Hi Greg,
To fix CVE-2022-0886 in v5.10 and v5.4, we need to cherry-pick the commit "esp: Fix possible buffer overflow in ESP transformation" (ebe48d368e97d007bfeb76fcb065d6cfc4c96645). The commit didn't apply cleanly in v5.10 and v5.4 and therefore, patches for both the kernel versions are attached.
In order to backport the original commit, following changes are done:
- v5.10: - "SKB_FRAG_PAGE_ORDER" declaration is moved from "net/core/sock.c" to "include/net/sock.c"
- v5.4: - "SKB_FRAG_PAGE_ORDER" declaration is moved from "net/core/sock.c" to "include/net/sock.c" - Ignore changes introduced due to `xfrm: add support for UDPv6 encapsulation of ESP` in esp6_output_head()
Can you help in cherry-picking the commit to above stable branches?
Thanks, Vaibhav
On Mon, Mar 21, 2022 at 06:49:02PM -0700, Vaibhav Rustagi wrote:
Hi Greg,
To fix CVE-2022-0886 in v5.10 and v5.4, we need to cherry-pick the commit "esp: Fix possible buffer overflow in ESP transformation" (ebe48d368e97d007bfeb76fcb065d6cfc4c96645). The commit didn't apply cleanly in v5.10 and v5.4 and therefore, patches for both the kernel versions are attached.
In order to backport the original commit, following changes are done:
- v5.10:
- "SKB_FRAG_PAGE_ORDER" declaration is moved from
"net/core/sock.c" to "include/net/sock.c"
Did you see that this is already in the 5.10 queue and out for review right now? Can you verify that the backport there matches yours?
- v5.4:
- "SKB_FRAG_PAGE_ORDER" declaration is moved from
"net/core/sock.c" to "include/net/sock.c" - Ignore changes introduced due to `xfrm: add support for UDPv6 encapsulation of ESP` in esp6_output_head()
Thanks for this one, I'll queue it up after this next round of releases. What about 4.14 and 4.19? Will this backport work there? If not, can you provide a working one?
thanks,
greg k-h
On Tue, Mar 22, 2022 at 2:04 AM Greg KH gregkh@linuxfoundation.org wrote:
On Mon, Mar 21, 2022 at 06:49:02PM -0700, Vaibhav Rustagi wrote:
Hi Greg,
To fix CVE-2022-0886 in v5.10 and v5.4, we need to cherry-pick the commit "esp: Fix possible buffer overflow in ESP transformation" (ebe48d368e97d007bfeb76fcb065d6cfc4c96645). The commit didn't apply cleanly in v5.10 and v5.4 and therefore, patches for both the kernel versions are attached.
In order to backport the original commit, following changes are done:
- v5.10:
- "SKB_FRAG_PAGE_ORDER" declaration is moved from
"net/core/sock.c" to "include/net/sock.c"
Did you see that this is already in the 5.10 queue and out for review right now? Can you verify that the backport there matches yours?
I was not aware that I could check that. Thanks for the hint.
The change is not exactly identical. In addition to the change mentioned in https://www.spinics.net/lists/stable/msg542796.html, I have also removed following from "net/core/sock.c":
-#define SKB_FRAG_PAGE_ORDER get_order(32768)
This is done because "net/core/sock.c" includes "include/net/sock.h" which defined the MACRO.
- v5.4:
- "SKB_FRAG_PAGE_ORDER" declaration is moved from
"net/core/sock.c" to "include/net/sock.c" - Ignore changes introduced due to `xfrm: add support for UDPv6 encapsulation of ESP` in esp6_output_head()
Thanks for this one, I'll queue it up after this next round of releases. What about 4.14 and 4.19? Will this backport work there? If not, can you provide a working one?
I haven't tested the change in v4.14 and v4.19. I will check out those trees and check whether the current patch will work or not.
thanks,
greg k-h
Regards, Vaibhav
On Tue, Mar 22, 2022 at 9:53 AM Vaibhav Rustagi vaibhavrustagi@google.com wrote:
On Tue, Mar 22, 2022 at 2:04 AM Greg KH gregkh@linuxfoundation.org wrote:
On Mon, Mar 21, 2022 at 06:49:02PM -0700, Vaibhav Rustagi wrote:
Hi Greg,
To fix CVE-2022-0886 in v5.10 and v5.4, we need to cherry-pick the commit "esp: Fix possible buffer overflow in ESP transformation" (ebe48d368e97d007bfeb76fcb065d6cfc4c96645). The commit didn't apply cleanly in v5.10 and v5.4 and therefore, patches for both the kernel versions are attached.
In order to backport the original commit, following changes are done:
- v5.10:
- "SKB_FRAG_PAGE_ORDER" declaration is moved from
"net/core/sock.c" to "include/net/sock.c"
Did you see that this is already in the 5.10 queue and out for review right now? Can you verify that the backport there matches yours?
I was not aware that I could check that. Thanks for the hint.
The change is not exactly identical. In addition to the change mentioned in https://www.spinics.net/lists/stable/msg542796.html, I have also removed following from "net/core/sock.c":
-#define SKB_FRAG_PAGE_ORDER get_order(32768)
This is done because "net/core/sock.c" includes "include/net/sock.h" which defined the MACRO.
- v5.4:
- "SKB_FRAG_PAGE_ORDER" declaration is moved from
"net/core/sock.c" to "include/net/sock.c" - Ignore changes introduced due to `xfrm: add support for UDPv6 encapsulation of ESP` in esp6_output_head()
Thanks for this one, I'll queue it up after this next round of releases. What about 4.14 and 4.19? Will this backport work there? If not, can you provide a working one?
I haven't tested the change in v4.14 and v4.19. I will check out those trees and check whether the current patch will work or not.
The changes for v4.14 and v4.19 are the same as what is sent for v5.4. However, the v5.4 patch didn't apply cleanly and I have attached patches for v4.14 (tested build on v4.14.272) and v4.19 (tested build on v4.19.235).
thanks,
greg k-h
Regards, Vaibhav
On Tue, Mar 22, 2022 at 01:42:50PM -0700, Vaibhav Rustagi wrote:
On Tue, Mar 22, 2022 at 9:53 AM Vaibhav Rustagi vaibhavrustagi@google.com wrote:
On Tue, Mar 22, 2022 at 2:04 AM Greg KH gregkh@linuxfoundation.org wrote:
On Mon, Mar 21, 2022 at 06:49:02PM -0700, Vaibhav Rustagi wrote:
Hi Greg,
To fix CVE-2022-0886 in v5.10 and v5.4, we need to cherry-pick the commit "esp: Fix possible buffer overflow in ESP transformation" (ebe48d368e97d007bfeb76fcb065d6cfc4c96645). The commit didn't apply cleanly in v5.10 and v5.4 and therefore, patches for both the kernel versions are attached.
In order to backport the original commit, following changes are done:
- v5.10:
- "SKB_FRAG_PAGE_ORDER" declaration is moved from
"net/core/sock.c" to "include/net/sock.c"
Did you see that this is already in the 5.10 queue and out for review right now? Can you verify that the backport there matches yours?
I was not aware that I could check that. Thanks for the hint.
The change is not exactly identical. In addition to the change mentioned in https://www.spinics.net/lists/stable/msg542796.html, I have also removed following from "net/core/sock.c":
-#define SKB_FRAG_PAGE_ORDER get_order(32768)
This is done because "net/core/sock.c" includes "include/net/sock.h" which defined the MACRO.
- v5.4:
- "SKB_FRAG_PAGE_ORDER" declaration is moved from
"net/core/sock.c" to "include/net/sock.c" - Ignore changes introduced due to `xfrm: add support for UDPv6 encapsulation of ESP` in esp6_output_head()
Thanks for this one, I'll queue it up after this next round of releases. What about 4.14 and 4.19? Will this backport work there? If not, can you provide a working one?
I haven't tested the change in v4.14 and v4.19. I will check out those trees and check whether the current patch will work or not.
The changes for v4.14 and v4.19 are the same as what is sent for v5.4. However, the v5.4 patch didn't apply cleanly and I have attached patches for v4.14 (tested build on v4.14.272) and v4.19 (tested build on v4.19.235).
Thank you for all of these, all now queued up.
greg k-h
On Tue, Mar 22, 2022 at 09:53:09AM -0700, Vaibhav Rustagi wrote:
On Tue, Mar 22, 2022 at 2:04 AM Greg KH gregkh@linuxfoundation.org wrote:
On Mon, Mar 21, 2022 at 06:49:02PM -0700, Vaibhav Rustagi wrote:
Hi Greg,
To fix CVE-2022-0886 in v5.10 and v5.4, we need to cherry-pick the commit "esp: Fix possible buffer overflow in ESP transformation" (ebe48d368e97d007bfeb76fcb065d6cfc4c96645). The commit didn't apply cleanly in v5.10 and v5.4 and therefore, patches for both the kernel versions are attached.
In order to backport the original commit, following changes are done:
- v5.10:
- "SKB_FRAG_PAGE_ORDER" declaration is moved from
"net/core/sock.c" to "include/net/sock.c"
Did you see that this is already in the 5.10 queue and out for review right now? Can you verify that the backport there matches yours?
I was not aware that I could check that. Thanks for the hint.
The change is not exactly identical. In addition to the change mentioned in https://www.spinics.net/lists/stable/msg542796.html, I have also removed following from "net/core/sock.c":
Please use lore.kernel.org for mailing list links.
-#define SKB_FRAG_PAGE_ORDER get_order(32768)
This is done because "net/core/sock.c" includes "include/net/sock.h" which defined the MACRO.
So is the backport correct? Or just different?
thanks,
greg k-h
On Wed, Mar 23, 2022 at 12:01 AM Greg KH gregkh@linuxfoundation.org wrote:
On Tue, Mar 22, 2022 at 09:53:09AM -0700, Vaibhav Rustagi wrote:
On Tue, Mar 22, 2022 at 2:04 AM Greg KH gregkh@linuxfoundation.org wrote:
On Mon, Mar 21, 2022 at 06:49:02PM -0700, Vaibhav Rustagi wrote:
Hi Greg,
To fix CVE-2022-0886 in v5.10 and v5.4, we need to cherry-pick the commit "esp: Fix possible buffer overflow in ESP transformation" (ebe48d368e97d007bfeb76fcb065d6cfc4c96645). The commit didn't apply cleanly in v5.10 and v5.4 and therefore, patches for both the kernel versions are attached.
In order to backport the original commit, following changes are done:
- v5.10:
- "SKB_FRAG_PAGE_ORDER" declaration is moved from
"net/core/sock.c" to "include/net/sock.c"
Did you see that this is already in the 5.10 queue and out for review right now? Can you verify that the backport there matches yours?
I was not aware that I could check that. Thanks for the hint.
The change is not exactly identical. In addition to the change mentioned in https://www.spinics.net/lists/stable/msg542796.html, I have also removed following from "net/core/sock.c":
Please use lore.kernel.org for mailing list links.
-#define SKB_FRAG_PAGE_ORDER get_order(32768)
This is done because "net/core/sock.c" includes "include/net/sock.h" which defined the MACRO.
So is the backport correct? Or just different?
Backport in the mailing list is correct. I have tried that as well for build and I didn't find any warning.
thanks,
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Vaibhav Rustagi