On Sat, Apr 07, 2018 at 11:40:18AM -0400, Kevin Easton wrote: > As found by syzbot, af_key does not properly validate the key length in > sadb_key messages from userspace. This can result in copying from beyond > the end of the sadb_key part of the message, or indeed beyond the end of > the entire packet. > > Both these patches apply cleanly to ipsec-next. Based on Steffen's > feedback I have re-ordered them so that the fix only is in patch 1, which > I would suggest is also a stable tree candidate, whereas patch 2 is a > cleanup only.
I think here is some explanation needed. Usually bugfixes and cleanups don't go to the same tree. On IPsec bugfixes go to the'ipsec' tree while cleanups and new features go to the 'ipsec-next' tree. So you need to split up your patchsets into patches that are targeted to 'ipsec' and 'ipsec-next'. Aside from that, we are in 'merge window' currently. This means that most maintainers don't accept patches to their -next trees. If you have patches for a -next tree, wait until the merge window is over (when v4.17-rc1 is released) and send them then.