diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2015-09-25 14:37:00 +0200 |
---|---|---|
committer | Zhenhua Luo <zhenhua.luo@freescale.com> | 2015-10-13 20:10:04 +0800 |
commit | f01c6c71b3850c96bfd0a1e939b73b75b0024924 (patch) | |
tree | 5c3735b93c6628214847864fb6ed51f9bc1f95f3 | |
parent | 81e39add0400ac7ad547799ada09f5c7475bce95 (diff) | |
download | meta-fsl-ppc-f01c6c71b3850c96bfd0a1e939b73b75b0024924.tar.gz |
kernel-udp: CVE-2015-5364, CVE-2015-5366
This fixes incorrect processing of checksums in UDP implementation
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5366
http://www.openwall.com/lists/oss-security/2015/07/10/3
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
commit/?id=a97b54dd69cb05df4c57f5d5b40c761f7835ce4e
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
-rw-r--r-- | recipes-kernel/linux/files/udp-CVE-2015-5364_CVE-2015-5366.patch | 72 | ||||
-rw-r--r-- | recipes-kernel/linux/linux-qoriq_3.12.bb | 1 |
2 files changed, 73 insertions, 0 deletions
diff --git a/recipes-kernel/linux/files/udp-CVE-2015-5364_CVE-2015-5366.patch b/recipes-kernel/linux/files/udp-CVE-2015-5364_CVE-2015-5366.patch new file mode 100644 index 0000000..43f2dbf --- /dev/null +++ b/recipes-kernel/linux/files/udp-CVE-2015-5364_CVE-2015-5366.patch | |||
@@ -0,0 +1,72 @@ | |||
1 | From a97b54dd69cb05df4c57f5d5b40c761f7835ce4e Mon Sep 17 00:00:00 2001 | ||
2 | From: Eric Dumazet <edumazet@google.com> | ||
3 | Date: Sat, 30 May 2015 09:16:53 -0700 | ||
4 | Subject: [PATCH] udp: fix behavior of wrong checksums | ||
5 | |||
6 | [ Upstream commit beb39db59d14990e401e235faf66a6b9b31240b0 ] | ||
7 | |||
8 | We have two problems in UDP stack related to bogus checksums : | ||
9 | |||
10 | 1) We return -EAGAIN to application even if receive queue is not empty. | ||
11 | This breaks applications using edge trigger epoll() | ||
12 | |||
13 | 2) Under UDP flood, we can loop forever without yielding to other | ||
14 | processes, potentially hanging the host, especially on non SMP. | ||
15 | |||
16 | This patch is an attempt to make things better. | ||
17 | |||
18 | We might in the future add extra support for rt applications | ||
19 | wanting to better control time spent doing a recv() in a hostile | ||
20 | environment. For example we could validate checksums before queuing | ||
21 | packets in socket receive queue. | ||
22 | |||
23 | Fixes CVE-2015-5364 and CVE-2015-5366. | ||
24 | Upstream-Status: backport | ||
25 | |||
26 | Signed-off-by: Eric Dumazet <edumazet@google.com> | ||
27 | Cc: Willem de Bruijn <willemb@google.com> | ||
28 | Signed-off-by: David S. Miller <davem@davemloft.net> | ||
29 | Signed-off-by: Jiri Slaby <jslaby@suse.cz> | ||
30 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
31 | --- | ||
32 | net/ipv4/udp.c | 6 ++---- | ||
33 | net/ipv6/udp.c | 6 ++---- | ||
34 | 2 files changed, 4 insertions(+), 8 deletions(-) | ||
35 | |||
36 | diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c | ||
37 | index 6ca9907..268ed25 100644 | ||
38 | --- a/net/ipv4/udp.c | ||
39 | +++ b/net/ipv4/udp.c | ||
40 | @@ -1295,10 +1295,8 @@ csum_copy_err: | ||
41 | } | ||
42 | unlock_sock_fast(sk, slow); | ||
43 | |||
44 | - if (noblock) | ||
45 | - return -EAGAIN; | ||
46 | - | ||
47 | - /* starting over for a new packet */ | ||
48 | + /* starting over for a new packet, but check if we need to yield */ | ||
49 | + cond_resched(); | ||
50 | msg->msg_flags &= ~MSG_TRUNC; | ||
51 | goto try_again; | ||
52 | } | ||
53 | diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c | ||
54 | index 3d2758d..e09ca28 100644 | ||
55 | --- a/net/ipv6/udp.c | ||
56 | +++ b/net/ipv6/udp.c | ||
57 | @@ -495,10 +495,8 @@ csum_copy_err: | ||
58 | } | ||
59 | unlock_sock_fast(sk, slow); | ||
60 | |||
61 | - if (noblock) | ||
62 | - return -EAGAIN; | ||
63 | - | ||
64 | - /* starting over for a new packet */ | ||
65 | + /* starting over for a new packet, but check if we need to yield */ | ||
66 | + cond_resched(); | ||
67 | msg->msg_flags &= ~MSG_TRUNC; | ||
68 | goto try_again; | ||
69 | } | ||
70 | -- | ||
71 | 1.9.1 | ||
72 | |||
diff --git a/recipes-kernel/linux/linux-qoriq_3.12.bb b/recipes-kernel/linux/linux-qoriq_3.12.bb index 0a2883f..33bcd37 100644 --- a/recipes-kernel/linux/linux-qoriq_3.12.bb +++ b/recipes-kernel/linux/linux-qoriq_3.12.bb | |||
@@ -32,6 +32,7 @@ SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \ | |||
32 | file://futex-CVE-2014-3153.patch \ | 32 | file://futex-CVE-2014-3153.patch \ |
33 | file://target-CVE-2014-4027.patch \ | 33 | file://target-CVE-2014-4027.patch \ |
34 | file://fs-isofs-CVE-2014-9420.patch \ | 34 | file://fs-isofs-CVE-2014-9420.patch \ |
35 | file://udp-CVE-2015-5364_CVE-2015-5366.patch \ | ||
35 | " | 36 | " |
36 | SRCREV = "6619b8b55796cdf0cec04b66a71288edd3057229" | 37 | SRCREV = "6619b8b55796cdf0cec04b66a71288edd3057229" |
37 | 38 | ||