diff options
author | graysky | 2019-02-26 07:41:54 -0500 |
---|---|---|
committer | graysky | 2019-02-26 07:41:54 -0500 |
commit | aeb97e1e9c0810fff00a0c504ccebfdc5c9a4ec9 (patch) | |
tree | 75787477c589dd9c0a0f1130598c4d41521aaa17 | |
parent | cc22f513b477e6fb6e764a4071c62707ab8602f6 (diff) | |
download | aur-aeb97e1e9c0810fff00a0c504ccebfdc5c9a4ec9.tar.gz |
Update to 4.20.13rc1-1
-rw-r--r-- | .SRCINFO | 20 | ||||
-rw-r--r-- | 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 22 | ||||
-rw-r--r-- | 0002-exec-Fix-mem-leak-in-kernel_read_file.patch | 49 | ||||
-rw-r--r-- | PKGBUILD | 12 |
4 files changed, 78 insertions, 25 deletions
@@ -1,7 +1,7 @@ # Generated by mksrcinfo v8 -# Thu Feb 21 20:11:04 UTC 2019 +# Tue Feb 26 12:41:54 UTC 2019 pkgbase = linux-rc - pkgver = 4.20.12rc1 + pkgver = 4.20.13rc1 pkgrel = 1 url = https://www.kernel.org/ arch = x86_64 @@ -11,24 +11,26 @@ pkgbase = linux-rc makedepends = bc makedepends = libelf options = !strip - source = https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.20.12-rc1.xz - source = https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.20.12-rc1.sign - source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.20.11.tar.xz - source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.20.11.tar.sign + source = https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.20.13-rc1.xz + source = https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.20.13-rc1.sign + source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.20.12.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.20.12.tar.sign source = config source = 60-linux.hook source = 90-linux.hook source = linux.preset source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - sha256sums = 3623d1d11b3f0f15c03fcf5bb195d0ae71d17b9bb3a88662e0c7cf9b886b6c4b + source = 0002-exec-Fix-mem-leak-in-kernel_read_file.patch + sha256sums = dfe5e7fa1cb2e6b344d8f1a388a15f1ea85c4a6eb115090f878341bc598b5006 sha256sums = SKIP - sha256sums = dcd95c41f45c8ee90e249887f4aa8657b9a4c5d0fcef69ba17e75b5304d7411f + sha256sums = 1cf544308195250805e0731c716691bea4c1ed29e03e6f9ae5be6dc16785a504 sha256sums = SKIP sha256sums = f863b3e9640161f61e859f22f2d1258c940101de8f007a207c1ede2f71d36206 sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21 sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919 sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65 - sha256sums = c6a52de5d629fdfaa35553c71e2b020c421f170ef1ca0acfc72fffe7258a6358 + sha256sums = 55823bb3ca652d917ba79860d595b479ec20c22a7c6854cbef901d44b4196316 + sha256sums = bbf31b3a6af1db882cb63bd5e5385f174f2345272acaf18f129712a0a726689b pkgname = linux-rc pkgdesc = The release candidate kernel and modules diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch index 7ce1462f2167..4a24f9ce9682 100644 --- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch @@ -1,7 +1,7 @@ -From ffc883bc93c2fed977fc82cc36305880fab10247 Mon Sep 17 00:00:00 2001 +From 884528c4629b0b333061c191d9b26081431dbfd3 Mon Sep 17 00:00:00 2001 From: Serge Hallyn <serge.hallyn@canonical.com> Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH 1/2] add sysctl to disallow unprivileged CLONE_NEWUSER by +Subject: [PATCH 1/3] add sysctl to disallow unprivileged CLONE_NEWUSER by default Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> @@ -14,10 +14,10 @@ Signed-off-by: Daniel Micay <danielmicay@gmail.com> 3 files changed, 30 insertions(+) diff --git a/kernel/fork.c b/kernel/fork.c -index f0b58479534f..8b2d927125c5 100644 +index 906cd0c13d15..0d1d30ad91e7 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -103,6 +103,11 @@ +@@ -104,6 +104,11 @@ #define CREATE_TRACE_POINTS #include <trace/events/task.h> @@ -29,7 +29,7 @@ index f0b58479534f..8b2d927125c5 100644 /* * Minimum number of threads to boot the kernel -@@ -1649,6 +1654,10 @@ static __latent_entropy struct task_struct *copy_process( +@@ -1699,6 +1704,10 @@ static __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -40,7 +40,7 @@ index f0b58479534f..8b2d927125c5 100644 /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -2467,6 +2476,12 @@ int ksys_unshare(unsigned long unshare_flags) +@@ -2532,6 +2541,12 @@ int ksys_unshare(unsigned long unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; @@ -54,10 +54,10 @@ index f0b58479534f..8b2d927125c5 100644 if (err) goto bad_unshare_out; diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index cc02050fd0c4..ce2ad2b92897 100644 +index 9ee261fce89e..ab26ddeab33d 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c -@@ -105,6 +105,9 @@ extern int core_uses_pid; +@@ -106,6 +106,9 @@ extern int core_uses_pid; extern char core_pattern[]; extern unsigned int core_pipe_limit; #endif @@ -67,7 +67,7 @@ index cc02050fd0c4..ce2ad2b92897 100644 extern int pid_max; extern int pid_max_min, pid_max_max; extern int percpu_pagelist_fraction; -@@ -514,6 +517,15 @@ static struct ctl_table kern_table[] = { +@@ -515,6 +518,15 @@ static struct ctl_table kern_table[] = { .proc_handler = proc_dointvec, }, #endif @@ -84,7 +84,7 @@ index cc02050fd0c4..ce2ad2b92897 100644 { .procname = "tainted", diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index e5222b5fb4fe..c941a66e51d1 100644 +index 923414a246e9..6b9dbc257e34 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -26,6 +26,9 @@ @@ -98,5 +98,5 @@ index e5222b5fb4fe..c941a66e51d1 100644 static DEFINE_MUTEX(userns_state_mutex); -- -2.19.1 +2.20.1 diff --git a/0002-exec-Fix-mem-leak-in-kernel_read_file.patch b/0002-exec-Fix-mem-leak-in-kernel_read_file.patch new file mode 100644 index 000000000000..750e105d3741 --- /dev/null +++ b/0002-exec-Fix-mem-leak-in-kernel_read_file.patch @@ -0,0 +1,49 @@ +From e4817043e07f7414acdb25aa0d0689cb30a5fc2b Mon Sep 17 00:00:00 2001 +From: YueHaibing <yuehaibing@huawei.com> +Date: Tue, 19 Feb 2019 10:10:38 +0800 +Subject: [PATCH 2/3] exec: Fix mem leak in kernel_read_file + +syzkaller report this: +BUG: memory leak +unreferenced object 0xffffc9000488d000 (size 9195520): + comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s) + hex dump (first 32 bytes): + ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00 ................ + 02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff ..........z..... + backtrace: + [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline] + [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline] + [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831 + [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924 + [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993 + [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895 + [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 + [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe + [<00000000241f889b>] 0xffffffffffffffff + +It should goto 'out_free' lable to free allocated buf while kernel_read +fails. + +Fixes: 39d637af5aa7 ("vfs: forbid write access when reading a file into memory") +Signed-off-by: YueHaibing <yuehaibing@huawei.com> +Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> +--- + fs/exec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/exec.c b/fs/exec.c +index fc281b738a98..20c33029a062 100644 +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -929,7 +929,7 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size, + bytes = kernel_read(file, *buf + pos, i_size - pos, &pos); + if (bytes < 0) { + ret = bytes; +- goto out; ++ goto out_free; + } + + if (bytes == 0) +-- +2.20.1 + @@ -5,8 +5,8 @@ pkgbase=linux-rc pkgrel=1 _srcname=linux-4.20 -_stable=4.20.11 -_patchver=4.20.12 +_stable=4.20.12 +_patchver=4.20.13 _rcver=1 pkgver=${_patchver}rc${_rcver} _rcpatch=patch-${_patchver}-rc${_rcver} @@ -23,21 +23,23 @@ source=( 90-linux.hook # pacman hook for initramfs regeneration linux.preset # standard config files for mkinitcpio ramdisk 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch + 0002-exec-Fix-mem-leak-in-kernel_read_file.patch # Arch-Linux-kernel-vx.xx.x-arch1.patch is not needed for rc1 ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) -sha256sums=('3623d1d11b3f0f15c03fcf5bb195d0ae71d17b9bb3a88662e0c7cf9b886b6c4b' +sha256sums=('dfe5e7fa1cb2e6b344d8f1a388a15f1ea85c4a6eb115090f878341bc598b5006' 'SKIP' - 'dcd95c41f45c8ee90e249887f4aa8657b9a4c5d0fcef69ba17e75b5304d7411f' + '1cf544308195250805e0731c716691bea4c1ed29e03e6f9ae5be6dc16785a504' 'SKIP' 'f863b3e9640161f61e859f22f2d1258c940101de8f007a207c1ede2f71d36206' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' - 'c6a52de5d629fdfaa35553c71e2b020c421f170ef1ca0acfc72fffe7258a6358') + '55823bb3ca652d917ba79860d595b479ec20c22a7c6854cbef901d44b4196316' + 'bbf31b3a6af1db882cb63bd5e5385f174f2345272acaf18f129712a0a726689b') _kernelname=${pkgbase#linux} |