APPLIED: [CVE-2011-1576] core: Fix memory leak/corruption on VLAN GRO_DROP

Submitter	Stefan Bader
Date	Dec. 12, 2011, 2:19 p.m.
Message ID	<4EE60D8A.6080803@canonical.com>
Download	mbox
Permalink	/patch/130754/
State	New
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> Message-ID: <4EE60D8A.6080803@canonical.com> Date: Mon, 12 Dec 2011 15:19:54 +0100 From: Stefan Bader <stefan.bader@canonical.com> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111124 Thunderbird/8.0 MIME-Version: 1.0 To: Tim Gardner <tim.gardner@canonical.com> Subject: Re: APPLIED: [CVE-2011-1576] core: Fix memory leak/corruption on VLAN GRO_DROP References: <1316440807-9603-1-git-send-email-stefan.bader@canonical.com> <4E774DEA.6000604@canonical.com> <4EDF9873.6090605@canonical.com> <4EE60AA6.1090504@canonical.com> In-Reply-To: <4EE60AA6.1090504@canonical.com> Cc: kernel-team@lists.ubuntu.com Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com

Pull-request

git://kernel.ubuntu.com/smb/ubuntu-maverick.git CVE-2011-1576

Comments

Stefan Bader - Dec. 12, 2011, 2:19 p.m.

On 12.12.2011 15:07, Tim Gardner wrote:
> On 12/07/2011 09:46 AM, Stefan Bader wrote:
>> On 19.09.2011 16:12, Tim Gardner wrote:
>>> On 09/19/2011 08:00 AM, Stefan Bader wrote:
>>>> introduced by (2.6.30):
>>>>      5d0d9be8ef456afc6c3fb5f8aad06ef19b704b05
>>>>      gro: Move common completion code into helpers
>>>>
>>>> fixed upstream by (2.6.37):
>>>>      3701e51382a026cba10c60b03efabe534fba4ca4
>>>>      vlan: Centralize handling of hardware acceleration.
>>>>
>>>> The upstream fix avoids the problem by re-arranging some helper functions.
>>>> This minimal fix was picked from the RedHat source package. It matches the
>>>> way that the vlan code handled the cases before the merge.
>>>>
>>>> Natty and Oneiric have the upstream fix. Hardy does not even handle GRO.
>>>> So only fixes for Lucid and Maverick are required. The two versions for
>>>> lucid/fsl-imx51 and the rest only differ by a bit of sourrounding code.
>>>>
>>>
>>>
>> Benjamin Poirier from SUSE had been looking at this one, too. And we had brief
>> discussion. While the simple fix we took from RedHat will likely work, it is not
>> really restoring a previous behavior as I had been thinking. This alternate
>> approach is now queued in 2.6.32.y and when that hits, we could revert the other
>> patch. And we likely would then want to do the same for all the combinations of
>> other places where the same patch has been added.
>>
>> -Stefan
> 
> So, you're kind of confusing me about which patches get reverted in what
> release. Perhaps you could send pull requests for each release that demonstrate
> exactly how you'd like each release to look.
> 
> rtg

The following changes since commit b6b7ef7ca0aa2ed75478ab2257544271aca245a4:

  KEYS: Fix a NULL pointer deref in the user-defined key type, CVE-2011-4110
(2011-12-06 13:22:15 -0700)

are available in the git repository at:
  git://kernel.ubuntu.com/smb/ubuntu-maverick.git CVE-2011-1576

Benjamin Poirier (1):
      gro: reset vlan_tci on reuse

Stefan Bader (1):
      Revert "core: Fix memory leak/corruption on VLAN GRO_DROP, CVE-2011-1576"

 net/core/dev.c |    4 +---
 1 files changed, 1 insertions(+), 3 deletions(-)

Tim Gardner - Dec. 12, 2011, 2:30 p.m.

On 12/12/2011 07:19 AM, Stefan Bader wrote:
> git://kernel.ubuntu.com/smb/ubuntu-maverick.git CVE-2011-1576

Stefan Bader - Dec. 12, 2011, 2:59 p.m.

On 12.12.2011 15:30, Tim Gardner wrote:
> On 12/12/2011 07:19 AM, Stefan Bader wrote:
>> git://kernel.ubuntu.com/smb/ubuntu-maverick.git CVE-2011-1576
> 
> 
So to keep sanity, I applied the same change to maverick/ti-omap4. Also, I
pushed the revert to lucid and applied the fix and the revert to lucid/fsl-imx51.

-Stefan

Patchwork APPLIED: [CVE-2011-1576] core: Fix memory leak/corruption on VLAN GRO_DROP

Pull-request

Comments