kernel: CVE-2015-5364, CVE-2015-5366

This fixes incorrect processing of checksums in UDP implementation Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
author: Tudor Florea <tudor.florea@enea.com> 2015-11-05 14:30:40 +0100
committer: Sona Sarmadi <sona.sarmadi@enea.com> 2015-11-05 17:19:08 +0100
commit: 8e23157605049aaf851acdc272e50477b2331fdd (patch)
tree: 76a0893ec2350b8fde4dd4fc4ef909d34179b9bd /recipes-kernel
parent: 77050ff91f7d3760e89ececb258929ac8ac67396 (diff)
download: meta-hierofalcon-8e23157605049aaf851acdc272e50477b2331fdd.tar.gz
2 files changed, 66 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-hierofalcon-3.19/udp_fix_behavior_of_wrong_checksums.patch b/recipes-kernel/linux/linux-hierofalcon-3.19/udp_fix_behavior_of_wrong_checksums.patch
new file mode 100644
index 0000000..f4a99ae
--- /dev/null
+++ b/recipes-kernel/linux/linux-hierofalcon-3.19/udp_fix_behavior_of_wrong_checksums.patch
@@ -0,0 +1,65 @@
+From beb39db59d14990e401e235faf66a6b9b31240b0 Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Sat, 30 May 2015 09:16:53 -0700
+Subject: udp: fix behavior of wrong checksums
+[ Upstream commit beb39db59d14990e401e235faf66a6b9b31240b0 ]
+We have two problems in UDP stack related to bogus checksums :
+1) We return -EAGAIN to application even if receive queue is not empty.
+   This breaks applications using edge trigger epoll()
+2) Under UDP flood, we can loop forever without yielding to other
+   processes, potentially hanging the host, especially on non SMP.
+This patch is an attempt to make things better.
+We might in the future add extra support for rt applications
+wanting to better control time spent doing a recv() in a hostile
+environment. For example we could validate checksums before queuing
+packets in socket receive queue.
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Willem de Bruijn <willemb@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Tudor Florea  <tudor.florea@enea.com>
+Upstream-Status: backport 
+diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
+index d10b7e0..1c92ea6 100644
+--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
+@@ -1295,10 +1295,8 @@ csum_copy_err:
+        }
+        unlock_sock_fast(sk, slow);
+ 
+-       if (noblock)
+-               return -EAGAIN;
+-
+-       /* starting over for a new packet */
+       /* starting over for a new packet, but check if we need to yield */
+       cond_resched();
+        msg->msg_flags &= ~MSG_TRUNC;
+        goto try_again;
+ }
+diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
+index c2ec416..e51fc3e 100644
+--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
+@@ -497,10 +497,8 @@ csum_copy_err:
+        }
+        unlock_sock_fast(sk, slow);
+ 
+-       if (noblock)
+-               return -EAGAIN;
+-
+-       /* starting over for a new packet */
+       /* starting over for a new packet, but check if we need to yield */
+       cond_resched();
+        msg->msg_flags &= ~MSG_TRUNC;
+        goto try_again;
+ }
+-- 
+cgit v0.10.2
diff --git a/recipes-kernel/linux/linux-hierofalcon_3.19.bb b/recipes-kernel/linux/linux-hierofalcon_3.19.bb
index 1a85f72..731c545 100644
--- a/recipes-kernel/linux/linux-hierofalcon_3.19.bb
+++ b/recipes-kernel/linux/linux-hierofalcon_3.19.bb
@@ -16,6 +16,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.19;branch="standard/qemuarm6
           file://319-Hierofalcon-Update-xgbe-drivers-for-B0-board.patch \
           file://defconfig \
           file://keys-CVE-2015-1333.patch \
+           file://udp_fix_behavior_of_wrong_checksums.patch \
           "
 S = "${WORKDIR}/git"
author	Tudor Florea <tudor.florea@enea.com>	2015-11-05 14:30:40 +0100
committer	Sona Sarmadi <sona.sarmadi@enea.com>	2015-11-05 17:19:08 +0100
commit	8e23157605049aaf851acdc272e50477b2331fdd (patch)
tree	76a0893ec2350b8fde4dd4fc4ef909d34179b9bd /recipes-kernel
parent	77050ff91f7d3760e89ececb258929ac8ac67396 (diff)
download	meta-hierofalcon-8e23157605049aaf851acdc272e50477b2331fdd.tar.gz

diff --git a/recipes-kernel/linux/linux-hierofalcon-3.19/udp_fix_behavior_of_wrong_checksums.patch b/recipes-kernel/linux/linux-hierofalcon-3.19/udp_fix_behavior_of_wrong_checksums.patch new file mode 100644 index 0000000..f4a99ae --- /dev/null +++ b/recipes-kernel/linux/linux-hierofalcon-3.19/udp_fix_behavior_of_wrong_checksums.patch
@@ -0,0 +1,65 @@
		1	From beb39db59d14990e401e235faf66a6b9b31240b0 Mon Sep 17 00:00:00 2001
		2	From: Eric Dumazet <edumazet@google.com>
		3	Date: Sat, 30 May 2015 09:16:53 -0700
		4	Subject: udp: fix behavior of wrong checksums
		5
		6	[ Upstream commit beb39db59d14990e401e235faf66a6b9b31240b0 ]
		7
		8	We have two problems in UDP stack related to bogus checksums :
		9
		10	1) We return -EAGAIN to application even if receive queue is not empty.
		11	This breaks applications using edge trigger epoll()
		12
		13	2) Under UDP flood, we can loop forever without yielding to other
		14	processes, potentially hanging the host, especially on non SMP.
		15
		16	This patch is an attempt to make things better.
		17
		18	We might in the future add extra support for rt applications
		19	wanting to better control time spent doing a recv() in a hostile
		20	environment. For example we could validate checksums before queuing
		21	packets in socket receive queue.
		22
		23	Signed-off-by: Eric Dumazet <edumazet@google.com>
		24	Cc: Willem de Bruijn <willemb@google.com>
		25	Signed-off-by: David S. Miller <davem@davemloft.net>
		26	Signed-off-by: Tudor Florea <tudor.florea@enea.com>
		27	Upstream-Status: backport
		28
		29	diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
		30	index d10b7e0..1c92ea6 100644
		31	--- a/net/ipv4/udp.c
		32	+++ b/net/ipv4/udp.c
		33	@@ -1295,10 +1295,8 @@ csum_copy_err:
		34	}
		35	unlock_sock_fast(sk, slow);
		36
		37	- if (noblock)
		38	- return -EAGAIN;
		39	-
		40	- /* starting over for a new packet */
		41	+ /* starting over for a new packet, but check if we need to yield */
		42	+ cond_resched();
		43	msg->msg_flags &= ~MSG_TRUNC;
		44	goto try_again;
		45	}
		46	diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
		47	index c2ec416..e51fc3e 100644
		48	--- a/net/ipv6/udp.c
		49	+++ b/net/ipv6/udp.c
		50	@@ -497,10 +497,8 @@ csum_copy_err:
		51	}
		52	unlock_sock_fast(sk, slow);
		53
		54	- if (noblock)
		55	- return -EAGAIN;
		56	-
		57	- /* starting over for a new packet */
		58	+ /* starting over for a new packet, but check if we need to yield */
		59	+ cond_resched();
		60	msg->msg_flags &= ~MSG_TRUNC;
		61	goto try_again;
		62	}
		63	--
		64	cgit v0.10.2
		65


diff --git a/recipes-kernel/linux/linux-hierofalcon_3.19.bb b/recipes-kernel/linux/linux-hierofalcon_3.19.bb index 1a85f72..731c545 100644 --- a/recipes-kernel/linux/linux-hierofalcon_3.19.bb +++ b/recipes-kernel/linux/linux-hierofalcon_3.19.bb
@@ -16,6 +16,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.19;branch="standard/qemuarm6
16	file://319-Hierofalcon-Update-xgbe-drivers-for-B0-board.patch \	16	file://319-Hierofalcon-Update-xgbe-drivers-for-B0-board.patch \
17	file://defconfig \	17	file://defconfig \
18	file://keys-CVE-2015-1333.patch \	18	file://keys-CVE-2015-1333.patch \
		19	file://udp_fix_behavior_of_wrong_checksums.patch \
19	"	20	"
20		21
21	S = "${WORKDIR}/git"	22	S = "${WORKDIR}/git"