diff options
4 files changed, 79 insertions, 30 deletions
diff --git a/libre/linux-libre-pae/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/libre/linux-libre-pae/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch index 1acba9de4..3eb5364d2 100644 --- a/libre/linux-libre-pae/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ b/libre/linux-libre-pae/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch @@ -1,7 +1,8 @@ -From c0e9080c8b76a81fb0f5d2cbd920a24b7f17d11e Mon Sep 17 00:00:00 2001 +From 93e8ac0b24945cfad9b7e1a1e933436b55653627 Mon Sep 17 00:00:00 2001 From: Serge Hallyn <serge.hallyn@canonical.com> Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH] add sysctl to disallow unprivileged CLONE_NEWUSER by default +Subject: [PATCH 1/2] add sysctl to disallow unprivileged CLONE_NEWUSER by + default Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> [bwh: Remove unneeded binary sysctl bits] @@ -13,7 +14,7 @@ Signed-off-by: Daniel Micay <danielmicay@gmail.com> 3 files changed, 30 insertions(+) diff --git a/kernel/fork.c b/kernel/fork.c -index e2a5156bc9c3..74d59b69d494 100644 +index 906cd0c13d15..0d1d30ad91e7 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -104,6 +104,11 @@ @@ -28,7 +29,7 @@ index e2a5156bc9c3..74d59b69d494 100644 /* * Minimum number of threads to boot the kernel -@@ -1698,6 +1703,10 @@ static __latent_entropy struct task_struct *copy_process( +@@ -1699,6 +1704,10 @@ static __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -39,7 +40,7 @@ index e2a5156bc9c3..74d59b69d494 100644 /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -2522,6 +2531,12 @@ int ksys_unshare(unsigned long unshare_flags) +@@ -2532,6 +2541,12 @@ int ksys_unshare(unsigned long unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; @@ -53,7 +54,7 @@ index e2a5156bc9c3..74d59b69d494 100644 if (err) goto bad_unshare_out; diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index 5fc724e4e454..bea075b4bb48 100644 +index 9ee261fce89e..ab26ddeab33d 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -106,6 +106,9 @@ extern int core_uses_pid; @@ -97,5 +98,5 @@ index 923414a246e9..6b9dbc257e34 100644 static DEFINE_MUTEX(userns_state_mutex); -- -2.20.1 +2.21.0 diff --git a/libre/linux-libre-pae/0002-exec-Fix-mem-leak-in-kernel_read_file.patch b/libre/linux-libre-pae/0002-exec-Fix-mem-leak-in-kernel_read_file.patch new file mode 100644 index 000000000..9378d7869 --- /dev/null +++ b/libre/linux-libre-pae/0002-exec-Fix-mem-leak-in-kernel_read_file.patch @@ -0,0 +1,49 @@ +From 27e47a912be60a699de9b06679b90621f2a8cdb5 Mon Sep 17 00:00:00 2001 +From: YueHaibing <yuehaibing@huawei.com> +Date: Tue, 19 Feb 2019 10:10:38 +0800 +Subject: [PATCH 2/2] exec: Fix mem leak in kernel_read_file + +syzkaller report this: +BUG: memory leak +unreferenced object 0xffffc9000488d000 (size 9195520): + comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s) + hex dump (first 32 bytes): + ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00 ................ + 02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff ..........z..... + backtrace: + [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline] + [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline] + [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831 + [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924 + [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993 + [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895 + [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 + [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe + [<00000000241f889b>] 0xffffffffffffffff + +It should goto 'out_free' lable to free allocated buf while kernel_read +fails. + +Fixes: 39d637af5aa7 ("vfs: forbid write access when reading a file into memory") +Signed-off-by: YueHaibing <yuehaibing@huawei.com> +Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> +--- + fs/exec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/exec.c b/fs/exec.c +index fc281b738a98..20c33029a062 100644 +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -929,7 +929,7 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size, + bytes = kernel_read(file, *buf + pos, i_size - pos, &pos); + if (bytes < 0) { + ret = bytes; +- goto out; ++ goto out_free; + } + + if (bytes == 0) +-- +2.21.0 + diff --git a/libre/linux-libre-pae/PKGBUILD b/libre/linux-libre-pae/PKGBUILD index 979011c1f..7c34378ae 100644 --- a/libre/linux-libre-pae/PKGBUILD +++ b/libre/linux-libre-pae/PKGBUILD @@ -11,7 +11,7 @@ pkgbase=linux-libre-pae _srcbasever=4.20-gnu -_srcver=4.20.11-gnu +_srcver=4.20.13-gnu _replacesarchkernel=('linux%') # '%' gets replaced with _kernelname _replacesoldkernels=() # '%' gets replaced with _kernelname @@ -22,7 +22,7 @@ _archpkgver=${_srcver%-*} pkgver=${_srcver//-/_} pkgrel=1 arch=(i686) -url="https://linux-libre.fsfla.org/" +url='https://linux-libre.fsfla.org/' license=(GPL2) makedepends=(xmlto kmod inetutils bc libelf python-sphinx graphviz) options=('!strip') @@ -33,15 +33,16 @@ source=( "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_mono.pbm"{,.sig} "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_vga16.ppm"{,.sig} # the main kernel config file - 'config' + config # pacman hooks for depmod and initramfs regeneration - '60-linux.hook' '90-linux.hook' + 60-linux.hook 90-linux.hook # standard config files for mkinitcpio ramdisk - 'linux.preset' + linux.preset # other patches - '0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch' - '0002-fix-Atmel-maXTouch-touchscreen-support.patch' - '0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch' + 0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch + 0002-fix-Atmel-maXTouch-touchscreen-support.patch + 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch + 0002-exec-Fix-mem-leak-in-kernel_read_file.patch ) validpgpkeys=( '474402C8C582DAFBE389C427BCB7CF877E7D47A7' # Alexandre Oliva @@ -49,7 +50,7 @@ validpgpkeys=( ) sha512sums=('a4a0a25fd490c051deb32ff84ba51e8807bfc8db1ad46c22c7807e9be2e5db5e1c22c211e47fca2509d5d75d64626fb28e9bbc8ccadc565f27fe9c8e47e12dc4' 'SKIP' - '3cb387665734be799f3c833939f0938e17216f08aff5113a85a845dcf382d997f3574e8ea30c0fb6d5e85295106a347324c3b50858939d4568b6fa25c40a05ff' + 'bea80ca53fef50f0987c0954653bb116770088c449bef2cf85049f45dd0c55cd38a7a33b769c8ad6b4127bd071ff8502f8e8f479df828cc641dbc0e8a7cc2d0e' 'SKIP' '13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3' 'SKIP' @@ -57,13 +58,14 @@ sha512sums=('a4a0a25fd490c051deb32ff84ba51e8807bfc8db1ad46c22c7807e9be2e5db5e1c2 'SKIP' '7a3716bfe3b9f546da309c7492f3e08f8f506813afeb1c737a474c83313d5c313cf4582b65215c2cfce3b74d9d1021c96e8badafe8f6e5b01fe28d2b5c61ae78' 'SKIP' - 'c2219cdb529725555b26f9ef64264772a8da1fc36dd608248fec80c9fddadad6ab41bf207e9355967beabb0a1116313d1f5c124a9b258f23bee1b4445ac41b29' + '16ba533134479ddef45a04bbe3137447c9229a4443efed4ff6948ee89c7ebcf7f8412aade03f2890d7c60a5e75e6610eb19c537139eea3452a491d2d391258d4' '7ad5be75ee422dda3b80edd2eb614d8a9181e2c8228cd68b3881e2fb95953bf2dea6cbe7900ce1013c9de89b2802574b7b24869fc5d7a95d3cc3112c4d27063a' '4a8b324aee4cccf3a512ad04ce1a272d14e5b05c8de90feb82075f55ea3845948d817e1b0c6f298f5816834ddd3e5ce0a0e2619866289f3c1ab8fd2f35f04f44' '2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf' '02af4dd2a007e41db0c63822c8ab3b80b5d25646af1906dc85d0ad9bb8bbf5236f8e381d7f91cf99ed4b0978c50aee37cb9567cdeef65b7ec3d91b882852b1af' 'b8fe56e14006ab866970ddbd501c054ae37186ddc065bb869cf7d18db8c0d455118d5bda3255fb66a0dde38b544655cfe9040ffe46e41d19830b47959b2fb168' - '9d24dff68a11aee6b5f1b6b003b27603a8c431e76c3cb638e852cd8c0ccd2a298b1116bbad0dc816e9de7d987dcf329a5d250673067ec125760eee543f65eed5') + '26f3f19cf7bd5f57f74f295c7b35bcdfc40214267b982008a5198e3a18500c21ed25dafee9d607a6848b27b803ff03643c5a0d899341df7e74de43e3fd11b92a' + 'ba32e552f49906b88c4e6115f76c95fb710703e51acd361dcfc0284db2ea48cefa66dff36d7e429aabae56ba82763654417558c294ccea3a6e5c03deea93db71') _kernelname=${pkgbase#linux-libre} _replacesarchkernel=("${_replacesarchkernel[@]/\%/${_kernelname}}") @@ -82,8 +84,9 @@ prepare() { install -m644 -t drivers/video/logo \ ../logo_linux_{clut224.ppm,vga16.ppm,mono.pbm} - # Arch's linux patches + # add Arch patches patch -p1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch + patch -p1 -i ../0002-exec-Fix-mem-leak-in-kernel_read_file.patch # maintain the TTY over USB disconnects # http://www.coreboot.org/EHCI_Gadget_Debug @@ -124,22 +127,19 @@ _package() { install=linux.install local kernver="$(<version)" + local modulesdir="$pkgdir/usr/lib/modules/$kernver" cd $_srcname msg2 "Installing boot image..." - local image="$pkgdir/boot/vmlinuz-$pkgbase" - install -Dm644 "$(make -s image_name)" "$image" + # systemd expects to find the kernel here to allow hibernation + # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344 + install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz" + install -Dm644 "$modulesdir/vmlinuz" "$pkgdir/boot/vmlinuz-$pkgbase" msg2 "Installing modules..." - local modulesdir="$pkgdir/usr/lib/modules/$kernver" - mkdir -p "$modulesdir" make INSTALL_MOD_PATH="$pkgdir/usr" modules_install - # systemd expects to find the kernel here to allow hibernation - # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344 - ln -sr "$image" "$modulesdir/vmlinuz" - # a place for external modules, # with version file for building modules and running depmod from hook local extramodules="extramodules$_kernelname" @@ -261,7 +261,7 @@ _package-docs() { provides=("${_replacesarchkernel[@]/%/-docs=${_archpkgver}}") conflicts=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}") replaces=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}") - + local builddir="$pkgdir/usr/lib/modules/$(<version)/build" cd $_srcname diff --git a/libre/linux-libre-pae/config b/libre/linux-libre-pae/config index 3d54772e0..ebf55c457 100644 --- a/libre/linux-libre-pae/config +++ b/libre/linux-libre-pae/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.20.11-gnu Kernel Configuration +# Linux/x86 4.20.13-gnu Kernel Configuration # # @@ -4918,7 +4918,6 @@ CONFIG_MFD_AS3711=y CONFIG_MFD_AS3722=m CONFIG_PMIC_ADP5520=y CONFIG_MFD_AAT2870_CORE=y -CONFIG_MFD_AT91_USART=m CONFIG_MFD_ATMEL_FLEXCOM=m CONFIG_MFD_ATMEL_HLCDC=m CONFIG_MFD_BCM590XX=m |