On Tue, Mar 22, 2022 at 09:53:09AM -0700, Vaibhav Rustagi wrote: > On Tue, Mar 22, 2022 at 2:04 AM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > On Mon, Mar 21, 2022 at 06:49:02PM -0700, Vaibhav Rustagi wrote: > > > Hi Greg, > > > > > > To fix CVE-2022-0886 in v5.10 and v5.4, we need to cherry-pick the > > > commit "esp: Fix possible buffer overflow in ESP transformation" > > > (ebe48d368e97d007bfeb76fcb065d6cfc4c96645). The commit didn't apply > > > cleanly in v5.10 and v5.4 and therefore, patches for both the kernel > > > versions are attached. > > > > > > In order to backport the original commit, following changes are done: > > > > > > - v5.10: > > > - "SKB_FRAG_PAGE_ORDER" declaration is moved from > > > "net/core/sock.c" to "include/net/sock.c" > > > > Did you see that this is already in the 5.10 queue and out for review > > right now? Can you verify that the backport there matches yours? > > > > I was not aware that I could check that. Thanks for the hint. > > The change is not exactly identical. In addition to the change > mentioned in https://www.spinics.net/lists/stable/msg542796.html, I > have also removed following from "net/core/sock.c": Please use lore.kernel.org for mailing list links. > > -#define SKB_FRAG_PAGE_ORDER get_order(32768) > > This is done because "net/core/sock.c" includes "include/net/sock.h" > which defined the MACRO. So is the backport correct? Or just different? thanks, greg k-h
