From: Dong Chenchen <dongchenchen2@huawei.com> hulk inclusion category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/15123 CVE: CVE-2026-45859 -------------------------------- Use KABI_EXTEND to fix kabi breakage of struct nf_queue_entry Fixes: 207b3ebacb61 ("netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation") Signed-off-by: Dong Chenchen <dongchenchen2@huawei.com> --- include/net/netfilter/nf_queue.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/net/netfilter/nf_queue.h b/include/net/netfilter/nf_queue.h index dc724e583e6e..52dbdae8e8a1 100644 --- a/include/net/netfilter/nf_queue.h +++ b/include/net/netfilter/nf_queue.h @@ -19,8 +19,8 @@ struct nf_queue_entry { struct net_device *physout; #endif struct nf_hook_state state; - bool nf_ct_is_unconfirmed; u16 size; /* sizeof(entry) + saved route keys */ + KABI_EXTEND(bool nf_ct_is_unconfirmed) /* extra space to store route keys */ }; -- 2.43.0