[kernel] r22777 - in dists/jessie-security/linux/debian: . patches patches/bugfix/all
Ben Hutchings
benh at moszumanska.debian.org
Sun Jun 28 22:42:03 UTC 2015
Author: benh
Date: Sun Jun 28 22:42:03 2015
New Revision: 22777
Log:
udp: fix behavior of wrong checksums (CVE-2015-????)
Added:
dists/jessie-security/linux/debian/patches/bugfix/all/udp-fix-behavior-of-wrong-checksums.patch
Modified:
dists/jessie-security/linux/debian/changelog
dists/jessie-security/linux/debian/patches/series
Modified: dists/jessie-security/linux/debian/changelog
==============================================================================
--- dists/jessie-security/linux/debian/changelog Sun Jun 28 22:37:59 2015 (r22776)
+++ dists/jessie-security/linux/debian/changelog Sun Jun 28 22:42:03 2015 (r22777)
@@ -3,6 +3,7 @@
* udf: Remove repeated loads blocksize
* udf: Check length of extended attributes and allocation descriptors
(CVE-2015-4167)
+ * udp: fix behavior of wrong checksums (CVE-2015-????)
-- Ben Hutchings <ben at decadent.org.uk> Sun, 14 Jun 2015 22:49:47 +0100
Added: dists/jessie-security/linux/debian/patches/bugfix/all/udp-fix-behavior-of-wrong-checksums.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/jessie-security/linux/debian/patches/bugfix/all/udp-fix-behavior-of-wrong-checksums.patch Sun Jun 28 22:42:03 2015 (r22777)
@@ -0,0 +1,58 @@
+From: Eric Dumazet <edumazet at google.com>
+Date: Sat, 30 May 2015 09:16:53 -0700
+Subject: udp: fix behavior of wrong checksums
+Origin: https://git.kernel.org/linus/beb39db59d14990e401e235faf66a6b9b31240b0
+
+We have two problems in UDP stack related to bogus checksums :
+
+1) We return -EAGAIN to application even if receive queue is not empty.
+ This breaks applications using edge trigger epoll()
+
+2) Under UDP flood, we can loop forever without yielding to other
+ processes, potentially hanging the host, especially on non SMP.
+
+This patch is an attempt to make things better.
+
+We might in the future add extra support for rt applications
+wanting to better control time spent doing a recv() in a hostile
+environment. For example we could validate checksums before queuing
+packets in socket receive queue.
+
+Signed-off-by: Eric Dumazet <edumazet at google.com>
+Cc: Willem de Bruijn <willemb at google.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ net/ipv4/udp.c | 6 ++----
+ net/ipv6/udp.c | 6 ++----
+ 2 files changed, 4 insertions(+), 8 deletions(-)
+
+--- a/net/ipv4/udp.c
++++ b/net/ipv4/udp.c
+@@ -1356,10 +1356,8 @@ csum_copy_err:
+ }
+ unlock_sock_fast(sk, slow);
+
+- if (noblock)
+- return -EAGAIN;
+-
+- /* starting over for a new packet */
++ /* starting over for a new packet, but check if we need to yield */
++ cond_resched();
+ msg->msg_flags &= ~MSG_TRUNC;
+ goto try_again;
+ }
+--- a/net/ipv6/udp.c
++++ b/net/ipv6/udp.c
+@@ -515,10 +515,8 @@ csum_copy_err:
+ }
+ unlock_sock_fast(sk, slow);
+
+- if (noblock)
+- return -EAGAIN;
+-
+- /* starting over for a new packet */
++ /* starting over for a new packet, but check if we need to yield */
++ cond_resched();
+ msg->msg_flags &= ~MSG_TRUNC;
+ goto try_again;
+ }
Modified: dists/jessie-security/linux/debian/patches/series
==============================================================================
--- dists/jessie-security/linux/debian/patches/series Sun Jun 28 22:37:59 2015 (r22776)
+++ dists/jessie-security/linux/debian/patches/series Sun Jun 28 22:42:03 2015 (r22777)
@@ -624,3 +624,4 @@
debian/tcp-fix-abi-change-in-3.16.7-ckt7.patch
debian/usb-avoid-abi-change-in-3.16.7-ckt8.patch
debian/procfs-avoid-abi-change-in-3.16.7-ckt8.patch
+bugfix/all/udp-fix-behavior-of-wrong-checksums.patch
More information about the Kernel-svn-changes
mailing list