On Thu, Dec 14, 2017 at 01:30:08PM +0100, Pablo Neira Ayuso wrote:
> Hi Greg,
>
> I'd appreciate if you can take this patch into 4.9-stable. There is no
> similar patch in tree, so this is not a backport.
>
> On Wed, Dec 13, 2017 at 03:33:37PM -0500, Debabrata Banerjee wrote:
> > A verdict of NF_STOLEN after NF_QUEUE will cause an incorrect return value
> > and a potential kernel panic via double free of skb's
> >
> > This was broken by commit 7034b566a4e7 ("netfilter: fix nf_queue handling")
> > and subsequently fixed in v4.10 by commit c63cbc460419 ("netfilter:
> > use switch() to handle verdict cases from nf_hook_slow()"). However that
> > commit cannot be cleanly cherry-picked to v4.9
> >
> > Signed-off-by: Debabrata Banerjee <dbanerje@xxxxxxxxxx>
>
> Acked-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
>
> Thanks a lot!
Now applied, thanks.
greg k-h
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
