diff options
author | Tudor Florea <tudor.florea@enea.com> | 2015-11-06 00:43:18 +0100 |
---|---|---|
committer | Sona Sarmadi <sona.sarmadi@enea.com> | 2015-11-06 07:56:40 +0100 |
commit | fbdcccc729c468e927ae1e2a86493834ff0ace2a (patch) | |
tree | d15268e6112ae122ebb5eaa76a9b13a5489e37b1 | |
parent | eed885c9afee7c93efa559df9336eb7ff7390e2c (diff) | |
download | meta-enea-fbdcccc729c468e927ae1e2a86493834ff0ace2a.tar.gz |
kernel: CVE-2015-5364, CVE-2015-5366
This fixes incorrect processing of checksums in UDP implementation
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
-rw-r--r-- | recipes-kernel/linux/files/udp_fix_behavior_of_wrong_checksums.patch | 65 | ||||
-rw-r--r-- | recipes-kernel/linux/linux-yocto_3.14.bbappend | 3 |
2 files changed, 67 insertions, 1 deletions
diff --git a/recipes-kernel/linux/files/udp_fix_behavior_of_wrong_checksums.patch b/recipes-kernel/linux/files/udp_fix_behavior_of_wrong_checksums.patch new file mode 100644 index 0000000..f4a99ae --- /dev/null +++ b/recipes-kernel/linux/files/udp_fix_behavior_of_wrong_checksums.patch | |||
@@ -0,0 +1,65 @@ | |||
1 | From beb39db59d14990e401e235faf66a6b9b31240b0 Mon Sep 17 00:00:00 2001 | ||
2 | From: Eric Dumazet <edumazet@google.com> | ||
3 | Date: Sat, 30 May 2015 09:16:53 -0700 | ||
4 | Subject: udp: fix behavior of wrong checksums | ||
5 | |||
6 | [ Upstream commit beb39db59d14990e401e235faf66a6b9b31240b0 ] | ||
7 | |||
8 | We have two problems in UDP stack related to bogus checksums : | ||
9 | |||
10 | 1) We return -EAGAIN to application even if receive queue is not empty. | ||
11 | This breaks applications using edge trigger epoll() | ||
12 | |||
13 | 2) Under UDP flood, we can loop forever without yielding to other | ||
14 | processes, potentially hanging the host, especially on non SMP. | ||
15 | |||
16 | This patch is an attempt to make things better. | ||
17 | |||
18 | We might in the future add extra support for rt applications | ||
19 | wanting to better control time spent doing a recv() in a hostile | ||
20 | environment. For example we could validate checksums before queuing | ||
21 | packets in socket receive queue. | ||
22 | |||
23 | Signed-off-by: Eric Dumazet <edumazet@google.com> | ||
24 | Cc: Willem de Bruijn <willemb@google.com> | ||
25 | Signed-off-by: David S. Miller <davem@davemloft.net> | ||
26 | Signed-off-by: Tudor Florea <tudor.florea@enea.com> | ||
27 | Upstream-Status: backport | ||
28 | |||
29 | diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c | ||
30 | index d10b7e0..1c92ea6 100644 | ||
31 | --- a/net/ipv4/udp.c | ||
32 | +++ b/net/ipv4/udp.c | ||
33 | @@ -1295,10 +1295,8 @@ csum_copy_err: | ||
34 | } | ||
35 | unlock_sock_fast(sk, slow); | ||
36 | |||
37 | - if (noblock) | ||
38 | - return -EAGAIN; | ||
39 | - | ||
40 | - /* starting over for a new packet */ | ||
41 | + /* starting over for a new packet, but check if we need to yield */ | ||
42 | + cond_resched(); | ||
43 | msg->msg_flags &= ~MSG_TRUNC; | ||
44 | goto try_again; | ||
45 | } | ||
46 | diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c | ||
47 | index c2ec416..e51fc3e 100644 | ||
48 | --- a/net/ipv6/udp.c | ||
49 | +++ b/net/ipv6/udp.c | ||
50 | @@ -497,10 +497,8 @@ csum_copy_err: | ||
51 | } | ||
52 | unlock_sock_fast(sk, slow); | ||
53 | |||
54 | - if (noblock) | ||
55 | - return -EAGAIN; | ||
56 | - | ||
57 | - /* starting over for a new packet */ | ||
58 | + /* starting over for a new packet, but check if we need to yield */ | ||
59 | + cond_resched(); | ||
60 | msg->msg_flags &= ~MSG_TRUNC; | ||
61 | goto try_again; | ||
62 | } | ||
63 | -- | ||
64 | cgit v0.10.2 | ||
65 | |||
diff --git a/recipes-kernel/linux/linux-yocto_3.14.bbappend b/recipes-kernel/linux/linux-yocto_3.14.bbappend index 9d51809..bab3136 100644 --- a/recipes-kernel/linux/linux-yocto_3.14.bbappend +++ b/recipes-kernel/linux/linux-yocto_3.14.bbappend | |||
@@ -1,5 +1,6 @@ | |||
1 | FILESEXTRAPATHS_prepend := "${THISDIR}/files:" | 1 | FILESEXTRAPATHS_prepend := "${THISDIR}/files:" |
2 | 2 | ||
3 | SRC_URI += "file://HID_CVE_patches/0005-HID-steelseries-validate-output-report-details.patch \ | 3 | SRC_URI += "file://HID_CVE_patches/0005-HID-steelseries-validate-output-report-details.patch \ |
4 | file://keys-CVE-2015-1333.patch \ | 4 | file://keys-CVE-2015-1333.patch \ |
5 | file://udp_fix_behavior_of_wrong_checksums.patch \ | ||
5 | " | 6 | " |