commit: 9ef98c5697beb1db50b4e4dee8bc2e28bb3929bb Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Sun Mar 23 11:45:27 2025 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Sun Mar 23 11:45:27 2025 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=9ef98c56
Remove redundant patch Removed: 2011_netfilter-nf-tables-allow-clone-callbacks-to-sleep.patch Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> 0000_README | 4 - ...-nf-tables-allow-clone-callbacks-to-sleep.patch | 264 --------------------- 2 files changed, 268 deletions(-) diff --git a/0000_README b/0000_README index 024bd18b..40f1c5ab 100644 --- a/0000_README +++ b/0000_README @@ -399,10 +399,6 @@ Patch: 2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch From: https://lore.kernel.org/linux-bluetooth/[email protected]/raw Desc: Bluetooth: Check key sizes only when Secure Simple Pairing is enabled. See bug #686758 -Patch: 2011_netfilter-nf-tables-allow-clone-callbacks-to-sleep.patch -From: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git -Desc: netfilter: nf_tables: allow clone callbacks to sleep - Patch: 2400_wifi-rtw89-88xb-firmware patch From: https://bugs.gentoo.org/946802 Desc: wifi: rtw89: 885xb: reset IDMEM mode to prevent download firmware failure diff --git a/2011_netfilter-nf-tables-allow-clone-callbacks-to-sleep.patch b/2011_netfilter-nf-tables-allow-clone-callbacks-to-sleep.patch deleted file mode 100644 index 05da3a8e..00000000 --- a/2011_netfilter-nf-tables-allow-clone-callbacks-to-sleep.patch +++ /dev/null @@ -1,264 +0,0 @@ -From b19498a9f2cca6aaeb56e6322ddfff33c338c0c7 Mon Sep 17 00:00:00 2001 -From: Kerin Millar <[email protected]> -Date: Thu, 25 Jul 2024 00:04:48 +0200 -Subject: [PATCH 2/2] Backport fa23e0d4b756d25829e124d6b670a4c6bbd4bf7e to - linux-6.6.y - -Signed-off-by: Kerin Millar <[email protected]> ---- - -From fa23e0d4b756d25829e124d6b670a4c6bbd4bf7e Mon Sep 17 00:00:00 2001 -From: Florian Westphal <[email protected]> -Date: Wed, 8 May 2024 14:52:47 +0200 -Subject: netfilter: nf_tables: allow clone callbacks to sleep - -Sven Auhagen reports transaction failures with following error: - ./main.nft:13:1-26: Error: Could not process rule: Cannot allocate memory - percpu: allocation failed, size=16 align=8 atomic=1, atomic alloc failed, no space left - -This points to failing pcpu allocation with GFP_ATOMIC flag. -However, transactions happen from user context and are allowed to sleep. - -One case where we can call into percpu allocator with GFP_ATOMIC is -nft_counter expression. - -Normally this happens from control plane, so this could use GFP_KERNEL -instead. But one use case, element insertion from packet path, -needs to use GFP_ATOMIC allocations (nft_dynset expression). - -At this time, .clone callbacks always use GFP_ATOMIC for this reason. - -Add gfp_t argument to the .clone function and pass GFP_KERNEL or -GFP_ATOMIC flag depending on context, this allows all clone memory -allocations to sleep for the normal (transaction) case. - -Cc: Sven Auhagen <[email protected]> -Signed-off-by: Florian Westphal <[email protected]> -Signed-off-by: Pablo Neira Ayuso <[email protected]> ---- - include/net/netfilter/nf_tables.h | 4 ++-- - net/netfilter/nf_tables_api.c | 8 ++++---- - net/netfilter/nft_connlimit.c | 4 ++-- - net/netfilter/nft_counter.c | 4 ++-- - net/netfilter/nft_dynset.c | 2 +- - net/netfilter/nft_last.c | 4 ++-- - net/netfilter/nft_limit.c | 14 ++++++++------ - net/netfilter/nft_quota.c | 4 ++-- - 8 files changed, 23 insertions(+), 21 deletions(-) - -diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h -index 8af254352..b4a6a45e2 100644 ---- a/include/net/netfilter/nf_tables.h -+++ b/include/net/netfilter/nf_tables.h -@@ -392,7 +392,7 @@ struct nft_expr_info; - - int nft_expr_inner_parse(const struct nft_ctx *ctx, const struct nlattr *nla, - struct nft_expr_info *info); --int nft_expr_clone(struct nft_expr *dst, struct nft_expr *src); -+int nft_expr_clone(struct nft_expr *dst, struct nft_expr *src, gfp_t gfp); - void nft_expr_destroy(const struct nft_ctx *ctx, struct nft_expr *expr); - int nft_expr_dump(struct sk_buff *skb, unsigned int attr, - const struct nft_expr *expr, bool reset); -@@ -889,7 +889,7 @@ struct nft_expr_ops { - struct nft_regs *regs, - const struct nft_pktinfo *pkt); - int (*clone)(struct nft_expr *dst, -- const struct nft_expr *src); -+ const struct nft_expr *src, gfp_t gfp); - unsigned int size; - - int (*init)(const struct nft_ctx *ctx, -diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c -index b53fc54f2..ec153266b 100644 ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -3312,7 +3312,7 @@ static struct nft_expr *nft_expr_init(const struct nft_ctx *ctx, - return ERR_PTR(err); - } - --int nft_expr_clone(struct nft_expr *dst, struct nft_expr *src) -+int nft_expr_clone(struct nft_expr *dst, struct nft_expr *src, gfp_t gfp) - { - int err; - -@@ -3320,7 +3320,7 @@ int nft_expr_clone(struct nft_expr *dst, struct nft_expr *src) - return -EINVAL; - - dst->ops = src->ops; -- err = src->ops->clone(dst, src); -+ err = src->ops->clone(dst, src, gfp); - if (err < 0) - return err; - -@@ -6345,7 +6345,7 @@ int nft_set_elem_expr_clone(const struct nft_ctx *ctx, struct nft_set *set, - if (!expr) - goto err_expr; - -- err = nft_expr_clone(expr, set->exprs[i]); -+ err = nft_expr_clone(expr, set->exprs[i], GFP_KERNEL_ACCOUNT); - if (err < 0) { - kfree(expr); - goto err_expr; -@@ -6384,7 +6384,7 @@ static int nft_set_elem_expr_setup(struct nft_ctx *ctx, - - for (i = 0; i < num_exprs; i++) { - expr = nft_setelem_expr_at(elem_expr, elem_expr->size); -- err = nft_expr_clone(expr, expr_array[i]); -+ err = nft_expr_clone(expr, expr_array[i], GFP_KERNEL_ACCOUNT); - if (err < 0) - goto err_elem_expr_setup; - -diff --git a/net/netfilter/nft_connlimit.c b/net/netfilter/nft_connlimit.c -index de9d1980d..92b984fa8 100644 ---- a/net/netfilter/nft_connlimit.c -+++ b/net/netfilter/nft_connlimit.c -@@ -210,12 +210,12 @@ static void nft_connlimit_destroy(const struct nft_ctx *ctx, - nft_connlimit_do_destroy(ctx, priv); - } - --static int nft_connlimit_clone(struct nft_expr *dst, const struct nft_expr *src) -+static int nft_connlimit_clone(struct nft_expr *dst, const struct nft_expr *src, gfp_t gfp) - { - struct nft_connlimit *priv_dst = nft_expr_priv(dst); - struct nft_connlimit *priv_src = nft_expr_priv(src); - -- priv_dst->list = kmalloc(sizeof(*priv_dst->list), GFP_ATOMIC); -+ priv_dst->list = kmalloc(sizeof(*priv_dst->list), gfp); - if (!priv_dst->list) - return -ENOMEM; - -diff --git a/net/netfilter/nft_counter.c b/net/netfilter/nft_counter.c -index dccc68a51..291ed2026 100644 ---- a/net/netfilter/nft_counter.c -+++ b/net/netfilter/nft_counter.c -@@ -226,7 +226,7 @@ static void nft_counter_destroy(const struct nft_ctx *ctx, - nft_counter_do_destroy(priv); - } - --static int nft_counter_clone(struct nft_expr *dst, const struct nft_expr *src) -+static int nft_counter_clone(struct nft_expr *dst, const struct nft_expr *src, gfp_t gfp) - { - struct nft_counter_percpu_priv *priv = nft_expr_priv(src); - struct nft_counter_percpu_priv *priv_clone = nft_expr_priv(dst); -@@ -236,7 +236,7 @@ static int nft_counter_clone(struct nft_expr *dst, const struct nft_expr *src) - - nft_counter_fetch(priv, &total); - -- cpu_stats = alloc_percpu_gfp(struct nft_counter, GFP_ATOMIC); -+ cpu_stats = alloc_percpu_gfp(struct nft_counter, gfp); - if (cpu_stats == NULL) - return -ENOMEM; - -diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c -index 629a91a8c..a81bd69b0 100644 ---- a/net/netfilter/nft_dynset.c -+++ b/net/netfilter/nft_dynset.c -@@ -35,7 +35,7 @@ static int nft_dynset_expr_setup(const struct nft_dynset *priv, - - for (i = 0; i < priv->num_exprs; i++) { - expr = nft_setelem_expr_at(elem_expr, elem_expr->size); -- if (nft_expr_clone(expr, priv->expr_array[i]) < 0) -+ if (nft_expr_clone(expr, priv->expr_array[i], GFP_ATOMIC) < 0) - return -1; - - elem_expr->size += priv->expr_array[i]->ops->size; -diff --git a/net/netfilter/nft_last.c b/net/netfilter/nft_last.c -index 8e6d7eaf9..de1b6066b 100644 ---- a/net/netfilter/nft_last.c -+++ b/net/netfilter/nft_last.c -@@ -102,12 +102,12 @@ static void nft_last_destroy(const struct nft_ctx *ctx, - kfree(priv->last); - } - --static int nft_last_clone(struct nft_expr *dst, const struct nft_expr *src) -+static int nft_last_clone(struct nft_expr *dst, const struct nft_expr *src, gfp_t gfp) - { - struct nft_last_priv *priv_dst = nft_expr_priv(dst); - struct nft_last_priv *priv_src = nft_expr_priv(src); - -- priv_dst->last = kzalloc(sizeof(*priv_dst->last), GFP_ATOMIC); -+ priv_dst->last = kzalloc(sizeof(*priv_dst->last), gfp); - if (!priv_dst->last) - return -ENOMEM; - -diff --git a/net/netfilter/nft_limit.c b/net/netfilter/nft_limit.c -index cefa25e0d..21d26b79b 100644 ---- a/net/netfilter/nft_limit.c -+++ b/net/netfilter/nft_limit.c -@@ -150,7 +150,7 @@ static void nft_limit_destroy(const struct nft_ctx *ctx, - } - - static int nft_limit_clone(struct nft_limit_priv *priv_dst, -- const struct nft_limit_priv *priv_src) -+ const struct nft_limit_priv *priv_src, gfp_t gfp) - { - priv_dst->tokens_max = priv_src->tokens_max; - priv_dst->rate = priv_src->rate; -@@ -158,7 +158,7 @@ static int nft_limit_clone(struct nft_limit_priv *priv_dst, - priv_dst->burst = priv_src->burst; - priv_dst->invert = priv_src->invert; - -- priv_dst->limit = kmalloc(sizeof(*priv_dst->limit), GFP_ATOMIC); -+ priv_dst->limit = kmalloc(sizeof(*priv_dst->limit), gfp); - if (!priv_dst->limit) - return -ENOMEM; - -@@ -223,14 +223,15 @@ static void nft_limit_pkts_destroy(const struct nft_ctx *ctx, - nft_limit_destroy(ctx, &priv->limit); - } - --static int nft_limit_pkts_clone(struct nft_expr *dst, const struct nft_expr *src) -+static int nft_limit_pkts_clone(struct nft_expr *dst, const struct nft_expr *src, -+ gfp_t gfp) - { - struct nft_limit_priv_pkts *priv_dst = nft_expr_priv(dst); - struct nft_limit_priv_pkts *priv_src = nft_expr_priv(src); - - priv_dst->cost = priv_src->cost; - -- return nft_limit_clone(&priv_dst->limit, &priv_src->limit); -+ return nft_limit_clone(&priv_dst->limit, &priv_src->limit, gfp); - } - - static struct nft_expr_type nft_limit_type; -@@ -281,12 +282,13 @@ static void nft_limit_bytes_destroy(const struct nft_ctx *ctx, - nft_limit_destroy(ctx, priv); - } - --static int nft_limit_bytes_clone(struct nft_expr *dst, const struct nft_expr *src) -+static int nft_limit_bytes_clone(struct nft_expr *dst, const struct nft_expr *src, -+ gfp_t gfp) - { - struct nft_limit_priv *priv_dst = nft_expr_priv(dst); - struct nft_limit_priv *priv_src = nft_expr_priv(src); - -- return nft_limit_clone(priv_dst, priv_src); -+ return nft_limit_clone(priv_dst, priv_src, gfp); - } - - static const struct nft_expr_ops nft_limit_bytes_ops = { -diff --git a/net/netfilter/nft_quota.c b/net/netfilter/nft_quota.c -index 3ba12a747..9b2d7463d 100644 ---- a/net/netfilter/nft_quota.c -+++ b/net/netfilter/nft_quota.c -@@ -233,7 +233,7 @@ static void nft_quota_destroy(const struct nft_ctx *ctx, - return nft_quota_do_destroy(ctx, priv); - } - --static int nft_quota_clone(struct nft_expr *dst, const struct nft_expr *src) -+static int nft_quota_clone(struct nft_expr *dst, const struct nft_expr *src, gfp_t gfp) - { - struct nft_quota *priv_dst = nft_expr_priv(dst); - struct nft_quota *priv_src = nft_expr_priv(src); -@@ -241,7 +241,7 @@ static int nft_quota_clone(struct nft_expr *dst, const struct nft_expr *src) - priv_dst->quota = priv_src->quota; - priv_dst->flags = priv_src->flags; - -- priv_dst->consumed = kmalloc(sizeof(*priv_dst->consumed), GFP_ATOMIC); -+ priv_dst->consumed = kmalloc(sizeof(*priv_dst->consumed), gfp); - if (!priv_dst->consumed) - return -ENOMEM; - --- -2.44.2 -
