From a23727a36cb9590d56eaa1306b8c7f78dfef8580 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 5 Jul 2018 19:11:11 +0200
Subject: [PATCH] 4.4-stable patches

added patches:
	netfilter-nf_tables-use-warn_on_once-instead-of-bug_on-in-nft_do_chain.patch
---
 ...ce-instead-of-bug_on-in-nft_do_chain.patch | 34 +++++++++++++++++++
 queue-4.4/series                              |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 queue-4.4/netfilter-nf_tables-use-warn_on_once-instead-of-bug_on-in-nft_do_chain.patch

diff --git a/queue-4.4/netfilter-nf_tables-use-warn_on_once-instead-of-bug_on-in-nft_do_chain.patch b/queue-4.4/netfilter-nf_tables-use-warn_on_once-instead-of-bug_on-in-nft_do_chain.patch
new file mode 100644
index 00000000000..240200f852f
--- /dev/null
+++ b/queue-4.4/netfilter-nf_tables-use-warn_on_once-instead-of-bug_on-in-nft_do_chain.patch
@@ -0,0 +1,34 @@
+From adc972c5b88829d38ede08b1069718661c7330ae Mon Sep 17 00:00:00 2001
+From: Taehee Yoo <ap420073@gmail.com>
+Date: Mon, 11 Jun 2018 22:16:33 +0900
+Subject: netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
+
+From: Taehee Yoo <ap420073@gmail.com>
+
+commit adc972c5b88829d38ede08b1069718661c7330ae upstream.
+
+When depth of chain is bigger than NFT_JUMP_STACK_SIZE, the nft_do_chain
+crashes. But there is no need to crash hard here.
+
+Suggested-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Taehee Yoo <ap420073@gmail.com>
+Acked-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nf_tables_core.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/netfilter/nf_tables_core.c
++++ b/net/netfilter/nf_tables_core.c
+@@ -167,7 +167,8 @@ next_rule:
+ 
+ 	switch (regs.verdict.code) {
+ 	case NFT_JUMP:
+-		BUG_ON(stackptr >= NFT_JUMP_STACK_SIZE);
++		if (WARN_ON_ONCE(stackptr >= NFT_JUMP_STACK_SIZE))
++			return NF_DROP;
+ 		jumpstack[stackptr].chain = chain;
+ 		jumpstack[stackptr].rule  = rule;
+ 		jumpstack[stackptr].rulenum = rulenum;
diff --git a/queue-4.4/series b/queue-4.4/series
index 4dcdc495e34..b9a70be7428 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -10,3 +10,4 @@ i2c-rcar-fix-resume-by-always-initializing-registers-before-transfer.patch
 ipv4-fix-error-return-value-in-fib_convert_metrics.patch
 kprobes-x86-do-not-modify-singlestep-buffer-while-resuming.patch
 nvme-pci-initialize-queue-memory-before-interrupts.patch
+netfilter-nf_tables-use-warn_on_once-instead-of-bug_on-in-nft_do_chain.patch
-- 
2.47.3