Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

Pablo Neira Ayuso says:

====================
The following patchset contains Netfilter/IPVS fixes for your net
tree, they are:

* Fix BUG_ON splat due to malformed TCP packets seen by synproxy, from
  Patrick McHardy.

* Fix possible weight overflow in lblc and lblcr schedulers due to
  32-bits arithmetics, from Simon Kirby.

* Fix possible memory access race in the lblc and lblcr schedulers,
  introduced when it was converted to use RCU, two patches from
  Julian Anastasov.

* Fix hard dependency on CPU 0 when reading per-cpu stats in the
  rate estimator, from Julian Anastasov.

* Fix race that may lead to object use after release, when invoking
  ipvsadm -C && ipvsadm -R, introduced when adding RCU, from Julian
  Anastasov.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

2 files changed, 4 insertions, 7 deletions

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index f0d70f066f3d..9c4d37ec45a1 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -723,8 +723,6 @@ struct ip_vs_dest_dst {
         struct rcu_head         rcu_head;
 };
 
-/* In grace period after removing */
-#define IP_VS_DEST_STATE_REMOVING       0x01
 /*
  *      The real server destination forwarding entry
  *      with ip address, port number, and so on.
@@ -742,7 +740,7 @@ struct ip_vs_dest {
 
         atomic_t                refcnt;         /* reference counter */
         struct ip_vs_stats      stats;          /* statistics */
-        unsigned long           state;          /* state flags */
+        unsigned long           idle_start;     /* start time, jiffies */
 
         /* connection counters and thresholds */
         atomic_t                activeconns;    /* active connections */
@@ -756,14 +754,13 @@ struct ip_vs_dest {
         struct ip_vs_dest_dst __rcu *dest_dst;  /* cached dst info */
 
         /* for virtual service */
-        struct ip_vs_service    *svc;           /* service it belongs to */
+        struct ip_vs_service __rcu *svc;        /* service it belongs to */
         __u16                   protocol;       /* which protocol (TCP/UDP) */
         __be16                  vport;          /* virtual port number */
         union nf_inet_addr      vaddr;          /* virtual IP address */
         __u32                   vfwmark;        /* firewall mark of service */
 
         struct list_head        t_list;         /* in dest_trash */
-        struct rcu_head         rcu_head;
         unsigned int            in_rs_table:1;  /* we are in rs_table */
 };
 
@@ -1649,7 +1646,7 @@ static inline void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp)
 /* CONFIG_IP_VS_NFCT */
 #endif
 
-static inline unsigned int
+static inline int
 ip_vs_dest_conn_overhead(struct ip_vs_dest *dest)
 {
         /*
diff --git a/include/net/netfilter/nf_conntrack_synproxy.h b/include/net/netfilter/nf_conntrack_synproxy.h
index 806f54a290d6..f572f313d6f1 100644
--- a/include/net/netfilter/nf_conntrack_synproxy.h
+++ b/include/net/netfilter/nf_conntrack_synproxy.h
@@ -56,7 +56,7 @@ struct synproxy_options {
 
 struct tcphdr;
 struct xt_synproxy_info;
-extern void synproxy_parse_options(const struct sk_buff *skb, unsigned int doff,
+extern bool synproxy_parse_options(const struct sk_buff *skb, unsigned int doff,
                                    const struct tcphdr *th,
                                    struct synproxy_options *opts);
 extern unsigned int synproxy_options_size(const struct synproxy_options *opts);