* Patch "tunnels: Don't apply GRO to multiple layers of encapsulation" (CVE-2016-8666) is missing in 4.1 and 3.18 stable tree
@ 2017-01-10 2:09 Thomas Deutschmann
2017-01-10 6:45 ` Greg KH
0 siblings, 1 reply; 4+ messages in thread
From: Thomas Deutschmann @ 2017-01-10 2:09 UTC (permalink / raw)
To: stable@vger.kernel.org; +Cc: jesse, davem@davemloft.net, alexander.levin
[-- Attachment #1.1: Type: text/plain, Size: 1388 bytes --]
Hi,
the following patch was backported to the following LTS kernels
- >=4.4.29
- >=3.16.35
however it is missing from LTS kernels
- linux-4.1
- linux-3.18
> From fac8e0f579695a3ecbc4d3cac369139d7f819971 Mon Sep 17 00:00:00 2001
> From: Jesse Gross <jesse@kernel.org>
> Date: Sat, 19 Mar 2016 09:32:01 -0700
> Subject: [PATCH] tunnels: Don't apply GRO to multiple layers of encapsulation.
>
> When drivers express support for TSO of encapsulated packets, they
> only mean that they can do it for one layer of encapsulation.
> Supporting additional levels would mean updating, at a minimum,
> more IP length fields and they are unaware of this.
>
> No encapsulation device expresses support for handling offloaded
> encapsulated packets, so we won't generate these types of frames
> in the transmit path. However, GRO doesn't have a check for
> multiple levels of encapsulation and will attempt to build them.
>
> UDP tunnel GRO actually does prevent this situation but it only
> handles multiple UDP tunnels stacked on top of each other. This
> generalizes that solution to prevent any kind of tunnel stacking
> that would cause problems.
>
> Fixes: bf5a755f ("net-gre-gro: Add GRE support to the GRO stack")
> Signed-off-by: Jesse Gross <jesse@kernel.org>
> Signed-off-by: David S. Miller <davem@davemloft.net>
--
Regards,
Thomas
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 951 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: Patch "tunnels: Don't apply GRO to multiple layers of encapsulation" (CVE-2016-8666) is missing in 4.1 and 3.18 stable tree 2017-01-10 2:09 Patch "tunnels: Don't apply GRO to multiple layers of encapsulation" (CVE-2016-8666) is missing in 4.1 and 3.18 stable tree Thomas Deutschmann @ 2017-01-10 6:45 ` Greg KH [not found] ` <20170112170836.5dzdxjfcrbx6en3c@sasha-lappy> 0 siblings, 1 reply; 4+ messages in thread From: Greg KH @ 2017-01-10 6:45 UTC (permalink / raw) To: Thomas Deutschmann Cc: stable@vger.kernel.org, jesse, davem@davemloft.net, alexander.levin On Tue, Jan 10, 2017 at 03:09:28AM +0100, Thomas Deutschmann wrote: > Hi, > > the following patch was backported to the following LTS kernels > > - >=4.4.29 > - >=3.16.35 > > > however it is missing from LTS kernels > > - linux-4.1 > - linux-3.18 3.18 is (or should be), end-of-life now (Sasha, can we just kill it? Please?) 4.1 is a bit slower release cycle, and again, Sasha will speak to that. thanks, greg k-h ^ permalink raw reply [flat|nested] 4+ messages in thread
[parent not found: <20170112170836.5dzdxjfcrbx6en3c@sasha-lappy>]
* Re: [E] Re: Patch "tunnels: Don't apply GRO to multiple layers of encapsulation" (CVE-2016-8666) is missing in 4.1 and 3.18 stable tree [not found] ` <20170112170836.5dzdxjfcrbx6en3c@sasha-lappy> @ 2017-01-19 23:14 ` Seung-Woo Kim 2017-01-20 8:28 ` Greg KH 0 siblings, 1 reply; 4+ messages in thread From: Seung-Woo Kim @ 2017-01-19 23:14 UTC (permalink / raw) To: alexander.levin Cc: Greg KH, Thomas Deutschmann, stable@vger.kernel.org, jesse@kernel.org, davem@davemloft.net Hi, On Fri, Jan 13, 2017 at 2:51 AM, <alexander.levin@verizon.com> wrote: > On Tue, Jan 10, 2017 at 07:45:48AM +0100, Greg KH wrote: >> On Tue, Jan 10, 2017 at 03:09:28AM +0100, Thomas Deutschmann wrote: >> > Hi, >> > >> > the following patch was backported to the following LTS kernels >> > >> > - >=4.4.29 >> > - >=3.16.35 >> > >> > >> > however it is missing from LTS kernels >> > >> > - linux-4.1 >> > - linux-3.18 >> >> 3.18 is (or should be), end-of-life now (Sasha, can we just kill it? >> Please?) >> >> 4.1 is a bit slower release cycle, and again, Sasha will speak to that. > > I'll add commit to both, and will do final release for 3.18 in a couple of days. The commit is applied linux-4.1.y and linux-3.18.y, but it causes build warning about unused function sit_gro_receive. It seems that the following part of mainline commit is missed. static int ipv6_gro_complete(struct sk_buff *skb, int nhoff) { const struct net_offload *ops; @@ -302,7 +315,7 @@ static struct packet_offload ipv6_packet static const struct net_offload sit_offload = { .callbacks = { .gso_segment = ipv6_gso_segment, - .gro_receive = ipv6_gro_receive, + .gro_receive = sit_gro_receive, .gro_complete = sit_gro_complete, }, }; Thanks, - Seung-Woo Kim > > -- > > Thanks, > Sasha-- > To unsubscribe from this list: send the line "unsubscribe stable" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [E] Re: Patch "tunnels: Don't apply GRO to multiple layers of encapsulation" (CVE-2016-8666) is missing in 4.1 and 3.18 stable tree 2017-01-19 23:14 ` [E] " Seung-Woo Kim @ 2017-01-20 8:28 ` Greg KH 0 siblings, 0 replies; 4+ messages in thread From: Greg KH @ 2017-01-20 8:28 UTC (permalink / raw) To: Seung-Woo Kim Cc: alexander.levin, Thomas Deutschmann, stable@vger.kernel.org, jesse@kernel.org, davem@davemloft.net On Fri, Jan 20, 2017 at 08:14:23AM +0900, Seung-Woo Kim wrote: > Hi, > > On Fri, Jan 13, 2017 at 2:51 AM, <alexander.levin@verizon.com> wrote: > > On Tue, Jan 10, 2017 at 07:45:48AM +0100, Greg KH wrote: > >> On Tue, Jan 10, 2017 at 03:09:28AM +0100, Thomas Deutschmann wrote: > >> > Hi, > >> > > >> > the following patch was backported to the following LTS kernels > >> > > >> > - >=4.4.29 > >> > - >=3.16.35 > >> > > >> > > >> > however it is missing from LTS kernels > >> > > >> > - linux-4.1 > >> > - linux-3.18 > >> > >> 3.18 is (or should be), end-of-life now (Sasha, can we just kill it? > >> Please?) > >> > >> 4.1 is a bit slower release cycle, and again, Sasha will speak to that. > > > > I'll add commit to both, and will do final release for 3.18 in a couple of days. > > The commit is applied linux-4.1.y and linux-3.18.y, but it causes > build warning about unused function sit_gro_receive. > > It seems that the following part of mainline commit is missed. > > static int ipv6_gro_complete(struct sk_buff *skb, int nhoff) > { > const struct net_offload *ops; > @@ -302,7 +315,7 @@ static struct packet_offload ipv6_packet > static const struct net_offload sit_offload = { > .callbacks = { > .gso_segment = ipv6_gso_segment, > - .gro_receive = ipv6_gro_receive, > + .gro_receive = sit_gro_receive, > .gro_complete = sit_gro_complete, > }, > }; Ah, nice catch. Sasha, want to add this to the trees and do another release? Or I can do it if you don't want to, for 3.18.y thanks, greg k-h ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-01-20 8:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-10 2:09 Patch "tunnels: Don't apply GRO to multiple layers of encapsulation" (CVE-2016-8666) is missing in 4.1 and 3.18 stable tree Thomas Deutschmann
2017-01-10 6:45 ` Greg KH
[not found] ` <20170112170836.5dzdxjfcrbx6en3c@sasha-lappy>
2017-01-19 23:14 ` [E] " Seung-Woo Kim
2017-01-20 8:28 ` Greg KH
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.