[PATCH] UBUNTU: SAUCE: skbuff: Release nfct refcount on napi stolen or re-used skbs

[Daniel Jurgens]

From: Paul Blakey <paulb at nvidia.com>

BugLink: https://bugs.launchpad.net/bugs/1929844

When multiple SKBs are merged to a new skb under napi GRO,
or SKB is re-used by napi, if nfct was set for them in the
driver, it will not be released while freeing their stolen
head state or on re-use.

Release nfct on napi's stolen or re-used SKBs.

Fixes: 5c6b94604744 ("net/mlx5e: CT: Handle misses after executing CT action")
Reviewed-by: Roi Dayan <roid at nvidia.com>
Signed-off-by: Paul Blakey <paulb at nvidia.com>
Signed-off-by: Daniel Jurgens <danielj at nvidia.com>
---
 net/core/dev.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/core/dev.c b/net/core/dev.c
index a0d7cb6..7d8f582 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -5602,6 +5602,7 @@ struct packet_offload *gro_find_complete_by_type(__be16 type)
 
 static void napi_skb_free_stolen_head(struct sk_buff *skb)
 {
+	nf_conntrack_put(skb_nfct(skb));
 	skb_dst_drop(skb);
 	skb_ext_put(skb);
 	kmem_cache_free(skbuff_head_cache, skb);
@@ -5672,6 +5673,7 @@ static void napi_reuse_skb(struct napi_struct *napi, struct sk_buff *skb)
 	skb_shinfo(skb)->gso_type = 0;
 	skb->truesize = SKB_TRUESIZE(skb_end_offset(skb));
 	skb_ext_reset(skb);
+	nf_reset_ct(skb);
 
 	napi->skb = skb;
 }
-- 
1.8.3.1