From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
Cc: stable <stable@vger.kernel.org>,
David Miller <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>
Subject: Re: net: validate untrusted gso packets without csum offload
Date: Mon, 25 Feb 2019 15:58:09 +0100 [thread overview]
Message-ID: <20190225145809.GB16015@kroah.com> (raw)
In-Reply-To: <CAF=yD-J02dCqLnFVexBUda2gred+C7=S3K8y+dcQGnXXAxQnsg@mail.gmail.com>
On Sun, Feb 24, 2019 at 05:53:16PM -0500, Willem de Bruijn wrote:
> On Thu, Feb 21, 2019 at 11:41 AM Willem de Bruijn
> <willemdebruijn.kernel@gmail.com> wrote:
> >
> > On Thu, Feb 21, 2019 at 11:18 AM Greg Kroah-Hartman
> > <gregkh@linuxfoundation.org> wrote:
> > >
> > > On Thu, Feb 21, 2019 at 10:38:16AM -0500, Willem de Bruijn wrote:
> > > > Unfortunately commit
> > > >
> > > > net: validate untrusted gso packets without csum offload
> > > > d5be7f632bad0f489879eed0ff4b99bd7fe0b74c
> > > >
> > > > needs follow-up
> > > >
> > > > net: avoid false positives in untrusted gso validation
> > > > http://patchwork.ozlabs.org/patch/1044429/
> > > >
> > > > It rejects illegal packets injected from userspace, including at
> > > > least one that can crash the kernel. But I'm afraid it has false
> > > > positives.
> > > >
> > > > I would suggest holding back on the backport to stable branches until
> > > > both patches can go in together.
> > > >
> > > > If the second patch is not accepted, the alternative will be to revert
> > > > this filter-based approach completely and fix the narrow kernel crash
> > > > (but I'm afraid that syzkaller will just find others..)
> > > >
> > > > Apologies for the mess,
> > >
> > > Ok, I will go drop this patch from all of the stable queues. Can you
> > > remind me when your fixup hits Linus's tree so that I can queue up both
> > > patches?
> >
> > Thanks Greg.
> >
> > Okay, I'll reply to this thread with the follow-up commit SHA1.
>
> Both patches have now landed in linus's tree
>
> this patch
>
> net: validate untrusted gso packets without csum offload
> d5be7f632bad0f489879eed0ff4b99bd7fe0b74c
>
> and its fix
>
> net: avoid false positives in untrusted gso validation
> 9e8db5913264d3967b93c765a6a9e464d9c473db
Thanks for letting me know, now queued up.
greg k-h
prev parent reply other threads:[~2019-02-25 14:58 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-21 15:38 net: validate untrusted gso packets without csum offload Willem de Bruijn
2019-02-21 16:18 ` Greg Kroah-Hartman
2019-02-21 16:41 ` Willem de Bruijn
2019-02-24 22:53 ` Willem de Bruijn
2019-02-25 14:58 ` Greg Kroah-Hartman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190225145809.GB16015@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=willemdebruijn.kernel@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox