diff options
author | Jan-Simon Möller <jsmoeller@linuxfoundation.org> | 2016-11-04 21:21:50 +0100 |
---|---|---|
committer | Jan-Simon Möller <jsmoeller@linuxfoundation.org> | 2016-11-04 21:22:47 +0100 |
commit | 9e58b8be7e98b6911db6a0a3af3fbe4e185f279f (patch) | |
tree | d7442ab9ba00040f7f7e9a620632427b841a3f04 | |
parent | 7504005d38ac076916a0616fe5d13f46c31a08f5 (diff) |
Backport fix for CVE-2016-5195blowfish_2.0.5blowfish_2.0.4blowfish_2.0.32.0.52.0.42.0.3blowfish
Change-Id: I3bd6feb22e87ba12cbd339a4413e396f7fcf7db7
Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
-rw-r--r-- | .gitreview | 1 | ||||
-rw-r--r-- | meta-rcar-gen2/recipes-kernel/linux/linux-renesas/9999-Backport-fix-for-CVE-2016-5195.patch | 68 | ||||
-rw-r--r-- | meta-rcar-gen2/recipes-kernel/linux/linux-renesas_3.10.bb | 3 |
3 files changed, 72 insertions, 0 deletions
@@ -2,3 +2,4 @@ host=gerrit.automotivelinux.org port=29418 project=AGL/meta-renesas +defaultbranch=blowfish diff --git a/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/9999-Backport-fix-for-CVE-2016-5195.patch b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/9999-Backport-fix-for-CVE-2016-5195.patch new file mode 100644 index 0000000..e7a143f --- /dev/null +++ b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/9999-Backport-fix-for-CVE-2016-5195.patch @@ -0,0 +1,68 @@ +From 8003e1524789537680204d44d5bf7a82561f8ba3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jan-Simon=20M=C3=B6ller?= <jsmoeller@linuxfoundation.org> +Date: Fri, 4 Nov 2016 20:58:46 +0100 +Subject: [PATCH] Backport fix for CVE-2016-5195 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org> +--- + include/linux/mm.h | 1 + + mm/memory.c | 14 ++++++++++++-- + 2 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/include/linux/mm.h b/include/linux/mm.h +index 3bf21c3..263b405 100644 +--- a/include/linux/mm.h ++++ b/include/linux/mm.h +@@ -1702,6 +1702,7 @@ static inline struct page *follow_page(struct vm_area_struct *vma, + #define FOLL_HWPOISON 0x100 /* check page is hwpoisoned */ + #define FOLL_NUMA 0x200 /* force NUMA hinting page fault */ + #define FOLL_MIGRATION 0x400 /* wait for page to replace migration entry */ ++#define FOLL_COW 0x4000 /* internal GUP flag */ + + typedef int (*pte_fn_t)(pte_t *pte, pgtable_t token, unsigned long addr, + void *data); +diff --git a/mm/memory.c b/mm/memory.c +index 48aa275..3a3f316 100644 +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -1462,6 +1462,16 @@ int zap_vma_ptes(struct vm_area_struct *vma, unsigned long address, + } + EXPORT_SYMBOL_GPL(zap_vma_ptes); + ++/* ++ * FOLL_FORCE can write to even unwritable pte's, but only ++ * after we've gone through a COW cycle and they are dirty. ++ */ ++static inline bool can_follow_write_pte(pte_t pte, unsigned int flags) ++{ ++ return pte_write(pte) || ++ ((flags & FOLL_FORCE) && (flags & FOLL_COW) && pte_dirty(pte)); ++} ++ + /** + * follow_page_mask - look up a page descriptor from a user-virtual address + * @vma: vm_area_struct mapping @address +@@ -1569,7 +1579,7 @@ split_fallthrough: + } + if ((flags & FOLL_NUMA) && pte_numa(pte)) + goto no_page; +- if ((flags & FOLL_WRITE) && !pte_write(pte)) ++ if ((flags & FOLL_WRITE) && !can_follow_write_pte(pte, flags)) + goto unlock; + + page = vm_normal_page(vma, address, pte); +@@ -1876,7 +1886,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, + */ + if ((ret & VM_FAULT_WRITE) && + !(vma->vm_flags & VM_WRITE)) +- foll_flags &= ~FOLL_WRITE; ++ foll_flags |= FOLL_COW; + + cond_resched(); + } +-- +2.1.4 + diff --git a/meta-rcar-gen2/recipes-kernel/linux/linux-renesas_3.10.bb b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas_3.10.bb index 2386d98..69275c5 100644 --- a/meta-rcar-gen2/recipes-kernel/linux/linux-renesas_3.10.bb +++ b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas_3.10.bb @@ -142,6 +142,9 @@ SRC_URI_append_smack = " \ file://smack/0054-Smack-secmark-connections.patch \ " +# CVE-2016-5195 +SRC_URI_append = " file://9999-Backport-fix-for-CVE-2016-5195.patch " + S = "${WORKDIR}/git" KERNEL_DEFCONFIG = "shmobile_defconfig" |