4.9-stable patches

added patches:
	netfilter-nft_set_rbtree-handle-element-re-addition-after-deletion.patch

diff --git a/queue-4.9/netfilter-nft_set_rbtree-handle-element-re-addition-after-deletion.patch b/queue-4.9/netfilter-nft_set_rbtree-handle-element-re-addition-after-deletion.patch
new file mode 100644 (file)
index 0000000..da0444c
--- /dev/null
+++ b/queue-4.9/netfilter-nft_set_rbtree-handle-element-re-addition-after-deletion.patch
@@ -0,0 +1,55 @@
+From d2df92e98a34a5619dadd29c6291113c009181e7 Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Sun, 21 May 2017 00:37:10 +0200
+Subject: netfilter: nft_set_rbtree: handle element re-addition after deletion
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit d2df92e98a34a5619dadd29c6291113c009181e7 upstream.
+
+The existing code selects no next branch to be inspected when
+re-inserting an inactive element into the rb-tree, looping endlessly.
+This patch restricts the check for active elements to the EEXIST case
+only.
+
+Fixes: e701001e7cbe ("netfilter: nft_rbtree: allow adjacent intervals with dynamic updates")
+Reported-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Tested-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nft_set_rbtree.c |   22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+--- a/net/netfilter/nft_set_rbtree.c
++++ b/net/netfilter/nft_set_rbtree.c
+@@ -118,17 +118,17 @@ static int __nft_rbtree_insert(const str
+               else if (d > 0)
+                       p = &parent->rb_right;
+               else {
+-                      if (nft_set_elem_active(&rbe->ext, genmask)) {
+-                              if (nft_rbtree_interval_end(rbe) &&
+-                                  !nft_rbtree_interval_end(new))
+-                                      p = &parent->rb_left;
+-                              else if (!nft_rbtree_interval_end(rbe) &&
+-                                       nft_rbtree_interval_end(new))
+-                                      p = &parent->rb_right;
+-                              else {
+-                                      *ext = &rbe->ext;
+-                                      return -EEXIST;
+-                              }
++                      if (nft_rbtree_interval_end(rbe) &&
++                          !nft_rbtree_interval_end(new)) {
++                              p = &parent->rb_left;
++                      } else if (!nft_rbtree_interval_end(rbe) &&
++                                 nft_rbtree_interval_end(new)) {
++                              p = &parent->rb_right;
++                      } else if (nft_set_elem_active(&rbe->ext, genmask)) {
++                              *ext = &rbe->ext;
++                              return -EEXIST;
++                      } else {
++                              p = &parent->rb_left;
+                       }
+               }
+       }

diff --git a/queue-4.9/series b/queue-4.9/series
index d9fa5138d0af7edd913c07f5db5cf0884ebc776d..3cb3259911cb8b843edef7ddcae680ec693e2894 100644 (file)
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -116,3 +116,4 @@ drm-i915-vbt-don-t-propagate-errors-from-intel_bios_init.patch
 drm-i915-vbt-split-out-defaults-that-are-set-when-there-is-no-vbt.patch
 cpufreq-schedutil-move-cached_raw_freq-to-struct-sugov_policy.patch
 cpufreq-schedutil-fix-per-cpu-structure-initialization-in-sugov_start.patch
+netfilter-nft_set_rbtree-handle-element-re-addition-after-deletion.patch