Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1155395imm;
        Wed, 1 Aug 2018 11:05:55 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpexS8HyEMpu+JfpbahNP5+HC39ZjRZUL2x8S0hLxTVYXltyxVTa907bExIpCJ0YwwAf5Vl4
X-Received: by 2002:a63:8f53:: with SMTP id r19-v6mr25323206pgn.17.1533146754935;
        Wed, 01 Aug 2018 11:05:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1533146754; cv=none;
        d=google.com; s=arc-20160816;
        b=kXAijtvlP9p4IQhFoLbNyzMCZxND9wsb5Bof3lrWVrWDqBnMC/Dt0qQsMUfvv1EEhv
         lyFx4I7kqHMLjylCPxrD2e2JuQm5mHFG6lZrXNuxz7OnPDn/mrzVvoWmOTLt+zxsz0hn
         IFgvC6YlUFviIKnP9VuLNGrV3ZNst+EeziOhW4NxdWdJHLSEOjjHJcHFXVY+CFkJnXp0
         ughib/jTB+wIaJTaiT5YdKFB8RcagsoU8CiOvtOMTNRu47IuLl5eBfoG8KdJlVZlgEA8
         kDtJuIx2CDLpwLqoydmcmQW5mYR4aqTd58QhcujYGaWIPjPiWZECuEHLiq++LCoa9J9b
         /e6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=enQnJoj06BRMbd+nrlKht2HkSCyPjfh3VczoEYvMZrg=;
        b=Abbnro3ZNWFCoZ+GNpVblABZ8IPoDkj0WE5i4gfc0fGomwNnstRCG0kB2nGQMbboUg
         Wsp1E3075OcQ/GkpI3CQ/EX645U++vhAZhBeCKIIsFOGWTBLUrdFbToVo8q99oabDpfY
         w5F8WmJHxyYyzEqQ/6Fpkw6PCwJ9QLXYiPnSjA4qbHi7d5RV4a9DwoDxJ5W0lRV+/W/o
         cawmDfoTWdAZ9jDxgsUIjqbNUNHVbQ18rnFRWnWAzaohVgx9Nx5N6egPnp1f245JxnpT
         +uWW2eoOw7DpV6FvGBw6Q3pze70j0Pxayn8Q7aMbyFpZbewAGqYAw7kBe1nC644y/i40
         XGAA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 68-v6si17577497pff.55.2018.08.01.11.05.39;
        Wed, 01 Aug 2018 11:05:54 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732740AbeHATvK (ORCPT <rfc822;krseo358@gmail.com> + 99 others);
        Wed, 1 Aug 2018 15:51:10 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:50156 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2405807AbeHATIh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 1 Aug 2018 15:08:37 -0400
Received: from localhost (D57E6652.static.ziggozakelijk.nl [213.126.102.82])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id 1B0D81362;
        Wed,  1 Aug 2018 17:13:22 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
        Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.14 038/246] netfilter: ipset: List timing out entries with "timeout 1" instead of zero
Date:   Wed,  1 Aug 2018 18:49:08 +0200
Message-Id: <20180801165013.510415415@linuxfoundation.org>
X-Mailer: git-send-email 2.18.0
In-Reply-To: <20180801165011.700991984@linuxfoundation.org>
References: <20180801165011.700991984@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.14-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

[ Upstream commit bd975e691486ba52790ba23cc9b4fecab7bc0d31 ]

When listing sets with timeout support, there's a probability that
just timing out entries with "0" timeout value is listed/saved.
However when restoring the saved list, the zero timeout value means
permanent elelements.

The new behaviour is that timing out entries are listed with "timeout 1"
instead of zero.

Fixes netfilter bugzilla #1258.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 include/linux/netfilter/ipset/ip_set_timeout.h |   10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

--- a/include/linux/netfilter/ipset/ip_set_timeout.h
+++ b/include/linux/netfilter/ipset/ip_set_timeout.h
@@ -65,8 +65,14 @@ ip_set_timeout_set(unsigned long *timeou
 static inline u32
 ip_set_timeout_get(const unsigned long *timeout)
 {
-	return *timeout == IPSET_ELEM_PERMANENT ? 0 :
-		jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC;
+	u32 t;
+
+	if (*timeout == IPSET_ELEM_PERMANENT)
+		return 0;
+
+	t = jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC;
+	/* Zero value in userspace means no timeout */
+	return t == 0 ? 1 : t;
 }
 
 #endif	/* __KERNEL__ */