From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f46.google.com ([74.125.82.46]:37582 "EHLO mail-wm0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751273AbbKNQu7 (ORCPT ); Sat, 14 Nov 2015 11:50:59 -0500 Received: by wmww144 with SMTP id w144so68231930wmw.0 for ; Sat, 14 Nov 2015 08:50:58 -0800 (PST) Subject: Re: [PATCH for 3.10-stable] virtio-net: drop NETIF_F_FRAGLIST To: Greg KH , Sheng Yong References: <1445910653-174955-1-git-send-email-shengyong1@huawei.com> <20151106185524.GA32467@kroah.com> Cc: stable@vger.kernel.org, jasowang@redhat.com From: Jiri Slaby Message-ID: <56476670.4020909@suse.cz> Date: Sat, 14 Nov 2015 17:50:56 +0100 MIME-Version: 1.0 In-Reply-To: <20151106185524.GA32467@kroah.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: stable-owner@vger.kernel.org List-ID: On 11/06/2015, 07:55 PM, Greg KH wrote: > On Tue, Oct 27, 2015 at 01:50:53AM +0000, Sheng Yong wrote: >> From: Jason Wang >> >> commit 48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39 upstream. >> >> virtio declares support for NETIF_F_FRAGLIST, but assumes >> that there are at most MAX_SKB_FRAGS + 2 fragments which isn't >> always true with a fraglist. >> >> A longer fraglist in the skb will make the call to skb_to_sgvec overflow >> the sg array, leading to memory corruption. >> >> Drop NETIF_F_FRAGLIST so we only get what we can handle. >> >> Cc: Michael S. Tsirkin >> Signed-off-by: Jason Wang >> Acked-by: Michael S. Tsirkin >> Signed-off-by: David S. Miller >> --- >> drivers/net/virtio_net.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) > > This patch isn't in any stable tree, why just add it to 3.10? What > about all of the other ones? This was now submitted by David in NETWORKING patches for >= 3.18. So I applied it to 3.12. thanks, -- js suse labs