Merge tag 'ASB-2024-01-05_11-5.4' of...

		kernel_sock_shutdown(queue->sock, SHUT_RDWR);

}

static void nvmet_tcp_socket_error(struct nvmet_tcp_queue *queue, int status)

{

	queue->rcv_state = NVMET_TCP_RECV_ERR;

	if (status == -EPIPE || status == -ECONNRESET)

		kernel_sock_shutdown(queue->sock, SHUT_RDWR);

	else

		nvmet_tcp_fatal_error(queue);

}

static int nvmet_tcp_map_data(struct nvmet_tcp_cmd *cmd)

{

	struct nvme_sgl_desc *sgl = &cmd->req.cmd->common.dptr.sgl;

	for (i = 0; i < budget; i++) {

		ret = nvmet_tcp_try_send_one(queue, i == budget - 1);

		if (ret <= 0)

		if (unlikely(ret < 0)) {

			nvmet_tcp_socket_error(queue, ret);

			goto done;

		} else if (ret == 0) {

			break;

		}

		(*sends)++;

	}

done:

	return ret;

}

	iov.iov_len = sizeof(*icresp);

	ret = kernel_sendmsg(queue->sock, &msg, &iov, 1, iov.iov_len);

	if (ret < 0)

		goto free_crypto;

		return ret; /* queue removal will cleanup */

	queue->state = NVMET_TCP_Q_LIVE;

	nvmet_prepare_receive_pdu(queue);

	return 0;

free_crypto:

	if (queue->hdr_digest || queue->data_digest)

		nvmet_tcp_free_crypto(queue);

	return ret;

}

static void nvmet_tcp_handle_req_failure(struct nvmet_tcp_queue *queue,

	for (i = 0; i < budget; i++) {

		ret = nvmet_tcp_try_recv_one(queue);

		if (ret <= 0)

		if (unlikely(ret < 0)) {

			nvmet_tcp_socket_error(queue, ret);

			goto done;

		} else if (ret == 0) {

			break;

		}

		(*recvs)++;

	}

done:

	return ret;

}

		pending = false;

		ret = nvmet_tcp_try_recv(queue, NVMET_TCP_RECV_BUDGET, &ops);

		if (ret > 0) {

		if (ret > 0)

			pending = true;

		} else if (ret < 0) {

			if (ret == -EPIPE || ret == -ECONNRESET)

				kernel_sock_shutdown(queue->sock, SHUT_RDWR);

			else

				nvmet_tcp_fatal_error(queue);

		else if (ret < 0)

			return;

		}

		ret = nvmet_tcp_try_send(queue, NVMET_TCP_SEND_BUDGET, &ops);

		if (ret > 0) {

			/* transmitted message/data */

		if (ret > 0)

			pending = true;

		} else if (ret < 0) {

			if (ret == -EPIPE || ret == -ECONNRESET)

				kernel_sock_shutdown(queue->sock, SHUT_RDWR);

			else

				nvmet_tcp_fatal_error(queue);

		else if (ret < 0)

			return;

		}

	} while (pending && ops < NVMET_TCP_IO_WORK_BUDGET);

	int				(*init)(const struct nft_set *set,

						const struct nft_set_desc *desc,

						const struct nlattr * const nla[]);

	void				(*destroy)(const struct nft_set *set);

	void				(*destroy)(const struct nft_ctx *ctx,

						   const struct nft_set *set);

	void				(*gc_init)(const struct nft_set *set);

	unsigned int			elemsize;

 *

 *	@list: table set list node

 *	@bindings: list of set bindings

 *	@refs: internal refcounting for async set destruction

 *	@table: table this set belongs to

 *	@net: netnamespace this set belongs to

 * 	@name: name of the set

struct nft_set {

	struct list_head		list;

	struct list_head		bindings;

	refcount_t			refs;

	struct nft_table		*table;

	possible_net_t			net;

	char				*name;

	unsigned char			*udata;

	/* runtime data below here */

	const struct nft_set_ops	*ops ____cacheline_aligned;

	u16				flags:14,

	u16				flags:13,

					dead:1,

					genmask:2;

	u8				klen;

	u8				dlen;

			u64 timeout, u64 expiration, gfp_t gfp);

void nft_set_elem_destroy(const struct nft_set *set, void *elem,

			  bool destroy_expr);

/**

 *	struct nft_set_gc_batch_head - nf_tables set garbage collection batch

 *

 *	@rcu: rcu head

 *	@set: set the elements belong to

 *	@cnt: count of elements

 */

struct nft_set_gc_batch_head {

	struct rcu_head			rcu;

	const struct nft_set		*set;

	unsigned int			cnt;

};

#define NFT_SET_GC_BATCH_SIZE	((PAGE_SIZE -				  \

				  sizeof(struct nft_set_gc_batch_head)) / \

				 sizeof(void *))

/**

 *	struct nft_set_gc_batch - nf_tables set garbage collection batch

 *

 * 	@head: GC batch head

 * 	@elems: garbage collection elements

 */

struct nft_set_gc_batch {

	struct nft_set_gc_batch_head	head;

	void				*elems[NFT_SET_GC_BATCH_SIZE];

};

struct nft_set_gc_batch *nft_set_gc_batch_alloc(const struct nft_set *set,

						gfp_t gfp);

void nft_set_gc_batch_release(struct rcu_head *rcu);

static inline void nft_set_gc_batch_complete(struct nft_set_gc_batch *gcb)

{

	if (gcb != NULL)

		call_rcu(&gcb->head.rcu, nft_set_gc_batch_release);

}

static inline struct nft_set_gc_batch *

nft_set_gc_batch_check(const struct nft_set *set, struct nft_set_gc_batch *gcb,

		       gfp_t gfp)

{

	if (gcb != NULL) {

		if (gcb->head.cnt + 1 < ARRAY_SIZE(gcb->elems))

			return gcb;

		nft_set_gc_batch_complete(gcb);

	}

	return nft_set_gc_batch_alloc(set, gfp);

}

static inline void nft_set_gc_batch_add(struct nft_set_gc_batch *gcb,

					void *elem)

{

	gcb->elems[gcb->head.cnt++] = elem;

}

void nf_tables_set_elem_destroy(const struct nft_ctx *ctx,

				const struct nft_set *set, void *elem);

struct nft_expr_ops;

/**

#endif /* IS_ENABLED(CONFIG_NF_TABLES) */

/*

 * We use a free bit in the genmask field to indicate the element

 * is busy, meaning it is currently being processed either by

 * the netlink API or GC.

 *

 * Even though the genmask is only a single byte wide, this works

 * because the extension structure if fully constant once initialized,

 * so there are no non-atomic write accesses unless it is already

 * marked busy.

 */

#define NFT_SET_ELEM_BUSY_MASK	(1 << 2)

#define NFT_SET_ELEM_DEAD_MASK (1 << 2)

#if defined(__LITTLE_ENDIAN_BITFIELD)

#define NFT_SET_ELEM_BUSY_BIT	2

#define NFT_SET_ELEM_DEAD_BIT	2

#elif defined(__BIG_ENDIAN_BITFIELD)

#define NFT_SET_ELEM_BUSY_BIT	(BITS_PER_LONG - BITS_PER_BYTE + 2)

#define NFT_SET_ELEM_DEAD_BIT	(BITS_PER_LONG - BITS_PER_BYTE + 2)

#else

#error

#endif

static inline int nft_set_elem_mark_busy(struct nft_set_ext *ext)

static inline void nft_set_elem_dead(struct nft_set_ext *ext)

{

	unsigned long *word = (unsigned long *)ext;

	BUILD_BUG_ON(offsetof(struct nft_set_ext, genmask) != 0);

	return test_and_set_bit(NFT_SET_ELEM_BUSY_BIT, word);

	set_bit(NFT_SET_ELEM_DEAD_BIT, word);

}

static inline void nft_set_elem_clear_busy(struct nft_set_ext *ext)

static inline int nft_set_elem_is_dead(const struct nft_set_ext *ext)

{

	unsigned long *word = (unsigned long *)ext;

	clear_bit(NFT_SET_ELEM_BUSY_BIT, word);

	BUILD_BUG_ON(offsetof(struct nft_set_ext, genmask) != 0);

	return test_bit(NFT_SET_ELEM_DEAD_BIT, word);

}

/**

#define nft_trans_flowtable(trans)	\

	(((struct nft_trans_flowtable *)trans->data)->flowtable)

#define NFT_TRANS_GC_BATCHCOUNT                256

struct nft_trans_gc {

	struct list_head	list;

	struct net		*net;

	struct nft_set		*set;

	u32			seq;

	u8			count;

	void			*priv[NFT_TRANS_GC_BATCHCOUNT];

	struct rcu_head		rcu;

};

struct nft_trans_gc *nft_trans_gc_alloc(struct nft_set *set,

					unsigned int gc_seq, gfp_t gfp);

void nft_trans_gc_destroy(struct nft_trans_gc *trans);

struct nft_trans_gc *nft_trans_gc_queue_async(struct nft_trans_gc *gc,

					      unsigned int gc_seq, gfp_t gfp);

void nft_trans_gc_queue_async_done(struct nft_trans_gc *gc);

struct nft_trans_gc *nft_trans_gc_queue_sync(struct nft_trans_gc *gc, gfp_t gfp);

void nft_trans_gc_queue_sync_done(struct nft_trans_gc *trans);

void nft_trans_gc_elem_add(struct nft_trans_gc *gc, void *priv);

void nft_setelem_data_deactivate(const struct net *net,

				 const struct nft_set *set,

				 struct nft_set_elem *elem);

int __init nft_chain_filter_init(void);

void nft_chain_filter_fini(void);

	struct mutex		commit_mutex;

	unsigned int		base_seq;

	u8			validate_state;

	unsigned int		gc_seq;

};

#endif /* _NET_NF_TABLES_H */

	int tv = prandom_u32() % max_delay;

	im->tm_running = 1;

	if (!mod_timer(&im->timer, jiffies+tv+2))

		refcount_inc(&im->refcnt);

	if (refcount_inc_not_zero(&im->refcnt)) {

		if (mod_timer(&im->timer, jiffies + tv + 2))

			ip_ma_put(im);

	}

}

static void igmp_gq_start_timer(struct in_device *in_dev)

#define NFT_MODULE_AUTOLOAD_LIMIT (MODULE_NAME_LEN - sizeof("nft-expr-255-"))

unsigned int nf_tables_net_id __read_mostly;

EXPORT_SYMBOL_GPL(nf_tables_net_id);

static LIST_HEAD(nf_tables_expressions);

static LIST_HEAD(nf_tables_objects);

static LIST_HEAD(nf_tables_flowtables);

static LIST_HEAD(nf_tables_destroy_list);

static LIST_HEAD(nf_tables_gc_list);

static DEFINE_SPINLOCK(nf_tables_destroy_list_lock);

static DEFINE_SPINLOCK(nf_tables_gc_list_lock);

static u64 table_handle;

enum {

static void nf_tables_trans_destroy_work(struct work_struct *w);

static DECLARE_WORK(trans_destroy_work, nf_tables_trans_destroy_work);

static void nft_trans_gc_work(struct work_struct *work);

static DECLARE_WORK(trans_gc_work, nft_trans_gc_work);

static void nft_ctx_init(struct nft_ctx *ctx,

			 struct net *net,

			 const struct sk_buff *skb,

	return 0;

}

static int nft_mapelem_deactivate(const struct nft_ctx *ctx,

				  struct nft_set *set,

				  const struct nft_set_iter *iter,

				  struct nft_set_elem *elem)

{

	nft_setelem_data_deactivate(ctx->net, set, elem);

	return 0;

}

static void nft_map_deactivate(const struct nft_ctx *ctx, struct nft_set *set)

{

	struct nft_set_iter iter = {

		.genmask	= nft_genmask_next(ctx->net),

		.fn		= nft_mapelem_deactivate,

	};

	set->ops->walk(ctx, set, &iter);

	WARN_ON_ONCE(iter.err);

}

static int nft_delset(const struct nft_ctx *ctx, struct nft_set *set)

{

	int err;

	if (err < 0)

		return err;

	if (set->flags & (NFT_SET_MAP | NFT_SET_OBJECT))

		nft_map_deactivate(ctx, set);

	nft_deactivate_next(ctx->net, set);

	nft_use_dec(&ctx->table->use);

	}

	INIT_LIST_HEAD(&set->bindings);

	refcount_set(&set->refs, 1);

	set->table = table;

	write_pnet(&set->net, net);

	set->ops   = ops;

	return 0;

err4:

	ops->destroy(set);

	ops->destroy(&ctx, set);

err3:

	kfree(set->name);

err2:

	return err;

}

static void nft_set_put(struct nft_set *set)

{

	if (refcount_dec_and_test(&set->refs)) {

		kfree(set->name);

		kvfree(set);

	}

}

static void nft_set_destroy(const struct nft_ctx *ctx, struct nft_set *set)

{

	if (WARN_ON(set->use > 0))

		return;

	set->ops->destroy(set);

	set->ops->destroy(ctx, set);

	module_put(to_set_type(set->ops)->owner);

	kfree(set->name);

	kvfree(set);

	nft_set_put(set);

}

static int nf_tables_delset(struct net *net, struct sock *nlsk,

	}

}

static void nft_setelem_data_activate(const struct net *net,

				      const struct nft_set *set,

				      struct nft_set_elem *elem);

static int nft_mapelem_activate(const struct nft_ctx *ctx,

				struct nft_set *set,

				const struct nft_set_iter *iter,

				struct nft_set_elem *elem)

{

	nft_setelem_data_activate(ctx->net, set, elem);

	return 0;

}

static void nft_map_activate(const struct nft_ctx *ctx, struct nft_set *set)

{

	struct nft_set_iter iter = {

		.genmask	= nft_genmask_next(ctx->net),

		.fn		= nft_mapelem_activate,

	};

	set->ops->walk(ctx, set, &iter);

	WARN_ON_ONCE(iter.err);

}

void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set)

{

	if (nft_set_is_anonymous(set))

	if (nft_set_is_anonymous(set)) {

		if (set->flags & (NFT_SET_MAP | NFT_SET_OBJECT))

			nft_map_activate(ctx, set);

		nft_clear(ctx->net, set);

	}

	nft_use_inc_restore(&set->use);

}

		nft_use_dec(&set->use);

		break;

	case NFT_TRANS_PREPARE:

		if (nft_set_is_anonymous(set))

			nft_deactivate_next(ctx->net, set);

		if (nft_set_is_anonymous(set)) {

			if (set->flags & (NFT_SET_MAP | NFT_SET_OBJECT))

				nft_map_deactivate(ctx, set);

			nft_deactivate_next(ctx->net, set);

		}

		nft_use_dec(&set->use);

		return;

	case NFT_TRANS_ABORT:

	case NFT_TRANS_RELEASE:

		if (nft_set_is_anonymous(set) &&

		    set->flags & (NFT_SET_MAP | NFT_SET_OBJECT))

			nft_map_deactivate(ctx, set);

		nft_use_dec(&set->use);

		/* fall through */

	default:

	return elem;

}

/* Drop references and destroy. Called from gc, dynset and abort path. */

void nft_set_elem_destroy(const struct nft_set *set, void *elem,

			  bool destroy_expr)

{

}

EXPORT_SYMBOL_GPL(nft_set_elem_destroy);

/* Only called from commit path, nft_set_elem_deactivate() already deals with

 * the refcounting from the preparation phase.

/* Destroy element. References have been already dropped in the preparation

 * path via nft_setelem_data_deactivate().

 */

static void nf_tables_set_elem_destroy(const struct nft_ctx *ctx,

void nf_tables_set_elem_destroy(const struct nft_ctx *ctx,

				const struct nft_set *set, void *elem)

{

	struct nft_set_ext *ext = nft_set_elem_ext(set, elem);

		nf_tables_expr_destroy(ctx, nft_set_ext_expr(ext));

	kfree(elem);

}

EXPORT_SYMBOL_GPL(nf_tables_set_elem_destroy);

static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set,

			    const struct nlattr *attr, u32 nlmsg_flags)

	if (trans == NULL)

		goto err4;

	ext->genmask = nft_genmask_cur(ctx->net) | NFT_SET_ELEM_BUSY_MASK;

	ext->genmask = nft_genmask_cur(ctx->net);

	err = set->ops->insert(ctx->net, set, &elem, &ext2);

	if (err) {

		if (err == -EEXIST) {

	}

}

static void nft_set_elem_activate(const struct net *net,

static void nft_setelem_data_activate(const struct net *net,

				      const struct nft_set *set,

				      struct nft_set_elem *elem)

{

		nft_use_inc_restore(&(*nft_set_ext_obj(ext))->use);

}

static void nft_set_elem_deactivate(const struct net *net,

void nft_setelem_data_deactivate(const struct net *net,

				 const struct nft_set *set,

				 struct nft_set_elem *elem)

{

	if (nft_set_ext_exists(ext, NFT_SET_EXT_OBJREF))

		nft_use_dec(&(*nft_set_ext_obj(ext))->use);

}

EXPORT_SYMBOL_GPL(nft_setelem_data_deactivate);

static int nft_del_setelem(struct nft_ctx *ctx, struct nft_set *set,

			   const struct nlattr *attr)

	kfree(elem.priv);

	elem.priv = priv;

	nft_set_elem_deactivate(ctx->net, set, &elem);

	nft_setelem_data_deactivate(ctx->net, set, &elem);

	nft_trans_elem(trans) = elem;

	nft_trans_commit_list_add_tail(ctx->net, trans);

	}

	set->ndeact++;

	nft_set_elem_deactivate(ctx->net, set, elem);

	nft_setelem_data_deactivate(ctx->net, set, elem);

	nft_trans_elem_set(trans) = set;

	nft_trans_elem(trans) = *elem;

	nft_trans_commit_list_add_tail(ctx->net, trans);

	return err;

}

void nft_set_gc_batch_release(struct rcu_head *rcu)

{

	struct nft_set_gc_batch *gcb;

	unsigned int i;

	gcb = container_of(rcu, struct nft_set_gc_batch, head.rcu);

	for (i = 0; i < gcb->head.cnt; i++)

		nft_set_elem_destroy(gcb->head.set, gcb->elems[i], true);

	kfree(gcb);

}

EXPORT_SYMBOL_GPL(nft_set_gc_batch_release);

struct nft_set_gc_batch *nft_set_gc_batch_alloc(const struct nft_set *set,

						gfp_t gfp)

{

	struct nft_set_gc_batch *gcb;

	gcb = kzalloc(sizeof(*gcb), gfp);

	if (gcb == NULL)

		return gcb;

	gcb->head.set = set;

	return gcb;

}

EXPORT_SYMBOL_GPL(nft_set_gc_batch_alloc);

/*

 * Stateful objects

 */

	list_del_rcu(&chain->list);

}

static void nft_trans_gc_setelem_remove(struct nft_ctx *ctx,

					struct nft_trans_gc *trans)

{

	void **priv = trans->priv;

	unsigned int i;

	for (i = 0; i < trans->count; i++) {

		struct nft_set_elem elem = {

			.priv = priv[i],

		};

		nft_setelem_data_deactivate(ctx->net, trans->set, &elem);

		trans->set->ops->remove(trans->net, trans->set, &elem);

	}

}

void nft_trans_gc_destroy(struct nft_trans_gc *trans)

{

	nft_set_put(trans->set);

	put_net(trans->net);

	kfree(trans);

}

EXPORT_SYMBOL_GPL(nft_trans_gc_destroy);

static void nft_trans_gc_trans_free(struct rcu_head *rcu)

{

	struct nft_set_elem elem = {};

	struct nft_trans_gc *trans;

	struct nft_ctx ctx = {};

	unsigned int i;

	trans = container_of(rcu, struct nft_trans_gc, rcu);

	ctx.net = read_pnet(&trans->set->net);

	for (i = 0; i < trans->count; i++) {