lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190408155127.GH4689@sasha-vm>
Date:   Mon, 8 Apr 2019 11:51:27 -0400
From:   Sasha Levin <sashal@...nel.org>
To:     Captain Wiggum <captwiggum@...il.com>
Cc:     davem@...emloft.net,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Florian Westphal <fw@...len.de>,
        Eric Dumazet <edumazet@...gle.com>,
        Peter Oskolkov <posk@...gle.com>, netdev@...r.kernel.org,
        stable@...r.kernel.org
Subject: Re: [PATCH net] ipv6: un-do: defrag: drop non-last frags smaller
 than min mtu

On Mon, Apr 08, 2019 at 08:49:52AM -0600, Captain Wiggum wrote:
>Hi Sasha,
>
>This patch cannot be applied to upstream, the code is significantly different.
>Therefore, this un-do patch would not be seen in the upstream git log.
>It was solved there by coding a better solution, not by the un-do patch.

Okay, so this is effectively a request to diverge the -stable tree from
upstream in a non-trivial way, which is why I asked David Miller to ack
this act explcitly (or to send me patches, or whatever else he thinks is
appropriate here).

>Please consider this:
>Upstream passes the TAHI IPv6 protocol tests. All the LTS kernels do NOT.
>This is the patch that causes the failure in 4.9, 4.14, 4.19 LTS kernels.

I very much agree that this should get fixed. My concerns are not with
the bug but are with the proposed fix as it applies to -stable trees.

>And this patch has been in place with 4.9.134, a long time.
>It is not right that "Linux" can not pass the IPv6 protocol test.
>My executive are asking me why "Linux" is not fit for IPv6 deployments.

Arguments such as this carry no weight in a more technical discussion
such as this. Yes, some tests are currently broken, but we will not take
shortcuts just because "executives are unhappy".

--
Thanks,
Sasha

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ