[ Sasha's backport helper bot ] Hi, The upstream commit SHA1 provided is correct: 9ab5cf19fb0e4680f95e506d6c544259bf1111c4 WARNING: Author mismatch between patch and upstream commit: Backport author: Bin Lan <bin.lan.cn@xxxxxxxxxxxxx> Commit author: Wang Liang <wangliang74@xxxxxxxxxx> Status in newer kernel trees: 6.12.y | Present (exact SHA1) 6.11.y | Present (different SHA1: e72fd1389a53) 6.6.y | Present (different SHA1: ac5977001eee) 6.1.y | Not found Note: The patch differs from the upstream commit: --- --- - 2024-11-22 08:40:39.766289882 -0500 +++ /tmp/tmp.58u8agz5Rn 2024-11-22 08:40:39.760746269 -0500 @@ -1,3 +1,5 @@ +[ Upstream commit 9ab5cf19fb0e4680f95e506d6c544259bf1111c4 ] + Config a small gso_max_size/gso_ipv4_max_size will lead to an underflow in sk_dst_gso_max_size(), which may trigger a BUG_ON crash, because sk->sk_gso_max_size would be much bigger than device limits. @@ -18,15 +20,17 @@ Reviewed-by: Eric Dumazet <edumazet@xxxxxxxxxx> Link: https://patch.msgid.link/20241023035213.517386-1-wangliang74@xxxxxxxxxx Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx> +[ Resolve minor conflicts to fix CVE-2024-50258 ] +Signed-off-by: Bin Lan <bin.lan.cn@xxxxxxxxxxxxx> --- - net/core/rtnetlink.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) + net/core/rtnetlink.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index e30e7ea0207d0..2ba5cd965d3fa 100644 +index afb52254a47e..45c54fb9ad03 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c -@@ -2032,7 +2032,7 @@ static const struct nla_policy ifla_policy[IFLA_MAX+1] = { +@@ -1939,7 +1939,7 @@ static const struct nla_policy ifla_policy[IFLA_MAX+1] = { [IFLA_NUM_TX_QUEUES] = { .type = NLA_U32 }, [IFLA_NUM_RX_QUEUES] = { .type = NLA_U32 }, [IFLA_GSO_MAX_SEGS] = { .type = NLA_U32 }, @@ -35,12 +39,6 @@ [IFLA_PHYS_PORT_ID] = { .type = NLA_BINARY, .len = MAX_PHYS_ITEM_ID_LEN }, [IFLA_CARRIER_CHANGES] = { .type = NLA_U32 }, /* ignored */ [IFLA_PHYS_SWITCH_ID] = { .type = NLA_BINARY, .len = MAX_PHYS_ITEM_ID_LEN }, -@@ -2057,7 +2057,7 @@ static const struct nla_policy ifla_policy[IFLA_MAX+1] = { - [IFLA_TSO_MAX_SIZE] = { .type = NLA_REJECT }, - [IFLA_TSO_MAX_SEGS] = { .type = NLA_REJECT }, - [IFLA_ALLMULTI] = { .type = NLA_REJECT }, -- [IFLA_GSO_IPV4_MAX_SIZE] = { .type = NLA_U32 }, -+ [IFLA_GSO_IPV4_MAX_SIZE] = NLA_POLICY_MIN(NLA_U32, MAX_TCP_HEADER + 1), - [IFLA_GRO_IPV4_MAX_SIZE] = { .type = NLA_U32 }, - }; - +-- +2.43.0 + --- Results of testing on various branches: | Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.1.y | Success | Success |