diff options
| author | Ben Hutchings <ben@decadent.org.uk> | 2016-05-23 00:47:15 +0100 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2016-05-23 00:47:15 +0100 |
| commit | 3cbe9e18c148f8bd5422ec329789c032e7f5d7ac (patch) | |
| tree | cefc0e950b4b5d6b3829d1c566b0677a745180f1 | |
| parent | 342ba3d57d1f27c9cde461b27fb40a137ca0e75b (diff) | |
| download | kernel_replicant_linux-3cbe9e18c148f8bd5422ec329789c032e7f5d7ac.tar.gz kernel_replicant_linux-3cbe9e18c148f8bd5422ec329789c032e7f5d7ac.tar.bz2 kernel_replicant_linux-3cbe9e18c148f8bd5422ec329789c032e7f5d7ac.zip | |
aufs: Update support patches to aufs4.5-20160523
- mmap: Fix use-after-free in remap_file_pages(2)
| -rw-r--r-- | debian/changelog | 4 | ||||
| -rw-r--r-- | debian/patches/features/all/aufs4/aufs4-base.patch | 2 | ||||
| -rw-r--r-- | debian/patches/features/all/aufs4/aufs4-mmap.patch | 33 | ||||
| -rw-r--r-- | debian/patches/features/all/aufs4/aufs4-standalone.patch | 2 |
4 files changed, 31 insertions, 10 deletions
diff --git a/debian/changelog b/debian/changelog index 5f83fb7ad0a5..15d4f657b3a9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,10 @@ linux (4.5.4-2) UNRELEASED; urgency=medium [ Salvatore Bonaccorso ] * tipc: check nl sock before parsing nested attributes (CVE-2016-4951) + [ Ben Hutchings ] + * aufs: Update support patches to aufs4.5-20160523 + - mmap: Fix use-after-free in remap_file_pages(2) + -- Salvatore Bonaccorso <carnil@debian.org> Sat, 21 May 2016 16:47:59 +0200 linux (4.5.4-1) unstable; urgency=medium diff --git a/debian/patches/features/all/aufs4/aufs4-base.patch b/debian/patches/features/all/aufs4/aufs4-base.patch index edf09336a8c3..7e334149efaa 100644 --- a/debian/patches/features/all/aufs4/aufs4-base.patch +++ b/debian/patches/features/all/aufs4/aufs4-base.patch @@ -1,7 +1,7 @@ From: J. R. Okajima <hooanon05@yahoo.co.jp> Date: Wed Mar 16 17:10:20 2016 +0900 Subject: aufs4.5 base patch -Origin: https://github.com/sfjro/aufs4-standalone/tree/91164538a2f52c72b79a657ca3675cb55152413d +Origin: https://github.com/sfjro/aufs4-standalone/tree/0ebb0adcc850096856d38fa1f6ab0ce35244f9bf Bug-Debian: https://bugs.debian.org/541828 Patch headers added by debian/patches/features/all/aufs4/gen-patch diff --git a/debian/patches/features/all/aufs4/aufs4-mmap.patch b/debian/patches/features/all/aufs4/aufs4-mmap.patch index 6f91c6c3b05f..9308a320b3ed 100644 --- a/debian/patches/features/all/aufs4/aufs4-mmap.patch +++ b/debian/patches/features/all/aufs4/aufs4-mmap.patch @@ -1,7 +1,7 @@ From: J. R. Okajima <hooanon05@yahoo.co.jp> -Date: Wed Mar 16 17:10:20 2016 +0900 +Date: Fri May 13 12:12:34 2016 +0900 Subject: aufs4.5 mmap patch -Origin: https://github.com/sfjro/aufs4-standalone/tree/91164538a2f52c72b79a657ca3675cb55152413d +Origin: https://github.com/sfjro/aufs4-standalone/tree/0ebb0adcc850096856d38fa1f6ab0ce35244f9bf Bug-Debian: https://bugs.debian.org/541828 Patch headers added by debian/patches/features/all/aufs4/gen-patch @@ -184,7 +184,7 @@ index 8132787..3f7de66 100644 return VM_FAULT_WRITE; diff --git a/mm/mmap.c b/mm/mmap.c -index 76d1ec2..fdd163e 100644 +index 76d1ec2..298bc71 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -290,7 +290,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) @@ -233,28 +233,45 @@ index 76d1ec2..fdd163e 100644 unlink_anon_vmas(new); out_free_mpol: mpol_put(vma_policy(new)); -@@ -2640,7 +2640,6 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, +@@ -2640,7 +2640,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, struct vm_area_struct *vma; unsigned long populate = 0; unsigned long ret = -EINVAL; - struct file *file; ++ struct file *file, *prfile; pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. " "See Documentation/vm/remap_file_pages.txt.\n", -@@ -2708,10 +2707,10 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, +@@ -2708,10 +2708,27 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, } } - file = get_file(vma->vm_file); + vma_get_file(vma); ++ file = vma->vm_file; ++ prfile = vma->vm_prfile; ret = do_mmap_pgoff(vma->vm_file, start, size, prot, flags, pgoff, &populate); -- fput(file); -+ vma_fput(vma); ++ if (!IS_ERR_VALUE(ret) && file && prfile) { ++ struct vm_area_struct *new_vma; ++ ++ new_vma = find_vma(mm, ret); ++ if (!new_vma->vm_prfile) ++ new_vma->vm_prfile = prfile; ++ if (new_vma != vma) ++ get_file(prfile); ++ } ++ /* ++ * two fput()s instead of vma_fput(vma), ++ * coz vma may not be available anymore. ++ */ + fput(file); ++ if (prfile) ++ fput(prfile); out: up_write(&mm->mmap_sem); if (populate) -@@ -2982,7 +2981,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2982,7 +2999,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, if (anon_vma_clone(new_vma, vma)) goto out_free_mempol; if (new_vma->vm_file) diff --git a/debian/patches/features/all/aufs4/aufs4-standalone.patch b/debian/patches/features/all/aufs4/aufs4-standalone.patch index 3ab29fc5489c..34e666dcd3f8 100644 --- a/debian/patches/features/all/aufs4/aufs4-standalone.patch +++ b/debian/patches/features/all/aufs4/aufs4-standalone.patch @@ -1,7 +1,7 @@ From: J. R. Okajima <hooanon05@yahoo.co.jp> Date: Wed Mar 16 17:10:20 2016 +0900 Subject: aufs4.5 standalone patch -Origin: https://github.com/sfjro/aufs4-standalone/tree/91164538a2f52c72b79a657ca3675cb55152413d +Origin: https://github.com/sfjro/aufs4-standalone/tree/0ebb0adcc850096856d38fa1f6ab0ce35244f9bf Bug-Debian: https://bugs.debian.org/541828 Patch headers added by debian/patches/features/all/aufs4/gen-patch |