From 49c2b929374d04186ea2ac402f045094516630e9 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 26 Feb 2017 21:05:05 +0000 Subject: [PATCH] time: Disable TIMER_STATS (CVE-2017-5967) The upstream "fix" for this is to remove the feature, as it is redundant with tracing. I'd be quite happy to do that, but it introduces several conflicts with the PREEMPT_RT patch series. Unless and until those are resolved in 4.9-stable and 4.9-rt, disable it in our kconfig and add a dependency on BROKEN to ensure it's disabled in custom kernels too. --- debian/changelog | 1 + debian/config/config | 2 +- .../time-mark-timer_stats-as-broken.patch | 21 +++++++++++++++++++ debian/patches/series | 1 + 4 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 debian/patches/debian/time-mark-timer_stats-as-broken.patch diff --git a/debian/changelog b/debian/changelog index e2f47f8b0..a9f473426 100644 --- a/debian/changelog +++ b/debian/changelog @@ -93,6 +93,7 @@ linux (4.9.13-1) UNRELEASED; urgency=medium (Closes: #856111) * [x86] kvm: fix page struct leak in handle_vmon (CVE-2017-2596) * ipc/shm: Fix shmat mmap nil-page protection (CVE-2017-5669) + * time: Disable TIMER_STATS (CVE-2017-5967) -- Ben Hutchings Sat, 18 Feb 2017 00:38:10 +0000 diff --git a/debian/config/config b/debian/config/config index d6ec09462..b0e151fec 100644 --- a/debian/config/config +++ b/debian/config/config @@ -5843,7 +5843,7 @@ CONFIG_SCHED_DEBUG=y CONFIG_SCHEDSTATS=y CONFIG_SCHED_STACK_END_CHECK=y # CONFIG_DEBUG_TIMEKEEPING is not set -CONFIG_TIMER_STATS=y +# CONFIG_TIMER_STATS is not set CONFIG_DEBUG_PREEMPT=y # CONFIG_DEBUG_RT_MUTEXES is not set # CONFIG_DEBUG_SPINLOCK is not set diff --git a/debian/patches/debian/time-mark-timer_stats-as-broken.patch b/debian/patches/debian/time-mark-timer_stats-as-broken.patch new file mode 100644 index 000000000..4c35d732a --- /dev/null +++ b/debian/patches/debian/time-mark-timer_stats-as-broken.patch @@ -0,0 +1,21 @@ +From: Ben Hutchings +Date: Sun, 26 Feb 2017 21:01:50 +0000 +Subject: time: Mark TIMER_STATS as broken +Forwarded: not-needed +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-5967 + +This is a substitute for upstream commit dfb4357da6dd "time: Remove +CONFIG_TIMER_STATS", which avoids the need to resolve conflicts with +the PREEMPT_RT patch series. + +--- +--- a/lib/Kconfig.debug ++++ b/lib/Kconfig.debug +@@ -964,6 +964,7 @@ config DEBUG_TIMEKEEPING + config TIMER_STATS + bool "Collect kernel timers statistics" + depends on DEBUG_KERNEL && PROC_FS ++ depends on BROKEN + help + If you say Y here, additional code will be inserted into the + timer routines to collect statistics about kernel timers being diff --git a/debian/patches/series b/debian/patches/series index 558b64541..81b26aad4 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -110,6 +110,7 @@ features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.pa debian/i386-686-pae-pci-set-pci-nobios-by-default.patch bugfix/x86/kvm-fix-page-struct-leak-in-handle_vmon.patch bugfix/all/ipc-shm-fix-shmat-mmap-nil-page-protection.patch +debian/time-mark-timer_stats-as-broken.patch # Fix exported symbol versions bugfix/ia64/revert-ia64-move-exports-to-definitions.patch