[SRU][J][PATCH 2/2] xfrm: esp: ipv4: fix up flags setting

[Massimiliano Pellizzer]

From: Greg Kroah-Hartman <gregkh at linuxfoundation.org>

In commit ab8b995323e5 ("xfrm: esp: avoid in-place decrypt on shared skb
frags") in the 5.15.y tree, the tx_flags variable was set, instead of
flags.  This was due to me backporting the 6.1.y version of Ben's
version of the backport and not realizing the variable needed to be
different, so this was my fault, not his.

Link: https://lore.kernel.org/r/1b941a1353791ddd6fd75fb8e68b377367d689ff.camel@oracle.com
Reported-by: Dominik Grzegorzek <dominik.grzegorzek at oracle.com>
Reported-by: Massimiliano Pellizzer <mpellizzer.dev at gmail.com>
Cc: Ben Hutchings <benh at debian.org>
Fixes: ab8b995323e5 ("xfrm: esp: avoid in-place decrypt on shared skb frags")
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
(cherry picked from commit fe785bb3a8096dffcc4048a85cd0c83337eeecad linux-5.15.y)
CVE-2026-43284
Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com>
---
 net/ipv4/ip_output.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 68509e1f89b5b..5d8f8a5901bc6 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1443,7 +1443,7 @@ ssize_t	ip_append_page(struct sock *sk, struct flowi4 *fl4, struct page *page,
 			goto error;
 		}
 
-		skb_shinfo(skb)->tx_flags |= SKBFL_SHARED_FRAG;
+		skb_shinfo(skb)->flags |= SKBFL_SHARED_FRAG;
 
 		if (skb->ip_summed == CHECKSUM_NONE) {
 			__wsum csum;
-- 
2.53.0