On 2018年01月19日 08:19, Willem de Bruijn wrote:
From: Willem de Bruijn<will...@google.com>
Validate gso_type during segmentation as SKB_GSO_DODGY sources
may pass packets where the gso_type does not match the contents.
Syzkaller was able to enter the SCTP gso handler with a packet of
gso_type SKB_GSO_TCPV4.
On entry of transport layer gso handlers, verify that the gso_type
matches the transport protocol.
Fixes: f43798c27684 ("tun: Allow GSO using virtio_net_hdr")
Link:http://lkml.kernel.org/r/<001a1137452496ffc305617e5...@google.com>
Reported-by:syzbot+fee64147a25aecd48...@syzkaller.appspotmail.com
Signed-off-by: Willem de Bruijn<will...@google.com>
Thanks, just two nits:
1) I still suspect the "Fixes" is not accurate, should it be the commit
of sctp offloading?
2) The patch checks for non dodgy packets too so the title is not correct.
