[lucid CVE 1/1] UBUNTU: SAUCE: rds_ib_send() -- prevent local pings triggering BUG_ON()
Andy Whitcroft
apw at canonical.com
Thu Jul 26 10:25:51 UTC 2012
Pining localhost on an infiniband connection can trigger a BUG_ON()
and cause a denial of service.
Fix identified by comparison of the RHEL source rpms.
CVE-2012-2372
BugLink: http://bugs.launchpad.net/bugs/1016299
Signed-off-by: Andy Whitcroft <apw at canonical.com>
---
net/rds/ib_send.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/rds/ib_send.c b/net/rds/ib_send.c
index 23bf830..6fac1a0 100644
--- a/net/rds/ib_send.c
+++ b/net/rds/ib_send.c
@@ -479,7 +479,7 @@ int rds_ib_xmit(struct rds_connection *conn, struct rds_message *rm,
int ret;
int flow_controlled = 0;
- BUG_ON(off % RDS_FRAG_SIZE);
+ BUG_ON(!conn->c_loopback && off % RDS_FRAG_SIZE);
BUG_ON(hdr_off != 0 && hdr_off != sizeof(struct rds_header));
/* FIXME we may overallocate here */
--
1.7.9.5
More information about the kernel-team
mailing list