| Message ID | CA+jPhpcATmzzx6iYU6WTpoij5uPGkdkaWbYSMisLbCvZgTB1AQ@mail.gmail.com |
|---|---|
| Headers | show |
| Series | Fixes for LP1800639 [v2] | expand |
On 02/11/2018 19:19, Frank Heimes wrote: > BugLink: http://bugs.launchpad.net/bugs/1800639 > > == SRU Justification == > > 'Fix socket buffer (skb) leaks for HiperTransport' > Description: net/af_iucv: fix skb leaks for HiperTransport > Symptom: Memory leaks and/or double-freed network packets. > Problem: Inbound packets may have any combination of flag bits set in > their iucv header. Current code only handles certain > combinations, and ignores (ie. leaks) all packets with other flags. > > On Transmit, current code is inconsistent about whether the error > paths need to free the skb. Depending on which error path is > taken, it may either get freed twice, or leak. > Solution: On receive, drop any skb with an unexpected combination of iucv > Header flags. > On transmit, be consistent in all error paths about free'ing the skb. > > == Fix == > > 2224409 ("net/af_iucv: drop inbound packets with invalid flags") > b2f5439 ("net/af_iucv: fix skb handling on HiperTransport xmit error") > > == Regression Potential == > > Low, because: > - IUCV functionality is very special to s390x > - and even more special because it's only supported in z/VM environments > (z/VM hypervisor to guest or guest to guest communications) > - So everything is s390x specific. > - Patch is limited to this single file: /net/iucv/af_iucv.c > - This was identified as problem situation by IBM > then fixed, the fix tested and now needs to rolled out as preventive fix. > > == Test Case == > > Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest: > https://www.ibm.com/support/knowledgecenter/en/linuxonibm/com.ibm.linux.z.ludd/ludd_r_afiucv_setup.html > Provoke an error situation. > This is btw. hard to do, because the 'Inter-User Communication Vehicle" > (IUCV) is a virtual z/VM internal > network that does not use any real media. > To check for regressions one can use a shell over an ssh connection > using an IUCV interface > or use an application that utilizes AF_IUCV sockets (like ICC). > > Both patches are upstream cherry picks and look OK to me.. so for both patches: Acked-by: Colin Ian King <colin.king@canonical.com>
On 02.11.18 20:19, Frank Heimes wrote: > BugLink: http://bugs.launchpad.net/bugs/1800639 > > == SRU Justification == > > 'Fix socket buffer (skb) leaks for HiperTransport' > Description: net/af_iucv: fix skb leaks for HiperTransport > Symptom: Memory leaks and/or double-freed network packets. > Problem: Inbound packets may have any combination of flag bits set in > their iucv header. Current code only handles certain > combinations, and ignores (ie. leaks) all packets with other flags. > > On Transmit, current code is inconsistent about whether the error > paths need to free the skb. Depending on which error path is > taken, it may either get freed twice, or leak. > Solution: On receive, drop any skb with an unexpected combination of iucv > Header flags. > On transmit, be consistent in all error paths about free'ing the skb. > > == Fix == > > 2224409 ("net/af_iucv: drop inbound packets with invalid flags") > b2f5439 ("net/af_iucv: fix skb handling on HiperTransport xmit error") > > == Regression Potential == > > Low, because: > - IUCV functionality is very special to s390x > - and even more special because it's only supported in z/VM environments > (z/VM hypervisor to guest or guest to guest communications) > - So everything is s390x specific. > - Patch is limited to this single file: /net/iucv/af_iucv.c > - This was identified as problem situation by IBM > then fixed, the fix tested and now needs to rolled out as preventive fix. > > == Test Case == > > Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest: > https://www.ibm.com/support/knowledgecenter/en/linuxonibm/com.ibm.linux.z.ludd/ludd_r_afiucv_setup.html > Provoke an error situation. > This is btw. hard to do, because the 'Inter-User Communication Vehicle" (IUCV) > is a virtual z/VM internal > network that does not use any real media. > To check for regressions one can use a shell over an ssh connection using an > IUCV interface > or use an application that utilizes AF_IUCV sockets (like ICC). > > Acked-by: Stefan Bader <stefan.bader@canonical.com> ... still not liking HTML mails...
Couldn't extract the patches from the email again. I cherry-picked from mainline (which worked fine this time) and manually edited the commit messages. On 2018-11-02 20:19:54 , Frank Heimes wrote: > BugLink: http://bugs.launchpad.net/bugs/1800639 > > == SRU Justification == > > 'Fix socket buffer (skb) leaks for HiperTransport' > Description: net/af_iucv: fix skb leaks for HiperTransport > Symptom: Memory leaks and/or double-freed network packets. > Problem: Inbound packets may have any combination of flag bits set in > their iucv header. Current code only handles certain > combinations, and ignores (ie. leaks) all packets with other flags. > > On Transmit, current code is inconsistent about whether the error > paths need to free the skb. Depending on which error path is > taken, it may either get freed twice, or leak. > Solution: On receive, drop any skb with an unexpected combination of iucv > Header flags. > On transmit, be consistent in all error paths about free'ing the skb. > > == Fix == > > 2224409 ("net/af_iucv: drop inbound packets with invalid flags") > b2f5439 ("net/af_iucv: fix skb handling on HiperTransport xmit error") > > == Regression Potential == > > Low, because: > - IUCV functionality is very special to s390x > - and even more special because it's only supported in z/VM environments > (z/VM hypervisor to guest or guest to guest communications) > - So everything is s390x specific. > - Patch is limited to this single file: /net/iucv/af_iucv.c > - This was identified as problem situation by IBM > then fixed, the fix tested and now needs to rolled out as preventive fix. > > == Test Case == > > Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest: > https://www.ibm.com/support/knowledgecenter/en/linuxonibm/com.ibm.linux.z.ludd/ludd_r_afiucv_setup.html > Provoke an error situation. > This is btw. hard to do, because the 'Inter-User Communication Vehicle" > (IUCV) is a virtual z/VM internal > network that does not use any real media. > To check for regressions one can use a shell over an ssh connection using > an IUCV interface > or use an application that utilizes AF_IUCV sockets (like ICC). > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
BugLink: http://bugs.launchpad.net/bugs/1800639 == SRU Justification == 'Fix socket buffer (skb) leaks for HiperTransport' Description: net/af_iucv: fix skb leaks for HiperTransport Symptom: Memory leaks and/or double-freed network packets. Problem: Inbound packets may have any combination of flag bits set in their iucv header. Current code only handles certain combinations, and ignores (ie. leaks) all packets with other flags. On Transmit, current code is inconsistent about whether the error paths need to free the skb. Depending on which error path is taken, it may either get freed twice, or leak. Solution: On receive, drop any skb with an unexpected combination of iucv Header flags. On transmit, be consistent in all error paths about free'ing the skb. == Fix == 2224409 ("net/af_iucv: drop inbound packets with invalid flags") b2f5439 ("net/af_iucv: fix skb handling on HiperTransport xmit error") == Regression Potential == Low, because: - IUCV functionality is very special to s390x - and even more special because it's only supported in z/VM environments (z/VM hypervisor to guest or guest to guest communications) - So everything is s390x specific. - Patch is limited to this single file: /net/iucv/af_iucv.c - This was identified as problem situation by IBM then fixed, the fix tested and now needs to rolled out as preventive fix. == Test Case == Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest: https://www.ibm.com/support/knowledgecenter/en/linuxonibm/com.ibm.linux.z.ludd/ludd_r_afiucv_setup.html Provoke an error situation. This is btw. hard to do, because the 'Inter-User Communication Vehicle" (IUCV) is a virtual z/VM internal network that does not use any real media. To check for regressions one can use a shell over an ssh connection using an IUCV interface or use an application that utilizes AF_IUCV sockets (like ICC).