From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 19 Mar 2020 12:28:17 +0000 (+0100)
Subject: 4.9-stable patches
X-Git-Tag: v4.4.217~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b373f40b0d7537a3f365c28387fba86ad9678183;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	ipv4-ensure-rcu_read_lock-in-cipso_v4_error.patch
---

diff --git a/queue-4.9/ipv4-ensure-rcu_read_lock-in-cipso_v4_error.patch b/queue-4.9/ipv4-ensure-rcu_read_lock-in-cipso_v4_error.patch
new file mode 100644
index 00000000000..7b61bbc57de
--- /dev/null
+++ b/queue-4.9/ipv4-ensure-rcu_read_lock-in-cipso_v4_error.patch
@@ -0,0 +1,47 @@
+From 3e72dfdf8227b052393f71d820ec7599909dddc2 Mon Sep 17 00:00:00 2001
+From: Matteo Croce <mcroce@redhat.com>
+Date: Fri, 21 Feb 2020 12:28:38 +0100
+Subject: ipv4: ensure rcu_read_lock() in cipso_v4_error()
+
+From: Matteo Croce <mcroce@redhat.com>
+
+commit 3e72dfdf8227b052393f71d820ec7599909dddc2 upstream.
+
+Similarly to commit c543cb4a5f07 ("ipv4: ensure rcu_read_lock() in
+ipv4_link_failure()"), __ip_options_compile() must be called under rcu
+protection.
+
+Fixes: 3da1ed7ac398 ("net: avoid use IPCB in cipso_v4_error")
+Suggested-by: Guillaume Nault <gnault@redhat.com>
+Signed-off-by: Matteo Croce <mcroce@redhat.com>
+Acked-by: Paul Moore <paul@paul-moore.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ipv4/cipso_ipv4.c |    7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/net/ipv4/cipso_ipv4.c
++++ b/net/ipv4/cipso_ipv4.c
+@@ -1738,6 +1738,7 @@ void cipso_v4_error(struct sk_buff *skb,
+ {
+ 	unsigned char optbuf[sizeof(struct ip_options) + 40];
+ 	struct ip_options *opt = (struct ip_options *)optbuf;
++	int res;
+ 
+ 	if (ip_hdr(skb)->protocol == IPPROTO_ICMP || error != -EACCES)
+ 		return;
+@@ -1749,7 +1750,11 @@ void cipso_v4_error(struct sk_buff *skb,
+ 
+ 	memset(opt, 0, sizeof(struct ip_options));
+ 	opt->optlen = ip_hdr(skb)->ihl*4 - sizeof(struct iphdr);
+-	if (__ip_options_compile(dev_net(skb->dev), opt, skb, NULL))
++	rcu_read_lock();
++	res = __ip_options_compile(dev_net(skb->dev), opt, skb, NULL);
++	rcu_read_unlock();
++
++	if (res)
+ 		return;
+ 
+ 	if (gateway)
diff --git a/queue-4.9/series b/queue-4.9/series
index ebd96095efe..92caef43afe 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -87,3 +87,4 @@ jbd2-fix-data-races-at-struct-journal_head.patch
 arm-8957-1-vdso-match-armv8-timer-in-cntvct_functional.patch
 arm-8958-1-rename-missed-uaccess-.fixup-section.patch
 mm-slub-add-missing-tid-bump-in-kmem_cache_alloc_bulk.patch
+ipv4-ensure-rcu_read_lock-in-cipso_v4_error.patch