]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
projects / thirdparty / kernel / stable-queue.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cca1a5c)
revert buggy netfilter-ipv6-nf_defrag-drop-skb-dst-before-.patch
authorSasha Levin <sashal@kernel.org>
Wed, 31 Oct 2018 15:07:24 +0000 (11:07 -0400)
committerSasha Levin <sashal@kernel.org>
Wed, 31 Oct 2018 15:46:47 +0000 (11:46 -0400)
Signed-off-by: Sasha Levin <sashal@kernel.org>
queue-4.14/revert-netfilter-ipv6-nf_defrag-drop-skb-dst-before-.patch [new file with mode: 0644] patch | blob
queue-4.14/series patch | blob | blame | history
queue-4.18/revert-netfilter-ipv6-nf_defrag-drop-skb-dst-before-.patch [new file with mode: 0644] patch | blob
queue-4.18/series patch | blob | blame | history
queue-4.9/revert-netfilter-ipv6-nf_defrag-drop-skb-dst-before-.patch [new file with mode: 0644] patch | blob
queue-4.9/series patch | blob | blame | history

diff --git a/queue-4.14/revert-netfilter-ipv6-nf_defrag-drop-skb-dst-before-.patch b/queue-4.14/revert-netfilter-ipv6-nf_defrag-drop-skb-dst-before-.patch
new file mode 100644 (file)
index 0000000..445d0da
--- /dev/null
+++ b/queue-4.14/revert-netfilter-ipv6-nf_defrag-drop-skb-dst-before-.patch
@@ -0,0 +1,37 @@
+From 7c5cfffa6730f7c2f5dc892e86fa7efaf01f0c57 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 31 Oct 2018 11:05:19 -0400
+Subject: Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing"
+
+This reverts commit 28c74ff85efd192aeca9005499ca50c24d795f61.
+
+From Florian Westphal <fw@strlen.de>:
+
+       It causes kernel crash for locally generated ipv6 fragments
+       when netfilter ipv6 defragmentation is used.
+
+       The faulty commit is not essential for -stable, it only
+       delays netns teardown for longer than needed when that netns
+       still has ipv6 frags queued.  Much better than crash :-/
+
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/ipv6/netfilter/nf_conntrack_reasm.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
+index 2ed8536e10b6..611d406c4656 100644
+--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
++++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
+@@ -598,8 +598,6 @@ int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user)
+           fq->q.meat == fq->q.len &&
+           nf_ct_frag6_reasm(fq, skb, dev))
+               ret = 0;
+-      else
+-              skb_dst_drop(skb);
+ out_unlock:
+       spin_unlock_bh(&fq->q.lock);
+-- 
+2.17.1
+
diff --git a/queue-4.14/series b/queue-4.14/series
index f06b297618fca7f75ef1d7f939da38acda0de864..65b4f6d371be5840eb9595f35967e7e9e0847414 100644 (file)
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -109,3 +109,4 @@ kvm-x86-fix-warn-due-to-uninitialized-guest-fpu-stat.patch
 arm-dts-r8a7790-correct-critical-cpu-temperature.patch
 media-uvcvideo-fix-driver-reference-counting.patch
 alsa-usx2y-fix-invalid-stream-urbs.patch
+revert-netfilter-ipv6-nf_defrag-drop-skb-dst-before-.patch
diff --git a/queue-4.18/revert-netfilter-ipv6-nf_defrag-drop-skb-dst-before-.patch b/queue-4.18/revert-netfilter-ipv6-nf_defrag-drop-skb-dst-before-.patch
new file mode 100644 (file)
index 0000000..215bc11
--- /dev/null
+++ b/queue-4.18/revert-netfilter-ipv6-nf_defrag-drop-skb-dst-before-.patch
@@ -0,0 +1,37 @@
+From f73cad1eb4d6a6a75a7fe3045312637a3bcbb195 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 31 Oct 2018 11:04:10 -0400
+Subject: Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing"
+
+This reverts commit 84379c9afe011020e797e3f50a662b08a6355dcf.
+
+From Florian Westphal <fw@strlen.de>:
+
+       It causes kernel crash for locally generated ipv6 fragments
+       when netfilter ipv6 defragmentation is used.
+
+       The faulty commit is not essential for -stable, it only
+       delays netns teardown for longer than needed when that netns
+       still has ipv6 frags queued.  Much better than crash :-/
+
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/ipv6/netfilter/nf_conntrack_reasm.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
+index e4d9e6976d3c..a452d99c9f52 100644
+--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
++++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
+@@ -585,8 +585,6 @@ int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user)
+           fq->q.meat == fq->q.len &&
+           nf_ct_frag6_reasm(fq, skb, dev))
+               ret = 0;
+-      else
+-              skb_dst_drop(skb);
+ out_unlock:
+       spin_unlock_bh(&fq->q.lock);
+-- 
+2.17.1
+
diff --git a/queue-4.18/series b/queue-4.18/series
index 3120f43da70b702ed0a0798ec70d245f692c9c76..b9fe3e3b80e72cf8c99a4cc9b83e2496e8b21814 100644 (file)
--- a/queue-4.18/series
+++ b/queue-4.18/series
@@ -98,3 +98,4 @@ vmlinux.lds.h-fix-linker-warnings-about-orphan-.lpbx.patch
 afs-fix-cell-proc-list.patch
 fs-fat-fatent.c-add-cond_resched-to-fat_count_free_c.patch
 revert-mm-slowly-shrink-slabs-with-a-relatively-smal.patch
+revert-netfilter-ipv6-nf_defrag-drop-skb-dst-before-.patch
diff --git a/queue-4.9/revert-netfilter-ipv6-nf_defrag-drop-skb-dst-before-.patch b/queue-4.9/revert-netfilter-ipv6-nf_defrag-drop-skb-dst-before-.patch
new file mode 100644 (file)
index 0000000..70e4945
--- /dev/null
+++ b/queue-4.9/revert-netfilter-ipv6-nf_defrag-drop-skb-dst-before-.patch
@@ -0,0 +1,37 @@
+From 04b1a45be1f1cb73d1700404eab2d9738369e717 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 31 Oct 2018 11:06:10 -0400
+Subject: Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing"
+
+This reverts commit ad8b1ffc3efae2f65080bdb11145c87d299b8f9a.
+
+From Florian Westphal <fw@strlen.de>:
+
+       It causes kernel crash for locally generated ipv6 fragments
+       when netfilter ipv6 defragmentation is used.
+
+       The faulty commit is not essential for -stable, it only
+       delays netns teardown for longer than needed when that netns
+       still has ipv6 frags queued.  Much better than crash :-/
+
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/ipv6/netfilter/nf_conntrack_reasm.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
+index b9147558a8f2..e46185377981 100644
+--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
++++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
+@@ -597,8 +597,6 @@ int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user)
+           fq->q.meat == fq->q.len &&
+           nf_ct_frag6_reasm(fq, skb, dev))
+               ret = 0;
+-      else
+-              skb_dst_drop(skb);
+ out_unlock:
+       spin_unlock_bh(&fq->q.lock);
+-- 
+2.17.1
+
diff --git a/queue-4.9/series b/queue-4.9/series
index a048c0c6e0c3a4ad7cc135bbe216da7fc5046ff4..74b24811470dbf5853bb33c2847940eb4b13d5ad 100644 (file)
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -131,3 +131,4 @@ rxrpc-only-take-the-rwind-and-mtu-values-from-latest.patch
 net-ena-fix-null-dereference-due-to-untimely-napi-in.patch
 fs-fat-fatent.c-add-cond_resched-to-fat_count_free_c.patch
 mtd-spi-nor-add-support-for-is25wp-series-chips.patch
+revert-netfilter-ipv6-nf_defrag-drop-skb-dst-before-.patch
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git