On Fri, Jan 19, 2018 at 9:25 AM, Willem de Bruijn
<willemdebruijn.ker...@gmail.com> wrote:
> On Fri, Jan 19, 2018 at 7:36 AM, Jason Wang <jasow...@redhat.com> wrote:
>>
>>
>> On 2018年01月19日 08:19, Willem de Bruijn wrote:
>>>
>>> From: Willem de Bruijn<will...@google.com>
>>>
>>> Validate gso_type during segmentation as SKB_GSO_DODGY sources
>>> may pass packets where the gso_type does not match the contents.
>>>
>>> Syzkaller was able to enter the SCTP gso handler with a packet of
>>> gso_type SKB_GSO_TCPV4.
>>>
>>> On entry of transport layer gso handlers, verify that the gso_type
>>> matches the transport protocol.
>>>
>>> Fixes: f43798c27684 ("tun: Allow GSO using virtio_net_hdr")
>>> Link:http://lkml.kernel.org/r/<001a1137452496ffc305617e5...@google.com>
>>> Reported-by:syzbot+fee64147a25aecd48...@syzkaller.appspotmail.com
>>> Signed-off-by: Willem de Bruijn<will...@google.com>
>>
>>
>> Thanks, just two nits:
>>
>> 1) I still suspect the "Fixes" is not accurate, should it be the commit of
>> sctp offloading?
>
> That commit c5c4e45c4b79 ("sctp: fix GSO for IPv6") is older than the
> equivalent for ESP, so catches both protocols that were added since the
> TSO checks were removed.
pasted the wrong commit. I meant 90017accff61 ("sctp: Add GSO support")
