diff options
author | Justin M. Forbes <jforbes@fedoraproject.org> | 2019-03-11 10:40:08 -0500 |
---|---|---|
committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2019-03-11 10:40:08 -0500 |
commit | a1fc166d68fa3f6a6555ab15da9621301d212e81 (patch) | |
tree | 4138bd54dece3bd3f4938d0e99332672cf3722c0 | |
parent | 225f678346a5e7dcb725897fd36ae610185c6b28 (diff) | |
download | kernel-a1fc166d68fa3f6a6555ab15da9621301d212e81.tar.gz kernel-a1fc166d68fa3f6a6555ab15da9621301d212e81.tar.xz kernel-a1fc166d68fa3f6a6555ab15da9621301d212e81.zip |
Linux v4.20.15
-rw-r--r-- | CVE-2019-8980.patch | 94 | ||||
-rw-r--r-- | kernel.spec | 8 | ||||
-rw-r--r-- | sources | 2 |
3 files changed, 5 insertions, 99 deletions
diff --git a/CVE-2019-8980.patch b/CVE-2019-8980.patch deleted file mode 100644 index e97fddb85..000000000 --- a/CVE-2019-8980.patch +++ /dev/null @@ -1,94 +0,0 @@ -From mboxrd@z Thu Jan 1 00:00:00 1970 -Return-Path: <SRS0=K7k5=Q2=vger.kernel.org=linux-kernel-owner@kernel.org> -X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on - aws-us-west-2-korg-lkml-1.web.codeaurora.org -X-Spam-Level: -X-Spam-Status: No, score=-9.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, - INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,USER_AGENT_GIT - autolearn=ham autolearn_force=no version=3.4.0 -Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) - by smtp.lore.kernel.org (Postfix) with ESMTP id 57E0EC43381 - for <linux-kernel@archiver.kernel.org>; Tue, 19 Feb 2019 02:10:56 +0000 (UTC) -Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) - by mail.kernel.org (Postfix) with ESMTP id 2F614217F5 - for <linux-kernel@archiver.kernel.org>; Tue, 19 Feb 2019 02:10:56 +0000 (UTC) -Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand - id S1727560AbfBSCKy (ORCPT - <rfc822;linux-kernel@archiver.kernel.org>); - Mon, 18 Feb 2019 21:10:54 -0500 -Received: from szxga07-in.huawei.com ([45.249.212.35]:60042 "EHLO huawei.com" - rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP - id S1727030AbfBSCKx (ORCPT <rfc822;linux-kernel@vger.kernel.org>); - Mon, 18 Feb 2019 21:10:53 -0500 -Received: from DGGEMS411-HUB.china.huawei.com (unknown [172.30.72.59]) - by Forcepoint Email with ESMTP id C192C49B561BC8D7F47D; - Tue, 19 Feb 2019 10:10:51 +0800 (CST) -Received: from localhost (10.177.31.96) by DGGEMS411-HUB.china.huawei.com - (10.3.19.211) with Microsoft SMTP Server id 14.3.408.0; Tue, 19 Feb 2019 - 10:10:43 +0800 -From: YueHaibing <yuehaibing@huawei.com> -To: <viro@zeniv.linux.org.uk> -CC: <linux-kernel@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>, - <dmitry.kasatkin@huawei.com>, <keescook@chromium.org>, - YueHaibing <yuehaibing@huawei.com> -Subject: [PATCH -next] exec: Fix mem leak in kernel_read_file -Date: Tue, 19 Feb 2019 10:10:38 +0800 -Message-ID: <20190219021038.11340-1-yuehaibing@huawei.com> -X-Mailer: git-send-email 2.10.2.windows.1 -MIME-Version: 1.0 -Content-Type: text/plain -X-Originating-IP: [10.177.31.96] -X-CFilter-Loop: Reflected -Sender: linux-kernel-owner@vger.kernel.org -Precedence: bulk -List-ID: <linux-kernel.vger.kernel.org> -X-Mailing-List: linux-kernel@vger.kernel.org -Archived-At: <https://lore.kernel.org/lkml/20190219021038.11340-1-yuehaibing@huawei.com/> -List-Archive: <https://lore.kernel.org/lkml/> -List-Post: <mailto:linux-kernel@vger.kernel.org> - -syzkaller report this: -BUG: memory leak -unreferenced object 0xffffc9000488d000 (size 9195520): - comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s) - hex dump (first 32 bytes): - ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00 ................ - 02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff ..........z..... - backtrace: - [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline] - [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline] - [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831 - [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924 - [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993 - [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895 - [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 - [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe - [<00000000241f889b>] 0xffffffffffffffff - -It should goto 'out_free' lable to free allocated buf while kernel_read -fails. - -Fixes: 39d637af5aa7 ("vfs: forbid write access when reading a file into memory") -Signed-off-by: YueHaibing <yuehaibing@huawei.com> ---- - fs/exec.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/fs/exec.c b/fs/exec.c -index 7a4b5ef..2e00333 100644 ---- a/fs/exec.c -+++ b/fs/exec.c -@@ -932,7 +932,7 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size, - bytes = kernel_read(file, *buf + pos, i_size - pos, &pos); - if (bytes < 0) { - ret = bytes; -- goto out; -+ goto out_free; - } - - if (bytes == 0) --- -2.7.0 - - - diff --git a/kernel.spec b/kernel.spec index 9d05ee4b8..c01c8ef6f 100644 --- a/kernel.spec +++ b/kernel.spec @@ -54,7 +54,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 14 +%define stable_update 15 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -638,9 +638,6 @@ Patch507: CVE-2019-3459-and-CVE-2019-3460.patch # rhbz 1663613 patch merged into 5.0-rc# Patch508: 0001-drm-nouveau-register-backlight-on-pascal-and-newer.patch -# CVE-2019-8980 rhbz 1679972 1679974 -Patch510: CVE-2019-8980.patch - # rhbz 1683382 Patch511: nfsv4.1-avoid-false-retries.patch @@ -1932,6 +1929,9 @@ fi # # %changelog +* Mon Mar 11 2019 Justin M. Forbes <jforbes@fedoraproject.org> - 4.20.15-200 +- Linux v4.20.15 + * Tue Mar 05 2019 Justin M. Forbes <jforbes@fedoraproject.org> - 4.20.14-100 - Linux v4.20.14 @@ -1,2 +1,2 @@ SHA512 (linux-4.20.tar.xz) = e282399beea5da539701aed2bc131abd5bc74a970dcd344163e9d295106dfd700180e672ed546ae5e55bc6b9ac95efd5ca1de2039015c1b7a6fc9c01ea6583d4 -SHA512 (patch-4.20.14.xz) = 2743963385f1a3ecac2a36978569bcea49df7db7d126aa37f807252eda419e3bba3b2444fab0c3e0a22da17d3adbd5b77e0637ccc025d54fe51b7cc6361d4db9 +SHA512 (patch-4.20.15.xz) = 58a973130dc52f2c3ea82141d76a4c2d10f40dc35cca27a8fe569367af2a517bf0d6e8f1cd6d0eabf88a1a1a18a397fb92ca9b58ed32ad6f4f7631915503c56d |