[kernel] r17884 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Thu Aug 4 05:27:44 UTC 2011
Author: dannf
Date: Thu Aug 4 05:27:42 2011
New Revision: 17884
Log:
net: Fix memory leak/corruption on VLAN GRO_DROP (CVE-2011-1576)
Added:
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/net-fix-memory-leak+corruption-on-VLAN-GRO_DROP.patch
Modified:
dists/squeeze-security/linux-2.6/debian/changelog
dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1
Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog Thu Aug 4 04:07:13 2011 (r17883)
+++ dists/squeeze-security/linux-2.6/debian/changelog Thu Aug 4 05:27:42 2011 (r17884)
@@ -1,6 +1,7 @@
linux-2.6 (2.6.32-35squeeze1) UNRELEASED; urgency=high
* Fix regression in fix for CVE-2011-1768 (Closes: #633738)
+ * net: Fix memory leak/corruption on VLAN GRO_DROP (CVE-2011-1576)
-- dann frazier <dannf at debian.org> Thu, 21 Jul 2011 00:31:53 -0600
Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/net-fix-memory-leak+corruption-on-VLAN-GRO_DROP.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/net-fix-memory-leak+corruption-on-VLAN-GRO_DROP.patch Thu Aug 4 05:27:42 2011 (r17884)
@@ -0,0 +1,30 @@
+This bug used to exist upstream as well, but was fixed when the
+VLAN code path was restructured in 2010.
+
+The approach here is different from upstream in order to minimise
+the effect on the code.
+
+net: Fix memory leak/corruption on VLAN GRO_DROP
+
+The function napi_reuse_skb is only meant to be used for packets
+merged by GRO. Using it on the VLAN path will lead to memory
+leaks/corruption. This patch is based on Jay Vosburgh's patch,
+and it fixes the problem by calling kfree_skb on the VLAN GRO_DROP
+path instead of napi_reuse_skb.
+
+Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
+[dannf: backported to Debian's 2.6.32]
+
+diff -urpN linux-source-2.6.32.orig/net/core/dev.c linux-source-2.6.32/net/core/dev.c
+--- linux-source-2.6.32.orig/net/core/dev.c 2011-06-11 13:10:41.000000000 -0600
++++ linux-source-2.6.32/net/core/dev.c 2011-08-03 22:42:37.774288259 -0600
+@@ -2650,6 +2650,9 @@ gro_result_t napi_frags_finish(struct na
+ break;
+
+ case GRO_DROP:
++ kfree_skb(skb);
++ break;
++
+ case GRO_MERGED_FREE:
+ napi_reuse_skb(napi, skb);
+ break;
Modified: dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1 Thu Aug 4 04:07:13 2011 (r17883)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1 Thu Aug 4 05:27:42 2011 (r17884)
@@ -1 +1,2 @@
+ bugfix/all/tunnels-fix-netns-vs-proto-registration-ordering-regression-fix.patch
++ bugfix/all/net-fix-memory-leak+corruption-on-VLAN-GRO_DROP.patch
More information about the Kernel-svn-changes
mailing list