[linux] 01/01: atl2: Disable unimplemented scatter/gather feature (CVE-2016-2117)

Sat Apr 30 18:24:27 UTC 2016

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch jessie-security
in repository linux.

commit 11597639726c67bd065c13faf2bd7443431625cc
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Sat Apr 30 20:22:33 2016 +0200

    atl2: Disable unimplemented scatter/gather feature (CVE-2016-2117)
---
 debian/changelog                                   |  1 +
 ...able-unimplemented-scatter-gather-feature.patch | 37 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 39 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 9712cfe..d84fe48 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,6 +16,7 @@ linux (3.16.7-ckt25-2+deb8u1) UNRELEASED; urgency=medium
   * usbnet: Fix possible memory corruption after probe failure (CVE-2016-3951)
     - cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind
     - usbnet: cleanup after bind() in probe()
+  * atl2: Disable unimplemented scatter/gather feature (CVE-2016-2117)
 
   [ Salvatore Bonaccorso ]
   * [x86] USB: usbip: fix potential out-of-bounds write (CVE-2016-3955)
diff --git a/debian/patches/bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch b/debian/patches/bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch
new file mode 100644
index 0000000..df43429
--- /dev/null
+++ b/debian/patches/bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch
@@ -0,0 +1,37 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Wed, 20 Apr 2016 23:23:08 +0100
+Subject: atl2: Disable unimplemented scatter/gather feature
+Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8
+
+atl2 includes NETIF_F_SG in hw_features even though it has no support
+for non-linear skbs.  This bug was originally harmless since the
+driver does not claim to implement checksum offload and that used to
+be a requirement for SG.
+
+Now that SG and checksum offload are independent features, if you
+explicitly enable SG *and* use one of the rare protocols that can use
+SG without checkusm offload, this potentially leaks sensitive
+information (before you notice that it just isn't working).  Therefore
+this obscure bug has been designated CVE-2016-2117.
+
+Reported-by: Justin Yackoski <jyackoski at crypto-nite.com>
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+Fixes: ec5f06156423 ("net: Kill link between CSUM and SG features.")
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ drivers/net/ethernet/atheros/atlx/atl2.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/atheros/atlx/atl2.c b/drivers/net/ethernet/atheros/atlx/atl2.c
+index 8f76f4558a88..2ff465848b65 100644
+--- a/drivers/net/ethernet/atheros/atlx/atl2.c
++++ b/drivers/net/ethernet/atheros/atlx/atl2.c
+@@ -1412,7 +1412,7 @@ static int atl2_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
+ 
+ 	err = -EIO;
+ 
+-	netdev->hw_features = NETIF_F_SG | NETIF_F_HW_VLAN_CTAG_RX;
++	netdev->hw_features = NETIF_F_HW_VLAN_CTAG_RX;
+ 	netdev->features |= (NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_CTAG_RX);
+ 
+ 	/* Init PHY as early as possible due to power saving issue  */
diff --git a/debian/patches/series b/debian/patches/series
index c0affbc..3dbacba 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -672,3 +672,4 @@ bugfix/x86/x86-standardize-mmap_rnd-usage.patch
 bugfix/x86/x86-mm-32-enable-full-randomization-on-i386-and-x86_32.patch
 bugfix/all/cdc_ncm-do-not-call-usbnet_link_change-from-cdc_ncm_.patch
 bugfix/all/usbnet-cleanup-after-bind-in-probe.patch
+bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

