On Sun, Feb 24, 2019 at 05:53:16PM -0500, Willem de Bruijn wrote: > On Thu, Feb 21, 2019 at 11:41 AM Willem de Bruijn > <willemdebruijn.kernel@xxxxxxxxx> wrote: > > > > On Thu, Feb 21, 2019 at 11:18 AM Greg Kroah-Hartman > > <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > > > On Thu, Feb 21, 2019 at 10:38:16AM -0500, Willem de Bruijn wrote: > > > > Unfortunately commit > > > > > > > > net: validate untrusted gso packets without csum offload > > > > d5be7f632bad0f489879eed0ff4b99bd7fe0b74c > > > > > > > > needs follow-up > > > > > > > > net: avoid false positives in untrusted gso validation > > > > http://patchwork.ozlabs.org/patch/1044429/ > > > > > > > > It rejects illegal packets injected from userspace, including at > > > > least one that can crash the kernel. But I'm afraid it has false > > > > positives. > > > > > > > > I would suggest holding back on the backport to stable branches until > > > > both patches can go in together. > > > > > > > > If the second patch is not accepted, the alternative will be to revert > > > > this filter-based approach completely and fix the narrow kernel crash > > > > (but I'm afraid that syzkaller will just find others..) > > > > > > > > Apologies for the mess, > > > > > > Ok, I will go drop this patch from all of the stable queues. Can you > > > remind me when your fixup hits Linus's tree so that I can queue up both > > > patches? > > > > Thanks Greg. > > > > Okay, I'll reply to this thread with the follow-up commit SHA1. > > Both patches have now landed in linus's tree > > this patch > > net: validate untrusted gso packets without csum offload > d5be7f632bad0f489879eed0ff4b99bd7fe0b74c > > and its fix > > net: avoid false positives in untrusted gso validation > 9e8db5913264d3967b93c765a6a9e464d9c473db Thanks for letting me know, now queued up. greg k-h
