From 458115363c0576c64f03539bb7df9110cf9da60b Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 19 Mar 2020 13:29:26 +0100
Subject: [PATCH] 5.5-stable patches

added patches:
	ipv4-ensure-rcu_read_lock-in-cipso_v4_error.patch
---
 ...sure-rcu_read_lock-in-cipso_v4_error.patch | 47 +++++++++++++++++++
 queue-5.5/series                              |  1 +
 2 files changed, 48 insertions(+)
 create mode 100644 queue-5.5/ipv4-ensure-rcu_read_lock-in-cipso_v4_error.patch

diff --git a/queue-5.5/ipv4-ensure-rcu_read_lock-in-cipso_v4_error.patch b/queue-5.5/ipv4-ensure-rcu_read_lock-in-cipso_v4_error.patch
new file mode 100644
index 00000000000..25242f4f2a3
--- /dev/null
+++ b/queue-5.5/ipv4-ensure-rcu_read_lock-in-cipso_v4_error.patch
@@ -0,0 +1,47 @@
+From 3e72dfdf8227b052393f71d820ec7599909dddc2 Mon Sep 17 00:00:00 2001
+From: Matteo Croce <mcroce@redhat.com>
+Date: Fri, 21 Feb 2020 12:28:38 +0100
+Subject: ipv4: ensure rcu_read_lock() in cipso_v4_error()
+
+From: Matteo Croce <mcroce@redhat.com>
+
+commit 3e72dfdf8227b052393f71d820ec7599909dddc2 upstream.
+
+Similarly to commit c543cb4a5f07 ("ipv4: ensure rcu_read_lock() in
+ipv4_link_failure()"), __ip_options_compile() must be called under rcu
+protection.
+
+Fixes: 3da1ed7ac398 ("net: avoid use IPCB in cipso_v4_error")
+Suggested-by: Guillaume Nault <gnault@redhat.com>
+Signed-off-by: Matteo Croce <mcroce@redhat.com>
+Acked-by: Paul Moore <paul@paul-moore.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ipv4/cipso_ipv4.c |    7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/net/ipv4/cipso_ipv4.c
++++ b/net/ipv4/cipso_ipv4.c
+@@ -1724,6 +1724,7 @@ void cipso_v4_error(struct sk_buff *skb,
+ {
+ 	unsigned char optbuf[sizeof(struct ip_options) + 40];
+ 	struct ip_options *opt = (struct ip_options *)optbuf;
++	int res;
+ 
+ 	if (ip_hdr(skb)->protocol == IPPROTO_ICMP || error != -EACCES)
+ 		return;
+@@ -1735,7 +1736,11 @@ void cipso_v4_error(struct sk_buff *skb,
+ 
+ 	memset(opt, 0, sizeof(struct ip_options));
+ 	opt->optlen = ip_hdr(skb)->ihl*4 - sizeof(struct iphdr);
+-	if (__ip_options_compile(dev_net(skb->dev), opt, skb, NULL))
++	rcu_read_lock();
++	res = __ip_options_compile(dev_net(skb->dev), opt, skb, NULL);
++	rcu_read_unlock();
++
++	if (res)
+ 		return;
+ 
+ 	if (gateway)
diff --git a/queue-5.5/series b/queue-5.5/series
index 9f033fe481a..54f7ac5380e 100644
--- a/queue-5.5/series
+++ b/queue-5.5/series
@@ -62,3 +62,4 @@ mm-slub-add-missing-tid-bump-in-kmem_cache_alloc_bulk.patch
 hid-google-add-moonball-usb-id.patch
 hid-add-always_poll-quirk-to-lenovo-pixart-mouse.patch
 arm-8961-2-fix-kbuild-issue-caused-by-per-task-stack-protector-gcc-plugin.patch
+ipv4-ensure-rcu_read_lock-in-cipso_v4_error.patch
-- 
2.47.3