diff options
| author | Laura Abbott <labbott@fedoraproject.org> | 2016-12-06 08:49:41 -0800 |
|---|---|---|
| committer | Laura Abbott <labbott@fedoraproject.org> | 2016-12-06 08:49:41 -0800 |
| commit | fe324f69901af83cb16ee086f3d284e67ed36e33 (patch) | |
| tree | bad4103c2fd2a1b5207f3971058cdf4582530cbd | |
| parent | 825deb57fe07b1d4e73467438146f3d8d96db6a1 (diff) | |
| download | kernel-fe324f69901af83cb16ee086f3d284e67ed36e33.tar.gz kernel-fe324f69901af83cb16ee086f3d284e67ed36e33.tar.xz kernel-fe324f69901af83cb16ee086f3d284e67ed36e33.zip | |
Linux v4.9-rc8-9-gd9d0452
- Fix DMA from stack in virtio-net (rhbz 1401612)
| -rw-r--r-- | gitrev | 2 | ||||
| -rw-r--r-- | kernel.spec | 9 | ||||
| -rw-r--r-- | sources | 1 | ||||
| -rw-r--r-- | virtio-net-Fix-DMA-from-the-stack-in-virtnet_set_mac_address.patch | 82 |
4 files changed, 92 insertions, 2 deletions
@@ -1 +1 @@ -2caceb3294a78c389b462e7e236a4e744a53a474 +d9d04527c79f0f7d9186272866526e871ef4ac6f diff --git a/kernel.spec b/kernel.spec index e4d9499e7..27c874fab 100644 --- a/kernel.spec +++ b/kernel.spec @@ -69,7 +69,7 @@ Summary: The Linux kernel # The rc snapshot level %global rcrev 8 # The git snapshot level -%define gitrev 0 +%define gitrev 1 # Set rpm version accordingly %define rpmversion 4.%{upstream_sublevel}.0 %endif @@ -621,6 +621,9 @@ Patch665: netfilter-x_tables-deal-with-bogus-nextoffset-values.patch #ongoing complaint, full discussion delayed until ksummit/plumbers Patch849: 0001-iio-Use-event-header-from-kernel-tree.patch +#rhbz 1401612 +Patch850: virtio-net-Fix-DMA-from-the-stack-in-virtnet_set_mac_address.patch + # END OF PATCH DEFINITIONS %endif @@ -2168,6 +2171,10 @@ fi # # %changelog +* Tue Dec 06 2016 Laura Abbott <labbott@fedoraproject.org> - 4.9.0-0.rc8.git1.1 +- Linux v4.9-rc8-9-gd9d0452 +- Fix DMA from stack in virtio-net (rhbz 1401612) + * Tue Dec 06 2016 Laura Abbott <labbott@fedoraproject.org> - Reenable debugging options. @@ -1,3 +1,4 @@ c1af0afbd3df35c1ccdc7a5118cd2d07 linux-4.8.tar.xz 0dad03f586e835d538d3e0d2cbdb9a28 perf-man-4.8.tar.gz 0325bf5c99db7ad4317707afe23aa954 patch-4.9-rc8.xz +8d3883138f338758fd9651ae6259e95b patch-4.9-rc8-git1.xz diff --git a/virtio-net-Fix-DMA-from-the-stack-in-virtnet_set_mac_address.patch b/virtio-net-Fix-DMA-from-the-stack-in-virtnet_set_mac_address.patch new file mode 100644 index 000000000..1a392f929 --- /dev/null +++ b/virtio-net-Fix-DMA-from-the-stack-in-virtnet_set_mac_address.patch @@ -0,0 +1,82 @@ +From patchwork Tue Dec 6 02:10:58 2016 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +Subject: virtio-net: Fix DMA-from-the-stack in virtnet_set_mac_address() +From: Andy Lutomirski <luto@kernel.org> +X-Patchwork-Id: 702984 +X-Patchwork-Delegate: davem@davemloft.net +Message-Id: <fe889e578d5dffa9ae0834b449a35fcfd1e10694.1480990173.git.luto@kernel.org> +To: netdev@vger.kernel.org +Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux-foundation.org, + Andy Lutomirski <luto@kernel.org>, + "Michael S . Tsirkin" <mst@redhat.com>, Jason Wang <jasowang@redhat.com>, + Laura Abbott <labbott@redhat.com> +Date: Mon, 5 Dec 2016 18:10:58 -0800 + +With CONFIG_VMAP_STACK=y, virtnet_set_mac_address() can be passed a +pointer to the stack and it will OOPS. Copy the address to the heap +to prevent the crash. + +Cc: Michael S. Tsirkin <mst@redhat.com> +Cc: Jason Wang <jasowang@redhat.com> +Cc: Laura Abbott <labbott@redhat.com> +Reported-by: zbyszek@in.waw.pl +Signed-off-by: Andy Lutomirski <luto@kernel.org> +Acked-by: Jason Wang <jasowang@redhat.com> +Acked-by: Michael S. Tsirkin <mst@redhat.com> +--- + +Very lightly tested. + + drivers/net/virtio_net.c | 19 ++++++++++++++----- + 1 file changed, 14 insertions(+), 5 deletions(-) + +diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c +index 7276d5a95bd0..cbf1c613c67a 100644 +--- a/drivers/net/virtio_net.c ++++ b/drivers/net/virtio_net.c +@@ -969,12 +969,17 @@ static int virtnet_set_mac_address(struct net_device *dev, void *p) + struct virtnet_info *vi = netdev_priv(dev); + struct virtio_device *vdev = vi->vdev; + int ret; +- struct sockaddr *addr = p; ++ struct sockaddr *addr; + struct scatterlist sg; + +- ret = eth_prepare_mac_addr_change(dev, p); ++ addr = kmalloc(sizeof(*addr), GFP_KERNEL); ++ if (!addr) ++ return -ENOMEM; ++ memcpy(addr, p, sizeof(*addr)); ++ ++ ret = eth_prepare_mac_addr_change(dev, addr); + if (ret) +- return ret; ++ goto out; + + if (virtio_has_feature(vdev, VIRTIO_NET_F_CTRL_MAC_ADDR)) { + sg_init_one(&sg, addr->sa_data, dev->addr_len); +@@ -982,7 +987,8 @@ static int virtnet_set_mac_address(struct net_device *dev, void *p) + VIRTIO_NET_CTRL_MAC_ADDR_SET, &sg)) { + dev_warn(&vdev->dev, + "Failed to set mac address by vq command.\n"); +- return -EINVAL; ++ ret = -EINVAL; ++ goto out; + } + } else if (virtio_has_feature(vdev, VIRTIO_NET_F_MAC) && + !virtio_has_feature(vdev, VIRTIO_F_VERSION_1)) { +@@ -996,8 +1002,11 @@ static int virtnet_set_mac_address(struct net_device *dev, void *p) + } + + eth_commit_mac_addr_change(dev, p); ++ ret = 0; + +- return 0; ++out: ++ kfree(addr); ++ return ret; + } + + static struct rtnl_link_stats64 *virtnet_stats(struct net_device *dev, |