Patch "packet: fix tp_reserve race in packet_set_ring" was skipped because it is already applied for CVE-2017-1000111.
Skipped a whole bunch of changes, namely:
* revert "net: account for current skb length when
deciding about UFO"
* revert "ipv4: Should use consistent conditional judgement for ip
fragment in __ip_append_data and ip_finish_output"
* udp: consistently apply ufo or fragmentation
* ipv4: Should use consistent conditional judgement for ip fragment
in __ip_append_data and ip_finish_output
* net: account for current skb length when deciding about UFO
I checked the resulting files net/ipv4/udp.c, net/ipv4/ip_output.c, and net/ipv6/ip6_output.c from the 4.4.y tree and our Xenial tree. And overall there is only one difference in the ip*_ouput.c files which come from applying "udp: avoid ufo handling on IP payload compression packets" and "ipv6: Don't use ufo handling on later transformed packets" which I picked as additional patches to be part of CVE-2017-1000112. And those still look like fixes to valid issues (though probably not directly related to the CVE). So I would suggest we stay at what we got right now.
Patch "packet: fix tp_reserve race in packet_set_ring" was skipped because it is already applied for CVE-2017-1000111.
Skipped a whole bunch of changes, namely:
* revert "net: account for current skb length when
deciding about UFO"
* revert "ipv4: Should use consistent conditional judgement for ip
fragment in __ip_append_data and ip_finish_output"
* udp: consistently apply ufo or fragmentation
* ipv4: Should use consistent conditional judgement for ip fragment
in __ip_append_data and ip_finish_output
* net: account for current skb length when deciding about UFO
I checked the resulting files net/ipv4/udp.c, net/ipv4/ ip_output. c, and net/ipv6/ ip6_output. c from the 4.4.y tree and our Xenial tree. And overall there is only one difference in the ip*_ouput.c files which come from applying "udp: avoid ufo handling on IP payload compression packets" and "ipv6: Don't use ufo handling on later transformed packets" which I picked as additional patches to be part of CVE-2017-1000112. And those still look like fixes to valid issues (though probably not directly related to the CVE). So I would suggest we stay at what we got right now.