Linux v5.1.14
This commit is contained in:
Jeremy Cline
parent
cb24ef5a29
commit
8b86310fda
4 changed files with 5 additions and 146 deletions
|
|
@ -1,33 +0,0 @@
|
|||
From 7500096ef55989594c5e699a8ea078110bd3fc1a Mon Sep 17 00:00:00 2001
|
||||
From: Florian Westphal <fw@strlen.de>
|
||||
Date: Mon, 20 May 2019 13:48:10 +0200
|
||||
Subject: [PATCH] netfilter: nat: fix udp checksum corruption
|
||||
|
||||
Due to copy&paste error nf_nat_mangle_udp_packet passes IPPROTO_TCP,
|
||||
resulting in incorrect udp checksum when payload had to be mangled.
|
||||
|
||||
Fixes: dac3fe72596f9 ("netfilter: nat: remove csum_recalc hook")
|
||||
Reported-by: Marc Haber <mh+netdev@zugschlus.de>
|
||||
Tested-by: Marc Haber <mh+netdev@zugschlus.de>
|
||||
Signed-off-by: Florian Westphal <fw@strlen.de>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
---
|
||||
net/netfilter/nf_nat_helper.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/net/netfilter/nf_nat_helper.c b/net/netfilter/nf_nat_helper.c
|
||||
index ccc06f7539d7..53aeb12b70fb 100644
|
||||
--- a/net/netfilter/nf_nat_helper.c
|
||||
+++ b/net/netfilter/nf_nat_helper.c
|
||||
@@ -170,7 +170,7 @@ nf_nat_mangle_udp_packet(struct sk_buff *skb,
|
||||
if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL)
|
||||
return true;
|
||||
|
||||
- nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_TCP,
|
||||
+ nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_UDP,
|
||||
udph, &udph->check, datalen, oldlen);
|
||||
|
||||
return true;
|
||||
--
|
||||
2.21.0
|
||||
|
||||
12
kernel.spec
12
kernel.spec
|
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 12
|
||||
%define stable_update 14
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
|
@ -615,9 +615,6 @@ Patch536: scsi-mpt3sas_ctl-fix-double-fetch-bug-in_ctl_ioctl_main.patch
|
|||
# CVE-2019-12614 rhbz 1718176 1718185
|
||||
Patch538: powerpc-fix-a-missing-check-in-dlpar_parse_cc_property.patch
|
||||
|
||||
# Mainlined, https://bugzilla.redhat.com/show_bug.cgi?id=1716289
|
||||
Patch540: 0001-netfilter-nat-fix-udp-checksum-corruption.patch
|
||||
|
||||
# CVE-2019-10126 rhbz 1716992 1720122
|
||||
Patch541: mwifiex-Fix-heap-overflow-in-mwifiex_uap_parse_tail_ies.patch
|
||||
|
||||
|
|
@ -628,10 +625,6 @@ Patch542: 0001-platform-x86-asus-wmi-Only-Tell-EC-the-OS-will-handl.patch
|
|||
Patch544: drm-panel-orientation-quirks.patch
|
||||
Patch545: efi-bgrt-acpi6.2-support.patch
|
||||
|
||||
# https://github.com/ValveSoftware/steam-for-linux/issues/6326#issuecomment-504606826
|
||||
# https://patchwork.ozlabs.org/patch/1120222/
|
||||
Patch546: net-tcp-refine-memory-limit-test-in-tcp_fragment.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -1870,6 +1863,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Mon Jun 24 2019 Jeremy Cline <jcline@redhat.com> - 5.1.14-200
|
||||
- Linux v5.1.14
|
||||
|
||||
* Wed Jun 19 2019 Jeremy Cline <jcline@redhat.com> - 5.1.12-200
|
||||
- Linux v5.1.12
|
||||
|
||||
|
|
|
|||
|
|
@ -1,104 +0,0 @@
|
|||
From patchwork Fri Jun 21 13:09:55 2019
|
||||
Content-Type: text/plain; charset="utf-8"
|
||||
MIME-Version: 1.0
|
||||
Content-Transfer-Encoding: 7bit
|
||||
X-Patchwork-Submitter: Eric Dumazet <edumazet@google.com>
|
||||
X-Patchwork-Id: 1120222
|
||||
X-Patchwork-Delegate: davem@davemloft.net
|
||||
Return-Path: <netdev-owner@vger.kernel.org>
|
||||
X-Original-To: patchwork-incoming-netdev@ozlabs.org
|
||||
Delivered-To: patchwork-incoming-netdev@ozlabs.org
|
||||
Authentication-Results: ozlabs.org;
|
||||
spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
|
||||
(client-ip=209.132.180.67; helo=vger.kernel.org;
|
||||
envelope-from=netdev-owner@vger.kernel.org;
|
||||
receiver=<UNKNOWN>)
|
||||
Authentication-Results: ozlabs.org; dmarc=pass (p=reject dis=none)
|
||||
header.from=google.com
|
||||
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
|
||||
unprotected) header.d=google.com header.i=@google.com
|
||||
header.b="cwUC/BgC"; dkim-atps=neutral
|
||||
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
|
||||
by ozlabs.org (Postfix) with ESMTP id 45VfDV1sXMz9s4Y
|
||||
for <patchwork-incoming-netdev@ozlabs.org>;
|
||||
Fri, 21 Jun 2019 23:10:02 +1000 (AEST)
|
||||
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
|
||||
id S1726898AbfFUNKA (ORCPT
|
||||
<rfc822;patchwork-incoming-netdev@ozlabs.org>);
|
||||
Fri, 21 Jun 2019 09:10:00 -0400
|
||||
Received: from mail-qk1-f201.google.com ([209.85.222.201]:55594 "EHLO
|
||||
mail-qk1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
|
||||
with ESMTP id S1726285AbfFUNKA (ORCPT
|
||||
<rfc822;netdev@vger.kernel.org>); Fri, 21 Jun 2019 09:10:00 -0400
|
||||
Received: by mail-qk1-f201.google.com with SMTP id p206so7417547qke.22
|
||||
for <netdev@vger.kernel.org>; Fri, 21 Jun 2019 06:09:59 -0700 (PDT)
|
||||
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025;
|
||||
h=date:message-id:mime-version:subject:from:to:cc;
|
||||
bh=l+B6a9nBzRCfLuir3Z6pi3stYHyjDaAL9NKv8M9pOhQ=;
|
||||
b=cwUC/BgClX46gMepC8mcQNZuDwHEth/A9TkLba8xOn5rTtDSi71ILI9TEibLGmBVJi
|
||||
LtDMoATUpcymBI3iU875rYUhT9V2FrHw0UTJUaW9NILXMLrta1vtq6nPkqxWQ/lSMuvY
|
||||
bJEWcEyRWcpbBPM3UPKvAHfNOFPEBsaSMmNHj0VOAOyzq9+N7iVrLqbKLSjUaiFt1wsB
|
||||
lEoVl+3WH+GR7KA3+IFb/Mm21z00eXib4a5d+Q8ClkFVG8m64FBxbj4/F/XDPX0JEFc2
|
||||
StNqKxtcW96V6dizyKoBiYyFZ2RQT3vOjrEN2Bs/c+wqz/ZodCPBLm1TqdJ3SbQuvtc0
|
||||
tu/w==
|
||||
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
|
||||
d=1e100.net; s=20161025;
|
||||
h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc;
|
||||
bh=l+B6a9nBzRCfLuir3Z6pi3stYHyjDaAL9NKv8M9pOhQ=;
|
||||
b=P27helbCsrZvT55gexFM6RdG73wXPIK6x7Ubuy4dWNliE3xG/jy51+Tdc2a2Z1Duwr
|
||||
DO7k0S5+Ojrek4sWT+eVs3IwyBXBOlC3WCsZPIzndxnAj+0DR3V7/O45XA3IdR6DmK3u
|
||||
gU8Rf1EJ942zNC1UiaXEwArmv1HmSxhvguaGyv/7h89cTAMYxf5E85m8wwKiVRswEBLS
|
||||
XeBjD7lFoON1JE3t7kpQlS42sx3wbDFhkZzezCfZ9BjwFet/drBa5AG2gm4/sgthT9+g
|
||||
y3HBN9ZebCKtPi65bZztBWueIw+1kwTVeprSFdqjiNS91aXoYg/S7IARnL2WPvpbGvuZ
|
||||
fmdA==
|
||||
X-Gm-Message-State: APjAAAVdhEIzo7wqf9Lzm1rFsRUD2uLDPYFiEGRhs2IgadLs2kBzCg9L
|
||||
Jda4Ih9Yf+kvZmoJIo3hfXF2Mjywu6aG9Q==
|
||||
X-Google-Smtp-Source: APXvYqxTuByYPwtrE0Qmep6wftktnh3vfQqzeqQorc3Sx+GxWKcHyrsrL22gdHU+4kaxgpxNU6bDsckFwpaThg==
|
||||
X-Received: by 2002:aed:3f10:: with SMTP id
|
||||
p16mr52527157qtf.110.1561122599139;
|
||||
Fri, 21 Jun 2019 06:09:59 -0700 (PDT)
|
||||
Date: Fri, 21 Jun 2019 06:09:55 -0700
|
||||
Message-Id: <20190621130955.147974-1-edumazet@google.com>
|
||||
Mime-Version: 1.0
|
||||
X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog
|
||||
Subject: [PATCH net] tcp: refine memory limit test in tcp_fragment()
|
||||
From: Eric Dumazet <edumazet@google.com>
|
||||
To: "David S . Miller" <davem@davemloft.net>
|
||||
Cc: netdev <netdev@vger.kernel.org>, Eric Dumazet <edumazet@google.com>,
|
||||
Eric Dumazet <eric.dumazet@gmail.com>, Christoph Paasch <cpaasch@apple.com>
|
||||
Content-Type: text/plain; charset="UTF-8"
|
||||
Sender: netdev-owner@vger.kernel.org
|
||||
Precedence: bulk
|
||||
List-ID: <netdev.vger.kernel.org>
|
||||
X-Mailing-List: netdev@vger.kernel.org
|
||||
|
||||
tcp_fragment() might be called for skbs in the write queue.
|
||||
|
||||
Memory limits might have been exceeded because tcp_sendmsg() only
|
||||
checks limits at full skb (64KB) boundaries.
|
||||
|
||||
Therefore, we need to make sure tcp_fragment() wont punish applications
|
||||
that might have setup very low SO_SNDBUF values.
|
||||
|
||||
Fixes: f070ef2ac667 ("tcp: tcp_fragment() should apply sane memory limits")
|
||||
Signed-off-by: Eric Dumazet <edumazet@google.com>
|
||||
Reported-by: Christoph Paasch <cpaasch@apple.com>
|
||||
Tested-by: Christoph Paasch <cpaasch@apple.com>
|
||||
---
|
||||
net/ipv4/tcp_output.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
|
||||
index 00c01a01b547ec67c971dc25a74c9258563cf871..0ebc33d1c9e5099d163a234930e213ee35e9fbd1 100644
|
||||
--- a/net/ipv4/tcp_output.c
|
||||
+++ b/net/ipv4/tcp_output.c
|
||||
@@ -1296,7 +1296,8 @@ int tcp_fragment(struct sock *sk, enum tcp_queue tcp_queue,
|
||||
if (nsize < 0)
|
||||
nsize = 0;
|
||||
|
||||
- if (unlikely((sk->sk_wmem_queued >> 1) > sk->sk_sndbuf)) {
|
||||
+ if (unlikely((sk->sk_wmem_queued >> 1) > sk->sk_sndbuf &&
|
||||
+ tcp_queue != TCP_FRAG_IN_WRITE_QUEUE)) {
|
||||
NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPWQUEUETOOBIG);
|
||||
return -ENOMEM;
|
||||
}
|
||||
2
sources
2
sources
|
|
@ -1,2 +1,2 @@
|
|||
SHA512 (linux-5.1.tar.xz) = ae96f347badc95f1f3acf506c52b6cc23c0bd09ce8f4ce6705d4b4058b62593059bba1bc603c8d8b00a2f19131e7e56c31ac62b45883a346fa61d655e178f236
|
||||
SHA512 (patch-5.1.12.xz) = ebd6d0f8ab5f1f84e9213793c89fd43ebaeaddec067b56aeec7a68af85c44f4e2d7784ca5a429cf3be5b0b433cd9de0839dc80c41238fad4e4df78b8db971c3f
|
||||
SHA512 (patch-5.1.14.xz) = 89e30bc46994f078ad97dc6076b40d3ad224627119421c48835018bdb2ff0970a45a692200a9cfcce70e97ed1495b035c6a7abd039f41c935f786d73d45d82e9
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue