summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2015-12-30 10:05:09 +0100
committerTudor Florea <tudor.florea@enea.com>2015-12-30 13:00:46 +0100
commit037538df5521a1a963b30fa01e9ac854a0ee431b (patch)
treef5fad043018f5090c442fdda30c7182cbee9710c
parent14f970ed68973debdeaae73a8e2bffb5d7da572e (diff)
downloadmeta-hierofalcon-037538df5521a1a963b30fa01e9ac854a0ee431b.tar.gz
kernel-vhost: CVE-2015-6252
Fixes vhost fd leak in ioctl VHOST_SET_LOG_FD References: =========== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6252 http://www.openwall.com/lists/oss-security/2015/08/18/3 Upstream fix: ============= https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/ patch/?id=7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
-rw-r--r--recipes-kernel/linux/linux-hierofalcon/vhost-CVE-2015-6252.patch33
-rw-r--r--recipes-kernel/linux/linux-hierofalcon_3.19.bb1
-rw-r--r--recipes-kernel/linux/linux-hierofalcon_4.1.bb1
3 files changed, 35 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-hierofalcon/vhost-CVE-2015-6252.patch b/recipes-kernel/linux/linux-hierofalcon/vhost-CVE-2015-6252.patch
new file mode 100644
index 0000000..658fed1
--- /dev/null
+++ b/recipes-kernel/linux/linux-hierofalcon/vhost-CVE-2015-6252.patch
@@ -0,0 +1,33 @@
1From 7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5 Mon Sep 17 00:00:00 2001
2Date: Fri, 17 Jul 2015 15:32:03 +0200
3Subject: vhost: actually track log eventfd file
4
5While reviewing vhost log code, I found out that log_file is never
6set. Note: I haven't tested the change (QEMU doesn't use LOG_FD yet).
7
8Fixes CVE-2015-6252.
9Upstream-Status: Backport
10
11Cc: stable@vger.kernel.org
12Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
13Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
14Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
15---
16 drivers/vhost/vhost.c | 1 +
17 1 file changed, 1 insertion(+)
18
19diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
20index a9fe859..95bdb90 100644
21--- a/drivers/vhost/vhost.c
22+++ b/drivers/vhost/vhost.c
23@@ -995,6 +995,7 @@ long vhost_dev_ioctl(struct vhost_dev *d, unsigned int ioctl, void __user *argp)
24 }
25 if (eventfp != d->log_file) {
26 filep = d->log_file;
27+ d->log_file = eventfp;
28 ctx = d->log_ctx;
29 d->log_ctx = eventfp ?
30 eventfd_ctx_fileget(eventfp) : NULL;
31--
32cgit v0.11.2
33
diff --git a/recipes-kernel/linux/linux-hierofalcon_3.19.bb b/recipes-kernel/linux/linux-hierofalcon_3.19.bb
index bc0dff0..26dfa6d 100644
--- a/recipes-kernel/linux/linux-hierofalcon_3.19.bb
+++ b/recipes-kernel/linux/linux-hierofalcon_3.19.bb
@@ -24,6 +24,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.19;branch="standard/qemuarm6
24 file://fs_pin-CVE-2015-4178.patch \ 24 file://fs_pin-CVE-2015-4178.patch \
25 file://fs-CVE-2015-5706.patch \ 25 file://fs-CVE-2015-5706.patch \
26 file://md-CVE-2015-5697.patch \ 26 file://md-CVE-2015-5697.patch \
27 file://vhost-CVE-2015-6252.patch \
27 " 28 "
28 29
29S = "${WORKDIR}/git" 30S = "${WORKDIR}/git"
diff --git a/recipes-kernel/linux/linux-hierofalcon_4.1.bb b/recipes-kernel/linux/linux-hierofalcon_4.1.bb
index c4e87a1..6b160d8 100644
--- a/recipes-kernel/linux/linux-hierofalcon_4.1.bb
+++ b/recipes-kernel/linux/linux-hierofalcon_4.1.bb
@@ -25,6 +25,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.1;branch="standard/qemuarm64
25 file://RDS-CVE-2015-6937.patch \ 25 file://RDS-CVE-2015-6937.patch \
26 file://RDS-CVE-2015-7990-a-complete-fix-of-CVE-2015-6937.patch \ 26 file://RDS-CVE-2015-7990-a-complete-fix-of-CVE-2015-6937.patch \
27 file://md-CVE-2015-5697.patch \ 27 file://md-CVE-2015-5697.patch \
28 file://vhost-CVE-2015-6252.patch \
28 " 29 "
29 30
30S = "${WORKDIR}/git" 31S = "${WORKDIR}/git"