diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2015-02-02 09:36:08 +0100 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-07-06 20:27:13 +0200 |
commit | 717d00497f7e762951d63002b1346ee50397256d (patch) | |
tree | 82d73106f49d90e4c209083c95429b8ecdcf3635 | |
parent | 7146afca195b69b1c9f2e78135bdd1b489a500d7 (diff) | |
download | meta-enea-717d00497f7e762951d63002b1346ee50397256d.tar.gz |
target: CVE-2014-4027
Explicitly clear ramdisk_mcp backend pages
Reference
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027
http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
-rw-r--r-- | recipes-kernel/linux/files/target-CVE-2014-4027.patch | 46 | ||||
-rw-r--r-- | recipes-kernel/linux/linux-qoriq-sdk.bbappend | 1 |
2 files changed, 47 insertions, 0 deletions
diff --git a/recipes-kernel/linux/files/target-CVE-2014-4027.patch b/recipes-kernel/linux/files/target-CVE-2014-4027.patch new file mode 100644 index 0000000..5b9cc2b --- /dev/null +++ b/recipes-kernel/linux/files/target-CVE-2014-4027.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | From 43507abd621cb72b55142e7b18a4aa77a19aa3f3 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Nicholas A. Bellinger" <nab@linux-iscsi.org> | ||
3 | Date: Mon, 16 Jun 2014 20:59:52 +0000 | ||
4 | Subject: [PATCH] target: Explicitly clear ramdisk_mcp backend pages | ||
5 | |||
6 | [Note that a different patch to address the same issue went in during | ||
7 | v3.15-rc1 (commit 4442dc8a), but includes a bunch of other changes that | ||
8 | don't strictly apply to fixing the bug] | ||
9 | |||
10 | This patch changes rd_allocate_sgl_table() to explicitly clear | ||
11 | ramdisk_mcp backend memory pages by passing __GFP_ZERO into | ||
12 | alloc_pages(). | ||
13 | |||
14 | This addresses a potential security issue where reading from a | ||
15 | ramdisk_mcp could return sensitive information, and follows what | ||
16 | >= v3.15 does to explicitly clear ramdisk_mcp memory at backend | ||
17 | device initialization time. | ||
18 | |||
19 | This fixes CVE-2014-4027 | ||
20 | Upstream-Status: Backport | ||
21 | |||
22 | Reported-by: Jorge Daniel Sequeira Matias <jdsm@tecnico.ulisboa.pt> | ||
23 | Cc: Jorge Daniel Sequeira Matias <jdsm@tecnico.ulisboa.pt> | ||
24 | Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> | ||
25 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | ||
26 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
27 | --- | ||
28 | drivers/target/target_core_rd.c | 2 +- | ||
29 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
30 | |||
31 | diff --git a/drivers/target/target_core_rd.c b/drivers/target/target_core_rd.c | ||
32 | index 0921a64..5c3b6778 100644 | ||
33 | --- a/drivers/target/target_core_rd.c | ||
34 | +++ b/drivers/target/target_core_rd.c | ||
35 | @@ -174,7 +174,7 @@ static int rd_build_device_space(struct rd_dev *rd_dev) | ||
36 | - 1; | ||
37 | |||
38 | for (j = 0; j < sg_per_table; j++) { | ||
39 | - pg = alloc_pages(GFP_KERNEL, 0); | ||
40 | + pg = alloc_pages(GFP_KERNEL | __GFP_ZERO, 0); | ||
41 | if (!pg) { | ||
42 | pr_err("Unable to allocate scatterlist" | ||
43 | " pages for struct rd_dev_sg_table\n"); | ||
44 | -- | ||
45 | 1.9.1 | ||
46 | |||
diff --git a/recipes-kernel/linux/linux-qoriq-sdk.bbappend b/recipes-kernel/linux/linux-qoriq-sdk.bbappend index a78f575..281c87e 100644 --- a/recipes-kernel/linux/linux-qoriq-sdk.bbappend +++ b/recipes-kernel/linux/linux-qoriq-sdk.bbappend | |||
@@ -44,6 +44,7 @@ SRC_URI += "file://add-no-error-uninitialized.patch \ | |||
44 | file://net-sctp-CVE-2014-7841.patch \ | 44 | file://net-sctp-CVE-2014-7841.patch \ |
45 | file://0001-ALSA-CVE-2014-4656.patch \ | 45 | file://0001-ALSA-CVE-2014-4656.patch \ |
46 | file://0002-ALSA-CVE-2014-4656.patch \ | 46 | file://0002-ALSA-CVE-2014-4656.patch \ |
47 | file://target-CVE-2014-4027.patch \ | ||
47 | " | 48 | " |
48 | 49 | ||
49 | SRC_URI_append_p2041rdb = " \ | 50 | SRC_URI_append_p2041rdb = " \ |