[kernel] r22774 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/all patches/series

Ben Hutchings benh at moszumanska.debian.org
Sun Jun 28 22:23:50 UTC 2015 

Author: benh
Date: Sun Jun 28 22:23:50 2015
New Revision: 22774

Log:
udp: fix behavior of wrong checksums (CVE-2015-????)

Added:
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/udp-fix-behavior-of-wrong-checksums.patch
Modified:
   dists/squeeze-security/linux-2.6/debian/changelog
   dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze13

Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog	Sun Jun 28 19:30:14 2015	(r22773)
+++ dists/squeeze-security/linux-2.6/debian/changelog	Sun Jun 28 22:23:50 2015	(r22774)
@@ -1,3 +1,10 @@
+linux-2.6 (2.6.32-48squeeze14) UNRELEASED; urgency=medium
+
+  [ Ben Hutchings ]
+  * udp: fix behavior of wrong checksums (CVE-2015-????)
+
+ -- Ben Hutchings <ben at decadent.org.uk>  Sun, 28 Jun 2015 23:23:19 +0100
+
 linux-2.6 (2.6.32-48squeeze13) squeeze-lts; urgency=high
 
   * Add stable release 2.6.32.67:

Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/udp-fix-behavior-of-wrong-checksums.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/udp-fix-behavior-of-wrong-checksums.patch	Sun Jun 28 22:23:50 2015	(r22774)
@@ -0,0 +1,58 @@
+From: Eric Dumazet <edumazet at google.com>
+Date: Sat, 30 May 2015 09:16:53 -0700
+Subject: udp: fix behavior of wrong checksums
+Origin: https://git.kernel.org/linus/beb39db59d14990e401e235faf66a6b9b31240b0
+
+We have two problems in UDP stack related to bogus checksums :
+
+1) We return -EAGAIN to application even if receive queue is not empty.
+   This breaks applications using edge trigger epoll()
+
+2) Under UDP flood, we can loop forever without yielding to other
+   processes, potentially hanging the host, especially on non SMP.
+
+This patch is an attempt to make things better.
+
+We might in the future add extra support for rt applications
+wanting to better control time spent doing a recv() in a hostile
+environment. For example we could validate checksums before queuing
+packets in socket receive queue.
+
+Signed-off-by: Eric Dumazet <edumazet at google.com>
+Cc: Willem de Bruijn <willemb at google.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ net/ipv4/udp.c | 6 ++----
+ net/ipv6/udp.c | 6 ++----
+ 2 files changed, 4 insertions(+), 8 deletions(-)
+
+--- a/net/ipv4/udp.c
++++ b/net/ipv4/udp.c
+@@ -1016,10 +1016,8 @@ csum_copy_err:
+ 		UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
+ 	release_sock(sk);
+ 
+-	if (noblock)
+-		return -EAGAIN;
+-
+-	/* starting over for a new packet */
++	/* starting over for a new packet, but check if we need to yield */
++	cond_resched();
+ 	msg->msg_flags &= ~MSG_TRUNC;
+ 	goto try_again;
+ }
+--- a/net/ipv6/udp.c
++++ b/net/ipv6/udp.c
+@@ -301,10 +301,8 @@ csum_copy_err:
+ 	}
+ 	release_sock(sk);
+ 
+-	if (noblock)
+-		return -EAGAIN;
+-
+-	/* starting over for a new packet */
++	/* starting over for a new packet, but check if we need to yield */
++	cond_resched();
+ 	msg->msg_flags &= ~MSG_TRUNC;
+ 	goto try_again;
+ }

Modified: dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze13
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze13	Sun Jun 28 19:30:14 2015	(r22773)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze13	Sun Jun 28 22:23:50 2015	(r22774)
@@ -1 +1,2 @@
 + bugfix/all/stable/2.6.32.67.patch
++ bugfix/all/udp-fix-behavior-of-wrong-checksums.patch

More information about the Kernel-svn-changes mailing list