From: Greg Kroah-Hartman Date: Mon, 13 Jun 2022 09:32:18 +0000 (+0200) Subject: drop net-remove-two-bug-from-skb_checksum_help.patch from 5.4 and older X-Git-Tag: v4.9.318~19 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fc61c9e52cb8ae826197fb5490394f01277c015c;p=thirdparty%2Fkernel%2Fstable-queue.git drop net-remove-two-bug-from-skb_checksum_help.patch from 5.4 and older --- diff --git a/queue-4.14/net-remove-two-bug-from-skb_checksum_help.patch b/queue-4.14/net-remove-two-bug-from-skb_checksum_help.patch deleted file mode 100644 index de98a887f85..00000000000 --- a/queue-4.14/net-remove-two-bug-from-skb_checksum_help.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 6374a2d901c66437fda6b4796c915b0d95dd7000 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Mon, 9 May 2022 20:57:40 -0700 -Subject: net: remove two BUG() from skb_checksum_help() - -From: Eric Dumazet - -[ Upstream commit d7ea0d9df2a6265b2b180d17ebc64b38105968fc ] - -I have a syzbot report that managed to get a crash in skb_checksum_help() - -If syzbot can trigger these BUG(), it makes sense to replace -them with more friendly WARN_ON_ONCE() since skb_checksum_help() -can instead return an error code. - -Note that syzbot will still crash there, until real bug is fixed. - -Signed-off-by: Eric Dumazet -Signed-off-by: David S. Miller -Signed-off-by: Sasha Levin ---- - net/core/dev.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/net/core/dev.c b/net/core/dev.c -index ea09e0809c12..d99dce0efedc 100644 ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -2641,11 +2641,15 @@ int skb_checksum_help(struct sk_buff *skb) - } - - offset = skb_checksum_start_offset(skb); -- BUG_ON(offset >= skb_headlen(skb)); -+ ret = -EINVAL; -+ if (WARN_ON_ONCE(offset >= skb_headlen(skb))) -+ goto out; -+ - csum = skb_checksum(skb, offset, skb->len - offset, 0); - - offset += skb->csum_offset; -- BUG_ON(offset + sizeof(__sum16) > skb_headlen(skb)); -+ if (WARN_ON_ONCE(offset + sizeof(__sum16) > skb_headlen(skb))) -+ goto out; - - if (skb_cloned(skb) && - !skb_clone_writable(skb, offset + sizeof(__sum16))) { --- -2.35.1 - diff --git a/queue-4.14/series b/queue-4.14/series index c583fb91891..22ba86f7c62 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -21,7 +21,6 @@ scsi-megaraid-fix-error-check-return-value-of-regist.patch drm-amd-pm-fix-the-compile-warning.patch ipv6-don-t-send-rs-packets-to-the-interface-of-arphr.patch asoc-dapm-don-t-fold-register-value-changes-into-not.patch -net-remove-two-bug-from-skb_checksum_help.patch s390-preempt-disable-__preempt_count_add-optimizatio.patch dma-debug-change-allocation-mode-from-gfp_nowait-to-.patch ipmi-ssif-check-for-null-msg-when-handling-events-an.patch diff --git a/queue-4.19/net-remove-two-bug-from-skb_checksum_help.patch b/queue-4.19/net-remove-two-bug-from-skb_checksum_help.patch deleted file mode 100644 index 1fcac8bc73f..00000000000 --- a/queue-4.19/net-remove-two-bug-from-skb_checksum_help.patch +++ /dev/null @@ -1,49 +0,0 @@ -From f9c49811fc861818637efb494ddf05ea351838c5 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Mon, 9 May 2022 20:57:40 -0700 -Subject: net: remove two BUG() from skb_checksum_help() - -From: Eric Dumazet - -[ Upstream commit d7ea0d9df2a6265b2b180d17ebc64b38105968fc ] - -I have a syzbot report that managed to get a crash in skb_checksum_help() - -If syzbot can trigger these BUG(), it makes sense to replace -them with more friendly WARN_ON_ONCE() since skb_checksum_help() -can instead return an error code. - -Note that syzbot will still crash there, until real bug is fixed. - -Signed-off-by: Eric Dumazet -Signed-off-by: David S. Miller -Signed-off-by: Sasha Levin ---- - net/core/dev.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/net/core/dev.c b/net/core/dev.c -index 42f6ff8b9703..b2fc3884a8f4 100644 ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -2918,11 +2918,15 @@ int skb_checksum_help(struct sk_buff *skb) - } - - offset = skb_checksum_start_offset(skb); -- BUG_ON(offset >= skb_headlen(skb)); -+ ret = -EINVAL; -+ if (WARN_ON_ONCE(offset >= skb_headlen(skb))) -+ goto out; -+ - csum = skb_checksum(skb, offset, skb->len - offset, 0); - - offset += skb->csum_offset; -- BUG_ON(offset + sizeof(__sum16) > skb_headlen(skb)); -+ if (WARN_ON_ONCE(offset + sizeof(__sum16) > skb_headlen(skb))) -+ goto out; - - if (skb_cloned(skb) && - !skb_clone_writable(skb, offset + sizeof(__sum16))) { --- -2.35.1 - diff --git a/queue-4.19/series b/queue-4.19/series index 49c38eec5b3..800c148cd25 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -28,7 +28,6 @@ ipv6-don-t-send-rs-packets-to-the-interface-of-arphr.patch asoc-dapm-don-t-fold-register-value-changes-into-not.patch mlxsw-spectrum_dcb-do-not-warn-about-priority-change.patch asoc-tscs454-add-endianness-flag-in-snd_soc_componen.patch -net-remove-two-bug-from-skb_checksum_help.patch s390-preempt-disable-__preempt_count_add-optimizatio.patch dma-debug-change-allocation-mode-from-gfp_nowait-to-.patch ipmi-ssif-check-for-null-msg-when-handling-events-an.patch diff --git a/queue-4.9/net-remove-two-bug-from-skb_checksum_help.patch b/queue-4.9/net-remove-two-bug-from-skb_checksum_help.patch deleted file mode 100644 index 45f08096999..00000000000 --- a/queue-4.9/net-remove-two-bug-from-skb_checksum_help.patch +++ /dev/null @@ -1,49 +0,0 @@ -From e4b2ae55fd84627100243eb002ef7e93da392781 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Mon, 9 May 2022 20:57:40 -0700 -Subject: net: remove two BUG() from skb_checksum_help() - -From: Eric Dumazet - -[ Upstream commit d7ea0d9df2a6265b2b180d17ebc64b38105968fc ] - -I have a syzbot report that managed to get a crash in skb_checksum_help() - -If syzbot can trigger these BUG(), it makes sense to replace -them with more friendly WARN_ON_ONCE() since skb_checksum_help() -can instead return an error code. - -Note that syzbot will still crash there, until real bug is fixed. - -Signed-off-by: Eric Dumazet -Signed-off-by: David S. Miller -Signed-off-by: Sasha Levin ---- - net/core/dev.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/net/core/dev.c b/net/core/dev.c -index 47468fc5d0c9..d725ca4d4455 100644 ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -2518,11 +2518,15 @@ int skb_checksum_help(struct sk_buff *skb) - } - - offset = skb_checksum_start_offset(skb); -- BUG_ON(offset >= skb_headlen(skb)); -+ ret = -EINVAL; -+ if (WARN_ON_ONCE(offset >= skb_headlen(skb))) -+ goto out; -+ - csum = skb_checksum(skb, offset, skb->len - offset, 0); - - offset += skb->csum_offset; -- BUG_ON(offset + sizeof(__sum16) > skb_headlen(skb)); -+ if (WARN_ON_ONCE(offset + sizeof(__sum16) > skb_headlen(skb))) -+ goto out; - - if (skb_cloned(skb) && - !skb_clone_writable(skb, offset + sizeof(__sum16))) { --- -2.35.1 - diff --git a/queue-4.9/series b/queue-4.9/series index b55e69a807e..3bf3a23d70c 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -16,7 +16,6 @@ scsi-megaraid-fix-error-check-return-value-of-regist.patch drm-amd-pm-fix-the-compile-warning.patch ipv6-don-t-send-rs-packets-to-the-interface-of-arphr.patch asoc-dapm-don-t-fold-register-value-changes-into-not.patch -net-remove-two-bug-from-skb_checksum_help.patch dma-debug-change-allocation-mode-from-gfp_nowait-to-.patch ipmi-ssif-check-for-null-msg-when-handling-events-an.patch openrisc-start-cpu-timer-early-in-boot.patch diff --git a/queue-5.4/net-remove-two-bug-from-skb_checksum_help.patch b/queue-5.4/net-remove-two-bug-from-skb_checksum_help.patch deleted file mode 100644 index e2fc781f136..00000000000 --- a/queue-5.4/net-remove-two-bug-from-skb_checksum_help.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 64c4b2f8a29a00a5ad19daf7a28770d1c8c7a5f4 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Mon, 9 May 2022 20:57:40 -0700 -Subject: net: remove two BUG() from skb_checksum_help() - -From: Eric Dumazet - -[ Upstream commit d7ea0d9df2a6265b2b180d17ebc64b38105968fc ] - -I have a syzbot report that managed to get a crash in skb_checksum_help() - -If syzbot can trigger these BUG(), it makes sense to replace -them with more friendly WARN_ON_ONCE() since skb_checksum_help() -can instead return an error code. - -Note that syzbot will still crash there, until real bug is fixed. - -Signed-off-by: Eric Dumazet -Signed-off-by: David S. Miller -Signed-off-by: Sasha Levin ---- - net/core/dev.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/net/core/dev.c b/net/core/dev.c -index a03036456221..8fd0a0591e89 100644 ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -2857,11 +2857,15 @@ int skb_checksum_help(struct sk_buff *skb) - } - - offset = skb_checksum_start_offset(skb); -- BUG_ON(offset >= skb_headlen(skb)); -+ ret = -EINVAL; -+ if (WARN_ON_ONCE(offset >= skb_headlen(skb))) -+ goto out; -+ - csum = skb_checksum(skb, offset, skb->len - offset, 0); - - offset += skb->csum_offset; -- BUG_ON(offset + sizeof(__sum16) > skb_headlen(skb)); -+ if (WARN_ON_ONCE(offset + sizeof(__sum16) > skb_headlen(skb))) -+ goto out; - - if (skb_cloned(skb) && - !skb_clone_writable(skb, offset + sizeof(__sum16))) { --- -2.35.1 - diff --git a/queue-5.4/series b/queue-5.4/series index 44e0d616c55..4734cdcee4d 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -40,7 +40,6 @@ mlxsw-spectrum_dcb-do-not-warn-about-priority-change.patch drm-amdgpu-ucode-remove-firmware-load-type-check-in-.patch hid-bigben-fix-slab-out-of-bounds-write-in-bigben_pr.patch asoc-tscs454-add-endianness-flag-in-snd_soc_componen.patch -net-remove-two-bug-from-skb_checksum_help.patch s390-preempt-disable-__preempt_count_add-optimizatio.patch spi-stm32-qspi-fix-wait_cmd-timeout-in-apm-mode.patch dma-debug-change-allocation-mode-from-gfp_nowait-to-.patch