[ Sasha's backport helper bot ]
Hi,
✅ All tests passed successfully. No issues detected. No action required from the submitter.
The upstream commit SHA1 provided is correct: 9ab5cf19fb0e4680f95e506d6c544259bf1111c4
WARNING: Author mismatch between patch and upstream commit: Backport author: Harshit Mogalapalliharshit.m.mogalapalli@oracle.com Commit author: Wang Liangwangliang74@huawei.com
Status in newer kernel trees: 6.14.y | Present (exact SHA1) 6.13.y | Present (exact SHA1) 6.12.y | Present (exact SHA1) 6.6.y | Present (different SHA1: ac5977001eee) 6.1.y | Present (different SHA1: e9365368b483)
Note: The patch differs from the upstream commit: --- 1: 9ab5cf19fb0e4 ! 1: 92a2aab3e8a99 net: fix crash when config small gso_max_size/gso_ipv4_max_size @@ Metadata ## Commit message ## net: fix crash when config small gso_max_size/gso_ipv4_max_size
+ [ Upstream commit 9ab5cf19fb0e4680f95e506d6c544259bf1111c4 ] + Config a small gso_max_size/gso_ipv4_max_size will lead to an underflow in sk_dst_gso_max_size(), which may trigger a BUG_ON crash, because sk->sk_gso_max_size would be much bigger than device limits. @@ Commit message Reviewed-by: Eric Dumazet edumazet@google.com Link: https://patch.msgid.link/20241023035213.517386-1-wangliang74@huawei.com Signed-off-by: Jakub Kicinski kuba@kernel.org + [ Resolve minor conflicts to fix CVE-2024-50258 ] + Signed-off-by: Bin Lan bin.lan.cn@windriver.com + Signed-off-by: Sasha Levin sashal@kernel.org + [Harshit: Clean cherrypick from 6.1.y commit] + Signed-off-by: Harshit Mogalapalli harshit.m.mogalapalli@oracle.com
## net/core/rtnetlink.c ## @@ net/core/rtnetlink.c: static const struct nla_policy ifla_policy[IFLA_MAX+1] = { @@ net/core/rtnetlink.c: static const struct nla_policy ifla_policy[IFLA_MAX+1] = { [IFLA_PHYS_PORT_ID] = { .type = NLA_BINARY, .len = MAX_PHYS_ITEM_ID_LEN }, [IFLA_CARRIER_CHANGES] = { .type = NLA_U32 }, /* ignored */ [IFLA_PHYS_SWITCH_ID] = { .type = NLA_BINARY, .len = MAX_PHYS_ITEM_ID_LEN }, -@@ net/core/rtnetlink.c: static const struct nla_policy ifla_policy[IFLA_MAX+1] = { - [IFLA_TSO_MAX_SIZE] = { .type = NLA_REJECT }, - [IFLA_TSO_MAX_SEGS] = { .type = NLA_REJECT }, - [IFLA_ALLMULTI] = { .type = NLA_REJECT }, -- [IFLA_GSO_IPV4_MAX_SIZE] = { .type = NLA_U32 }, -+ [IFLA_GSO_IPV4_MAX_SIZE] = NLA_POLICY_MIN(NLA_U32, MAX_TCP_HEADER + 1), - [IFLA_GRO_IPV4_MAX_SIZE] = { .type = NLA_U32 }, - }; - ---
Results of testing on various branches:
| Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.1.y | Success | Success |