On Thu, Feb 21, 2019 at 10:38:16AM -0500, Willem de Bruijn wrote:
Unfortunately commit
net: validate untrusted gso packets without csum offload d5be7f632bad0f489879eed0ff4b99bd7fe0b74c
needs follow-up
net: avoid false positives in untrusted gso validation http://patchwork.ozlabs.org/patch/1044429/
It rejects illegal packets injected from userspace, including at least one that can crash the kernel. But I'm afraid it has false positives.
I would suggest holding back on the backport to stable branches until both patches can go in together.
If the second patch is not accepted, the alternative will be to revert this filter-based approach completely and fix the narrow kernel crash (but I'm afraid that syzkaller will just find others..)
Apologies for the mess,
Ok, I will go drop this patch from all of the stable queues. Can you remind me when your fixup hits Linus's tree so that I can queue up both patches?
thanks,
greg k-h