CVE-2015-8812 cxgb3 use after free (rhbz 1303532 1309548)

This commit is contained in:
Josh Boyer 2016-02-18 08:20:05 -05:00
parent f062445414
commit 59915d41e7
2 changed files with 47 additions and 0 deletions

View File

@ -0,0 +1,41 @@
From 67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3 Mon Sep 17 00:00:00 2001
From: Hariprasad S <hariprasad@chelsio.com>
Date: Fri, 11 Dec 2015 13:59:17 +0530
Subject: [PATCH] iw_cxgb3: Fix incorrectly returning error on success
The cxgb3_*_send() functions return NET_XMIT_ values, which are
positive integers values. So don't treat positive return values
as an error.
Signed-off-by: Steve Wise <swise@opengridcomputing.com>
Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
---
drivers/infiniband/hw/cxgb3/iwch_cm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/hw/cxgb3/iwch_cm.c b/drivers/infiniband/hw/cxgb3/iwch_cm.c
index cb78b1e9bcd9..f504ba73e5dc 100644
--- a/drivers/infiniband/hw/cxgb3/iwch_cm.c
+++ b/drivers/infiniband/hw/cxgb3/iwch_cm.c
@@ -149,7 +149,7 @@ static int iwch_l2t_send(struct t3cdev *tdev, struct sk_buff *skb, struct l2t_en
error = l2t_send(tdev, skb, l2e);
if (error < 0)
kfree_skb(skb);
- return error;
+ return error < 0 ? error : 0;
}
int iwch_cxgb3_ofld_send(struct t3cdev *tdev, struct sk_buff *skb)
@@ -165,7 +165,7 @@ int iwch_cxgb3_ofld_send(struct t3cdev *tdev, struct sk_buff *skb)
error = cxgb3_ofld_send(tdev, skb);
if (error < 0)
kfree_skb(skb);
- return error;
+ return error < 0 ? error : 0;
}
static void release_tid(struct t3cdev *tdev, u32 hwtid, struct sk_buff *skb)
--
2.5.0

View File

@ -628,6 +628,9 @@ Patch650: bpf-fix-branch-offset-adjustment-on-backjumps-after-.patch
#rhbz 1306987
Patch651: Input-elantech-mark-protocols-v2-and-v3-as-semi-mt.patch
#CVE-2015-8812 rhbz 1303532 1309548
Patch653: iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch
# END OF PATCH DEFINITIONS
%endif
@ -2071,6 +2074,9 @@ fi
#
#
%changelog
* Thu Feb 18 2016 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2015-8812 cxgb3 use after free (rhbz 1303532 1309548)
* Wed Feb 17 2016 Laura Abbott <labbott@fedoraproject.org>
- Linux v4.4.2