diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2015-12-29 10:00:18 +0100 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-12-29 23:26:20 +0100 |
commit | af15989919f43e13e027fb698f5fefe4c73eb8de (patch) | |
tree | 841e5d7c733164d64ef4c979521db4af7b4bf51f | |
parent | 6139644280195f8fb7d59b713f3d226a84b21665 (diff) | |
download | meta-enea-af15989919f43e13e027fb698f5fefe4c73eb8de.tar.gz |
kernel-fs: CVE-2015-5706
Fixes double fput().
References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5706
CVE assignment: http://seclists.org/oss-sec/2015/q3/270
Upstream/original fix:
======================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=88b4f377466cb673777d27693acf70108a908106
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
-rw-r--r-- | recipes-kernel/linux/files/fs-CVE-2015-5706.patch | 45 | ||||
-rw-r--r-- | recipes-kernel/linux/linux-yocto_3.14.bbappend | 1 |
2 files changed, 46 insertions, 0 deletions
diff --git a/recipes-kernel/linux/files/fs-CVE-2015-5706.patch b/recipes-kernel/linux/files/fs-CVE-2015-5706.patch new file mode 100644 index 0000000..ef1951f --- /dev/null +++ b/recipes-kernel/linux/files/fs-CVE-2015-5706.patch | |||
@@ -0,0 +1,45 @@ | |||
1 | From 88b4f377466cb673777d27693acf70108a908106 Mon Sep 17 00:00:00 2001 | ||
2 | From: Al Viro <viro@zeniv.linux.org.uk> | ||
3 | Date: Fri, 8 May 2015 22:53:15 -0400 | ||
4 | Subject: path_openat(): fix double fput() | ||
5 | |||
6 | commit f15133df088ecadd141ea1907f2c96df67c729f0 upstream. | ||
7 | |||
8 | path_openat() jumps to the wrong place after do_tmpfile() - it has | ||
9 | already done path_cleanup() (as part of path_lookupat() called by | ||
10 | do_tmpfile()), so doing that again can lead to double fput(). | ||
11 | |||
12 | Fixes CVE-2015-5706. | ||
13 | Upstream-Status: Backport | ||
14 | |||
15 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | ||
16 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | ||
17 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
18 | --- | ||
19 | fs/namei.c | 3 ++- | ||
20 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
21 | |||
22 | diff --git a/fs/namei.c b/fs/namei.c | ||
23 | index ccb8000..c6fa079 100644 | ||
24 | --- a/fs/namei.c | ||
25 | +++ b/fs/namei.c | ||
26 | @@ -3171,7 +3171,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, | ||
27 | |||
28 | if (unlikely(file->f_flags & __O_TMPFILE)) { | ||
29 | error = do_tmpfile(dfd, pathname, nd, flags, op, file, &opened); | ||
30 | - goto out; | ||
31 | + goto out2; | ||
32 | } | ||
33 | |||
34 | error = path_init(dfd, pathname->name, flags | LOOKUP_PARENT, nd, &base); | ||
35 | @@ -3209,6 +3209,7 @@ out: | ||
36 | path_put(&nd->root); | ||
37 | if (base) | ||
38 | fput(base); | ||
39 | +out2: | ||
40 | if (!(opened & FILE_OPENED)) { | ||
41 | BUG_ON(!error); | ||
42 | put_filp(file); | ||
43 | -- | ||
44 | cgit v0.11.2 | ||
45 | |||
diff --git a/recipes-kernel/linux/linux-yocto_3.14.bbappend b/recipes-kernel/linux/linux-yocto_3.14.bbappend index 001026f..7078d4e 100644 --- a/recipes-kernel/linux/linux-yocto_3.14.bbappend +++ b/recipes-kernel/linux/linux-yocto_3.14.bbappend | |||
@@ -7,4 +7,5 @@ SRC_URI += "file://HID_CVE_patches/0005-HID-steelseries-validate-output-report-d | |||
7 | file://IB-uverbs-CVE-2014-8159.patch \ | 7 | file://IB-uverbs-CVE-2014-8159.patch \ |
8 | file://net-sctp-CVE-2015-1421.patch \ | 8 | file://net-sctp-CVE-2015-1421.patch \ |
9 | file://fs-CVE-2015-3339.patch \ | 9 | file://fs-CVE-2015-3339.patch \ |
10 | file://fs-CVE-2015-5706.patch \ | ||
10 | " | 11 | " |