On Thu, Jun 13, 2024 at 12:54:48PM +0300, Denis Arefev wrote:
> Two missing check in virtio_net_hdr_to_skb() allowed syzbot
> to crash kernels again
>
> 1. After the skb_segment function the buffer may become non-linear
> (nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere
>
On Thu, Jun 13, 2024 at 12:54:48PM +0300, Denis Arefev wrote:
> Two missing check in virtio_net_hdr_to_skb() allowed syzbot
> to crash kernels again
>
> 1. After the skb_segment function the buffer may become non-linear
> (nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere
>
On Fri, 14 Jun 2024 13:18:26 +0300 Denis Arefev wrote:
> Yeah, I was thinking of adding Fixes:
>
> But this code is new, it complements what is done.
> 1. check (!(ret && (hdr->gso_size > needed) &&
>((remainder > needed) || (remainder == 0
> complements comit 0f6925b3e8da0
Thu, Jun 13, 2024 at 11:54:48AM CEST, are...@swemel.ru wrote:
>Two missing check in virtio_net_hdr_to_skb() allowed syzbot
>to crash kernels again
>
>1. After the skb_segment function the buffer may become non-linear
>(nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere
>the __
4 matches
Mail list logo
