[mhei]

The problematic patch only seems to be introduced in mainline 4.2, not 3.19, compare:

http://lxr.free-electrons.com/source/net/core/datagram.c?v=3...

http://lxr.free-electrons.com/source/net/core/datagram.c?v=4...

http://lxr.free-electrons.com/source/net/core/datagram.c?v=4...

I am just trying to completely understand the bug, I wonder if it really was unexploitable before the patch. Got any source for that?

EDIT: sorry, misunderstood your message / mixed up commits, I was looking into when 89c22d8c3b27 hit mainline, which causes the vulnerable code path.

[vbernat]

Why "problematic"? The Al Viro change mentioned in the fix is https://github.com/torvalds/linux/commit/227158db160449b6513.... The commit says this makes the bug not exploitable since the new helper function handles correctly the edge case. The fix still needs to be applied to avoid computing the checksum twice.