Here are some fixes for rxrpc, as found by Sashiko[1]:

 (1) Fix leaks in rxkad_verify_response().

 (2) Fix handling of rxkad-encrypted packets with crypto-misaligned
     lengths.

 (3) Fix problem with unsharing DATA packets potentially causing a crash in
     the caller.

 (4) Fix lack of unsharing of RESPONSE packets.

 (5) Fix integer overflow in RxGK ticket length check.

 (6) Fix missing length check in RxKAD tickets.

David

The patches can be found here also:

	http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=rxrpc-fixes

Changes
=======
ver #2)
- Use of __free() constructs in networking code is disallowed, so rework
  the rxkad_verify_response() patch to just clean everything up at the end
  and cope with NULL pointers.
- Reworked the unsharing fix:
  - Used skb_cloned() and skb_copy() directly rather than skb_unshare().
    The problem with skb_unshare() is that it kills the source skbuff if it
    can't copy, which then has to be propagated up the call chain.  Even
    so, the code still had an bug from this[1].
  - Split into two patches, one for DATA and one for RESPONSE packets.
  - Do the DATA unshare a lot further along.
- Imported a patch to add a length check on RxKAD tickets.

Link: https://sashiko.dev/#/patchset/20260408121252.2249051-1-dhowells%40redhat.com [1]

Anderson Nascimento (1):
  rxrpc: Fix missing validation of ticket length in non-XDR key
    preparsing

David Howells (5):
  rxrpc: Fix memory leaks in rxkad_verify_response()
  rxrpc: Fix rxkad crypto unalignment handling
  rxrpc: Fix potential UAF after skb_unshare() failure
  rxrpc: Fix conn-level packet handling to unshare RESPONSE packets
  rxgk: Fix potential integer overflow in length check

 include/trace/events/rxrpc.h |   5 +-
 net/rxrpc/ar-internal.h      |   1 -
 net/rxrpc/call_event.c       |  19 +++++-
 net/rxrpc/conn_event.c       |  29 ++++++++-
 net/rxrpc/io_thread.c        |  24 +-------
 net/rxrpc/key.c              |   4 ++
 net/rxrpc/rxgk_app.c         |   2 +-
 net/rxrpc/rxgk_common.h      |   1 +
 net/rxrpc/rxkad.c            | 112 +++++++++++++++--------------------
 net/rxrpc/skbuff.c           |   9 ---
 10 files changed, 106 insertions(+), 100 deletions(-)

On Wed, 22 Apr 2026 17:14:29 +0100 David Howells wrote:
> Here are some fixes for rxrpc, as found by Sashiko[1]:
> 
>  (1) Fix leaks in rxkad_verify_response().
> 
>  (2) Fix handling of rxkad-encrypted packets with crypto-misaligned
>      lengths.
> 
>  (3) Fix problem with unsharing DATA packets potentially causing a crash in
>      the caller.
> 
>  (4) Fix lack of unsharing of RESPONSE packets.
> 
>  (5) Fix integer overflow in RxGK ticket length check.
> 
>  (6) Fix missing length check in RxKAD tickets.

Have you had a chance to look thru sashiko run for this?

https://sashiko.dev/#/patchset/20260422161438.2593376-4-dhowells@redhat.com

Jakub Kicinski <kuba@kernel.org> wrote:

> Have you had a chance to look thru sashiko run for this?
> 
> https://sashiko.dev/#/patchset/20260422161438.2593376-4-dhowells@redhat.com

It wasn't available this morning when I looked.  I know there are a couple of
things to fix from other checks.

David

On Thu, 23 Apr 2026 19:47:22 +0100 David Howells wrote:
> Jakub Kicinski <kuba@kernel.org> wrote:
> 
> > Have you had a chance to look thru sashiko run for this?
> > 
> > https://sashiko.dev/#/patchset/20260422161438.2593376-4-dhowells@redhat.com  
> 
> It wasn't available this morning when I looked.  I know there are a couple of
> things to fix from other checks.

It is now :) May I offer the following menu of options
 - all the complaints are already taken into account / intentional /
   will be addressed later
 - I need more time, let's wait until tomorrow
 - some of it looks legit, apply patches ${list} only
 - let me respin completely

On Thu, 23 Apr 2026 11:58:53 -0700 Jakub Kicinski wrote:
> On Thu, 23 Apr 2026 19:47:22 +0100 David Howells wrote:
> > Jakub Kicinski <kuba@kernel.org> wrote:
> >   
> > > Have you had a chance to look thru sashiko run for this?
> > > 
> > > https://sashiko.dev/#/patchset/20260422161438.2593376-4-dhowells@redhat.com    
> > 
> > It wasn't available this morning when I looked.  I know there are a couple of
> > things to fix from other checks.  
> 
> It is now :) May I offer the following menu of options
>  - all the complaints are already taken into account / intentional /
>    will be addressed later
>  - I need more time, let's wait until tomorrow
>  - some of it looks legit, apply patches ${list} only
>  - let me respin completely

I've been hacking up Sashiko on top of Claude in these past few days,
and it's far less nit picky. For this series it doesn't flag a thing.
I'll just pull this in, if you could LMK whether any of the "real
Sashiko" reports are actually valid commentary on the current patches
I'd greatly appreciate.

Jakub Kicinski <kuba@kernel.org> wrote:

> I've been hacking up Sashiko on top of Claude in these past few days,
> and it's far less nit picky. For this series it doesn't flag a thing.
> I'll just pull this in, if you could LMK whether any of the "real
> Sashiko" reports are actually valid commentary on the current patches
> I'd greatly appreciate.

They're all valid comments.  I've expanded my series by two further patches
and modified two others (one just a trivial missing space) and will post a v3
shortly.

David

On Thu, 23 Apr 2026 20:56:25 +0100 David Howells wrote:
> Jakub Kicinski <kuba@kernel.org> wrote:
> 
> > I've been hacking up Sashiko on top of Claude in these past few days,
> > and it's far less nit picky. For this series it doesn't flag a thing.
> > I'll just pull this in, if you could LMK whether any of the "real
> > Sashiko" reports are actually valid commentary on the current patches
> > I'd greatly appreciate.  
> 
> They're all valid comments.  I've expanded my series by two further patches
> and modified two others (one just a trivial missing space) and will post a v3
> shortly.

There goes my hope that we found a way to reduce the noise.

Okay, I can rebase on net/main.

David