diff options
Diffstat (limited to 'recipes-kernel/linux/files/udp-CVE-2015-5364_CVE-2015-5366.patch')
-rw-r--r-- | recipes-kernel/linux/files/udp-CVE-2015-5364_CVE-2015-5366.patch | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/recipes-kernel/linux/files/udp-CVE-2015-5364_CVE-2015-5366.patch b/recipes-kernel/linux/files/udp-CVE-2015-5364_CVE-2015-5366.patch new file mode 100644 index 0000000..43f2dbf --- /dev/null +++ b/recipes-kernel/linux/files/udp-CVE-2015-5364_CVE-2015-5366.patch | |||
@@ -0,0 +1,72 @@ | |||
1 | From a97b54dd69cb05df4c57f5d5b40c761f7835ce4e Mon Sep 17 00:00:00 2001 | ||
2 | From: Eric Dumazet <edumazet@google.com> | ||
3 | Date: Sat, 30 May 2015 09:16:53 -0700 | ||
4 | Subject: [PATCH] udp: fix behavior of wrong checksums | ||
5 | |||
6 | [ Upstream commit beb39db59d14990e401e235faf66a6b9b31240b0 ] | ||
7 | |||
8 | We have two problems in UDP stack related to bogus checksums : | ||
9 | |||
10 | 1) We return -EAGAIN to application even if receive queue is not empty. | ||
11 | This breaks applications using edge trigger epoll() | ||
12 | |||
13 | 2) Under UDP flood, we can loop forever without yielding to other | ||
14 | processes, potentially hanging the host, especially on non SMP. | ||
15 | |||
16 | This patch is an attempt to make things better. | ||
17 | |||
18 | We might in the future add extra support for rt applications | ||
19 | wanting to better control time spent doing a recv() in a hostile | ||
20 | environment. For example we could validate checksums before queuing | ||
21 | packets in socket receive queue. | ||
22 | |||
23 | Fixes CVE-2015-5364 and CVE-2015-5366. | ||
24 | Upstream-Status: backport | ||
25 | |||
26 | Signed-off-by: Eric Dumazet <edumazet@google.com> | ||
27 | Cc: Willem de Bruijn <willemb@google.com> | ||
28 | Signed-off-by: David S. Miller <davem@davemloft.net> | ||
29 | Signed-off-by: Jiri Slaby <jslaby@suse.cz> | ||
30 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
31 | --- | ||
32 | net/ipv4/udp.c | 6 ++---- | ||
33 | net/ipv6/udp.c | 6 ++---- | ||
34 | 2 files changed, 4 insertions(+), 8 deletions(-) | ||
35 | |||
36 | diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c | ||
37 | index 6ca9907..268ed25 100644 | ||
38 | --- a/net/ipv4/udp.c | ||
39 | +++ b/net/ipv4/udp.c | ||
40 | @@ -1295,10 +1295,8 @@ csum_copy_err: | ||
41 | } | ||
42 | unlock_sock_fast(sk, slow); | ||
43 | |||
44 | - if (noblock) | ||
45 | - return -EAGAIN; | ||
46 | - | ||
47 | - /* starting over for a new packet */ | ||
48 | + /* starting over for a new packet, but check if we need to yield */ | ||
49 | + cond_resched(); | ||
50 | msg->msg_flags &= ~MSG_TRUNC; | ||
51 | goto try_again; | ||
52 | } | ||
53 | diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c | ||
54 | index 3d2758d..e09ca28 100644 | ||
55 | --- a/net/ipv6/udp.c | ||
56 | +++ b/net/ipv6/udp.c | ||
57 | @@ -495,10 +495,8 @@ csum_copy_err: | ||
58 | } | ||
59 | unlock_sock_fast(sk, slow); | ||
60 | |||
61 | - if (noblock) | ||
62 | - return -EAGAIN; | ||
63 | - | ||
64 | - /* starting over for a new packet */ | ||
65 | + /* starting over for a new packet, but check if we need to yield */ | ||
66 | + cond_resched(); | ||
67 | msg->msg_flags &= ~MSG_TRUNC; | ||
68 | goto try_again; | ||
69 | } | ||
70 | -- | ||
71 | 1.9.1 | ||
72 | |||