[linux] 01/01: aufs: Update support patches to aufs4.5-20160523

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Sun May 22 23:47:38 UTC 2016 

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch sid
in repository linux.

commit 3cbe9e18c148f8bd5422ec329789c032e7f5d7ac
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Mon May 23 00:47:15 2016 +0100

    aufs: Update support patches to aufs4.5-20160523
    
    - mmap: Fix use-after-free in remap_file_pages(2)
---
 debian/changelog                                   |  4 +++
 debian/patches/features/all/aufs4/aufs4-base.patch |  2 +-
 debian/patches/features/all/aufs4/aufs4-mmap.patch | 33 ++++++++++++++++------
 .../features/all/aufs4/aufs4-standalone.patch      |  2 +-
 4 files changed, 31 insertions(+), 10 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 5f83fb7..15d4f65 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,10 @@ linux (4.5.4-2) UNRELEASED; urgency=medium
   [ Salvatore Bonaccorso ]
   * tipc: check nl sock before parsing nested attributes (CVE-2016-4951)
 
+  [ Ben Hutchings ]
+  * aufs: Update support patches to aufs4.5-20160523
+    - mmap: Fix use-after-free in remap_file_pages(2)
+
  -- Salvatore Bonaccorso <carnil at debian.org>  Sat, 21 May 2016 16:47:59 +0200
 
 linux (4.5.4-1) unstable; urgency=medium
diff --git a/debian/patches/features/all/aufs4/aufs4-base.patch b/debian/patches/features/all/aufs4/aufs4-base.patch
index edf0933..7e33414 100644
--- a/debian/patches/features/all/aufs4/aufs4-base.patch
+++ b/debian/patches/features/all/aufs4/aufs4-base.patch
@@ -1,7 +1,7 @@
 From: J. R. Okajima <hooanon05 at yahoo.co.jp>
 Date: Wed Mar 16 17:10:20 2016 +0900
 Subject: aufs4.5 base patch
-Origin: https://github.com/sfjro/aufs4-standalone/tree/91164538a2f52c72b79a657ca3675cb55152413d
+Origin: https://github.com/sfjro/aufs4-standalone/tree/0ebb0adcc850096856d38fa1f6ab0ce35244f9bf
 Bug-Debian: https://bugs.debian.org/541828
 
 Patch headers added by debian/patches/features/all/aufs4/gen-patch
diff --git a/debian/patches/features/all/aufs4/aufs4-mmap.patch b/debian/patches/features/all/aufs4/aufs4-mmap.patch
index 6f91c6c..9308a32 100644
--- a/debian/patches/features/all/aufs4/aufs4-mmap.patch
+++ b/debian/patches/features/all/aufs4/aufs4-mmap.patch
@@ -1,7 +1,7 @@
 From: J. R. Okajima <hooanon05 at yahoo.co.jp>
-Date: Wed Mar 16 17:10:20 2016 +0900
+Date: Fri May 13 12:12:34 2016 +0900
 Subject: aufs4.5 mmap patch
-Origin: https://github.com/sfjro/aufs4-standalone/tree/91164538a2f52c72b79a657ca3675cb55152413d
+Origin: https://github.com/sfjro/aufs4-standalone/tree/0ebb0adcc850096856d38fa1f6ab0ce35244f9bf
 Bug-Debian: https://bugs.debian.org/541828
 
 Patch headers added by debian/patches/features/all/aufs4/gen-patch
@@ -184,7 +184,7 @@ index 8132787..3f7de66 100644
  
  	return VM_FAULT_WRITE;
 diff --git a/mm/mmap.c b/mm/mmap.c
-index 76d1ec2..fdd163e 100644
+index 76d1ec2..298bc71 100644
 --- a/mm/mmap.c
 +++ b/mm/mmap.c
 @@ -290,7 +290,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
@@ -233,28 +233,45 @@ index 76d1ec2..fdd163e 100644
  	unlink_anon_vmas(new);
   out_free_mpol:
  	mpol_put(vma_policy(new));
-@@ -2640,7 +2640,6 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
+@@ -2640,7 +2640,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
  	struct vm_area_struct *vma;
  	unsigned long populate = 0;
  	unsigned long ret = -EINVAL;
 -	struct file *file;
++	struct file *file, *prfile;
  
  	pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. "
  			"See Documentation/vm/remap_file_pages.txt.\n",
-@@ -2708,10 +2707,10 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
+@@ -2708,10 +2708,27 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
  		}
  	}
  
 -	file = get_file(vma->vm_file);
 +	vma_get_file(vma);
++	file = vma->vm_file;
++	prfile = vma->vm_prfile;
  	ret = do_mmap_pgoff(vma->vm_file, start, size,
  			prot, flags, pgoff, &populate);
--	fput(file);
-+	vma_fput(vma);
++	if (!IS_ERR_VALUE(ret) && file && prfile) {
++		struct vm_area_struct *new_vma;
++
++		new_vma = find_vma(mm, ret);
++		if (!new_vma->vm_prfile)
++			new_vma->vm_prfile = prfile;
++		if (new_vma != vma)
++			get_file(prfile);
++	}
++	/*
++	 * two fput()s instead of vma_fput(vma),
++	 * coz vma may not be available anymore.
++	 */
+ 	fput(file);
++	if (prfile)
++		fput(prfile);
  out:
  	up_write(&mm->mmap_sem);
  	if (populate)
-@@ -2982,7 +2981,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
+@@ -2982,7 +2999,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
  		if (anon_vma_clone(new_vma, vma))
  			goto out_free_mempol;
  		if (new_vma->vm_file)
diff --git a/debian/patches/features/all/aufs4/aufs4-standalone.patch b/debian/patches/features/all/aufs4/aufs4-standalone.patch
index 3ab29fc..34e666d 100644
--- a/debian/patches/features/all/aufs4/aufs4-standalone.patch
+++ b/debian/patches/features/all/aufs4/aufs4-standalone.patch
@@ -1,7 +1,7 @@
 From: J. R. Okajima <hooanon05 at yahoo.co.jp>
 Date: Wed Mar 16 17:10:20 2016 +0900
 Subject: aufs4.5 standalone patch
-Origin: https://github.com/sfjro/aufs4-standalone/tree/91164538a2f52c72b79a657ca3675cb55152413d
+Origin: https://github.com/sfjro/aufs4-standalone/tree/0ebb0adcc850096856d38fa1f6ab0ce35244f9bf
 Bug-Debian: https://bugs.debian.org/541828
 
 Patch headers added by debian/patches/features/all/aufs4/gen-patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list