buff *skb, unsigned int thoff, -- __be16 port, __be16 new_port) --{ -- struct udphdr *udph; -- -- if (!pskb_may_pull(skb, thoff + sizeof(*udph)) || -- skb_try_make_writable(skb, thoff + sizeof(*udph))) -- return -1; -- -- udph = (void *)(skb_network_header(skb) + thoff); -- if (udph->check || skb->ip_summed == CHECKSUM_PARTIAL) { -- inet_proto_csum_replace2(&udph->check, skb, port, -- new_port, true); -- if (!udph->check) -- udph->check = CSUM_MANGLED_0; -- } -- -- return 0; --} -- --static int nf_flow_nat_port(struct sk_buff *skb, unsigned int thoff, -- u8 protocol, __be16 port, __be16 new_port) --{ -- switch (protocol) { -- case IPPROTO_TCP: -- if (nf_flow_nat_port_tcp(skb, thoff, port, new_port) < 0) -- return NF_DROP; -- break; -- case IPPROTO_UDP: -- if (nf_flow_nat_port_udp(skb, thoff, port, new_port) < 0) -- return NF_DROP; -- break; -- } -- -- return 0; --} -- --int nf_flow_snat_port(const struct flow_offload *flow, -- struct sk_buff *skb, unsigned int thoff, -- u8 protocol, enum flow_offload_tuple_dir dir) --{ -- struct flow_ports *hdr; -- __be16 port, new_port; -- -- if (!pskb_may_pull(skb, thoff + sizeof(*hdr)) || -- skb_try_make_writable(skb, thoff + sizeof(*hdr))) -- return -1; -- -- hdr = (void *)(skb_network_header(skb) + thoff); -- -- switch (dir) { -- case FLOW_OFFLOAD_DIR_ORIGINAL: -- port = hdr->source; -- new_port = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_port; -- hdr->source = new_port; -- break; -- case FLOW_OFFLOAD_DIR_REPLY: -- port = hdr->dest; -- new_port = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_port; -- hdr->dest = new_port; -- break; -- default: -- return -1; -- } -- -- return nf_flow_nat_port(skb, thoff, protocol, port, new_port); --} --EXPORT_SYMBOL_GPL(nf_flow_snat_port); -- --int nf_flow_dnat_port(const struct flow_offload *flow, -- struct sk_buff *skb, unsigned int thoff, -- u8 protocol, enum flow_offload_tuple_dir dir) --{ -- struct flow_ports *hdr; -- __be16 port, new_port; -- -- if (!pskb_may_pull(skb, thoff + sizeof(*hdr)) || -- skb_try_make_writable(skb, thoff + sizeof(*hdr))) -- return -1; -- -- hdr = (void *)(skb_network_header(skb) + thoff); -- -- switch (dir) { -- case FLOW_OFFLOAD_DIR_ORIGINAL: -- port = hdr->dest; -- new_port = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.src_port; -- hdr->dest = new_port; -- break; -- case FLOW_OFFLOAD_DIR_REPLY: -- port = hdr->source; -- new_port = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_port; -- hdr->source = new_port; -- break; -- default: -- return -1; -- } -- -- return nf_flow_nat_port(skb, thoff, protocol, port, new_port); --} --EXPORT_SYMBOL_GPL(nf_flow_dnat_port); -- --static void nf_flow_table_do_cleanup(struct flow_offload *flow, void *data) --{ -- struct net_device *dev = data; -- -- if (dev && flow->tuplehash[0].tuple.iifidx != dev->ifindex) -- return; -- -- flow_offload_dead(flow); --} -- --static void nf_flow_table_iterate_cleanup(struct nf_flowtable *flowtable, -- void *data) --{ -- nf_flow_table_iterate(flowtable, nf_flow_table_do_cleanup, data); -- flush_delayed_work(&flowtable->gc_work); --} -- --void nf_flow_table_cleanup(struct net *net, struct net_device *dev) --{ -- nft_flow_table_iterate(net, nf_flow_table_iterate_cleanup, dev); --} --EXPORT_SYMBOL_GPL(nf_flow_table_cleanup); -- --void nf_flow_table_free(struct nf_flowtable *flow_table) --{ -- nf_flow_table_iterate(flow_table, nf_flow_table_do_cleanup, NULL); -- WARN_ON(!nf_flow_offload_gc_step(flow_table)); --} --EXPORT_SYMBOL_GPL(nf_flow_table_free); -- --static int nf_flow_table_netdev_event(struct notifier_block *this, -- unsigned long event, void *ptr) --{ -- struct net_device *dev = netdev_notifier_info_to_dev(ptr); -- -- if (event != NETDEV_DOWN) -- return NOTIFY_DONE; -- -- nf_flow_table_cleanup(dev_net(dev), dev); -- -- return NOTIFY_DONE; --} -- --static struct notifier_block flow_offload_netdev_notifier = { -- .notifier_call = nf_flow_table_netdev_event, --}; -- --static int __init nf_flow_table_module_init(void) --{ -- return register_netdevice_notifier(&flow_offload_netdev_notifier); --} -- --static void __exit nf_flow_table_module_exit(void) --{ -- unregister_netdevice_notifier(&flow_offload_netdev_notifier); --} -- --module_init(nf_flow_table_module_init); --module_exit(nf_flow_table_module_exit); -- --MODULE_LICENSE("GPL"); --MODULE_AUTHOR("Pablo Neira Ayuso "); ---- /dev/null -+++ b/net/netfilter/nf_flow_table_core.c -@@ -0,0 +1,462 @@ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+struct flow_offload_entry { -+ struct flow_offload flow; -+ struct nf_conn *ct; -+ struct rcu_head rcu_head; -+}; -+ -+static void -+flow_offload_fill_dir(struct flow_offload *flow, struct nf_conn *ct, -+ struct nf_flow_route *route, -+ enum flow_offload_tuple_dir dir) -+{ -+ struct flow_offload_tuple *ft = &flow->tuplehash[dir].tuple; -+ struct nf_conntrack_tuple *ctt = &ct->tuplehash[dir].tuple; -+ struct dst_entry *dst = route->tuple[dir].dst; -+ -+ ft->dir = dir; -+ -+ switch (ctt->src.l3num) { -+ case NFPROTO_IPV4: -+ ft->src_v4 = ctt->src.u3.in; -+ ft->dst_v4 = ctt->dst.u3.in; -+ ft->mtu = ip_dst_mtu_maybe_forward(dst, true); -+ break; -+ case NFPROTO_IPV6: -+ ft->src_v6 = ctt->src.u3.in6; -+ ft->dst_v6 = ctt->dst.u3.in6; -+ ft->mtu = ip6_dst_mtu_forward(dst); -+ break; -+ } -+ -+ ft->l3proto = ctt->src.l3num; -+ ft->l4proto = ctt->dst.protonum; -+ ft->src_port = ctt->src.u.tcp.port; -+ ft->dst_port = ctt->dst.u.tcp.port; -+ -+ ft->iifidx = route->tuple[dir].ifindex; -+ ft->oifidx = route->tuple[!dir].ifindex; -+ ft->dst_cache = dst; -+} -+ -+struct flow_offload * -+flow_offload_alloc(struct nf_conn *ct, struct nf_flow_route *route) -+{ -+ struct flow_offload_entry *entry; -+ struct flow_offload *flow; -+ -+ if (unlikely(nf_ct_is_dying(ct) || -+ !atomic_inc_not_zero(&ct->ct_general.use))) -+ return NULL; -+ -+ entry = kzalloc(sizeof(*entry), GFP_ATOMIC); -+ if (!entry) -+ goto err_ct_refcnt; -+ -+ flow = &entry->flow; -+ -+ if (!dst_hold_safe(route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst)) -+ goto err_dst_cache_original; -+ -+ if (!dst_hold_safe(route->tuple[FLOW_OFFLOAD_DIR_REPLY].dst)) -+ goto err_dst_cache_reply; -+ -+ entry->ct = ct; -+ -+ flow_offload_fill_dir(flow, ct, route, FLOW_OFFLOAD_DIR_ORIGINAL); -+ flow_offload_fill_dir(flow, ct, route, FLOW_OFFLOAD_DIR_REPLY); -+ -+ if (ct->status & IPS_SRC_NAT) -+ flow->flags |= FLOW_OFFLOAD_SNAT; -+ else if (ct->status & IPS_DST_NAT) -+ flow->flags |= FLOW_OFFLOAD_DNAT; -+ -+ return flow; -+ -+err_dst_cache_reply: -+ dst_release(route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst); -+err_dst_cache_original: -+ kfree(entry); -+err_ct_refcnt: -+ nf_ct_put(ct); -+ -+ return NULL; -+} -+EXPORT_SYMBOL_GPL(flow_offload_alloc); -+ -+void flow_offload_free(struct flow_offload *flow) -+{ -+ struct flow_offload_entry *e; -+ -+ dst_release(flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_cache); -+ dst_release(flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_cache); -+ e = container_of(flow, struct flow_offload_entry, flow); -+ nf_ct_delete(e->ct, 0, 0); -+ nf_ct_put(e->ct); -+ kfree_rcu(e, rcu_head); -+} -+EXPORT_SYMBOL_GPL(flow_offload_free); -+ -+void flow_offload_dead(struct flow_offload *flow) -+{ -+ flow->flags |= FLOW_OFFLOAD_DYING; -+} -+EXPORT_SYMBOL_GPL(flow_offload_dead); -+ -+int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow) -+{ -+ flow->timeout = (u32)jiffies; -+ -+ rhashtable_insert_fast(&flow_table->rhashtable, -+ &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node, -+ *flow_table->type->params); -+ rhashtable_insert_fast(&flow_table->rhashtable, -+ &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node, -+ *flow_table->type->params); -+ return 0; -+} -+EXPORT_SYMBOL_GPL(flow_offload_add); -+ -+static void flow_offload_del(struct nf_flowtable *flow_table, -+ struct flow_offload *flow) -+{ -+ rhashtable_remove_fast(&flow_table->rhashtable, -+ &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node, -+ *flow_table->type->params); -+ rhashtable_remove_fast(&flow_table->rhashtable, -+ &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node, -+ *flow_table->type->params); -+ -+ flow_offload_free(flow); -+} -+ -+struct flow_offload_tuple_rhash * -+flow_offload_lookup(struct nf_flowtable *flow_table, -+ struct flow_offload_tuple *tuple) -+{ -+ return rhashtable_lookup_fast(&flow_table->rhashtable, tuple, -+ *flow_table->type->params); -+} -+EXPORT_SYMBOL_GPL(flow_offload_lookup); -+ -+int nf_flow_table_iterate(struct nf_flowtable *flow_table, -+ void (*iter)(struct flow_offload *flow, void *data), -+ void *data) -+{ -+ struct flow_offload_tuple_rhash *tuplehash; -+ struct rhashtable_iter hti; -+ struct flow_offload *flow; -+ int err; -+ -+ err = rhashtable_walk_init(&flow_table->rhashtable, &hti, GFP_KERNEL); -+ if (err) -+ return err; -+ -+ rhashtable_walk_start(&hti); -+ -+ while ((tuplehash = rhashtable_walk_next(&hti))) { -+ if (IS_ERR(tuplehash)) { -+ err = PTR_ERR(tuplehash); -+ if (err != -EAGAIN) -+ goto out; -+ -+ continue; -+ } -+ if (tuplehash->tuple.dir) -+ continue; -+ -+ flow = container_of(tuplehash, struct flow_offload, tuplehash[0]); -+ -+ iter(flow, data); -+ } -+out: -+ rhashtable_walk_stop(&hti); -+ rhashtable_walk_exit(&hti); -+ -+ return err; -+} -+EXPORT_SYMBOL_GPL(nf_flow_table_iterate); -+ -+static inline bool nf_flow_has_expired(const struct flow_offload *flow) -+{ -+ return (__s32)(flow->timeout - (u32)jiffies) <= 0; -+} -+ -+static inline bool nf_flow_is_dying(const struct flow_offload *flow) -+{ -+ return flow->flags & FLOW_OFFLOAD_DYING; -+} -+ -+static int nf_flow_offload_gc_step(struct nf_flowtable *flow_table) -+{ -+ struct flow_offload_tuple_rhash *tuplehash; -+ struct rhashtable_iter hti; -+ struct flow_offload *flow; -+ int err; -+ -+ err = rhashtable_walk_init(&flow_table->rhashtable, &hti, GFP_KERNEL); -+ if (err) -+ return 0; -+ -+ rhashtable_walk_start(&hti); -+ -+ while ((tuplehash = rhashtable_walk_next(&hti))) { -+ if (IS_ERR(tuplehash)) { -+ err = PTR_ERR(tuplehash); -+ if (err != -EAGAIN) -+ goto out; -+ -+ continue; -+ } -+ if (tuplehash->tuple.dir) -+ continue; -+ -+ flow = container_of(tuplehash, struct flow_offload, tuplehash[0]); -+ -+ if (nf_flow_has_expired(flow) || -+ nf_flow_is_dying(flow)) -+ flow_offload_del(flow_table, flow); -+ } -+out: -+ rhashtable_walk_stop(&hti); -+ rhashtable_walk_exit(&hti); -+ -+ return 1; -+} -+ -+void nf_flow_offload_work_gc(struct work_struct *work) -+{ -+ struct nf_flowtable *flow_table; -+ -+ flow_table = container_of(work, struct nf_flowtable, gc_work.work); -+ nf_flow_offload_gc_step(flow_table); -+ queue_delayed_work(system_power_efficient_wq, &flow_table->gc_work, HZ); -+} -+EXPORT_SYMBOL_GPL(nf_flow_offload_work_gc); -+ -+static u32 flow_offload_hash(const void *data, u32 len, u32 seed) -+{ -+ const struct flow_offload_tuple *tuple = data; -+ -+ return jhash(tuple, offsetof(struct flow_offload_tuple, dir), seed); -+} -+ -+static u32 flow_offload_hash_obj(const void *data, u32 len, u32 seed) -+{ -+ const struct flow_offload_tuple_rhash *tuplehash = data; -+ -+ return jhash(&tuplehash->tuple, offsetof(struct flow_offload_tuple, dir), seed); -+} -+ -+static int flow_offload_hash_cmp(struct rhashtable_compare_arg *arg, -+ const void *ptr) -+{ -+ const struct flow_offload_tuple *tuple = arg->key; -+ const struct flow_offload_tuple_rhash *x = ptr; -+ -+ if (memcmp(&x->tuple, tuple, offsetof(struct flow_offload_tuple, dir))) -+ return 1; -+ -+ return 0; -+} -+ -+const struct rhashtable_params nf_flow_offload_rhash_params = { -+ .head_offset = offsetof(struct flow_offload_tuple_rhash, node), -+ .hashfn = flow_offload_hash, -+ .obj_hashfn = flow_offload_hash_obj, -+ .obj_cmpfn = flow_offload_hash_cmp, -+ .automatic_shrinking = true, -+}; -+EXPORT_SYMBOL_GPL(nf_flow_offload_rhash_params); -+ -+static int nf_flow_nat_port_tcp(struct sk_buff *skb, unsigned int thoff, -+ __be16 port, __be16 new_port) -+{ -+ struct tcphdr *tcph; -+ -+ if (!pskb_may_pull(skb, thoff + sizeof(*tcph)) || -+ skb_try_make_writable(skb, thoff + sizeof(*tcph))) -+ return -1; -+ -+ tcph = (void *)(skb_network_header(skb) + thoff); -+ inet_proto_csum_replace2(&tcph->check, skb, port, new_port, true); -+ -+ return 0; -+} -+ -+static int nf_flow_nat_port_udp(struct sk_buff *skb, unsigned int thoff, -+ __be16 port, __be16 new_port) -+{ -+ struct udphdr *udph; -+ -+ if (!pskb_may_pull(skb, thoff + sizeof(*udph)) || -+ skb_try_make_writable(skb, thoff + sizeof(*udph))) -+ return -1; -+ -+ udph = (void *)(skb_network_header(skb) + thoff); -+ if (udph->check || skb->ip_summed == CHECKSUM_PARTIAL) { -+ inet_proto_csum_replace2(&udph->check, skb, port, -+ new_port, true); -+ if (!udph->check) -+ udph->check = CSUM_MANGLED_0; -+ } -+ -+ return 0; -+} -+ -+static int nf_flow_nat_port(struct sk_buff *skb, unsigned int thoff, -+ u8 protocol, __be16 port, __be16 new_port) -+{ -+ switch (protocol) { -+ case IPPROTO_TCP: -+ if (nf_flow_nat_port_tcp(skb, thoff, port, new_port) < 0) -+ return NF_DROP; -+ break; -+ case IPPROTO_UDP: -+ if (nf_flow_nat_port_udp(skb, thoff, port, new_port) < 0) -+ return NF_DROP; -+ break; -+ } -+ -+ return 0; -+} -+ -+int nf_flow_snat_port(const struct flow_offload *flow, -+ struct sk_buff *skb, unsigned int thoff, -+ u8 protocol, enum flow_offload_tuple_dir dir) -+{ -+ struct flow_ports *hdr; -+ __be16 port, new_port; -+ -+ if (!pskb_may_pull(skb, thoff + sizeof(*hdr)) || -+ skb_try_make_writable(skb, thoff + sizeof(*hdr))) -+ return -1; -+ -+ hdr = (void *)(skb_network_header(skb) + thoff); -+ -+ switch (dir) { -+ case FLOW_OFFLOAD_DIR_ORIGINAL: -+ port = hdr->source; -+ new_port = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_port; -+ hdr->source = new_port; -+ break; -+ case FLOW_OFFLOAD_DIR_REPLY: -+ port = hdr->dest; -+ new_port = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_port; -+ hdr->dest = new_port; -+ break; -+ default: -+ return -1; -+ } -+ -+ return nf_flow_nat_port(skb, thoff, protocol, port, new_port); -+} -+EXPORT_SYMBOL_GPL(nf_flow_snat_port); -+ -+int nf_flow_dnat_port(const struct flow_offload *flow, -+ struct sk_buff *skb, unsigned int thoff, -+ u8 protocol, enum flow_offload_tuple_dir dir) -+{ -+ struct flow_ports *hdr; -+ __be16 port, new_port; -+ -+ if (!pskb_may_pull(skb, thoff + sizeof(*hdr)) || -+ skb_try_make_writable(skb, thoff + sizeof(*hdr))) -+ return -1; -+ -+ hdr = (void *)(skb_network_header(skb) + thoff); -+ -+ switch (dir) { -+ case FLOW_OFFLOAD_DIR_ORIGINAL: -+ port = hdr->dest; -+ new_port = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.src_port; -+ hdr->dest = new_port; -+ break; -+ case FLOW_OFFLOAD_DIR_REPLY: -+ port = hdr->source; -+ new_port = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_port; -+ hdr->source = new_port; -+ break; -+ default: -+ return -1; -+ } -+ -+ return nf_flow_nat_port(skb, thoff, protocol, port, new_port); -+} -+EXPORT_SYMBOL_GPL(nf_flow_dnat_port); -+ -+static void nf_flow_table_do_cleanup(struct flow_offload *flow, void *data) -+{ -+ struct net_device *dev = data; -+ -+ if (dev && flow->tuplehash[0].tuple.iifidx != dev->ifindex) -+ return; -+ -+ flow_offload_dead(flow); -+} -+ -+static void nf_flow_table_iterate_cleanup(struct nf_flowtable *flowtable, -+ void *data) -+{ -+ nf_flow_table_iterate(flowtable, nf_flow_table_do_cleanup, data); -+ flush_delayed_work(&flowtable->gc_work); -+} -+ -+void nf_flow_table_cleanup(struct net *net, struct net_device *dev) -+{ -+ nft_flow_table_iterate(net, nf_flow_table_iterate_cleanup, dev); -+} -+EXPORT_SYMBOL_GPL(nf_flow_table_cleanup); -+ -+void nf_flow_table_free(struct nf_flowtable *flow_table) -+{ -+ nf_flow_table_iterate(flow_table, nf_flow_table_do_cleanup, NULL); -+ WARN_ON(!nf_flow_offload_gc_step(flow_table)); -+} -+EXPORT_SYMBOL_GPL(nf_flow_table_free); -+ -+static int nf_flow_table_netdev_event(struct notifier_block *this, -+ unsigned long event, void *ptr) -+{ -+ struct net_device *dev = netdev_notifier_info_to_dev(ptr); -+ -+ if (event != NETDEV_DOWN) -+ return NOTIFY_DONE; -+ -+ nf_flow_table_cleanup(dev_net(dev), dev); -+ -+ return NOTIFY_DONE; -+} -+ -+static struct notifier_block flow_offload_netdev_notifier = { -+ .notifier_call = nf_flow_table_netdev_event, -+}; -+ -+static int __init nf_flow_table_module_init(void) -+{ -+ return register_netdevice_notifier(&flow_offload_netdev_notifier); -+} -+ -+static void __exit nf_flow_table_module_exit(void) -+{ -+ unregister_netdevice_notifier(&flow_offload_netdev_notifier); -+} -+ -+module_init(nf_flow_table_module_init); -+module_exit(nf_flow_table_module_exit); -+ -+MODULE_LICENSE("GPL"); -+MODULE_AUTHOR("Pablo Neira Ayuso "); diff --git a/target/linux/generic/backport-4.19/353-v4.18-netfilter-nf_flow_table-move-ipv4-offload-hook-code-.patch b/target/linux/generic/backport-4.19/353-v4.18-netfilter-nf_flow_table-move-ipv4-offload-hook-code-.patch deleted file mode 100644 index e25a66f934..0000000000 --- a/target/linux/generic/backport-4.19/353-v4.18-netfilter-nf_flow_table-move-ipv4-offload-hook-code-.patch +++ /dev/null @@ -1,522 +0,0 @@ -From: Felix Fietkau -Date: Sat, 17 Feb 2018 11:49:44 +0100 -Subject: [PATCH] netfilter: nf_flow_table: move ipv4 offload hook code to - nf_flow_table - -Allows some minor code sharing with the ipv6 hook code and is also -useful as preparation for adding iptables support for offload - -Signed-off-by: Felix Fietkau ---- - create mode 100644 net/netfilter/nf_flow_table_ip.c - ---- a/net/ipv4/netfilter/nf_flow_table_ipv4.c -+++ b/net/ipv4/netfilter/nf_flow_table_ipv4.c -@@ -2,248 +2,8 @@ - #include - #include - #include --#include --#include --#include --#include --#include - #include - #include --/* For layer 4 checksum field offset. */ --#include --#include -- --static int nf_flow_nat_ip_tcp(struct sk_buff *skb, unsigned int thoff, -- __be32 addr, __be32 new_addr) --{ -- struct tcphdr *tcph; -- -- if (!pskb_may_pull(skb, thoff + sizeof(*tcph)) || -- skb_try_make_writable(skb, thoff + sizeof(*tcph))) -- return -1; -- -- tcph = (void *)(skb_network_header(skb) + thoff); -- inet_proto_csum_replace4(&tcph->check, skb, addr, new_addr, true); -- -- return 0; --} -- --static int nf_flow_nat_ip_udp(struct sk_buff *skb, unsigned int thoff, -- __be32 addr, __be32 new_addr) --{ -- struct udphdr *udph; -- -- if (!pskb_may_pull(skb, thoff + sizeof(*udph)) || -- skb_try_make_writable(skb, thoff + sizeof(*udph))) -- return -1; -- -- udph = (void *)(skb_network_header(skb) + thoff); -- if (udph->check || skb->ip_summed == CHECKSUM_PARTIAL) { -- inet_proto_csum_replace4(&udph->check, skb, addr, -- new_addr, true); -- if (!udph->check) -- udph->check = CSUM_MANGLED_0; -- } -- -- return 0; --} -- --static int nf_flow_nat_ip_l4proto(struct sk_buff *skb, struct iphdr *iph, -- unsigned int thoff, __be32 addr, -- __be32 new_addr) --{ -- switch (iph->protocol) { -- case IPPROTO_TCP: -- if (nf_flow_nat_ip_tcp(skb, thoff, addr, new_addr) < 0) -- return NF_DROP; -- break; -- case IPPROTO_UDP: -- if (nf_flow_nat_ip_udp(skb, thoff, addr, new_addr) < 0) -- return NF_DROP; -- break; -- } -- -- return 0; --} -- --static int nf_flow_snat_ip(const struct flow_offload *flow, struct sk_buff *skb, -- struct iphdr *iph, unsigned int thoff, -- enum flow_offload_tuple_dir dir) --{ -- __be32 addr, new_addr; -- -- switch (dir) { -- case FLOW_OFFLOAD_DIR_ORIGINAL: -- addr = iph->saddr; -- new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_v4.s_addr; -- iph->saddr = new_addr; -- break; -- case FLOW_OFFLOAD_DIR_REPLY: -- addr = iph->daddr; -- new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_v4.s_addr; -- iph->daddr = new_addr; -- break; -- default: -- return -1; -- } -- csum_replace4(&iph->check, addr, new_addr); -- -- return nf_flow_nat_ip_l4proto(skb, iph, thoff, addr, new_addr); --} -- --static int nf_flow_dnat_ip(const struct flow_offload *flow, struct sk_buff *skb, -- struct iphdr *iph, unsigned int thoff, -- enum flow_offload_tuple_dir dir) --{ -- __be32 addr, new_addr; -- -- switch (dir) { -- case FLOW_OFFLOAD_DIR_ORIGINAL: -- addr = iph->daddr; -- new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.src_v4.s_addr; -- iph->daddr = new_addr; -- break; -- case FLOW_OFFLOAD_DIR_REPLY: -- addr = iph->saddr; -- new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_v4.s_addr; -- iph->saddr = new_addr; -- break; -- default: -- return -1; -- } -- -- return nf_flow_nat_ip_l4proto(skb, iph, thoff, addr, new_addr); --} -- --static int nf_flow_nat_ip(const struct flow_offload *flow, struct sk_buff *skb, -- enum flow_offload_tuple_dir dir) --{ -- struct iphdr *iph = ip_hdr(skb); -- unsigned int thoff = iph->ihl * 4; -- -- if (flow->flags & FLOW_OFFLOAD_SNAT && -- (nf_flow_snat_port(flow, skb, thoff, iph->protocol, dir) < 0 || -- nf_flow_snat_ip(flow, skb, iph, thoff, dir) < 0)) -- return -1; -- if (flow->flags & FLOW_OFFLOAD_DNAT && -- (nf_flow_dnat_port(flow, skb, thoff, iph->protocol, dir) < 0 || -- nf_flow_dnat_ip(flow, skb, iph, thoff, dir) < 0)) -- return -1; -- -- return 0; --} -- --static bool ip_has_options(unsigned int thoff) --{ -- return thoff != sizeof(struct iphdr); --} -- --static int nf_flow_tuple_ip(struct sk_buff *skb, const struct net_device *dev, -- struct flow_offload_tuple *tuple) --{ -- struct flow_ports *ports; -- unsigned int thoff; -- struct iphdr *iph; -- -- if (!pskb_may_pull(skb, sizeof(*iph))) -- return -1; -- -- iph = ip_hdr(skb); -- thoff = iph->ihl * 4; -- -- if (ip_is_fragment(iph) || -- unlikely(ip_has_options(thoff))) -- return -1; -- -- if (iph->protocol != IPPROTO_TCP && -- iph->protocol != IPPROTO_UDP) -- return -1; -- -- thoff = iph->ihl * 4; -- if (!pskb_may_pull(skb, thoff + sizeof(*ports))) -- return -1; -- -- ports = (struct flow_ports *)(skb_network_header(skb) + thoff); -- -- tuple->src_v4.s_addr = iph->saddr; -- tuple->dst_v4.s_addr = iph->daddr; -- tuple->src_port = ports->source; -- tuple->dst_port = ports->dest; -- tuple->l3proto = AF_INET; -- tuple->l4proto = iph->protocol; -- tuple->iifidx = dev->ifindex; -- -- return 0; --} -- --/* Based on ip_exceeds_mtu(). */ --static bool nf_flow_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu) --{ -- if (skb->len <= mtu) -- return false; -- -- if ((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) -- return false; -- -- if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu)) -- return false; -- -- return true; --} -- --unsigned int --nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, -- const struct nf_hook_state *state) --{ -- struct flow_offload_tuple_rhash *tuplehash; -- struct nf_flowtable *flow_table = priv; -- struct flow_offload_tuple tuple = {}; -- enum flow_offload_tuple_dir dir; -- struct flow_offload *flow; -- struct net_device *outdev; -- const struct rtable *rt; -- struct iphdr *iph; -- __be32 nexthop; -- -- if (skb->protocol != htons(ETH_P_IP)) -- return NF_ACCEPT; -- -- if (nf_flow_tuple_ip(skb, state->in, &tuple) < 0) -- return NF_ACCEPT; -- -- tuplehash = flow_offload_lookup(flow_table, &tuple); -- if (tuplehash == NULL) -- return NF_ACCEPT; -- -- outdev = dev_get_by_index_rcu(state->net, tuplehash->tuple.oifidx); -- if (!outdev) -- return NF_ACCEPT; -- -- dir = tuplehash->tuple.dir; -- flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); -- rt = (const struct rtable *)flow->tuplehash[dir].tuple.dst_cache; -- -- if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu))) -- return NF_ACCEPT; -- -- if (skb_try_make_writable(skb, sizeof(*iph))) -- return NF_DROP; -- -- if (flow->flags & (FLOW_OFFLOAD_SNAT | FLOW_OFFLOAD_DNAT) && -- nf_flow_nat_ip(flow, skb, dir) < 0) -- return NF_DROP; -- -- flow->timeout = (u32)jiffies + NF_FLOW_TIMEOUT; -- iph = ip_hdr(skb); -- ip_decrease_ttl(iph); -- -- skb->dev = outdev; -- nexthop = rt_nexthop(rt, flow->tuplehash[!dir].tuple.src_v4.s_addr); -- neigh_xmit(NEIGH_ARP_TABLE, outdev, &nexthop, skb); -- -- return NF_STOLEN; --} --EXPORT_SYMBOL_GPL(nf_flow_offload_ip_hook); - - static struct nf_flowtable_type flowtable_ipv4 = { - .family = NFPROTO_IPV4, ---- a/net/netfilter/Makefile -+++ b/net/netfilter/Makefile -@@ -113,7 +113,7 @@ obj-$(CONFIG_NFT_FWD_NETDEV) += nft_fwd_ - - # flow table infrastructure - obj-$(CONFIG_NF_FLOW_TABLE) += nf_flow_table.o --nf_flow_table-objs := nf_flow_table_core.o -+nf_flow_table-objs := nf_flow_table_core.o nf_flow_table_ip.o - - obj-$(CONFIG_NF_FLOW_TABLE_INET) += nf_flow_table_inet.o - ---- /dev/null -+++ b/net/netfilter/nf_flow_table_ip.c -@@ -0,0 +1,245 @@ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+/* For layer 4 checksum field offset. */ -+#include -+#include -+ -+static int nf_flow_nat_ip_tcp(struct sk_buff *skb, unsigned int thoff, -+ __be32 addr, __be32 new_addr) -+{ -+ struct tcphdr *tcph; -+ -+ if (!pskb_may_pull(skb, thoff + sizeof(*tcph)) || -+ skb_try_make_writable(skb, thoff + sizeof(*tcph))) -+ return -1; -+ -+ tcph = (void *)(skb_network_header(skb) + thoff); -+ inet_proto_csum_replace4(&tcph->check, skb, addr, new_addr, true); -+ -+ return 0; -+} -+ -+static int nf_flow_nat_ip_udp(struct sk_buff *skb, unsigned int thoff, -+ __be32 addr, __be32 new_addr) -+{ -+ struct udphdr *udph; -+ -+ if (!pskb_may_pull(skb, thoff + sizeof(*udph)) || -+ skb_try_make_writable(skb, thoff + sizeof(*udph))) -+ return -1; -+ -+ udph = (void *)(skb_network_header(skb) + thoff); -+ if (udph->check || skb->ip_summed == CHECKSUM_PARTIAL) { -+ inet_proto_csum_replace4(&udph->check, skb, addr, -+ new_addr, true); -+ if (!udph->check) -+ udph->check = CSUM_MANGLED_0; -+ } -+ -+ return 0; -+} -+ -+static int nf_flow_nat_ip_l4proto(struct sk_buff *skb, struct iphdr *iph, -+ unsigned int thoff, __be32 addr, -+ __be32 new_addr) -+{ -+ switch (iph->protocol) { -+ case IPPROTO_TCP: -+ if (nf_flow_nat_ip_tcp(skb, thoff, addr, new_addr) < 0) -+ return NF_DROP; -+ break; -+ case IPPROTO_UDP: -+ if (nf_flow_nat_ip_udp(skb, thoff, addr, new_addr) < 0) -+ return NF_DROP; -+ break; -+ } -+ -+ return 0; -+} -+ -+static int nf_flow_snat_ip(const struct flow_offload *flow, struct sk_buff *skb, -+ struct iphdr *iph, unsigned int thoff, -+ enum flow_offload_tuple_dir dir) -+{ -+ __be32 addr, new_addr; -+ -+ switch (dir) { -+ case FLOW_OFFLOAD_DIR_ORIGINAL: -+ addr = iph->saddr; -+ new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_v4.s_addr; -+ iph->saddr = new_addr; -+ break; -+ case FLOW_OFFLOAD_DIR_REPLY: -+ addr = iph->daddr; -+ new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_v4.s_addr; -+ iph->daddr = new_addr; -+ break; -+ default: -+ return -1; -+ } -+ csum_replace4(&iph->check, addr, new_addr); -+ -+ return nf_flow_nat_ip_l4proto(skb, iph, thoff, addr, new_addr); -+} -+ -+static int nf_flow_dnat_ip(const struct flow_offload *flow, struct sk_buff *skb, -+ struct iphdr *iph, unsigned int thoff, -+ enum flow_offload_tuple_dir dir) -+{ -+ __be32 addr, new_addr; -+ -+ switch (dir) { -+ case FLOW_OFFLOAD_DIR_ORIGINAL: -+ addr = iph->daddr; -+ new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.src_v4.s_addr; -+ iph->daddr = new_addr; -+ break; -+ case FLOW_OFFLOAD_DIR_REPLY: -+ addr = iph->saddr; -+ new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_v4.s_addr; -+ iph->saddr = new_addr; -+ break; -+ default: -+ return -1; -+ } -+ -+ return nf_flow_nat_ip_l4proto(skb, iph, thoff, addr, new_addr); -+} -+ -+static int nf_flow_nat_ip(const struct flow_offload *flow, struct sk_buff *skb, -+ enum flow_offload_tuple_dir dir) -+{ -+ struct iphdr *iph = ip_hdr(skb); -+ unsigned int thoff = iph->ihl * 4; -+ -+ if (flow->flags & FLOW_OFFLOAD_SNAT && -+ (nf_flow_snat_port(flow, skb, thoff, iph->protocol, dir) < 0 || -+ nf_flow_snat_ip(flow, skb, iph, thoff, dir) < 0)) -+ return -1; -+ if (flow->flags & FLOW_OFFLOAD_DNAT && -+ (nf_flow_dnat_port(flow, skb, thoff, iph->protocol, dir) < 0 || -+ nf_flow_dnat_ip(flow, skb, iph, thoff, dir) < 0)) -+ return -1; -+ -+ return 0; -+} -+ -+static bool ip_has_options(unsigned int thoff) -+{ -+ return thoff != sizeof(struct iphdr); -+} -+ -+static int nf_flow_tuple_ip(struct sk_buff *skb, const struct net_device *dev, -+ struct flow_offload_tuple *tuple) -+{ -+ struct flow_ports *ports; -+ unsigned int thoff; -+ struct iphdr *iph; -+ -+ if (!pskb_may_pull(skb, sizeof(*iph))) -+ return -1; -+ -+ iph = ip_hdr(skb); -+ thoff = iph->ihl * 4; -+ -+ if (ip_is_fragment(iph) || -+ unlikely(ip_has_options(thoff))) -+ return -1; -+ -+ if (iph->protocol != IPPROTO_TCP && -+ iph->protocol != IPPROTO_UDP) -+ return -1; -+ -+ thoff = iph->ihl * 4; -+ if (!pskb_may_pull(skb, thoff + sizeof(*ports))) -+ return -1; -+ -+ ports = (struct flow_ports *)(skb_network_header(skb) + thoff); -+ -+ tuple->src_v4.s_addr = iph->saddr; -+ tuple->dst_v4.s_addr = iph->daddr; -+ tuple->src_port = ports->source; -+ tuple->dst_port = ports->dest; -+ tuple->l3proto = AF_INET; -+ tuple->l4proto = iph->protocol; -+ tuple->iifidx = dev->ifindex; -+ -+ return 0; -+} -+ -+/* Based on ip_exceeds_mtu(). */ -+static bool nf_flow_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu) -+{ -+ if (skb->len <= mtu) -+ return false; -+ -+ if ((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) -+ return false; -+ -+ if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu)) -+ return false; -+ -+ return true; -+} -+ -+unsigned int -+nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, -+ const struct nf_hook_state *state) -+{ -+ struct flow_offload_tuple_rhash *tuplehash; -+ struct nf_flowtable *flow_table = priv; -+ struct flow_offload_tuple tuple = {}; -+ enum flow_offload_tuple_dir dir; -+ struct flow_offload *flow; -+ struct net_device *outdev; -+ const struct rtable *rt; -+ struct iphdr *iph; -+ __be32 nexthop; -+ -+ if (skb->protocol != htons(ETH_P_IP)) -+ return NF_ACCEPT; -+ -+ if (nf_flow_tuple_ip(skb, state->in, &tuple) < 0) -+ return NF_ACCEPT; -+ -+ tuplehash = flow_offload_lookup(flow_table, &tuple); -+ if (tuplehash == NULL) -+ return NF_ACCEPT; -+ -+ outdev = dev_get_by_index_rcu(state->net, tuplehash->tuple.oifidx); -+ if (!outdev) -+ return NF_ACCEPT; -+ -+ dir = tuplehash->tuple.dir; -+ flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); -+ rt = (const struct rtable *)flow->tuplehash[dir].tuple.dst_cache; -+ -+ if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu))) -+ return NF_ACCEPT; -+ -+ if (skb_try_make_writable(skb, sizeof(*iph))) -+ return NF_DROP; -+ -+ if (flow->flags & (FLOW_OFFLOAD_SNAT | FLOW_OFFLOAD_DNAT) && -+ nf_flow_nat_ip(flow, skb, dir) < 0) -+ return NF_DROP; -+ -+ flow->timeout = (u32)jiffies + NF_FLOW_TIMEOUT; -+ iph = ip_hdr(skb); -+ ip_decrease_ttl(iph); -+ -+ skb->dev = outdev; -+ nexthop = rt_nexthop(rt, flow->tuplehash[!dir].tuple.src_v4.s_addr); -+ neigh_xmit(NEIGH_ARP_TABLE, outdev, &nexthop, skb); -+ -+ return NF_STOLEN; -+} -+EXPORT_SYMBOL_GPL(nf_flow_offload_ip_hook); diff --git a/target/linux/generic/backport-4.19/354-v4.18-netfilter-nf_flow_table-move-ip-header-check-out-of-.patch b/target/linux/generic/backport-4.19/354-v4.18-netfilter-nf_flow_table-move-ip-header-check-out-of-.patch deleted file mode 100644 index 4ee5532438..0000000000 --- a/target/linux/generic/backport-4.19/354-v4.18-netfilter-nf_flow_table-move-ip-header-check-out-of-.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: Felix Fietkau -Date: Sat, 17 Feb 2018 11:51:20 +0100 -Subject: [PATCH] netfilter: nf_flow_table: move ip header check out of - nf_flow_exceeds_mtu - -Allows the function to be shared with the IPv6 hook code - -Signed-off-by: Felix Fietkau ---- - ---- a/net/netfilter/nf_flow_table_ip.c -+++ b/net/netfilter/nf_flow_table_ip.c -@@ -181,9 +181,6 @@ static bool nf_flow_exceeds_mtu(const st - if (skb->len <= mtu) - return false; - -- if ((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) -- return false; -- - if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu)) - return false; - -@@ -222,7 +219,8 @@ nf_flow_offload_ip_hook(void *priv, stru - flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); - rt = (const struct rtable *)flow->tuplehash[dir].tuple.dst_cache; - -- if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu))) -+ if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)) && -+ (ip_hdr(skb)->frag_off & htons(IP_DF)) != 0) - return NF_ACCEPT; - - if (skb_try_make_writable(skb, sizeof(*iph))) diff --git a/target/linux/generic/backport-4.19/355-v4.18-netfilter-nf_flow_table-move-ipv6-offload-hook-code-.patch b/target/linux/generic/backport-4.19/355-v4.18-netfilter-nf_flow_table-move-ipv6-offload-hook-code-.patch deleted file mode 100644 index 20ab0ed504..0000000000 --- a/target/linux/generic/backport-4.19/355-v4.18-netfilter-nf_flow_table-move-ipv6-offload-hook-code-.patch +++ /dev/null @@ -1,483 +0,0 @@ -From: Felix Fietkau -Date: Sat, 17 Feb 2018 11:55:51 +0100 -Subject: [PATCH] netfilter: nf_flow_table: move ipv6 offload hook code to - nf_flow_table - -Useful as preparation for adding iptables support for offload - -Signed-off-by: Felix Fietkau ---- - ---- a/net/ipv6/netfilter/nf_flow_table_ipv6.c -+++ b/net/ipv6/netfilter/nf_flow_table_ipv6.c -@@ -3,240 +3,8 @@ - #include - #include - #include --#include --#include --#include --#include --#include - #include - #include --/* For layer 4 checksum field offset. */ --#include --#include -- --static int nf_flow_nat_ipv6_tcp(struct sk_buff *skb, unsigned int thoff, -- struct in6_addr *addr, -- struct in6_addr *new_addr) --{ -- struct tcphdr *tcph; -- -- if (!pskb_may_pull(skb, thoff + sizeof(*tcph)) || -- skb_try_make_writable(skb, thoff + sizeof(*tcph))) -- return -1; -- -- tcph = (void *)(skb_network_header(skb) + thoff); -- inet_proto_csum_replace16(&tcph->check, skb, addr->s6_addr32, -- new_addr->s6_addr32, true); -- -- return 0; --} -- --static int nf_flow_nat_ipv6_udp(struct sk_buff *skb, unsigned int thoff, -- struct in6_addr *addr, -- struct in6_addr *new_addr) --{ -- struct udphdr *udph; -- -- if (!pskb_may_pull(skb, thoff + sizeof(*udph)) || -- skb_try_make_writable(skb, thoff + sizeof(*udph))) -- return -1; -- -- udph = (void *)(skb_network_header(skb) + thoff); -- if (udph->check || skb->ip_summed == CHECKSUM_PARTIAL) { -- inet_proto_csum_replace16(&udph->check, skb, addr->s6_addr32, -- new_addr->s6_addr32, true); -- if (!udph->check) -- udph->check = CSUM_MANGLED_0; -- } -- -- return 0; --} -- --static int nf_flow_nat_ipv6_l4proto(struct sk_buff *skb, struct ipv6hdr *ip6h, -- unsigned int thoff, struct in6_addr *addr, -- struct in6_addr *new_addr) --{ -- switch (ip6h->nexthdr) { -- case IPPROTO_TCP: -- if (nf_flow_nat_ipv6_tcp(skb, thoff, addr, new_addr) < 0) -- return NF_DROP; -- break; -- case IPPROTO_UDP: -- if (nf_flow_nat_ipv6_udp(skb, thoff, addr, new_addr) < 0) -- return NF_DROP; -- break; -- } -- -- return 0; --} -- --static int nf_flow_snat_ipv6(const struct flow_offload *flow, -- struct sk_buff *skb, struct ipv6hdr *ip6h, -- unsigned int thoff, -- enum flow_offload_tuple_dir dir) --{ -- struct in6_addr addr, new_addr; -- -- switch (dir) { -- case FLOW_OFFLOAD_DIR_ORIGINAL: -- addr = ip6h->saddr; -- new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_v6; -- ip6h->saddr = new_addr; -- break; -- case FLOW_OFFLOAD_DIR_REPLY: -- addr = ip6h->daddr; -- new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_v6; -- ip6h->daddr = new_addr; -- break; -- default: -- return -1; -- } -- -- return nf_flow_nat_ipv6_l4proto(skb, ip6h, thoff, &addr, &new_addr); --} -- --static int nf_flow_dnat_ipv6(const struct flow_offload *flow, -- struct sk_buff *skb, struct ipv6hdr *ip6h, -- unsigned int thoff, -- enum flow_offload_tuple_dir dir) --{ -- struct in6_addr addr, new_addr; -- -- switch (dir) { -- case FLOW_OFFLOAD_DIR_ORIGINAL: -- addr = ip6h->daddr; -- new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.src_v6; -- ip6h->daddr = new_addr; -- break; -- case FLOW_OFFLOAD_DIR_REPLY: -- addr = ip6h->saddr; -- new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_v6; -- ip6h->saddr = new_addr; -- break; -- default: -- return -1; -- } -- -- return nf_flow_nat_ipv6_l4proto(skb, ip6h, thoff, &addr, &new_addr); --} -- --static int nf_flow_nat_ipv6(const struct flow_offload *flow, -- struct sk_buff *skb, -- enum flow_offload_tuple_dir dir) --{ -- struct ipv6hdr *ip6h = ipv6_hdr(skb); -- unsigned int thoff = sizeof(*ip6h); -- -- if (flow->flags & FLOW_OFFLOAD_SNAT && -- (nf_flow_snat_port(flow, skb, thoff, ip6h->nexthdr, dir) < 0 || -- nf_flow_snat_ipv6(flow, skb, ip6h, thoff, dir) < 0)) -- return -1; -- if (flow->flags & FLOW_OFFLOAD_DNAT && -- (nf_flow_dnat_port(flow, skb, thoff, ip6h->nexthdr, dir) < 0 || -- nf_flow_dnat_ipv6(flow, skb, ip6h, thoff, dir) < 0)) -- return -1; -- -- return 0; --} -- --static int nf_flow_tuple_ipv6(struct sk_buff *skb, const struct net_device *dev, -- struct flow_offload_tuple *tuple) --{ -- struct flow_ports *ports; -- struct ipv6hdr *ip6h; -- unsigned int thoff; -- -- if (!pskb_may_pull(skb, sizeof(*ip6h))) -- return -1; -- -- ip6h = ipv6_hdr(skb); -- -- if (ip6h->nexthdr != IPPROTO_TCP && -- ip6h->nexthdr != IPPROTO_UDP) -- return -1; -- -- thoff = sizeof(*ip6h); -- if (!pskb_may_pull(skb, thoff + sizeof(*ports))) -- return -1; -- -- ports = (struct flow_ports *)(skb_network_header(skb) + thoff); -- -- tuple->src_v6 = ip6h->saddr; -- tuple->dst_v6 = ip6h->daddr; -- tuple->src_port = ports->source; -- tuple->dst_port = ports->dest; -- tuple->l3proto = AF_INET6; -- tuple->l4proto = ip6h->nexthdr; -- tuple->iifidx = dev->ifindex; -- -- return 0; --} -- --/* Based on ip_exceeds_mtu(). */ --static bool nf_flow_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu) --{ -- if (skb->len <= mtu) -- return false; -- -- if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu)) -- return false; -- -- return true; --} -- --unsigned int --nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, -- const struct nf_hook_state *state) --{ -- struct flow_offload_tuple_rhash *tuplehash; -- struct nf_flowtable *flow_table = priv; -- struct flow_offload_tuple tuple = {}; -- enum flow_offload_tuple_dir dir; -- struct flow_offload *flow; -- struct net_device *outdev; -- struct in6_addr *nexthop; -- struct ipv6hdr *ip6h; -- struct rt6_info *rt; -- -- if (skb->protocol != htons(ETH_P_IPV6)) -- return NF_ACCEPT; -- -- if (nf_flow_tuple_ipv6(skb, state->in, &tuple) < 0) -- return NF_ACCEPT; -- -- tuplehash = flow_offload_lookup(flow_table, &tuple); -- if (tuplehash == NULL) -- return NF_ACCEPT; -- -- outdev = dev_get_by_index_rcu(state->net, tuplehash->tuple.oifidx); -- if (!outdev) -- return NF_ACCEPT; -- -- dir = tuplehash->tuple.dir; -- flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); -- rt = (struct rt6_info *)flow->tuplehash[dir].tuple.dst_cache; -- -- if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu))) -- return NF_ACCEPT; -- -- if (skb_try_make_writable(skb, sizeof(*ip6h))) -- return NF_DROP; -- -- if (flow->flags & (FLOW_OFFLOAD_SNAT | FLOW_OFFLOAD_DNAT) && -- nf_flow_nat_ipv6(flow, skb, dir) < 0) -- return NF_DROP; -- -- flow->timeout = (u32)jiffies + NF_FLOW_TIMEOUT; -- ip6h = ipv6_hdr(skb); -- ip6h->hop_limit--; -- -- skb->dev = outdev; -- nexthop = rt6_nexthop(rt, &flow->tuplehash[!dir].tuple.src_v6); -- neigh_xmit(NEIGH_ND_TABLE, outdev, nexthop, skb); -- -- return NF_STOLEN; --} --EXPORT_SYMBOL_GPL(nf_flow_offload_ipv6_hook); - - static struct nf_flowtable_type flowtable_ipv6 = { - .family = NFPROTO_IPV6, ---- a/net/netfilter/nf_flow_table_ip.c -+++ b/net/netfilter/nf_flow_table_ip.c -@@ -4,8 +4,11 @@ - #include - #include - #include -+#include - #include - #include -+#include -+#include - #include - #include - /* For layer 4 checksum field offset. */ -@@ -241,3 +244,215 @@ nf_flow_offload_ip_hook(void *priv, stru - return NF_STOLEN; - } - EXPORT_SYMBOL_GPL(nf_flow_offload_ip_hook); -+ -+static int nf_flow_nat_ipv6_tcp(struct sk_buff *skb, unsigned int thoff, -+ struct in6_addr *addr, -+ struct in6_addr *new_addr) -+{ -+ struct tcphdr *tcph; -+ -+ if (!pskb_may_pull(skb, thoff + sizeof(*tcph)) || -+ skb_try_make_writable(skb, thoff + sizeof(*tcph))) -+ return -1; -+ -+ tcph = (void *)(skb_network_header(skb) + thoff); -+ inet_proto_csum_replace16(&tcph->check, skb, addr->s6_addr32, -+ new_addr->s6_addr32, true); -+ -+ return 0; -+} -+ -+static int nf_flow_nat_ipv6_udp(struct sk_buff *skb, unsigned int thoff, -+ struct in6_addr *addr, -+ struct in6_addr *new_addr) -+{ -+ struct udphdr *udph; -+ -+ if (!pskb_may_pull(skb, thoff + sizeof(*udph)) || -+ skb_try_make_writable(skb, thoff + sizeof(*udph))) -+ return -1; -+ -+ udph = (void *)(skb_network_header(skb) + thoff); -+ if (udph->check || skb->ip_summed == CHECKSUM_PARTIAL) { -+ inet_proto_csum_replace16(&udph->check, skb, addr->s6_addr32, -+ new_addr->s6_addr32, true); -+ if (!udph->check) -+ udph->check = CSUM_MANGLED_0; -+ } -+ -+ return 0; -+} -+ -+static int nf_flow_nat_ipv6_l4proto(struct sk_buff *skb, struct ipv6hdr *ip6h, -+ unsigned int thoff, struct in6_addr *addr, -+ struct in6_addr *new_addr) -+{ -+ switch (ip6h->nexthdr) { -+ case IPPROTO_TCP: -+ if (nf_flow_nat_ipv6_tcp(skb, thoff, addr, new_addr) < 0) -+ return NF_DROP; -+ break; -+ case IPPROTO_UDP: -+ if (nf_flow_nat_ipv6_udp(skb, thoff, addr, new_addr) < 0) -+ return NF_DROP; -+ break; -+ } -+ -+ return 0; -+} -+ -+static int nf_flow_snat_ipv6(const struct flow_offload *flow, -+ struct sk_buff *skb, struct ipv6hdr *ip6h, -+ unsigned int thoff, -+ enum flow_offload_tuple_dir dir) -+{ -+ struct in6_addr addr, new_addr; -+ -+ switch (dir) { -+ case FLOW_OFFLOAD_DIR_ORIGINAL: -+ addr = ip6h->saddr; -+ new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_v6; -+ ip6h->saddr = new_addr; -+ break; -+ case FLOW_OFFLOAD_DIR_REPLY: -+ addr = ip6h->daddr; -+ new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_v6; -+ ip6h->daddr = new_addr; -+ break; -+ default: -+ return -1; -+ } -+ -+ return nf_flow_nat_ipv6_l4proto(skb, ip6h, thoff, &addr, &new_addr); -+} -+ -+static int nf_flow_dnat_ipv6(const struct flow_offload *flow, -+ struct sk_buff *skb, struct ipv6hdr *ip6h, -+ unsigned int thoff, -+ enum flow_offload_tuple_dir dir) -+{ -+ struct in6_addr addr, new_addr; -+ -+ switch (dir) { -+ case FLOW_OFFLOAD_DIR_ORIGINAL: -+ addr = ip6h->daddr; -+ new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.src_v6; -+ ip6h->daddr = new_addr; -+ break; -+ case FLOW_OFFLOAD_DIR_REPLY: -+ addr = ip6h->saddr; -+ new_addr = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_v6; -+ ip6h->saddr = new_addr; -+ break; -+ default: -+ return -1; -+ } -+ -+ return nf_flow_nat_ipv6_l4proto(skb, ip6h, thoff, &addr, &new_addr); -+} -+ -+static int nf_flow_nat_ipv6(const struct flow_offload *flow, -+ struct sk_buff *skb, -+ enum flow_offload_tuple_dir dir) -+{ -+ struct ipv6hdr *ip6h = ipv6_hdr(skb); -+ unsigned int thoff = sizeof(*ip6h); -+ -+ if (flow->flags & FLOW_OFFLOAD_SNAT && -+ (nf_flow_snat_port(flow, skb, thoff, ip6h->nexthdr, dir) < 0 || -+ nf_flow_snat_ipv6(flow, skb, ip6h, thoff, dir) < 0)) -+ return -1; -+ if (flow->flags & FLOW_OFFLOAD_DNAT && -+ (nf_flow_dnat_port(flow, skb, thoff, ip6h->nexthdr, dir) < 0 || -+ nf_flow_dnat_ipv6(flow, skb, ip6h, thoff, dir) < 0)) -+ return -1; -+ -+ return 0; -+} -+ -+static int nf_flow_tuple_ipv6(struct sk_buff *skb, const struct net_device *dev, -+ struct flow_offload_tuple *tuple) -+{ -+ struct flow_ports *ports; -+ struct ipv6hdr *ip6h; -+ unsigned int thoff; -+ -+ if (!pskb_may_pull(skb, sizeof(*ip6h))) -+ return -1; -+ -+ ip6h = ipv6_hdr(skb); -+ -+ if (ip6h->nexthdr != IPPROTO_TCP && -+ ip6h->nexthdr != IPPROTO_UDP) -+ return -1; -+ -+ thoff = sizeof(*ip6h); -+ if (!pskb_may_pull(skb, thoff + sizeof(*ports))) -+ return -1; -+ -+ ports = (struct flow_ports *)(skb_network_header(skb) + thoff); -+ -+ tuple->src_v6 = ip6h->saddr; -+ tuple->dst_v6 = ip6h->daddr; -+ tuple->src_port = ports->source; -+ tuple->dst_port = ports->dest; -+ tuple->l3proto = AF_INET6; -+ tuple->l4proto = ip6h->nexthdr; -+ tuple->iifidx = dev->ifindex; -+ -+ return 0; -+} -+ -+unsigned int -+nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, -+ const struct nf_hook_state *state) -+{ -+ struct flow_offload_tuple_rhash *tuplehash; -+ struct nf_flowtable *flow_table = priv; -+ struct flow_offload_tuple tuple = {}; -+ enum flow_offload_tuple_dir dir; -+ struct flow_offload *flow; -+ struct net_device *outdev; -+ struct in6_addr *nexthop; -+ struct ipv6hdr *ip6h; -+ struct rt6_info *rt; -+ -+ if (skb->protocol != htons(ETH_P_IPV6)) -+ return NF_ACCEPT; -+ -+ if (nf_flow_tuple_ipv6(skb, state->in, &tuple) < 0) -+ return NF_ACCEPT; -+ -+ tuplehash = flow_offload_lookup(flow_table, &tuple); -+ if (tuplehash == NULL) -+ return NF_ACCEPT; -+ -+ outdev = dev_get_by_index_rcu(state->net, tuplehash->tuple.oifidx); -+ if (!outdev) -+ return NF_ACCEPT; -+ -+ dir = tuplehash->tuple.dir; -+ flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); -+ rt = (struct rt6_info *)flow->tuplehash[dir].tuple.dst_cache; -+ -+ if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu))) -+ return NF_ACCEPT; -+ -+ if (skb_try_make_writable(skb, sizeof(*ip6h))) -+ return NF_DROP; -+ -+ if (flow->flags & (FLOW_OFFLOAD_SNAT | FLOW_OFFLOAD_DNAT) && -+ nf_flow_nat_ipv6(flow, skb, dir) < 0) -+ return NF_DROP; -+ -+ flow->timeout = (u32)jiffies + NF_FLOW_TIMEOUT; -+ ip6h = ipv6_hdr(skb); -+ ip6h->hop_limit--; -+ -+ skb->dev = outdev; -+ nexthop = rt6_nexthop(rt, &flow->tuplehash[!dir].tuple.src_v6); -+ neigh_xmit(NEIGH_ND_TABLE, outdev, nexthop, skb); -+ -+ return NF_STOLEN; -+} -+EXPORT_SYMBOL_GPL(nf_flow_offload_ipv6_hook); diff --git a/target/linux/generic/backport-4.19/356-v4.18-netfilter-nf_flow_table-relax-mixed-ipv4-ipv6-flowta.patch b/target/linux/generic/backport-4.19/356-v4.18-netfilter-nf_flow_table-relax-mixed-ipv4-ipv6-flowta.patch deleted file mode 100644 index b5fe25a1d6..0000000000 --- a/target/linux/generic/backport-4.19/356-v4.18-netfilter-nf_flow_table-relax-mixed-ipv4-ipv6-flowta.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Felix Fietkau -Date: Sat, 17 Feb 2018 12:02:28 +0100 -Subject: [PATCH] netfilter: nf_flow_table: relax mixed ipv4/ipv6 flowtable - dependencies - -Since the offload hook code was moved, this table no longer depends on -the IPv4 and IPv6 flowtable modules - -Signed-off-by: Felix Fietkau ---- - ---- a/net/netfilter/Kconfig -+++ b/net/netfilter/Kconfig -@@ -676,8 +676,7 @@ endif # NF_TABLES - - config NF_FLOW_TABLE_INET - tristate "Netfilter flow table mixed IPv4/IPv6 module" -- depends on NF_FLOW_TABLE_IPV4 -- depends on NF_FLOW_TABLE_IPV6 -+ depends on NF_FLOW_TABLE - help - This option adds the flow table mixed IPv4/IPv6 support. - diff --git a/target/linux/generic/backport-4.19/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch b/target/linux/generic/backport-4.19/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch deleted file mode 100644 index 2cf8cea23c..0000000000 --- a/target/linux/generic/backport-4.19/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch +++ /dev/null @@ -1,298 +0,0 @@ -From: Felix Fietkau -Date: Sun, 18 Feb 2018 18:16:31 +0100 -Subject: [PATCH] netfilter: nf_flow_table: move init code to - nf_flow_table_core.c - -Reduces duplication of .gc and .params in flowtable type definitions and -makes the API clearer - -Signed-off-by: Felix Fietkau ---- - ---- a/include/net/netfilter/nf_flow_table.h -+++ b/include/net/netfilter/nf_flow_table.h -@@ -14,9 +14,8 @@ struct nf_flowtable; - struct nf_flowtable_type { - struct list_head list; - int family; -- void (*gc)(struct work_struct *work); -+ int (*init)(struct nf_flowtable *ft); - void (*free)(struct nf_flowtable *ft); -- const struct rhashtable_params *params; - nf_hookfn *hook; - struct module *owner; - }; -@@ -100,9 +99,8 @@ int nf_flow_table_iterate(struct nf_flow - - void nf_flow_table_cleanup(struct net *net, struct net_device *dev); - -+int nf_flow_table_init(struct nf_flowtable *flow_table); - void nf_flow_table_free(struct nf_flowtable *flow_table); --void nf_flow_offload_work_gc(struct work_struct *work); --extern const struct rhashtable_params nf_flow_offload_rhash_params; - - void flow_offload_dead(struct flow_offload *flow); - ---- a/net/ipv4/netfilter/nf_flow_table_ipv4.c -+++ b/net/ipv4/netfilter/nf_flow_table_ipv4.c -@@ -7,8 +7,7 @@ - - static struct nf_flowtable_type flowtable_ipv4 = { - .family = NFPROTO_IPV4, -- .params = &nf_flow_offload_rhash_params, -- .gc = nf_flow_offload_work_gc, -+ .init = nf_flow_table_init, - .free = nf_flow_table_free, - .hook = nf_flow_offload_ip_hook, - .owner = THIS_MODULE, ---- a/net/ipv6/netfilter/nf_flow_table_ipv6.c -+++ b/net/ipv6/netfilter/nf_flow_table_ipv6.c -@@ -8,8 +8,7 @@ - - static struct nf_flowtable_type flowtable_ipv6 = { - .family = NFPROTO_IPV6, -- .params = &nf_flow_offload_rhash_params, -- .gc = nf_flow_offload_work_gc, -+ .init = nf_flow_table_init, - .free = nf_flow_table_free, - .hook = nf_flow_offload_ipv6_hook, - .owner = THIS_MODULE, ---- a/net/netfilter/nf_flow_table_core.c -+++ b/net/netfilter/nf_flow_table_core.c -@@ -116,16 +116,50 @@ void flow_offload_dead(struct flow_offlo - } - EXPORT_SYMBOL_GPL(flow_offload_dead); - -+static u32 flow_offload_hash(const void *data, u32 len, u32 seed) -+{ -+ const struct flow_offload_tuple *tuple = data; -+ -+ return jhash(tuple, offsetof(struct flow_offload_tuple, dir), seed); -+} -+ -+static u32 flow_offload_hash_obj(const void *data, u32 len, u32 seed) -+{ -+ const struct flow_offload_tuple_rhash *tuplehash = data; -+ -+ return jhash(&tuplehash->tuple, offsetof(struct flow_offload_tuple, dir), seed); -+} -+ -+static int flow_offload_hash_cmp(struct rhashtable_compare_arg *arg, -+ const void *ptr) -+{ -+ const struct flow_offload_tuple *tuple = arg->key; -+ const struct flow_offload_tuple_rhash *x = ptr; -+ -+ if (memcmp(&x->tuple, tuple, offsetof(struct flow_offload_tuple, dir))) -+ return 1; -+ -+ return 0; -+} -+ -+static const struct rhashtable_params nf_flow_offload_rhash_params = { -+ .head_offset = offsetof(struct flow_offload_tuple_rhash, node), -+ .hashfn = flow_offload_hash, -+ .obj_hashfn = flow_offload_hash_obj, -+ .obj_cmpfn = flow_offload_hash_cmp, -+ .automatic_shrinking = true, -+}; -+ - int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow) - { - flow->timeout = (u32)jiffies; - - rhashtable_insert_fast(&flow_table->rhashtable, - &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node, -- *flow_table->type->params); -+ nf_flow_offload_rhash_params); - rhashtable_insert_fast(&flow_table->rhashtable, - &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node, -- *flow_table->type->params); -+ nf_flow_offload_rhash_params); - return 0; - } - EXPORT_SYMBOL_GPL(flow_offload_add); -@@ -135,10 +169,10 @@ static void flow_offload_del(struct nf_f - { - rhashtable_remove_fast(&flow_table->rhashtable, - &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node, -- *flow_table->type->params); -+ nf_flow_offload_rhash_params); - rhashtable_remove_fast(&flow_table->rhashtable, - &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node, -- *flow_table->type->params); -+ nf_flow_offload_rhash_params); - - flow_offload_free(flow); - } -@@ -148,7 +182,7 @@ flow_offload_lookup(struct nf_flowtable - struct flow_offload_tuple *tuple) - { - return rhashtable_lookup_fast(&flow_table->rhashtable, tuple, -- *flow_table->type->params); -+ nf_flow_offload_rhash_params); - } - EXPORT_SYMBOL_GPL(flow_offload_lookup); - -@@ -237,7 +271,7 @@ out: - return 1; - } - --void nf_flow_offload_work_gc(struct work_struct *work) -+static void nf_flow_offload_work_gc(struct work_struct *work) - { - struct nf_flowtable *flow_table; - -@@ -245,42 +279,6 @@ void nf_flow_offload_work_gc(struct work - nf_flow_offload_gc_step(flow_table); - queue_delayed_work(system_power_efficient_wq, &flow_table->gc_work, HZ); - } --EXPORT_SYMBOL_GPL(nf_flow_offload_work_gc); -- --static u32 flow_offload_hash(const void *data, u32 len, u32 seed) --{ -- const struct flow_offload_tuple *tuple = data; -- -- return jhash(tuple, offsetof(struct flow_offload_tuple, dir), seed); --} -- --static u32 flow_offload_hash_obj(const void *data, u32 len, u32 seed) --{ -- const struct flow_offload_tuple_rhash *tuplehash = data; -- -- return jhash(&tuplehash->tuple, offsetof(struct flow_offload_tuple, dir), seed); --} -- --static int flow_offload_hash_cmp(struct rhashtable_compare_arg *arg, -- const void *ptr) --{ -- const struct flow_offload_tuple *tuple = arg->key; -- const struct flow_offload_tuple_rhash *x = ptr; -- -- if (memcmp(&x->tuple, tuple, offsetof(struct flow_offload_tuple, dir))) -- return 1; -- -- return 0; --} -- --const struct rhashtable_params nf_flow_offload_rhash_params = { -- .head_offset = offsetof(struct flow_offload_tuple_rhash, node), -- .hashfn = flow_offload_hash, -- .obj_hashfn = flow_offload_hash_obj, -- .obj_cmpfn = flow_offload_hash_cmp, -- .automatic_shrinking = true, --}; --EXPORT_SYMBOL_GPL(nf_flow_offload_rhash_params); - - static int nf_flow_nat_port_tcp(struct sk_buff *skb, unsigned int thoff, - __be16 port, __be16 new_port) -@@ -398,6 +396,24 @@ int nf_flow_dnat_port(const struct flow_ - } - EXPORT_SYMBOL_GPL(nf_flow_dnat_port); - -+int nf_flow_table_init(struct nf_flowtable *flowtable) -+{ -+ int err; -+ -+ INIT_DEFERRABLE_WORK(&flowtable->gc_work, nf_flow_offload_work_gc); -+ -+ err = rhashtable_init(&flowtable->rhashtable, -+ &nf_flow_offload_rhash_params); -+ if (err < 0) -+ return err; -+ -+ queue_delayed_work(system_power_efficient_wq, -+ &flowtable->gc_work, HZ); -+ -+ return 0; -+} -+EXPORT_SYMBOL_GPL(nf_flow_table_init); -+ - static void nf_flow_table_do_cleanup(struct flow_offload *flow, void *data) - { - struct net_device *dev = data; -@@ -423,8 +439,10 @@ EXPORT_SYMBOL_GPL(nf_flow_table_cleanup) - - void nf_flow_table_free(struct nf_flowtable *flow_table) - { -+ cancel_delayed_work_sync(&flow_table->gc_work); - nf_flow_table_iterate(flow_table, nf_flow_table_do_cleanup, NULL); - WARN_ON(!nf_flow_offload_gc_step(flow_table)); -+ rhashtable_destroy(&flow_table->rhashtable); - } - EXPORT_SYMBOL_GPL(nf_flow_table_free); - ---- a/net/netfilter/nf_flow_table_inet.c -+++ b/net/netfilter/nf_flow_table_inet.c -@@ -22,8 +22,7 @@ nf_flow_offload_inet_hook(void *priv, st - - static struct nf_flowtable_type flowtable_inet = { - .family = NFPROTO_INET, -- .params = &nf_flow_offload_rhash_params, -- .gc = nf_flow_offload_work_gc, -+ .init = nf_flow_table_init, - .free = nf_flow_table_free, - .hook = nf_flow_offload_inet_hook, - .owner = THIS_MODULE, ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -5081,40 +5081,38 @@ static int nf_tables_newflowtable(struct - } - - flowtable->data.type = type; -- err = rhashtable_init(&flowtable->data.rhashtable, type->params); -+ err = type->init(&flowtable->data); - if (err < 0) - goto err3; - - err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK], - flowtable); - if (err < 0) -- goto err3; -+ goto err4; - - for (i = 0; i < flowtable->ops_len; i++) { - err = nf_register_net_hook(net, &flowtable->ops[i]); - if (err < 0) -- goto err4; -+ goto err5; - } - - err = nft_trans_flowtable_add(&ctx, NFT_MSG_NEWFLOWTABLE, flowtable); - if (err < 0) -- goto err5; -- -- INIT_DEFERRABLE_WORK(&flowtable->data.gc_work, type->gc); -- queue_delayed_work(system_power_efficient_wq, -- &flowtable->data.gc_work, HZ); -+ goto err6; - - list_add_tail_rcu(&flowtable->list, &table->flowtables); - table->use++; - - return 0; --err5: -+err6: - i = flowtable->ops_len; --err4: -+err5: - for (k = i - 1; k >= 0; k--) - nf_unregister_net_hook(net, &flowtable->ops[i]); - - kfree(flowtable->ops); -+err4: -+ flowtable->data.type->free(&flowtable->data); - err3: - module_put(type->owner); - err2: -@@ -5395,10 +5393,8 @@ err: - - static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable) - { -- cancel_delayed_work_sync(&flowtable->data.gc_work); - kfree(flowtable->name); - flowtable->data.type->free(&flowtable->data); -- rhashtable_destroy(&flowtable->data.rhashtable); - module_put(flowtable->data.type->owner); - } - diff --git a/target/linux/generic/backport-4.19/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch b/target/linux/generic/backport-4.19/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch deleted file mode 100644 index d978a076fd..0000000000 --- a/target/linux/generic/backport-4.19/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: Felix Fietkau -Date: Tue, 20 Feb 2018 14:48:51 +0100 -Subject: [PATCH] netfilter: nf_flow_table: fix priv pointer for netdev hook - -The offload ip hook expects a pointer to the flowtable, not to the -rhashtable. Since the rhashtable is the first member, this is safe for -the moment, but breaks as soon as the structure layout changes - -Signed-off-by: Felix Fietkau ---- - ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -4947,7 +4947,7 @@ static int nf_tables_flowtable_parse_hoo - flowtable->ops[i].pf = NFPROTO_NETDEV; - flowtable->ops[i].hooknum = hooknum; - flowtable->ops[i].priority = priority; -- flowtable->ops[i].priv = &flowtable->data.rhashtable; -+ flowtable->ops[i].priv = &flowtable->data; - flowtable->ops[i].hook = flowtable->data.type->hook; - flowtable->ops[i].dev = dev_array[i]; - } diff --git a/target/linux/generic/backport-4.19/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch b/target/linux/generic/backport-4.19/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch deleted file mode 100644 index 84048a0be8..0000000000 --- a/target/linux/generic/backport-4.19/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch +++ /dev/null @@ -1,114 +0,0 @@ -From: Felix Fietkau -Date: Tue, 20 Feb 2018 14:08:14 +0100 -Subject: [PATCH] netfilter: nf_flow_table: track flow tables in nf_flow_table - directly - -Avoids having nf_flow_table depend on nftables (useful for future -iptables backport work) - -Signed-off-by: Felix Fietkau ---- - ---- a/include/net/netfilter/nf_flow_table.h -+++ b/include/net/netfilter/nf_flow_table.h -@@ -21,6 +21,7 @@ struct nf_flowtable_type { - }; - - struct nf_flowtable { -+ struct list_head list; - struct rhashtable rhashtable; - const struct nf_flowtable_type *type; - struct delayed_work gc_work; ---- a/include/net/netfilter/nf_tables.h -+++ b/include/net/netfilter/nf_tables.h -@@ -1096,9 +1096,6 @@ struct nft_flowtable { - struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, - const struct nlattr *nla, - u8 genmask); --void nft_flow_table_iterate(struct net *net, -- void (*iter)(struct nf_flowtable *flowtable, void *data), -- void *data); - - void nft_register_flowtable_type(struct nf_flowtable_type *type); - void nft_unregister_flowtable_type(struct nf_flowtable_type *type); ---- a/net/netfilter/nf_flow_table_core.c -+++ b/net/netfilter/nf_flow_table_core.c -@@ -18,6 +18,9 @@ struct flow_offload_entry { - struct rcu_head rcu_head; - }; - -+static DEFINE_MUTEX(flowtable_lock); -+static LIST_HEAD(flowtables); -+ - static void - flow_offload_fill_dir(struct flow_offload *flow, struct nf_conn *ct, - struct nf_flow_route *route, -@@ -410,6 +413,10 @@ int nf_flow_table_init(struct nf_flowtab - queue_delayed_work(system_power_efficient_wq, - &flowtable->gc_work, HZ); - -+ mutex_lock(&flowtable_lock); -+ list_add(&flowtable->list, &flowtables); -+ mutex_unlock(&flowtable_lock); -+ - return 0; - } - EXPORT_SYMBOL_GPL(nf_flow_table_init); -@@ -425,20 +432,28 @@ static void nf_flow_table_do_cleanup(str - } - - static void nf_flow_table_iterate_cleanup(struct nf_flowtable *flowtable, -- void *data) -+ struct net_device *dev) - { -- nf_flow_table_iterate(flowtable, nf_flow_table_do_cleanup, data); -+ nf_flow_table_iterate(flowtable, nf_flow_table_do_cleanup, dev); - flush_delayed_work(&flowtable->gc_work); - } - - void nf_flow_table_cleanup(struct net *net, struct net_device *dev) - { -- nft_flow_table_iterate(net, nf_flow_table_iterate_cleanup, dev); -+ struct nf_flowtable *flowtable; -+ -+ mutex_lock(&flowtable_lock); -+ list_for_each_entry(flowtable, &flowtables, list) -+ nf_flow_table_iterate_cleanup(flowtable, dev); -+ mutex_unlock(&flowtable_lock); - } - EXPORT_SYMBOL_GPL(nf_flow_table_cleanup); - - void nf_flow_table_free(struct nf_flowtable *flow_table) - { -+ mutex_lock(&flowtable_lock); -+ list_del(&flow_table->list); -+ mutex_unlock(&flowtable_lock); - cancel_delayed_work_sync(&flow_table->gc_work); - nf_flow_table_iterate(flow_table, nf_flow_table_do_cleanup, NULL); - WARN_ON(!nf_flow_offload_gc_step(flow_table)); ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -4991,23 +4991,6 @@ static const struct nf_flowtable_type *n - return ERR_PTR(-ENOENT); - } - --void nft_flow_table_iterate(struct net *net, -- void (*iter)(struct nf_flowtable *flowtable, void *data), -- void *data) --{ -- struct nft_flowtable *flowtable; -- const struct nft_table *table; -- -- nfnl_lock(NFNL_SUBSYS_NFTABLES); -- list_for_each_entry(table, &net->nft.tables, list) { -- list_for_each_entry(flowtable, &table->flowtables, list) { -- iter(&flowtable->data, data); -- } -- } -- nfnl_unlock(NFNL_SUBSYS_NFTABLES); --} --EXPORT_SYMBOL_GPL(nft_flow_table_iterate); -- - static void nft_unregister_flowtable_net_hooks(struct net *net, - struct nft_flowtable *flowtable) - { diff --git a/target/linux/generic/backport-4.19/360-v4.18-netfilter-nf_flow_table-make-flow_offload_dead-inlin.patch b/target/linux/generic/backport-4.19/360-v4.18-netfilter-nf_flow_table-make-flow_offload_dead-inlin.patch deleted file mode 100644 index d33400c729..0000000000 --- a/target/linux/generic/backport-4.19/360-v4.18-netfilter-nf_flow_table-make-flow_offload_dead-inlin.patch +++ /dev/null @@ -1,38 +0,0 @@ -From: Felix Fietkau -Date: Sun, 25 Feb 2018 15:37:27 +0100 -Subject: [PATCH] netfilter: nf_flow_table: make flow_offload_dead inline - -It is too trivial to keep as a separate exported function - -Signed-off-by: Felix Fietkau ---- - ---- a/include/net/netfilter/nf_flow_table.h -+++ b/include/net/netfilter/nf_flow_table.h -@@ -103,7 +103,10 @@ void nf_flow_table_cleanup(struct net *n - int nf_flow_table_init(struct nf_flowtable *flow_table); - void nf_flow_table_free(struct nf_flowtable *flow_table); - --void flow_offload_dead(struct flow_offload *flow); -+static inline void flow_offload_dead(struct flow_offload *flow) -+{ -+ flow->flags |= FLOW_OFFLOAD_DYING; -+} - - int nf_flow_snat_port(const struct flow_offload *flow, - struct sk_buff *skb, unsigned int thoff, ---- a/net/netfilter/nf_flow_table_core.c -+++ b/net/netfilter/nf_flow_table_core.c -@@ -113,12 +113,6 @@ void flow_offload_free(struct flow_offlo - } - EXPORT_SYMBOL_GPL(flow_offload_free); - --void flow_offload_dead(struct flow_offload *flow) --{ -- flow->flags |= FLOW_OFFLOAD_DYING; --} --EXPORT_SYMBOL_GPL(flow_offload_dead); -- - static u32 flow_offload_hash(const void *data, u32 len, u32 seed) - { - const struct flow_offload_tuple *tuple = data; diff --git a/target/linux/generic/backport-4.19/361-v4.18-netfilter-nf_flow_table-add-a-new-flow-state-for-tea.patch b/target/linux/generic/backport-4.19/361-v4.18-netfilter-nf_flow_table-add-a-new-flow-state-for-tea.patch deleted file mode 100644 index 30cebfac60..0000000000 --- a/target/linux/generic/backport-4.19/361-v4.18-netfilter-nf_flow_table-add-a-new-flow-state-for-tea.patch +++ /dev/null @@ -1,83 +0,0 @@ -From: Felix Fietkau -Date: Sun, 25 Feb 2018 15:38:31 +0100 -Subject: [PATCH] netfilter: nf_flow_table: add a new flow state for - tearing down offloading - -Will be used to tear down the offload entry while keeping the conntrack -entry alive. - -Signed-off-by: Felix Fietkau ---- - ---- a/include/net/netfilter/nf_flow_table.h -+++ b/include/net/netfilter/nf_flow_table.h -@@ -68,6 +68,7 @@ struct flow_offload_tuple_rhash { - #define FLOW_OFFLOAD_SNAT 0x1 - #define FLOW_OFFLOAD_DNAT 0x2 - #define FLOW_OFFLOAD_DYING 0x4 -+#define FLOW_OFFLOAD_TEARDOWN 0x8 - - struct flow_offload { - struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX]; -@@ -103,6 +104,7 @@ void nf_flow_table_cleanup(struct net *n - int nf_flow_table_init(struct nf_flowtable *flow_table); - void nf_flow_table_free(struct nf_flowtable *flow_table); - -+void flow_offload_teardown(struct flow_offload *flow); - static inline void flow_offload_dead(struct flow_offload *flow) - { - flow->flags |= FLOW_OFFLOAD_DYING; ---- a/net/netfilter/nf_flow_table_core.c -+++ b/net/netfilter/nf_flow_table_core.c -@@ -174,6 +174,12 @@ static void flow_offload_del(struct nf_f - flow_offload_free(flow); - } - -+void flow_offload_teardown(struct flow_offload *flow) -+{ -+ flow->flags |= FLOW_OFFLOAD_TEARDOWN; -+} -+EXPORT_SYMBOL_GPL(flow_offload_teardown); -+ - struct flow_offload_tuple_rhash * - flow_offload_lookup(struct nf_flowtable *flow_table, - struct flow_offload_tuple *tuple) -@@ -226,11 +232,6 @@ static inline bool nf_flow_has_expired(c - return (__s32)(flow->timeout - (u32)jiffies) <= 0; - } - --static inline bool nf_flow_is_dying(const struct flow_offload *flow) --{ -- return flow->flags & FLOW_OFFLOAD_DYING; --} -- - static int nf_flow_offload_gc_step(struct nf_flowtable *flow_table) - { - struct flow_offload_tuple_rhash *tuplehash; -@@ -258,7 +259,8 @@ static int nf_flow_offload_gc_step(struc - flow = container_of(tuplehash, struct flow_offload, tuplehash[0]); - - if (nf_flow_has_expired(flow) || -- nf_flow_is_dying(flow)) -+ (flow->flags & (FLOW_OFFLOAD_DYING | -+ FLOW_OFFLOAD_TEARDOWN))) - flow_offload_del(flow_table, flow); - } - out: -@@ -419,10 +421,14 @@ static void nf_flow_table_do_cleanup(str - { - struct net_device *dev = data; - -- if (dev && flow->tuplehash[0].tuple.iifidx != dev->ifindex) -+ if (!dev) { -+ flow_offload_teardown(flow); - return; -+ } - -- flow_offload_dead(flow); -+ if (flow->tuplehash[0].tuple.iifidx == dev->ifindex || -+ flow->tuplehash[1].tuple.iifidx == dev->ifindex) -+ flow_offload_dead(flow); - } - - static void nf_flow_table_iterate_cleanup(struct nf_flowtable *flowtable, diff --git a/target/linux/generic/backport-4.19/362-v4.18-netfilter-nf_flow_table-in-flow_offload_lookup-skip-.patch b/target/linux/generic/backport-4.19/362-v4.18-netfilter-nf_flow_table-in-flow_offload_lookup-skip-.patch deleted file mode 100644 index d14ac97a59..0000000000 --- a/target/linux/generic/backport-4.19/362-v4.18-netfilter-nf_flow_table-in-flow_offload_lookup-skip-.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: Felix Fietkau -Date: Sun, 25 Feb 2018 15:39:56 +0100 -Subject: [PATCH] netfilter: nf_flow_table: in flow_offload_lookup, skip - entries being deleted - -Preparation for sending flows back to the slow path - -Signed-off-by: Felix Fietkau ---- - ---- a/net/netfilter/nf_flow_table_core.c -+++ b/net/netfilter/nf_flow_table_core.c -@@ -184,8 +184,21 @@ struct flow_offload_tuple_rhash * - flow_offload_lookup(struct nf_flowtable *flow_table, - struct flow_offload_tuple *tuple) - { -- return rhashtable_lookup_fast(&flow_table->rhashtable, tuple, -- nf_flow_offload_rhash_params); -+ struct flow_offload_tuple_rhash *tuplehash; -+ struct flow_offload *flow; -+ int dir; -+ -+ tuplehash = rhashtable_lookup_fast(&flow_table->rhashtable, tuple, -+ nf_flow_offload_rhash_params); -+ if (!tuplehash) -+ return NULL; -+ -+ dir = tuplehash->tuple.dir; -+ flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); -+ if (flow->flags & (FLOW_OFFLOAD_DYING | FLOW_OFFLOAD_TEARDOWN)) -+ return NULL; -+ -+ return tuplehash; - } - EXPORT_SYMBOL_GPL(flow_offload_lookup); - diff --git a/target/linux/generic/backport-4.19/363-v4.18-netfilter-nf_flow_table-add-support-for-sending-flow.patch b/target/linux/generic/backport-4.19/363-v4.18-netfilter-nf_flow_table-add-support-for-sending-flow.patch deleted file mode 100644 index 905880fead..0000000000 --- a/target/linux/generic/backport-4.19/363-v4.18-netfilter-nf_flow_table-add-support-for-sending-flow.patch +++ /dev/null @@ -1,99 +0,0 @@ -From: Felix Fietkau -Date: Sun, 25 Feb 2018 15:41:11 +0100 -Subject: [PATCH] netfilter: nf_flow_table: add support for sending flows - back to the slow path - -Reset the timeout. For TCP, also set the state to indicate to use the -next incoming packets to reset window tracking. -This allows the slow path to take over again once the offload state has -been torn down - -Signed-off-by: Felix Fietkau ---- - ---- a/net/netfilter/nf_flow_table_core.c -+++ b/net/netfilter/nf_flow_table_core.c -@@ -100,6 +100,43 @@ err_ct_refcnt: - } - EXPORT_SYMBOL_GPL(flow_offload_alloc); - -+static void flow_offload_fixup_tcp(struct ip_ct_tcp *tcp) -+{ -+ tcp->state = TCP_CONNTRACK_ESTABLISHED; -+ tcp->seen[0].td_maxwin = 0; -+ tcp->seen[1].td_maxwin = 0; -+} -+ -+static void flow_offload_fixup_ct_state(struct nf_conn *ct) -+{ -+ const struct nf_conntrack_l4proto *l4proto; -+ struct net *net = nf_ct_net(ct); -+ unsigned int *timeouts; -+ unsigned int timeout; -+ int l4num; -+ -+ l4num = nf_ct_protonum(ct); -+ if (l4num == IPPROTO_TCP) -+ flow_offload_fixup_tcp(&ct->proto.tcp); -+ -+ l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), l4num); -+ if (!l4proto) -+ return; -+ -+ timeouts = l4proto->get_timeouts(net); -+ if (!timeouts) -+ return; -+ -+ if (l4num == IPPROTO_TCP) -+ timeout = timeouts[TCP_CONNTRACK_ESTABLISHED]; -+ else if (l4num == IPPROTO_UDP) -+ timeout = timeouts[UDP_CT_REPLIED]; -+ else -+ return; -+ -+ ct->timeout = nfct_time_stamp + timeout; -+} -+ - void flow_offload_free(struct flow_offload *flow) - { - struct flow_offload_entry *e; -@@ -107,7 +144,8 @@ void flow_offload_free(struct flow_offlo - dst_release(flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_cache); - dst_release(flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_cache); - e = container_of(flow, struct flow_offload_entry, flow); -- nf_ct_delete(e->ct, 0, 0); -+ if (flow->flags & FLOW_OFFLOAD_DYING) -+ nf_ct_delete(e->ct, 0, 0); - nf_ct_put(e->ct); - kfree_rcu(e, rcu_head); - } -@@ -164,6 +202,8 @@ EXPORT_SYMBOL_GPL(flow_offload_add); - static void flow_offload_del(struct nf_flowtable *flow_table, - struct flow_offload *flow) - { -+ struct flow_offload_entry *e; -+ - rhashtable_remove_fast(&flow_table->rhashtable, - &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node, - nf_flow_offload_rhash_params); -@@ -171,12 +211,20 @@ static void flow_offload_del(struct nf_f - &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node, - nf_flow_offload_rhash_params); - -+ e = container_of(flow, struct flow_offload_entry, flow); -+ clear_bit(IPS_OFFLOAD_BIT, &e->ct->status); -+ - flow_offload_free(flow); - } - - void flow_offload_teardown(struct flow_offload *flow) - { -+ struct flow_offload_entry *e; -+ - flow->flags |= FLOW_OFFLOAD_TEARDOWN; -+ -+ e = container_of(flow, struct flow_offload_entry, flow); -+ flow_offload_fixup_ct_state(e->ct); - } - EXPORT_SYMBOL_GPL(flow_offload_teardown); - diff --git a/target/linux/generic/backport-4.19/364-v4.18-netfilter-nf_flow_table-tear-down-TCP-flows-if-RST-o.patch b/target/linux/generic/backport-4.19/364-v4.18-netfilter-nf_flow_table-tear-down-TCP-flows-if-RST-o.patch deleted file mode 100644 index 8b0024cd8d..0000000000 --- a/target/linux/generic/backport-4.19/364-v4.18-netfilter-nf_flow_table-tear-down-TCP-flows-if-RST-o.patch +++ /dev/null @@ -1,81 +0,0 @@ -From: Felix Fietkau -Date: Sun, 25 Feb 2018 15:42:58 +0100 -Subject: [PATCH] netfilter: nf_flow_table: tear down TCP flows if RST or - FIN was seen - -Allow the slow path to handle the shutdown of the connection with proper -timeouts - -Signed-off-by: Felix Fietkau ---- - ---- a/net/netfilter/nf_flow_table_ip.c -+++ b/net/netfilter/nf_flow_table_ip.c -@@ -15,6 +15,23 @@ - #include - #include - -+static int nf_flow_tcp_state_check(struct flow_offload *flow, -+ struct sk_buff *skb, unsigned int thoff) -+{ -+ struct tcphdr *tcph; -+ -+ if (!pskb_may_pull(skb, thoff + sizeof(*tcph))) -+ return -1; -+ -+ tcph = (void *)(skb_network_header(skb) + thoff); -+ if (unlikely(tcph->fin || tcph->rst)) { -+ flow_offload_teardown(flow); -+ return -1; -+ } -+ -+ return 0; -+} -+ - static int nf_flow_nat_ip_tcp(struct sk_buff *skb, unsigned int thoff, - __be32 addr, __be32 new_addr) - { -@@ -118,10 +135,9 @@ static int nf_flow_dnat_ip(const struct - } - - static int nf_flow_nat_ip(const struct flow_offload *flow, struct sk_buff *skb, -- enum flow_offload_tuple_dir dir) -+ unsigned int thoff, enum flow_offload_tuple_dir dir) - { - struct iphdr *iph = ip_hdr(skb); -- unsigned int thoff = iph->ihl * 4; - - if (flow->flags & FLOW_OFFLOAD_SNAT && - (nf_flow_snat_port(flow, skb, thoff, iph->protocol, dir) < 0 || -@@ -201,6 +217,7 @@ nf_flow_offload_ip_hook(void *priv, stru - struct flow_offload *flow; - struct net_device *outdev; - const struct rtable *rt; -+ unsigned int thoff; - struct iphdr *iph; - __be32 nexthop; - -@@ -229,8 +246,12 @@ nf_flow_offload_ip_hook(void *priv, stru - if (skb_try_make_writable(skb, sizeof(*iph))) - return NF_DROP; - -+ thoff = ip_hdr(skb)->ihl * 4; -+ if (nf_flow_tcp_state_check(flow, skb, thoff)) -+ return NF_ACCEPT; -+ - if (flow->flags & (FLOW_OFFLOAD_SNAT | FLOW_OFFLOAD_DNAT) && -- nf_flow_nat_ip(flow, skb, dir) < 0) -+ nf_flow_nat_ip(flow, skb, thoff, dir) < 0) - return NF_DROP; - - flow->timeout = (u32)jiffies + NF_FLOW_TIMEOUT; -@@ -438,6 +459,9 @@ nf_flow_offload_ipv6_hook(void *priv, st - if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu))) - return NF_ACCEPT; - -+ if (nf_flow_tcp_state_check(flow, skb, sizeof(*ip6h))) -+ return NF_ACCEPT; -+ - if (skb_try_make_writable(skb, sizeof(*ip6h))) - return NF_DROP; - diff --git a/target/linux/generic/backport-4.19/365-v4.16-netfilter-nf_flow_table-fix-checksum-when-handling-D.patch b/target/linux/generic/backport-4.19/365-v4.16-netfilter-nf_flow_table-fix-checksum-when-handling-D.patch deleted file mode 100644 index 372c8d59ef..0000000000 --- a/target/linux/generic/backport-4.19/365-v4.16-netfilter-nf_flow_table-fix-checksum-when-handling-D.patch +++ /dev/null @@ -1,19 +0,0 @@ -From: Felix Fietkau -Date: Sun, 25 Feb 2018 17:22:55 +0100 -Subject: [PATCH] netfilter: nf_flow_table: fix checksum when handling DNAT - -Add a missing call to csum_replace4 like on SNAT - -Signed-off-by: Felix Fietkau ---- - ---- a/net/netfilter/nf_flow_table_ip.c -+++ b/net/netfilter/nf_flow_table_ip.c -@@ -130,6 +130,7 @@ static int nf_flow_dnat_ip(const struct - default: - return -1; - } -+ csum_replace4(&iph->check, addr, new_addr); - - return nf_flow_nat_ip_l4proto(skb, iph, thoff, addr, new_addr); - } diff --git a/target/linux/generic/backport-4.19/366-netfilter-nf_flow_table-clean-up-and-fix-dst-handlin.patch b/target/linux/generic/backport-4.19/366-netfilter-nf_flow_table-clean-up-and-fix-dst-handlin.patch index 491f057858..624602dabe 100644 --- a/target/linux/generic/backport-4.19/366-netfilter-nf_flow_table-clean-up-and-fix-dst-handlin.patch +++ b/target/linux/generic/backport-4.19/366-netfilter-nf_flow_table-clean-up-and-fix-dst-handlin.patch @@ -18,16 +18,16 @@ Signed-off-by: Felix Fietkau --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c -@@ -238,7 +238,7 @@ nf_flow_offload_ip_hook(void *priv, stru +@@ -241,7 +241,7 @@ nf_flow_offload_ip_hook(void *priv, stru dir = tuplehash->tuple.dir; flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); -- rt = (const struct rtable *)flow->tuplehash[dir].tuple.dst_cache; -+ rt = (const struct rtable *)flow->tuplehash[!dir].tuple.dst_cache; +- rt = (struct rtable *)flow->tuplehash[dir].tuple.dst_cache; ++ rt = (struct rtable *)flow->tuplehash[!dir].tuple.dst_cache; if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)) && (ip_hdr(skb)->frag_off & htons(IP_DF)) != 0) -@@ -455,7 +455,7 @@ nf_flow_offload_ipv6_hook(void *priv, st +@@ -459,7 +459,7 @@ nf_flow_offload_ipv6_hook(void *priv, st dir = tuplehash->tuple.dir; flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); diff --git a/target/linux/generic/backport-4.19/367-v4.18-netfilter-nf_flow_table-add-missing-condition-for-TC.patch b/target/linux/generic/backport-4.19/367-v4.18-netfilter-nf_flow_table-add-missing-condition-for-TC.patch deleted file mode 100644 index 2a470f77e3..0000000000 --- a/target/linux/generic/backport-4.19/367-v4.18-netfilter-nf_flow_table-add-missing-condition-for-TC.patch +++ /dev/null @@ -1,48 +0,0 @@ -From: Felix Fietkau -Date: Fri, 23 Mar 2018 17:15:22 +0100 -Subject: [PATCH] netfilter: nf_flow_table: add missing condition for TCP state - check - -Avoid looking at unrelated fields in UDP packets - -Signed-off-by: Felix Fietkau ---- - ---- a/net/netfilter/nf_flow_table_ip.c -+++ b/net/netfilter/nf_flow_table_ip.c -@@ -15,11 +15,14 @@ - #include - #include - --static int nf_flow_tcp_state_check(struct flow_offload *flow, -- struct sk_buff *skb, unsigned int thoff) -+static int nf_flow_state_check(struct flow_offload *flow, int proto, -+ struct sk_buff *skb, unsigned int thoff) - { - struct tcphdr *tcph; - -+ if (proto != IPPROTO_TCP) -+ return 0; -+ - if (!pskb_may_pull(skb, thoff + sizeof(*tcph))) - return -1; - -@@ -248,7 +251,7 @@ nf_flow_offload_ip_hook(void *priv, stru - return NF_DROP; - - thoff = ip_hdr(skb)->ihl * 4; -- if (nf_flow_tcp_state_check(flow, skb, thoff)) -+ if (nf_flow_state_check(flow, ip_hdr(skb)->protocol, skb, thoff)) - return NF_ACCEPT; - - if (flow->flags & (FLOW_OFFLOAD_SNAT | FLOW_OFFLOAD_DNAT) && -@@ -460,7 +463,8 @@ nf_flow_offload_ipv6_hook(void *priv, st - if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu))) - return NF_ACCEPT; - -- if (nf_flow_tcp_state_check(flow, skb, sizeof(*ip6h))) -+ if (nf_flow_state_check(flow, ipv6_hdr(skb)->nexthdr, skb, -+ sizeof(*ip6h))) - return NF_ACCEPT; - - if (skb_try_make_writable(skb, sizeof(*ip6h))) diff --git a/target/linux/generic/backport-4.19/368-v4.18-netfilter-nf_flow_table-fix-offloading-connections-w.patch b/target/linux/generic/backport-4.19/368-v4.18-netfilter-nf_flow_table-fix-offloading-connections-w.patch deleted file mode 100644 index f3d83a1536..0000000000 --- a/target/linux/generic/backport-4.19/368-v4.18-netfilter-nf_flow_table-fix-offloading-connections-w.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Felix Fietkau -Date: Fri, 23 Mar 2018 19:12:30 +0100 -Subject: [PATCH] netfilter: nf_flow_table: fix offloading connections with - SNAT+DNAT - -Pass all NAT types to the flow offload struct, otherwise parts of the -address/port pair do not get translated properly, causing connection -stalls - -Signed-off-by: Felix Fietkau ---- - ---- a/net/netfilter/nf_flow_table_core.c -+++ b/net/netfilter/nf_flow_table_core.c -@@ -84,7 +84,7 @@ flow_offload_alloc(struct nf_conn *ct, s - - if (ct->status & IPS_SRC_NAT) - flow->flags |= FLOW_OFFLOAD_SNAT; -- else if (ct->status & IPS_DST_NAT) -+ if (ct->status & IPS_DST_NAT) - flow->flags |= FLOW_OFFLOAD_DNAT; - - return flow; diff --git a/target/linux/generic/backport-4.19/369-v4.18-netfilter-nf_flow_table-attach-dst-to-skbs.patch b/target/linux/generic/backport-4.19/369-v4.18-netfilter-nf_flow_table-attach-dst-to-skbs.patch deleted file mode 100644 index 35d099097a..0000000000 --- a/target/linux/generic/backport-4.19/369-v4.18-netfilter-nf_flow_table-attach-dst-to-skbs.patch +++ /dev/null @@ -1,49 +0,0 @@ -From: "Jason A. Donenfeld" -Date: Wed, 30 May 2018 20:43:15 +0200 -Subject: [PATCH] netfilter: nf_flow_table: attach dst to skbs - -Some drivers, such as vxlan and wireguard, use the skb's dst in order to -determine things like PMTU. They therefore loose functionality when flow -offloading is enabled. So, we ensure the skb has it before xmit'ing it -in the offloading path. - -Signed-off-by: Jason A. Donenfeld -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/net/netfilter/nf_flow_table_ip.c -+++ b/net/netfilter/nf_flow_table_ip.c -@@ -220,7 +220,7 @@ nf_flow_offload_ip_hook(void *priv, stru - enum flow_offload_tuple_dir dir; - struct flow_offload *flow; - struct net_device *outdev; -- const struct rtable *rt; -+ struct rtable *rt; - unsigned int thoff; - struct iphdr *iph; - __be32 nexthop; -@@ -241,7 +241,7 @@ nf_flow_offload_ip_hook(void *priv, stru - - dir = tuplehash->tuple.dir; - flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); -- rt = (const struct rtable *)flow->tuplehash[!dir].tuple.dst_cache; -+ rt = (struct rtable *)flow->tuplehash[!dir].tuple.dst_cache; - - if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)) && - (ip_hdr(skb)->frag_off & htons(IP_DF)) != 0) -@@ -264,6 +264,7 @@ nf_flow_offload_ip_hook(void *priv, stru - - skb->dev = outdev; - nexthop = rt_nexthop(rt, flow->tuplehash[!dir].tuple.src_v4.s_addr); -+ skb_dst_set_noref(skb, &rt->dst); - neigh_xmit(NEIGH_ARP_TABLE, outdev, &nexthop, skb); - - return NF_STOLEN; -@@ -480,6 +481,7 @@ nf_flow_offload_ipv6_hook(void *priv, st - - skb->dev = outdev; - nexthop = rt6_nexthop(rt, &flow->tuplehash[!dir].tuple.src_v6); -+ skb_dst_set_noref(skb, &rt->dst); - neigh_xmit(NEIGH_ND_TABLE, outdev, nexthop, skb); - - return NF_STOLEN; diff --git a/target/linux/generic/backport-4.19/370-netfilter-nf_flow_table-fix-offloaded-connection-tim.patch b/target/linux/generic/backport-4.19/370-netfilter-nf_flow_table-fix-offloaded-connection-tim.patch index e17b4b6204..9c4b7e392e 100644 --- a/target/linux/generic/backport-4.19/370-netfilter-nf_flow_table-fix-offloaded-connection-tim.patch +++ b/target/linux/generic/backport-4.19/370-netfilter-nf_flow_table-fix-offloaded-connection-tim.patch @@ -21,7 +21,7 @@ Signed-off-by: Felix Fietkau --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c -@@ -981,18 +981,6 @@ static bool gc_worker_can_early_drop(con +@@ -1119,18 +1119,6 @@ static bool gc_worker_can_early_drop(con return false; } @@ -40,7 +40,7 @@ Signed-off-by: Felix Fietkau static void gc_worker(struct work_struct *work) { unsigned int min_interval = max(HZ / GC_MAX_BUCKETS_DIV, 1u); -@@ -1029,10 +1017,8 @@ static void gc_worker(struct work_struct +@@ -1167,10 +1155,8 @@ static void gc_worker(struct work_struct tmp = nf_ct_tuplehash_to_ctrack(h); scanned++; @@ -54,7 +54,7 @@ Signed-off-by: Felix Fietkau nf_ct_gc_expired(tmp); --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c -@@ -185,8 +185,27 @@ static const struct rhashtable_params nf +@@ -182,8 +182,27 @@ static const struct rhashtable_params nf .automatic_shrinking = true, }; @@ -82,7 +82,7 @@ Signed-off-by: Felix Fietkau flow->timeout = (u32)jiffies; rhashtable_insert_fast(&flow_table->rhashtable, -@@ -307,6 +326,8 @@ static int nf_flow_offload_gc_step(struc +@@ -304,6 +323,8 @@ static int nf_flow_offload_gc_step(struc rhashtable_walk_start(&hti); while ((tuplehash = rhashtable_walk_next(&hti))) { @@ -91,7 +91,7 @@ Signed-off-by: Felix Fietkau if (IS_ERR(tuplehash)) { err = PTR_ERR(tuplehash); if (err != -EAGAIN) -@@ -319,9 +340,13 @@ static int nf_flow_offload_gc_step(struc +@@ -316,9 +337,13 @@ static int nf_flow_offload_gc_step(struc flow = container_of(tuplehash, struct flow_offload, tuplehash[0]); diff --git a/target/linux/generic/backport-4.19/371-netfilter-nf_flow_table-fix-up-ct-state-of-flows-aft.patch b/target/linux/generic/backport-4.19/371-netfilter-nf_flow_table-fix-up-ct-state-of-flows-aft.patch index fb14a284ae..59751ff037 100644 --- a/target/linux/generic/backport-4.19/371-netfilter-nf_flow_table-fix-up-ct-state-of-flows-aft.patch +++ b/target/linux/generic/backport-4.19/371-netfilter-nf_flow_table-fix-up-ct-state-of-flows-aft.patch @@ -12,7 +12,7 @@ Signed-off-by: Felix Fietkau --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c -@@ -233,6 +233,9 @@ static void flow_offload_del(struct nf_f +@@ -230,6 +230,9 @@ static void flow_offload_del(struct nf_f e = container_of(flow, struct flow_offload_entry, flow); clear_bit(IPS_OFFLOAD_BIT, &e->ct->status); diff --git a/target/linux/generic/backport-4.19/400-v4.16-leds-trigger-Introduce-a-NETDEV-trigger.patch b/target/linux/generic/backport-4.19/400-v4.16-leds-trigger-Introduce-a-NETDEV-trigger.patch deleted file mode 100644 index b7d680a11b..0000000000 --- a/target/linux/generic/backport-4.19/400-v4.16-leds-trigger-Introduce-a-NETDEV-trigger.patch +++ /dev/null @@ -1,588 +0,0 @@ -From 06f502f57d0d7728f9fa0f157ec5e4111ddb98f6 Mon Sep 17 00:00:00 2001 -From: Ben Whitten -Date: Sun, 10 Dec 2017 21:17:55 +0000 -Subject: [PATCH] leds: trigger: Introduce a NETDEV trigger - -This commit introduces a NETDEV trigger for named device -activity. Available triggers are link, rx, and tx. - -Signed-off-by: Ben Whitten -Acked-by: Pavel Machek -Signed-off-by: Jacek Anaszewski ---- - .../ABI/testing/sysfs-class-led-trigger-netdev | 45 ++ - drivers/leds/trigger/Kconfig | 7 + - drivers/leds/trigger/Makefile | 1 + - drivers/leds/trigger/ledtrig-netdev.c | 496 +++++++++++++++++++++ - 4 files changed, 549 insertions(+) - create mode 100644 Documentation/ABI/testing/sysfs-class-led-trigger-netdev - create mode 100644 drivers/leds/trigger/ledtrig-netdev.c - ---- /dev/null -+++ b/Documentation/ABI/testing/sysfs-class-led-trigger-netdev -@@ -0,0 +1,45 @@ -+What: /sys/class/leds//device_name -+Date: Dec 2017 -+KernelVersion: 4.16 -+Contact: linux-leds@vger.kernel.org -+Description: -+ Specifies the network device name to monitor. -+ -+What: /sys/class/leds//interval -+Date: Dec 2017 -+KernelVersion: 4.16 -+Contact: linux-leds@vger.kernel.org -+Description: -+ Specifies the duration of the LED blink in milliseconds. -+ Defaults to 50 ms. -+ -+What: /sys/class/leds//link -+Date: Dec 2017 -+KernelVersion: 4.16 -+Contact: linux-leds@vger.kernel.org -+Description: -+ Signal the link state of the named network device. -+ If set to 0 (default), the LED's normal state is off. -+ If set to 1, the LED's normal state reflects the link state -+ of the named network device. -+ Setting this value also immediately changes the LED state. -+ -+What: /sys/class/leds//tx -+Date: Dec 2017 -+KernelVersion: 4.16 -+Contact: linux-leds@vger.kernel.org -+Description: -+ Signal transmission of data on the named network device. -+ If set to 0 (default), the LED will not blink on transmission. -+ If set to 1, the LED will blink for the milliseconds specified -+ in interval to signal transmission. -+ -+What: /sys/class/leds//rx -+Date: Dec 2017 -+KernelVersion: 4.16 -+Contact: linux-leds@vger.kernel.org -+Description: -+ Signal reception of data on the named network device. -+ If set to 0 (default), the LED will not blink on reception. -+ If set to 1, the LED will blink for the milliseconds specified -+ in interval to signal reception. ---- a/drivers/leds/trigger/Kconfig -+++ b/drivers/leds/trigger/Kconfig -@@ -126,4 +126,11 @@ config LEDS_TRIGGER_PANIC - a different trigger. - If unsure, say Y. - -+config LEDS_TRIGGER_NETDEV -+ tristate "LED Netdev Trigger" -+ depends on NET && LEDS_TRIGGERS -+ help -+ This allows LEDs to be controlled by network device activity. -+ If unsure, say Y. -+ - endif # LEDS_TRIGGERS ---- a/drivers/leds/trigger/Makefile -+++ b/drivers/leds/trigger/Makefile -@@ -11,3 +11,4 @@ obj-$(CONFIG_LEDS_TRIGGER_DEFAULT_ON) += - obj-$(CONFIG_LEDS_TRIGGER_TRANSIENT) += ledtrig-transient.o - obj-$(CONFIG_LEDS_TRIGGER_CAMERA) += ledtrig-camera.o - obj-$(CONFIG_LEDS_TRIGGER_PANIC) += ledtrig-panic.o -+obj-$(CONFIG_LEDS_TRIGGER_NETDEV) += ledtrig-netdev.o ---- /dev/null -+++ b/drivers/leds/trigger/ledtrig-netdev.c -@@ -0,0 +1,496 @@ -+// SPDX-License-Identifier: GPL-2.0 -+// Copyright 2017 Ben Whitten -+// Copyright 2007 Oliver Jowett -+// -+// LED Kernel Netdev Trigger -+// -+// Toggles the LED to reflect the link and traffic state of a named net device -+// -+// Derived from ledtrig-timer.c which is: -+// Copyright 2005-2006 Openedhand Ltd. -+// Author: Richard Purdie -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "../leds.h" -+ -+/* -+ * Configurable sysfs attributes: -+ * -+ * device_name - network device name to monitor -+ * interval - duration of LED blink, in milliseconds -+ * link - LED's normal state reflects whether the link is up -+ * (has carrier) or not -+ * tx - LED blinks on transmitted data -+ * rx - LED blinks on receive data -+ * -+ */ -+ -+struct led_netdev_data { -+ spinlock_t lock; -+ -+ struct delayed_work work; -+ struct notifier_block notifier; -+ -+ struct led_classdev *led_cdev; -+ struct net_device *net_dev; -+ -+ char device_name[IFNAMSIZ]; -+ atomic_t interval; -+ unsigned int last_activity; -+ -+ unsigned long mode; -+#define NETDEV_LED_LINK 0 -+#define NETDEV_LED_TX 1 -+#define NETDEV_LED_RX 2 -+#define NETDEV_LED_MODE_LINKUP 3 -+}; -+ -+enum netdev_led_attr { -+ NETDEV_ATTR_LINK, -+ NETDEV_ATTR_TX, -+ NETDEV_ATTR_RX -+}; -+ -+static void set_baseline_state(struct led_netdev_data *trigger_data) -+{ -+ int current_brightness; -+ struct led_classdev *led_cdev = trigger_data->led_cdev; -+ -+ current_brightness = led_cdev->brightness; -+ if (current_brightness) -+ led_cdev->blink_brightness = current_brightness; -+ if (!led_cdev->blink_brightness) -+ led_cdev->blink_brightness = led_cdev->max_brightness; -+ -+ if (!test_bit(NETDEV_LED_MODE_LINKUP, &trigger_data->mode)) -+ led_set_brightness(led_cdev, LED_OFF); -+ else { -+ if (test_bit(NETDEV_LED_LINK, &trigger_data->mode)) -+ led_set_brightness(led_cdev, -+ led_cdev->blink_brightness); -+ else -+ led_set_brightness(led_cdev, LED_OFF); -+ -+ /* If we are looking for RX/TX start periodically -+ * checking stats -+ */ -+ if (test_bit(NETDEV_LED_TX, &trigger_data->mode) || -+ test_bit(NETDEV_LED_RX, &trigger_data->mode)) -+ schedule_delayed_work(&trigger_data->work, 0); -+ } -+} -+ -+static ssize_t device_name_show(struct device *dev, -+ struct device_attribute *attr, char *buf) -+{ -+ struct led_classdev *led_cdev = dev_get_drvdata(dev); -+ struct led_netdev_data *trigger_data = led_cdev->trigger_data; -+ ssize_t len; -+ -+ spin_lock_bh(&trigger_data->lock); -+ len = sprintf(buf, "%s\n", trigger_data->device_name); -+ spin_unlock_bh(&trigger_data->lock); -+ -+ return len; -+} -+ -+static ssize_t device_name_store(struct device *dev, -+ struct device_attribute *attr, const char *buf, -+ size_t size) -+{ -+ struct led_classdev *led_cdev = dev_get_drvdata(dev); -+ struct led_netdev_data *trigger_data = led_cdev->trigger_data; -+ -+ if (size >= IFNAMSIZ) -+ return -EINVAL; -+ -+ cancel_delayed_work_sync(&trigger_data->work); -+ -+ spin_lock_bh(&trigger_data->lock); -+ -+ if (trigger_data->net_dev) { -+ dev_put(trigger_data->net_dev); -+ trigger_data->net_dev = NULL; -+ } -+ -+ strncpy(trigger_data->device_name, buf, size); -+ if (size > 0 && trigger_data->device_name[size - 1] == '\n') -+ trigger_data->device_name[size - 1] = 0; -+ -+ if (trigger_data->device_name[0] != 0) -+ trigger_data->net_dev = -+ dev_get_by_name(&init_net, trigger_data->device_name); -+ -+ clear_bit(NETDEV_LED_MODE_LINKUP, &trigger_data->mode); -+ if (trigger_data->net_dev != NULL) -+ if (netif_carrier_ok(trigger_data->net_dev)) -+ set_bit(NETDEV_LED_MODE_LINKUP, &trigger_data->mode); -+ -+ trigger_data->last_activity = 0; -+ -+ set_baseline_state(trigger_data); -+ spin_unlock_bh(&trigger_data->lock); -+ -+ return size; -+} -+ -+static DEVICE_ATTR_RW(device_name); -+ -+static ssize_t netdev_led_attr_show(struct device *dev, char *buf, -+ enum netdev_led_attr attr) -+{ -+ struct led_classdev *led_cdev = dev_get_drvdata(dev); -+ struct led_netdev_data *trigger_data = led_cdev->trigger_data; -+ int bit; -+ -+ switch (attr) { -+ case NETDEV_ATTR_LINK: -+ bit = NETDEV_LED_LINK; -+ break; -+ case NETDEV_ATTR_TX: -+ bit = NETDEV_LED_TX; -+ break; -+ case NETDEV_ATTR_RX: -+ bit = NETDEV_LED_RX; -+ break; -+ default: -+ return -EINVAL; -+ } -+ -+ return sprintf(buf, "%u\n", test_bit(bit, &trigger_data->mode)); -+} -+ -+static ssize_t netdev_led_attr_store(struct device *dev, const char *buf, -+ size_t size, enum netdev_led_attr attr) -+{ -+ struct led_classdev *led_cdev = dev_get_drvdata(dev); -+ struct led_netdev_data *trigger_data = led_cdev->trigger_data; -+ unsigned long state; -+ int ret; -+ int bit; -+ -+ ret = kstrtoul(buf, 0, &state); -+ if (ret) -+ return ret; -+ -+ switch (attr) { -+ case NETDEV_ATTR_LINK: -+ bit = NETDEV_LED_LINK; -+ break; -+ case NETDEV_ATTR_TX: -+ bit = NETDEV_LED_TX; -+ break; -+ case NETDEV_ATTR_RX: -+ bit = NETDEV_LED_RX; -+ break; -+ default: -+ return -EINVAL; -+ } -+ -+ cancel_delayed_work_sync(&trigger_data->work); -+ -+ if (state) -+ set_bit(bit, &trigger_data->mode); -+ else -+ clear_bit(bit, &trigger_data->mode); -+ -+ set_baseline_state(trigger_data); -+ -+ return size; -+} -+ -+static ssize_t link_show(struct device *dev, -+ struct device_attribute *attr, char *buf) -+{ -+ return netdev_led_attr_show(dev, buf, NETDEV_ATTR_LINK); -+} -+ -+static ssize_t link_store(struct device *dev, -+ struct device_attribute *attr, const char *buf, size_t size) -+{ -+ return netdev_led_attr_store(dev, buf, size, NETDEV_ATTR_LINK); -+} -+ -+static DEVICE_ATTR_RW(link); -+ -+static ssize_t tx_show(struct device *dev, -+ struct device_attribute *attr, char *buf) -+{ -+ return netdev_led_attr_show(dev, buf, NETDEV_ATTR_TX); -+} -+ -+static ssize_t tx_store(struct device *dev, -+ struct device_attribute *attr, const char *buf, size_t size) -+{ -+ return netdev_led_attr_store(dev, buf, size, NETDEV_ATTR_TX); -+} -+ -+static DEVICE_ATTR_RW(tx); -+ -+static ssize_t rx_show(struct device *dev, -+ struct device_attribute *attr, char *buf) -+{ -+ return netdev_led_attr_show(dev, buf, NETDEV_ATTR_RX); -+} -+ -+static ssize_t rx_store(struct device *dev, -+ struct device_attribute *attr, const char *buf, size_t size) -+{ -+ return netdev_led_attr_store(dev, buf, size, NETDEV_ATTR_RX); -+} -+ -+static DEVICE_ATTR_RW(rx); -+ -+static ssize_t interval_show(struct device *dev, -+ struct device_attribute *attr, char *buf) -+{ -+ struct led_classdev *led_cdev = dev_get_drvdata(dev); -+ struct led_netdev_data *trigger_data = led_cdev->trigger_data; -+ -+ return sprintf(buf, "%u\n", -+ jiffies_to_msecs(atomic_read(&trigger_data->interval))); -+} -+ -+static ssize_t interval_store(struct device *dev, -+ struct device_attribute *attr, const char *buf, -+ size_t size) -+{ -+ struct led_classdev *led_cdev = dev_get_drvdata(dev); -+ struct led_netdev_data *trigger_data = led_cdev->trigger_data; -+ unsigned long value; -+ int ret; -+ -+ ret = kstrtoul(buf, 0, &value); -+ if (ret) -+ return ret; -+ -+ /* impose some basic bounds on the timer interval */ -+ if (value >= 5 && value <= 10000) { -+ cancel_delayed_work_sync(&trigger_data->work); -+ -+ atomic_set(&trigger_data->interval, msecs_to_jiffies(value)); -+ set_baseline_state(trigger_data); /* resets timer */ -+ } -+ -+ return size; -+} -+ -+static DEVICE_ATTR_RW(interval); -+ -+static int netdev_trig_notify(struct notifier_block *nb, -+ unsigned long evt, void *dv) -+{ -+ struct net_device *dev = -+ netdev_notifier_info_to_dev((struct netdev_notifier_info *)dv); -+ struct led_netdev_data *trigger_data = container_of(nb, -+ struct -+ led_netdev_data, -+ notifier); -+ -+ if (evt != NETDEV_UP && evt != NETDEV_DOWN && evt != NETDEV_CHANGE -+ && evt != NETDEV_REGISTER && evt != NETDEV_UNREGISTER -+ && evt != NETDEV_CHANGENAME) -+ return NOTIFY_DONE; -+ -+ if (strcmp(dev->name, trigger_data->device_name)) -+ return NOTIFY_DONE; -+ -+ cancel_delayed_work_sync(&trigger_data->work); -+ -+ spin_lock_bh(&trigger_data->lock); -+ -+ clear_bit(NETDEV_LED_MODE_LINKUP, &trigger_data->mode); -+ switch (evt) { -+ case NETDEV_REGISTER: -+ if (trigger_data->net_dev) -+ dev_put(trigger_data->net_dev); -+ dev_hold(dev); -+ trigger_data->net_dev = dev; -+ break; -+ case NETDEV_CHANGENAME: -+ case NETDEV_UNREGISTER: -+ if (trigger_data->net_dev) { -+ dev_put(trigger_data->net_dev); -+ trigger_data->net_dev = NULL; -+ } -+ break; -+ case NETDEV_UP: -+ case NETDEV_CHANGE: -+ if (netif_carrier_ok(dev)) -+ set_bit(NETDEV_LED_MODE_LINKUP, &trigger_data->mode); -+ break; -+ } -+ -+ set_baseline_state(trigger_data); -+ -+ spin_unlock_bh(&trigger_data->lock); -+ -+ return NOTIFY_DONE; -+} -+ -+/* here's the real work! */ -+static void netdev_trig_work(struct work_struct *work) -+{ -+ struct led_netdev_data *trigger_data = container_of(work, -+ struct -+ led_netdev_data, -+ work.work); -+ struct rtnl_link_stats64 *dev_stats; -+ unsigned int new_activity; -+ struct rtnl_link_stats64 temp; -+ unsigned long interval; -+ int invert; -+ -+ /* If we dont have a device, insure we are off */ -+ if (!trigger_data->net_dev) { -+ led_set_brightness(trigger_data->led_cdev, LED_OFF); -+ return; -+ } -+ -+ /* If we are not looking for RX/TX then return */ -+ if (!test_bit(NETDEV_LED_TX, &trigger_data->mode) && -+ !test_bit(NETDEV_LED_RX, &trigger_data->mode)) -+ return; -+ -+ dev_stats = dev_get_stats(trigger_data->net_dev, &temp); -+ new_activity = -+ (test_bit(NETDEV_LED_TX, &trigger_data->mode) ? -+ dev_stats->tx_packets : 0) + -+ (test_bit(NETDEV_LED_RX, &trigger_data->mode) ? -+ dev_stats->rx_packets : 0); -+ -+ if (trigger_data->last_activity != new_activity) { -+ led_stop_software_blink(trigger_data->led_cdev); -+ -+ invert = test_bit(NETDEV_LED_LINK, &trigger_data->mode); -+ interval = jiffies_to_msecs( -+ atomic_read(&trigger_data->interval)); -+ /* base state is ON (link present) */ -+ led_blink_set_oneshot(trigger_data->led_cdev, -+ &interval, -+ &interval, -+ invert); -+ trigger_data->last_activity = new_activity; -+ } -+ -+ schedule_delayed_work(&trigger_data->work, -+ (atomic_read(&trigger_data->interval)*2)); -+} -+ -+static void netdev_trig_activate(struct led_classdev *led_cdev) -+{ -+ struct led_netdev_data *trigger_data; -+ int rc; -+ -+ trigger_data = kzalloc(sizeof(struct led_netdev_data), GFP_KERNEL); -+ if (!trigger_data) -+ return; -+ -+ spin_lock_init(&trigger_data->lock); -+ -+ trigger_data->notifier.notifier_call = netdev_trig_notify; -+ trigger_data->notifier.priority = 10; -+ -+ INIT_DELAYED_WORK(&trigger_data->work, netdev_trig_work); -+ -+ trigger_data->led_cdev = led_cdev; -+ trigger_data->net_dev = NULL; -+ trigger_data->device_name[0] = 0; -+ -+ trigger_data->mode = 0; -+ atomic_set(&trigger_data->interval, msecs_to_jiffies(50)); -+ trigger_data->last_activity = 0; -+ -+ led_cdev->trigger_data = trigger_data; -+ -+ rc = device_create_file(led_cdev->dev, &dev_attr_device_name); -+ if (rc) -+ goto err_out; -+ rc = device_create_file(led_cdev->dev, &dev_attr_link); -+ if (rc) -+ goto err_out_device_name; -+ rc = device_create_file(led_cdev->dev, &dev_attr_rx); -+ if (rc) -+ goto err_out_link; -+ rc = device_create_file(led_cdev->dev, &dev_attr_tx); -+ if (rc) -+ goto err_out_rx; -+ rc = device_create_file(led_cdev->dev, &dev_attr_interval); -+ if (rc) -+ goto err_out_tx; -+ rc = register_netdevice_notifier(&trigger_data->notifier); -+ if (rc) -+ goto err_out_interval; -+ return; -+ -+err_out_interval: -+ device_remove_file(led_cdev->dev, &dev_attr_interval); -+err_out_tx: -+ device_remove_file(led_cdev->dev, &dev_attr_tx); -+err_out_rx: -+ device_remove_file(led_cdev->dev, &dev_attr_rx); -+err_out_link: -+ device_remove_file(led_cdev->dev, &dev_attr_link); -+err_out_device_name: -+ device_remove_file(led_cdev->dev, &dev_attr_device_name); -+err_out: -+ led_cdev->trigger_data = NULL; -+ kfree(trigger_data); -+} -+ -+static void netdev_trig_deactivate(struct led_classdev *led_cdev) -+{ -+ struct led_netdev_data *trigger_data = led_cdev->trigger_data; -+ -+ if (trigger_data) { -+ unregister_netdevice_notifier(&trigger_data->notifier); -+ -+ device_remove_file(led_cdev->dev, &dev_attr_device_name); -+ device_remove_file(led_cdev->dev, &dev_attr_link); -+ device_remove_file(led_cdev->dev, &dev_attr_rx); -+ device_remove_file(led_cdev->dev, &dev_attr_tx); -+ device_remove_file(led_cdev->dev, &dev_attr_interval); -+ -+ cancel_delayed_work_sync(&trigger_data->work); -+ -+ if (trigger_data->net_dev) -+ dev_put(trigger_data->net_dev); -+ -+ kfree(trigger_data); -+ } -+} -+ -+static struct led_trigger netdev_led_trigger = { -+ .name = "netdev", -+ .activate = netdev_trig_activate, -+ .deactivate = netdev_trig_deactivate, -+}; -+ -+static int __init netdev_trig_init(void) -+{ -+ return led_trigger_register(&netdev_led_trigger); -+} -+ -+static void __exit netdev_trig_exit(void) -+{ -+ led_trigger_unregister(&netdev_led_trigger); -+} -+ -+module_init(netdev_trig_init); -+module_exit(netdev_trig_exit); -+ -+MODULE_AUTHOR("Ben Whitten "); -+MODULE_AUTHOR("Oliver Jowett "); -+MODULE_DESCRIPTION("Netdev LED trigger"); -+MODULE_LICENSE("GPL v2"); diff --git a/target/linux/generic/backport-4.19/500-ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch b/target/linux/generic/backport-4.19/500-ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch index 71e036c920..345a73cf46 100644 --- a/target/linux/generic/backport-4.19/500-ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch +++ b/target/linux/generic/backport-4.19/500-ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch @@ -53,21 +53,21 @@ Signed-off-by: Richard Weinberger +{ + struct replay_entry *r; + -+ ubifs_assert(rino->deletion); -+ ubifs_assert(key_type(c, &rino->key) == UBIFS_INO_KEY); ++ ubifs_assert(c, rino->deletion); ++ ubifs_assert(c, key_type(c, &rino->key) == UBIFS_INO_KEY); + + /* + * Find the most recent entry for the inode behind @rino and check + * whether it is a deletion. + */ + list_for_each_entry_reverse(r, &c->replay_list, list) { -+ ubifs_assert(r->sqnum >= rino->sqnum); ++ ubifs_assert(c, r->sqnum >= rino->sqnum); + if (key_inum(c, &r->key) == key_inum(c, &rino->key)) + return r->deletion == 0; + + } + -+ ubifs_assert(0); ++ ubifs_assert(c, 0); + return false; +} + @@ -75,7 +75,7 @@ Signed-off-by: Richard Weinberger * apply_replay_entry - apply a replay entry to the TNC. * @c: UBIFS file-system description object * @r: replay entry to apply -@@ -239,6 +271,11 @@ static int apply_replay_entry(struct ubi +@@ -236,6 +268,11 @@ static int apply_replay_entry(struct ubi { ino_t inum = key_inum(c, &r->key); diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19 index 430e564e29..b290e90db0 100644 --- a/target/linux/generic/config-4.19 +++ b/target/linux/generic/config-4.19 @@ -1,3 +1,4 @@ +# CONFIG_104_QUAD_8 is not set CONFIG_32BIT=y # CONFIG_6LOWPAN is not set # CONFIG_6LOWPAN_DEBUGFS is not set @@ -12,6 +13,7 @@ CONFIG_32BIT=y # CONFIG_ACCESSIBILITY is not set # CONFIG_ACENIC is not set # CONFIG_ACERHDF is not set +# CONFIG_ACER_WIRELESS is not set # CONFIG_ACORN_PARTITION is not set # CONFIG_ACPI_ALS is not set # CONFIG_ACPI_APEI is not set @@ -29,6 +31,7 @@ CONFIG_32BIT=y # CONFIG_AD2S90 is not set # CONFIG_AD5064 is not set # CONFIG_AD525X_DPOT is not set +# CONFIG_AD5272 is not set # CONFIG_AD5360 is not set # CONFIG_AD5380 is not set # CONFIG_AD5421 is not set @@ -39,7 +42,10 @@ CONFIG_32BIT=y # CONFIG_AD5593R is not set # CONFIG_AD5624R_SPI is not set # CONFIG_AD5686 is not set +# CONFIG_AD5686_SPI is not set +# CONFIG_AD5696_I2C is not set # CONFIG_AD5755 is not set +# CONFIG_AD5758 is not set # CONFIG_AD5761 is not set # CONFIG_AD5764 is not set # CONFIG_AD5791 is not set @@ -194,6 +200,7 @@ CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y # CONFIG_ARCH_IOP32X is not set # CONFIG_ARCH_IOP33X is not set # CONFIG_ARCH_IXP4XX is not set +# CONFIG_ARCH_K3 is not set # CONFIG_ARCH_KEYSTONE is not set # CONFIG_ARCH_KS8695 is not set # CONFIG_ARCH_LAYERSCAPE is not set @@ -217,6 +224,7 @@ CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 # CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set # CONFIG_ARCH_NETX is not set # CONFIG_ARCH_NOMADIK is not set +# CONFIG_ARCH_NPCM is not set # CONFIG_ARCH_NSPIRE is not set # CONFIG_ARCH_OMAP is not set # CONFIG_ARCH_OMAP1 is not set @@ -247,8 +255,10 @@ CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 # CONFIG_ARCH_SOCFPGA is not set # CONFIG_ARCH_SPRD is not set # CONFIG_ARCH_STI is not set +# CONFIG_ARCH_STM32 is not set # CONFIG_ARCH_STRATIX10 is not set # CONFIG_ARCH_SUNXI is not set +# CONFIG_ARCH_SYNQUACER is not set # CONFIG_ARCH_TANGO is not set # CONFIG_ARCH_TEGRA is not set # CONFIG_ARCH_THUNDER is not set @@ -283,6 +293,7 @@ CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 # CONFIG_ARM64_ERRATUM_843419 is not set # CONFIG_ARM64_ERRATUM_845719 is not set # CONFIG_ARM64_ERRATUM_858921 is not set +# CONFIG_ARM64_RAS_EXTN is not set # CONFIG_ARM64_RELOC_TEST is not set # CONFIG_ARM_APPENDED_DTB is not set # CONFIG_ARM_ARCH_TIMER is not set @@ -290,11 +301,13 @@ CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 # CONFIG_ARM_CCI is not set # CONFIG_ARM_CCI400_PMU is not set # CONFIG_ARM_CCI5xx_PMU is not set +# CONFIG_ARM_CCI_PMU is not set # CONFIG_ARM_CCN is not set # CONFIG_ARM_CPUIDLE is not set CONFIG_ARM_CPU_TOPOLOGY=y # CONFIG_ARM_CRYPTO is not set CONFIG_ARM_DMA_MEM_BUFFERABLE=y +# CONFIG_ARM_DSU_PMU is not set # CONFIG_ARM_ERRATA_326103 is not set # CONFIG_ARM_ERRATA_364296 is not set # CONFIG_ARM_ERRATA_411920 is not set @@ -328,12 +341,16 @@ CONFIG_ARM_GIC_MAX_NR=1 # CONFIG_ARM_PSCI is not set # CONFIG_ARM_PSCI_CHECKER is not set # CONFIG_ARM_PTDUMP is not set +# CONFIG_ARM_PTDUMP_DEBUGFS is not set # CONFIG_ARM_SBSA_WATCHDOG is not set # CONFIG_ARM_SCPI_PROTOCOL is not set +# CONFIG_ARM_SDE_INTERFACE is not set +# CONFIG_ARM_SPE_PMU is not set # CONFIG_ARM_TIMER_SP804 is not set # CONFIG_ARM_UNWIND is not set # CONFIG_ARM_VIRT_EXT is not set # CONFIG_AS3935 is not set +# CONFIG_ASIX_PHY is not set # CONFIG_ASM9260_TIMER is not set # CONFIG_ASUS_LAPTOP is not set # CONFIG_ASUS_WIRELESS is not set @@ -401,6 +418,7 @@ CONFIG_ATM_CLIP_NO_ICMP=y # CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set # CONFIG_AURORA_NB8800 is not set # CONFIG_AUTOFS4_FS is not set +# CONFIG_AUTOFS_FS is not set # CONFIG_AUTO_ZRELADDR is not set # CONFIG_AUXDISPLAY is not set # CONFIG_AX25 is not set @@ -478,6 +496,7 @@ CONFIG_BCMA_POSSIBLE=y # CONFIG_BINARY_PRINTF is not set # CONFIG_BINFMT_AOUT is not set CONFIG_BINFMT_ELF=y +# CONFIG_BINFMT_ELF_FDPIC is not set # CONFIG_BINFMT_FLAT is not set # CONFIG_BINFMT_MISC is not set CONFIG_BINFMT_SCRIPT=y @@ -575,6 +594,7 @@ CONFIG_BLOCK=y # CONFIG_BMC150_MAGN is not set # CONFIG_BMC150_MAGN_I2C is not set # CONFIG_BMC150_MAGN_SPI is not set +# CONFIG_BME680 is not set # CONFIG_BMG160 is not set # CONFIG_BMI160_I2C is not set # CONFIG_BMI160_SPI is not set @@ -593,6 +613,7 @@ CONFIG_BOOKE_WDT_DEFAULT_TIMEOUT=3 # CONFIG_BOOT_PRINTK_DELAY is not set CONFIG_BOOT_RAW=y CONFIG_BPF=y +# CONFIG_BPFILTER is not set # CONFIG_BPF_JIT is not set # CONFIG_BPF_JIT_ALWAYS_ON is not set # CONFIG_BPF_STREAM_PARSER is not set @@ -638,6 +659,7 @@ CONFIG_BROKEN_ON_SMP=y # CONFIG_BTRFS_DEBUG is not set # CONFIG_BTRFS_FS is not set # CONFIG_BTRFS_FS_POSIX_ACL is not set +# CONFIG_BTRFS_FS_REF_VERIFY is not set # CONFIG_BTRFS_FS_RUN_SANITY_TESTS is not set # CONFIG_BT_ATH3K is not set # CONFIG_BT_BNEP is not set @@ -653,6 +675,7 @@ CONFIG_BT_BNEP_PROTO_FILTER=y # CONFIG_BT_HCIBTSDIO is not set # CONFIG_BT_HCIBTUART is not set # CONFIG_BT_HCIBTUSB is not set +# CONFIG_BT_HCIBTUSB_AUTOSUSPEND is not set # CONFIG_BT_HCIBTUSB_RTL is not set # CONFIG_BT_HCIDTL1 is not set # CONFIG_BT_HCIUART is not set @@ -677,6 +700,7 @@ CONFIG_BUG=y # CONFIG_BUG_ON_DATA_CORRUPTION is not set CONFIG_BUILDTIME_EXTABLE_SORT=y # CONFIG_BUILD_BIN2C is not set +CONFIG_BUILD_SALT="" # CONFIG_C2PORT is not set CONFIG_CACHE_L2X0_PMU=y # CONFIG_CADENCE_WATCHDOG is not set @@ -697,6 +721,7 @@ CONFIG_CACHE_L2X0_PMU=y # CONFIG_CAN_RCAR_CANFD is not set # CONFIG_CAN_SLCAN is not set # CONFIG_CAN_SUN4I is not set +# CONFIG_CAN_UCAN is not set # CONFIG_CAN_VCAN is not set # CONFIG_CAN_VXCAN is not set # CONFIG_CAPI_AVM is not set @@ -714,6 +739,7 @@ CONFIG_CARDBUS=y # CONFIG_CAVIUM_ERRATUM_27456 is not set # CONFIG_CAVIUM_ERRATUM_30115 is not set # CONFIG_CAVIUM_OCTEON_SOC is not set +# CONFIG_CAVIUM_PTP is not set # CONFIG_CB710_CORE is not set # CONFIG_CC10001_ADC is not set # CONFIG_CCS811 is not set @@ -734,6 +760,7 @@ CONFIG_CC_STACKPROTECTOR_NONE=y # CONFIG_CGROUP_NET_CLASSID is not set # CONFIG_CGROUP_NET_PRIO is not set # CONFIG_CGROUP_RDMA is not set +# CONFIG_CHARGER_ADP5061 is not set # CONFIG_CHARGER_BQ2415X is not set # CONFIG_CHARGER_BQ24190 is not set # CONFIG_CHARGER_BQ24257 is not set @@ -763,6 +790,7 @@ CONFIG_CC_STACKPROTECTOR_NONE=y # CONFIG_CICADA_PHY is not set # CONFIG_CIFS is not set # CONFIG_CIFS_ACL is not set +CONFIG_CIFS_ALLOW_INSECURE_LEGACY=y # CONFIG_CIFS_DEBUG is not set # CONFIG_CIFS_DEBUG2 is not set # CONFIG_CIFS_FSCACHE is not set @@ -801,6 +829,7 @@ CONFIG_CMDLINE="" # CONFIG_COMMON_CLK_CDCE925 is not set # CONFIG_COMMON_CLK_CS2000_CP is not set # CONFIG_COMMON_CLK_IPROC is not set +# CONFIG_COMMON_CLK_MAX9485 is not set # CONFIG_COMMON_CLK_NXP is not set # CONFIG_COMMON_CLK_PIC32 is not set # CONFIG_COMMON_CLK_PWM is not set @@ -808,6 +837,7 @@ CONFIG_CMDLINE="" # CONFIG_COMMON_CLK_QCOM is not set # CONFIG_COMMON_CLK_SI514 is not set # CONFIG_COMMON_CLK_SI5351 is not set +# CONFIG_COMMON_CLK_SI544 is not set # CONFIG_COMMON_CLK_SI570 is not set # CONFIG_COMMON_CLK_VC5 is not set # CONFIG_COMMON_CLK_VERSATILE is not set @@ -818,8 +848,10 @@ CONFIG_COMPACTION=y # CONFIG_COMPAT_BRK is not set # CONFIG_COMPILE_TEST is not set # CONFIG_CONFIGFS_FS is not set +# CONFIG_CONFIG_KVM_AMD_SEV is not set # CONFIG_CONNECTOR is not set CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 +CONFIG_CONSOLE_LOGLEVEL_QUIET=4 CONFIG_CONSTRUCTORS=y # CONFIG_CONTEXT_SWITCH_TRACER is not set # CONFIG_COPS is not set @@ -841,9 +873,12 @@ CONFIG_CONSTRUCTORS=y # CONFIG_CPU_IDLE is not set # CONFIG_CPU_IDLE_GOV_MENU is not set # CONFIG_CPU_IDLE_MULTIPLE_DRIVERS is not set +# CONFIG_CPU_ISOLATION is not set # CONFIG_CPU_NO_EFFICIENT_FFS is not set CONFIG_CPU_SW_DOMAIN_PAN=y # CONFIG_CRAMFS is not set +CONFIG_CRAMFS_BLOCKDEV=y +# CONFIG_CRAMFS_MTD is not set CONFIG_CRASHLOG=y # CONFIG_CRASH_DUMP is not set # CONFIG_CRC16 is not set @@ -854,6 +889,7 @@ CONFIG_CRC32_SARWATE=y # CONFIG_CRC32_SLICEBY4 is not set # CONFIG_CRC32_SLICEBY8 is not set # CONFIG_CRC4 is not set +# CONFIG_CRC64 is not set # CONFIG_CRC7 is not set # CONFIG_CRC8 is not set # CONFIG_CRC_CCITT is not set @@ -864,6 +900,12 @@ CONFIG_CROSS_COMPILE="" CONFIG_CRYPTO=y # CONFIG_CRYPTO_842 is not set # CONFIG_CRYPTO_AEAD is not set +# CONFIG_CRYPTO_AEGIS128 is not set +# CONFIG_CRYPTO_AEGIS128L is not set +# CONFIG_CRYPTO_AEGIS128L_AESNI_SSE2 is not set +# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set +# CONFIG_CRYPTO_AEGIS256 is not set +# CONFIG_CRYPTO_AEGIS256_AESNI_SSE2 is not set CONFIG_CRYPTO_AES=y # CONFIG_CRYPTO_AES_586 is not set # CONFIG_CRYPTO_AES_ARM is not set @@ -884,6 +926,7 @@ CONFIG_CRYPTO_BLKCIPHER2=y # CONFIG_CRYPTO_CAST6 is not set # CONFIG_CRYPTO_CBC is not set # CONFIG_CRYPTO_CCM is not set +# CONFIG_CRYPTO_CFB is not set # CONFIG_CRYPTO_CHACHA20 is not set # CONFIG_CRYPTO_CHACHA20POLY1305 is not set # CONFIG_CRYPTO_CMAC is not set @@ -905,6 +948,7 @@ CONFIG_CRYPTO_BLKCIPHER2=y # CONFIG_CRYPTO_DEV_FSL_CAAM is not set # CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_DESC is not set # CONFIG_CRYPTO_DEV_HIFN_795X is not set +# CONFIG_CRYPTO_DEV_HISI_SEC is not set # CONFIG_CRYPTO_DEV_IMGTEC_HASH is not set # CONFIG_CRYPTO_DEV_MARVELL_CESA is not set # CONFIG_CRYPTO_DEV_MV_CESA is not set @@ -921,6 +965,7 @@ CONFIG_CRYPTO_BLKCIPHER2=y # CONFIG_CRYPTO_DEV_S5P is not set # CONFIG_CRYPTO_DEV_SAFEXCEL is not set # CONFIG_CRYPTO_DEV_SAHARA is not set +# CONFIG_CRYPTO_DEV_SP_PSP is not set # CONFIG_CRYPTO_DEV_TALITOS is not set # CONFIG_CRYPTO_DEV_VIRTIO is not set # CONFIG_CRYPTO_DH is not set @@ -953,6 +998,11 @@ CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y # CONFIG_CRYPTO_MD4 is not set # CONFIG_CRYPTO_MD5 is not set # CONFIG_CRYPTO_MICHAEL_MIC is not set +# CONFIG_CRYPTO_MORUS1280 is not set +# CONFIG_CRYPTO_MORUS1280_AVX2 is not set +# CONFIG_CRYPTO_MORUS1280_SSE2 is not set +# CONFIG_CRYPTO_MORUS640 is not set +# CONFIG_CRYPTO_MORUS640_SSE2 is not set # CONFIG_CRYPTO_NULL is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_PCOMP is not set @@ -975,6 +1025,9 @@ CONFIG_CRYPTO_PCRYPT=y # CONFIG_CRYPTO_SHA256 is not set # CONFIG_CRYPTO_SHA3 is not set # CONFIG_CRYPTO_SHA512 is not set +# CONFIG_CRYPTO_SM3 is not set +# CONFIG_CRYPTO_SM4 is not set +# CONFIG_CRYPTO_SPECK is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_TEST is not set # CONFIG_CRYPTO_TGR192 is not set @@ -991,6 +1044,7 @@ CONFIG_CRYPTO_PCRYPT=y # CONFIG_CRYPTO_XCBC is not set # CONFIG_CRYPTO_XTS is not set # CONFIG_CRYPTO_ZLIB is not set +# CONFIG_CRYPTO_ZSTD is not set # CONFIG_CS5535_MFGPT is not set # CONFIG_CS89x0 is not set # CONFIG_CUSE is not set @@ -1049,6 +1103,7 @@ CONFIG_DEBUG_KERNEL=y # CONFIG_DEBUG_RODATA is not set # CONFIG_DEBUG_RODATA_TEST is not set # CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_RWSEMS is not set # CONFIG_DEBUG_SECTION_MISMATCH is not set # CONFIG_DEBUG_SEMIHOSTING is not set # CONFIG_DEBUG_SET_MODULE_RONX is not set @@ -1081,8 +1136,10 @@ CONFIG_DEFAULT_SECURITY="" CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_TCP_CONG="cubic" CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set # CONFIG_DELL_LAPTOP is not set # CONFIG_DELL_RBTN is not set +# CONFIG_DELL_SMBIOS is not set # CONFIG_DELL_SMO8800 is not set # CONFIG_DEPRECATED_PARAM_STRUCT is not set # CONFIG_DETECT_HUNG_TASK is not set @@ -1136,14 +1193,18 @@ CONFIG_DEVPORT=y # CONFIG_DM_SWITCH is not set # CONFIG_DM_THIN_PROVISIONING is not set # CONFIG_DM_UEVENT is not set +# CONFIG_DM_UNSTRIPED is not set # CONFIG_DM_VERITY is not set +# CONFIG_DM_WRITECACHE is not set # CONFIG_DM_ZERO is not set # CONFIG_DNET is not set # CONFIG_DNOTIFY is not set # CONFIG_DNS_RESOLVER is not set CONFIG_DOUBLEFAULT=y +# CONFIG_DP83822_PHY is not set # CONFIG_DP83848_PHY is not set # CONFIG_DP83867_PHY is not set +# CONFIG_DP83TC811_PHY is not set # CONFIG_DPOT_DAC is not set CONFIG_DQL=y # CONFIG_DRAGONRISE_FF is not set @@ -1158,6 +1219,7 @@ CONFIG_DQL=y # CONFIG_DRM_DEBUG_MM is not set # CONFIG_DRM_DEBUG_MM_SELFTEST is not set # CONFIG_DRM_DP_AUX_CHARDEV is not set +# CONFIG_DRM_DP_CEC is not set # CONFIG_DRM_DUMB_VGA_DAC is not set # CONFIG_DRM_DW_HDMI_CEC is not set # CONFIG_DRM_ETNAVIV is not set @@ -1208,8 +1270,10 @@ CONFIG_DQL=y # CONFIG_DRM_UDL is not set # CONFIG_DRM_VBOXVIDEO is not set # CONFIG_DRM_VGEM is not set +# CONFIG_DRM_XEN is not set # CONFIG_DS1682 is not set # CONFIG_DS1803 is not set +# CONFIG_DS4424 is not set # CONFIG_DST_CACHE is not set # CONFIG_DTLK is not set # CONFIG_DUMMY is not set @@ -1228,6 +1292,7 @@ CONFIG_DUMMY_CONSOLE_ROWS=25 # CONFIG_DWMAC_ROCKCHIP is not set # CONFIG_DWMAC_SOCFPGA is not set # CONFIG_DWMAC_STI is not set +# CONFIG_DW_AXI_DMAC is not set # CONFIG_DW_DMAC is not set # CONFIG_DW_DMAC_PCI is not set # CONFIG_DW_WATCHDOG is not set @@ -1238,6 +1303,7 @@ CONFIG_DUMMY_CONSOLE_ROWS=25 # CONFIG_E1000E_HWTS is not set # CONFIG_EARLY_PRINTK_8250 is not set # CONFIG_EARLY_PRINTK_USB_XDBC is not set +# CONFIG_EBC_C384_WDT is not set # CONFIG_ECHO is not set # CONFIG_ECRYPT_FS is not set # CONFIG_EDAC is not set @@ -1271,6 +1337,7 @@ CONFIG_ENABLE_WARN_DEPRECATED=y # CONFIG_EPIC100 is not set CONFIG_EPOLL=y # CONFIG_EQUALIZER is not set +# CONFIG_EROFS_FS is not set # CONFIG_ET131X is not set CONFIG_ETHERNET=y # CONFIG_ETHOC is not set @@ -1308,6 +1375,7 @@ CONFIG_EXTRA_TARGETS="" # CONFIG_F2FS_FS_ENCRYPTION is not set # CONFIG_F2FS_FS_POSIX_ACL is not set # CONFIG_F2FS_IO_TRACE is not set +# CONFIG_FAILOVER is not set # CONFIG_FAIR_GROUP_SCHED is not set # CONFIG_FANOTIFY is not set CONFIG_FAT_DEFAULT_CODEPAGE=437 @@ -1402,6 +1470,7 @@ CONFIG_FB_NOTIFY=y # CONFIG_FHANDLE is not set CONFIG_FIB_RULES=y CONFIG_FILE_LOCKING=y +# CONFIG_FIND_BIT_BENCHMARK is not set # CONFIG_FIREWIRE is not set # CONFIG_FIREWIRE_NOSY is not set # CONFIG_FIREWIRE_SERIAL is not set @@ -1419,6 +1488,7 @@ CONFIG_FORCE_MAX_ZONEORDER=11 CONFIG_FORTIFY_SOURCE=y # CONFIG_FPGA is not set # CONFIG_FRAMEBUFFER_CONSOLE is not set +# CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set # CONFIG_FRAME_POINTER is not set CONFIG_FRAME_WARN=1024 # CONFIG_FREEZER is not set @@ -1440,6 +1510,7 @@ CONFIG_FSNOTIFY=y # CONFIG_FTRACE is not set # CONFIG_FTRACE_STARTUP_TEST is not set # CONFIG_FTR_FIXUP_SELFTEST is not set +# CONFIG_FTWDT010_WATCHDOG is not set # CONFIG_FUJITSU_ES is not set # CONFIG_FUJITSU_LAPTOP is not set # CONFIG_FUJITSU_TABLET is not set @@ -1463,6 +1534,7 @@ CONFIG_GACT_PROB=y # CONFIG_GCOV is not set # CONFIG_GCOV_KERNEL is not set # CONFIG_GDB_SCRIPTS is not set +# CONFIG_GEMINI_ETHERNET is not set # CONFIG_GENERIC_ADC_BATTERY is not set # CONFIG_GENERIC_ADC_THERMAL is not set CONFIG_GENERIC_CALIBRATE_DELAY=y @@ -1479,10 +1551,16 @@ CONFIG_GENERIC_NET_UTILS=y # CONFIG_GIGASET_DEBUG is not set # CONFIG_GIGASET_DUMMYLL is not set # CONFIG_GLOB_SELFTEST is not set +# CONFIG_GNSS is not set # CONFIG_GOLDFISH is not set # CONFIG_GOOGLE_FIRMWARE is not set # CONFIG_GP2AP020A00F is not set +# CONFIG_GPD_POCKET_FAN is not set # CONFIG_GPIOLIB is not set +CONFIG_GPIOLIB_FASTPATH_LIMIT=512 +# CONFIG_GPIO_104_DIO_48E is not set +# CONFIG_GPIO_104_IDIO_16 is not set +# CONFIG_GPIO_104_IDI_48 is not set # CONFIG_GPIO_74X164 is not set # CONFIG_GPIO_74XX_MMIO is not set # CONFIG_GPIO_ADNP is not set @@ -1501,12 +1579,15 @@ CONFIG_GENERIC_NET_UTILS=y # CONFIG_GPIO_GENERIC_PLATFORM is not set # CONFIG_GPIO_GPIO_MM is not set # CONFIG_GPIO_GRGPIO is not set +# CONFIG_GPIO_HLWD is not set # CONFIG_GPIO_ICH is not set # CONFIG_GPIO_IT87 is not set # CONFIG_GPIO_LYNXPOINT is not set +# CONFIG_GPIO_MAX3191X is not set # CONFIG_GPIO_MAX7300 is not set # CONFIG_GPIO_MAX7301 is not set # CONFIG_GPIO_MAX732X is not set +# CONFIG_GPIO_MB86S7X is not set # CONFIG_GPIO_MC33880 is not set # CONFIG_GPIO_MCP23S08 is not set # CONFIG_GPIO_ML_IOH is not set @@ -1515,6 +1596,7 @@ CONFIG_GENERIC_NET_UTILS=y # CONFIG_GPIO_PCA953X is not set # CONFIG_GPIO_PCF857X is not set # CONFIG_GPIO_PCH is not set +# CONFIG_GPIO_PCIE_IDIO_24 is not set # CONFIG_GPIO_PCI_IDIO_16 is not set # CONFIG_GPIO_PISOSR is not set # CONFIG_GPIO_PL061 is not set @@ -1530,6 +1612,7 @@ CONFIG_GENERIC_NET_UTILS=y # CONFIG_GPIO_TS5500 is not set # CONFIG_GPIO_VX855 is not set # CONFIG_GPIO_WATCHDOG is not set +# CONFIG_GPIO_WINBOND is not set # CONFIG_GPIO_WS16C48 is not set # CONFIG_GPIO_XGENE is not set # CONFIG_GPIO_XILINX is not set @@ -1540,10 +1623,12 @@ CONFIG_GENERIC_NET_UTILS=y # CONFIG_GREYBUS is not set # CONFIG_GS_FPGABOOT is not set # CONFIG_GTP is not set +# CONFIG_GUP_BENCHMARK is not set # CONFIG_HAMACHI is not set # CONFIG_HAMRADIO is not set # CONFIG_HAPPYMEAL is not set # CONFIG_HARDENED_USERCOPY is not set +CONFIG_HARDEN_EL2_VECTORS=y # CONFIG_HARDLOCKUP_DETECTOR is not set # CONFIG_HAVE_AOUT is not set CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y @@ -1601,9 +1686,11 @@ CONFIG_HAVE_NMI=y # CONFIG_HID_CHICONY is not set # CONFIG_HID_CMEDIA is not set # CONFIG_HID_CORSAIR is not set +# CONFIG_HID_COUGAR is not set # CONFIG_HID_CP2112 is not set # CONFIG_HID_CYPRESS is not set # CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_ELAN is not set # CONFIG_HID_ELECOM is not set # CONFIG_HID_ELO is not set # CONFIG_HID_EMS_FF is not set @@ -1611,12 +1698,14 @@ CONFIG_HAVE_NMI=y # CONFIG_HID_GEMBIRD is not set # CONFIG_HID_GENERIC is not set # CONFIG_HID_GFRM is not set +# CONFIG_HID_GOOGLE_HAMMER is not set # CONFIG_HID_GREENASIA is not set # CONFIG_HID_GT683R is not set # CONFIG_HID_GYRATION is not set # CONFIG_HID_HOLTEK is not set # CONFIG_HID_ICADE is not set # CONFIG_HID_ITE is not set +# CONFIG_HID_JABRA is not set # CONFIG_HID_KENSINGTON is not set # CONFIG_HID_KEYTOUCH is not set # CONFIG_HID_KYE is not set @@ -1642,6 +1731,7 @@ CONFIG_HAVE_NMI=y # CONFIG_HID_PLANTRONICS is not set # CONFIG_HID_PRIMAX is not set # CONFIG_HID_PRODIKEYS is not set +# CONFIG_HID_REDRAGON is not set # CONFIG_HID_RETRODE is not set # CONFIG_HID_RMI is not set # CONFIG_HID_ROCCAT is not set @@ -1651,6 +1741,7 @@ CONFIG_HAVE_NMI=y # CONFIG_HID_SMARTJOYPLUS is not set # CONFIG_HID_SONY is not set # CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEAM is not set # CONFIG_HID_STEELSERIES is not set # CONFIG_HID_SUNPLUS is not set # CONFIG_HID_THINGM is not set @@ -1672,6 +1763,7 @@ CONFIG_HIGH_RES_TIMERS=y # CONFIG_HIP04_ETH is not set # CONFIG_HIPPI is not set # CONFIG_HISILICON_ERRATUM_161010101 is not set +# CONFIG_HISILICON_ERRATUM_161600802 is not set # CONFIG_HISI_FEMAC is not set # CONFIG_HIX5HD2_GMAC is not set # CONFIG_HMC6352 is not set @@ -1768,6 +1860,7 @@ CONFIG_HZ_100=y # CONFIG_I2C_ELEKTOR is not set # CONFIG_I2C_EMEV2 is not set # CONFIG_I2C_GPIO is not set +# CONFIG_I2C_GPIO_FAULT_INJECTOR is not set # CONFIG_I2C_HELPER_AUTO is not set # CONFIG_I2C_HID is not set # CONFIG_I2C_I801 is not set @@ -1832,6 +1925,7 @@ CONFIG_HZ_100=y # CONFIG_IBM_EMAC_RGMII is not set # CONFIG_IBM_EMAC_TAH is not set # CONFIG_IBM_EMAC_ZMII is not set +# CONFIG_ICE is not set # CONFIG_ICPLUS_PHY is not set # CONFIG_ICS932S401 is not set # CONFIG_IDE is not set @@ -1844,16 +1938,21 @@ CONFIG_HZ_100=y # CONFIG_IEEE802154_ADF7242 is not set # CONFIG_IEEE802154_ATUSB is not set # CONFIG_IEEE802154_CA8210 is not set +# CONFIG_IEEE802154_HWSIM is not set +# CONFIG_IEEE802154_MCR20A is not set # CONFIG_IFB is not set # CONFIG_IGB is not set # CONFIG_IGBVF is not set # CONFIG_IIO is not set # CONFIG_IIO_BUFFER_CB is not set +# CONFIG_IIO_BUFFER_HW_CONSUMER is not set # CONFIG_IIO_CONFIGFS is not set CONFIG_IIO_CONSUMERS_PER_TRIGGER=2 +# CONFIG_IIO_CROS_EC_ACCEL_LEGACY is not set # CONFIG_IIO_INTERRUPT_TRIGGER is not set # CONFIG_IIO_MUX is not set # CONFIG_IIO_PERIODIC_RTC_TRIGGER is not set +# CONFIG_IIO_RESCALE is not set # CONFIG_IIO_SIMPLE_DUMMY is not set # CONFIG_IIO_SSP_SENSORHUB is not set # CONFIG_IIO_ST_ACCEL_3AXIS is not set @@ -1873,6 +1972,7 @@ CONFIG_IIO_CONSUMERS_PER_TRIGGER=2 # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_IMX_THERMAL is not set # CONFIG_INA2XX_ADC is not set +# CONFIG_INDIRECT_PIO is not set CONFIG_INET=y # CONFIG_INET6_AH is not set # CONFIG_INET6_ESP is not set @@ -2002,6 +2102,7 @@ CONFIG_INPUT_MISC=y # CONFIG_INTEL_RST is not set # CONFIG_INTEL_SMARTCONNECT is not set # CONFIG_INTEL_SOC_PMIC is not set +# CONFIG_INTEL_SOC_PMIC_CHTDC_TI is not set # CONFIG_INTEL_SOC_PMIC_CHTWC is not set # CONFIG_INTEL_TH is not set # CONFIG_INTEL_VBTN is not set @@ -2029,6 +2130,7 @@ CONFIG_IO_STRICT_DEVMEM=y # CONFIG_IP6_NF_MATCH_OPTS is not set # CONFIG_IP6_NF_MATCH_RPFILTER is not set # CONFIG_IP6_NF_MATCH_RT is not set +# CONFIG_IP6_NF_MATCH_SRH is not set # CONFIG_IP6_NF_NAT is not set # CONFIG_IP6_NF_RAW is not set # CONFIG_IP6_NF_SECURITY is not set @@ -2104,6 +2206,8 @@ CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_SET is not set # CONFIG_IP_SET_HASH_IPMAC is not set # CONFIG_IP_VS is not set +# CONFIG_IP_VS_MH is not set +CONFIG_IP_VS_MH_TAB_INDEX=10 # CONFIG_IRDA is not set # CONFIG_IRQSOFF_TRACER is not set # CONFIG_IRQ_ALL_CPUS is not set @@ -2146,6 +2250,7 @@ CONFIG_ISDN=y # CONFIG_ISL29003 is not set # CONFIG_ISL29020 is not set # CONFIG_ISL29125 is not set +# CONFIG_ISL29501 is not set # CONFIG_ISO9660_FS is not set # CONFIG_ISS4xx is not set # CONFIG_ITG3200 is not set @@ -2154,6 +2259,7 @@ CONFIG_ISDN=y # CONFIG_IXGB is not set # CONFIG_IXGBE is not set # CONFIG_IXGBEVF is not set +# CONFIG_JAILHOUSE_GUEST is not set # CONFIG_JBD2_DEBUG is not set # CONFIG_JFFS2_CMODE_FAVOURLZO is not set # CONFIG_JFFS2_CMODE_NONE is not set @@ -2257,6 +2363,7 @@ CONFIG_KUSER_HELPERS=y # CONFIG_L2TP_ETH is not set # CONFIG_L2TP_IP is not set # CONFIG_L2TP_V3 is not set +# CONFIG_LAN743X is not set # CONFIG_LANMEDIA is not set # CONFIG_LANTIQ is not set # CONFIG_LAPB is not set @@ -2273,11 +2380,13 @@ CONFIG_LBDAF=y # CONFIG_LCD_LMS283GF05 is not set # CONFIG_LCD_LMS501KF03 is not set # CONFIG_LCD_LTV350QV is not set +# CONFIG_LCD_OTM3225A is not set # CONFIG_LCD_S6E63M0 is not set # CONFIG_LCD_TDO24M is not set # CONFIG_LCD_VGG2432A4 is not set # CONFIG_LDM_PARTITION is not set CONFIG_LD_DEAD_CODE_DATA_ELIMINATION=y +# CONFIG_LEDS_APU is not set # CONFIG_LEDS_BCM6328 is not set # CONFIG_LEDS_BCM6358 is not set # CONFIG_LEDS_BD2802 is not set @@ -2285,6 +2394,7 @@ CONFIG_LD_DEAD_CODE_DATA_ELIMINATION=y CONFIG_LEDS_BRIGHTNESS_HW_CHANGED=y CONFIG_LEDS_CLASS=y # CONFIG_LEDS_CLASS_FLASH is not set +# CONFIG_LEDS_CR0014114 is not set # CONFIG_LEDS_DAC124S085 is not set # CONFIG_LEDS_GPIO is not set # CONFIG_LEDS_INTEL_SS4200 is not set @@ -2293,6 +2403,7 @@ CONFIG_LEDS_CLASS=y # CONFIG_LEDS_LM3530 is not set # CONFIG_LEDS_LM355x is not set # CONFIG_LEDS_LM3642 is not set +# CONFIG_LEDS_LM3692X is not set # CONFIG_LEDS_LP3944 is not set # CONFIG_LEDS_LP3952 is not set # CONFIG_LEDS_LP5521 is not set @@ -2302,6 +2413,7 @@ CONFIG_LEDS_CLASS=y # CONFIG_LEDS_LP8860 is not set # CONFIG_LEDS_LT3593 is not set # CONFIG_LEDS_MLXCPLD is not set +# CONFIG_LEDS_MLXREG is not set # CONFIG_LEDS_NIC78BX is not set # CONFIG_LEDS_NS2 is not set # CONFIG_LEDS_OT200 is not set @@ -2314,6 +2426,7 @@ CONFIG_LEDS_CLASS=y # CONFIG_LEDS_TCA6507 is not set # CONFIG_LEDS_TLC591XX is not set CONFIG_LEDS_TRIGGERS=y +# CONFIG_LEDS_TRIGGER_ACTIVITY is not set # CONFIG_LEDS_TRIGGER_BACKLIGHT is not set # CONFIG_LEDS_TRIGGER_CAMERA is not set # CONFIG_LEDS_TRIGGER_CPU is not set @@ -2384,6 +2497,7 @@ CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 # CONFIG_LTPC is not set # CONFIG_LTR501 is not set # CONFIG_LUSTRE_FS is not set +# CONFIG_LV0104CS is not set # CONFIG_LWTUNNEL is not set # CONFIG_LXT_PHY is not set # CONFIG_LZ4HC_COMPRESS is not set @@ -2422,6 +2536,7 @@ CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x1 # CONFIG_MAGIC_SYSRQ_SERIAL is not set # CONFIG_MAILBOX is not set +# CONFIG_MANAGER_SBS is not set # CONFIG_MANDATORY_FILE_LOCKING is not set # CONFIG_MANGLE_BOOTARGS is not set # CONFIG_MARVELL_10G_PHY is not set @@ -2445,6 +2560,7 @@ CONFIG_MAY_USE_DEVLINK=y # CONFIG_MCB is not set # CONFIG_MCP320X is not set # CONFIG_MCP3422 is not set +# CONFIG_MCP4018 is not set # CONFIG_MCP4131 is not set # CONFIG_MCP4531 is not set # CONFIG_MCP4725 is not set @@ -2457,6 +2573,7 @@ CONFIG_MAY_USE_DEVLINK=y # CONFIG_MDIO_BUS_MUX_MMIOREG is not set # CONFIG_MDIO_DEVICE is not set # CONFIG_MDIO_HISI_FEMAC is not set +# CONFIG_MDIO_MSCC_MIIM is not set # CONFIG_MDIO_OCTEON is not set # CONFIG_MDIO_THUNDER is not set # CONFIG_MD_FAULTY is not set @@ -2476,6 +2593,7 @@ CONFIG_MAY_USE_DEVLINK=y # CONFIG_MEGARAID_LEGACY is not set # CONFIG_MEGARAID_NEWGEN is not set # CONFIG_MEGARAID_SAS is not set +# CONFIG_MELLANOX_PLATFORM is not set CONFIG_MEMBARRIER=y # CONFIG_MEMORY is not set # CONFIG_MEMORY_FAILURE is not set @@ -2519,6 +2637,7 @@ CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 # CONFIG_MFD_LM3533 is not set # CONFIG_MFD_LP3943 is not set # CONFIG_MFD_LP8788 is not set +# CONFIG_MFD_MADERA is not set # CONFIG_MFD_MAX14577 is not set # CONFIG_MFD_MAX77620 is not set # CONFIG_MFD_MAX77686 is not set @@ -2543,6 +2662,7 @@ CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 # CONFIG_MFD_RETU is not set # CONFIG_MFD_RK808 is not set # CONFIG_MFD_RN5T618 is not set +# CONFIG_MFD_ROHM_BD718XX is not set # CONFIG_MFD_RT5033 is not set # CONFIG_MFD_RTSX_PCI is not set # CONFIG_MFD_RTSX_USB is not set @@ -2588,6 +2708,7 @@ CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 # CONFIG_MICREL_PHY is not set # CONFIG_MICROCHIP_KSZ is not set # CONFIG_MICROCHIP_PHY is not set +# CONFIG_MICROCHIP_T1_PHY is not set # CONFIG_MICROSEMI_PHY is not set # CONFIG_MIGRATION is not set CONFIG_MII=y @@ -2606,6 +2727,8 @@ CONFIG_MII=y # CONFIG_MIPS_PLATFORM_DEVICES is not set # CONFIG_MIPS_SEAD3 is not set CONFIG_MISC_FILESYSTEMS=y +# CONFIG_MISC_RTSX_PCI is not set +# CONFIG_MISC_RTSX_USB is not set # CONFIG_MISDN is not set # CONFIG_MISDN_AVMFRITZ is not set # CONFIG_MISDN_HFCPCI is not set @@ -2619,6 +2742,7 @@ CONFIG_MISC_FILESYSTEMS=y # CONFIG_MLX4_EN is not set # CONFIG_MLX5_CORE is not set # CONFIG_MLX90614 is not set +# CONFIG_MLX90632 is not set # CONFIG_MLXFW is not set # CONFIG_MLXSW_CORE is not set # CONFIG_MLX_CPLD_PLATFORM is not set @@ -2638,6 +2762,7 @@ CONFIG_MMC_BLOCK_BOUNCE=y CONFIG_MMC_BLOCK_MINORS=8 # CONFIG_MMC_CAVIUM_THUNDERX is not set # CONFIG_MMC_CB710 is not set +# CONFIG_MMC_CQHCI is not set # CONFIG_MMC_DEBUG is not set # CONFIG_MMC_DW is not set # CONFIG_MMC_MTK is not set @@ -2652,8 +2777,10 @@ CONFIG_MMC_BLOCK_MINORS=8 # CONFIG_MMC_SDHCI_MSM is not set # CONFIG_MMC_SDHCI_OF_ARASAN is not set # CONFIG_MMC_SDHCI_OF_AT91 is not set +# CONFIG_MMC_SDHCI_OF_DWCMSHC is not set # CONFIG_MMC_SDHCI_OF_ESDHC is not set # CONFIG_MMC_SDHCI_OF_HLWD is not set +# CONFIG_MMC_SDHCI_OMAP is not set # CONFIG_MMC_SDHCI_PXAV2 is not set # CONFIG_MMC_SDHCI_PXAV3 is not set # CONFIG_MMC_SDHCI_S3C is not set @@ -2821,6 +2948,7 @@ CONFIG_MTD_ROOTFS_ROOT_DEV=y # CONFIG_MTD_SLRAM is not set # CONFIG_MTD_SM_COMMON is not set # CONFIG_MTD_SPINAND_MT29F is not set +# CONFIG_MTD_SPI_NAND is not set # CONFIG_MTD_SPI_NOR is not set # CONFIG_MTD_SPI_NOR_USE_4K_SECTORS is not set CONFIG_MTD_SPI_NOR_USE_4K_SECTORS_LIMIT=4096 @@ -2846,6 +2974,7 @@ CONFIG_MTD_SPLIT_SUPPORT=y # CONFIG_MTD_UBI is not set # CONFIG_MTD_UIMAGE_SPLIT is not set # CONFIG_MTD_VIRT_CONCAT is not set +# CONFIG_MTK_MMC is not set CONFIG_MULTIUSER=y # CONFIG_MUTEX_SPIN_ON_OWNER is not set # CONFIG_MV643XX_ETH is not set @@ -2871,6 +3000,7 @@ CONFIG_MULTIUSER=y CONFIG_NET=y # CONFIG_NETCONSOLE is not set CONFIG_NETDEVICES=y +# CONFIG_NETDEVSIM is not set # CONFIG_NETFILTER is not set # CONFIG_NETFILTER_ADVANCED is not set # CONFIG_NETFILTER_DEBUG is not set @@ -2879,6 +3009,7 @@ CONFIG_NETDEVICES=y # CONFIG_NETFILTER_NETLINK_ACCT is not set # CONFIG_NETFILTER_NETLINK_GLUE_CT is not set # CONFIG_NETFILTER_NETLINK_LOG is not set +# CONFIG_NETFILTER_NETLINK_OSF is not set # CONFIG_NETFILTER_NETLINK_QUEUE is not set # CONFIG_NETFILTER_XTABLES is not set # CONFIG_NETFILTER_XT_CONNMARK is not set @@ -3013,11 +3144,13 @@ CONFIG_NET_CORE=y # CONFIG_NET_EMATCH is not set # CONFIG_NET_EMATCH_CANID is not set # CONFIG_NET_EMATCH_CMP is not set +# CONFIG_NET_EMATCH_IPT is not set # CONFIG_NET_EMATCH_META is not set # CONFIG_NET_EMATCH_NBYTE is not set CONFIG_NET_EMATCH_STACK=32 # CONFIG_NET_EMATCH_TEXT is not set # CONFIG_NET_EMATCH_U32 is not set +# CONFIG_NET_FAILOVER is not set # CONFIG_NET_FC is not set # CONFIG_NET_FOU is not set # CONFIG_NET_FOU_IP_TUNNELS is not set @@ -3042,12 +3175,15 @@ CONFIG_NET_RX_BUSY_POLL=y # CONFIG_NET_SB1000 is not set CONFIG_NET_SCHED=y # CONFIG_NET_SCH_ATM is not set +# CONFIG_NET_SCH_CAKE is not set # CONFIG_NET_SCH_CBQ is not set +# CONFIG_NET_SCH_CBS is not set # CONFIG_NET_SCH_CHOKE is not set # CONFIG_NET_SCH_CODEL is not set # CONFIG_NET_SCH_DEFAULT is not set # CONFIG_NET_SCH_DRR is not set # CONFIG_NET_SCH_DSMARK is not set +# CONFIG_NET_SCH_ETF is not set CONFIG_NET_SCH_FIFO=y # CONFIG_NET_SCH_FQ is not set CONFIG_NET_SCH_FQ_CODEL=y @@ -3066,6 +3202,7 @@ CONFIG_NET_SCH_FQ_CODEL=y # CONFIG_NET_SCH_RED is not set # CONFIG_NET_SCH_SFB is not set # CONFIG_NET_SCH_SFQ is not set +# CONFIG_NET_SCH_SKBPRIO is not set # CONFIG_NET_SCH_TBF is not set # CONFIG_NET_SCH_TEQL is not set # CONFIG_NET_SCTPPROBE is not set @@ -3088,10 +3225,12 @@ CONFIG_NET_VENDOR_ATHEROS=y CONFIG_NET_VENDOR_AURORA=y CONFIG_NET_VENDOR_BROADCOM=y CONFIG_NET_VENDOR_BROCADE=y +CONFIG_NET_VENDOR_CADENCE=y CONFIG_NET_VENDOR_CAVIUM=y CONFIG_NET_VENDOR_CHELSIO=y CONFIG_NET_VENDOR_CIRRUS=y CONFIG_NET_VENDOR_CISCO=y +CONFIG_NET_VENDOR_CORTINA=y CONFIG_NET_VENDOR_DEC=y CONFIG_NET_VENDOR_DLINK=y CONFIG_NET_VENDOR_EMULEX=y @@ -3110,11 +3249,15 @@ CONFIG_NET_VENDOR_MARVELL=y CONFIG_NET_VENDOR_MELLANOX=y CONFIG_NET_VENDOR_MICREL=y CONFIG_NET_VENDOR_MICROCHIP=y +CONFIG_NET_VENDOR_MICROSEMI=y CONFIG_NET_VENDOR_MYRI=y CONFIG_NET_VENDOR_NATSEMI=y +CONFIG_NET_VENDOR_NETERION=y CONFIG_NET_VENDOR_NETRONOME=y +CONFIG_NET_VENDOR_NI=y CONFIG_NET_VENDOR_NVIDIA=y CONFIG_NET_VENDOR_OKI=y +CONFIG_NET_VENDOR_PACKET_ENGINES=y CONFIG_NET_VENDOR_QLOGIC=y CONFIG_NET_VENDOR_QUALCOMM=y CONFIG_NET_VENDOR_RDC=y @@ -3126,6 +3269,7 @@ CONFIG_NET_VENDOR_SEEQ=y CONFIG_NET_VENDOR_SILAN=y CONFIG_NET_VENDOR_SIS=y CONFIG_NET_VENDOR_SMSC=y +CONFIG_NET_VENDOR_SOCIONEXT=y CONFIG_NET_VENDOR_SOLARFLARE=y CONFIG_NET_VENDOR_STMICRO=y CONFIG_NET_VENDOR_SUN=y @@ -3160,14 +3304,19 @@ CONFIG_NFS_V3=y # CONFIG_NFTL is not set # CONFIG_NFT_BRIDGE_META is not set # CONFIG_NFT_BRIDGE_REJECT is not set +# CONFIG_NFT_CONNLIMIT is not set # CONFIG_NFT_DUP_IPV4 is not set # CONFIG_NFT_DUP_IPV6 is not set # CONFIG_NFT_FIB_IPV4 is not set # CONFIG_NFT_FIB_IPV6 is not set # CONFIG_NFT_FLOW_OFFLOAD is not set # CONFIG_NFT_OBJREF is not set +# CONFIG_NFT_OSF is not set # CONFIG_NFT_RT is not set # CONFIG_NFT_SET_BITMAP is not set +# CONFIG_NFT_SOCKET is not set +# CONFIG_NFT_TPROXY is not set +# CONFIG_NFT_TUNNEL is not set # CONFIG_NF_CONNTRACK is not set # CONFIG_NF_CONNTRACK_AMANDA is not set # CONFIG_NF_CONNTRACK_EVENTS is not set @@ -3176,6 +3325,7 @@ CONFIG_NFS_V3=y # CONFIG_NF_CONNTRACK_IPV4 is not set # CONFIG_NF_CONNTRACK_IPV6 is not set # CONFIG_NF_CONNTRACK_IRC is not set +# CONFIG_NF_CONNTRACK_LABELS is not set # CONFIG_NF_CONNTRACK_MARK is not set # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set # CONFIG_NF_CONNTRACK_PPTP is not set @@ -3220,7 +3370,15 @@ CONFIG_NF_CONNTRACK_PROCFS=y # CONFIG_NF_SOCKET_IPV4 is not set # CONFIG_NF_SOCKET_IPV6 is not set # CONFIG_NF_TABLES is not set +# CONFIG_NF_TABLES_ARP is not set +# CONFIG_NF_TABLES_BRIDGE is not set +# CONFIG_NF_TABLES_INET is not set +# CONFIG_NF_TABLES_IPV4 is not set +# CONFIG_NF_TABLES_IPV6 is not set # CONFIG_NF_TABLES_NETDEV is not set +# CONFIG_NF_TABLES_SET is not set +# CONFIG_NF_TPROXY_IPV4 is not set +# CONFIG_NF_TPROXY_IPV6 is not set # CONFIG_NI65 is not set # CONFIG_NI903X_WDT is not set # CONFIG_NIC7018_WDT is not set @@ -3328,7 +3486,10 @@ CONFIG_NMI_LOG_BUF_SHIFT=13 # CONFIG_OSF_PARTITION is not set CONFIG_OVERLAY_FS=y # CONFIG_OVERLAY_FS_INDEX is not set +# CONFIG_OVERLAY_FS_METACOPY is not set +CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y # CONFIG_OVERLAY_FS_REDIRECT_DIR is not set +CONFIG_OVERLAY_FS_XINO_AUTO=y # CONFIG_OWL_LOADER is not set # CONFIG_P54_COMMON is not set # CONFIG_PA12203001 is not set @@ -3423,12 +3584,15 @@ CONFIG_PARTITION_ADVANCED=y # CONFIG_PCIEPORTBUS is not set # CONFIG_PCIE_ALTERA is not set # CONFIG_PCIE_ARMADA_8K is not set +# CONFIG_PCIE_CADENCE_HOST is not set # CONFIG_PCIE_DPC is not set # CONFIG_PCIE_DW_PLAT is not set +# CONFIG_PCIE_DW_PLAT_HOST is not set # CONFIG_PCIE_ECRC is not set # CONFIG_PCIE_IPROC is not set # CONFIG_PCIE_KIRIN is not set # CONFIG_PCIE_PTM is not set +# CONFIG_PCIE_XILINX is not set # CONFIG_PCIPCWATCHDOG is not set # CONFIG_PCI_ATMEL is not set # CONFIG_PCI_CNB20LE_QUIRK is not set @@ -3492,6 +3656,7 @@ CONFIG_PCI_SYSCALL=y # CONFIG_PHY_CPCAP_USB is not set # CONFIG_PHY_EXYNOS_DP_VIDEO is not set # CONFIG_PHY_EXYNOS_MIPI_VIDEO is not set +# CONFIG_PHY_MAPPHONE_MDM6600 is not set # CONFIG_PHY_PXA_28NM_HSIC is not set # CONFIG_PHY_PXA_28NM_USB2 is not set # CONFIG_PHY_QCOM_DWC3 is not set @@ -3503,8 +3668,11 @@ CONFIG_PCI_SYSCALL=y CONFIG_PINCONF=y # CONFIG_PINCTRL is not set # CONFIG_PINCTRL_AMD is not set +# CONFIG_PINCTRL_AXP209 is not set +# CONFIG_PINCTRL_CEDARFORK is not set # CONFIG_PINCTRL_EXYNOS is not set # CONFIG_PINCTRL_EXYNOS5440 is not set +# CONFIG_PINCTRL_ICELAKE is not set # CONFIG_PINCTRL_MCP23S08 is not set # CONFIG_PINCTRL_MSM8X74 is not set CONFIG_PINCTRL_SINGLE=y @@ -3587,6 +3755,7 @@ CONFIG_PROC_FS=y # CONFIG_PROC_PAGE_MONITOR is not set CONFIG_PROC_STRIPPED=y CONFIG_PROC_SYSCTL=y +# CONFIG_PROC_VMCORE_DEVICE_DUMP is not set # CONFIG_PROFILE_ALL_BRANCHES is not set # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set # CONFIG_PROFILING is not set @@ -3655,6 +3824,7 @@ CONFIG_PWRSEQ_SIMPLE=y # CONFIG_RAID_ATTRS is not set # CONFIG_RALINK is not set # CONFIG_RANDOM32_SELFTEST is not set +# CONFIG_RANDOM_TRUST_CPU is not set # CONFIG_RAPIDIO is not set # CONFIG_RAS is not set # CONFIG_RAW_DRIVER is not set @@ -3693,6 +3863,7 @@ CONFIG_RCU_TORTURE_TEST_SLOW_INIT_DELAY=3 # CONFIG_REGMAP_MMIO is not set # CONFIG_REGMAP_SPI is not set # CONFIG_REGULATOR is not set +# CONFIG_REGULATOR_88PG86X is not set # CONFIG_REGULATOR_ACT8865 is not set # CONFIG_REGULATOR_AD5398 is not set # CONFIG_REGULATOR_ANATOP is not set @@ -3721,6 +3892,7 @@ CONFIG_RCU_TORTURE_TEST_SLOW_INIT_DELAY=3 # CONFIG_REGULATOR_PV88080 is not set # CONFIG_REGULATOR_PV88090 is not set # CONFIG_REGULATOR_PWM is not set +# CONFIG_REGULATOR_SY8106A is not set # CONFIG_REGULATOR_TI_ABB is not set # CONFIG_REGULATOR_TPS51632 is not set # CONFIG_REGULATOR_TPS62360 is not set @@ -3740,6 +3912,7 @@ CONFIG_RCU_TORTURE_TEST_SLOW_INIT_DELAY=3 # CONFIG_RELAY is not set # CONFIG_RELOCATABLE is not set # CONFIG_REMOTEPROC is not set +# CONFIG_RENESAS_PHY is not set # CONFIG_RESET_ATH79 is not set # CONFIG_RESET_BERLIN is not set # CONFIG_RESET_CONTROLLER is not set @@ -3754,6 +3927,7 @@ CONFIG_RCU_TORTURE_TEST_SLOW_INIT_DELAY=3 # CONFIG_RESET_TEGRA_BPMP is not set # CONFIG_RESET_TI_SYSCON is not set # CONFIG_RESET_ZYNQ is not set +# CONFIG_RFD77402 is not set # CONFIG_RFD_FTL is not set CONFIG_RFKILL=y # CONFIG_RFKILL_FULL is not set @@ -3771,7 +3945,9 @@ CONFIG_RFKILL=y # CONFIG_ROSE is not set # CONFIG_RPCSEC_GSS_KRB5 is not set # CONFIG_RPMSG_QCOM_GLINK_RPM is not set +# CONFIG_RPMSG_VIRTIO is not set # CONFIG_RPR0521 is not set +# CONFIG_RSEQ is not set # CONFIG_RT2X00 is not set # CONFIG_RTC_CLASS is not set # CONFIG_RTC_DEBUG is not set @@ -3808,6 +3984,7 @@ CONFIG_RTC_DRV_CMOS=y # CONFIG_RTC_DRV_HID_SENSOR_TIME is not set # CONFIG_RTC_DRV_HYM8563 is not set # CONFIG_RTC_DRV_ISL12022 is not set +# CONFIG_RTC_DRV_ISL12026 is not set # CONFIG_RTC_DRV_ISL12057 is not set # CONFIG_RTC_DRV_ISL1208 is not set # CONFIG_RTC_DRV_M41T80 is not set @@ -3828,6 +4005,7 @@ CONFIG_RTC_DRV_CMOS=y # CONFIG_RTC_DRV_PCF2127 is not set # CONFIG_RTC_DRV_PCF85063 is not set # CONFIG_RTC_DRV_PCF8523 is not set +# CONFIG_RTC_DRV_PCF85363 is not set # CONFIG_RTC_DRV_PCF8563 is not set # CONFIG_RTC_DRV_PCF8583 is not set # CONFIG_RTC_DRV_PL030 is not set @@ -3882,6 +4060,7 @@ CONFIG_RTC_SYSTOHC_DEVICE="rtc0" # CONFIG_RTS5208 is not set CONFIG_RT_MUTEXES=y # CONFIG_RUNTIME_DEBUG is not set +CONFIG_RUNTIME_TESTING_MENU=y CONFIG_RWSEM_GENERIC_SPINLOCK=y CONFIG_RXKAD=y # CONFIG_S2IO is not set @@ -3894,6 +4073,7 @@ CONFIG_RXKAD=y # CONFIG_SATA_FSL is not set # CONFIG_SATA_HIGHBANK is not set # CONFIG_SATA_INIC162X is not set +CONFIG_SATA_MOBILE_LPM_POLICY=0 # CONFIG_SATA_MV is not set # CONFIG_SATA_NV is not set # CONFIG_SATA_PMP is not set @@ -4011,6 +4191,7 @@ CONFIG_SCSI_PROC_FS=y # CONFIG_SCSI_WD719X is not set # CONFIG_SCx200_ACB is not set # CONFIG_SDIO_UART is not set +# CONFIG_SD_ADC_MODULATOR is not set # CONFIG_SECCOMP is not set CONFIG_SECTION_MISMATCH_WARN_ONLY=y # CONFIG_SECURITY is not set @@ -4123,6 +4304,7 @@ CONFIG_SELECT_MEMORY_MODEL=y # CONFIG_SENSORS_MAX197 is not set # CONFIG_SENSORS_MAX31722 is not set # CONFIG_SENSORS_MAX31790 is not set +# CONFIG_SENSORS_MAX6621 is not set # CONFIG_SENSORS_MAX6639 is not set # CONFIG_SENSORS_MAX6642 is not set # CONFIG_SENSORS_MAX6650 is not set @@ -4132,6 +4314,7 @@ CONFIG_SELECT_MEMORY_MODEL=y # CONFIG_SENSORS_NCT6775 is not set # CONFIG_SENSORS_NCT7802 is not set # CONFIG_SENSORS_NCT7904 is not set +# CONFIG_SENSORS_NPCM7XX is not set # CONFIG_SENSORS_NSA320 is not set # CONFIG_SENSORS_NTC_THERMISTOR is not set # CONFIG_SENSORS_PC87360 is not set @@ -4169,6 +4352,7 @@ CONFIG_SELECT_MEMORY_MODEL=y # CONFIG_SENSORS_VT8231 is not set # CONFIG_SENSORS_W83627EHF is not set # CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83773G is not set # CONFIG_SENSORS_W83781D is not set # CONFIG_SENSORS_W83791D is not set # CONFIG_SENSORS_W83792D is not set @@ -4266,6 +4450,7 @@ CONFIG_SHMEM=y # CONFIG_SH_TIMER_CMT is not set # CONFIG_SH_TIMER_MTU2 is not set # CONFIG_SH_TIMER_TMU is not set +# CONFIG_SI1133 is not set # CONFIG_SI1145 is not set # CONFIG_SI7005 is not set # CONFIG_SI7020 is not set @@ -4281,6 +4466,7 @@ CONFIG_SIGNALFD=y # CONFIG_SIGNED_PE_FILE_VERIFICATION is not set # CONFIG_SIMPLE_GPIO is not set # CONFIG_SIMPLE_PM_BUS is not set +# CONFIG_SIOX is not set # CONFIG_SIS190 is not set # CONFIG_SIS900 is not set # CONFIG_SKGE is not set @@ -4293,6 +4479,7 @@ CONFIG_SLABINFO=y CONFIG_SLAB_MERGE_DEFAULT=y # CONFIG_SLHC is not set # CONFIG_SLICOSS is not set +# CONFIG_SLIMBUS is not set # CONFIG_SLIP is not set # CONFIG_SLOB is not set CONFIG_SLUB=y @@ -4399,6 +4586,7 @@ CONFIG_SND_HDA_PREALLOC_SIZE=64 # CONFIG_SND_LOLA is not set # CONFIG_SND_LX6464ES is not set # CONFIG_SND_MAESTRO3 is not set +CONFIG_SND_MAX_CARDS=16 # CONFIG_SND_MIA is not set # CONFIG_SND_MIPS is not set # CONFIG_SND_MIRO is not set @@ -4456,14 +4644,17 @@ CONFIG_SND_PROC_FS=y # CONFIG_SND_SOC_ADAU1761_SPI is not set # CONFIG_SND_SOC_ADAU7002 is not set # CONFIG_SND_SOC_AK4104 is not set +# CONFIG_SND_SOC_AK4458 is not set # CONFIG_SND_SOC_AK4554 is not set # CONFIG_SND_SOC_AK4613 is not set # CONFIG_SND_SOC_AK4642 is not set # CONFIG_SND_SOC_AK5386 is not set +# CONFIG_SND_SOC_AK5558 is not set # CONFIG_SND_SOC_ALC5623 is not set # CONFIG_SND_SOC_AMD_ACP is not set # CONFIG_SND_SOC_AU1XAUDIO is not set # CONFIG_SND_SOC_AU1XPSC is not set +# CONFIG_SND_SOC_BD28623 is not set # CONFIG_SND_SOC_BT_SCO is not set # CONFIG_SND_SOC_CS35L32 is not set # CONFIG_SND_SOC_CS35L33 is not set @@ -4485,6 +4676,7 @@ CONFIG_SND_PROC_FS=y # CONFIG_SND_SOC_CS53L30 is not set # CONFIG_SND_SOC_DIO2125 is not set # CONFIG_SND_SOC_ES7134 is not set +# CONFIG_SND_SOC_ES7241 is not set # CONFIG_SND_SOC_ES8316 is not set # CONFIG_SND_SOC_ES8328 is not set # CONFIG_SND_SOC_ES8328_I2C is not set @@ -4504,6 +4696,7 @@ CONFIG_SND_PROC_FS=y # CONFIG_SND_SOC_IMX_SPDIF is not set # CONFIG_SND_SOC_IMX_WM8962 is not set # CONFIG_SND_SOC_INNO_RK3036 is not set +# CONFIG_SND_SOC_INTEL_BAYTRAIL is not set # CONFIG_SND_SOC_INTEL_BDW_RT5677_MACH is not set # CONFIG_SND_SOC_INTEL_BXT_DA7219_MAX98357A_MACH is not set # CONFIG_SND_SOC_INTEL_BXT_RT298_MACH is not set @@ -4515,16 +4708,23 @@ CONFIG_SND_PROC_FS=y # CONFIG_SND_SOC_INTEL_BYT_MAX98090_MACH is not set # CONFIG_SND_SOC_INTEL_BYT_RT5640_MACH is not set # CONFIG_SND_SOC_INTEL_CHT_BSW_MAX98090_TI_MACH is not set +# CONFIG_SND_SOC_INTEL_CHT_BSW_NAU8824_MACH is not set # CONFIG_SND_SOC_INTEL_CHT_BSW_RT5645_MACH is not set # CONFIG_SND_SOC_INTEL_CHT_BSW_RT5672_MACH is not set +# CONFIG_SND_SOC_INTEL_HASWELL is not set # CONFIG_SND_SOC_INTEL_KBL_RT5663_MAX98927_MACH is not set # CONFIG_SND_SOC_INTEL_KBL_RT5663_RT5514_MAX98927_MACH is not set # CONFIG_SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH is not set # CONFIG_SND_SOC_INTEL_SKL_NAU88L25_SSM4567_MACH is not set # CONFIG_SND_SOC_INTEL_SKL_RT286_MACH is not set +# CONFIG_SND_SOC_INTEL_SKYLAKE is not set # CONFIG_SND_SOC_INTEL_SST is not set +CONFIG_SND_SOC_INTEL_SST_TOPLEVEL=y +# CONFIG_SND_SOC_MAX9759 is not set +# CONFIG_SND_SOC_MAX98373 is not set # CONFIG_SND_SOC_MAX98504 is not set # CONFIG_SND_SOC_MAX9860 is not set +# CONFIG_SND_SOC_MAX9867 is not set # CONFIG_SND_SOC_MAX98927 is not set # CONFIG_SND_SOC_MEDIATEK is not set # CONFIG_SND_SOC_MPC5200_AC97 is not set @@ -4532,14 +4732,18 @@ CONFIG_SND_PROC_FS=y # CONFIG_SND_SOC_MSM8916_WCD_ANALOG is not set # CONFIG_SND_SOC_MSM8916_WCD_DIGITAL is not set # CONFIG_SND_SOC_MT2701 is not set +# CONFIG_SND_SOC_MT6351 is not set # CONFIG_SND_SOC_MT8173 is not set # CONFIG_SND_SOC_NAU8540 is not set # CONFIG_SND_SOC_NAU8810 is not set # CONFIG_SND_SOC_NAU8824 is not set # CONFIG_SND_SOC_PCM1681 is not set +# CONFIG_SND_SOC_PCM1789_I2C is not set # CONFIG_SND_SOC_PCM1792A is not set # CONFIG_SND_SOC_PCM179X_I2C is not set # CONFIG_SND_SOC_PCM179X_SPI is not set +# CONFIG_SND_SOC_PCM186X_I2C is not set +# CONFIG_SND_SOC_PCM186X_SPI is not set # CONFIG_SND_SOC_PCM3168A_I2C is not set # CONFIG_SND_SOC_PCM3168A_SPI is not set # CONFIG_SND_SOC_PCM512x_I2C is not set @@ -4549,8 +4753,10 @@ CONFIG_SND_PROC_FS=y # CONFIG_SND_SOC_RT5631 is not set # CONFIG_SND_SOC_RT5677_SPI is not set # CONFIG_SND_SOC_SGTL5000 is not set +# CONFIG_SND_SOC_SIMPLE_AMPLIFIER is not set # CONFIG_SND_SOC_SIRF_AUDIO_CODEC is not set # CONFIG_SND_SOC_SPDIF is not set +# CONFIG_SND_SOC_SSM2305 is not set # CONFIG_SND_SOC_SSM2602_I2C is not set # CONFIG_SND_SOC_SSM2602_SPI is not set # CONFIG_SND_SOC_SSM4567 is not set @@ -4561,13 +4767,19 @@ CONFIG_SND_PROC_FS=y # CONFIG_SND_SOC_TAS5086 is not set # CONFIG_SND_SOC_TAS571X is not set # CONFIG_SND_SOC_TAS5720 is not set +# CONFIG_SND_SOC_TAS6424 is not set +# CONFIG_SND_SOC_TDA7419 is not set # CONFIG_SND_SOC_TFA9879 is not set # CONFIG_SND_SOC_TLV320AIC23_I2C is not set # CONFIG_SND_SOC_TLV320AIC23_SPI is not set # CONFIG_SND_SOC_TLV320AIC31XX is not set +# CONFIG_SND_SOC_TLV320AIC32X4_I2C is not set +# CONFIG_SND_SOC_TLV320AIC32X4_SPI is not set # CONFIG_SND_SOC_TLV320AIC3X is not set # CONFIG_SND_SOC_TPA6130A2 is not set # CONFIG_SND_SOC_TS3A227E is not set +# CONFIG_SND_SOC_TSCS42XX is not set +# CONFIG_SND_SOC_TSCS454 is not set # CONFIG_SND_SOC_WM8510 is not set # CONFIG_SND_SOC_WM8523 is not set # CONFIG_SND_SOC_WM8524 is not set @@ -4581,6 +4793,7 @@ CONFIG_SND_PROC_FS=y # CONFIG_SND_SOC_WM8753 is not set # CONFIG_SND_SOC_WM8770 is not set # CONFIG_SND_SOC_WM8776 is not set +# CONFIG_SND_SOC_WM8782 is not set # CONFIG_SND_SOC_WM8804_I2C is not set # CONFIG_SND_SOC_WM8804_SPI is not set # CONFIG_SND_SOC_WM8903 is not set @@ -4594,6 +4807,8 @@ CONFIG_SND_PROC_FS=y # CONFIG_SND_SONICVIBES is not set # CONFIG_SND_SPI is not set # CONFIG_SND_SSCAPE is not set +# CONFIG_SND_SST_ATOM_HIFI2_PLATFORM_ACPI is not set +# CONFIG_SND_SST_ATOM_HIFI2_PLATFORM_PCI is not set # CONFIG_SND_SUN4I_CODEC is not set # CONFIG_SND_SUPPORT_OLD_API is not set # CONFIG_SND_TIMER is not set @@ -4619,8 +4834,10 @@ CONFIG_SND_VERBOSE_PROCFS=y # CONFIG_SND_VXPOCKET is not set # CONFIG_SND_WAVEFRONT is not set CONFIG_SND_X86=y +# CONFIG_SND_XEN_FRONTEND is not set # CONFIG_SND_YMFPCI is not set # CONFIG_SNI_RM is not set +# CONFIG_SOCIONEXT_SYNQUACER_PREITS is not set # CONFIG_SOCK_CGROUP_DATA is not set # CONFIG_SOC_AM33XX is not set # CONFIG_SOC_AM43XX is not set @@ -4636,6 +4853,7 @@ CONFIG_SND_X86=y # CONFIG_SONYPI is not set # CONFIG_SONY_LAPTOP is not set # CONFIG_SOUND is not set +# CONFIG_SOUNDWIRE is not set # CONFIG_SOUND_OSS_CORE is not set # CONFIG_SOUND_PRIME is not set # CONFIG_SP5100_TCO is not set @@ -4667,6 +4885,7 @@ CONFIG_SND_X86=y # CONFIG_SPI_LM70_LLP is not set # CONFIG_SPI_LOOPBACK_TEST is not set # CONFIG_SPI_MASTER is not set +# CONFIG_SPI_MEM is not set # CONFIG_SPI_MPC52xx is not set # CONFIG_SPI_MPC52xx_PSC is not set # CONFIG_SPI_OCTEON is not set @@ -4718,12 +4937,14 @@ CONFIG_SSB_POSSIBLE=y # CONFIG_SSB_SDIOHOST is not set # CONFIG_SSB_SILENT is not set # CONFIG_SSFDC is not set +# CONFIG_STACKPROTECTOR is not set # CONFIG_STACKTRACE is not set CONFIG_STACKTRACE_SUPPORT=y # CONFIG_STACK_TRACER is not set # CONFIG_STACK_VALIDATION is not set CONFIG_STAGING=y # CONFIG_STAGING_BOARD is not set +# CONFIG_STAGING_GASKET_FRAMEWORK is not set # CONFIG_STAGING_MEDIA is not set CONFIG_STANDALONE=y # CONFIG_STATIC_KEYS_SELFTEST is not set @@ -4748,7 +4969,9 @@ CONFIG_STRICT_MODULE_RWX=y # CONFIG_STRING_SELFTEST is not set CONFIG_STRIP_ASM_SYMS=y # CONFIG_STX104 is not set +# CONFIG_ST_UVIS25 is not set # CONFIG_SUN4I_GPADC is not set +# CONFIG_SUN50I_DE2_BUS is not set # CONFIG_SUNDANCE is not set # CONFIG_SUNGEM is not set # CONFIG_SUNRPC is not set @@ -4836,15 +5059,18 @@ CONFIG_TCP_CONG_CUBIC=y # CONFIG_TEHUTI is not set # CONFIG_TERANETICS_PHY is not set # CONFIG_TEST_ASYNC_DRIVER_PROBE is not set +# CONFIG_TEST_BITFIELD is not set # CONFIG_TEST_BITMAP is not set # CONFIG_TEST_BPF is not set # CONFIG_TEST_FIRMWARE is not set # CONFIG_TEST_HASH is not set # CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_IDA is not set # CONFIG_TEST_KMOD is not set # CONFIG_TEST_KSTRTOX is not set # CONFIG_TEST_LIST_SORT is not set # CONFIG_TEST_LKM is not set +# CONFIG_TEST_OVERFLOW is not set # CONFIG_TEST_POWER is not set # CONFIG_TEST_PRINTF is not set # CONFIG_TEST_RHASHTABLE is not set @@ -4869,6 +5095,7 @@ CONFIG_TEXTSEARCH=y # CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set # CONFIG_THERMAL_GOV_USER_SPACE is not set # CONFIG_THERMAL_HWMON is not set +# CONFIG_THERMAL_STATISTICS is not set # CONFIG_THERMAL_WRITABLE_TRIPS is not set # CONFIG_THINKPAD_ACPI is not set CONFIG_THIN_ARCHIVES=y @@ -4901,6 +5128,8 @@ CONFIG_TINY_RCU=y # CONFIG_TI_CPSW is not set # CONFIG_TI_CPSW_ALE is not set # CONFIG_TI_CPTS is not set +# CONFIG_TI_DAC082S085 is not set +# CONFIG_TI_DAC5571 is not set # CONFIG_TI_DAC7512 is not set # CONFIG_TI_DAVINCI_CPDMA is not set # CONFIG_TI_DAVINCI_MDIO is not set @@ -4922,11 +5151,13 @@ CONFIG_TMPFS_XATTR=y # CONFIG_TOUCHSCREEN_AD7879 is not set # CONFIG_TOUCHSCREEN_AD7879_I2C is not set # CONFIG_TOUCHSCREEN_AD7879_SPI is not set +# CONFIG_TOUCHSCREEN_ADC is not set # CONFIG_TOUCHSCREEN_ADS7846 is not set # CONFIG_TOUCHSCREEN_AR1021_I2C is not set # CONFIG_TOUCHSCREEN_ATMEL_MXT is not set # CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set # CONFIG_TOUCHSCREEN_BU21013 is not set +# CONFIG_TOUCHSCREEN_BU21029 is not set # CONFIG_TOUCHSCREEN_CHIPONE_ICN8318 is not set # CONFIG_TOUCHSCREEN_CY8CTMG110 is not set # CONFIG_TOUCHSCREEN_CYTTSP4_CORE is not set @@ -4939,11 +5170,13 @@ CONFIG_TMPFS_XATTR=y # CONFIG_TOUCHSCREEN_EKTF2127 is not set # CONFIG_TOUCHSCREEN_ELAN is not set # CONFIG_TOUCHSCREEN_ELO is not set +# CONFIG_TOUCHSCREEN_EXC3000 is not set # CONFIG_TOUCHSCREEN_FT6236 is not set # CONFIG_TOUCHSCREEN_FUJITSU is not set # CONFIG_TOUCHSCREEN_GOODIX is not set # CONFIG_TOUCHSCREEN_GUNZE is not set # CONFIG_TOUCHSCREEN_HAMPSHIRE is not set +# CONFIG_TOUCHSCREEN_HIDEEP is not set # CONFIG_TOUCHSCREEN_ILI210X is not set # CONFIG_TOUCHSCREEN_IMX6UL_TSC is not set # CONFIG_TOUCHSCREEN_INEXIO is not set @@ -4958,6 +5191,7 @@ CONFIG_TMPFS_XATTR=y # CONFIG_TOUCHSCREEN_RM_TS is not set # CONFIG_TOUCHSCREEN_ROHM_BU21023 is not set # CONFIG_TOUCHSCREEN_S3C2410 is not set +# CONFIG_TOUCHSCREEN_S6SY761 is not set # CONFIG_TOUCHSCREEN_SILEAD is not set # CONFIG_TOUCHSCREEN_SIS_I2C is not set # CONFIG_TOUCHSCREEN_ST1232 is not set @@ -5002,6 +5236,7 @@ CONFIG_TRAD_SIGNALS=y # CONFIG_TRIM_UNUSED_KSYMS is not set # CONFIG_TRUSTED_KEYS is not set # CONFIG_TSL2583 is not set +# CONFIG_TSL2772 is not set # CONFIG_TSL2x7x is not set # CONFIG_TSL4531 is not set # CONFIG_TSYS01 is not set @@ -5015,6 +5250,7 @@ CONFIG_TTY=y # CONFIG_TWL4030_MADC is not set # CONFIG_TWL6030_GPADC is not set # CONFIG_TWL6040_CORE is not set +# CONFIG_TYPEC is not set # CONFIG_TYPEC_TCPM is not set # CONFIG_TYPEC_UCSI is not set # CONFIG_TYPHOON is not set @@ -5023,6 +5259,7 @@ CONFIG_TTY=y # CONFIG_UBIFS_FS_ENCRYPTION is not set CONFIG_UBIFS_FS_FORMAT4=y # CONFIG_UBIFS_FS_SECURITY is not set +# CONFIG_UBIFS_FS_XATTR is not set # CONFIG_UBSAN is not set # CONFIG_UCB1400_CORE is not set # CONFIG_UCSI is not set @@ -5036,6 +5273,8 @@ CONFIG_UID16=y # CONFIG_UIO is not set # CONFIG_ULTRA is not set # CONFIG_ULTRIX_PARTITION is not set +# CONFIG_UNISYSSPAR is not set +# CONFIG_UNISYS_VISORBUS is not set CONFIG_UNIX=y CONFIG_UNIX98_PTYS=y # CONFIG_UNIXWARE_DISKLABEL is not set @@ -5081,6 +5320,7 @@ CONFIG_USB_DEFAULT_PERSIST=y # CONFIG_USB_DWC2_PERIPHERAL is not set # CONFIG_USB_DWC3 is not set # CONFIG_USB_DWC3_EXYNOS is not set +# CONFIG_USB_DWC3_HAPS is not set # CONFIG_USB_DWC3_KEYSTONE is not set # CONFIG_USB_DWC3_OF_SIMPLE is not set # CONFIG_USB_DWC3_PCI is not set @@ -5379,6 +5619,7 @@ CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y # CONFIG_USB_WHCI_HCD is not set # CONFIG_USB_WUSB is not set # CONFIG_USB_WUSB_CBAF is not set +# CONFIG_USB_XHCI_DBGCAP is not set # CONFIG_USB_XHCI_HCD is not set # CONFIG_USB_XUSBATM is not set # CONFIG_USB_YUREX is not set @@ -5393,6 +5634,7 @@ CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y # CONFIG_U_SERIAL_CONSOLE is not set # CONFIG_V4L_MEM2MEM_DRIVERS is not set # CONFIG_V4L_TEST_DRIVERS is not set +# CONFIG_VBOXGUEST is not set # CONFIG_VCNL4000 is not set # CONFIG_VDSO is not set # CONFIG_VEML6070 is not set @@ -5421,6 +5663,7 @@ CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y # CONFIG_VIDEO_BT848 is not set # CONFIG_VIDEO_BT856 is not set # CONFIG_VIDEO_BT866 is not set +# CONFIG_VIDEO_CADENCE is not set # CONFIG_VIDEO_CAFE_CCIC is not set # CONFIG_VIDEO_CS3308 is not set # CONFIG_VIDEO_CS5345 is not set @@ -5438,6 +5681,7 @@ CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y # CONFIG_VIDEO_HDPVR is not set # CONFIG_VIDEO_HEXIUM_GEMINI is not set # CONFIG_VIDEO_HEXIUM_ORION is not set +# CONFIG_VIDEO_I2C is not set # CONFIG_VIDEO_IR_I2C is not set # CONFIG_VIDEO_IVTV is not set # CONFIG_VIDEO_KS0127 is not set @@ -5445,16 +5689,22 @@ CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y # CONFIG_VIDEO_ML86V7667 is not set # CONFIG_VIDEO_MSP3400 is not set # CONFIG_VIDEO_MT9M111 is not set +# CONFIG_VIDEO_MT9T112 is not set # CONFIG_VIDEO_MT9V011 is not set +# CONFIG_VIDEO_MT9V111 is not set # CONFIG_VIDEO_MXB is not set # CONFIG_VIDEO_NOON010PC30 is not set # CONFIG_VIDEO_OMAP2_VOUT is not set # CONFIG_VIDEO_OV2640 is not set # CONFIG_VIDEO_OV2659 is not set +# CONFIG_VIDEO_OV5695 is not set # CONFIG_VIDEO_OV6650 is not set # CONFIG_VIDEO_OV7640 is not set # CONFIG_VIDEO_OV7670 is not set +# CONFIG_VIDEO_OV772X is not set +# CONFIG_VIDEO_OV7740 is not set # CONFIG_VIDEO_PVRUSB2 is not set +# CONFIG_VIDEO_RJ54N1 is not set # CONFIG_VIDEO_SAA6588 is not set # CONFIG_VIDEO_SAA6752HS is not set # CONFIG_VIDEO_SAA7110 is not set @@ -5482,6 +5732,7 @@ CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y # CONFIG_VIDEO_TW2804 is not set # CONFIG_VIDEO_TW9903 is not set # CONFIG_VIDEO_TW9906 is not set +# CONFIG_VIDEO_TW9910 is not set # CONFIG_VIDEO_UDA1342 is not set # CONFIG_VIDEO_UPD64031A is not set # CONFIG_VIDEO_UPD64083 is not set @@ -5497,6 +5748,7 @@ CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y # CONFIG_VIRTIO_BALLOON is not set # CONFIG_VIRTIO_BLK_SCSI is not set # CONFIG_VIRTIO_INPUT is not set +CONFIG_VIRTIO_MENU=y # CONFIG_VIRTIO_MMIO is not set # CONFIG_VIRTIO_PCI is not set # CONFIG_VIRTUALIZATION is not set @@ -5520,6 +5772,7 @@ CONFIG_VMSPLIT_3G=y # CONFIG_VOP_BUS is not set # CONFIG_VORTEX is not set # CONFIG_VSOCKETS is not set +# CONFIG_VSOCKETS_DIAG is not set # CONFIG_VT is not set # CONFIG_VT6655 is not set # CONFIG_VT6656 is not set @@ -5548,6 +5801,7 @@ CONFIG_VMSPLIT_3G=y # CONFIG_W1_SLAVE_DS2781 is not set # CONFIG_W1_SLAVE_DS2805 is not set # CONFIG_W1_SLAVE_DS28E04 is not set +# CONFIG_W1_SLAVE_DS28E17 is not set # CONFIG_W1_SLAVE_SMEM is not set # CONFIG_W1_SLAVE_THERM is not set # CONFIG_W83627HF_WDT is not set @@ -5608,8 +5862,13 @@ CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y # CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set # CONFIG_X86_PKG_TEMP_THERMAL is not set CONFIG_X86_SYSFB=y +# CONFIG_XDP_SOCKETS is not set # CONFIG_XEN is not set +# CONFIG_XEN_GRANT_DMA_ALLOC is not set +# CONFIG_XEN_PVCALLS_FRONTEND is not set +CONFIG_XEN_SCRUB_PAGES_DEFAULT=y CONFIG_XFRM=y +# CONFIG_XFRM_INTERFACE is not set # CONFIG_XFRM_IPCOMP is not set # CONFIG_XFRM_MIGRATE is not set # CONFIG_XFRM_STATISTICS is not set @@ -5617,6 +5876,7 @@ CONFIG_XFRM=y # CONFIG_XFRM_USER is not set # CONFIG_XFS_DEBUG is not set # CONFIG_XFS_FS is not set +# CONFIG_XFS_ONLINE_SCRUB is not set # CONFIG_XFS_POSIX_ACL is not set # CONFIG_XFS_QUOTA is not set # CONFIG_XFS_RT is not set @@ -5626,9 +5886,11 @@ CONFIG_XFRM=y # CONFIG_XILINX_EMACLITE is not set # CONFIG_XILINX_GMII2RGMII is not set # CONFIG_XILINX_LL_TEMAC is not set +# CONFIG_XILINX_VCU is not set # CONFIG_XILINX_WATCHDOG is not set # CONFIG_XILINX_ZYNQMP_DMA is not set # CONFIG_XILLYBUS is not set +# CONFIG_XIL_AXIS_FIFO is not set # CONFIG_XIP_KERNEL is not set # CONFIG_XMON is not set CONFIG_XZ_DEC=y @@ -5656,8 +5918,10 @@ CONFIG_XZ_DEC=y # CONFIG_ZLIB_DEFLATE is not set # CONFIG_ZLIB_INFLATE is not set CONFIG_ZONE_DMA=y +# CONFIG_ZOPT2201 is not set # CONFIG_ZPA2326 is not set # CONFIG_ZPOOL is not set # CONFIG_ZRAM is not set +# CONFIG_ZRAM_MEMORY_TRACKING is not set # CONFIG_ZSMALLOC is not set # CONFIG_ZX_TDM is not set diff --git a/target/linux/generic/files/drivers/net/phy/swconfig_leds.c b/target/linux/generic/files/drivers/net/phy/swconfig_leds.c index 91824b7cf6..e982cb7b58 100644 --- a/target/linux/generic/files/drivers/net/phy/swconfig_leds.c +++ b/target/linux/generic/files/drivers/net/phy/swconfig_leds.c @@ -274,19 +274,16 @@ static ssize_t swconfig_trig_mode_store(struct device *dev, static DEVICE_ATTR(mode, 0644, swconfig_trig_mode_show, swconfig_trig_mode_store); -static void +static int swconfig_trig_activate(struct led_classdev *led_cdev) { struct switch_led_trigger *sw_trig; struct swconfig_trig_data *trig_data; int err; - if (led_cdev->trigger->activate != swconfig_trig_activate) - return; - trig_data = kzalloc(sizeof(struct swconfig_trig_data), GFP_KERNEL); if (!trig_data) - return; + return -ENOMEM; sw_trig = (void *) led_cdev->trigger; @@ -309,7 +306,7 @@ swconfig_trig_activate(struct led_classdev *led_cdev) if (err) goto err_mode_free; - return; + return 0; err_mode_free: device_remove_file(led_cdev->dev, &dev_attr_speed_mask); @@ -320,7 +317,17 @@ err_dev_free: err_free: led_cdev->trigger_data = NULL; kfree(trig_data); + + return err; +} + +#if LINUX_VERSION_CODE < KERNEL_VERSION(4,19,0) +static void +swconfig_trig_activate_void(struct led_classdev *led_cdev) +{ + swconfig_trig_activate(led_cdev); } +#endif static void swconfig_trig_deactivate(struct led_classdev *led_cdev) @@ -516,7 +523,11 @@ swconfig_create_led_trigger(struct switch_dev *swdev) sw_trig->swdev = swdev; sw_trig->trig.name = swdev->devname; +#if LINUX_VERSION_CODE < KERNEL_VERSION(4,19,0) + sw_trig->trig.activate = swconfig_trig_activate_void; +#else sw_trig->trig.activate = swconfig_trig_activate; +#endif sw_trig->trig.deactivate = swconfig_trig_deactivate; INIT_DELAYED_WORK(&sw_trig->sw_led_work, swconfig_led_work_func); diff --git a/target/linux/generic/hack-4.19/202-reduce_module_size.patch b/target/linux/generic/hack-4.19/202-reduce_module_size.patch index 2cbb6add9a..644a18c99c 100644 --- a/target/linux/generic/hack-4.19/202-reduce_module_size.patch +++ b/target/linux/generic/hack-4.19/202-reduce_module_size.patch @@ -13,12 +13,12 @@ Signed-off-by: Felix Fietkau --- a/Makefile +++ b/Makefile -@@ -425,7 +425,7 @@ KBUILD_AFLAGS_KERNEL := +@@ -427,7 +427,7 @@ KBUILD_AFLAGS_KERNEL := KBUILD_CFLAGS_KERNEL := KBUILD_AFLAGS_MODULE := -DMODULE KBUILD_CFLAGS_MODULE := -DMODULE -KBUILD_LDFLAGS_MODULE := -T $(srctree)/scripts/module-common.lds +KBUILD_LDFLAGS_MODULE = -T $(srctree)/scripts/module-common.lds $(if $(CONFIG_PROFILING),,-s) + KBUILD_LDFLAGS := GCC_PLUGINS_CFLAGS := - export ARCH SRCARCH SUBARCH CONFIG_SHELL HOSTCC HOSTCFLAGS CROSS_COMPILE AS LD diff --git a/target/linux/generic/hack-4.19/204-module_strip.patch b/target/linux/generic/hack-4.19/204-module_strip.patch index db65062fcf..c30bfd5c9b 100644 --- a/target/linux/generic/hack-4.19/204-module_strip.patch +++ b/target/linux/generic/hack-4.19/204-module_strip.patch @@ -14,7 +14,7 @@ Signed-off-by: Felix Fietkau --- a/include/linux/module.h +++ b/include/linux/module.h -@@ -158,6 +158,7 @@ extern void cleanup_module(void); +@@ -160,6 +160,7 @@ extern void cleanup_module(void); /* Generic info of form tag = "info" */ #define MODULE_INFO(tag, info) __MODULE_INFO(tag, tag, info) @@ -22,7 +22,7 @@ Signed-off-by: Felix Fietkau /* For userspace: you can also call me... */ #define MODULE_ALIAS(_alias) MODULE_INFO(alias, _alias) -@@ -201,12 +202,12 @@ extern void cleanup_module(void); +@@ -203,12 +204,12 @@ extern void cleanup_module(void); * Author(s), use "Name " or just "Name", for multiple * authors use multiple MODULE_AUTHOR() statements/lines. */ @@ -38,7 +38,7 @@ Signed-off-by: Felix Fietkau /* Creates an alias so file2alias.c can find device table. */ #define MODULE_DEVICE_TABLE(type, name) \ extern typeof(name) __mod_##type##__##name##_device_table \ -@@ -233,7 +234,9 @@ extern typeof(name) __mod_##type##__##na +@@ -235,7 +236,9 @@ extern typeof(name) __mod_##type##__##na */ #if defined(MODULE) || !defined(CONFIG_SYSFS) @@ -49,7 +49,7 @@ Signed-off-by: Felix Fietkau #else #define MODULE_VERSION(_version) \ static struct module_version_attribute ___modver_attr = { \ -@@ -255,7 +258,7 @@ extern typeof(name) __mod_##type##__##na +@@ -257,7 +260,7 @@ extern typeof(name) __mod_##type##__##na /* Optional firmware file (or files) needed by the module * format is simply firmware file name. Multiple firmware * files require multiple MODULE_FIRMWARE() specifiers */ @@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau --- a/init/Kconfig +++ b/init/Kconfig -@@ -1903,6 +1903,13 @@ config TRIM_UNUSED_KSYMS +@@ -1988,6 +1988,13 @@ config TRIM_UNUSED_KSYMS If unsure, or if you need to build out-of-tree modules, say N. @@ -114,7 +114,7 @@ Signed-off-by: Felix Fietkau config MODULES_TREE_LOOKUP --- a/kernel/module.c +++ b/kernel/module.c -@@ -3006,9 +3006,11 @@ static struct module *setup_load_info(st +@@ -3002,9 +3002,11 @@ static int setup_load_info(struct load_i static int check_modinfo(struct module *mod, struct load_info *info, int flags) { @@ -127,7 +127,7 @@ Signed-off-by: Felix Fietkau if (flags & MODULE_INIT_IGNORE_VERMAGIC) modmagic = NULL; -@@ -3029,6 +3031,7 @@ static int check_modinfo(struct module * +@@ -3025,6 +3027,7 @@ static int check_modinfo(struct module * mod->name); add_taint_module(mod, TAINT_OOT_MODULE, LOCKDEP_STILL_OK); } @@ -137,7 +137,7 @@ Signed-off-by: Felix Fietkau --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c -@@ -1982,7 +1982,9 @@ static void read_symbols(char *modname) +@@ -1969,7 +1969,9 @@ static void read_symbols(const char *mod symname = remove_dot(info.strtab + sym->st_name); handle_modversions(mod, &info, sym, symname); @@ -145,11 +145,11 @@ Signed-off-by: Felix Fietkau handle_moddevtable(mod, &info, sym, symname); +#endif } - if (!is_vmlinux(modname) || - (is_vmlinux(modname) && vmlinux_section_warnings)) -@@ -2143,8 +2145,10 @@ static void add_header(struct buffer *b, - buf_printf(b, "#include \n"); - buf_printf(b, "#include \n"); + if (!is_vmlinux(modname) || vmlinux_section_warnings) + check_sec_ref(mod, modname, &info); +@@ -2132,8 +2134,10 @@ static void add_header(struct buffer *b, + buf_printf(b, "\n"); + buf_printf(b, "BUILD_SALT;\n"); buf_printf(b, "\n"); +#ifndef CONFIG_MODULE_STRIPPED buf_printf(b, "MODULE_INFO(vermagic, VERMAGIC_STRING);\n"); @@ -158,7 +158,7 @@ Signed-off-by: Felix Fietkau buf_printf(b, "\n"); buf_printf(b, "__visible struct module __this_module\n"); buf_printf(b, "__attribute__((section(\".gnu.linkonce.this_module\"))) = {\n"); -@@ -2161,8 +2165,10 @@ static void add_header(struct buffer *b, +@@ -2150,8 +2154,10 @@ static void add_header(struct buffer *b, static void add_intree_flag(struct buffer *b, int is_intree) { @@ -169,20 +169,18 @@ Signed-off-by: Felix Fietkau } /* Cannot check for assembler */ -@@ -2175,10 +2181,12 @@ static void add_retpoline(struct buffer +@@ -2164,8 +2170,10 @@ static void add_retpoline(struct buffer static void add_staging_flag(struct buffer *b, const char *name) { +#ifndef CONFIG_MODULE_STRIPPED - static const char *staging_dir = "drivers/staging"; - - if (strncmp(staging_dir, name, strlen(staging_dir)) == 0) + if (strstarts(name, "drivers/staging")) buf_printf(b, "\nMODULE_INFO(staging, \"Y\");\n"); +#endif } /** -@@ -2277,11 +2285,13 @@ static void add_depends(struct buffer *b +@@ -2264,11 +2272,13 @@ static void add_depends(struct buffer *b static void add_srcversion(struct buffer *b, struct module *mod) { @@ -196,7 +194,7 @@ Signed-off-by: Felix Fietkau } static void write_if_changed(struct buffer *b, const char *fname) -@@ -2518,7 +2528,9 @@ int main(int argc, char **argv) +@@ -2505,7 +2515,9 @@ int main(int argc, char **argv) add_staging_flag(&buf, mod->name); err |= add_versions(&buf, mod); add_depends(&buf, mod, modules); diff --git a/target/linux/generic/hack-4.19/207-disable-modorder.patch b/target/linux/generic/hack-4.19/207-disable-modorder.patch index 0619dcaa7b..7d7b6a8dfb 100644 --- a/target/linux/generic/hack-4.19/207-disable-modorder.patch +++ b/target/linux/generic/hack-4.19/207-disable-modorder.patch @@ -15,7 +15,7 @@ Signed-off-by: Felix Fietkau --- a/Makefile +++ b/Makefile -@@ -1237,7 +1237,6 @@ all: modules +@@ -1224,7 +1224,6 @@ all: modules PHONY += modules modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin @@ -23,7 +23,7 @@ Signed-off-by: Felix Fietkau @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1266,7 +1265,6 @@ _modinst_: +@@ -1253,7 +1252,6 @@ _modinst_: rm -f $(MODLIB)/build ; \ ln -s $(CURDIR) $(MODLIB)/build ; \ fi @@ -33,7 +33,7 @@ Signed-off-by: Felix Fietkau --- a/scripts/Makefile.build +++ b/scripts/Makefile.build -@@ -94,7 +94,7 @@ modorder-target := $(obj)/modules.order +@@ -78,7 +78,7 @@ modorder-target := $(obj)/modules.order # We keep a list of all modules in $(MODVERDIR) __build: $(if $(KBUILD_BUILTIN),$(builtin-target) $(lib-target) $(extra-y)) \ diff --git a/target/linux/generic/hack-4.19/210-darwin_scripts_include.patch b/target/linux/generic/hack-4.19/210-darwin_scripts_include.patch index 95c7ea4232..be6adc0d11 100644 --- a/target/linux/generic/hack-4.19/210-darwin_scripts_include.patch +++ b/target/linux/generic/hack-4.19/210-darwin_scripts_include.patch @@ -13,18 +13,6 @@ Signed-off-by: Florian Fainelli 4 files changed, 3018 insertions(+) create mode 100644 scripts/mod/elf.h ---- a/scripts/kconfig/Makefile -+++ b/scripts/kconfig/Makefile -@@ -164,6 +164,9 @@ check-lxdialog := $(srctree)/$(src)/lxd - # we really need to do so. (Do not call gcc as part of make mrproper) - HOST_EXTRACFLAGS += $(shell $(CONFIG_SHELL) $(check-lxdialog) -ccflags) \ - -DLOCALE -+ifeq ($(shell uname -s),Darwin) -+HOST_LOADLIBES += -lncurses -+endif - - # =========================================================================== - # Shared Makefile for the various kconfig executables: --- /dev/null +++ b/scripts/mod/elf.h @@ -0,0 +1,3007 @@ diff --git a/target/linux/generic/hack-4.19/211-host_tools_portability.patch b/target/linux/generic/hack-4.19/211-host_tools_portability.patch index d806df8a5f..f3c285879c 100644 --- a/target/linux/generic/hack-4.19/211-host_tools_portability.patch +++ b/target/linux/generic/hack-4.19/211-host_tools_portability.patch @@ -16,7 +16,7 @@ Signed-off-by: Felix Fietkau ### ## HOSTCC C flags --host_c_flags = -Wp,-MD,$(depfile) -Wp,-MT,$@ $(CHOSTFLAGS) -D"BUILD_STR(s)=\#s" $(CHOSTFLAGS_$(basetarget).o) $(CHOSTFLAGS_$(obj)) +-host_c_flags = -Wp,-MD,$(depfile) -Wp,-MT,$@ $(KBUILD_HOSTCFLAGS) -D"BUILD_STR(s)=\#s" $(HOSTCFLAGS_$(basetarget).o) $(HOSTCFLAGS_$(obj)) +host_c_flags = -MD -MF $(depfile) -MT $@ $(CHOSTFLAGS) -D"BUILD_STR(s)=\#s" $(CHOSTFLAGS_$(basetarget).o) $(CHOSTFLAGS_$(obj)) --- a/tools/perf/pmu-events/jevents.c +++ b/tools/perf/pmu-events/jevents.c diff --git a/target/linux/generic/hack-4.19/220-gc_sections.patch b/target/linux/generic/hack-4.19/220-gc_sections.patch index d257232403..17fcc5cbd2 100644 --- a/target/linux/generic/hack-4.19/220-gc_sections.patch +++ b/target/linux/generic/hack-4.19/220-gc_sections.patch @@ -21,43 +21,43 @@ Signed-off-by: Gabor Juhos --- a/Makefile +++ b/Makefile -@@ -272,6 +272,11 @@ else +@@ -294,6 +294,11 @@ else scripts/Kbuild.include: ; include scripts/Kbuild.include +ifdef CONFIG_LD_DEAD_CODE_DATA_ELIMINATION -+KBUILD_CFLAGS_KERNEL += $(call cc-option,-ffunction-sections,) -+KBUILD_CFLAGS_KERNEL += $(call cc-option,-fdata-sections,) ++KBUILD_CFLAGS_KERNEL += -ffunction-sections -fdata-sections ++LDFLAGS_vmlinux += --gc-sections +endif + # Read KERNELRELEASE from include/config/kernel.release (if it exists) KERNELRELEASE = $(shell cat include/config/kernel.release 2> /dev/null) KERNELVERSION = $(VERSION)$(if $(PATCHLEVEL),.$(PATCHLEVEL)$(if $(SUBLEVEL),.$(SUBLEVEL)))$(EXTRAVERSION) -@@ -788,11 +793,6 @@ ifdef CONFIG_DEBUG_SECTION_MISMATCH +@@ -785,11 +790,6 @@ ifdef CONFIG_DEBUG_SECTION_MISMATCH KBUILD_CFLAGS += $(call cc-option, -fno-inline-functions-called-once) endif -ifdef CONFIG_LD_DEAD_CODE_DATA_ELIMINATION --KBUILD_CFLAGS += $(call cc-option,-ffunction-sections,) --KBUILD_CFLAGS += $(call cc-option,-fdata-sections,) +-KBUILD_CFLAGS_KERNEL += -ffunction-sections -fdata-sections +-LDFLAGS_vmlinux += --gc-sections -endif - # arch Makefile may override CC so keep this after arch Makefile is included NOSTDINC_FLAGS += -nostdinc -isystem $(shell $(CC) -print-file-name=include) - CHECKFLAGS += $(NOSTDINC_FLAGS) + --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig -@@ -91,6 +91,7 @@ config ARM +@@ -98,6 +98,7 @@ config ARM select HAVE_UID16 select HAVE_VIRT_CPU_ACCOUNTING_GEN select IRQ_FORCED_THREADING -+ select LD_DEAD_CODE_DATA_ELIMINATION ++ select HAVE_LD_DEAD_CODE_DATA_ELIMINATION select MODULES_USE_ELF_REL + select NEED_DMA_MAP_STATE select NO_BOOTMEM - select OF_EARLY_FLATTREE if OF --- a/arch/arm/boot/compressed/Makefile +++ b/arch/arm/boot/compressed/Makefile -@@ -103,6 +103,7 @@ ifeq ($(CONFIG_FUNCTION_TRACER),y) +@@ -106,6 +106,7 @@ ifeq ($(CONFIG_FUNCTION_TRACER),y) ORIG_CFLAGS := $(KBUILD_CFLAGS) KBUILD_CFLAGS = $(subst -pg, , $(ORIG_CFLAGS)) endif @@ -67,80 +67,7 @@ Signed-off-by: Gabor Juhos # but it is being used too early to link to meaningful stack_chk logic. --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S -@@ -18,7 +18,7 @@ - #define PROC_INFO \ - . = ALIGN(4); \ - VMLINUX_SYMBOL(__proc_info_begin) = .; \ -- *(.proc.info.init) \ -+ KEEP(*(.proc.info.init)) \ - VMLINUX_SYMBOL(__proc_info_end) = .; - - #define HYPERVISOR_TEXT \ -@@ -29,11 +29,11 @@ - #define IDMAP_TEXT \ - ALIGN_FUNCTION(); \ - VMLINUX_SYMBOL(__idmap_text_start) = .; \ -- *(.idmap.text) \ -+ KEEP(*(.idmap.text)) \ - VMLINUX_SYMBOL(__idmap_text_end) = .; \ - . = ALIGN(PAGE_SIZE); \ - VMLINUX_SYMBOL(__hyp_idmap_text_start) = .; \ -- *(.hyp.idmap.text) \ -+ KEEP(*(.hyp.idmap.text)) \ - VMLINUX_SYMBOL(__hyp_idmap_text_end) = .; - - #ifdef CONFIG_HOTPLUG_CPU -@@ -106,7 +106,7 @@ SECTIONS - _stext = .; /* Text and read-only data */ - IDMAP_TEXT - __exception_text_start = .; -- *(.exception.text) -+ KEEP(*(.exception.text)) - __exception_text_end = .; - IRQENTRY_TEXT - SOFTIRQENTRY_TEXT -@@ -135,7 +135,7 @@ SECTIONS - __ex_table : AT(ADDR(__ex_table) - LOAD_OFFSET) { - __start___ex_table = .; - #ifdef CONFIG_MMU -- *(__ex_table) -+ KEEP(*(__ex_table)) - #endif - __stop___ex_table = .; - } -@@ -147,12 +147,12 @@ SECTIONS - . = ALIGN(8); - .ARM.unwind_idx : { - __start_unwind_idx = .; -- *(.ARM.exidx*) -+ KEEP(*(.ARM.exidx*)) - __stop_unwind_idx = .; - } - .ARM.unwind_tab : { - __start_unwind_tab = .; -- *(.ARM.extab*) -+ KEEP(*(.ARM.extab*)) - __stop_unwind_tab = .; - } - #endif -@@ -172,14 +172,14 @@ SECTIONS - */ - __vectors_start = .; - .vectors 0xffff0000 : AT(__vectors_start) { -- *(.vectors) -+ KEEP(*(.vectors)) - } - . = __vectors_start + SIZEOF(.vectors); - __vectors_end = .; - - __stubs_start = .; - .stubs ADDR(.vectors) + 0x1000 : AT(__stubs_start) { -- *(.stubs) -+ KEEP(*(.stubs)) - } - . = __stubs_start + SIZEOF(.stubs); - __stubs_end = .; -@@ -195,24 +195,24 @@ SECTIONS +@@ -100,24 +100,24 @@ SECTIONS } .init.arch.info : { __arch_info_begin = .; @@ -168,14 +95,78 @@ Signed-off-by: Gabor Juhos + KEEP(*(.pv_table)) __pv_table_end = .; } - .init.data : { + +--- a/arch/arm/kernel/vmlinux.lds.h ++++ b/arch/arm/kernel/vmlinux.lds.h +@@ -22,13 +22,13 @@ + #define ARM_MMU_DISCARD(x) + #else + #define ARM_MMU_KEEP(x) +-#define ARM_MMU_DISCARD(x) x ++#define ARM_MMU_DISCARD(x) KEEP(x) + #endif + + #define PROC_INFO \ + . = ALIGN(4); \ + __proc_info_begin = .; \ +- *(.proc.info.init) \ ++ KEEP(*(.proc.info.init)) \ + __proc_info_end = .; + + #define HYPERVISOR_TEXT \ +@@ -39,11 +39,11 @@ + #define IDMAP_TEXT \ + ALIGN_FUNCTION(); \ + __idmap_text_start = .; \ +- *(.idmap.text) \ ++ KEEP(*(.idmap.text)) \ + __idmap_text_end = .; \ + . = ALIGN(PAGE_SIZE); \ + __hyp_idmap_text_start = .; \ +- *(.hyp.idmap.text) \ ++ KEEP(*(.hyp.idmap.text)) \ + __hyp_idmap_text_end = .; + + #define ARM_DISCARD \ +@@ -86,12 +86,12 @@ + . = ALIGN(8); \ + .ARM.unwind_idx : { \ + __start_unwind_idx = .; \ +- *(.ARM.exidx*) \ ++ KEEP(*(.ARM.exidx*)) \ + __stop_unwind_idx = .; \ + } \ + .ARM.unwind_tab : { \ + __start_unwind_tab = .; \ +- *(.ARM.extab*) \ ++ KEEP(*(.ARM.extab*)) \ + __stop_unwind_tab = .; \ + } + +@@ -102,14 +102,14 @@ + #define ARM_VECTORS \ + __vectors_start = .; \ + .vectors 0xffff0000 : AT(__vectors_start) { \ +- *(.vectors) \ ++ KEEP(*(.vectors)) \ + } \ + . = __vectors_start + SIZEOF(.vectors); \ + __vectors_end = .; \ + \ + __stubs_start = .; \ + .stubs ADDR(.vectors) + 0x1000 : AT(__stubs_start) { \ +- *(.stubs) \ ++ KEEP(*(.stubs)) \ + } \ + . = __stubs_start + SIZEOF(.stubs); \ + __stubs_end = .; \ --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig -@@ -40,6 +40,7 @@ config MIPS +@@ -43,6 +43,7 @@ config MIPS + select HAVE_ARCH_TRANSPARENT_HUGEPAGE if CPU_SUPPORTS_HUGEPAGES && 64BIT select HAVE_CBPF_JIT if (!64BIT && !CPU_MICROMIPS) select HAVE_EBPF_JIT if (64BIT && !CPU_MICROMIPS) - select HAVE_CC_STACKPROTECTOR -+ select LD_DEAD_CODE_DATA_ELIMINATION ++ select HAVE_LD_DEAD_CODE_DATA_ELIMINATION select HAVE_CONTEXT_TRACKING select HAVE_COPY_THREAD_TLS select HAVE_C_RECORDMCOUNT @@ -199,60 +190,3 @@ Signed-off-by: Gabor Juhos __mips_machines_end = .; } ---- a/include/asm-generic/vmlinux.lds.h -+++ b/include/asm-generic/vmlinux.lds.h -@@ -105,7 +105,7 @@ - #ifdef CONFIG_FTRACE_MCOUNT_RECORD - #define MCOUNT_REC() . = ALIGN(8); \ - VMLINUX_SYMBOL(__start_mcount_loc) = .; \ -- *(__mcount_loc) \ -+ KEEP(*(__mcount_loc)) \ - VMLINUX_SYMBOL(__stop_mcount_loc) = .; - #else - #define MCOUNT_REC() -@@ -113,7 +113,7 @@ - - #ifdef CONFIG_TRACE_BRANCH_PROFILING - #define LIKELY_PROFILE() VMLINUX_SYMBOL(__start_annotated_branch_profile) = .; \ -- *(_ftrace_annotated_branch) \ -+ KEEP(*(_ftrace_annotated_branch)) \ - VMLINUX_SYMBOL(__stop_annotated_branch_profile) = .; - #else - #define LIKELY_PROFILE() -@@ -121,7 +121,7 @@ - - #ifdef CONFIG_PROFILE_ALL_BRANCHES - #define BRANCH_PROFILE() VMLINUX_SYMBOL(__start_branch_profile) = .; \ -- *(_ftrace_branch) \ -+ KEEP(*(_ftrace_branch)) \ - VMLINUX_SYMBOL(__stop_branch_profile) = .; - #else - #define BRANCH_PROFILE() -@@ -237,7 +237,8 @@ - LIKELY_PROFILE() \ - BRANCH_PROFILE() \ - TRACE_PRINTKS() \ -- TRACEPOINT_STR() -+ TRACEPOINT_STR() \ -+ *(.data.[a-zA-Z_]*) - - /* - * Data section helpers -@@ -496,7 +497,7 @@ - #define ENTRY_TEXT \ - ALIGN_FUNCTION(); \ - VMLINUX_SYMBOL(__entry_text_start) = .; \ -- *(.entry.text) \ -+ KEEP(*(.entry.text)) \ - VMLINUX_SYMBOL(__entry_text_end) = .; - - #define IRQENTRY_TEXT \ -@@ -603,7 +604,7 @@ - . = ALIGN(sbss_align); \ - .sbss : AT(ADDR(.sbss) - LOAD_OFFSET) { \ - *(.dynsbss) \ -- *(.sbss) \ -+ *(.sbss .sbss.*) \ - *(.scommon) \ - } - diff --git a/target/linux/generic/hack-4.19/221-module_exports.patch b/target/linux/generic/hack-4.19/221-module_exports.patch index 250bf1180f..cd5ae5830c 100644 --- a/target/linux/generic/hack-4.19/221-module_exports.patch +++ b/target/linux/generic/hack-4.19/221-module_exports.patch @@ -27,27 +27,27 @@ Signed-off-by: Felix Fietkau +#define SYMTAB_DISCARD_GPL +#endif + - #include - /* Align . to a 8 byte boundary equals to maximum function alignment. */ -@@ -341,14 +351,14 @@ + #define ALIGN_FUNCTION() . = ALIGN(8) + +@@ -372,14 +382,14 @@ /* Kernel symbol table: Normal symbols */ \ __ksymtab : AT(ADDR(__ksymtab) - LOAD_OFFSET) { \ - VMLINUX_SYMBOL(__start___ksymtab) = .; \ + __start___ksymtab = .; \ - KEEP(*(SORT(___ksymtab+*))) \ + SYMTAB_KEEP \ - VMLINUX_SYMBOL(__stop___ksymtab) = .; \ + __stop___ksymtab = .; \ } \ \ /* Kernel symbol table: GPL-only symbols */ \ __ksymtab_gpl : AT(ADDR(__ksymtab_gpl) - LOAD_OFFSET) { \ - VMLINUX_SYMBOL(__start___ksymtab_gpl) = .; \ + __start___ksymtab_gpl = .; \ - KEEP(*(SORT(___ksymtab_gpl+*))) \ + SYMTAB_KEEP_GPL \ - VMLINUX_SYMBOL(__stop___ksymtab_gpl) = .; \ + __stop___ksymtab_gpl = .; \ } \ \ -@@ -410,7 +420,7 @@ +@@ -441,7 +451,7 @@ \ /* Kernel symbol table: strings */ \ __ksymtab_strings : AT(ADDR(__ksymtab_strings) - LOAD_OFFSET) { \ @@ -56,7 +56,7 @@ Signed-off-by: Felix Fietkau } \ \ /* __*init sections */ \ -@@ -793,6 +803,8 @@ +@@ -841,6 +851,8 @@ EXIT_TEXT \ EXIT_DATA \ EXIT_CALL \ @@ -67,8 +67,8 @@ Signed-off-by: Felix Fietkau } --- a/include/linux/export.h +++ b/include/linux/export.h -@@ -60,12 +60,19 @@ extern struct module __this_module; - #define __CRC_SYMBOL(sym, sec) +@@ -74,12 +74,19 @@ struct kernel_symbol { + }; #endif +#ifdef MODULE @@ -82,15 +82,15 @@ Signed-off-by: Felix Fietkau extern typeof(sym) sym; \ __CRC_SYMBOL(sym, sec) \ static const char __kstrtab_##sym[] \ -- __attribute__((section("__ksymtab_strings"), aligned(1))) \ +- __attribute__((section("__ksymtab_strings"), used, aligned(1))) \ + __attribute__((section("__ksymtab_strings" \ -+ __EXPORT_SUFFIX(sym)), aligned(1))) \ - = VMLINUX_SYMBOL_STR(sym); \ - static const struct kernel_symbol __ksymtab_##sym \ - __used \ ++ __EXPORT_SUFFIX(sym)), used, aligned(1))) \ + = #sym; \ + __KSYMTAB_ENTRY(sym, sec) + --- a/scripts/Makefile.build +++ b/scripts/Makefile.build -@@ -432,7 +432,7 @@ targets += $(extra-y) $(MAKECMDGOALS) $( +@@ -408,7 +408,7 @@ targets += $(extra-y) $(MAKECMDGOALS) $( # Linker scripts preprocessor (.lds.S -> .lds) # --------------------------------------------------------------------------- quiet_cmd_cpp_lds_S = LDS $@ diff --git a/target/linux/generic/hack-4.19/230-openwrt_lzma_options.patch b/target/linux/generic/hack-4.19/230-openwrt_lzma_options.patch index 3ae578c271..b45ed1184f 100644 --- a/target/linux/generic/hack-4.19/230-openwrt_lzma_options.patch +++ b/target/linux/generic/hack-4.19/230-openwrt_lzma_options.patch @@ -8,7 +8,7 @@ Signed-off-by: Imre Kaloz --- lib/decompress.c | 1 + scripts/Makefile.lib | 2 +- - scripts/gen_initramfs_list.sh | 10 +++++----- + usr/gen_initramfs_list.sh | 10 +++++----- 3 files changed, 7 insertions(+), 6 deletions(-) --- a/lib/decompress.c @@ -23,7 +23,7 @@ Signed-off-by: Imre Kaloz { {0x02, 0x21}, "lz4", unlz4 }, --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib -@@ -348,7 +348,7 @@ cmd_bzip2 = (cat $(filter-out FORCE,$^) +@@ -324,7 +324,7 @@ cmd_bzip2 = (cat $(filter-out FORCE,$^) quiet_cmd_lzma = LZMA $@ cmd_lzma = (cat $(filter-out FORCE,$^) | \ @@ -32,8 +32,8 @@ Signed-off-by: Imre Kaloz (rm -f $@ ; false) quiet_cmd_lzo = LZO $@ ---- a/scripts/gen_initramfs_list.sh -+++ b/scripts/gen_initramfs_list.sh +--- a/usr/gen_initramfs_list.sh ++++ b/usr/gen_initramfs_list.sh @@ -229,7 +229,7 @@ cpio_list= output="/dev/stdout" output_file="" diff --git a/target/linux/generic/hack-4.19/250-netfilter_depends.patch b/target/linux/generic/hack-4.19/250-netfilter_depends.patch index a8fe5d4175..b29ca5190e 100644 --- a/target/linux/generic/hack-4.19/250-netfilter_depends.patch +++ b/target/linux/generic/hack-4.19/250-netfilter_depends.patch @@ -9,7 +9,7 @@ Signed-off-by: Felix Fietkau --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig -@@ -229,7 +229,6 @@ config NF_CONNTRACK_FTP +@@ -241,7 +241,6 @@ config NF_CONNTRACK_FTP config NF_CONNTRACK_H323 tristate "H.323 protocol support" @@ -17,7 +17,7 @@ Signed-off-by: Felix Fietkau depends on NETFILTER_ADVANCED help H.323 is a VoIP signalling protocol from ITU-T. As one of the most -@@ -1052,7 +1051,6 @@ config NETFILTER_XT_TARGET_SECMARK +@@ -1076,7 +1075,6 @@ config NETFILTER_XT_TARGET_SECMARK config NETFILTER_XT_TARGET_TCPMSS tristate '"TCPMSS" target support' diff --git a/target/linux/generic/hack-4.19/251-sound_kconfig.patch b/target/linux/generic/hack-4.19/251-sound_kconfig.patch index 5bf5c01ad3..2cfc2fab3a 100644 --- a/target/linux/generic/hack-4.19/251-sound_kconfig.patch +++ b/target/linux/generic/hack-4.19/251-sound_kconfig.patch @@ -63,17 +63,17 @@ Signed-off-by: John Crispin --- a/drivers/bcma/Kconfig +++ b/drivers/bcma/Kconfig -@@ -15,6 +15,7 @@ menuconfig BCMA +@@ -16,6 +16,7 @@ if BCMA + # Support for Block-I/O. SELECT this from the driver that needs it. config BCMA_BLOCKIO bool - depends on BCMA + default y config BCMA_HOST_PCI_POSSIBLE bool --- a/drivers/ssb/Kconfig +++ b/drivers/ssb/Kconfig -@@ -29,6 +29,7 @@ config SSB_SPROM +@@ -28,6 +28,7 @@ config SSB_SPROM config SSB_BLOCKIO bool depends on SSB @@ -81,7 +81,7 @@ Signed-off-by: John Crispin config SSB_PCIHOST_POSSIBLE bool -@@ -49,7 +50,7 @@ config SSB_PCIHOST +@@ -48,7 +49,7 @@ config SSB_PCIHOST config SSB_B43_PCI_BRIDGE bool depends on SSB_PCIHOST @@ -92,12 +92,12 @@ Signed-off-by: John Crispin bool --- a/lib/Kconfig +++ b/lib/Kconfig -@@ -358,16 +358,16 @@ config BCH_CONST_T +@@ -377,16 +377,16 @@ config BCH_CONST_T # Textsearch support is select'ed if needed # config TEXTSEARCH - bool -+ boolean "Textsearch support" ++ bool "Textsearch support" config TEXTSEARCH_KMP - tristate @@ -146,8 +146,8 @@ Signed-off-by: John Crispin config CFG80211 tristate "cfg80211 - wireless configuration API" -@@ -188,7 +188,7 @@ config CFG80211_WEXT_EXPORT - wext compatibility symbols to be exported. +@@ -202,7 +202,7 @@ config CFG80211_WEXT_EXPORT + endif # CFG80211 config LIB80211 - tristate @@ -155,7 +155,7 @@ Signed-off-by: John Crispin default n help This options enables a library of common routines used -@@ -197,13 +197,16 @@ config LIB80211 +@@ -211,13 +211,16 @@ config LIB80211 Drivers should select this themselves if needed. config LIB80211_CRYPT_WEP diff --git a/target/linux/generic/hack-4.19/259-regmap_dynamic.patch b/target/linux/generic/hack-4.19/259-regmap_dynamic.patch index 458b7c35a1..1c5e1164e2 100644 --- a/target/linux/generic/hack-4.19/259-regmap_dynamic.patch +++ b/target/linux/generic/hack-4.19/259-regmap_dynamic.patch @@ -25,7 +25,7 @@ Signed-off-by: Felix Fietkau config REGCACHE_COMPRESSED select LZO_COMPRESS -@@ -17,23 +16,30 @@ config REGMAP_AC97 +@@ -17,7 +16,8 @@ config REGMAP_AC97 tristate config REGMAP_I2C @@ -34,6 +34,10 @@ Signed-off-by: Felix Fietkau + select REGMAP depends on I2C + config REGMAP_SLIMBUS +@@ -25,21 +25,27 @@ config REGMAP_SLIMBUS + depends on SLIMBUS + config REGMAP_SPI - tristate + tristate "Regmap SPI" @@ -59,6 +63,8 @@ Signed-off-by: Felix Fietkau config REGMAP_IRQ + select REGMAP bool + + config REGMAP_SOUNDWIRE --- a/drivers/base/regmap/Makefile +++ b/drivers/base/regmap/Makefile @@ -2,10 +2,14 @@ @@ -79,7 +85,7 @@ Signed-off-by: Felix Fietkau +obj-$(CONFIG_REGMAP) += regmap-core.o obj-$(CONFIG_REGMAP_AC97) += regmap-ac97.o obj-$(CONFIG_REGMAP_I2C) += regmap-i2c.o - obj-$(CONFIG_REGMAP_SPI) += regmap-spi.o + obj-$(CONFIG_REGMAP_SLIMBUS) += regmap-slimbus.o --- a/drivers/base/regmap/regmap.c +++ b/drivers/base/regmap/regmap.c @@ -13,6 +13,7 @@ @@ -90,7 +96,7 @@ Signed-off-by: Felix Fietkau #include #include #include -@@ -2926,3 +2927,5 @@ static int __init regmap_initcall(void) +@@ -3037,3 +3038,5 @@ static int __init regmap_initcall(void) return 0; } postcore_initcall(regmap_initcall); @@ -98,7 +104,7 @@ Signed-off-by: Felix Fietkau +MODULE_LICENSE("GPL"); --- a/include/linux/regmap.h +++ b/include/linux/regmap.h -@@ -139,7 +139,7 @@ struct reg_sequence { +@@ -187,7 +187,7 @@ struct reg_sequence { pollret ?: ((cond) ? 0 : -ETIMEDOUT); \ }) diff --git a/target/linux/generic/hack-4.19/260-crypto_test_dependencies.patch b/target/linux/generic/hack-4.19/260-crypto_test_dependencies.patch index 8523fc5374..f11f45437f 100644 --- a/target/linux/generic/hack-4.19/260-crypto_test_dependencies.patch +++ b/target/linux/generic/hack-4.19/260-crypto_test_dependencies.patch @@ -14,7 +14,7 @@ Signed-off-by: Felix Fietkau --- a/crypto/Kconfig +++ b/crypto/Kconfig -@@ -143,13 +143,13 @@ config CRYPTO_MANAGER +@@ -144,13 +144,13 @@ config CRYPTO_MANAGER cbc(aes). config CRYPTO_MANAGER2 @@ -35,7 +35,7 @@ Signed-off-by: Felix Fietkau config CRYPTO_USER tristate "Userspace cryptographic algorithm configuration" -@@ -162,7 +162,6 @@ config CRYPTO_USER +@@ -163,7 +163,6 @@ config CRYPTO_USER config CRYPTO_MANAGER_DISABLE_TESTS bool "Disable run-time self tests" default y @@ -45,7 +45,7 @@ Signed-off-by: Felix Fietkau algorithm registration. --- a/crypto/algboss.c +++ b/crypto/algboss.c -@@ -248,8 +248,12 @@ static int cryptomgr_schedule_test(struc +@@ -247,8 +247,12 @@ static int cryptomgr_schedule_test(struc type = alg->cra_flags; /* Do not test internal algorithms. */ diff --git a/target/linux/generic/hack-4.19/280-rfkill-stubs.patch b/target/linux/generic/hack-4.19/280-rfkill-stubs.patch index 85d01a6d10..7bb7d26b90 100644 --- a/target/linux/generic/hack-4.19/280-rfkill-stubs.patch +++ b/target/linux/generic/hack-4.19/280-rfkill-stubs.patch @@ -22,7 +22,7 @@ Signed-off-by: John Crispin -#if defined(CONFIG_RFKILL) || defined(CONFIG_RFKILL_MODULE) +#if defined(CONFIG_RFKILL_FULL) || defined(CONFIG_RFKILL_FULL_MODULE) /** - * rfkill_alloc - allocate rfkill structure + * rfkill_alloc - Allocate rfkill structure * @name: name of the struct -- the string is not copied internally --- a/net/Makefile +++ b/net/Makefile diff --git a/target/linux/generic/hack-4.19/301-mips_image_cmdline_hack.patch b/target/linux/generic/hack-4.19/301-mips_image_cmdline_hack.patch index eb6011e813..e7593f78e9 100644 --- a/target/linux/generic/hack-4.19/301-mips_image_cmdline_hack.patch +++ b/target/linux/generic/hack-4.19/301-mips_image_cmdline_hack.patch @@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig -@@ -1158,6 +1158,10 @@ config SYNC_R4K +@@ -1140,6 +1140,10 @@ config SYNC_R4K config MIPS_MACHINE def_bool n diff --git a/target/linux/generic/hack-4.19/321-powerpc_crtsavres_prereq.patch b/target/linux/generic/hack-4.19/321-powerpc_crtsavres_prereq.patch index 3f81b2e05f..26c385f011 100644 --- a/target/linux/generic/hack-4.19/321-powerpc_crtsavres_prereq.patch +++ b/target/linux/generic/hack-4.19/321-powerpc_crtsavres_prereq.patch @@ -16,7 +16,7 @@ Signed-off-by: Alexandros C. Couloumbis --- a/arch/powerpc/Makefile +++ b/arch/powerpc/Makefile -@@ -59,19 +59,6 @@ machine-$(CONFIG_PPC64) += 64 +@@ -60,20 +60,6 @@ machine-$(CONFIG_PPC64) += 64 machine-$(CONFIG_CPU_LITTLE_ENDIAN) += le UTS_MACHINE := $(subst $(space),,$(machine-y)) @@ -24,6 +24,7 @@ Signed-off-by: Alexandros C. Couloumbis -ifdef CONFIG_PPC32 -KBUILD_LDFLAGS_MODULE += arch/powerpc/lib/crtsavres.o -else +-KBUILD_LDFLAGS_MODULE += -T $(srctree)/arch/powerpc/kernel/module.lds -ifeq ($(call ld-ifversion, -ge, 225000000, y),y) -# Have the linker provide sfpr if possible. -# There is a corresponding test in arch/powerpc/lib/Makefile @@ -33,6 +34,6 @@ Signed-off-by: Alexandros C. Couloumbis -endif -endif - - ifeq ($(CONFIG_CPU_LITTLE_ENDIAN),y) - override LD += -EL - LDEMULATION := lppc + ifdef CONFIG_CPU_LITTLE_ENDIAN + KBUILD_CFLAGS += -mlittle-endian + KBUILD_LDFLAGS += -EL diff --git a/target/linux/generic/hack-4.19/640-bridge-only-accept-EAP-locally.patch b/target/linux/generic/hack-4.19/640-bridge-only-accept-EAP-locally.patch index 0dbb8ee3c0..981d49b9c0 100644 --- a/target/linux/generic/hack-4.19/640-bridge-only-accept-EAP-locally.patch +++ b/target/linux/generic/hack-4.19/640-bridge-only-accept-EAP-locally.patch @@ -13,7 +13,7 @@ Signed-off-by: Felix Fietkau --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c -@@ -166,10 +166,14 @@ int br_handle_frame_finish(struct net *n +@@ -110,10 +110,14 @@ int br_handle_frame_finish(struct net *n } } @@ -28,4 +28,4 @@ Signed-off-by: Felix Fietkau - BR_INPUT_SKB_CB(skb)->brdev = br->dev; BR_INPUT_SKB_CB(skb)->src_port_isolated = !!(p->flags & BR_ISOLATED); - if (IS_ENABLED(CONFIG_INET) && skb->protocol == htons(ETH_P_ARP)) + if (IS_ENABLED(CONFIG_INET) && diff --git a/target/linux/generic/hack-4.19/647-netfilter-flow-acct.patch b/target/linux/generic/hack-4.19/647-netfilter-flow-acct.patch index 290570fe9f..8b13a43fd5 100644 --- a/target/linux/generic/hack-4.19/647-netfilter-flow-acct.patch +++ b/target/linux/generic/hack-4.19/647-netfilter-flow-acct.patch @@ -19,7 +19,7 @@ struct flow_offload_entry { struct flow_offload flow; -@@ -151,6 +152,22 @@ void flow_offload_free(struct flow_offlo +@@ -148,6 +149,22 @@ void flow_offload_free(struct flow_offlo } EXPORT_SYMBOL_GPL(flow_offload_free); diff --git a/target/linux/generic/hack-4.19/650-netfilter-add-xt_OFFLOAD-target.patch b/target/linux/generic/hack-4.19/650-netfilter-add-xt_OFFLOAD-target.patch index 2044bfaeb8..ab1bb6aa81 100644 --- a/target/linux/generic/hack-4.19/650-netfilter-add-xt_OFFLOAD-target.patch +++ b/target/linux/generic/hack-4.19/650-netfilter-add-xt_OFFLOAD-target.patch @@ -8,7 +8,7 @@ Signed-off-by: Felix Fietkau --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig -@@ -76,8 +76,6 @@ config NF_TABLES_ARP +@@ -63,8 +63,6 @@ config NF_TABLES_ARP help This option enables the ARP support for nf_tables. @@ -17,7 +17,7 @@ Signed-off-by: Felix Fietkau config NF_FLOW_TABLE_IPV4 tristate "Netfilter flow table IPv4 module" depends on NF_FLOW_TABLE -@@ -86,6 +84,8 @@ config NF_FLOW_TABLE_IPV4 +@@ -73,6 +71,8 @@ config NF_FLOW_TABLE_IPV4 To compile it as a module, choose M here. @@ -28,7 +28,7 @@ Signed-off-by: Felix Fietkau depends on !NF_CONNTRACK || NF_CONNTRACK --- a/net/ipv6/netfilter/Kconfig +++ b/net/ipv6/netfilter/Kconfig -@@ -97,7 +97,6 @@ config NFT_FIB_IPV6 +@@ -80,7 +80,6 @@ config NFT_FIB_IPV6 multicast or blackhole. endif # NF_TABLES_IPV6 @@ -36,7 +36,7 @@ Signed-off-by: Felix Fietkau config NF_FLOW_TABLE_IPV6 tristate "Netfilter flow table IPv6 module" -@@ -107,6 +106,8 @@ config NF_FLOW_TABLE_IPV6 +@@ -90,6 +89,8 @@ config NF_FLOW_TABLE_IPV6 To compile it as a module, choose M here. @@ -47,7 +47,7 @@ Signed-off-by: Felix Fietkau depends on !NF_CONNTRACK || NF_CONNTRACK --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig -@@ -671,8 +671,6 @@ config NFT_FIB_NETDEV +@@ -693,8 +693,6 @@ config NFT_FIB_NETDEV endif # NF_TABLES_NETDEV @@ -56,7 +56,7 @@ Signed-off-by: Felix Fietkau config NF_FLOW_TABLE_INET tristate "Netfilter flow table mixed IPv4/IPv6 module" depends on NF_FLOW_TABLE -@@ -681,11 +679,12 @@ config NF_FLOW_TABLE_INET +@@ -703,11 +701,12 @@ config NF_FLOW_TABLE_INET To compile it as a module, choose M here. @@ -70,7 +70,7 @@ Signed-off-by: Felix Fietkau help This option adds the flow table core infrastructure. -@@ -974,6 +973,15 @@ config NETFILTER_XT_TARGET_NOTRACK +@@ -996,6 +995,15 @@ config NETFILTER_XT_TARGET_NOTRACK depends on NETFILTER_ADVANCED select NETFILTER_XT_TARGET_CT @@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau depends on NETFILTER_ADVANCED --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile -@@ -134,6 +134,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIF +@@ -144,6 +144,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIF obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += xt_CT.o obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o diff --git a/target/linux/generic/hack-4.19/651-wireless_mesh_header.patch b/target/linux/generic/hack-4.19/651-wireless_mesh_header.patch index f545d8ebbc..965b431d01 100644 --- a/target/linux/generic/hack-4.19/651-wireless_mesh_header.patch +++ b/target/linux/generic/hack-4.19/651-wireless_mesh_header.patch @@ -11,7 +11,7 @@ Signed-off-by: Imre Kaloz --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -138,8 +138,8 @@ static inline bool dev_xmit_complete(int +@@ -140,8 +140,8 @@ static inline bool dev_xmit_complete(int #if defined(CONFIG_HYPERV_NET) # define LL_MAX_HEADER 128 diff --git a/target/linux/generic/hack-4.19/660-fq_codel_defaults.patch b/target/linux/generic/hack-4.19/660-fq_codel_defaults.patch index b923a2d206..42698c6451 100644 --- a/target/linux/generic/hack-4.19/660-fq_codel_defaults.patch +++ b/target/linux/generic/hack-4.19/660-fq_codel_defaults.patch @@ -13,7 +13,7 @@ Signed-off-by: Felix Fietkau --- a/net/sched/sch_fq_codel.c +++ b/net/sched/sch_fq_codel.c -@@ -471,7 +471,11 @@ static int fq_codel_init(struct Qdisc *s +@@ -474,7 +474,11 @@ static int fq_codel_init(struct Qdisc *s sch->limit = 10*1024; q->flows_cnt = 1024; diff --git a/target/linux/generic/hack-4.19/661-use_fq_codel_by_default.patch b/target/linux/generic/hack-4.19/661-use_fq_codel_by_default.patch index d1e92ae40a..ce9d4b14f0 100644 --- a/target/linux/generic/hack-4.19/661-use_fq_codel_by_default.patch +++ b/target/linux/generic/hack-4.19/661-use_fq_codel_by_default.patch @@ -14,7 +14,7 @@ Signed-off-by: Felix Fietkau --- a/include/net/sch_generic.h +++ b/include/net/sch_generic.h -@@ -368,12 +368,13 @@ extern struct Qdisc_ops noop_qdisc_ops; +@@ -486,12 +486,13 @@ extern struct Qdisc_ops noop_qdisc_ops; extern struct Qdisc_ops pfifo_fast_ops; extern struct Qdisc_ops mq_qdisc_ops; extern struct Qdisc_ops noqueue_qdisc_ops; @@ -32,7 +32,7 @@ Signed-off-by: Felix Fietkau --- a/net/sched/Kconfig +++ b/net/sched/Kconfig @@ -3,8 +3,9 @@ - # + # menuconfig NET_SCHED - bool "QoS and/or fair queueing" @@ -44,7 +44,7 @@ Signed-off-by: Felix Fietkau device, it has to decide which ones to send first, which ones to --- a/net/sched/sch_api.c +++ b/net/sched/sch_api.c -@@ -2028,7 +2028,7 @@ static int __init pktsched_init(void) +@@ -2157,7 +2157,7 @@ static int __init pktsched_init(void) return err; } @@ -55,7 +55,7 @@ Signed-off-by: Felix Fietkau register_qdisc(&pfifo_head_drop_qdisc_ops); --- a/net/sched/sch_fq_codel.c +++ b/net/sched/sch_fq_codel.c -@@ -700,7 +700,7 @@ static const struct Qdisc_class_ops fq_c +@@ -716,7 +716,7 @@ static const struct Qdisc_class_ops fq_c .walk = fq_codel_walk, }; @@ -64,7 +64,7 @@ Signed-off-by: Felix Fietkau .cl_ops = &fq_codel_class_ops, .id = "fq_codel", .priv_size = sizeof(struct fq_codel_sched_data), -@@ -715,6 +715,7 @@ static struct Qdisc_ops fq_codel_qdisc_o +@@ -731,6 +731,7 @@ static struct Qdisc_ops fq_codel_qdisc_o .dump_stats = fq_codel_dump_stats, .owner = THIS_MODULE, }; @@ -74,8 +74,8 @@ Signed-off-by: Felix Fietkau { --- a/net/sched/sch_generic.c +++ b/net/sched/sch_generic.c -@@ -32,7 +32,7 @@ - #include +@@ -35,7 +35,7 @@ + #include /* Qdisc to use by default */ -const struct Qdisc_ops *default_qdisc_ops = &pfifo_fast_ops; @@ -83,7 +83,7 @@ Signed-off-by: Felix Fietkau EXPORT_SYMBOL(default_qdisc_ops); /* Main transmission queue. */ -@@ -760,7 +760,7 @@ static void attach_one_default_qdisc(str +@@ -1005,7 +1005,7 @@ static void attach_one_default_qdisc(str void *_unused) { struct Qdisc *qdisc; diff --git a/target/linux/generic/hack-4.19/662-remove_pfifo_fast.patch b/target/linux/generic/hack-4.19/662-remove_pfifo_fast.patch index 7b6e38da29..8f54c516f9 100644 --- a/target/linux/generic/hack-4.19/662-remove_pfifo_fast.patch +++ b/target/linux/generic/hack-4.19/662-remove_pfifo_fast.patch @@ -10,7 +10,7 @@ Signed-off-by: Felix Fietkau --- a/net/sched/sch_generic.c +++ b/net/sched/sch_generic.c -@@ -453,146 +453,6 @@ struct Qdisc_ops noqueue_qdisc_ops __rea +@@ -595,208 +595,6 @@ struct Qdisc_ops noqueue_qdisc_ops __rea .owner = THIS_MODULE, }; @@ -26,93 +26,103 @@ Signed-off-by: Felix Fietkau - -/* - * Private data for a pfifo_fast scheduler containing: -- * - queues for the three band -- * - bitmap indicating which of the bands contain skbs +- * - rings for priority bands - */ -struct pfifo_fast_priv { -- u32 bitmap; -- struct qdisc_skb_head q[PFIFO_FAST_BANDS]; +- struct skb_array q[PFIFO_FAST_BANDS]; -}; - --/* -- * Convert a bitmap to the first band number where an skb is queued, where: -- * bitmap=0 means there are no skbs on any band. -- * bitmap=1 means there is an skb on band 0. -- * bitmap=7 means there are skbs on all 3 bands, etc. -- */ --static const int bitmap2band[] = {-1, 0, 1, 0, 2, 0, 1, 0}; -- --static inline struct qdisc_skb_head *band2list(struct pfifo_fast_priv *priv, -- int band) +-static inline struct skb_array *band2list(struct pfifo_fast_priv *priv, +- int band) -{ -- return priv->q + band; +- return &priv->q[band]; -} - -static int pfifo_fast_enqueue(struct sk_buff *skb, struct Qdisc *qdisc, - struct sk_buff **to_free) -{ -- if (qdisc->q.qlen < qdisc_dev(qdisc)->tx_queue_len) { -- int band = prio2band[skb->priority & TC_PRIO_MAX]; -- struct pfifo_fast_priv *priv = qdisc_priv(qdisc); -- struct qdisc_skb_head *list = band2list(priv, band); -- -- priv->bitmap |= (1 << band); -- qdisc->q.qlen++; -- return __qdisc_enqueue_tail(skb, qdisc, list); -- } +- int band = prio2band[skb->priority & TC_PRIO_MAX]; +- struct pfifo_fast_priv *priv = qdisc_priv(qdisc); +- struct skb_array *q = band2list(priv, band); +- unsigned int pkt_len = qdisc_pkt_len(skb); +- int err; - -- return qdisc_drop(skb, qdisc, to_free); +- err = skb_array_produce(q, skb); +- +- if (unlikely(err)) +- return qdisc_drop_cpu(skb, qdisc, to_free); +- +- qdisc_qstats_cpu_qlen_inc(qdisc); +- /* Note: skb can not be used after skb_array_produce(), +- * so we better not use qdisc_qstats_cpu_backlog_inc() +- */ +- this_cpu_add(qdisc->cpu_qstats->backlog, pkt_len); +- return NET_XMIT_SUCCESS; -} - -static struct sk_buff *pfifo_fast_dequeue(struct Qdisc *qdisc) -{ - struct pfifo_fast_priv *priv = qdisc_priv(qdisc); -- int band = bitmap2band[priv->bitmap]; +- struct sk_buff *skb = NULL; +- int band; - -- if (likely(band >= 0)) { -- struct qdisc_skb_head *qh = band2list(priv, band); -- struct sk_buff *skb = __qdisc_dequeue_head(qh); +- for (band = 0; band < PFIFO_FAST_BANDS && !skb; band++) { +- struct skb_array *q = band2list(priv, band); - -- if (likely(skb != NULL)) { -- qdisc_qstats_backlog_dec(qdisc, skb); -- qdisc_bstats_update(qdisc, skb); -- } +- if (__skb_array_empty(q)) +- continue; - -- qdisc->q.qlen--; -- if (qh->qlen == 0) -- priv->bitmap &= ~(1 << band); -- -- return skb; +- skb = __skb_array_consume(q); +- } +- if (likely(skb)) { +- qdisc_qstats_cpu_backlog_dec(qdisc, skb); +- qdisc_bstats_cpu_update(qdisc, skb); +- qdisc_qstats_cpu_qlen_dec(qdisc); - } - -- return NULL; +- return skb; -} - -static struct sk_buff *pfifo_fast_peek(struct Qdisc *qdisc) -{ - struct pfifo_fast_priv *priv = qdisc_priv(qdisc); -- int band = bitmap2band[priv->bitmap]; +- struct sk_buff *skb = NULL; +- int band; - -- if (band >= 0) { -- struct qdisc_skb_head *qh = band2list(priv, band); +- for (band = 0; band < PFIFO_FAST_BANDS && !skb; band++) { +- struct skb_array *q = band2list(priv, band); - -- return qh->head; +- skb = __skb_array_peek(q); - } - -- return NULL; +- return skb; -} - -static void pfifo_fast_reset(struct Qdisc *qdisc) -{ -- int prio; +- int i, band; - struct pfifo_fast_priv *priv = qdisc_priv(qdisc); - -- for (prio = 0; prio < PFIFO_FAST_BANDS; prio++) -- __qdisc_reset_queue(band2list(priv, prio)); +- for (band = 0; band < PFIFO_FAST_BANDS; band++) { +- struct skb_array *q = band2list(priv, band); +- struct sk_buff *skb; +- +- /* NULL ring is possible if destroy path is due to a failed +- * skb_array_init() in pfifo_fast_init() case. +- */ +- if (!q->ring.queue) +- continue; +- +- while ((skb = __skb_array_consume(q)) != NULL) +- kfree_skb(skb); +- } +- +- for_each_possible_cpu(i) { +- struct gnet_stats_queue *q = per_cpu_ptr(qdisc->cpu_qstats, i); - -- priv->bitmap = 0; -- qdisc->qstats.backlog = 0; -- qdisc->q.qlen = 0; +- q->backlog = 0; +- q->qlen = 0; +- } -} - -static int pfifo_fast_dump(struct Qdisc *qdisc, struct sk_buff *skb) @@ -128,19 +138,68 @@ Signed-off-by: Felix Fietkau - return -1; -} - --static int pfifo_fast_init(struct Qdisc *qdisc, struct nlattr *opt) +-static int pfifo_fast_init(struct Qdisc *qdisc, struct nlattr *opt, +- struct netlink_ext_ack *extack) -{ -- int prio; +- unsigned int qlen = qdisc_dev(qdisc)->tx_queue_len; - struct pfifo_fast_priv *priv = qdisc_priv(qdisc); +- int prio; - -- for (prio = 0; prio < PFIFO_FAST_BANDS; prio++) -- qdisc_skb_head_init(band2list(priv, prio)); +- /* guard against zero length rings */ +- if (!qlen) +- return -EINVAL; +- +- for (prio = 0; prio < PFIFO_FAST_BANDS; prio++) { +- struct skb_array *q = band2list(priv, prio); +- int err; +- +- err = skb_array_init(q, qlen, GFP_KERNEL); +- if (err) +- return -ENOMEM; +- } - - /* Can by-pass the queue discipline */ - qdisc->flags |= TCQ_F_CAN_BYPASS; - return 0; -} - +-static void pfifo_fast_destroy(struct Qdisc *sch) +-{ +- struct pfifo_fast_priv *priv = qdisc_priv(sch); +- int prio; +- +- for (prio = 0; prio < PFIFO_FAST_BANDS; prio++) { +- struct skb_array *q = band2list(priv, prio); +- +- /* NULL ring is possible if destroy path is due to a failed +- * skb_array_init() in pfifo_fast_init() case. +- */ +- if (!q->ring.queue) +- continue; +- /* Destroy ring but no need to kfree_skb because a call to +- * pfifo_fast_reset() has already done that work. +- */ +- ptr_ring_cleanup(&q->ring, NULL); +- } +-} +- +-static int pfifo_fast_change_tx_queue_len(struct Qdisc *sch, +- unsigned int new_len) +-{ +- struct pfifo_fast_priv *priv = qdisc_priv(sch); +- struct skb_array *bands[PFIFO_FAST_BANDS]; +- int prio; +- +- for (prio = 0; prio < PFIFO_FAST_BANDS; prio++) { +- struct skb_array *q = band2list(priv, prio); +- +- bands[prio] = q; +- } +- +- return skb_array_resize_multiple(bands, PFIFO_FAST_BANDS, new_len, +- GFP_KERNEL); +-} +- -struct Qdisc_ops pfifo_fast_ops __read_mostly = { - .id = "pfifo_fast", - .priv_size = sizeof(struct pfifo_fast_priv), @@ -148,9 +207,12 @@ Signed-off-by: Felix Fietkau - .dequeue = pfifo_fast_dequeue, - .peek = pfifo_fast_peek, - .init = pfifo_fast_init, +- .destroy = pfifo_fast_destroy, - .reset = pfifo_fast_reset, - .dump = pfifo_fast_dump, +- .change_tx_queue_len = pfifo_fast_change_tx_queue_len, - .owner = THIS_MODULE, +- .static_flags = TCQ_F_NOLOCK | TCQ_F_CPUSTATS, -}; -EXPORT_SYMBOL(pfifo_fast_ops); - diff --git a/target/linux/generic/hack-4.19/700-swconfig_switch_drivers.patch b/target/linux/generic/hack-4.19/700-swconfig_switch_drivers.patch index f9df475500..ebfcfe81c7 100644 --- a/target/linux/generic/hack-4.19/700-swconfig_switch_drivers.patch +++ b/target/linux/generic/hack-4.19/700-swconfig_switch_drivers.patch @@ -12,8 +12,8 @@ Signed-off-by: Felix Fietkau --- a/drivers/net/phy/Kconfig +++ b/drivers/net/phy/Kconfig -@@ -198,6 +198,89 @@ config LED_TRIGGER_PHY - Mbps or Gbps +@@ -209,6 +209,89 @@ config LED_TRIGGER_PHY + for any speed known to the PHY. +comment "Switch configuration API + drivers" @@ -128,7 +128,7 @@ Signed-off-by: Felix Fietkau obj-$(CONFIG_MDIO_BITBANG) += mdio-bitbang.o --- a/include/linux/platform_data/b53.h +++ b/include/linux/platform_data/b53.h -@@ -25,6 +25,9 @@ struct b53_platform_data { +@@ -29,6 +29,9 @@ struct b53_platform_data { u32 chip_id; u16 enabled_ports; diff --git a/target/linux/generic/hack-4.19/702-phy_add_aneg_done_function.patch b/target/linux/generic/hack-4.19/702-phy_add_aneg_done_function.patch index 0453112a1f..31efb35a97 100644 --- a/target/linux/generic/hack-4.19/702-phy_add_aneg_done_function.patch +++ b/target/linux/generic/hack-4.19/702-phy_add_aneg_done_function.patch @@ -1,6 +1,6 @@ --- a/include/linux/phy.h +++ b/include/linux/phy.h -@@ -547,6 +547,12 @@ struct phy_driver { +@@ -548,6 +548,12 @@ struct phy_driver { /* Determines the negotiated speed and duplex */ int (*read_status)(struct phy_device *phydev); @@ -15,7 +15,7 @@ --- a/drivers/net/phy/phy_device.c +++ b/drivers/net/phy/phy_device.c -@@ -1458,6 +1458,9 @@ int genphy_update_link(struct phy_device +@@ -1509,6 +1509,9 @@ int genphy_update_link(struct phy_device { int status; diff --git a/target/linux/generic/hack-4.19/721-phy_packets.patch b/target/linux/generic/hack-4.19/721-phy_packets.patch index d27d94e046..77a573446d 100644 --- a/target/linux/generic/hack-4.19/721-phy_packets.patch +++ b/target/linux/generic/hack-4.19/721-phy_packets.patch @@ -15,24 +15,24 @@ Signed-off-by: Felix Fietkau --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -1410,6 +1410,7 @@ enum netdev_priv_flags { - IFF_RXFH_CONFIGURED = 1<<25, - IFF_PHONY_HEADROOM = 1<<26, - IFF_MACSEC = 1<<27, -+ IFF_NO_IP_ALIGN = 1<<28, +@@ -1510,6 +1510,7 @@ enum netdev_priv_flags { + IFF_NO_RX_HANDLER = 1<<26, + IFF_FAILOVER = 1<<27, + IFF_FAILOVER_SLAVE = 1<<28, ++ IFF_NO_IP_ALIGN = 1<<29, }; #define IFF_802_1Q_VLAN IFF_802_1Q_VLAN -@@ -1439,6 +1440,7 @@ enum netdev_priv_flags { - #define IFF_TEAM IFF_TEAM - #define IFF_RXFH_CONFIGURED IFF_RXFH_CONFIGURED - #define IFF_MACSEC IFF_MACSEC +@@ -1540,6 +1541,7 @@ enum netdev_priv_flags { + #define IFF_NO_RX_HANDLER IFF_NO_RX_HANDLER + #define IFF_FAILOVER IFF_FAILOVER + #define IFF_FAILOVER_SLAVE IFF_FAILOVER_SLAVE +#define IFF_NO_IP_ALIGN IFF_NO_IP_ALIGN /** * struct net_device - The DEVICE structure. -@@ -1725,6 +1727,11 @@ struct net_device { - const struct xfrmdev_ops *xfrmdev_ops; +@@ -1838,6 +1840,11 @@ struct net_device { + const struct tlsdev_ops *tlsdev_ops; #endif +#ifdef CONFIG_ETHERNET_PACKET_MANGLE @@ -43,7 +43,7 @@ Signed-off-by: Felix Fietkau const struct header_ops *header_ops; unsigned int flags; -@@ -1794,6 +1801,10 @@ struct net_device { +@@ -1913,6 +1920,10 @@ struct net_device { struct mpls_dev __rcu *mpls_ptr; #endif @@ -56,7 +56,7 @@ Signed-off-by: Felix Fietkau */ --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -2512,6 +2512,10 @@ static inline int pskb_trim(struct sk_bu +@@ -2516,6 +2516,10 @@ static inline int pskb_trim(struct sk_bu return (len < skb->len) ? __pskb_trim(skb, len) : 0; } @@ -67,7 +67,7 @@ Signed-off-by: Felix Fietkau /** * pskb_trim_unique - remove end from a paged unique (not cloned) buffer * @skb: buffer to alter -@@ -2642,16 +2646,6 @@ static inline struct sk_buff *dev_alloc_ +@@ -2646,16 +2650,6 @@ static inline struct sk_buff *dev_alloc_ } @@ -101,7 +101,7 @@ Signed-off-by: Felix Fietkau help --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -3004,10 +3004,20 @@ static int xmit_one(struct sk_buff *skb, +@@ -3233,10 +3233,20 @@ static int xmit_one(struct sk_buff *skb, if (!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) dev_queue_xmit_nit(skb, dev); diff --git a/target/linux/generic/hack-4.19/773-bgmac-add-srab-switch.patch b/target/linux/generic/hack-4.19/773-bgmac-add-srab-switch.patch index 33a18a8352..3b4781657e 100644 --- a/target/linux/generic/hack-4.19/773-bgmac-add-srab-switch.patch +++ b/target/linux/generic/hack-4.19/773-bgmac-add-srab-switch.patch @@ -32,7 +32,7 @@ Signed-off-by: Hauke Mehrtens #include #include #include -@@ -1410,6 +1411,17 @@ static const struct ethtool_ops bgmac_et +@@ -1409,6 +1410,17 @@ static const struct ethtool_ops bgmac_et .set_link_ksettings = phy_ethtool_set_link_ksettings, }; @@ -50,7 +50,7 @@ Signed-off-by: Hauke Mehrtens /************************************************** * MII **************************************************/ -@@ -1539,6 +1551,14 @@ int bgmac_enet_probe(struct bgmac *bgmac +@@ -1540,6 +1552,14 @@ int bgmac_enet_probe(struct bgmac *bgmac net_dev->hw_features = net_dev->features; net_dev->vlan_features = net_dev->features; @@ -65,7 +65,7 @@ Signed-off-by: Hauke Mehrtens err = register_netdev(bgmac->net_dev); if (err) { dev_err(bgmac->dev, "Cannot register net device\n"); -@@ -1561,6 +1581,10 @@ EXPORT_SYMBOL_GPL(bgmac_enet_probe); +@@ -1562,6 +1582,10 @@ EXPORT_SYMBOL_GPL(bgmac_enet_probe); void bgmac_enet_remove(struct bgmac *bgmac) { diff --git a/target/linux/generic/hack-4.19/835-misc-owl_loader.patch b/target/linux/generic/hack-4.19/835-misc-owl_loader.patch index bf7f7d5cba..bf0fa596ac 100644 --- a/target/linux/generic/hack-4.19/835-misc-owl_loader.patch +++ b/target/linux/generic/hack-4.19/835-misc-owl_loader.patch @@ -21,7 +21,7 @@ Signed-off-by: Christian Lamparter --- a/drivers/misc/Kconfig +++ b/drivers/misc/Kconfig -@@ -151,6 +151,18 @@ config SGI_IOC4 +@@ -164,6 +164,18 @@ config SGI_IOC4 If you have an SGI Altix with an IOC4-based card say Y. Otherwise say N. @@ -42,10 +42,10 @@ Signed-off-by: Christian Lamparter depends on PCI --- a/drivers/misc/Makefile +++ b/drivers/misc/Makefile -@@ -13,6 +13,7 @@ obj-$(CONFIG_ATMEL_TCLIB) += atmel_tclib +@@ -14,6 +14,7 @@ obj-$(CONFIG_ATMEL_TCLIB) += atmel_tclib obj-$(CONFIG_DUMMY_IRQ) += dummy-irq.o obj-$(CONFIG_ICS932S401) += ics932s401.o - obj-$(CONFIG_LKDTM) += lkdtm.o + obj-$(CONFIG_LKDTM) += lkdtm/ +obj-$(CONFIG_OWL_LOADER) += owl-loader.o obj-$(CONFIG_TIFM_CORE) += tifm_core.o obj-$(CONFIG_TIFM_7XX1) += tifm_7xx1.o diff --git a/target/linux/generic/hack-4.19/901-debloat_sock_diag.patch b/target/linux/generic/hack-4.19/901-debloat_sock_diag.patch index d250843a6a..e949964cbf 100644 --- a/target/linux/generic/hack-4.19/901-debloat_sock_diag.patch +++ b/target/linux/generic/hack-4.19/901-debloat_sock_diag.patch @@ -16,7 +16,7 @@ Signed-off-by: Felix Fietkau --- a/net/Kconfig +++ b/net/Kconfig -@@ -97,6 +97,9 @@ source "net/netlabel/Kconfig" +@@ -98,6 +98,9 @@ source "net/netlabel/Kconfig" endif # if INET @@ -34,15 +34,15 @@ Signed-off-by: Felix Fietkau neighbour.o rtnetlink.o utils.o link_watch.o filter.o \ - sock_diag.o dev_ioctl.o tso.o sock_reuseport.o \ + dev_ioctl.o tso.o sock_reuseport.o \ - fib_notifier.o + fib_notifier.o xdp.o -+obj-$(CONFIG_SOCK_DIAG) += sock_diag.o ++obj-$(CONFIG_SOCK_DIAG) += sock_diag.o obj-y += net-sysfs.o + obj-$(CONFIG_PAGE_POOL) += page_pool.o obj-$(CONFIG_PROC_FS) += net-procfs.o - obj-$(CONFIG_NET_PKTGEN) += pktgen.o --- a/net/core/sock.c +++ b/net/core/sock.c -@@ -528,6 +528,18 @@ discard_and_relse: +@@ -490,6 +490,18 @@ discard_and_relse: } EXPORT_SYMBOL(__sk_receive_skb); @@ -61,10 +61,10 @@ Signed-off-by: Felix Fietkau struct dst_entry *__sk_dst_check(struct sock *sk, u32 cookie) { struct dst_entry *dst = __sk_dst_get(sk); -@@ -1595,9 +1607,11 @@ void sk_destruct(struct sock *sk) +@@ -1600,9 +1612,11 @@ static void __sk_free(struct sock *sk) + if (likely(sk->sk_net_refcnt)) + sock_inuse_add(sock_net(sk), -1); - static void __sk_free(struct sock *sk) - { +#ifdef CONFIG_SOCK_DIAG if (unlikely(sk->sk_net_refcnt && sock_diag_has_destroy_listeners(sk))) sock_diag_broadcast_destroy(sk); @@ -75,7 +75,7 @@ Signed-off-by: Felix Fietkau --- a/net/core/sock_diag.c +++ b/net/core/sock_diag.c -@@ -19,18 +19,6 @@ static int (*inet_rcv_compat)(struct sk_ +@@ -20,18 +20,6 @@ static int (*inet_rcv_compat)(struct sk_ static DEFINE_MUTEX(sock_diag_table_mutex); static struct workqueue_struct *broadcast_wq; @@ -96,7 +96,7 @@ Signed-off-by: Felix Fietkau u64 res; --- a/net/ipv4/Kconfig +++ b/net/ipv4/Kconfig -@@ -420,6 +420,7 @@ config INET_XFRM_MODE_BEET +@@ -425,6 +425,7 @@ config INET_XFRM_MODE_BEET config INET_DIAG tristate "INET: socket monitoring interface" diff --git a/target/linux/generic/hack-4.19/902-debloat_proc.patch b/target/linux/generic/hack-4.19/902-debloat_proc.patch index cae6d66e7d..6f4d264f35 100644 --- a/target/linux/generic/hack-4.19/902-debloat_proc.patch +++ b/target/linux/generic/hack-4.19/902-debloat_proc.patch @@ -29,18 +29,18 @@ Signed-off-by: Felix Fietkau --- a/fs/locks.c +++ b/fs/locks.c -@@ -2812,6 +2812,8 @@ static const struct file_operations proc +@@ -2786,6 +2786,8 @@ static const struct seq_operations locks static int __init proc_locks_init(void) { + if (IS_ENABLED(CONFIG_PROC_STRIPPED)) + return 0; - proc_create("locks", 0, NULL, &proc_locks_operations); + proc_create_seq_private("locks", 0, NULL, &locks_seq_operations, + sizeof(struct locks_iterator), NULL); return 0; - } --- a/fs/proc/Kconfig +++ b/fs/proc/Kconfig -@@ -81,3 +81,8 @@ config PROC_CHILDREN +@@ -97,3 +97,8 @@ config PROC_CHILDREN Say Y if you are running any user-space software which takes benefit from this interface. For example, rkt is such a piece of software. @@ -51,19 +51,19 @@ Signed-off-by: Felix Fietkau + bool "Strip non-essential /proc functionality to reduce code size" --- a/fs/proc/consoles.c +++ b/fs/proc/consoles.c -@@ -106,6 +106,9 @@ static const struct file_operations proc +@@ -93,6 +93,9 @@ static const struct seq_operations conso static int __init proc_consoles_init(void) { + if (IS_ENABLED(CONFIG_PROC_STRIPPED)) + return 0; + - proc_create("consoles", 0, NULL, &proc_consoles_operations); + proc_create_seq("consoles", 0, NULL, &consoles_op); return 0; } --- a/fs/proc/proc_tty.c +++ b/fs/proc/proc_tty.c -@@ -145,7 +145,10 @@ static const struct file_operations proc +@@ -133,7 +133,10 @@ static const struct seq_operations tty_d void proc_tty_register_driver(struct tty_driver *driver) { struct proc_dir_entry *ent; @@ -73,9 +73,9 @@ Signed-off-by: Felix Fietkau + return; + if (!driver->driver_name || driver->proc_entry || - !driver->ops->proc_fops) + !driver->ops->proc_show) return; -@@ -162,6 +165,9 @@ void proc_tty_unregister_driver(struct t +@@ -150,6 +153,9 @@ void proc_tty_unregister_driver(struct t { struct proc_dir_entry *ent; @@ -85,7 +85,7 @@ Signed-off-by: Felix Fietkau ent = driver->proc_entry; if (!ent) return; -@@ -176,6 +182,9 @@ void proc_tty_unregister_driver(struct t +@@ -164,6 +170,9 @@ void proc_tty_unregister_driver(struct t */ void __init proc_tty_init(void) { @@ -132,30 +132,30 @@ Signed-off-by: Felix Fietkau do { \ --- a/ipc/msg.c +++ b/ipc/msg.c -@@ -1208,6 +1208,9 @@ int __init msg_init(void) +@@ -1291,6 +1291,9 @@ void __init msg_init(void) { - const int err = msg_init_ns(&init_ipc_ns); + msg_init_ns(&init_ipc_ns); + if (IS_ENABLED(CONFIG_PROC_STRIPPED)) -+ return err; ++ return; + ipc_init_proc_interface("sysvipc/msg", " key msqid perms cbytes qnum lspid lrpid uid gid cuid cgid stime rtime ctime\n", IPC_MSG_IDS, sysvipc_msg_proc_show); --- a/ipc/sem.c +++ b/ipc/sem.c -@@ -207,6 +207,8 @@ int __init sem_init(void) +@@ -243,6 +243,8 @@ void sem_exit_ns(struct ipc_namespace *n + void __init sem_init(void) { - const int err = sem_init_ns(&init_ipc_ns); - + sem_init_ns(&init_ipc_ns); + if (IS_ENABLED(CONFIG_PROC_STRIPPED)) -+ return err; ++ return; ipc_init_proc_interface("sysvipc/sem", " key semid perms nsems uid gid cuid cgid otime ctime\n", IPC_SEM_IDS, sysvipc_sem_proc_show); --- a/ipc/shm.c +++ b/ipc/shm.c -@@ -122,6 +122,8 @@ pure_initcall(ipc_ns_init); +@@ -144,6 +144,8 @@ pure_initcall(ipc_ns_init); void __init shm_init(void) { @@ -166,7 +166,7 @@ Signed-off-by: Felix Fietkau " key shmid perms size cpid lpid nattch uid gid cuid cgid atime dtime ctime rss swap\n", --- a/ipc/util.c +++ b/ipc/util.c -@@ -141,6 +141,9 @@ void __init ipc_init_proc_interface(cons +@@ -140,6 +140,9 @@ void __init ipc_init_proc_interface(cons struct proc_dir_entry *pde; struct ipc_proc_iface *iface; @@ -178,18 +178,18 @@ Signed-off-by: Felix Fietkau return; --- a/kernel/exec_domain.c +++ b/kernel/exec_domain.c -@@ -42,6 +42,8 @@ static const struct file_operations exec +@@ -29,6 +29,8 @@ static int execdomains_proc_show(struct static int __init proc_execdomains_init(void) { + if (IS_ENABLED(CONFIG_PROC_STRIPPED)) + return 0; - proc_create("execdomains", 0, NULL, &execdomains_proc_fops); + proc_create_single("execdomains", 0, NULL, execdomains_proc_show); return 0; } --- a/kernel/irq/proc.c +++ b/kernel/irq/proc.c -@@ -396,6 +396,9 @@ void register_irq_proc(unsigned int irq, +@@ -333,6 +333,9 @@ void register_irq_proc(unsigned int irq, void __maybe_unused *irqp = (void *)(unsigned long) irq; char name [MAX_NAMELEN]; @@ -199,7 +199,7 @@ Signed-off-by: Felix Fietkau if (!root_irq_dir || (desc->irq_data.chip == &no_irq_chip)) return; -@@ -449,6 +452,9 @@ void unregister_irq_proc(unsigned int ir +@@ -386,6 +389,9 @@ void unregister_irq_proc(unsigned int ir { char name [MAX_NAMELEN]; @@ -209,7 +209,7 @@ Signed-off-by: Felix Fietkau if (!root_irq_dir || !desc->dir) return; #ifdef CONFIG_SMP -@@ -487,6 +493,9 @@ void init_irq_proc(void) +@@ -424,6 +430,9 @@ void init_irq_proc(void) unsigned int irq; struct irq_desc *desc; @@ -221,47 +221,47 @@ Signed-off-by: Felix Fietkau if (!root_irq_dir) --- a/kernel/time/timer_list.c +++ b/kernel/time/timer_list.c -@@ -389,6 +389,8 @@ static int __init init_timer_list_procfs +@@ -374,6 +374,8 @@ static int __init init_timer_list_procfs { struct proc_dir_entry *pe; + if (IS_ENABLED(CONFIG_PROC_STRIPPED)) + return 0; - pe = proc_create("timer_list", 0444, NULL, &timer_list_fops); + pe = proc_create_seq_private("timer_list", 0400, NULL, &timer_list_sops, + sizeof(struct timer_list_iter), NULL); if (!pe) - return -ENOMEM; --- a/mm/vmalloc.c +++ b/mm/vmalloc.c -@@ -2770,6 +2770,8 @@ static const struct file_operations proc +@@ -2736,6 +2736,8 @@ static const struct seq_operations vmall static int __init proc_vmalloc_init(void) { + if (IS_ENABLED(CONFIG_PROC_STRIPPED)) + return 0; - proc_create("vmallocinfo", S_IRUSR, NULL, &proc_vmalloc_operations); - return 0; - } + if (IS_ENABLED(CONFIG_NUMA)) + proc_create_seq_private("vmallocinfo", 0400, NULL, + &vmalloc_op, --- a/mm/vmstat.c +++ b/mm/vmstat.c -@@ -1955,10 +1955,12 @@ void __init init_mm_internals(void) +@@ -1972,10 +1972,12 @@ void __init init_mm_internals(void) start_shepherd_timer(); #endif #ifdef CONFIG_PROC_FS -- proc_create("buddyinfo", 0444, NULL, &buddyinfo_file_operations); -- proc_create("pagetypeinfo", 0444, NULL, &pagetypeinfo_file_operations); +- proc_create_seq("buddyinfo", 0444, NULL, &fragmentation_op); +- proc_create_seq("pagetypeinfo", 0444, NULL, &pagetypeinfo_op); + if (!IS_ENABLED(CONFIG_PROC_STRIPPED)) { -+ proc_create("buddyinfo", 0444, NULL, &buddyinfo_file_operations); -+ proc_create("pagetypeinfo", 0444, NULL, &pagetypeinfo_file_operations); -+ proc_create("zoneinfo", 0444, NULL, &zoneinfo_file_operations); ++ proc_create_seq("buddyinfo", 0444, NULL, &fragmentation_op); ++ proc_create_seq("pagetypeinfo", 0444, NULL, &pagetypeinfo_op); ++ proc_create_seq("zoneinfo", 0444, NULL, &zoneinfo_op); + } - proc_create("vmstat", 0444, NULL, &vmstat_file_operations); -- proc_create("zoneinfo", 0444, NULL, &zoneinfo_file_operations); + proc_create_seq("vmstat", 0444, NULL, &vmstat_op); +- proc_create_seq("zoneinfo", 0444, NULL, &zoneinfo_op); #endif } --- a/net/8021q/vlanproc.c +++ b/net/8021q/vlanproc.c -@@ -127,6 +127,9 @@ void vlan_proc_cleanup(struct net *net) +@@ -96,6 +96,9 @@ void vlan_proc_cleanup(struct net *net) { struct vlan_net *vn = net_generic(net, vlan_net_id); @@ -271,7 +271,7 @@ Signed-off-by: Felix Fietkau if (vn->proc_vlan_conf) remove_proc_entry(name_conf, vn->proc_vlan_dir); -@@ -146,6 +149,9 @@ int __net_init vlan_proc_init(struct net +@@ -115,6 +118,9 @@ int __net_init vlan_proc_init(struct net { struct vlan_net *vn = net_generic(net, vlan_net_id); @@ -283,22 +283,22 @@ Signed-off-by: Felix Fietkau goto err; --- a/net/core/net-procfs.c +++ b/net/core/net-procfs.c -@@ -320,10 +320,12 @@ static int __net_init dev_proc_net_init( - - if (!proc_create("dev", S_IRUGO, net->proc_net, &dev_seq_fops)) +@@ -279,10 +279,12 @@ static int __net_init dev_proc_net_init( + if (!proc_create_net("dev", 0444, net->proc_net, &dev_seq_ops, + sizeof(struct seq_net_private))) goto out; -- if (!proc_create("softnet_stat", S_IRUGO, net->proc_net, +- if (!proc_create_seq("softnet_stat", 0444, net->proc_net, + if (!IS_ENABLED(CONFIG_PROC_STRIPPED) && -+ !proc_create("softnet_stat", S_IRUGO, net->proc_net, - &softnet_seq_fops)) ++ !proc_create_seq("softnet_stat", 0444, net->proc_net, + &softnet_seq_ops)) goto out_dev; -- if (!proc_create("ptype", S_IRUGO, net->proc_net, &ptype_seq_fops)) +- if (!proc_create_net("ptype", 0444, net->proc_net, &ptype_seq_ops, + if (!IS_ENABLED(CONFIG_PROC_STRIPPED) && -+ !proc_create("ptype", S_IRUGO, net->proc_net, &ptype_seq_fops)) ++ !proc_create_net("ptype", 0444, net->proc_net, &ptype_seq_ops, + sizeof(struct seq_net_private))) goto out_softnet; - if (wext_proc_init(net)) -@@ -332,9 +334,11 @@ static int __net_init dev_proc_net_init( +@@ -292,9 +294,11 @@ static int __net_init dev_proc_net_init( out: return rc; out_ptype: @@ -312,7 +312,7 @@ Signed-off-by: Felix Fietkau out_dev: remove_proc_entry("dev", net->proc_net); goto out; -@@ -344,8 +348,10 @@ static void __net_exit dev_proc_net_exit +@@ -304,8 +308,10 @@ static void __net_exit dev_proc_net_exit { wext_proc_exit(net); @@ -327,7 +327,7 @@ Signed-off-by: Felix Fietkau --- a/net/core/sock.c +++ b/net/core/sock.c -@@ -3378,6 +3378,8 @@ static __net_initdata struct pernet_oper +@@ -3477,6 +3477,8 @@ static __net_initdata struct pernet_oper static int __init proto_init(void) { @@ -338,22 +338,23 @@ Signed-off-by: Felix Fietkau --- a/net/ipv4/fib_trie.c +++ b/net/ipv4/fib_trie.c -@@ -2731,10 +2731,12 @@ static const struct file_operations fib_ +@@ -2708,11 +2708,13 @@ static const struct seq_operations fib_r int __net_init fib_proc_init(struct net *net) { -- if (!proc_create("fib_trie", S_IRUGO, net->proc_net, &fib_trie_fops)) +- if (!proc_create_net("fib_trie", 0444, net->proc_net, &fib_trie_seq_ops, + if (!IS_ENABLED(CONFIG_PROC_STRIPPED) && -+ !proc_create("fib_trie", S_IRUGO, net->proc_net, &fib_trie_fops)) ++ !proc_create_net("fib_trie", 0444, net->proc_net, &fib_trie_seq_ops, + sizeof(struct fib_trie_iter))) goto out1; -- if (!proc_create("fib_triestat", S_IRUGO, net->proc_net, +- if (!proc_create_net_single("fib_triestat", 0444, net->proc_net, + if (!IS_ENABLED(CONFIG_PROC_STRIPPED) && -+ !proc_create("fib_triestat", S_IRUGO, net->proc_net, - &fib_triestat_fops)) ++ !proc_create_net_single("fib_triestat", 0444, net->proc_net, + fib_triestat_seq_show, NULL)) goto out2; -@@ -2744,17 +2746,21 @@ int __net_init fib_proc_init(struct net +@@ -2723,17 +2725,21 @@ int __net_init fib_proc_init(struct net return 0; out3: @@ -381,7 +382,7 @@ Signed-off-by: Felix Fietkau --- a/net/ipv4/proc.c +++ b/net/ipv4/proc.c -@@ -558,6 +558,9 @@ static __net_initdata struct pernet_oper +@@ -523,5 +523,8 @@ static __net_initdata struct pernet_oper int __init ip_misc_proc_init(void) { @@ -390,10 +391,9 @@ Signed-off-by: Felix Fietkau + return register_pernet_subsys(&ip_proc_ops); } - --- a/net/ipv4/route.c +++ b/net/ipv4/route.c -@@ -427,6 +427,9 @@ static struct pernet_operations ip_rt_pr +@@ -410,6 +410,9 @@ static struct pernet_operations ip_rt_pr static int __init ip_rt_proc_init(void) { diff --git a/target/linux/generic/hack-4.19/904-debloat_dma_buf.patch b/target/linux/generic/hack-4.19/904-debloat_dma_buf.patch index 4d9f947edc..20e1c9f7b5 100644 --- a/target/linux/generic/hack-4.19/904-debloat_dma_buf.patch +++ b/target/linux/generic/hack-4.19/904-debloat_dma_buf.patch @@ -13,7 +13,7 @@ Signed-off-by: Felix Fietkau --- a/drivers/base/Kconfig +++ b/drivers/base/Kconfig -@@ -246,7 +246,7 @@ config SOC_BUS +@@ -172,7 +172,7 @@ config SOC_BUS source "drivers/base/regmap/Kconfig" config DMA_SHARED_BUFFER @@ -45,7 +45,7 @@ Signed-off-by: Felix Fietkau #include -@@ -1205,4 +1206,5 @@ static void __exit dma_buf_deinit(void) +@@ -1158,4 +1159,5 @@ static void __exit dma_buf_deinit(void) { dma_buf_uninit_debugfs(); } @@ -54,7 +54,7 @@ Signed-off-by: Felix Fietkau +MODULE_LICENSE("GPL"); --- a/kernel/sched/core.c +++ b/kernel/sched/core.c -@@ -2164,6 +2164,7 @@ int wake_up_state(struct task_struct *p, +@@ -2128,6 +2128,7 @@ int wake_up_state(struct task_struct *p, { return try_to_wake_up(p, state, 0); } diff --git a/target/linux/generic/hack-4.19/910-kobject_uevent.patch b/target/linux/generic/hack-4.19/910-kobject_uevent.patch index 113fbb54b3..c4c41ca400 100644 --- a/target/linux/generic/hack-4.19/910-kobject_uevent.patch +++ b/target/linux/generic/hack-4.19/910-kobject_uevent.patch @@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau --- a/lib/kobject_uevent.c +++ b/lib/kobject_uevent.c -@@ -176,6 +176,18 @@ out: +@@ -179,6 +179,18 @@ out: return r; } diff --git a/target/linux/generic/hack-4.19/911-kobject_add_broadcast_uevent.patch b/target/linux/generic/hack-4.19/911-kobject_add_broadcast_uevent.patch index abacfc390a..888f3fc1e7 100644 --- a/target/linux/generic/hack-4.19/911-kobject_add_broadcast_uevent.patch +++ b/target/linux/generic/hack-4.19/911-kobject_add_broadcast_uevent.patch @@ -20,7 +20,7 @@ Signed-off-by: Felix Fietkau #ifdef CONFIG_UEVENT_HELPER /* path to the userspace helper executed on an event */ extern char uevent_helper[]; -@@ -224,4 +226,7 @@ int kobject_synth_uevent(struct kobject +@@ -244,4 +246,7 @@ int kobject_synth_uevent(struct kobject __printf(2, 3) int add_uevent_var(struct kobj_uevent_env *env, const char *format, ...); @@ -30,7 +30,7 @@ Signed-off-by: Felix Fietkau #endif /* _KOBJECT_H_ */ --- a/lib/kobject_uevent.c +++ b/lib/kobject_uevent.c -@@ -599,6 +599,43 @@ int add_uevent_var(struct kobj_uevent_en +@@ -685,6 +685,43 @@ int add_uevent_var(struct kobj_uevent_en EXPORT_SYMBOL_GPL(add_uevent_var); #if defined(CONFIG_NET) @@ -71,6 +71,6 @@ Signed-off-by: Felix Fietkau +EXPORT_SYMBOL_GPL(broadcast_uevent); + +#if defined(CONFIG_NET) - static int uevent_net_init(struct net *net) + static int uevent_net_broadcast(struct sock *usk, struct sk_buff *skb, + struct netlink_ext_ack *extack) { - struct uevent_sock *ue_sk; diff --git a/target/linux/generic/hack-4.19/921-always-create-console-node-in-initramfs.patch b/target/linux/generic/hack-4.19/921-always-create-console-node-in-initramfs.patch index 6eeddcc3c6..e437579050 100644 --- a/target/linux/generic/hack-4.19/921-always-create-console-node-in-initramfs.patch +++ b/target/linux/generic/hack-4.19/921-always-create-console-node-in-initramfs.patch @@ -5,11 +5,11 @@ Subject: initramfs: always create console node Signed-off-by: Felix Fietkau --- - scripts/gen_initramfs_list.sh | 14 ++++++++++++++ + usr/gen_initramfs_list.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) ---- a/scripts/gen_initramfs_list.sh -+++ b/scripts/gen_initramfs_list.sh +--- a/usr/gen_initramfs_list.sh ++++ b/usr/gen_initramfs_list.sh @@ -59,6 +59,18 @@ default_initramfs() { EOF } diff --git a/target/linux/generic/hack-4.19/930-crashlog.patch b/target/linux/generic/hack-4.19/930-crashlog.patch index 17ba187925..3bb3e77778 100644 --- a/target/linux/generic/hack-4.19/930-crashlog.patch +++ b/target/linux/generic/hack-4.19/930-crashlog.patch @@ -41,7 +41,7 @@ Signed-off-by: Felix Fietkau +#endif --- a/init/Kconfig +++ b/init/Kconfig -@@ -1009,6 +1009,10 @@ config RELAY +@@ -1041,6 +1041,10 @@ config RELAY If unsure, say N. @@ -51,13 +51,13 @@ Signed-off-by: Felix Fietkau + config BLK_DEV_INITRD bool "Initial RAM filesystem and RAM disk (initramfs/initrd) support" - depends on BROKEN || !FRV + help --- a/kernel/Makefile +++ b/kernel/Makefile -@@ -112,6 +112,7 @@ obj-$(CONFIG_CONTEXT_TRACKING) += contex - obj-$(CONFIG_TORTURE_TEST) += torture.o - - obj-$(CONFIG_HAS_IOMEM) += memremap.o +@@ -116,6 +116,7 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o + obj-$(CONFIG_HAS_IOMEM) += iomem.o + obj-$(CONFIG_ZONE_DEVICE) += memremap.o + obj-$(CONFIG_RSEQ) += rseq.o +obj-$(CONFIG_CRASHLOG) += crashlog.o $(obj)/configs.o: $(obj)/config_data.h @@ -300,7 +300,7 @@ Signed-off-by: Felix Fietkau #include #include #include -@@ -175,6 +176,7 @@ static unsigned long __init free_all_boo +@@ -215,6 +216,7 @@ static unsigned long __init free_all_boo if (!bdata->node_bootmem_map) return 0; @@ -310,15 +310,15 @@ Signed-off-by: Felix Fietkau end = bdata->node_low_pfn; --- a/mm/memblock.c +++ b/mm/memblock.c -@@ -19,6 +19,7 @@ - #include +@@ -21,6 +21,7 @@ #include #include + #include +#include #include #include -@@ -483,6 +484,8 @@ static void __init_memblock memblock_ins +@@ -547,6 +548,8 @@ static void __init_memblock memblock_ins memblock_set_region_node(rgn, nid); type->cnt++; type->total_size += size; @@ -327,7 +327,7 @@ Signed-off-by: Felix Fietkau } /** -@@ -522,6 +525,8 @@ int __init_memblock memblock_add_range(s +@@ -586,6 +589,8 @@ int __init_memblock memblock_add_range(s type->regions[0].flags = flags; memblock_set_region_node(&type->regions[0], nid); type->total_size = size; diff --git a/target/linux/generic/pending-4.19/0931-w1-gpio-fix-problem-with-platfom-data-in-w1-gpio.patch b/target/linux/generic/pending-4.19/0931-w1-gpio-fix-problem-with-platfom-data-in-w1-gpio.patch index 0c4a13f9df..be9ceebc3a 100644 --- a/target/linux/generic/pending-4.19/0931-w1-gpio-fix-problem-with-platfom-data-in-w1-gpio.patch +++ b/target/linux/generic/pending-4.19/0931-w1-gpio-fix-problem-with-platfom-data-in-w1-gpio.patch @@ -15,24 +15,12 @@ Signed-off-by: Pawel Dembicki --- a/drivers/w1/masters/w1-gpio.c +++ b/drivers/w1/masters/w1-gpio.c -@@ -112,17 +112,16 @@ static int w1_gpio_probe_dt(struct platf - static int w1_gpio_probe(struct platform_device *pdev) - { - struct w1_bus_master *master; -- struct w1_gpio_platform_data *pdata; -+ struct w1_gpio_platform_data *pdata = dev_get_platdata(&pdev->dev); +@@ -79,7 +79,7 @@ static int w1_gpio_probe(struct platform + enum gpiod_flags gflags = GPIOD_OUT_LOW_OPEN_DRAIN; int err; - if (of_have_populated_dt()) { -+ if (of_have_populated_dt() && !pdata) { - err = w1_gpio_probe_dt(pdev); - if (err < 0) - return err; -+ pdata = dev_get_platdata(&pdev->dev); - } - -- pdata = dev_get_platdata(&pdev->dev); -- - if (!pdata) { - dev_err(&pdev->dev, "No configuration data\n"); - return -ENXIO; ++ if (of_have_populated_dt() && !dev_get_platdata(&pdev->dev)) { + pdata = devm_kzalloc(&pdev->dev, sizeof(*pdata), GFP_KERNEL); + if (!pdata) + return -ENOMEM; diff --git a/target/linux/generic/pending-4.19/102-MIPS-only-process-negative-stack-offsets-on-stack-tr.patch b/target/linux/generic/pending-4.19/102-MIPS-only-process-negative-stack-offsets-on-stack-tr.patch index 92e86b24e7..0b87f493ec 100644 --- a/target/linux/generic/pending-4.19/102-MIPS-only-process-negative-stack-offsets-on-stack-tr.patch +++ b/target/linux/generic/pending-4.19/102-MIPS-only-process-negative-stack-offsets-on-stack-tr.patch @@ -46,7 +46,7 @@ Signed-off-by: Felix Fietkau --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c -@@ -360,6 +360,8 @@ static inline int is_sp_move_ins(union m +@@ -361,6 +361,8 @@ static inline int is_sp_move_ins(union m if (ip->i_format.opcode == addiu_op || ip->i_format.opcode == daddiu_op) { diff --git a/target/linux/generic/pending-4.19/110-ehci_hcd_ignore_oc.patch b/target/linux/generic/pending-4.19/110-ehci_hcd_ignore_oc.patch index b45b1c079c..cad00b5527 100644 --- a/target/linux/generic/pending-4.19/110-ehci_hcd_ignore_oc.patch +++ b/target/linux/generic/pending-4.19/110-ehci_hcd_ignore_oc.patch @@ -17,7 +17,7 @@ Signed-off-by: Florian Fainelli --- a/drivers/usb/host/ehci-hcd.c +++ b/drivers/usb/host/ehci-hcd.c -@@ -651,7 +651,7 @@ static int ehci_run (struct usb_hcd *hcd +@@ -638,7 +638,7 @@ static int ehci_run (struct usb_hcd *hcd "USB %x.%x started, EHCI %x.%02x%s\n", ((ehci->sbrn & 0xf0)>>4), (ehci->sbrn & 0x0f), temp >> 8, temp & 0xff, @@ -28,7 +28,7 @@ Signed-off-by: Florian Fainelli &ehci->regs->intr_enable); /* Turn On Interrupts */ --- a/drivers/usb/host/ehci-hub.c +++ b/drivers/usb/host/ehci-hub.c -@@ -646,7 +646,7 @@ ehci_hub_status_data (struct usb_hcd *hc +@@ -641,7 +641,7 @@ ehci_hub_status_data (struct usb_hcd *hc * always set, seem to clear PORT_OCC and PORT_CSC when writing to * PORT_POWER; that's surprising, but maybe within-spec. */ @@ -37,7 +37,7 @@ Signed-off-by: Florian Fainelli mask = PORT_CSC | PORT_PEC | PORT_OCC; else mask = PORT_CSC | PORT_PEC; -@@ -1016,7 +1016,7 @@ int ehci_hub_control( +@@ -1011,7 +1011,7 @@ int ehci_hub_control( if (temp & PORT_PEC) status |= USB_PORT_STAT_C_ENABLE << 16; @@ -48,7 +48,7 @@ Signed-off-by: Florian Fainelli /* --- a/drivers/usb/host/ehci-platform.c +++ b/drivers/usb/host/ehci-platform.c -@@ -263,6 +263,8 @@ static int ehci_platform_probe(struct pl +@@ -208,6 +208,8 @@ static int ehci_platform_probe(struct pl hcd->has_tt = 1; if (pdata->reset_on_resume) priv->reset_on_resume = true; @@ -59,7 +59,7 @@ Signed-off-by: Florian Fainelli if (ehci->big_endian_mmio) { --- a/drivers/usb/host/ehci.h +++ b/drivers/usb/host/ehci.h -@@ -231,6 +231,7 @@ struct ehci_hcd { /* one per controlle +@@ -218,6 +218,7 @@ struct ehci_hcd { /* one per controlle unsigned frame_index_bug:1; /* MosChip (AKA NetMos) */ unsigned need_oc_pp_cycle:1; /* MPC834X port power */ unsigned imx28_write_fix:1; /* For Freescale i.MX28 */ @@ -69,7 +69,7 @@ Signed-off-by: Florian Fainelli #define OHCI_CTRL_HCFS (3 << 6) --- a/include/linux/usb/ehci_pdriver.h +++ b/include/linux/usb/ehci_pdriver.h -@@ -49,6 +49,7 @@ struct usb_ehci_pdata { +@@ -50,6 +50,7 @@ struct usb_ehci_pdata { unsigned no_io_watchdog:1; unsigned reset_on_resume:1; unsigned dma_mask_64:1; diff --git a/target/linux/generic/pending-4.19/120-Fix-alloc_node_mem_map-with-ARCH_PFN_OFFSET-calcu.patch b/target/linux/generic/pending-4.19/120-Fix-alloc_node_mem_map-with-ARCH_PFN_OFFSET-calcu.patch index 88870bc99e..9f13539fde 100644 --- a/target/linux/generic/pending-4.19/120-Fix-alloc_node_mem_map-with-ARCH_PFN_OFFSET-calcu.patch +++ b/target/linux/generic/pending-4.19/120-Fix-alloc_node_mem_map-with-ARCH_PFN_OFFSET-calcu.patch @@ -71,7 +71,7 @@ Signed-off-by: Tobias Wolf --- a/mm/page_alloc.c +++ b/mm/page_alloc.c -@@ -6141,7 +6141,7 @@ static void __ref alloc_node_mem_map(str +@@ -6370,7 +6370,7 @@ static void __ref alloc_node_mem_map(str mem_map = NODE_DATA(0)->node_mem_map; #if defined(CONFIG_HAVE_MEMBLOCK_NODE_MAP) || defined(CONFIG_FLATMEM) if (page_to_pfn(mem_map) != pgdat->node_start_pfn) diff --git a/target/linux/generic/pending-4.19/131-spi-use-gpio_set_value_cansleep-for-setting-chipsele.patch b/target/linux/generic/pending-4.19/131-spi-use-gpio_set_value_cansleep-for-setting-chipsele.patch index 9603385aed..bd5ed6f888 100644 --- a/target/linux/generic/pending-4.19/131-spi-use-gpio_set_value_cansleep-for-setting-chipsele.patch +++ b/target/linux/generic/pending-4.19/131-spi-use-gpio_set_value_cansleep-for-setting-chipsele.patch @@ -9,7 +9,7 @@ Signed-off-by: Felix Fietkau --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c -@@ -729,7 +729,7 @@ static void spi_set_cs(struct spi_device +@@ -733,7 +733,7 @@ static void spi_set_cs(struct spi_device enable = !enable; if (gpio_is_valid(spi->cs_gpio)) { diff --git a/target/linux/generic/pending-4.19/150-bridge_allow_receiption_on_disabled_port.patch b/target/linux/generic/pending-4.19/150-bridge_allow_receiption_on_disabled_port.patch index 9fcffdee06..c8e68c2c96 100644 --- a/target/linux/generic/pending-4.19/150-bridge_allow_receiption_on_disabled_port.patch +++ b/target/linux/generic/pending-4.19/150-bridge_allow_receiption_on_disabled_port.patch @@ -15,7 +15,7 @@ Signed-off-by: Felix Fietkau --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c -@@ -239,7 +239,8 @@ static int br_handle_local_finish(struct +@@ -197,7 +197,8 @@ static int br_handle_local_finish(struct { struct net_bridge_port *p = br_port_get_rcu(skb->dev); @@ -25,7 +25,7 @@ Signed-off-by: Felix Fietkau BR_INPUT_SKB_CB(skb)->brdev = p->br->dev; br_pass_frame_up(skb); -@@ -327,6 +328,15 @@ rx_handler_result_t br_handle_frame(stru +@@ -286,6 +287,15 @@ rx_handler_result_t br_handle_frame(stru forward: switch (p->state) { diff --git a/target/linux/generic/pending-4.19/161-mtd-part-add-generic-parsing-of-linux-part-probe.patch b/target/linux/generic/pending-4.19/161-mtd-part-add-generic-parsing-of-linux-part-probe.patch index 9625a51129..c82ea5ab56 100644 --- a/target/linux/generic/pending-4.19/161-mtd-part-add-generic-parsing-of-linux-part-probe.patch +++ b/target/linux/generic/pending-4.19/161-mtd-part-add-generic-parsing-of-linux-part-probe.patch @@ -21,9 +21,9 @@ Signed-off-by: Hauke Mehrtens --- a/Documentation/devicetree/bindings/mtd/nand.txt +++ b/Documentation/devicetree/bindings/mtd/nand.txt -@@ -44,6 +44,22 @@ Optional NAND chip properties: - used by the upper layers, and you want to make your NAND - as reliable as possible. +@@ -49,6 +49,22 @@ Optional NAND chip properties: + + - nand-rb: shall contain the native Ready/Busy ids. +- linux,part-probe: list of name as strings of the partition parser + which should be used to parse the partition table. @@ -46,7 +46,7 @@ Signed-off-by: Hauke Mehrtens errors per {size} bytes". --- a/drivers/mtd/maps/physmap_of_core.c +++ b/drivers/mtd/maps/physmap_of_core.c -@@ -114,37 +114,9 @@ static struct mtd_info *obsolete_probe(s +@@ -115,37 +115,9 @@ static struct mtd_info *obsolete_probe(s static const char * const part_probe_types_def[] = { "cmdlinepart", "RedBoot", "ofpart", "ofoldpart", NULL }; @@ -59,7 +59,7 @@ Signed-off-by: Hauke Mehrtens - if (count < 0) - return part_probe_types_def; - -- res = kzalloc((count + 1) * sizeof(*res), GFP_KERNEL); +- res = kcalloc(count + 1, sizeof(*res), GFP_KERNEL); - if (!res) - return NULL; - @@ -84,7 +84,7 @@ Signed-off-by: Hauke Mehrtens const struct of_device_id *match; struct device_node *dp = dev->dev.of_node; struct resource res; -@@ -310,14 +282,8 @@ static int of_flash_probe(struct platfor +@@ -316,14 +288,8 @@ static int of_flash_probe(struct platfor info->cmtd->dev.parent = &dev->dev; mtd_set_of_node(info->cmtd, dp); @@ -110,7 +110,7 @@ Signed-off-by: Hauke Mehrtens #include #include -@@ -844,6 +845,37 @@ void deregister_mtd_parser(struct mtd_pa +@@ -796,6 +797,37 @@ void deregister_mtd_parser(struct mtd_pa } EXPORT_SYMBOL_GPL(deregister_mtd_parser); @@ -148,7 +148,7 @@ Signed-off-by: Hauke Mehrtens /* * Do not forget to update 'parse_mtd_partitions()' kerneldoc comment if you * are changing this array! -@@ -993,6 +1025,13 @@ int parse_mtd_partitions(struct mtd_info +@@ -948,6 +980,13 @@ int parse_mtd_partitions(struct mtd_info struct mtd_partitions pparts = { }; struct mtd_part_parser *parser; int ret, err = 0; @@ -162,7 +162,7 @@ Signed-off-by: Hauke Mehrtens if (!types) types = mtd_is_partition(master) ? default_subpartition_types : -@@ -1034,6 +1073,7 @@ int parse_mtd_partitions(struct mtd_info +@@ -989,6 +1028,7 @@ int parse_mtd_partitions(struct mtd_info if (ret < 0 && !err) err = ret; } diff --git a/target/linux/generic/pending-4.19/171-usb-dwc2-Fix-inefficient-copy-of-unaligned-buffers.patch b/target/linux/generic/pending-4.19/171-usb-dwc2-Fix-inefficient-copy-of-unaligned-buffers.patch deleted file mode 100644 index 588b571e01..0000000000 --- a/target/linux/generic/pending-4.19/171-usb-dwc2-Fix-inefficient-copy-of-unaligned-buffers.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 81da1738eee68f1961e03bdeb2d60cf0eb4dd713 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Antti=20Sepp=C3=A4l=C3=A4?= -Date: Thu, 5 Jul 2018 12:06:18 +0300 -Subject: [PATCH 2/2] usb: dwc2: Fix inefficient copy of unaligned buffers -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Make sure only to copy any actual data rather than the whole buffer, -when releasing the temporary buffer used for unaligned non-isochronous -transfers. - -Taken directly from commit 0efd937e27d5e ("USB: ehci-tegra: fix inefficient -copy of unaligned buffers") - -Tested with Lantiq xRX200 (MIPS) and RPi Model B Rev 2 (ARM) - -Signed-off-by: Antti Seppälä ---- - drivers/usb/dwc2/hcd.c | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - ---- a/drivers/usb/dwc2/hcd.c -+++ b/drivers/usb/dwc2/hcd.c -@@ -2669,6 +2669,7 @@ static int dwc2_alloc_split_dma_aligned_ - static void dwc2_free_dma_aligned_buffer(struct urb *urb) - { - void *stored_xfer_buffer; -+ size_t length; - - if (!(urb->transfer_flags & URB_ALIGNED_TEMP_BUFFER)) - return; -@@ -2677,9 +2678,14 @@ static void dwc2_free_dma_aligned_buffer - memcpy(&stored_xfer_buffer, urb->transfer_buffer + - urb->transfer_buffer_length, sizeof(urb->transfer_buffer)); - -- if (usb_urb_dir_in(urb)) -- memcpy(stored_xfer_buffer, urb->transfer_buffer, -- urb->transfer_buffer_length); -+ if (usb_urb_dir_in(urb)) { -+ if (usb_pipeisoc(urb->pipe)) -+ length = urb->transfer_buffer_length; -+ else -+ length = urb->actual_length; -+ -+ memcpy(stored_xfer_buffer, urb->transfer_buffer, length); -+ } - kfree(urb->transfer_buffer); - urb->transfer_buffer = stored_xfer_buffer; - diff --git a/target/linux/generic/pending-4.19/180-net-phy-at803x-add-support-for-AT8032.patch b/target/linux/generic/pending-4.19/180-net-phy-at803x-add-support-for-AT8032.patch index 828b160be9..e496301e4e 100644 --- a/target/linux/generic/pending-4.19/180-net-phy-at803x-add-support-for-AT8032.patch +++ b/target/linux/generic/pending-4.19/180-net-phy-at803x-add-support-for-AT8032.patch @@ -19,17 +19,7 @@ Signed-off-by: Felix Fietkau MODULE_DESCRIPTION("Atheros 803x PHY driver"); MODULE_AUTHOR("Matus Ujhelyi"); -@@ -256,7 +258,8 @@ static int at803x_probe(struct phy_devic - if (!priv) - return -ENOMEM; - -- if (phydev->drv->phy_id != ATH8030_PHY_ID) -+ if (phydev->drv->phy_id != ATH8030_PHY_ID && -+ phydev->drv->phy_id != ATH8032_PHY_ID) - goto does_not_require_reset_workaround; - - gpiod_reset = devm_gpiod_get_optional(dev, "reset", GPIOD_OUT_LOW); -@@ -332,7 +335,7 @@ static void at803x_link_change_notify(st +@@ -308,7 +310,7 @@ static void at803x_link_change_notify(st struct at803x_priv *priv = phydev->priv; /* @@ -38,7 +28,7 @@ Signed-off-by: Felix Fietkau * signalled. This is necessary to circumvent a hardware bug that * occurs when the cable is unplugged while TX packets are pending * in the FIFO. In such cases, the FIFO enters an error mode it -@@ -444,6 +447,24 @@ static struct phy_driver at803x_driver[] +@@ -414,6 +416,24 @@ static struct phy_driver at803x_driver[] .aneg_done = at803x_aneg_done, .ack_interrupt = &at803x_ack_interrupt, .config_intr = &at803x_config_intr, @@ -63,7 +53,7 @@ Signed-off-by: Felix Fietkau } }; module_phy_driver(at803x_driver); -@@ -451,6 +472,7 @@ module_phy_driver(at803x_driver); +@@ -421,6 +441,7 @@ module_phy_driver(at803x_driver); static struct mdio_device_id __maybe_unused atheros_tbl[] = { { ATH8030_PHY_ID, AT803X_PHY_ID_MASK }, { ATH8031_PHY_ID, AT803X_PHY_ID_MASK }, diff --git a/target/linux/generic/pending-4.19/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch b/target/linux/generic/pending-4.19/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch deleted file mode 100644 index 54858657cb..0000000000 --- a/target/linux/generic/pending-4.19/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch +++ /dev/null @@ -1,43 +0,0 @@ -From patchwork Fri Jul 21 18:36:24 2017 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -Subject: [2/5] e1000e: Fix wrong comment related to link detection -From: Benjamin Poirier -X-Patchwork-Id: 9857489 -Message-Id: <20170721183627.13373-2-bpoirier@suse.com> -To: Jeff Kirsher -Cc: Lennart Sorensen , - intel-wired-lan@lists.osuosl.org, netdev@vger.kernel.org, - linux-kernel@vger.kernel.org -Date: Fri, 21 Jul 2017 11:36:24 -0700 - -Reading e1000e_check_for_copper_link() shows that get_link_status is set to -false after link has been detected. Therefore, it stays TRUE until then. - -Signed-off-by: Benjamin Poirier -Tested-by: Aaron Brown ---- - drivers/net/ethernet/intel/e1000e/netdev.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/drivers/net/ethernet/intel/e1000e/netdev.c -+++ b/drivers/net/ethernet/intel/e1000e/netdev.c -@@ -5082,7 +5082,7 @@ static bool e1000e_has_link(struct e1000 - - /* get_link_status is set on LSC (link status) interrupt or - * Rx sequence error interrupt. get_link_status will stay -- * false until the check_for_link establishes link -+ * true until the check_for_link establishes link - * for copper adapters ONLY - */ - switch (hw->phy.media_type) { -@@ -5100,7 +5100,7 @@ static bool e1000e_has_link(struct e1000 - break; - case e1000_media_type_internal_serdes: - ret_val = hw->mac.ops.check_for_link(hw); -- link_active = adapter->hw.mac.serdes_has_link; -+ link_active = hw->mac.serdes_has_link; - break; - default: - case e1000_media_type_unknown: diff --git a/target/linux/generic/pending-4.19/201-extra_optimization.patch b/target/linux/generic/pending-4.19/201-extra_optimization.patch index c7790657fd..d86e29fc75 100644 --- a/target/linux/generic/pending-4.19/201-extra_optimization.patch +++ b/target/linux/generic/pending-4.19/201-extra_optimization.patch @@ -14,7 +14,7 @@ Signed-off-by: Felix Fietkau --- a/Makefile +++ b/Makefile -@@ -654,12 +654,12 @@ KBUILD_CFLAGS += $(call cc-disable-warni +@@ -659,12 +659,12 @@ KBUILD_CFLAGS += $(call cc-disable-warni ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE KBUILD_CFLAGS += $(call cc-option,-Oz,-Os) diff --git a/target/linux/generic/pending-4.19/203-kallsyms_uncompressed.patch b/target/linux/generic/pending-4.19/203-kallsyms_uncompressed.patch index fa68f307d4..074f0c45ed 100644 --- a/target/linux/generic/pending-4.19/203-kallsyms_uncompressed.patch +++ b/target/linux/generic/pending-4.19/203-kallsyms_uncompressed.patch @@ -13,7 +13,7 @@ Signed-off-by: Felix Fietkau --- a/init/Kconfig +++ b/init/Kconfig -@@ -1081,6 +1081,17 @@ config SYSCTL_ARCH_UNALIGN_ALLOW +@@ -1140,6 +1140,17 @@ config SYSCTL_ARCH_UNALIGN_ALLOW the unaligned access emulation. see arch/parisc/kernel/unaligned.c for reference @@ -33,7 +33,7 @@ Signed-off-by: Felix Fietkau --- a/kernel/kallsyms.c +++ b/kernel/kallsyms.c -@@ -108,6 +108,11 @@ static unsigned int kallsyms_expand_symb +@@ -74,6 +74,11 @@ static unsigned int kallsyms_expand_symb * For every byte on the compressed symbol data, copy the table * entry for that byte. */ @@ -45,7 +45,7 @@ Signed-off-by: Felix Fietkau while (len) { tptr = &kallsyms_token_table[kallsyms_token_index[*data]]; data++; -@@ -140,6 +145,9 @@ tail: +@@ -106,6 +111,9 @@ tail: */ static char kallsyms_get_symbol_type(unsigned int off) { @@ -63,9 +63,9 @@ Signed-off-by: Felix Fietkau static int all_symbols = 0; +static int uncompressed = 0; static int absolute_percpu = 0; - static char symbol_prefix_char = '\0'; static int base_relative = 0; -@@ -457,6 +458,9 @@ static void write_src(void) + +@@ -439,6 +440,9 @@ static void write_src(void) free(markers); @@ -75,7 +75,7 @@ Signed-off-by: Felix Fietkau output_label("kallsyms_token_table"); off = 0; for (i = 0; i < 256; i++) { -@@ -515,6 +519,9 @@ static void *find_token(unsigned char *s +@@ -497,6 +501,9 @@ static void *find_token(unsigned char *s { int i; @@ -85,7 +85,7 @@ Signed-off-by: Felix Fietkau for (i = 0; i < len - 1; i++) { if (str[i] == token[0] && str[i+1] == token[1]) return &str[i]; -@@ -587,6 +594,9 @@ static void optimize_result(void) +@@ -569,6 +576,9 @@ static void optimize_result(void) { int i, best; @@ -95,9 +95,9 @@ Signed-off-by: Felix Fietkau /* using the '\0' symbol last allows compress_symbols to use standard * fast string functions */ for (i = 255; i >= 0; i--) { -@@ -775,6 +785,8 @@ int main(int argc, char **argv) - symbol_prefix_char = *p; - } else if (strcmp(argv[i], "--base-relative") == 0) +@@ -751,6 +761,8 @@ int main(int argc, char **argv) + absolute_percpu = 1; + else if (strcmp(argv[i], "--base-relative") == 0) base_relative = 1; + else if (strcmp(argv[i], "--uncompressed") == 0) + uncompressed = 1; @@ -106,7 +106,7 @@ Signed-off-by: Felix Fietkau } --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh -@@ -164,6 +164,10 @@ kallsyms() +@@ -133,6 +133,10 @@ kallsyms() kallsymopt="${kallsymopt} --base-relative" fi diff --git a/target/linux/generic/pending-4.19/205-backtrace_module_info.patch b/target/linux/generic/pending-4.19/205-backtrace_module_info.patch index 4040f91021..5671173d45 100644 --- a/target/linux/generic/pending-4.19/205-backtrace_module_info.patch +++ b/target/linux/generic/pending-4.19/205-backtrace_module_info.patch @@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau --- a/lib/vsprintf.c +++ b/lib/vsprintf.c -@@ -670,8 +670,10 @@ char *symbol_string(char *buf, char *end +@@ -681,8 +681,10 @@ char *symbol_string(char *buf, char *end struct printf_spec spec, const char *fmt) { unsigned long value; @@ -23,7 +23,7 @@ Signed-off-by: Felix Fietkau #endif if (fmt[1] == 'R') -@@ -685,11 +687,16 @@ char *symbol_string(char *buf, char *end +@@ -696,11 +698,16 @@ char *symbol_string(char *buf, char *end sprint_symbol(sym, value); else sprint_symbol_no_offset(sym, value); @@ -42,4 +42,4 @@ Signed-off-by: Felix Fietkau + return string(buf, end, sym, spec); } - static noinline_for_stack + static const struct printf_spec default_str_spec = { diff --git a/target/linux/generic/pending-4.19/220-optimize_inlining.patch b/target/linux/generic/pending-4.19/220-optimize_inlining.patch index dca1dcb204..1411586086 100644 --- a/target/linux/generic/pending-4.19/220-optimize_inlining.patch +++ b/target/linux/generic/pending-4.19/220-optimize_inlining.patch @@ -1,6 +1,6 @@ --- a/arch/x86/Kconfig.debug +++ b/arch/x86/Kconfig.debug -@@ -284,20 +284,6 @@ config CPA_DEBUG +@@ -276,20 +276,6 @@ config CPA_DEBUG ---help--- Do change_page_attr() self-tests every 30 seconds. @@ -23,7 +23,7 @@ depends on DEBUG_KERNEL --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug -@@ -137,6 +137,20 @@ endmenu # "printk and dmesg options" +@@ -150,6 +150,20 @@ endmenu # "printk and dmesg options" menu "Compile-time checks and compiler options" @@ -46,7 +46,7 @@ depends on DEBUG_KERNEL && !COMPILE_TEST --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -296,9 +296,6 @@ config ZONE_DMA32 +@@ -306,9 +306,6 @@ config ZONE_DMA32 config AUDIT_ARCH def_bool y if X86_64 @@ -56,15 +56,15 @@ config ARCH_SUPPORTS_DEBUG_PAGEALLOC def_bool y ---- a/include/linux/compiler-gcc.h -+++ b/include/linux/compiler-gcc.h -@@ -90,8 +90,7 @@ +--- a/include/linux/compiler_types.h ++++ b/include/linux/compiler_types.h +@@ -260,8 +260,7 @@ struct ftrace_likely_data { * of extern inline functions at link time. * A lot of inline functions can cause havoc with function tracing. */ --#if !defined(CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING) || \ -- !defined(CONFIG_OPTIMIZE_INLINING) || (__GNUC__ < 4) -+#if !defined(CONFIG_OPTIMIZE_INLINING) || (__GNUC__ < 4) +-#if !defined(CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING) || \ +- !defined(CONFIG_OPTIMIZE_INLINING) ++#if !defined(CONFIG_OPTIMIZE_INLINING) #define inline \ inline __attribute__((always_inline, unused)) notrace __gnu_inline #else diff --git a/target/linux/generic/pending-4.19/300-mips_expose_boot_raw.patch b/target/linux/generic/pending-4.19/300-mips_expose_boot_raw.patch index 5384be15ca..5be7ea7c12 100644 --- a/target/linux/generic/pending-4.19/300-mips_expose_boot_raw.patch +++ b/target/linux/generic/pending-4.19/300-mips_expose_boot_raw.patch @@ -9,7 +9,7 @@ Acked-by: Rob Landley --- --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig -@@ -1067,9 +1067,6 @@ config FW_ARC +@@ -1059,9 +1059,6 @@ config FW_ARC config ARCH_MAY_HAVE_PC_FDC bool @@ -19,7 +19,7 @@ Acked-by: Rob Landley config CEVT_BCM1480 bool -@@ -2967,6 +2964,18 @@ choice +@@ -2965,6 +2962,18 @@ choice bool "Extend builtin kernel arguments with bootloader arguments" endchoice diff --git a/target/linux/generic/pending-4.19/304-mips_disable_fpu.patch b/target/linux/generic/pending-4.19/304-mips_disable_fpu.patch index 22e2e86206..61f0378a47 100644 --- a/target/linux/generic/pending-4.19/304-mips_disable_fpu.patch +++ b/target/linux/generic/pending-4.19/304-mips_disable_fpu.patch @@ -24,7 +24,7 @@ v2: incorporated changes suggested by Jonas Gorski --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig -@@ -2891,6 +2891,20 @@ config MIPS_O32_FP64_SUPPORT +@@ -2889,6 +2889,20 @@ config MIPS_O32_FP64_SUPPORT If unsure, say N. @@ -47,7 +47,7 @@ v2: incorporated changes suggested by Jonas Gorski select OF --- a/arch/mips/Makefile +++ b/arch/mips/Makefile -@@ -315,7 +315,7 @@ OBJCOPYFLAGS += --remove-section=.regin +@@ -322,7 +322,7 @@ OBJCOPYFLAGS += --remove-section=.regin head-y := arch/mips/kernel/head.o libs-y += arch/mips/lib/ diff --git a/target/linux/generic/pending-4.19/307-mips_highmem_offset.patch b/target/linux/generic/pending-4.19/307-mips_highmem_offset.patch index 0529b0c5c8..9dd2fa9863 100644 --- a/target/linux/generic/pending-4.19/307-mips_highmem_offset.patch +++ b/target/linux/generic/pending-4.19/307-mips_highmem_offset.patch @@ -8,7 +8,7 @@ Signed-off-by: Felix Fietkau --- a/arch/mips/include/asm/mach-generic/spaces.h +++ b/arch/mips/include/asm/mach-generic/spaces.h -@@ -46,7 +46,7 @@ +@@ -50,7 +50,7 @@ * Memory above this physical address will be considered highmem. */ #ifndef HIGHMEM_START diff --git a/target/linux/generic/pending-4.19/308-mips32r2_tune.patch b/target/linux/generic/pending-4.19/308-mips32r2_tune.patch index 39167bf4ae..17c867acc5 100644 --- a/target/linux/generic/pending-4.19/308-mips32r2_tune.patch +++ b/target/linux/generic/pending-4.19/308-mips32r2_tune.patch @@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau --- a/arch/mips/Makefile +++ b/arch/mips/Makefile -@@ -161,7 +161,7 @@ cflags-$(CONFIG_CPU_VR41XX) += -march=r4 +@@ -171,7 +171,7 @@ cflags-$(CONFIG_CPU_VR41XX) += -march=r4 cflags-$(CONFIG_CPU_R4X00) += -march=r4600 -Wa,--trap cflags-$(CONFIG_CPU_TX49XX) += -march=r4600 -Wa,--trap cflags-$(CONFIG_CPU_MIPS32_R1) += -march=mips32 -Wa,--trap diff --git a/target/linux/generic/pending-4.19/332-arc-add-OWRTDTB-section.patch b/target/linux/generic/pending-4.19/332-arc-add-OWRTDTB-section.patch index 58f14b6ca5..963547eedd 100644 --- a/target/linux/generic/pending-4.19/332-arc-add-OWRTDTB-section.patch +++ b/target/linux/generic/pending-4.19/332-arc-add-OWRTDTB-section.patch @@ -38,7 +38,7 @@ Signed-off-by: Alexey Brodkin ;---------------------------------------------------------------- --- a/arch/arc/kernel/setup.c +++ b/arch/arc/kernel/setup.c -@@ -421,6 +421,8 @@ static inline int is_kernel(unsigned lon +@@ -456,6 +456,8 @@ static inline int is_kernel(unsigned lon return 0; } @@ -47,7 +47,7 @@ Signed-off-by: Alexey Brodkin void __init setup_arch(char **cmdline_p) { #ifdef CONFIG_ARC_UBOOT_SUPPORT -@@ -434,7 +436,7 @@ void __init setup_arch(char **cmdline_p) +@@ -469,7 +471,7 @@ void __init setup_arch(char **cmdline_p) #endif { /* No, so try the embedded one */ diff --git a/target/linux/generic/pending-4.19/340-MIPS-mm-remove-mips_dma_mapping_error.patch b/target/linux/generic/pending-4.19/340-MIPS-mm-remove-mips_dma_mapping_error.patch deleted file mode 100644 index 8d6cada842..0000000000 --- a/target/linux/generic/pending-4.19/340-MIPS-mm-remove-mips_dma_mapping_error.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: Felix Fietkau -Date: Tue, 5 Dec 2017 12:34:31 +0100 -Subject: [PATCH] MIPS: mm: remove mips_dma_mapping_error - -dma_mapping_error() already checks if ops->mapping_error is a null -pointer - -Signed-off-by: Felix Fietkau ---- - ---- a/arch/mips/mm/dma-default.c -+++ b/arch/mips/mm/dma-default.c -@@ -373,11 +373,6 @@ static void mips_dma_sync_sg_for_device( - } - } - --static int mips_dma_mapping_error(struct device *dev, dma_addr_t dma_addr) --{ -- return 0; --} -- - static int mips_dma_supported(struct device *dev, u64 mask) - { - return plat_dma_supported(dev, mask); -@@ -406,7 +401,6 @@ static const struct dma_map_ops mips_def - .sync_single_for_device = mips_dma_sync_single_for_device, - .sync_sg_for_cpu = mips_dma_sync_sg_for_cpu, - .sync_sg_for_device = mips_dma_sync_sg_for_device, -- .mapping_error = mips_dma_mapping_error, - .dma_supported = mips_dma_supported - }; - diff --git a/target/linux/generic/pending-4.19/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch b/target/linux/generic/pending-4.19/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch index de2dd65b17..44d1520639 100644 --- a/target/linux/generic/pending-4.19/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch +++ b/target/linux/generic/pending-4.19/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch @@ -1,140 +1,82 @@ -From: Felix Fietkau -Date: Tue, 5 Dec 2017 12:46:01 +0100 -Subject: [PATCH] MIPS: mm: remove no-op dma_map_ops where possible +From 203f17906ff45705fbdaa0430dbbc71142c2640f Mon Sep 17 00:00:00 2001 +From: Hauke Mehrtens +Date: Sat, 8 Dec 2018 21:45:53 +0100 +Subject: [PATCH 1/3] MIPS: Compile post DMA flush only when needed -If no post-DMA flush is required, and the platform does not provide -plat_unmap_dma_mem(), there is no need to include unmap or sync_for_cpu -ops. +dma_sync_phys() is only called for some CPUs when a mapping is removed. +Add ARCH_HAS_SYNC_DMA_FOR_CPU only for the CPUs listed in +cpu_needs_post_dma_flush() which need this extra call and do not compile +this code in for other CPUs. We need this for R10000, R12000, BMIPS5000 +CPUs and CPUs supporting MAAR which was introduced in MIPS32r5. -With this patch they are compiled out to improve icache footprint -on devices that handle lots of DMA traffic (especially network routers). +This will hopefully improve the performance of the not affected devices. -Signed-off-by: Felix Fietkau +Signed-off-by: Hauke Mehrtens --- + arch/mips/Kconfig | 6 +++++- + arch/mips/mm/dma-noncoherent.c | 2 ++ + 2 files changed, 7 insertions(+), 1 deletion(-) --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig -@@ -221,6 +221,7 @@ config BMIPS_GENERIC - select BRCMSTB_L2_IRQ - select IRQ_MIPS_CPU - select DMA_NONCOHERENT -+ select DMA_UNMAP_POST_FLUSH - select SYS_SUPPORTS_32BIT_KERNEL - select SYS_SUPPORTS_LITTLE_ENDIAN - select SYS_SUPPORTS_BIG_ENDIAN -@@ -346,6 +347,7 @@ config MACH_JAZZ - select CSRC_R4K - select DEFAULT_SGI_PARTITION if CPU_BIG_ENDIAN - select GENERIC_ISA_DMA -+ select DMA_UNMAP_POST_FLUSH - select HAVE_PCSPKR_PLATFORM - select IRQ_MIPS_CPU - select I8253 -@@ -1128,6 +1130,9 @@ config DMA_NONCOHERENT +@@ -1113,7 +1113,6 @@ config DMA_PERDEV_COHERENT + config DMA_NONCOHERENT bool + select ARCH_HAS_SYNC_DMA_FOR_DEVICE +- select ARCH_HAS_SYNC_DMA_FOR_CPU select NEED_DMA_MAP_STATE - -+config DMA_UNMAP_POST_FLUSH -+ bool -+ - config NEED_DMA_MAP_STATE - bool - -@@ -1652,6 +1657,7 @@ config CPU_R10000 - select CPU_SUPPORTS_64BIT_KERNEL - select CPU_SUPPORTS_HIGHMEM - select CPU_SUPPORTS_HUGEPAGES -+ select DMA_UNMAP_POST_FLUSH - help - MIPS Technologies R10000-series processors. - -@@ -1900,9 +1906,11 @@ config SYS_HAS_CPU_MIPS32_R3_5 - bool + select DMA_NONCOHERENT_MMAP + select DMA_NONCOHERENT_CACHE_SYNC +@@ -1894,9 +1893,11 @@ config SYS_HAS_CPU_MIPS32_R3_5 config SYS_HAS_CPU_MIPS32_R5 -+ select DMA_UNMAP_POST_FLUSH bool ++ select ARCH_HAS_SYNC_DMA_FOR_CPU config SYS_HAS_CPU_MIPS32_R6 -+ select DMA_UNMAP_POST_FLUSH bool ++ select ARCH_HAS_SYNC_DMA_FOR_CPU config SYS_HAS_CPU_MIPS64_R1 -@@ -1912,6 +1920,7 @@ config SYS_HAS_CPU_MIPS64_R2 bool +@@ -1906,6 +1907,7 @@ config SYS_HAS_CPU_MIPS64_R2 config SYS_HAS_CPU_MIPS64_R6 -+ select DMA_UNMAP_POST_FLUSH bool ++ select ARCH_HAS_SYNC_DMA_FOR_CPU config SYS_HAS_CPU_R3000 ---- a/arch/mips/mm/dma-default.c -+++ b/arch/mips/mm/dma-default.c -@@ -267,8 +267,9 @@ static inline void __dma_sync(struct pag - } while (left); - } + bool +@@ -1942,6 +1944,7 @@ config SYS_HAS_CPU_R8000 --static void mips_dma_unmap_page(struct device *dev, dma_addr_t dma_addr, -- size_t size, enum dma_data_direction direction, unsigned long attrs) -+static void __maybe_unused -+mips_dma_unmap_page(struct device *dev, dma_addr_t dma_addr, size_t size, -+ enum dma_data_direction direction, unsigned long attrs) - { - if (cpu_needs_post_dma_flush(dev) && !(attrs & DMA_ATTR_SKIP_CPU_SYNC)) - __dma_sync(dma_addr_to_page(dev, dma_addr), -@@ -308,9 +309,10 @@ static dma_addr_t mips_dma_map_page(stru - return plat_map_dma_mem_page(dev, page) + offset; - } + config SYS_HAS_CPU_R10000 + bool ++ select ARCH_HAS_SYNC_DMA_FOR_CPU --static void mips_dma_unmap_sg(struct device *dev, struct scatterlist *sglist, -- int nhwentries, enum dma_data_direction direction, -- unsigned long attrs) -+static void __maybe_unused -+mips_dma_unmap_sg(struct device *dev, struct scatterlist *sglist, -+ int nhwentries, enum dma_data_direction direction, -+ unsigned long attrs) - { - int i; - struct scatterlist *sg; -@@ -325,8 +327,9 @@ static void mips_dma_unmap_sg(struct dev - } + config SYS_HAS_CPU_RM7000 + bool +@@ -1970,6 +1973,7 @@ config SYS_HAS_CPU_BMIPS4380 + config SYS_HAS_CPU_BMIPS5000 + bool + select SYS_HAS_CPU_BMIPS ++ select ARCH_HAS_SYNC_DMA_FOR_CPU + + config SYS_HAS_CPU_XLR + bool +--- a/arch/mips/mm/dma-noncoherent.c ++++ b/arch/mips/mm/dma-noncoherent.c +@@ -191,12 +191,14 @@ void arch_sync_dma_for_device(struct dev + dma_sync_phys(paddr, size, dir); } --static void mips_dma_sync_single_for_cpu(struct device *dev, -- dma_addr_t dma_handle, size_t size, enum dma_data_direction direction) -+static void __maybe_unused -+mips_dma_sync_single_for_cpu(struct device *dev, dma_addr_t dma_handle, -+ size_t size, enum dma_data_direction direction) ++#ifdef CONFIG_ARCH_HAS_SYNC_DMA_FOR_CPU + void arch_sync_dma_for_cpu(struct device *dev, phys_addr_t paddr, + size_t size, enum dma_data_direction dir) { if (cpu_needs_post_dma_flush(dev)) - __dma_sync(dma_addr_to_page(dev, dma_handle), -@@ -342,9 +345,9 @@ static void mips_dma_sync_single_for_dev - dma_handle & ~PAGE_MASK, size, direction); + dma_sync_phys(paddr, size, dir); } - --static void mips_dma_sync_sg_for_cpu(struct device *dev, -- struct scatterlist *sglist, int nelems, -- enum dma_data_direction direction) -+static void __maybe_unused -+mips_dma_sync_sg_for_cpu(struct device *dev, struct scatterlist *sglist, -+ int nelems, enum dma_data_direction direction) - { - int i; - struct scatterlist *sg; -@@ -394,12 +397,14 @@ static const struct dma_map_ops mips_def - .free = mips_dma_free_coherent, - .mmap = mips_dma_mmap, - .map_page = mips_dma_map_page, -- .unmap_page = mips_dma_unmap_page, - .map_sg = mips_dma_map_sg, -+#ifdef CONFIG_DMA_UNMAP_POST_FLUSH -+ .unmap_page = mips_dma_unmap_page, - .unmap_sg = mips_dma_unmap_sg, - .sync_single_for_cpu = mips_dma_sync_single_for_cpu, -- .sync_single_for_device = mips_dma_sync_single_for_device, - .sync_sg_for_cpu = mips_dma_sync_sg_for_cpu, +#endif -+ .sync_single_for_device = mips_dma_sync_single_for_device, - .sync_sg_for_device = mips_dma_sync_sg_for_device, - .dma_supported = mips_dma_supported - }; + + void arch_dma_cache_sync(struct device *dev, void *vaddr, size_t size, + enum dma_data_direction direction) diff --git a/target/linux/generic/pending-4.19/400-mtd-add-rootfs-split-support.patch b/target/linux/generic/pending-4.19/400-mtd-add-rootfs-split-support.patch index 5f8899ea61..c449fef041 100644 --- a/target/linux/generic/pending-4.19/400-mtd-add-rootfs-split-support.patch +++ b/target/linux/generic/pending-4.19/400-mtd-add-rootfs-split-support.patch @@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau --- a/drivers/mtd/Kconfig +++ b/drivers/mtd/Kconfig -@@ -12,6 +12,23 @@ menuconfig MTD +@@ -11,6 +11,23 @@ menuconfig MTD if MTD @@ -60,7 +60,7 @@ Signed-off-by: Felix Fietkau /* * Given a pointer to the MTD object in the mtd_part structure, we can retrieve * the pointer to that structure. -@@ -668,6 +672,7 @@ int mtd_add_partition(struct mtd_info *p +@@ -620,6 +624,7 @@ int mtd_add_partition(struct mtd_info *p mutex_unlock(&mtd_partitions_mutex); add_mtd_device(&new->mtd); @@ -68,7 +68,7 @@ Signed-off-by: Felix Fietkau mtd_add_partition_attrs(new); -@@ -746,6 +751,29 @@ int mtd_del_partition(struct mtd_info *m +@@ -698,6 +703,29 @@ int mtd_del_partition(struct mtd_info *m } EXPORT_SYMBOL_GPL(mtd_del_partition); @@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau /* * This function, given a master MTD object and a partition table, creates * and registers slave MTD objects which are bound to the master according to -@@ -777,6 +805,7 @@ int add_mtd_partitions(struct mtd_info * +@@ -729,6 +757,7 @@ int add_mtd_partitions(struct mtd_info * mutex_unlock(&mtd_partitions_mutex); add_mtd_device(&slave->mtd); diff --git a/target/linux/generic/pending-4.19/401-mtd-add-support-for-different-partition-parser-types.patch b/target/linux/generic/pending-4.19/401-mtd-add-support-for-different-partition-parser-types.patch index 359c4c167b..a454b5cf7a 100644 --- a/target/linux/generic/pending-4.19/401-mtd-add-support-for-different-partition-parser-types.patch +++ b/target/linux/generic/pending-4.19/401-mtd-add-support-for-different-partition-parser-types.patch @@ -20,7 +20,7 @@ Signed-off-by: Gabor Juhos /* * Given a pointer to the MTD object in the mtd_part structure, we can retrieve -@@ -751,6 +755,36 @@ int mtd_del_partition(struct mtd_info *m +@@ -703,6 +707,36 @@ int mtd_del_partition(struct mtd_info *m } EXPORT_SYMBOL_GPL(mtd_del_partition); @@ -57,7 +57,7 @@ Signed-off-by: Gabor Juhos #ifdef CONFIG_MTD_SPLIT_FIRMWARE_NAME #define SPLIT_FIRMWARE_NAME CONFIG_MTD_SPLIT_FIRMWARE_NAME #else -@@ -1122,6 +1156,61 @@ void mtd_part_parser_cleanup(struct mtd_ +@@ -1077,6 +1111,61 @@ void mtd_part_parser_cleanup(struct mtd_ } } diff --git a/target/linux/generic/pending-4.19/402-mtd-use-typed-mtd-parsers-for-rootfs-and-firmware-split.patch b/target/linux/generic/pending-4.19/402-mtd-use-typed-mtd-parsers-for-rootfs-and-firmware-split.patch index e870663355..afe3ec7756 100644 --- a/target/linux/generic/pending-4.19/402-mtd-use-typed-mtd-parsers-for-rootfs-and-firmware-split.patch +++ b/target/linux/generic/pending-4.19/402-mtd-use-typed-mtd-parsers-for-rootfs-and-firmware-split.patch @@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos --- a/drivers/mtd/mtdpart.c +++ b/drivers/mtd/mtdpart.c -@@ -793,6 +793,7 @@ run_parsers_by_type(struct mtd_part *sla +@@ -745,6 +745,7 @@ run_parsers_by_type(struct mtd_part *sla static void split_firmware(struct mtd_info *master, struct mtd_part *part) { @@ -18,7 +18,7 @@ Signed-off-by: Gabor Juhos } static void mtd_partition_split(struct mtd_info *master, struct mtd_part *part) -@@ -802,6 +803,12 @@ static void mtd_partition_split(struct m +@@ -754,6 +755,12 @@ static void mtd_partition_split(struct m if (rootfs_found) return; diff --git a/target/linux/generic/pending-4.19/403-mtd-hook-mtdsplit-to-Kbuild.patch b/target/linux/generic/pending-4.19/403-mtd-hook-mtdsplit-to-Kbuild.patch index 89c202bc0d..60cf043e9b 100644 --- a/target/linux/generic/pending-4.19/403-mtd-hook-mtdsplit-to-Kbuild.patch +++ b/target/linux/generic/pending-4.19/403-mtd-hook-mtdsplit-to-Kbuild.patch @@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos --- a/drivers/mtd/Kconfig +++ b/drivers/mtd/Kconfig -@@ -27,6 +27,8 @@ config MTD_SPLIT_FIRMWARE_NAME +@@ -26,6 +26,8 @@ config MTD_SPLIT_FIRMWARE_NAME depends on MTD_SPLIT_FIRMWARE default "firmware" diff --git a/target/linux/generic/pending-4.19/404-mtd-add-more-helper-functions.patch b/target/linux/generic/pending-4.19/404-mtd-add-more-helper-functions.patch index 94c59df01d..f50d933e1b 100644 --- a/target/linux/generic/pending-4.19/404-mtd-add-more-helper-functions.patch +++ b/target/linux/generic/pending-4.19/404-mtd-add-more-helper-functions.patch @@ -11,7 +11,7 @@ Signed-off-by: Gabor Juhos --- a/drivers/mtd/mtdpart.c +++ b/drivers/mtd/mtdpart.c -@@ -1235,6 +1235,24 @@ int mtd_is_partition(const struct mtd_in +@@ -1190,6 +1190,24 @@ int mtd_is_partition(const struct mtd_in } EXPORT_SYMBOL_GPL(mtd_is_partition); @@ -38,8 +38,8 @@ Signed-off-by: Gabor Juhos { --- a/include/linux/mtd/mtd.h +++ b/include/linux/mtd/mtd.h -@@ -494,6 +494,24 @@ static inline uint32_t mtd_mod_by_eb(uin - return do_div(sz, mtd->erasesize); +@@ -507,6 +507,24 @@ static inline void mtd_align_erase_req(s + req->len += mtd->erasesize - mod; } +static inline uint64_t mtd_roundup_to_eb(uint64_t sz, struct mtd_info *mtd) diff --git a/target/linux/generic/pending-4.19/411-mtd-partial_eraseblock_write.patch b/target/linux/generic/pending-4.19/411-mtd-partial_eraseblock_write.patch index 3b862dae61..978d6a6f7b 100644 --- a/target/linux/generic/pending-4.19/411-mtd-partial_eraseblock_write.patch +++ b/target/linux/generic/pending-4.19/411-mtd-partial_eraseblock_write.patch @@ -19,95 +19,86 @@ Signed-off-by: Felix Fietkau /* Our partition linked list */ static LIST_HEAD(mtd_partitions); static DEFINE_MUTEX(mtd_partitions_mutex); -@@ -255,13 +257,61 @@ static int part_erase(struct mtd_info *m +@@ -221,6 +223,53 @@ static int part_erase(struct mtd_info *m + { struct mtd_part *part = mtd_to_part(mtd); int ret; - ++ size_t wrlen = 0; ++ u8 *erase_buf = NULL; ++ u32 erase_buf_ofs = 0; ++ bool partial_start = false; + -+ instr->partial_start = false; + if (mtd->flags & MTD_ERASE_PARTIAL) { + size_t readlen = 0; + u64 mtd_ofs; + -+ instr->erase_buf = kmalloc(part->parent->erasesize, GFP_ATOMIC); -+ if (!instr->erase_buf) ++ erase_buf = kmalloc(part->parent->erasesize, GFP_ATOMIC); ++ if (!erase_buf) + return -ENOMEM; + + mtd_ofs = part->offset + instr->addr; -+ instr->erase_buf_ofs = do_div(mtd_ofs, part->parent->erasesize); ++ erase_buf_ofs = do_div(mtd_ofs, part->parent->erasesize); + -+ if (instr->erase_buf_ofs > 0) { -+ instr->addr -= instr->erase_buf_ofs; ++ if (erase_buf_ofs > 0) { ++ instr->addr -= erase_buf_ofs; + ret = mtd_read(part->parent, + instr->addr + part->offset, + part->parent->erasesize, -+ &readlen, instr->erase_buf); ++ &readlen, erase_buf); + -+ instr->len += instr->erase_buf_ofs; -+ instr->partial_start = true; ++ instr->len += erase_buf_ofs; ++ partial_start = true; + } else { + mtd_ofs = part->offset + part->mtd.size; -+ instr->erase_buf_ofs = part->parent->erasesize - ++ erase_buf_ofs = part->parent->erasesize - + do_div(mtd_ofs, part->parent->erasesize); + -+ if (instr->erase_buf_ofs > 0) { -+ instr->len += instr->erase_buf_ofs; ++ if (erase_buf_ofs > 0) { ++ instr->len += erase_buf_ofs; + ret = mtd_read(part->parent, + part->offset + instr->addr + + instr->len - part->parent->erasesize, + part->parent->erasesize, &readlen, -+ instr->erase_buf); ++ erase_buf); + } else { + ret = 0; + } + } + if (ret < 0) { -+ kfree(instr->erase_buf); ++ kfree(erase_buf); + return ret; + } + + } -+ + instr->addr += part->offset; ret = part->parent->_erase(part->parent, instr); - if (ret) { - if (instr->fail_addr != MTD_FAIL_ADDR_UNKNOWN) - instr->fail_addr -= part->offset; - instr->addr -= part->offset; -+ if (mtd->flags & MTD_ERASE_PARTIAL) -+ kfree(instr->erase_buf); - } +@@ -228,6 +277,24 @@ static int part_erase(struct mtd_info *m + instr->fail_addr -= part->offset; + instr->addr -= part->offset; + ++ if (mtd->flags & MTD_ERASE_PARTIAL) { ++ if (partial_start) { ++ part->parent->_write(part->parent, ++ instr->addr, erase_buf_ofs, ++ &wrlen, erase_buf); ++ instr->addr += erase_buf_ofs; ++ } else { ++ instr->len -= erase_buf_ofs; ++ part->parent->_write(part->parent, ++ instr->addr + instr->len, ++ erase_buf_ofs, &wrlen, ++ erase_buf + ++ part->parent->erasesize - ++ erase_buf_ofs); ++ } ++ kfree(erase_buf); ++ } + return ret; } -@@ -269,6 +319,25 @@ void mtd_erase_callback(struct erase_inf - { - if (instr->mtd->_erase == part_erase) { - struct mtd_part *part = mtd_to_part(instr->mtd); -+ size_t wrlen = 0; -+ -+ if (instr->mtd->flags & MTD_ERASE_PARTIAL) { -+ if (instr->partial_start) { -+ part->parent->_write(part->parent, -+ instr->addr, instr->erase_buf_ofs, -+ &wrlen, instr->erase_buf); -+ instr->addr += instr->erase_buf_ofs; -+ } else { -+ instr->len -= instr->erase_buf_ofs; -+ part->parent->_write(part->parent, -+ instr->addr + instr->len, -+ instr->erase_buf_ofs, &wrlen, -+ instr->erase_buf + -+ part->parent->erasesize - -+ instr->erase_buf_ofs); -+ } -+ kfree(instr->erase_buf); -+ } - - if (instr->fail_addr != MTD_FAIL_ADDR_UNKNOWN) - instr->fail_addr -= part->offset; -@@ -584,19 +653,22 @@ static struct mtd_part *allocate_partiti +@@ -536,19 +603,22 @@ static struct mtd_part *allocate_partiti remainder = do_div(tmp, wr_alignment); if ((slave->mtd.flags & MTD_WRITEABLE) && remainder) { /* Doesn't start on a boundary of major erase size */ @@ -139,16 +130,3 @@ Signed-off-by: Felix Fietkau } mtd_set_ooblayout(&slave->mtd, &part_ooblayout_ops); ---- a/include/linux/mtd/mtd.h -+++ b/include/linux/mtd/mtd.h -@@ -56,6 +56,10 @@ struct erase_info { - u_long priv; - u_char state; - struct erase_info *next; -+ -+ u8 *erase_buf; -+ u32 erase_buf_ofs; -+ bool partial_start; - }; - - struct mtd_erase_region_info { diff --git a/target/linux/generic/pending-4.19/412-mtd-partial_eraseblock_unlock.patch b/target/linux/generic/pending-4.19/412-mtd-partial_eraseblock_unlock.patch index 3ac3496c69..e038c4e60c 100644 --- a/target/linux/generic/pending-4.19/412-mtd-partial_eraseblock_unlock.patch +++ b/target/linux/generic/pending-4.19/412-mtd-partial_eraseblock_unlock.patch @@ -20,7 +20,7 @@ Signed-off-by: Tim Harvey --- a/drivers/mtd/mtdpart.c +++ b/drivers/mtd/mtdpart.c -@@ -357,7 +357,16 @@ static int part_lock(struct mtd_info *mt +@@ -307,7 +307,16 @@ static int part_lock(struct mtd_info *mt static int part_unlock(struct mtd_info *mtd, loff_t ofs, uint64_t len) { struct mtd_part *part = mtd_to_part(mtd); diff --git a/target/linux/generic/pending-4.19/430-mtd-add-myloader-partition-parser.patch b/target/linux/generic/pending-4.19/430-mtd-add-myloader-partition-parser.patch index 889c452057..bd49893dd8 100644 --- a/target/linux/generic/pending-4.19/430-mtd-add-myloader-partition-parser.patch +++ b/target/linux/generic/pending-4.19/430-mtd-add-myloader-partition-parser.patch @@ -12,7 +12,7 @@ Signed-off-by: Florian Fainelli --- a/drivers/mtd/Kconfig +++ b/drivers/mtd/Kconfig -@@ -178,6 +178,22 @@ menu "Partition parsers" +@@ -177,6 +177,22 @@ menu "Partition parsers" source "drivers/mtd/parsers/Kconfig" endmenu diff --git a/target/linux/generic/pending-4.19/440-block2mtd_init.patch b/target/linux/generic/pending-4.19/440-block2mtd_init.patch index 8834788732..b8ec11f3dd 100644 --- a/target/linux/generic/pending-4.19/440-block2mtd_init.patch +++ b/target/linux/generic/pending-4.19/440-block2mtd_init.patch @@ -16,7 +16,7 @@ Signed-off-by: Felix Fietkau #include #include #include -@@ -219,7 +220,7 @@ static void block2mtd_free_device(struct +@@ -214,7 +215,7 @@ static void block2mtd_free_device(struct static struct block2mtd_dev *add_device(char *devname, int erase_size, @@ -25,15 +25,15 @@ Signed-off-by: Felix Fietkau { #ifndef MODULE int i; -@@ -227,6 +228,7 @@ static struct block2mtd_dev *add_device( +@@ -222,6 +223,7 @@ static struct block2mtd_dev *add_device( const fmode_t mode = FMODE_READ | FMODE_WRITE | FMODE_EXCL; - struct block_device *bdev = ERR_PTR(-ENODEV); + struct block_device *bdev; struct block2mtd_dev *dev; + struct mtd_partition *part; char *name; if (!devname) -@@ -283,13 +285,16 @@ static struct block2mtd_dev *add_device( +@@ -278,13 +280,16 @@ static struct block2mtd_dev *add_device( /* Setup the MTD structure */ /* make the name contain the block device in */ @@ -52,7 +52,7 @@ Signed-off-by: Felix Fietkau dev->mtd.erasesize = erase_size; dev->mtd.writesize = 1; dev->mtd.writebufsize = PAGE_SIZE; -@@ -302,7 +307,11 @@ static struct block2mtd_dev *add_device( +@@ -297,7 +302,11 @@ static struct block2mtd_dev *add_device( dev->mtd.priv = dev; dev->mtd.owner = THIS_MODULE; @@ -65,7 +65,7 @@ Signed-off-by: Felix Fietkau /* Device didn't get added, so free the entry */ goto err_destroy_mutex; } -@@ -310,8 +319,7 @@ static struct block2mtd_dev *add_device( +@@ -305,8 +314,7 @@ static struct block2mtd_dev *add_device( list_add(&dev->list, &blkmtd_device_list); pr_info("mtd%d: [%s] erase_size = %dKiB [%d]\n", dev->mtd.index, @@ -75,7 +75,7 @@ Signed-off-by: Felix Fietkau return dev; err_destroy_mutex: -@@ -384,7 +392,7 @@ static int block2mtd_setup2(const char * +@@ -379,7 +387,7 @@ static int block2mtd_setup2(const char * /* 80 for device, 12 for erase size, 80 for name, 8 for timeout */ char buf[80 + 12 + 80 + 8]; char *str = buf; @@ -84,7 +84,7 @@ Signed-off-by: Felix Fietkau char *name; size_t erase_size = PAGE_SIZE; unsigned long timeout = MTD_DEFAULT_TIMEOUT; -@@ -398,7 +406,7 @@ static int block2mtd_setup2(const char * +@@ -393,7 +401,7 @@ static int block2mtd_setup2(const char * strcpy(str, val); kill_final_newline(str); @@ -93,7 +93,7 @@ Signed-off-by: Felix Fietkau token[i] = strsep(&str, ","); if (str) { -@@ -424,8 +432,10 @@ static int block2mtd_setup2(const char * +@@ -419,8 +427,10 @@ static int block2mtd_setup2(const char * return 0; } } @@ -105,7 +105,7 @@ Signed-off-by: Felix Fietkau return 0; } -@@ -459,7 +469,7 @@ static int block2mtd_setup(const char *v +@@ -454,7 +464,7 @@ static int block2mtd_setup(const char *v module_param_call(block2mtd, block2mtd_setup, NULL, NULL, 0200); diff --git a/target/linux/generic/pending-4.19/441-block2mtd_probe.patch b/target/linux/generic/pending-4.19/441-block2mtd_probe.patch index fee970ab61..7e974e01ed 100644 --- a/target/linux/generic/pending-4.19/441-block2mtd_probe.patch +++ b/target/linux/generic/pending-4.19/441-block2mtd_probe.patch @@ -8,7 +8,7 @@ Signed-off-by: Felix Fietkau --- a/drivers/mtd/devices/block2mtd.c +++ b/drivers/mtd/devices/block2mtd.c -@@ -392,7 +392,7 @@ static int block2mtd_setup2(const char * +@@ -387,7 +387,7 @@ static int block2mtd_setup2(const char * /* 80 for device, 12 for erase size, 80 for name, 8 for timeout */ char buf[80 + 12 + 80 + 8]; char *str = buf; @@ -17,7 +17,7 @@ Signed-off-by: Felix Fietkau char *name; size_t erase_size = PAGE_SIZE; unsigned long timeout = MTD_DEFAULT_TIMEOUT; -@@ -406,7 +406,7 @@ static int block2mtd_setup2(const char * +@@ -401,7 +401,7 @@ static int block2mtd_setup2(const char * strcpy(str, val); kill_final_newline(str); @@ -26,7 +26,7 @@ Signed-off-by: Felix Fietkau token[i] = strsep(&str, ","); if (str) { -@@ -435,6 +435,9 @@ static int block2mtd_setup2(const char * +@@ -430,6 +430,9 @@ static int block2mtd_setup2(const char * if (token[2] && (strlen(token[2]) + 1 > 80)) pr_err("mtd device name too long\n"); @@ -36,7 +36,7 @@ Signed-off-by: Felix Fietkau add_device(name, erase_size, token[2], timeout); return 0; -@@ -469,7 +472,7 @@ static int block2mtd_setup(const char *v +@@ -464,7 +467,7 @@ static int block2mtd_setup(const char *v module_param_call(block2mtd, block2mtd_setup, NULL, NULL, 0200); diff --git a/target/linux/generic/pending-4.19/450-mtd-m25p80-allow-fallback-from-spi_flash_read-to-reg.patch b/target/linux/generic/pending-4.19/450-mtd-m25p80-allow-fallback-from-spi_flash_read-to-reg.patch deleted file mode 100644 index accd63df58..0000000000 --- a/target/linux/generic/pending-4.19/450-mtd-m25p80-allow-fallback-from-spi_flash_read-to-reg.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: Felix Fietkau -Date: Fri, 23 Feb 2018 17:12:16 +0100 -Subject: [PATCH] mtd: m25p80: allow fallback from spi_flash_read to regular - SPI transfer - -Some flash controllers, e.g. on the ath79 platform can support a fast -flash read via memory mapping, but only if the flash chip is in -3-byte address mode. - -Since spi_flash_read_supported does not have access to the same data as -spi_flash_read, the driver can't detect an unsupported call until m25p80 -has decided to use spi_flash_read. - -Allow the driver to indicate a fallback to a regular SPI transfer by -returning -EOPNOTSUPP - -Signed-off-by: Felix Fietkau ---- - ---- a/drivers/mtd/devices/m25p80.c -+++ b/drivers/mtd/devices/m25p80.c -@@ -170,9 +170,11 @@ static ssize_t m25p80_read(struct spi_no - msg.data_nbits = data_nbits; - - ret = spi_flash_read(spi, &msg); -- if (ret < 0) -- return ret; -- return msg.retlen; -+ if (ret != -EOPNOTSUPP) { -+ if (ret < 0) -+ return ret; -+ return msg.retlen; -+ } - } - - spi_message_init(&m); diff --git a/target/linux/generic/pending-4.19/450-mtd-spi-nor-allow-NOR-driver-to-write-fewer-bytes-th.patch b/target/linux/generic/pending-4.19/450-mtd-spi-nor-allow-NOR-driver-to-write-fewer-bytes-th.patch index 571c9b885f..ecc3ea1de6 100644 --- a/target/linux/generic/pending-4.19/450-mtd-spi-nor-allow-NOR-driver-to-write-fewer-bytes-th.patch +++ b/target/linux/generic/pending-4.19/450-mtd-spi-nor-allow-NOR-driver-to-write-fewer-bytes-th.patch @@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau --- a/drivers/mtd/spi-nor/spi-nor.c +++ b/drivers/mtd/spi-nor/spi-nor.c -@@ -1377,7 +1377,7 @@ static int spi_nor_write(struct mtd_info +@@ -1455,7 +1455,7 @@ static int spi_nor_write(struct mtd_info write_enable(nor); ret = nor->write(nor, addr, page_remain, buf + i); @@ -20,7 +20,7 @@ Signed-off-by: Felix Fietkau goto write_err; written = ret; -@@ -1386,13 +1386,6 @@ static int spi_nor_write(struct mtd_info +@@ -1464,13 +1464,6 @@ static int spi_nor_write(struct mtd_info goto write_err; *retlen += written; i += written; diff --git a/target/linux/generic/pending-4.19/460-mtd-cfi_cmdset_0002-no-erase_suspend.patch b/target/linux/generic/pending-4.19/460-mtd-cfi_cmdset_0002-no-erase_suspend.patch index 41f9d31cb0..88d386302a 100644 --- a/target/linux/generic/pending-4.19/460-mtd-cfi_cmdset_0002-no-erase_suspend.patch +++ b/target/linux/generic/pending-4.19/460-mtd-cfi_cmdset_0002-no-erase_suspend.patch @@ -14,7 +14,7 @@ Signed-off-by: Felix Fietkau --- a/drivers/mtd/chips/cfi_cmdset_0002.c +++ b/drivers/mtd/chips/cfi_cmdset_0002.c -@@ -811,7 +811,7 @@ static int get_chip(struct map_info *map +@@ -812,7 +812,7 @@ static int get_chip(struct map_info *map return 0; case FL_ERASING: diff --git a/target/linux/generic/pending-4.19/461-mtd-cfi_cmdset_0002-add-buffer-write-cmd-timeout.patch b/target/linux/generic/pending-4.19/461-mtd-cfi_cmdset_0002-add-buffer-write-cmd-timeout.patch index ed84c69744..f4ba5b72f7 100644 --- a/target/linux/generic/pending-4.19/461-mtd-cfi_cmdset_0002-add-buffer-write-cmd-timeout.patch +++ b/target/linux/generic/pending-4.19/461-mtd-cfi_cmdset_0002-add-buffer-write-cmd-timeout.patch @@ -7,7 +7,7 @@ Signed-off-by: George Kashperko 1 file changed, 1 insertion(+) --- a/drivers/mtd/chips/cfi_cmdset_0002.c +++ b/drivers/mtd/chips/cfi_cmdset_0002.c -@@ -1833,6 +1833,7 @@ static int __xipram do_write_buffer(stru +@@ -1832,6 +1832,7 @@ static int __xipram do_write_buffer(stru /* Write Buffer Load */ map_write(map, CMD(0x25), cmd_adr); diff --git a/target/linux/generic/pending-4.19/465-m25p80-mx-disable-software-protection.patch b/target/linux/generic/pending-4.19/465-m25p80-mx-disable-software-protection.patch index b41710276f..fa25c65564 100644 --- a/target/linux/generic/pending-4.19/465-m25p80-mx-disable-software-protection.patch +++ b/target/linux/generic/pending-4.19/465-m25p80-mx-disable-software-protection.patch @@ -8,11 +8,11 @@ Signed-off-by: Felix Fietkau --- a/drivers/mtd/spi-nor/spi-nor.c +++ b/drivers/mtd/spi-nor/spi-nor.c -@@ -2714,6 +2714,7 @@ int spi_nor_scan(struct spi_nor *nor, co - - if (JEDEC_MFR(info) == SNOR_MFR_ATMEL || - JEDEC_MFR(info) == SNOR_MFR_INTEL || -+ JEDEC_MFR(info) == SNOR_MFR_MACRONIX || - JEDEC_MFR(info) == SNOR_MFR_SST || - info->flags & SPI_NOR_HAS_LOCK) { +@@ -2733,6 +2733,7 @@ static int spi_nor_init(struct spi_nor * + */ + if (JEDEC_MFR(nor->info) == SNOR_MFR_ATMEL || + JEDEC_MFR(nor->info) == SNOR_MFR_INTEL || ++ JEDEC_MFR(nor->info) == SNOR_MFR_MACRONIX || + JEDEC_MFR(nor->info) == SNOR_MFR_SST || + nor->info->flags & SPI_NOR_HAS_LOCK) { write_enable(nor); diff --git a/target/linux/generic/pending-4.19/466-Revert-mtd-spi-nor-fix-Spansion-regressions-aliased-.patch b/target/linux/generic/pending-4.19/466-Revert-mtd-spi-nor-fix-Spansion-regressions-aliased-.patch index 55d9709761..dcb86f69bf 100644 --- a/target/linux/generic/pending-4.19/466-Revert-mtd-spi-nor-fix-Spansion-regressions-aliased-.patch +++ b/target/linux/generic/pending-4.19/466-Revert-mtd-spi-nor-fix-Spansion-regressions-aliased-.patch @@ -17,15 +17,15 @@ Signed-off-by: Matthias Schiffer --- a/drivers/mtd/spi-nor/spi-nor.c +++ b/drivers/mtd/spi-nor/spi-nor.c -@@ -2716,6 +2716,7 @@ int spi_nor_scan(struct spi_nor *nor, co - JEDEC_MFR(info) == SNOR_MFR_INTEL || - JEDEC_MFR(info) == SNOR_MFR_MACRONIX || - JEDEC_MFR(info) == SNOR_MFR_SST || -+ JEDEC_MFR(info) == SNOR_MFR_WINBOND || - info->flags & SPI_NOR_HAS_LOCK) { +@@ -2735,6 +2735,7 @@ static int spi_nor_init(struct spi_nor * + JEDEC_MFR(nor->info) == SNOR_MFR_INTEL || + JEDEC_MFR(nor->info) == SNOR_MFR_MACRONIX || + JEDEC_MFR(nor->info) == SNOR_MFR_SST || ++ JEDEC_MFR(nor->info) == SNOR_MFR_WINBOND || + nor->info->flags & SPI_NOR_HAS_LOCK) { write_enable(nor); write_sr(nor, 0); -@@ -2734,7 +2735,8 @@ int spi_nor_scan(struct spi_nor *nor, co +@@ -2871,7 +2872,8 @@ int spi_nor_scan(struct spi_nor *nor, co /* NOR protection support for STmicro/Micron chips and similar */ if (JEDEC_MFR(info) == SNOR_MFR_MICRON || diff --git a/target/linux/generic/pending-4.19/470-mtd-spi-nor-support-limiting-4K-sectors-support-base.patch b/target/linux/generic/pending-4.19/470-mtd-spi-nor-support-limiting-4K-sectors-support-base.patch index 231f9c21a4..2f6ef14b04 100644 --- a/target/linux/generic/pending-4.19/470-mtd-spi-nor-support-limiting-4K-sectors-support-base.patch +++ b/target/linux/generic/pending-4.19/470-mtd-spi-nor-support-limiting-4K-sectors-support-base.patch @@ -39,7 +39,7 @@ Signed-off-by: Felix Fietkau depends on ARCH_AT91 || (ARM && COMPILE_TEST) --- a/drivers/mtd/spi-nor/spi-nor.c +++ b/drivers/mtd/spi-nor/spi-nor.c -@@ -2561,10 +2561,12 @@ static int spi_nor_select_erase(struct s +@@ -2647,10 +2647,12 @@ static int spi_nor_select_erase(struct s #ifdef CONFIG_MTD_SPI_NOR_USE_4K_SECTORS /* prefer "small sector" erase if possible */ diff --git a/target/linux/generic/pending-4.19/475-mtd-spi-nor-Add-Winbond-w25q128jv-support.patch b/target/linux/generic/pending-4.19/475-mtd-spi-nor-Add-Winbond-w25q128jv-support.patch index f751bfd3b2..8b5dc4eb01 100644 --- a/target/linux/generic/pending-4.19/475-mtd-spi-nor-Add-Winbond-w25q128jv-support.patch +++ b/target/linux/generic/pending-4.19/475-mtd-spi-nor-Add-Winbond-w25q128jv-support.patch @@ -20,7 +20,7 @@ Changes in v2: --- a/drivers/mtd/spi-nor/spi-nor.c +++ b/drivers/mtd/spi-nor/spi-nor.c -@@ -1165,6 +1165,11 @@ static const struct flash_info spi_nor_i +@@ -1239,6 +1239,11 @@ static const struct flash_info spi_nor_i SECT_4K | SPI_NOR_DUAL_READ | SPI_NOR_QUAD_READ | SPI_NOR_HAS_LOCK | SPI_NOR_HAS_TB) }, diff --git a/target/linux/generic/pending-4.19/476-mtd-spi-nor-add-eon-en25q128.patch b/target/linux/generic/pending-4.19/476-mtd-spi-nor-add-eon-en25q128.patch index ac1fda5159..69ac17ce4c 100644 --- a/target/linux/generic/pending-4.19/476-mtd-spi-nor-add-eon-en25q128.patch +++ b/target/linux/generic/pending-4.19/476-mtd-spi-nor-add-eon-en25q128.patch @@ -8,11 +8,11 @@ Signed-off-by: Piotr Dymacz --- a/drivers/mtd/spi-nor/spi-nor.c +++ b/drivers/mtd/spi-nor/spi-nor.c -@@ -954,6 +954,7 @@ static const struct flash_info spi_nor_i +@@ -994,6 +994,7 @@ static const struct flash_info spi_nor_i { "en25q32b", INFO(0x1c3016, 0, 64 * 1024, 64, 0) }, { "en25p64", INFO(0x1c2017, 0, 64 * 1024, 128, 0) }, { "en25q64", INFO(0x1c3017, 0, 64 * 1024, 128, SECT_4K) }, + { "en25q128", INFO(0x1c3018, 0, 64 * 1024, 256, SECT_4K) }, + { "en25qh32", INFO(0x1c7016, 0, 64 * 1024, 64, 0) }, { "en25qh128", INFO(0x1c7018, 0, 64 * 1024, 256, 0) }, { "en25qh256", INFO(0x1c7019, 0, 64 * 1024, 512, 0) }, - { "en25s64", INFO(0x1c3817, 0, 64 * 1024, 128, SECT_4K) }, diff --git a/target/linux/generic/pending-4.19/477-mtd-add-spi-nor-add-mx25u3235f.patch b/target/linux/generic/pending-4.19/477-mtd-add-spi-nor-add-mx25u3235f.patch index 2d94959c5c..0648b12e12 100644 --- a/target/linux/generic/pending-4.19/477-mtd-add-spi-nor-add-mx25u3235f.patch +++ b/target/linux/generic/pending-4.19/477-mtd-add-spi-nor-add-mx25u3235f.patch @@ -8,7 +8,7 @@ Signed-off-by: André Valentin --- a/drivers/mtd/spi-nor/spi-nor.c +++ b/drivers/mtd/spi-nor/spi-nor.c -@@ -1022,6 +1022,7 @@ static const struct flash_info spi_nor_i +@@ -1083,6 +1083,7 @@ static const struct flash_info spi_nor_i { "mx25l3205d", INFO(0xc22016, 0, 64 * 1024, 64, SECT_4K) }, { "mx25l3255e", INFO(0xc29e16, 0, 64 * 1024, 64, SECT_4K) }, { "mx25l6405d", INFO(0xc22017, 0, 64 * 1024, 128, SECT_4K) }, diff --git a/target/linux/generic/pending-4.19/478-mtd-spi-nor-Add-support-for-XM25QH64A-and-XM25QH128A.patch b/target/linux/generic/pending-4.19/478-mtd-spi-nor-Add-support-for-XM25QH64A-and-XM25QH128A.patch deleted file mode 100644 index 4ecf53621d..0000000000 --- a/target/linux/generic/pending-4.19/478-mtd-spi-nor-Add-support-for-XM25QH64A-and-XM25QH128A.patch +++ /dev/null @@ -1,30 +0,0 @@ -From b02f3405c935a28200db26b63e42086057565cf4 Mon Sep 17 00:00:00 2001 -From: Hauke Mehrtens -Date: Sat, 31 Mar 2018 20:09:54 +0200 -Subject: [PATCH] mtd: spi-nor: Add support for XM25QH64A and XM25QH128A - -These devices are produced by Wuhan Xinxin Semiconductor Manufacturing -Corp. (XMC) and found on some routers from Chinese manufactures. - -The data sheets can be found here: -http://www.xmcwh.com/Uploads/2018-03-01/5a9799e4cb355.pdf -http://www.xmcwh.com/Uploads/2018-02-05/5a77e6dbe968b.pdf - -Signed-off-by: Hauke Mehrtens ---- - drivers/mtd/spi-nor/spi-nor.c | 4 ++++ - 1 file changed, 4 insertions(+) - ---- a/drivers/mtd/spi-nor/spi-nor.c -+++ b/drivers/mtd/spi-nor/spi-nor.c -@@ -1192,6 +1192,10 @@ static const struct flash_info spi_nor_i - { "3S400AN", S3AN_INFO(0x1f2400, 256, 264) }, - { "3S700AN", S3AN_INFO(0x1f2500, 512, 264) }, - { "3S1400AN", S3AN_INFO(0x1f2600, 512, 528) }, -+ -+ /* XMC (Wuhan Xinxin Semiconductor Manufacturing Corp.) */ -+ { "XM25QH64A", INFO(0x207017, 0, 64 * 1024, 128, SECT_4K | SPI_NOR_DUAL_READ | SPI_NOR_QUAD_READ) }, -+ { "XM25QH128A", INFO(0x207018, 0, 64 * 1024, 256, SECT_4K | SPI_NOR_DUAL_READ | SPI_NOR_QUAD_READ) }, - { }, - }; - diff --git a/target/linux/generic/pending-4.19/479-mtd-spi-nor-add-eon-en25qh32.patch b/target/linux/generic/pending-4.19/479-mtd-spi-nor-add-eon-en25qh32.patch deleted file mode 100644 index b8d5101514..0000000000 --- a/target/linux/generic/pending-4.19/479-mtd-spi-nor-add-eon-en25qh32.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/drivers/mtd/spi-nor/spi-nor.c -+++ b/drivers/mtd/spi-nor/spi-nor.c -@@ -955,6 +955,7 @@ static const struct flash_info spi_nor_i - { "en25p64", INFO(0x1c2017, 0, 64 * 1024, 128, 0) }, - { "en25q64", INFO(0x1c3017, 0, 64 * 1024, 128, SECT_4K) }, - { "en25q128", INFO(0x1c3018, 0, 64 * 1024, 256, SECT_4K) }, -+ { "en25qh32", INFO(0x1c7016, 0, 64 * 1024, 64, 0) }, - { "en25qh128", INFO(0x1c7018, 0, 64 * 1024, 256, 0) }, - { "en25qh256", INFO(0x1c7019, 0, 64 * 1024, 512, 0) }, - { "en25s64", INFO(0x1c3817, 0, 64 * 1024, 128, SECT_4K) }, diff --git a/target/linux/generic/pending-4.19/480-mtd-set-rootfs-to-be-root-dev.patch b/target/linux/generic/pending-4.19/480-mtd-set-rootfs-to-be-root-dev.patch index 6cddaf01b7..dce0432fac 100644 --- a/target/linux/generic/pending-4.19/480-mtd-set-rootfs-to-be-root-dev.patch +++ b/target/linux/generic/pending-4.19/480-mtd-set-rootfs-to-be-root-dev.patch @@ -20,7 +20,7 @@ Signed-off-by: Gabor Juhos #include #include -@@ -578,6 +579,15 @@ int add_mtd_device(struct mtd_info *mtd) +@@ -593,6 +594,15 @@ int add_mtd_device(struct mtd_info *mtd) of this try_ nonsense, and no bitching about it either. :) */ __module_get(THIS_MODULE); diff --git a/target/linux/generic/pending-4.19/490-ubi-auto-attach-mtd-device-named-ubi-or-data-on-boot.patch b/target/linux/generic/pending-4.19/490-ubi-auto-attach-mtd-device-named-ubi-or-data-on-boot.patch index 992aa4662e..79d18d036f 100644 --- a/target/linux/generic/pending-4.19/490-ubi-auto-attach-mtd-device-named-ubi-or-data-on-boot.patch +++ b/target/linux/generic/pending-4.19/490-ubi-auto-attach-mtd-device-named-ubi-or-data-on-boot.patch @@ -8,7 +8,7 @@ Signed-off-by: Daniel Golle --- a/drivers/mtd/ubi/build.c +++ b/drivers/mtd/ubi/build.c -@@ -1172,6 +1172,73 @@ static struct mtd_info * __init open_mtd +@@ -1181,6 +1181,73 @@ static struct mtd_info * __init open_mtd return mtd; } @@ -82,7 +82,7 @@ Signed-off-by: Daniel Golle static int __init ubi_init(void) { int err, i, k; -@@ -1255,6 +1322,12 @@ static int __init ubi_init(void) +@@ -1264,6 +1331,12 @@ static int __init ubi_init(void) } } diff --git a/target/linux/generic/pending-4.19/492-try-auto-mounting-ubi0-rootfs-in-init-do_mounts.c.patch b/target/linux/generic/pending-4.19/492-try-auto-mounting-ubi0-rootfs-in-init-do_mounts.c.patch index 3c82a064eb..b76e83e4a3 100644 --- a/target/linux/generic/pending-4.19/492-try-auto-mounting-ubi0-rootfs-in-init-do_mounts.c.patch +++ b/target/linux/generic/pending-4.19/492-try-auto-mounting-ubi0-rootfs-in-init-do_mounts.c.patch @@ -8,7 +8,7 @@ Signed-off-by: Daniel Golle --- a/init/do_mounts.c +++ b/init/do_mounts.c -@@ -437,7 +437,28 @@ retry: +@@ -427,7 +427,28 @@ retry: out: put_page(page); } @@ -38,7 +38,7 @@ Signed-off-by: Daniel Golle #ifdef CONFIG_ROOT_NFS #define NFSROOT_TIMEOUT_MIN 5 -@@ -531,6 +552,10 @@ void __init mount_root(void) +@@ -521,6 +542,10 @@ void __init mount_root(void) change_floppy("root floppy"); } #endif diff --git a/target/linux/generic/pending-4.19/494-mtd-ubi-add-EOF-marker-support.patch b/target/linux/generic/pending-4.19/494-mtd-ubi-add-EOF-marker-support.patch index a3b58dd66f..e38f11e592 100644 --- a/target/linux/generic/pending-4.19/494-mtd-ubi-add-EOF-marker-support.patch +++ b/target/linux/generic/pending-4.19/494-mtd-ubi-add-EOF-marker-support.patch @@ -50,7 +50,7 @@ Signed-off-by: Gabor Juhos break; --- a/drivers/mtd/ubi/ubi.h +++ b/drivers/mtd/ubi/ubi.h -@@ -785,6 +785,7 @@ struct ubi_attach_info { +@@ -789,6 +789,7 @@ struct ubi_attach_info { int mean_ec; uint64_t ec_sum; int ec_count; diff --git a/target/linux/generic/pending-4.19/495-mtd-core-add-get_mtd_device_by_node.patch b/target/linux/generic/pending-4.19/495-mtd-core-add-get_mtd_device_by_node.patch index 2886742d4d..1446ca2abc 100644 --- a/target/linux/generic/pending-4.19/495-mtd-core-add-get_mtd_device_by_node.patch +++ b/target/linux/generic/pending-4.19/495-mtd-core-add-get_mtd_device_by_node.patch @@ -17,7 +17,7 @@ Reviewed-by: Miquel Raynal --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c -@@ -924,6 +924,44 @@ out_unlock: +@@ -938,6 +938,44 @@ out_unlock: } EXPORT_SYMBOL_GPL(get_mtd_device_nm); @@ -64,7 +64,7 @@ Reviewed-by: Miquel Raynal mutex_lock(&mtd_table_mutex); --- a/include/linux/mtd/mtd.h +++ b/include/linux/mtd/mtd.h -@@ -580,6 +580,8 @@ extern struct mtd_info *get_mtd_device(s +@@ -589,6 +589,8 @@ extern struct mtd_info *get_mtd_device(s extern int __get_mtd_device(struct mtd_info *mtd); extern void __put_mtd_device(struct mtd_info *mtd); extern struct mtd_info *get_mtd_device_nm(const char *name); diff --git a/target/linux/generic/pending-4.19/497-mtd-mtdconcat-add-dt-driver-for-concat-devices.patch b/target/linux/generic/pending-4.19/497-mtd-mtdconcat-add-dt-driver-for-concat-devices.patch index 94acc883f3..6584e22882 100644 --- a/target/linux/generic/pending-4.19/497-mtd-mtdconcat-add-dt-driver-for-concat-devices.patch +++ b/target/linux/generic/pending-4.19/497-mtd-mtdconcat-add-dt-driver-for-concat-devices.patch @@ -43,7 +43,7 @@ Signed-off-by: Bernhard Frauendienst --- a/drivers/mtd/Kconfig +++ b/drivers/mtd/Kconfig -@@ -377,4 +377,6 @@ source "drivers/mtd/spi-nor/Kconfig" +@@ -374,4 +374,6 @@ source "drivers/mtd/spi-nor/Kconfig" source "drivers/mtd/ubi/Kconfig" diff --git a/target/linux/generic/pending-4.19/530-jffs2_make_lzma_available.patch b/target/linux/generic/pending-4.19/530-jffs2_make_lzma_available.patch index 4e1dfbe776..645b938f3a 100644 --- a/target/linux/generic/pending-4.19/530-jffs2_make_lzma_available.patch +++ b/target/linux/generic/pending-4.19/530-jffs2_make_lzma_available.patch @@ -38,7 +38,7 @@ Signed-off-by: Alexandros C. Couloumbis --- a/fs/jffs2/Kconfig +++ b/fs/jffs2/Kconfig -@@ -139,6 +139,15 @@ config JFFS2_LZO +@@ -135,6 +135,15 @@ config JFFS2_LZO This feature was added in July, 2007. Say 'N' if you need compatibility with older bootloaders or kernels. @@ -1087,7 +1087,7 @@ Signed-off-by: Alexandros C. Couloumbis #define JFFS2_NODE_ACCURATE 0x2000 --- a/lib/Kconfig +++ b/lib/Kconfig -@@ -259,6 +259,12 @@ config ZSTD_DECOMPRESS +@@ -278,6 +278,12 @@ config ZSTD_DECOMPRESS source "lib/xz/Kconfig" @@ -1119,7 +1119,7 @@ Signed-off-by: Alexandros C. Couloumbis ifdef CONFIG_FUNCTION_TRACER ORIG_CFLAGS := $(KBUILD_CFLAGS) KBUILD_CFLAGS = $(subst $(CC_FLAGS_FTRACE),,$(ORIG_CFLAGS)) -@@ -122,6 +132,8 @@ obj-$(CONFIG_ZSTD_COMPRESS) += zstd/ +@@ -128,6 +138,8 @@ obj-$(CONFIG_ZSTD_COMPRESS) += zstd/ obj-$(CONFIG_ZSTD_DECOMPRESS) += zstd/ obj-$(CONFIG_XZ_DEC) += xz/ obj-$(CONFIG_RAID6_PQ) += raid6/ diff --git a/target/linux/generic/pending-4.19/551-ubifs-fix-default-compression-selection.patch b/target/linux/generic/pending-4.19/551-ubifs-fix-default-compression-selection.patch index 4782fc9ed8..60d5619989 100644 --- a/target/linux/generic/pending-4.19/551-ubifs-fix-default-compression-selection.patch +++ b/target/linux/generic/pending-4.19/551-ubifs-fix-default-compression-selection.patch @@ -12,12 +12,12 @@ Signed-off-by: Gabor Juhos /* Default time granularity in nanoseconds */ #define DEFAULT_TIME_GRAN 1000000000 -+static int get_default_compressor(void) ++static int get_default_compressor(struct ubifs_info *c) +{ -+ if (ubifs_compr_present(UBIFS_COMPR_LZO)) ++ if (ubifs_compr_present(c, UBIFS_COMPR_LZO)) + return UBIFS_COMPR_LZO; + -+ if (ubifs_compr_present(UBIFS_COMPR_ZLIB)) ++ if (ubifs_compr_present(c, UBIFS_COMPR_ZLIB)) + return UBIFS_COMPR_ZLIB; + + return UBIFS_COMPR_NONE; @@ -31,7 +31,7 @@ Signed-off-by: Gabor Juhos sup->default_compr = cpu_to_le16(c->mount_opts.compr_type); else - sup->default_compr = cpu_to_le16(UBIFS_COMPR_LZO); -+ sup->default_compr = cpu_to_le16(get_default_compressor()); ++ sup->default_compr = cpu_to_le16(get_default_compressor(c)); generate_random_uuid(sup->uuid); diff --git a/target/linux/generic/pending-4.19/553-ubifs-Add-option-to-create-UBI-FS-version-4-on-empty.patch b/target/linux/generic/pending-4.19/553-ubifs-Add-option-to-create-UBI-FS-version-4-on-empty.patch index 4b413996f2..02c9b4c0fa 100644 --- a/target/linux/generic/pending-4.19/553-ubifs-Add-option-to-create-UBI-FS-version-4-on-empty.patch +++ b/target/linux/generic/pending-4.19/553-ubifs-Add-option-to-create-UBI-FS-version-4-on-empty.patch @@ -20,7 +20,7 @@ Signed-off-by: Hauke Mehrtens --- a/fs/ubifs/Kconfig +++ b/fs/ubifs/Kconfig -@@ -74,3 +74,16 @@ config UBIFS_FS_SECURITY +@@ -85,3 +85,16 @@ config UBIFS_FS_SECURITY the extended attribute support in advance. If you are not using a security module, say N. diff --git a/target/linux/generic/pending-4.19/600-netfilter_conntrack_flush.patch b/target/linux/generic/pending-4.19/600-netfilter_conntrack_flush.patch index 10da96b7ed..fa32f88e17 100644 --- a/target/linux/generic/pending-4.19/600-netfilter_conntrack_flush.patch +++ b/target/linux/generic/pending-4.19/600-netfilter_conntrack_flush.patch @@ -9,7 +9,7 @@ Signed-off-by: Felix Fietkau --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c -@@ -17,6 +17,7 @@ +@@ -9,6 +9,7 @@ #include #include #include @@ -17,8 +17,8 @@ Signed-off-by: Felix Fietkau #include #ifdef CONFIG_SYSCTL #include -@@ -381,10 +382,66 @@ static int ct_open(struct inode *inode, - sizeof(struct ct_iter_state)); +@@ -433,6 +434,56 @@ static int ct_cpu_seq_show(struct seq_fi + return 0; } +struct kill_request { @@ -44,13 +44,11 @@ Signed-off-by: Felix Fietkau + nf_inet_addr_cmp(&kr->addr, &t2->dst.u3)); +} + -+static ssize_t ct_file_write(struct file *file, const char __user *buf, -+ size_t count, loff_t *ppos) ++static int ct_file_write(struct file *file, char *buf, size_t count) +{ + struct seq_file *seq = file->private_data; + struct net *net = seq_file_net(seq); + struct kill_request kr = { }; -+ char req[INET6_ADDRSTRLEN] = { }; + + if (count == 0) + return 0; @@ -58,38 +56,33 @@ Signed-off-by: Felix Fietkau + if (count >= INET6_ADDRSTRLEN) + count = INET6_ADDRSTRLEN - 1; + -+ if (copy_from_user(req, buf, count)) -+ return -EFAULT; -+ -+ if (strnchr(req, count, ':')) { ++ if (strnchr(buf, count, ':')) { + kr.family = AF_INET6; -+ if (!in6_pton(req, count, (void *)&kr.addr, '\n', NULL)) ++ if (!in6_pton(buf, count, (void *)&kr.addr, '\n', NULL)) + return -EINVAL; -+ } else if (strnchr(req, count, '.')) { ++ } else if (strnchr(buf, count, '.')) { + kr.family = AF_INET; -+ if (!in4_pton(req, count, (void *)&kr.addr, '\n', NULL)) ++ if (!in4_pton(buf, count, (void *)&kr.addr, '\n', NULL)) + return -EINVAL; + } + + nf_ct_iterate_cleanup_net(net, kill_matching, &kr, 0, 0); + -+ return count; ++ return 0; +} + - static const struct file_operations ct_file_ops = { - .owner = THIS_MODULE, - .open = ct_open, - .read = seq_read, -+ .write = ct_file_write, - .llseek = seq_lseek, - .release = seq_release_net, - }; -@@ -488,7 +545,7 @@ static int nf_conntrack_standalone_init_ + static const struct seq_operations ct_cpu_seq_ops = { + .start = ct_cpu_seq_start, + .next = ct_cpu_seq_next, +@@ -446,8 +497,9 @@ static int nf_conntrack_standalone_init_ kuid_t root_uid; kgid_t root_gid; -- pde = proc_create("nf_conntrack", 0440, net->proc_net, &ct_file_ops); -+ pde = proc_create("nf_conntrack", 0660, net->proc_net, &ct_file_ops); +- pde = proc_create_net("nf_conntrack", 0440, net->proc_net, &ct_seq_ops, +- sizeof(struct ct_iter_state)); ++ pde = proc_create_net_data_write("nf_conntrack", 0440, net->proc_net, ++ &ct_seq_ops, &ct_file_write, ++ sizeof(struct ct_iter_state), NULL); if (!pde) goto out_nf_conntrack; diff --git a/target/linux/generic/pending-4.19/610-netfilter_match_bypass_default_checks.patch b/target/linux/generic/pending-4.19/610-netfilter_match_bypass_default_checks.patch index 2541230ff5..1691146825 100644 --- a/target/linux/generic/pending-4.19/610-netfilter_match_bypass_default_checks.patch +++ b/target/linux/generic/pending-4.19/610-netfilter_match_bypass_default_checks.patch @@ -19,7 +19,7 @@ Signed-off-by: Felix Fietkau #define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c -@@ -52,6 +52,9 @@ ip_packet_match(const struct iphdr *ip, +@@ -53,6 +53,9 @@ ip_packet_match(const struct iphdr *ip, { unsigned long ret; @@ -29,7 +29,7 @@ Signed-off-by: Felix Fietkau if (NF_INVF(ipinfo, IPT_INV_SRCIP, (ip->saddr & ipinfo->smsk.s_addr) != ipinfo->src.s_addr) || NF_INVF(ipinfo, IPT_INV_DSTIP, -@@ -82,6 +85,29 @@ ip_packet_match(const struct iphdr *ip, +@@ -83,6 +86,29 @@ ip_packet_match(const struct iphdr *ip, return true; } @@ -59,7 +59,7 @@ Signed-off-by: Felix Fietkau static bool ip_checkentry(const struct ipt_ip *ip) { -@@ -537,6 +563,8 @@ find_check_entry(struct ipt_entry *e, st +@@ -527,6 +553,8 @@ find_check_entry(struct ipt_entry *e, st struct xt_mtchk_param mtpar; struct xt_entry_match *ematch; @@ -68,7 +68,7 @@ Signed-off-by: Felix Fietkau if (!xt_percpu_counter_alloc(alloc_state, &e->counters)) return -ENOMEM; -@@ -818,6 +846,7 @@ copy_entries_to_user(unsigned int total_ +@@ -821,6 +849,7 @@ copy_entries_to_user(unsigned int total_ const struct xt_table_info *private = table->private; int ret = 0; const void *loc_cpu_entry; @@ -76,7 +76,7 @@ Signed-off-by: Felix Fietkau counters = alloc_counters(table); if (IS_ERR(counters)) -@@ -845,6 +874,14 @@ copy_entries_to_user(unsigned int total_ +@@ -848,6 +877,14 @@ copy_entries_to_user(unsigned int total_ goto free_counters; } @@ -91,7 +91,7 @@ Signed-off-by: Felix Fietkau for (i = sizeof(struct ipt_entry); i < e->target_offset; i += m->u.match_size) { -@@ -1227,12 +1264,15 @@ compat_copy_entry_to_user(struct ipt_ent +@@ -1228,12 +1265,15 @@ compat_copy_entry_to_user(struct ipt_ent compat_uint_t origsize; const struct xt_entry_match *ematch; int ret = 0; diff --git a/target/linux/generic/pending-4.19/611-netfilter_match_bypass_default_table.patch b/target/linux/generic/pending-4.19/611-netfilter_match_bypass_default_table.patch index 11f07e12b3..ba976b0751 100644 --- a/target/linux/generic/pending-4.19/611-netfilter_match_bypass_default_table.patch +++ b/target/linux/generic/pending-4.19/611-netfilter_match_bypass_default_table.patch @@ -8,7 +8,7 @@ Signed-off-by: Felix Fietkau --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c -@@ -248,6 +248,33 @@ struct ipt_entry *ipt_next_entry(const s +@@ -249,6 +249,33 @@ struct ipt_entry *ipt_next_entry(const s return (void *)entry + entry->next_offset; } @@ -42,35 +42,15 @@ Signed-off-by: Felix Fietkau /* Returns one of the generic firewall policies, like NF_ACCEPT. */ unsigned int ipt_do_table(struct sk_buff *skb, -@@ -268,24 +295,8 @@ ipt_do_table(struct sk_buff *skb, +@@ -269,27 +296,28 @@ ipt_do_table(struct sk_buff *skb, unsigned int addend; /* Initialization */ -- stackidx = 0; -- ip = ip_hdr(skb); -- indev = state->in ? state->in->name : nulldevname; -- outdev = state->out ? state->out->name : nulldevname; -- /* We handle fragments by dealing with the first fragment as -- * if it was a normal packet. All other fragments are treated -- * normally, except that they will NEVER match rules that ask -- * things we don't know, ie. tcp syn flag or ports). If the -- * rule is also a fragment-specific rule, non-fragments won't -- * match it. */ -- acpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET; -- acpar.thoff = ip_hdrlen(skb); -- acpar.hotdrop = false; -- acpar.state = state; -- - WARN_ON(!(table->valid_hooks & (1 << hook))); - local_bh_disable(); -- addend = xt_write_recseq_begin(); - private = table->private; - cpu = smp_processor_id(); - /* -@@ -294,6 +305,23 @@ ipt_do_table(struct sk_buff *skb, - */ - smp_read_barrier_depends(); - table_base = private->entries; ++ WARN_ON(!(table->valid_hooks & (1 << hook))); ++ local_bh_disable(); ++ private = READ_ONCE(table->private); /* Address dependency. */ ++ cpu = smp_processor_id(); ++ table_base = private->entries; + + e = get_entry(table_base, private->hook_entry[hook]); + if (ipt_handle_default_rule(e, &verdict)) { @@ -82,16 +62,31 @@ Signed-off-by: Felix Fietkau + return verdict; + } + -+ stackidx = 0; -+ ip = ip_hdr(skb); -+ indev = state->in ? state->in->name : nulldevname; -+ outdev = state->out ? state->out->name : nulldevname; -+ -+ addend = xt_write_recseq_begin(); + stackidx = 0; + ip = ip_hdr(skb); + indev = state->in ? state->in->name : nulldevname; + outdev = state->out ? state->out->name : nulldevname; +- /* We handle fragments by dealing with the first fragment as +- * if it was a normal packet. All other fragments are treated +- * normally, except that they will NEVER match rules that ask +- * things we don't know, ie. tcp syn flag or ports). If the +- * rule is also a fragment-specific rule, non-fragments won't +- * match it. */ +- acpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET; +- acpar.thoff = ip_hdrlen(skb); +- acpar.hotdrop = false; +- acpar.state = state; + +- WARN_ON(!(table->valid_hooks & (1 << hook))); +- local_bh_disable(); + addend = xt_write_recseq_begin(); +- private = READ_ONCE(table->private); /* Address dependency. */ +- cpu = smp_processor_id(); +- table_base = private->entries; jumpstack = (struct ipt_entry **)private->jumpstack[cpu]; /* Switch to alternate jumpstack if we're being invoked via TEE. -@@ -306,7 +334,16 @@ ipt_do_table(struct sk_buff *skb, +@@ -302,7 +330,16 @@ ipt_do_table(struct sk_buff *skb, if (static_key_false(&xt_tee_enabled)) jumpstack += private->stacksize * __this_cpu_read(nf_skb_duplicated); diff --git a/target/linux/generic/pending-4.19/612-netfilter_match_reduce_memory_access.patch b/target/linux/generic/pending-4.19/612-netfilter_match_reduce_memory_access.patch index 183c74c1c7..cd6fcf8e74 100644 --- a/target/linux/generic/pending-4.19/612-netfilter_match_reduce_memory_access.patch +++ b/target/linux/generic/pending-4.19/612-netfilter_match_reduce_memory_access.patch @@ -8,7 +8,7 @@ Signed-off-by: Felix Fietkau --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c -@@ -55,9 +55,9 @@ ip_packet_match(const struct iphdr *ip, +@@ -56,9 +56,9 @@ ip_packet_match(const struct iphdr *ip, if (ipinfo->flags & IPT_F_NO_DEF_MATCH) return true; diff --git a/target/linux/generic/pending-4.19/613-netfilter_optional_tcp_window_check.patch b/target/linux/generic/pending-4.19/613-netfilter_optional_tcp_window_check.patch index 69c165bb41..f9613a1ff6 100644 --- a/target/linux/generic/pending-4.19/613-netfilter_optional_tcp_window_check.patch +++ b/target/linux/generic/pending-4.19/613-netfilter_optional_tcp_window_check.patch @@ -8,7 +8,7 @@ Signed-off-by: Felix Fietkau --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c -@@ -33,6 +33,9 @@ +@@ -34,6 +34,9 @@ #include #include @@ -18,7 +18,7 @@ Signed-off-by: Felix Fietkau /* "Be conservative in what you do, be liberal in what you accept from others." If it's non-zero, we mark only out of window RST segments as INVALID. */ -@@ -508,6 +511,9 @@ static bool tcp_in_window(const struct n +@@ -483,6 +486,9 @@ static bool tcp_in_window(const struct n s32 receiver_offset; bool res, in_recv_win; @@ -28,7 +28,7 @@ Signed-off-by: Felix Fietkau /* * Get the required data from the packet. */ -@@ -1489,6 +1495,13 @@ static struct ctl_table tcp_sysctl_table +@@ -1476,6 +1482,13 @@ static struct ctl_table tcp_sysctl_table .mode = 0644, .proc_handler = proc_dointvec, }, diff --git a/target/linux/generic/pending-4.19/616-net_optimize_xfrm_calls.patch b/target/linux/generic/pending-4.19/616-net_optimize_xfrm_calls.patch index c64694ea3c..6a5801027c 100644 --- a/target/linux/generic/pending-4.19/616-net_optimize_xfrm_calls.patch +++ b/target/linux/generic/pending-4.19/616-net_optimize_xfrm_calls.patch @@ -8,8 +8,8 @@ Signed-off-by: Felix Fietkau --- a/net/netfilter/nf_nat_core.c +++ b/net/netfilter/nf_nat_core.c -@@ -90,6 +90,9 @@ int nf_xfrm_me_harder(struct net *net, s - struct dst_entry *dst; +@@ -110,6 +110,9 @@ int nf_xfrm_me_harder(struct net *net, s + struct sock *sk = skb->sk; int err; + if (skb->dev && !dev_net(skb->dev)->xfrm.policy_count[XFRM_POLICY_OUT]) diff --git a/target/linux/generic/pending-4.19/620-net_sched-codel-do-not-defer-queue-length-update.patch b/target/linux/generic/pending-4.19/620-net_sched-codel-do-not-defer-queue-length-update.patch index b3c35ee350..457c812841 100644 --- a/target/linux/generic/pending-4.19/620-net_sched-codel-do-not-defer-queue-length-update.patch +++ b/target/linux/generic/pending-4.19/620-net_sched-codel-do-not-defer-queue-length-update.patch @@ -46,7 +46,7 @@ Link: https://bugzilla.kernel.org/show_bug.cgi?id=109581 } --- a/net/sched/sch_fq_codel.c +++ b/net/sched/sch_fq_codel.c -@@ -316,6 +316,21 @@ begin: +@@ -317,6 +317,21 @@ begin: flow->dropped += q->cstats.drop_count - prev_drop_count; flow->dropped += q->cstats.ecn_mark - prev_ecn_mark; @@ -68,7 +68,7 @@ Link: https://bugzilla.kernel.org/show_bug.cgi?id=109581 if (!skb) { /* force a pass through old_flows to prevent starvation */ if ((head == &q->new_flows) && !list_empty(&q->old_flows)) -@@ -326,15 +341,6 @@ begin: +@@ -327,15 +342,6 @@ begin: } qdisc_bstats_update(sch, skb); flow->deficit -= qdisc_pkt_len(skb); diff --git a/target/linux/generic/pending-4.19/630-packet_socket_type.patch b/target/linux/generic/pending-4.19/630-packet_socket_type.patch index d55d678549..5834ab14c1 100644 --- a/target/linux/generic/pending-4.19/630-packet_socket_type.patch +++ b/target/linux/generic/pending-4.19/630-packet_socket_type.patch @@ -30,7 +30,7 @@ Signed-off-by: Felix Fietkau #define PACKET_FANOUT_LB 1 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c -@@ -1829,6 +1829,7 @@ static int packet_rcv_spkt(struct sk_buf +@@ -1789,6 +1789,7 @@ static int packet_rcv_spkt(struct sk_buf { struct sock *sk; struct sockaddr_pkt *spkt; @@ -38,7 +38,7 @@ Signed-off-by: Felix Fietkau /* * When we registered the protocol we saved the socket in the data -@@ -1836,6 +1837,7 @@ static int packet_rcv_spkt(struct sk_buf +@@ -1796,6 +1797,7 @@ static int packet_rcv_spkt(struct sk_buf */ sk = pt->af_packet_priv; @@ -46,7 +46,7 @@ Signed-off-by: Felix Fietkau /* * Yank back the headers [hope the device set this -@@ -1848,7 +1850,7 @@ static int packet_rcv_spkt(struct sk_buf +@@ -1808,7 +1810,7 @@ static int packet_rcv_spkt(struct sk_buf * so that this procedure is noop. */ @@ -55,7 +55,7 @@ Signed-off-by: Felix Fietkau goto out; if (!net_eq(dev_net(dev), sock_net(sk))) -@@ -2075,12 +2077,12 @@ static int packet_rcv(struct sk_buff *sk +@@ -2036,12 +2038,12 @@ static int packet_rcv(struct sk_buff *sk unsigned int snaplen, res; bool is_drop_n_account = false; @@ -71,7 +71,7 @@ Signed-off-by: Felix Fietkau if (!net_eq(dev_net(dev), sock_net(sk))) goto drop; -@@ -2206,12 +2208,12 @@ static int tpacket_rcv(struct sk_buff *s +@@ -2167,12 +2169,12 @@ static int tpacket_rcv(struct sk_buff *s BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h2)) != 32); BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h3)) != 48); @@ -87,7 +87,7 @@ Signed-off-by: Felix Fietkau if (!net_eq(dev_net(dev), sock_net(sk))) goto drop; -@@ -3265,6 +3267,7 @@ static int packet_create(struct net *net +@@ -3228,6 +3230,7 @@ static int packet_create(struct net *net mutex_init(&po->pg_vec_lock); po->rollover = NULL; po->prot_hook.func = packet_rcv; @@ -95,7 +95,7 @@ Signed-off-by: Felix Fietkau if (sock->type == SOCK_PACKET) po->prot_hook.func = packet_rcv_spkt; -@@ -3878,6 +3881,16 @@ packet_setsockopt(struct socket *sock, i +@@ -3839,6 +3842,16 @@ packet_setsockopt(struct socket *sock, i po->xmit = val ? packet_direct_xmit : dev_queue_xmit; return 0; } @@ -112,7 +112,7 @@ Signed-off-by: Felix Fietkau default: return -ENOPROTOOPT; } -@@ -3930,6 +3943,13 @@ static int packet_getsockopt(struct sock +@@ -3891,6 +3904,13 @@ static int packet_getsockopt(struct sock case PACKET_VNET_HDR: val = po->has_vnet_hdr; break; diff --git a/target/linux/generic/pending-4.19/640-netfilter-nf_flow_table-add-hardware-offload-support.patch b/target/linux/generic/pending-4.19/640-netfilter-nf_flow_table-add-hardware-offload-support.patch index ad78b684a0..6126436b99 100644 --- a/target/linux/generic/pending-4.19/640-netfilter-nf_flow_table-add-hardware-offload-support.patch +++ b/target/linux/generic/pending-4.19/640-netfilter-nf_flow_table-add-hardware-offload-support.patch @@ -23,9 +23,9 @@ Signed-off-by: Pablo Neira Ayuso --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -826,6 +826,13 @@ struct xfrmdev_ops { +@@ -918,6 +918,13 @@ struct dev_ifalias { + char ifalias[]; }; - #endif +struct flow_offload; + @@ -37,7 +37,7 @@ Signed-off-by: Pablo Neira Ayuso /* * This structure defines the management hooks for network devices. * The following hooks can be defined; unless noted otherwise, they are -@@ -1057,6 +1064,10 @@ struct xfrmdev_ops { +@@ -1150,6 +1157,10 @@ struct dev_ifalias { * int (*ndo_bridge_dellink)(struct net_device *dev, struct nlmsghdr *nlh, * u16 flags); * @@ -48,7 +48,7 @@ Signed-off-by: Pablo Neira Ayuso * int (*ndo_change_carrier)(struct net_device *dev, bool new_carrier); * Called to change device carrier. Soft-devices (like dummy, team, etc) * which do not represent real hardware may define this to allow their -@@ -1281,6 +1292,8 @@ struct net_device_ops { +@@ -1377,6 +1388,8 @@ struct net_device_ops { int (*ndo_bridge_dellink)(struct net_device *dev, struct nlmsghdr *nlh, u16 flags); @@ -110,7 +110,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h -@@ -1341,6 +1341,7 @@ enum nft_object_attributes { +@@ -1464,6 +1464,7 @@ enum nft_object_attributes { * @NFTA_FLOWTABLE_HOOK: netfilter hook configuration(NLA_U32) * @NFTA_FLOWTABLE_USE: number of references to this flow table (NLA_U32) * @NFTA_FLOWTABLE_HANDLE: object handle (NLA_U64) @@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso */ enum nft_flowtable_attributes { NFTA_FLOWTABLE_UNSPEC, -@@ -1350,6 +1351,7 @@ enum nft_flowtable_attributes { +@@ -1473,6 +1474,7 @@ enum nft_flowtable_attributes { NFTA_FLOWTABLE_USE, NFTA_FLOWTABLE_HANDLE, NFTA_FLOWTABLE_PAD, @@ -128,7 +128,7 @@ Signed-off-by: Pablo Neira Ayuso #define NFTA_FLOWTABLE_MAX (__NFTA_FLOWTABLE_MAX - 1) --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig -@@ -692,6 +692,15 @@ config NF_FLOW_TABLE +@@ -714,6 +714,15 @@ config NF_FLOW_TABLE To compile it as a module, choose M here. @@ -146,7 +146,7 @@ Signed-off-by: Pablo Neira Ayuso default m if NETFILTER_ADVANCED=n --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile -@@ -116,6 +116,7 @@ obj-$(CONFIG_NF_FLOW_TABLE) += nf_flow_t +@@ -126,6 +126,7 @@ obj-$(CONFIG_NF_FLOW_TABLE) += nf_flow_t nf_flow_table-objs := nf_flow_table_core.o nf_flow_table_ip.o obj-$(CONFIG_NF_FLOW_TABLE_INET) += nf_flow_table_inet.o @@ -156,7 +156,7 @@ Signed-off-by: Pablo Neira Ayuso obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c -@@ -218,10 +218,16 @@ int flow_offload_add(struct nf_flowtable +@@ -215,10 +215,16 @@ int flow_offload_add(struct nf_flowtable } EXPORT_SYMBOL_GPL(flow_offload_add); @@ -173,7 +173,7 @@ Signed-off-by: Pablo Neira Ayuso rhashtable_remove_fast(&flow_table->rhashtable, &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node, -@@ -236,6 +242,9 @@ static void flow_offload_del(struct nf_f +@@ -233,6 +239,9 @@ static void flow_offload_del(struct nf_f if (!(flow->flags & FLOW_OFFLOAD_TEARDOWN)) flow_offload_fixup_ct_state(e->ct); @@ -183,7 +183,7 @@ Signed-off-by: Pablo Neira Ayuso flow_offload_free(flow); } -@@ -349,6 +358,9 @@ static int nf_flow_offload_gc_step(struc +@@ -346,6 +355,9 @@ static int nf_flow_offload_gc_step(struc if (!teardown) nf_ct_offload_timeout(flow); @@ -193,7 +193,7 @@ Signed-off-by: Pablo Neira Ayuso if (nf_flow_has_expired(flow) || teardown) flow_offload_del(flow_table, flow); } -@@ -484,10 +496,43 @@ int nf_flow_dnat_port(const struct flow_ +@@ -481,10 +493,43 @@ int nf_flow_dnat_port(const struct flow_ } EXPORT_SYMBOL_GPL(nf_flow_dnat_port); @@ -237,7 +237,7 @@ Signed-off-by: Pablo Neira Ayuso INIT_DEFERRABLE_WORK(&flowtable->gc_work, nf_flow_offload_work_gc); err = rhashtable_init(&flowtable->rhashtable, -@@ -525,6 +570,8 @@ static void nf_flow_table_iterate_cleanu +@@ -522,6 +567,8 @@ static void nf_flow_table_iterate_cleanu { nf_flow_table_iterate(flowtable, nf_flow_table_do_cleanup, dev); flush_delayed_work(&flowtable->gc_work); @@ -246,7 +246,7 @@ Signed-off-by: Pablo Neira Ayuso } void nf_flow_table_cleanup(struct net *net, struct net_device *dev) -@@ -538,6 +585,26 @@ void nf_flow_table_cleanup(struct net *n +@@ -535,6 +582,26 @@ void nf_flow_table_cleanup(struct net *n } EXPORT_SYMBOL_GPL(nf_flow_table_cleanup); @@ -273,7 +273,7 @@ Signed-off-by: Pablo Neira Ayuso void nf_flow_table_free(struct nf_flowtable *flow_table) { mutex_lock(&flowtable_lock); -@@ -547,9 +614,58 @@ void nf_flow_table_free(struct nf_flowta +@@ -544,9 +611,58 @@ void nf_flow_table_free(struct nf_flowta nf_flow_table_iterate(flow_table, nf_flow_table_do_cleanup, NULL); WARN_ON(!nf_flow_offload_gc_step(flow_table)); rhashtable_destroy(&flow_table->rhashtable); @@ -506,22 +506,21 @@ Signed-off-by: Pablo Neira Ayuso +MODULE_ALIAS("nf-flow-table-hw"); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4934,6 +4934,14 @@ static int nf_tables_flowtable_parse_hoo +@@ -5396,6 +5396,13 @@ static int nf_tables_flowtable_parse_hoo if (err < 0) - goto err1; + return err; + for (i = 0; i < n; i++) { + if (flowtable->data.flags & NF_FLOWTABLE_F_HW && + !dev_array[i]->netdev_ops->ndo_flow_offload) { -+ err = -EOPNOTSUPP; -+ goto err1; ++ return -EOPNOTSUPP; + } + } + - ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL); - if (!ops) { - err = -ENOMEM; -@@ -5064,10 +5072,19 @@ static int nf_tables_newflowtable(struct + ops = kcalloc(n, sizeof(struct nf_hook_ops), GFP_KERNEL); + if (!ops) + return -ENOMEM; +@@ -5527,10 +5534,19 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -541,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK], flowtable); if (err < 0) -@@ -5165,7 +5182,8 @@ static int nf_tables_fill_flowtable_info +@@ -5656,7 +5672,8 @@ static int nf_tables_fill_flowtable_info nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) || nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle), diff --git a/target/linux/generic/pending-4.19/641-netfilter-nf_flow_table-support-hw-offload-through-v.patch b/target/linux/generic/pending-4.19/641-netfilter-nf_flow_table-support-hw-offload-through-v.patch index 9311725346..87ff634793 100644 --- a/target/linux/generic/pending-4.19/641-netfilter-nf_flow_table-support-hw-offload-through-v.patch +++ b/target/linux/generic/pending-4.19/641-netfilter-nf_flow_table-support-hw-offload-through-v.patch @@ -15,15 +15,15 @@ Signed-off-by: Felix Fietkau --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -827,6 +827,7 @@ struct xfrmdev_ops { - #endif +@@ -919,6 +919,7 @@ struct dev_ifalias { + }; struct flow_offload; +struct flow_offload_hw_path; enum flow_offload_type { FLOW_OFFLOAD_ADD = 0, -@@ -1064,8 +1065,15 @@ enum flow_offload_type { +@@ -1157,8 +1158,15 @@ enum flow_offload_type { * int (*ndo_bridge_dellink)(struct net_device *dev, struct nlmsghdr *nlh, * u16 flags); * @@ -40,7 +40,7 @@ Signed-off-by: Felix Fietkau * Adds/deletes flow entry to/from net device flowtable. * * int (*ndo_change_carrier)(struct net_device *dev, bool new_carrier); -@@ -1292,8 +1300,11 @@ struct net_device_ops { +@@ -1388,8 +1396,11 @@ struct net_device_ops { int (*ndo_bridge_dellink)(struct net_device *dev, struct nlmsghdr *nlh, u16 flags); diff --git a/target/linux/generic/pending-4.19/642-net-8021q-support-hardware-flow-table-offload.patch b/target/linux/generic/pending-4.19/642-net-8021q-support-hardware-flow-table-offload.patch index 0d6eab16fd..4fabfdcb6c 100644 --- a/target/linux/generic/pending-4.19/642-net-8021q-support-hardware-flow-table-offload.patch +++ b/target/linux/generic/pending-4.19/642-net-8021q-support-hardware-flow-table-offload.patch @@ -20,7 +20,7 @@ Signed-off-by: Felix Fietkau #include "vlan.h" #include "vlanproc.h" -@@ -766,6 +770,27 @@ static int vlan_dev_get_iflink(const str +@@ -768,6 +772,27 @@ static int vlan_dev_get_iflink(const str return real_dev->ifindex; } @@ -48,7 +48,7 @@ Signed-off-by: Felix Fietkau static const struct ethtool_ops vlan_ethtool_ops = { .get_link_ksettings = vlan_ethtool_get_link_ksettings, .get_drvinfo = vlan_ethtool_get_drvinfo, -@@ -803,6 +828,9 @@ static const struct net_device_ops vlan_ +@@ -805,6 +830,9 @@ static const struct net_device_ops vlan_ .ndo_fix_features = vlan_dev_fix_features, .ndo_get_lock_subclass = vlan_dev_get_lock_subclass, .ndo_get_iflink = vlan_dev_get_iflink, diff --git a/target/linux/generic/pending-4.19/643-net-bridge-support-hardware-flow-table-offload.patch b/target/linux/generic/pending-4.19/643-net-bridge-support-hardware-flow-table-offload.patch index a070fe1636..7d9c8abe9c 100644 --- a/target/linux/generic/pending-4.19/643-net-bridge-support-hardware-flow-table-offload.patch +++ b/target/linux/generic/pending-4.19/643-net-bridge-support-hardware-flow-table-offload.patch @@ -20,7 +20,7 @@ Signed-off-by: Felix Fietkau #include #include "br_private.h" -@@ -340,6 +344,28 @@ static const struct ethtool_ops br_ethto +@@ -370,6 +374,28 @@ static const struct ethtool_ops br_ethto .get_link = ethtool_op_get_link, }; @@ -49,7 +49,7 @@ Signed-off-by: Felix Fietkau static const struct net_device_ops br_netdev_ops = { .ndo_open = br_dev_open, .ndo_stop = br_dev_stop, -@@ -367,6 +393,9 @@ static const struct net_device_ops br_ne +@@ -397,6 +423,9 @@ static const struct net_device_ops br_ne .ndo_bridge_setlink = br_setlink, .ndo_bridge_dellink = br_dellink, .ndo_features_check = passthru_features_check, diff --git a/target/linux/generic/pending-4.19/644-net-pppoe-support-hardware-flow-table-offload.patch b/target/linux/generic/pending-4.19/644-net-pppoe-support-hardware-flow-table-offload.patch index edba04ccf6..456c08b90c 100644 --- a/target/linux/generic/pending-4.19/644-net-pppoe-support-hardware-flow-table-offload.patch +++ b/target/linux/generic/pending-4.19/644-net-pppoe-support-hardware-flow-table-offload.patch @@ -9,7 +9,7 @@ Signed-off-by: Felix Fietkau --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c -@@ -56,6 +56,11 @@ +@@ -57,6 +57,11 @@ #include #include @@ -21,7 +21,7 @@ Signed-off-by: Felix Fietkau #define PPP_VERSION "2.4.2" /* -@@ -1382,12 +1387,37 @@ static void ppp_dev_priv_destructor(stru +@@ -1368,12 +1373,37 @@ static void ppp_dev_priv_destructor(stru ppp_destroy_interface(ppp); } @@ -73,7 +73,7 @@ Signed-off-by: Felix Fietkau #include #include #include -@@ -977,8 +982,36 @@ static int pppoe_xmit(struct ppp_channel +@@ -975,8 +980,36 @@ static int pppoe_xmit(struct ppp_channel return __pppoe_xmit(sk, skb); } diff --git a/target/linux/generic/pending-4.19/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch b/target/linux/generic/pending-4.19/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch index 8f0793491b..2b3725f81e 100644 --- a/target/linux/generic/pending-4.19/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch +++ b/target/linux/generic/pending-4.19/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch @@ -26,7 +26,7 @@ Signed-off-by: Felix Fietkau struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX]; --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c -@@ -358,7 +358,7 @@ static int nf_flow_offload_gc_step(struc +@@ -355,7 +355,7 @@ static int nf_flow_offload_gc_step(struc if (!teardown) nf_ct_offload_timeout(flow); diff --git a/target/linux/generic/pending-4.19/655-increase_skb_pad.patch b/target/linux/generic/pending-4.19/655-increase_skb_pad.patch index adb6b04529..c19290f8d8 100644 --- a/target/linux/generic/pending-4.19/655-increase_skb_pad.patch +++ b/target/linux/generic/pending-4.19/655-increase_skb_pad.patch @@ -9,7 +9,7 @@ Signed-off-by: Felix Fietkau --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -2476,7 +2476,7 @@ static inline int pskb_network_may_pull( +@@ -2480,7 +2480,7 @@ static inline int pskb_network_may_pull( * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD diff --git a/target/linux/generic/pending-4.19/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch b/target/linux/generic/pending-4.19/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch index 7c60d7e799..40f7962b67 100644 --- a/target/linux/generic/pending-4.19/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch +++ b/target/linux/generic/pending-4.19/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch @@ -156,7 +156,7 @@ Signed-off-by: Steven Barth if (dev == ip6n->fb_tnl_dev) RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL); else -@@ -779,6 +796,107 @@ int ip6_tnl_rcv_ctl(struct ip6_tnl *t, +@@ -772,6 +789,107 @@ int ip6_tnl_rcv_ctl(struct ip6_tnl *t, } EXPORT_SYMBOL_GPL(ip6_tnl_rcv_ctl); @@ -264,7 +264,7 @@ Signed-off-by: Steven Barth static int __ip6_tnl_rcv(struct ip6_tnl *tunnel, struct sk_buff *skb, const struct tnl_ptk_info *tpi, struct metadata_dst *tun_dst, -@@ -831,6 +949,27 @@ static int __ip6_tnl_rcv(struct ip6_tnl +@@ -824,6 +942,27 @@ static int __ip6_tnl_rcv(struct ip6_tnl skb_reset_network_header(skb); memset(skb->cb, 0, sizeof(struct inet6_skb_parm)); @@ -292,7 +292,7 @@ Signed-off-by: Steven Barth __skb_tunnel_rx(skb, tunnel->dev, tunnel->net); err = dscp_ecn_decapsulate(tunnel, ipv6h, skb); -@@ -962,6 +1101,7 @@ static void init_tel_txopt(struct ipv6_t +@@ -955,6 +1094,7 @@ static void init_tel_txopt(struct ipv6_t opt->ops.opt_nflen = 8; } @@ -300,7 +300,7 @@ Signed-off-by: Steven Barth /** * ip6_tnl_addr_conflict - compare packet addresses to tunnel's own * @t: the outgoing tunnel device -@@ -1305,6 +1445,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str +@@ -1312,6 +1452,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str { struct ip6_tnl *t = netdev_priv(dev); struct ipv6hdr *ipv6h; @@ -308,7 +308,7 @@ Signed-off-by: Steven Barth int encap_limit = -1; __u16 offset; struct flowi6 fl6; -@@ -1371,6 +1512,18 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str +@@ -1379,6 +1520,18 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str fl6.flowi6_uid = sock_net_uid(dev_net(dev), NULL); @@ -327,7 +327,7 @@ Signed-off-by: Steven Barth if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6)) return -1; -@@ -1499,6 +1652,14 @@ ip6_tnl_change(struct ip6_tnl *t, const +@@ -1507,6 +1660,14 @@ ip6_tnl_change(struct ip6_tnl *t, const t->parms.link = p->link; t->parms.proto = p->proto; t->parms.fwmark = p->fwmark; @@ -342,7 +342,7 @@ Signed-off-by: Steven Barth dst_cache_reset(&t->dst_cache); ip6_tnl_link_config(t); return 0; -@@ -1537,6 +1698,7 @@ ip6_tnl_parm_from_user(struct __ip6_tnl_ +@@ -1545,6 +1706,7 @@ ip6_tnl_parm_from_user(struct __ip6_tnl_ p->flowinfo = u->flowinfo; p->link = u->link; p->proto = u->proto; @@ -350,7 +350,7 @@ Signed-off-by: Steven Barth memcpy(p->name, u->name, sizeof(u->name)); } -@@ -1923,6 +2085,15 @@ static int ip6_tnl_validate(struct nlatt +@@ -1931,6 +2093,15 @@ static int ip6_tnl_validate(struct nlatt return 0; } @@ -366,7 +366,7 @@ Signed-off-by: Steven Barth static void ip6_tnl_netlink_parms(struct nlattr *data[], struct __ip6_tnl_parm *parms) { -@@ -1960,6 +2131,46 @@ static void ip6_tnl_netlink_parms(struct +@@ -1968,6 +2139,46 @@ static void ip6_tnl_netlink_parms(struct if (data[IFLA_IPTUN_FWMARK]) parms->fwmark = nla_get_u32(data[IFLA_IPTUN_FWMARK]); @@ -413,7 +413,7 @@ Signed-off-by: Steven Barth } static bool ip6_tnl_netlink_encap_parms(struct nlattr *data[], -@@ -2075,6 +2286,12 @@ static void ip6_tnl_dellink(struct net_d +@@ -2083,6 +2294,12 @@ static void ip6_tnl_dellink(struct net_d static size_t ip6_tnl_get_size(const struct net_device *dev) { @@ -426,7 +426,7 @@ Signed-off-by: Steven Barth return /* IFLA_IPTUN_LINK */ nla_total_size(4) + -@@ -2104,6 +2321,24 @@ static size_t ip6_tnl_get_size(const str +@@ -2112,6 +2329,24 @@ static size_t ip6_tnl_get_size(const str nla_total_size(0) + /* IFLA_IPTUN_FWMARK */ nla_total_size(4) + @@ -451,7 +451,7 @@ Signed-off-by: Steven Barth 0; } -@@ -2111,6 +2346,9 @@ static int ip6_tnl_fill_info(struct sk_b +@@ -2119,6 +2354,9 @@ static int ip6_tnl_fill_info(struct sk_b { struct ip6_tnl *tunnel = netdev_priv(dev); struct __ip6_tnl_parm *parm = &tunnel->parms; @@ -461,7 +461,7 @@ Signed-off-by: Steven Barth if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) || nla_put_in6_addr(skb, IFLA_IPTUN_LOCAL, &parm->laddr) || -@@ -2120,9 +2358,27 @@ static int ip6_tnl_fill_info(struct sk_b +@@ -2128,9 +2366,27 @@ static int ip6_tnl_fill_info(struct sk_b nla_put_be32(skb, IFLA_IPTUN_FLOWINFO, parm->flowinfo) || nla_put_u32(skb, IFLA_IPTUN_FLAGS, parm->flags) || nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->proto) || @@ -490,7 +490,7 @@ Signed-off-by: Steven Barth if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE, tunnel->encap.type) || nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT, tunnel->encap.sport) || nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT, tunnel->encap.dport) || -@@ -2162,6 +2418,7 @@ static const struct nla_policy ip6_tnl_p +@@ -2170,6 +2426,7 @@ static const struct nla_policy ip6_tnl_p [IFLA_IPTUN_ENCAP_DPORT] = { .type = NLA_U16 }, [IFLA_IPTUN_COLLECT_METADATA] = { .type = NLA_FLAG }, [IFLA_IPTUN_FWMARK] = { .type = NLA_U32 }, diff --git a/target/linux/generic/pending-4.19/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch b/target/linux/generic/pending-4.19/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch index 1397580382..a022c2c556 100644 --- a/target/linux/generic/pending-4.19/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch +++ b/target/linux/generic/pending-4.19/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch @@ -20,9 +20,9 @@ Signed-off-by: Jonas Gorski --- a/include/net/netns/ipv6.h +++ b/include/net/netns/ipv6.h -@@ -69,6 +69,7 @@ struct netns_ipv6 { - #ifdef CONFIG_IPV6_MULTIPLE_TABLES - bool fib6_has_custom_rules; +@@ -78,6 +78,7 @@ struct netns_ipv6 { + unsigned int fib6_rules_require_fldissect; + bool fib6_has_custom_rules; struct rt6_info *ip6_prohibit_entry; + struct rt6_info *ip6_policy_failed_entry; struct rt6_info *ip6_blk_hole_entry; @@ -30,7 +30,7 @@ Signed-off-by: Jonas Gorski struct fib_rules_ops *fib6_rules_ops; --- a/include/uapi/linux/fib_rules.h +++ b/include/uapi/linux/fib_rules.h -@@ -73,6 +73,10 @@ enum { +@@ -82,6 +82,10 @@ enum { FR_ACT_BLACKHOLE, /* Drop without notification */ FR_ACT_UNREACHABLE, /* Drop with ENETUNREACH */ FR_ACT_PROHIBIT, /* Drop with EACCES */ @@ -43,7 +43,7 @@ Signed-off-by: Jonas Gorski --- a/include/uapi/linux/rtnetlink.h +++ b/include/uapi/linux/rtnetlink.h -@@ -221,6 +221,7 @@ enum { +@@ -228,6 +228,7 @@ enum { RTN_THROW, /* Not in this table */ RTN_NAT, /* Translate this address */ RTN_XRESOLVE, /* Use external resolver */ @@ -66,7 +66,7 @@ Signed-off-by: Jonas Gorski static void rt_fibinfo_free(struct rtable __rcu **rtp) --- a/net/ipv4/fib_trie.c +++ b/net/ipv4/fib_trie.c -@@ -2460,6 +2460,7 @@ static const char *const rtn_type_names[ +@@ -2465,6 +2465,7 @@ static const char *const rtn_type_names[ [RTN_THROW] = "THROW", [RTN_NAT] = "NAT", [RTN_XRESOLVE] = "XRESOLVE", @@ -76,7 +76,7 @@ Signed-off-by: Jonas Gorski static inline const char *rtn_type(char *buf, size_t len, unsigned int t) --- a/net/ipv4/ipmr.c +++ b/net/ipv4/ipmr.c -@@ -161,6 +161,7 @@ static int ipmr_rule_action(struct fib_r +@@ -177,6 +177,7 @@ static int ipmr_rule_action(struct fib_r case FR_ACT_UNREACHABLE: return -ENETUNREACH; case FR_ACT_PROHIBIT: @@ -86,7 +86,7 @@ Signed-off-by: Jonas Gorski default: --- a/net/ipv6/fib6_rules.c +++ b/net/ipv6/fib6_rules.c -@@ -121,6 +121,10 @@ static int fib6_rule_action(struct fib_r +@@ -221,6 +221,10 @@ static int __fib6_rule_action(struct fib err = -EACCES; rt = net->ipv6.ip6_prohibit_entry; goto discard_pkt; @@ -99,7 +99,7 @@ Signed-off-by: Jonas Gorski tb_id = fib_rule_get_table(rule, arg); --- a/net/ipv6/ip6mr.c +++ b/net/ipv6/ip6mr.c -@@ -168,6 +168,8 @@ static int ip6mr_rule_action(struct fib_ +@@ -159,6 +159,8 @@ static int ip6mr_rule_action(struct fib_ return -ENETUNREACH; case FR_ACT_PROHIBIT: return -EACCES; @@ -110,7 +110,7 @@ Signed-off-by: Jonas Gorski return -EINVAL; --- a/net/ipv6/route.c +++ b/net/ipv6/route.c -@@ -91,6 +91,8 @@ static int ip6_pkt_discard(struct sk_bu +@@ -97,6 +97,8 @@ static int ip6_pkt_discard(struct sk_bu static int ip6_pkt_discard_out(struct net *net, struct sock *sk, struct sk_buff *skb); static int ip6_pkt_prohibit(struct sk_buff *skb); static int ip6_pkt_prohibit_out(struct net *net, struct sock *sk, struct sk_buff *skb); @@ -119,8 +119,8 @@ Signed-off-by: Jonas Gorski static void ip6_link_failure(struct sk_buff *skb); static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb, u32 mtu); -@@ -321,6 +323,21 @@ static const struct rt6_info ip6_prohibi - .rt6i_ref = ATOMIC_INIT(1), +@@ -324,6 +326,18 @@ static const struct rt6_info ip6_prohibi + .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP), }; +static const struct rt6_info ip6_policy_failed_entry_template = { @@ -133,27 +133,31 @@ Signed-off-by: Jonas Gorski + .output = ip6_pkt_policy_failed_out, + }, + .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP), -+ .rt6i_protocol = RTPROT_KERNEL, -+ .rt6i_metric = ~(u32) 0, -+ .rt6i_ref = ATOMIC_INIT(1), +}; + static const struct rt6_info ip6_blk_hole_entry_template = { .dst = { .__refcnt = ATOMIC_INIT(1), -@@ -2046,6 +2063,11 @@ static struct rt6_info *ip6_route_info_c - rt->dst.output = ip6_pkt_prohibit_out; - rt->dst.input = ip6_pkt_prohibit; - break; -+ case RTN_POLICY_FAILED: -+ rt->dst.error = -EACCES; -+ rt->dst.output = ip6_pkt_policy_failed_out; -+ rt->dst.input = ip6_pkt_policy_failed; -+ break; - case RTN_THROW: - case RTN_UNREACHABLE: - default: -@@ -2771,6 +2793,17 @@ static int ip6_pkt_prohibit_out(struct n +@@ -901,6 +915,7 @@ static const int fib6_prop[RTN_MAX + 1] + [RTN_BLACKHOLE] = -EINVAL, + [RTN_UNREACHABLE] = -EHOSTUNREACH, + [RTN_PROHIBIT] = -EACCES, ++ [RTN_POLICY_FAILED] = -EACCES, + [RTN_THROW] = -EAGAIN, + [RTN_NAT] = -EINVAL, + [RTN_XRESOLVE] = -EINVAL, +@@ -938,6 +953,10 @@ static void ip6_rt_init_dst_reject(struc + rt->dst.output = ip6_pkt_prohibit_out; + rt->dst.input = ip6_pkt_prohibit; + break; ++ case RTN_POLICY_FAILED: ++ rt->dst.output = ip6_pkt_policy_failed_out; ++ rt->dst.input = ip6_pkt_policy_failed; ++ break; + case RTN_THROW: + case RTN_UNREACHABLE: + default: +@@ -3745,6 +3764,17 @@ static int ip6_pkt_prohibit_out(struct n return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES); } @@ -171,7 +175,7 @@ Signed-off-by: Jonas Gorski /* * Allocate a dst for local (unicast / anycast) address. */ -@@ -3007,7 +3040,8 @@ static int rtm_to_fib6_config(struct sk_ +@@ -4192,7 +4222,8 @@ static int rtm_to_fib6_config(struct sk_ if (rtm->rtm_type == RTN_UNREACHABLE || rtm->rtm_type == RTN_BLACKHOLE || rtm->rtm_type == RTN_PROHIBIT || @@ -181,17 +185,7 @@ Signed-off-by: Jonas Gorski cfg->fc_flags |= RTF_REJECT; if (rtm->rtm_type == RTN_LOCAL) -@@ -3502,6 +3536,9 @@ static int rt6_fill_node(struct net *net - case -EACCES: - rtm->rtm_type = RTN_PROHIBIT; - break; -+ case -EPERM: -+ rtm->rtm_type = RTN_POLICY_FAILED; -+ break; - case -EAGAIN: - rtm->rtm_type = RTN_THROW; - break; -@@ -3820,6 +3857,8 @@ static int ip6_route_dev_notify(struct n +@@ -5031,6 +5062,8 @@ static int ip6_route_dev_notify(struct n #ifdef CONFIG_IPV6_MULTIPLE_TABLES net->ipv6.ip6_prohibit_entry->dst.dev = dev; net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev); @@ -200,7 +194,7 @@ Signed-off-by: Jonas Gorski net->ipv6.ip6_blk_hole_entry->dst.dev = dev; net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev); #endif -@@ -3831,6 +3870,7 @@ static int ip6_route_dev_notify(struct n +@@ -5042,6 +5075,7 @@ static int ip6_route_dev_notify(struct n in6_dev_put_clear(&net->ipv6.ip6_null_entry->rt6i_idev); #ifdef CONFIG_IPV6_MULTIPLE_TABLES in6_dev_put_clear(&net->ipv6.ip6_prohibit_entry->rt6i_idev); @@ -208,7 +202,7 @@ Signed-off-by: Jonas Gorski in6_dev_put_clear(&net->ipv6.ip6_blk_hole_entry->rt6i_idev); #endif } -@@ -4047,6 +4087,17 @@ static int __net_init ip6_route_net_init +@@ -5236,6 +5270,15 @@ static int __net_init ip6_route_net_init net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops; dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst, ip6_template_metrics, true); @@ -218,15 +212,13 @@ Signed-off-by: Jonas Gorski + sizeof(*net->ipv6.ip6_policy_failed_entry), GFP_KERNEL); + if (!net->ipv6.ip6_policy_failed_entry) + goto out_ip6_blk_hole_entry; -+ net->ipv6.ip6_policy_failed_entry->dst.path = -+ (struct dst_entry *)net->ipv6.ip6_policy_failed_entry; + net->ipv6.ip6_policy_failed_entry->dst.ops = &net->ipv6.ip6_dst_ops; + dst_init_metrics(&net->ipv6.ip6_policy_failed_entry->dst, + ip6_template_metrics, true); #endif net->ipv6.sysctl.flush_delay = 0; -@@ -4065,6 +4116,8 @@ out: +@@ -5254,6 +5297,8 @@ out: return ret; #ifdef CONFIG_IPV6_MULTIPLE_TABLES @@ -235,7 +227,7 @@ Signed-off-by: Jonas Gorski out_ip6_prohibit_entry: kfree(net->ipv6.ip6_prohibit_entry); out_ip6_null_entry: -@@ -4082,6 +4135,7 @@ static void __net_exit ip6_route_net_exi +@@ -5274,6 +5319,7 @@ static void __net_exit ip6_route_net_exi #ifdef CONFIG_IPV6_MULTIPLE_TABLES kfree(net->ipv6.ip6_prohibit_entry); kfree(net->ipv6.ip6_blk_hole_entry); @@ -243,7 +235,7 @@ Signed-off-by: Jonas Gorski #endif dst_entries_destroy(&net->ipv6.ip6_dst_ops); } -@@ -4155,6 +4209,9 @@ void __init ip6_route_init_special_entri +@@ -5350,6 +5396,9 @@ void __init ip6_route_init_special_entri init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev; init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); diff --git a/target/linux/generic/pending-4.19/671-net-provide-defines-for-_POLICY_FAILED-until-all-cod.patch b/target/linux/generic/pending-4.19/671-net-provide-defines-for-_POLICY_FAILED-until-all-cod.patch index cfea527e3d..85adfedc94 100644 --- a/target/linux/generic/pending-4.19/671-net-provide-defines-for-_POLICY_FAILED-until-all-cod.patch +++ b/target/linux/generic/pending-4.19/671-net-provide-defines-for-_POLICY_FAILED-until-all-cod.patch @@ -17,7 +17,7 @@ Signed-off-by: Jonas Gorski --- a/include/uapi/linux/fib_rules.h +++ b/include/uapi/linux/fib_rules.h -@@ -80,6 +80,8 @@ enum { +@@ -89,6 +89,8 @@ enum { __FR_ACT_MAX, }; @@ -39,7 +39,7 @@ Signed-off-by: Jonas Gorski */ --- a/include/uapi/linux/rtnetlink.h +++ b/include/uapi/linux/rtnetlink.h -@@ -225,6 +225,8 @@ enum { +@@ -232,6 +232,8 @@ enum { __RTN_MAX }; diff --git a/target/linux/generic/pending-4.19/680-NET-skip-GRO-for-foreign-MAC-addresses.patch b/target/linux/generic/pending-4.19/680-NET-skip-GRO-for-foreign-MAC-addresses.patch index 236a7833d2..9ea7612123 100644 --- a/target/linux/generic/pending-4.19/680-NET-skip-GRO-for-foreign-MAC-addresses.patch +++ b/target/linux/generic/pending-4.19/680-NET-skip-GRO-for-foreign-MAC-addresses.patch @@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -1763,6 +1763,8 @@ struct net_device { +@@ -1876,6 +1876,8 @@ struct net_device { struct netdev_hw_addr_list mc; struct netdev_hw_addr_list dev_addrs; @@ -22,9 +22,9 @@ Signed-off-by: Felix Fietkau #endif --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -782,6 +782,7 @@ struct sk_buff { - __u8 tc_redirected:1; - __u8 tc_from_ingress:1; +@@ -799,6 +799,7 @@ struct sk_buff { + #ifdef CONFIG_TLS_DEVICE + __u8 decrypted:1; #endif + __u8 gro_skip:1; @@ -32,8 +32,8 @@ Signed-off-by: Felix Fietkau __u16 tc_index; /* traffic control index */ --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -4805,6 +4805,9 @@ static enum gro_result dev_gro_receive(s - enum gro_result ret; +@@ -5447,6 +5447,9 @@ static enum gro_result dev_gro_receive(s + int same_flow; int grow; + if (skb->gro_skip) @@ -42,7 +42,7 @@ Signed-off-by: Felix Fietkau if (netif_elide_gro(skb->dev)) goto normal; -@@ -6279,6 +6282,48 @@ static void __netdev_adjacent_dev_unlink +@@ -6941,6 +6944,48 @@ static void __netdev_adjacent_dev_unlink &upper_dev->adj_list.lower); } @@ -90,24 +90,24 @@ Signed-off-by: Felix Fietkau + static int __netdev_upper_dev_link(struct net_device *dev, struct net_device *upper_dev, bool master, - void *upper_priv, void *upper_info) -@@ -6317,6 +6362,7 @@ static int __netdev_upper_dev_link(struc + void *upper_priv, void *upper_info, +@@ -6988,6 +7033,7 @@ static int __netdev_upper_dev_link(struc if (ret) return ret; + netdev_update_addr_mask(dev); - ret = call_netdevice_notifiers_info(NETDEV_CHANGEUPPER, dev, + ret = call_netdevice_notifiers_info(NETDEV_CHANGEUPPER, &changeupper_info.info); ret = notifier_to_errno(ret); -@@ -6394,6 +6440,7 @@ void netdev_upper_dev_unlink(struct net_ +@@ -7074,6 +7120,7 @@ void netdev_upper_dev_unlink(struct net_ __netdev_adjacent_dev_unlink_neighbour(dev, upper_dev); + netdev_update_addr_mask(dev); - call_netdevice_notifiers_info(NETDEV_CHANGEUPPER, dev, + call_netdevice_notifiers_info(NETDEV_CHANGEUPPER, &changeupper_info.info); } -@@ -6966,6 +7013,7 @@ int dev_set_mac_address(struct net_devic +@@ -7697,6 +7744,7 @@ int dev_set_mac_address(struct net_devic if (err) return err; dev->addr_assign_type = NET_ADDR_SET; diff --git a/target/linux/generic/pending-4.19/681-NET-add-of_get_mac_address_mtd.patch b/target/linux/generic/pending-4.19/681-NET-add-of_get_mac_address_mtd.patch index 2b89a05238..13f5640590 100644 --- a/target/linux/generic/pending-4.19/681-NET-add-of_get_mac_address_mtd.patch +++ b/target/linux/generic/pending-4.19/681-NET-add-of_get_mac_address_mtd.patch @@ -15,7 +15,7 @@ Signed-off-by: Felix Fietkau --- a/drivers/of/of_net.c +++ b/drivers/of/of_net.c -@@ -10,6 +10,7 @@ +@@ -11,6 +11,7 @@ #include #include #include @@ -23,7 +23,7 @@ Signed-off-by: Felix Fietkau /** * of_get_phy_mode - Get phy mode for given device_node -@@ -38,7 +39,7 @@ int of_get_phy_mode(struct device_node * +@@ -39,7 +40,7 @@ int of_get_phy_mode(struct device_node * } EXPORT_SYMBOL_GPL(of_get_phy_mode); @@ -32,7 +32,7 @@ Signed-off-by: Felix Fietkau { struct property *pp = of_find_property(np, name, NULL); -@@ -47,6 +48,79 @@ static const void *of_get_mac_addr(struc +@@ -48,6 +49,79 @@ static const void *of_get_mac_addr(struc return NULL; } @@ -112,7 +112,7 @@ Signed-off-by: Felix Fietkau /** * Search the device tree for the best MAC address to use. 'mac-address' is * checked first, because that is supposed to contain to "most recent" MAC -@@ -64,11 +138,18 @@ static const void *of_get_mac_addr(struc +@@ -65,11 +139,18 @@ static const void *of_get_mac_addr(struc * addresses. Some older U-Boots only initialized 'local-mac-address'. In * this case, the real MAC is in 'local-mac-address', and 'mac-address' exists * but is all zeros. diff --git a/target/linux/generic/pending-4.19/701-phy_extension.patch b/target/linux/generic/pending-4.19/701-phy_extension.patch index 0f0b0e0467..a340872e56 100644 --- a/target/linux/generic/pending-4.19/701-phy_extension.patch +++ b/target/linux/generic/pending-4.19/701-phy_extension.patch @@ -85,7 +85,7 @@ Signed-off-by: John Crispin * @phydev: the phy_device struct --- a/include/linux/phy.h +++ b/include/linux/phy.h -@@ -909,6 +909,7 @@ void phy_ethtool_ksettings_get(struct ph +@@ -1045,6 +1045,7 @@ void phy_ethtool_ksettings_get(struct ph struct ethtool_link_ksettings *cmd); int phy_ethtool_ksettings_set(struct phy_device *phydev, const struct ethtool_link_ksettings *cmd); diff --git a/target/linux/generic/pending-4.19/703-phy-add-detach-callback-to-struct-phy_driver.patch b/target/linux/generic/pending-4.19/703-phy-add-detach-callback-to-struct-phy_driver.patch index 11436a2166..bc45d4ed68 100644 --- a/target/linux/generic/pending-4.19/703-phy-add-detach-callback-to-struct-phy_driver.patch +++ b/target/linux/generic/pending-4.19/703-phy-add-detach-callback-to-struct-phy_driver.patch @@ -11,7 +11,7 @@ Signed-off-by: Gabor Juhos --- a/drivers/net/phy/phy_device.c +++ b/drivers/net/phy/phy_device.c -@@ -1102,6 +1102,9 @@ void phy_detach(struct phy_device *phyde +@@ -1133,6 +1133,9 @@ void phy_detach(struct phy_device *phyde struct module *ndev_owner = dev->dev.parent->driver->owner; struct mii_bus *bus; @@ -23,7 +23,7 @@ Signed-off-by: Gabor Juhos sysfs_remove_link(&phydev->mdio.dev.kobj, "attached_dev"); --- a/include/linux/phy.h +++ b/include/linux/phy.h -@@ -559,6 +559,12 @@ struct phy_driver { +@@ -560,6 +560,12 @@ struct phy_driver { */ int (*did_interrupt)(struct phy_device *phydev); diff --git a/target/linux/generic/pending-4.19/734-net-phy-at803x-allow-to-configure-via-pdata.patch b/target/linux/generic/pending-4.19/734-net-phy-at803x-allow-to-configure-via-pdata.patch index 27bbf572e9..e56e77addf 100644 --- a/target/linux/generic/pending-4.19/734-net-phy-at803x-allow-to-configure-via-pdata.patch +++ b/target/linux/generic/pending-4.19/734-net-phy-at803x-allow-to-configure-via-pdata.patch @@ -40,15 +40,15 @@ Signed-off-by: Gabor Juhos #define AT803X_DEBUG_ADDR 0x1D #define AT803X_DEBUG_DATA 0x1E -@@ -74,6 +81,7 @@ MODULE_LICENSE("GPL"); +@@ -73,6 +80,7 @@ MODULE_LICENSE("GPL"); + struct at803x_priv { bool phy_reset:1; - struct gpio_desc *gpiod_reset; + int prev_speed; }; struct at803x_context { -@@ -274,8 +282,16 @@ does_not_require_reset_workaround: +@@ -249,8 +257,16 @@ static int at803x_probe(struct phy_devic return 0; } @@ -65,7 +65,7 @@ Signed-off-by: Gabor Juhos int ret; ret = genphy_config_init(phydev); -@@ -296,6 +312,26 @@ static int at803x_config_init(struct phy +@@ -271,6 +287,26 @@ static int at803x_config_init(struct phy return ret; } @@ -92,7 +92,7 @@ Signed-off-by: Gabor Juhos return 0; } -@@ -333,6 +369,8 @@ static int at803x_config_intr(struct phy +@@ -308,6 +344,8 @@ static int at803x_config_intr(struct phy static void at803x_link_change_notify(struct phy_device *phydev) { struct at803x_priv *priv = phydev->priv; @@ -101,7 +101,7 @@ Signed-off-by: Gabor Juhos /* * Conduct a hardware reset for AT8030/2 every time a link loss is -@@ -361,6 +399,24 @@ static void at803x_link_change_notify(st +@@ -336,6 +374,24 @@ static void at803x_link_change_notify(st } else { priv->phy_reset = false; } diff --git a/target/linux/generic/pending-4.19/735-net-phy-at803x-fix-at8033-sgmii-mode.patch b/target/linux/generic/pending-4.19/735-net-phy-at803x-fix-at8033-sgmii-mode.patch index 8c5c21b1bc..1f81b37f71 100644 --- a/target/linux/generic/pending-4.19/735-net-phy-at803x-fix-at8033-sgmii-mode.patch +++ b/target/linux/generic/pending-4.19/735-net-phy-at803x-fix-at8033-sgmii-mode.patch @@ -21,7 +21,7 @@ Signed-off-by: Roman Yeryomin #define AT803X_PCS_SMART_EEE_CTRL3 0x805D #define AT803X_SMART_EEE_CTRL3_LPI_TX_DELAY_SEL_MASK 0x3 -@@ -293,6 +294,27 @@ static int at803x_config_init(struct phy +@@ -268,6 +269,27 @@ static int at803x_config_init(struct phy { struct at803x_platform_data *pdata; int ret; diff --git a/target/linux/generic/pending-4.19/736-net-phy-at803x-allow-to-configure-via-dt.patch b/target/linux/generic/pending-4.19/736-net-phy-at803x-allow-to-configure-via-dt.patch index 6bc626dd6a..496700f377 100644 --- a/target/linux/generic/pending-4.19/736-net-phy-at803x-allow-to-configure-via-dt.patch +++ b/target/linux/generic/pending-4.19/736-net-phy-at803x-allow-to-configure-via-dt.patch @@ -1,6 +1,6 @@ --- a/drivers/net/phy/at803x.c +++ b/drivers/net/phy/at803x.c -@@ -354,6 +354,14 @@ static int at803x_config_init(struct phy +@@ -329,6 +329,14 @@ static int at803x_config_init(struct phy AT803X_DEBUG_TX_CLK_DLY_EN, 0); } @@ -15,7 +15,7 @@ return 0; } -@@ -392,6 +400,7 @@ static void at803x_link_change_notify(st +@@ -367,6 +375,7 @@ static void at803x_link_change_notify(st { struct at803x_priv *priv = phydev->priv; struct at803x_platform_data *pdata; @@ -23,7 +23,7 @@ pdata = dev_get_platdata(&phydev->mdio.dev); /* -@@ -421,8 +430,19 @@ static void at803x_link_change_notify(st +@@ -396,8 +405,19 @@ static void at803x_link_change_notify(st } else { priv->phy_reset = false; } diff --git a/target/linux/generic/pending-4.19/810-pci_disable_common_quirks.patch b/target/linux/generic/pending-4.19/810-pci_disable_common_quirks.patch index c80e58105d..3f452ebf48 100644 --- a/target/linux/generic/pending-4.19/810-pci_disable_common_quirks.patch +++ b/target/linux/generic/pending-4.19/810-pci_disable_common_quirks.patch @@ -9,7 +9,7 @@ Signed-off-by: Gabor Juhos --- a/drivers/pci/Kconfig +++ b/drivers/pci/Kconfig -@@ -71,6 +71,12 @@ config XEN_PCIDEV_FRONTEND +@@ -89,6 +89,13 @@ config XEN_PCIDEV_FRONTEND The PCI device frontend driver allows the kernel to import arbitrary PCI devices from a PCI backend to support PCI driver domains. @@ -19,37 +19,39 @@ Signed-off-by: Gabor Juhos + help + If you don't know what to do here, say N. + - config HT_IRQ - bool "Interrupts on hypertransport devices" - default y ++ + config PCI_ATS + bool + --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c -@@ -43,6 +43,7 @@ static void quirk_mmio_always_on(struct +@@ -207,6 +207,7 @@ static void quirk_mmio_always_on(struct DECLARE_PCI_FIXUP_CLASS_EARLY(PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_BRIDGE_HOST, 8, quirk_mmio_always_on); +#ifndef CONFIG_PCI_DISABLE_COMMON_QUIRKS - /* The Mellanox Tavor device gives false positive parity errors - * Mark this device with a broken_parity_status, to allow - * PCI scanning code to "skip" this now blacklisted device. -@@ -3077,6 +3078,7 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_I + /* + * The Mellanox Tavor device gives false positive parity errors. Mark this + * device with a broken_parity_status to allow PCI scanning code to "skip" +@@ -3135,6 +3136,8 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_I DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x65f9, quirk_intel_mc_errata); DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x65fa, quirk_intel_mc_errata); +#endif /* !CONFIG_PCI_DISABLE_COMMON_QUIRKS */ - ++ /* - * Ivytown NTB BAR sizes are misreported by the hardware due to an erratum. To -@@ -3133,6 +3135,8 @@ static void fixup_debug_report(struct pc - } - } + * Ivytown NTB BAR sizes are misreported by the hardware due to an erratum. + * To work around this, query the size it should be configured to by the +@@ -3160,6 +3163,8 @@ static void quirk_intel_ntb(struct pci_d + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x0e08, quirk_intel_ntb); + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x0e0d, quirk_intel_ntb); +#ifndef CONFIG_PCI_DISABLE_COMMON_QUIRKS + /* - * Some BIOS implementations leave the Intel GPU interrupts enabled, - * even though no one is handling them (f.e. i915 driver is never loaded). -@@ -3171,6 +3175,8 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_IN + * Some BIOS implementations leave the Intel GPU interrupts enabled, even + * though no one is handling them (e.g., if the i915 driver is never +@@ -3198,6 +3203,8 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_IN DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x010a, disable_igfx_irq); DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0152, disable_igfx_irq); diff --git a/target/linux/generic/pending-4.19/811-pci_disable_usb_common_quirks.patch b/target/linux/generic/pending-4.19/811-pci_disable_usb_common_quirks.patch index f40214c29b..7d36af7d26 100644 --- a/target/linux/generic/pending-4.19/811-pci_disable_usb_common_quirks.patch +++ b/target/linux/generic/pending-4.19/811-pci_disable_usb_common_quirks.patch @@ -10,7 +10,7 @@ Signed-off-by: Felix Fietkau --- a/drivers/usb/host/pci-quirks.c +++ b/drivers/usb/host/pci-quirks.c -@@ -124,6 +124,8 @@ struct amd_chipset_type { +@@ -125,6 +125,8 @@ struct amd_chipset_type { u8 rev; }; @@ -19,7 +19,7 @@ Signed-off-by: Felix Fietkau static struct amd_chipset_info { struct pci_dev *nb_dev; struct pci_dev *smbus_dev; -@@ -620,6 +622,10 @@ bool usb_amd_pt_check_port(struct device +@@ -621,6 +623,10 @@ bool usb_amd_pt_check_port(struct device } EXPORT_SYMBOL_GPL(usb_amd_pt_check_port); @@ -30,7 +30,7 @@ Signed-off-by: Felix Fietkau /* * Make sure the controller is completely inactive, unable to * generate interrupts or do DMA. -@@ -699,8 +705,17 @@ reset_needed: +@@ -700,8 +706,17 @@ reset_needed: uhci_reset_hc(pdev, base); return 1; } @@ -48,10 +48,10 @@ Signed-off-by: Felix Fietkau static inline int io_type_enabled(struct pci_dev *pdev, unsigned int mask) { u16 cmd; -@@ -1287,3 +1302,4 @@ bool usb_xhci_needs_pci_reset(struct pci - return false; +@@ -1268,3 +1283,4 @@ static void quirk_usb_early_handoff(stru } - EXPORT_SYMBOL_GPL(usb_xhci_needs_pci_reset); + DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_ANY_ID, PCI_ANY_ID, + PCI_CLASS_SERIAL_USB, 8, quirk_usb_early_handoff); +#endif --- a/drivers/usb/host/pci-quirks.h +++ b/drivers/usb/host/pci-quirks.h @@ -65,7 +65,7 @@ Signed-off-by: Felix Fietkau int usb_amd_find_chipset_info(void); int usb_hcd_amd_remote_wakeup_quirk(struct pci_dev *pdev); bool usb_amd_hang_symptom_quirk(void); -@@ -20,6 +23,18 @@ bool usb_xhci_needs_pci_reset(struct pci +@@ -19,6 +22,18 @@ void sb800_prefetch(struct device *dev, bool usb_amd_pt_check_port(struct device *device, int port); #else struct pci_dev; @@ -84,7 +84,7 @@ Signed-off-by: Felix Fietkau static inline void usb_amd_quirk_pll_disable(void) {} static inline void usb_amd_quirk_pll_enable(void) {} static inline void usb_asmedia_modifyflowcontrol(struct pci_dev *pdev) {} -@@ -30,6 +45,11 @@ static inline bool usb_amd_pt_check_port +@@ -29,6 +44,11 @@ static inline bool usb_amd_pt_check_port { return false; } @@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau #endif /* __LINUX_USB_PCI_QUIRKS_H */ --- a/include/linux/usb/hcd.h +++ b/include/linux/usb/hcd.h -@@ -465,7 +465,14 @@ extern int usb_hcd_pci_probe(struct pci_ +@@ -473,7 +473,14 @@ extern int usb_hcd_pci_probe(struct pci_ extern void usb_hcd_pci_remove(struct pci_dev *dev); extern void usb_hcd_pci_shutdown(struct pci_dev *dev); diff --git a/target/linux/generic/pending-4.19/834-ledtrig-libata.patch b/target/linux/generic/pending-4.19/834-ledtrig-libata.patch index 2eec024b72..d89bfec897 100644 --- a/target/linux/generic/pending-4.19/834-ledtrig-libata.patch +++ b/target/linux/generic/pending-4.19/834-ledtrig-libata.patch @@ -65,7 +65,7 @@ Signed-off-by: Daniel Golle /** * ata_build_rw_tf - Build ATA taskfile for given read/write request * @tf: Target ATA taskfile -@@ -5120,6 +5133,9 @@ struct ata_queued_cmd *ata_qc_new_init(s +@@ -5129,6 +5142,9 @@ struct ata_queued_cmd *ata_qc_new_init(s if (tag < 0) return NULL; } @@ -74,8 +74,8 @@ Signed-off-by: Daniel Golle +#endif qc = __ata_qc_from_tag(ap, tag); - qc->tag = tag; -@@ -6021,6 +6037,9 @@ struct ata_port *ata_port_alloc(struct a + qc->tag = qc->hw_tag = tag; +@@ -6039,6 +6055,9 @@ struct ata_port *ata_port_alloc(struct a ap->stats.unhandled_irq = 1; ap->stats.idle_irq = 1; #endif @@ -85,7 +85,7 @@ Signed-off-by: Daniel Golle ata_sff_port_init(ap); return ap; -@@ -6042,6 +6061,12 @@ static void ata_host_release(struct devi +@@ -6074,6 +6093,12 @@ static void ata_host_release(struct kref kfree(ap->pmp_link); kfree(ap->slave_link); @@ -98,7 +98,7 @@ Signed-off-by: Daniel Golle kfree(ap); host->ports[i] = NULL; } -@@ -6488,7 +6513,23 @@ int ata_host_register(struct ata_host *h +@@ -6537,7 +6562,23 @@ int ata_host_register(struct ata_host *h host->ports[i]->print_id = atomic_inc_return(&ata_print_id); host->ports[i]->local_port_no = i + 1; } @@ -134,7 +134,7 @@ Signed-off-by: Daniel Golle /* * Define if arch has non-standard setup. This is a _PCI_ standard -@@ -890,6 +893,12 @@ struct ata_port { +@@ -893,6 +896,12 @@ struct ata_port { #ifdef CONFIG_ATA_ACPI struct ata_acpi_gtm __acpi_init_gtm; /* use ata_acpi_init_gtm() */ #endif diff --git a/target/linux/generic/pending-4.19/920-mangle_bootargs.patch b/target/linux/generic/pending-4.19/920-mangle_bootargs.patch index adeb9f12f9..85e6b97bb1 100644 --- a/target/linux/generic/pending-4.19/920-mangle_bootargs.patch +++ b/target/linux/generic/pending-4.19/920-mangle_bootargs.patch @@ -13,7 +13,7 @@ Signed-off-by: Imre Kaloz --- a/init/Kconfig +++ b/init/Kconfig -@@ -1427,6 +1427,15 @@ config EMBEDDED +@@ -1522,6 +1522,15 @@ config EMBEDDED an embedded system so certain expert options are available for configuration. @@ -31,7 +31,7 @@ Signed-off-by: Imre Kaloz help --- a/init/main.c +++ b/init/main.c -@@ -359,6 +359,29 @@ static inline void setup_nr_cpu_ids(void +@@ -366,6 +366,29 @@ static inline void setup_nr_cpu_ids(void static inline void smp_prepare_cpus(unsigned int maxcpus) { } #endif @@ -61,7 +61,7 @@ Signed-off-by: Imre Kaloz /* * We need to store the untouched command line for future reference. * We also need to store the touched command line since the parameter -@@ -540,6 +563,7 @@ asmlinkage __visible void __init start_k +@@ -558,6 +581,7 @@ asmlinkage __visible void __init start_k add_device_randomness(command_line, strlen(command_line)); boot_init_stack_canary(); mm_init_cpumask(&init_mm); diff --git a/target/linux/generic/pending-4.19/950-tty-serial-exar-generalize-rs485-setup.patch b/target/linux/generic/pending-4.19/950-tty-serial-exar-generalize-rs485-setup.patch deleted file mode 100644 index 869bf7b9b2..0000000000 --- a/target/linux/generic/pending-4.19/950-tty-serial-exar-generalize-rs485-setup.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 24d5ba8ad40c3ac7903f688580c345aafa764dc7 Mon Sep 17 00:00:00 2001 -From: Daniel Golle -Date: Mon, 4 Jun 2018 14:51:29 +0200 -Subject: [PATCH] tty: serial: exar: generalize rs485 setup -To: linux-serial@vger.kernel.org, - Greg Kroah-Hartman -Cc: Linus Walleij , - Jan Kiszka - -Move the non-board-specific part of the RS485 initialization -from iot2040_rs485_config function to a new generic function -used also for other boards. -This allows using PCIe boards which are hard-wired to RS485 -or have jumpers for their configurations. - -Signed-off-by: Daniel Golle ---- - drivers/tty/serial/8250/8250_exar.c | 38 +++++++++++++++++++---------- - 1 file changed, 25 insertions(+), 13 deletions(-) - ---- a/drivers/tty/serial/8250/8250_exar.c -+++ b/drivers/tty/serial/8250/8250_exar.c -@@ -275,8 +275,32 @@ static int xr17v35x_register_gpio(struct - return 0; - } - -+static int generic_rs485_config(struct uart_port *port, -+ struct serial_rs485 *rs485) -+{ -+ bool is_rs485 = !!(rs485->flags & SER_RS485_ENABLED); -+ u8 __iomem *p = port->membase; -+ u8 value; -+ -+ value = readb(p + UART_EXAR_FCTR); -+ if (is_rs485) -+ value |= UART_FCTR_EXAR_485; -+ else -+ value &= ~UART_FCTR_EXAR_485; -+ -+ writeb(value, p + UART_EXAR_FCTR); -+ -+ if (is_rs485) -+ writeb(UART_EXAR_RS485_DLY(4), p + UART_MSR); -+ -+ port->rs485 = *rs485; -+ -+ return 0; -+} -+ - static const struct exar8250_platform exar8250_default_platform = { - .register_gpio = xr17v35x_register_gpio, -+ .rs485_config = generic_rs485_config, - }; - - static int iot2040_rs485_config(struct uart_port *port, -@@ -309,19 +333,7 @@ static int iot2040_rs485_config(struct u - value |= mode; - writeb(value, p + UART_EXAR_MPIOLVL_7_0); - -- value = readb(p + UART_EXAR_FCTR); -- if (is_rs485) -- value |= UART_FCTR_EXAR_485; -- else -- value &= ~UART_FCTR_EXAR_485; -- writeb(value, p + UART_EXAR_FCTR); -- -- if (is_rs485) -- writeb(UART_EXAR_RS485_DLY(4), p + UART_MSR); -- -- port->rs485 = *rs485; -- -- return 0; -+ return generic_rs485_config(port, rs485); - } - - static const struct property_entry iot2040_gpio_properties[] = { -- cgit v1.2.3