1 files changed, 0 insertions, 52 deletions
diff --git a/recipes-kernel/linux/linux-cavium/CVE-2017-6214.patch b/recipes-kernel/linux/linux-cavium/CVE-2017-6214.patch
deleted file mode 100644
index 640ed5c..0000000
--- a/recipes-kernel/linux/linux-cavium/CVE-2017-6214.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 0f895f51a831d73ce24158534784aba5b2a72a9e Mon Sep 17 00:00:00 2001
-From: Eric Dumazet <edumazet@google.com>
-Date: Fri, 3 Feb 2017 14:59:38 -0800
-Subject: [PATCH] tcp: avoid infinite loop in tcp_splice_read()
-[ Upstream commit ccf7abb93af09ad0868ae9033d1ca8108bdaec82 ]
-Splicing from TCP socket is vulnerable when a packet with URG flag is
-received and stored into receive queue.
-__tcp_splice_read() returns 0, and sk_wait_data() immediately
-returns since there is the problematic skb in queue.
-This is a nice way to burn cpu (aka infinite loop) and trigger
-soft lockups.
-Again, this gem was found by syzkaller tool.
-CVE: CVE-2017-6214
-Upstream-Status: Backport [from kernel.org longterm 4.9.52]
-Fixes: 9c55e01c0cc8 ("[TCP]: Splice receive support.")
-Signed-off-by: Eric Dumazet <edumazet@google.com>
-Reported-by: Dmitry Vyukov  <dvyukov@google.com>
-Cc: Willy Tarreau <w@1wt.eu>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
- net/ipv4/tcp.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
-index 814af89..6a90a0e 100644
--- a/net/ipv4/tcp.c
-+++ b/net/ipv4/tcp.c
-@@ -772,6 +772,12 @@ ssize_t tcp_splice_read(struct socket *sock, loff_t *ppos,
-                                ret = -EAGAIN;
-                                break;
-                        }
-+                       /* if __tcp_splice_read() got nothing while we have
-+                        * an skb in receive queue, we do not want to loop.
-+                        * This might happen with URG data.
-+                        */
-+                       if (!skb_queue_empty(&sk->sk_receive_queue))
-+                               break;
-                        sk_wait_data(sk, &timeo, NULL);
-                        if (signal_pending(current)) {
-                                ret = sock_intr_errno(timeo);
-- 
-1.9.1

diff --git a/recipes-kernel/linux/linux-cavium/CVE-2017-6214.patch b/recipes-kernel/linux/linux-cavium/CVE-2017-6214.patch deleted file mode 100644 index 640ed5c..0000000 --- a/recipes-kernel/linux/linux-cavium/CVE-2017-6214.patch +++ /dev/null
@@ -1,52 +0,0 @@
1	From 0f895f51a831d73ce24158534784aba5b2a72a9e Mon Sep 17 00:00:00 2001
2	From: Eric Dumazet <edumazet@google.com>
3	Date: Fri, 3 Feb 2017 14:59:38 -0800
4	Subject: [PATCH] tcp: avoid infinite loop in tcp_splice_read()
5
6	[ Upstream commit ccf7abb93af09ad0868ae9033d1ca8108bdaec82 ]
7
8	Splicing from TCP socket is vulnerable when a packet with URG flag is
9	received and stored into receive queue.
10
11	__tcp_splice_read() returns 0, and sk_wait_data() immediately
12	returns since there is the problematic skb in queue.
13
14	This is a nice way to burn cpu (aka infinite loop) and trigger
15	soft lockups.
16
17	Again, this gem was found by syzkaller tool.
18
19	CVE: CVE-2017-6214
20	Upstream-Status: Backport [from kernel.org longterm 4.9.52]
21
22	Fixes: 9c55e01c0cc8 ("[TCP]: Splice receive support.")
23	Signed-off-by: Eric Dumazet <edumazet@google.com>
24	Reported-by: Dmitry Vyukov <dvyukov@google.com>
25	Cc: Willy Tarreau <w@1wt.eu>
26	Signed-off-by: David S. Miller <davem@davemloft.net>
27	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
28	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
29	---
30	net/ipv4/tcp.c \| 6 ++++++
31	1 file changed, 6 insertions(+)
32
33	diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
34	index 814af89..6a90a0e 100644
35	--- a/net/ipv4/tcp.c
36	+++ b/net/ipv4/tcp.c
37	@@ -772,6 +772,12 @@ ssize_t tcp_splice_read(struct socket sock, loff_t ppos,
38	ret = -EAGAIN;
39	break;
40	}
41	+ /* if __tcp_splice_read() got nothing while we have
42	+ * an skb in receive queue, we do not want to loop.
43	+ * This might happen with URG data.
44	+ */
45	+ if (!skb_queue_empty(&sk->sk_receive_queue))
46	+ break;
47	sk_wait_data(sk, &timeo, NULL);
48	if (signal_pending(current)) {
49	ret = sock_intr_errno(timeo);
50	--
51	1.9.1
52