From: Steffen Klassert <steffen.klassert@secunet.com>
To: David Miller <davem@davemloft.net>
Cc: <herbert@gondor.apana.org.au>, <robsonde@gmail.com>,
<netdev@vger.kernel.org>
Subject: Re: [PATCH 2/2] Revert "xfrm: Fix stack-out-of-bounds read in xfrm_state_find."
Date: Sat, 23 Dec 2017 17:09:38 +0100 [thread overview]
Message-ID: <20171223160938.rmfwopbmeyepndh5@gauss3.secunet.de> (raw)
In-Reply-To: <20171223.105612.1264946295573777970.davem@davemloft.net>
On Sat, Dec 23, 2017 at 10:56:12AM -0500, David Miller wrote:
> From: Steffen Klassert <steffen.klassert@secunet.com>
> Date: Sat, 23 Dec 2017 10:22:17 +0100
>
> > On Thu, Nov 16, 2017 at 11:00:40AM +0100, Steffen Klassert wrote:
> >> This reverts commit c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e.
> >>
> >> This commit breaks transport mode when the policy template
> >> has widlcard addresses configured, so revert it.
> >>
> >> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
> >
> > David, can you please queue this one up for v4.14-stable?
> > Commit ID is 94802151894d482e82c324edf2c658f8e6b96508
> >
> > v4.14 is unusable for some people without this revert.
>
> Yes, but it adds back the stack out-of-bounds bug.
>
> If I queue up the revert, I would also need to queue up whatever
> follow-on you used to fix the out-of-bounds bug properly. Which
> commit is that?
This is commit ddc47e4404b58f03e98345398fb12d38fe291512
("xfrm: Fix stack-out-of-bounds read on socket policy lookup.")
It is included in the pull request for the net tree that
I sent yesterday. The patch looks save, but not so sure
if it should go directly to stable. These bugs reported by
the syzbot are usually quite subtile and I already broke
something when I tried to fix the original stack out-of-bounds
bug. So maybe we should wait until the v4.15 release before
backporting...
next prev parent reply other threads:[~2017-12-23 16:09 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-16 10:00 pull request (net): ipsec 2017-11-16 Steffen Klassert
2017-11-16 10:00 ` [PATCH 1/2] xfrm: Copy policy family in clone_policy Steffen Klassert
2017-11-16 10:00 ` [PATCH 2/2] Revert "xfrm: Fix stack-out-of-bounds read in xfrm_state_find." Steffen Klassert
2017-12-23 9:22 ` Steffen Klassert
2017-12-23 15:56 ` David Miller
2017-12-23 16:09 ` Steffen Klassert [this message]
2017-12-23 18:10 ` robsonde
2018-01-05 16:12 ` Nicolas Dichtel
2018-01-05 17:17 ` David Miller
2018-01-08 16:06 ` Nicolas Dichtel
2017-11-16 13:34 ` pull request (net): ipsec 2017-11-16 David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171223160938.rmfwopbmeyepndh5@gauss3.secunet.de \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
--cc=robsonde@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox