[{"id":1771444,"web_url":"http://patchwork.ozlabs.org/comment/1771444/","msgid":"<20170919.160134.534837308168786965.davem@davemloft.net>","list_archive_url":null,"date":"2017-09-19T23:01:34","subject":"Re: [PATCH,net-next,0/2] Improve code coverage of syzkaller ","submitter":{"id":15,"url":"http://patchwork.ozlabs.org/api/people/15/","name":"David Miller","email":"davem@davemloft.net"},"content":"From: Petar Penkov \nDate: Tue, 19 Sep 2017 00:34:00 -0700\n\n> The following patches address this by providing the user(syzkaller)\n> with the ability to send via napi_gro_receive() and napi_gro_frags().\n> Additionally, syzkaller can specify how many fragments there are and\n> how much data per fragment there is. This is done by exploiting the\n> convenient structure of iovecs. Finally, this patch series adds\n> support for exercising the flow dissector during fuzzing.\n> \n> The code path including napi_gro_receive() can be enabled via the\n> CONFIG_TUN_NAPI compile-time flag, and can be used by users other than\n> syzkaller. The remainder of the changes in this patch series give the\n> user significantly more control over packets entering the kernel. To\n> avoid potential security vulnerabilities, hide the ability to send\n> custom skbs and the flow dissector code paths behind a run-time flag\n> IFF_NAPI_FRAGS that is advertised and accepted only if CONFIG_TUN_NAPI\n> is enabled.\n> \n> The patch series will be followed with changes to packetdrill, where\n> these additions to the TUN driver are exercised and demonstrated.\n> This will give the ability to write regression tests for specific\n> parts of the early networking stack.\n> \n> Patch 1/ Add NAPI struct per receive queue, enable NAPI, and use\n> \t napi_gro_receive() \n> Patch 2/ Use NAPI skb and napi_gro_frags(), exercise flow\n> \t dissector, and allow custom skbs.\n\nI'm happy with everything except the TUN_NAPI Kconfig knob\nrequirement.\n\nRebuilding something just to test things isn't going to fly very well.\n\nPlease make it secure somehow, enable this stuff by default.\n\nThanks.","headers":{"Return-Path":"","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xxdfV2yFKz9sNw\n\tfor ;\n\tWed, 20 Sep 2017 09:01:38 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751646AbdISXBg (ORCPT );\n\tTue, 19 Sep 2017 19:01:36 -0400","from shards.monkeyblade.net ([184.105.139.130]:49918 \"EHLO\n\tshards.monkeyblade.net\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1751606AbdISXBf (ORCPT\n\t); Tue, 19 Sep 2017 19:01:35 -0400","from localhost (74-93-104-98-Washington.hfc.comcastbusiness.net\n\t[74.93.104.98]) (using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(Client did not present a certificate)\n\t(Authenticated sender: davem-davemloft)\n\tby shards.monkeyblade.net (Postfix) with ESMTPSA id 578C6102CC9DA;\n\tTue, 19 Sep 2017 16:01:35 -0700 (PDT)"],"Date":"Tue, 19 Sep 2017 16:01:34 -0700 (PDT)","Message-Id":"<20170919.160134.534837308168786965.davem@davemloft.net>","To":"peterpenkov96@gmail.com","Cc":"netdev@vger.kernel.org","Subject":"Re: [PATCH,net-next,0/2] Improve code coverage of syzkaller ","From":"David Miller ","In-Reply-To":"<20170919073402.2292-1-peterpenkov96@gmail.com>","References":"<20170919073402.2292-1-peterpenkov96@gmail.com>","X-Mailer":"Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO)","Mime-Version":"1.0","Content-Type":"Text/Plain; charset=us-ascii","Content-Transfer-Encoding":"7bit","X-Greylist":"Sender succeeded SMTP AUTH, not delayed by\n\tmilter-greylist-4.5.12 (shards.monkeyblade.net\n\t[149.20.54.216]); Tue, 19 Sep 2017 16:01:35 -0700 (PDT)","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"","X-Mailing-List":"netdev@vger.kernel.org"}},{"id":1771551,"web_url":"http://patchwork.ozlabs.org/comment/1771551/","msgid":"","list_archive_url":null,"date":"2017-09-20T04:26:14","subject":"Re: [PATCH,net-next,0/2] Improve code coverage of syzkaller","submitter":{"id":72387,"url":"http://patchwork.ozlabs.org/api/people/72387/","name":"Petar Penkov","email":"peterpenkov96@gmail.com"},"content":"On Tue, Sep 19, 2017 at 4:01 PM, David Miller wrote:\n> From: Petar Penkov \n> Date: Tue, 19 Sep 2017 00:34:00 -0700\n>\n>> The following patches address this by providing the user(syzkaller)\n>> with the ability to send via napi_gro_receive() and napi_gro_frags().\n>> Additionally, syzkaller can specify how many fragments there are and\n>> how much data per fragment there is. This is done by exploiting the\n>> convenient structure of iovecs. Finally, this patch series adds\n>> support for exercising the flow dissector during fuzzing.\n>>\n>> The code path including napi_gro_receive() can be enabled via the\n>> CONFIG_TUN_NAPI compile-time flag, and can be used by users other than\n>> syzkaller. The remainder of the changes in this patch series give the\n>> user significantly more control over packets entering the kernel. To\n>> avoid potential security vulnerabilities, hide the ability to send\n>> custom skbs and the flow dissector code paths behind a run-time flag\n>> IFF_NAPI_FRAGS that is advertised and accepted only if CONFIG_TUN_NAPI\n>> is enabled.\n>>\n>> The patch series will be followed with changes to packetdrill, where\n>> these additions to the TUN driver are exercised and demonstrated.\n>> This will give the ability to write regression tests for specific\n>> parts of the early networking stack.\n>>\n>> Patch 1/ Add NAPI struct per receive queue, enable NAPI, and use\n>> napi_gro_receive()\n>> Patch 2/ Use NAPI skb and napi_gro_frags(), exercise flow\n>> dissector, and allow custom skbs.\n>\n> I'm happy with everything except the TUN_NAPI Kconfig knob\n> requirement.\n>\n> Rebuilding something just to test things isn't going to fly very well.\n>\n> Please make it secure somehow, enable this stuff by default.\n>\n> Thanks.\n\nWithout a compile-time option, the TUN/TAP driver will have a\ncode-path that allows\nuser control over kernel memory allocation, and specifically over the\nSKBs that enter\nthe kernel. That path might be hard to exploit as it requires some\nuser privileges,\nbut it does exist and increases attack surface of the kernel. While\nthe flag certainly\ninconveniences testing, I think the layer of security it adds\noutweighs its disadvantages.\n\nFurthermore, in a way testing already requires specific kernel configuration.\nIn this particular example, syzkaller prefers synchronous operation\nand therefore needs\n4KSTACKS disabled. Other features that require rebuilding are KASAN\nand dbx. From\nthis point of view, I still think that having the TUN_NAPI flag has value.","headers":{"Return-Path":"","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"Ni500Q2L\"; dkim-atps=neutral"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xxmsB4RRrz9s2G\n\tfor ;\n\tWed, 20 Sep 2017 14:26:22 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751192AbdITE0Q (ORCPT );\n\tWed, 20 Sep 2017 00:26:16 -0400","from mail-it0-f68.google.com ([209.85.214.68]:38388 \"EHLO\n\tmail-it0-f68.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1750785AbdITE0Q (ORCPT\n\t); Wed, 20 Sep 2017 00:26:16 -0400","by mail-it0-f68.google.com with SMTP id 85so816287ith.5\n\tfor ; Tue, 19 Sep 2017 21:26:15 -0700 (PDT)","by 10.79.97.69 with HTTP; Tue, 19 Sep 2017 21:26:14 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=gmail.com; s=20161025;\n\th=mime-version:in-reply-to:references:from:date:message-id:subject:to\n\t:cc; bh=2z4GbrHbUo5JVADNhuN4C4GAgLd1oxfeV2F82E/pNj8=;\n\tb=Ni500Q2L28leiUmo1FFL3rBTvq8Vr3qIAn9n4S8I4FyiwTxDsIbsP50WMuzHuWKah8\n\tWMzYm80y8YUe3wmAlhgLt2OSYUWlcaRvvCb7XXCF74Py18uRQbHEK/qAzmgRZaNslwJX\n\ttwHALxvdKklBE6IQM/jKreUmqxx/bETeAkstsKTZHBH/0OrcFE2Qhl21v7QpQ8egukYl\n\t1O3cGRxGCNChj2o7lcFFaGDhJpJEfsENKuhCi3AALJgY1yDUghSEfrg8aq9uH5xQ3hBk\n\t9EsIaWDye/YdQol6ytbauRpvzYHRukjlaZzUw7teY/fKPjNhslHsVVbKTsvZ5tDKD1Gc\n\t6exw==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:mime-version:in-reply-to:references:from:date\n\t:message-id:subject:to:cc;\n\tbh=2z4GbrHbUo5JVADNhuN4C4GAgLd1oxfeV2F82E/pNj8=;\n\tb=jH8NIiVGoei1z78YZue9cdrmZVWRgc2rnJ+oW2kbdskaLuRxSUwCcMh5q9Om7I7JO4\n\tjnIczFQG1Wce4ll3QnmOMmp+g/7MfGVw2HDWvdZRyWNnqOZbNRnMEwBK2l0PWhUtQ95P\n\tNlJNbAUSVMN0hO4Sm6CDe1WYRyl/Tp3im08lDRbgqhmiKo4GBOVejSlsDPXJIWE/o75z\n\tbZaEUehcKyLlH43YEFgpYh/9qJdI0I2k63c92zDMr6We1H2KNUnwGQHr1vnA0yUG4K7a\n\tMADSKSDWyJsQQ3yMugMDQyp4GZhv3DUOX9/D4CpG9SBsX/9in7psF3h2eeb7tYQQKN6a\n\tdXTA==","X-Gm-Message-State":"AHPjjUggcPrTI2MnNdfrfgBtLb4MFAeausC3w54yemGAQIQ3ifgQ+XmC\n\tPkmTjHGBLtZ17MRMqe5nIX/AYmj6Pgip+JQcV+679Q==","X-Google-Smtp-Source":"AOwi7QD4apzk3KTYuXAXHlYwN2y85Dq+P0SIns2uhJ1yJ+cu2zJnobsGrqoCIUKDH92kitOIAbvHus/D10zkH+92UaI=","X-Received":"by 10.36.120.142 with SMTP id p136mr1268102itc.55.1505881575222; \n\tTue, 19 Sep 2017 21:26:15 -0700 (PDT)","MIME-Version":"1.0","In-Reply-To":"<20170919.160134.534837308168786965.davem@davemloft.net>","References":"<20170919073402.2292-1-peterpenkov96@gmail.com>\n\t<20170919.160134.534837308168786965.davem@davemloft.net>","From":"Petar Penkov ","Date":"Tue, 19 Sep 2017 21:26:14 -0700","Message-ID":"","Subject":"Re: [PATCH,net-next,0/2] Improve code coverage of syzkaller","To":"David Miller ","Cc":"netdev@vger.kernel.org","Content-Type":"text/plain; charset=\"UTF-8\"","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"","X-Mailing-List":"netdev@vger.kernel.org"}},{"id":1771600,"web_url":"http://patchwork.ozlabs.org/comment/1771600/","msgid":"<20170919.230853.540610280718334640.davem@davemloft.net>","list_archive_url":null,"date":"2017-09-20T06:08:53","subject":"Re: [PATCH,net-next,0/2] Improve code coverage of syzkaller","submitter":{"id":15,"url":"http://patchwork.ozlabs.org/api/people/15/","name":"David Miller","email":"davem@davemloft.net"},"content":"From: Petar Penkov \nDate: Tue, 19 Sep 2017 21:26:14 -0700\n\n> Furthermore, in a way testing already requires specific kernel\n> configuration. In this particular example, syzkaller prefers\n> synchronous operation and therefore needs 4KSTACKS disabled. Other\n> features that require rebuilding are KASAN and dbx. From this point\n> of view, I still think that having the TUN_NAPI flag has value.\n\nThen I think this path could be enabled/disabled with a runtime flag\njust as easily, no?","headers":{"Return-Path":"","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xxq7Z5cVKz9s7c\n\tfor ;\n\tWed, 20 Sep 2017 16:08:58 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751628AbdITGI4 (ORCPT );\n\tWed, 20 Sep 2017 02:08:56 -0400","from shards.monkeyblade.net ([184.105.139.130]:35442 \"EHLO\n\tshards.monkeyblade.net\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1751549AbdITGIz (ORCPT\n\t); Wed, 20 Sep 2017 02:08:55 -0400","from localhost (74-93-104-98-Washington.hfc.comcastbusiness.net\n\t[74.93.104.98]) (using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(Client did not present a certificate)\n\t(Authenticated sender: davem-davemloft)\n\tby shards.monkeyblade.net (Postfix) with ESMTPSA id 73037102D6D28;\n\tTue, 19 Sep 2017 23:08:55 -0700 (PDT)"],"Date":"Tue, 19 Sep 2017 23:08:53 -0700 (PDT)","Message-Id":"<20170919.230853.540610280718334640.davem@davemloft.net>","To":"peterpenkov96@gmail.com","Cc":"netdev@vger.kernel.org","Subject":"Re: [PATCH,net-next,0/2] Improve code coverage of syzkaller","From":"David Miller ","In-Reply-To":"","References":"<20170919073402.2292-1-peterpenkov96@gmail.com>\n\t<20170919.160134.534837308168786965.davem@davemloft.net>\n\t","X-Mailer":"Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO)","Mime-Version":"1.0","Content-Type":"Text/Plain; charset=us-ascii","Content-Transfer-Encoding":"7bit","X-Greylist":"Sender succeeded SMTP AUTH, not delayed by\n\tmilter-greylist-4.5.12 (shards.monkeyblade.net\n\t[149.20.54.216]); Tue, 19 Sep 2017 23:08:55 -0700 (PDT)","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"","X-Mailing-List":"netdev@vger.kernel.org"}},{"id":1771996,"web_url":"http://patchwork.ozlabs.org/comment/1771996/","msgid":"","list_archive_url":null,"date":"2017-09-20T15:38:45","subject":"Re: [PATCH,net-next,0/2] Improve code coverage of syzkaller","submitter":{"id":67615,"url":"http://patchwork.ozlabs.org/api/people/67615/","name":"Willem de Bruijn","email":"willemdebruijn.kernel@gmail.com"},"content":"On Wed, Sep 20, 2017 at 2:08 AM, David Miller wrote:\n> From: Petar Penkov \n> Date: Tue, 19 Sep 2017 21:26:14 -0700\n>\n>> Furthermore, in a way testing already requires specific kernel\n>> configuration. In this particular example, syzkaller prefers\n>> synchronous operation and therefore needs 4KSTACKS disabled. Other\n>> features that require rebuilding are KASAN and dbx. From this point\n>> of view, I still think that having the TUN_NAPI flag has value.\n>\n> Then I think this path could be enabled/disabled with a runtime flag\n> just as easily, no?\n\nI think that the compile time option was chosen because of the ns_capable\ncheck, so that with user namespaces unprivileged processes can control this\npath. Perhaps we can require capable() only to set IFF_NAPI_FRAGS.\n\nThen we can convert the napi_gro_receive path to be conditional on a new\nIFF_NAPI flag instead of this compile time option.","headers":{"Return-Path":"","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"fnZQxK1/\"; dkim-atps=neutral"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xy3ns5bMwz9s8J\n\tfor ;\n\tThu, 21 Sep 2017 01:39:29 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751581AbdITPj1 (ORCPT );\n\tWed, 20 Sep 2017 11:39:27 -0400","from mail-oi0-f66.google.com ([209.85.218.66]:36341 \"EHLO\n\tmail-oi0-f66.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1751408AbdITPj0 (ORCPT\n\t); Wed, 20 Sep 2017 11:39:26 -0400","by mail-oi0-f66.google.com with SMTP id a74so1544436oib.3\n\tfor ; Wed, 20 Sep 2017 08:39:26 -0700 (PDT)","by 10.168.31.195 with HTTP; Wed, 20 Sep 2017 08:38:45 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=gmail.com; s=20161025;\n\th=mime-version:in-reply-to:references:from:date:message-id:subject:to\n\t:cc; bh=YXDMmw30UrTJPBnUzRF3l4bCadVCkuR6XqXLGgxhjNw=;\n\tb=fnZQxK1/a7jDtLibWp67lSu/xuvaXgA3zLiKOXWN+Pj1dOgw1YVBYtI4v/0C2ZeKWC\n\tkwWdttM6i584m9zYrFt4WJDIzoWGeRG59gOqGxlWlhHFtuuxQS7XeLXRiLk+f1oqrw0Z\n\twgDVQvtY6Mb/JKXNmz/f3OZNbQ8iTWvSbW1//kf+oSL9WtNB2gIj/kOeqRmLrxuisFCh\n\tpiyqbilkYwGN4vb8rQPCeRsb2yvZGBjM1/KC+6zxacrnV4ODOL5QNGM0bbz7GkldnNH8\n\t2lIqMXeboPR0Y4S3rxtkVAM0o7MOz7PyG/xbnTd21a7IFrz/jGfypblDaKHKVixbdJGT\n\t3Bsg==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:mime-version:in-reply-to:references:from:date\n\t:message-id:subject:to:cc;\n\tbh=YXDMmw30UrTJPBnUzRF3l4bCadVCkuR6XqXLGgxhjNw=;\n\tb=M2J+8EDwdAuw9hlX9i4fysuK4K6wvLO9iv7xsYWs5yT0Zbdjvy4A9hXZ39q45SUcdt\n\twF0wkOKT0W5uyAgDOG3Nc8RkVht1XQj9qz7lPgLUWOtRi/Fe95zp+kjTko2STTPr15jX\n\tJ++W1Iceqc6tNLF2F1J5MI1XucnQALKe1GesFg/SoXf3TCZv0mmSeNGyVsIPEXxx6p58\n\tL8V2BL6tHG/2vBAsGTfzqNjlBh6Y/DIF0IG6b9C9qMOOMbSYgXQ3jkcTNWkeJPld6QT4\n\tKEFkJvW5lIKCKadL+98ioYLBUTwL2pl1WJl3FmfbfuAHaYu53RbM7AvN0wCN2AMg7vuw\n\t7Sng==","X-Gm-Message-State":"AHPjjUjWEHOoGM/Ib+YGG/FW/ahW/8V5RkGMjNtgbX3PiudhhCDDwAhm\n\tcf+8H01CPBcnoHylnJqTA74/XYnqZuvFW+CYpk4=","X-Google-Smtp-Source":"AOwi7QBwgvRt4SDaaCJAwvLeUGMn58dUgmydrRyoxMDJqS6J4jxpscgiHW9IRkPoGtnr8pzrZu01sP7OldDqfvhoAnw=","X-Received":"by 10.202.253.209 with SMTP id\n\tb200mr3737880oii.279.1505921965920; \n\tWed, 20 Sep 2017 08:39:25 -0700 (PDT)","MIME-Version":"1.0","In-Reply-To":"<20170919.230853.540610280718334640.davem@davemloft.net>","References":"<20170919073402.2292-1-peterpenkov96@gmail.com>\n\t<20170919.160134.534837308168786965.davem@davemloft.net>\n\t\n\t<20170919.230853.540610280718334640.davem@davemloft.net>","From":"Willem de Bruijn ","Date":"Wed, 20 Sep 2017 11:38:45 -0400","Message-ID":"","Subject":"Re: [PATCH,net-next,0/2] Improve code coverage of syzkaller","To":"David Miller ","Cc":"peterpenkov96@gmail.com, Network Development ","Content-Type":"text/plain; charset=\"UTF-8\"","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"","X-Mailing-List":"netdev@vger.kernel.org"}},{"id":1772049,"web_url":"http://patchwork.ozlabs.org/comment/1772049/","msgid":"<20170920.093646.2147747625061858821.davem@davemloft.net>","list_archive_url":null,"date":"2017-09-20T16:36:46","subject":"Re: [PATCH,net-next,0/2] Improve code coverage of syzkaller","submitter":{"id":15,"url":"http://patchwork.ozlabs.org/api/people/15/","name":"David Miller","email":"davem@davemloft.net"},"content":"From: Willem de Bruijn \nDate: Wed, 20 Sep 2017 11:38:45 -0400\n\n> I think that the compile time option was chosen because of the ns_capable\n> check, so that with user namespaces unprivileged processes can control this\n> path. Perhaps we can require capable() only to set IFF_NAPI_FRAGS.\n> \n> Then we can convert the napi_gro_receive path to be conditional on a new\n> IFF_NAPI flag instead of this compile time option.\n\nThat works for me.","headers":{"Return-Path":"","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xy5416r9Bz9t2Q\n\tfor ;\n\tThu, 21 Sep 2017 02:36:49 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751343AbdITQgs (ORCPT );\n\tWed, 20 Sep 2017 12:36:48 -0400","from shards.monkeyblade.net ([184.105.139.130]:56132 \"EHLO\n\tshards.monkeyblade.net\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1751001AbdITQgr (ORCPT\n\t); Wed, 20 Sep 2017 12:36:47 -0400","from localhost (74-93-104-98-Washington.hfc.comcastbusiness.net\n\t[74.93.104.98]) (using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(Client did not present a certificate)\n\t(Authenticated sender: davem-davemloft)\n\tby shards.monkeyblade.net (Postfix) with ESMTPSA id E7A55102E6008;\n\tWed, 20 Sep 2017 09:36:46 -0700 (PDT)"],"Date":"Wed, 20 Sep 2017 09:36:46 -0700 (PDT)","Message-Id":"<20170920.093646.2147747625061858821.davem@davemloft.net>","To":"willemdebruijn.kernel@gmail.com","Cc":"peterpenkov96@gmail.com, netdev@vger.kernel.org","Subject":"Re: [PATCH,net-next,0/2] Improve code coverage of syzkaller","From":"David Miller ","In-Reply-To":"","References":"\n\t<20170919.230853.540610280718334640.davem@davemloft.net>\n\t","X-Mailer":"Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO)","Mime-Version":"1.0","Content-Type":"Text/Plain; charset=us-ascii","Content-Transfer-Encoding":"7bit","X-Greylist":"Sender succeeded SMTP AUTH, not delayed by\n\tmilter-greylist-4.5.12 (shards.monkeyblade.net\n\t[149.20.54.216]); Wed, 20 Sep 2017 09:36:47 -0700 (PDT)","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"","X-Mailing-List":"netdev@vger.kernel.org"}}]