--- /dev/null
+From avimalin@gmail.com Tue Oct 11 20:34:34 2022
+From: Vimal Agrawal <avimalin@gmail.com>
+Date: Tue, 11 Oct 2022 22:52:02 +0530
+Subject: netfilter: nf_queue: fix socket leak
+To: stable@vger.kernel.org
+Cc: fw@strlen.de, avimalin@gmail.com, Vimal Agrawal <vimal.agrawal@sophos.com>
+Message-ID: <20221011172202.3709-1-vimal.agrawal@sophos.com>
+
+From: Vimal Agrawal <avimalin@gmail.com>
+
+Removal of the sock_hold got lost when backporting commit 4d05239203fa
+("netfilter: nf_queue: fix possible use-after-free") to 4.14
+
+This was causing a socket leak and was caught by kmemleak.
+Tested by running kmemleak again with this fix.
+
+Fixes: ef97921ccdc2 ("netfilter: nf_queue: fix possible use-after-free") in 4.14
+Signed-off-by: Vimal Agrawal <vimal.agrawal@sophos.com>
+Reviewed-by: Florian Westphal <fw@strlen.de>
+---
+ net/netfilter/nf_queue.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/net/netfilter/nf_queue.c
++++ b/net/netfilter/nf_queue.c
+@@ -91,8 +91,6 @@ bool nf_queue_entry_get_refs(struct nf_q
+ dev_hold(state->in);
+ if (state->out)
+ dev_hold(state->out);
+- if (state->sk)
+- sock_hold(state->sk);
+ #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
+ if (entry->skb->nf_bridge) {
+ struct net_device *physdev;
mmc-core-replace-with-already-defined-values-for-readability.patch
mmc-core-terminate-infinite-loop-in-sd-uhs-voltage-switch.patch
rpmsg-qcom-glink-replace-strncpy-with-strscpy_pad.patch
+netfilter-nf_queue-fix-socket-leak.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
