On Thu, Dec 10, 2020 at 3:40 PM Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > On Thu, Dec 10, 2020 at 03:38:44PM +0100, Greg Kroah-Hartman wrote: > > On Thu, Dec 10, 2020 at 03:32:12PM +0100, Eric Dumazet wrote: > > > On Thu, Dec 10, 2020 at 3:26 PM Greg Kroah-Hartman > > > <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > > > > > From: Eric Dumazet <edumazet@xxxxxxxxxx> > > > > > > > > IP_ECN_decapsulate() and IP6_ECN_decapsulate() assume > > > > IP header is already pulled. > > > > > > > > geneve does not ensure this yet. > > > > > > > > Fixing this generically in IP_ECN_decapsulate() and > > > > IP6_ECN_decapsulate() is not possible, since callers > > > > pass a pointer that might be freed by pskb_may_pull() > > > > > > > > syzbot reported : > > > > > > > > > > Note that we had to revert this patch, so you can either scratp this > > > backport, or make sure to backport the revert. > > > > I'll drop it thanks. Odd I lost the upstream git id on this patch, let > > me check what went wrong... > > What is the git id of the revert? This ended up already in 4.19.y, > 5.4.y, and 5.9.y so needs to be reverted there. > https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c02bd115b1d25931159f89c7d9bf47a30f5d4b41 Thanks ! > thanks, > > greg k-h