From: Jakub Kicinski <kuba@kernel.org>
To: Eric Dumazet <edumazet@google.com>
Cc: xietangxin <xietangxin@yeah.net>,
"Michael S . Tsirkin" <mst@redhat.com>,
"Jason Wang" <jasowang@redhat.com>,
"David S . Miller" <davem@davemloft.net>,
"Paolo Abeni" <pabeni@redhat.com>,
"Andrew Lunn" <andrew+netdev@lunn.ch>,
"Xuan Zhuo" <xuanzhuo@linux.alibaba.com>,
"Eugenio Pérez" <eperezma@redhat.com>,
netdev@vger.kernel.org, virtualization@lists.linux.dev,
linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH net v2] virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false
Date: Sat, 14 Mar 2026 18:12:43 -0700 [thread overview]
Message-ID: <20260314181243.177d4ab4@kernel.org> (raw)
In-Reply-To: <CANn89iJHp+nCcAo7tzMTfH5yW2qDsEXP_u=RzdV=DC9ZvDH9Fg@mail.gmail.com>
On Sat, 14 Mar 2026 21:11:33 +0100 Eric Dumazet wrote:
> > On Thu, 12 Mar 2026 10:54:06 +0800 xietangxin wrote:
> > > Fixes: f2fc6a54585a ("[NETNS][IPV6] route6 - move ip6_dst_ops inside the network namespace")
> > > Cc: stable@vger.kernel.org
> > > Signed-off-by: xietangxin <xietangxin@yeah.net>
> >
> > The Fixes tag should be:
> >
> > Fixes: 0287587884b1 ("net: better IFF_XMIT_DST_RELEASE support")
>
> I disagree
>
> What was the situation before this patch ?
My thinking process was that it's fairly unusual that the dst is kept
because the stack decided so. Normally its the device driver that asks
for dst to be kept when its xmit is called. I thought 0287587884b1 was
the first time when stack could make the dst decision behind device
driver's back. But my analysis was very shallow, could well be wrong.
next prev parent reply other threads:[~2026-03-15 1:12 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-12 2:54 [PATCH net v2] virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false xietangxin
2026-03-14 19:40 ` Jakub Kicinski
2026-03-14 20:11 ` Eric Dumazet
2026-03-15 1:12 ` Jakub Kicinski [this message]
2026-03-24 4:02 ` xietangxin
2026-03-24 7:05 ` Xuan Zhuo
2026-03-24 7:46 ` Eric Dumazet
2026-03-24 11:21 ` Xuan Zhuo
2026-03-24 11:22 ` Xuan Zhuo
2026-03-25 3:50 ` patchwork-bot+netdevbpf
-- strict thread matches above, loose matches on Subject: below --
2026-03-12 2:49 xietangxin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260314181243.177d4ab4@kernel.org \
--to=kuba@kernel.org \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=eperezma@redhat.com \
--cc=jasowang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=stable@vger.kernel.org \
--cc=virtualization@lists.linux.dev \
--cc=xietangxin@yeah.net \
--cc=xuanzhuo@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox