diff options
| author | Thorsten Leemhuis <fedora@leemhuis.info> | 2016-12-09 16:33:19 +0100 |
|---|---|---|
| committer | Thorsten Leemhuis <fedora@leemhuis.info> | 2016-12-09 16:33:19 +0100 |
| commit | 9312d35958e7d923e62602d69d16c778b8e98fda (patch) | |
| tree | e4e7220888b836addd84d6187c4226b6febe66f5 | |
| parent | 302a8e16ef6c9fccdaac30b7cbe5f8901bcf9409 (diff) | |
| parent | 1e69ede3e70582f8d370c82e695632a922cbd9dd (diff) | |
| download | kernel-4.8.13-300.vanilla.knurd.1.fc25.tar.gz kernel-4.8.13-300.vanilla.knurd.1.fc25.tar.xz kernel-4.8.13-300.vanilla.knurd.1.fc25.zip | |
Merge remote-tracking branch 'origin/f25' into f25-user-thl-vanilla-fedorakernel-4.8.13-300.vanilla.knurd.1.fc25
| -rw-r--r-- | 0001-Don-t-feed-anything-but-regular-iovec-s-to-blk_rq_ma.patch | 42 | ||||
| -rw-r--r-- | kernel.spec | 9 | ||||
| -rw-r--r-- | sources | 2 |
3 files changed, 51 insertions, 2 deletions
diff --git a/0001-Don-t-feed-anything-but-regular-iovec-s-to-blk_rq_ma.patch b/0001-Don-t-feed-anything-but-regular-iovec-s-to-blk_rq_ma.patch new file mode 100644 index 000000000..8c3795439 --- /dev/null +++ b/0001-Don-t-feed-anything-but-regular-iovec-s-to-blk_rq_ma.patch @@ -0,0 +1,42 @@ +From a0ac402cfcdc904f9772e1762b3fda112dcc56a0 Mon Sep 17 00:00:00 2001 +From: Linus Torvalds <torvalds@linux-foundation.org> +Date: Tue, 6 Dec 2016 16:18:14 -0800 +Subject: [PATCH] Don't feed anything but regular iovec's to + blk_rq_map_user_iov + +In theory we could map other things, but there's a reason that function +is called "user_iov". Using anything else (like splice can do) just +confuses it. + +Reported-and-tested-by: Johannes Thumshirn <jthumshirn@suse.de> +Cc: Al Viro <viro@ZenIV.linux.org.uk> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +--- + block/blk-map.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/block/blk-map.c b/block/blk-map.c +index b8657fa..27fd8d92 100644 +--- a/block/blk-map.c ++++ b/block/blk-map.c +@@ -118,6 +118,9 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq, + struct iov_iter i; + int ret; + ++ if (!iter_is_iovec(iter)) ++ goto fail; ++ + if (map_data) + copy = true; + else if (iov_iter_alignment(iter) & align) +@@ -140,6 +143,7 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq, + + unmap_rq: + __blk_rq_unmap_user(bio); ++fail: + rq->bio = NULL; + return -EINVAL; + } +-- +2.9.3 + diff --git a/kernel.spec b/kernel.spec index f7af5d2d6..03d04581a 100644 --- a/kernel.spec +++ b/kernel.spec @@ -58,7 +58,7 @@ Summary: The Linux kernel %define stable_rc 0 # Do we have a -stable update to apply? -%define stable_update 12 +%define stable_update 13 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -668,6 +668,9 @@ Patch857: 0001-packet-fix-race-condition-in-packet_set_ring.patch # CVE-2016-9793 rhbz 1402013 1402014 Patch858: 0001-net-avoid-signed-overflows-for-SO_-SND-RCV-BUFFORCE.patch +# CVE-2016-9576 rhbz 1403145 1403146 +Patch859: 0001-Don-t-feed-anything-but-regular-iovec-s-to-blk_rq_ma.patch + # END OF PATCH DEFINITIONS %endif @@ -2207,6 +2210,10 @@ fi # # %changelog +* Fri Dec 09 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.8.13-300 +- Linux v4.8.13 +- CVE-2016-9576 fix use after free in SCSI generic device interface (rhbz 1403145 1403146) + * Wed Dec 07 2016 Laura Abbott <labbott@fedoraproject.org> - Disable CONFIG_AF_KCM (rhbz 1402489) @@ -1,3 +1,3 @@ c1af0afbd3df35c1ccdc7a5118cd2d07 linux-4.8.tar.xz 0dad03f586e835d538d3e0d2cbdb9a28 perf-man-4.8.tar.gz -9a938fd7a82d8b390f957657947fe673 patch-4.8.12.xz +bc208ac66340464839ee61a4621d9384 patch-4.8.13.xz |