Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1377704imm;
        Sat, 4 Aug 2018 02:08:44 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpew5NVpvaGElDEbBcs2+jEr7JdW4orVYB88zdPqfLtHeCu3z3cWBLvqXPzoARW4f2oztxSl
X-Received: by 2002:a62:3703:: with SMTP id e3-v6mr8313698pfa.117.1533373724850;
        Sat, 04 Aug 2018 02:08:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1533373724; cv=none;
        d=google.com; s=arc-20160816;
        b=XAS+wAP/9vKfxJHwR5nS4Zr4NLa8jEWlhaaSFFYCH+F9BuvNt1zlikcpnQFICk2QFi
         358gTHnQoVUOz2XhP6yt0foYLVpXe2p9I1OMJ3spiADECRS0gOYGzpYzySCtpdupu66r
         Q/8e1/wKiKJoXirv6uB/89nPwY7CleThJMMyZrR4kfxl62QcpBVdVM8IMED+3ZByfeRw
         lq5paOH/EUB4B5tmiY9qqR2bu5th3NQbK5kU/CUqhgMRkR4xXm1wKgUzAAJx8ZDZkFP8
         naTVdmR/U6cV+mU0VG4bAnnkGaB/OZ7u+1eJ9/iG7V924tVVFXTkedn7BNZZNLUqvDc1
         8QFA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=z8oRu2L7kSjnFI5vlbrvVXuMUimfkge+OaHJ8M07cng=;
        b=P1FK15nTOfR6aTV+5xrGKHI4zxocJ/AGbtm6hR8KsewHSoiovNGh+Cy0Gbn/YEIVjm
         hcD+qL3BKelhlO2W3fa0/A7m1mBJ8/TexLdMtX4/V7NUhlItml3HOC/pz+/I/UxCTBm/
         DWoSZxsoW7y9wjLXkqpXWDKumVtMNiCuBTmbtriMNVLOVm2lM+gNJ4kAVpgHXMCX1Bs+
         hnoEsZ75yRvqLYdr0TKQ9L2Tk40Jo4DkJk2MfF2s2OpGB6rQKJsiC0RQ7QooUkpln6Ta
         x5FnATWmXreYKM4M6a0KRy29aa/uM+/lIP+GVhfMhkH/Fe296ioWr7mINXMp1Mt4JSNV
         PiXQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m10-v6si7554693pfe.133.2018.08.04.02.08.30;
        Sat, 04 Aug 2018 02:08:44 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2387442AbeHDLHC (ORCPT <rfc822;patchstalker@gmail.com>
        + 99 others); Sat, 4 Aug 2018 07:07:02 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:49294 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1729243AbeHDLHB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 4 Aug 2018 07:07:01 -0400
Received: from localhost (D57E6652.static.ziggozakelijk.nl [213.126.102.82])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id 8A0A1BB3;
        Sat,  4 Aug 2018 09:07:02 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
        Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.4 016/124] netfilter: ipset: List timing out entries with "timeout 1" instead of zero
Date:   Sat,  4 Aug 2018 11:00:05 +0200
Message-Id: <20180804082703.057487478@linuxfoundation.org>
X-Mailer: git-send-email 2.18.0
In-Reply-To: <20180804082702.434482435@linuxfoundation.org>
References: <20180804082702.434482435@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

[ Upstream commit bd975e691486ba52790ba23cc9b4fecab7bc0d31 ]

When listing sets with timeout support, there's a probability that
just timing out entries with "0" timeout value is listed/saved.
However when restoring the saved list, the zero timeout value means
permanent elelements.

The new behaviour is that timing out entries are listed with "timeout 1"
instead of zero.

Fixes netfilter bugzilla #1258.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 include/linux/netfilter/ipset/ip_set_timeout.h |   10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

--- a/include/linux/netfilter/ipset/ip_set_timeout.h
+++ b/include/linux/netfilter/ipset/ip_set_timeout.h
@@ -65,8 +65,14 @@ ip_set_timeout_set(unsigned long *timeou
 static inline u32
 ip_set_timeout_get(unsigned long *timeout)
 {
-	return *timeout == IPSET_ELEM_PERMANENT ? 0 :
-		jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC;
+	u32 t;
+
+	if (*timeout == IPSET_ELEM_PERMANENT)
+		return 0;
+
+	t = jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC;
+	/* Zero value in userspace means no timeout */
+	return t == 0 ? 1 : t;
 }
 
 #endif	/* __KERNEL__ */