[kernel] r14549 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Wed Nov 4 20:45:40 UTC 2009 

Author: dannf
Date: Wed Nov  4 20:45:39 2009
New Revision: 14549

Log:
r8169: use hardware auto padding and balance pci_map/pci_unmap
(CVE-2009-3613)

Added:
   dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/r8169-balance-pci_map-pci_unmap-pair.patch
   dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/r8169-use-hardware-auto-padding.patch
      - copied unchanged from r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/r8169-use-hardware-auto-padding.patch
Modified:
   dists/etch-security/linux-2.6.24/debian/changelog
   dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4

Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog	Wed Nov  4 20:35:52 2009	(r14548)
+++ dists/etch-security/linux-2.6.24/debian/changelog	Wed Nov  4 20:45:39 2009	(r14549)
@@ -14,6 +14,8 @@
   * AF_UNIX: Fix deadlock on connecting to shutdown socket (CVE-2009-3621)
   * drm/r128: Add test for initialisation to all ioctls that require it
     (CVE-2009-3620)
+  * r8169: use hardware auto padding and balance pci_map/pci_unmap
+    (CVE-2009-3613)
 
  -- dann frazier <dannf at debian.org>  Tue, 27 Oct 2009 22:41:25 -0600
 

Added: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/r8169-balance-pci_map-pci_unmap-pair.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/r8169-balance-pci_map-pci_unmap-pair.patch	Wed Nov  4 20:45:39 2009	(r14549)
@@ -0,0 +1,31 @@
+commit a866bbf6aacf95f849810079442a20be118ce905
+Author: Francois Romieu <romieu at fr.zoreil.com>
+Date:   Tue Aug 26 21:56:06 2008 +0200
+
+    r8169: balance pci_map / pci_unmap pair
+    
+    The leak hurts with swiotlb and jumbo frames.
+    
+    Fix http://bugzilla.kernel.org/show_bug.cgi?id=9468.
+    
+    Heavily hinted by Ilpo Järvinen <ilpo.jarvinen at helsinki.fi>.
+    
+    Signed-off-by: Francois Romieu <romieu at fr.zoreil.com>
+    Tested-by: Alistair John Strachan <alistair at devzero.co.uk>
+    Tested-by: Timothy J Fontaine <tjfontaine at atxconsulting.com>
+    Cc: Edward Hsu <edward_hsu at realtek.com.tw>
+    Signed-off-by: Jeff Garzik <jgarzik at redhat.com>
+
+diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c
+index a3e3895..0f6f974 100644
+--- a/drivers/net/r8169.c
++++ b/drivers/net/r8169.c
+@@ -2792,7 +2792,7 @@ static int rtl8169_rx_interrupt(struct net_device *dev,
+ 					pkt_size, PCI_DMA_FROMDEVICE);
+ 				rtl8169_mark_to_asic(desc, tp->rx_buf_sz);
+ 			} else {
+-				pci_unmap_single(pdev, addr, pkt_size,
++				pci_unmap_single(pdev, addr, tp->rx_buf_sz,
+ 						 PCI_DMA_FROMDEVICE);
+ 				tp->Rx_skbuff[entry] = NULL;
+ 			}

Copied: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/r8169-use-hardware-auto-padding.patch (from r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/r8169-use-hardware-auto-padding.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/r8169-use-hardware-auto-padding.patch	Wed Nov  4 20:45:39 2009	(r14549, copy of r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/r8169-use-hardware-auto-padding.patch)
@@ -0,0 +1,39 @@
+commit 97d477a914b146e7e6722ded21afa79886ae8ccd
+Author: françois romieu <romieu at fr.zoreil.com>
+Date:   Sun Mar 15 01:09:54 2009 +0000
+
+    r8169: use hardware auto-padding.
+    
+    It shortens the code and fixes the current pci_unmap leak with
+    padded skb reported by Dave Jones.
+    
+    Signed-off-by: Francois Romieu <romieu at fr.zoreil.com>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/drivers/net/r8169.c linux-source-2.6.26/drivers/net/r8169.c
+--- linux-source-2.6.26.orig/drivers/net/r8169.c	2009-08-18 23:15:14.000000000 -0600
++++ linux-source-2.6.26/drivers/net/r8169.c	2009-10-16 16:21:15.000000000 -0600
+@@ -2565,13 +2565,6 @@ static int rtl8169_start_xmit(struct sk_
+ 		opts1 |= FirstFrag;
+ 	} else {
+ 		len = skb->len;
+-
+-		if (unlikely(len < ETH_ZLEN)) {
+-			if (skb_padto(skb, ETH_ZLEN))
+-				goto err_update_stats;
+-			len = ETH_ZLEN;
+-		}
+-
+ 		opts1 |= FirstFrag | LastFrag;
+ 		tp->tx_skb[entry].skb = skb;
+ 	}
+@@ -2609,7 +2602,6 @@ out:
+ err_stop:
+ 	netif_stop_queue(dev);
+ 	ret = NETDEV_TX_BUSY;
+-err_update_stats:
+ 	dev->stats.tx_dropped++;
+ 	goto out;
+ }

Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4	Wed Nov  4 20:35:52 2009	(r14548)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4	Wed Nov  4 20:45:39 2009	(r14549)
@@ -8,3 +8,5 @@
 + bugfix/all/fs-pipe-null-pointer-dereference.patch
 + bugfix/all/af_unix-fix-deadlock-on-connecting-to-shutdown-socket.patch
 + bugfix/all/drm+r128-Add-test-for-init-to-all-reqd-ioctls.patch
++ bugfix/all/r8169-balance-pci_map-pci_unmap-pair.patch
++ bugfix/all/r8169-use-hardware-auto-padding.patch

More information about the Kernel-svn-changes mailing list