On Thu, Feb 21, 2019 at 11:18 AM Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > On Thu, Feb 21, 2019 at 10:38:16AM -0500, Willem de Bruijn wrote: > > Unfortunately commit > > > > net: validate untrusted gso packets without csum offload > > d5be7f632bad0f489879eed0ff4b99bd7fe0b74c > > > > needs follow-up > > > > net: avoid false positives in untrusted gso validation > > http://patchwork.ozlabs.org/patch/1044429/ > > > > It rejects illegal packets injected from userspace, including at > > least one that can crash the kernel. But I'm afraid it has false > > positives. > > > > I would suggest holding back on the backport to stable branches until > > both patches can go in together. > > > > If the second patch is not accepted, the alternative will be to revert > > this filter-based approach completely and fix the narrow kernel crash > > (but I'm afraid that syzkaller will just find others..) > > > > Apologies for the mess, > > Ok, I will go drop this patch from all of the stable queues. Can you > remind me when your fixup hits Linus's tree so that I can queue up both > patches? Thanks Greg. Okay, I'll reply to this thread with the follow-up commit SHA1.
