4.11-stable patches

added patches:
	esp4-fix-udpencap-for-local-tcp-packets.patch

diff --git a/queue-4.11/esp4-fix-udpencap-for-local-tcp-packets.patch b/queue-4.11/esp4-fix-udpencap-for-local-tcp-packets.patch
new file mode 100644 (file)
index 0000000..02d51ab
--- /dev/null
+++ b/queue-4.11/esp4-fix-udpencap-for-local-tcp-packets.patch
@@ -0,0 +1,59 @@
+From 20218ba11828773f48fad8fcf23d9ba7b6cfb711 Mon Sep 17 00:00:00 2001
+From: Steffen Klassert <steffen.klassert@secunet.com>
+Date: Fri, 9 Jun 2017 11:35:46 +0200
+Subject: [PATCH] esp4: Fix udpencap for local TCP packets.
+
+From: Steffen Klassert <steffen.klassert@secunet.com>
+
+[ Upstream commit 0e78a87306a6f55b1c7bbafad1de62c3975953ca ]
+
+Locally generated TCP packets are usually cloned, so we
+do skb_cow_data() on this packets. After that we need to
+reload the pointer to the esp header. On udpencap this
+header has an offset to skb_transport_header, so take this
+offset into account.
+
+This is a backport of:
+commit 0e78a87306a ("esp4: Fix udpencap for local TCP packets.")
+
+Fixes: 67d349ed603 ("net/esp4: Fix invalid esph pointer crash")
+Fixes: fca11ebde3f0 ("esp4: Reorganize esp_output")
+Reported-by: Don Bowman <db@donbowman.ca>
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/esp4.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
+index b1e2444..9708a32 100644
+--- a/net/ipv4/esp4.c
++++ b/net/ipv4/esp4.c
+@@ -212,6 +212,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
+       u8 *iv;
+       u8 *tail;
+       u8 *vaddr;
++      int esph_offset;
+       int blksize;
+       int clen;
+       int alen;
+@@ -392,12 +393,14 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
+       }
+ 
+ cow:
++      esph_offset = (unsigned char *)esph - skb_transport_header(skb);
++
+       err = skb_cow_data(skb, tailen, &trailer);
+       if (err < 0)
+               goto error;
+       nfrags = err;
+       tail = skb_tail_pointer(trailer);
+-      esph = ip_esp_hdr(skb);
++      esph = (struct ip_esp_hdr *)(skb_transport_header(skb) + esph_offset);
+ 
+ skip_cow:
+       esp_output_fill_trailer(tail, tfclen, plen, proto);
+-- 
+2.9.4
+

diff --git a/queue-4.11/series b/queue-4.11/series
index 6c00b50ee1fc38ceba9c73661377ed44b052aace..9885ec1763c6816d36ab9892e7510807d81e6d35 100644 (file)
--- a/queue-4.11/series
+++ b/queue-4.11/series
@@ -82,3 +82,4 @@ kvm-x86-fix-emulation-of-rsm-and-iret-instructions.patch
 kvm-x86-vpmu-fix-undefined-shift-in-intel_pmu_refresh.patch
 kvm-x86-zero-base3-of-unusable-segments.patch
 kvm-nvmx-fix-exception-injection.patch
+esp4-fix-udpencap-for-local-tcp-packets.patch