bonding: Incorrect TX queue offset (CVE-2011-1581)
This commit is contained in:
Chuck Ebbert
parent
6034fb773e
commit
e883ed16c1
|
|
@ -0,0 +1,54 @@
|
|||
From: Phil Oester <kernel@linuxace.com>
|
||||
Date: Mon, 14 Mar 2011 06:22:04 +0000 (+0000)
|
||||
Subject: bonding: Incorrect TX queue offset
|
||||
X-Git-Tag: v2.6.39-rc1~468^2~15
|
||||
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=fd0e435b0fe85622f167b84432552885a4856ac8
|
||||
|
||||
bonding: Incorrect TX queue offset
|
||||
|
||||
When packets come in from a device with >= 16 receive queues
|
||||
headed out a bonding interface, syslog gets filled with this:
|
||||
|
||||
kernel: bond0 selects TX queue 16, but real number of TX queues is 16
|
||||
|
||||
because queue_mapping is offset by 1. Adjust return value
|
||||
to account for the offset.
|
||||
|
||||
This is a revision of my earlier patch (which did not use the
|
||||
skb_rx_queue_* helpers - thanks to Ben for the suggestion).
|
||||
Andy submitted a similar patch which emits a pr_warning on
|
||||
invalid queue selection, but I believe the log spew is
|
||||
not useful. We can revisit that question in the future,
|
||||
but in the interim I believe fixing the core problem is
|
||||
worthwhile.
|
||||
|
||||
Signed-off-by: Phil Oester <kernel@linuxace.com>
|
||||
Signed-off-by: Andy Gospodarek <andy@greyhouse.net>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
|
||||
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
|
||||
index 3ad4f50..a93d941 100644
|
||||
--- a/drivers/net/bonding/bond_main.c
|
||||
+++ b/drivers/net/bonding/bond_main.c
|
||||
@@ -4341,11 +4341,18 @@ static u16 bond_select_queue(struct net_device *dev, struct sk_buff *skb)
|
||||
{
|
||||
/*
|
||||
* This helper function exists to help dev_pick_tx get the correct
|
||||
- * destination queue. Using a helper function skips the a call to
|
||||
+ * destination queue. Using a helper function skips a call to
|
||||
* skb_tx_hash and will put the skbs in the queue we expect on their
|
||||
* way down to the bonding driver.
|
||||
*/
|
||||
- return skb->queue_mapping;
|
||||
+ u16 txq = skb_rx_queue_recorded(skb) ? skb_get_rx_queue(skb) : 0;
|
||||
+
|
||||
+ if (unlikely(txq >= dev->real_num_tx_queues)) {
|
||||
+ do
|
||||
+ txq -= dev->real_num_tx_queues;
|
||||
+ while (txq >= dev->real_num_tx_queues);
|
||||
+ }
|
||||
+ return txq;
|
||||
}
|
||||
|
||||
static netdev_tx_t bond_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
||||
|
|
@ -729,6 +729,9 @@ Patch12400: linux-2.6-netconsole-deadlock.patch
|
|||
# CVE-2011-1494, CVE-2011-1495
|
||||
Patch12401: scsi-mptsas-prevent-heap-overflows-and-unchecked-reads.patch
|
||||
|
||||
# CVE-2011-1581
|
||||
Patch12402: bonding-incorrect-tx-queue-offset.patch
|
||||
|
||||
%endif
|
||||
|
||||
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
|
||||
|
|
@ -1351,6 +1354,9 @@ ApplyPatch linux-2.6-netconsole-deadlock.patch
|
|||
# CVE-2011-1494, CVE-2011-1495
|
||||
ApplyPatch scsi-mptsas-prevent-heap-overflows-and-unchecked-reads.patch
|
||||
|
||||
# CVE-2011-1581
|
||||
ApplyPatch bonding-incorrect-tx-queue-offset.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -1962,6 +1968,7 @@ fi
|
|||
* Mon May 02 2011 Chuck Ebbert <cebbert@redhat.com>
|
||||
- [SCSI] mpt2sas: prevent heap overflows and unchecked reads
|
||||
(CVE-2011-1494, CVE-2011-1495)
|
||||
- bonding: Incorrect TX queue offset (CVE-2011-1581)
|
||||
|
||||
* Mon May 02 2011 Kyle McMartin <kmcmartin@redhat.com> 2.6.38.5-22
|
||||
- And to the released 2.6.38.5
|
||||
|
|
|
|||
Loading…
Reference in New Issue