Re: [PATCH 6.1] net: fix crash when config small gso_max_size/gso_ipv4_max_size

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



[ Sasha's backport helper bot ]

Hi,

The upstream commit SHA1 provided is correct: 9ab5cf19fb0e4680f95e506d6c544259bf1111c4

WARNING: Author mismatch between patch and upstream commit:
Backport author: Bin Lan <bin.lan.cn@xxxxxxxxxxxxx>
Commit author: Wang Liang <wangliang74@xxxxxxxxxx>


Status in newer kernel trees:
6.12.y | Present (exact SHA1)
6.11.y | Present (different SHA1: e72fd1389a53)
6.6.y | Present (different SHA1: ac5977001eee)
6.1.y | Not found

Note: The patch differs from the upstream commit:
---
--- -	2024-11-22 08:40:39.766289882 -0500
+++ /tmp/tmp.58u8agz5Rn	2024-11-22 08:40:39.760746269 -0500
@@ -1,3 +1,5 @@
+[ Upstream commit 9ab5cf19fb0e4680f95e506d6c544259bf1111c4 ]
+
 Config a small gso_max_size/gso_ipv4_max_size will lead to an underflow
 in sk_dst_gso_max_size(), which may trigger a BUG_ON crash,
 because sk->sk_gso_max_size would be much bigger than device limits.
@@ -18,15 +20,17 @@
 Reviewed-by: Eric Dumazet <edumazet@xxxxxxxxxx>
 Link: https://patch.msgid.link/20241023035213.517386-1-wangliang74@xxxxxxxxxx
 Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
+[ Resolve minor conflicts to fix CVE-2024-50258 ]
+Signed-off-by: Bin Lan <bin.lan.cn@xxxxxxxxxxxxx>
 ---
- net/core/rtnetlink.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
+ net/core/rtnetlink.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index e30e7ea0207d0..2ba5cd965d3fa 100644
+index afb52254a47e..45c54fb9ad03 100644
 --- a/net/core/rtnetlink.c
 +++ b/net/core/rtnetlink.c
-@@ -2032,7 +2032,7 @@ static const struct nla_policy ifla_policy[IFLA_MAX+1] = {
+@@ -1939,7 +1939,7 @@ static const struct nla_policy ifla_policy[IFLA_MAX+1] = {
  	[IFLA_NUM_TX_QUEUES]	= { .type = NLA_U32 },
  	[IFLA_NUM_RX_QUEUES]	= { .type = NLA_U32 },
  	[IFLA_GSO_MAX_SEGS]	= { .type = NLA_U32 },
@@ -35,12 +39,6 @@
  	[IFLA_PHYS_PORT_ID]	= { .type = NLA_BINARY, .len = MAX_PHYS_ITEM_ID_LEN },
  	[IFLA_CARRIER_CHANGES]	= { .type = NLA_U32 },  /* ignored */
  	[IFLA_PHYS_SWITCH_ID]	= { .type = NLA_BINARY, .len = MAX_PHYS_ITEM_ID_LEN },
-@@ -2057,7 +2057,7 @@ static const struct nla_policy ifla_policy[IFLA_MAX+1] = {
- 	[IFLA_TSO_MAX_SIZE]	= { .type = NLA_REJECT },
- 	[IFLA_TSO_MAX_SEGS]	= { .type = NLA_REJECT },
- 	[IFLA_ALLMULTI]		= { .type = NLA_REJECT },
--	[IFLA_GSO_IPV4_MAX_SIZE]	= { .type = NLA_U32 },
-+	[IFLA_GSO_IPV4_MAX_SIZE]	= NLA_POLICY_MIN(NLA_U32, MAX_TCP_HEADER + 1),
- 	[IFLA_GRO_IPV4_MAX_SIZE]	= { .type = NLA_U32 },
- };
- 
+-- 
+2.43.0
+
---

Results of testing on various branches:

| Branch                    | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-6.1.y        |  Success    |  Success   |




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux