diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2016-01-28 11:19:36 +0100 |
---|---|---|
committer | Paul Vaduva <Paul.Vaduva@enea.com> | 2016-01-28 13:59:59 +0100 |
commit | f5798feb9e960f2e05b49d9dceda71ae227e1a22 (patch) | |
tree | 886c21d6934254ab68dfa53475b8af521cd0cf81 | |
parent | 859a1735be48a2ff960354772832c65b15e3377c (diff) | |
download | meta-enea-f5798feb9e960f2e05b49d9dceda71ae227e1a22.tar.gz |
virtio-net: CVE-2015-5156
Fixes a buffer overflow flaw in the Linux kernel's virtio-net subsystem.
Upstream patch:
http://marc.info/?l=linux-netdev&m=143868216724068&w=2
References:
http://www.openwall.com/lists/oss-security/2015/08/06/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5156
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Paul Vaduva <Paul.Vaduva@enea.com>
4 files changed, 98 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-qoriq-3.12/virtio-net-CVE-2015-5156.patch b/recipes-kernel/linux/linux-qoriq-3.12/virtio-net-CVE-2015-5156.patch new file mode 100644 index 0000000..f74bd9a --- /dev/null +++ b/recipes-kernel/linux/linux-qoriq-3.12/virtio-net-CVE-2015-5156.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | From 7c11e86ec40e52468fe65acf89c6da7a6d833a44 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jason Wang <jasowang@redhat.com> | ||
3 | Date: Wed, 5 Aug 2015 10:34:04 +0800 | ||
4 | Subject: virtio-net: drop NETIF_F_FRAGLIST | ||
5 | |||
6 | [ Upstream commit 48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39 ] | ||
7 | |||
8 | virtio declares support for NETIF_F_FRAGLIST, but assumes | ||
9 | that there are at most MAX_SKB_FRAGS + 2 fragments which isn't | ||
10 | always true with a fraglist. | ||
11 | |||
12 | A longer fraglist in the skb will make the call to skb_to_sgvec overflow | ||
13 | the sg array, leading to memory corruption. | ||
14 | |||
15 | Drop NETIF_F_FRAGLIST so we only get what we can handle. | ||
16 | |||
17 | Fixes CVE-2015-5156. | ||
18 | Upstream-Status: Backport | ||
19 | |||
20 | Cc: Michael S. Tsirkin <mst@redhat.com> | ||
21 | Signed-off-by: Jason Wang <jasowang@redhat.com> | ||
22 | Acked-by: Michael S. Tsirkin <mst@redhat.com> | ||
23 | Signed-off-by: David S. Miller <davem@davemloft.net> | ||
24 | Signed-off-by: Jiri Slaby <jslaby@suse.cz> | ||
25 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
26 | --- | ||
27 | drivers/net/virtio_net.c | 4 ++-- | ||
28 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
29 | |||
30 | diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c | ||
31 | index 0232156..5d08051 100644 | ||
32 | --- a/drivers/net/virtio_net.c | ||
33 | +++ b/drivers/net/virtio_net.c | ||
34 | @@ -1567,9 +1567,9 @@ static int virtnet_probe(struct virtio_device *vdev) | ||
35 | /* Do we support "hardware" checksums? */ | ||
36 | if (virtio_has_feature(vdev, VIRTIO_NET_F_CSUM)) { | ||
37 | /* This opens up the world of extra features. */ | ||
38 | - dev->hw_features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST; | ||
39 | + dev->hw_features |= NETIF_F_HW_CSUM | NETIF_F_SG; | ||
40 | if (csum) | ||
41 | - dev->features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST; | ||
42 | + dev->features |= NETIF_F_HW_CSUM | NETIF_F_SG; | ||
43 | |||
44 | if (virtio_has_feature(vdev, VIRTIO_NET_F_GSO)) { | ||
45 | dev->hw_features |= NETIF_F_TSO | NETIF_F_UFO | ||
46 | -- | ||
47 | cgit v0.12 | ||
48 | |||
diff --git a/recipes-kernel/linux/linux-qoriq-common.inc b/recipes-kernel/linux/linux-qoriq-common.inc index 4b3d483..3abe78d 100644 --- a/recipes-kernel/linux/linux-qoriq-common.inc +++ b/recipes-kernel/linux/linux-qoriq-common.inc | |||
@@ -18,6 +18,7 @@ SRC_URI += "file://b4860-hard_irq_disable-bug.patch \ | |||
18 | file://security-keys-CVE-2016-0728.patch \ | 18 | file://security-keys-CVE-2016-0728.patch \ |
19 | file://vfs-CVE-2015-2925.patch \ | 19 | file://vfs-CVE-2015-2925.patch \ |
20 | file://dcache-CVE-2015-2925.patch \ | 20 | file://dcache-CVE-2015-2925.patch \ |
21 | file://virtio-net-CVE-2015-5156.patch \ | ||
21 | " | 22 | " |
22 | 23 | ||
23 | SRC_URI += "file://cfg/00013-localversion.cfg \ | 24 | SRC_URI += "file://cfg/00013-localversion.cfg \ |
diff --git a/recipes-kernel/linux/linux-yocto-3.14/virtio-net-CVE-2015-5156.patch b/recipes-kernel/linux/linux-yocto-3.14/virtio-net-CVE-2015-5156.patch new file mode 100644 index 0000000..1c68842 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto-3.14/virtio-net-CVE-2015-5156.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | From 6d419a0b5bcdfe5b2cc8821d11b102dba01b28f6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jason Wang <jasowang@redhat.com> | ||
3 | Date: Wed, 5 Aug 2015 10:34:04 +0800 | ||
4 | Subject: virtio-net: drop NETIF_F_FRAGLIST | ||
5 | |||
6 | [ Upstream commit 48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39 ] | ||
7 | |||
8 | virtio declares support for NETIF_F_FRAGLIST, but assumes | ||
9 | that there are at most MAX_SKB_FRAGS + 2 fragments which isn't | ||
10 | always true with a fraglist. | ||
11 | |||
12 | A longer fraglist in the skb will make the call to skb_to_sgvec overflow | ||
13 | the sg array, leading to memory corruption. | ||
14 | |||
15 | Drop NETIF_F_FRAGLIST so we only get what we can handle. | ||
16 | |||
17 | Fixes CVE-2015-5156. | ||
18 | Upstream-Status: Backport | ||
19 | |||
20 | Cc: Michael S. Tsirkin <mst@redhat.com> | ||
21 | Signed-off-by: Jason Wang <jasowang@redhat.com> | ||
22 | Acked-by: Michael S. Tsirkin <mst@redhat.com> | ||
23 | Signed-off-by: David S. Miller <davem@davemloft.net> | ||
24 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | ||
25 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
26 | --- | ||
27 | drivers/net/virtio_net.c | 4 ++-- | ||
28 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
29 | |||
30 | diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c | ||
31 | index 841b608..5c150a0 100644 | ||
32 | --- a/drivers/net/virtio_net.c | ||
33 | +++ b/drivers/net/virtio_net.c | ||
34 | @@ -1652,9 +1652,9 @@ static int virtnet_probe(struct virtio_device *vdev) | ||
35 | /* Do we support "hardware" checksums? */ | ||
36 | if (virtio_has_feature(vdev, VIRTIO_NET_F_CSUM)) { | ||
37 | /* This opens up the world of extra features. */ | ||
38 | - dev->hw_features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST; | ||
39 | + dev->hw_features |= NETIF_F_HW_CSUM | NETIF_F_SG; | ||
40 | if (csum) | ||
41 | - dev->features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST; | ||
42 | + dev->features |= NETIF_F_HW_CSUM | NETIF_F_SG; | ||
43 | |||
44 | if (virtio_has_feature(vdev, VIRTIO_NET_F_GSO)) { | ||
45 | dev->hw_features |= NETIF_F_TSO | NETIF_F_UFO | ||
46 | -- | ||
47 | cgit v0.12 | ||
48 | |||
diff --git a/recipes-kernel/linux/linux-yocto_3.14.bbappend b/recipes-kernel/linux/linux-yocto_3.14.bbappend index fab7fc4..2f32b56 100644 --- a/recipes-kernel/linux/linux-yocto_3.14.bbappend +++ b/recipes-kernel/linux/linux-yocto_3.14.bbappend | |||
@@ -23,4 +23,5 @@ SRC_URI += "file://HID_CVE_patches/0005-HID-steelseries-validate-output-report-d | |||
23 | file://usb-whiteheat-CVE-2015-5257.patch \ | 23 | file://usb-whiteheat-CVE-2015-5257.patch \ |
24 | file://vfs-CVE-2015-2925.patch \ | 24 | file://vfs-CVE-2015-2925.patch \ |
25 | file://dcache-CVE-2015-2925.patch \ | 25 | file://dcache-CVE-2015-2925.patch \ |
26 | file://virtio-net-CVE-2015-5156.patch \ | ||
26 | " | 27 | " |