virtio-net: drop NETIF_F_FRAGLIST (CVE-2015-5156)
This commit is contained in:
parent
279bfdad45
commit
21364b6286
|
@ -344,6 +344,7 @@ linux (4.1.5-1) UNRELEASED; urgency=medium
|
|||
- debian/control: Update Vcs-* fields
|
||||
- README.Debian, README.source: Update references to svn
|
||||
* Bump ABI to 2
|
||||
* virtio-net: drop NETIF_F_FRAGLIST (CVE-2015-5156)
|
||||
|
||||
-- Ian Campbell <ijc@debian.org> Tue, 04 Aug 2015 19:31:45 +0100
|
||||
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
From: Jason Wang <jasowang@redhat.com>
|
||||
Subject: [PATCH net] virtio-net: drop NETIF_F_FRAGLIST
|
||||
Date: Tue, 4 Aug 2015 17:55:45 +0800
|
||||
Origin: http://permalink.gmane.org/gmane.linux.kernel/2012169
|
||||
|
||||
virtio declares support for NETIF_F_FRAGLIST, but assumes
|
||||
that there are at most MAX_SKB_FRAGS + 2 fragments which isn't
|
||||
always true with a fraglist.
|
||||
|
||||
A longer fraglist in the skb will make the call to skb_to_sgvec overflow
|
||||
the sg array, leading to memory corruption.
|
||||
|
||||
Drop NETIF_F_FRAGLIST so we only get what we can handle.
|
||||
|
||||
Cc: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
||||
---
|
||||
The patch is needed for stable.
|
||||
---
|
||||
drivers/net/virtio_net.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
|
||||
index 7fbca37..2347a73 100644
|
||||
--- a/drivers/net/virtio_net.c
|
||||
+++ b/drivers/net/virtio_net.c
|
||||
@@ -1756,9 +1756,9 @@ static int virtnet_probe(struct virtio_device *vdev)
|
||||
/* Do we support "hardware" checksums? */
|
||||
if (virtio_has_feature(vdev, VIRTIO_NET_F_CSUM)) {
|
||||
/* This opens up the world of extra features. */
|
||||
- dev->hw_features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST;
|
||||
+ dev->hw_features |= NETIF_F_HW_CSUM|NETIF_F_SG;
|
||||
if (csum)
|
||||
- dev->features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST;
|
||||
+ dev->features |= NETIF_F_HW_CSUM|NETIF_F_SG;
|
||||
|
||||
if (virtio_has_feature(vdev, VIRTIO_NET_F_GSO)) {
|
||||
dev->hw_features |= NETIF_F_TSO | NETIF_F_UFO
|
||||
--
|
||||
2.1.4
|
||||
|
|
@ -96,3 +96,4 @@ features/all/grsecurity/grsecurity-kconfig.patch
|
|||
# Disabled until we add code into the grsecurity/ directory
|
||||
#features/all/grsecurity/grsecurity-kbuild.patch
|
||||
features/all/grsecurity/grkernsec_perf_harden.patch
|
||||
bugfix/all/virtio-net-drop-netif_f_fraglist.patch
|
||||
|
|
Loading…
Reference in New Issue