diff options
author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2019-02-28 12:02:54 -0800 |
---|---|---|
committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2019-02-28 12:02:54 -0800 |
commit | 18727e9ca57dc6999916ffcfd752445ce540b8bf (patch) | |
tree | b5262148e4c6a37f85f7ce9fd3db08288f78f45b | |
parent | Updated to 4.20.12.a (diff) | |
download | linux-hardened-ck-18727e9ca57dc6999916ffcfd752445ce540b8bf.tar.xz |
Applied memory leak patch
-rw-r--r-- | PKGBUILD | 9 | ||||
-rw-r--r-- | exec-Fix-mem-leak-in-kernel_read_file.patch | 49 |
2 files changed, 56 insertions, 2 deletions
@@ -26,7 +26,7 @@ _jcpatchversion=1 _gcc_more_v='20180509' _srcname=linux-${_pkgver} pkgver=${_pkgver}.${_hardenedver} -pkgrel=1 +pkgrel=2 url='https://github.com/anthraxx/linux-hardened' #url='http://ck.kolivas.org/patches/' arch=('x86_64') @@ -51,6 +51,7 @@ source=(https://www.kernel.org/pub/linux/kernel/v4.x/linux-${_pkgver}.tar.xz 90-linux.hook # pacman hook for initramfs regeneration linux.preset # standard config files for mkinitcpio ramdisk unscrew-ck1-for-kvm-intel-symbol.patch + exec-Fix-mem-leak-in-kernel_read_file.patch ) sha256sums=('1cf544308195250805e0731c716691bea4c1ed29e03e6f9ae5be6dc16785a504' 'SKIP' @@ -64,7 +65,8 @@ sha256sums=('1cf544308195250805e0731c716691bea4c1ed29e03e6f9ae5be6dc16785a504' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' - '3e8c7d3015bb593e8a861be0b2b9f1de74fcb25e00c6e3eacee3165c6bec6f64') + '3e8c7d3015bb593e8a861be0b2b9f1de74fcb25e00c6e3eacee3165c6bec6f64' + 'bbf31b3a6af1db882cb63bd5e5385f174f2345272acaf18f129712a0a726689b') validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman @@ -109,6 +111,9 @@ prepare() { msg " Applying unscrew patch" patch -p1 -i ../unscrew-ck1-for-kvm-intel-symbol.patch + # Set memleak patch + patch -p1 -i ../exec-Fix-mem-leak-in-kernel_read_file.patch + msg2 "Setting version..." sed -e "/^EXTRAVERSION =/s/=.*/= .${_hardenedver}/" -i Makefile diff --git a/exec-Fix-mem-leak-in-kernel_read_file.patch b/exec-Fix-mem-leak-in-kernel_read_file.patch new file mode 100644 index 0000000..750e105 --- /dev/null +++ b/exec-Fix-mem-leak-in-kernel_read_file.patch @@ -0,0 +1,49 @@ +From e4817043e07f7414acdb25aa0d0689cb30a5fc2b Mon Sep 17 00:00:00 2001 +From: YueHaibing <yuehaibing@huawei.com> +Date: Tue, 19 Feb 2019 10:10:38 +0800 +Subject: [PATCH 2/3] exec: Fix mem leak in kernel_read_file + +syzkaller report this: +BUG: memory leak +unreferenced object 0xffffc9000488d000 (size 9195520): + comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s) + hex dump (first 32 bytes): + ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00 ................ + 02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff ..........z..... + backtrace: + [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline] + [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline] + [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831 + [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924 + [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993 + [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895 + [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 + [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe + [<00000000241f889b>] 0xffffffffffffffff + +It should goto 'out_free' lable to free allocated buf while kernel_read +fails. + +Fixes: 39d637af5aa7 ("vfs: forbid write access when reading a file into memory") +Signed-off-by: YueHaibing <yuehaibing@huawei.com> +Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> +--- + fs/exec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/exec.c b/fs/exec.c +index fc281b738a98..20c33029a062 100644 +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -929,7 +929,7 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size, + bytes = kernel_read(file, *buf + pos, i_size - pos, &pos); + if (bytes < 0) { + ret = bytes; +- goto out; ++ goto out_free; + } + + if (bytes == 0) +-- +2.20.1 + |