[kernel] r12943 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series

[Dann Frazier]

Author: dannf
Date: Mon Feb 23 06:35:31 2009
New Revision: 12943

Log:
* NET: Add preemption point in qdisc_run
   - bugfix/all/net-add-preempt-point-in-qdisc_run.patch
  See CVE-2008-5713

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/all/net-add-preempt-point-in-qdisc_run.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/24etch1

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	(original)
+++ dists/etch-security/linux-2.6/debian/changelog	Mon Feb 23 06:35:31 2009
@@ -21,8 +21,11 @@
   * [hppa] Fix system crash while unwinding a userspace process
      - bugfix/hppa/userspace-unwind-crash.patch
     See CVE-2008-5395
+  * NET: Add preemption point in qdisc_run
+     - bugfix/all/net-add-preempt-point-in-qdisc_run.patch
+    See CVE-2008-5713
 
- -- dann frazier <dannf at debian.org>  Thu, 19 Feb 2009 22:47:18 -0700
+ -- dann frazier <dannf at debian.org>  Sun, 22 Feb 2009 23:20:08 -0700
 
 linux-2.6 (2.6.18.dfsg.1-24) stable; urgency=high
 

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/all/net-add-preempt-point-in-qdisc_run.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/net-add-preempt-point-in-qdisc_run.patch	Mon Feb 23 06:35:31 2009
@@ -0,0 +1,52 @@
+commit 2ba2506ca7ca62c56edaa334b0fe61eb5eab6ab0
+Author: Herbert Xu <herbert at gondor.apana.org.au>
+Date:   Fri Mar 28 16:25:26 2008 -0700
+
+    [NET]: Add preemption point in qdisc_run
+    
+    The qdisc_run loop is currently unbounded and runs entirely in a
+    softirq.  This is bad as it may create an unbounded softirq run.
+    
+    This patch fixes this by calling need_resched and breaking out if
+    necessary.
+    
+    It also adds a break out if the jiffies value changes since that would
+    indicate we've been transmitting for too long which starves other
+    softirqs.
+    
+    Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+Backport from Jiri Pirko for RHEL5.
+
+diff -urpN linux-source-2.6.18.orig/net/sched/sch_generic.c linux-source-2.6.18/net/sched/sch_generic.c
+--- linux-source-2.6.18.orig/net/sched/sch_generic.c	2008-12-25 14:04:12.000000000 -0700
++++ linux-source-2.6.18/net/sched/sch_generic.c	2009-02-22 23:09:57.000000000 -0700
+@@ -183,11 +183,25 @@ requeue:
+ 
+ void __qdisc_run(struct net_device *dev)
+ {
++	unsigned long start_time = jiffies;
++
+ 	if (unlikely(dev->qdisc == &noop_qdisc))
+ 		goto out;
+ 
+-	while (qdisc_restart(dev) < 0 && !netif_queue_stopped(dev))
+-		/* NOTHING */;
++	while (qdisc_restart(dev) < 0) {
++		if (netif_queue_stopped(dev))
++			break;
++
++		/*
++		 * Postpone processing if
++		 * 1. another process needs the CPU;
++		 * 2. we've been doing it for too long.
++		 */
++		if (need_resched() || jiffies != start_time) {
++			netif_schedule(dev);
++			break;
++		}
++	}
+ 
+ out:
+ 	clear_bit(__LINK_STATE_QDISC_RUNNING, &dev->state);

Modified: dists/etch-security/linux-2.6/debian/patches/series/24etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/24etch1	(original)
+++ dists/etch-security/linux-2.6/debian/patches/series/24etch1	Mon Feb 23 06:35:31 2009
@@ -57,3 +57,4 @@
 + bugfix/all/security-keyctl-missing-kfree.patch
 + bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch
 + bugfix/hppa/userspace-unwind-crash.patch
++ bugfix/all/net-add-preempt-point-in-qdisc_run.patch