3 files changed, 35 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-hierofalcon/vhost-CVE-2015-6252.patch b/recipes-kernel/linux/linux-hierofalcon/vhost-CVE-2015-6252.patch
new file mode 100644
index 0000000..658fed1
--- /dev/null
+++ b/recipes-kernel/linux/linux-hierofalcon/vhost-CVE-2015-6252.patch
@@ -0,0 +1,33 @@
+From 7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5 Mon Sep 17 00:00:00 2001
+Date: Fri, 17 Jul 2015 15:32:03 +0200
+Subject: vhost: actually track log eventfd file
+While reviewing vhost log code, I found out that log_file is never
+set. Note: I haven't tested the change (QEMU doesn't use LOG_FD yet).
+Fixes CVE-2015-6252.
+Upstream-Status: Backport
+Cc: stable@vger.kernel.org
+Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ drivers/vhost/vhost.c | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
+index a9fe859..95bdb90 100644
+--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
+@@ -995,6 +995,7 @@ long vhost_dev_ioctl(struct vhost_dev *d, unsigned int ioctl, void __user *argp)
+                }
+                if (eventfp != d->log_file) {
+                        filep = d->log_file;
+                       d->log_file = eventfp;
+                        ctx = d->log_ctx;
+                        d->log_ctx = eventfp ?
+                                eventfd_ctx_fileget(eventfp) : NULL;
+-- 
+cgit v0.11.2
diff --git a/recipes-kernel/linux/linux-hierofalcon_3.19.bb b/recipes-kernel/linux/linux-hierofalcon_3.19.bb
index bc0dff0..26dfa6d 100644
--- a/recipes-kernel/linux/linux-hierofalcon_3.19.bb
+++ b/recipes-kernel/linux/linux-hierofalcon_3.19.bb
@@ -24,6 +24,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.19;branch="standard/qemuarm6
           file://fs_pin-CVE-2015-4178.patch \
           file://fs-CVE-2015-5706.patch \
           file://md-CVE-2015-5697.patch \
+           file://vhost-CVE-2015-6252.patch \
           "
 S = "${WORKDIR}/git"
diff --git a/recipes-kernel/linux/linux-hierofalcon_4.1.bb b/recipes-kernel/linux/linux-hierofalcon_4.1.bb
index c4e87a1..6b160d8 100644
--- a/recipes-kernel/linux/linux-hierofalcon_4.1.bb
+++ b/recipes-kernel/linux/linux-hierofalcon_4.1.bb
@@ -25,6 +25,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.1;branch="standard/qemuarm64
           file://RDS-CVE-2015-6937.patch \
           file://RDS-CVE-2015-7990-a-complete-fix-of-CVE-2015-6937.patch \
           file://md-CVE-2015-5697.patch \
+           file://vhost-CVE-2015-6252.patch \
           "
 S = "${WORKDIR}/git"

diff --git a/recipes-kernel/linux/linux-hierofalcon/vhost-CVE-2015-6252.patch b/recipes-kernel/linux/linux-hierofalcon/vhost-CVE-2015-6252.patch new file mode 100644 index 0000000..658fed1 --- /dev/null +++ b/recipes-kernel/linux/linux-hierofalcon/vhost-CVE-2015-6252.patch
@@ -0,0 +1,33 @@
		1	From 7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5 Mon Sep 17 00:00:00 2001
		2	Date: Fri, 17 Jul 2015 15:32:03 +0200
		3	Subject: vhost: actually track log eventfd file
		4
		5	While reviewing vhost log code, I found out that log_file is never
		6	set. Note: I haven't tested the change (QEMU doesn't use LOG_FD yet).
		7
		8	Fixes CVE-2015-6252.
		9	Upstream-Status: Backport
		10
		11	Cc: stable@vger.kernel.org
		12	Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
		13	Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
		14	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
		15	---
		16	drivers/vhost/vhost.c \| 1 +
		17	1 file changed, 1 insertion(+)
		18
		19	diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
		20	index a9fe859..95bdb90 100644
		21	--- a/drivers/vhost/vhost.c
		22	+++ b/drivers/vhost/vhost.c
		23	@@ -995,6 +995,7 @@ long vhost_dev_ioctl(struct vhost_dev d, unsigned int ioctl, void __user argp)
		24	}
		25	if (eventfp != d->log_file) {
		26	filep = d->log_file;
		27	+ d->log_file = eventfp;
		28	ctx = d->log_ctx;
		29	d->log_ctx = eventfp ?
		30	eventfd_ctx_fileget(eventfp) : NULL;
		31	--
		32	cgit v0.11.2
		33


diff --git a/recipes-kernel/linux/linux-hierofalcon_3.19.bb b/recipes-kernel/linux/linux-hierofalcon_3.19.bb index bc0dff0..26dfa6d 100644 --- a/recipes-kernel/linux/linux-hierofalcon_3.19.bb +++ b/recipes-kernel/linux/linux-hierofalcon_3.19.bb
@@ -24,6 +24,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.19;branch="standard/qemuarm6
24	file://fs_pin-CVE-2015-4178.patch \	24	file://fs_pin-CVE-2015-4178.patch \
25	file://fs-CVE-2015-5706.patch \	25	file://fs-CVE-2015-5706.patch \
26	file://md-CVE-2015-5697.patch \	26	file://md-CVE-2015-5697.patch \
		27	file://vhost-CVE-2015-6252.patch \
27	"	28	"
28		29
29	S = "${WORKDIR}/git"	30	S = "${WORKDIR}/git"


diff --git a/recipes-kernel/linux/linux-hierofalcon_4.1.bb b/recipes-kernel/linux/linux-hierofalcon_4.1.bb index c4e87a1..6b160d8 100644 --- a/recipes-kernel/linux/linux-hierofalcon_4.1.bb +++ b/recipes-kernel/linux/linux-hierofalcon_4.1.bb
@@ -25,6 +25,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.1;branch="standard/qemuarm64
25	file://RDS-CVE-2015-6937.patch \	25	file://RDS-CVE-2015-6937.patch \
26	file://RDS-CVE-2015-7990-a-complete-fix-of-CVE-2015-6937.patch \	26	file://RDS-CVE-2015-7990-a-complete-fix-of-CVE-2015-6937.patch \
27	file://md-CVE-2015-5697.patch \	27	file://md-CVE-2015-5697.patch \
		28	file://vhost-CVE-2015-6252.patch \
28	"	29	"
29		30
30	S = "${WORKDIR}/git"	31	S = "${WORKDIR}/git"