From 7a7f6bddc7497bb2328fec82b049731ed58a0293 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 11 Oct 2022 20:37:12 +0200
Subject: [PATCH] 4.14-stable patches

added patches:
	netfilter-nf_queue-fix-socket-leak.patch
---
 .../netfilter-nf_queue-fix-socket-leak.patch  | 34 +++++++++++++++++++
 queue-4.14/series                             |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 queue-4.14/netfilter-nf_queue-fix-socket-leak.patch

diff --git a/queue-4.14/netfilter-nf_queue-fix-socket-leak.patch b/queue-4.14/netfilter-nf_queue-fix-socket-leak.patch
new file mode 100644
index 00000000000..484a46dd61b
--- /dev/null
+++ b/queue-4.14/netfilter-nf_queue-fix-socket-leak.patch
@@ -0,0 +1,34 @@
+From avimalin@gmail.com  Tue Oct 11 20:34:34 2022
+From: Vimal Agrawal <avimalin@gmail.com>
+Date: Tue, 11 Oct 2022 22:52:02 +0530
+Subject: netfilter: nf_queue: fix socket leak
+To: stable@vger.kernel.org
+Cc: fw@strlen.de, avimalin@gmail.com, Vimal Agrawal <vimal.agrawal@sophos.com>
+Message-ID: <20221011172202.3709-1-vimal.agrawal@sophos.com>
+
+From: Vimal Agrawal <avimalin@gmail.com>
+
+Removal of the sock_hold got lost when backporting commit 4d05239203fa
+("netfilter: nf_queue: fix possible use-after-free") to 4.14
+
+This was causing a socket leak and was caught by kmemleak.
+Tested by running kmemleak again with this fix.
+
+Fixes: ef97921ccdc2 ("netfilter: nf_queue: fix possible use-after-free") in 4.14
+Signed-off-by: Vimal Agrawal <vimal.agrawal@sophos.com>
+Reviewed-by: Florian Westphal <fw@strlen.de>
+---
+ net/netfilter/nf_queue.c |    2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/net/netfilter/nf_queue.c
++++ b/net/netfilter/nf_queue.c
+@@ -91,8 +91,6 @@ bool nf_queue_entry_get_refs(struct nf_q
+ 		dev_hold(state->in);
+ 	if (state->out)
+ 		dev_hold(state->out);
+-	if (state->sk)
+-		sock_hold(state->sk);
+ #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
+ 	if (entry->skb->nf_bridge) {
+ 		struct net_device *physdev;
diff --git a/queue-4.14/series b/queue-4.14/series
index dcaaf3e5517..ff1fcb25fb1 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -32,3 +32,4 @@ usb-serial-ftdi_sio-fix-300-bps-rate-for-sio.patch
 mmc-core-replace-with-already-defined-values-for-readability.patch
 mmc-core-terminate-infinite-loop-in-sd-uhs-voltage-switch.patch
 rpmsg-qcom-glink-replace-strncpy-with-strscpy_pad.patch
+netfilter-nf_queue-fix-socket-leak.patch
-- 
2.47.3