esp: Fix possible buffer overflow in ESP transformation
[ Upstream commit ebe48d368e97d007bfeb76fcb065d6cfc4c96645 ]
The maximum message size that can be send is bigger than
the maximum site that skb_page_frag_refill can allocate.
So it is possible to write beyond the allocated buffer.
Fix this by doing a fallback to COW in that case.
Avoid get get_order() costs as suggested by Linus Torvalds.
For having the patch build on v5.4, following changes are done:
- `SKB_FRAG_PAGE_ORDER` declaration is moved from net/core/sock.c to include/net/sock.c.
- Remove changes introduced due to `xfrm: add support for UDPv6 encapsulation of ESP` in esp6_output_head
RELEASE_NOTE=Fixed possible buffer overflow in ESP transformation.
Fixes: cac2661c53f3 ("esp4: Avoid skb_cow_data whenever possible")
Fixes: 03e2a30f6a27 ("esp6: Avoid skb_cow_data whenever possible")
Reported-by: valis <firstname.lastname@example.org>
Signed-off-by: Steffen Klassert <email@example.com>
Signed-off-by: Vaibhav Rustagi <firstname.lastname@example.org>
Tested-by: Cusky Presubmit Bot <email@example.com>
Main-Branch-Verified: Cusky Presubmit Bot <firstname.lastname@example.org>
Reviewed-by: Oleksandr Tymoshenko <email@example.com>
5 files changed