summaryrefslogtreecommitdiffstats
path: root/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.9/0002-Allow-stack-to-grow-up-to-address-space-limit.patch
diff options
context:
space:
mode:
authorJan-Simon Möller <jsmoeller@linuxfoundation.org>2017-06-28 01:46:34 +0200
committerJan-Simon Moeller <jsmoeller@linuxfoundation.org>2017-06-29 08:57:30 +0000
commit56b115af69a2cdcc9db26ca249dfce575ef1bb9f (patch)
tree0edbe7c92a50733400eaeaf429003a356a946d3f /meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.9/0002-Allow-stack-to-grow-up-to-address-space-limit.patch
parentee1770e68b1c6b01b28471fe64c5a6f988a0a425 (diff)
Fix CVE-2017-1000364 by backporting the patches for rpi3
Backport of patches from upstream for 4.4 - https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.4.74&id=4b359430674caa2c98d0049a6941f157d2a33741 - https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.4.74&id=f41512c6acb71c63cf4e3bd50934365ae2a23891 - https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.4.74&id=1f2284fac2180d7a9442c796d9755e3ce7ab0bd9 Backport of patches from upstream for 4.9 - https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.9.y&id=cfc0eb403816c5c4f9667d959de5e22789b5421e - https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.9.y&id=5d10ad6297260e9b85e7645ee544a6115bb229e4 - https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.9.y&id=ce7fe8595902c3f03ef528c2dc1928b3f4b67fcf Bug-AGL: SPEC-705 Change-Id: If330fb7de09ab00f84d35a1e4c5343f958fcbf56 Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/9857 Tested-by: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org> Reviewed-by: Leon Anavi <leon.anavi@konsulko.com>
Diffstat (limited to 'meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.9/0002-Allow-stack-to-grow-up-to-address-space-limit.patch')
-rw-r--r--meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.9/0002-Allow-stack-to-grow-up-to-address-space-limit.patch51
1 files changed, 51 insertions, 0 deletions
diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.9/0002-Allow-stack-to-grow-up-to-address-space-limit.patch b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.9/0002-Allow-stack-to-grow-up-to-address-space-limit.patch
new file mode 100644
index 000000000..2a20abb57
--- /dev/null
+++ b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.9/0002-Allow-stack-to-grow-up-to-address-space-limit.patch
@@ -0,0 +1,51 @@
+From 88aa347d26911cffd84ac3dd2a8341f1ba7e3444 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Mon, 19 Jun 2017 17:34:05 +0200
+Subject: [PATCH 2/3] Allow stack to grow up to address space limit
+
+commit bd726c90b6b8ce87602208701b208a208e6d5600 upstream.
+
+Fix expand_upwards() on architectures with an upward-growing stack (parisc,
+metag and partly IA-64) to allow the stack to reliably grow exactly up to
+the address space limit given by TASK_SIZE.
+
+Signed-off-by: Helge Deller <deller@gmx.de>
+Acked-by: Hugh Dickins <hughd@google.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/mmap.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/mm/mmap.c b/mm/mmap.c
+index 26542b3..d71a61e 100644
+--- a/mm/mmap.c
++++ b/mm/mmap.c
+@@ -2224,16 +2224,19 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
+ if (!(vma->vm_flags & VM_GROWSUP))
+ return -EFAULT;
+
+- /* Guard against wrapping around to address 0. */
++ /* Guard against exceeding limits of the address space. */
+ address &= PAGE_MASK;
+- address += PAGE_SIZE;
+- if (!address)
++ if (address >= TASK_SIZE)
+ return -ENOMEM;
++ address += PAGE_SIZE;
+
+ /* Enforce stack_guard_gap */
+ gap_addr = address + stack_guard_gap;
+- if (gap_addr < address)
+- return -ENOMEM;
++
++ /* Guard against overflow */
++ if (gap_addr < address || gap_addr > TASK_SIZE)
++ gap_addr = TASK_SIZE;
++
+ next = vma->vm_next;
+ if (next && next->vm_start < gap_addr) {
+ if (!(next->vm_flags & VM_GROWSUP))
+--
+2.1.4
+