From 6ec3a6fe5157adbea3eb16806159ecb039a2d273 Mon Sep 17 00:00:00 2001
From: dujeonglee <dujeong.lee@samsung.com>
Date: Thu, 5 Sep 2019 10:01:47 +0900
Subject: [PATCH] [RAMEN9610-19737][MODAP-40430] Fix CFI panic on ip_expire

Change-Id: I678395a3dc85ceb833532379653d2dd2b8670796
Signed-off-by: dujeonglee <dujeong.lee@samsung.com>
Signed-off-by: Kim Gunho <gunho.kim@samsung.com>
---
 include/linux/timer.h                   | 2 +-
 include/net/inet_frag.h                 | 4 ++++
 net/ipv4/inet_fragment.c                | 2 +-
 net/ipv4/ip_fragment.c                  | 6 +++++-
 net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +++++-
 net/ipv6/reassembly.c                   | 6 +++++-
 6 files changed, 21 insertions(+), 5 deletions(-)
 mode change 100644 => 100755 include/linux/timer.h
 mode change 100644 => 100755 include/net/inet_frag.h
 mode change 100644 => 100755 net/ipv4/inet_fragment.c
 mode change 100644 => 100755 net/ipv4/ip_fragment.c
 mode change 100644 => 100755 net/ipv6/netfilter/nf_conntrack_reasm.c
 mode change 100644 => 100755 net/ipv6/reassembly.c

diff --git a/include/linux/timer.h b/include/linux/timer.h
old mode 100644
new mode 100755
index e0ea1fe87572..28d24e149ea0
--- a/include/linux/timer.h
+++ b/include/linux/timer.h
@@ -7,6 +7,7 @@
 #include <linux/stddef.h>
 #include <linux/debugobjects.h>
 #include <linux/stringify.h>
+#include <linux/version.h>
 
 struct tvec_base;
 
@@ -182,7 +183,6 @@ static inline void timer_setup(struct timer_list *timer,
 
 #define from_timer(var, callback_timer, timer_fieldname) \
 	container_of(callback_timer, typeof(*var), timer_fieldname)
-
 /**
  * timer_pending - is a timer pending?
  * @timer: the timer in question
diff --git a/include/net/inet_frag.h b/include/net/inet_frag.h
old mode 100644
new mode 100755
index 008f64823c41..4da99fb83cda
--- a/include/net/inet_frag.h
+++ b/include/net/inet_frag.h
@@ -96,7 +96,11 @@ struct inet_frags {
 	void			(*constructor)(struct inet_frag_queue *q,
 					       const void *arg);
 	void			(*destructor)(struct inet_frag_queue *);
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0)
+	void			(*frag_expire)(unsigned long t);
+#else
 	void			(*frag_expire)(struct timer_list *t);
+#endif
 	struct kmem_cache	*frags_cachep;
 	const char		*frags_cache_name;
 	struct rhashtable_params rhash_params;
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
old mode 100644
new mode 100755
index 481cded81b2d..b0f4e12110b8
--- a/net/ipv4/inet_fragment.c
+++ b/net/ipv4/inet_fragment.c
@@ -250,7 +250,7 @@ static struct inet_frag_queue *inet_frag_alloc(struct netns_frags *nf,
 	f->constructor(q, arg);
 	add_frag_mem_limit(nf, f->qsize);
 
-	timer_setup(&q->timer, f->frag_expire, 0);
+	timer_setup(&q->timer, (void (*)(struct timer_list *))f->frag_expire, 0);
 	spin_lock_init(&q->lock);
 	refcount_set(&q->refcnt, 3);
 
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
old mode 100644
new mode 100755
index 5a1d39e32196..b1fd526b2a4b
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -132,9 +132,13 @@ static bool frag_expire_skip_icmp(u32 user)
 /*
  * Oops, a fragment queue timed out.  Kill it and send an ICMP reply.
  */
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0)
+static void ip_expire(unsigned long t)
+#else
 static void ip_expire(struct timer_list *t)
+#endif
 {
-	struct inet_frag_queue *frag = from_timer(frag, t, timer);
+	struct inet_frag_queue *frag = from_timer(frag, (struct timer_list *)t, timer);
 	const struct iphdr *iph;
 	struct sk_buff *head = NULL;
 	struct net *net;
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
old mode 100644
new mode 100755
index 35d5a76867d0..fd781ac59b05
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -144,9 +144,13 @@ static inline u8 ip6_frag_ecn(const struct ipv6hdr *ipv6h)
 	return 1 << (ipv6_get_dsfield(ipv6h) & INET_ECN_MASK);
 }
 
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0)
+static void nf_ct_frag6_expire(unsigned long t)
+#else
 static void nf_ct_frag6_expire(struct timer_list *t)
+#endif
 {
-	struct inet_frag_queue *frag = from_timer(frag, t, timer);
+	struct inet_frag_queue *frag = from_timer(frag, (struct timer_list *)t, timer);
 	struct frag_queue *fq;
 	struct net *net;
 
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
old mode 100644
new mode 100755
index b2f7a335a12b..ab2b2a1805a1
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -72,9 +72,13 @@ static struct inet_frags ip6_frags;
 static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *skb,
 			  struct sk_buff *prev_tail, struct net_device *dev);
 
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0)
+static void ip6_frag_expire(unsigned long t)
+#else
 static void ip6_frag_expire(struct timer_list *t)
+#endif
 {
-	struct inet_frag_queue *frag = from_timer(frag, t, timer);
+	struct inet_frag_queue *frag = from_timer(frag, (struct timer_list *)t, timer);
 	struct frag_queue *fq;
 	struct net *net;
 
-- 
2.20.1