CVE-2013-XXXX net: memory corruption with UDP_CORK and UFO (rhbz 1023477 1023495)
This commit is contained in:
Josh Boyer
parent
ddad4977f6
commit
145107f726
13
kernel.spec
13
kernel.spec
|
|
@ -776,12 +776,12 @@ Patch25132: rt2800usb-slow-down-TX-status-polling.patch
|
|||
#rhbz 1015558
|
||||
Patch25133: fix-buslogic.patch
|
||||
|
||||
#rhbz 989251
|
||||
Patch25134: tcp-fix-incorrect-ca_state-in-tail-loss-probe.patch
|
||||
|
||||
#rhbz 1023413
|
||||
Patch25135: alps-Support-for-Dell-XT2-model.patch
|
||||
|
||||
#CVE-2013-XXXX rhbz 1023477 1023495
|
||||
Patch25136: net_311.mbox
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -1506,12 +1506,12 @@ ApplyPatch rt2800usb-slow-down-TX-status-polling.patch
|
|||
#rhbz 1015558
|
||||
ApplyPatch fix-buslogic.patch
|
||||
|
||||
#rhbz 989251
|
||||
ApplyPatch tcp-fix-incorrect-ca_state-in-tail-loss-probe.patch
|
||||
|
||||
#rhbz 1023413
|
||||
ApplyPatch alps-Support-for-Dell-XT2-model.patch
|
||||
|
||||
#CVE-2013-XXXX rhbz 1023477 1023495
|
||||
ApplyPatch net_311.mbox
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -2325,6 +2325,7 @@ fi
|
|||
|
||||
%changelog
|
||||
* Fri Oct 25 2013 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2013-XXXX net: memory corruption with UDP_CORK and UFO (rhbz 1023477 1023495)
|
||||
- Add touchpad support for Dell XT2 (rhbz 1023413)
|
||||
|
||||
* Tue Oct 22 2013 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -1,107 +0,0 @@
|
|||
Path: news.gmane.org!not-for-mail
|
||||
From: Yuchung Cheng <ycheng@google.com>
|
||||
Newsgroups: gmane.linux.network
|
||||
Subject: [PATCH net] tcp: fix incorrect ca_state in tail loss probe
|
||||
Date: Sat, 12 Oct 2013 10:16:27 -0700
|
||||
Lines: 34
|
||||
Approved: news@gmane.org
|
||||
Message-ID: <1381598187-9681-1-git-send-email-ycheng@google.com>
|
||||
NNTP-Posting-Host: plane.gmane.org
|
||||
X-Trace: ger.gmane.org 1381598242 29686 80.91.229.3 (12 Oct 2013 17:17:22 GMT)
|
||||
X-Complaints-To: usenet@ger.gmane.org
|
||||
NNTP-Posting-Date: Sat, 12 Oct 2013 17:17:22 +0000 (UTC)
|
||||
Cc: netdev@vger.kernel.org, michael@sterretts.net,
|
||||
jwboyer@fedoraproject.org, sesse@google.com, dormando@rydia.net,
|
||||
Yuchung Cheng <ycheng@google.com>
|
||||
To: davem@davemloft.net, ncardwell@google.com, nanditad@google.com
|
||||
Original-X-From: netdev-owner@vger.kernel.org Sat Oct 12 19:17:23 2013
|
||||
Return-path: <netdev-owner@vger.kernel.org>
|
||||
Envelope-to: linux-netdev-2@plane.gmane.org
|
||||
Original-Received: from vger.kernel.org ([209.132.180.67])
|
||||
by plane.gmane.org with esmtp (Exim 4.69)
|
||||
(envelope-from <netdev-owner@vger.kernel.org>)
|
||||
id 1VV2od-0004tp-02
|
||||
for linux-netdev-2@plane.gmane.org; Sat, 12 Oct 2013 19:17:23 +0200
|
||||
Original-Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
|
||||
id S1753183Ab3JLRRU (ORCPT <rfc822;linux-netdev-2@m.gmane.org>);
|
||||
Sat, 12 Oct 2013 13:17:20 -0400
|
||||
Original-Received: from mail-pb0-f74.google.com ([209.85.160.74]:35839 "EHLO
|
||||
mail-pb0-f74.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
|
||||
with ESMTP id S1752493Ab3JLRRS (ORCPT
|
||||
<rfc822;netdev@vger.kernel.org>); Sat, 12 Oct 2013 13:17:18 -0400
|
||||
Original-Received: by mail-pb0-f74.google.com with SMTP id rq2so543459pbb.1
|
||||
for <netdev@vger.kernel.org>; Sat, 12 Oct 2013 10:17:18 -0700 (PDT)
|
||||
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
|
||||
d=google.com; s=20120113;
|
||||
h=from:to:cc:subject:date:message-id;
|
||||
bh=YSBIMZEgVuqyP2cau1199a1sz5d28JA7LPPsF6w9FYQ=;
|
||||
b=cCkXgePT7f0kRy+VBGvs3DZSLhVn0z7O74B7OHYpdZkQBznhNZ2b6ZGbkDqaKJXyLT
|
||||
GEsq/JXCgtwpC7aGSz9dPdAZU6kondKOAmfhh54u6f2+ymcZJ4zHpoA6mWuKJ4zlTF2w
|
||||
6tRhnT+/N5RkfIfYD/mcDx97X41kRT3NKJ6bsCoiNJIO2+6j8SrOi8C27InOkdIRY/AT
|
||||
I1uu2bvai1CfrC5yQ6UfpKUg2jioFDOi7i5nSEon+JnWeJavHpO01JMHuar7ZeGnAKJg
|
||||
kVLwyiRujU9Fz0CKIMPZihAngQu/0OgqORQIjygeqz+GPgtTxDGQP7IUNR/d+JOPVUse
|
||||
XlSA==
|
||||
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
|
||||
d=1e100.net; s=20130820;
|
||||
h=x-gm-message-state:from:to:cc:subject:date:message-id;
|
||||
bh=YSBIMZEgVuqyP2cau1199a1sz5d28JA7LPPsF6w9FYQ=;
|
||||
b=d95i7RXY0ff5vnWvrGqxWfSvvAE8SC6YAaBn3ZqbARIZm5GgynIAB/WYnrIOqpqGV6
|
||||
56jVM40bfzLrols1UZzyJWqPIgxee1zPrESh+WrSsDP2tTdYKl/zk13lbt/u7nOn9o3u
|
||||
HrAo2aY4DtV3P0ABEq1lKdazmmPACTc6256QQ2nxtHs5n7s7P1ERkpX7NGNqNf1zDBSv
|
||||
60xeoswRpMkh0G5ZUgpPYsIbXws9F64n5ytq34O2UDZPv5oPEd8I7P34HpqWkNsLoEBs
|
||||
XXTxs1SLc8TI3vdduhaQ+rmEvcE5vTaqjVCQAT2mMKTJJ9xIFueF5zExfI892PHAcJQ8
|
||||
jiaw==
|
||||
X-Gm-Message-State: ALoCoQkeL+3MY64KlpZKI1BuYMU+yTQcYF1C+U5u+kPpqROoekUMzIaH45qERBARAi/0vgJ5YM1Cwm+43d66vZMn/WdHPurbMHfFn3PYqeZSAzOEeuSA2jGTSZUkpuH8YwFqiNhABtj93ahsBXrA6POrXb531UvuahU+rnFLTGNLxVHv/08PW3l5PbN8UaTNpUI1qcf6O6MarFcB+fZLYPb339v4EIrLxg==
|
||||
X-Received: by 10.66.5.226 with SMTP id v2mr8825633pav.22.1381598238410;
|
||||
Sat, 12 Oct 2013 10:17:18 -0700 (PDT)
|
||||
Original-Received: from corp2gmr1-2.hot.corp.google.com (corp2gmr1-2.hot.corp.google.com [172.24.189.93])
|
||||
by gmr-mx.google.com with ESMTPS id a24si3247317yhl.1.1969.12.31.16.00.00
|
||||
(version=TLSv1.1 cipher=AES128-SHA bits=128/128);
|
||||
Sat, 12 Oct 2013 10:17:18 -0700 (PDT)
|
||||
Original-Received: from blast2.mtv.corp.google.com (blast2.mtv.corp.google.com [172.17.132.164])
|
||||
by corp2gmr1-2.hot.corp.google.com (Postfix) with ESMTP id 2F2B45A41A0;
|
||||
Sat, 12 Oct 2013 10:17:18 -0700 (PDT)
|
||||
Original-Received: by blast2.mtv.corp.google.com (Postfix, from userid 5463)
|
||||
id C6A85220C26; Sat, 12 Oct 2013 10:17:17 -0700 (PDT)
|
||||
X-Mailer: git-send-email 1.8.4
|
||||
Original-Sender: netdev-owner@vger.kernel.org
|
||||
Precedence: bulk
|
||||
List-ID: <netdev.vger.kernel.org>
|
||||
X-Mailing-List: netdev@vger.kernel.org
|
||||
Xref: news.gmane.org gmane.linux.network:286793
|
||||
Archived-At: <http://permalink.gmane.org/gmane.linux.network/286793>
|
||||
|
||||
On receiving an ACK that covers the loss probe sequence, TLP
|
||||
immediately sets the congestion state to Open, even though some packets
|
||||
are not recovered and retransmisssion are on the way. The later ACks
|
||||
may trigger a WARN_ON check in step D of tcp_fastretrans_alert(), e.g.,
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=989251
|
||||
|
||||
The fix is to follow the similar procedure in recovery by calling
|
||||
tcp_try_keep_open(). The sender switches to Open state if no packets
|
||||
are retransmissted. Otherwise it goes to Disorder and let subsequent
|
||||
ACKs move the state to Recovery or Open.
|
||||
|
||||
Reported-By: Michael Sterrett <michael@sterretts.net>
|
||||
Tested-By: Dormando <dormando@rydia.net>
|
||||
Signed-off-by: Yuchung Cheng <ycheng@google.com>
|
||||
---
|
||||
net/ipv4/tcp_input.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
|
||||
index 113dc5f..53974c7 100644
|
||||
--- a/net/ipv4/tcp_input.c
|
||||
+++ b/net/ipv4/tcp_input.c
|
||||
@@ -3291,7 +3291,7 @@ static void tcp_process_tlp_ack(struct sock *sk, u32 ack, int flag)
|
||||
tcp_init_cwnd_reduction(sk, true);
|
||||
tcp_set_ca_state(sk, TCP_CA_CWR);
|
||||
tcp_end_cwnd_reduction(sk);
|
||||
- tcp_set_ca_state(sk, TCP_CA_Open);
|
||||
+ tcp_try_keep_open(sk);
|
||||
NET_INC_STATS_BH(sock_net(sk),
|
||||
LINUX_MIB_TCPLOSSPROBERECOVERY);
|
||||
}
|
||||
--
|
||||
1.8.4
|
||||
|
||||
Loading…
Reference in New Issue