Merge tag 'v5.19-rc6' into tip:x86/kdump

Merge rc6 to pick up dependent changes to the bootparam UAPI header. Signed-off-by: Borislav Petkov <bp@suse.de>
author: Borislav Petkov <bp@suse.de> 2022-07-11 09:58:01 +0200
committer: Borislav Petkov <bp@suse.de> 2022-07-11 09:58:01 +0200
commit: 5a88c48f4146de2c8c2ed7ddcaa76f898869f3a3 (patch)
tree: fc501a1b940026cbd5316f8665236c109d5f1a2e /net/ipv4/tcp_ipv4.c
parent: b69a2afd5afce9bf6d56e349d6ab592c916e20f2 (diff)
parent: 32346491ddf24599decca06190ebca03ff9de7f8 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index fe8f23b95d32..da5a3c44c4fb 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1964,7 +1964,10 @@ process:
 		struct sock *nsk;
 
 		sk = req->rsk_listener;
-		drop_reason = tcp_inbound_md5_hash(sk, skb,
+		if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
+			drop_reason = SKB_DROP_REASON_XFRM_POLICY;
+		else
+			drop_reason = tcp_inbound_md5_hash(sk, skb,
 						   &iph->saddr, &iph->daddr,
 						   AF_INET, dif, sdif);
 		if (unlikely(drop_reason)) {
@@ -2016,6 +2019,7 @@ process:
 			}
 			goto discard_and_relse;
 		}
+		nf_reset_ct(skb);
 		if (nsk == sk) {
 			reqsk_put(req);
 			tcp_v4_restore_cb(skb);
author	Borislav Petkov <bp@suse.de>	2022-07-11 09:58:01 +0200
committer	Borislav Petkov <bp@suse.de>	2022-07-11 09:58:01 +0200
commit	5a88c48f4146de2c8c2ed7ddcaa76f898869f3a3 (patch)
tree	fc501a1b940026cbd5316f8665236c109d5f1a2e /net/ipv4/tcp_ipv4.c
parent	b69a2afd5afce9bf6d56e349d6ab592c916e20f2 (diff)
parent	32346491ddf24599decca06190ebca03ff9de7f8 (diff)