[PATCH 5.10 3/5] net: tighten bad gso csum offset check in virtio_net_hdr

ang Acked-by: Michael S. Tsirkin Cc: sta...@vger.kernel.org Link: https://patch.msgid.link/20240910213553.839926-1-willemdebruijn.ker...@gmail.com Signed-off-by: Jakub Kicinski [Denis: minor fix to resolve merge conflict.] Signed-off-by: De

[PATCH 5.10 2/5] net: drop bad gso csum_start and offset in virtio_net_hdr

igned-off-by: Willem de Bruijn Link: https://patch.msgid.link/20240729201108.1615114-1-willemdebruijn.ker...@gmail.com Signed-off-by: Jakub Kicinski [Denis: minor fix to resolve merge conflict.] Signed-off-by: Denis Arefev

[PATCH 5.10 5/5] net: test for not too small csum_start in virtio_net_hdr_to_skb()

.3797406-1-eduma...@google.com Signed-off-by: Jakub Kicinski [Denis: minor fix to resolve merge conflict.] Signed-off-by: Denis Arefev --- Backport fix for CVE-2024-43817 Link: https://nvd.nist.gov/vuln/detail/cve-2024-43

[PATCH 5.10 4/5] net: add more sanity check in virtio_net_hdr_to_skb()

eviewed-by: Willem de Bruijn Signed-off-by: David S. Miller [Denis: minor fix to resolve merge conflict.] Signed-off-by: Denis Arefev --- Backport fix for CVE-2024-43817 Link: https://nvd.nist.gov/vuln/detail/cve-

[PATCH 5.10 0/5] net: Backport fix for CVE-2024-43817

Link: https://nvd.nist.gov/vuln/detail/cve-2024-43817 [PATCH 5.10 1/5] net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation [PATCH 5.10 2/5] net: drop bad gso csum_start and offset in virtio_net_hdr [PATCH 5.10 3/5] net: tighten bad gso csum offset check in virtio_net_hdr [PATCH 5.10 4/5] net: ad

[PATCH 5.10 1/5] net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation

e conflict.] Signed-off-by: Denis Arefev --- Backport fix for CVE-2024-43817 Link: https://nvd.nist.gov/vuln/detail/cve-2024-43817 --- include/linux/virtio_net.h | 19 --- 1 file changed, 16 insertions(+), 3 deletions(-) di

[PATCH v2] net: missing check virtio

Yeah, I was thinking of adding Fixes: But this code is new, it complements what is done. 1. check (!(ret && (hdr->gso_size > needed) && ((remainder > needed) || (remainder == 0 complements comit 0f6925b3e8da0 2. The setting of the SKBFL_SHARED_FRAG flag can be associated wit

[PATCH v2] net: missing check virtio

me+0x63/0x6b Found by Linux Verification Center (linuxtesting.org) with Syzkaller Signed-off-by: Denis Arefev --- V1 -> V2: incorrect type in argument 2 include/linux/virtio_net.h | 11 +++ 1 file changed, 11 insertions(+) diff --git a/include/linux/virtio_net.h b/include/linux/vir

[PATCH] net: missing check

me+0x63/0x6b Signed-off-by: Denis Arefev --- include/linux/virtio_net.h | 10 ++ 1 file changed, 10 insertions(+) diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h index 4dfa9b69ca8d..77ebe908d746 100644 --- a/include/linux/virtio_net.h +++ b/include/linux/virtio_ne