summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libre/linux-libre-pae/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch15
-rw-r--r--libre/linux-libre-pae/0002-exec-Fix-mem-leak-in-kernel_read_file.patch49
-rw-r--r--libre/linux-libre-pae/PKGBUILD42
-rw-r--r--libre/linux-libre-pae/config3
4 files changed, 79 insertions, 30 deletions
diff --git a/libre/linux-libre-pae/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/libre/linux-libre-pae/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
index 1acba9de4..3eb5364d2 100644
--- a/libre/linux-libre-pae/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+++ b/libre/linux-libre-pae/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
@@ -1,7 +1,8 @@
-From c0e9080c8b76a81fb0f5d2cbd920a24b7f17d11e Mon Sep 17 00:00:00 2001
+From 93e8ac0b24945cfad9b7e1a1e933436b55653627 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge.hallyn@canonical.com>
Date: Fri, 31 May 2013 19:12:12 +0100
-Subject: [PATCH] add sysctl to disallow unprivileged CLONE_NEWUSER by default
+Subject: [PATCH 1/2] add sysctl to disallow unprivileged CLONE_NEWUSER by
+ default
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
[bwh: Remove unneeded binary sysctl bits]
@@ -13,7 +14,7 @@ Signed-off-by: Daniel Micay <danielmicay@gmail.com>
3 files changed, 30 insertions(+)
diff --git a/kernel/fork.c b/kernel/fork.c
-index e2a5156bc9c3..74d59b69d494 100644
+index 906cd0c13d15..0d1d30ad91e7 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -104,6 +104,11 @@
@@ -28,7 +29,7 @@ index e2a5156bc9c3..74d59b69d494 100644
/*
* Minimum number of threads to boot the kernel
-@@ -1698,6 +1703,10 @@ static __latent_entropy struct task_struct *copy_process(
+@@ -1699,6 +1704,10 @@ static __latent_entropy struct task_struct *copy_process(
if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
return ERR_PTR(-EINVAL);
@@ -39,7 +40,7 @@ index e2a5156bc9c3..74d59b69d494 100644
/*
* Thread groups must share signals as well, and detached threads
* can only be started up within the thread group.
-@@ -2522,6 +2531,12 @@ int ksys_unshare(unsigned long unshare_flags)
+@@ -2532,6 +2541,12 @@ int ksys_unshare(unsigned long unshare_flags)
if (unshare_flags & CLONE_NEWNS)
unshare_flags |= CLONE_FS;
@@ -53,7 +54,7 @@ index e2a5156bc9c3..74d59b69d494 100644
if (err)
goto bad_unshare_out;
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index 5fc724e4e454..bea075b4bb48 100644
+index 9ee261fce89e..ab26ddeab33d 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -106,6 +106,9 @@ extern int core_uses_pid;
@@ -97,5 +98,5 @@ index 923414a246e9..6b9dbc257e34 100644
static DEFINE_MUTEX(userns_state_mutex);
--
-2.20.1
+2.21.0
diff --git a/libre/linux-libre-pae/0002-exec-Fix-mem-leak-in-kernel_read_file.patch b/libre/linux-libre-pae/0002-exec-Fix-mem-leak-in-kernel_read_file.patch
new file mode 100644
index 000000000..9378d7869
--- /dev/null
+++ b/libre/linux-libre-pae/0002-exec-Fix-mem-leak-in-kernel_read_file.patch
@@ -0,0 +1,49 @@
+From 27e47a912be60a699de9b06679b90621f2a8cdb5 Mon Sep 17 00:00:00 2001
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Tue, 19 Feb 2019 10:10:38 +0800
+Subject: [PATCH 2/2] exec: Fix mem leak in kernel_read_file
+
+syzkaller report this:
+BUG: memory leak
+unreferenced object 0xffffc9000488d000 (size 9195520):
+ comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s)
+ hex dump (first 32 bytes):
+ ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00 ................
+ 02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff ..........z.....
+ backtrace:
+ [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline]
+ [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline]
+ [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831
+ [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924
+ [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993
+ [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895
+ [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
+ [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
+ [<00000000241f889b>] 0xffffffffffffffff
+
+It should goto 'out_free' lable to free allocated buf while kernel_read
+fails.
+
+Fixes: 39d637af5aa7 ("vfs: forbid write access when reading a file into memory")
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+---
+ fs/exec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/exec.c b/fs/exec.c
+index fc281b738a98..20c33029a062 100644
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -929,7 +929,7 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size,
+ bytes = kernel_read(file, *buf + pos, i_size - pos, &pos);
+ if (bytes < 0) {
+ ret = bytes;
+- goto out;
++ goto out_free;
+ }
+
+ if (bytes == 0)
+--
+2.21.0
+
diff --git a/libre/linux-libre-pae/PKGBUILD b/libre/linux-libre-pae/PKGBUILD
index 979011c1f..7c34378ae 100644
--- a/libre/linux-libre-pae/PKGBUILD
+++ b/libre/linux-libre-pae/PKGBUILD
@@ -11,7 +11,7 @@
pkgbase=linux-libre-pae
_srcbasever=4.20-gnu
-_srcver=4.20.11-gnu
+_srcver=4.20.13-gnu
_replacesarchkernel=('linux%') # '%' gets replaced with _kernelname
_replacesoldkernels=() # '%' gets replaced with _kernelname
@@ -22,7 +22,7 @@ _archpkgver=${_srcver%-*}
pkgver=${_srcver//-/_}
pkgrel=1
arch=(i686)
-url="https://linux-libre.fsfla.org/"
+url='https://linux-libre.fsfla.org/'
license=(GPL2)
makedepends=(xmlto kmod inetutils bc libelf python-sphinx graphviz)
options=('!strip')
@@ -33,15 +33,16 @@ source=(
"https://repo.parabola.nu/other/linux-libre/logos/logo_linux_mono.pbm"{,.sig}
"https://repo.parabola.nu/other/linux-libre/logos/logo_linux_vga16.ppm"{,.sig}
# the main kernel config file
- 'config'
+ config
# pacman hooks for depmod and initramfs regeneration
- '60-linux.hook' '90-linux.hook'
+ 60-linux.hook 90-linux.hook
# standard config files for mkinitcpio ramdisk
- 'linux.preset'
+ linux.preset
# other patches
- '0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch'
- '0002-fix-Atmel-maXTouch-touchscreen-support.patch'
- '0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch'
+ 0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch
+ 0002-fix-Atmel-maXTouch-touchscreen-support.patch
+ 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+ 0002-exec-Fix-mem-leak-in-kernel_read_file.patch
)
validpgpkeys=(
'474402C8C582DAFBE389C427BCB7CF877E7D47A7' # Alexandre Oliva
@@ -49,7 +50,7 @@ validpgpkeys=(
)
sha512sums=('a4a0a25fd490c051deb32ff84ba51e8807bfc8db1ad46c22c7807e9be2e5db5e1c22c211e47fca2509d5d75d64626fb28e9bbc8ccadc565f27fe9c8e47e12dc4'
'SKIP'
- '3cb387665734be799f3c833939f0938e17216f08aff5113a85a845dcf382d997f3574e8ea30c0fb6d5e85295106a347324c3b50858939d4568b6fa25c40a05ff'
+ 'bea80ca53fef50f0987c0954653bb116770088c449bef2cf85049f45dd0c55cd38a7a33b769c8ad6b4127bd071ff8502f8e8f479df828cc641dbc0e8a7cc2d0e'
'SKIP'
'13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3'
'SKIP'
@@ -57,13 +58,14 @@ sha512sums=('a4a0a25fd490c051deb32ff84ba51e8807bfc8db1ad46c22c7807e9be2e5db5e1c2
'SKIP'
'7a3716bfe3b9f546da309c7492f3e08f8f506813afeb1c737a474c83313d5c313cf4582b65215c2cfce3b74d9d1021c96e8badafe8f6e5b01fe28d2b5c61ae78'
'SKIP'
- 'c2219cdb529725555b26f9ef64264772a8da1fc36dd608248fec80c9fddadad6ab41bf207e9355967beabb0a1116313d1f5c124a9b258f23bee1b4445ac41b29'
+ '16ba533134479ddef45a04bbe3137447c9229a4443efed4ff6948ee89c7ebcf7f8412aade03f2890d7c60a5e75e6610eb19c537139eea3452a491d2d391258d4'
'7ad5be75ee422dda3b80edd2eb614d8a9181e2c8228cd68b3881e2fb95953bf2dea6cbe7900ce1013c9de89b2802574b7b24869fc5d7a95d3cc3112c4d27063a'
'4a8b324aee4cccf3a512ad04ce1a272d14e5b05c8de90feb82075f55ea3845948d817e1b0c6f298f5816834ddd3e5ce0a0e2619866289f3c1ab8fd2f35f04f44'
'2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf'
'02af4dd2a007e41db0c63822c8ab3b80b5d25646af1906dc85d0ad9bb8bbf5236f8e381d7f91cf99ed4b0978c50aee37cb9567cdeef65b7ec3d91b882852b1af'
'b8fe56e14006ab866970ddbd501c054ae37186ddc065bb869cf7d18db8c0d455118d5bda3255fb66a0dde38b544655cfe9040ffe46e41d19830b47959b2fb168'
- '9d24dff68a11aee6b5f1b6b003b27603a8c431e76c3cb638e852cd8c0ccd2a298b1116bbad0dc816e9de7d987dcf329a5d250673067ec125760eee543f65eed5')
+ '26f3f19cf7bd5f57f74f295c7b35bcdfc40214267b982008a5198e3a18500c21ed25dafee9d607a6848b27b803ff03643c5a0d899341df7e74de43e3fd11b92a'
+ 'ba32e552f49906b88c4e6115f76c95fb710703e51acd361dcfc0284db2ea48cefa66dff36d7e429aabae56ba82763654417558c294ccea3a6e5c03deea93db71')
_kernelname=${pkgbase#linux-libre}
_replacesarchkernel=("${_replacesarchkernel[@]/\%/${_kernelname}}")
@@ -82,8 +84,9 @@ prepare() {
install -m644 -t drivers/video/logo \
../logo_linux_{clut224.ppm,vga16.ppm,mono.pbm}
- # Arch's linux patches
+ # add Arch patches
patch -p1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+ patch -p1 -i ../0002-exec-Fix-mem-leak-in-kernel_read_file.patch
# maintain the TTY over USB disconnects
# http://www.coreboot.org/EHCI_Gadget_Debug
@@ -124,22 +127,19 @@ _package() {
install=linux.install
local kernver="$(<version)"
+ local modulesdir="$pkgdir/usr/lib/modules/$kernver"
cd $_srcname
msg2 "Installing boot image..."
- local image="$pkgdir/boot/vmlinuz-$pkgbase"
- install -Dm644 "$(make -s image_name)" "$image"
+ # systemd expects to find the kernel here to allow hibernation
+ # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
+ install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz"
+ install -Dm644 "$modulesdir/vmlinuz" "$pkgdir/boot/vmlinuz-$pkgbase"
msg2 "Installing modules..."
- local modulesdir="$pkgdir/usr/lib/modules/$kernver"
- mkdir -p "$modulesdir"
make INSTALL_MOD_PATH="$pkgdir/usr" modules_install
- # systemd expects to find the kernel here to allow hibernation
- # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
- ln -sr "$image" "$modulesdir/vmlinuz"
-
# a place for external modules,
# with version file for building modules and running depmod from hook
local extramodules="extramodules$_kernelname"
@@ -261,7 +261,7 @@ _package-docs() {
provides=("${_replacesarchkernel[@]/%/-docs=${_archpkgver}}")
conflicts=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
replaces=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
-
+
local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
cd $_srcname
diff --git a/libre/linux-libre-pae/config b/libre/linux-libre-pae/config
index 3d54772e0..ebf55c457 100644
--- a/libre/linux-libre-pae/config
+++ b/libre/linux-libre-pae/config
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.20.11-gnu Kernel Configuration
+# Linux/x86 4.20.13-gnu Kernel Configuration
#
#
@@ -4918,7 +4918,6 @@ CONFIG_MFD_AS3711=y
CONFIG_MFD_AS3722=m
CONFIG_PMIC_ADP5520=y
CONFIG_MFD_AAT2870_CORE=y
-CONFIG_MFD_AT91_USART=m
CONFIG_MFD_ATMEL_FLEXCOM=m
CONFIG_MFD_ATMEL_HLCDC=m
CONFIG_MFD_BCM590XX=m