From 6c08892259f70aedb151bb8b209d00df58fead21 Mon Sep 17 00:00:00 2001
From: Denis Kirjanov <denis.kirjanov@suse.com>
Date: Mon, 8 Jan 2024 15:29:12 +0300
Subject: [PATCH] netfilter: preserve KABI for struct nft_set
Patch-mainline: never, KABI workaround
References: bsc#1202095 CVE-2022-2586
---
include/net/netfilter/nf_tables.h | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index ed965c62240e..072c30a72751 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -384,8 +384,6 @@ struct nft_set {
struct list_head list;
struct list_head bindings;
char name[NFT_SET_MAXNAMELEN];
- struct nft_table *table;
- possible_net_t net;
u32 ktype;
u32 dtype;
u32 objtype;
@@ -403,6 +401,10 @@ struct nft_set {
genmask:2;
u8 klen;
u8 dlen;
+#ifndef __GENKSYMS__
+ struct nft_table *table;
+ possible_net_t net;
+#endif
unsigned char data[]
__attribute__((aligned(__alignof__(u64))));
};
--
2.16.4