From patchwork Mon Oct 22 18:12:54 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jay Fenlason X-Patchwork-Id: 1627491 Return-Path: X-Original-To: patchwork-linux-rdma@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork1.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork1.kernel.org (Postfix) with ESMTP id 115E14020E for ; Mon, 22 Oct 2012 18:12:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755993Ab2JVSM5 (ORCPT ); Mon, 22 Oct 2012 14:12:57 -0400 Received: from mx1.redhat.com ([209.132.183.28]:13524 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755986Ab2JVSM4 (ORCPT ); Mon, 22 Oct 2012 14:12:56 -0400 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q9MICuw4015561 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 22 Oct 2012 14:12:56 -0400 Received: from redhat.com (fenlason-desk.boston.devel.redhat.com [10.16.60.27]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id q9MICsxt015372 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 22 Oct 2012 14:12:56 -0400 Date: Mon, 22 Oct 2012 14:12:54 -0400 From: Jay Fenlason To: linux-kernel@vger.kernel.org, linux-rdma@vger.kernel.org Cc: stable@vger.kernel.org Subject: [PATCH] prevent CVE-2012-2372 rds-ping causes kernel panic Message-ID: <20121022181253.GA13736@redhat.com> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-12-10) X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 Sender: linux-rdma-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-rdma@vger.kernel.org If you use rds-ping of the local IP address of some Infiniband HCAs (QLogic, possibly others) the machine will panic with a BUG_ON due to an overly restrictive check. Loosen the restriction a bit This should have gotten sent a while ago (it was first noticed in https://bugzilla.redhat.com/show_bug.cgi?id=803936 and patched in kernel-2.6.32-275.el6) but I got confused about its embargo status and lost it. Signed-off-by: Jay Fenlason --- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/rds/ib_send.c b/net/rds/ib_send.c index e590949..7920c85 100644 --- a/net/rds/ib_send.c +++ b/net/rds/ib_send.c @@ -544,7 +544,7 @@ int rds_ib_xmit(struct rds_connection *conn, struct rds_message *rm, int flow_controlled = 0; int nr_sig = 0; - BUG_ON(off % RDS_FRAG_SIZE); + BUG_ON(!conn->c_loopback && off % RDS_FRAG_SIZE); BUG_ON(hdr_off != 0 && hdr_off != sizeof(struct rds_header)); /* Do not send cong updates to IB loopback */