diff options
| author | Justin M. Forbes <jforbes@fedoraproject.org> | 2019-04-01 16:00:13 -0500 |
|---|---|---|
| committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2019-04-01 16:00:13 -0500 |
| commit | e6ece0fd9878bbb6bcf7e7161ef083063d7f7321 (patch) | |
| tree | d448d6ce8d9927703dad9b1051c59eb5e2d2734a | |
| parent | 91db362b5ccb3e9c42c5ca212e3c4f8cd74332c2 (diff) | |
| download | kernel-e6ece0fd9878bbb6bcf7e7161ef083063d7f7321.tar.gz kernel-e6ece0fd9878bbb6bcf7e7161ef083063d7f7321.tar.xz kernel-e6ece0fd9878bbb6bcf7e7161ef083063d7f7321.zip | |
Fix CVE-2019-9857 (rhbz 1694758 1694759)
| -rw-r--r-- | 0001-inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch | 45 | ||||
| -rw-r--r-- | kernel.spec | 6 |
2 files changed, 51 insertions, 0 deletions
diff --git a/0001-inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch b/0001-inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch new file mode 100644 index 000000000..e0c6f73a3 --- /dev/null +++ b/0001-inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch @@ -0,0 +1,45 @@ +From 62c9d2674b31d4c8a674bee86b7edc6da2803aea Mon Sep 17 00:00:00 2001 +From: ZhangXiaoxu <zhangxiaoxu5@huawei.com> +Date: Sat, 2 Mar 2019 09:17:32 +0800 +Subject: [PATCH] inotify: Fix fsnotify_mark refcount leak in + inotify_update_existing_watch() + +Commit 4d97f7d53da7dc83 ("inotify: Add flag IN_MASK_CREATE for +inotify_add_watch()") forgot to call fsnotify_put_mark() with +IN_MASK_CREATE after fsnotify_find_mark() + +Fixes: 4d97f7d53da7dc83 ("inotify: Add flag IN_MASK_CREATE for inotify_add_watch()") +Signed-off-by: ZhangXiaoxu <zhangxiaoxu5@huawei.com> +Signed-off-by: Jan Kara <jack@suse.cz> +--- + fs/notify/inotify/inotify_user.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c +index e2901fbb9f76..7b53598c8804 100644 +--- a/fs/notify/inotify/inotify_user.c ++++ b/fs/notify/inotify/inotify_user.c +@@ -519,8 +519,10 @@ static int inotify_update_existing_watch(struct fsnotify_group *group, + fsn_mark = fsnotify_find_mark(&inode->i_fsnotify_marks, group); + if (!fsn_mark) + return -ENOENT; +- else if (create) +- return -EEXIST; ++ else if (create) { ++ ret = -EEXIST; ++ goto out; ++ } + + i_mark = container_of(fsn_mark, struct inotify_inode_mark, fsn_mark); + +@@ -548,6 +550,7 @@ static int inotify_update_existing_watch(struct fsnotify_group *group, + /* return the wd */ + ret = i_mark->wd; + ++out: + /* match the get from fsnotify_find_mark() */ + fsnotify_put_mark(fsn_mark); + +-- +2.20.1 + diff --git a/kernel.spec b/kernel.spec index c2fbf0e6b..7e46635e2 100644 --- a/kernel.spec +++ b/kernel.spec @@ -625,6 +625,9 @@ Patch512: v3-tpm-fix-an-invalid-condition-in-tpm_common_poll.patch # rhbz 1683382 Patch515: nfsv4.1-avoid-false-retries.patch +# CVE-2019-9857 rhbz 1694758 1694759 +Patch516: 0001-inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch + # END OF PATCH DEFINITIONS %endif @@ -1898,6 +1901,9 @@ fi # # %changelog +* Mon Apr 01 2019 Justin M. Forbes <jforbes@fedoraproject.org> +- Fix CVE-2019-9857 (rhbz 1694758 1694759) + * Mon Apr 01 2019 Laura Abbott <labbott@redhat.com> - Ensure ioschedulers are built in (rhbz 1690604) |