Updated bug description with comment #3 ** Description changed:
- Description: qeth: Fix potential array overrun in cmd/rc lookup - Symptom: Infinite loop when processing a received cmd. - Problem: qeth_get_ipa_cmd_name() and qeth_get_ipa_msg() are used - to build human-readable messages for received cmd data. + Description: net/af_iucv: fix skb leaks for HiperTransport + Symptom: Memory leaks and/or double-freed network packets. + Problem: Inbound packets may have any combination of flag bits set in + their iucv header. Current code only handles certain + combinations, and ignores (ie. leaks) all packets with other + flags. - They store the to-be translated value in the last entry of a - global array, and then iterate over each entry until they found - the queried value (and the corresponding message string). - If there is no prior match, the lookup is intended to stop at - the final entry (which was previously prepared). + On Transmit, current code is inconsistent about whether the error + paths need to free the skb. Depending on which error path is + taken, it may either get freed twice, or leak. + Solution: On receive, drop any skb with an unexpected combination of iucv + Header flags. + On transmit, be consistent in all error paths about free'ing the + skb. - If two qeth devices are concurrently processing a received cmd, - one lookup can over-write the last entry of the global array - while a second lookup is in process. This second lookup will then - never hit its stop-condition, and loop. + kerne 4.19 + Upstream-ID: 222440996d6daf635bed6cb35041be22ede3e8a0 + b2f543949acd1ba64313fdad9e672ef47550d773 - Solution: Remove the modification of the global array, and limit the number - of iterations to the size of the array. - - Upstream-ID: kernel 4.19 - - 065a2cdcbdf8eb9aefb66e1a24b2d684b8b8852b - - 048a7f8b4ec085d5c56ad4a3bf450389a4aed5f9 Should also be applied, to all other Ubuntu Releases in the field ! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1800639 Title: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1800639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
