From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.5 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS, URIBL_BLOCKED,USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56673C282C2 for ; Thu, 7 Feb 2019 11:26:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 1FE4821904 for ; Thu, 7 Feb 2019 11:26:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1549538776; bh=Ym5xZlpjK3QP6eiZ+B4UmMsZpjV3wdqjiiUpIg2lCuc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From; b=mo0hgqALa7Us1zVaN3w7UEOv5jTfWE5u1VuF/bLQk0DLVOTz/gmNm8IjUvCZAr8sH YyIOCi1ZW5pxRaiwSoRX2pLIyB4IZpZWSTu6NaTXba1OssDABOcaKp9fitdg8CXKoS /qOTVFrbfHFTXjAnC9MEtSmypiZLAuh94c+lEf+A= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726549AbfBGL0P (ORCPT ); Thu, 7 Feb 2019 06:26:15 -0500 Received: from mail.kernel.org ([198.145.29.99]:55586 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726448AbfBGL0P (ORCPT ); Thu, 7 Feb 2019 06:26:15 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9B9C521902; Thu, 7 Feb 2019 11:26:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1549538774; bh=Ym5xZlpjK3QP6eiZ+B4UmMsZpjV3wdqjiiUpIg2lCuc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=kJKGSSbsdX6vplpsgR/sbbaRxH096AZ7G3OZZ2yLpBvYCkO4WKtwA8IJLK9qyLrcz llwB8Ph7udhjbjQhMV87awoxe6VGkXo2If+5LIziek7Z15IQmUhT/0gm/r3DZoOfVh yQOdZor+YgfEMQQRHk4pAe0UIaXCypC2qb42b7vY= Date: Thu, 7 Feb 2019 12:26:11 +0100 From: Greg Kroah-Hartman To: Mao Wenan , Ben Hutchings Cc: Sasha Levin , stable , Eric Dumazet , Peter Oskolkov , Mao Wenan Subject: Re: [4.4] FragmentSmack security fixes Message-ID: <20190207112611.GA3120@kroah.com> References: <1549391183.2925.179.camel@codethink.co.uk> <20190205184105.GA22198@kroah.com> <1549395678.2925.236.camel@codethink.co.uk> <20190206211326.GA5425@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20190206211326.GA5425@kroah.com> User-Agent: Mutt/1.11.3 (2019-02-01) Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org On Wed, Feb 06, 2019 at 10:13:26PM +0100, Greg Kroah-Hartman wrote: > On Tue, Feb 05, 2019 at 07:41:18PM +0000, Ben Hutchings wrote: > > > > Peter Oskolkov checked an earlier version of this backport, but I have > > > > since rebased and added another 3 commits to it.  I tested with the > > > > ip_defrag.sh self-test that he added upstream, and it passed.  I have > > > > included the fix that is currently queued for the 4.9, 4.14 and 4.19 > > > > branches. > > > > > > That's a lot of patches, some of which I have already queued up in the > > > next 4.4 release which will happen in a day or so.  Are they all still > > > needed after the changes there are merged? > > > > Ah, yes, a lot of the fragment-handling changes are already in your > > queue and I'm not certain that all of mine are needed. However I don't > > think the changes in your queue are complete and correct. When I run > > the ip_defrag.sh self-test: > > > > 1. The ipv4 non-overlap case fails after a few seconds, with recv() > > returning an EAGAIN error. If I modify the script to continue after an > > error, the other cases do pass, however. This is not a regression from > > 4.4.172, but with my changes all cases pass. > > > > 2. There is a reference leak which prevents the new network namespaces > > being cleaned up ("unregister_netdevice: waiting for lo to become free. > > Usage count = 61"). With 4.4.172 or with my changes applied, the > > warnings appear, but only for about a minute with the number gradually > > decreasing. So this is a regression. > > > > 3. If I run the test again, it hangs. Shutting down the VM also hangs. > > I think this is related to the previous issue. Again, this is a > > regression. > > Ok, I dropped those patches from the 4.4 queue before releasing it. Let > me go add them back for the moment and then I'll dig through all of this > over the next few days and see what it looks like... I've reviewed all of these and they look good. There were some duplications with what was in my tree, but I have taken your versions instead. Mao, you will note that 4.4.173 did not get released with your patches in it. I have added your signed-off-by to the same ones that Ben did here in this series, as the changes were minimal at most, to what you had. If you have any objections to these, please let me know. I'll probably just push out a -rc release for 4.4.y later today with these in it to get some testing and a release out so that we can get this issue finally resolved. thanks, greg k-h