Home Home > GIT Browse > SLE15-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2019-02-14 11:39:11 +0100
committerTakashi Iwai <tiwai@suse.de>2019-02-14 11:39:21 +0100
commit73bd8f9c3ffad2d4f2cb8a175b1860e3ded18097 (patch)
treee0ca4d804c6300d5e46381b673b5c11b14286b02
parent80527b00df6e894fc6bb664cfa7319bc7348d99f (diff)
esp: Fix skb tailroom calculation (bsc#1051510).
-rw-r--r--patches.fixes/esp-Fix-skb-tailroom-calculation.patch47
-rw-r--r--series.conf1
2 files changed, 48 insertions, 0 deletions
diff --git a/patches.fixes/esp-Fix-skb-tailroom-calculation.patch b/patches.fixes/esp-Fix-skb-tailroom-calculation.patch
new file mode 100644
index 0000000000..22a99190d3
--- /dev/null
+++ b/patches.fixes/esp-Fix-skb-tailroom-calculation.patch
@@ -0,0 +1,47 @@
+From 54ffd790792898f05e215dce5aa593473e80e92f Mon Sep 17 00:00:00 2001
+From: Steffen Klassert <steffen.klassert@secunet.com>
+Date: Fri, 25 Aug 2017 07:34:35 +0200
+Subject: [PATCH] esp: Fix skb tailroom calculation
+Git-commit: 54ffd790792898f05e215dce5aa593473e80e92f
+Patch-mainline: v4.13
+References: bsc#1051510
+
+We use skb_availroom to calculate the skb tailroom for the
+ESP trailer. skb_availroom calculates the tailroom and
+subtracts this value by reserved_tailroom. However
+reserved_tailroom is a union with the skb mark. This means
+that we subtract the tailroom by the skb mark if set.
+Fix this by using skb_tailroom instead.
+
+Fixes: cac2661c53f3 ("esp4: Avoid skb_cow_data whenever possible")
+Fixes: 03e2a30f6a27 ("esp6: Avoid skb_cow_data whenever possible")
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ net/ipv4/esp4.c | 2 +-
+ net/ipv6/esp6.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/ipv4/esp4.c
++++ b/net/ipv4/esp4.c
+@@ -258,7 +258,7 @@ int esp_output_head(struct xfrm_state *x
+ esp_output_udp_encap(x, skb, esp);
+
+ if (!skb_cloned(skb)) {
+- if (tailen <= skb_availroom(skb)) {
++ if (tailen <= skb_tailroom(skb)) {
+ nfrags = 1;
+ trailer = skb;
+ tail = skb_tail_pointer(trailer);
+--- a/net/ipv6/esp6.c
++++ b/net/ipv6/esp6.c
+@@ -231,7 +231,7 @@ int esp6_output_head(struct xfrm_state *
+ esph = ip_esp_hdr(skb);
+
+ if (!skb_cloned(skb)) {
+- if (tailen <= skb_availroom(skb)) {
++ if (tailen <= skb_tailroom(skb)) {
+ nfrags = 1;
+ trailer = skb;
+ tail = skb_tail_pointer(trailer);
diff --git a/series.conf b/series.conf
index a9a6683bf2..43f7e7b1e5 100644
--- a/series.conf
+++ b/series.conf
@@ -4434,6 +4434,7 @@
patches.drivers/nfp-remove-incorrect-mask-check-for-vlan-matching.patch
patches.fixes/net-xfrm-don-t-double-hold-dst-when-sk_policy-in-use.patch
patches.fixes/esp-Fix-locking-on-page-fragment-allocation.patch
+ patches.fixes/esp-Fix-skb-tailroom-calculation.patch
patches.fixes/xfrm_user-fix-info-leak-in-copy_user_offload.patch
patches.fixes/xfrm_user-fix-info-leak-in-xfrm_notify_sa.patch
patches.fixes/xfrm_user-fix-info-leak-in-build_aevent.patch