virtio-net: drop NETIF_F_FRAGLIST (CVE-2015-5156)
This commit is contained in:
parent
279bfdad45
commit
21364b6286
|
@ -344,6 +344,7 @@ linux (4.1.5-1) UNRELEASED; urgency=medium
|
||||||
- debian/control: Update Vcs-* fields
|
- debian/control: Update Vcs-* fields
|
||||||
- README.Debian, README.source: Update references to svn
|
- README.Debian, README.source: Update references to svn
|
||||||
* Bump ABI to 2
|
* Bump ABI to 2
|
||||||
|
* virtio-net: drop NETIF_F_FRAGLIST (CVE-2015-5156)
|
||||||
|
|
||||||
-- Ian Campbell <ijc@debian.org> Tue, 04 Aug 2015 19:31:45 +0100
|
-- Ian Campbell <ijc@debian.org> Tue, 04 Aug 2015 19:31:45 +0100
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,41 @@
|
||||||
|
From: Jason Wang <jasowang@redhat.com>
|
||||||
|
Subject: [PATCH net] virtio-net: drop NETIF_F_FRAGLIST
|
||||||
|
Date: Tue, 4 Aug 2015 17:55:45 +0800
|
||||||
|
Origin: http://permalink.gmane.org/gmane.linux.kernel/2012169
|
||||||
|
|
||||||
|
virtio declares support for NETIF_F_FRAGLIST, but assumes
|
||||||
|
that there are at most MAX_SKB_FRAGS + 2 fragments which isn't
|
||||||
|
always true with a fraglist.
|
||||||
|
|
||||||
|
A longer fraglist in the skb will make the call to skb_to_sgvec overflow
|
||||||
|
the sg array, leading to memory corruption.
|
||||||
|
|
||||||
|
Drop NETIF_F_FRAGLIST so we only get what we can handle.
|
||||||
|
|
||||||
|
Cc: Michael S. Tsirkin <mst@redhat.com>
|
||||||
|
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
||||||
|
---
|
||||||
|
The patch is needed for stable.
|
||||||
|
---
|
||||||
|
drivers/net/virtio_net.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
|
||||||
|
index 7fbca37..2347a73 100644
|
||||||
|
--- a/drivers/net/virtio_net.c
|
||||||
|
+++ b/drivers/net/virtio_net.c
|
||||||
|
@@ -1756,9 +1756,9 @@ static int virtnet_probe(struct virtio_device *vdev)
|
||||||
|
/* Do we support "hardware" checksums? */
|
||||||
|
if (virtio_has_feature(vdev, VIRTIO_NET_F_CSUM)) {
|
||||||
|
/* This opens up the world of extra features. */
|
||||||
|
- dev->hw_features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST;
|
||||||
|
+ dev->hw_features |= NETIF_F_HW_CSUM|NETIF_F_SG;
|
||||||
|
if (csum)
|
||||||
|
- dev->features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST;
|
||||||
|
+ dev->features |= NETIF_F_HW_CSUM|NETIF_F_SG;
|
||||||
|
|
||||||
|
if (virtio_has_feature(vdev, VIRTIO_NET_F_GSO)) {
|
||||||
|
dev->hw_features |= NETIF_F_TSO | NETIF_F_UFO
|
||||||
|
--
|
||||||
|
2.1.4
|
||||||
|
|
|
@ -96,3 +96,4 @@ features/all/grsecurity/grsecurity-kconfig.patch
|
||||||
# Disabled until we add code into the grsecurity/ directory
|
# Disabled until we add code into the grsecurity/ directory
|
||||||
#features/all/grsecurity/grsecurity-kbuild.patch
|
#features/all/grsecurity/grsecurity-kbuild.patch
|
||||||
features/all/grsecurity/grkernsec_perf_harden.patch
|
features/all/grsecurity/grkernsec_perf_harden.patch
|
||||||
|
bugfix/all/virtio-net-drop-netif_f_fraglist.patch
|
||||||
|
|
Loading…
Reference in New Issue