diff --git a/debian/changelog b/debian/changelog index 317904c65..38115783a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -111,6 +111,7 @@ linux (4.5.2-1) UNRELEASED; urgency=medium * Bump ABI to 2 * [armel/marvell] dts: kirkwood: fix SD slot default configuration for OpenRD (Closes: #811351) + * atl2: Disable unimplemented scatter/gather feature (CVE-2016-2117) [ Aurelien Jarno ] * [mips*] Emulate unaligned LDXC1 and SDXC1 instructions. diff --git a/debian/patches/bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch b/debian/patches/bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch new file mode 100644 index 000000000..df43429fb --- /dev/null +++ b/debian/patches/bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch @@ -0,0 +1,37 @@ +From: Ben Hutchings +Date: Wed, 20 Apr 2016 23:23:08 +0100 +Subject: atl2: Disable unimplemented scatter/gather feature +Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8 + +atl2 includes NETIF_F_SG in hw_features even though it has no support +for non-linear skbs. This bug was originally harmless since the +driver does not claim to implement checksum offload and that used to +be a requirement for SG. + +Now that SG and checksum offload are independent features, if you +explicitly enable SG *and* use one of the rare protocols that can use +SG without checkusm offload, this potentially leaks sensitive +information (before you notice that it just isn't working). Therefore +this obscure bug has been designated CVE-2016-2117. + +Reported-by: Justin Yackoski +Signed-off-by: Ben Hutchings +Fixes: ec5f06156423 ("net: Kill link between CSUM and SG features.") +Signed-off-by: David S. Miller +--- + drivers/net/ethernet/atheros/atlx/atl2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/atheros/atlx/atl2.c b/drivers/net/ethernet/atheros/atlx/atl2.c +index 8f76f4558a88..2ff465848b65 100644 +--- a/drivers/net/ethernet/atheros/atlx/atl2.c ++++ b/drivers/net/ethernet/atheros/atlx/atl2.c +@@ -1412,7 +1412,7 @@ static int atl2_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + + err = -EIO; + +- netdev->hw_features = NETIF_F_SG | NETIF_F_HW_VLAN_CTAG_RX; ++ netdev->hw_features = NETIF_F_HW_VLAN_CTAG_RX; + netdev->features |= (NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_CTAG_RX); + + /* Init PHY as early as possible due to power saving issue */ diff --git a/debian/patches/series b/debian/patches/series index 1557bb4db..d41e771af 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -148,3 +148,4 @@ bugfix/all/power-cpupower-fix-manpages-NAME.patch bugfix/all/tools-lib-traceevent-fix-use-of-uninitialized-variables.patch bugfix/all/scripts-fix-x.509-pem-support-in-sign-file.patch bugfix/arm/arm-dts-kirkwood-fix-sd-slot-default-configuration-f.patch +bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch