On Thu, Feb 21, 2019 at 10:38:16AM -0500, Willem de Bruijn wrote: > Unfortunately commit > > net: validate untrusted gso packets without csum offload > d5be7f632bad0f489879eed0ff4b99bd7fe0b74c > > needs follow-up > > net: avoid false positives in untrusted gso validation > http://patchwork.ozlabs.org/patch/1044429/ > > It rejects illegal packets injected from userspace, including at > least one that can crash the kernel. But I'm afraid it has false > positives. > > I would suggest holding back on the backport to stable branches until > both patches can go in together. > > If the second patch is not accepted, the alternative will be to revert > this filter-based approach completely and fix the narrow kernel crash > (but I'm afraid that syzkaller will just find others..) > > Apologies for the mess, Ok, I will go drop this patch from all of the stable queues. Can you remind me when your fixup hits Linus's tree so that I can queue up both patches? thanks, greg k-h
