update kernel to 5.10.198

hc

2024-01-03 2f7c68cb55ecb7331f2381deb497c27155f32faf

 kernel/net/netfilter/nf_conntrack_netlink.c
..
..
@@ -317,11 +317,12 @@
317
317
 }
318
318
 
319
319
 #ifdef CONFIG_NF_CONNTRACK_MARK
320
-static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct)
320
+static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct,
321
+			       bool dump)
321
322
 {
322
323
 	u32 mark = READ_ONCE(ct->mark);
323
324
 
324
-	if (!mark)
325
+	if (!mark && !dump)
325
326
 		return 0;
326
327
 
327
328
 	if (nla_put_be32(skb, CTA_MARK, htonl(mark)))
..
..
@@ -332,7 +333,7 @@
332
333
 	return -1;
333
334
 }
334
335
 #else
335
-#define ctnetlink_dump_mark(a, b) (0)
336
+#define ctnetlink_dump_mark(a, b, c) (0)
336
337
 #endif
337
338
 
338
339
 #ifdef CONFIG_NF_CONNTRACK_SECMARK
..
..
@@ -537,7 +538,7 @@
537
538
 static int ctnetlink_dump_info(struct sk_buff *skb, struct nf_conn *ct)
538
539
 {
539
540
 	if (ctnetlink_dump_status(skb, ct) < 0 ||
540
-	    ctnetlink_dump_mark(skb, ct) < 0 ||
541
+	    ctnetlink_dump_mark(skb, ct, true) < 0 ||
541
542
 	    ctnetlink_dump_secctx(skb, ct) < 0 ||
542
543
 	    ctnetlink_dump_id(skb, ct) < 0 ||
543
544
 	    ctnetlink_dump_use(skb, ct) < 0 ||
..
..
@@ -816,8 +817,7 @@
816
817
 	}
817
818
 
818
819
 #ifdef CONFIG_NF_CONNTRACK_MARK
819
-	if (events & (1 << IPCT_MARK) &&
820
-	    ctnetlink_dump_mark(skb, ct) < 0)
820
+	if (ctnetlink_dump_mark(skb, ct, events & (1 << IPCT_MARK)))
821
821
 		goto nla_put_failure;
822
822
 #endif
823
823
 	nlmsg_end(skb, nlh);
..
..
@@ -1493,9 +1493,6 @@
1493
1493
 
1494
1494
 static int ctnetlink_flush_iterate(struct nf_conn *ct, void *data)
1495
1495
 {
1496
-	if (test_bit(IPS_OFFLOAD_BIT, &ct->status))
1497
-		return 0;
1498
-
1499
1496
 	return ctnetlink_filter_match(ct, data);
1500
1497
 }
1501
1498
 
..
..
@@ -1560,11 +1557,6 @@
1560
1557
 		return -ENOENT;
1561
1558
 
1562
1559
 	ct = nf_ct_tuplehash_to_ctrack(h);
1563
-
1564
-	if (test_bit(IPS_OFFLOAD_BIT, &ct->status)) {
1565
-		nf_ct_put(ct);
1566
-		return -EBUSY;
1567
-	}
1568
1560
 
1569
1561
 	if (cda[CTA_ID]) {
1570
1562
 		__be32 id = nla_get_be32(cda[CTA_ID]);
..
..
@@ -2359,12 +2351,15 @@
2359
2351
 
2360
2352
 	err = nf_conntrack_hash_check_insert(ct);
2361
2353
 	if (err < 0)
2362
-		goto err2;
2354
+		goto err3;
2363
2355
 
2364
2356
 	rcu_read_unlock();
2365
2357
 
2366
2358
 	return ct;
2367
2359
 
2360
+err3:
2361
+	if (ct->master)
2362
+		nf_ct_put(ct->master);
2368
2363
 err2:
2369
2364
 	rcu_read_unlock();
2370
2365
 err1:
..
..
@@ -2731,7 +2726,7 @@
2731
2726
 		goto nla_put_failure;
2732
2727
 
2733
2728
 #ifdef CONFIG_NF_CONNTRACK_MARK
2734
-	if (ctnetlink_dump_mark(skb, ct) < 0)
2729
+	if (ctnetlink_dump_mark(skb, ct, true) < 0)
2735
2730
 		goto nla_put_failure;
2736
2731
 #endif
2737
2732
 	if (ctnetlink_dump_labels(skb, ct) < 0)
..
..
@@ -2973,7 +2968,9 @@
2973
2968
 	return -1;
2974
2969
 }
2975
2970
 
2971
+#if IS_ENABLED(CONFIG_NF_NAT)
2976
2972
 static const union nf_inet_addr any_addr;
2973
+#endif
2977
2974
 
2978
2975
 static __be32 nf_expect_get_id(const struct nf_conntrack_expect *exp)
2979
2976
 {
..
..
@@ -3463,10 +3460,12 @@
3463
3460
 	return 0;
3464
3461
 }
3465
3462
 
3463
+#if IS_ENABLED(CONFIG_NF_NAT)
3466
3464
 static const struct nla_policy exp_nat_nla_policy[CTA_EXPECT_NAT_MAX+1] = {
3467
3465
 	[CTA_EXPECT_NAT_DIR]	= { .type = NLA_U32 },
3468
3466
 	[CTA_EXPECT_NAT_TUPLE]	= { .type = NLA_NESTED },
3469
3467
 };
3468
+#endif
3470
3469
 
3471
3470
 static int
3472
3471
 ctnetlink_parse_expect_nat(const struct nlattr *attr,