3.14-stable patches

added patches:
	ipv4-missing-sk_nulls_node_init-in-ping_unhash.patch

diff --git a/queue-3.14/ipv4-missing-sk_nulls_node_init-in-ping_unhash.patch b/queue-3.14/ipv4-missing-sk_nulls_node_init-in-ping_unhash.patch
new file mode 100644 (file)
index 0000000..87ae931
--- /dev/null
+++ b/queue-3.14/ipv4-missing-sk_nulls_node_init-in-ping_unhash.patch
@@ -0,0 +1,32 @@
+From foo@baz Fri May  8 13:15:54 CEST 2015
+From: "David S. Miller" <davem@davemloft.net>
+Date: Fri, 1 May 2015 22:02:47 -0400
+Subject: [PATCH] ipv4: Missing sk_nulls_node_init() in ping_unhash().
+
+From: "David S. Miller" <davem@davemloft.net>
+
+[ Upstream commit a134f083e79fb4c3d0a925691e732c56911b4326 ]
+
+If we don't do that, then the poison value is left in the ->pprev
+backlink.
+
+This can cause crashes if we do a disconnect, followed by a connect().
+
+Tested-by: Linus Torvalds <torvalds@linux-foundation.org>
+Reported-by: Wen Xu <hotdog3645@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/ping.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/ipv4/ping.c
++++ b/net/ipv4/ping.c
+@@ -158,6 +158,7 @@ void ping_unhash(struct sock *sk)
+       if (sk_hashed(sk)) {
+               write_lock_bh(&ping_table.lock);
+               hlist_nulls_del(&sk->sk_nulls_node);
++              sk_nulls_node_init(&sk->sk_nulls_node);
+               sock_put(sk);
+               isk->inet_num = 0;
+               isk->inet_sport = 0;