delete broken netfilter patch

diff --git a/queue-3.19/netfilter-x_tables-fix-cgroup-matching-on-non-full-sks.patch b/queue-3.19/netfilter-x_tables-fix-cgroup-matching-on-non-full-sks.patch
deleted file mode 100644 (file)
index f4b22f1..0000000
--- a/queue-3.19/netfilter-x_tables-fix-cgroup-matching-on-non-full-sks.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From afb7718016fcb0370ac29a83b2839c78b76c2960 Mon Sep 17 00:00:00 2001
-From: Daniel Borkmann <daniel@iogearbox.net>
-Date: Fri, 27 Mar 2015 19:37:41 +0100
-Subject: netfilter: x_tables: fix cgroup matching on non-full sks
-
-From: Daniel Borkmann <daniel@iogearbox.net>
-
-commit afb7718016fcb0370ac29a83b2839c78b76c2960 upstream.
-
-While originally only being intended for outgoing traffic, commit
-a00e76349f35 ("netfilter: x_tables: allow to use cgroup match for
-LOCAL_IN nf hooks") enabled xt_cgroups for the NF_INET_LOCAL_IN hook
-as well, in order to allow for nfacct accounting.
-
-Besides being currently limited to early demuxes only, commit
-a00e76349f35 forgot to add a check if we deal with full sockets,
-i.e. in this case not with time wait sockets. TCP time wait sockets
-do not have the same memory layout as full sockets, a lower memory
-footprint and consequently also don't have a sk_classid member;
-probing for sk_classid member there could potentially lead to a
-crash.
-
-Fixes: a00e76349f35 ("netfilter: x_tables: allow to use cgroup match for LOCAL_IN nf hooks")
-Cc: Alexey Perevalov <a.perevalov@samsung.com>
-Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- net/netfilter/xt_cgroup.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/net/netfilter/xt_cgroup.c
-+++ b/net/netfilter/xt_cgroup.c
-@@ -39,7 +39,7 @@ cgroup_mt(const struct sk_buff *skb, str
- {
-       const struct xt_cgroup_info *info = par->matchinfo;
- 
--      if (skb->sk == NULL)
-+      if (skb->sk == NULL || !sk_fullsock(skb->sk))
-               return false;
- 
-       return (info->id == skb->sk->sk_classid) ^ info->invert;

diff --git a/queue-3.19/series b/queue-3.19/series
index 431148ce2866199d1be2bfa40e59f8f790a707c0..e65d7d90e5fec668b0478e536680062826960193 100644 (file)
--- a/queue-3.19/series
+++ b/queue-3.19/series
@@ -173,5 +173,4 @@ c6x-time-ensure-consistency-in-__init.patch
 memstick-mspro_block-add-missing-curly-braces.patch
 drivers-platform-parse-irq-flags-from-resources.patch
 driver-core-bus-goto-appropriate-labels-on-failure-in-bus_add_device.patch
-netfilter-x_tables-fix-cgroup-matching-on-non-full-sks.patch
 netfilter-bridge-really-save-frag_max_size-between-pre-and-post_routing.patch

diff --git a/queue-4.0/netfilter-x_tables-fix-cgroup-matching-on-non-full-sks.patch b/queue-4.0/netfilter-x_tables-fix-cgroup-matching-on-non-full-sks.patch
deleted file mode 100644 (file)
index f4b22f1..0000000
--- a/queue-4.0/netfilter-x_tables-fix-cgroup-matching-on-non-full-sks.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From afb7718016fcb0370ac29a83b2839c78b76c2960 Mon Sep 17 00:00:00 2001
-From: Daniel Borkmann <daniel@iogearbox.net>
-Date: Fri, 27 Mar 2015 19:37:41 +0100
-Subject: netfilter: x_tables: fix cgroup matching on non-full sks
-
-From: Daniel Borkmann <daniel@iogearbox.net>
-
-commit afb7718016fcb0370ac29a83b2839c78b76c2960 upstream.
-
-While originally only being intended for outgoing traffic, commit
-a00e76349f35 ("netfilter: x_tables: allow to use cgroup match for
-LOCAL_IN nf hooks") enabled xt_cgroups for the NF_INET_LOCAL_IN hook
-as well, in order to allow for nfacct accounting.
-
-Besides being currently limited to early demuxes only, commit
-a00e76349f35 forgot to add a check if we deal with full sockets,
-i.e. in this case not with time wait sockets. TCP time wait sockets
-do not have the same memory layout as full sockets, a lower memory
-footprint and consequently also don't have a sk_classid member;
-probing for sk_classid member there could potentially lead to a
-crash.
-
-Fixes: a00e76349f35 ("netfilter: x_tables: allow to use cgroup match for LOCAL_IN nf hooks")
-Cc: Alexey Perevalov <a.perevalov@samsung.com>
-Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- net/netfilter/xt_cgroup.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/net/netfilter/xt_cgroup.c
-+++ b/net/netfilter/xt_cgroup.c
-@@ -39,7 +39,7 @@ cgroup_mt(const struct sk_buff *skb, str
- {
-       const struct xt_cgroup_info *info = par->matchinfo;
- 
--      if (skb->sk == NULL)
-+      if (skb->sk == NULL || !sk_fullsock(skb->sk))
-               return false;
- 
-       return (info->id == skb->sk->sk_classid) ^ info->invert;

diff --git a/queue-4.0/series b/queue-4.0/series
index a254cbae0465570ec259cb2bd1d11f5c4840a972..366f4e3df62d10a182236dca434ef9f8928581dc 100644 (file)
--- a/queue-4.0/series
+++ b/queue-4.0/series
@@ -216,5 +216,4 @@ c6x-time-ensure-consistency-in-__init.patch
 memstick-mspro_block-add-missing-curly-braces.patch
 drivers-platform-parse-irq-flags-from-resources.patch
 driver-core-bus-goto-appropriate-labels-on-failure-in-bus_add_device.patch
-netfilter-x_tables-fix-cgroup-matching-on-non-full-sks.patch
 netfilter-bridge-really-save-frag_max_size-between-pre-and-post_routing.patch