Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Mike Pagano (mpagano)" <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] linux-patches r2458 - genpatches-2.6/trunk/3.10
Date: Mon, 29 Jul 2013 01:00:04
Message-Id: 20130729005957.B2C3321710@flycatcher.gentoo.org
1 Author: mpagano
2 Date: 2013-07-29 00:59:57 +0000 (Mon, 29 Jul 2013)
3 New Revision: 2458
4
5 Removed:
6 genpatches-2.6/trunk/3.10/1600_CVE-2013-4125-ipv6-fix-fib6_add_rt2node-BUG.patch
7 genpatches-2.6/trunk/3.10/1600_CVE-2013-4127-fix-use-after-free-in-vhost_net_flush.patch
8 Modified:
9 genpatches-2.6/trunk/3.10/0000_README
10 Log:
11 Removal of redundant patches
12
13 Modified: genpatches-2.6/trunk/3.10/0000_README
14 ===================================================================
15 --- genpatches-2.6/trunk/3.10/0000_README 2013-07-29 00:45:13 UTC (rev 2457)
16 +++ genpatches-2.6/trunk/3.10/0000_README 2013-07-29 00:59:57 UTC (rev 2458)
17 @@ -59,14 +59,6 @@
18 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
19 Desc: Support for namespace user.pax.* on tmpfs.
20
21 -Patch: 1600_CVE-2013-4125-ipv6-fix-fib6_add_rt2node-BUG.patch
22 -From: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=307f2fb95e9b96b3577916e73d92e104f8f26494
23 -Desc: ipv6: only static routes qualify for equal cost multipathing
24 -
25 -Patch: 1600_CVE-2013-4127-fix-use-after-free-in-vhost_net_flush.patch
26 -From: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd7633ecd553a5e304d349aa6f8eb8a0417098c5
27 -Desc: vhost-net: fix use-after-free in vhost_net_flush
28 -
29 Patch: 1700_enable-thinkpad-micled.patch
30 From: https://bugs.gentoo.org/show_bug.cgi?id=449248
31 Desc: Enable mic mute led in thinkpads
32
33 Deleted: genpatches-2.6/trunk/3.10/1600_CVE-2013-4125-ipv6-fix-fib6_add_rt2node-BUG.patch
34 ===================================================================
35 --- genpatches-2.6/trunk/3.10/1600_CVE-2013-4125-ipv6-fix-fib6_add_rt2node-BUG.patch 2013-07-29 00:45:13 UTC (rev 2457)
36 +++ genpatches-2.6/trunk/3.10/1600_CVE-2013-4125-ipv6-fix-fib6_add_rt2node-BUG.patch 2013-07-29 00:59:57 UTC (rev 2458)
37 @@ -1,79 +0,0 @@
38 -From 307f2fb95e9b96b3577916e73d92e104f8f26494 Mon Sep 17 00:00:00 2001
39 -From: Hannes Frederic Sowa <hannes@×××××××××××××××.org>
40 -Date: Fri, 12 Jul 2013 21:46:33 +0000
41 -Subject: ipv6: only static routes qualify for equal cost multipathing
42 -
43 -Static routes in this case are non-expiring routes which did not get
44 -configured by autoconf or by icmpv6 redirects.
45 -
46 -To make sure we actually get an ecmp route while searching for the first
47 -one in this fib6_node's leafs, also make sure it matches the ecmp route
48 -assumptions.
49 -
50 -v2:
51 -a) Removed RTF_EXPIRE check in dst.from chain. The check of RTF_ADDRCONF
52 - already ensures that this route, even if added again without
53 - RTF_EXPIRES (in case of a RA announcement with infinite timeout),
54 - does not cause the rt6i_nsiblings logic to go wrong if a later RA
55 - updates the expiration time later.
56 -
57 -v3:
58 -a) Allow RTF_EXPIRES routes to enter the ecmp route set. We have to do so,
59 - because an pmtu event could update the RTF_EXPIRES flag and we would
60 - not count this route, if another route joins this set. We now filter
61 - only for RTF_GATEWAY|RTF_ADDRCONF|RTF_DYNAMIC, which are flags that
62 - don't get changed after rt6_info construction.
63 -
64 -Cc: Nicolas Dichtel <nicolas.dichtel@×××××.com>
65 -Signed-off-by: Hannes Frederic Sowa <hannes@×××××××××××××××.org>
66 -Signed-off-by: David S. Miller <davem@×××××××××.net>
67 ----
68 -diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
69 -index 192dd1a..5fc9c7a 100644
70 ---- a/net/ipv6/ip6_fib.c
71 -+++ b/net/ipv6/ip6_fib.c
72 -@@ -632,6 +632,12 @@ insert_above:
73 - return ln;
74 - }
75 -
76 -+static inline bool rt6_qualify_for_ecmp(struct rt6_info *rt)
77 -+{
78 -+ return (rt->rt6i_flags & (RTF_GATEWAY|RTF_ADDRCONF|RTF_DYNAMIC)) ==
79 -+ RTF_GATEWAY;
80 -+}
81 -+
82 - /*
83 - * Insert routing information in a node.
84 - */
85 -@@ -646,6 +652,7 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
86 - int add = (!info->nlh ||
87 - (info->nlh->nlmsg_flags & NLM_F_CREATE));
88 - int found = 0;
89 -+ bool rt_can_ecmp = rt6_qualify_for_ecmp(rt);
90 -
91 - ins = &fn->leaf;
92 -
93 -@@ -691,9 +698,8 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
94 - * To avoid long list, we only had siblings if the
95 - * route have a gateway.
96 - */
97 -- if (rt->rt6i_flags & RTF_GATEWAY &&
98 -- !(rt->rt6i_flags & RTF_EXPIRES) &&
99 -- !(iter->rt6i_flags & RTF_EXPIRES))
100 -+ if (rt_can_ecmp &&
101 -+ rt6_qualify_for_ecmp(iter))
102 - rt->rt6i_nsiblings++;
103 - }
104 -
105 -@@ -715,7 +721,8 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
106 - /* Find the first route that have the same metric */
107 - sibling = fn->leaf;
108 - while (sibling) {
109 -- if (sibling->rt6i_metric == rt->rt6i_metric) {
110 -+ if (sibling->rt6i_metric == rt->rt6i_metric &&
111 -+ rt6_qualify_for_ecmp(sibling)) {
112 - list_add_tail(&rt->rt6i_siblings,
113 - &sibling->rt6i_siblings);
114 - break;
115 ---
116 -cgit v0.9.2
117
118 Deleted: genpatches-2.6/trunk/3.10/1600_CVE-2013-4127-fix-use-after-free-in-vhost_net_flush.patch
119 ===================================================================
120 --- genpatches-2.6/trunk/3.10/1600_CVE-2013-4127-fix-use-after-free-in-vhost_net_flush.patch 2013-07-29 00:45:13 UTC (rev 2457)
121 +++ genpatches-2.6/trunk/3.10/1600_CVE-2013-4127-fix-use-after-free-in-vhost_net_flush.patch 2013-07-29 00:59:57 UTC (rev 2458)
122 @@ -1,56 +0,0 @@
123 -From dd7633ecd553a5e304d349aa6f8eb8a0417098c5 Mon Sep 17 00:00:00 2001
124 -From: Michael S. Tsirkin <mst@××××××.com>
125 -Date: Sun, 07 Jul 2013 11:26:53 +0000
126 -Subject: vhost-net: fix use-after-free in vhost_net_flush
127 -
128 -vhost_net_ubuf_put_and_wait has a confusing name:
129 -it will actually also free it's argument.
130 -Thus since commit 1280c27f8e29acf4af2da914e80ec27c3dbd5c01
131 - "vhost-net: flush outstanding DMAs on memory change"
132 -vhost_net_flush tries to use the argument after passing it
133 -to vhost_net_ubuf_put_and_wait, this results
134 -in use after free.
135 -To fix, don't free the argument in vhost_net_ubuf_put_and_wait,
136 -add an new API for callers that want to free ubufs.
137 -
138 -Acked-by: Asias He <asias@××××××.com>
139 -Acked-by: Jason Wang <jasowang@××××××.com>
140 -Signed-off-by: Michael S. Tsirkin <mst@××××××.com>
141 -Signed-off-by: David S. Miller <davem@×××××××××.net>
142 ----
143 -diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
144 -index f80d3dd..8ca5ac7 100644
145 ---- a/drivers/vhost/net.c
146 -+++ b/drivers/vhost/net.c
147 -@@ -150,6 +150,11 @@ static void vhost_net_ubuf_put_and_wait(struct vhost_net_ubuf_ref *ubufs)
148 - {
149 - kref_put(&ubufs->kref, vhost_net_zerocopy_done_signal);
150 - wait_event(ubufs->wait, !atomic_read(&ubufs->kref.refcount));
151 -+}
152 -+
153 -+static void vhost_net_ubuf_put_wait_and_free(struct vhost_net_ubuf_ref *ubufs)
154 -+{
155 -+ vhost_net_ubuf_put_and_wait(ubufs);
156 - kfree(ubufs);
157 - }
158 -
159 -@@ -948,7 +953,7 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)
160 - mutex_unlock(&vq->mutex);
161 -
162 - if (oldubufs) {
163 -- vhost_net_ubuf_put_and_wait(oldubufs);
164 -+ vhost_net_ubuf_put_wait_and_free(oldubufs);
165 - mutex_lock(&vq->mutex);
166 - vhost_zerocopy_signal_used(n, vq);
167 - mutex_unlock(&vq->mutex);
168 -@@ -966,7 +971,7 @@ err_used:
169 - rcu_assign_pointer(vq->private_data, oldsock);
170 - vhost_net_enable_vq(n, vq);
171 - if (ubufs)
172 -- vhost_net_ubuf_put_and_wait(ubufs);
173 -+ vhost_net_ubuf_put_wait_and_free(ubufs);
174 - err_ubufs:
175 - fput(sock->file);
176 - err_vq:
177 ---
178 -cgit v0.9.2
Report Message
Find on MARC Find on Google Groups