net: skbuff: propagate shared-frag marker through frag-transfer helpers
Replace 611.54.4's partial fix (which was a backport of Hyunwoo Kim's
v1 patch covering only __pskb_copy_fclone() and skb_try_coalesce())
with a backport of the upstream v3 patch:
https://lore.kernel.org/all/agW4vC0r8QOUKtRT@v4bel/
v3 also covers skb_shift() (the new hunk added in v2) and
skb_gro_receive() / skb_gro_receive_list() (the audit follow-up
suggested by Sultan Alsawaf in agVpIsaSherjHTYg@sultan-box).
All five sites moved frag descriptors between skbs without
propagating the SKBFL_SHARED_FRAG marker, so destinations could end
up referencing externally-owned or page-cache-backed pages while
reporting skb_has_shared_frag() as false. Combined with ESP-over-UDP
and UDP GRO, or any nf_dup_ipv4 / xt_TEE caller, this lets an
unprivileged user trigger in-place ESP decryption over root-owned
page-cache pages (CVE-2026-46300, "Fragnesia").
Tree-adapted: skb_gro_receive_list() is still a static helper in
net/ipv4/udp_offload.c on RHEL 9 (not promoted to a global GRO
helper in net/core/gro.c as in upstream v3); skb_shift() still uses
the open-coded skb->len -= shiftlen block instead of skb_len_add().
net: skbuff: propagate shared-frag marker through pskb_copy()
Sibling fix to the xfrm/esp shared-frag patch shipped in 611.54.2.
__pskb_copy_fclone() and skb_try_coalesce() shallow-copied frag
descriptors without propagating SKBFL_SHARED_FRAG, so destinations
referencing externally-owned pages reported skb_has_shared_frag()
as false. Combined with an nft 'dup to <local>' rule (or any other
nf_dup_ipv4 / xt_TEE caller), this lets an unprivileged user write
into the page cache of a root-owned read-only file via ESP-input
in-place decryption.
Backport of https://lore.kernel.org/all/agRfuVOeMI5pbHhY@v4bel/
rxrpc: linearize incoming DATA packet when it has paged frags
Sibling fix to the xfrm/esp patch shipped in 611.54.2. rxrpc.ko is
built but shipped only via kernel-modules-partner; users who install
that subpackage are exposed without this fix.
mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
qla4xxx: bring back deprecated PCI ids
lpfc: bring back deprecated PCI ids
be2iscsi: bring back deprecated PCI ids
kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
Use AlmaLinux OS secure boot cert
Debrand for AlmaLinux OS
Add KVM support for ppc64le
hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
qla4xxx: bring back deprecated PCI ids
lpfc: bring back deprecated PCI ids
be2iscsi: bring back deprecated PCI ids
kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
Use AlmaLinux OS secure boot cert
Debrand for AlmaLinux OS
Add KVM support for ppc64le
mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
qla4xxx: bring back deprecated PCI ids
lpfc: bring back deprecated PCI ids
be2iscsi: bring back deprecated PCI ids
kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
Use AlmaLinux OS secure boot cert
Debrand for AlmaLinux OS
Add KVM support for ppc64le
mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
qla4xxx: bring back deprecated PCI ids
lpfc: bring back deprecated PCI ids
be2iscsi: bring back deprecated PCI ids
kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
Use AlmaLinux OS secure boot cert
Debrand for AlmaLinux OS
Add KVM support for ppc64le
mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
qla4xxx: bring back deprecated PCI ids
lpfc: bring back deprecated PCI ids
be2iscsi: bring back deprecated PCI ids
kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
Use AlmaLinux OS secure boot cert
Debrand for AlmaLinux OS
Add KVM support for ppc64le
mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
qla4xxx: bring back deprecated PCI ids
lpfc: bring back deprecated PCI ids
be2iscsi: bring back deprecated PCI ids
kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
Use AlmaLinux OS secure boot cert
Debrand for AlmaLinux OS
Add KVM support for ppc64le
mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
qla4xxx: bring back deprecated PCI ids
lpfc: bring back deprecated PCI ids
be2iscsi: bring back deprecated PCI ids
kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
Use AlmaLinux OS secure boot cert
Debrand for AlmaLinux OS
Add KVM support for ppc64le
mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
qla4xxx: bring back deprecated PCI ids
lpfc: bring back deprecated PCI ids
be2iscsi: bring back deprecated PCI ids
kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
Use AlmaLinux OS secure boot cert
Debrand for AlmaLinux OS
Add KVM support for ppc64le
mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
qla4xxx: bring back deprecated PCI ids
lpfc: bring back deprecated PCI ids
be2iscsi: bring back deprecated PCI ids
kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
Use AlmaLinux OS secure boot cert
Debrand for AlmaLinux OS
Add KVM support for ppc64le
mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
qla4xxx: bring back deprecated PCI ids
lpfc: bring back deprecated PCI ids
be2iscsi: bring back deprecated PCI ids
kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
Use AlmaLinux OS secure boot cert
Debrand for AlmaLinux OS
Add KVM support for ppc64le
mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
qla4xxx: bring back deprecated PCI ids
lpfc: bring back deprecated PCI ids
be2iscsi: bring back deprecated PCI ids
kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
Use AlmaLinux OS secure boot cert
Debrand for AlmaLinux OS
Add KVM support for ppc64le
mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
qla4xxx: bring back deprecated PCI ids
lpfc: bring back deprecated PCI ids
be2iscsi: bring back deprecated PCI ids
kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
Use AlmaLinux OS secure boot cert
Debrand for AlmaLinux OS
Add KVM support for ppc64le
mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
qla4xxx: bring back deprecated PCI ids
lpfc: bring back deprecated PCI ids
be2iscsi: bring back deprecated PCI ids
kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
Use AlmaLinux OS secure boot cert
Debrand for AlmaLinux OS
Add KVM support for ppc64le
mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
qla4xxx: bring back deprecated PCI ids
lpfc: bring back deprecated PCI ids
be2iscsi: bring back deprecated PCI ids
kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
Use AlmaLinux OS secure boot cert
Debrand for AlmaLinux OS
Add KVM support for ppc64le
mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
qla4xxx: bring back deprecated PCI ids
lpfc: bring back deprecated PCI ids
be2iscsi: bring back deprecated PCI ids
kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
Use AlmaLinux OS secure boot cert
Debrand for AlmaLinux OS
Add KVM support for ppc64le
mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024
qla4xxx: bring back deprecated PCI ids
lpfc: bring back deprecated PCI ids
be2iscsi: bring back deprecated PCI ids
kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
Use AlmaLinux OS secure boot cert
Debrand for AlmaLinux OS
Add KVM support for ppc64le
