Lucid CVE-2012-3412

Herton Ronaldo Krzesinski herton.krzesinski at
Thu Aug 23 19:24:48 UTC 2012

* patch "net: Allow driver to limit number of GSO segments per skb"

I think the backport is wrong. On Lucid there is no netif_skb_features,
but the check shouldn't go inside dev_can_checksum. As far as I
understand the code changes, the clearing GSO flags in dev->features
should happen right before netif_needs_gso, and on Lucid netif_needs_gso
is called from two places instead of one (also on xen-netfront), so may
be for Lucid the clearing of the feature flags could be done inside

* patch "tcp: Apply device TSO segment limit earlier"

I didn't paid attention before, but I noticed now that on backports of
this patch, on tcp_is_cwnd_limited, you are returning a bool on the
backport while the function was still of int type, shouldn't cause
problems but looks ugly. It happened on all backports of this patch
since Precise, so if fixing this here on Lucid, probably should be fixed
on the others as well (Natty->Precise).

Also other thing that was not part of the change in the commit upstream,
and is harmless anyway, is that on tcp_mss_split_point, you change
"struct tcp_sock *tp" declaration to const. I don't think is a problem
anyway, but isn't related to the change. It wasn't const in Oneiric and

* patch "sfc: Fix maximum number of TSO segments and minimum TX queue size"

On this last one, I saw you define new macros,
EFX_MAX_DMAQ_SIZE/EFX_MIN_DMAQ_SIZE, but they are not used on the
backport, is that needed? Also EFX_TXQ_SIZE is changed, but doesn't seem
needed as well on the backport.


More information about the kernel-team mailing list