patches/kernel/0269-ipv6-prevent-speculative-execution.patch

   1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
   2 From: Elena Reshetova <elena.reshetova@intel.com>
   3 Date: Mon, 4 Sep 2017 13:11:53 +0300
   4 Subject: [PATCH] ipv6: prevent speculative execution
   5 MIME-Version: 1.0
   6 Content-Type: text/plain; charset=UTF-8
   7 Content-Transfer-Encoding: 8bit
   8
   9 CVE-2017-5753
  10 CVE-2017-5715
  11
  12 Real commit text tbd
  13
  14 Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
  15 Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
  16 Signed-off-by: Andy Whitcroft <apw@canonical.com>
  17 Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
  18 (cherry picked from commit fdb98114a31aa5c0083bd7cd5b42ea569b6f77dc)
  19 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
  20 ---
  21  net/ipv6/raw.c | 1 +
  22  1 file changed, 1 insertion(+)
  23
  24 diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
  25 index 60be012fe708..1a0eae661512 100644
  26 --- a/net/ipv6/raw.c
  27 +++ b/net/ipv6/raw.c
  28 @@ -726,6 +726,7 @@ static int raw6_getfrag(void *from, char *to, int offset, int len, int odd,
  29         if (offset < rfv->hlen) {
  30                 int copy = min(rfv->hlen - offset, len);
  31
  32 +               gmb();
  33                 if (skb->ip_summed == CHECKSUM_PARTIAL)
  34                         memcpy(to, rfv->c + offset, copy);
  35                 else
  36 --
  37 2.14.2
  38