On Mon, 29 Aug 2016, Christopher Arges wrote: > Another example is CVE-2016-2117. Here we need to unset NETIF_F_SG on a > particular device. If the device is already loaded we need a way to > fixup hw_features on an already allocated network device. Again this > could be done in the init code of the patch, but a nicer solution would > be to do this on a load/unload hook appropriately.
I am afraid this is more complicated than what you describe. You can't just unset NETIF_F_SG and be done with it; look for example what might happen if you clear the flag while skb_segment() is running and gcc is refetching netdev_features_t (there is no READ_ONCE() for that). The same holds for __ip6_append_data(). I am not saying this can't be worked around, but it's way much more complicated than just clearing a bit in a callback. -- Jiri Kosina SUSE Labs
