[kernel] CVE-2011-3347: be2net: promiscuous mode and non-member VLAN packets DoS (rhbz 748691)
Josh Boyer
jwboyer at fedoraproject.org
Tue Oct 25 19:11:25 UTC 2011
commit 78ef95d1929b11d2bf2fd082a4106e7597415f30
Author: Josh Boyer <jwboyer at redhat.com>
Date: Tue Oct 25 13:52:02 2011 -0400
CVE-2011-3347: be2net: promiscuous mode and non-member VLAN packets DoS
(rhbz 748691)
...member-vlan-pkts-not-received-in-promisco.patch | 63 ++++++++++++++++++++
benet-remove-bogus-unlikely-on-vlan-check.patch | 39 ++++++++++++
kernel.spec | 9 +++
3 files changed, 111 insertions(+), 0 deletions(-)
---
diff --git a/be2net-non-member-vlan-pkts-not-received-in-promisco.patch b/be2net-non-member-vlan-pkts-not-received-in-promisco.patch
new file mode 100644
index 0000000..866473e
--- /dev/null
+++ b/be2net-non-member-vlan-pkts-not-received-in-promisco.patch
@@ -0,0 +1,63 @@
+From c0e64ef4899df4cedc872871e54e2c069d29e519 Mon Sep 17 00:00:00 2001
+From: Sathya Perla <sathya.perla at emulex.com>
+Date: Tue, 2 Aug 2011 19:57:43 +0000
+Subject: [PATCH] be2net: non-member vlan pkts not received in promiscous mode
+
+While configuring promiscous mode, explicitly set the
+VLAN_PROMISCOUS bit to make this happen. When switching off
+promiscous mode, re-program the vids.
+
+Signed-off-by: Xavier Selvin <xavier.selvin at emulex.com>
+Signed-off-by: Sathya Perla <sathya.perla at emulex.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ drivers/net/benet/be_cmds.c | 6 ++++--
+ drivers/net/benet/be_main.c | 7 +++++++
+ 2 files changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/benet/be_cmds.c b/drivers/net/benet/be_cmds.c
+index 1c25dbd..73fd949 100644
+--- a/drivers/net/benet/be_cmds.c
++++ b/drivers/net/benet/be_cmds.c
+@@ -1586,9 +1586,11 @@ int be_cmd_promiscuous_config(struct be_adapter *adapter, bool en)
+ OPCODE_COMMON_NTWK_RX_FILTER, sizeof(*req));
+
+ req->if_id = cpu_to_le32(adapter->if_handle);
+- req->if_flags_mask = cpu_to_le32(BE_IF_FLAGS_PROMISCUOUS);
++ req->if_flags_mask = cpu_to_le32(BE_IF_FLAGS_PROMISCUOUS
++ | BE_IF_FLAGS_VLAN_PROMISCUOUS);
+ if (en)
+- req->if_flags = cpu_to_le32(BE_IF_FLAGS_PROMISCUOUS);
++ req->if_flags = cpu_to_le32(BE_IF_FLAGS_PROMISCUOUS
++ | BE_IF_FLAGS_VLAN_PROMISCUOUS);
+
+ sge->pa_hi = cpu_to_le32(upper_32_bits(promiscous_cmd.dma));
+ sge->pa_lo = cpu_to_le32(promiscous_cmd.dma & 0xFFFFFFFF);
+diff --git a/drivers/net/benet/be_main.c b/drivers/net/benet/be_main.c
+index 3b2c5e6..32a5b11 100644
+--- a/drivers/net/benet/be_main.c
++++ b/drivers/net/benet/be_main.c
+@@ -728,6 +728,10 @@ static int be_vid_config(struct be_adapter *adapter, bool vf, u32 vf_num)
+ status = be_cmd_vlan_config(adapter, if_handle, vtag, 1, 1, 0);
+ }
+
++ /* No need to further configure vids if in promiscuous mode */
++ if (adapter->promiscuous)
++ return 0;
++
+ if (adapter->vlans_added <= adapter->max_vlans) {
+ /* Construct VLAN Table to give to HW */
+ for (i = 0; i < VLAN_N_VID; i++) {
+@@ -787,6 +791,9 @@ static void be_set_multicast_list(struct net_device *netdev)
+ if (adapter->promiscuous) {
+ adapter->promiscuous = false;
+ be_cmd_promiscuous_config(adapter, false);
++
++ if (adapter->vlans_added)
++ be_vid_config(adapter, false, 0);
+ }
+
+ /* Enable multicast promisc if num configured exceeds what we support */
+--
+1.7.6.4
+
diff --git a/benet-remove-bogus-unlikely-on-vlan-check.patch b/benet-remove-bogus-unlikely-on-vlan-check.patch
new file mode 100644
index 0000000..08c0081
--- /dev/null
+++ b/benet-remove-bogus-unlikely-on-vlan-check.patch
@@ -0,0 +1,39 @@
+From 82f15998fafe683add83f7a11b2e25f919b3cd2d Mon Sep 17 00:00:00 2001
+From: Jiri Pirko <jpirko at redhat.com>
+Date: Tue, 25 Oct 2011 13:47:16 -0400
+Subject: [PATCH] benet: remove bogus "unlikely" on vlan check
+
+Use of unlikely in this place is wrong. Remove it.
+
+Signed-off-by: Jiri Pirko <jpirko at redhat.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+Backported-by: Josh Boyer <jwboyer at redhat.com>
+---
+ drivers/net/benet/be_main.c | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/benet/be_main.c b/drivers/net/benet/be_main.c
+index c411bb1..6df0c7e 100644
+--- a/drivers/net/benet/be_main.c
++++ b/drivers/net/benet/be_main.c
+@@ -1192,7 +1192,7 @@ static void be_rx_compl_process(struct be_adapter *adapter,
+ skb->rxhash = rxcp->rss_hash;
+
+
+- if (unlikely(rxcp->vlanf))
++ if (rxcp->vlanf)
+ __vlan_hwaccel_put_tag(skb, rxcp->vlan_tag);
+
+ netif_receive_skb(skb);
+@@ -1249,7 +1249,7 @@ static void be_rx_compl_process_gro(struct be_adapter *adapter,
+ if (adapter->netdev->features & NETIF_F_RXHASH)
+ skb->rxhash = rxcp->rss_hash;
+
+- if (unlikely(rxcp->vlanf))
++ if (rxcp->vlanf)
+ __vlan_hwaccel_put_tag(skb, rxcp->vlan_tag);
+
+ napi_gro_frags(&eq_obj->napi);
+--
+1.7.6.4
+
diff --git a/kernel.spec b/kernel.spec
index b9cbb01..a4834e7 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -758,6 +758,10 @@ Patch21002: mmc-Always-check-for-lower-base-frequency-quirk-for-.patch
Patch21020: 0001-mm-vmscan-Limit-direct-reclaim-for-higher-order-allo.patch
Patch21021: 0002-mm-Abort-reclaim-compaction-if-compaction-can-procee.patch
+#rhbz 748691
+Patch21030: be2net-non-member-vlan-pkts-not-received-in-promisco.patch
+Patch21031: benet-remove-bogus-unlikely-on-vlan-check.patch
+
%endif
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1398,6 +1402,10 @@ ApplyPatch utrace.patch
ApplyPatch 0001-mm-vmscan-Limit-direct-reclaim-for-higher-order-allo.patch
ApplyPatch 0002-mm-Abort-reclaim-compaction-if-compaction-can-procee.patch
+#rhbz 748691
+ApplyPatch be2net-non-member-vlan-pkts-not-received-in-promisco.patch
+ApplyPatch benet-remove-bogus-unlikely-on-vlan-check.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2107,6 +2115,7 @@ fi
# || ||
%changelog
* Tue Oct 25 2011 Josh Boyer <jwboyer at redhat.com>
+- CVE-2011-3347: be2net: promiscuous mode and non-member VLAN packets DoS (rhbz 748691)
- CVE-2011-1083: excessive in kernel CPU consumption when creating large nested epoll structures (rhbz 748668)
* Mon Oct 24 2011 Josh Boyer <jwboyer at redhat.com>
More information about the scm-commits
mailing list