diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2015-12-22 13:01:51 +0100 |
---|---|---|
committer | Huimin She <huimin.she@enea.com> | 2015-12-22 15:43:01 +0100 |
commit | 172827599cfe85e9df117b794ce5b935303fa96e (patch) | |
tree | 417ca65379918cf3399fbc0718a9f505fd5e4bc6 /recipes-kernel/linux | |
parent | 4b78021ae978a0639b5b4bb7c877d4a66b9b43f2 (diff) | |
download | meta-hierofalcon-172827599cfe85e9df117b794ce5b935303fa96e.tar.gz |
kernel-fs_pin: CVE-2015-4178
Fixes list corruption of m_list or s_list if unused
References:
http://seclists.org/oss-sec/2015/q2/640
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-4178
Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=11bf6b1ea65f1580477827831d05711e5b87ac7b
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Huimin She <huimin.she@enea.com>
Diffstat (limited to 'recipes-kernel/linux')
-rw-r--r-- | recipes-kernel/linux/linux-hierofalcon-3.19/fs_pin-CVE-2015-4178.patch | 47 | ||||
-rw-r--r-- | recipes-kernel/linux/linux-hierofalcon_3.19.bb | 1 |
2 files changed, 48 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-hierofalcon-3.19/fs_pin-CVE-2015-4178.patch b/recipes-kernel/linux/linux-hierofalcon-3.19/fs_pin-CVE-2015-4178.patch new file mode 100644 index 0000000..34b6d0b --- /dev/null +++ b/recipes-kernel/linux/linux-hierofalcon-3.19/fs_pin-CVE-2015-4178.patch | |||
@@ -0,0 +1,47 @@ | |||
1 | From 11bf6b1ea65f1580477827831d05711e5b87ac7b Mon Sep 17 00:00:00 2001 | ||
2 | From: "Eric W. Biederman" <ebiederm@xmission.com> | ||
3 | Date: Thu, 2 Apr 2015 16:35:48 -0500 | ||
4 | Subject: fs_pin: Allow for the possibility that m_list or s_list go unused. | ||
5 | |||
6 | [ Upstream commit 820f9f147dcce2602eefd9b575bbbd9ea14f0953 ] | ||
7 | |||
8 | This is needed to support lazily umounting locked mounts. Because the | ||
9 | entire unmounted subtree needs to stay together until there are no | ||
10 | users with references to any part of the subtree. | ||
11 | |||
12 | To support this guarantee that the fs_pin m_list and s_list nodes | ||
13 | are initialized by initializing them in init_fs_pin allowing | ||
14 | for the possibility that pin_insert_group does not touch them. | ||
15 | |||
16 | Further use hlist_del_init in pin_remove so that there is | ||
17 | a hlist_unhashed test before the list we attempt to update | ||
18 | the previous list item. | ||
19 | |||
20 | Fixes CVE-2015-4178. | ||
21 | Upstream-Status: Backport | ||
22 | |||
23 | Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> | ||
24 | Signed-off-by: Sasha Levin <sasha.levin@oracle.com> | ||
25 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
26 | --- | ||
27 | fs/fs_pin.c | 4 ++-- | ||
28 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
29 | |||
30 | diff --git a/fs/fs_pin.c b/fs/fs_pin.c | ||
31 | index 9368236..569bbd1 100644 | ||
32 | --- a/fs/fs_pin.c | ||
33 | +++ b/fs/fs_pin.c | ||
34 | @@ -20,8 +20,8 @@ void pin_put(struct fs_pin *p) | ||
35 | void pin_remove(struct fs_pin *pin) | ||
36 | { | ||
37 | spin_lock(&pin_lock); | ||
38 | - hlist_del(&pin->m_list); | ||
39 | - hlist_del(&pin->s_list); | ||
40 | + hlist_del_init(&pin->m_list); | ||
41 | + hlist_del_init(&pin->s_list); | ||
42 | spin_unlock(&pin_lock); | ||
43 | } | ||
44 | |||
45 | -- | ||
46 | cgit v0.11.2 | ||
47 | |||
diff --git a/recipes-kernel/linux/linux-hierofalcon_3.19.bb b/recipes-kernel/linux/linux-hierofalcon_3.19.bb index 7d0e9d2..ea80e94 100644 --- a/recipes-kernel/linux/linux-hierofalcon_3.19.bb +++ b/recipes-kernel/linux/linux-hierofalcon_3.19.bb | |||
@@ -21,6 +21,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.19;branch="standard/qemuarm6 | |||
21 | file://RDS-CVE-2015-7990-a-complete-fix-of-CVE-2015-6937.patch \ | 21 | file://RDS-CVE-2015-7990-a-complete-fix-of-CVE-2015-6937.patch \ |
22 | file://fs-CVE-2015-3339.patch \ | 22 | file://fs-CVE-2015-3339.patch \ |
23 | file://mnt-CVE-2015-4177.patch \ | 23 | file://mnt-CVE-2015-4177.patch \ |
24 | file://fs_pin-CVE-2015-4178.patch \ | ||
24 | " | 25 | " |
25 | 26 | ||
26 | S = "${WORKDIR}/git" | 27 | S = "${WORKDIR}/git" |