[SRU][Cosmic][Bionic][Xenial][PATCH 0/2] Fixes for LP1800639 [v2]

Frank Heimes frank.heimes at canonical.com
Fri Nov 2 19:19:54 UTC 2018 

BugLink: http://bugs.launchpad.net/bugs/1800639

== SRU Justification ==

'Fix socket buffer (skb) leaks for HiperTransport'
Description: net/af_iucv: fix skb leaks for HiperTransport
Symptom: Memory leaks and/or double-freed network packets.
Problem: Inbound packets may have any combination of flag bits set in
their iucv header. Current code only handles certain
combinations, and ignores (ie. leaks) all packets with other flags.

On Transmit, current code is inconsistent about whether the error
paths need to free the skb. Depending on which error path is
taken, it may either get freed twice, or leak.
Solution: On receive, drop any skb with an unexpected combination of iucv
Header flags.
On transmit, be consistent in all error paths about free'ing the skb.

== Fix ==

2224409 ("net/af_iucv: drop inbound packets with invalid flags")
b2f5439 ("net/af_iucv: fix skb handling on HiperTransport xmit error")

== Regression Potential ==

Low, because:
- IUCV functionality is very special to s390x
- and even more special because it's only supported in z/VM environments
  (z/VM hypervisor to guest or guest to guest communications)
- So everything is s390x specific.
- Patch is limited to this single file: /net/iucv/af_iucv.c
- This was identified as problem situation by IBM
  then fixed, the fix tested and now needs to rolled out as preventive fix.

== Test Case ==

Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest:
https://www.ibm.com/support/knowledgecenter/en/linuxonibm/com.ibm.linux.z.ludd/ludd_r_afiucv_setup.html
Provoke an error situation.
This is btw. hard to do, because the 'Inter-User Communication Vehicle"
(IUCV) is a virtual z/VM internal
network that does not use any real media.
To check for regressions one can use a shell over an ssh connection using
an IUCV interface
or use an application that utilizes AF_IUCV sockets (like ICC).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20181102/458a7f1b/attachment.html>

More information about the kernel-team mailing list