Message ID | 1532421650-17137-1-git-send-email-paolo.pisati@canonical.com |
---|---|
Headers | show |
Series | Fix for CVE-2017-6345 | expand |
On 24.07.2018 10:40, Paolo Pisati wrote: > https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6345.html > > Patch 01 is a clean cherry-pick and correspond to the upstream fix. > Patch 02 is a partial backport, and contains a prerequisite (sock_efree()). > > Instead of importing sock_efree() i could have used sock_edemux() since the two > behave similarly, except when the passed socket is a TCP socket in the > TCP_TIME_WAIT state. But since the TCP states are represented using an enum and > the field sk_state is reused by every protocol, i preferred to avoid introducing > a subtle mistake and use the original sock_efree() function. > > Eric Dumazet (1): > net/llc: avoid BUG_ON() in skb_orphan() > > Paolo Pisati (1): > UBUNTU: SAUCE: import sock_efree() > > include/net/sock.h | 1 + > net/core/sock.c | 6 ++++++ > net/llc/llc_conn.c | 3 +++ > net/llc/llc_sap.c | 3 +++ > 4 files changed, 13 insertions(+) > Acked-by: Stefan Bader <stefan.bader@canonical.com> Adding the new function is ok, but it should be applied first (so any bisection will not fail in between). -Stefan
On 2018-07-24 10:40:48 , Paolo Pisati wrote: > https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6345.html > > Patch 01 is a clean cherry-pick and correspond to the upstream fix. > Patch 02 is a partial backport, and contains a prerequisite (sock_efree()). > > Instead of importing sock_efree() i could have used sock_edemux() since the two > behave similarly, except when the passed socket is a TCP socket in the > TCP_TIME_WAIT state. But since the TCP states are represented using an enum and > the field sk_state is reused by every protocol, i preferred to avoid introducing > a subtle mistake and use the original sock_efree() function. > > Eric Dumazet (1): > net/llc: avoid BUG_ON() in skb_orphan() > > Paolo Pisati (1): > UBUNTU: SAUCE: import sock_efree() > > include/net/sock.h | 1 + > net/core/sock.c | 6 ++++++ > net/llc/llc_conn.c | 3 +++ > net/llc/llc_sap.c | 3 +++ > 4 files changed, 13 insertions(+) > Acked-by: Khalid Elmously <khalid.elmously@canonical.com> Will fix the ordering
Applied to trusty On 2018-07-24 10:40:48 , Paolo Pisati wrote: > https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6345.html > > Patch 01 is a clean cherry-pick and correspond to the upstream fix. > Patch 02 is a partial backport, and contains a prerequisite (sock_efree()). > > Instead of importing sock_efree() i could have used sock_edemux() since the two > behave similarly, except when the passed socket is a TCP socket in the > TCP_TIME_WAIT state. But since the TCP states are represented using an enum and > the field sk_state is reused by every protocol, i preferred to avoid introducing > a subtle mistake and use the original sock_efree() function. > > Eric Dumazet (1): > net/llc: avoid BUG_ON() in skb_orphan() > > Paolo Pisati (1): > UBUNTU: SAUCE: import sock_efree() > > include/net/sock.h | 1 + > net/core/sock.c | 6 ++++++ > net/llc/llc_conn.c | 3 +++ > net/llc/llc_sap.c | 3 +++ > 4 files changed, 13 insertions(+) > > -- > 2.7.4 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team