From 3e275abc87d0d0a251eb67e9d059baa4c64c12fe Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 15 Mar 2023 08:46:39 +0100
Subject: [PATCH] 5.10-stable patches

added patches:
	skbuff-fix-nfct-leak-on-napi-stolen.patch
---
 queue-5.10/series                             |  1 +
 .../skbuff-fix-nfct-leak-on-napi-stolen.patch | 44 +++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 queue-5.10/skbuff-fix-nfct-leak-on-napi-stolen.patch

diff --git a/queue-5.10/series b/queue-5.10/series
index 3ac23897498..1a8380f5a80 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -85,3 +85,4 @@ media-ov5640-fix-analogue-gain-control.patch
 media-rc-gpio-ir-recv-add-remove-function.patch
 ipmi-watchdog-replace-atomic_add-and-atomic_sub.patch
 ipmi-watchdog-set-panic-count-to-proper-value-on-a-panic.patch
+skbuff-fix-nfct-leak-on-napi-stolen.patch
diff --git a/queue-5.10/skbuff-fix-nfct-leak-on-napi-stolen.patch b/queue-5.10/skbuff-fix-nfct-leak-on-napi-stolen.patch
new file mode 100644
index 00000000000..9f2d278f386
--- /dev/null
+++ b/queue-5.10/skbuff-fix-nfct-leak-on-napi-stolen.patch
@@ -0,0 +1,44 @@
+From taoliu828@163.com  Wed Mar 15 08:41:51 2023
+From: Tao Liu <taoliu828@163.com>
+Date: Tue, 14 Mar 2023 20:10:17 +0800
+Subject: skbuff: Fix nfct leak on napi stolen
+To: paulb@nvidia.com, roid@nvidia.com, davem@davemloft.net, kuba@kernel.org, gregkh@linuxfoundation.org
+Cc: netdev@vger.kernel.org, taoliu828@163.com
+Message-ID: <20230314121017.1929515-1-taoliu828@163.com>
+
+From: Tao Liu <taoliu828@163.com>
+
+Upstream commit [0] had fixed this issue, and backported to kernel 5.10.54.
+However, nf_reset_ct() added in skb_release_head_state() instead of
+napi_skb_free_stolen_head(), which lead to leakage still exist in 5.10.
+
+[0] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8550ff8d8c75416e984d9c4b082845e57e560984
+
+Fixes: 570341f10ecc ("skbuff: Release nfct refcount on napi stolen or re-used skbs"))
+Signed-off-by: Tao Liu <taoliu828@163.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/dev.c    |    1 +
+ net/core/skbuff.c |    1 -
+ 2 files changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -6111,6 +6111,7 @@ EXPORT_SYMBOL(gro_find_complete_by_type)
+ 
+ static void napi_skb_free_stolen_head(struct sk_buff *skb)
+ {
++	nf_reset_ct(skb);
+ 	skb_dst_drop(skb);
+ 	skb_ext_put(skb);
+ 	kmem_cache_free(skbuff_head_cache, skb);
+--- a/net/core/skbuff.c
++++ b/net/core/skbuff.c
+@@ -659,7 +659,6 @@ fastpath:
+ 
+ void skb_release_head_state(struct sk_buff *skb)
+ {
+-	nf_reset_ct(skb);
+ 	skb_dst_drop(skb);
+ 	if (skb->destructor) {
+ 		WARN_ON(in_irq());
-- 
2.47.3