Applied memory leak patch

2 files changed, 56 insertions, 2 deletions

diff --git a/PKGBUILD b/PKGBUILD
index b5955e0..0286e7a 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -26,7 +26,7 @@ _jcpatchversion=1
 _gcc_more_v='20180509'
 _srcname=linux-${_pkgver}
 pkgver=${_pkgver}.${_hardenedver}
-pkgrel=1
+pkgrel=2
 url='https://github.com/anthraxx/linux-hardened'
 #url='http://ck.kolivas.org/patches/'
 arch=('x86_64')
@@ -51,6 +51,7 @@ source=(https://www.kernel.org/pub/linux/kernel/v4.x/linux-${_pkgver}.tar.xz
         90-linux.hook  # pacman hook for initramfs regeneration
         linux.preset   # standard config files for mkinitcpio ramdisk
         unscrew-ck1-for-kvm-intel-symbol.patch
+        exec-Fix-mem-leak-in-kernel_read_file.patch
 )
 sha256sums=('1cf544308195250805e0731c716691bea4c1ed29e03e6f9ae5be6dc16785a504'
             'SKIP'
@@ -64,7 +65,8 @@ sha256sums=('1cf544308195250805e0731c716691bea4c1ed29e03e6f9ae5be6dc16785a504'
             'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
             '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
             'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
-            '3e8c7d3015bb593e8a861be0b2b9f1de74fcb25e00c6e3eacee3165c6bec6f64')
+            '3e8c7d3015bb593e8a861be0b2b9f1de74fcb25e00c6e3eacee3165c6bec6f64'
+            'bbf31b3a6af1db882cb63bd5e5385f174f2345272acaf18f129712a0a726689b')
 validpgpkeys=(
               'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
               '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
@@ -109,6 +111,9 @@ prepare() {
   msg " Applying unscrew patch"
   patch -p1 -i ../unscrew-ck1-for-kvm-intel-symbol.patch
 
+  # Set memleak patch
+  patch -p1 -i ../exec-Fix-mem-leak-in-kernel_read_file.patch
+
 
   msg2 "Setting version..."
   sed -e "/^EXTRAVERSION =/s/=.*/= .${_hardenedver}/" -i Makefile
diff --git a/exec-Fix-mem-leak-in-kernel_read_file.patch b/exec-Fix-mem-leak-in-kernel_read_file.patch
new file mode 100644
index 0000000..750e105
--- /dev/null
+++ b/exec-Fix-mem-leak-in-kernel_read_file.patch
@@ -0,0 +1,49 @@
+From e4817043e07f7414acdb25aa0d0689cb30a5fc2b Mon Sep 17 00:00:00 2001
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Tue, 19 Feb 2019 10:10:38 +0800
+Subject: [PATCH 2/3] exec: Fix mem leak in kernel_read_file
+
+syzkaller report this:
+BUG: memory leak
+unreferenced object 0xffffc9000488d000 (size 9195520):
+  comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s)
+  hex dump (first 32 bytes):
+    ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00  ................
+    02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff  ..........z.....
+  backtrace:
+    [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline]
+    [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline]
+    [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831
+    [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924
+    [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993
+    [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895
+    [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
+    [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
+    [<00000000241f889b>] 0xffffffffffffffff
+
+It should goto 'out_free' lable to free allocated buf while kernel_read
+fails.
+
+Fixes: 39d637af5aa7 ("vfs: forbid write access when reading a file into memory")
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+---
+ fs/exec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/exec.c b/fs/exec.c
+index fc281b738a98..20c33029a062 100644
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -929,7 +929,7 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size,
+ 		bytes = kernel_read(file, *buf + pos, i_size - pos, &pos);
+ 		if (bytes < 0) {
+ 			ret = bytes;
+-			goto out;
++			goto out_free;
+ 		}
+ 
+ 		if (bytes == 0)
+-- 
+2.20.1
+