--- /dev/null
+From adc972c5b88829d38ede08b1069718661c7330ae Mon Sep 17 00:00:00 2001
+From: Taehee Yoo <ap420073@gmail.com>
+Date: Mon, 11 Jun 2018 22:16:33 +0900
+Subject: netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
+
+From: Taehee Yoo <ap420073@gmail.com>
+
+commit adc972c5b88829d38ede08b1069718661c7330ae upstream.
+
+When depth of chain is bigger than NFT_JUMP_STACK_SIZE, the nft_do_chain
+crashes. But there is no need to crash hard here.
+
+Suggested-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Taehee Yoo <ap420073@gmail.com>
+Acked-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nf_tables_core.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/netfilter/nf_tables_core.c
++++ b/net/netfilter/nf_tables_core.c
+@@ -185,7 +185,8 @@ next_rule:
+
+ switch (regs.verdict.code) {
+ case NFT_JUMP:
+- BUG_ON(stackptr >= NFT_JUMP_STACK_SIZE);
++ if (WARN_ON_ONCE(stackptr >= NFT_JUMP_STACK_SIZE))
++ return NF_DROP;
+ jumpstack[stackptr].chain = chain;
+ jumpstack[stackptr].rule = rule;
+ jumpstack[stackptr].rulenum = rulenum;
--- /dev/null
+From f4eb17e1efe538d4da7d574bedb00a8dafcc26b7 Mon Sep 17 00:00:00 2001
+From: "David S. Miller" <davem@davemloft.net>
+Date: Tue, 6 Jun 2017 11:34:06 -0400
+Subject: Revert "sit: reload iphdr in ipip6_rcv"
+
+From: David S. Miller <davem@davemloft.net>
+
+commit f4eb17e1efe538d4da7d574bedb00a8dafcc26b7 upstream.
+
+This reverts commit b699d0035836f6712917a41e7ae58d84359b8ff9.
+
+As per Eric Dumazet, the pskb_may_pull() is a NOP in this
+particular case, so the 'iph' reload is unnecessary.
+
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Luca Boccassi <luca.boccassi@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ipv6/sit.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/net/ipv6/sit.c
++++ b/net/ipv6/sit.c
+@@ -659,7 +659,6 @@ static int ipip6_rcv(struct sk_buff *skb
+ if (iptunnel_pull_header(skb, 0, htons(ETH_P_IPV6),
+ !net_eq(tunnel->net, dev_net(tunnel->dev))))
+ goto out;
+- iph = ip_hdr(skb);
+
+ err = IP_ECN_decapsulate(iph, skb);
+ if (unlikely(err)) {
i2c-rcar-fix-resume-by-always-initializing-registers-before-transfer.patch
ipv4-fix-error-return-value-in-fib_convert_metrics.patch
kprobes-x86-do-not-modify-singlestep-buffer-while-resuming.patch
+netfilter-nf_tables-use-warn_on_once-instead-of-bug_on-in-nft_do_chain.patch
+revert-sit-reload-iphdr-in-ipip6_rcv.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
