On Tue, Mar 22, 2022 at 2:04 AM Greg KH gregkh@linuxfoundation.org wrote:
On Mon, Mar 21, 2022 at 06:49:02PM -0700, Vaibhav Rustagi wrote:
Hi Greg,
To fix CVE-2022-0886 in v5.10 and v5.4, we need to cherry-pick the commit "esp: Fix possible buffer overflow in ESP transformation" (ebe48d368e97d007bfeb76fcb065d6cfc4c96645). The commit didn't apply cleanly in v5.10 and v5.4 and therefore, patches for both the kernel versions are attached.
In order to backport the original commit, following changes are done:
- v5.10:
- "SKB_FRAG_PAGE_ORDER" declaration is moved from
"net/core/sock.c" to "include/net/sock.c"
Did you see that this is already in the 5.10 queue and out for review right now? Can you verify that the backport there matches yours?
I was not aware that I could check that. Thanks for the hint.
The change is not exactly identical. In addition to the change mentioned in https://www.spinics.net/lists/stable/msg542796.html, I have also removed following from "net/core/sock.c":
-#define SKB_FRAG_PAGE_ORDER get_order(32768)
This is done because "net/core/sock.c" includes "include/net/sock.h" which defined the MACRO.
- v5.4:
- "SKB_FRAG_PAGE_ORDER" declaration is moved from
"net/core/sock.c" to "include/net/sock.c" - Ignore changes introduced due to `xfrm: add support for UDPv6 encapsulation of ESP` in esp6_output_head()
Thanks for this one, I'll queue it up after this next round of releases. What about 4.14 and 4.19? Will this backport work there? If not, can you provide a working one?
I haven't tested the change in v4.14 and v4.19. I will check out those trees and check whether the current patch will work or not.
thanks,
greg k-h
Regards, Vaibhav