4.15-stable patches

added patches:
	netfilter-ipset-missing-nfnl_lock-nfnl_unlock-is-added-to-ip_set_net_exit.patch

diff --git a/queue-4.15/netfilter-ipset-missing-nfnl_lock-nfnl_unlock-is-added-to-ip_set_net_exit.patch b/queue-4.15/netfilter-ipset-missing-nfnl_lock-nfnl_unlock-is-added-to-ip_set_net_exit.patch
new file mode 100644 (file)
index 0000000..56690e8
--- /dev/null
+++ b/queue-4.15/netfilter-ipset-missing-nfnl_lock-nfnl_unlock-is-added-to-ip_set_net_exit.patch
@@ -0,0 +1,39 @@
+From f998b6b10144cd9809da6af02758615f789e8aa1 Mon Sep 17 00:00:00 2001
+From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+Date: Sat, 6 Jan 2018 15:24:18 +0100
+Subject: netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit()
+
+From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+
+commit f998b6b10144cd9809da6af02758615f789e8aa1 upstream.
+
+Patch "netfilter: ipset: use nfnl_mutex_is_locked" is added the real
+mutex locking check, which revealed the missing locking in ip_set_net_exit().
+
+Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+Reported-by: syzbot+36b06f219f2439fe62e1@syzkaller.appspotmail.com
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/ipset/ip_set_core.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/netfilter/ipset/ip_set_core.c
++++ b/net/netfilter/ipset/ip_set_core.c
+@@ -2055,6 +2055,7 @@ ip_set_net_exit(struct net *net)
+ 
+       inst->is_deleted = true; /* flag for ip_set_nfnl_put */
+ 
++      nfnl_lock(NFNL_SUBSYS_IPSET);
+       for (i = 0; i < inst->ip_set_max; i++) {
+               set = ip_set(inst, i);
+               if (set) {
+@@ -2062,6 +2063,7 @@ ip_set_net_exit(struct net *net)
+                       ip_set_destroy_set(set);
+               }
+       }
++      nfnl_unlock(NFNL_SUBSYS_IPSET);
+       kfree(rcu_dereference_protected(inst->ip_set_list, 1));
+ }
+