Update to 4.2-rc6
This commit is contained in:
parent
76e21fd6a2
commit
5058702df6
|
@ -1,4 +1,4 @@
|
|||
linux (4.2~rc5-1~exp1) UNRELEASED; urgency=medium
|
||||
linux (4.2~rc6-1~exp1) UNRELEASED; urgency=medium
|
||||
|
||||
* New upstream release candidate
|
||||
|
||||
|
|
|
@ -1,68 +0,0 @@
|
|||
From: Benjamin Randazzo <benjamin@randazzo.fr>
|
||||
Date: Sat, 25 Jul 2015 16:36:50 +0200
|
||||
Subject: md: use kzalloc() when bitmap is disabled
|
||||
Origin: http://git.neil.brown.name/?p=md.git;a=commit;h=77ba0569d4c8389c0a2162ab0c7c16a6f3b199e4
|
||||
|
||||
In drivers/md/md.c get_bitmap_file() uses kmalloc() for creating a
|
||||
mdu_bitmap_file_t called "file".
|
||||
|
||||
5769 file = kmalloc(sizeof(*file), GFP_NOIO);
|
||||
5770 if (!file)
|
||||
5771 return -ENOMEM;
|
||||
|
||||
This structure is copied to user space at the end of the function.
|
||||
|
||||
5786 if (err == 0 &&
|
||||
5787 copy_to_user(arg, file, sizeof(*file)))
|
||||
5788 err = -EFAULT
|
||||
|
||||
But if bitmap is disabled only the first byte of "file" is initialized
|
||||
with zero, so it's possible to read some bytes (up to 4095) of kernel
|
||||
space memory from user space. This is an information leak.
|
||||
|
||||
5775 /* bitmap disabled, zero the first byte and copy out */
|
||||
5776 if (!mddev->bitmap_info.file)
|
||||
5777 file->pathname[0] = '\0';
|
||||
|
||||
Signed-off-by: Benjamin Randazzo <benjamin@randazzo.fr>
|
||||
Signed-off-by: NeilBrown <neilb@suse.com>
|
||||
---
|
||||
drivers/md/md.c | 22 +++++++++++-----------
|
||||
1 file changed, 11 insertions(+), 11 deletions(-)
|
||||
|
||||
--- a/drivers/md/md.c
|
||||
+++ b/drivers/md/md.c
|
||||
@@ -5759,22 +5759,22 @@ static int get_bitmap_file(struct mddev
|
||||
char *ptr;
|
||||
int err;
|
||||
|
||||
- file = kmalloc(sizeof(*file), GFP_NOIO);
|
||||
+ file = kzalloc(sizeof(*file), GFP_NOIO);
|
||||
if (!file)
|
||||
return -ENOMEM;
|
||||
|
||||
err = 0;
|
||||
spin_lock(&mddev->lock);
|
||||
- /* bitmap disabled, zero the first byte and copy out */
|
||||
- if (!mddev->bitmap_info.file)
|
||||
- file->pathname[0] = '\0';
|
||||
- else if ((ptr = file_path(mddev->bitmap_info.file,
|
||||
- file->pathname, sizeof(file->pathname))),
|
||||
- IS_ERR(ptr))
|
||||
- err = PTR_ERR(ptr);
|
||||
- else
|
||||
- memmove(file->pathname, ptr,
|
||||
- sizeof(file->pathname)-(ptr-file->pathname));
|
||||
+ /* bitmap enabled */
|
||||
+ if (mddev->bitmap_info.file) {
|
||||
+ ptr = file_path(mddev->bitmap_info.file, file->pathname,
|
||||
+ sizeof(file->pathname));
|
||||
+ if (IS_ERR(ptr))
|
||||
+ err = PTR_ERR(ptr);
|
||||
+ else
|
||||
+ memmove(file->pathname, ptr,
|
||||
+ sizeof(file->pathname)-(ptr-file->pathname));
|
||||
+ }
|
||||
spin_unlock(&mddev->lock);
|
||||
|
||||
if (err == 0 &&
|
|
@ -15,9 +15,9 @@ Forwarded: not-needed
|
|||
|
||||
/* describe a ptrace relationship for potential exception */
|
||||
struct ptrace_relation {
|
||||
@@ -407,7 +407,7 @@ static __init int yama_init(void)
|
||||
if (!security_module_enable("yama"))
|
||||
@@ -408,7 +408,7 @@ static __init int yama_init(void)
|
||||
return 0;
|
||||
yama_add_hooks();
|
||||
#endif
|
||||
- pr_info("Yama: becoming mindful.\n");
|
||||
+ pr_info("Yama: disabled by default; enable with sysctl kernel.yama.*\n");
|
||||
|
|
|
@ -22,7 +22,7 @@ aufs4.x-rcN standalone patch
|
|||
* Search for at least 1 mount point in the dentry's subdirs.
|
||||
--- a/fs/file_table.c
|
||||
+++ b/fs/file_table.c
|
||||
@@ -146,6 +146,7 @@ over:
|
||||
@@ -147,6 +147,7 @@ over:
|
||||
}
|
||||
return ERR_PTR(-ENFILE);
|
||||
}
|
||||
|
@ -30,13 +30,13 @@ aufs4.x-rcN standalone patch
|
|||
|
||||
/**
|
||||
* alloc_file - allocate and initialize a 'struct file'
|
||||
@@ -307,6 +308,7 @@ void put_filp(struct file *file)
|
||||
@@ -308,6 +309,7 @@ void put_filp(struct file *file)
|
||||
file_free(file);
|
||||
}
|
||||
}
|
||||
+EXPORT_SYMBOL_GPL(put_filp);
|
||||
|
||||
void __init files_init(unsigned long mempages)
|
||||
void __init files_init(void)
|
||||
{
|
||||
--- a/fs/inode.c
|
||||
+++ b/fs/inode.c
|
||||
|
@ -126,7 +126,7 @@ aufs4.x-rcN standalone patch
|
|||
|
||||
int fsnotify_add_mark(struct fsnotify_mark *mark, struct fsnotify_group *group,
|
||||
struct inode *inode, struct vfsmount *mnt, int allow_dups)
|
||||
@@ -455,6 +458,7 @@ void fsnotify_init_mark(struct fsnotify_
|
||||
@@ -475,6 +478,7 @@ void fsnotify_init_mark(struct fsnotify_
|
||||
atomic_set(&mark->refcnt, 1);
|
||||
mark->free_mark = free_mark;
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@ This standalone version doesn't include making the variable read-only
|
|||
---
|
||||
--- a/include/linux/perf_event.h
|
||||
+++ b/include/linux/perf_event.h
|
||||
@@ -851,6 +851,11 @@ extern int perf_cpu_time_max_percent_han
|
||||
@@ -898,6 +898,11 @@ extern int perf_cpu_time_max_percent_han
|
||||
loff_t *ppos);
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@ This standalone version doesn't include making the variable read-only
|
|||
return sysctl_perf_event_paranoid > -1;
|
||||
--- a/kernel/events/core.c
|
||||
+++ b/kernel/events/core.c
|
||||
@@ -172,8 +172,13 @@ static struct srcu_struct pmus_srcu;
|
||||
@@ -174,8 +174,13 @@ static struct srcu_struct pmus_srcu;
|
||||
* 0 - disallow raw tracepoint access for unpriv
|
||||
* 1 - disallow cpu events for unpriv
|
||||
* 2 - disallow kernel profiling for unpriv
|
||||
|
@ -38,7 +38,7 @@ This standalone version doesn't include making the variable read-only
|
|||
|
||||
/* Minimum for 512 kiB + 1 user control page */
|
||||
int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
|
||||
@@ -7892,6 +7897,11 @@ SYSCALL_DEFINE5(perf_event_open,
|
||||
@@ -7904,6 +7909,11 @@ SYSCALL_DEFINE5(perf_event_open,
|
||||
if (flags & ~PERF_FLAG_ALL)
|
||||
return -EINVAL;
|
||||
|
||||
|
|
|
@ -79,8 +79,6 @@ bugfix/all/kernel-doc-set-man-page-date.patch
|
|||
# Miscellaneous features
|
||||
features/all/efi-autoload-efi-pstore.patch
|
||||
|
||||
bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch
|
||||
|
||||
# Hardening from grsecurity
|
||||
features/all/grsecurity/grsecurity-kconfig.patch
|
||||
# Disabled until we add code into the grsecurity/ directory
|
||||
|
|
Loading…
Reference in New Issue