From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shards.monkeyblade.net ([184.105.139.130]:46932 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1423873AbeCBO7d (ORCPT ); Fri, 2 Mar 2018 09:59:33 -0500 Date: Fri, 02 Mar 2018 09:59:32 -0500 (EST) Message-Id: <20180302.095932.114514825339473602.davem@davemloft.net> To: lorenzo.bianconi@redhat.com Cc: netdev@vger.kernel.org, jishi@redhat.com, sbrivio@redhat.com Subject: Re: [PATCH net-next] ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() From: David Miller In-Reply-To: <5a4746774cf7dc8d44598c4595721fba679c481a.1519987422.git.lorenzo.bianconi@redhat.com> References: <5a4746774cf7dc8d44598c4595721fba679c481a.1519987422.git.lorenzo.bianconi@redhat.com> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org List-ID: From: Lorenzo Bianconi Date: Fri, 2 Mar 2018 11:53:06 +0100 > Fix the following slab-out-of-bounds kasan report in > ndisc_fill_redirect_hdr_option when the incoming ipv6 packet is not > linear and the accessed data are not in the linear data region of orig_skb ... > Reported-by: Jianlin Shi > Reviewed-by: Stefano Brivio > Signed-off-by: Lorenzo Bianconi As a bug fix this should be targetting 'net' not 'net-next'. Furthermore, we need an appropriate Fixes: tag so we know when this problem existed. If you go far back and it seems like the problem has always been there, say so and mention how far back you checked. It also helps to explain exactly how the condition is created ("X creates packet with Y bytes of header space, Z fragments it at byte N, and that's how we end up here with such a packet") because such a description aids understanding and might help suggest alternative (less expensive, cleaner) ways to fix the problem. Thanks.