ACK: [SRU][Cosmic][Bionic][Xenial][PATCH 0/2] Fixes for LP1800639 [v2]
stefan.bader at canonical.com
Tue Nov 6 12:57:23 UTC 2018
On 02.11.18 20:19, Frank Heimes wrote:
> BugLink: http://bugs.launchpad.net/bugs/1800639
> == SRU Justification ==
> 'Fix socket buffer (skb) leaks for HiperTransport'
> Description: net/af_iucv: fix skb leaks for HiperTransport
> Symptom: Memory leaks and/or double-freed network packets.
> Problem: Inbound packets may have any combination of flag bits set in
> their iucv header. Current code only handles certain
> combinations, and ignores (ie. leaks) all packets with other flags.
> On Transmit, current code is inconsistent about whether the error
> paths need to free the skb. Depending on which error path is
> taken, it may either get freed twice, or leak.
> Solution: On receive, drop any skb with an unexpected combination of iucv
> Header flags.
> On transmit, be consistent in all error paths about free'ing the skb.
> == Fix ==
> 2224409 ("net/af_iucv: drop inbound packets with invalid flags")
> b2f5439 ("net/af_iucv: fix skb handling on HiperTransport xmit error")
> == Regression Potential ==
> Low, because:
> - IUCV functionality is very special to s390x
> - and even more special because it's only supported in z/VM environments
> (z/VM hypervisor to guest or guest to guest communications)
> - So everything is s390x specific.
> - Patch is limited to this single file: /net/iucv/af_iucv.c
> - This was identified as problem situation by IBM
> then fixed, the fix tested and now needs to rolled out as preventive fix.
> == Test Case ==
> Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest:
> Provoke an error situation.
> This is btw. hard to do, because the 'Inter-User Communication Vehicle" (IUCV)
> is a virtual z/VM internal
> network that does not use any real media.
> To check for regressions one can use a shell over an ssh connection using an
> IUCV interface
> or use an application that utilizes AF_IUCV sockets (like ICC).
Acked-by: Stefan Bader <stefan.bader at canonical.com>
... still not liking HTML mails...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the kernel-team