From 8f34b8efbd344ab53d0757e5a08cbf9778191d9b Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Tue, 9 Feb 2016 07:12:42 +0100
Subject: kernel-rds: CVE-2015-2042

Fixes information handling flaw in rds sysctl files.

Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2042

Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=b4482b533bfb54232f31d72c8ab70c1400385040

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
---
 .../linux-qoriq-3.12/net-rds-CVE-2015-2042.patch   | 48 ++++++++++++++++++++++
 recipes-kernel/linux/linux-qoriq-common.inc        |  1 +
 2 files changed, 49 insertions(+)
 create mode 100644 recipes-kernel/linux/linux-qoriq-3.12/net-rds-CVE-2015-2042.patch

diff --git a/recipes-kernel/linux/linux-qoriq-3.12/net-rds-CVE-2015-2042.patch b/recipes-kernel/linux/linux-qoriq-3.12/net-rds-CVE-2015-2042.patch
new file mode 100644
index 0000000..a9ee664
--- /dev/null
+++ b/recipes-kernel/linux/linux-qoriq-3.12/net-rds-CVE-2015-2042.patch
@@ -0,0 +1,48 @@
+From b4482b533bfb54232f31d72c8ab70c1400385040 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sasha.levin@oracle.com>
+Date: Tue, 3 Feb 2015 08:55:58 -0500
+Subject: net: rds: use correct size for max unacked packets and bytes
+
+commit db27ebb111e9f69efece08e4cb6a34ff980f8896 upstream.
+
+Max unacked packets/bytes is an int while sizeof(long) was used in the
+sysctl table.
+
+This means that when they were getting read we'd also leak kernel memory
+to userspace along with the timeout values.
+
+Fixes CVE-2015-2041.
+Upstream-Status: Backport
+
+Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ net/rds/sysctl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/net/rds/sysctl.c b/net/rds/sysctl.c
+index b5cb2aa..35773ad 100644
+--- a/net/rds/sysctl.c
++++ b/net/rds/sysctl.c
+@@ -71,14 +71,14 @@ static struct ctl_table rds_sysctl_rds_table[] = {
+ 	{
+ 		.procname	= "max_unacked_packets",
+ 		.data		= &rds_sysctl_max_unacked_packets,
+-		.maxlen         = sizeof(unsigned long),
++		.maxlen         = sizeof(int),
+ 		.mode           = 0644,
+ 		.proc_handler   = proc_dointvec,
+ 	},
+ 	{
+ 		.procname	= "max_unacked_bytes",
+ 		.data		= &rds_sysctl_max_unacked_bytes,
+-		.maxlen         = sizeof(unsigned long),
++		.maxlen         = sizeof(int),
+ 		.mode           = 0644,
+ 		.proc_handler   = proc_dointvec,
+ 	},
+-- 
+cgit v0.12
+
diff --git a/recipes-kernel/linux/linux-qoriq-common.inc b/recipes-kernel/linux/linux-qoriq-common.inc
index 90cae6d..8e8e1c4 100644
--- a/recipes-kernel/linux/linux-qoriq-common.inc
+++ b/recipes-kernel/linux/linux-qoriq-common.inc
@@ -20,6 +20,7 @@ SRC_URI += "file://b4860-hard_irq_disable-bug.patch \
     file://dcache-CVE-2015-2925.patch \
     file://virtio-net-CVE-2015-5156.patch \
     file://ipc-CVE-2015-7613.patch \
+    file://net-rds-CVE-2015-2042.patch \
     "
 
 SRC_URI += "file://cfg/00013-localversion.cfg \
-- 
cgit v1.2.3-54-g00ecf