diff --git a/1038-exec-Fix-mem-leak-in-kernel_read_file.patch b/1038-exec-Fix-mem-leak-in-kernel_read_file.patch new file mode 100644 index 00000000..39c66f24 --- /dev/null +++ b/1038-exec-Fix-mem-leak-in-kernel_read_file.patch @@ -0,0 +1,53 @@ +From c2b316d9b2f1113770d47dddf8dfe85882b6c695 Mon Sep 17 00:00:00 2001 +From: YueHaibing +Date: Tue, 19 Feb 2019 10:10:38 +0800 +Subject: [PATCH] exec: Fix mem leak in kernel_read_file + +[ Upstream commit f612acfae86af7ecad754ae6a46019be9da05b8e ] + +syzkaller report this: +BUG: memory leak +unreferenced object 0xffffc9000488d000 (size 9195520): + comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s) + hex dump (first 32 bytes): + ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00 ................ + 02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff ..........z..... + backtrace: + [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline] + [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline] + [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831 + [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924 + [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993 + [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895 + [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 + [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe + [<00000000241f889b>] 0xffffffffffffffff + +It should goto 'out_free' lable to free allocated buf while kernel_read +fails. + +Fixes: 39d637af5aa7 ("vfs: forbid write access when reading a file into memory") +Signed-off-by: YueHaibing +Signed-off-by: Al Viro + +Change-Id: I854547577c1e2ff7409c81ddf43a1678e13710b7 +--- + fs/exec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/exec.c b/fs/exec.c +index 1ebf6e5a521d..433b1257694a 100644 +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -929,7 +929,7 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size, + bytes = kernel_read(file, *buf + pos, i_size - pos, &pos); + if (bytes < 0) { + ret = bytes; +- goto out; ++ goto out_free; + } + + if (bytes == 0) +-- +2.17.1 + diff --git a/config-iot-lts2018-sos b/config-iot-lts2018-sos index a77cb37d..b02736ca 100644 --- a/config-iot-lts2018-sos +++ b/config-iot-lts2018-sos @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.19.23 Kernel Configuration +# Linux/x86 4.19.27 Kernel Configuration # # diff --git a/linux-iot-lts2018.spec b/linux-iot-lts2018.spec index 6b0eed56..abfbdfd8 100644 --- a/linux-iot-lts2018.spec +++ b/linux-iot-lts2018.spec @@ -14,16 +14,16 @@ # Name: linux-iot-lts2018 -Version: 4.19.23 +Version: 4.19.27 # upstream number is the number from PKT it consist in # YYMMDDHHMM a 10 length number -%global upstreamnumber 1903010958 -Release: 24 +%global upstreamnumber 1903080404 +Release: 25 License: GPL-2.0 Summary: The Linux kernel Url: http://www.kernel.org/ Group: kernel -Source0: https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.19.23.tar.xz +Source0: https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.19.27.tar.xz Source1: config-iot-lts2018 Source2: config-iot-lts2018-sos Source3: cmdline-iot-lts2018 @@ -32,8 +32,8 @@ Source5: fragment-sos # quilt.url: https://github.com/intel/linux-intel-quilt # quilt.branch: 4.19/base -# quilt.tag: lts-v4.19.23-base-190301T095825Z -# config.tag: lts-v4.19.23-base-190301T095825Z +# quilt.tag: lts-v4.19.27-base-190308T040447Z +# config.tag: lts-v4.19.27-base-190308T040447Z %define ktarget0 iot-lts2018 %define kversion0 %{version}-%{release}.%{ktarget0} @@ -1087,6 +1087,7 @@ Patch1034: 1034-media-intel-ipu4-VIRT-Making-poll-req-timeo.patch Patch1035: 1035-media-intel-ipu4-VIRT-Adding-VBS-dev-reset.patch Patch1036: 1036-ICI-Adding-delay-after-initializing-OV10635.patch Patch1037: 1037-media-i2c-ti960-ICI-Enable-TI960-and-OV495-.patch +Patch1038: 1038-exec-Fix-mem-leak-in-kernel_read_file.patch #END XXXX: PK Series # Clear Linux Series @@ -1139,7 +1140,7 @@ Requires: %{name} = %{version}-%{release}, %{name}-sos-extra = %{version}- Linux kernel build files and install script %prep -%setup -q -n linux-4.19.23 +%setup -q -n linux-4.19.27 #patchXXXX PK Series %patch0001 -p1 @@ -2179,6 +2180,7 @@ Linux kernel build files and install script %patch1035 -p1 %patch1036 -p1 %patch1037 -p1 +%patch1038 -p1 # End XXXX PK Series # Clear Linux Series diff --git a/release b/release index a45fd52c..7273c0fa 100644 --- a/release +++ b/release @@ -1 +1 @@ -24 +25 diff --git a/upstream b/upstream index 651032f6..5b6a1a21 100644 --- a/upstream +++ b/upstream @@ -1 +1 @@ -862aa74e58eebe9de8708c03b252a6d0292c8694/linux-4.19.23.tar.xz +26020278762d49d451f05ecacb948aaf9c2ca3ff/linux-4.19.27.tar.xz