kernel-fs_pin: CVE-2015-4178

Fixes list corruption of m_list or s_list if unused References: http://seclists.org/oss-sec/2015/q2/640 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-4178 Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/ patch/?id=11bf6b1ea65f1580477827831d05711e5b87ac7b Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Huimin She <huimin.she@enea.com>
author: Sona Sarmadi <sona.sarmadi@enea.com> 2015-12-22 13:01:51 +0100
committer: Huimin She <huimin.she@enea.com> 2015-12-22 15:43:01 +0100
commit: 172827599cfe85e9df117b794ce5b935303fa96e (patch)
tree: 417ca65379918cf3399fbc0718a9f505fd5e4bc6 /recipes-kernel/linux/linux-hierofalcon-3.19
parent: 4b78021ae978a0639b5b4bb7c877d4a66b9b43f2 (diff)
download: meta-hierofalcon-172827599cfe85e9df117b794ce5b935303fa96e.tar.gz
1 files changed, 47 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-hierofalcon-3.19/fs_pin-CVE-2015-4178.patch b/recipes-kernel/linux/linux-hierofalcon-3.19/fs_pin-CVE-2015-4178.patch
new file mode 100644
index 0000000..34b6d0b
--- /dev/null
+++ b/recipes-kernel/linux/linux-hierofalcon-3.19/fs_pin-CVE-2015-4178.patch
@@ -0,0 +1,47 @@
+From 11bf6b1ea65f1580477827831d05711e5b87ac7b Mon Sep 17 00:00:00 2001
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Thu, 2 Apr 2015 16:35:48 -0500
+Subject: fs_pin: Allow for the possibility that m_list or s_list go unused.
+[ Upstream commit 820f9f147dcce2602eefd9b575bbbd9ea14f0953 ]
+This is needed to support lazily umounting locked mounts.  Because the
+entire unmounted subtree needs to stay together until there are no
+users with references to any part of the subtree.
+To support this guarantee that the fs_pin m_list and s_list nodes
+are initialized by initializing them in init_fs_pin allowing
+for the possibility that pin_insert_group does not touch them.
+Further use hlist_del_init in pin_remove so that there is
+a hlist_unhashed test before the list we attempt to update
+the previous list item.
+Fixes CVE-2015-4178.
+Upstream-Status: Backport
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ fs/fs_pin.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/fs/fs_pin.c b/fs/fs_pin.c
+index 9368236..569bbd1 100644
+--- a/fs/fs_pin.c
+++ b/fs/fs_pin.c
+@@ -20,8 +20,8 @@ void pin_put(struct fs_pin *p)
+ void pin_remove(struct fs_pin *pin)
+ {
+        spin_lock(&pin_lock);
+-       hlist_del(&pin->m_list);
+-       hlist_del(&pin->s_list);
+       hlist_del_init(&pin->m_list);
+       hlist_del_init(&pin->s_list);
+        spin_unlock(&pin_lock);
+ }
+ 
+-- 
+cgit v0.11.2
author	Sona Sarmadi <sona.sarmadi@enea.com>	2015-12-22 13:01:51 +0100
committer	Huimin She <huimin.she@enea.com>	2015-12-22 15:43:01 +0100
commit	172827599cfe85e9df117b794ce5b935303fa96e (patch)
tree	417ca65379918cf3399fbc0718a9f505fd5e4bc6 /recipes-kernel/linux/linux-hierofalcon-3.19
parent	4b78021ae978a0639b5b4bb7c877d4a66b9b43f2 (diff)
download	meta-hierofalcon-172827599cfe85e9df117b794ce5b935303fa96e.tar.gz

diff --git a/recipes-kernel/linux/linux-hierofalcon-3.19/fs_pin-CVE-2015-4178.patch b/recipes-kernel/linux/linux-hierofalcon-3.19/fs_pin-CVE-2015-4178.patch new file mode 100644 index 0000000..34b6d0b --- /dev/null +++ b/recipes-kernel/linux/linux-hierofalcon-3.19/fs_pin-CVE-2015-4178.patch
@@ -0,0 +1,47 @@
	1	From 11bf6b1ea65f1580477827831d05711e5b87ac7b Mon Sep 17 00:00:00 2001
	2	From: "Eric W. Biederman" <ebiederm@xmission.com>
	3	Date: Thu, 2 Apr 2015 16:35:48 -0500
	4	Subject: fs_pin: Allow for the possibility that m_list or s_list go unused.
	5
	6	[ Upstream commit 820f9f147dcce2602eefd9b575bbbd9ea14f0953 ]
	7
	8	This is needed to support lazily umounting locked mounts. Because the
	9	entire unmounted subtree needs to stay together until there are no
	10	users with references to any part of the subtree.
	11
	12	To support this guarantee that the fs_pin m_list and s_list nodes
	13	are initialized by initializing them in init_fs_pin allowing
	14	for the possibility that pin_insert_group does not touch them.
	15
	16	Further use hlist_del_init in pin_remove so that there is
	17	a hlist_unhashed test before the list we attempt to update
	18	the previous list item.
	19
	20	Fixes CVE-2015-4178.
	21	Upstream-Status: Backport
	22
	23	Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
	24	Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
	25	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	26	---
	27	fs/fs_pin.c \| 4 ++--
	28	1 file changed, 2 insertions(+), 2 deletions(-)
	29
	30	diff --git a/fs/fs_pin.c b/fs/fs_pin.c
	31	index 9368236..569bbd1 100644
	32	--- a/fs/fs_pin.c
	33	+++ b/fs/fs_pin.c
	34	@@ -20,8 +20,8 @@ void pin_put(struct fs_pin *p)
	35	void pin_remove(struct fs_pin *pin)
	36	{
	37	spin_lock(&pin_lock);
	38	- hlist_del(&pin->m_list);
	39	- hlist_del(&pin->s_list);
	40	+ hlist_del_init(&pin->m_list);
	41	+ hlist_del_init(&pin->s_list);
	42	spin_unlock(&pin_lock);
	43	}
	44
	45	--
	46	cgit v0.11.2
	47