diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2016-01-28 14:32:11 +0100 |
---|---|---|
committer | Paul Vaduva <Paul.Vaduva@enea.com> | 2016-01-28 14:35:59 +0100 |
commit | febcbabc2e4d859a3caf7808ceda68c956da652f (patch) | |
tree | 61cabf9e0183f4bc54ab28c84c1c653d48c0418e | |
parent | f846a18b030d4bccbb7a2d1fb7359df6c6c69048 (diff) | |
download | meta-hierofalcon-febcbabc2e4d859a3caf7808ceda68c956da652f.tar.gz |
virtio-net: CVE-2015-5156
Fixes a buffer overflow flaw in the Linux kernel's virtio-net subsystem.
Reference to the upstream patch:
http://marc.info/?l=linux-netdev&m=143868216724068&w=2
Other external references:
http://www.openwall.com/lists/oss-security/2015/08/06/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5156
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Paul Vaduva <Paul.Vaduva@enea.com>
4 files changed, 98 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-hierofalcon-3.19/virtio-net-CVE-2015-5156.patch b/recipes-kernel/linux/linux-hierofalcon-3.19/virtio-net-CVE-2015-5156.patch new file mode 100644 index 0000000..2c6c7d1 --- /dev/null +++ b/recipes-kernel/linux/linux-hierofalcon-3.19/virtio-net-CVE-2015-5156.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | From feeb0406f75ae3488ff6573903533000125b2faf Mon Sep 17 00:00:00 2001 | ||
2 | From: Jason Wang <jasowang@redhat.com> | ||
3 | Date: Wed, 5 Aug 2015 10:34:04 +0800 | ||
4 | Subject: virtio-net: drop NETIF_F_FRAGLIST | ||
5 | |||
6 | [ Upstream commit 48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39 ] | ||
7 | |||
8 | virtio declares support for NETIF_F_FRAGLIST, but assumes | ||
9 | that there are at most MAX_SKB_FRAGS + 2 fragments which isn't | ||
10 | always true with a fraglist. | ||
11 | |||
12 | A longer fraglist in the skb will make the call to skb_to_sgvec overflow | ||
13 | the sg array, leading to memory corruption. | ||
14 | |||
15 | Drop NETIF_F_FRAGLIST so we only get what we can handle. | ||
16 | |||
17 | Fixes CVE-2015-5156. | ||
18 | Upstream-Status: Backport | ||
19 | |||
20 | Cc: Michael S. Tsirkin <mst@redhat.com> | ||
21 | Signed-off-by: Jason Wang <jasowang@redhat.com> | ||
22 | Acked-by: Michael S. Tsirkin <mst@redhat.com> | ||
23 | Signed-off-by: David S. Miller <davem@davemloft.net> | ||
24 | Signed-off-by: Sasha Levin <sasha.levin@oracle.com> | ||
25 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
26 | --- | ||
27 | drivers/net/virtio_net.c | 4 ++-- | ||
28 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
29 | |||
30 | diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c | ||
31 | index 484ecce..ce2a299 100644 | ||
32 | --- a/drivers/net/virtio_net.c | ||
33 | +++ b/drivers/net/virtio_net.c | ||
34 | @@ -1746,9 +1746,9 @@ static int virtnet_probe(struct virtio_device *vdev) | ||
35 | /* Do we support "hardware" checksums? */ | ||
36 | if (virtio_has_feature(vdev, VIRTIO_NET_F_CSUM)) { | ||
37 | /* This opens up the world of extra features. */ | ||
38 | - dev->hw_features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST; | ||
39 | + dev->hw_features |= NETIF_F_HW_CSUM | NETIF_F_SG; | ||
40 | if (csum) | ||
41 | - dev->features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST; | ||
42 | + dev->features |= NETIF_F_HW_CSUM | NETIF_F_SG; | ||
43 | |||
44 | if (virtio_has_feature(vdev, VIRTIO_NET_F_GSO)) { | ||
45 | dev->hw_features |= NETIF_F_TSO | ||
46 | -- | ||
47 | cgit v0.12 | ||
48 | |||
diff --git a/recipes-kernel/linux/linux-hierofalcon-4.1/virtio-net-CVE-2015-5156.patch b/recipes-kernel/linux/linux-hierofalcon-4.1/virtio-net-CVE-2015-5156.patch new file mode 100644 index 0000000..772de2e --- /dev/null +++ b/recipes-kernel/linux/linux-hierofalcon-4.1/virtio-net-CVE-2015-5156.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | From 152964690b41b91049d00eb8aea1d25880cd13f0 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jason Wang <jasowang@redhat.com> | ||
3 | Date: Wed, 5 Aug 2015 10:34:04 +0800 | ||
4 | Subject: virtio-net: drop NETIF_F_FRAGLIST | ||
5 | |||
6 | [ Upstream commit 48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39 ] | ||
7 | |||
8 | virtio declares support for NETIF_F_FRAGLIST, but assumes | ||
9 | that there are at most MAX_SKB_FRAGS + 2 fragments which isn't | ||
10 | always true with a fraglist. | ||
11 | |||
12 | A longer fraglist in the skb will make the call to skb_to_sgvec overflow | ||
13 | the sg array, leading to memory corruption. | ||
14 | |||
15 | Drop NETIF_F_FRAGLIST so we only get what we can handle. | ||
16 | |||
17 | Fixes CVE-2015-5156. | ||
18 | Upstream-Status: Backport | ||
19 | |||
20 | Cc: Michael S. Tsirkin <mst@redhat.com> | ||
21 | Signed-off-by: Jason Wang <jasowang@redhat.com> | ||
22 | Acked-by: Michael S. Tsirkin <mst@redhat.com> | ||
23 | Signed-off-by: David S. Miller <davem@davemloft.net> | ||
24 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | ||
25 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
26 | --- | ||
27 | drivers/net/virtio_net.c | 4 ++-- | ||
28 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
29 | |||
30 | diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c | ||
31 | index 7fbca37..237f8e5 100644 | ||
32 | --- a/drivers/net/virtio_net.c | ||
33 | +++ b/drivers/net/virtio_net.c | ||
34 | @@ -1756,9 +1756,9 @@ static int virtnet_probe(struct virtio_device *vdev) | ||
35 | /* Do we support "hardware" checksums? */ | ||
36 | if (virtio_has_feature(vdev, VIRTIO_NET_F_CSUM)) { | ||
37 | /* This opens up the world of extra features. */ | ||
38 | - dev->hw_features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST; | ||
39 | + dev->hw_features |= NETIF_F_HW_CSUM | NETIF_F_SG; | ||
40 | if (csum) | ||
41 | - dev->features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST; | ||
42 | + dev->features |= NETIF_F_HW_CSUM | NETIF_F_SG; | ||
43 | |||
44 | if (virtio_has_feature(vdev, VIRTIO_NET_F_GSO)) { | ||
45 | dev->hw_features |= NETIF_F_TSO | NETIF_F_UFO | ||
46 | -- | ||
47 | cgit v0.12 | ||
48 | |||
diff --git a/recipes-kernel/linux/linux-hierofalcon_3.19.bb b/recipes-kernel/linux/linux-hierofalcon_3.19.bb index 7f4720a..eceb03c 100644 --- a/recipes-kernel/linux/linux-hierofalcon_3.19.bb +++ b/recipes-kernel/linux/linux-hierofalcon_3.19.bb | |||
@@ -31,6 +31,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.19;branch="standard/qemuarm6 | |||
31 | file://security-keys-CVE-2016-0728.patch \ | 31 | file://security-keys-CVE-2016-0728.patch \ |
32 | file://vfs-CVE-2015-2925.patch \ | 32 | file://vfs-CVE-2015-2925.patch \ |
33 | file://dcache-CVE-2015-2925.patch \ | 33 | file://dcache-CVE-2015-2925.patch \ |
34 | file://virtio-net-CVE-2015-5156.patch \ | ||
34 | " | 35 | " |
35 | 36 | ||
36 | S = "${WORKDIR}/git" | 37 | S = "${WORKDIR}/git" |
diff --git a/recipes-kernel/linux/linux-hierofalcon_4.1.bb b/recipes-kernel/linux/linux-hierofalcon_4.1.bb index 4fafe34..c67b8a6 100644 --- a/recipes-kernel/linux/linux-hierofalcon_4.1.bb +++ b/recipes-kernel/linux/linux-hierofalcon_4.1.bb | |||
@@ -30,6 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.1;branch="standard/qemuarm64 | |||
30 | file://security-keys-CVE-2016-0728.patch \ | 30 | file://security-keys-CVE-2016-0728.patch \ |
31 | file://vfs-CVE-2015-2925.patch \ | 31 | file://vfs-CVE-2015-2925.patch \ |
32 | file://dcache-CVE-2015-2925.patch \ | 32 | file://dcache-CVE-2015-2925.patch \ |
33 | file://virtio-net-CVE-2015-5156.patch \ | ||
33 | " | 34 | " |
34 | 35 | ||
35 | S = "${WORKDIR}/git" | 36 | S = "${WORKDIR}/git" |