summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-01-28 13:32:11 (GMT)
committerPaul Vaduva <Paul.Vaduva@enea.com>2016-01-28 13:35:59 (GMT)
commitfebcbabc2e4d859a3caf7808ceda68c956da652f (patch)
tree61cabf9e0183f4bc54ab28c84c1c653d48c0418e
parentf846a18b030d4bccbb7a2d1fb7359df6c6c69048 (diff)
downloadmeta-hierofalcon-febcbabc2e4d859a3caf7808ceda68c956da652f.tar.gz
virtio-net: CVE-2015-5156
Fixes a buffer overflow flaw in the Linux kernel's virtio-net subsystem. Reference to the upstream patch: http://marc.info/?l=linux-netdev&m=143868216724068&w=2 Other external references: http://www.openwall.com/lists/oss-security/2015/08/06/1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5156 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Paul Vaduva <Paul.Vaduva@enea.com>
-rw-r--r--recipes-kernel/linux/linux-hierofalcon-3.19/virtio-net-CVE-2015-5156.patch48
-rw-r--r--recipes-kernel/linux/linux-hierofalcon-4.1/virtio-net-CVE-2015-5156.patch48
-rw-r--r--recipes-kernel/linux/linux-hierofalcon_3.19.bb1
-rw-r--r--recipes-kernel/linux/linux-hierofalcon_4.1.bb1
4 files changed, 98 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-hierofalcon-3.19/virtio-net-CVE-2015-5156.patch b/recipes-kernel/linux/linux-hierofalcon-3.19/virtio-net-CVE-2015-5156.patch
new file mode 100644
index 0000000..2c6c7d1
--- /dev/null
+++ b/recipes-kernel/linux/linux-hierofalcon-3.19/virtio-net-CVE-2015-5156.patch
@@ -0,0 +1,48 @@
1From feeb0406f75ae3488ff6573903533000125b2faf Mon Sep 17 00:00:00 2001
2From: Jason Wang <jasowang@redhat.com>
3Date: Wed, 5 Aug 2015 10:34:04 +0800
4Subject: virtio-net: drop NETIF_F_FRAGLIST
5
6[ Upstream commit 48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39 ]
7
8virtio declares support for NETIF_F_FRAGLIST, but assumes
9that there are at most MAX_SKB_FRAGS + 2 fragments which isn't
10always true with a fraglist.
11
12A longer fraglist in the skb will make the call to skb_to_sgvec overflow
13the sg array, leading to memory corruption.
14
15Drop NETIF_F_FRAGLIST so we only get what we can handle.
16
17Fixes CVE-2015-5156.
18Upstream-Status: Backport
19
20Cc: Michael S. Tsirkin <mst@redhat.com>
21Signed-off-by: Jason Wang <jasowang@redhat.com>
22Acked-by: Michael S. Tsirkin <mst@redhat.com>
23Signed-off-by: David S. Miller <davem@davemloft.net>
24Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
25Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
26---
27 drivers/net/virtio_net.c | 4 ++--
28 1 file changed, 2 insertions(+), 2 deletions(-)
29
30diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
31index 484ecce..ce2a299 100644
32--- a/drivers/net/virtio_net.c
33+++ b/drivers/net/virtio_net.c
34@@ -1746,9 +1746,9 @@ static int virtnet_probe(struct virtio_device *vdev)
35 /* Do we support "hardware" checksums? */
36 if (virtio_has_feature(vdev, VIRTIO_NET_F_CSUM)) {
37 /* This opens up the world of extra features. */
38- dev->hw_features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST;
39+ dev->hw_features |= NETIF_F_HW_CSUM | NETIF_F_SG;
40 if (csum)
41- dev->features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST;
42+ dev->features |= NETIF_F_HW_CSUM | NETIF_F_SG;
43
44 if (virtio_has_feature(vdev, VIRTIO_NET_F_GSO)) {
45 dev->hw_features |= NETIF_F_TSO
46--
47cgit v0.12
48
diff --git a/recipes-kernel/linux/linux-hierofalcon-4.1/virtio-net-CVE-2015-5156.patch b/recipes-kernel/linux/linux-hierofalcon-4.1/virtio-net-CVE-2015-5156.patch
new file mode 100644
index 0000000..772de2e
--- /dev/null
+++ b/recipes-kernel/linux/linux-hierofalcon-4.1/virtio-net-CVE-2015-5156.patch
@@ -0,0 +1,48 @@
1From 152964690b41b91049d00eb8aea1d25880cd13f0 Mon Sep 17 00:00:00 2001
2From: Jason Wang <jasowang@redhat.com>
3Date: Wed, 5 Aug 2015 10:34:04 +0800
4Subject: virtio-net: drop NETIF_F_FRAGLIST
5
6[ Upstream commit 48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39 ]
7
8virtio declares support for NETIF_F_FRAGLIST, but assumes
9that there are at most MAX_SKB_FRAGS + 2 fragments which isn't
10always true with a fraglist.
11
12A longer fraglist in the skb will make the call to skb_to_sgvec overflow
13the sg array, leading to memory corruption.
14
15Drop NETIF_F_FRAGLIST so we only get what we can handle.
16
17Fixes CVE-2015-5156.
18Upstream-Status: Backport
19
20Cc: Michael S. Tsirkin <mst@redhat.com>
21Signed-off-by: Jason Wang <jasowang@redhat.com>
22Acked-by: Michael S. Tsirkin <mst@redhat.com>
23Signed-off-by: David S. Miller <davem@davemloft.net>
24Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
25Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
26---
27 drivers/net/virtio_net.c | 4 ++--
28 1 file changed, 2 insertions(+), 2 deletions(-)
29
30diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
31index 7fbca37..237f8e5 100644
32--- a/drivers/net/virtio_net.c
33+++ b/drivers/net/virtio_net.c
34@@ -1756,9 +1756,9 @@ static int virtnet_probe(struct virtio_device *vdev)
35 /* Do we support "hardware" checksums? */
36 if (virtio_has_feature(vdev, VIRTIO_NET_F_CSUM)) {
37 /* This opens up the world of extra features. */
38- dev->hw_features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST;
39+ dev->hw_features |= NETIF_F_HW_CSUM | NETIF_F_SG;
40 if (csum)
41- dev->features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST;
42+ dev->features |= NETIF_F_HW_CSUM | NETIF_F_SG;
43
44 if (virtio_has_feature(vdev, VIRTIO_NET_F_GSO)) {
45 dev->hw_features |= NETIF_F_TSO | NETIF_F_UFO
46--
47cgit v0.12
48
diff --git a/recipes-kernel/linux/linux-hierofalcon_3.19.bb b/recipes-kernel/linux/linux-hierofalcon_3.19.bb
index 7f4720a..eceb03c 100644
--- a/recipes-kernel/linux/linux-hierofalcon_3.19.bb
+++ b/recipes-kernel/linux/linux-hierofalcon_3.19.bb
@@ -31,6 +31,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.19;branch="standard/qemuarm6
31 file://security-keys-CVE-2016-0728.patch \ 31 file://security-keys-CVE-2016-0728.patch \
32 file://vfs-CVE-2015-2925.patch \ 32 file://vfs-CVE-2015-2925.patch \
33 file://dcache-CVE-2015-2925.patch \ 33 file://dcache-CVE-2015-2925.patch \
34 file://virtio-net-CVE-2015-5156.patch \
34 " 35 "
35 36
36S = "${WORKDIR}/git" 37S = "${WORKDIR}/git"
diff --git a/recipes-kernel/linux/linux-hierofalcon_4.1.bb b/recipes-kernel/linux/linux-hierofalcon_4.1.bb
index 4fafe34..c67b8a6 100644
--- a/recipes-kernel/linux/linux-hierofalcon_4.1.bb
+++ b/recipes-kernel/linux/linux-hierofalcon_4.1.bb
@@ -30,6 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.1;branch="standard/qemuarm64
30 file://security-keys-CVE-2016-0728.patch \ 30 file://security-keys-CVE-2016-0728.patch \
31 file://vfs-CVE-2015-2925.patch \ 31 file://vfs-CVE-2015-2925.patch \
32 file://dcache-CVE-2015-2925.patch \ 32 file://dcache-CVE-2015-2925.patch \
33 file://virtio-net-CVE-2015-5156.patch \
33 " 34 "
34 35
35S = "${WORKDIR}/git" 36S = "${WORKDIR}/git"