diff --git a/Patches/Linux_CVEs-New/CVE-2014-9922/ANY/1.patch.base64 b/Patches/Linux_CVEs-New/CVE-2014-9922/ANY/1.patch.base64 deleted file mode 100644 index f91e9cd3..00000000 --- a/Patches/Linux_CVEs-New/CVE-2014-9922/ANY/1.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSBjYjZkNjg0MTFmZjUwNmM0OWQ1Yzc3OThkZjQyNjM0MjQxN2NjNTEzCnBhcmVudCA1NjUyNWQ1ZmQzNzVlYWJlZjJiZjU5OGE2ZThiYzQ2NmRmZDY4ZjkxCmF1dGhvciBBbmRyZXcgQ2hhbnQgPGFjaGFudEBnb29nbGUuY29tPiAxNDg2NTk2ODI4IC0wODAwCmNvbW1pdHRlciBKb2huIERpYXMgPGpvYW9kaWFzQGdvb2dsZS5jb20+IDE0ODcyMTI0MjYgKzAwMDAKCnNkY2FyZGZzOiBsaW1pdCBzdGFja2luZyBkZXB0aAoKTGltaXQgZmlsZXN5c3RlbSBzdGFja2luZyB0byBwcmV2ZW50IHN0YWNrIG92ZXJmbG93LgoKQnVnOiAzMjc2MTQ2MwpDaGFuZ2UtSWQ6IEk4YjE0NjJiOWMwZDZjN2YwMGNmMTEwNzI0ZmZiMTdlN2YzMDdjNTFlClNpZ25lZC1vZmYtYnk6IEFuZHJldyBDaGFudCA8YWNoYW50QGdvb2dsZS5jb20+Cg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2015-1534/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2015-1534/ANY/0.patch.base64 deleted file mode 100644 index f7231bb6..00000000 --- a/Patches/Linux_CVEs-New/CVE-2015-1534/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSBkZWNmNTU4OGI2YzA1NzM5ODg0YzViNThhYmY5YzE1ZTk2MmY2YTZlCnBhcmVudCBjODc1ZWViODY4MzUzZDNjYmVmMGVmNWRhYWJkYzU0ZTNkYzQyNTlmCmF1dGhvciBSaWxleSBBbmRyZXdzIDxyaWFuZHJld3NAYW5kcm9pZC5jb20+IDE0MzI4NTEwMTQgLTA3MDAKY29tbWl0dGVyIFRoaWVycnkgU3RydWRlbCA8dHN0cnVkZWxAZ29vZ2xlLmNvbT4gMTQzMzIwMzU4NiAtMDcwMAoKYW5kcm9pZDogZHJpdmVyczogd29ya2Fyb3VuZCBkZWJ1Z2ZzIHJhY2UgaW4gYmluZGVyCgpJZiBhIC9kL2JpbmRlci9wcm9jL1twaWRdIGVudHJ5IGlzIGtlcHQgb3BlbiBhZnRlciBsaW51eCBoYXMKdG9ybiBkb3duIHRoZSBhc3NvY2lhdGVkIHByb2Nlc3MsIGJpbmRlcl9wcm9jX3Nob3cgY2FuIGRlZmVyZW5jZQphbiBpbnZhbGlkIGJpbmRlcl9wcm9jIHRoYXQgaGFzIGJlZW4gc3Rhc2hlZCBpbiB0aGUgZGVidWdmcwppbm9kZS4gIFZhbGlkYXRlIHRoYXQgdGhlIGJpbmRlcl9wcm9jIHB0ciBwYXNzZWQgaW50byBiaW5kZXJfcHJvY19zaG93CmhhcyBub3QgYmVlbiBmcmVlZCBieSBsb29raW5nIGZvciBpdCB3aXRoaW4gdGhlIGdsb2JhbCBwcm9jZXNzIGxpc3QKd2hpbHN0IHRoZSBnbG9iYWwgbG9jayBpcyBoZWxkLiBJZiB0aGUgcHRyIGlzIG5vdCB2YWxpZCwgcHJpbnQgbm90aGluZy4KCkJ1ZyAxOTU4NzQ4MwpDaGFuZ2UtSWQ6IEljZTg3OGMxNzFkYjUxZWY5YTQ4NzljMmY5Mjk5YTJkZWI4NzNkMjU1ClNpZ25lZC1vZmYtYnk6IFJpbGV5IEFuZHJld3MgPHJpYW5kcmV3c0BhbmRyb2lkLmNvbT4K \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-10044/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2016-10044/ANY/0.patch.base64 deleted file mode 100644 index 12505dd3..00000000 --- a/Patches/Linux_CVEs-New/CVE-2016-10044/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSAwMGY1OGIzOTE4ZTQ0OGQxZDRhMTFjY2ExODY4OWRkYTc4ZmJlYzJkCnBhcmVudCBmNjMwZDc5ZGRkM2YzZjYwYWYyZjZmODQ5ZmUwN2ZhMjlmNzM4YWQzCmF1dGhvciBKYW5uIEhvcm4gPGphbm5AdGhlamgubmV0PiAxNDc4NTU4MDg0IC0wODAwCmNvbW1pdHRlciBQYXQgVGppbiA8cGF0dGppbkBnb29nbGUuY29tPiAxNDgxMDk1ODgwICswMDAwCgpCQUNLUE9SVDogYWlvOiBtYXJrIEFJTyBwc2V1ZG8tZnMgbm9leGVjCgpUaGlzIGVuc3VyZXMgdGhhdCBkb19tbWFwKCkgd29uJ3QgaW1wbGljaXRseSBtYWtlIEFJTyBtZW1vcnkgbWFwcGluZ3MKZXhlY3V0YWJsZSBpZiB0aGUgUkVBRF9JTVBMSUVTX0VYRUMgcGVyc29uYWxpdHkgZmxhZyBpcyBzZXQuICBTdWNoCmJlaGF2aW9yIGlzIHByb2JsZW1hdGljIGJlY2F1c2UgdGhlIHNlY3VyaXR5X21tYXBfZmlsZSBMU00gaG9vayBkb2Vzbid0CmNhdGNoIHRoaXMgY2FzZSwgcG90ZW50aWFsbHkgcGVybWl0dGluZyBhbiBhdHRhY2tlciB0byBieXBhc3MgYSBXXlgKcG9saWN5IGVuZm9yY2VkIGJ5IFNFTGludXguCgpJIGhhdmUgdGVzdGVkIHRoZSBwYXRjaCBvbiBteSBtYWNoaW5lLgoKVG8gdGVzdCB0aGUgYmVoYXZpb3IsIGNvbXBpbGUgYW5kIHJ1biB0aGlzOgoKICAgICNkZWZpbmUgX0dOVV9TT1VSQ0UKICAgICNpbmNsdWRlIDx1bmlzdGQuaD4KICAgICNpbmNsdWRlIDxzeXMvcGVyc29uYWxpdHkuaD4KICAgICNpbmNsdWRlIDxsaW51eC9haW9fYWJpLmg+CiAgICAjaW5jbHVkZSA8ZXJyLmg+CiAgICAjaW5jbHVkZSA8c3RkbGliLmg+CiAgICAjaW5jbHVkZSA8c3RkaW8uaD4KICAgICNpbmNsdWRlIDxzeXMvc3lzY2FsbC5oPgoKICAgIGludCBtYWluKHZvaWQpIHsKICAgICAgICBwZXJzb25hbGl0eShSRUFEX0lNUExJRVNfRVhFQyk7CiAgICAgICAgYWlvX2NvbnRleHRfdCBjdHggPSAwOwogICAgICAgIGlmIChzeXNjYWxsKF9fTlJfaW9fc2V0dXAsIDEsICZjdHgpKQogICAgICAgICAgICBlcnIoMSwgImlvX3NldHVwIik7CgogICAgICAgIGNoYXIgY21kWzEwMDBdOwogICAgICAgIHNwcmludGYoY21kLCAiY2F0IC9wcm9jLyVkL21hcHMgfCBncmVwIC1GICcvW2Fpb10nIiwKICAgICAgICAgICAgKGludClnZXRwaWQoKSk7CiAgICAgICAgc3lzdGVtKGNtZCk7CiAgICAgICAgcmV0dXJuIDA7CiAgICB9CgpJbiB0aGUgb3V0cHV0LCAicnctcyIgaXMgZ29vZCwgInJ3eHMiIGlzIGJhZC4KClNpZ25lZC1vZmYtYnk6IEphbm4gSG9ybiA8amFubkB0aGVqaC5uZXQ+ClNpZ25lZC1vZmYtYnk6IExpbnVzIFRvcnZhbGRzIDx0b3J2YWxkc0BsaW51eC1mb3VuZGF0aW9uLm9yZz4KKGNoZXJyeSBwaWNrZWQgZnJvbSBjb21taXQgMjJmNmI0ZDM0ZmNmMDM5YzYzYTk0ZTc2NzBlMGRhMjRmODU3NWE1YSkKCkJ1ZzogMzE3MTE2MTkKQ2hhbmdlLUlkOiBJYjRmZmQzMGI2MWYxZDliYTYyOTA0OWY2NWEyMWFmYmY5NGUyNWNmZAo= \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-10044/ANY/1.patch.base64 b/Patches/Linux_CVEs-New/CVE-2016-10044/ANY/1.patch.base64 deleted file mode 100644 index 82d872e2..00000000 --- a/Patches/Linux_CVEs-New/CVE-2016-10044/ANY/1.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSAwNDNlNjcwOTBhYWQ2MTIzNTcwMWZjMzI1M2EzMzkwNDZjMzc1ZDQxCnBhcmVudCA1ZGI0MTY3Yzk5MjRjNjhhYjk1NTRiYmEzYTk4ZWNmZDE0YjkxYThlCmF1dGhvciBOaWNrIERlc2F1bG5pZXJzIDxuZGVzYXVsbmllcnNAZ29vZ2xlLmNvbT4gMTQ3OTQ5NDY1NiAtMDgwMApjb21taXR0ZXIgUGF0IFRqaW4gPHBhdHRqaW5AZ29vZ2xlLmNvbT4gMTQ4MTA5NTE5NSArMDAwMAoKQkFDS1BPUlQ6IGFpbzogbWFyayBBSU8gcHNldWRvLWZzIG5vZXhlYwoKVGhpcyBlbnN1cmVzIHRoYXQgZG9fbW1hcCgpIHdvbid0IGltcGxpY2l0bHkgbWFrZSBBSU8gbWVtb3J5IG1hcHBpbmdzCmV4ZWN1dGFibGUgaWYgdGhlIFJFQURfSU1QTElFU19FWEVDIHBlcnNvbmFsaXR5IGZsYWcgaXMgc2V0LiAgU3VjaApiZWhhdmlvciBpcyBwcm9ibGVtYXRpYyBiZWNhdXNlIHRoZSBzZWN1cml0eV9tbWFwX2ZpbGUgTFNNIGhvb2sgZG9lc24ndApjYXRjaCB0aGlzIGNhc2UsIHBvdGVudGlhbGx5IHBlcm1pdHRpbmcgYW4gYXR0YWNrZXIgdG8gYnlwYXNzIGEgV15YCnBvbGljeSBlbmZvcmNlZCBieSBTRUxpbnV4LgoKSSBoYXZlIHRlc3RlZCB0aGUgcGF0Y2ggb24gbXkgbWFjaGluZS4KClRvIHRlc3QgdGhlIGJlaGF2aW9yLCBjb21waWxlIGFuZCBydW4gdGhpczoKCiAgICAjZGVmaW5lIF9HTlVfU09VUkNFCiAgICAjaW5jbHVkZSA8dW5pc3RkLmg+CiAgICAjaW5jbHVkZSA8c3lzL3BlcnNvbmFsaXR5Lmg+CiAgICAjaW5jbHVkZSA8bGludXgvYWlvX2FiaS5oPgogICAgI2luY2x1ZGUgPGVyci5oPgogICAgI2luY2x1ZGUgPHN0ZGxpYi5oPgogICAgI2luY2x1ZGUgPHN0ZGlvLmg+CiAgICAjaW5jbHVkZSA8c3lzL3N5c2NhbGwuaD4KCiAgICBpbnQgbWFpbih2b2lkKSB7CiAgICAgICAgcGVyc29uYWxpdHkoUkVBRF9JTVBMSUVTX0VYRUMpOwogICAgICAgIGFpb19jb250ZXh0X3QgY3R4ID0gMDsKICAgICAgICBpZiAoc3lzY2FsbChfX05SX2lvX3NldHVwLCAxLCAmY3R4KSkKICAgICAgICAgICAgZXJyKDEsICJpb19zZXR1cCIpOwoKICAgICAgICBjaGFyIGNtZFsxMDAwXTsKICAgICAgICBzcHJpbnRmKGNtZCwgImNhdCAvcHJvYy8lZC9tYXBzIHwgZ3JlcCAtRiAnL1thaW9dJyIsCiAgICAgICAgICAgIChpbnQpZ2V0cGlkKCkpOwogICAgICAgIHN5c3RlbShjbWQpOwogICAgICAgIHJldHVybiAwOwogICAgfQoKSW4gdGhlIG91dHB1dCwgInJ3LXMiIGlzIGdvb2QsICJyd3hzIiBpcyBiYWQuCgpTaWduZWQtb2ZmLWJ5OiBKYW5uIEhvcm4gPGphbm5AdGhlamgubmV0PgpTaWduZWQtb2ZmLWJ5OiBMaW51cyBUb3J2YWxkcyA8dG9ydmFsZHNAbGludXgtZm91bmRhdGlvbi5vcmc+CihjaGVycnkgcGlja2VkIGZyb20gY29tbWl0IDIyZjZiNGQzNGZjZjAzOWM2M2E5NGU3NjcwZTBkYTI0Zjg1NzVhNWEpCgpCdWc6IDMxNzExNjE5CkNoYW5nZS1JZDogSTlmMjg3MjcwM2JlZjI0MGQ2YjgyMzIwYzc0NDUyOTQ1OWJiMDc2ZGMK \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-2443/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2016-2443/ANY/0.patch.base64 deleted file mode 100644 index 1c6dc638..00000000 --- a/Patches/Linux_CVEs-New/CVE-2016-2443/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSA4NjhlZGQwNmEyMmY1ZjFlODQ4MWQxMWUyOWU1OWE1YzcwMGVkZTI5CnBhcmVudCBhMDBkYWZkNjUyZTVlZjc1ZmNlZDk3YWRmNWRlZWE3ZWE3YjhiMTZkCmF1dGhvciBOYXNlZXIgQWhtZWQgPG5hc2VlckBjb2RlYXVyb3JhLm9yZz4gMTQ1ODE2MTA1MCAtMDQwMApjb21taXR0ZXIgWXVhbiBMaW4gPHl1YWxpbkBnb29nbGUuY29tPiAxNDU4ODg4MjY4IC0wNzAwCgptc21fZmI6IGRpc3BsYXk6IEVuYWJsZSBkaXNwbGF5IGRlYnVnZ2luZyB0aHJvdWdoIG1kcCBkZWJ1Z2ZzCgpDaGFuZ2UgdGhlIGNvbmZpZyBmcm9tIERFQlVHX0ZTIHRvIE1EUF9ERUJVR19GUyB0byBkdW1wIGFuZAp3cml0ZSB0aGUgTURQLCBNRERJIGFuZCBIRE1JIGRlYnVnIHJlZ2lzdGVycy4gQnkgZGVmYXVsdApDT05GSUdfTURQX0RFQlVHX0ZTIHNob3VsZCBiZSBkaXNhYmxlZCBhbmQgY2FuIGJlIGVuYWJsZWQKdGhyb3VnaCBkZWZjb25maWcgZmlsZS4KCkNoYW5nZS1JZDogSTJlZDhkY2MzMGIxOWE4MDkxMjczNGVjMTNmMjRhNjczNTFjMzgzMTUKU2lnbmVkLW9mZi1ieTogUmFnaGF2ZW5kcmEgQW1iYWRhcyA8cmFtYmFkQGNvZGVhdXJvcmEub3JnPgpTaWduZWQtb2ZmLWJ5OiBOYXNlZXIgQWhtZWQgPG5hc2VlckBjb2RlYXVyb3JhLm9yZz4KQlVHPTI2NDA0NTI1Cg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-2466/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2016-2466/ANY/0.patch.base64 deleted file mode 100644 index ed869965..00000000 --- a/Patches/Linux_CVEs-New/CVE-2016-2466/ANY/0.patch.base64 +++ /dev/null @@ -1,58 +0,0 @@ -Diff - 8292fe595c99ccbcb5e73debdba21d5f1ad91ef6^! - kernel/msm.git - Git at Google
Google Git
Sign in
android / kernel / msm.git / 8292fe595c99ccbcb5e73debdba21d5f1ad91ef6^! / .
commit8292fe595c99ccbcb5e73debdba21d5f1ad91ef6[log] [tgz]
authorBen Romberger <bromberg@codeaurora.org>Thu Apr 14 14:35:10 2016 -0700
committerYuan Lin <yualin@google.com>Wed Apr 20 17:53:33 2016 -0700
treed43e1c522da03f52f6b6082235fc29fdde35cab3
parent27e5b60af8b7b1fd289b1438a69866a125dacbdc [diff]
ASoC: msm: Add bounds checking to ADM get params
-
-Add additional bounds checking to ADM get params.
-Validate that all buffer sizes are valid before
-dereferencing.
-
-BUG=27947307
-
-Change-Id: Iae3643985b5b72b78606f4dff94f8068ee0ddc09
-
diff --git a/sound/soc/msm/qdsp6v2/q6adm.c b/sound/soc/msm/qdsp6v2/q6adm.c
-index 08caf51..14565cc 100644
---- a/sound/soc/msm/qdsp6v2/q6adm.c
-+++ b/sound/soc/msm/qdsp6v2/q6adm.c
-
@@ -508,9 +508,18 @@
- 		rc = -EINVAL;
- 		goto adm_get_param_return;
- 	}
--	if (params_data) {
-+	if ((params_data) &&
-+	    (ARRAY_SIZE(adm_get_parameters) > 0) &&
-+	    (ARRAY_SIZE(adm_get_parameters) >= 1+adm_get_parameters[0]) &&
-+	    (params_length/sizeof(int) >= adm_get_parameters[0])) {
- 		for (i = 0; i < adm_get_parameters[0]; i++)
- 			params_data[i] = adm_get_parameters[1+i];
-+	} else {
-+		pr_err("%s: Get param data not copied! get_param array size %zd, index %d, params array size %zd, index %d\n",
-+		__func__, ARRAY_SIZE(adm_get_parameters),
-+		(1+adm_get_parameters[0]),
-+		params_length/sizeof(int),
-+		adm_get_parameters[0]);
- 	}
- 	rc = 0;
- adm_get_param_return:
-@@ -799,17 +808,18 @@
- 					data->payload_size))
- 				break;
- 
--			if (payload[0] == 0) {
--				if (data->payload_size >
--				    (4 * sizeof(uint32_t))) {
--					adm_get_parameters[0] = payload[3];
-+			if ((payload[0] == 0) &&
-+			    (data->payload_size > (4 * sizeof(*payload))) &&
-+			    (data->payload_size/sizeof(*payload)-4 >= payload[3]) &&
-+			    (ARRAY_SIZE(adm_get_parameters) > 0) &&
-+			    (ARRAY_SIZE(adm_get_parameters)-1 >= payload[3])) {
-+			                adm_get_parameters[0] = payload[3];
- 					pr_debug("GET_PP PARAM:received parameter length: 0x%x\n",
- 						adm_get_parameters[0]);
- 					/* storing param size then params */
- 					for (i = 0; i < payload[3]; i++)
- 						adm_get_parameters[1+i] =
- 								payload[4+i];
--				}
- 			} else {
- 				adm_get_parameters[0] = -1;
- 				pr_err("%s: GET_PP_PARAMS failed, setting size to %d\n",
-
\ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-2468/ANY/1.patch.base64 b/Patches/Linux_CVEs-New/CVE-2016-2468/ANY/1.patch.base64 deleted file mode 100644 index 48820bcb..00000000 --- a/Patches/Linux_CVEs-New/CVE-2016-2468/ANY/1.patch.base64 +++ /dev/null @@ -1,37 +0,0 @@ -Diff - eb6cc9d4af6791d4d34075e3fa08f0c858087a8c^! - kernel/msm.git - Git at Google
Google Git
Sign in
android / kernel / msm.git / eb6cc9d4af6791d4d34075e3fa08f0c858087a8c^! / .
commiteb6cc9d4af6791d4d34075e3fa08f0c858087a8c[log] [tgz]
authorRajesh Kemisetti <rajeshk@codeaurora.org>Tue Apr 19 15:42:12 2016 -0700
committerYuan Lin <yualin@google.com>Tue Apr 19 22:46:09 2016 +0000
treee573a8e6012cf35a0adc0983182fa3b007645d98
parent4029268991f478b98b6d37106af8f1f635c0b595 [diff]
msm: kgsl: Add missing checks for alloc size and sglen
-
-In _kgsl_sharedmem_page_alloc():
-
-- Make len of type size_t to be in line with size.
-- Check for boundary limits of requested alloc size before honoring.
-- Make sure sglen is greater than zero before marking it as end
-of sg list.
-
-Bug: 27475454
-Change-Id: I5b2e6f657f532fc256627cb6b2ab3ca01938a11b
-Signed-off-by: Yuan Lin <yualin@google.com>
-
diff --git a/drivers/gpu/msm/kgsl_sharedmem.c b/drivers/gpu/msm/kgsl_sharedmem.c
-index 29f6162..a138719 100644
---- a/drivers/gpu/msm/kgsl_sharedmem.c
-+++ b/drivers/gpu/msm/kgsl_sharedmem.c
-
@@ -592,13 +592,18 @@
- 			size_t size)
- {
- 	int pcount = 0, order, ret = 0;
--	int j, len, page_size, sglen_alloc, sglen = 0;
-+	int j, page_size, sglen_alloc, sglen = 0;
- 	struct page **pages = NULL;
- 	pgprot_t page_prot = pgprot_writecombine(PAGE_KERNEL);
- 	void *ptr;
-+	size_t len;
- 	unsigned int align;
- 	int step = SZ_2M >> PAGE_SHIFT;
- 
-+	size = PAGE_ALIGN(size);
-+	if (size == 0 || size > UINT_MAX)
-+		return -EINVAL;
-+
- 	align = (memdesc->flags & KGSL_MEMALIGN_MASK) >> KGSL_MEMALIGN_SHIFT;
- 
- 	page_size = (align >= ilog2(SZ_64K) && size >= SZ_64K)
-
\ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-2469/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2016-2469/ANY/0.patch.base64 deleted file mode 100644 index aa72d364..00000000 --- a/Patches/Linux_CVEs-New/CVE-2016-2469/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSBmM2U3ZWU2ZDlmNWFhOTc4ZDQ1ZTg0YTA2NDA2MWZjODJkZjMxNTY4CnBhcmVudCA5OTk2N2Y1ZGVkOGEzMTMzZDFmM2FiNmQ2NmM0YjI3MDM0MTAzYzdmCmF1dGhvciB2aXZlayBtZWh0YSA8bXZpdmVrQGNvZGVhdXJvcmEub3JnPiAxNDYwNTg0NDQ4IC0wNzAwCmNvbW1pdHRlciBZdWFuIExpbiA8eXVhbGluQGdvb2dsZS5jb20+IDE0NjA3Njc2MzYgLTA3MDAKCkFTb0M6IG1zbTogZGlzYWJsZSB1bndhbnRlZCBtb2R1bGUKCi0gZGlzYWJsZSBjb21waWxhdGlvbiBvZiB1bndhbnRlZCBtb2R1bGVzCgpCdWc6IDI3NTMxOTkyCkNoYW5nZS1JZDogSTlkZjRlZmQ4OTkwMzJmYjkyMTlhMjg2ZmU0NjlkN2IyZjQ3NjY4NmYKU2lnbmVkLW9mZi1ieTogdml2ZWsgbWVodGEgPG12aXZla0Bjb2RlYXVyb3JhLm9yZz4K \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-2474/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2016-2474/ANY/0.patch.base64 deleted file mode 100644 index 947044c5..00000000 --- a/Patches/Linux_CVEs-New/CVE-2016-2474/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSBmMTE4YzIzODJmNGE0YjE3YjdkNzRlNTAxZTVjOTJjZWQwNzM2MzA0CnBhcmVudCAzNWMzYjc1ZWQyNmUyNDhjNjBmNjQ5MTc1NWFhY2Y2OWIyZWY4NmE0CmF1dGhvciBUaGllcnJ5IFN0cnVkZWwgPHRzdHJ1ZGVsQGdvb2dsZS5jb20+IDE0NjA1NjY5NTUgLTA3MDAKY29tbWl0dGVyIFRoaWVycnkgU3RydWRlbCA8dHN0cnVkZWxAZ29vZ2xlLmNvbT4gMTQ2MDY3MjYyNiAtMDcwMAoKcWNhY2xkLTIuMDogRml4IGJ1ZmZlciBvdmVyd3JpdGUgcHJvYmxlbSBpbiBDQ1hCRUFDT05SRVEKClNldCB0aGUgbnVtYmVyIG9mIElFIGZpZWxkcyB0byBtaW5pbXVtIG9mIGlucHV0IGRhdGEgYW5kClNJUl9FU0VfTUFYX01FQVNfSUVfUkVRUy4KCkNoYW5nZS1JZDogSWU1M2NmZWM3ODcyYWI2OTUzMGJiYjg5MzJmOWY5ZTg1ZmIzMTlmOTIKQ1JzLUZpeGVkOiA5OTM1NjEKQnVnOiAyNzQyNDYwMwpTaWduZWQtb2ZmLWJ5OiBTcmluaXZhcyBHaXJpZ293ZGEgPHNnaXJpZ293QGNvZGVhdXJvcmEub3JnPgpTaWduZWQtb2ZmLWJ5OiBUaGllcnJ5IFN0cnVkZWwgPHRzdHJ1ZGVsQGdvb2dsZS5jb20+Cg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-2475/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2016-2475/ANY/0.patch.base64 deleted file mode 100644 index 1b568891..00000000 --- a/Patches/Linux_CVEs-New/CVE-2016-2475/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSA4ZmJmNmFhNGQzMmE4ZTM3M2I4Njg4ZGUzNGZjMzAyMDdhOTY4MzEwCnBhcmVudCBhYzFkMzE4MTRhOTg1MzhiMDAwNTc4Nzc2MmJiMDYwNTFlNmM0ZTI1CmF1dGhvciBKZXJyeSBMZWUgPGplcnJ5bGVlQGJyb2FkY29tLmNvbT4gMTQ1ODc2ODgzMCAtMDcwMApjb21taXR0ZXIgTWFyayBTYWx5enluIDxzYWx5enluQGdvb2dsZS5jb20+IDE0NTk3OTc0OTEgKzAwMDAKCm5ldDogd2lyZWxlc3M6IGJjbWRoZDogY2hlY2sgcHJpdmlsZWdlIG9uIHByaXYgY21kCgooY2hlcnJ5IHBpY2sgZnJvbSBjb21taXQgN2I0YmQ2ZTQxZWQ1MTRkZGRmOWU0MDM0NzJiMWZiNmY4MDhkM2Y0YikKCmNoZWNrIG5ldCBhZG1pbiBjYXBhYmlsaXR5IGZvciBpb2N0bCBjYWxscwoKU2lnbmVkLW9mZi1ieTogSmVycnkgTGVlIDxqZXJyeWxlZUBicm9hZGNvbS5jb20+CkJ1ZzogMjY0MjU3NjUKQnVnOiAyNzk5NzA3NQpDaGFuZ2UtSWQ6IElhZTFiNTNhYTYyZmRjMjQ1MzBiYjFiODVjYjY5NzQwYzg3ZDE4MmU5Cg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-3809/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2016-3809/ANY/0.patch.base64 deleted file mode 100644 index b217b30a..00000000 --- a/Patches/Linux_CVEs-New/CVE-2016-3809/ANY/0.patch.base64 +++ /dev/null @@ -1,20 +0,0 @@ -Diff - f2152040cb3c13fa846914df1ad44a8a7fd2e935^! - kernel/msm - Git at Google
Google Git
Sign in
android / kernel / msm / f2152040cb3c13fa846914df1ad44a8a7fd2e935^! / .
commitf2152040cb3c13fa846914df1ad44a8a7fd2e935[log] [tgz]
authorMohamad Ayyash <mkayyash@google.com>Tue May 24 15:44:24 2016 -0700
committerPatrick Tjin <pattjin@google.com>Wed Jun 08 09:40:11 2016 -0700
tree94cdf0453986ab2673284370ede95824fff017f9
parent4641bdfd4961b71547571a20e664f4831715b651 [diff]
Don't show empty tag stats for unprivileged uids
-
-BUG: 27577101
-BUG: 27532522
-Change-Id: I890831a72e5ad4485fdf30e51a146712b18052ed
-Signed-off-by: Mohamad Ayyash <mkayyash@google.com
-
diff --git a/net/netfilter/xt_qtaguid.c b/net/netfilter/xt_qtaguid.c
-index c690e0f..9ce6228 100644
---- a/net/netfilter/xt_qtaguid.c
-+++ b/net/netfilter/xt_qtaguid.c
-
@@ -2521,7 +2521,7 @@
- 	uid_t stat_uid = get_uid_from_tag(tag);
- 	struct proc_print_info *ppi = m->private;
- 	/* Detailed tags are not available to everybody */
--	if (get_atag_from_tag(tag) && !can_read_other_uid_stats(stat_uid)) {
-+	if (!can_read_other_uid_stats(stat_uid)) {
- 		CT_DEBUG("qtaguid: stats line: "
- 			 "%s 0x%llx %u: insufficient priv "
- 			 "from pid=%u tgid=%u uid=%u stats.gid=%u\n",
-
\ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-7917/3.18/1.patch.base64 b/Patches/Linux_CVEs-New/CVE-2016-7917/3.18/1.patch.base64 deleted file mode 100644 index 42bbb467..00000000 --- a/Patches/Linux_CVEs-New/CVE-2016-7917/3.18/1.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSBkNjgwZmM2NWNhN2M2NTA0NzdiNmNkNjRlNjI4ZjUwNWNhZTY4OWVmCnBhcmVudCAzODk3MWZmZWMyNWIyZGVlZjEzNDNhZmJlMzk0NzMzY2JmZDNjNTA3CmF1dGhvciBQaGlsIFR1cm5idWxsIDxwaGlsLnR1cm5idWxsQG9yYWNsZS5jb20+IDE0NTQ0MzgyMDUgLTA1MDAKY29tbWl0dGVyIFBhdCBUamluIDxwYXR0amluQGdvb2dsZS5jb20+IDE0NzQxMDA5ODQgKzAwMDAKCkJBQ0tQT1JUOiBuZXRmaWx0ZXI6IG5mbmV0bGluazogY29ycmVjdGx5IHZhbGlkYXRlIGxlbmd0aCBvZiBiYXRjaCBtZXNzYWdlcwoKKGNoZXJyeSBwaWNrZWQgZnJvbSBjb21taXQgYzU4ZDZjOTM2ODBmMjhhYzU4OTg0YWY2MWQwYTdlYmY0MzE5YzI0MSkKCklmIG5saC0+bmxtc2dfbGVuIGlzIHplcm8gdGhlbiBhbiBpbmZpbml0ZSBsb29wIGlzIHRyaWdnZXJlZCBiZWNhdXNlCidza2JfcHVsbChza2IsIG1zZ2xlbik7JyBwdWxscyB6ZXJvIGJ5dGVzLgoKVGhlIGNhbGN1bGF0aW9uIGluIG5sbXNnX2xlbigpIHVuZGVyZmxvd3MgaWYgJ25saC0+bmxtc2dfbGVuIDwKTkxNU0dfSERSTEVOJyB3aGljaCBieXBhc3NlcyB0aGUgbGVuZ3RoIHZhbGlkYXRpb24gYW5kIHdpbGwgbGF0ZXIKdHJpZ2dlciBhbiBvdXQtb2YtYm91bmQgcmVhZC4KCklmIHRoZSBsZW5ndGggdmFsaWRhdGlvbiBkb2VzIGZhaWwgdGhlbiB0aGUgbWFsZm9ybWVkIGJhdGNoIG1lc3NhZ2UgaXMKY29waWVkIGJhY2sgdG8gdXNlcnNwYWNlLiBIb3dldmVyLCB3ZSBjYW5ub3QgZG8gdGhpcyBiZWNhdXNlIHRoZQpubGgtPm5sbXNnX2xlbiBjYW4gYmUgaW52YWxpZC4gVGhpcyBsZWFkcyB0byBhbiBvdXQtb2YtYm91bmRzIHJlYWQgaW4KbmV0bGlua19hY2s6CgogICAgWyAgIDQxLjQ1NTQyMV0gPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09CiAgICBbICAgNDEuNDU2NDMxXSBCVUc6IEtBU0FOOiBzbGFiLW91dC1vZi1ib3VuZHMgaW4gbWVtY3B5KzB4MWQvMHg0MCBhdCBhZGRyIGZmZmY4ODAxMTllNzkzNDAKICAgIFsgICA0MS40NTY0MzFdIFJlYWQgb2Ygc2l6ZSA0Mjk0OTY3MjgwIGJ5IHRhc2sgYS5vdXQvOTg3CiAgICBbICAgNDEuNDU2NDMxXSA9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQogICAgWyAgIDQxLjQ1NjQzMV0gQlVHIGttYWxsb2MtNTEyIChOb3QgdGFpbnRlZCk6IGthc2FuOiBiYWQgYWNjZXNzIGRldGVjdGVkCiAgICBbICAgNDEuNDU2NDMxXSAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQogICAgLi4uCiAgICBbICAgNDEuNDU2NDMxXSBCeXRlcyBiNCBmZmZmODgwMTE5ZTc5MzEwOiAwMCAwMCAwMCAwMCBkNSAwMyAwMCAwMCBiMCBmYiBmZSBmZiAwMCAwMCAwMCAwMCAgLi4uLi4uLi4uLi4uLi4uLgogICAgWyAgIDQxLjQ1NjQzMV0gT2JqZWN0IGZmZmY4ODAxMTllNzkzMjA6IDIwIDAwIDAwIDAwIDEwIDAwIDA1IDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwICAgLi4uLi4uLi4uLi4uLi4uCiAgICBbICAgNDEuNDU2NDMxXSBPYmplY3QgZmZmZjg4MDExOWU3OTMzMDogMTQgMDAgMGEgMDAgMDEgMDMgZmMgNDAgNDUgNTYgMTEgMjIgMzMgMTAgMDAgMDUgIC4uLi4uLi5ARVYuIjMuLi4KICAgIFsgICA0MS40NTY0MzFdIE9iamVjdCBmZmZmODgwMTE5ZTc5MzQwOiBmMCBmZiBmZiBmZiA4OCA5OSBhYSBiYiAwMCAxNCAwMCAwYSAwMCAwNiBmZSBmYiAgLi4uLi4uLi4uLi4uLi4uLgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIF5eIHN0YXJ0IG9mIGJhdGNoIG5sbXNnIHdpdGgKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubG1zZ19sZW49NDI5NDk2NzI4MAogICAgLi4uCiAgICBbICAgNDEuNDU2NDMxXSBNZW1vcnkgc3RhdGUgYXJvdW5kIHRoZSBidWdneSBhZGRyZXNzOgogICAgWyAgIDQxLjQ1NjQzMV0gIGZmZmY4ODAxMTllNzk0MDA6IDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwCiAgICBbICAgNDEuNDU2NDMxXSAgZmZmZjg4MDExOWU3OTQ4MDogMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAKICAgIFsgICA0MS40NTY0MzFdID5mZmZmODgwMTE5ZTc5NTAwOiAwMCAwMCAwMCAwMCBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYwogICAgWyAgIDQxLjQ1NjQzMV0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIF4KICAgIFsgICA0MS40NTY0MzFdICBmZmZmODgwMTE5ZTc5NTgwOiBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYyBmYwogICAgWyAgIDQxLjQ1NjQzMV0gIGZmZmY4ODAxMTllNzk2MDA6IGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZiIGZiIGZiIGZiIGZiIGZiCiAgICBbICAgNDEuNDU2NDMxXSA9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KCkZpeCB0aGlzIHdpdGggYmV0dGVyIHZhbGlkYXRpb24gb2YgbmxoLT5ubG1zZ19sZW4gYW5kIGJ5IHNldHRpbmcKTkZOTF9CQVRDSF9GQUlMVVJFIGlmIGFueSBiYXRjaCBtZXNzYWdlIGZhaWxzIGxlbmd0aCB2YWxpZGF0aW9uLgoKQ0FQX05FVF9BRE1JTiBpcyByZXF1aXJlZCB0byB0cmlnZ2VyIHRoZSBidWdzLgoKRml4ZXM6IDllYTJhYThiN2RiYSAoIm5ldGZpbHRlcjogbmZuZXRsaW5rOiB2YWxpZGF0ZSBuZm5ldGxpbmsgaGVhZGVyIGZyb20gYmF0Y2giKQpTaWduZWQtb2ZmLWJ5OiBQaGlsIFR1cm5idWxsIDxwaGlsLnR1cm5idWxsQG9yYWNsZS5jb20+ClNpZ25lZC1vZmYtYnk6IFBhYmxvIE5laXJhIEF5dXNvIDxwYWJsb0BuZXRmaWx0ZXIub3JnPgpDaGFuZ2UtSWQ6IElkM2UxNWM0MGNiNDY0YmYyNzkxYWY5MDdjMjM1ZDhhMzE2YjI0NDljCkJ1ZzogMzA5NDcwNTUK \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-8403/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2016-8403/ANY/0.patch.base64 deleted file mode 100644 index 28804313..00000000 --- a/Patches/Linux_CVEs-New/CVE-2016-8403/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSA2Y2VjNDE4MGU1ODIxMjA5ZDRlMDk4ODljMzFmZjg2Yjk1MjgxOTE0CnBhcmVudCBjOTNmZWIxM2NkMjBmNWIwZjE5ZDUzYzUyNmJiM2Q4ZTA1ZjYxY2ExCmF1dGhvciBNaW4gQ2hvbmcgPG1jaG9uZ0Bnb29nbGUuY29tPiAxNDc2MjMxMTIwIC0wNzAwCmNvbW1pdHRlciBNYXJrIFNhbHl6eW4gPHNhbHl6eW5AZ29vZ2xlLmNvbT4gMTQ3NjI4Mjc1MyArMDAwMAoKdXNiOiBkaWFnOiBjaGFuZ2UgJXAgdG8gJXBLIGluIGRlYnVnIG1lc3NhZ2VzCgpUaGUgZm9ybWF0IHNwZWNpZmllciAlcCBjYW4gbGVhayBrZXJuZWwgYWRkcmVzc2VzCndoaWxlIG5vdCB2YWx1aW5nIHRoZSBrcHRyX3Jlc3RyaWN0IHN5c3RlbSBzZXR0aW5ncy4KVXNlICVwSyBpbnN0ZWFkIG9mICVwLCB3aGljaCBhbHNvIGV2YWx1YXRlcyB3aGV0aGVyCmtwdHJfcmVzdHJpY3QgaXMgc2V0LgoKQnVnOiAzMTQ5NTM0OApDaGFuZ2UtSWQ6IEk3MzkyYzJiNDQ0Nzk0MjM0ZWJkNjg1NzM1NTY2ZTdiNGZhMDljNDA5ClNpZ25lZC1vZmYtYnk6IE1pbiBDaG9uZyA8bWNob25nQGdvb2dsZS5jb20+CihjaGVycnkgcGlja2VkIGZyb20gY29tbWl0IGQ4OGNkYWRjNjJhMmIwMDMyZDM4MDc2MzQ4NGE5M2QzZDhlZWI1YjMpCg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-8464/3.18/1.patch.base64 b/Patches/Linux_CVEs-New/CVE-2016-8464/3.18/1.patch.base64 deleted file mode 100644 index 2bf25de0..00000000 --- a/Patches/Linux_CVEs-New/CVE-2016-8464/3.18/1.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSBjYmEyNTg1MTJjZGYyZTQ2NjU0YzQzMWRjYTE3NWQ0ZjZiNmI0Nzc3CnBhcmVudCBlNzU0M2RlZDFmMzUwZjVmZjhiY2YyM2MxMzQwNjg3MGJhOTAyMDI4CmF1dGhvciBJbnN1biBTb25nIDxpbnN1bi5zb25nQGJyb2FkY29tLmNvbT4gMTQ3NzQyNzU5OCAtMDcwMApjb21taXR0ZXIgQWRyaWFuIFNhbGlkbyA8c2FsaWRvYUBnb29nbGUuY29tPiAxNDc5MTYzNzcyIC0wODAwCgpuZXQ6IHdpcmVsZXNzOiBiY21kaGQ6IGZpeCBidWZmZXIgb3ZlcnJ1biBpbiBwcml2YXRlIGNvbW1hbmQgcGF0aAoKYnVmZmVyIG92ZXJydW4gY2FzZSBmb3VuZCB3aGVuIGxlbmd0aCBwYXJhbWV0ZXIgbWFuaXB1bGF0ZWQuCgoxLiBpZiBpbnB1dCBwYXJhbWV0ZXIgYnVmZmVyIGxlbmd0aCBpcyBsZXNzIHRoYW4gNGssCnRoZW4gYWxsb2NhdGUgNGsgYnkgZGVmYXVsdC4gSXQgaGVscCB0byBnZXQgZW5vdWdoIG1hcmdpbgpmb3Igb3V0cHV0IHN0cmluZyBvdmVyd3JpdHRlbi4KCjIuIGFkZGVkIGFkZGl0aW9uYWwgbGVuZ3RoIGNoZWNrIG5vdCB0byBvdmVycmlkZSB1c2VyIHNwYWNlCmFsbG9jYXRlZCBidWZmZXIgc2l6ZS4KClNpZ25lZC1vZmYtYnk6IEluc3VuIFNvbmcgPGluc3VuLnNvbmdAYnJvYWRjb20uY29tPgpCdWc6IDI5MDAwMTgzCkNoYW5nZS1JZDogSTBjMTVkNzY0YzE2NDg5MjBmMDIxNGVjNDdhZGE2ODljYTQ0ZWJmYmEK \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0452/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-0452/ANY/0.patch.base64 deleted file mode 100644 index a43d033a..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-0452/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSA3MGMzOTAzMTg2MjczYTk4YjMzZTIyNmE0ODZhNjQ2ZmQzOWRjMmRjCnBhcmVudCBkNzkwYTE4Mzg1MGVhMWQ3NjNiNzM0YWRmY2VhZGNhODgwYmZjNzE5CmF1dGhvciBBcmllbCBZaW4gPGF5aW5AZ29vZ2xlLmNvbT4gMTQ4NDM0NDczNiAtMDgwMApjb21taXR0ZXIgQXJpZWwgWWluIDxheWluQGdvb2dsZS5jb20+IDE0ODQ3NzczMTUgKzAwMDAKCm1zbTogdmlkYzogV0FSTl9PTigpIHJldmVhbHMgZnVjdGlvbiBhZGRyZXNzZXMKClRoZXJlIGlzIGEgc2VjdXJpdHkgdnVsbmVyYWJpbGl0eSB3aGVyZSBmdW5jdGlvbiBhZGRyZXNzZXMgYXJlCnByaW50ZWQgaW4ga2VybmVsIG1lc3NhZ2UgaWYgV0FSTl9PTigpIGlzIGludm9rZWQgaW1wbGljaXRseS4KV0FSTl9PTigpIGNhbGwgaXMgbWFkZSBleHBsaWNpdCB0byBhdm9pZCB0aGlzIGlzc3VlLgoKQnVnOiAzMjg3MzYxNQpDUnMtRml4ZWQ6IDEwOTM2OTMKQ2hhbmdlLUlkOiBJZjc1NTgxODAzYWRmNjJjYjliZGEzNzg0YWQxZDRmNDA4OGUwZDc5NwpTaWduZWQtb2ZmLWJ5OiBTYW5qYXkgU2luZ2ggPHNpc2FuakBjb2RlYXVyb3JhLm9yZz4KU2lnbmVkLW9mZi1ieTogQmlzd2FqaXQgUGF1bCA8Ymlzd2FqaXRwYXVsQGNvZGVhdXJvcmEub3JnPgo= \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0460/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-0460/ANY/0.patch.base64 deleted file mode 100644 index 821f7b10..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-0460/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSA3OWU0MGI2ZTIxMjc1M2VhZThiN2M0NjhhMWQ4OTM2ZDEwMTRhZWU0CnBhcmVudCBmM2I0MTA3NmZmMzQwNmE1MGM1NThmNzllMjE4MDc1OWIwMWMzZWMwCmF1dGhvciBTdWJhc2ggQWJoaW5vdiBLYXNpdmlzd2FuYXRoYW4gPHN1YmFzaGFiQGNvZGVhdXJvcmEub3JnPiAxNDg0Mjg0MTU2IC0wNzAwCmNvbW1pdHRlciBBcmllbCBZaW4gPGF5aW5AZ29vZ2xlLmNvbT4gMTQ4NDc3Nzc2NyArMDAwMAoKbmV0OiBybW5ldF9kYXRhOiBGaXggaW5jb3JyZWN0IG5ldGxpbmsgaGFuZGxpbmcKCnJtbmV0X2RhdGEgbmV0bGluayBoYW5kbGVyIGN1cnJlbnRseSBkb2VzIG5vdCBjaGVjayBmb3IgdGhlCmluY29taW5nIHByb2Nlc3MgcGlkIGFuZCBpbnN0ZWFkIGp1c3QgbG9vcHMgYmFjayB0aGUgcGlkLgpBIG1hbGljaW91cyByb290IHVzZXIgY291bGQgcG90ZW50aWFsbHkgc2VuZCBhIG1lc3NhZ2Ugd2l0aApzb3VyY2UgcGlkIDAgYW5kIHRoaXMgY291bGQgY2F1c2Ugcm1uZXRfZGF0YSB0byBsb29wIHRoZSBtZXNzYWdlCmJhY2sgdGlsbCBhbiBvdXQgb2YgbWVtb3J5IHNpdHVhdGlvbiBvY2N1cnMuCgpybW5ldF9kYXRhIGFsc28gZG9lcyBub3QgY2hlY2sgZm9yIHRoZSBtZXNzYWdlIGxlbmd0aCBvZiB0aGUKaW5jb21pbmcgbmV0bGluayBtZXNzYWdlcyBhbmQgaW5zdGVhZCBjYXN0cyB0aGUgbmV0bGluayBtZXNzYWdlCndpdGhvdXQgY2hlY2tpbmcgZm9yIHRoZSBib3VuZGFyeS4KCkZpeCB0aGVzZSB0d28gc2NlbmFyaW9zIGJ5IGFkZGluZyB0aGUgcGlkIGFuZCBtZXNzYWdlIGxlbmd0aCBjaGVja3MKcmVzcGVjdGl2ZWx5LgoKQnVnOiAzMTI1Mjk2NQpDUnMtRml4ZWQ6IDEwOTg4MDEKQ2hhbmdlLUlkOiBJMTcyYzFhNzExMmU2N2U4Mjk1OWIzOTdhZjdkZGZkOTYzZDgxOWJkYwpTaWduZWQtb2ZmLWJ5OiBTdWJhc2ggQWJoaW5vdiBLYXNpdmlzd2FuYXRoYW4gPHN1YmFzaGFiQGNvZGVhdXJvcmEub3JnPgo= \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0507/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-0507/ANY/0.patch.base64 deleted file mode 100644 index 4e970fe2..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-0507/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSA2ZGI4YjkxOTE3NGM5NDk3YjZlZTk4YzdlYzYwZDQyM2E2MDU1ODlmCnBhcmVudCA0ZjliMTA4NWVjOTJjMzIxNjY2ZTBmMjk5MmZmYjQ0MjRhM2E2NjE1CmF1dGhvciBBcmllbCBZaW4gPGF5aW5AZ29vZ2xlLmNvbT4gMTQ4NDM0ODc1NCAtMDgwMApjb21taXR0ZXIgQXJpZWwgWWluIDxheWluQGdvb2dsZS5jb20+IDE0ODQ3Nzc1ODYgKzAwMDAKCkFORFJPSUQ6IGlvbjogY2hlY2sgZm9yIGtyZWYgb3ZlcmZsb3cKClVzZXJzcGFjZSBjYW4gY2F1c2UgdGhlIGtyZWYgdG8gaGFuZGxlcyB0byBpbmNyZW1lbnQKYXJiaXRyYXJpbHkgaGlnaC4gRW5zdXJlIGl0IGRvZXMgbm90IG92ZXJmbG93LgoKU2lnbmVkLW9mZi1ieTogRGFuaWVsIFJvc2VuYmVyZyA8ZHJvc2VuQGdvb2dsZS5jb20+CgpCdWc6IDMxOTkyMzgyClRlc3Q6IFNlZSBidWcgZm9yIHBvYwpDaGFuZ2UtSWQ6IEk2YmZmMWRmMzg1NzQyYjFkODM2ZDQzMTgwZGM4N2ZhZGNlYTgwNzgyCg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0510/ANY/2.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-0510/ANY/2.patch.base64 deleted file mode 100644 index 2df29b3b..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-0510/ANY/2.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSA3OTZhNDYzM2E1MTNkNDY1NTJhYTcyODczMTgwYzFhNDk0YjM0ZGJjCnBhcmVudCBmYjJlNmNmNTQ5ZGNiZGNjMTBmOWMzMTE1YmE1MTIzYmRkNWEzMDdlCmF1dGhvciBNYXJrIFNhbHl6eW4gPHNhbHl6eW5AZ29vZ2xlLmNvbT4gMTQ4MjI3ODM1OSAtMDgwMApjb21taXR0ZXIgTWFyayBTYWx5enluIDxzYWx5enluQGdvb2dsZS5jb20+IDE0ODM2Mzc1MTYgKzAwMDAKCmFuZHJvaWQ6IGZpcV9kZWJ1Z2dlcjogcmVzdHJpY3QgYWNjZXNzIHRvIGNyaXRpY2FsIGNvbW1hbmRzLgoKU3lzcnEgbXVzdCBiZSBlbmFibGVkIHZpYSAvcHJvYy9zeXMva2VybmVsL3N5c3JxIGFzIGEgc2VjdXJpdHkKbWVhc3VyZSB0byBlbmFibGUgdmFyaW91cyBjcml0aWNhbCBmaXEgZGVidWdnZXIgY29tbWFuZHMgdGhhdAplaXRoZXIgbGVhayBpbmZvcm1hdGlvbiBvciBjYW4gYmUgdXNlZCBhcyBhIHN5c3RlbSBhdHRhY2suCgpEZWZhdWx0IGRpc2FibGVkLCB0aGlzIHdpbGwgbGVhdmUgdGhlIHJlYm9vdCwgcmVzZXQsIGlycXMsIHNsZWVwLApub3NsZWVwLCBjb25zb2xlIGFuZCBwcyBjb21tYW5kcy4gIFJlYm9vdCBhbmQgcmVzZXQgY29tbWFuZHMKd2lsbCBiZSByZXN0cmljdGVkIGZyb20gdGFraW5nIGFueSBwYXJhbWV0ZXJzLiAgV2Ugd2lsbCBhbHNvCnN3aXRjaCB0byBzaG93aW5nIHRoZSBsaW1pdGVkIGNvbW1hbmQgc2V0IGluIHRoaXMgbW9kZS4KClNpZ25lZC1vZmYtYnk6IE1hcmsgU2FseXp5biA8c2FseXp5bkBnb29nbGUuY29tPgpCdWc6IDMyNDAyNTU1CkNoYW5nZS1JZDogSTNmNzRiMWZmNWU0OTcxZDYxOWJjYjM3YTkxMWZlZDY4ZmJiNTM4ZDUKKGNoZXJyeSBwaWNrZWQgZnJvbSBjb21taXQgMTAzMTgzNmMwODk1ZjFmNWEwNWMyNWVmZWM4M2JmYTExYWEwOGNhOSkK \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0535/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-0535/ANY/0.patch.base64 deleted file mode 100644 index 20c38124..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-0535/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSA1NzUzZjRlNzc0MjRjOThlYWRjMzA3M2ZmZWZlYjI4ZGU1ODdhYjkyCnBhcmVudCAzN2UzYmJlODgxMDcwOWM4NDkyMWU3YTg0NGEwMThiZGMzYzM1NDMwCmF1dGhvciBNYXJrIFNhbHl6eW4gPHNhbHl6eW5AZ29vZ2xlLmNvbT4gMTQ4Mjg2MDI3NiAtMDgwMApjb21taXR0ZXIgTWFyayBTYWx5enluIDxzYWx5enluQGdvb2dsZS5jb20+IDE0ODM2MzE2NzQgKzAwMDAKCnJ0NTUwNjogbGltaXQgc2V0IG1vZGUgY2FsbCB0byBNQVhfUkVHX0RBVEEKClNpZ25lZC1vZmYtYnk6IE5hdGhhbiBDcmFuZGFsbCA8bmF0aGFuY3JhbmRhbGwxQGdtYWlsLmNvbT4KQnVnOiAzMzU0NzI0NwpDaGFuZ2UtSWQ6IEk0ZTQ2NjMxNjVmZDIxMzA3MzU2NTJkZDVjZjUzZDgwMTQyN2YwYjJlCihjaGVycnkgcGlja2VkIGZyb20gY29tbWl0IDJmYjNlMDMwYmJkZGE5OGUxMzQ4MWY2ZDgyNGNiYjU5ZGNlYzJmZjEpCg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0564/3.10/1.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-0564/3.10/1.patch.base64 deleted file mode 100644 index e80715cd..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-0564/3.10/1.patch.base64 +++ /dev/null @@ -1,152 +0,0 @@ -Diff - 51e09571eef7a6a36c238130575fc11b291afff3^! - kernel/msm.git - Git at Google
Google Git
Sign in
android / kernel / msm.git / 51e09571eef7a6a36c238130575fc11b291afff3^! / .
commit51e09571eef7a6a36c238130575fc11b291afff3[log] [tgz]
authorNick Desaulniers <ndesaulniers@google.com>Fri Feb 10 10:54:56 2017 -0800
committerJohn Dias <joaodias@google.com>Wed Feb 15 20:53:36 2017 +0000
treed8ba7e3a5de3bd46ca42b0fa541e087dc5a20426
parent3f41af6608b7ed506d3982b57cf34c70ff098f09 [diff]
ANDROID: ion: Protect kref from userspace manipulation
-
-This separates the kref for ion handles into two components.
-Userspace requests through the ioctl will hold at most one
-reference to the internally used kref. All additional requests
-will increment a separate counter, and the original reference is
-only put once that counter hits 0. This protects the kernel from
-a poorly behaving userspace.
-
-Bug: 34276203
-
-Change-Id: Ibc36bc4405788ed0fea7337b541cad3be2b934c0
-Signed-off-by: Daniel Rosenberg <drosen@google.com>
-
diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c
-index ee1c2f3..e99ea9a 100755
---- a/drivers/staging/android/ion/ion.c
-+++ b/drivers/staging/android/ion/ion.c
-
@@ -116,6 +116,7 @@
-  */
- struct ion_handle {
- 	struct kref ref;
-+	unsigned int user_ref_count;
- 	struct ion_client *client;
- 	struct ion_buffer *buffer;
- 	struct rb_node node;
-@@ -429,6 +430,50 @@
- 	return ret;
- }
- 
-+/* Must hold the client lock */
-+static void user_ion_handle_get(struct ion_handle *handle)
-+{
-+	if (handle->user_ref_count++ == 0) {
-+		kref_get(&handle->ref);
-+	}
-+}
-+
-+/* Must hold the client lock */
-+static struct ion_handle* user_ion_handle_get_check_overflow(struct ion_handle *handle)
-+{
-+	if (handle->user_ref_count + 1 == 0)
-+		return ERR_PTR(-EOVERFLOW);
-+	user_ion_handle_get(handle);
-+	return handle;
-+}
-+
-+/* passes a kref to the user ref count.
-+ * We know we're holding a kref to the object before and
-+ * after this call, so no need to reverify handle. */
-+static struct ion_handle* pass_to_user(struct ion_handle *handle)
-+{
-+	struct ion_client *client = handle->client;
-+	struct ion_handle *ret;
-+
-+	mutex_lock(&client->lock);
-+	ret = user_ion_handle_get_check_overflow(handle);
-+	ion_handle_put_nolock(handle);
-+	mutex_unlock(&client->lock);
-+	return ret;
-+}
-+
-+/* Must hold the client lock */
-+static int user_ion_handle_put_nolock(struct ion_handle *handle)
-+{
-+	int ret;
-+
-+	if (--handle->user_ref_count == 0) {
-+		ret = ion_handle_put_nolock(handle);
-+	}
-+
-+	return ret;
-+}
-+
- static struct ion_handle *ion_handle_lookup(struct ion_client *client,
- 					    struct ion_buffer *buffer)
- {
-@@ -645,6 +690,24 @@
- 	ion_handle_put_nolock(handle);
- }
- 
-+static void user_ion_free_nolock(struct ion_client *client, struct ion_handle *handle)
-+{
-+	bool valid_handle;
-+
-+	BUG_ON(client != handle->client);
-+
-+	valid_handle = ion_handle_validate(client, handle);
-+	if (!valid_handle) {
-+		WARN(1, "%s: invalid handle passed to free.\n", __func__);
-+		return;
-+	}
-+	if (!handle->user_ref_count > 0) {
-+		WARN(1, "%s: User does not have access!\n", __func__);
-+		return;
-+	}
-+	user_ion_handle_put_nolock(handle);
-+}
-+
- void ion_free(struct ion_client *client, struct ion_handle *handle)
- {
- 	BUG_ON(client != handle->client);
-@@ -1439,7 +1502,7 @@
- 						data.allocation.flags, true);
- 		if (IS_ERR(handle))
- 			return PTR_ERR(handle);
--
-+		pass_to_user(handle);
- 		data.allocation.handle = handle->id;
- 
- 		cleanup_handle = handle;
-@@ -1455,7 +1518,7 @@
- 			mutex_unlock(&client->lock);
- 			return PTR_ERR(handle);
- 		}
--		ion_free_nolock(client, handle);
-+		user_ion_free_nolock(client, handle);
- 		ion_handle_put_nolock(handle);
- 		mutex_unlock(&client->lock);
- 		break;
-@@ -1478,10 +1541,15 @@
- 	{
- 		struct ion_handle *handle;
- 		handle = ion_import_dma_buf(client, data.fd.fd);
--		if (IS_ERR(handle))
-+		if (IS_ERR(handle)) {
- 			ret = PTR_ERR(handle);
--		else
--			data.handle.handle = handle->id;
-+		} else {
-+			handle = pass_to_user(handle);
-+			if (IS_ERR(handle))
-+				ret = PTR_ERR(handle);
-+			else
-+				data.handle.handle = handle->id;
-+		}
- 		break;
- 	}
- 	case ION_IOC_SYNC:
-@@ -1518,8 +1586,10 @@
- 	if (dir & _IOC_READ) {
- 		if (copy_to_user((void __user *)arg, &data, _IOC_SIZE(cmd))) {
- 			if (cleanup_handle) {
--				ion_free(client, cleanup_handle);
--				ion_handle_put(cleanup_handle);
-+				mutex_lock(&client->lock);
-+				user_ion_free_nolock(client, cleanup_handle);
-+				ion_handle_put_nolock(cleanup_handle);
-+				mutex_unlock(&client->lock);
- 			}
- 			return -EFAULT;
- 		}
-
\ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0648/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-0648/ANY/0.patch.base64 deleted file mode 100644 index ea1649fe..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-0648/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSBhMzEwMTdjMTdlMDgxMDNlMTQzZTUxZTZjZjVjMzgyYTI0MjM4ZTM5CnBhcmVudCAwYTIxOTllN2ZmNGUwY2EwYmZkODI2MWIwNGQ1ZTg5ZDE5MzAyNjA2CmF1dGhvciBNYXJrIFNhbHl6eW4gPHNhbHl6eW5AZ29vZ2xlLmNvbT4gMTQ5MDY0OTQyMCAtMDcwMApjb21taXR0ZXIgTWFyayBTYWx5enluIDxzYWx5enluQGdvb2dsZS5jb20+IDE0OTA3MjA1ODkgKzAwMDAKCmZsb3VuZGVyOiBGSVEgYW5kIHN5c3JxIGRlZmF1bHQgZGVhdXRob3JpemVkCgooY2hlcnJ5IHBpY2tlZCBmcm9tIGNvbW1pdCBjNjM4OWIxMWFlNzc5ZDlmMzYwZDJjNjU1NTAzN2UxZDczYzBmZTFiKQoKU2lnbmVkLW9mZi1ieTogTWFyayBTYWx5enluIDxzYWx5enluQGdvb2dsZS5jb20+CkJ1ZzogMzYxMDEyMjAKQ2hhbmdlLUlkOiBJOWYwYWU5YTllMzgyOGRlZGY0YjkzM2JmMWQ3NTJjOTg3NzdjZmE5MQo= \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0651/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-0651/ANY/0.patch.base64 deleted file mode 100644 index 95d72079..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-0651/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSAyOTVhYWMwMTUxMmI4MjVkNTU4Yjc3NTZiZWQyNmM0NWEwZGY5ZjU1CnBhcmVudCA4ZDhiZmI5Mjg2ZTU3MjlmMjk1YjM4ODg5ZjY4ZDc0OWYyNmEyNmE1CmF1dGhvciBBZHJpYW4gU2FsaWRvIDxzYWxpZG9hQGdvb2dsZS5jb20+IDE0OTAwMzQ0NjQgLTA3MDAKY29tbWl0dGVyIEFkcmlhbiBTYWxpZG8gPHNhbGlkb2FAZ29vZ2xlLmNvbT4gMTQ5MDAzNDkzNSAtMDcwMAoKQU5EUk9JRDogaW9uOiBwcmV2ZW50IHN0YWNrIGxlYWsgaW4gZGVidWdmcyBmaWxlCgpBdm9pZCBsZWFraW5nIGNvbnRlbnRzIG9mIHN0YWNrIGJ5IGNsZWFyaW5nIGFueSBtZW1vcnkgY29udGVudHMgdGhhdCBhcmUKbm90IGV4cGxpY2l0bHkgd3JpdHRlbi4KClNpZ25lZC1vZmYtYnk6IEFkcmlhbiBTYWxpZG8gPHNhbGlkb2FAZ29vZ2xlLmNvbT4KQnVnOiAzNTY0NDgxNQpDaGFuZ2UtSWQ6IEk1ZDJkYWFmMDgwMjcwMDg4MjZlMGEyZjBiNmUyM2ZlYjNlZTgxN2ZlCg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0706/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-0706/ANY/0.patch.base64 deleted file mode 100644 index 1e8f2b72..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-0706/ANY/0.patch.base64 +++ /dev/null @@ -1,24 +0,0 @@ -Diff - 6a469209ac014b6d93f373e042500f6e8cd6a04a^! - kernel/msm - Git at Google
Google Git
Sign in
android / kernel / msm / 6a469209ac014b6d93f373e042500f6e8cd6a04a^! / .
commit6a469209ac014b6d93f373e042500f6e8cd6a04a[log] [tgz]
authorInsun Song <insun.song@broadcom.com>Wed May 03 16:20:41 2017 -0700
committerStuart Scott <stuartscott@google.com>Tue May 16 20:12:20 2017 +0000
tree4d3e208308055cf10fab20c863fa3adfdaadb6fc
parent6cda862834f58f5cba217f445c00bb83aaa8a32a [diff]
net: wireless: bcmdhd: adding boundary check in wl_cfg80211_mgmt_tx
-
-added boundary check for user-input parameter not to corrupt kernel
-memmory.
-
-Signed-off-by: Insun Song <insun.song@broadcom.com>
-Bug: 35195787
-Change-Id: Ia497feae5f502c9a650e50a39fd0620fa976d908
-
diff --git a/drivers/net/wireless/bcmdhd/wl_cfg80211.c b/drivers/net/wireless/bcmdhd/wl_cfg80211.c
-index 9081988..a73b030 100644
---- a/drivers/net/wireless/bcmdhd/wl_cfg80211.c
-+++ b/drivers/net/wireless/bcmdhd/wl_cfg80211.c
-
@@ -5830,6 +5830,10 @@
- 
- 	WL_DBG(("Enter \n"));
- 
-+	if (len > (ACTION_FRAME_SIZE + DOT11_MGMT_HDR_LEN)) {
-+		WL_ERR(("bad length:%zu\n", len));
-+		return BCME_BADARG;
-+	}
- 	dev = cfgdev_to_wlc_ndev(cfgdev, cfg);
- 
- 	/* set bsscfg idx for iovar (wlan0: P2PAPI_BSSCFG_PRIMARY, p2p: P2PAPI_BSSCFG_DEVICE)	*/
-
\ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0710/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-0710/ANY/0.patch.base64 deleted file mode 100644 index 3c6f5d63..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-0710/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSA3OWY2Zjc0YzFjN2UwY2NhNzFmNDU0YmZhZGVhNmY1N2JmYmJhNjBjCnBhcmVudCBlN2Y2MjNhYTFiOGJhM2I4NDNjNzBlZWFlOTlhYWU5NWJkZGZlMDNkCmF1dGhvciBOaWNrIERlc2F1bG5pZXJzIDxuZGVzYXVsbmllcnNAZ29vZ2xlLmNvbT4gMTQ5MzkyOTU0NCAtMDcwMApjb21taXR0ZXIgQW5kcmV3IENoYW50IDxhY2hhbnRAZ29vZ2xlLmNvbT4gMTQ5NDk5MDY5MiArMDAwMAoKUmV2ZXJ0ICJwcm9jOiBzbWFwczogQWxsb3cgc21hcHMgYWNjZXNzIGZvciBDQVBfU1lTX1JFU09VUkNFIgoKVGhpcyByZXZlcnRzIGNvbW1pdCBmMGNlMGVlZTZiNzFiYzMxMDE1M2VkYjg3ZTY2ZTZiMjVlMTJmZWNlLgoKQnVnOiAzNDk1MTg2NApCdWc6IDM2NDY4NDQ3CkNoYW5nZS1JZDogSTg3YmQ5MmUwOTZjNmMyOGE1M2I5ZWNmMzAyYWUwMDhmNWU1OGViYTEKU2lnbmVkLW9mZi1ieTogTmljayBEZXNhdWxuaWVycyA8bmRlc2F1bG5pZXJzQGdvb2dsZS5jb20+Cg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0744/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-0744/ANY/0.patch.base64 deleted file mode 100644 index fee81b72..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-0744/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSBiNTE2MTZkYWRhMmVmY2Q5MWQ2NjVhMzg1NTMwYTBiYzU1YzcyYTdlCnBhcmVudCBmYTIyNDYyMzJlODhlYjhkZDBjMmJmZTUwMmNkOWEzNzgxZWFjNDA2CmF1dGhvciBSYXZpbmRyYSBMb2toYW5kZSA8cmxva2hhbmRlQG52aWRpYS5jb20+IDE0OTQyMzQ3NjggKzA1MzAKY29tbWl0dGVyIE1hcmsgU2FseXp5biA8c2FseXp5bkBnb29nbGUuY29tPiAxNDk2NjgyNjQwICswMDAwCgpBU29DOiB0ZWdyYTogY2hlY2sgdWNvZGUgdXBwZXIgbGltaXQKCkNoZWNrIHVjb2RlIHNpemUgZm9yIHVwcGVyIGxpbWl0LgoKTnZCdWcgMTkwMTQzNQpCdWc6IDM0MTEyNzI2CgpTaWduZWQtb2ZmLWJ5OiBSYXZpbmRyYSBMb2toYW5kZSA8cmxva2hhbmRlQG52aWRpYS5jb20+ClNpZ25lZC1vZmYtYnk6IFhpYSBZYW5nIDx4aWF5QG52aWRpYS5jb20+CkNoYW5nZS1JZDogSTJmNDU1NzcxMTQ3YmI0NDY2ZDE1NDg3OGQyNDYxZTQ3MjY0N2M0ZmIKKGNoZXJyeSBwaWNrZWQgZnJvbSBjb21taXQgMzNlMmM0YTMyMWI2Y2FmNzcyYzdlZWFhZDNjYTM3MGIxMWNhYTVhMikK \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0749/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-0749/ANY/0.patch.base64 deleted file mode 100644 index eb9c2c1c..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-0749/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSA4YjI4YTI4OGFjZmJkNDg5OTUyZjUxZGQ3NzkxNTU0YTVjOGJjYjY4CnBhcmVudCBhYjA5NjZkMzhmOWI3YTM3ZWU0MGM5NDFkMjdkYjA2NTEwMGJjYjlhCmF1dGhvciBBZHJpYW4gU2FsaWRvIDxzYWxpZG9hQGdvb2dsZS5jb20+IDE0OTI1NDEwNzMgLTA3MDAKY29tbWl0dGVyIEFkcmlhbiBTYWxpZG8gPHNhbGlkb2FAZ29vZ2xlLmNvbT4gMTQ5Njg2NzM0NCArMDAwMAoKdHJhY2luZzogZml4IHJhY2UgY29uZGl0aW9uIHJlYWRpbmcgc2F2ZWQgdGdpZHMKCkNvbW1pdCA5MzljN2E0ZjA0ZmMgKCJ0cmFjaW5nOiBJbnRyb2R1Y2Ugc2F2ZWRfY21kbGluZXNfc2l6ZSBmaWxlIikKaW50cm9kdWNlZCBhYmlsaXR5IHRvIGNoYW5nZSBzYXZlZCBjbWRsaW5lcyBzaXplLiBUaGlzIHJlc2l6ZWQgc2F2ZWQKY29tbWFuZCBsaW5lcyBidXQgbWlzc2VkIHJlc2l6aW5nIHRnaWQgbWFwcGluZyBhcyB3ZWxsLgoKQW5vdGhlciBpc3N1ZSBpcyB0aGF0IHdoZW4gdGhlIHJlc2l6ZSBoYXBwZW5zLCBpdCByZW1vdmVzIHNhdmVkIGNvbW1hbmQKbGluZXMgYW5kIHJlYWxsb2NhdGVzIG5ldyBtZW1vcnkgZm9yIGl0LiBUaGlzIGludHJvZHVjZWQgYSByYWNlCmNvbmRpdGlvbiB3aGVuIHJlYWRpbmcgdGhlIGdsb2JhbCBzYXZlY21kIGFzIHRoaXMgY2FuIGJlIGZyZWVkIGluIHRoZQptaWRkbGUgb2YgYWNjZXNzaW5nIGl0IGNhdXNpbmcgYSB1c2UgYWZ0ZXIgZnJlZSBhY2Nlc3MuIEZpeCB0aGlzIGJ5CmltcGxlbWVudGluZyBsb2NraW5nLgoKU2lnbmVkLW9mZi1ieTogQWRyaWFuIFNhbGlkbyA8c2FsaWRvYUBnb29nbGUuY29tPgpCdWc6IDM2MDA3NzM1CkNoYW5nZS1JZDogSTMzNDc5MWFjMzVmOGJjYmQzNDM2MmVkMTEyYWE2MjQyNzVhNDY5NDcK \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-6346/3.18/1.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-6346/3.18/1.patch.base64 deleted file mode 100644 index 05f82d29..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-6346/3.18/1.patch.base64 +++ /dev/null @@ -1,78 +0,0 @@ -Diff - be671c7e17454b4f144a8e05268a6071748a8791^! - kernel/common - Git at Google
Google Git
Sign in
android / kernel / common / be671c7e17454b4f144a8e05268a6071748a8791^! / .
commitbe671c7e17454b4f144a8e05268a6071748a8791[log] [tgz]
authorEric Dumazet <edumazet@google.com>Tue Feb 14 09:03:51 2017 -0800
committerDaniel Rosenberg <drosen@google.com>Wed Jun 28 16:12:27 2017 -0700
tree7d6651acb88f24380c4371dd42644dc7417c5cf6
parentbd64c0db093a25b3a58eca9742f8d442fd376d2a [diff]
UPSTREAM: packet: fix races in fanout_add()
-
-commit d199fab63c11998a602205f7ee7ff7c05c97164b upstream.
-
-Multiple threads can call fanout_add() at the same time.
-
-We need to grab fanout_mutex earlier to avoid races that could
-lead to one thread freeing po->rollover that was set by another thread.
-
-Do the same in fanout_release(), for peace of mind, and to help us
-finding lockdep issues earlier.
-
-[js] no rollover in 3.12
-
-Fixes: dc99f600698d ("packet: Add fanout support.")
-Fixes: 0648ab70afe6 ("packet: rollover prepare: per-socket state")
-Signed-off-by: Eric Dumazet <edumazet@google.com>
-Cc: Willem de Bruijn <willemb@google.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Jiri Slaby <jslaby@suse.cz>
-Signed-off-by: Willy Tarreau <w@1wt.eu>
-(cherry picked from commit 2a272abc4e543f488b3a73292ee75a06f20d077a)
-Bug: 37897645
-Change-Id: I3b021869ee26b88d10f4d6408ce34d351543ce74
-
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index 05cfee7..2ae5ae2 100644
---- a/net/packet/af_packet.c
-+++ b/net/packet/af_packet.c
-
@@ -1429,13 +1429,16 @@
- 		return -EINVAL;
- 	}
- 
--	if (!po->running)
--		return -EINVAL;
--
--	if (po->fanout)
--		return -EALREADY;
--
- 	mutex_lock(&fanout_mutex);
-+
-+	err = -EINVAL;
-+	if (!po->running)
-+		goto out;
-+
-+	err = -EALREADY;
-+	if (po->fanout)
-+		goto out;
-+
- 	match = NULL;
- 	list_for_each_entry(f, &fanout_list, list) {
- 		if (f->id == id &&
-@@ -1491,17 +1494,16 @@
- 	struct packet_sock *po = pkt_sk(sk);
- 	struct packet_fanout *f;
- 
--	f = po->fanout;
--	if (!f)
--		return;
--
- 	mutex_lock(&fanout_mutex);
--	po->fanout = NULL;
-+	f = po->fanout;
-+	if (f) {
-+		po->fanout = NULL;
- 
--	if (atomic_dec_and_test(&f->sk_ref)) {
--		list_del(&f->list);
--		dev_remove_pack(&f->prot_hook);
--		kfree(f);
-+		if (atomic_dec_and_test(&f->sk_ref)) {
-+			list_del(&f->list);
-+			dev_remove_pack(&f->prot_hook);
-+			kfree(f);
-+		}
- 	}
- 	mutex_unlock(&fanout_mutex);
- }
-
\ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-7308/3.18/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-7308/3.18/0.patch.base64 deleted file mode 100644 index 2ed323c4..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-7308/3.18/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSBjOTQ3NDNhNDAzZWI0MmJlMjI5Y2QzMGE3NTFkOGU2YzRmZjg0MmYxCnBhcmVudCA3YjkxZDk3ODM5YThjZWU3NmU3M2RlMTFkMTdiYTQ3MGE3N2UwMTdiCmF1dGhvciBBbmRyZXkgS29ub3ZhbG92IDxhbmRyZXlrbnZsQGdvb2dsZS5jb20+IDE0OTA3OTY2ODAgKzAyMDAKY29tbWl0dGVyIEdyZWcgS3JvYWgtSGFydG1hbiA8Z3JlZ2toQGxpbnV4Zm91bmRhdGlvbi5vcmc+IDE0OTI0OTQ5NTIgKzAyMDAKCm5ldC9wYWNrZXQ6IGZpeCBvdmVyZmxvdyBpbiBjaGVjayBmb3IgcHJpdiBhcmVhIHNpemUKCmNvbW1pdCAyYjY4NjdjMmNlNzZjNTk2Njc2YmVjN2QyZDUyNWFmNTI1ZmRjNmUyIHVwc3RyZWFtLgoKU3VidHJhY3RpbmcgdHBfc2l6ZW9mX3ByaXYgZnJvbSB0cF9ibG9ja19zaXplIGFuZCBjYXN0aW5nIHRvIGludAp0byBjaGVjayB3aGV0aGVyIG9uZSBpcyBsZXNzIHRoZW4gdGhlIG90aGVyIGRvZXNuJ3QgYWx3YXlzIHdvcmsKKGJvdGggb2YgdGhlbSBhcmUgdW5zaWduZWQgaW50cykuCgpDb21wYXJlIHRoZW0gYXMgaXMgaW5zdGVhZC4KCkFsc28gY2FzdCB0cF9zaXplb2ZfcHJpdiB0byB1NjQgYmVmb3JlIHVzaW5nIEJMS19QTFVTX1BSSVYsIGFzCml0IGNhbiBvdmVyZmxvdyBpbnNpZGUgQkxLX1BMVVNfUFJJViBvdGhlcndpc2UuCgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXkgS29ub3ZhbG92IDxhbmRyZXlrbnZsQGdvb2dsZS5jb20+CkFja2VkLWJ5OiBFcmljIER1bWF6ZXQgPGVkdW1hemV0QGdvb2dsZS5jb20+ClNpZ25lZC1vZmYtYnk6IERhdmlkIFMuIE1pbGxlciA8ZGF2ZW1AZGF2ZW1sb2Z0Lm5ldD4KU2lnbmVkLW9mZi1ieTogR3JlZyBLcm9haC1IYXJ0bWFuIDxncmVna2hAbGludXhmb3VuZGF0aW9uLm9yZz4KCg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-7308/3.18/1.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-7308/3.18/1.patch.base64 deleted file mode 100644 index 2282edf4..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-7308/3.18/1.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSAwNDEzNmJiYTE4ZjBhYjk1YWYxN2UzYjFlYmQ5MTI3YzQwZDA0ZmZmCnBhcmVudCAxYTAxNjgwNmFlODMxMzBiZGNiMjliMzQwMDc1YjkzMmVjNGM5NDdkCmF1dGhvciBBbmRyZXkgS29ub3ZhbG92IDxhbmRyZXlrbnZsQGdvb2dsZS5jb20+IDE0OTA3OTY2ODEgKzAyMDAKY29tbWl0dGVyIEdyZWcgS3JvYWgtSGFydG1hbiA8Z3JlZ2toQGxpbnV4Zm91bmRhdGlvbi5vcmc+IDE0OTQyMjIyNDggKzAyMDAKCm5ldC9wYWNrZXQ6IGZpeCBvdmVyZmxvdyBpbiBjaGVjayBmb3IgdHBfZnJhbWVfbnIKClsgVXBzdHJlYW0gY29tbWl0IDhmOGQyOGU0ZDZkODE1YTM5MTI4NWUxMjFjM2E1M2EwYjZjYjllN2IgXQoKV2hlbiBjYWxjdWxhdGluZyByYi0+ZnJhbWVzX3Blcl9ibG9jayAqIHJlcS0+dHBfYmxvY2tfbnIgdGhlIHJlc3VsdApjYW4gb3ZlcmZsb3cuCgpBZGQgYSBjaGVjayB0aGF0IHRwX2Jsb2NrX3NpemUgKiB0cF9ibG9ja19uciA8PSBVSU5UX01BWC4KClNpbmNlIGZyYW1lc19wZXJfYmxvY2sgPD0gdHBfYmxvY2tfc2l6ZSwgdGhlIGV4cHJlc3Npb24gd291bGQKbmV2ZXIgb3ZlcmZsb3cuCgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXkgS29ub3ZhbG92IDxhbmRyZXlrbnZsQGdvb2dsZS5jb20+CkFja2VkLWJ5OiBFcmljIER1bWF6ZXQgPGVkdW1hemV0QGdvb2dsZS5jb20+ClNpZ25lZC1vZmYtYnk6IERhdmlkIFMuIE1pbGxlciA8ZGF2ZW1AZGF2ZW1sb2Z0Lm5ldD4KU2lnbmVkLW9mZi1ieTogR3JlZyBLcm9haC1IYXJ0bWFuIDxncmVna2hAbGludXhmb3VuZGF0aW9uLm9yZz4K \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-7308/3.18/2.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-7308/3.18/2.patch.base64 deleted file mode 100644 index 50764e30..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-7308/3.18/2.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSA5NzdmYzIyODAwOTQ4ZTk4N2EwMjg2ZjZiYzQ0NzFmMDA5OWFlOGVjCnBhcmVudCAzZTc3Y2FjYWFlNjA0Y2QxMjc2NDI4NjkzODFhODc3NzQ4ODBhZmI2CmF1dGhvciBBbmRyZXkgS29ub3ZhbG92IDxhbmRyZXlrbnZsQGdvb2dsZS5jb20+IDE0OTA3OTY2ODIgKzAyMDAKY29tbWl0dGVyIEdyZWcgS3JvYWgtSGFydG1hbiA8Z3JlZ2toQGxpbnV4Zm91bmRhdGlvbi5vcmc+IDE0OTQyMjIyNDggKzAyMDAKCm5ldC9wYWNrZXQ6IGZpeCBvdmVyZmxvdyBpbiBjaGVjayBmb3IgdHBfcmVzZXJ2ZQoKWyBVcHN0cmVhbSBjb21taXQgYmNjNTM2NGJkY2ZlMTMxZTYzNzkzNjNmMDg5ZTdiNDEwOGQzNWI3MCBdCgpXaGVuIGNhbGN1bGF0aW5nIHBvLT50cF9oZHJsZW4gKyBwby0+dHBfcmVzZXJ2ZSB0aGUgcmVzdWx0IGNhbiBvdmVyZmxvdy4KCkZpeCBieSBjaGVja2luZyB0aGF0IHRwX3Jlc2VydmUgPD0gSU5UX01BWCBvbiBhc3NpZ24uCgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXkgS29ub3ZhbG92IDxhbmRyZXlrbnZsQGdvb2dsZS5jb20+CkFja2VkLWJ5OiBFcmljIER1bWF6ZXQgPGVkdW1hemV0QGdvb2dsZS5jb20+ClNpZ25lZC1vZmYtYnk6IERhdmlkIFMuIE1pbGxlciA8ZGF2ZW1AZGF2ZW1sb2Z0Lm5ldD4KU2lnbmVkLW9mZi1ieTogR3JlZyBLcm9haC1IYXJ0bWFuIDxncmVna2hAbGludXhmb3VuZGF0aW9uLm9yZz4K \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-8262/3.10/1.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-8262/3.10/1.patch.base64 deleted file mode 100644 index 49afc8f7..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-8262/3.10/1.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSAwMDJjZDNkNWM2NTEzNGE3N2VmMjQxMjYzNGIyMjU0NzUzMWQ2ODBkCnBhcmVudCA0MjY4Yjc1MjA4Y2EwNGJjNjNkY2ZhZGJiOWExZWNhOGU5NjRhNjk3CmF1dGhvciBEZW5uaXMgQ2FnbGUgPGQtY2FnbGVAY29kZWF1cm9yYS5vcmc+IDE0OTUwNDUxMDYgLTA3MDAKY29tbWl0dGVyIEFuZHJldyBDaGFudCA8YWNoYW50QGdvb2dsZS5jb20+IDE0OTUwNDU3MDcgKzAwMDAKCm1zbToga2dzbDogRml4IGtnc2wgbWVtb3J5IGFsbG9jYXRpb24gYW5kIGZyZWUgcmFjZSBjb25kaXRpb24KCldoZW4gYWxsb2NhdGluZyB1c2Vyc3BhY2UgbWVtb3J5IGtlZXAgcmVmZXJlbmNlIHRvIG1lbW9yeQphbGxvY2F0aW9uIHRpbGwgaXQgaXMgY29tcGxldGVseSBpbml0aWFsaXplZCBhbmQgaW5mbyBpcyBzZW5kIGJhY2sKdG8gdXNlcnNwYWNlCgpCdWc6IDMyOTM4NDQzCkNScy1GaXhlZDogMjAyOTExMwpDaGFuZ2UtSWQ6IElkNzJjODJiZjk4YzA5NGVjYmQ0NzIyODEzYzczMmE5OThkY2JiMTg4ClNpZ25lZC1vZmYtYnk6IFRhcnVuIEthcnJhIDx0a2FycmFAY29kZWF1cm9yYS5vcmc+ClNpZ25lZC1vZmYtYnk6IFN1bmlsIEtoYXRyaSA8c3VuaWxraEBjb2RlYXVyb3JhLm9yZz4KU2lnbmVkLW9mZi1ieTogRGVubmlzIENhZ2xlIDxkLWNhZ2xlQGNvZGVhdXJvcmEub3JnPgo= \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-8263/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-8263/ANY/0.patch.base64 deleted file mode 100644 index d415be2d..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-8263/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSBmZDhjZDdkN2M4Njg3MTQ5NTkzNGFlM2NhMTU0OWYzNDkzN2IxOTI1CnBhcmVudCBkOTBlMjUxNzhmNWVjNjUwMDgxYWM2MjQ1YzNhYWRkNzUxNGQ3MWJhCmF1dGhvciBEZW5uaXMgQ2FnbGUgPGQtY2FnbGVAY29kZWF1cm9yYS5vcmc+IDE0OTM5MzY3OTIgLTA3MDAKY29tbWl0dGVyIEFuZHJldyBDaGFudCA8YWNoYW50QGdvb2dsZS5jb20+IDE0OTQ5ODY2NDggKzAwMDAKCmFzaG1lbTogcmVtb3ZlIGNhY2hlIG1haW50ZW5hbmNlIHN1cHBvcnQKClRoZSBjYWNoZSBtYWludGVuYW5jZSByb3V0aW5lcyBpbiBhc2htZW0gd2VyZSBjYXVzaW5nCnNldmVyYWwgc2VjdXJpdHkgaXNzdWVzLiBTaW5jZSB0aGV5IGFyZSBub3QgYmVpbmcgdXNlZAphbnltb3JlIGJ5IGFueSBkcml2ZXJzLCBpdHMgd2VsbCB0byByZW1vdmUgdGhlbSBlbnRpcmVseS4KCkJ1ZzogMzQxMjY4MDgKQnVnOiAzNDE3Mzc1NQpCdWc6IDM0MjAzMTc2CkNScy1GaXhlZDogMTEwNzAzNCwgMjAwMTEyOSwgMjAwNzc4NgpDaGFuZ2UtSWQ6IEk5NTVlMzNkOTBiODg4ZDU4ZGI1Y2Y2YmI0OTA5MDUyODMzNzQ0MjViClNpZ25lZC1vZmYtYnk6IFN1ZGFyc2hhbiBSYWphZ29wYWxhbiA8c3VkYXJhamFAY29kZWF1cm9yYS5vcmc+ClNpZ25lZC1vZmYtYnk6IERlbm5pcyBDYWdsZSA8ZC1jYWdsZUBjb2RlYXVyb3JhLm9yZz4K \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-8267/ANY/0.patch.base64 b/Patches/Linux_CVEs-New/CVE-2017-8267/ANY/0.patch.base64 deleted file mode 100644 index d415be2d..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-8267/ANY/0.patch.base64 +++ /dev/null @@ -1 +0,0 @@ -dHJlZSBmZDhjZDdkN2M4Njg3MTQ5NTkzNGFlM2NhMTU0OWYzNDkzN2IxOTI1CnBhcmVudCBkOTBlMjUxNzhmNWVjNjUwMDgxYWM2MjQ1YzNhYWRkNzUxNGQ3MWJhCmF1dGhvciBEZW5uaXMgQ2FnbGUgPGQtY2FnbGVAY29kZWF1cm9yYS5vcmc+IDE0OTM5MzY3OTIgLTA3MDAKY29tbWl0dGVyIEFuZHJldyBDaGFudCA8YWNoYW50QGdvb2dsZS5jb20+IDE0OTQ5ODY2NDggKzAwMDAKCmFzaG1lbTogcmVtb3ZlIGNhY2hlIG1haW50ZW5hbmNlIHN1cHBvcnQKClRoZSBjYWNoZSBtYWludGVuYW5jZSByb3V0aW5lcyBpbiBhc2htZW0gd2VyZSBjYXVzaW5nCnNldmVyYWwgc2VjdXJpdHkgaXNzdWVzLiBTaW5jZSB0aGV5IGFyZSBub3QgYmVpbmcgdXNlZAphbnltb3JlIGJ5IGFueSBkcml2ZXJzLCBpdHMgd2VsbCB0byByZW1vdmUgdGhlbSBlbnRpcmVseS4KCkJ1ZzogMzQxMjY4MDgKQnVnOiAzNDE3Mzc1NQpCdWc6IDM0MjAzMTc2CkNScy1GaXhlZDogMTEwNzAzNCwgMjAwMTEyOSwgMjAwNzc4NgpDaGFuZ2UtSWQ6IEk5NTVlMzNkOTBiODg4ZDU4ZGI1Y2Y2YmI0OTA5MDUyODMzNzQ0MjViClNpZ25lZC1vZmYtYnk6IFN1ZGFyc2hhbiBSYWphZ29wYWxhbiA8c3VkYXJhamFAY29kZWF1cm9yYS5vcmc+ClNpZ25lZC1vZmYtYnk6IERlbm5pcyBDYWdsZSA8ZC1jYWdsZUBjb2RlYXVyb3JhLm9yZz4K \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2012-6657/ANY/0.patch b/Patches/Linux_CVEs/CVE-2012-6657/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2012-6657/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2012-6657/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2012-6689/ANY/0.patch b/Patches/Linux_CVEs/CVE-2012-6689/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2012-6689/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2012-6689/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2012-6701/ANY/0.patch b/Patches/Linux_CVEs/CVE-2012-6701/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2012-6701/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2012-6701/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2012-6703/ANY/0.patch.disabled b/Patches/Linux_CVEs/CVE-2012-6703/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2012-6703/ANY/0.patch.disabled rename to Patches/Linux_CVEs/CVE-2012-6703/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2012-6703/ANY/1.patch b/Patches/Linux_CVEs/CVE-2012-6703/ANY/1.patch new file mode 100644 index 00000000..a93bedec --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2012-6703/ANY/1.patch @@ -0,0 +1,31 @@ +From 81ce573830e9d5531531b3ec778c58e6b9167bcd Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Wed, 5 Sep 2012 15:32:18 +0300 +Subject: [PATCH] ALSA: compress_core: integer overflow in + snd_compr_allocate_buffer() + +These are 32 bit values that come from the user, we need to check for +integer overflows or we could end up allocating a smaller buffer than +expected. + +Signed-off-by: Dan Carpenter +Signed-off-by: Takashi Iwai +--- + sound/core/compress_offload.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c +index eb60cb8dbb8a6..68fe02c7400a2 100644 +--- a/sound/core/compress_offload.c ++++ b/sound/core/compress_offload.c +@@ -407,6 +407,10 @@ static int snd_compr_allocate_buffer(struct snd_compr_stream *stream, + unsigned int buffer_size; + void *buffer; + ++ if (params->buffer.fragment_size == 0 || ++ params->buffer.fragments > SIZE_MAX / params->buffer.fragment_size) ++ return -EINVAL; ++ + buffer_size = params->buffer.fragment_size * params->buffer.fragments; + if (stream->ops->copy) { + buffer = NULL; diff --git a/Patches/Linux_CVEs-New/CVE-2012-6703/ANY/2.patch.disabled b/Patches/Linux_CVEs/CVE-2012-6703/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2012-6703/ANY/2.patch.disabled rename to Patches/Linux_CVEs/CVE-2012-6703/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2012-6704/ANY/0.patch b/Patches/Linux_CVEs/CVE-2012-6704/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2012-6704/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2012-6704/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2013-2015/3.4/0.patch b/Patches/Linux_CVEs/CVE-2013-2015/3.4/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2013-2015/3.4/0.patch rename to Patches/Linux_CVEs/CVE-2013-2015/3.4/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2013-4312/3.2/0.patch b/Patches/Linux_CVEs/CVE-2013-4312/3.2/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2013-4312/3.2/0.patch rename to Patches/Linux_CVEs/CVE-2013-4312/3.2/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2013-4312/3.2/1.patch b/Patches/Linux_CVEs/CVE-2013-4312/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2013-4312/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2013-4312/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2013-4312/4.5/2.patch b/Patches/Linux_CVEs/CVE-2013-4312/4.5/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2013-4312/4.5/2.patch rename to Patches/Linux_CVEs/CVE-2013-4312/4.5/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2013-4312/4.5/3.patch b/Patches/Linux_CVEs/CVE-2013-4312/4.5/3.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2013-4312/4.5/3.patch rename to Patches/Linux_CVEs/CVE-2013-4312/4.5/3.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-0196/3.2/1.patch b/Patches/Linux_CVEs/CVE-2014-0196/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-0196/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2014-0196/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-0196/3.4/2.patch b/Patches/Linux_CVEs/CVE-2014-0196/3.4/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-0196/3.4/2.patch rename to Patches/Linux_CVEs/CVE-2014-0196/3.4/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-0196/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-0196/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-0196/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-0196/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-0206/3.12/0.patch b/Patches/Linux_CVEs/CVE-2014-0206/3.12/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-0206/3.12/0.patch rename to Patches/Linux_CVEs/CVE-2014-0206/3.12/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-1739/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-1739/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-1739/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-1739/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-2523/3.2/1.patch b/Patches/Linux_CVEs/CVE-2014-2523/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-2523/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2014-2523/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-2523/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-2523/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-2523/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-2523/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-2706/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-2706/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-2706/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-2706/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-2851/3.2/0.patch b/Patches/Linux_CVEs/CVE-2014-2851/3.2/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-2851/3.2/0.patch rename to Patches/Linux_CVEs/CVE-2014-2851/3.2/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-3145/3.10/1.patch b/Patches/Linux_CVEs/CVE-2014-3145/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-3145/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2014-3145/3.10/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-3145/3.2/2.patch b/Patches/Linux_CVEs/CVE-2014-3145/3.2/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-3145/3.2/2.patch rename to Patches/Linux_CVEs/CVE-2014-3145/3.2/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-3145/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-3145/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-3145/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-3145/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-4014/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-4014/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-4014/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-4014/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-4323/3.10/0.patch b/Patches/Linux_CVEs/CVE-2014-4323/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-4323/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2014-4323/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-4655/3.2/1.patch b/Patches/Linux_CVEs/CVE-2014-4655/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-4655/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2014-4655/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-4655/3.2/2.patch b/Patches/Linux_CVEs/CVE-2014-4655/3.2/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-4655/3.2/2.patch rename to Patches/Linux_CVEs/CVE-2014-4655/3.2/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-4655/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-4655/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-4655/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-4655/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-4656/3.2/1.patch b/Patches/Linux_CVEs/CVE-2014-4656/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-4656/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2014-4656/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-4656/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-4656/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-4656/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-4656/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-4943/3.2/1.patch b/Patches/Linux_CVEs/CVE-2014-4943/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-4943/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2014-4943/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-4943/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-4943/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-4943/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-4943/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-5206/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-5206/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-5206/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-5206/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-7822/3.2/0.patch b/Patches/Linux_CVEs/CVE-2014-7822/3.2/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-7822/3.2/0.patch rename to Patches/Linux_CVEs/CVE-2014-7822/3.2/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-7825/3.2/0.patch b/Patches/Linux_CVEs/CVE-2014-7825/3.2/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-7825/3.2/0.patch rename to Patches/Linux_CVEs/CVE-2014-7825/3.2/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-7825/3.2/1.patch b/Patches/Linux_CVEs/CVE-2014-7825/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-7825/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2014-7825/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-7825/ANY/2.patch b/Patches/Linux_CVEs/CVE-2014-7825/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-7825/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2014-7825/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-7970/3.0/1.patch b/Patches/Linux_CVEs/CVE-2014-7970/3.0/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-7970/3.0/1.patch rename to Patches/Linux_CVEs/CVE-2014-7970/3.0/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-7970/3.4/2.patch b/Patches/Linux_CVEs/CVE-2014-7970/3.4/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-7970/3.4/2.patch rename to Patches/Linux_CVEs/CVE-2014-7970/3.4/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-7970/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-7970/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-7970/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-7970/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-8160/3.2/1.patch b/Patches/Linux_CVEs/CVE-2014-8160/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-8160/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2014-8160/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-8160/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-8160/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-8160/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-8160/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-8173/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-8173/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-8173/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-8173/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-8709/3.2/1.patch b/Patches/Linux_CVEs/CVE-2014-8709/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-8709/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2014-8709/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-8709/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-8709/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-8709/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-8709/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9420/3.2/1.patch b/Patches/Linux_CVEs/CVE-2014-9420/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9420/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2014-9420/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9420/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9420/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9420/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9420/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9529/3.2/1.patch b/Patches/Linux_CVEs/CVE-2014-9529/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9529/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2014-9529/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9529/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9529/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9529/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9529/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9683/3.2/1.patch b/Patches/Linux_CVEs/CVE-2014-9683/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9683/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2014-9683/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9683/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9683/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9683/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9683/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9715/3.2/1.patch b/Patches/Linux_CVEs/CVE-2014-9715/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9715/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2014-9715/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9715/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9715/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9715/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9715/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9731/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9731/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9731/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9731/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9777/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9777/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9777/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9777/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9778/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9778/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9778/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9778/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9780/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9780/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9780/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9780/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9781/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9781/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9781/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9781/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9782/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9782/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9782/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9782/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9783/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9783/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9783/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9783/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9784/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9784/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9784/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9784/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9785/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9785/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9785/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9785/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9786/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9786/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9786/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9786/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9787/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9787/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9787/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9787/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9788/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9788/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9788/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9788/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9789/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9789/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9789/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9789/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9790/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9790/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9790/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9790/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9792/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9792/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9792/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9792/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9803/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9803/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9803/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9803/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9863/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9863/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9863/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9863/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9864/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9864/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9864/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9864/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9865/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9865/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9865/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9865/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9866/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9866/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9866/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9866/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9867/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9867/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9867/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9867/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9868/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9868/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9868/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9868/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9869/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9869/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9869/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9869/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9869/ANY/1.patch b/Patches/Linux_CVEs/CVE-2014-9869/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9869/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2014-9869/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9870/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9870/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9870/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9870/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9871/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9871/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9871/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9871/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9872/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9872/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9872/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9872/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9873/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9873/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9873/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9873/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9874/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9874/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9874/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9874/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9874/ANY/1.patch b/Patches/Linux_CVEs/CVE-2014-9874/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9874/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2014-9874/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9875/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9875/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9875/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9875/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9876/3.0/0.patch b/Patches/Linux_CVEs/CVE-2014-9876/3.0/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9876/3.0/0.patch rename to Patches/Linux_CVEs/CVE-2014-9876/3.0/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9876/3.4/1.patch b/Patches/Linux_CVEs/CVE-2014-9876/3.4/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9876/3.4/1.patch rename to Patches/Linux_CVEs/CVE-2014-9876/3.4/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9877/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9877/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9877/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9877/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9878/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9878/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9878/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9878/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9879/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9879/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9879/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9879/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9880/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9880/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9880/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9880/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9881/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9881/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9881/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9881/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9882/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9882/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9882/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9882/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9882/ANY/1.patch b/Patches/Linux_CVEs/CVE-2014-9882/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9882/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2014-9882/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9883/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9883/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9883/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9883/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9884/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9884/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9884/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9884/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9885/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9885/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9885/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9885/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9886/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9886/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9886/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9886/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9887/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9887/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9887/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9887/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9888/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9888/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9888/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9888/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9888/ANY/1.patch b/Patches/Linux_CVEs/CVE-2014-9888/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9888/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2014-9888/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9889/3.10/0.patch b/Patches/Linux_CVEs/CVE-2014-9889/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9889/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2014-9889/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9889/3.4/1.patch b/Patches/Linux_CVEs/CVE-2014-9889/3.4/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9889/3.4/1.patch rename to Patches/Linux_CVEs/CVE-2014-9889/3.4/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9890/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9890/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9890/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9890/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9891/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9891/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9891/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9891/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9892/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9892/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9892/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9892/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9893/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9893/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9893/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9893/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9894/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9894/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9894/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9894/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9895/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9895/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9895/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9895/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9895/ANY/1.patch b/Patches/Linux_CVEs/CVE-2014-9895/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9895/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2014-9895/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9896/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9896/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9896/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9896/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9897/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9897/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9897/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9897/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9898/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9898/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9898/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9898/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9899/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9899/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9899/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9899/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9900/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9900/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9900/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9900/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9901/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9901/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9901/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9901/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9902/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9902/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9902/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9902/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9903/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9903/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9903/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9903/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9904/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9904/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9904/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9904/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9914/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9914/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9914/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9914/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2014-9922/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9922/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9922/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9922/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2014-9922/ANY/1.patch b/Patches/Linux_CVEs/CVE-2014-9922/ANY/1.patch new file mode 100644 index 00000000..43274984 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2014-9922/ANY/1.patch @@ -0,0 +1,18 @@ +diff --git a/fs/sdcardfs/main.c b/fs/sdcardfs/main.c +index a652228..8b51a12 100755 +--- a/fs/sdcardfs/main.c ++++ b/fs/sdcardfs/main.c +@@ -223,6 +223,13 @@ + atomic_inc(&lower_sb->s_active); + sdcardfs_set_lower_super(sb, lower_sb); + ++ sb->s_stack_depth = lower_sb->s_stack_depth + 1; ++ if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) { ++ pr_err("sdcardfs: maximum fs stacking depth exceeded\n"); ++ err = -EINVAL; ++ goto out_sput; ++ } ++ + /* inherit maxbytes from lower file system */ + sb->s_maxbytes = lower_sb->s_maxbytes; + diff --git a/Patches/Linux_CVEs/CVE-2014-9922/ANY/1.patch.base64 b/Patches/Linux_CVEs/CVE-2014-9922/ANY/1.patch.base64 new file mode 100644 index 00000000..5fd0f880 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2014-9922/ANY/1.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2ZzL3NkY2FyZGZzL21haW4uYyBiL2ZzL3NkY2FyZGZzL21haW4uYwppbmRleCBhNjUyMjI4Li44YjUxYTEyIDEwMDc1NQotLS0gYS9mcy9zZGNhcmRmcy9tYWluLmMKKysrIGIvZnMvc2RjYXJkZnMvbWFpbi5jCkBAIC0yMjMsNiArMjIzLDEzIEBACiAJYXRvbWljX2luYygmbG93ZXJfc2ItPnNfYWN0aXZlKTsKIAlzZGNhcmRmc19zZXRfbG93ZXJfc3VwZXIoc2IsIGxvd2VyX3NiKTsKIAorCXNiLT5zX3N0YWNrX2RlcHRoID0gbG93ZXJfc2ItPnNfc3RhY2tfZGVwdGggKyAxOworCWlmIChzYi0+c19zdGFja19kZXB0aCA+IEZJTEVTWVNURU1fTUFYX1NUQUNLX0RFUFRIKSB7CisJCXByX2Vycigic2RjYXJkZnM6IG1heGltdW0gZnMgc3RhY2tpbmcgZGVwdGggZXhjZWVkZWRcbiIpOworCQllcnIgPSAtRUlOVkFMOworCQlnb3RvIG91dF9zcHV0OworCX0KKwogCS8qIGluaGVyaXQgbWF4Ynl0ZXMgZnJvbSBsb3dlciBmaWxlIHN5c3RlbSAqLwogCXNiLT5zX21heGJ5dGVzID0gbG93ZXJfc2ItPnNfbWF4Ynl0ZXM7CiAK \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2014-9940/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9940/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2014-9940/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9940/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-0569/3.10/2.patch b/Patches/Linux_CVEs/CVE-2015-0569/3.10/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-0569/3.10/2.patch rename to Patches/Linux_CVEs/CVE-2015-0569/3.10/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-0569/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-0569/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-0569/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-0569/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-0569/ANY/1.patch b/Patches/Linux_CVEs/CVE-2015-0569/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-0569/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2015-0569/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-0570/3.10/2.patch b/Patches/Linux_CVEs/CVE-2015-0570/3.10/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-0570/3.10/2.patch rename to Patches/Linux_CVEs/CVE-2015-0570/3.10/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-0570/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-0570/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-0570/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-0570/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-0570/ANY/1.patch b/Patches/Linux_CVEs/CVE-2015-0570/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-0570/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2015-0570/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-1420/3.2/0.patch b/Patches/Linux_CVEs/CVE-2015-1420/3.2/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-1420/3.2/0.patch rename to Patches/Linux_CVEs/CVE-2015-1420/3.2/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-1465/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-1465/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-1465/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-1465/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2015-1534/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-1534/ANY/0.patch new file mode 100644 index 00000000..24634bc3 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2015-1534/ANY/0.patch @@ -0,0 +1,32 @@ +diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c +index 2e4f44f..0dc39e3 100644 +--- a/drivers/staging/android/binder.c ++++ b/drivers/staging/android/binder.c +@@ -3579,13 +3579,25 @@ + + static int binder_proc_show(struct seq_file *m, void *unused) + { ++ struct binder_proc *itr; + struct binder_proc *proc = m->private; ++ struct hlist_node *pos; + int do_lock = !binder_debug_no_lock; ++ bool valid_proc = false; + + if (do_lock) + mutex_lock(&binder_lock); +- seq_puts(m, "binder proc state:\n"); +- print_binder_proc(m, proc, 1); ++ ++ hlist_for_each_entry(itr, pos, &binder_procs, proc_node) { ++ if (itr == proc) { ++ valid_proc = true; ++ break; ++ } ++ } ++ if (valid_proc) { ++ seq_puts(m, "binder proc state:\n"); ++ print_binder_proc(m, proc, 1); ++ } + if (do_lock) + mutex_unlock(&binder_lock); + return 0; diff --git a/Patches/Linux_CVEs/CVE-2015-1534/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2015-1534/ANY/0.patch.base64 new file mode 100644 index 00000000..f27d58b4 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2015-1534/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2RyaXZlcnMvc3RhZ2luZy9hbmRyb2lkL2JpbmRlci5jIGIvZHJpdmVycy9zdGFnaW5nL2FuZHJvaWQvYmluZGVyLmMKaW5kZXggMmU0ZjQ0Zi4uMGRjMzllMyAxMDA2NDQKLS0tIGEvZHJpdmVycy9zdGFnaW5nL2FuZHJvaWQvYmluZGVyLmMKKysrIGIvZHJpdmVycy9zdGFnaW5nL2FuZHJvaWQvYmluZGVyLmMKQEAgLTM1NzksMTMgKzM1NzksMjUgQEAKIAogc3RhdGljIGludCBiaW5kZXJfcHJvY19zaG93KHN0cnVjdCBzZXFfZmlsZSAqbSwgdm9pZCAqdW51c2VkKQogeworCXN0cnVjdCBiaW5kZXJfcHJvYyAqaXRyOwogCXN0cnVjdCBiaW5kZXJfcHJvYyAqcHJvYyA9IG0tPnByaXZhdGU7CisJc3RydWN0IGhsaXN0X25vZGUgKnBvczsKIAlpbnQgZG9fbG9jayA9ICFiaW5kZXJfZGVidWdfbm9fbG9jazsKKwlib29sIHZhbGlkX3Byb2MgPSBmYWxzZTsKIAogCWlmIChkb19sb2NrKQogCQltdXRleF9sb2NrKCZiaW5kZXJfbG9jayk7Ci0Jc2VxX3B1dHMobSwgImJpbmRlciBwcm9jIHN0YXRlOlxuIik7Ci0JcHJpbnRfYmluZGVyX3Byb2MobSwgcHJvYywgMSk7CisKKwlobGlzdF9mb3JfZWFjaF9lbnRyeShpdHIsIHBvcywgJmJpbmRlcl9wcm9jcywgcHJvY19ub2RlKSB7CisJCWlmIChpdHIgPT0gcHJvYykgeworCQkJdmFsaWRfcHJvYyA9IHRydWU7CisJCQlicmVhazsKKwkJfQorCX0KKwlpZiAodmFsaWRfcHJvYykgeworCQlzZXFfcHV0cyhtLCAiYmluZGVyIHByb2Mgc3RhdGU6XG4iKTsKKwkJcHJpbnRfYmluZGVyX3Byb2MobSwgcHJvYywgMSk7CisJfQogCWlmIChkb19sb2NrKQogCQltdXRleF91bmxvY2soJmJpbmRlcl9sb2NrKTsKIAlyZXR1cm4gMDsK \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2015-1593/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-1593/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-1593/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-1593/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-1805/3.4/0.patch b/Patches/Linux_CVEs/CVE-2015-1805/3.4/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-1805/3.4/0.patch rename to Patches/Linux_CVEs/CVE-2015-1805/3.4/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-2041/3.2/1.patch b/Patches/Linux_CVEs/CVE-2015-2041/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-2041/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2015-2041/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-2041/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-2041/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-2041/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-2041/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-2686/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-2686/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-2686/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-2686/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-2922/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-2922/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-2922/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-2922/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-3288/3.2/1.patch b/Patches/Linux_CVEs/CVE-2015-3288/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-3288/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2015-3288/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-3288/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-3288/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-3288/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-3288/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-3339/3.2/1.patch b/Patches/Linux_CVEs/CVE-2015-3339/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-3339/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2015-3339/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-3339/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-3339/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-3339/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-3339/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-3636/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-3636/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-3636/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-3636/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-4170/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-4170/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-4170/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-4170/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-4177/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-4177/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-4177/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-4177/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-5366/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-5366/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-5366/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-5366/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-5697/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-5697/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-5697/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-5697/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-5706/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-5706/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-5706/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-5706/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-5707/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-5707/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-5707/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-5707/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-5707/ANY/1.patch b/Patches/Linux_CVEs/CVE-2015-5707/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-5707/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2015-5707/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-7509/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-7509/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-7509/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-7509/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-7515/3.2/1.patch b/Patches/Linux_CVEs/CVE-2015-7515/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-7515/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2015-7515/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-7515/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-7515/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-7515/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-7515/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-7550/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-7550/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-7550/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-7550/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8019/3.10/0.patch b/Patches/Linux_CVEs/CVE-2015-8019/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8019/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2015-8019/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8019/3.18/1.patch b/Patches/Linux_CVEs/CVE-2015-8019/3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8019/3.18/1.patch rename to Patches/Linux_CVEs/CVE-2015-8019/3.18/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8019/ANY/2.patch b/Patches/Linux_CVEs/CVE-2015-8019/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8019/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2015-8019/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8539/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8539/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8539/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8539/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8543/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8543/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8543/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8543/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8575/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8575/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8575/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8575/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8785/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8785/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8785/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8785/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8830/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8830/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8830/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8830/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8830/ANY/1.patch b/Patches/Linux_CVEs/CVE-2015-8830/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8830/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2015-8830/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8839/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8839/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8839/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8839/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8839/ANY/1.patch b/Patches/Linux_CVEs/CVE-2015-8839/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8839/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2015-8839/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8937/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8937/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8937/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8937/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8938/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8938/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8938/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8938/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8939/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8939/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8939/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8939/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8940/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8940/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8940/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8940/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8941/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8941/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8941/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8941/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8942/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8942/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8942/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8942/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8943/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8943/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8943/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8943/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8944/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8944/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8944/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8944/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8951/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8951/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8951/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8951/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8955/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8955/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8955/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8955/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8961/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8961/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8961/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8961/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8962/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8962/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8962/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8962/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8963/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8963/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8963/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8963/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8964/3.10/1.patch b/Patches/Linux_CVEs/CVE-2015-8964/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8964/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2015-8964/3.10/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8964/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8964/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8964/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8964/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8966/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8966/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8966/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8966/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-8967/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-8967/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-8967/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-8967/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2015-9004/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-9004/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2015-9004/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-9004/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-0723/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-0723/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-0723/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-0723/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-0728/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-0728/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-0728/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-0728/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-0758/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-0758/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-0758/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-0758/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-0774/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-0774/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-0774/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-0774/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-0774/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-0774/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-0774/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-0774/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-0805/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-0805/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-0805/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-0805/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-0806/3.10/0.patch b/Patches/Linux_CVEs/CVE-2016-0806/3.10/0.patch new file mode 100644 index 00000000..78d88c1a --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-0806/3.10/0.patch @@ -0,0 +1,6574 @@ + + + +kernel/msm-3.10 - Unnamed repository + + + + + + + + + +
+ + + + +
+summaryrefslogtreecommitdiffstats
+ + + +
+
+
+ + + + + + + + + + + + + + + + +
AgeCommit message (Expand)AuthorFilesLines
2015-11-02wlan:Check priviledge permission for SET_CHANNEL_RANGEAmarnath Hullur Subramanyam1-0/+7
2015-10-29wlan:Check priviledge permission for SET_CHANNEL_RANGEAmarnath Hullur Subramanyam1-0/+7
2015-10-29wlan: ensure permission for WLAN_FTM_PRIV_SET_CHAR_GET_NONEAmarnath Hullur Subramanyam1-0/+7
2015-10-29wlan:Check priviledge permission for SET_VAR_INTS_GETNONE IOCTLAmarnath Hullur Subramanyam1-0/+5
2015-10-29wlan:Check priviledge permission for SET_THREE_INT_GET_NONEAmarnath Hullur Subramanyam1-0/+6
2015-10-29wlan:Check priviledge permission for CLEAR_MCBC_FILTER IOCTLAmarnath Hullur Subramanyam1-0/+6
2015-10-29wlan:Check priviledge permission for SET_POWER_PARAMS IOCTLAmarnath Hullur Subramanyam1-0/+6
2015-10-29wlan:Check priviledge permission for SET_BAND_CONFIG IOCTLAmarnath Hullur Subramanyam1-0/+6
2015-10-29wlan:Check priviledge permission for QCSAP_IOCTL_DISASSOC_STAAmarnath Hullur Subramanyam1-0/+7
2015-10-29wlan:Check priviledge permission for QCSAP_IOCTL_SETWPSIEAmarnath Hullur Subramanyam1-0/+6
2015-10-29wlan:Check priviledge permission before processing SET_PACKET_FILTER IOCTLAmarnath Hullur Subramanyam1-0/+6
2015-10-29wlan:Check priviledge permission before processing SET_CHAR_GET_NONE IOCTLAmarnath Hullur Subramanyam1-0/+6
2015-10-29wlan:Check priviledge permission before processing SET_OEM_DATA_REQ IOCTLAmarnath Hullur Subramanyam1-0/+6
2015-10-29qcacld 2.0: Validate ioctls for valid input lengthAmarnath Hullur Subramanyam1-14/+48
2015-10-29qcacld 2.0: Address buffer overflow due to invalid lengthAmarnath Hullur Subramanyam1-0/+3
2015-10-28qcacld 2.0: Validate WPA and RSN IE for valid lengthAmarnath Hullur Subramanyam1-10/+27
    + +
    + + diff --git a/Patches/Linux_CVEs/CVE-2016-0806/3.4/1.patch b/Patches/Linux_CVEs/CVE-2016-0806/3.4/1.patch new file mode 100644 index 00000000..c8f7f96d --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-0806/3.4/1.patch @@ -0,0 +1,6570 @@ + + + +kernel/msm-3.10 - Unnamed repository + + + + + + + + + +
    + + + + +
    +summaryrefslogtreecommitdiffstats
    + + + +
    +
    +
    + + + + + + + + + + + + +
    AgeCommit message (Expand)AuthorFilesLines
    2016-04-13qcacld 2.0: Validate ioctls for valid input lengthMahesh A Saptasagar1-11/+49
    2016-03-23qcacld 2.0: Validate WPA and RSN IE for valid lengthMahesh A Saptasagar1-8/+31
    2016-03-23wlan:Check priviledge permissionMukul Sharma1-0/+7
    2016-03-23wlan:Check priviledge permissionMukul Sharma1-0/+7
    2016-03-23wlan:Check priviledge permissionMukul Sharma1-0/+7
    2016-03-23wlan:Check priviledge permissionHanumantha Reddy Pothula1-0/+7
    2016-03-23wlan:Check priviledge permissionMukul Sharma1-1/+8
    2016-03-23wlan:Check priviledge permissionMukul Sharma1-0/+7
    2016-03-23wlan:Check priviledge permissionMukul Sharma1-0/+7
    2016-03-23wlan:Check priviledge permission before processingMukul Sharma1-0/+7
    2016-03-23wlan:Check priviledge permission before processingMukul Sharma1-0/+7
    2016-03-23wlan:Check priviledge permission before processingMukul Sharma1-0/+6
      + +
      + + diff --git a/Patches/Linux_CVEs-New/CVE-2016-0819/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-0819/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-0819/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-0819/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-0821/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-0821/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-0821/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-0821/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-0823/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-0823/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-0823/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-0823/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-10044/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10044/ANY/0.patch new file mode 100644 index 00000000..30a1f7d8 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-10044/ANY/0.patch @@ -0,0 +1,12 @@ +diff --git a/fs/aio.c b/fs/aio.c +index d991255..3eec984 100644 +--- a/fs/aio.c ++++ b/fs/aio.c +@@ -229,6 +229,7 @@ + aio_mnt = kern_mount(&aio_fs); + if (IS_ERR(aio_mnt)) + panic("Failed to create aio fs mount."); ++ aio_mnt->mnt_flags |= MNT_NOEXEC; + + if (bdi_init(&aio_fs_backing_dev_info)) + panic("Failed to init aio fs backing dev info."); diff --git a/Patches/Linux_CVEs/CVE-2016-10044/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2016-10044/ANY/0.patch.base64 new file mode 100644 index 00000000..4d91251e --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-10044/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2ZzL2Fpby5jIGIvZnMvYWlvLmMKaW5kZXggZDk5MTI1NS4uM2VlYzk4NCAxMDA2NDQKLS0tIGEvZnMvYWlvLmMKKysrIGIvZnMvYWlvLmMKQEAgLTIyOSw2ICsyMjksNyBAQAogCWFpb19tbnQgPSBrZXJuX21vdW50KCZhaW9fZnMpOwogCWlmIChJU19FUlIoYWlvX21udCkpCiAJCXBhbmljKCJGYWlsZWQgdG8gY3JlYXRlIGFpbyBmcyBtb3VudC4iKTsKKwlhaW9fbW50LT5tbnRfZmxhZ3MgfD0gTU5UX05PRVhFQzsKIAogCWlmIChiZGlfaW5pdCgmYWlvX2ZzX2JhY2tpbmdfZGV2X2luZm8pKQogCQlwYW5pYygiRmFpbGVkIHRvIGluaXQgYWlvIGZzIGJhY2tpbmcgZGV2IGluZm8uIik7Cg== \ No newline at end of file diff --git a/Patches/Linux_CVEs/CVE-2016-10044/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-10044/ANY/1.patch new file mode 100644 index 00000000..ea964df1 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-10044/ANY/1.patch @@ -0,0 +1,22 @@ +diff --git a/fs/aio.c b/fs/aio.c +index 9798d4e..0f2c38f 100644 +--- a/fs/aio.c ++++ b/fs/aio.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -153,6 +154,9 @@ + unsigned long size, populate; + int nr_pages; + ++ if (current->personality & READ_IMPLIES_EXEC) ++ return -EPERM; ++ + /* Compensate for the ring buffer's head/tail overlap entry */ + nr_events += 2; /* 1 is required, 2 for good luck */ + diff --git a/Patches/Linux_CVEs/CVE-2016-10044/ANY/1.patch.base64 b/Patches/Linux_CVEs/CVE-2016-10044/ANY/1.patch.base64 new file mode 100644 index 00000000..b74cf0b4 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-10044/ANY/1.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2ZzL2Fpby5jIGIvZnMvYWlvLmMKaW5kZXggOTc5OGQ0ZS4uMGYyYzM4ZiAxMDA2NDQKLS0tIGEvZnMvYWlvLmMKKysrIGIvZnMvYWlvLmMKQEAgLTM1LDYgKzM1LDcgQEAKICNpbmNsdWRlIDxsaW51eC9ldmVudGZkLmg+CiAjaW5jbHVkZSA8bGludXgvYmxrZGV2Lmg+CiAjaW5jbHVkZSA8bGludXgvY29tcGF0Lmg+CisjaW5jbHVkZSA8bGludXgvcGVyc29uYWxpdHkuaD4KIAogI2luY2x1ZGUgPGFzbS9rbWFwX3R5cGVzLmg+CiAjaW5jbHVkZSA8YXNtL3VhY2Nlc3MuaD4KQEAgLTE1Myw2ICsxNTQsOSBAQAogCXVuc2lnbmVkIGxvbmcgc2l6ZSwgcG9wdWxhdGU7CiAJaW50IG5yX3BhZ2VzOwogCisJaWYgKGN1cnJlbnQtPnBlcnNvbmFsaXR5ICYgUkVBRF9JTVBMSUVTX0VYRUMpCisJCXJldHVybiAtRVBFUk07CisKIAkvKiBDb21wZW5zYXRlIGZvciB0aGUgcmluZyBidWZmZXIncyBoZWFkL3RhaWwgb3ZlcmxhcCBlbnRyeSAqLwogCW5yX2V2ZW50cyArPSAyOwkvKiAxIGlzIHJlcXVpcmVkLCAyIGZvciBnb29kIGx1Y2sgKi8KIAo= \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-10044/ANY/2.patch b/Patches/Linux_CVEs/CVE-2016-10044/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10044/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2016-10044/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10088/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10088/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10088/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10088/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10153/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10153/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10153/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10153/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10154/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10154/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10154/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10154/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10200/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10200/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10200/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10200/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10208/3.16/2.patch b/Patches/Linux_CVEs/CVE-2016-10208/3.16/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10208/3.16/2.patch rename to Patches/Linux_CVEs/CVE-2016-10208/3.16/2.patch diff --git a/Patches/Linux_CVEs/CVE-2016-10208/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10208/ANY/0.patch new file mode 100644 index 00000000..4df1e4dd --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-10208/ANY/0.patch @@ -0,0 +1,63 @@ +From cf851ad35fd1e9c7b8ed00741eca613bc1a9c8c8 Mon Sep 17 00:00:00 2001 +From: Eryu Guan +Date: Thu, 01 Dec 2016 15:08:37 -0500 +Subject: [PATCH] ext4: validate s_first_meta_bg at mount time + +Ralf Spenneberg reported that he hit a kernel crash when mounting a +modified ext4 image. And it turns out that kernel crashed when +calculating fs overhead (ext4_calculate_overhead()), this is because +the image has very large s_first_meta_bg (debug code shows it's +842150400), and ext4 overruns the memory in count_overhead() when +setting bitmap buffer, which is PAGE_SIZE. + +ext4_calculate_overhead(): + buf = get_zeroed_page(GFP_NOFS); <=== PAGE_SIZE buffer + blks = count_overhead(sb, i, buf); + +count_overhead(): + for (j = ext4_bg_num_gdb(sb, grp); j > 0; j--) { <=== j = 842150400 + ext4_set_bit(EXT4_B2C(sbi, s++), buf); <=== buffer overrun + count++; + } + +This can be reproduced easily for me by this script: + + #!/bin/bash + rm -f fs.img + mkdir -p /mnt/ext4 + fallocate -l 16M fs.img + mke2fs -t ext4 -O bigalloc,meta_bg,^resize_inode -F fs.img + debugfs -w -R "ssv first_meta_bg 842150400" fs.img + mount -o loop fs.img /mnt/ext4 + +Fix it by validating s_first_meta_bg first at mount time, and +refusing to mount if its value exceeds the largest possible meta_bg +number. + +Change-Id: If8f0dbed1ed36f3ef9b4466feb4245d8ba5c89b6 +Reported-by: Ralf Spenneberg +Signed-off-by: Eryu Guan +Signed-off-by: Theodore Ts'o +Reviewed-by: Andreas Dilger +--- + +diff --git a/fs/ext4/super.c b/fs/ext4/super.c +index 5862518..fcbc8dc 100644 +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -3501,6 +3501,15 @@ + (EXT4_MAX_BLOCK_FILE_PHYS / EXT4_BLOCKS_PER_GROUP(sb))); + db_count = (sbi->s_groups_count + EXT4_DESC_PER_BLOCK(sb) - 1) / + EXT4_DESC_PER_BLOCK(sb); ++ if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FLEX_BG)) { ++ if (le32_to_cpu(es->s_first_meta_bg) >= db_count) { ++ ext4_msg(sb, KERN_WARNING, ++ "first meta block group too large: %u " ++ "(group descriptor block count %u)", ++ le32_to_cpu(es->s_first_meta_bg), db_count); ++ goto failed_mount; ++ } ++ } + sbi->s_group_desc = ext4_kvmalloc(db_count * + sizeof(struct buffer_head *), + GFP_KERNEL); diff --git a/Patches/Linux_CVEs/CVE-2016-10208/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2016-10208/ANY/0.patch.base64 new file mode 100644 index 00000000..cab66b52 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-10208/ANY/0.patch.base64 @@ -0,0 +1 @@ +RnJvbSBjZjg1MWFkMzVmZDFlOWM3YjhlZDAwNzQxZWNhNjEzYmMxYTljOGM4IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBFcnl1IEd1YW4gPGd1YW5lcnl1QGdtYWlsLmNvbT4KRGF0ZTogVGh1LCAwMSBEZWMgMjAxNiAxNTowODozNyAtMDUwMApTdWJqZWN0OiBbUEFUQ0hdIGV4dDQ6IHZhbGlkYXRlIHNfZmlyc3RfbWV0YV9iZyBhdCBtb3VudCB0aW1lCgpSYWxmIFNwZW5uZWJlcmcgcmVwb3J0ZWQgdGhhdCBoZSBoaXQgYSBrZXJuZWwgY3Jhc2ggd2hlbiBtb3VudGluZyBhCm1vZGlmaWVkIGV4dDQgaW1hZ2UuIEFuZCBpdCB0dXJucyBvdXQgdGhhdCBrZXJuZWwgY3Jhc2hlZCB3aGVuCmNhbGN1bGF0aW5nIGZzIG92ZXJoZWFkIChleHQ0X2NhbGN1bGF0ZV9vdmVyaGVhZCgpKSwgdGhpcyBpcyBiZWNhdXNlCnRoZSBpbWFnZSBoYXMgdmVyeSBsYXJnZSBzX2ZpcnN0X21ldGFfYmcgKGRlYnVnIGNvZGUgc2hvd3MgaXQncwo4NDIxNTA0MDApLCBhbmQgZXh0NCBvdmVycnVucyB0aGUgbWVtb3J5IGluIGNvdW50X292ZXJoZWFkKCkgd2hlbgpzZXR0aW5nIGJpdG1hcCBidWZmZXIsIHdoaWNoIGlzIFBBR0VfU0laRS4KCmV4dDRfY2FsY3VsYXRlX292ZXJoZWFkKCk6CiAgYnVmID0gZ2V0X3plcm9lZF9wYWdlKEdGUF9OT0ZTKTsgIDw9PT0gUEFHRV9TSVpFIGJ1ZmZlcgogIGJsa3MgPSBjb3VudF9vdmVyaGVhZChzYiwgaSwgYnVmKTsKCmNvdW50X292ZXJoZWFkKCk6CiAgZm9yIChqID0gZXh0NF9iZ19udW1fZ2RiKHNiLCBncnApOyBqID4gMDsgai0tKSB7IDw9PT0gaiA9IDg0MjE1MDQwMAogICAgICAgICAgZXh0NF9zZXRfYml0KEVYVDRfQjJDKHNiaSwgcysrKSwgYnVmKTsgICA8PT09IGJ1ZmZlciBvdmVycnVuCiAgICAgICAgICBjb3VudCsrOwogIH0KClRoaXMgY2FuIGJlIHJlcHJvZHVjZWQgZWFzaWx5IGZvciBtZSBieSB0aGlzIHNjcmlwdDoKCiAgIyEvYmluL2Jhc2gKICBybSAtZiBmcy5pbWcKICBta2RpciAtcCAvbW50L2V4dDQKICBmYWxsb2NhdGUgLWwgMTZNIGZzLmltZwogIG1rZTJmcyAtdCBleHQ0IC1PIGJpZ2FsbG9jLG1ldGFfYmcsXnJlc2l6ZV9pbm9kZSAtRiBmcy5pbWcKICBkZWJ1Z2ZzIC13IC1SICJzc3YgZmlyc3RfbWV0YV9iZyA4NDIxNTA0MDAiIGZzLmltZwogIG1vdW50IC1vIGxvb3AgZnMuaW1nIC9tbnQvZXh0NAoKRml4IGl0IGJ5IHZhbGlkYXRpbmcgc19maXJzdF9tZXRhX2JnIGZpcnN0IGF0IG1vdW50IHRpbWUsIGFuZApyZWZ1c2luZyB0byBtb3VudCBpZiBpdHMgdmFsdWUgZXhjZWVkcyB0aGUgbGFyZ2VzdCBwb3NzaWJsZSBtZXRhX2JnCm51bWJlci4KCkNoYW5nZS1JZDogSWY4ZjBkYmVkMWVkMzZmM2VmOWI0NDY2ZmViNDI0NWQ4YmE1Yzg5YjYKUmVwb3J0ZWQtYnk6IFJhbGYgU3Blbm5lYmVyZyA8cmFsZkBvcy10LmRlPgpTaWduZWQtb2ZmLWJ5OiBFcnl1IEd1YW4gPGd1YW5lcnl1QGdtYWlsLmNvbT4KU2lnbmVkLW9mZi1ieTogVGhlb2RvcmUgVHMnbyA8dHl0c29AbWl0LmVkdT4KUmV2aWV3ZWQtYnk6IEFuZHJlYXMgRGlsZ2VyIDxhZGlsZ2VyQGRpbGdlci5jYT4KLS0tCgpkaWZmIC0tZ2l0IGEvZnMvZXh0NC9zdXBlci5jIGIvZnMvZXh0NC9zdXBlci5jCmluZGV4IDU4NjI1MTguLmZjYmM4ZGMgMTAwNjQ0Ci0tLSBhL2ZzL2V4dDQvc3VwZXIuYworKysgYi9mcy9leHQ0L3N1cGVyLmMKQEAgLTM1MDEsNiArMzUwMSwxNSBAQAogCQkJKEVYVDRfTUFYX0JMT0NLX0ZJTEVfUEhZUyAvIEVYVDRfQkxPQ0tTX1BFUl9HUk9VUChzYikpKTsKIAlkYl9jb3VudCA9IChzYmktPnNfZ3JvdXBzX2NvdW50ICsgRVhUNF9ERVNDX1BFUl9CTE9DSyhzYikgLSAxKSAvCiAJCSAgIEVYVDRfREVTQ19QRVJfQkxPQ0soc2IpOworCWlmIChFWFQ0X0hBU19JTkNPTVBBVF9GRUFUVVJFKHNiLCBFWFQ0X0ZFQVRVUkVfSU5DT01QQVRfRkxFWF9CRykpIHsKKwkJaWYgKGxlMzJfdG9fY3B1KGVzLT5zX2ZpcnN0X21ldGFfYmcpID49IGRiX2NvdW50KSB7CisJCQlleHQ0X21zZyhzYiwgS0VSTl9XQVJOSU5HLAorCQkJCSAiZmlyc3QgbWV0YSBibG9jayBncm91cCB0b28gbGFyZ2U6ICV1ICIKKwkJCQkgIihncm91cCBkZXNjcmlwdG9yIGJsb2NrIGNvdW50ICV1KSIsCisJCQkJIGxlMzJfdG9fY3B1KGVzLT5zX2ZpcnN0X21ldGFfYmcpLCBkYl9jb3VudCk7CisJCQlnb3RvIGZhaWxlZF9tb3VudDsKKwkJfQorCX0KIAlzYmktPnNfZ3JvdXBfZGVzYyA9IGV4dDRfa3ZtYWxsb2MoZGJfY291bnQgKgogCQkJCQkgIHNpemVvZihzdHJ1Y3QgYnVmZmVyX2hlYWQgKiksCiAJCQkJCSAgR0ZQX0tFUk5FTCk7Cg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-10208/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-10208/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10208/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-10208/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10208/ANY/3.patch b/Patches/Linux_CVEs/CVE-2016-10208/ANY/3.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10208/ANY/3.patch rename to Patches/Linux_CVEs/CVE-2016-10208/ANY/3.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10208/ANY/4.patch b/Patches/Linux_CVEs/CVE-2016-10208/ANY/4.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10208/ANY/4.patch rename to Patches/Linux_CVEs/CVE-2016-10208/ANY/4.patch diff --git a/Patches/Linux_CVEs/CVE-2016-10208/ANY/5.patch b/Patches/Linux_CVEs/CVE-2016-10208/ANY/5.patch new file mode 100644 index 00000000..43910f45 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-10208/ANY/5.patch @@ -0,0 +1,23 @@ +From 5063cbf9d49280ac925f86968ff60401b3071603 Mon Sep 17 00:00:00 2001 +From: syphyr +Date: Sun, 11 Jun 2017 00:40:19 +0200 +Subject: [PATCH] ext4: fix condition of validate s_first_meta_bg + +Fixes: ext4: validate s_first_meta_bg at mount time + +Change-Id: Iea0fb0df71502c5578c3c96e992d6cc78842ca7e +--- + +diff --git a/fs/ext4/super.c b/fs/ext4/super.c +index 0aed818..04294d7 100644 +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -3804,7 +3804,7 @@ + (EXT4_MAX_BLOCK_FILE_PHYS / EXT4_BLOCKS_PER_GROUP(sb))); + db_count = (sbi->s_groups_count + EXT4_DESC_PER_BLOCK(sb) - 1) / + EXT4_DESC_PER_BLOCK(sb); +- if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FLEX_BG)) { ++ if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_META_BG)) { + if (le32_to_cpu(es->s_first_meta_bg) >= db_count) { + ext4_msg(sb, KERN_WARNING, + "first meta block group too large: %u " diff --git a/Patches/Linux_CVEs/CVE-2016-10208/ANY/5.patch.base64 b/Patches/Linux_CVEs/CVE-2016-10208/ANY/5.patch.base64 new file mode 100644 index 00000000..d4b68e43 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-10208/ANY/5.patch.base64 @@ -0,0 +1 @@ +RnJvbSA1MDYzY2JmOWQ0OTI4MGFjOTI1Zjg2OTY4ZmY2MDQwMWIzMDcxNjAzIE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBzeXBoeXIgPHN5cGh5ckBnbWFpbC5jb20+CkRhdGU6IFN1biwgMTEgSnVuIDIwMTcgMDA6NDA6MTkgKzAyMDAKU3ViamVjdDogW1BBVENIXSBleHQ0OiBmaXggY29uZGl0aW9uIG9mIHZhbGlkYXRlIHNfZmlyc3RfbWV0YV9iZwoKRml4ZXM6IGV4dDQ6IHZhbGlkYXRlIHNfZmlyc3RfbWV0YV9iZyBhdCBtb3VudCB0aW1lCgpDaGFuZ2UtSWQ6IEllYTBmYjBkZjcxNTAyYzU1NzhjM2M5NmU5OTJkNmNjNzg4NDJjYTdlCi0tLQoKZGlmZiAtLWdpdCBhL2ZzL2V4dDQvc3VwZXIuYyBiL2ZzL2V4dDQvc3VwZXIuYwppbmRleCAwYWVkODE4Li4wNDI5NGQ3IDEwMDY0NAotLS0gYS9mcy9leHQ0L3N1cGVyLmMKKysrIGIvZnMvZXh0NC9zdXBlci5jCkBAIC0zODA0LDcgKzM4MDQsNyBAQAogCQkJKEVYVDRfTUFYX0JMT0NLX0ZJTEVfUEhZUyAvIEVYVDRfQkxPQ0tTX1BFUl9HUk9VUChzYikpKTsKIAlkYl9jb3VudCA9IChzYmktPnNfZ3JvdXBzX2NvdW50ICsgRVhUNF9ERVNDX1BFUl9CTE9DSyhzYikgLSAxKSAvCiAJCSAgIEVYVDRfREVTQ19QRVJfQkxPQ0soc2IpOwotCWlmIChFWFQ0X0hBU19JTkNPTVBBVF9GRUFUVVJFKHNiLCBFWFQ0X0ZFQVRVUkVfSU5DT01QQVRfRkxFWF9CRykpIHsKKwlpZiAoRVhUNF9IQVNfSU5DT01QQVRfRkVBVFVSRShzYiwgRVhUNF9GRUFUVVJFX0lOQ09NUEFUX01FVEFfQkcpKSB7CiAJCWlmIChsZTMyX3RvX2NwdShlcy0+c19maXJzdF9tZXRhX2JnKSA+PSBkYl9jb3VudCkgewogCQkJZXh0NF9tc2coc2IsIEtFUk5fV0FSTklORywKIAkJCQkgImZpcnN0IG1ldGEgYmxvY2sgZ3JvdXAgdG9vIGxhcmdlOiAldSAiCg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-10229/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10229/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10229/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10229/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10230/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10230/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10230/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10230/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10231/3.18/0.patch b/Patches/Linux_CVEs/CVE-2016-10231/3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10231/3.18/0.patch rename to Patches/Linux_CVEs/CVE-2016-10231/3.18/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10231/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-10231/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10231/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-10231/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10232/3.10/1.patch b/Patches/Linux_CVEs/CVE-2016-10232/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10232/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2016-10232/3.10/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10232/3.18/0.patch b/Patches/Linux_CVEs/CVE-2016-10232/3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10232/3.18/0.patch rename to Patches/Linux_CVEs/CVE-2016-10232/3.18/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10233/3.10/1.patch b/Patches/Linux_CVEs/CVE-2016-10233/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10233/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2016-10233/3.10/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10233/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10233/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10233/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10233/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10234/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10234/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10234/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10234/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10234/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-10234/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10234/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-10234/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10235/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10235/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10235/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10235/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10235/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-10235/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10235/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-10235/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10236/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10236/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10236/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10236/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10283/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10283/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10283/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10283/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10283/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-10283/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10283/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-10283/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10285/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10285/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10285/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10285/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10286/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10286/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10286/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10286/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10287/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10287/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10287/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10287/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10288/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10288/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10288/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10288/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10289/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10289/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10289/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10289/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10290/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10290/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10290/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10290/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10291/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10291/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10291/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10291/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10293/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10293/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10293/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10293/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-10293/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-10293/ANY/1.patch new file mode 100644 index 00000000..996402e9 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-10293/ANY/1.patch @@ -0,0 +1,13 @@ +diff --git a/drivers/video/msm/mdss/mdss_debug.c b/drivers/video/msm/mdss/mdss_debug.c +index feb73bc..759ed14 100644 +--- a/drivers/video/msm/mdss/mdss_debug.c ++++ b/drivers/video/msm/mdss/mdss_debug.c +@@ -170,6 +170,8 @@ + p[2] = 0; + pr_debug("p[%d] = %pK:%s\n", i, p, p); + cnt = sscanf(p, "%x", &tmp); ++ if (cnt != 1) ++ return -EFAULT; + reg[i] = tmp; + pr_debug("reg[%d] = %x\n", i, (int)reg[i]); + } diff --git a/Patches/Linux_CVEs-New/CVE-2016-10293/ANY/1.patch.base64 b/Patches/Linux_CVEs/CVE-2016-10293/ANY/1.patch.base64 similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10293/ANY/1.patch.base64 rename to Patches/Linux_CVEs/CVE-2016-10293/ANY/1.patch.base64 diff --git a/Patches/Linux_CVEs-New/CVE-2016-10294/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10294/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10294/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10294/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10295/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10295/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10295/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10295/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-10296/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10296/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10296/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10296/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-10296/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-10296/ANY/1.patch new file mode 100644 index 00000000..4fd06fba --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-10296/ANY/1.patch @@ -0,0 +1,78 @@ +diff --git a/drivers/uio/msm_sharedmem/sharedmem_qmi.c b/drivers/uio/msm_sharedmem/sharedmem_qmi.c +index bb6a23b..c8ecd5d 100644 +--- a/drivers/uio/msm_sharedmem/sharedmem_qmi.c ++++ b/drivers/uio/msm_sharedmem/sharedmem_qmi.c +@@ -1,4 +1,4 @@ +-/* Copyright (c) 2014-2015, The Linux Foundation. All rights reserved. ++/* Copyright (c) 2014-2015, 2017, The Linux Foundation. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 and +@@ -257,12 +257,17 @@ + #define DEBUG_BUF_SIZE (2048) + static char *debug_buffer; + static u32 debug_data_size; ++static struct mutex dbg_buf_lock; /* mutex for debug_buffer */ + + static ssize_t debug_read(struct file *file, char __user *buf, + size_t count, loff_t *file_pos) + { +- return simple_read_from_buffer(buf, count, file_pos, debug_buffer, +- debug_data_size); ++ size_t ret; ++ mutex_lock(&dbg_buf_lock); ++ ret = simple_read_from_buffer(buf, count, file_pos, ++ debug_buffer, debug_data_size); ++ mutex_unlock(&dbg_buf_lock); ++ return ret; + } + + static u32 fill_debug_info(char *buffer, u32 buffer_size) +@@ -313,21 +318,29 @@ + { + u32 buffer_size; + +- if (debug_buffer != NULL) ++ mutex_lock(&dbg_buf_lock); ++ if (debug_buffer != NULL) { ++ mutex_unlock(&dbg_buf_lock); + return -EBUSY; ++ } + buffer_size = DEBUG_BUF_SIZE; + debug_buffer = kzalloc(buffer_size, GFP_KERNEL); +- if (debug_buffer == NULL) ++ if (debug_buffer == NULL) { ++ mutex_unlock(&dbg_buf_lock); + return -ENOMEM; ++ } + debug_data_size = fill_debug_info(debug_buffer, buffer_size); ++ mutex_unlock(&dbg_buf_lock); + return 0; + } + + static int debug_close(struct inode *inode, struct file *file) + { ++ mutex_lock(&dbg_buf_lock); + kfree(debug_buffer); + debug_buffer = NULL; + debug_data_size = 0; ++ mutex_unlock(&dbg_buf_lock); + return 0; + } + +@@ -358,6 +371,7 @@ + { + struct dentry *f_ent; + ++ mutex_init(&dbg_buf_lock); + dir_ent = debugfs_create_dir("rmt_storage", NULL); + if (IS_ERR(dir_ent)) { + pr_err("Failed to create debug_fs directory\n"); +@@ -386,6 +400,7 @@ + static void debugfs_exit(void) + { + debugfs_remove_recursive(dir_ent); ++ mutex_destroy(&dbg_buf_lock); + } + + static void sharedmem_qmi_svc_recv_msg(struct work_struct *work) diff --git a/Patches/Linux_CVEs-New/CVE-2016-10296/ANY/1.patch.base64 b/Patches/Linux_CVEs/CVE-2016-10296/ANY/1.patch.base64 similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-10296/ANY/1.patch.base64 rename to Patches/Linux_CVEs/CVE-2016-10296/ANY/1.patch.base64 diff --git a/Patches/Linux_CVEs-New/CVE-2016-1583/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-1583/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-1583/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-1583/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2053/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2053/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2053/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2053/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2059/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2059/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2059/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2059/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2061/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2061/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2061/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2061/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2063/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2063/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2063/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2063/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2068/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2068/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2068/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2068/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2185/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2185/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2185/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2185/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-2185/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-2185/ANY/1.patch new file mode 100644 index 00000000..9cf00e3d --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-2185/ANY/1.patch @@ -0,0 +1,109 @@ +From 37735ed2c8c12e9671a3742d6b9028bad43852df Mon Sep 17 00:00:00 2001 +From: Vladis Dronov +Date: Wed, 23 Mar 2016 11:53:46 -0700 +Subject: [PATCH] Input: ati_remote2 - fix crashes on detecting device with + invalid descriptor + +[ Upstream commit 950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d ] + +The ati_remote2 driver expects at least two interfaces with one +endpoint each. If given malicious descriptor that specify one +interface or no endpoints, it will crash in the probe function. +Ensure there is at least two interfaces and one endpoint for each +interface before using it. + +The full disclosure: http://seclists.org/bugtraq/2016/Mar/90 + +Reported-by: Ralf Spenneberg +Signed-off-by: Vladis Dronov +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Torokhov +Signed-off-by: Sasha Levin +--- + drivers/input/misc/ati_remote2.c | 36 ++++++++++++++++++++++++++++++------ + 1 file changed, 30 insertions(+), 6 deletions(-) + +diff --git a/drivers/input/misc/ati_remote2.c b/drivers/input/misc/ati_remote2.c +index f63341f20b91a..e8c6a4842e91c 100644 +--- a/drivers/input/misc/ati_remote2.c ++++ b/drivers/input/misc/ati_remote2.c +@@ -817,26 +817,49 @@ static int ati_remote2_probe(struct usb_interface *interface, const struct usb_d + + ar2->udev = udev; + ++ /* Sanity check, first interface must have an endpoint */ ++ if (alt->desc.bNumEndpoints < 1 || !alt->endpoint) { ++ dev_err(&interface->dev, ++ "%s(): interface 0 must have an endpoint\n", __func__); ++ r = -ENODEV; ++ goto fail1; ++ } + ar2->intf[0] = interface; + ar2->ep[0] = &alt->endpoint[0].desc; + ++ /* Sanity check, the device must have two interfaces */ + ar2->intf[1] = usb_ifnum_to_if(udev, 1); ++ if ((udev->actconfig->desc.bNumInterfaces < 2) || !ar2->intf[1]) { ++ dev_err(&interface->dev, "%s(): need 2 interfaces, found %d\n", ++ __func__, udev->actconfig->desc.bNumInterfaces); ++ r = -ENODEV; ++ goto fail1; ++ } ++ + r = usb_driver_claim_interface(&ati_remote2_driver, ar2->intf[1], ar2); + if (r) + goto fail1; ++ ++ /* Sanity check, second interface must have an endpoint */ + alt = ar2->intf[1]->cur_altsetting; ++ if (alt->desc.bNumEndpoints < 1 || !alt->endpoint) { ++ dev_err(&interface->dev, ++ "%s(): interface 1 must have an endpoint\n", __func__); ++ r = -ENODEV; ++ goto fail2; ++ } + ar2->ep[1] = &alt->endpoint[0].desc; + + r = ati_remote2_urb_init(ar2); + if (r) +- goto fail2; ++ goto fail3; + + ar2->channel_mask = channel_mask; + ar2->mode_mask = mode_mask; + + r = ati_remote2_setup(ar2, ar2->channel_mask); + if (r) +- goto fail2; ++ goto fail3; + + usb_make_path(udev, ar2->phys, sizeof(ar2->phys)); + strlcat(ar2->phys, "/input0", sizeof(ar2->phys)); +@@ -845,11 +868,11 @@ static int ati_remote2_probe(struct usb_interface *interface, const struct usb_d + + r = sysfs_create_group(&udev->dev.kobj, &ati_remote2_attr_group); + if (r) +- goto fail2; ++ goto fail3; + + r = ati_remote2_input_init(ar2); + if (r) +- goto fail3; ++ goto fail4; + + usb_set_intfdata(interface, ar2); + +@@ -857,10 +880,11 @@ static int ati_remote2_probe(struct usb_interface *interface, const struct usb_d + + return 0; + +- fail3: ++ fail4: + sysfs_remove_group(&udev->dev.kobj, &ati_remote2_attr_group); +- fail2: ++ fail3: + ati_remote2_urb_cleanup(ar2); ++ fail2: + usb_driver_release_interface(&ati_remote2_driver, ar2->intf[1]); + fail1: + kfree(ar2); diff --git a/Patches/Linux_CVEs-New/CVE-2016-2186/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2186/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2186/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2186/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-2186/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-2186/ANY/1.patch new file mode 100644 index 00000000..e0bca0ae --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-2186/ANY/1.patch @@ -0,0 +1,38 @@ +From b684cb33d6867e10ba45375a12ef9f3ceb6f0aa7 Mon Sep 17 00:00:00 2001 +From: Josh Boyer +Date: Mon, 14 Mar 2016 09:33:40 -0700 +Subject: [PATCH] Input: powermate - fix oops with malicious USB descriptors + +[ Upstream commit 9c6ba456711687b794dcf285856fc14e2c76074f ] + +The powermate driver expects at least one valid USB endpoint in its +probe function. If given malicious descriptors that specify 0 for +the number of endpoints, it will crash. Validate the number of +endpoints on the interface before using them. + +The full report for this issue can be found here: +http://seclists.org/bugtraq/2016/Mar/85 + +Reported-by: Ralf Spenneberg +Cc: stable +Signed-off-by: Josh Boyer +Signed-off-by: Dmitry Torokhov +Signed-off-by: Sasha Levin +--- + drivers/input/misc/powermate.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/input/misc/powermate.c b/drivers/input/misc/powermate.c +index 63b539d3dabae..84909a12ff36c 100644 +--- a/drivers/input/misc/powermate.c ++++ b/drivers/input/misc/powermate.c +@@ -307,6 +307,9 @@ static int powermate_probe(struct usb_interface *intf, const struct usb_device_i + int error = -ENOMEM; + + interface = intf->cur_altsetting; ++ if (interface->desc.bNumEndpoints < 1) ++ return -EINVAL; ++ + endpoint = &interface->endpoint[0].desc; + if (!usb_endpoint_is_int_in(endpoint)) + return -EIO; diff --git a/Patches/Linux_CVEs-New/CVE-2016-2187/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2187/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2187/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2187/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-2187/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-2187/ANY/1.patch new file mode 100644 index 00000000..72d5fe93 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-2187/ANY/1.patch @@ -0,0 +1,59 @@ +From adaad9d866105bcb8f87293a0a675f573a39129d Mon Sep 17 00:00:00 2001 +From: Vladis Dronov +Date: Thu, 31 Mar 2016 10:53:42 -0700 +Subject: Input: gtco - fix crash on detecting device without endpoints + +commit 162f98dea487206d9ab79fc12ed64700667a894d upstream. + +The gtco driver expects at least one valid endpoint. If given malicious +descriptors that specify 0 for the number of endpoints, it will crash in +the probe function. Ensure there is at least one endpoint on the interface +before using it. + +Also let's fix a minor coding style issue. + +The full correct report of this issue can be found in the public +Red Hat Bugzilla: + +https://bugzilla.redhat.com/show_bug.cgi?id=1283385 + +Reported-by: Ralf Spenneberg +Signed-off-by: Vladis Dronov +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Torokhov +Signed-off-by: Willy Tarreau +--- + drivers/input/tablet/gtco.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/drivers/input/tablet/gtco.c b/drivers/input/tablet/gtco.c +index 29e01ab..a9f8f92 100644 +--- a/drivers/input/tablet/gtco.c ++++ b/drivers/input/tablet/gtco.c +@@ -869,6 +869,14 @@ static int gtco_probe(struct usb_interface *usbinterface, + goto err_free_buf; + } + ++ /* Sanity check that a device has an endpoint */ ++ if (usbinterface->altsetting[0].desc.bNumEndpoints < 1) { ++ dev_err(&usbinterface->dev, ++ "Invalid number of endpoints\n"); ++ error = -EINVAL; ++ goto err_free_urb; ++ } ++ + /* + * The endpoint is always altsetting 0, we know this since we know + * this device only has one interrupt endpoint +@@ -890,7 +898,7 @@ static int gtco_probe(struct usb_interface *usbinterface, + * HID report descriptor + */ + if (usb_get_extra_descriptor(usbinterface->cur_altsetting, +- HID_DEVICE_TYPE, &hid_desc) != 0){ ++ HID_DEVICE_TYPE, &hid_desc) != 0) { + dev_err(&usbinterface->dev, + "Can't retrieve exta USB descriptor to get hid report descriptor length\n"); + error = -EIO; +-- +cgit v1.1 + diff --git a/Patches/Linux_CVEs-New/CVE-2016-2188/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2188/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2188/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2188/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2188/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-2188/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2188/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-2188/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2188/ANY/2.patch b/Patches/Linux_CVEs/CVE-2016-2188/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2188/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2016-2188/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2384/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2384/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2384/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2384/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-2443/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2443/ANY/0.patch new file mode 100644 index 00000000..d641d536 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-2443/ANY/0.patch @@ -0,0 +1,52 @@ +diff --git a/drivers/video/msm/Kconfig b/drivers/video/msm/Kconfig +index 590723a..30ce98f 100644 +--- a/drivers/video/msm/Kconfig ++++ b/drivers/video/msm/Kconfig +@@ -44,6 +44,11 @@ + config FB_MSM_MDSS_COMMON + bool + ++config MDP_DEBUG_FS ++ depends on DEBUG_FS ++ bool "MDP Debug FS" ++ default n ++ + choice + prompt "MDP HW version" + default FB_MSM_MDP22 +diff --git a/drivers/video/msm/Makefile b/drivers/video/msm/Makefile +index 67c6b48..d26fe58 100644 +--- a/drivers/video/msm/Makefile ++++ b/drivers/video/msm/Makefile +@@ -9,8 +9,7 @@ + ifeq ($(CONFIG_FB_MSM_MDP_HW),y) + # MDP + obj-y += mdp.o +- +-obj-$(CONFIG_DEBUG_FS) += mdp_debugfs.o ++obj-$(CONFIG_MDP_DEBUG_FS) += mdp_debugfs.o + + ifeq ($(CONFIG_FB_MSM_MDP40),y) + obj-y += mdp4_util.o +diff --git a/drivers/video/msm/mdp.c b/drivers/video/msm/mdp.c +index 7d6d448..7a59d51 100644 +--- a/drivers/video/msm/mdp.c ++++ b/drivers/video/msm/mdp.c +@@ -2,7 +2,7 @@ + * + * MSM MDP Interface (used by framebuffer core) + * +- * Copyright (c) 2007-2012, The Linux Foundation. All rights reserved. ++ * Copyright (c) 2007-2013, 2016 The Linux Foundation. All rights reserved. + * Copyright (C) 2007 Google Incorporated + * + * This software is licensed under the terms of the GNU General Public +@@ -3257,7 +3257,7 @@ + return ret; + } + +-#if defined(CONFIG_DEBUG_FS) ++#if defined(CONFIG_MDP_DEBUG_FS) + mdp_debugfs_init(); + #endif + diff --git a/Patches/Linux_CVEs/CVE-2016-2443/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2016-2443/ANY/0.patch.base64 new file mode 100644 index 00000000..ccc8c519 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-2443/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2RyaXZlcnMvdmlkZW8vbXNtL0tjb25maWcgYi9kcml2ZXJzL3ZpZGVvL21zbS9LY29uZmlnCmluZGV4IDU5MDcyM2EuLjMwY2U5OGYgMTAwNjQ0Ci0tLSBhL2RyaXZlcnMvdmlkZW8vbXNtL0tjb25maWcKKysrIGIvZHJpdmVycy92aWRlby9tc20vS2NvbmZpZwpAQCAtNDQsNiArNDQsMTEgQEAKIGNvbmZpZyBGQl9NU01fTURTU19DT01NT04KIAlib29sCiAKK2NvbmZpZyBNRFBfREVCVUdfRlMKKwlkZXBlbmRzIG9uIERFQlVHX0ZTCisJYm9vbCAiTURQIERlYnVnIEZTIgorCWRlZmF1bHQgbgorCiBjaG9pY2UKIAlwcm9tcHQgIk1EUCBIVyB2ZXJzaW9uIgogCWRlZmF1bHQgRkJfTVNNX01EUDIyCmRpZmYgLS1naXQgYS9kcml2ZXJzL3ZpZGVvL21zbS9NYWtlZmlsZSBiL2RyaXZlcnMvdmlkZW8vbXNtL01ha2VmaWxlCmluZGV4IDY3YzZiNDguLmQyNmZlNTggMTAwNjQ0Ci0tLSBhL2RyaXZlcnMvdmlkZW8vbXNtL01ha2VmaWxlCisrKyBiL2RyaXZlcnMvdmlkZW8vbXNtL01ha2VmaWxlCkBAIC05LDggKzksNyBAQAogaWZlcSAoJChDT05GSUdfRkJfTVNNX01EUF9IVykseSkKICMgTURQCiBvYmoteSArPSBtZHAubwotCi1vYmotJChDT05GSUdfREVCVUdfRlMpICs9IG1kcF9kZWJ1Z2ZzLm8KK29iai0kKENPTkZJR19NRFBfREVCVUdfRlMpICs9IG1kcF9kZWJ1Z2ZzLm8KIAogaWZlcSAoJChDT05GSUdfRkJfTVNNX01EUDQwKSx5KQogb2JqLXkgKz0gbWRwNF91dGlsLm8KZGlmZiAtLWdpdCBhL2RyaXZlcnMvdmlkZW8vbXNtL21kcC5jIGIvZHJpdmVycy92aWRlby9tc20vbWRwLmMKaW5kZXggN2Q2ZDQ0OC4uN2E1OWQ1MSAxMDA2NDQKLS0tIGEvZHJpdmVycy92aWRlby9tc20vbWRwLmMKKysrIGIvZHJpdmVycy92aWRlby9tc20vbWRwLmMKQEAgLTIsNyArMiw3IEBACiAgKgogICogTVNNIE1EUCBJbnRlcmZhY2UgKHVzZWQgYnkgZnJhbWVidWZmZXIgY29yZSkKICAqCi0gKiBDb3B5cmlnaHQgKGMpIDIwMDctMjAxMiwgVGhlIExpbnV4IEZvdW5kYXRpb24uIEFsbCByaWdodHMgcmVzZXJ2ZWQuCisgKiBDb3B5cmlnaHQgKGMpIDIwMDctMjAxMywgMjAxNiBUaGUgTGludXggRm91bmRhdGlvbi4gQWxsIHJpZ2h0cyByZXNlcnZlZC4KICAqIENvcHlyaWdodCAoQykgMjAwNyBHb29nbGUgSW5jb3Jwb3JhdGVkCiAgKgogICogVGhpcyBzb2Z0d2FyZSBpcyBsaWNlbnNlZCB1bmRlciB0aGUgdGVybXMgb2YgdGhlIEdOVSBHZW5lcmFsIFB1YmxpYwpAQCAtMzI1Nyw3ICszMjU3LDcgQEAKIAkJcmV0dXJuIHJldDsKIAl9CiAKLSNpZiBkZWZpbmVkKENPTkZJR19ERUJVR19GUykKKyNpZiBkZWZpbmVkKENPTkZJR19NRFBfREVCVUdfRlMpCiAJbWRwX2RlYnVnZnNfaW5pdCgpOwogI2VuZGlmCiAK \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-2465/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2465/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2465/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2465/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-2466/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2466/ANY/0.patch new file mode 100644 index 00000000..db760d4d --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-2466/ANY/0.patch @@ -0,0 +1,48 @@ +diff --git a/sound/soc/msm/qdsp6v2/q6adm.c b/sound/soc/msm/qdsp6v2/q6adm.c +index 08caf51..14565cc 100644 +--- a/sound/soc/msm/qdsp6v2/q6adm.c ++++ b/sound/soc/msm/qdsp6v2/q6adm.c +@@ -508,9 +508,18 @@ + rc = -EINVAL; + goto adm_get_param_return; + } +- if (params_data) { ++ if ((params_data) && ++ (ARRAY_SIZE(adm_get_parameters) > 0) && ++ (ARRAY_SIZE(adm_get_parameters) >= 1+adm_get_parameters[0]) && ++ (params_length/sizeof(int) >= adm_get_parameters[0])) { + for (i = 0; i < adm_get_parameters[0]; i++) + params_data[i] = adm_get_parameters[1+i]; ++ } else { ++ pr_err("%s: Get param data not copied! get_param array size %zd, index %d, params array size %zd, index %d\n", ++ __func__, ARRAY_SIZE(adm_get_parameters), ++ (1+adm_get_parameters[0]), ++ params_length/sizeof(int), ++ adm_get_parameters[0]); + } + rc = 0; + adm_get_param_return: +@@ -799,17 +808,18 @@ + data->payload_size)) + break; + +- if (payload[0] == 0) { +- if (data->payload_size > +- (4 * sizeof(uint32_t))) { +- adm_get_parameters[0] = payload[3]; ++ if ((payload[0] == 0) && ++ (data->payload_size > (4 * sizeof(*payload))) && ++ (data->payload_size/sizeof(*payload)-4 >= payload[3]) && ++ (ARRAY_SIZE(adm_get_parameters) > 0) && ++ (ARRAY_SIZE(adm_get_parameters)-1 >= payload[3])) { ++ adm_get_parameters[0] = payload[3]; + pr_debug("GET_PP PARAM:received parameter length: 0x%x\n", + adm_get_parameters[0]); + /* storing param size then params */ + for (i = 0; i < payload[3]; i++) + adm_get_parameters[1+i] = + payload[4+i]; +- } + } else { + adm_get_parameters[0] = -1; + pr_err("%s: GET_PP_PARAMS failed, setting size to %d\n", diff --git a/Patches/Linux_CVEs/CVE-2016-2466/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2016-2466/ANY/0.patch.base64 new file mode 100644 index 00000000..63268956 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-2466/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL3NvdW5kL3NvYy9tc20vcWRzcDZ2Mi9xNmFkbS5jIGIvc291bmQvc29jL21zbS9xZHNwNnYyL3E2YWRtLmMKaW5kZXggMDhjYWY1MS4uMTQ1NjVjYyAxMDA2NDQKLS0tIGEvc291bmQvc29jL21zbS9xZHNwNnYyL3E2YWRtLmMKKysrIGIvc291bmQvc29jL21zbS9xZHNwNnYyL3E2YWRtLmMKQEAgLTUwOCw5ICs1MDgsMTggQEAKIAkJcmMgPSAtRUlOVkFMOwogCQlnb3RvIGFkbV9nZXRfcGFyYW1fcmV0dXJuOwogCX0KLQlpZiAocGFyYW1zX2RhdGEpIHsKKwlpZiAoKHBhcmFtc19kYXRhKSAmJgorCSAgICAoQVJSQVlfU0laRShhZG1fZ2V0X3BhcmFtZXRlcnMpID4gMCkgJiYKKwkgICAgKEFSUkFZX1NJWkUoYWRtX2dldF9wYXJhbWV0ZXJzKSA+PSAxK2FkbV9nZXRfcGFyYW1ldGVyc1swXSkgJiYKKwkgICAgKHBhcmFtc19sZW5ndGgvc2l6ZW9mKGludCkgPj0gYWRtX2dldF9wYXJhbWV0ZXJzWzBdKSkgewogCQlmb3IgKGkgPSAwOyBpIDwgYWRtX2dldF9wYXJhbWV0ZXJzWzBdOyBpKyspCiAJCQlwYXJhbXNfZGF0YVtpXSA9IGFkbV9nZXRfcGFyYW1ldGVyc1sxK2ldOworCX0gZWxzZSB7CisJCXByX2VycigiJXM6IEdldCBwYXJhbSBkYXRhIG5vdCBjb3BpZWQhIGdldF9wYXJhbSBhcnJheSBzaXplICV6ZCwgaW5kZXggJWQsIHBhcmFtcyBhcnJheSBzaXplICV6ZCwgaW5kZXggJWRcbiIsCisJCV9fZnVuY19fLCBBUlJBWV9TSVpFKGFkbV9nZXRfcGFyYW1ldGVycyksCisJCSgxK2FkbV9nZXRfcGFyYW1ldGVyc1swXSksCisJCXBhcmFtc19sZW5ndGgvc2l6ZW9mKGludCksCisJCWFkbV9nZXRfcGFyYW1ldGVyc1swXSk7CiAJfQogCXJjID0gMDsKIGFkbV9nZXRfcGFyYW1fcmV0dXJuOgpAQCAtNzk5LDE3ICs4MDgsMTggQEAKIAkJCQkJZGF0YS0+cGF5bG9hZF9zaXplKSkKIAkJCQlicmVhazsKIAotCQkJaWYgKHBheWxvYWRbMF0gPT0gMCkgewotCQkJCWlmIChkYXRhLT5wYXlsb2FkX3NpemUgPgotCQkJCSAgICAoNCAqIHNpemVvZih1aW50MzJfdCkpKSB7Ci0JCQkJCWFkbV9nZXRfcGFyYW1ldGVyc1swXSA9IHBheWxvYWRbM107CisJCQlpZiAoKHBheWxvYWRbMF0gPT0gMCkgJiYKKwkJCSAgICAoZGF0YS0+cGF5bG9hZF9zaXplID4gKDQgKiBzaXplb2YoKnBheWxvYWQpKSkgJiYKKwkJCSAgICAoZGF0YS0+cGF5bG9hZF9zaXplL3NpemVvZigqcGF5bG9hZCktNCA+PSBwYXlsb2FkWzNdKSAmJgorCQkJICAgIChBUlJBWV9TSVpFKGFkbV9nZXRfcGFyYW1ldGVycykgPiAwKSAmJgorCQkJICAgIChBUlJBWV9TSVpFKGFkbV9nZXRfcGFyYW1ldGVycyktMSA+PSBwYXlsb2FkWzNdKSkgeworCQkJICAgICAgICAgICAgICAgIGFkbV9nZXRfcGFyYW1ldGVyc1swXSA9IHBheWxvYWRbM107CiAJCQkJCXByX2RlYnVnKCJHRVRfUFAgUEFSQU06cmVjZWl2ZWQgcGFyYW1ldGVyIGxlbmd0aDogMHgleFxuIiwKIAkJCQkJCWFkbV9nZXRfcGFyYW1ldGVyc1swXSk7CiAJCQkJCS8qIHN0b3JpbmcgcGFyYW0gc2l6ZSB0aGVuIHBhcmFtcyAqLwogCQkJCQlmb3IgKGkgPSAwOyBpIDwgcGF5bG9hZFszXTsgaSsrKQogCQkJCQkJYWRtX2dldF9wYXJhbWV0ZXJzWzEraV0gPQogCQkJCQkJCQlwYXlsb2FkWzQraV07Ci0JCQkJfQogCQkJfSBlbHNlIHsKIAkJCQlhZG1fZ2V0X3BhcmFtZXRlcnNbMF0gPSAtMTsKIAkJCQlwcl9lcnIoIiVzOiBHRVRfUFBfUEFSQU1TIGZhaWxlZCwgc2V0dGluZyBzaXplIHRvICVkXG4iLAo= \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-2467/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2467/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2467/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2467/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2468/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2468/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2468/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2468/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-2468/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-2468/ANY/1.patch new file mode 100644 index 00000000..43295fd3 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-2468/ANY/1.patch @@ -0,0 +1,24 @@ +diff --git a/drivers/gpu/msm/kgsl_sharedmem.c b/drivers/gpu/msm/kgsl_sharedmem.c +index 29f6162..a138719 100644 +--- a/drivers/gpu/msm/kgsl_sharedmem.c ++++ b/drivers/gpu/msm/kgsl_sharedmem.c +@@ -592,13 +592,18 @@ + size_t size) + { + int pcount = 0, order, ret = 0; +- int j, len, page_size, sglen_alloc, sglen = 0; ++ int j, page_size, sglen_alloc, sglen = 0; + struct page **pages = NULL; + pgprot_t page_prot = pgprot_writecombine(PAGE_KERNEL); + void *ptr; ++ size_t len; + unsigned int align; + int step = SZ_2M >> PAGE_SHIFT; + ++ size = PAGE_ALIGN(size); ++ if (size == 0 || size > UINT_MAX) ++ return -EINVAL; ++ + align = (memdesc->flags & KGSL_MEMALIGN_MASK) >> KGSL_MEMALIGN_SHIFT; + + page_size = (align >= ilog2(SZ_64K) && size >= SZ_64K) diff --git a/Patches/Linux_CVEs/CVE-2016-2468/ANY/1.patch.base64 b/Patches/Linux_CVEs/CVE-2016-2468/ANY/1.patch.base64 new file mode 100644 index 00000000..c51413b5 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-2468/ANY/1.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2RyaXZlcnMvZ3B1L21zbS9rZ3NsX3NoYXJlZG1lbS5jIGIvZHJpdmVycy9ncHUvbXNtL2tnc2xfc2hhcmVkbWVtLmMKaW5kZXggMjlmNjE2Mi4uYTEzODcxOSAxMDA2NDQKLS0tIGEvZHJpdmVycy9ncHUvbXNtL2tnc2xfc2hhcmVkbWVtLmMKKysrIGIvZHJpdmVycy9ncHUvbXNtL2tnc2xfc2hhcmVkbWVtLmMKQEAgLTU5MiwxMyArNTkyLDE4IEBACiAJCQlzaXplX3Qgc2l6ZSkKIHsKIAlpbnQgcGNvdW50ID0gMCwgb3JkZXIsIHJldCA9IDA7Ci0JaW50IGosIGxlbiwgcGFnZV9zaXplLCBzZ2xlbl9hbGxvYywgc2dsZW4gPSAwOworCWludCBqLCBwYWdlX3NpemUsIHNnbGVuX2FsbG9jLCBzZ2xlbiA9IDA7CiAJc3RydWN0IHBhZ2UgKipwYWdlcyA9IE5VTEw7CiAJcGdwcm90X3QgcGFnZV9wcm90ID0gcGdwcm90X3dyaXRlY29tYmluZShQQUdFX0tFUk5FTCk7CiAJdm9pZCAqcHRyOworCXNpemVfdCBsZW47CiAJdW5zaWduZWQgaW50IGFsaWduOwogCWludCBzdGVwID0gU1pfMk0gPj4gUEFHRV9TSElGVDsKIAorCXNpemUgPSBQQUdFX0FMSUdOKHNpemUpOworCWlmIChzaXplID09IDAgfHwgc2l6ZSA+IFVJTlRfTUFYKQorCQlyZXR1cm4gLUVJTlZBTDsKKwogCWFsaWduID0gKG1lbWRlc2MtPmZsYWdzICYgS0dTTF9NRU1BTElHTl9NQVNLKSA+PiBLR1NMX01FTUFMSUdOX1NISUZUOwogCiAJcGFnZV9zaXplID0gKGFsaWduID49IGlsb2cyKFNaXzY0SykgJiYgc2l6ZSA+PSBTWl82NEspCg== \ No newline at end of file diff --git a/Patches/Linux_CVEs/CVE-2016-2469/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2469/ANY/0.patch new file mode 100644 index 00000000..64ab5eae --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-2469/ANY/0.patch @@ -0,0 +1,104 @@ +diff --git a/sound/soc/msm/Kconfig b/sound/soc/msm/Kconfig +index b47f9f6..93fbed3 100644 +--- a/sound/soc/msm/Kconfig ++++ b/sound/soc/msm/Kconfig +@@ -83,35 +83,6 @@ + OCMEM gets exercised for low-power + audio and voice use cases. + +-config DOLBY_DAP +- bool "Enable Dolby DAP" +- depends on SND_SOC_MSM_QDSP6V2_INTF +- help +- To add support for dolby DAP post processing. +- This support is to configure the post processing parameters +- to DSP. The configuration includes sending the end point +- device, end point dependent post processing parameters and +- the various posrt processing parameters +- +-config DOLBY_DS2 +- bool "Enable Dolby DS2" +- depends on SND_SOC_MSM_QDSP6V2_INTF +- help +- To add support for dolby DAP post processing. +- This support is to configure the post processing parameters +- to DSP. The configuration includes sending the end point +- device, end point dependent post processing parameters and +- the various posrt processing parameters +- +-config DTS_SRS_TM +- bool "Enable DTS SRS" +- depends on SND_SOC_MSM_QDSP6V2_INTF +- help +- To add support for DTS SRS post processing. +- This support is to configure the post processing +- parameters to DSP. The configuration includes sending +- tuning parameters of various modules. +- + config QTI_PP + bool "Enable QTI PP" + depends on SND_SOC_MSM_QDSP6V2_INTF +@@ -141,8 +112,6 @@ + select SND_SOC_WCD9320 + select SND_DYNAMIC_MINORS + select AUDIO_OCMEM +- select DOLBY_DAP +- select DTS_SRS_TM + select QTI_PP + help + To add support for SoC audio on MSM8974. +@@ -161,7 +130,6 @@ + select SND_SOC_MSM_HDMI_CODEC_RX + select SND_DYNAMIC_MINORS + select AUDIO_OCMEM +- select DTS_SRS_TM + select QTI_PP + help + To add support for SoC audio on APQ8074. +@@ -178,8 +146,6 @@ + select SND_SOC_MSM_HOSTLESS_PCM + select SND_SOC_WCD9306 + select SND_DYNAMIC_MINORS +- select DOLBY_DAP +- select DTS_SRS_TM + select QTI_PP + help + To add support for SoC audio on MSM8226. +@@ -239,15 +205,11 @@ + select SND_SOC_WCD9320 + select SND_DYNAMIC_MINORS + select AUDIO_OCMEM +- select DOLBY_DAP +- select DTS_SRS_TM + select QTI_PP + select SND_SOC_CPE +- select DOLBY_DS2 + select SND_SOC_TPA6165A2 + select SND_SOC_TFA9890 + select SND_SOC_FSA8500 +- + help + To add support for SoC audio on APQ8084. + This will enable sound soc drivers which +@@ -264,7 +226,6 @@ + select SND_SOC_WCD9306 + select SND_DYNAMIC_MINORS + select AUDIO_OCMEM +- select DOLBY_DAP + help + To add support for SoC audio on MSMSAMARIUM. + +diff --git a/sound/soc/msm/qdsp6v2/Makefile b/sound/soc/msm/qdsp6v2/Makefile +index bdcd0cc..24777cc 100644 +--- a/sound/soc/msm/qdsp6v2/Makefile ++++ b/sound/soc/msm/qdsp6v2/Makefile +@@ -8,9 +8,6 @@ + msm-pcm-routing-devdep.o + obj-$(CONFIG_SND_SOC_QDSP6V2) += snd-soc-qdsp6v2.o msm-pcm-dtmf-v2.o \ + msm-dai-stub-v2.o +-obj-$(CONFIG_DOLBY_DAP) += msm-dolby-dap-config.o +-obj-$(CONFIG_DOLBY_DS2) += msm-ds2-dap-config.o +-obj-$(CONFIG_DTS_SRS_TM) += msm-dts-srs-tm-config.o + obj-$(CONFIG_QTI_PP) += msm-qti-pp-config.o + obj-y += q6adm.o q6afe.o q6asm.o q6audio-v2.o q6voice.o q6core.o audio_acdb.o \ + rtac.o q6lsm.o audio_slimslave.o diff --git a/Patches/Linux_CVEs/CVE-2016-2469/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2016-2469/ANY/0.patch.base64 new file mode 100644 index 00000000..dc2234cb --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-2469/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL3NvdW5kL3NvYy9tc20vS2NvbmZpZyBiL3NvdW5kL3NvYy9tc20vS2NvbmZpZwppbmRleCBiNDdmOWY2Li45M2ZiZWQzIDEwMDY0NAotLS0gYS9zb3VuZC9zb2MvbXNtL0tjb25maWcKKysrIGIvc291bmQvc29jL21zbS9LY29uZmlnCkBAIC04MywzNSArODMsNiBAQAogCSBPQ01FTSBnZXRzIGV4ZXJjaXNlZCBmb3IgbG93LXBvd2VyCiAJIGF1ZGlvIGFuZCB2b2ljZSB1c2UgY2FzZXMuCiAKLWNvbmZpZyBET0xCWV9EQVAKLQlib29sICJFbmFibGUgRG9sYnkgREFQIgotCWRlcGVuZHMgb24gU05EX1NPQ19NU01fUURTUDZWMl9JTlRGCi0JaGVscAotCSBUbyBhZGQgc3VwcG9ydCBmb3IgZG9sYnkgREFQIHBvc3QgcHJvY2Vzc2luZy4KLQkgVGhpcyBzdXBwb3J0IGlzIHRvIGNvbmZpZ3VyZSB0aGUgcG9zdCBwcm9jZXNzaW5nIHBhcmFtZXRlcnMKLQkgdG8gRFNQLiBUaGUgY29uZmlndXJhdGlvbiBpbmNsdWRlcyBzZW5kaW5nIHRoZSBlbmQgcG9pbnQKLQkgZGV2aWNlLCBlbmQgcG9pbnQgZGVwZW5kZW50IHBvc3QgcHJvY2Vzc2luZyBwYXJhbWV0ZXJzIGFuZAotCSB0aGUgdmFyaW91cyBwb3NydCBwcm9jZXNzaW5nIHBhcmFtZXRlcnMKLQotY29uZmlnIERPTEJZX0RTMgotCWJvb2wgIkVuYWJsZSBEb2xieSBEUzIiCi0JZGVwZW5kcyBvbiBTTkRfU09DX01TTV9RRFNQNlYyX0lOVEYKLQloZWxwCi0JIFRvIGFkZCBzdXBwb3J0IGZvciBkb2xieSBEQVAgcG9zdCBwcm9jZXNzaW5nLgotCSBUaGlzIHN1cHBvcnQgaXMgdG8gY29uZmlndXJlIHRoZSBwb3N0IHByb2Nlc3NpbmcgcGFyYW1ldGVycwotCSB0byBEU1AuIFRoZSBjb25maWd1cmF0aW9uIGluY2x1ZGVzIHNlbmRpbmcgdGhlIGVuZCBwb2ludAotCSBkZXZpY2UsIGVuZCBwb2ludCBkZXBlbmRlbnQgcG9zdCBwcm9jZXNzaW5nIHBhcmFtZXRlcnMgYW5kCi0JIHRoZSB2YXJpb3VzIHBvc3J0IHByb2Nlc3NpbmcgcGFyYW1ldGVycwotCi1jb25maWcgRFRTX1NSU19UTQotCWJvb2wgIkVuYWJsZSBEVFMgU1JTIgotCWRlcGVuZHMgb24gU05EX1NPQ19NU01fUURTUDZWMl9JTlRGCi0JaGVscAotCSBUbyBhZGQgc3VwcG9ydCBmb3IgRFRTIFNSUyBwb3N0IHByb2Nlc3NpbmcuCi0JIFRoaXMgc3VwcG9ydCBpcyB0byBjb25maWd1cmUgdGhlIHBvc3QgcHJvY2Vzc2luZwotCSBwYXJhbWV0ZXJzIHRvIERTUC4gVGhlIGNvbmZpZ3VyYXRpb24gaW5jbHVkZXMgc2VuZGluZwotCSB0dW5pbmcgcGFyYW1ldGVycyBvZiB2YXJpb3VzIG1vZHVsZXMuCi0KIGNvbmZpZyBRVElfUFAKIAlib29sICJFbmFibGUgUVRJIFBQIgogCWRlcGVuZHMgb24gU05EX1NPQ19NU01fUURTUDZWMl9JTlRGCkBAIC0xNDEsOCArMTEyLDYgQEAKIAlzZWxlY3QgU05EX1NPQ19XQ0Q5MzIwCiAJc2VsZWN0IFNORF9EWU5BTUlDX01JTk9SUwogCXNlbGVjdCBBVURJT19PQ01FTQotCXNlbGVjdCBET0xCWV9EQVAKLQlzZWxlY3QgRFRTX1NSU19UTQogCXNlbGVjdCBRVElfUFAKIAloZWxwCiAJIFRvIGFkZCBzdXBwb3J0IGZvciBTb0MgYXVkaW8gb24gTVNNODk3NC4KQEAgLTE2MSw3ICsxMzAsNiBAQAogCXNlbGVjdCBTTkRfU09DX01TTV9IRE1JX0NPREVDX1JYCiAJc2VsZWN0IFNORF9EWU5BTUlDX01JTk9SUwogCXNlbGVjdCBBVURJT19PQ01FTQotCXNlbGVjdCBEVFNfU1JTX1RNCiAJc2VsZWN0IFFUSV9QUAogCWhlbHAKIAkgVG8gYWRkIHN1cHBvcnQgZm9yIFNvQyBhdWRpbyBvbiBBUFE4MDc0LgpAQCAtMTc4LDggKzE0Niw2IEBACiAJc2VsZWN0IFNORF9TT0NfTVNNX0hPU1RMRVNTX1BDTQogCXNlbGVjdCBTTkRfU09DX1dDRDkzMDYKIAlzZWxlY3QgU05EX0RZTkFNSUNfTUlOT1JTCi0Jc2VsZWN0IERPTEJZX0RBUAotCXNlbGVjdCBEVFNfU1JTX1RNCiAJc2VsZWN0IFFUSV9QUAogCWhlbHAKIAkgVG8gYWRkIHN1cHBvcnQgZm9yIFNvQyBhdWRpbyBvbiBNU004MjI2LgpAQCAtMjM5LDE1ICsyMDUsMTEgQEAKIAlzZWxlY3QgU05EX1NPQ19XQ0Q5MzIwCiAJc2VsZWN0IFNORF9EWU5BTUlDX01JTk9SUwogCXNlbGVjdCBBVURJT19PQ01FTQotCXNlbGVjdCBET0xCWV9EQVAKLQlzZWxlY3QgRFRTX1NSU19UTQogCXNlbGVjdCBRVElfUFAKIAlzZWxlY3QgU05EX1NPQ19DUEUKLQlzZWxlY3QgRE9MQllfRFMyCiAJc2VsZWN0IFNORF9TT0NfVFBBNjE2NUEyCiAJc2VsZWN0IFNORF9TT0NfVEZBOTg5MAogCXNlbGVjdCBTTkRfU09DX0ZTQTg1MDAKLQogCWhlbHAKIAkgVG8gYWRkIHN1cHBvcnQgZm9yIFNvQyBhdWRpbyBvbiBBUFE4MDg0LgogCSBUaGlzIHdpbGwgZW5hYmxlIHNvdW5kIHNvYyBkcml2ZXJzIHdoaWNoCkBAIC0yNjQsNyArMjI2LDYgQEAKIAlzZWxlY3QgU05EX1NPQ19XQ0Q5MzA2CiAJc2VsZWN0IFNORF9EWU5BTUlDX01JTk9SUwogCXNlbGVjdCBBVURJT19PQ01FTQotCXNlbGVjdCBET0xCWV9EQVAKIAloZWxwCiAJIFRvIGFkZCBzdXBwb3J0IGZvciBTb0MgYXVkaW8gb24gTVNNU0FNQVJJVU0uCiAKZGlmZiAtLWdpdCBhL3NvdW5kL3NvYy9tc20vcWRzcDZ2Mi9NYWtlZmlsZSBiL3NvdW5kL3NvYy9tc20vcWRzcDZ2Mi9NYWtlZmlsZQppbmRleCBiZGNkMGNjLi4yNDc3N2NjIDEwMDY0NAotLS0gYS9zb3VuZC9zb2MvbXNtL3Fkc3A2djIvTWFrZWZpbGUKKysrIGIvc291bmQvc29jL21zbS9xZHNwNnYyL01ha2VmaWxlCkBAIC04LDkgKzgsNiBAQAogCQkJbXNtLXBjbS1yb3V0aW5nLWRldmRlcC5vCiBvYmotJChDT05GSUdfU05EX1NPQ19RRFNQNlYyKSArPSBzbmQtc29jLXFkc3A2djIubyBtc20tcGNtLWR0bWYtdjIubyBcCiAJCQkJIG1zbS1kYWktc3R1Yi12Mi5vCi1vYmotJChDT05GSUdfRE9MQllfREFQKSArPSBtc20tZG9sYnktZGFwLWNvbmZpZy5vCi1vYmotJChDT05GSUdfRE9MQllfRFMyKSArPSBtc20tZHMyLWRhcC1jb25maWcubwotb2JqLSQoQ09ORklHX0RUU19TUlNfVE0pICs9IG1zbS1kdHMtc3JzLXRtLWNvbmZpZy5vCiBvYmotJChDT05GSUdfUVRJX1BQKSArPSBtc20tcXRpLXBwLWNvbmZpZy5vCiBvYmoteSArPSBxNmFkbS5vIHE2YWZlLm8gcTZhc20ubyBxNmF1ZGlvLXYyLm8gcTZ2b2ljZS5vIHE2Y29yZS5vIGF1ZGlvX2FjZGIubyBcCiAJIHJ0YWMubyBxNmxzbS5vIGF1ZGlvX3NsaW1zbGF2ZS5vCg== \ No newline at end of file diff --git a/Patches/Linux_CVEs/CVE-2016-2474/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2474/ANY/0.patch new file mode 100644 index 00000000..8b4be440 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-2474/ANY/0.patch @@ -0,0 +1,25 @@ +diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_main.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_main.c +index 06d1298..48488eda 100644 +--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_main.c ++++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_main.c +@@ -5337,17 +5337,17 @@ + /*no argument followed by spaces*/ + if ('\0' == *inPtr) return -EINVAL; + +- /*getting the first argument ie measurement token*/ ++ /* Getting the first argument ie Number of IE fields */ + v = sscanf(inPtr, "%31s ", buf); + if (1 != v) return -EINVAL; + + v = kstrtos32(buf, 10, &tempInt); + if ( v < 0) return -EINVAL; + ++ tempInt = VOS_MIN(tempInt, SIR_ESE_MAX_MEAS_IE_REQS); + pEseBcnReq->numBcnReqIe = tempInt; + +- VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO_HIGH, +- "Number of Bcn Req Ie fields(%d)", pEseBcnReq->numBcnReqIe); ++ hddLog(LOG1, "Number of Bcn Req Ie fields: %d", pEseBcnReq->numBcnReqIe); + + for (j = 0; j < (pEseBcnReq->numBcnReqIe); j++) + { diff --git a/Patches/Linux_CVEs/CVE-2016-2474/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2016-2474/ANY/0.patch.base64 new file mode 100644 index 00000000..6d87917c --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-2474/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2RyaXZlcnMvc3RhZ2luZy9xY2FjbGQtMi4wL0NPUkUvSEREL3NyYy93bGFuX2hkZF9tYWluLmMgYi9kcml2ZXJzL3N0YWdpbmcvcWNhY2xkLTIuMC9DT1JFL0hERC9zcmMvd2xhbl9oZGRfbWFpbi5jCmluZGV4IDA2ZDEyOTguLjQ4NDg4ZWRhIDEwMDY0NAotLS0gYS9kcml2ZXJzL3N0YWdpbmcvcWNhY2xkLTIuMC9DT1JFL0hERC9zcmMvd2xhbl9oZGRfbWFpbi5jCisrKyBiL2RyaXZlcnMvc3RhZ2luZy9xY2FjbGQtMi4wL0NPUkUvSEREL3NyYy93bGFuX2hkZF9tYWluLmMKQEAgLTUzMzcsMTcgKzUzMzcsMTcgQEAKICAgICAvKm5vIGFyZ3VtZW50IGZvbGxvd2VkIGJ5IHNwYWNlcyovCiAgICAgaWYgKCdcMCcgPT0gKmluUHRyKSByZXR1cm4gLUVJTlZBTDsKIAotICAgIC8qZ2V0dGluZyB0aGUgZmlyc3QgYXJndW1lbnQgaWUgbWVhc3VyZW1lbnQgdG9rZW4qLworICAgIC8qIEdldHRpbmcgdGhlIGZpcnN0IGFyZ3VtZW50IGllIE51bWJlciBvZiBJRSBmaWVsZHMgKi8KICAgICB2ID0gc3NjYW5mKGluUHRyLCAiJTMxcyAiLCBidWYpOwogICAgIGlmICgxICE9IHYpIHJldHVybiAtRUlOVkFMOwogCiAgICAgdiA9IGtzdHJ0b3MzMihidWYsIDEwLCAmdGVtcEludCk7CiAgICAgaWYgKCB2IDwgMCkgcmV0dXJuIC1FSU5WQUw7CiAKKyAgICB0ZW1wSW50ID0gVk9TX01JTih0ZW1wSW50LCBTSVJfRVNFX01BWF9NRUFTX0lFX1JFUVMpOwogICAgIHBFc2VCY25SZXEtPm51bUJjblJlcUllID0gdGVtcEludDsKIAotICAgIFZPU19UUkFDRSggVk9TX01PRFVMRV9JRF9IREQsIFZPU19UUkFDRV9MRVZFTF9JTkZPX0hJR0gsCi0gICAgICAgICAgICAgICAiTnVtYmVyIG9mIEJjbiBSZXEgSWUgZmllbGRzKCVkKSIsIHBFc2VCY25SZXEtPm51bUJjblJlcUllKTsKKyAgICBoZGRMb2coTE9HMSwgIk51bWJlciBvZiBCY24gUmVxIEllIGZpZWxkczogJWQiLCBwRXNlQmNuUmVxLT5udW1CY25SZXFJZSk7CiAKICAgICBmb3IgKGogPSAwOyBqIDwgKHBFc2VCY25SZXEtPm51bUJjblJlcUllKTsgaisrKQogICAgIHsK \ No newline at end of file diff --git a/Patches/Linux_CVEs/CVE-2016-2475/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2475/ANY/0.patch new file mode 100644 index 00000000..fc49c935 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-2475/ANY/0.patch @@ -0,0 +1,16 @@ +diff --git a/drivers/net/wireless/bcmdhd/wl_android.c b/drivers/net/wireless/bcmdhd/wl_android.c +index c67c975..35fa6cb 100644 +--- a/drivers/net/wireless/bcmdhd/wl_android.c ++++ b/drivers/net/wireless/bcmdhd/wl_android.c +@@ -1288,6 +1288,11 @@ + goto exit; + } + ++ if (!capable(CAP_NET_ADMIN)) { ++ ret = -EPERM; ++ goto exit; ++ } ++ + #ifdef CONFIG_COMPAT + if (is_compat_task()) { + compat_android_wifi_priv_cmd compat_priv_cmd; diff --git a/Patches/Linux_CVEs/CVE-2016-2475/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2016-2475/ANY/0.patch.base64 new file mode 100644 index 00000000..ef7d8abc --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-2475/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2RyaXZlcnMvbmV0L3dpcmVsZXNzL2JjbWRoZC93bF9hbmRyb2lkLmMgYi9kcml2ZXJzL25ldC93aXJlbGVzcy9iY21kaGQvd2xfYW5kcm9pZC5jCmluZGV4IGM2N2M5NzUuLjM1ZmE2Y2IgMTAwNjQ0Ci0tLSBhL2RyaXZlcnMvbmV0L3dpcmVsZXNzL2JjbWRoZC93bF9hbmRyb2lkLmMKKysrIGIvZHJpdmVycy9uZXQvd2lyZWxlc3MvYmNtZGhkL3dsX2FuZHJvaWQuYwpAQCAtMTI4OCw2ICsxMjg4LDExIEBACiAJCWdvdG8gZXhpdDsKIAl9CiAKKwlpZiAoIWNhcGFibGUoQ0FQX05FVF9BRE1JTikpIHsKKwkJcmV0ID0gLUVQRVJNOworCQlnb3RvIGV4aXQ7CisJfQorCiAjaWZkZWYgQ09ORklHX0NPTVBBVAogCWlmIChpc19jb21wYXRfdGFzaygpKSB7CiAJCWNvbXBhdF9hbmRyb2lkX3dpZmlfcHJpdl9jbWQgY29tcGF0X3ByaXZfY21kOwo= \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-2488/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2488/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2488/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2488/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2503/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2503/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2503/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2503/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2504/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2504/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2504/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2504/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2544/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2544/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2544/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2544/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2545/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2545/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2545/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2545/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2546/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2546/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2546/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2546/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2547/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2547/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2547/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2547/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2549/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2549/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2549/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2549/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-2847/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-2847/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-2847/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-2847/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3070/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3070/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3070/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3070/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3134/3.10/0.patch b/Patches/Linux_CVEs/CVE-2016-3134/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3134/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2016-3134/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3135/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3135/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3135/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3135/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3136/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3136/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3136/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3136/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-3136/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-3136/ANY/1.patch new file mode 100644 index 00000000..52e03439 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-3136/ANY/1.patch @@ -0,0 +1,53 @@ +From 2633b8df3dff0377066fb32feb8ef06ae834d7ff Mon Sep 17 00:00:00 2001 +From: Badhri Jagan Sridharan +Date: Tue, 30 Aug 2016 13:33:55 -0700 +Subject: UPSTREAM: USB: mct_u232: add sanity checking in probe + +commit 4e9a0b05257f29cf4b75f3209243ed71614d062e upstream. + +An attack using the lack of sanity checking in probe is known. This +patch checks for the existence of a second port. + +CVE-2016-3136 +BUG: 28242610 +Signed-off-by: Oliver Neukum +[johan: add error message ] +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman + +Signed-off-by: Badhri Jagan Sridharan +Change-Id: I284ad648c2087c34a098d67e0cc6d948a568413c +--- + drivers/usb/serial/mct_u232.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/drivers/usb/serial/mct_u232.c b/drivers/usb/serial/mct_u232.c +index 6a15adf..c14c29f 100644 +--- a/drivers/usb/serial/mct_u232.c ++++ b/drivers/usb/serial/mct_u232.c +@@ -377,14 +377,21 @@ static void mct_u232_msr_to_state(struct usb_serial_port *port, + + static int mct_u232_port_probe(struct usb_serial_port *port) + { ++ struct usb_serial *serial = port->serial; + struct mct_u232_private *priv; + ++ /* check first to simplify error handling */ ++ if (!serial->port[1] || !serial->port[1]->interrupt_in_urb) { ++ dev_err(&port->dev, "expected endpoint missing\n"); ++ return -ENODEV; ++ } ++ + priv = kzalloc(sizeof(*priv), GFP_KERNEL); + if (!priv) + return -ENOMEM; + + /* Use second interrupt-in endpoint for reading. */ +- priv->read_urb = port->serial->port[1]->interrupt_in_urb; ++ priv->read_urb = serial->port[1]->interrupt_in_urb; + priv->read_urb->context = port; + + spin_lock_init(&priv->lock); +-- +cgit v1.1 + diff --git a/Patches/Linux_CVEs-New/CVE-2016-3137/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3137/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3137/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3137/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3137/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-3137/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3137/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-3137/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3138/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3138/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3138/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3138/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-3138/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-3138/ANY/1.patch new file mode 100644 index 00000000..eee71747 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-3138/ANY/1.patch @@ -0,0 +1,39 @@ +From 801c5f937ef7edb23e411bc00d3695496b89dca2 Mon Sep 17 00:00:00 2001 +From: Badhri Jagan Sridharan +Date: Tue, 30 Aug 2016 13:39:02 -0700 +Subject: UPSTREAM: USB: cdc-acm: more sanity checking + +commit 8835ba4a39cf53f705417b3b3a94eb067673f2c9 upstream. + +An attack has become available which pretends to be a quirky +device circumventing normal sanity checks and crashes the kernel +by an insufficient number of interfaces. This patch adds a check +to the code path for quirky devices. + +BUG: 28242610 + +Signed-off-by: Oliver Neukum +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Badhri Jagan Sridharan +Change-Id: I9a5f7f3c704b65e866335054f470451fcfae9d1c +--- + drivers/usb/class/cdc-acm.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c +index 9b1cbcf..f519d28 100644 +--- a/drivers/usb/class/cdc-acm.c ++++ b/drivers/usb/class/cdc-acm.c +@@ -972,6 +972,9 @@ static int acm_probe(struct usb_interface *intf, + if (quirks == NO_UNION_NORMAL) { + data_interface = usb_ifnum_to_if(usb_dev, 1); + control_interface = usb_ifnum_to_if(usb_dev, 0); ++ /* we would crash */ ++ if (!data_interface || !control_interface) ++ return -ENODEV; + goto skip_normal_probe; + } + +-- +cgit v1.1 + diff --git a/Patches/Linux_CVEs-New/CVE-2016-3140/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3140/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3140/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3140/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-3140/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-3140/ANY/1.patch new file mode 100644 index 00000000..bd2011bc --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-3140/ANY/1.patch @@ -0,0 +1,57 @@ +From 129e6372f40a423bcded0a6dae547205edf652fb Mon Sep 17 00:00:00 2001 +From: Oliver Neukum +Date: Thu, 31 Mar 2016 12:04:26 -0400 +Subject: USB: digi_acceleport: do sanity checking for the number of ports + +commit 5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f upstream. + +The driver can be crashed with devices that expose crafted descriptors +with too few endpoints. + +See: http://seclists.org/bugtraq/2016/Mar/61 + +Signed-off-by: Oliver Neukum +[johan: fix OOB endpoint check and add error messages ] +Cc: stable +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Willy Tarreau +--- + drivers/usb/serial/digi_acceleport.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/drivers/usb/serial/digi_acceleport.c b/drivers/usb/serial/digi_acceleport.c +index 7b807d3..8c34d9c 100644 +--- a/drivers/usb/serial/digi_acceleport.c ++++ b/drivers/usb/serial/digi_acceleport.c +@@ -1253,8 +1253,27 @@ static int digi_port_init(struct usb_serial_port *port, unsigned port_num) + + static int digi_startup(struct usb_serial *serial) + { ++ struct device *dev = &serial->interface->dev; + struct digi_serial *serial_priv; + int ret; ++ int i; ++ ++ /* check whether the device has the expected number of endpoints */ ++ if (serial->num_port_pointers < serial->type->num_ports + 1) { ++ dev_err(dev, "OOB endpoints missing\n"); ++ return -ENODEV; ++ } ++ ++ for (i = 0; i < serial->type->num_ports + 1 ; i++) { ++ if (!serial->port[i]->read_urb) { ++ dev_err(dev, "bulk-in endpoint missing\n"); ++ return -ENODEV; ++ } ++ if (!serial->port[i]->write_urb) { ++ dev_err(dev, "bulk-out endpoint missing\n"); ++ return -ENODEV; ++ } ++ } + + serial_priv = kzalloc(sizeof(*serial_priv), GFP_KERNEL); + if (!serial_priv) +-- +cgit v1.1 + diff --git a/Patches/Linux_CVEs-New/CVE-2016-3156/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3156/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3156/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3156/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3672/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3672/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3672/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3672/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3689/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3689/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3689/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3689/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-3689/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-3689/ANY/1.patch new file mode 100644 index 00000000..abc036f7 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-3689/ANY/1.patch @@ -0,0 +1,40 @@ +From 7ca573e32c0a6634d679540314a80d235f224bfb Mon Sep 17 00:00:00 2001 +From: Oliver Neukum +Date: Thu, 17 Mar 2016 14:00:17 -0700 +Subject: [PATCH] Input: ims-pcu - sanity check against missing interfaces + +[ Upstream commit a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff ] + +A malicious device missing interface can make the driver oops. +Add sanity checking. + +Signed-off-by: Oliver Neukum +CC: stable@vger.kernel.org +Signed-off-by: Dmitry Torokhov +Signed-off-by: Sasha Levin +--- + drivers/input/misc/ims-pcu.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/input/misc/ims-pcu.c b/drivers/input/misc/ims-pcu.c +index afed8e2b2f944..41ef29b516f35 100644 +--- a/drivers/input/misc/ims-pcu.c ++++ b/drivers/input/misc/ims-pcu.c +@@ -1663,6 +1663,8 @@ static int ims_pcu_parse_cdc_data(struct usb_interface *intf, struct ims_pcu *pc + + pcu->ctrl_intf = usb_ifnum_to_if(pcu->udev, + union_desc->bMasterInterface0); ++ if (!pcu->ctrl_intf) ++ return -EINVAL; + + alt = pcu->ctrl_intf->cur_altsetting; + pcu->ep_ctrl = &alt->endpoint[0].desc; +@@ -1670,6 +1672,8 @@ static int ims_pcu_parse_cdc_data(struct usb_interface *intf, struct ims_pcu *pc + + pcu->data_intf = usb_ifnum_to_if(pcu->udev, + union_desc->bSlaveInterface0); ++ if (!pcu->data_intf) ++ return -EINVAL; + + alt = pcu->data_intf->cur_altsetting; + if (alt->desc.bNumEndpoints != 2) { diff --git a/Patches/Linux_CVEs-New/CVE-2016-3768/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3768/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3768/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3768/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3775/3.10/0.patch b/Patches/Linux_CVEs/CVE-2016-3775/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3775/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2016-3775/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3775/3.18/1.patch b/Patches/Linux_CVEs/CVE-2016-3775/3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3775/3.18/1.patch rename to Patches/Linux_CVEs/CVE-2016-3775/3.18/1.patch diff --git a/Patches/Linux_CVEs/CVE-2016-3775/3.4/2.patch b/Patches/Linux_CVEs/CVE-2016-3775/3.4/2.patch new file mode 100644 index 00000000..d9a40c49 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-3775/3.4/2.patch @@ -0,0 +1,53 @@ +From 6ad77af2e7791e8afd85feef1567aaaab9a748dc Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman +Date: Thu, 25 Feb 2016 12:15:48 -0800 +Subject: [PATCH] AIO: properly check iovec sizes + +commit ff19ac8fb71e8a2bf07d61b959062998139c1104 upstream + +In Linus's tree, the iovec code has been reworked massively, but in +older kernels the AIO layer should be checking this before passing the +request on to other layers. + +Many thanks to Ben Hawkes of Google Project Zero for pointing out the +issue. + +Bug: 28588279 + +Backported from 3.10 : Cyanogen +Conflicts: + fs/aio.c + +Reported-by: Ben Hawkes +Acked-by: Benjamin LaHaise +Tested-by: Willy Tarreau +[backported to 3.10 - willy] +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Greg Kroah-Hartman + +Change-Id: Id11bb629bd6afaf09b9db5a944e2d060972bc0f1 +--- + +diff --git a/fs/aio.c b/fs/aio.c +index 67a6db3..70a611f 100644 +--- a/fs/aio.c ++++ b/fs/aio.c +@@ -1469,9 +1469,17 @@ + + static ssize_t aio_setup_single_vector(struct kiocb *kiocb) + { ++ size_t len = kiocb->ki_nbytes; ++ ++ if (len > MAX_RW_COUNT) ++ len = MAX_RW_COUNT; ++ ++ if (unlikely(!access_ok(!rw, kiocb->ki_buf, len))) ++ return -EFAULT; ++ + kiocb->ki_iovec = &kiocb->ki_inline_vec; + kiocb->ki_iovec->iov_base = kiocb->ki_buf; +- kiocb->ki_iovec->iov_len = kiocb->ki_left; ++ kiocb->ki_iovec->iov_len = len; + kiocb->ki_nr_segs = 1; + kiocb->ki_cur_seg = 0; + return 0; diff --git a/Patches/Linux_CVEs-New/CVE-2016-3775/3.4/2.patch.base64 b/Patches/Linux_CVEs/CVE-2016-3775/3.4/2.patch.base64 similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3775/3.4/2.patch.base64 rename to Patches/Linux_CVEs/CVE-2016-3775/3.4/2.patch.base64 diff --git a/Patches/Linux_CVEs-New/CVE-2016-3775/3.4/3.patch b/Patches/Linux_CVEs/CVE-2016-3775/3.4/3.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3775/3.4/3.patch rename to Patches/Linux_CVEs/CVE-2016-3775/3.4/3.patch diff --git a/Patches/Linux_CVEs/CVE-2016-3809/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3809/ANY/0.patch new file mode 100644 index 00000000..c172fbd7 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-3809/ANY/0.patch @@ -0,0 +1,13 @@ +diff --git a/net/netfilter/xt_qtaguid.c b/net/netfilter/xt_qtaguid.c +index c690e0f..9ce6228 100644 +--- a/net/netfilter/xt_qtaguid.c ++++ b/net/netfilter/xt_qtaguid.c +@@ -2521,7 +2521,7 @@ + uid_t stat_uid = get_uid_from_tag(tag); + struct proc_print_info *ppi = m->private; + /* Detailed tags are not available to everybody */ +- if (get_atag_from_tag(tag) && !can_read_other_uid_stats(stat_uid)) { ++ if (!can_read_other_uid_stats(stat_uid)) { + CT_DEBUG("qtaguid: stats line: " + "%s 0x%llx %u: insufficient priv " + "from pid=%u tgid=%u uid=%u stats.gid=%u\n", diff --git a/Patches/Linux_CVEs/CVE-2016-3809/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2016-3809/ANY/0.patch.base64 new file mode 100644 index 00000000..7ea5620c --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-3809/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL25ldC9uZXRmaWx0ZXIveHRfcXRhZ3VpZC5jIGIvbmV0L25ldGZpbHRlci94dF9xdGFndWlkLmMKaW5kZXggYzY5MGUwZi4uOWNlNjIyOCAxMDA2NDQKLS0tIGEvbmV0L25ldGZpbHRlci94dF9xdGFndWlkLmMKKysrIGIvbmV0L25ldGZpbHRlci94dF9xdGFndWlkLmMKQEAgLTI1MjEsNyArMjUyMSw3IEBACiAJdWlkX3Qgc3RhdF91aWQgPSBnZXRfdWlkX2Zyb21fdGFnKHRhZyk7CiAJc3RydWN0IHByb2NfcHJpbnRfaW5mbyAqcHBpID0gbS0+cHJpdmF0ZTsKIAkvKiBEZXRhaWxlZCB0YWdzIGFyZSBub3QgYXZhaWxhYmxlIHRvIGV2ZXJ5Ym9keSAqLwotCWlmIChnZXRfYXRhZ19mcm9tX3RhZyh0YWcpICYmICFjYW5fcmVhZF9vdGhlcl91aWRfc3RhdHMoc3RhdF91aWQpKSB7CisJaWYgKCFjYW5fcmVhZF9vdGhlcl91aWRfc3RhdHMoc3RhdF91aWQpKSB7CiAJCUNUX0RFQlVHKCJxdGFndWlkOiBzdGF0cyBsaW5lOiAiCiAJCQkgIiVzIDB4JWxseCAldTogaW5zdWZmaWNpZW50IHByaXYgIgogCQkJICJmcm9tIHBpZD0ldSB0Z2lkPSV1IHVpZD0ldSBzdGF0cy5naWQ9JXVcbiIsCg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-3813/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3813/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3813/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3813/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3841/3.10/1.patch b/Patches/Linux_CVEs/CVE-2016-3841/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3841/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2016-3841/3.10/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3841/3.18/2.patch b/Patches/Linux_CVEs/CVE-2016-3841/3.18/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3841/3.18/2.patch rename to Patches/Linux_CVEs/CVE-2016-3841/3.18/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3841/3.4/0.patch b/Patches/Linux_CVEs/CVE-2016-3841/3.4/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3841/3.4/0.patch rename to Patches/Linux_CVEs/CVE-2016-3841/3.4/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3842/3.10/1.patch b/Patches/Linux_CVEs/CVE-2016-3842/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3842/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2016-3842/3.10/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3842/3.18/2.patch b/Patches/Linux_CVEs/CVE-2016-3842/3.18/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3842/3.18/2.patch rename to Patches/Linux_CVEs/CVE-2016-3842/3.18/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3842/3.4/0.patch b/Patches/Linux_CVEs/CVE-2016-3842/3.4/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3842/3.4/0.patch rename to Patches/Linux_CVEs/CVE-2016-3842/3.4/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3843/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3843/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3843/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3843/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3843/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-3843/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3843/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-3843/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3843/ANY/2.patch b/Patches/Linux_CVEs/CVE-2016-3843/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3843/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2016-3843/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3843/ANY/3.patch b/Patches/Linux_CVEs/CVE-2016-3843/ANY/3.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3843/ANY/3.patch rename to Patches/Linux_CVEs/CVE-2016-3843/ANY/3.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3854/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3854/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3854/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3854/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3855/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3855/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3855/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3855/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3857/3.10/0.patch b/Patches/Linux_CVEs/CVE-2016-3857/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3857/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2016-3857/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3857/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-3857/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3857/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-3857/ANY/1.patch diff --git a/Patches/Linux_CVEs/CVE-2016-3857/ANY/2.patch b/Patches/Linux_CVEs/CVE-2016-3857/ANY/2.patch new file mode 100644 index 00000000..86fed14b --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-3857/ANY/2.patch @@ -0,0 +1,48 @@ +From 127f66a3cfe0df54c4a3e86c0bc64d6a49f570a8 Mon Sep 17 00:00:00 2001 +From: Marcos Marado +Date: Tue, 12 Jul 2016 17:45:06 +0100 +Subject: [PATCH] CVE-2016-3857: CONFIG_OABI_COMPAT must be disabled + +An elevation of privilege vulnerability in the kernel could enable a local +malicious application to execute arbitrary code within the context of the +kernel. +This issue is rated as Critical due to the possibility of a local permanent +device compromise, which may require reflashing the operating system to repair +the device. + +ANDROID_28522518 + +There is no validation of the events variable passed to the sys_oabi_epoll_wait +function. +The fix is designed to disable OABI support, which will remove the vulnerable +code. + +Issue: CYNGNOS-3257 + +Change-Id: I1002e9feeaecc276aeda73f86ff089b58e9f626f +--- + +diff --git a/arch/arm64/configs/cyanogenmod_crackling-64_defconfig b/arch/arm64/configs/cyanogenmod_crackling-64_defconfig +index 6d95cf4..1bb5ac4 100644 +--- a/arch/arm64/configs/cyanogenmod_crackling-64_defconfig ++++ b/arch/arm64/configs/cyanogenmod_crackling-64_defconfig +@@ -321,6 +321,7 @@ + CONFIG_VIDEO_V4L2_SUBDEV_API=y + CONFIG_VIDEOBUF2_MSM_MEM=y + CONFIG_V4L_PLATFORM_DRIVERS=y ++# CONFIG_OABI_COMPAT is not set + CONFIG_MSMB_CAMERA=y + CONFIG_MSM_CAMERA_SENSOR=y + CONFIG_MSM_CPP=y +diff --git a/arch/arm64/configs/cyanogenmod_kipper-64_defconfig b/arch/arm64/configs/cyanogenmod_kipper-64_defconfig +index 19813d4..a64717e 100644 +--- a/arch/arm64/configs/cyanogenmod_kipper-64_defconfig ++++ b/arch/arm64/configs/cyanogenmod_kipper-64_defconfig +@@ -373,6 +373,7 @@ + CONFIG_VIDEO_V4L2_SUBDEV_API=y + CONFIG_VIDEOBUF2_MSM_MEM=y + CONFIG_V4L_PLATFORM_DRIVERS=y ++# CONFIG_OABI_COMPAT is not set + CONFIG_MSMB_CAMERA=y + CONFIG_MSM_CAMERA_SENSOR=y + CONFIG_MSM_CPP=y diff --git a/Patches/Linux_CVEs-New/CVE-2016-3857/ANY/2.patch.base64 b/Patches/Linux_CVEs/CVE-2016-3857/ANY/2.patch.base64 similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3857/ANY/2.patch.base64 rename to Patches/Linux_CVEs/CVE-2016-3857/ANY/2.patch.base64 diff --git a/Patches/Linux_CVEs-New/CVE-2016-3859/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3859/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3859/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3859/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3865/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3865/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3865/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3865/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3865/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-3865/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3865/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-3865/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3867/3.10/0.patch b/Patches/Linux_CVEs/CVE-2016-3867/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3867/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2016-3867/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3867/3.18/1.patch b/Patches/Linux_CVEs/CVE-2016-3867/3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3867/3.18/1.patch rename to Patches/Linux_CVEs/CVE-2016-3867/3.18/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3893/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3893/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3893/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3893/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3894/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3894/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3894/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3894/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3894/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-3894/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3894/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-3894/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3902/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3902/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3902/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3902/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3903/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3903/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3903/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3903/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3904/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3904/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3904/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3904/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3906/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3906/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3906/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3906/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3907/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3907/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3907/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3907/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3931/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3931/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3931/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3931/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3934/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3934/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3934/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3934/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-3935/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-3935/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-3935/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-3935/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-4486/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-4486/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-4486/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-4486/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-4569/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-4569/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-4569/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-4569/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-4578/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-4578/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-4578/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-4578/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-4794/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-4794/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-4794/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-4794/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-4794/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-4794/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-4794/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-4794/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-4805/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-4805/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-4805/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-4805/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-4805/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-4805/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-4805/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-4805/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-4998/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-4998/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-4998/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-4998/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5195/3.10/1.patch b/Patches/Linux_CVEs/CVE-2016-5195/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5195/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2016-5195/3.10/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5195/3.18/2.patch b/Patches/Linux_CVEs/CVE-2016-5195/3.18/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5195/3.18/2.patch rename to Patches/Linux_CVEs/CVE-2016-5195/3.18/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5195/3.4/0.patch b/Patches/Linux_CVEs/CVE-2016-5195/3.4/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5195/3.4/0.patch rename to Patches/Linux_CVEs/CVE-2016-5195/3.4/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5340/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5340/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5340/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5340/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5342/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5342/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5342/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5342/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5343/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5343/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5343/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5343/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5345/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5345/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5345/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5345/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5346/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5346/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5346/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5346/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5347/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5347/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5347/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5347/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5349/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5349/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5349/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5349/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5349/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-5349/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5349/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-5349/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5349/ANY/2.patch b/Patches/Linux_CVEs/CVE-2016-5349/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5349/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2016-5349/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5349/ANY/3.patch b/Patches/Linux_CVEs/CVE-2016-5349/ANY/3.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5349/ANY/3.patch rename to Patches/Linux_CVEs/CVE-2016-5349/ANY/3.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5829/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5829/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5829/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5829/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5853/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5853/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5853/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5853/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5854/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5854/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5854/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5854/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5855/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5855/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5855/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5855/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5856/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5856/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5856/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5856/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5857/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5857/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5857/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5857/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5858/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5858/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5858/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5858/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5858/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-5858/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5858/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-5858/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5859/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5859/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5859/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5859/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5860/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5860/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5860/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5860/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5861/3.10/2.patch b/Patches/Linux_CVEs/CVE-2016-5861/3.10/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5861/3.10/2.patch rename to Patches/Linux_CVEs/CVE-2016-5861/3.10/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5861/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5861/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5861/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5861/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5861/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-5861/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5861/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-5861/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5862/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5862/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5862/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5862/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5863/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5863/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5863/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5863/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5864/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5864/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5864/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5864/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5867/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5867/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5867/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5867/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5868/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5868/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5868/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5868/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-5870/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-5870/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-5870/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-5870/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6136/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6136/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6136/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6136/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6672/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6672/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6672/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6672/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6679/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6679/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6679/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6679/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6679/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-6679/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6679/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-6679/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6679/ANY/2.patch b/Patches/Linux_CVEs/CVE-2016-6679/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6679/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2016-6679/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6680/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6680/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6680/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6680/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6680/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-6680/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6680/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-6680/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6681/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6681/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6681/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6681/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6682/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6682/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6682/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6682/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-6683/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6683/ANY/0.patch new file mode 100644 index 00000000..44578d0f --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-6683/ANY/0.patch @@ -0,0 +1,13 @@ +diff --git a/drivers/android/binder.c b/drivers/android/binder.c +index 8837330..b2f704b 100644 +--- a/drivers/android/binder.c ++++ b/drivers/android/binder.c +@@ -3454,7 +3454,7 @@ + + static void print_binder_ref(struct seq_file *m, struct binder_ref *ref) + { +- seq_printf(m, " ref %d: desc %d %snode %d s %d w %d d %p\n", ++ seq_printf(m, " ref %d: desc %d %snode %d s %d w %d d %pK\n", + ref->debug_id, ref->desc, ref->node->proc ? "" : "dead ", + ref->node->debug_id, ref->strong, ref->weak, ref->death); + } diff --git a/Patches/Linux_CVEs/CVE-2016-6683/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2016-6683/ANY/0.patch.base64 new file mode 100644 index 00000000..918480c5 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-6683/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2RyaXZlcnMvYW5kcm9pZC9iaW5kZXIuYyBiL2RyaXZlcnMvYW5kcm9pZC9iaW5kZXIuYwppbmRleCA4ODM3MzMwLi5iMmY3MDRiIDEwMDY0NAotLS0gYS9kcml2ZXJzL2FuZHJvaWQvYmluZGVyLmMKKysrIGIvZHJpdmVycy9hbmRyb2lkL2JpbmRlci5jCkBAIC0zNDU0LDcgKzM0NTQsNyBAQAogCiBzdGF0aWMgdm9pZCBwcmludF9iaW5kZXJfcmVmKHN0cnVjdCBzZXFfZmlsZSAqbSwgc3RydWN0IGJpbmRlcl9yZWYgKnJlZikKIHsKLQlzZXFfcHJpbnRmKG0sICIgIHJlZiAlZDogZGVzYyAlZCAlc25vZGUgJWQgcyAlZCB3ICVkIGQgJXBcbiIsCisJc2VxX3ByaW50ZihtLCAiICByZWYgJWQ6IGRlc2MgJWQgJXNub2RlICVkIHMgJWQgdyAlZCBkICVwS1xuIiwKIAkJICAgcmVmLT5kZWJ1Z19pZCwgcmVmLT5kZXNjLCByZWYtPm5vZGUtPnByb2MgPyAiIiA6ICJkZWFkICIsCiAJCSAgIHJlZi0+bm9kZS0+ZGVidWdfaWQsIHJlZi0+c3Ryb25nLCByZWYtPndlYWssIHJlZi0+ZGVhdGgpOwogfQo= \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-6698/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6698/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6698/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6698/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6725/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6725/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6725/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6725/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6728/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6728/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6728/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6728/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6728/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-6728/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6728/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-6728/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6728/ANY/2.patch b/Patches/Linux_CVEs/CVE-2016-6728/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6728/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2016-6728/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6738/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6738/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6738/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6738/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6739/3.10/1.patch b/Patches/Linux_CVEs/CVE-2016-6739/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6739/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2016-6739/3.10/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6739/3.18/0.patch b/Patches/Linux_CVEs/CVE-2016-6739/3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6739/3.18/0.patch rename to Patches/Linux_CVEs/CVE-2016-6739/3.18/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6740/3.10/1.patch b/Patches/Linux_CVEs/CVE-2016-6740/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6740/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2016-6740/3.10/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6740/3.18/0.patch b/Patches/Linux_CVEs/CVE-2016-6740/3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6740/3.18/0.patch rename to Patches/Linux_CVEs/CVE-2016-6740/3.18/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6741/3.10/0.patch b/Patches/Linux_CVEs/CVE-2016-6741/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6741/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2016-6741/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6742/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6742/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6742/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6742/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6745/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6745/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6745/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6745/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6745/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-6745/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6745/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-6745/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6745/ANY/2.patch b/Patches/Linux_CVEs/CVE-2016-6745/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6745/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2016-6745/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6745/ANY/3.patch b/Patches/Linux_CVEs/CVE-2016-6745/ANY/3.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6745/ANY/3.patch rename to Patches/Linux_CVEs/CVE-2016-6745/ANY/3.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6748/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6748/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6748/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6748/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6748/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-6748/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6748/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-6748/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6750/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6750/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6750/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6750/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6751/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6751/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6751/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6751/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6752/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6752/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6752/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6752/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6753/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6753/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6753/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6753/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6755/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6755/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6755/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6755/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6756/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6756/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6756/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6756/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6757/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6757/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6757/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6757/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6786/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6786/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6786/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6786/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6787/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6787/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6787/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6787/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6791/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6791/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6791/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6791/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-6828/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-6828/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-6828/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-6828/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-7042/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-7042/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-7042/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-7042/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-7097/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-7097/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-7097/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-7097/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-7912/3.18/0.patch b/Patches/Linux_CVEs/CVE-2016-7912/3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-7912/3.18/0.patch rename to Patches/Linux_CVEs/CVE-2016-7912/3.18/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-7913/3.10/0.patch b/Patches/Linux_CVEs/CVE-2016-7913/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-7913/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2016-7913/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-7913/3.10/1.patch b/Patches/Linux_CVEs/CVE-2016-7913/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-7913/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2016-7913/3.10/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-7913/3.10/2.patch b/Patches/Linux_CVEs/CVE-2016-7913/3.10/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-7913/3.10/2.patch rename to Patches/Linux_CVEs/CVE-2016-7913/3.10/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-7914/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-7914/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-7914/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-7914/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-7915/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-7915/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-7915/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-7915/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-7916/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-7916/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-7916/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-7916/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-7917/3.18/1.patch b/Patches/Linux_CVEs/CVE-2016-7917/3.18/1.patch new file mode 100644 index 00000000..c8ffb672 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-7917/3.18/1.patch @@ -0,0 +1,21 @@ +diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c +index e41bab3..daec7d6 100644 +--- a/net/netfilter/nfnetlink.c ++++ b/net/netfilter/nfnetlink.c +@@ -321,10 +321,12 @@ + nlh = nlmsg_hdr(skb); + err = 0; + +- if (nlmsg_len(nlh) < sizeof(struct nfgenmsg) || +- skb->len < nlh->nlmsg_len) { +- err = -EINVAL; +- goto ack; ++ if (nlh->nlmsg_len < NLMSG_HDRLEN || ++ skb->len < nlh->nlmsg_len || ++ nlmsg_len(nlh) < sizeof(struct nfgenmsg)) { ++ nfnl_err_reset(&err_list); ++ success = false; ++ goto done; + } + + /* Only requests are handled by the kernel */ diff --git a/Patches/Linux_CVEs/CVE-2016-7917/3.18/1.patch.base64 b/Patches/Linux_CVEs/CVE-2016-7917/3.18/1.patch.base64 new file mode 100644 index 00000000..2a97715f --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-7917/3.18/1.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL25ldC9uZXRmaWx0ZXIvbmZuZXRsaW5rLmMgYi9uZXQvbmV0ZmlsdGVyL25mbmV0bGluay5jCmluZGV4IGU0MWJhYjMuLmRhZWM3ZDYgMTAwNjQ0Ci0tLSBhL25ldC9uZXRmaWx0ZXIvbmZuZXRsaW5rLmMKKysrIGIvbmV0L25ldGZpbHRlci9uZm5ldGxpbmsuYwpAQCAtMzIxLDEwICszMjEsMTIgQEAKIAkJbmxoID0gbmxtc2dfaGRyKHNrYik7CiAJCWVyciA9IDA7CiAKLQkJaWYgKG5sbXNnX2xlbihubGgpIDwgc2l6ZW9mKHN0cnVjdCBuZmdlbm1zZykgfHwKLQkJICAgIHNrYi0+bGVuIDwgbmxoLT5ubG1zZ19sZW4pIHsKLQkJCWVyciA9IC1FSU5WQUw7Ci0JCQlnb3RvIGFjazsKKwkJaWYgKG5saC0+bmxtc2dfbGVuIDwgTkxNU0dfSERSTEVOIHx8CisJCSAgICBza2ItPmxlbiA8IG5saC0+bmxtc2dfbGVuIHx8CisJCSAgICBubG1zZ19sZW4obmxoKSA8IHNpemVvZihzdHJ1Y3QgbmZnZW5tc2cpKSB7CisJCQluZm5sX2Vycl9yZXNldCgmZXJyX2xpc3QpOworCQkJc3VjY2VzcyA9IGZhbHNlOworCQkJZ290byBkb25lOwogCQl9CiAKIAkJLyogT25seSByZXF1ZXN0cyBhcmUgaGFuZGxlZCBieSB0aGUga2VybmVsICovCg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-7917/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-7917/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-7917/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-7917/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8391/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8391/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8391/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8391/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8393/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8393/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8393/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8393/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8393/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-8393/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8393/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-8393/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8393/ANY/2.patch b/Patches/Linux_CVEs/CVE-2016-8393/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8393/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2016-8393/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8394/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8394/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8394/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8394/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8399/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8399/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8399/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8399/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8399/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-8399/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8399/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-8399/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8401/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8401/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8401/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8401/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8402/3.10/0.patch b/Patches/Linux_CVEs/CVE-2016-8402/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8402/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2016-8402/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8402/3.4/1.patch b/Patches/Linux_CVEs/CVE-2016-8402/3.4/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8402/3.4/1.patch rename to Patches/Linux_CVEs/CVE-2016-8402/3.4/1.patch diff --git a/Patches/Linux_CVEs/CVE-2016-8403/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8403/ANY/0.patch new file mode 100644 index 00000000..900b5337 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-8403/ANY/0.patch @@ -0,0 +1,111 @@ +diff --git a/drivers/usb/gadget/u_data_hsic.c b/drivers/usb/gadget/u_data_hsic.c +index ec13488..469a7a0 100644 +--- a/drivers/usb/gadget/u_data_hsic.c ++++ b/drivers/usb/gadget/u_data_hsic.c +@@ -172,7 +172,7 @@ + struct usb_request *req; + unsigned long flags; + +- pr_debug("%s: ep:%s head:%p num:%d cb:%p", __func__, ++ pr_debug("%s: ep:%s head:%pK num:%d cb:%pK", __func__, + ep->name, head, num, cb); + + for (i = 0; i < num; i++) { +@@ -289,7 +289,7 @@ + return -ENOTCONN; + } + +- pr_debug("%s: p:%p#%d skb_len:%d\n", __func__, ++ pr_debug("%s: p:%pK#%d skb_len:%d\n", __func__, + port, port->port_num, skb->len); + + spin_lock_irqsave(&port->tx_lock, flags); +@@ -333,7 +333,7 @@ + } + + while ((skb = __skb_dequeue(&port->rx_skb_q))) { +- pr_debug("%s: port:%p tom:%lu pno:%d\n", __func__, ++ pr_debug("%s: port:%pK tom:%lu pno:%d\n", __func__, + port, port->to_modem, port->port_num); + + info = (struct timestamp_info *)skb->cb; +@@ -441,7 +441,7 @@ + struct timestamp_info *info; + unsigned int created; + +- pr_debug("%s: port:%p\n", __func__, port); ++ pr_debug("%s: port:%pK\n", __func__, port); + if (!port) + return; + +@@ -498,7 +498,7 @@ + struct usb_ep *ep_out, *ep_in; + int ret; + +- pr_debug("%s: port:%p\n", __func__, port); ++ pr_debug("%s: port:%pK\n", __func__, port); + + if (!port) + return; +@@ -545,7 +545,7 @@ + struct gdata_port *port = + container_of(w, struct gdata_port, connect_w); + int ret; +- printk("%s: connected=%d, CH_READY=%d, port=%p\n", ++ printk("%s: connected=%d, CH_READY=%d, port=%pK\n", + __func__, atomic_read(&port->connected), + test_bit(CH_READY, &port->bridge_sts), port); + if (!port || !atomic_read(&port->connected) || +@@ -554,7 +554,7 @@ + return; + } + +- pr_debug("%s: port:%p\n", __func__, port); ++ pr_debug("%s: port:%pK\n", __func__, port); + + ret = data_bridge_open(&port->brdg); + if (ret) { +@@ -746,7 +746,7 @@ + + platform_driver_register(pdrv); + +- pr_debug("%s: port:%p portno:%d\n", __func__, port, port_num); ++ pr_debug("%s: port:%pK portno:%d\n", __func__, port, port_num); + + return 0; + } +@@ -855,14 +855,14 @@ + + ret = usb_ep_enable(port->in); + if (ret) { +- pr_err("%s: usb_ep_enable failed eptype:IN ep:%p", ++ pr_err("%s: usb_ep_enable failed eptype:IN ep:%pK", + __func__, port->in); + goto fail; + } + + ret = usb_ep_enable(port->out); + if (ret) { +- pr_err("%s: usb_ep_enable failed eptype:OUT ep:%p", ++ pr_err("%s: usb_ep_enable failed eptype:OUT ep:%pK", + __func__, port->out); + usb_ep_disable(port->in); + goto fail; +@@ -938,7 +938,7 @@ + write_lock_irqsave(&dbg_data.lck, flags); + + scnprintf(dbg_data.buf[dbg_data.idx], DBG_DATA_MSG, +- "%p %u[%s] %u %u %u %u %u %u\n", ++ "%pK %u[%s] %u %u %u %u %u %u\n", + skb, skb->len, event, info->created, info->rx_queued, + info->rx_done, info->rx_done_sent, info->tx_queued, + get_timestamp()); +@@ -1012,7 +1012,7 @@ + spin_lock_irqsave(&port->rx_lock, flags); + temp += scnprintf(buf + temp, DEBUG_BUF_SIZE - temp, + "\nName: %s\n" +- "#PORT:%d port#: %p\n" ++ "#PORT:%d port#: %pK\n" + "data_ch_open: %d\n" + "data_ch_ready: %d\n" + "\n******UL INFO*****\n\n" diff --git a/Patches/Linux_CVEs/CVE-2016-8403/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2016-8403/ANY/0.patch.base64 new file mode 100644 index 00000000..3dfd3895 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-8403/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2RyaXZlcnMvdXNiL2dhZGdldC91X2RhdGFfaHNpYy5jIGIvZHJpdmVycy91c2IvZ2FkZ2V0L3VfZGF0YV9oc2ljLmMKaW5kZXggZWMxMzQ4OC4uNDY5YTdhMCAxMDA2NDQKLS0tIGEvZHJpdmVycy91c2IvZ2FkZ2V0L3VfZGF0YV9oc2ljLmMKKysrIGIvZHJpdmVycy91c2IvZ2FkZ2V0L3VfZGF0YV9oc2ljLmMKQEAgLTE3Miw3ICsxNzIsNyBAQAogCXN0cnVjdCB1c2JfcmVxdWVzdAkqcmVxOwogCXVuc2lnbmVkIGxvbmcJCWZsYWdzOwogCi0JcHJfZGVidWcoIiVzOiBlcDolcyBoZWFkOiVwIG51bTolZCBjYjolcCIsIF9fZnVuY19fLAorCXByX2RlYnVnKCIlczogZXA6JXMgaGVhZDolcEsgbnVtOiVkIGNiOiVwSyIsIF9fZnVuY19fLAogCQkJZXAtPm5hbWUsIGhlYWQsIG51bSwgY2IpOwogCiAJZm9yIChpID0gMDsgaSA8IG51bTsgaSsrKSB7CkBAIC0yODksNyArMjg5LDcgQEAKIAkJcmV0dXJuIC1FTk9UQ09OTjsKIAl9CiAKLQlwcl9kZWJ1ZygiJXM6IHA6JXAjJWQgc2tiX2xlbjolZFxuIiwgX19mdW5jX18sCisJcHJfZGVidWcoIiVzOiBwOiVwSyMlZCBza2JfbGVuOiVkXG4iLCBfX2Z1bmNfXywKIAkJCXBvcnQsIHBvcnQtPnBvcnRfbnVtLCBza2ItPmxlbik7CiAKIAlzcGluX2xvY2tfaXJxc2F2ZSgmcG9ydC0+dHhfbG9jaywgZmxhZ3MpOwpAQCAtMzMzLDcgKzMzMyw3IEBACiAJfQogCiAJd2hpbGUgKChza2IgPSBfX3NrYl9kZXF1ZXVlKCZwb3J0LT5yeF9za2JfcSkpKSB7Ci0JCXByX2RlYnVnKCIlczogcG9ydDolcCB0b206JWx1IHBubzolZFxuIiwgX19mdW5jX18sCisJCXByX2RlYnVnKCIlczogcG9ydDolcEsgdG9tOiVsdSBwbm86JWRcbiIsIF9fZnVuY19fLAogCQkJCXBvcnQsIHBvcnQtPnRvX21vZGVtLCBwb3J0LT5wb3J0X251bSk7CiAKIAkJaW5mbyA9IChzdHJ1Y3QgdGltZXN0YW1wX2luZm8gKilza2ItPmNiOwpAQCAtNDQxLDcgKzQ0MSw3IEBACiAJc3RydWN0IHRpbWVzdGFtcF9pbmZvCSppbmZvOwogCXVuc2lnbmVkIGludAkJY3JlYXRlZDsKIAotCXByX2RlYnVnKCIlczogcG9ydDolcFxuIiwgX19mdW5jX18sIHBvcnQpOworCXByX2RlYnVnKCIlczogcG9ydDolcEtcbiIsIF9fZnVuY19fLCBwb3J0KTsKIAlpZiAoIXBvcnQpCiAJCXJldHVybjsKIApAQCAtNDk4LDcgKzQ5OCw3IEBACiAJc3RydWN0IHVzYl9lcAkqZXBfb3V0LCAqZXBfaW47CiAJaW50CQlyZXQ7CiAKLQlwcl9kZWJ1ZygiJXM6IHBvcnQ6JXBcbiIsIF9fZnVuY19fLCBwb3J0KTsKKwlwcl9kZWJ1ZygiJXM6IHBvcnQ6JXBLXG4iLCBfX2Z1bmNfXywgcG9ydCk7CiAKIAlpZiAoIXBvcnQpCiAJCXJldHVybjsKQEAgLTU0NSw3ICs1NDUsNyBAQAogCXN0cnVjdCBnZGF0YV9wb3J0CSpwb3J0ID0KIAkJY29udGFpbmVyX29mKHcsIHN0cnVjdCBnZGF0YV9wb3J0LCBjb25uZWN0X3cpOwogCWludAkJCXJldDsKLQlwcmludGsoIiVzOiBjb25uZWN0ZWQ9JWQsIENIX1JFQURZPSVkLCBwb3J0PSVwXG4iLAorCXByaW50aygiJXM6IGNvbm5lY3RlZD0lZCwgQ0hfUkVBRFk9JWQsIHBvcnQ9JXBLXG4iLAogCQlfX2Z1bmNfXywgYXRvbWljX3JlYWQoJnBvcnQtPmNvbm5lY3RlZCksCiAJCXRlc3RfYml0KENIX1JFQURZLCAmcG9ydC0+YnJpZGdlX3N0cyksIHBvcnQpOwogCWlmICghcG9ydCB8fCAhYXRvbWljX3JlYWQoJnBvcnQtPmNvbm5lY3RlZCkgfHwKQEAgLTU1NCw3ICs1NTQsNyBAQAogCQlyZXR1cm47CiAJfQogCi0JcHJfZGVidWcoIiVzOiBwb3J0OiVwXG4iLCBfX2Z1bmNfXywgcG9ydCk7CisJcHJfZGVidWcoIiVzOiBwb3J0OiVwS1xuIiwgX19mdW5jX18sIHBvcnQpOwogCiAJcmV0ID0gZGF0YV9icmlkZ2Vfb3BlbigmcG9ydC0+YnJkZyk7CiAJaWYgKHJldCkgewpAQCAtNzQ2LDcgKzc0Niw3IEBACiAKIAlwbGF0Zm9ybV9kcml2ZXJfcmVnaXN0ZXIocGRydik7CiAKLQlwcl9kZWJ1ZygiJXM6IHBvcnQ6JXAgcG9ydG5vOiVkXG4iLCBfX2Z1bmNfXywgcG9ydCwgcG9ydF9udW0pOworCXByX2RlYnVnKCIlczogcG9ydDolcEsgcG9ydG5vOiVkXG4iLCBfX2Z1bmNfXywgcG9ydCwgcG9ydF9udW0pOwogCiAJcmV0dXJuIDA7CiB9CkBAIC04NTUsMTQgKzg1NSwxNCBAQAogCiAJcmV0ID0gdXNiX2VwX2VuYWJsZShwb3J0LT5pbik7CiAJaWYgKHJldCkgewotCQlwcl9lcnIoIiVzOiB1c2JfZXBfZW5hYmxlIGZhaWxlZCBlcHR5cGU6SU4gZXA6JXAiLAorCQlwcl9lcnIoIiVzOiB1c2JfZXBfZW5hYmxlIGZhaWxlZCBlcHR5cGU6SU4gZXA6JXBLIiwKIAkJCQlfX2Z1bmNfXywgcG9ydC0+aW4pOwogCQlnb3RvIGZhaWw7CiAJfQogCiAJcmV0ID0gdXNiX2VwX2VuYWJsZShwb3J0LT5vdXQpOwogCWlmIChyZXQpIHsKLQkJcHJfZXJyKCIlczogdXNiX2VwX2VuYWJsZSBmYWlsZWQgZXB0eXBlOk9VVCBlcDolcCIsCisJCXByX2VycigiJXM6IHVzYl9lcF9lbmFibGUgZmFpbGVkIGVwdHlwZTpPVVQgZXA6JXBLIiwKIAkJCQlfX2Z1bmNfXywgcG9ydC0+b3V0KTsKIAkJdXNiX2VwX2Rpc2FibGUocG9ydC0+aW4pOwogCQlnb3RvIGZhaWw7CkBAIC05MzgsNyArOTM4LDcgQEAKIAl3cml0ZV9sb2NrX2lycXNhdmUoJmRiZ19kYXRhLmxjaywgZmxhZ3MpOwogCiAJc2NucHJpbnRmKGRiZ19kYXRhLmJ1ZltkYmdfZGF0YS5pZHhdLCBEQkdfREFUQV9NU0csCi0JCSAgIiVwICV1WyVzXSAldSAldSAldSAldSAldSAldVxuIiwKKwkJICAiJXBLICV1WyVzXSAldSAldSAldSAldSAldSAldVxuIiwKIAkJICBza2IsIHNrYi0+bGVuLCBldmVudCwgaW5mby0+Y3JlYXRlZCwgaW5mby0+cnhfcXVldWVkLAogCQkgIGluZm8tPnJ4X2RvbmUsIGluZm8tPnJ4X2RvbmVfc2VudCwgaW5mby0+dHhfcXVldWVkLAogCQkgIGdldF90aW1lc3RhbXAoKSk7CkBAIC0xMDEyLDcgKzEwMTIsNyBAQAogCQlzcGluX2xvY2tfaXJxc2F2ZSgmcG9ydC0+cnhfbG9jaywgZmxhZ3MpOwogCQl0ZW1wICs9IHNjbnByaW50ZihidWYgKyB0ZW1wLCBERUJVR19CVUZfU0laRSAtIHRlbXAsCiAJCQkJIlxuTmFtZTogICAgICAgICAgICVzXG4iCi0JCQkJIiNQT1JUOiVkIHBvcnQjOiAgICVwXG4iCisJCQkJIiNQT1JUOiVkIHBvcnQjOiAgICVwS1xuIgogCQkJCSJkYXRhX2NoX29wZW46CSAgICVkXG4iCiAJCQkJImRhdGFfY2hfcmVhZHk6ICAgICVkXG4iCiAJCQkJIlxuKioqKioqVUwgSU5GTyoqKioqXG5cbiIK \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-8404/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8404/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8404/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8404/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8405/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8405/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8405/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8405/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8406/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8406/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8406/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8406/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8407/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8407/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8407/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8407/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8410/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8410/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8410/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8410/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8412/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8412/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8412/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8412/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8413/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8413/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8413/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8413/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8414/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8414/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8414/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8414/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8415/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8415/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8415/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8415/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8415/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-8415/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8415/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-8415/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8416/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8416/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8416/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8416/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8417/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8417/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8417/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8417/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8418/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8418/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8418/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8418/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8419/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8419/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8419/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8419/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8419/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-8419/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8419/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-8419/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8420/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8420/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8420/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8420/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8420/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-8420/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8420/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-8420/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8421/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8421/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8421/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8421/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8421/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-8421/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8421/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-8421/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8434/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8434/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8434/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8434/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8436/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8436/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8436/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8436/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8444/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8444/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8444/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8444/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8450/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8450/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8450/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8450/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8452/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8452/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8452/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8452/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8452/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-8452/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8452/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-8452/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8452/ANY/2.patch b/Patches/Linux_CVEs/CVE-2016-8452/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8452/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2016-8452/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8453/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8453/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8453/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8453/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8454/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8454/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8454/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8454/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8455/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8455/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8455/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8455/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8456/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8456/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8456/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8456/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8457/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8457/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8457/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8457/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8458/3.10/0.patch b/Patches/Linux_CVEs/CVE-2016-8458/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8458/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2016-8458/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8458/3.18/1.patch b/Patches/Linux_CVEs/CVE-2016-8458/3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8458/3.18/1.patch rename to Patches/Linux_CVEs/CVE-2016-8458/3.18/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8463/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8463/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8463/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8463/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8463/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-8463/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8463/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-8463/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8463/ANY/2.patch b/Patches/Linux_CVEs/CVE-2016-8463/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8463/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2016-8463/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8464/3.10/0.patch b/Patches/Linux_CVEs/CVE-2016-8464/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8464/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2016-8464/3.10/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-8464/3.18/1.patch b/Patches/Linux_CVEs/CVE-2016-8464/3.18/1.patch new file mode 100644 index 00000000..7cafb519 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-8464/3.18/1.patch @@ -0,0 +1,165 @@ +diff --git a/drivers/net/wireless/bcmdhd/wl_android.c b/drivers/net/wireless/bcmdhd/wl_android.c +index 24b71c5..0db69ef 100644 +--- a/drivers/net/wireless/bcmdhd/wl_android.c ++++ b/drivers/net/wireless/bcmdhd/wl_android.c +@@ -246,11 +246,18 @@ + return -1; + if ((ssid.SSID_len == 0) || (ssid.SSID_len > DOT11_MAX_SSID_LEN)) { + DHD_ERROR(("%s: wldev_get_ssid failed\n", __FUNCTION__)); ++ } else if (total_len <= ssid.SSID_len) { ++ return -ENOMEM; + } else { + memcpy(command, ssid.SSID, ssid.SSID_len); + bytes_written = ssid.SSID_len; + } +- bytes_written += snprintf(&command[bytes_written], total_len, " rssi %d", rssi); ++ if ((total_len - bytes_written) < (strlen(" rssi -XXX") + 1)) ++ return -ENOMEM; ++ bytes_written += scnprintf(&command[bytes_written], ++ total_len - bytes_written, " rssi %d", rssi); ++ command[bytes_written] = '\0'; ++ + DHD_INFO(("%s: command result is %s (%d)\n", __FUNCTION__, command, bytes_written)); + return bytes_written; + } +@@ -1284,10 +1291,13 @@ + int wl_android_priv_cmd(struct net_device *net, struct ifreq *ifr, int cmd) + { + #define PRIVATE_COMMAND_MAX_LEN 8192 ++#define PRIVATE_COMMAND_DEF_LEN 4096 ++ + int ret = 0; + char *command = NULL; + int bytes_written = 0; + android_wifi_priv_cmd priv_cmd; ++ int buf_size = 0; + + net_os_wake_lock(net); + +@@ -1321,12 +1331,17 @@ + goto exit; + } + } ++ + if ((priv_cmd.total_len > PRIVATE_COMMAND_MAX_LEN) || (priv_cmd.total_len < 0)) { +- DHD_ERROR(("%s: too long priavte command\n", __FUNCTION__)); ++ DHD_ERROR(("%s: buf length invalid:%d\n", __FUNCTION__, ++ priv_cmd.total_len)); + ret = -EINVAL; + goto exit; + } +- command = kmalloc((priv_cmd.total_len + 1), GFP_KERNEL); ++ ++ buf_size = max(priv_cmd.total_len, PRIVATE_COMMAND_DEF_LEN); ++ command = kmalloc((buf_size + 1), GFP_KERNEL); ++ + if (!command) + { + DHD_ERROR(("%s: failed to allocate memory\n", __FUNCTION__)); +@@ -1341,6 +1356,41 @@ + + DHD_INFO(("%s: Android private cmd \"%s\" on %s\n", __FUNCTION__, command, ifr->ifr_name)); + ++ bytes_written = wl_handle_private_cmd(net, command, priv_cmd.total_len); ++ if (bytes_written >= 0) { ++ if ((bytes_written == 0) && (priv_cmd.total_len > 0)) ++ command[0] = '\0'; ++ if (bytes_written >= priv_cmd.total_len) { ++ DHD_ERROR(("%s: err. b_w:%d >= tot:%d\n", __FUNCTION__, ++ bytes_written, priv_cmd.total_len)); ++ ret = BCME_BUFTOOSHORT; ++ goto exit; ++ } ++ bytes_written++; ++ priv_cmd.used_len = bytes_written; ++ if (copy_to_user(priv_cmd.buf, command, bytes_written)) { ++ DHD_ERROR(("%s: failed copy to user\n", __FUNCTION__)); ++ ret = -EFAULT; ++ } ++ } else { ++ ret = bytes_written; ++ } ++ ++exit: ++ net_os_wake_unlock(net); ++ kfree(command); ++ return ret; ++} ++ ++int ++wl_handle_private_cmd(struct net_device *net, char *command, u32 buf_size) ++{ ++ int bytes_written = 0; ++ android_wifi_priv_cmd priv_cmd; ++ ++ bzero(&priv_cmd, sizeof(android_wifi_priv_cmd)); ++ priv_cmd.total_len = buf_size; ++ + if (strnicmp(command, CMD_START, strlen(CMD_START)) == 0) { + DHD_INFO(("%s, Received regular START command\n", __FUNCTION__)); + bytes_written = wl_android_wifi_on(net); +@@ -1350,10 +1400,9 @@ + } + + if (!g_wifi_on) { +- DHD_ERROR(("%s: Ignore private cmd \"%s\" - iface %s is down\n", +- __FUNCTION__, command, ifr->ifr_name)); +- ret = 0; +- goto exit; ++ DHD_ERROR(("%s: Ignore private cmd \"%s\" - iface is down\n", ++ __FUNCTION__, command)); ++ return 0; + } + + if (strnicmp(command, CMD_STOP, strlen(CMD_STOP)) == 0) { +@@ -1511,36 +1560,10 @@ + } + else { + DHD_ERROR(("Unknown PRIVATE command %s - ignored\n", command)); +- snprintf(command, 3, "OK"); +- bytes_written = strlen("OK"); ++ bytes_written = scnprintf(command, sizeof("FAIL"), "FAIL"); + } + +- if (bytes_written >= 0) { +- if ((bytes_written == 0) && (priv_cmd.total_len > 0)) +- command[0] = '\0'; +- if (bytes_written >= priv_cmd.total_len) { +- DHD_ERROR(("%s: bytes_written = %d\n", __FUNCTION__, bytes_written)); +- bytes_written = priv_cmd.total_len; +- } else { +- bytes_written++; +- } +- priv_cmd.used_len = bytes_written; +- if (copy_to_user(priv_cmd.buf, command, bytes_written)) { +- DHD_ERROR(("%s: failed to copy data to user buffer\n", __FUNCTION__)); +- ret = -EFAULT; +- } +- } +- else { +- ret = bytes_written; +- } +- +-exit: +- net_os_wake_unlock(net); +- if (command) { +- kfree(command); +- } +- +- return ret; ++ return bytes_written; + } + + int wl_android_init(void) +diff --git a/drivers/net/wireless/bcmdhd/wl_android.h b/drivers/net/wireless/bcmdhd/wl_android.h +index 2827132..f62b646 100644 +--- a/drivers/net/wireless/bcmdhd/wl_android.h ++++ b/drivers/net/wireless/bcmdhd/wl_android.h +@@ -53,6 +53,7 @@ + int wl_android_wifi_on(struct net_device *dev); + int wl_android_wifi_off(struct net_device *dev, bool on_failure); + int wl_android_priv_cmd(struct net_device *net, struct ifreq *ifr, int cmd); ++int wl_handle_private_cmd(struct net_device *net, char *command, u32 cmd_len); + + + /* hostap mac mode */ diff --git a/Patches/Linux_CVEs/CVE-2016-8464/3.18/1.patch.base64 b/Patches/Linux_CVEs/CVE-2016-8464/3.18/1.patch.base64 new file mode 100644 index 00000000..8a38957a --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2016-8464/3.18/1.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2RyaXZlcnMvbmV0L3dpcmVsZXNzL2JjbWRoZC93bF9hbmRyb2lkLmMgYi9kcml2ZXJzL25ldC93aXJlbGVzcy9iY21kaGQvd2xfYW5kcm9pZC5jCmluZGV4IDI0YjcxYzUuLjBkYjY5ZWYgMTAwNjQ0Ci0tLSBhL2RyaXZlcnMvbmV0L3dpcmVsZXNzL2JjbWRoZC93bF9hbmRyb2lkLmMKKysrIGIvZHJpdmVycy9uZXQvd2lyZWxlc3MvYmNtZGhkL3dsX2FuZHJvaWQuYwpAQCAtMjQ2LDExICsyNDYsMTggQEAKIAkJcmV0dXJuIC0xOwogCWlmICgoc3NpZC5TU0lEX2xlbiA9PSAwKSB8fCAoc3NpZC5TU0lEX2xlbiA+IERPVDExX01BWF9TU0lEX0xFTikpIHsKIAkJREhEX0VSUk9SKCgiJXM6IHdsZGV2X2dldF9zc2lkIGZhaWxlZFxuIiwgX19GVU5DVElPTl9fKSk7CisJfSBlbHNlIGlmICh0b3RhbF9sZW4gPD0gc3NpZC5TU0lEX2xlbikgeworCQlyZXR1cm4gLUVOT01FTTsKIAl9IGVsc2UgewogCQltZW1jcHkoY29tbWFuZCwgc3NpZC5TU0lELCBzc2lkLlNTSURfbGVuKTsKIAkJYnl0ZXNfd3JpdHRlbiA9IHNzaWQuU1NJRF9sZW47CiAJfQotCWJ5dGVzX3dyaXR0ZW4gKz0gc25wcmludGYoJmNvbW1hbmRbYnl0ZXNfd3JpdHRlbl0sIHRvdGFsX2xlbiwgIiByc3NpICVkIiwgcnNzaSk7CisJaWYgKCh0b3RhbF9sZW4gLSBieXRlc193cml0dGVuKSA8IChzdHJsZW4oIiByc3NpIC1YWFgiKSArIDEpKQorCQlyZXR1cm4gLUVOT01FTTsKKwlieXRlc193cml0dGVuICs9IHNjbnByaW50ZigmY29tbWFuZFtieXRlc193cml0dGVuXSwKKwkJdG90YWxfbGVuIC0gYnl0ZXNfd3JpdHRlbiwgIiByc3NpICVkIiwgcnNzaSk7CisJY29tbWFuZFtieXRlc193cml0dGVuXSA9ICdcMCc7CisKIAlESERfSU5GTygoIiVzOiBjb21tYW5kIHJlc3VsdCBpcyAlcyAoJWQpXG4iLCBfX0ZVTkNUSU9OX18sIGNvbW1hbmQsIGJ5dGVzX3dyaXR0ZW4pKTsKIAlyZXR1cm4gYnl0ZXNfd3JpdHRlbjsKIH0KQEAgLTEyODQsMTAgKzEyOTEsMTMgQEAKIGludCB3bF9hbmRyb2lkX3ByaXZfY21kKHN0cnVjdCBuZXRfZGV2aWNlICpuZXQsIHN0cnVjdCBpZnJlcSAqaWZyLCBpbnQgY21kKQogewogI2RlZmluZSBQUklWQVRFX0NPTU1BTkRfTUFYX0xFTgk4MTkyCisjZGVmaW5lIFBSSVZBVEVfQ09NTUFORF9ERUZfTEVOCTQwOTYKKwogCWludCByZXQgPSAwOwogCWNoYXIgKmNvbW1hbmQgPSBOVUxMOwogCWludCBieXRlc193cml0dGVuID0gMDsKIAlhbmRyb2lkX3dpZmlfcHJpdl9jbWQgcHJpdl9jbWQ7CisJaW50IGJ1Zl9zaXplID0gMDsKIAogCW5ldF9vc193YWtlX2xvY2sobmV0KTsKIApAQCAtMTMyMSwxMiArMTMzMSwxNyBAQAogCQkJZ290byBleGl0OwogCQl9CiAJfQorCiAJaWYgKChwcml2X2NtZC50b3RhbF9sZW4gPiBQUklWQVRFX0NPTU1BTkRfTUFYX0xFTikgfHwgKHByaXZfY21kLnRvdGFsX2xlbiA8IDApKSB7Ci0JCURIRF9FUlJPUigoIiVzOiB0b28gbG9uZyBwcmlhdnRlIGNvbW1hbmRcbiIsIF9fRlVOQ1RJT05fXykpOworCQlESERfRVJST1IoKCIlczogYnVmIGxlbmd0aCBpbnZhbGlkOiVkXG4iLCBfX0ZVTkNUSU9OX18sCisJCQkgICBwcml2X2NtZC50b3RhbF9sZW4pKTsKIAkJcmV0ID0gLUVJTlZBTDsKIAkJZ290byBleGl0OwogCX0KLQljb21tYW5kID0ga21hbGxvYygocHJpdl9jbWQudG90YWxfbGVuICsgMSksIEdGUF9LRVJORUwpOworCisJYnVmX3NpemUgPSBtYXgocHJpdl9jbWQudG90YWxfbGVuLCBQUklWQVRFX0NPTU1BTkRfREVGX0xFTik7CisJY29tbWFuZCA9IGttYWxsb2MoKGJ1Zl9zaXplICsgMSksIEdGUF9LRVJORUwpOworCiAJaWYgKCFjb21tYW5kKQogCXsKIAkJREhEX0VSUk9SKCgiJXM6IGZhaWxlZCB0byBhbGxvY2F0ZSBtZW1vcnlcbiIsIF9fRlVOQ1RJT05fXykpOwpAQCAtMTM0MSw2ICsxMzU2LDQxIEBACiAKIAlESERfSU5GTygoIiVzOiBBbmRyb2lkIHByaXZhdGUgY21kIFwiJXNcIiBvbiAlc1xuIiwgX19GVU5DVElPTl9fLCBjb21tYW5kLCBpZnItPmlmcl9uYW1lKSk7CiAKKwlieXRlc193cml0dGVuID0gd2xfaGFuZGxlX3ByaXZhdGVfY21kKG5ldCwgY29tbWFuZCwgcHJpdl9jbWQudG90YWxfbGVuKTsKKwlpZiAoYnl0ZXNfd3JpdHRlbiA+PSAwKSB7CisJCWlmICgoYnl0ZXNfd3JpdHRlbiA9PSAwKSAmJiAocHJpdl9jbWQudG90YWxfbGVuID4gMCkpCisJCQljb21tYW5kWzBdID0gJ1wwJzsKKwkJaWYgKGJ5dGVzX3dyaXR0ZW4gPj0gcHJpdl9jbWQudG90YWxfbGVuKSB7CisJCQlESERfRVJST1IoKCIlczogZXJyLiBiX3c6JWQgPj0gdG90OiVkXG4iLCBfX0ZVTkNUSU9OX18sCisJCQkJICAgYnl0ZXNfd3JpdHRlbiwgcHJpdl9jbWQudG90YWxfbGVuKSk7CisJCQlyZXQgPSBCQ01FX0JVRlRPT1NIT1JUOworCQkJZ290byBleGl0OworCQl9CisJCWJ5dGVzX3dyaXR0ZW4rKzsKKwkJcHJpdl9jbWQudXNlZF9sZW4gPSBieXRlc193cml0dGVuOworCQlpZiAoY29weV90b191c2VyKHByaXZfY21kLmJ1ZiwgY29tbWFuZCwgYnl0ZXNfd3JpdHRlbikpIHsKKwkJCURIRF9FUlJPUigoIiVzOiBmYWlsZWQgY29weSB0byB1c2VyXG4iLCBfX0ZVTkNUSU9OX18pKTsKKwkJCXJldCA9IC1FRkFVTFQ7CisJCX0KKwl9IGVsc2UgeworCQlyZXQgPSBieXRlc193cml0dGVuOworCX0KKworZXhpdDoKKwluZXRfb3Nfd2FrZV91bmxvY2sobmV0KTsKKwlrZnJlZShjb21tYW5kKTsKKwlyZXR1cm4gcmV0OworfQorCitpbnQKK3dsX2hhbmRsZV9wcml2YXRlX2NtZChzdHJ1Y3QgbmV0X2RldmljZSAqbmV0LCBjaGFyICpjb21tYW5kLCB1MzIgYnVmX3NpemUpCit7CisJaW50IGJ5dGVzX3dyaXR0ZW4gPSAwOworCWFuZHJvaWRfd2lmaV9wcml2X2NtZCBwcml2X2NtZDsKKworCWJ6ZXJvKCZwcml2X2NtZCwgc2l6ZW9mKGFuZHJvaWRfd2lmaV9wcml2X2NtZCkpOworCXByaXZfY21kLnRvdGFsX2xlbiA9IGJ1Zl9zaXplOworCiAJaWYgKHN0cm5pY21wKGNvbW1hbmQsIENNRF9TVEFSVCwgc3RybGVuKENNRF9TVEFSVCkpID09IDApIHsKIAkJREhEX0lORk8oKCIlcywgUmVjZWl2ZWQgcmVndWxhciBTVEFSVCBjb21tYW5kXG4iLCBfX0ZVTkNUSU9OX18pKTsKIAkJYnl0ZXNfd3JpdHRlbiA9IHdsX2FuZHJvaWRfd2lmaV9vbihuZXQpOwpAQCAtMTM1MCwxMCArMTQwMCw5IEBACiAJfQogCiAJaWYgKCFnX3dpZmlfb24pIHsKLQkJREhEX0VSUk9SKCgiJXM6IElnbm9yZSBwcml2YXRlIGNtZCBcIiVzXCIgLSBpZmFjZSAlcyBpcyBkb3duXG4iLAotCQkJX19GVU5DVElPTl9fLCBjb21tYW5kLCBpZnItPmlmcl9uYW1lKSk7Ci0JCXJldCA9IDA7Ci0JCWdvdG8gZXhpdDsKKwkJREhEX0VSUk9SKCgiJXM6IElnbm9yZSBwcml2YXRlIGNtZCBcIiVzXCIgLSBpZmFjZSBpcyBkb3duXG4iLAorCQkJICAgX19GVU5DVElPTl9fLCBjb21tYW5kKSk7CisJCXJldHVybiAwOwogCX0KIAogCWlmIChzdHJuaWNtcChjb21tYW5kLCBDTURfU1RPUCwgc3RybGVuKENNRF9TVE9QKSkgPT0gMCkgewpAQCAtMTUxMSwzNiArMTU2MCwxMCBAQAogCX0KIAllbHNlIHsKIAkJREhEX0VSUk9SKCgiVW5rbm93biBQUklWQVRFIGNvbW1hbmQgJXMgLSBpZ25vcmVkXG4iLCBjb21tYW5kKSk7Ci0JCXNucHJpbnRmKGNvbW1hbmQsIDMsICJPSyIpOwotCQlieXRlc193cml0dGVuID0gc3RybGVuKCJPSyIpOworCQlieXRlc193cml0dGVuID0gc2NucHJpbnRmKGNvbW1hbmQsIHNpemVvZigiRkFJTCIpLCAiRkFJTCIpOwogCX0KIAotCWlmIChieXRlc193cml0dGVuID49IDApIHsKLQkJaWYgKChieXRlc193cml0dGVuID09IDApICYmIChwcml2X2NtZC50b3RhbF9sZW4gPiAwKSkKLQkJCWNvbW1hbmRbMF0gPSAnXDAnOwotCQlpZiAoYnl0ZXNfd3JpdHRlbiA+PSBwcml2X2NtZC50b3RhbF9sZW4pIHsKLQkJCURIRF9FUlJPUigoIiVzOiBieXRlc193cml0dGVuID0gJWRcbiIsIF9fRlVOQ1RJT05fXywgYnl0ZXNfd3JpdHRlbikpOwotCQkJYnl0ZXNfd3JpdHRlbiA9IHByaXZfY21kLnRvdGFsX2xlbjsKLQkJfSBlbHNlIHsKLQkJCWJ5dGVzX3dyaXR0ZW4rKzsKLQkJfQotCQlwcml2X2NtZC51c2VkX2xlbiA9IGJ5dGVzX3dyaXR0ZW47Ci0JCWlmIChjb3B5X3RvX3VzZXIocHJpdl9jbWQuYnVmLCBjb21tYW5kLCBieXRlc193cml0dGVuKSkgewotCQkJREhEX0VSUk9SKCgiJXM6IGZhaWxlZCB0byBjb3B5IGRhdGEgdG8gdXNlciBidWZmZXJcbiIsIF9fRlVOQ1RJT05fXykpOwotCQkJcmV0ID0gLUVGQVVMVDsKLQkJfQotCX0KLQllbHNlIHsKLQkJcmV0ID0gYnl0ZXNfd3JpdHRlbjsKLQl9Ci0KLWV4aXQ6Ci0JbmV0X29zX3dha2VfdW5sb2NrKG5ldCk7Ci0JaWYgKGNvbW1hbmQpIHsKLQkJa2ZyZWUoY29tbWFuZCk7Ci0JfQotCi0JcmV0dXJuIHJldDsKKwlyZXR1cm4gYnl0ZXNfd3JpdHRlbjsKIH0KIAogaW50IHdsX2FuZHJvaWRfaW5pdCh2b2lkKQpkaWZmIC0tZ2l0IGEvZHJpdmVycy9uZXQvd2lyZWxlc3MvYmNtZGhkL3dsX2FuZHJvaWQuaCBiL2RyaXZlcnMvbmV0L3dpcmVsZXNzL2JjbWRoZC93bF9hbmRyb2lkLmgKaW5kZXggMjgyNzEzMi4uZjYyYjY0NiAxMDA2NDQKLS0tIGEvZHJpdmVycy9uZXQvd2lyZWxlc3MvYmNtZGhkL3dsX2FuZHJvaWQuaAorKysgYi9kcml2ZXJzL25ldC93aXJlbGVzcy9iY21kaGQvd2xfYW5kcm9pZC5oCkBAIC01Myw2ICs1Myw3IEBACiBpbnQgd2xfYW5kcm9pZF93aWZpX29uKHN0cnVjdCBuZXRfZGV2aWNlICpkZXYpOwogaW50IHdsX2FuZHJvaWRfd2lmaV9vZmYoc3RydWN0IG5ldF9kZXZpY2UgKmRldiwgYm9vbCBvbl9mYWlsdXJlKTsKIGludCB3bF9hbmRyb2lkX3ByaXZfY21kKHN0cnVjdCBuZXRfZGV2aWNlICpuZXQsIHN0cnVjdCBpZnJlcSAqaWZyLCBpbnQgY21kKTsKK2ludCB3bF9oYW5kbGVfcHJpdmF0ZV9jbWQoc3RydWN0IG5ldF9kZXZpY2UgKm5ldCwgY2hhciAqY29tbWFuZCwgdTMyIGNtZF9sZW4pOwogCiAKIC8qIGhvc3RhcCBtYWMgbW9kZSAqLwo= \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2016-8465/3.10/0.patch b/Patches/Linux_CVEs/CVE-2016-8465/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8465/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2016-8465/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8465/3.10/1.patch b/Patches/Linux_CVEs/CVE-2016-8465/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8465/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2016-8465/3.10/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8465/3.18/2.patch b/Patches/Linux_CVEs/CVE-2016-8465/3.18/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8465/3.18/2.patch rename to Patches/Linux_CVEs/CVE-2016-8465/3.18/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8465/3.18/3.patch b/Patches/Linux_CVEs/CVE-2016-8465/3.18/3.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8465/3.18/3.patch rename to Patches/Linux_CVEs/CVE-2016-8465/3.18/3.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8466/3.10/0.patch b/Patches/Linux_CVEs/CVE-2016-8466/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8466/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2016-8466/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8466/3.18/1.patch b/Patches/Linux_CVEs/CVE-2016-8466/3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8466/3.18/1.patch rename to Patches/Linux_CVEs/CVE-2016-8466/3.18/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8468/3.18/0.patch b/Patches/Linux_CVEs/CVE-2016-8468/3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8468/3.18/0.patch rename to Patches/Linux_CVEs/CVE-2016-8468/3.18/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8473/3.10/0.patch b/Patches/Linux_CVEs/CVE-2016-8473/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8473/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2016-8473/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8474/3.10/0.patch b/Patches/Linux_CVEs/CVE-2016-8474/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8474/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2016-8474/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8475/3.18/0.patch b/Patches/Linux_CVEs/CVE-2016-8475/3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8475/3.18/0.patch rename to Patches/Linux_CVEs/CVE-2016-8475/3.18/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8476/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8476/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8476/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8476/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8476/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-8476/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8476/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-8476/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8477/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8477/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8477/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8477/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8477/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-8477/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8477/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-8477/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8478/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8478/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8478/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8478/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8479/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8479/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8479/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8479/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8480/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8480/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8480/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8480/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8480/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-8480/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8480/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-8480/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8481/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8481/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8481/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8481/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8481/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-8481/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8481/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-8481/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8483/3.10/1.patch b/Patches/Linux_CVEs/CVE-2016-8483/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8483/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2016-8483/3.10/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8483/3.18/0.patch b/Patches/Linux_CVEs/CVE-2016-8483/3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8483/3.18/0.patch rename to Patches/Linux_CVEs/CVE-2016-8483/3.18/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8650/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8650/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8650/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8650/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-8655/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-8655/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-8655/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-8655/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-9120/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-9120/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-9120/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-9120/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-9120/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-9120/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-9120/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-9120/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-9191/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-9191/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-9191/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-9191/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-9555/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-9555/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-9555/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-9555/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-9576/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-9576/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-9576/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-9576/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-9604/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-9604/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-9604/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-9604/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-9754/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-9754/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-9754/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-9754/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-9793/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-9793/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-9793/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-9793/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-9794/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-9794/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-9794/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-9794/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-9794/ANY/1.patch b/Patches/Linux_CVEs/CVE-2016-9794/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-9794/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2016-9794/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2016-9806/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-9806/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2016-9806/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-9806/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0403/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0403/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0403/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0403/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0404/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0404/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0404/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0404/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0427/3.10/1.patch b/Patches/Linux_CVEs/CVE-2017-0427/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0427/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2017-0427/3.10/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0427/3.18/0.patch b/Patches/Linux_CVEs/CVE-2017-0427/3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0427/3.18/0.patch rename to Patches/Linux_CVEs/CVE-2017-0427/3.18/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0430/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0430/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0430/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0430/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0433/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0433/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0433/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0433/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0433/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0433/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0433/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0433/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0434/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0434/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0434/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0434/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0435/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0435/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0435/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0435/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0435/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0435/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0435/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0435/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0436/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0436/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0436/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0436/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0437/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0437/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0437/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0437/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0437/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0437/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0437/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0437/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0438/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0438/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0438/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0438/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0438/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0438/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0438/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0438/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0439/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0439/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0439/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0439/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0439/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0439/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0439/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0439/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0440/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0440/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0440/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0440/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0440/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0440/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0440/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0440/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0440/ANY/2.patch b/Patches/Linux_CVEs/CVE-2017-0440/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0440/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2017-0440/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0441/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0441/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0441/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0441/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0441/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0441/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0441/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0441/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0442/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0442/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0442/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0442/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0442/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0442/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0442/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0442/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0443/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0443/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0443/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0443/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0443/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0443/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0443/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0443/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0444/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0444/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0444/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0444/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0445/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0445/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0445/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0445/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0445/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0445/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0445/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0445/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0445/ANY/2.patch b/Patches/Linux_CVEs/CVE-2017-0445/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0445/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2017-0445/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0445/ANY/3.patch b/Patches/Linux_CVEs/CVE-2017-0445/ANY/3.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0445/ANY/3.patch rename to Patches/Linux_CVEs/CVE-2017-0445/ANY/3.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0446/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0446/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0446/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0446/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0447/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0447/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0447/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0447/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0449/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0449/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0449/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0449/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0451/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0451/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0451/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0451/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0451/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0451/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0451/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0451/ANY/1.patch diff --git a/Patches/Linux_CVEs/CVE-2017-0452/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0452/ANY/0.patch new file mode 100644 index 00000000..82e484ca --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0452/ANY/0.patch @@ -0,0 +1,36 @@ +diff --git a/drivers/media/platform/msm/vidc/msm_vidc.c b/drivers/media/platform/msm/vidc/msm_vidc.c +index 0f55f32..b90ebc1 100644 +--- a/drivers/media/platform/msm/vidc/msm_vidc.c ++++ b/drivers/media/platform/msm/vidc/msm_vidc.c +@@ -1405,7 +1405,8 @@ + debugfs_remove_recursive(inst->debugfs_root); + + mutex_lock(&inst->pending_getpropq.lock); +- WARN_ON(!list_empty(&inst->pending_getpropq.list)); ++ WARN_ON(!list_empty(&inst->pending_getpropq.list) ++ && (msm_vidc_debug & VIDC_INFO)); + mutex_unlock(&inst->pending_getpropq.lock); + } + } +diff --git a/drivers/media/platform/msm/vidc/venus_hfi.c b/drivers/media/platform/msm/vidc/venus_hfi.c +index a7a391f..6f6d79a 100644 +--- a/drivers/media/platform/msm/vidc/venus_hfi.c ++++ b/drivers/media/platform/msm/vidc/venus_hfi.c +@@ -261,7 +261,7 @@ + rinfo->name); + } + } +- WARN_ON(!regulator_is_enabled(rinfo->regulator)); ++ WARN_ON(!regulator_is_enabled(rinfo->regulator) && (msm_vidc_debug & VIDC_INFO)); + return rc; + } + +@@ -3954,7 +3954,7 @@ + disable_regulator_failed: + + /* Bring attention to this issue */ +- WARN_ON(1); ++ WARN_ON(msm_vidc_debug & VIDC_INFO); + return rc; + } + diff --git a/Patches/Linux_CVEs/CVE-2017-0452/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2017-0452/ANY/0.patch.base64 new file mode 100644 index 00000000..e80cf439 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0452/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2RyaXZlcnMvbWVkaWEvcGxhdGZvcm0vbXNtL3ZpZGMvbXNtX3ZpZGMuYyBiL2RyaXZlcnMvbWVkaWEvcGxhdGZvcm0vbXNtL3ZpZGMvbXNtX3ZpZGMuYwppbmRleCAwZjU1ZjMyLi5iOTBlYmMxIDEwMDY0NAotLS0gYS9kcml2ZXJzL21lZGlhL3BsYXRmb3JtL21zbS92aWRjL21zbV92aWRjLmMKKysrIGIvZHJpdmVycy9tZWRpYS9wbGF0Zm9ybS9tc20vdmlkYy9tc21fdmlkYy5jCkBAIC0xNDA1LDcgKzE0MDUsOCBAQAogCQlkZWJ1Z2ZzX3JlbW92ZV9yZWN1cnNpdmUoaW5zdC0+ZGVidWdmc19yb290KTsKIAogCQltdXRleF9sb2NrKCZpbnN0LT5wZW5kaW5nX2dldHByb3BxLmxvY2spOwotCQlXQVJOX09OKCFsaXN0X2VtcHR5KCZpbnN0LT5wZW5kaW5nX2dldHByb3BxLmxpc3QpKTsKKwkJV0FSTl9PTighbGlzdF9lbXB0eSgmaW5zdC0+cGVuZGluZ19nZXRwcm9wcS5saXN0KQorCQkJJiYgKG1zbV92aWRjX2RlYnVnICYgVklEQ19JTkZPKSk7CiAJCW11dGV4X3VubG9jaygmaW5zdC0+cGVuZGluZ19nZXRwcm9wcS5sb2NrKTsKIAl9CiB9CmRpZmYgLS1naXQgYS9kcml2ZXJzL21lZGlhL3BsYXRmb3JtL21zbS92aWRjL3ZlbnVzX2hmaS5jIGIvZHJpdmVycy9tZWRpYS9wbGF0Zm9ybS9tc20vdmlkYy92ZW51c19oZmkuYwppbmRleCBhN2EzOTFmLi42ZjZkNzlhIDEwMDY0NAotLS0gYS9kcml2ZXJzL21lZGlhL3BsYXRmb3JtL21zbS92aWRjL3ZlbnVzX2hmaS5jCisrKyBiL2RyaXZlcnMvbWVkaWEvcGxhdGZvcm0vbXNtL3ZpZGMvdmVudXNfaGZpLmMKQEAgLTI2MSw3ICsyNjEsNyBAQAogCQkJCQlyaW5mby0+bmFtZSk7CiAJCX0KIAl9Ci0JV0FSTl9PTighcmVndWxhdG9yX2lzX2VuYWJsZWQocmluZm8tPnJlZ3VsYXRvcikpOworCVdBUk5fT04oIXJlZ3VsYXRvcl9pc19lbmFibGVkKHJpbmZvLT5yZWd1bGF0b3IpICYmIChtc21fdmlkY19kZWJ1ZyAmIFZJRENfSU5GTykpOwogCXJldHVybiByYzsKIH0KIApAQCAtMzk1NCw3ICszOTU0LDcgQEAKIGRpc2FibGVfcmVndWxhdG9yX2ZhaWxlZDoKIAogCS8qIEJyaW5nIGF0dGVudGlvbiB0byB0aGlzIGlzc3VlICovCi0JV0FSTl9PTigxKTsKKwlXQVJOX09OKG1zbV92aWRjX2RlYnVnICYgVklEQ19JTkZPKTsKIAlyZXR1cm4gcmM7CiB9CiAK \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0452/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0452/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0452/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0452/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0453/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0453/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0453/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0453/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0453/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0453/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0453/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0453/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0454/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0454/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0454/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0454/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0457/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-0457/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0457/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-0457/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0457/3.10/1.patch b/Patches/Linux_CVEs/CVE-2017-0457/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0457/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2017-0457/3.10/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0457/3.18/2.patch b/Patches/Linux_CVEs/CVE-2017-0457/3.18/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0457/3.18/2.patch rename to Patches/Linux_CVEs/CVE-2017-0457/3.18/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0458/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0458/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0458/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0458/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0459/3.10/1.patch b/Patches/Linux_CVEs/CVE-2017-0459/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0459/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2017-0459/3.10/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0459/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0459/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0459/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0459/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0460/3.10/1.patch b/Patches/Linux_CVEs/CVE-2017-0460/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0460/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2017-0460/3.10/1.patch diff --git a/Patches/Linux_CVEs/CVE-2017-0460/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0460/ANY/0.patch new file mode 100644 index 00000000..fdb304ea --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0460/ANY/0.patch @@ -0,0 +1,16 @@ +diff --git a/net/rmnet_data/rmnet_data_config.c b/net/rmnet_data/rmnet_data_config.c +index f665358..d473898 100644 +--- a/net/rmnet_data/rmnet_data_config.c ++++ b/net/rmnet_data/rmnet_data_config.c +@@ -529,6 +529,11 @@ + nlmsg_header = (struct nlmsghdr *) skb->data; + rmnet_header = (struct rmnet_nl_msg_s *) nlmsg_data(nlmsg_header); + ++ if (!nlmsg_header->nlmsg_pid || ++ (nlmsg_header->nlmsg_len < sizeof(struct nlmsghdr) + ++ sizeof(struct rmnet_nl_msg_s))) ++ return; ++ + LOGL("Netlink message pid=%d, seq=%d, length=%d, rmnet_type=%d", + nlmsg_header->nlmsg_pid, + nlmsg_header->nlmsg_seq, diff --git a/Patches/Linux_CVEs/CVE-2017-0460/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2017-0460/ANY/0.patch.base64 new file mode 100644 index 00000000..ee5a8d76 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0460/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL25ldC9ybW5ldF9kYXRhL3JtbmV0X2RhdGFfY29uZmlnLmMgYi9uZXQvcm1uZXRfZGF0YS9ybW5ldF9kYXRhX2NvbmZpZy5jCmluZGV4IGY2NjUzNTguLmQ0NzM4OTggMTAwNjQ0Ci0tLSBhL25ldC9ybW5ldF9kYXRhL3JtbmV0X2RhdGFfY29uZmlnLmMKKysrIGIvbmV0L3JtbmV0X2RhdGEvcm1uZXRfZGF0YV9jb25maWcuYwpAQCAtNTI5LDYgKzUyOSwxMSBAQAogCW5sbXNnX2hlYWRlciA9IChzdHJ1Y3Qgbmxtc2doZHIgKikgc2tiLT5kYXRhOwogCXJtbmV0X2hlYWRlciA9IChzdHJ1Y3Qgcm1uZXRfbmxfbXNnX3MgKikgbmxtc2dfZGF0YShubG1zZ19oZWFkZXIpOwogCisJaWYgKCFubG1zZ19oZWFkZXItPm5sbXNnX3BpZCB8fAorCSAgICAobmxtc2dfaGVhZGVyLT5ubG1zZ19sZW4gPCBzaXplb2Yoc3RydWN0IG5sbXNnaGRyKSArCisJCQkJICAgICAgIHNpemVvZihzdHJ1Y3Qgcm1uZXRfbmxfbXNnX3MpKSkKKwkJcmV0dXJuOworCiAJTE9HTCgiTmV0bGluayBtZXNzYWdlIHBpZD0lZCwgc2VxPSVkLCBsZW5ndGg9JWQsIHJtbmV0X3R5cGU9JWQiLAogCQlubG1zZ19oZWFkZXItPm5sbXNnX3BpZCwKIAkJbmxtc2dfaGVhZGVyLT5ubG1zZ19zZXEsCg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0461/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0461/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0461/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0461/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0461/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0461/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0461/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0461/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0462/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0462/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0462/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0462/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0463/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0463/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0463/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0463/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0464/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0464/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0464/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0464/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0464/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0464/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0464/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0464/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0465/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0465/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0465/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0465/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-0507/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0507/ANY/0.patch new file mode 100644 index 00000000..45b2e4e0 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0507/ANY/0.patch @@ -0,0 +1,50 @@ +diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c +index cc1b3bf..48b6b86 100644 +--- a/drivers/staging/android/ion/ion.c ++++ b/drivers/staging/android/ion/ion.c +@@ -16,6 +16,8 @@ + * + */ + ++#include ++#include + #include + #include + #include +@@ -400,6 +402,15 @@ + kref_get(&handle->ref); + } + ++/* Must hold the client lock */ ++static struct ion_handle* ion_handle_get_check_overflow(struct ion_handle *handle) ++{ ++ if (atomic_read(&handle->ref.refcount) + 1 == 0) ++ return ERR_PTR(-EOVERFLOW); ++ ion_handle_get(handle); ++ return handle; ++} ++ + int ion_handle_put_nolock(struct ion_handle *handle) + { + int ret; +@@ -445,9 +456,9 @@ + + handle = idr_find(&client->idr, id); + if (handle) +- ion_handle_get(handle); ++ return ion_handle_get_check_overflow(handle); + +- return handle ? handle : ERR_PTR(-EINVAL); ++ return ERR_PTR(-EINVAL); + } + + struct ion_handle *ion_handle_get_by_id(struct ion_client *client, +@@ -1339,7 +1350,7 @@ + /* if a handle exists for this buffer just take a reference to it */ + handle = ion_handle_lookup(client, buffer); + if (!IS_ERR(handle)) { +- ion_handle_get(handle); ++ handle = ion_handle_get_check_overflow(handle); + mutex_unlock(&client->lock); + goto end; + } diff --git a/Patches/Linux_CVEs/CVE-2017-0507/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2017-0507/ANY/0.patch.base64 new file mode 100644 index 00000000..12fb178a --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0507/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2RyaXZlcnMvc3RhZ2luZy9hbmRyb2lkL2lvbi9pb24uYyBiL2RyaXZlcnMvc3RhZ2luZy9hbmRyb2lkL2lvbi9pb24uYwppbmRleCBjYzFiM2JmLi40OGI2Yjg2IDEwMDY0NAotLS0gYS9kcml2ZXJzL3N0YWdpbmcvYW5kcm9pZC9pb24vaW9uLmMKKysrIGIvZHJpdmVycy9zdGFnaW5nL2FuZHJvaWQvaW9uL2lvbi5jCkBAIC0xNiw2ICsxNiw4IEBACiAgKgogICovCiAKKyNpbmNsdWRlIDxsaW51eC9hdG9taWMuaD4KKyNpbmNsdWRlIDxsaW51eC9lcnIuaD4KICNpbmNsdWRlIDxsaW51eC9maWxlLmg+CiAjaW5jbHVkZSA8bGludXgvZnJlZXplci5oPgogI2luY2x1ZGUgPGxpbnV4L2ZzLmg+CkBAIC00MDAsNiArNDAyLDE1IEBACiAJa3JlZl9nZXQoJmhhbmRsZS0+cmVmKTsKIH0KIAorLyogTXVzdCBob2xkIHRoZSBjbGllbnQgbG9jayAqLworc3RhdGljIHN0cnVjdCBpb25faGFuZGxlKiBpb25faGFuZGxlX2dldF9jaGVja19vdmVyZmxvdyhzdHJ1Y3QgaW9uX2hhbmRsZSAqaGFuZGxlKQoreworCWlmIChhdG9taWNfcmVhZCgmaGFuZGxlLT5yZWYucmVmY291bnQpICsgMSA9PSAwKQorCQlyZXR1cm4gRVJSX1BUUigtRU9WRVJGTE9XKTsKKwlpb25faGFuZGxlX2dldChoYW5kbGUpOworCXJldHVybiBoYW5kbGU7Cit9CisKIGludCBpb25faGFuZGxlX3B1dF9ub2xvY2soc3RydWN0IGlvbl9oYW5kbGUgKmhhbmRsZSkKIHsKIAlpbnQgcmV0OwpAQCAtNDQ1LDkgKzQ1Niw5IEBACiAKIAloYW5kbGUgPSBpZHJfZmluZCgmY2xpZW50LT5pZHIsIGlkKTsKIAlpZiAoaGFuZGxlKQotCQlpb25faGFuZGxlX2dldChoYW5kbGUpOworCQlyZXR1cm4gaW9uX2hhbmRsZV9nZXRfY2hlY2tfb3ZlcmZsb3coaGFuZGxlKTsKIAotCXJldHVybiBoYW5kbGUgPyBoYW5kbGUgOiBFUlJfUFRSKC1FSU5WQUwpOworCXJldHVybiBFUlJfUFRSKC1FSU5WQUwpOwogfQogCiBzdHJ1Y3QgaW9uX2hhbmRsZSAqaW9uX2hhbmRsZV9nZXRfYnlfaWQoc3RydWN0IGlvbl9jbGllbnQgKmNsaWVudCwKQEAgLTEzMzksNyArMTM1MCw3IEBACiAJLyogaWYgYSBoYW5kbGUgZXhpc3RzIGZvciB0aGlzIGJ1ZmZlciBqdXN0IHRha2UgYSByZWZlcmVuY2UgdG8gaXQgKi8KIAloYW5kbGUgPSBpb25faGFuZGxlX2xvb2t1cChjbGllbnQsIGJ1ZmZlcik7CiAJaWYgKCFJU19FUlIoaGFuZGxlKSkgewotCQlpb25faGFuZGxlX2dldChoYW5kbGUpOworCQloYW5kbGUgPSBpb25faGFuZGxlX2dldF9jaGVja19vdmVyZmxvdyhoYW5kbGUpOwogCQltdXRleF91bmxvY2soJmNsaWVudC0+bG9jayk7CiAJCWdvdG8gZW5kOwogCX0K \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0507/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0507/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0507/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0507/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0509/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0509/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0509/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0509/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0510/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-0510/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0510/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-0510/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0510/3.18/1.patch b/Patches/Linux_CVEs/CVE-2017-0510/3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0510/3.18/1.patch rename to Patches/Linux_CVEs/CVE-2017-0510/3.18/1.patch diff --git a/Patches/Linux_CVEs/CVE-2017-0510/3.4/3.patch b/Patches/Linux_CVEs/CVE-2017-0510/3.4/3.patch new file mode 100644 index 00000000..4ab6691b --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0510/3.4/3.patch @@ -0,0 +1,213 @@ +From faca1e5a1ca8f637ac0c213094159ea4fae059f9 Mon Sep 17 00:00:00 2001 +From: Mark Salyzyn +Date: Tue, 20 Dec 2016 15:59:19 -0800 +Subject: [PATCH] BACKPORT: fiq_debugger: restrict access to critical commands. + +Sysrq must be enabled via /proc/sys/kernel/sysrq as a security +measure to enable various critical fiq debugger commands that +either leak information or can be used as a system attack. + +Default disabled, this will leave the reboot, reset, irqs, sleep, +nosleep, console and ps commands. Reboot and reset commands +will be restricted from taking any parameters. We will also +switch to showing the limited command set in this mode. + +Signed-off-by: Mark Salyzyn +Bug: 32402555 +[d-cagle@codeaurora.org: Resolve merge conflict] +Git-repo: https://android.googlesource.com/kernel/msm +Git-commit: 1031836c0895f1f5a05c25efec83bfa11aa08ca9 +Signed-off-by: Dennis Cagle + +Backport reference: + * Adapted for arch/arm/common/fiq_debugger.c + * Adapt to the old use of debug_printf + +Change-Id: I0a6aecd9b3d5bd62db06beac76682349854198d7 +Signed-off-by: Adrian DC +--- + +diff --git a/arch/arm/common/fiq_debugger.c b/arch/arm/common/fiq_debugger.c +index 518b4b5..5e0e3ed 100644 +--- a/arch/arm/common/fiq_debugger.c ++++ b/arch/arm/common/fiq_debugger.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -580,12 +581,13 @@ + cmd += 6; + while (*cmd == ' ') + cmd++; +- if (cmd != '\0') ++ if ((cmd != '\0') && sysrq_on()) + kernel_restart(cmd); + else + kernel_restart(NULL); + } else { +- debug_printf(state, "unknown work command '%s'\n", work_cmd); ++ debug_printf(state, "unknown work command '%s'\n", ++ work_cmd); + } + } + +@@ -608,26 +610,40 @@ + + static void debug_help(struct fiq_debugger_state *state) + { +- debug_printf(state, "FIQ Debugger commands:\n" +- " pc PC status\n" +- " regs Register dump\n" +- " allregs Extended Register dump\n" +- " bt Stack trace\n" +- " reboot [] Reboot with command \n" +- " reset [] Hard reset with command \n" +- " irqs Interupt status\n" +- " kmsg Kernel log\n" +- " version Kernel version\n"); +- debug_printf(state, " sleep Allow sleep while in FIQ\n" +- " nosleep Disable sleep while in FIQ\n" +- " console Switch terminal to console\n" +- " cpu Current CPU\n" +- " cpu Switch to CPU\n"); +- debug_printf(state, " ps Process list\n" +- " sysrq sysrq options\n" +- " sysrq Execute sysrq with \n"); ++ debug_printf(state, ++ "FIQ Debugger commands:\n"); ++ if (sysrq_on()) { ++ debug_printf(state, ++ " pc PC status\n" ++ " regs Register dump\n" ++ " allregs Extended Register dump\n" ++ " bt Stack trace\n"); ++ debug_printf(state, ++ " reboot [] Reboot with command \n" ++ " reset [] Hard reset with command \n" ++ " irqs Interrupt status\n" ++ " kmsg Kernel log\n" ++ " version Kernel version\n"); ++ debug_printf(state, ++ " cpu Current CPU\n" ++ " cpu Switch to CPU\n" ++ " sysrq sysrq options\n" ++ " sysrq Execute sysrq with \n"); ++ } else { ++ debug_printf(state, ++ " reboot Reboot\n" ++ " reset Hard reset\n" ++ " irqs Interrupt status\n"); ++ } ++ debug_printf(state, ++ " sleep Allow sleep while in FIQ\n" ++ " nosleep Disable sleep while in FIQ\n" ++ " console Switch terminal to console\n" ++ " ps Process list\n"); + #ifdef CONFIG_KGDB +- debug_printf(state, " kgdb Enter kernel debugger\n"); ++ if (fiq_kgdb_enable) { ++ debug_printf(state, ++ " kgdb Enter kernel debugger\n"); + #endif + } + +@@ -657,19 +673,24 @@ + if (!strcmp(cmd, "help") || !strcmp(cmd, "?")) { + debug_help(state); + } else if (!strcmp(cmd, "pc")) { +- debug_printf(state, " pc %08x cpsr %08x mode %s\n", +- regs[15], regs[16], mode_name(regs[16])); ++ if (sysrq_on()) ++ debug_printf(state, " pc %08x cpsr %08x mode %s\n", ++ regs[15], regs[16], mode_name(regs[16])); + } else if (!strcmp(cmd, "regs")) { +- dump_regs(state, regs); ++ if (sysrq_on()) ++ dump_regs(state, regs); + } else if (!strcmp(cmd, "allregs")) { +- dump_allregs(state, regs); ++ if (sysrq_on()) ++ dump_allregs(state, regs); + } else if (!strcmp(cmd, "bt")) { +- dump_stacktrace(state, (struct pt_regs *)regs, 100, svc_sp); ++ if (sysrq_on()) ++ dump_stacktrace(state, (struct pt_regs *)regs, ++ 100, svc_sp); + } else if (!strncmp(cmd, "reset", 5)) { + cmd += 5; + while (*cmd == ' ') + cmd++; +- if (*cmd) { ++ if (*cmd && sysrq_on()) { + char tmp_cmd[32]; + strlcpy(tmp_cmd, cmd, sizeof(tmp_cmd)); + machine_restart(tmp_cmd); +@@ -679,9 +700,12 @@ + } else if (!strcmp(cmd, "irqs")) { + dump_irqs(state); + } else if (!strcmp(cmd, "kmsg")) { +- dump_kernel_log(state); ++ if (sysrq_on()) ++ dump_kernel_log(state); + } else if (!strcmp(cmd, "version")) { +- debug_printf(state, "%s\n", linux_banner); ++ if (sysrq_on()) ++ debug_printf(state, "%s\n", ++ linux_banner); + } else if (!strcmp(cmd, "sleep")) { + state->no_sleep = false; + debug_printf(state, "enabling sleep\n"); +@@ -693,14 +717,17 @@ + debug_uart_flush(state); + state->console_enable = true; + } else if (!strcmp(cmd, "cpu")) { +- debug_printf(state, "cpu %d\n", state->current_cpu); +- } else if (!strncmp(cmd, "cpu ", 4)) { ++ if (sysrq_on()) ++ debug_printf(state, "cpu %d\n", ++ state->current_cpu); ++ } else if (!strncmp(cmd, "cpu ", 4) && sysrq_on()) { + unsigned long cpu = 0; + if (strict_strtoul(cmd + 4, 10, &cpu) == 0) + switch_cpu(state, cpu); + else + debug_printf(state, "invalid cpu\n"); +- debug_printf(state, "cpu %d\n", state->current_cpu); ++ debug_printf(state, "cpu %d\n", ++ state->current_cpu); + } else { + if (state->debug_busy) { + debug_printf(state, +diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c +index 05728894..6efbfb7 100644 +--- a/drivers/tty/sysrq.c ++++ b/drivers/tty/sysrq.c +@@ -49,10 +49,11 @@ + static int __read_mostly sysrq_enabled = SYSRQ_DEFAULT_ENABLE; + static bool __read_mostly sysrq_always_enabled; + +-static bool sysrq_on(void) ++bool sysrq_on(void) + { + return sysrq_enabled || sysrq_always_enabled; + } ++EXPORT_SYMBOL(sysrq_on); + + /* + * A value of 1 means 'all', other nonzero values are an op mask: +diff --git a/include/linux/sysrq.h b/include/linux/sysrq.h +index 7faf933..5a0bd93 100644 +--- a/include/linux/sysrq.h ++++ b/include/linux/sysrq.h +@@ -45,6 +45,7 @@ + * are available -- else NULL's). + */ + ++bool sysrq_on(void); + void handle_sysrq(int key); + void __handle_sysrq(int key, bool check_mask); + int register_sysrq_key(int key, struct sysrq_key_op *op); diff --git a/Patches/Linux_CVEs/CVE-2017-0510/3.4/3.patch.base64 b/Patches/Linux_CVEs/CVE-2017-0510/3.4/3.patch.base64 new file mode 100644 index 00000000..f0cea285 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0510/3.4/3.patch.base64 @@ -0,0 +1 @@ +RnJvbSBmYWNhMWU1YTFjYThmNjM3YWMwYzIxMzA5NDE1OWVhNGZhZTA1OWY5IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBNYXJrIFNhbHl6eW4gPHNhbHl6eW5AZ29vZ2xlLmNvbT4KRGF0ZTogVHVlLCAyMCBEZWMgMjAxNiAxNTo1OToxOSAtMDgwMApTdWJqZWN0OiBbUEFUQ0hdIEJBQ0tQT1JUOiBmaXFfZGVidWdnZXI6IHJlc3RyaWN0IGFjY2VzcyB0byBjcml0aWNhbCBjb21tYW5kcy4KClN5c3JxIG11c3QgYmUgZW5hYmxlZCB2aWEgL3Byb2Mvc3lzL2tlcm5lbC9zeXNycSBhcyBhIHNlY3VyaXR5Cm1lYXN1cmUgdG8gZW5hYmxlIHZhcmlvdXMgY3JpdGljYWwgZmlxIGRlYnVnZ2VyIGNvbW1hbmRzIHRoYXQKZWl0aGVyIGxlYWsgaW5mb3JtYXRpb24gb3IgY2FuIGJlIHVzZWQgYXMgYSBzeXN0ZW0gYXR0YWNrLgoKRGVmYXVsdCBkaXNhYmxlZCwgdGhpcyB3aWxsIGxlYXZlIHRoZSByZWJvb3QsIHJlc2V0LCBpcnFzLCBzbGVlcCwKbm9zbGVlcCwgY29uc29sZSBhbmQgcHMgY29tbWFuZHMuICBSZWJvb3QgYW5kIHJlc2V0IGNvbW1hbmRzCndpbGwgYmUgcmVzdHJpY3RlZCBmcm9tIHRha2luZyBhbnkgcGFyYW1ldGVycy4gIFdlIHdpbGwgYWxzbwpzd2l0Y2ggdG8gc2hvd2luZyB0aGUgbGltaXRlZCBjb21tYW5kIHNldCBpbiB0aGlzIG1vZGUuCgpTaWduZWQtb2ZmLWJ5OiBNYXJrIFNhbHl6eW4gPHNhbHl6eW5AZ29vZ2xlLmNvbT4KQnVnOiAzMjQwMjU1NQpbZC1jYWdsZUBjb2RlYXVyb3JhLm9yZzogUmVzb2x2ZSBtZXJnZSBjb25mbGljdF0KR2l0LXJlcG86IGh0dHBzOi8vYW5kcm9pZC5nb29nbGVzb3VyY2UuY29tL2tlcm5lbC9tc20KR2l0LWNvbW1pdDogMTAzMTgzNmMwODk1ZjFmNWEwNWMyNWVmZWM4M2JmYTExYWEwOGNhOQpTaWduZWQtb2ZmLWJ5OiBEZW5uaXMgQ2FnbGUgPGQtY2FnbGVAY29kZWF1cm9yYS5vcmc+CgpCYWNrcG9ydCByZWZlcmVuY2U6CiAqIEFkYXB0ZWQgZm9yIGFyY2gvYXJtL2NvbW1vbi9maXFfZGVidWdnZXIuYwogKiBBZGFwdCB0byB0aGUgb2xkIHVzZSBvZiBkZWJ1Z19wcmludGYKCkNoYW5nZS1JZDogSTBhNmFlY2Q5YjNkNWJkNjJkYjA2YmVhYzc2NjgyMzQ5ODU0MTk4ZDcKU2lnbmVkLW9mZi1ieTogQWRyaWFuIERDIDxyYWRpYW4uZGNAZ21haWwuY29tPgotLS0KCmRpZmYgLS1naXQgYS9hcmNoL2FybS9jb21tb24vZmlxX2RlYnVnZ2VyLmMgYi9hcmNoL2FybS9jb21tb24vZmlxX2RlYnVnZ2VyLmMKaW5kZXggNTE4YjRiNS4uNWUwZTNlZCAxMDA2NDQKLS0tIGEvYXJjaC9hcm0vY29tbW9uL2ZpcV9kZWJ1Z2dlci5jCisrKyBiL2FyY2gvYXJtL2NvbW1vbi9maXFfZGVidWdnZXIuYwpAQCAtMzAsNiArMzAsNyBAQAogI2luY2x1ZGUgPGxpbnV4L3NjaGVkLmg+CiAjaW5jbHVkZSA8bGludXgvc2xhYi5oPgogI2luY2x1ZGUgPGxpbnV4L3NtcC5oPgorI2luY2x1ZGUgPGxpbnV4L3N5c3JxLmg+CiAjaW5jbHVkZSA8bGludXgvdGltZXIuaD4KICNpbmNsdWRlIDxsaW51eC90dHkuaD4KICNpbmNsdWRlIDxsaW51eC90dHlfZmxpcC5oPgpAQCAtNTgwLDEyICs1ODEsMTMgQEAKIAkJY21kICs9IDY7CiAJCXdoaWxlICgqY21kID09ICcgJykKIAkJCWNtZCsrOwotCQlpZiAoY21kICE9ICdcMCcpCisJCWlmICgoY21kICE9ICdcMCcpICYmIHN5c3JxX29uKCkpCiAJCQlrZXJuZWxfcmVzdGFydChjbWQpOwogCQllbHNlCiAJCQlrZXJuZWxfcmVzdGFydChOVUxMKTsKIAl9IGVsc2UgewotCQlkZWJ1Z19wcmludGYoc3RhdGUsICJ1bmtub3duIHdvcmsgY29tbWFuZCAnJXMnXG4iLCB3b3JrX2NtZCk7CisJCWRlYnVnX3ByaW50ZihzdGF0ZSwgInVua25vd24gd29yayBjb21tYW5kICclcydcbiIsCisJCQkJd29ya19jbWQpOwogCX0KIH0KIApAQCAtNjA4LDI2ICs2MTAsNDAgQEAKIAogc3RhdGljIHZvaWQgZGVidWdfaGVscChzdHJ1Y3QgZmlxX2RlYnVnZ2VyX3N0YXRlICpzdGF0ZSkKIHsKLQlkZWJ1Z19wcmludGYoc3RhdGUsCSJGSVEgRGVidWdnZXIgY29tbWFuZHM6XG4iCi0JCQkJIiBwYyAgICAgICAgICAgIFBDIHN0YXR1c1xuIgotCQkJCSIgcmVncyAgICAgICAgICBSZWdpc3RlciBkdW1wXG4iCi0JCQkJIiBhbGxyZWdzICAgICAgIEV4dGVuZGVkIFJlZ2lzdGVyIGR1bXBcbiIKLQkJCQkiIGJ0ICAgICAgICAgICAgU3RhY2sgdHJhY2VcbiIKLQkJCQkiIHJlYm9vdCBbPGM+XSAgUmVib290IHdpdGggY29tbWFuZCA8Yz5cbiIKLQkJCQkiIHJlc2V0IFs8Yz5dICAgSGFyZCByZXNldCB3aXRoIGNvbW1hbmQgPGM+XG4iCi0JCQkJIiBpcnFzICAgICAgICAgIEludGVydXB0IHN0YXR1c1xuIgotCQkJCSIga21zZyAgICAgICAgICBLZXJuZWwgbG9nXG4iCi0JCQkJIiB2ZXJzaW9uICAgICAgIEtlcm5lbCB2ZXJzaW9uXG4iKTsKLQlkZWJ1Z19wcmludGYoc3RhdGUsCSIgc2xlZXAgICAgICAgICBBbGxvdyBzbGVlcCB3aGlsZSBpbiBGSVFcbiIKLQkJCQkiIG5vc2xlZXAgICAgICAgRGlzYWJsZSBzbGVlcCB3aGlsZSBpbiBGSVFcbiIKLQkJCQkiIGNvbnNvbGUgICAgICAgU3dpdGNoIHRlcm1pbmFsIHRvIGNvbnNvbGVcbiIKLQkJCQkiIGNwdSAgICAgICAgICAgQ3VycmVudCBDUFVcbiIKLQkJCQkiIGNwdSA8bnVtYmVyPiAgU3dpdGNoIHRvIENQVTxudW1iZXI+XG4iKTsKLQlkZWJ1Z19wcmludGYoc3RhdGUsCSIgcHMgICAgICAgICAgICBQcm9jZXNzIGxpc3RcbiIKLQkJCQkiIHN5c3JxICAgICAgICAgc3lzcnEgb3B0aW9uc1xuIgotCQkJCSIgc3lzcnEgPHBhcmFtPiBFeGVjdXRlIHN5c3JxIHdpdGggPHBhcmFtPlxuIik7CisJZGVidWdfcHJpbnRmKHN0YXRlLAorCQkJIkZJUSBEZWJ1Z2dlciBjb21tYW5kczpcbiIpOworCWlmIChzeXNycV9vbigpKSB7CisJCWRlYnVnX3ByaW50ZihzdGF0ZSwKKwkJCSIgcGMgICAgICAgICAgICBQQyBzdGF0dXNcbiIKKwkJCSIgcmVncyAgICAgICAgICBSZWdpc3RlciBkdW1wXG4iCisJCQkiIGFsbHJlZ3MgICAgICAgRXh0ZW5kZWQgUmVnaXN0ZXIgZHVtcFxuIgorCQkJIiBidCAgICAgICAgICAgIFN0YWNrIHRyYWNlXG4iKTsKKwkJZGVidWdfcHJpbnRmKHN0YXRlLAorCQkJIiByZWJvb3QgWzxjPl0gIFJlYm9vdCB3aXRoIGNvbW1hbmQgPGM+XG4iCisJCQkiIHJlc2V0IFs8Yz5dICAgSGFyZCByZXNldCB3aXRoIGNvbW1hbmQgPGM+XG4iCisJCQkiIGlycXMgICAgICAgICAgSW50ZXJydXB0IHN0YXR1c1xuIgorCQkJIiBrbXNnICAgICAgICAgIEtlcm5lbCBsb2dcbiIKKwkJCSIgdmVyc2lvbiAgICAgICBLZXJuZWwgdmVyc2lvblxuIik7CisJCWRlYnVnX3ByaW50ZihzdGF0ZSwKKwkJCSIgY3B1ICAgICAgICAgICBDdXJyZW50IENQVVxuIgorCQkJIiBjcHUgPG51bWJlcj4gIFN3aXRjaCB0byBDUFU8bnVtYmVyPlxuIgorCQkJIiBzeXNycSAgICAgICAgIHN5c3JxIG9wdGlvbnNcbiIKKwkJCSIgc3lzcnEgPHBhcmFtPiBFeGVjdXRlIHN5c3JxIHdpdGggPHBhcmFtPlxuIik7CisJfSBlbHNlIHsKKwkJZGVidWdfcHJpbnRmKHN0YXRlLAorCQkJIiByZWJvb3QgICAgICAgIFJlYm9vdFxuIgorCQkJIiByZXNldCAgICAgICAgIEhhcmQgcmVzZXRcbiIKKwkJCSIgaXJxcyAgICAgICAgICBJbnRlcnJ1cHQgc3RhdHVzXG4iKTsKKwl9CisJZGVidWdfcHJpbnRmKHN0YXRlLAorCQkJIiBzbGVlcCAgICAgICAgIEFsbG93IHNsZWVwIHdoaWxlIGluIEZJUVxuIgorCQkJIiBub3NsZWVwICAgICAgIERpc2FibGUgc2xlZXAgd2hpbGUgaW4gRklRXG4iCisJCQkiIGNvbnNvbGUgICAgICAgU3dpdGNoIHRlcm1pbmFsIHRvIGNvbnNvbGVcbiIKKwkJCSIgcHMgICAgICAgICAgICBQcm9jZXNzIGxpc3RcbiIpOwogI2lmZGVmIENPTkZJR19LR0RCCi0JZGVidWdfcHJpbnRmKHN0YXRlLAkiIGtnZGIgICAgICAgICAgRW50ZXIga2VybmVsIGRlYnVnZ2VyXG4iKTsKKwlpZiAoZmlxX2tnZGJfZW5hYmxlKSB7CisJCWRlYnVnX3ByaW50ZihzdGF0ZSwKKwkJCSIga2dkYiAgICAgICAgICBFbnRlciBrZXJuZWwgZGVidWdnZXJcbiIpOwogI2VuZGlmCiB9CiAKQEAgLTY1NywxOSArNjczLDI0IEBACiAJaWYgKCFzdHJjbXAoY21kLCAiaGVscCIpIHx8ICFzdHJjbXAoY21kLCAiPyIpKSB7CiAJCWRlYnVnX2hlbHAoc3RhdGUpOwogCX0gZWxzZSBpZiAoIXN0cmNtcChjbWQsICJwYyIpKSB7Ci0JCWRlYnVnX3ByaW50ZihzdGF0ZSwgIiBwYyAlMDh4IGNwc3IgJTA4eCBtb2RlICVzXG4iLAotCQkJcmVnc1sxNV0sIHJlZ3NbMTZdLCBtb2RlX25hbWUocmVnc1sxNl0pKTsKKwkJaWYgKHN5c3JxX29uKCkpCisJCQlkZWJ1Z19wcmludGYoc3RhdGUsICIgcGMgJTA4eCBjcHNyICUwOHggbW9kZSAlc1xuIiwKKwkJCQlyZWdzWzE1XSwgcmVnc1sxNl0sIG1vZGVfbmFtZShyZWdzWzE2XSkpOwogCX0gZWxzZSBpZiAoIXN0cmNtcChjbWQsICJyZWdzIikpIHsKLQkJZHVtcF9yZWdzKHN0YXRlLCByZWdzKTsKKwkJaWYgKHN5c3JxX29uKCkpCisJCQlkdW1wX3JlZ3Moc3RhdGUsIHJlZ3MpOwogCX0gZWxzZSBpZiAoIXN0cmNtcChjbWQsICJhbGxyZWdzIikpIHsKLQkJZHVtcF9hbGxyZWdzKHN0YXRlLCByZWdzKTsKKwkJaWYgKHN5c3JxX29uKCkpCisJCQlkdW1wX2FsbHJlZ3Moc3RhdGUsIHJlZ3MpOwogCX0gZWxzZSBpZiAoIXN0cmNtcChjbWQsICJidCIpKSB7Ci0JCWR1bXBfc3RhY2t0cmFjZShzdGF0ZSwgKHN0cnVjdCBwdF9yZWdzICopcmVncywgMTAwLCBzdmNfc3ApOworCQlpZiAoc3lzcnFfb24oKSkKKwkJCWR1bXBfc3RhY2t0cmFjZShzdGF0ZSwgKHN0cnVjdCBwdF9yZWdzICopcmVncywKKwkJCQkJMTAwLCBzdmNfc3ApOwogCX0gZWxzZSBpZiAoIXN0cm5jbXAoY21kLCAicmVzZXQiLCA1KSkgewogCQljbWQgKz0gNTsKIAkJd2hpbGUgKCpjbWQgPT0gJyAnKQogCQkJY21kKys7Ci0JCWlmICgqY21kKSB7CisJCWlmICgqY21kICYmIHN5c3JxX29uKCkpIHsKIAkJCWNoYXIgdG1wX2NtZFszMl07CiAJCQlzdHJsY3B5KHRtcF9jbWQsIGNtZCwgc2l6ZW9mKHRtcF9jbWQpKTsKIAkJCW1hY2hpbmVfcmVzdGFydCh0bXBfY21kKTsKQEAgLTY3OSw5ICs3MDAsMTIgQEAKIAl9IGVsc2UgaWYgKCFzdHJjbXAoY21kLCAiaXJxcyIpKSB7CiAJCWR1bXBfaXJxcyhzdGF0ZSk7CiAJfSBlbHNlIGlmICghc3RyY21wKGNtZCwgImttc2ciKSkgewotCQlkdW1wX2tlcm5lbF9sb2coc3RhdGUpOworCQlpZiAoc3lzcnFfb24oKSkKKwkJCWR1bXBfa2VybmVsX2xvZyhzdGF0ZSk7CiAJfSBlbHNlIGlmICghc3RyY21wKGNtZCwgInZlcnNpb24iKSkgewotCQlkZWJ1Z19wcmludGYoc3RhdGUsICIlc1xuIiwgbGludXhfYmFubmVyKTsKKwkJaWYgKHN5c3JxX29uKCkpCisJCQlkZWJ1Z19wcmludGYoc3RhdGUsICIlc1xuIiwKKwkJCQkJbGludXhfYmFubmVyKTsKIAl9IGVsc2UgaWYgKCFzdHJjbXAoY21kLCAic2xlZXAiKSkgewogCQlzdGF0ZS0+bm9fc2xlZXAgPSBmYWxzZTsKIAkJZGVidWdfcHJpbnRmKHN0YXRlLCAiZW5hYmxpbmcgc2xlZXBcbiIpOwpAQCAtNjkzLDE0ICs3MTcsMTcgQEAKIAkJZGVidWdfdWFydF9mbHVzaChzdGF0ZSk7CiAJCXN0YXRlLT5jb25zb2xlX2VuYWJsZSA9IHRydWU7CiAJfSBlbHNlIGlmICghc3RyY21wKGNtZCwgImNwdSIpKSB7Ci0JCWRlYnVnX3ByaW50ZihzdGF0ZSwgImNwdSAlZFxuIiwgc3RhdGUtPmN1cnJlbnRfY3B1KTsKLQl9IGVsc2UgaWYgKCFzdHJuY21wKGNtZCwgImNwdSAiLCA0KSkgeworCQlpZiAoc3lzcnFfb24oKSkKKwkJCWRlYnVnX3ByaW50ZihzdGF0ZSwgImNwdSAlZFxuIiwKKwkJCQkJc3RhdGUtPmN1cnJlbnRfY3B1KTsKKwl9IGVsc2UgaWYgKCFzdHJuY21wKGNtZCwgImNwdSAiLCA0KSAmJiBzeXNycV9vbigpKSB7CiAJCXVuc2lnbmVkIGxvbmcgY3B1ID0gMDsKIAkJaWYgKHN0cmljdF9zdHJ0b3VsKGNtZCArIDQsIDEwLCAmY3B1KSA9PSAwKQogCQkJc3dpdGNoX2NwdShzdGF0ZSwgY3B1KTsKIAkJZWxzZQogCQkJZGVidWdfcHJpbnRmKHN0YXRlLCAiaW52YWxpZCBjcHVcbiIpOwotCQlkZWJ1Z19wcmludGYoc3RhdGUsICJjcHUgJWRcbiIsIHN0YXRlLT5jdXJyZW50X2NwdSk7CisJCWRlYnVnX3ByaW50ZihzdGF0ZSwgImNwdSAlZFxuIiwKKwkJCQkgICAgc3RhdGUtPmN1cnJlbnRfY3B1KTsKIAl9IGVsc2UgewogCQlpZiAoc3RhdGUtPmRlYnVnX2J1c3kpIHsKIAkJCWRlYnVnX3ByaW50ZihzdGF0ZSwKZGlmZiAtLWdpdCBhL2RyaXZlcnMvdHR5L3N5c3JxLmMgYi9kcml2ZXJzL3R0eS9zeXNycS5jCmluZGV4IDA1NzI4ODk0Li42ZWZiZmI3IDEwMDY0NAotLS0gYS9kcml2ZXJzL3R0eS9zeXNycS5jCisrKyBiL2RyaXZlcnMvdHR5L3N5c3JxLmMKQEAgLTQ5LDEwICs0OSwxMSBAQAogc3RhdGljIGludCBfX3JlYWRfbW9zdGx5IHN5c3JxX2VuYWJsZWQgPSBTWVNSUV9ERUZBVUxUX0VOQUJMRTsKIHN0YXRpYyBib29sIF9fcmVhZF9tb3N0bHkgc3lzcnFfYWx3YXlzX2VuYWJsZWQ7CiAKLXN0YXRpYyBib29sIHN5c3JxX29uKHZvaWQpCitib29sIHN5c3JxX29uKHZvaWQpCiB7CiAJcmV0dXJuIHN5c3JxX2VuYWJsZWQgfHwgc3lzcnFfYWx3YXlzX2VuYWJsZWQ7CiB9CitFWFBPUlRfU1lNQk9MKHN5c3JxX29uKTsKIAogLyoKICAqIEEgdmFsdWUgb2YgMSBtZWFucyAnYWxsJywgb3RoZXIgbm9uemVybyB2YWx1ZXMgYXJlIGFuIG9wIG1hc2s6CmRpZmYgLS1naXQgYS9pbmNsdWRlL2xpbnV4L3N5c3JxLmggYi9pbmNsdWRlL2xpbnV4L3N5c3JxLmgKaW5kZXggN2ZhZjkzMy4uNWEwYmQ5MyAxMDA2NDQKLS0tIGEvaW5jbHVkZS9saW51eC9zeXNycS5oCisrKyBiL2luY2x1ZGUvbGludXgvc3lzcnEuaApAQCAtNDUsNiArNDUsNyBAQAogICogYXJlIGF2YWlsYWJsZSAtLSBlbHNlIE5VTEwncykuCiAgKi8KIAorYm9vbCBzeXNycV9vbih2b2lkKTsKIHZvaWQgaGFuZGxlX3N5c3JxKGludCBrZXkpOwogdm9pZCBfX2hhbmRsZV9zeXNycShpbnQga2V5LCBib29sIGNoZWNrX21hc2spOwogaW50IHJlZ2lzdGVyX3N5c3JxX2tleShpbnQga2V5LCBzdHJ1Y3Qgc3lzcnFfa2V5X29wICpvcCk7Cg== \ No newline at end of file diff --git a/Patches/Linux_CVEs/CVE-2017-0510/ANY/2.patch b/Patches/Linux_CVEs/CVE-2017-0510/ANY/2.patch new file mode 100644 index 00000000..63421040 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0510/ANY/2.patch @@ -0,0 +1,177 @@ +diff --git a/drivers/staging/android/fiq_debugger/fiq_debugger.c b/drivers/staging/android/fiq_debugger/fiq_debugger.c +index 1d73362..ceb45bc9e 100644 +--- a/drivers/staging/android/fiq_debugger/fiq_debugger.c ++++ b/drivers/staging/android/fiq_debugger/fiq_debugger.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -395,7 +396,7 @@ + cmd += 6; + while (*cmd == ' ') + cmd++; +- if (cmd != '\0') ++ if ((cmd != '\0') && sysrq_on()) + kernel_restart(cmd); + else + kernel_restart(NULL); +@@ -425,30 +426,39 @@ + static void fiq_debugger_help(struct fiq_debugger_state *state) + { + fiq_debugger_printf(&state->output, +- "FIQ Debugger commands:\n" +- " pc PC status\n" +- " regs Register dump\n" +- " allregs Extended Register dump\n" +- " bt Stack trace\n"); ++ "FIQ Debugger commands:\n"); ++ if (sysrq_on()) { ++ fiq_debugger_printf(&state->output, ++ " pc PC status\n" ++ " regs Register dump\n" ++ " allregs Extended Register dump\n" ++ " bt Stack trace\n"); ++ fiq_debugger_printf(&state->output, ++ " reboot [] Reboot with command \n" ++ " reset [] Hard reset with command \n" ++ " irqs Interrupt status\n" ++ " kmsg Kernel log\n" ++ " version Kernel version\n"); ++ fiq_debugger_printf(&state->output, ++ " cpu Current CPU\n" ++ " cpu Switch to CPU\n" ++ " sysrq sysrq options\n" ++ " sysrq Execute sysrq with \n"); ++ } else { ++ fiq_debugger_printf(&state->output, ++ " reboot Reboot\n" ++ " reset Hard reset\n" ++ " irqs Interrupt status\n"); ++ } + fiq_debugger_printf(&state->output, +- " reboot [] Reboot with command \n" +- " reset [] Hard reset with command \n" +- " irqs Interupt status\n" +- " kmsg Kernel log\n" +- " version Kernel version\n"); +- fiq_debugger_printf(&state->output, +- " sleep Allow sleep while in FIQ\n" +- " nosleep Disable sleep while in FIQ\n" +- " console Switch terminal to console\n" +- " cpu Current CPU\n" +- " cpu Switch to CPU\n"); +- fiq_debugger_printf(&state->output, +- " ps Process list\n" +- " sysrq sysrq options\n" +- " sysrq Execute sysrq with \n"); ++ " sleep Allow sleep while in FIQ\n" ++ " nosleep Disable sleep while in FIQ\n" ++ " console Switch terminal to console\n" ++ " ps Process list\n"); + #ifdef CONFIG_KGDB +- fiq_debugger_printf(&state->output, +- " kgdb Enter kernel debugger\n"); ++ if (fiq_kgdb_enable) { ++ fiq_debugger_printf(&state->output, ++ " kgdb Enter kernel debugger\n"); + #endif + } + +@@ -480,18 +490,23 @@ + if (!strcmp(cmd, "help") || !strcmp(cmd, "?")) { + fiq_debugger_help(state); + } else if (!strcmp(cmd, "pc")) { +- fiq_debugger_dump_pc(&state->output, regs); ++ if (sysrq_on()) ++ fiq_debugger_dump_pc(&state->output, regs); + } else if (!strcmp(cmd, "regs")) { +- fiq_debugger_dump_regs(&state->output, regs); ++ if (sysrq_on()) ++ fiq_debugger_dump_regs(&state->output, regs); + } else if (!strcmp(cmd, "allregs")) { +- fiq_debugger_dump_allregs(&state->output, regs); ++ if (sysrq_on()) ++ fiq_debugger_dump_allregs(&state->output, regs); + } else if (!strcmp(cmd, "bt")) { +- fiq_debugger_dump_stacktrace(&state->output, regs, 100, svc_sp); ++ if (sysrq_on()) ++ fiq_debugger_dump_stacktrace(&state->output, regs, ++ 100, svc_sp); + } else if (!strncmp(cmd, "reset", 5)) { + cmd += 5; + while (*cmd == ' ') + cmd++; +- if (*cmd) { ++ if (*cmd && sysrq_on()) { + char tmp_cmd[32]; + strlcpy(tmp_cmd, cmd, sizeof(tmp_cmd)); + machine_restart(tmp_cmd); +@@ -501,9 +516,12 @@ + } else if (!strcmp(cmd, "irqs")) { + fiq_debugger_dump_irqs(state); + } else if (!strcmp(cmd, "kmsg")) { +- fiq_debugger_dump_kernel_log(state); ++ if (sysrq_on()) ++ fiq_debugger_dump_kernel_log(state); + } else if (!strcmp(cmd, "version")) { +- fiq_debugger_printf(&state->output, "%s\n", linux_banner); ++ if (sysrq_on()) ++ fiq_debugger_printf(&state->output, "%s\n", ++ linux_banner); + } else if (!strcmp(cmd, "sleep")) { + state->no_sleep = false; + fiq_debugger_printf(&state->output, "enabling sleep\n"); +@@ -515,14 +533,17 @@ + fiq_debugger_uart_flush(state); + state->console_enable = true; + } else if (!strcmp(cmd, "cpu")) { +- fiq_debugger_printf(&state->output, "cpu %d\n", state->current_cpu); +- } else if (!strncmp(cmd, "cpu ", 4)) { ++ if (sysrq_on()) ++ fiq_debugger_printf(&state->output, "cpu %d\n", ++ state->current_cpu); ++ } else if (!strncmp(cmd, "cpu ", 4) && sysrq_on()) { + unsigned long cpu = 0; + if (strict_strtoul(cmd + 4, 10, &cpu) == 0) + fiq_debugger_switch_cpu(state, cpu); + else + fiq_debugger_printf(&state->output, "invalid cpu\n"); +- fiq_debugger_printf(&state->output, "cpu %d\n", state->current_cpu); ++ fiq_debugger_printf(&state->output, "cpu %d\n", ++ state->current_cpu); + } else { + if (state->debug_busy) { + fiq_debugger_printf(&state->output, +diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c +index b51c154..08c9406 100644 +--- a/drivers/tty/sysrq.c ++++ b/drivers/tty/sysrq.c +@@ -55,10 +55,11 @@ + unsigned short platform_sysrq_reset_seq[] __weak = { KEY_RESERVED }; + int sysrq_reset_downtime_ms __weak; + +-static bool sysrq_on(void) ++bool sysrq_on(void) + { + return sysrq_enabled || sysrq_always_enabled; + } ++EXPORT_SYMBOL(sysrq_on); + + /* + * A value of 1 means 'all', other nonzero values are an op mask: +diff --git a/include/linux/sysrq.h b/include/linux/sysrq.h +index 7faf933..5a0bd93 100644 +--- a/include/linux/sysrq.h ++++ b/include/linux/sysrq.h +@@ -45,6 +45,7 @@ + * are available -- else NULL's). + */ + ++bool sysrq_on(void); + void handle_sysrq(int key); + void __handle_sysrq(int key, bool check_mask); + int register_sysrq_key(int key, struct sysrq_key_op *op); diff --git a/Patches/Linux_CVEs/CVE-2017-0510/ANY/2.patch.base64 b/Patches/Linux_CVEs/CVE-2017-0510/ANY/2.patch.base64 new file mode 100644 index 00000000..a3dfb08b --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0510/ANY/2.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2RyaXZlcnMvc3RhZ2luZy9hbmRyb2lkL2ZpcV9kZWJ1Z2dlci9maXFfZGVidWdnZXIuYyBiL2RyaXZlcnMvc3RhZ2luZy9hbmRyb2lkL2ZpcV9kZWJ1Z2dlci9maXFfZGVidWdnZXIuYwppbmRleCAxZDczMzYyLi5jZWI0NWJjOWUgMTAwNjQ0Ci0tLSBhL2RyaXZlcnMvc3RhZ2luZy9hbmRyb2lkL2ZpcV9kZWJ1Z2dlci9maXFfZGVidWdnZXIuYworKysgYi9kcml2ZXJzL3N0YWdpbmcvYW5kcm9pZC9maXFfZGVidWdnZXIvZmlxX2RlYnVnZ2VyLmMKQEAgLTMwLDYgKzMwLDcgQEAKICNpbmNsdWRlIDxsaW51eC9zY2hlZC5oPgogI2luY2x1ZGUgPGxpbnV4L3NsYWIuaD4KICNpbmNsdWRlIDxsaW51eC9zbXAuaD4KKyNpbmNsdWRlIDxsaW51eC9zeXNycS5oPgogI2luY2x1ZGUgPGxpbnV4L3RpbWVyLmg+CiAjaW5jbHVkZSA8bGludXgvdHR5Lmg+CiAjaW5jbHVkZSA8bGludXgvdHR5X2ZsaXAuaD4KQEAgLTM5NSw3ICszOTYsNyBAQAogCQljbWQgKz0gNjsKIAkJd2hpbGUgKCpjbWQgPT0gJyAnKQogCQkJY21kKys7Ci0JCWlmIChjbWQgIT0gJ1wwJykKKwkJaWYgKChjbWQgIT0gJ1wwJykgJiYgc3lzcnFfb24oKSkKIAkJCWtlcm5lbF9yZXN0YXJ0KGNtZCk7CiAJCWVsc2UKIAkJCWtlcm5lbF9yZXN0YXJ0KE5VTEwpOwpAQCAtNDI1LDMwICs0MjYsMzkgQEAKIHN0YXRpYyB2b2lkIGZpcV9kZWJ1Z2dlcl9oZWxwKHN0cnVjdCBmaXFfZGVidWdnZXJfc3RhdGUgKnN0YXRlKQogewogCWZpcV9kZWJ1Z2dlcl9wcmludGYoJnN0YXRlLT5vdXRwdXQsCi0JCQkJIkZJUSBEZWJ1Z2dlciBjb21tYW5kczpcbiIKLQkJCQkiIHBjICAgICAgICAgICAgUEMgc3RhdHVzXG4iCi0JCQkJIiByZWdzICAgICAgICAgIFJlZ2lzdGVyIGR1bXBcbiIKLQkJCQkiIGFsbHJlZ3MgICAgICAgRXh0ZW5kZWQgUmVnaXN0ZXIgZHVtcFxuIgotCQkJCSIgYnQgICAgICAgICAgICBTdGFjayB0cmFjZVxuIik7CisJCQkiRklRIERlYnVnZ2VyIGNvbW1hbmRzOlxuIik7CisJaWYgKHN5c3JxX29uKCkpIHsKKwkJZmlxX2RlYnVnZ2VyX3ByaW50Zigmc3RhdGUtPm91dHB1dCwKKwkJCSIgcGMgICAgICAgICAgICBQQyBzdGF0dXNcbiIKKwkJCSIgcmVncyAgICAgICAgICBSZWdpc3RlciBkdW1wXG4iCisJCQkiIGFsbHJlZ3MgICAgICAgRXh0ZW5kZWQgUmVnaXN0ZXIgZHVtcFxuIgorCQkJIiBidCAgICAgICAgICAgIFN0YWNrIHRyYWNlXG4iKTsKKwkJZmlxX2RlYnVnZ2VyX3ByaW50Zigmc3RhdGUtPm91dHB1dCwKKwkJCSIgcmVib290IFs8Yz5dICBSZWJvb3Qgd2l0aCBjb21tYW5kIDxjPlxuIgorCQkJIiByZXNldCBbPGM+XSAgIEhhcmQgcmVzZXQgd2l0aCBjb21tYW5kIDxjPlxuIgorCQkJIiBpcnFzICAgICAgICAgIEludGVycnVwdCBzdGF0dXNcbiIKKwkJCSIga21zZyAgICAgICAgICBLZXJuZWwgbG9nXG4iCisJCQkiIHZlcnNpb24gICAgICAgS2VybmVsIHZlcnNpb25cbiIpOworCQlmaXFfZGVidWdnZXJfcHJpbnRmKCZzdGF0ZS0+b3V0cHV0LAorCQkJIiBjcHUgICAgICAgICAgIEN1cnJlbnQgQ1BVXG4iCisJCQkiIGNwdSA8bnVtYmVyPiAgU3dpdGNoIHRvIENQVTxudW1iZXI+XG4iCisJCQkiIHN5c3JxICAgICAgICAgc3lzcnEgb3B0aW9uc1xuIgorCQkJIiBzeXNycSA8cGFyYW0+IEV4ZWN1dGUgc3lzcnEgd2l0aCA8cGFyYW0+XG4iKTsKKwl9IGVsc2UgeworCQlmaXFfZGVidWdnZXJfcHJpbnRmKCZzdGF0ZS0+b3V0cHV0LAorCQkJIiByZWJvb3QgICAgICAgIFJlYm9vdFxuIgorCQkJIiByZXNldCAgICAgICAgIEhhcmQgcmVzZXRcbiIKKwkJCSIgaXJxcyAgICAgICAgICBJbnRlcnJ1cHQgc3RhdHVzXG4iKTsKKwl9CiAJZmlxX2RlYnVnZ2VyX3ByaW50Zigmc3RhdGUtPm91dHB1dCwKLQkJCQkiIHJlYm9vdCBbPGM+XSAgUmVib290IHdpdGggY29tbWFuZCA8Yz5cbiIKLQkJCQkiIHJlc2V0IFs8Yz5dICAgSGFyZCByZXNldCB3aXRoIGNvbW1hbmQgPGM+XG4iCi0JCQkJIiBpcnFzICAgICAgICAgIEludGVydXB0IHN0YXR1c1xuIgotCQkJCSIga21zZyAgICAgICAgICBLZXJuZWwgbG9nXG4iCi0JCQkJIiB2ZXJzaW9uICAgICAgIEtlcm5lbCB2ZXJzaW9uXG4iKTsKLQlmaXFfZGVidWdnZXJfcHJpbnRmKCZzdGF0ZS0+b3V0cHV0LAotCQkJCSIgc2xlZXAgICAgICAgICBBbGxvdyBzbGVlcCB3aGlsZSBpbiBGSVFcbiIKLQkJCQkiIG5vc2xlZXAgICAgICAgRGlzYWJsZSBzbGVlcCB3aGlsZSBpbiBGSVFcbiIKLQkJCQkiIGNvbnNvbGUgICAgICAgU3dpdGNoIHRlcm1pbmFsIHRvIGNvbnNvbGVcbiIKLQkJCQkiIGNwdSAgICAgICAgICAgQ3VycmVudCBDUFVcbiIKLQkJCQkiIGNwdSA8bnVtYmVyPiAgU3dpdGNoIHRvIENQVTxudW1iZXI+XG4iKTsKLQlmaXFfZGVidWdnZXJfcHJpbnRmKCZzdGF0ZS0+b3V0cHV0LAotCQkJCSIgcHMgICAgICAgICAgICBQcm9jZXNzIGxpc3RcbiIKLQkJCQkiIHN5c3JxICAgICAgICAgc3lzcnEgb3B0aW9uc1xuIgotCQkJCSIgc3lzcnEgPHBhcmFtPiBFeGVjdXRlIHN5c3JxIHdpdGggPHBhcmFtPlxuIik7CisJCQkiIHNsZWVwICAgICAgICAgQWxsb3cgc2xlZXAgd2hpbGUgaW4gRklRXG4iCisJCQkiIG5vc2xlZXAgICAgICAgRGlzYWJsZSBzbGVlcCB3aGlsZSBpbiBGSVFcbiIKKwkJCSIgY29uc29sZSAgICAgICBTd2l0Y2ggdGVybWluYWwgdG8gY29uc29sZVxuIgorCQkJIiBwcyAgICAgICAgICAgIFByb2Nlc3MgbGlzdFxuIik7CiAjaWZkZWYgQ09ORklHX0tHREIKLQlmaXFfZGVidWdnZXJfcHJpbnRmKCZzdGF0ZS0+b3V0cHV0LAotCQkJCSIga2dkYiAgICAgICAgICBFbnRlciBrZXJuZWwgZGVidWdnZXJcbiIpOworCWlmIChmaXFfa2dkYl9lbmFibGUpIHsKKwkJZmlxX2RlYnVnZ2VyX3ByaW50Zigmc3RhdGUtPm91dHB1dCwKKwkJCSIga2dkYiAgICAgICAgICBFbnRlciBrZXJuZWwgZGVidWdnZXJcbiIpOwogI2VuZGlmCiB9CiAKQEAgLTQ4MCwxOCArNDkwLDIzIEBACiAJaWYgKCFzdHJjbXAoY21kLCAiaGVscCIpIHx8ICFzdHJjbXAoY21kLCAiPyIpKSB7CiAJCWZpcV9kZWJ1Z2dlcl9oZWxwKHN0YXRlKTsKIAl9IGVsc2UgaWYgKCFzdHJjbXAoY21kLCAicGMiKSkgewotCQlmaXFfZGVidWdnZXJfZHVtcF9wYygmc3RhdGUtPm91dHB1dCwgcmVncyk7CisJCWlmIChzeXNycV9vbigpKQorCQkJZmlxX2RlYnVnZ2VyX2R1bXBfcGMoJnN0YXRlLT5vdXRwdXQsIHJlZ3MpOwogCX0gZWxzZSBpZiAoIXN0cmNtcChjbWQsICJyZWdzIikpIHsKLQkJZmlxX2RlYnVnZ2VyX2R1bXBfcmVncygmc3RhdGUtPm91dHB1dCwgcmVncyk7CisJCWlmIChzeXNycV9vbigpKQorCQkJZmlxX2RlYnVnZ2VyX2R1bXBfcmVncygmc3RhdGUtPm91dHB1dCwgcmVncyk7CiAJfSBlbHNlIGlmICghc3RyY21wKGNtZCwgImFsbHJlZ3MiKSkgewotCQlmaXFfZGVidWdnZXJfZHVtcF9hbGxyZWdzKCZzdGF0ZS0+b3V0cHV0LCByZWdzKTsKKwkJaWYgKHN5c3JxX29uKCkpCisJCQlmaXFfZGVidWdnZXJfZHVtcF9hbGxyZWdzKCZzdGF0ZS0+b3V0cHV0LCByZWdzKTsKIAl9IGVsc2UgaWYgKCFzdHJjbXAoY21kLCAiYnQiKSkgewotCQlmaXFfZGVidWdnZXJfZHVtcF9zdGFja3RyYWNlKCZzdGF0ZS0+b3V0cHV0LCByZWdzLCAxMDAsIHN2Y19zcCk7CisJCWlmIChzeXNycV9vbigpKQorCQkJZmlxX2RlYnVnZ2VyX2R1bXBfc3RhY2t0cmFjZSgmc3RhdGUtPm91dHB1dCwgcmVncywKKwkJCQkJCSAgICAgMTAwLCBzdmNfc3ApOwogCX0gZWxzZSBpZiAoIXN0cm5jbXAoY21kLCAicmVzZXQiLCA1KSkgewogCQljbWQgKz0gNTsKIAkJd2hpbGUgKCpjbWQgPT0gJyAnKQogCQkJY21kKys7Ci0JCWlmICgqY21kKSB7CisJCWlmICgqY21kICYmIHN5c3JxX29uKCkpIHsKIAkJCWNoYXIgdG1wX2NtZFszMl07CiAJCQlzdHJsY3B5KHRtcF9jbWQsIGNtZCwgc2l6ZW9mKHRtcF9jbWQpKTsKIAkJCW1hY2hpbmVfcmVzdGFydCh0bXBfY21kKTsKQEAgLTUwMSw5ICs1MTYsMTIgQEAKIAl9IGVsc2UgaWYgKCFzdHJjbXAoY21kLCAiaXJxcyIpKSB7CiAJCWZpcV9kZWJ1Z2dlcl9kdW1wX2lycXMoc3RhdGUpOwogCX0gZWxzZSBpZiAoIXN0cmNtcChjbWQsICJrbXNnIikpIHsKLQkJZmlxX2RlYnVnZ2VyX2R1bXBfa2VybmVsX2xvZyhzdGF0ZSk7CisJCWlmIChzeXNycV9vbigpKQorCQkJZmlxX2RlYnVnZ2VyX2R1bXBfa2VybmVsX2xvZyhzdGF0ZSk7CiAJfSBlbHNlIGlmICghc3RyY21wKGNtZCwgInZlcnNpb24iKSkgewotCQlmaXFfZGVidWdnZXJfcHJpbnRmKCZzdGF0ZS0+b3V0cHV0LCAiJXNcbiIsIGxpbnV4X2Jhbm5lcik7CisJCWlmIChzeXNycV9vbigpKQorCQkJZmlxX2RlYnVnZ2VyX3ByaW50Zigmc3RhdGUtPm91dHB1dCwgIiVzXG4iLAorCQkJCQkgICAgbGludXhfYmFubmVyKTsKIAl9IGVsc2UgaWYgKCFzdHJjbXAoY21kLCAic2xlZXAiKSkgewogCQlzdGF0ZS0+bm9fc2xlZXAgPSBmYWxzZTsKIAkJZmlxX2RlYnVnZ2VyX3ByaW50Zigmc3RhdGUtPm91dHB1dCwgImVuYWJsaW5nIHNsZWVwXG4iKTsKQEAgLTUxNSwxNCArNTMzLDE3IEBACiAJCWZpcV9kZWJ1Z2dlcl91YXJ0X2ZsdXNoKHN0YXRlKTsKIAkJc3RhdGUtPmNvbnNvbGVfZW5hYmxlID0gdHJ1ZTsKIAl9IGVsc2UgaWYgKCFzdHJjbXAoY21kLCAiY3B1IikpIHsKLQkJZmlxX2RlYnVnZ2VyX3ByaW50Zigmc3RhdGUtPm91dHB1dCwgImNwdSAlZFxuIiwgc3RhdGUtPmN1cnJlbnRfY3B1KTsKLQl9IGVsc2UgaWYgKCFzdHJuY21wKGNtZCwgImNwdSAiLCA0KSkgeworCQlpZiAoc3lzcnFfb24oKSkKKwkJCWZpcV9kZWJ1Z2dlcl9wcmludGYoJnN0YXRlLT5vdXRwdXQsICJjcHUgJWRcbiIsCisJCQkJCSAgICBzdGF0ZS0+Y3VycmVudF9jcHUpOworCX0gZWxzZSBpZiAoIXN0cm5jbXAoY21kLCAiY3B1ICIsIDQpICYmIHN5c3JxX29uKCkpIHsKIAkJdW5zaWduZWQgbG9uZyBjcHUgPSAwOwogCQlpZiAoc3RyaWN0X3N0cnRvdWwoY21kICsgNCwgMTAsICZjcHUpID09IDApCiAJCQlmaXFfZGVidWdnZXJfc3dpdGNoX2NwdShzdGF0ZSwgY3B1KTsKIAkJZWxzZQogCQkJZmlxX2RlYnVnZ2VyX3ByaW50Zigmc3RhdGUtPm91dHB1dCwgImludmFsaWQgY3B1XG4iKTsKLQkJZmlxX2RlYnVnZ2VyX3ByaW50Zigmc3RhdGUtPm91dHB1dCwgImNwdSAlZFxuIiwgc3RhdGUtPmN1cnJlbnRfY3B1KTsKKwkJZmlxX2RlYnVnZ2VyX3ByaW50Zigmc3RhdGUtPm91dHB1dCwgImNwdSAlZFxuIiwKKwkJCQkgICAgc3RhdGUtPmN1cnJlbnRfY3B1KTsKIAl9IGVsc2UgewogCQlpZiAoc3RhdGUtPmRlYnVnX2J1c3kpIHsKIAkJCWZpcV9kZWJ1Z2dlcl9wcmludGYoJnN0YXRlLT5vdXRwdXQsCmRpZmYgLS1naXQgYS9kcml2ZXJzL3R0eS9zeXNycS5jIGIvZHJpdmVycy90dHkvc3lzcnEuYwppbmRleCBiNTFjMTU0Li4wOGM5NDA2IDEwMDY0NAotLS0gYS9kcml2ZXJzL3R0eS9zeXNycS5jCisrKyBiL2RyaXZlcnMvdHR5L3N5c3JxLmMKQEAgLTU1LDEwICs1NSwxMSBAQAogdW5zaWduZWQgc2hvcnQgcGxhdGZvcm1fc3lzcnFfcmVzZXRfc2VxW10gX193ZWFrID0geyBLRVlfUkVTRVJWRUQgfTsKIGludCBzeXNycV9yZXNldF9kb3dudGltZV9tcyBfX3dlYWs7CiAKLXN0YXRpYyBib29sIHN5c3JxX29uKHZvaWQpCitib29sIHN5c3JxX29uKHZvaWQpCiB7CiAJcmV0dXJuIHN5c3JxX2VuYWJsZWQgfHwgc3lzcnFfYWx3YXlzX2VuYWJsZWQ7CiB9CitFWFBPUlRfU1lNQk9MKHN5c3JxX29uKTsKIAogLyoKICAqIEEgdmFsdWUgb2YgMSBtZWFucyAnYWxsJywgb3RoZXIgbm9uemVybyB2YWx1ZXMgYXJlIGFuIG9wIG1hc2s6CmRpZmYgLS1naXQgYS9pbmNsdWRlL2xpbnV4L3N5c3JxLmggYi9pbmNsdWRlL2xpbnV4L3N5c3JxLmgKaW5kZXggN2ZhZjkzMy4uNWEwYmQ5MyAxMDA2NDQKLS0tIGEvaW5jbHVkZS9saW51eC9zeXNycS5oCisrKyBiL2luY2x1ZGUvbGludXgvc3lzcnEuaApAQCAtNDUsNiArNDUsNyBAQAogICogYXJlIGF2YWlsYWJsZSAtLSBlbHNlIE5VTEwncykuCiAgKi8KIAorYm9vbCBzeXNycV9vbih2b2lkKTsKIHZvaWQgaGFuZGxlX3N5c3JxKGludCBrZXkpOwogdm9pZCBfX2hhbmRsZV9zeXNycShpbnQga2V5LCBib29sIGNoZWNrX21hc2spOwogaW50IHJlZ2lzdGVyX3N5c3JxX2tleShpbnQga2V5LCBzdHJ1Y3Qgc3lzcnFfa2V5X29wICpvcCk7Cg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0516/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0516/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0516/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0516/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0518/3.18/0.patch b/Patches/Linux_CVEs/CVE-2017-0518/3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0518/3.18/0.patch rename to Patches/Linux_CVEs/CVE-2017-0518/3.18/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0518/3.18/1.patch b/Patches/Linux_CVEs/CVE-2017-0518/3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0518/3.18/1.patch rename to Patches/Linux_CVEs/CVE-2017-0518/3.18/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0519/3.18/0.patch b/Patches/Linux_CVEs/CVE-2017-0519/3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0519/3.18/0.patch rename to Patches/Linux_CVEs/CVE-2017-0519/3.18/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0520/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0520/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0520/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0520/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0521/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0521/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0521/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0521/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0523/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0523/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0523/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0523/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0524/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0524/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0524/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0524/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0524/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0524/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0524/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0524/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0524/ANY/2.patch b/Patches/Linux_CVEs/CVE-2017-0524/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0524/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2017-0524/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0525/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0525/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0525/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0525/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0531/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0531/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0531/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0531/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0533/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0533/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0533/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0533/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0534/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0534/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0534/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0534/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-0535/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0535/ANY/0.patch new file mode 100644 index 00000000..bd2d306a --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0535/ANY/0.patch @@ -0,0 +1,13 @@ +diff --git a/sound/soc/codecs/rt5506.c b/sound/soc/codecs/rt5506.c +index 74572c4..fbce69a 100644 +--- a/sound/soc/codecs/rt5506.c ++++ b/sound/soc/codecs/rt5506.c +@@ -676,6 +676,8 @@ + { + if (mode >= rt5506_cfg_data.mode_num) + return -EINVAL; ++ if (rt5506_cfg_data.cmd_data[mode].config.reg_len > MAX_REG_DATA) ++ return -EINVAL; + + pr_info("%s: set mode %d\n", __func__, mode); + diff --git a/Patches/Linux_CVEs/CVE-2017-0535/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2017-0535/ANY/0.patch.base64 new file mode 100644 index 00000000..d785f6c6 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0535/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL3NvdW5kL3NvYy9jb2RlY3MvcnQ1NTA2LmMgYi9zb3VuZC9zb2MvY29kZWNzL3J0NTUwNi5jCmluZGV4IDc0NTcyYzQuLmZiY2U2OWEgMTAwNjQ0Ci0tLSBhL3NvdW5kL3NvYy9jb2RlY3MvcnQ1NTA2LmMKKysrIGIvc291bmQvc29jL2NvZGVjcy9ydDU1MDYuYwpAQCAtNjc2LDYgKzY3Niw4IEBACiB7CiAJaWYgKG1vZGUgPj0gcnQ1NTA2X2NmZ19kYXRhLm1vZGVfbnVtKQogCQlyZXR1cm4gLUVJTlZBTDsKKwlpZiAocnQ1NTA2X2NmZ19kYXRhLmNtZF9kYXRhW21vZGVdLmNvbmZpZy5yZWdfbGVuID4gTUFYX1JFR19EQVRBKQorCQlyZXR1cm4gLUVJTlZBTDsKIAogCXByX2luZm8oIiVzOiBzZXQgbW9kZSAlZFxuIiwgX19mdW5jX18sIG1vZGUpOwogCg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0536/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0536/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0536/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0536/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0537/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0537/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0537/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0537/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-0564/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-0564/3.10/0.patch new file mode 100644 index 00000000..85e93ed0 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0564/3.10/0.patch @@ -0,0 +1,137 @@ +diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c +index c3826ba..3b890ab 100755 +--- a/drivers/staging/android/ion/ion.c ++++ b/drivers/staging/android/ion/ion.c +@@ -113,6 +113,7 @@ + */ + struct ion_handle { + struct kref ref; ++ unsigned int user_ref_count; + struct ion_client *client; + struct ion_buffer *buffer; + struct rb_node node; +@@ -434,6 +435,48 @@ + return ret; + } + ++/* Must hold the client lock */ ++static void user_ion_handle_get(struct ion_handle *handle) ++{ ++ if (handle->user_ref_count++ == 0) ++ kref_get(&handle->ref); ++} ++ ++/* Must hold the client lock */ ++static struct ion_handle *user_ion_handle_get_check_overflow(struct ion_handle *handle) ++{ ++ if (handle->user_ref_count + 1 == 0) ++ return ERR_PTR(-EOVERFLOW); ++ user_ion_handle_get(handle); ++ return handle; ++} ++ ++/* passes a kref to the user ref count. ++ * We know we're holding a kref to the object before and ++ * after this call, so no need to reverify handle. */ ++static struct ion_handle *pass_to_user(struct ion_handle *handle) ++{ ++ struct ion_client *client = handle->client; ++ struct ion_handle *ret; ++ ++ mutex_lock(&client->lock); ++ ret = user_ion_handle_get_check_overflow(handle); ++ ion_handle_put_nolock(handle); ++ mutex_unlock(&client->lock); ++ return ret; ++} ++ ++/* Must hold the client lock */ ++static int user_ion_handle_put_nolock(struct ion_handle *handle) ++{ ++ int ret; ++ ++ if (--handle->user_ref_count == 0) ++ ret = ion_handle_put_nolock(handle); ++ ++ return ret; ++} ++ + static struct ion_handle *ion_handle_lookup(struct ion_client *client, + struct ion_buffer *buffer) + { +@@ -650,6 +693,25 @@ + ion_handle_put_nolock(handle); + } + ++/* Must hold the client lock */ ++static void user_ion_free_nolock(struct ion_client *client, struct ion_handle *handle) ++{ ++ bool valid_handle; ++ ++ BUG_ON(client != handle->client); ++ ++ valid_handle = ion_handle_validate(client, handle); ++ if (!valid_handle) { ++ WARN(1, "%s: invalid handle passed to free.\n", __func__); ++ return; ++ } ++ if (handle->user_ref_count == 0) { ++ WARN(1, "%s: User does not have access!\n", __func__); ++ return; ++ } ++ user_ion_handle_put_nolock(handle); ++} ++ + void ion_free(struct ion_client *client, struct ion_handle *handle) + { + BUG_ON(client != handle->client); +@@ -1472,7 +1534,7 @@ + data.allocation.flags, true); + if (IS_ERR(handle)) + return PTR_ERR(handle); +- ++ pass_to_user(handle); + data.allocation.handle = handle->id; + + cleanup_handle = handle; +@@ -1488,7 +1550,7 @@ + mutex_unlock(&client->lock); + return PTR_ERR(handle); + } +- ion_free_nolock(client, handle); ++ user_ion_free_nolock(client, handle); + ion_handle_put_nolock(handle); + mutex_unlock(&client->lock); + break; +@@ -1511,10 +1573,15 @@ + { + struct ion_handle *handle; + handle = ion_import_dma_buf(client, data.fd.fd); +- if (IS_ERR(handle)) ++ if (IS_ERR(handle)) { + ret = PTR_ERR(handle); +- else +- data.handle.handle = handle->id; ++ } else { ++ handle = pass_to_user(handle); ++ if (IS_ERR(handle)) ++ ret = PTR_ERR(handle); ++ else ++ data.handle.handle = handle->id; ++ } + break; + } + case ION_IOC_SYNC: +@@ -1546,8 +1613,10 @@ + if (dir & _IOC_READ) { + if (copy_to_user((void __user *)arg, &data, _IOC_SIZE(cmd))) { + if (cleanup_handle) { +- ion_free(client, cleanup_handle); +- ion_handle_put(cleanup_handle); ++ mutex_lock(&client->lock); ++ user_ion_free_nolock(client, cleanup_handle); ++ ion_handle_put_nolock(cleanup_handle); ++ mutex_unlock(&client->lock); + } + return -EFAULT; + } diff --git a/Patches/Linux_CVEs-New/CVE-2017-0564/3.10/0.patch.base64 b/Patches/Linux_CVEs/CVE-2017-0564/3.10/0.patch.base64 similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0564/3.10/0.patch.base64 rename to Patches/Linux_CVEs/CVE-2017-0564/3.10/0.patch.base64 diff --git a/Patches/Linux_CVEs/CVE-2017-0564/3.10/1.patch b/Patches/Linux_CVEs/CVE-2017-0564/3.10/1.patch new file mode 100644 index 00000000..3354d18e --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0564/3.10/1.patch @@ -0,0 +1,138 @@ +diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c +index ee1c2f3..e99ea9a 100755 +--- a/drivers/staging/android/ion/ion.c ++++ b/drivers/staging/android/ion/ion.c +@@ -116,6 +116,7 @@ + */ + struct ion_handle { + struct kref ref; ++ unsigned int user_ref_count; + struct ion_client *client; + struct ion_buffer *buffer; + struct rb_node node; +@@ -429,6 +430,50 @@ + return ret; + } + ++/* Must hold the client lock */ ++static void user_ion_handle_get(struct ion_handle *handle) ++{ ++ if (handle->user_ref_count++ == 0) { ++ kref_get(&handle->ref); ++ } ++} ++ ++/* Must hold the client lock */ ++static struct ion_handle* user_ion_handle_get_check_overflow(struct ion_handle *handle) ++{ ++ if (handle->user_ref_count + 1 == 0) ++ return ERR_PTR(-EOVERFLOW); ++ user_ion_handle_get(handle); ++ return handle; ++} ++ ++/* passes a kref to the user ref count. ++ * We know we're holding a kref to the object before and ++ * after this call, so no need to reverify handle. */ ++static struct ion_handle* pass_to_user(struct ion_handle *handle) ++{ ++ struct ion_client *client = handle->client; ++ struct ion_handle *ret; ++ ++ mutex_lock(&client->lock); ++ ret = user_ion_handle_get_check_overflow(handle); ++ ion_handle_put_nolock(handle); ++ mutex_unlock(&client->lock); ++ return ret; ++} ++ ++/* Must hold the client lock */ ++static int user_ion_handle_put_nolock(struct ion_handle *handle) ++{ ++ int ret; ++ ++ if (--handle->user_ref_count == 0) { ++ ret = ion_handle_put_nolock(handle); ++ } ++ ++ return ret; ++} ++ + static struct ion_handle *ion_handle_lookup(struct ion_client *client, + struct ion_buffer *buffer) + { +@@ -645,6 +690,24 @@ + ion_handle_put_nolock(handle); + } + ++static void user_ion_free_nolock(struct ion_client *client, struct ion_handle *handle) ++{ ++ bool valid_handle; ++ ++ BUG_ON(client != handle->client); ++ ++ valid_handle = ion_handle_validate(client, handle); ++ if (!valid_handle) { ++ WARN(1, "%s: invalid handle passed to free.\n", __func__); ++ return; ++ } ++ if (!handle->user_ref_count > 0) { ++ WARN(1, "%s: User does not have access!\n", __func__); ++ return; ++ } ++ user_ion_handle_put_nolock(handle); ++} ++ + void ion_free(struct ion_client *client, struct ion_handle *handle) + { + BUG_ON(client != handle->client); +@@ -1439,7 +1502,7 @@ + data.allocation.flags, true); + if (IS_ERR(handle)) + return PTR_ERR(handle); +- ++ pass_to_user(handle); + data.allocation.handle = handle->id; + + cleanup_handle = handle; +@@ -1455,7 +1518,7 @@ + mutex_unlock(&client->lock); + return PTR_ERR(handle); + } +- ion_free_nolock(client, handle); ++ user_ion_free_nolock(client, handle); + ion_handle_put_nolock(handle); + mutex_unlock(&client->lock); + break; +@@ -1478,10 +1541,15 @@ + { + struct ion_handle *handle; + handle = ion_import_dma_buf(client, data.fd.fd); +- if (IS_ERR(handle)) ++ if (IS_ERR(handle)) { + ret = PTR_ERR(handle); +- else +- data.handle.handle = handle->id; ++ } else { ++ handle = pass_to_user(handle); ++ if (IS_ERR(handle)) ++ ret = PTR_ERR(handle); ++ else ++ data.handle.handle = handle->id; ++ } + break; + } + case ION_IOC_SYNC: +@@ -1518,8 +1586,10 @@ + if (dir & _IOC_READ) { + if (copy_to_user((void __user *)arg, &data, _IOC_SIZE(cmd))) { + if (cleanup_handle) { +- ion_free(client, cleanup_handle); +- ion_handle_put(cleanup_handle); ++ mutex_lock(&client->lock); ++ user_ion_free_nolock(client, cleanup_handle); ++ ion_handle_put_nolock(cleanup_handle); ++ mutex_unlock(&client->lock); + } + return -EFAULT; + } diff --git a/Patches/Linux_CVEs/CVE-2017-0564/3.10/1.patch.base64 b/Patches/Linux_CVEs/CVE-2017-0564/3.10/1.patch.base64 new file mode 100644 index 00000000..291e7e6c --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0564/3.10/1.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2RyaXZlcnMvc3RhZ2luZy9hbmRyb2lkL2lvbi9pb24uYyBiL2RyaXZlcnMvc3RhZ2luZy9hbmRyb2lkL2lvbi9pb24uYwppbmRleCBlZTFjMmYzLi5lOTllYTlhIDEwMDc1NQotLS0gYS9kcml2ZXJzL3N0YWdpbmcvYW5kcm9pZC9pb24vaW9uLmMKKysrIGIvZHJpdmVycy9zdGFnaW5nL2FuZHJvaWQvaW9uL2lvbi5jCkBAIC0xMTYsNiArMTE2LDcgQEAKICAqLwogc3RydWN0IGlvbl9oYW5kbGUgewogCXN0cnVjdCBrcmVmIHJlZjsKKwl1bnNpZ25lZCBpbnQgdXNlcl9yZWZfY291bnQ7CiAJc3RydWN0IGlvbl9jbGllbnQgKmNsaWVudDsKIAlzdHJ1Y3QgaW9uX2J1ZmZlciAqYnVmZmVyOwogCXN0cnVjdCByYl9ub2RlIG5vZGU7CkBAIC00MjksNiArNDMwLDUwIEBACiAJcmV0dXJuIHJldDsKIH0KIAorLyogTXVzdCBob2xkIHRoZSBjbGllbnQgbG9jayAqLworc3RhdGljIHZvaWQgdXNlcl9pb25faGFuZGxlX2dldChzdHJ1Y3QgaW9uX2hhbmRsZSAqaGFuZGxlKQoreworCWlmIChoYW5kbGUtPnVzZXJfcmVmX2NvdW50KysgPT0gMCkgeworCQlrcmVmX2dldCgmaGFuZGxlLT5yZWYpOworCX0KK30KKworLyogTXVzdCBob2xkIHRoZSBjbGllbnQgbG9jayAqLworc3RhdGljIHN0cnVjdCBpb25faGFuZGxlKiB1c2VyX2lvbl9oYW5kbGVfZ2V0X2NoZWNrX292ZXJmbG93KHN0cnVjdCBpb25faGFuZGxlICpoYW5kbGUpCit7CisJaWYgKGhhbmRsZS0+dXNlcl9yZWZfY291bnQgKyAxID09IDApCisJCXJldHVybiBFUlJfUFRSKC1FT1ZFUkZMT1cpOworCXVzZXJfaW9uX2hhbmRsZV9nZXQoaGFuZGxlKTsKKwlyZXR1cm4gaGFuZGxlOworfQorCisvKiBwYXNzZXMgYSBrcmVmIHRvIHRoZSB1c2VyIHJlZiBjb3VudC4KKyAqIFdlIGtub3cgd2UncmUgaG9sZGluZyBhIGtyZWYgdG8gdGhlIG9iamVjdCBiZWZvcmUgYW5kCisgKiBhZnRlciB0aGlzIGNhbGwsIHNvIG5vIG5lZWQgdG8gcmV2ZXJpZnkgaGFuZGxlLiAqLworc3RhdGljIHN0cnVjdCBpb25faGFuZGxlKiBwYXNzX3RvX3VzZXIoc3RydWN0IGlvbl9oYW5kbGUgKmhhbmRsZSkKK3sKKwlzdHJ1Y3QgaW9uX2NsaWVudCAqY2xpZW50ID0gaGFuZGxlLT5jbGllbnQ7CisJc3RydWN0IGlvbl9oYW5kbGUgKnJldDsKKworCW11dGV4X2xvY2soJmNsaWVudC0+bG9jayk7CisJcmV0ID0gdXNlcl9pb25faGFuZGxlX2dldF9jaGVja19vdmVyZmxvdyhoYW5kbGUpOworCWlvbl9oYW5kbGVfcHV0X25vbG9jayhoYW5kbGUpOworCW11dGV4X3VubG9jaygmY2xpZW50LT5sb2NrKTsKKwlyZXR1cm4gcmV0OworfQorCisvKiBNdXN0IGhvbGQgdGhlIGNsaWVudCBsb2NrICovCitzdGF0aWMgaW50IHVzZXJfaW9uX2hhbmRsZV9wdXRfbm9sb2NrKHN0cnVjdCBpb25faGFuZGxlICpoYW5kbGUpCit7CisJaW50IHJldDsKKworCWlmICgtLWhhbmRsZS0+dXNlcl9yZWZfY291bnQgPT0gMCkgeworCQlyZXQgPSBpb25faGFuZGxlX3B1dF9ub2xvY2soaGFuZGxlKTsKKwl9CisKKwlyZXR1cm4gcmV0OworfQorCiBzdGF0aWMgc3RydWN0IGlvbl9oYW5kbGUgKmlvbl9oYW5kbGVfbG9va3VwKHN0cnVjdCBpb25fY2xpZW50ICpjbGllbnQsCiAJCQkJCSAgICBzdHJ1Y3QgaW9uX2J1ZmZlciAqYnVmZmVyKQogewpAQCAtNjQ1LDYgKzY5MCwyNCBAQAogCWlvbl9oYW5kbGVfcHV0X25vbG9jayhoYW5kbGUpOwogfQogCitzdGF0aWMgdm9pZCB1c2VyX2lvbl9mcmVlX25vbG9jayhzdHJ1Y3QgaW9uX2NsaWVudCAqY2xpZW50LCBzdHJ1Y3QgaW9uX2hhbmRsZSAqaGFuZGxlKQoreworCWJvb2wgdmFsaWRfaGFuZGxlOworCisJQlVHX09OKGNsaWVudCAhPSBoYW5kbGUtPmNsaWVudCk7CisKKwl2YWxpZF9oYW5kbGUgPSBpb25faGFuZGxlX3ZhbGlkYXRlKGNsaWVudCwgaGFuZGxlKTsKKwlpZiAoIXZhbGlkX2hhbmRsZSkgeworCQlXQVJOKDEsICIlczogaW52YWxpZCBoYW5kbGUgcGFzc2VkIHRvIGZyZWUuXG4iLCBfX2Z1bmNfXyk7CisJCXJldHVybjsKKwl9CisJaWYgKCFoYW5kbGUtPnVzZXJfcmVmX2NvdW50ID4gMCkgeworCQlXQVJOKDEsICIlczogVXNlciBkb2VzIG5vdCBoYXZlIGFjY2VzcyFcbiIsIF9fZnVuY19fKTsKKwkJcmV0dXJuOworCX0KKwl1c2VyX2lvbl9oYW5kbGVfcHV0X25vbG9jayhoYW5kbGUpOworfQorCiB2b2lkIGlvbl9mcmVlKHN0cnVjdCBpb25fY2xpZW50ICpjbGllbnQsIHN0cnVjdCBpb25faGFuZGxlICpoYW5kbGUpCiB7CiAJQlVHX09OKGNsaWVudCAhPSBoYW5kbGUtPmNsaWVudCk7CkBAIC0xNDM5LDcgKzE1MDIsNyBAQAogCQkJCQkJZGF0YS5hbGxvY2F0aW9uLmZsYWdzLCB0cnVlKTsKIAkJaWYgKElTX0VSUihoYW5kbGUpKQogCQkJcmV0dXJuIFBUUl9FUlIoaGFuZGxlKTsKLQorCQlwYXNzX3RvX3VzZXIoaGFuZGxlKTsKIAkJZGF0YS5hbGxvY2F0aW9uLmhhbmRsZSA9IGhhbmRsZS0+aWQ7CiAKIAkJY2xlYW51cF9oYW5kbGUgPSBoYW5kbGU7CkBAIC0xNDU1LDcgKzE1MTgsNyBAQAogCQkJbXV0ZXhfdW5sb2NrKCZjbGllbnQtPmxvY2spOwogCQkJcmV0dXJuIFBUUl9FUlIoaGFuZGxlKTsKIAkJfQotCQlpb25fZnJlZV9ub2xvY2soY2xpZW50LCBoYW5kbGUpOworCQl1c2VyX2lvbl9mcmVlX25vbG9jayhjbGllbnQsIGhhbmRsZSk7CiAJCWlvbl9oYW5kbGVfcHV0X25vbG9jayhoYW5kbGUpOwogCQltdXRleF91bmxvY2soJmNsaWVudC0+bG9jayk7CiAJCWJyZWFrOwpAQCAtMTQ3OCwxMCArMTU0MSwxNSBAQAogCXsKIAkJc3RydWN0IGlvbl9oYW5kbGUgKmhhbmRsZTsKIAkJaGFuZGxlID0gaW9uX2ltcG9ydF9kbWFfYnVmKGNsaWVudCwgZGF0YS5mZC5mZCk7Ci0JCWlmIChJU19FUlIoaGFuZGxlKSkKKwkJaWYgKElTX0VSUihoYW5kbGUpKSB7CiAJCQlyZXQgPSBQVFJfRVJSKGhhbmRsZSk7Ci0JCWVsc2UKLQkJCWRhdGEuaGFuZGxlLmhhbmRsZSA9IGhhbmRsZS0+aWQ7CisJCX0gZWxzZSB7CisJCQloYW5kbGUgPSBwYXNzX3RvX3VzZXIoaGFuZGxlKTsKKwkJCWlmIChJU19FUlIoaGFuZGxlKSkKKwkJCQlyZXQgPSBQVFJfRVJSKGhhbmRsZSk7CisJCQllbHNlCisJCQkJZGF0YS5oYW5kbGUuaGFuZGxlID0gaGFuZGxlLT5pZDsKKwkJfQogCQlicmVhazsKIAl9CiAJY2FzZSBJT05fSU9DX1NZTkM6CkBAIC0xNTE4LDggKzE1ODYsMTAgQEAKIAlpZiAoZGlyICYgX0lPQ19SRUFEKSB7CiAJCWlmIChjb3B5X3RvX3VzZXIoKHZvaWQgX191c2VyICopYXJnLCAmZGF0YSwgX0lPQ19TSVpFKGNtZCkpKSB7CiAJCQlpZiAoY2xlYW51cF9oYW5kbGUpIHsKLQkJCQlpb25fZnJlZShjbGllbnQsIGNsZWFudXBfaGFuZGxlKTsKLQkJCQlpb25faGFuZGxlX3B1dChjbGVhbnVwX2hhbmRsZSk7CisJCQkJbXV0ZXhfbG9jaygmY2xpZW50LT5sb2NrKTsKKwkJCQl1c2VyX2lvbl9mcmVlX25vbG9jayhjbGllbnQsIGNsZWFudXBfaGFuZGxlKTsKKwkJCQlpb25faGFuZGxlX3B1dF9ub2xvY2soY2xlYW51cF9oYW5kbGUpOworCQkJCW11dGV4X3VubG9jaygmY2xpZW50LT5sb2NrKTsKIAkJCX0KIAkJCXJldHVybiAtRUZBVUxUOwogCQl9Cg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0564/ANY/2.patch b/Patches/Linux_CVEs/CVE-2017-0564/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0564/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2017-0564/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0568/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0568/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0568/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0568/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0568/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0568/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0568/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0568/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0569/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-0569/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0569/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-0569/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0570/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-0570/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0570/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-0570/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0571/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-0571/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0571/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-0571/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0572/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0572/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0572/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0572/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0573/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0573/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0573/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0573/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0574/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0574/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0574/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0574/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0575/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0575/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0575/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0575/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0575/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0575/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0575/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0575/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0576/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0576/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0576/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0576/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0583/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0583/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0583/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0583/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0584/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0584/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0584/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0584/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0584/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0584/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0584/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0584/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0586/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0586/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0586/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0586/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0604/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0604/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0604/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0604/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0606/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0606/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0606/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0606/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0607/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0607/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0607/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0607/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0608/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0608/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0608/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0608/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0609/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0609/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0609/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0609/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0610/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0610/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0610/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0610/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0610/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-0610/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0610/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-0610/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0611/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0611/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0611/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0611/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0612/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0612/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0612/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0612/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0613/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0613/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0613/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0613/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0614/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0614/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0614/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0614/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0619/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0619/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0619/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0619/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0620/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0620/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0620/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0620/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0621/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0621/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0621/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0621/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0622/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0622/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0622/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0622/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0626/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0626/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0626/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0626/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0627/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0627/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0627/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0627/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0628/4.4/0.patch b/Patches/Linux_CVEs/CVE-2017-0628/4.4/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0628/4.4/0.patch rename to Patches/Linux_CVEs/CVE-2017-0628/4.4/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0629/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0629/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0629/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0629/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0631/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0631/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0631/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0631/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0632/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0632/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0632/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0632/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0633/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0633/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0633/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0633/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-0648/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0648/ANY/0.patch new file mode 100644 index 00000000..24a62aed --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0648/ANY/0.patch @@ -0,0 +1,13 @@ +diff --git a/include/linux/sysrq.h b/include/linux/sysrq.h +index 5a0bd93..d393eeb 100644 +--- a/include/linux/sysrq.h ++++ b/include/linux/sysrq.h +@@ -18,7 +18,7 @@ + #include + + /* Enable/disable SYSRQ support by default (0==no, 1==yes). */ +-#define SYSRQ_DEFAULT_ENABLE 1 ++#define SYSRQ_DEFAULT_ENABLE 0 + + /* Possible values of bitmask for enabling sysrq functions */ + /* 0x0001 is reserved for enable everything */ diff --git a/Patches/Linux_CVEs/CVE-2017-0648/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2017-0648/ANY/0.patch.base64 new file mode 100644 index 00000000..9daf348f --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0648/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2luY2x1ZGUvbGludXgvc3lzcnEuaCBiL2luY2x1ZGUvbGludXgvc3lzcnEuaAppbmRleCA1YTBiZDkzLi5kMzkzZWViIDEwMDY0NAotLS0gYS9pbmNsdWRlL2xpbnV4L3N5c3JxLmgKKysrIGIvaW5jbHVkZS9saW51eC9zeXNycS5oCkBAIC0xOCw3ICsxOCw3IEBACiAjaW5jbHVkZSA8bGludXgvdHlwZXMuaD4KIAogLyogRW5hYmxlL2Rpc2FibGUgU1lTUlEgc3VwcG9ydCBieSBkZWZhdWx0ICgwPT1ubywgMT09eWVzKS4gKi8KLSNkZWZpbmUgU1lTUlFfREVGQVVMVF9FTkFCTEUJMQorI2RlZmluZSBTWVNSUV9ERUZBVUxUX0VOQUJMRQkwCiAKIC8qIFBvc3NpYmxlIHZhbHVlcyBvZiBiaXRtYXNrIGZvciBlbmFibGluZyBzeXNycSBmdW5jdGlvbnMgKi8KIC8qIDB4MDAwMSBpcyByZXNlcnZlZCBmb3IgZW5hYmxlIGV2ZXJ5dGhpbmcgKi8K \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0650/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0650/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0650/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0650/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-0651/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0651/ANY/0.patch new file mode 100644 index 00000000..52fd8ec8 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0651/ANY/0.patch @@ -0,0 +1,26 @@ +diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c +index b4ef711..9a8000e 100644 +--- a/drivers/staging/android/ion/ion.c ++++ b/drivers/staging/android/ion/ion.c +@@ -871,6 +871,7 @@ + struct ion_device *dev = p->dev; + struct rb_node *n; + struct ion_debugfs_handle_header header; ++ struct ion_debugfs_handle_entry entry; + + header.version = 1; + /* +@@ -883,11 +884,12 @@ + if (seq_write(s, &header, sizeof(header))) + return 0; + ++ memset(&entry, 0, sizeof(entry)); ++ + mutex_lock(&dev->buffer_lock); + for (n = rb_first(&dev->buffers); n; n = rb_next(n)) { + struct ion_buffer *buffer = rb_entry(n, struct ion_buffer, + node); +- struct ion_debugfs_handle_entry entry; + + if (buffer->pid != p->pid) + continue; diff --git a/Patches/Linux_CVEs/CVE-2017-0651/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2017-0651/ANY/0.patch.base64 new file mode 100644 index 00000000..e2fc1695 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0651/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2RyaXZlcnMvc3RhZ2luZy9hbmRyb2lkL2lvbi9pb24uYyBiL2RyaXZlcnMvc3RhZ2luZy9hbmRyb2lkL2lvbi9pb24uYwppbmRleCBiNGVmNzExLi45YTgwMDBlIDEwMDY0NAotLS0gYS9kcml2ZXJzL3N0YWdpbmcvYW5kcm9pZC9pb24vaW9uLmMKKysrIGIvZHJpdmVycy9zdGFnaW5nL2FuZHJvaWQvaW9uL2lvbi5jCkBAIC04NzEsNiArODcxLDcgQEAKIAlzdHJ1Y3QgaW9uX2RldmljZSAqZGV2ID0gcC0+ZGV2OwogCXN0cnVjdCByYl9ub2RlICpuOwogCXN0cnVjdCBpb25fZGVidWdmc19oYW5kbGVfaGVhZGVyIGhlYWRlcjsKKwlzdHJ1Y3QgaW9uX2RlYnVnZnNfaGFuZGxlX2VudHJ5IGVudHJ5OwogCiAJaGVhZGVyLnZlcnNpb24gPSAxOwogCS8qCkBAIC04ODMsMTEgKzg4NCwxMiBAQAogCWlmIChzZXFfd3JpdGUocywgJmhlYWRlciwgc2l6ZW9mKGhlYWRlcikpKQogCQlyZXR1cm4gMDsKIAorCW1lbXNldCgmZW50cnksIDAsIHNpemVvZihlbnRyeSkpOworCiAJbXV0ZXhfbG9jaygmZGV2LT5idWZmZXJfbG9jayk7CiAJZm9yIChuID0gcmJfZmlyc3QoJmRldi0+YnVmZmVycyk7IG47IG4gPSByYl9uZXh0KG4pKSB7CiAJCXN0cnVjdCBpb25fYnVmZmVyICpidWZmZXIgPSByYl9lbnRyeShuLCBzdHJ1Y3QgaW9uX2J1ZmZlciwKIAkJCQlub2RlKTsKLQkJc3RydWN0IGlvbl9kZWJ1Z2ZzX2hhbmRsZV9lbnRyeSBlbnRyeTsKIAogCQlpZiAoYnVmZmVyLT5waWQgIT0gcC0+cGlkKQogCQkJY29udGludWU7Cg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0705/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0705/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0705/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0705/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-0706/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0706/ANY/0.patch new file mode 100644 index 00000000..f5da5679 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0706/ANY/0.patch @@ -0,0 +1,15 @@ +diff --git a/drivers/net/wireless/bcmdhd/wl_cfg80211.c b/drivers/net/wireless/bcmdhd/wl_cfg80211.c +index 9081988..a73b030 100644 +--- a/drivers/net/wireless/bcmdhd/wl_cfg80211.c ++++ b/drivers/net/wireless/bcmdhd/wl_cfg80211.c +@@ -5830,6 +5830,10 @@ + + WL_DBG(("Enter \n")); + ++ if (len > (ACTION_FRAME_SIZE + DOT11_MGMT_HDR_LEN)) { ++ WL_ERR(("bad length:%zu\n", len)); ++ return BCME_BADARG; ++ } + dev = cfgdev_to_wlc_ndev(cfgdev, cfg); + + /* set bsscfg idx for iovar (wlan0: P2PAPI_BSSCFG_PRIMARY, p2p: P2PAPI_BSSCFG_DEVICE) */ diff --git a/Patches/Linux_CVEs/CVE-2017-0706/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2017-0706/ANY/0.patch.base64 new file mode 100644 index 00000000..ad2489f5 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0706/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2RyaXZlcnMvbmV0L3dpcmVsZXNzL2JjbWRoZC93bF9jZmc4MDIxMS5jIGIvZHJpdmVycy9uZXQvd2lyZWxlc3MvYmNtZGhkL3dsX2NmZzgwMjExLmMKaW5kZXggOTA4MTk4OC4uYTczYjAzMCAxMDA2NDQKLS0tIGEvZHJpdmVycy9uZXQvd2lyZWxlc3MvYmNtZGhkL3dsX2NmZzgwMjExLmMKKysrIGIvZHJpdmVycy9uZXQvd2lyZWxlc3MvYmNtZGhkL3dsX2NmZzgwMjExLmMKQEAgLTU4MzAsNiArNTgzMCwxMCBAQAogCiAJV0xfREJHKCgiRW50ZXIgXG4iKSk7CiAKKwlpZiAobGVuID4gKEFDVElPTl9GUkFNRV9TSVpFICsgRE9UMTFfTUdNVF9IRFJfTEVOKSkgeworCQlXTF9FUlIoKCJiYWQgbGVuZ3RoOiV6dVxuIiwgbGVuKSk7CisJCXJldHVybiBCQ01FX0JBREFSRzsKKwl9CiAJZGV2ID0gY2ZnZGV2X3RvX3dsY19uZGV2KGNmZ2RldiwgY2ZnKTsKIAogCS8qIHNldCBic3NjZmcgaWR4IGZvciBpb3ZhciAod2xhbjA6IFAyUEFQSV9CU1NDRkdfUFJJTUFSWSwgcDJwOiBQMlBBUElfQlNTQ0ZHX0RFVklDRSkJKi8K \ No newline at end of file diff --git a/Patches/Linux_CVEs/CVE-2017-0710/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0710/ANY/0.patch new file mode 100644 index 00000000..b1a9e523 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0710/ANY/0.patch @@ -0,0 +1,14 @@ +diff --git a/kernel/fork.c b/kernel/fork.c +index 2b11e38..b6eecda 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -725,8 +725,7 @@ + + mm = get_task_mm(task); + if (mm && mm != current->mm && +- !ptrace_may_access(task, mode) && +- !capable(CAP_SYS_RESOURCE)) { ++ !ptrace_may_access(task, mode)) { + mmput(mm); + mm = ERR_PTR(-EACCES); + } diff --git a/Patches/Linux_CVEs/CVE-2017-0710/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2017-0710/ANY/0.patch.base64 new file mode 100644 index 00000000..9f795347 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0710/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2tlcm5lbC9mb3JrLmMgYi9rZXJuZWwvZm9yay5jCmluZGV4IDJiMTFlMzguLmI2ZWVjZGEgMTAwNjQ0Ci0tLSBhL2tlcm5lbC9mb3JrLmMKKysrIGIva2VybmVsL2ZvcmsuYwpAQCAtNzI1LDggKzcyNSw3IEBACiAKIAltbSA9IGdldF90YXNrX21tKHRhc2spOwogCWlmIChtbSAmJiBtbSAhPSBjdXJyZW50LT5tbSAmJgotCQkJIXB0cmFjZV9tYXlfYWNjZXNzKHRhc2ssIG1vZGUpICYmCi0JCQkhY2FwYWJsZShDQVBfU1lTX1JFU09VUkNFKSkgeworCQkJIXB0cmFjZV9tYXlfYWNjZXNzKHRhc2ssIG1vZGUpKSB7CiAJCW1tcHV0KG1tKTsKIAkJbW0gPSBFUlJfUFRSKC1FQUNDRVMpOwogCX0K \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0740/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0740/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0740/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0740/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-0744/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0744/ANY/0.patch new file mode 100644 index 00000000..3c5aa2b2 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0744/ANY/0.patch @@ -0,0 +1,30 @@ +diff --git a/sound/soc/tegra/tegra30_avp.c b/sound/soc/tegra/tegra30_avp.c +index 1a8c304..ef0616f 100644 +--- a/sound/soc/tegra/tegra30_avp.c ++++ b/sound/soc/tegra/tegra30_avp.c +@@ -276,7 +276,7 @@ + struct audio_engine_data *audio_engine; + const struct firmware *ucode_fw; + const struct tegra30_avp_ucode_desc *ucode_desc; +- int ucode_size = 0, ucode_offset = 0, total_ucode_size = 0; ++ ssize_t ucode_size = 0, ucode_offset = 0, total_ucode_size = 0; + int i, ret = 0; + + dev_vdbg(audio_avp->dev, "%s", __func__); +@@ -316,13 +316,14 @@ + } + + ucode_size = ucode_fw->size; +- if (ucode_size <= 0) { ++ if (ucode_size <= 0 || ++ ucode_size > avp_ucode_desc[i].max_mem_size) { + dev_err(audio_avp->dev, "Invalid ucode size."); + ret = -EINVAL; + release_firmware(ucode_fw); + goto err_param_mem_free; + } +- dev_vdbg(audio_avp->dev, "%s ucode size = %d bytes", ++ dev_vdbg(audio_avp->dev, "%s ucode size = %zd bytes", + ucode_desc->bin_name, ucode_size); + + /* Read ucode */ diff --git a/Patches/Linux_CVEs/CVE-2017-0744/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2017-0744/ANY/0.patch.base64 new file mode 100644 index 00000000..8e797830 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0744/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL3NvdW5kL3NvYy90ZWdyYS90ZWdyYTMwX2F2cC5jIGIvc291bmQvc29jL3RlZ3JhL3RlZ3JhMzBfYXZwLmMKaW5kZXggMWE4YzMwNC4uZWYwNjE2ZiAxMDA2NDQKLS0tIGEvc291bmQvc29jL3RlZ3JhL3RlZ3JhMzBfYXZwLmMKKysrIGIvc291bmQvc29jL3RlZ3JhL3RlZ3JhMzBfYXZwLmMKQEAgLTI3Niw3ICsyNzYsNyBAQAogCXN0cnVjdCBhdWRpb19lbmdpbmVfZGF0YSAqYXVkaW9fZW5naW5lOwogCWNvbnN0IHN0cnVjdCBmaXJtd2FyZSAqdWNvZGVfZnc7CiAJY29uc3Qgc3RydWN0IHRlZ3JhMzBfYXZwX3Vjb2RlX2Rlc2MgKnVjb2RlX2Rlc2M7Ci0JaW50IHVjb2RlX3NpemUgPSAwLCB1Y29kZV9vZmZzZXQgPSAwLCB0b3RhbF91Y29kZV9zaXplID0gMDsKKwlzc2l6ZV90IHVjb2RlX3NpemUgPSAwLCB1Y29kZV9vZmZzZXQgPSAwLCB0b3RhbF91Y29kZV9zaXplID0gMDsKIAlpbnQgaSwgcmV0ID0gMDsKIAogCWRldl92ZGJnKGF1ZGlvX2F2cC0+ZGV2LCAiJXMiLCBfX2Z1bmNfXyk7CkBAIC0zMTYsMTMgKzMxNiwxNCBAQAogCQl9CiAKIAkJdWNvZGVfc2l6ZSA9IHVjb2RlX2Z3LT5zaXplOwotCQlpZiAodWNvZGVfc2l6ZSA8PSAwKSB7CisJCWlmICh1Y29kZV9zaXplIDw9IDAgfHwKKwkJCXVjb2RlX3NpemUgPiBhdnBfdWNvZGVfZGVzY1tpXS5tYXhfbWVtX3NpemUpIHsKIAkJCWRldl9lcnIoYXVkaW9fYXZwLT5kZXYsICJJbnZhbGlkIHVjb2RlIHNpemUuIik7CiAJCQlyZXQgPSAtRUlOVkFMOwogCQkJcmVsZWFzZV9maXJtd2FyZSh1Y29kZV9mdyk7CiAJCQlnb3RvIGVycl9wYXJhbV9tZW1fZnJlZTsKIAkJfQotCQlkZXZfdmRiZyhhdWRpb19hdnAtPmRldiwgIiVzIHVjb2RlIHNpemUgPSAlZCBieXRlcyIsCisJCWRldl92ZGJnKGF1ZGlvX2F2cC0+ZGV2LCAiJXMgdWNvZGUgc2l6ZSA9ICV6ZCBieXRlcyIsCiAJCQl1Y29kZV9kZXNjLT5iaW5fbmFtZSwgdWNvZGVfc2l6ZSk7CiAKIAkJLyogUmVhZCB1Y29kZSAqLwo= \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0746/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0746/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0746/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0746/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0748/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0748/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0748/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0748/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-0749/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0749/ANY/0.patch new file mode 100644 index 00000000..3d72e02b --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0749/ANY/0.patch @@ -0,0 +1,217 @@ +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index 31c47d0..cbeae57 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -1282,11 +1282,11 @@ + + #define SAVED_CMDLINES_DEFAULT 128 + #define NO_CMDLINE_MAP UINT_MAX +-static unsigned saved_tgids[SAVED_CMDLINES_DEFAULT]; + static arch_spinlock_t trace_cmdline_lock = __ARCH_SPIN_LOCK_UNLOCKED; + struct saved_cmdlines_buffer { + unsigned map_pid_to_cmdline[PID_MAX_DEFAULT+1]; + unsigned *map_cmdline_to_pid; ++ unsigned *map_cmdline_to_tgid; + unsigned cmdline_num; + int cmdline_idx; + char *saved_cmdlines; +@@ -1320,12 +1320,23 @@ + return -ENOMEM; + } + ++ s->map_cmdline_to_tgid = kmalloc_array(val, ++ sizeof(*s->map_cmdline_to_tgid), ++ GFP_KERNEL); ++ if (!s->map_cmdline_to_tgid) { ++ kfree(s->map_cmdline_to_pid); ++ kfree(s->saved_cmdlines); ++ return -ENOMEM; ++ } ++ + s->cmdline_idx = 0; + s->cmdline_num = val; + memset(&s->map_pid_to_cmdline, NO_CMDLINE_MAP, + sizeof(s->map_pid_to_cmdline)); + memset(s->map_cmdline_to_pid, NO_CMDLINE_MAP, + val * sizeof(*s->map_cmdline_to_pid)); ++ memset(s->map_cmdline_to_tgid, NO_CMDLINE_MAP, ++ val * sizeof(*s->map_cmdline_to_tgid)); + + return 0; + } +@@ -1491,14 +1502,17 @@ + if (!tsk->pid || unlikely(tsk->pid > PID_MAX_DEFAULT)) + return 0; + ++ preempt_disable(); + /* + * It's not the end of the world if we don't get + * the lock, but we also don't want to spin + * nor do we want to disable interrupts, + * so if we miss here, then better luck next time. + */ +- if (!arch_spin_trylock(&trace_cmdline_lock)) ++ if (!arch_spin_trylock(&trace_cmdline_lock)) { ++ preempt_enable(); + return 0; ++ } + + idx = savedcmd->map_pid_to_cmdline[tsk->pid]; + if (idx == NO_CMDLINE_MAP) { +@@ -1521,8 +1535,9 @@ + } + + set_cmdline(idx, tsk->comm); +- saved_tgids[idx] = tsk->tgid; ++ savedcmd->map_cmdline_to_tgid[idx] = tsk->tgid; + arch_spin_unlock(&trace_cmdline_lock); ++ preempt_enable(); + + return 1; + } +@@ -1564,19 +1579,29 @@ + preempt_enable(); + } + +-int trace_find_tgid(int pid) ++static int __find_tgid_locked(int pid) + { + unsigned map; + int tgid; + +- preempt_disable(); +- arch_spin_lock(&trace_cmdline_lock); + map = savedcmd->map_pid_to_cmdline[pid]; + if (map != NO_CMDLINE_MAP) +- tgid = saved_tgids[map]; ++ tgid = savedcmd->map_cmdline_to_tgid[map]; + else + tgid = -1; + ++ return tgid; ++} ++ ++int trace_find_tgid(int pid) ++{ ++ int tgid; ++ ++ preempt_disable(); ++ arch_spin_lock(&trace_cmdline_lock); ++ ++ tgid = __find_tgid_locked(pid); ++ + arch_spin_unlock(&trace_cmdline_lock); + preempt_enable(); + +@@ -3877,10 +3902,15 @@ + { + char buf[64]; + int r; ++ unsigned int n; + ++ preempt_disable(); + arch_spin_lock(&trace_cmdline_lock); +- r = scnprintf(buf, sizeof(buf), "%u\n", savedcmd->cmdline_num); ++ n = savedcmd->cmdline_num; + arch_spin_unlock(&trace_cmdline_lock); ++ preempt_enable(); ++ ++ r = scnprintf(buf, sizeof(buf), "%u\n", n); + + return simple_read_from_buffer(ubuf, cnt, ppos, buf, r); + } +@@ -3889,6 +3919,7 @@ + { + kfree(s->saved_cmdlines); + kfree(s->map_cmdline_to_pid); ++ kfree(s->map_cmdline_to_tgid); + kfree(s); + } + +@@ -3905,10 +3936,12 @@ + return -ENOMEM; + } + ++ preempt_disable(); + arch_spin_lock(&trace_cmdline_lock); + savedcmd_temp = savedcmd; + savedcmd = s; + arch_spin_unlock(&trace_cmdline_lock); ++ preempt_enable(); + free_saved_cmdlines_buffer(savedcmd_temp); + + return 0; +@@ -3951,33 +3984,61 @@ + char *file_buf; + char *buf; + int len = 0; +- int pid; + int i; ++ int *pids; ++ int n = 0; + +- file_buf = kmalloc(SAVED_CMDLINES_DEFAULT*(16+1+16), GFP_KERNEL); +- if (!file_buf) ++ preempt_disable(); ++ arch_spin_lock(&trace_cmdline_lock); ++ ++ pids = kmalloc_array(savedcmd->cmdline_num, 2*sizeof(int), GFP_KERNEL); ++ if (!pids) { ++ arch_spin_unlock(&trace_cmdline_lock); ++ preempt_enable(); + return -ENOMEM; ++ } + +- buf = file_buf; +- +- for (i = 0; i < SAVED_CMDLINES_DEFAULT; i++) { +- int tgid; +- int r; ++ for (i = 0; i < savedcmd->cmdline_num; i++) { ++ int pid; + + pid = savedcmd->map_cmdline_to_pid[i]; + if (pid == -1 || pid == NO_CMDLINE_MAP) + continue; + +- tgid = trace_find_tgid(pid); +- r = sprintf(buf, "%d %d\n", pid, tgid); ++ pids[n] = pid; ++ pids[n+1] = __find_tgid_locked(pid); ++ n += 2; ++ } ++ arch_spin_unlock(&trace_cmdline_lock); ++ preempt_enable(); ++ ++ if (n == 0) { ++ kfree(pids); ++ return 0; ++ } ++ ++ /* enough to hold max pair of pids + space, lr and nul */ ++ len = n * 12; ++ file_buf = kmalloc(len, GFP_KERNEL); ++ if (!file_buf) { ++ kfree(pids); ++ return -ENOMEM; ++ } ++ ++ buf = file_buf; ++ for (i = 0; i < n && len > 0; i += 2) { ++ int r; ++ ++ r = snprintf(buf, len, "%d %d\n", pids[i], pids[i+1]); + buf += r; +- len += r; ++ len -= r; + } + + len = simple_read_from_buffer(ubuf, cnt, ppos, +- file_buf, len); ++ file_buf, buf - file_buf); + + kfree(file_buf); ++ kfree(pids); + + return len; + } diff --git a/Patches/Linux_CVEs/CVE-2017-0749/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2017-0749/ANY/0.patch.base64 new file mode 100644 index 00000000..42806cb7 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-0749/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2tlcm5lbC90cmFjZS90cmFjZS5jIGIva2VybmVsL3RyYWNlL3RyYWNlLmMKaW5kZXggMzFjNDdkMC4uY2JlYWU1NyAxMDA2NDQKLS0tIGEva2VybmVsL3RyYWNlL3RyYWNlLmMKKysrIGIva2VybmVsL3RyYWNlL3RyYWNlLmMKQEAgLTEyODIsMTEgKzEyODIsMTEgQEAKIAogI2RlZmluZSBTQVZFRF9DTURMSU5FU19ERUZBVUxUIDEyOAogI2RlZmluZSBOT19DTURMSU5FX01BUCBVSU5UX01BWAotc3RhdGljIHVuc2lnbmVkIHNhdmVkX3RnaWRzW1NBVkVEX0NNRExJTkVTX0RFRkFVTFRdOwogc3RhdGljIGFyY2hfc3BpbmxvY2tfdCB0cmFjZV9jbWRsaW5lX2xvY2sgPSBfX0FSQ0hfU1BJTl9MT0NLX1VOTE9DS0VEOwogc3RydWN0IHNhdmVkX2NtZGxpbmVzX2J1ZmZlciB7CiAJdW5zaWduZWQgbWFwX3BpZF90b19jbWRsaW5lW1BJRF9NQVhfREVGQVVMVCsxXTsKIAl1bnNpZ25lZCAqbWFwX2NtZGxpbmVfdG9fcGlkOworCXVuc2lnbmVkICptYXBfY21kbGluZV90b190Z2lkOwogCXVuc2lnbmVkIGNtZGxpbmVfbnVtOwogCWludCBjbWRsaW5lX2lkeDsKIAljaGFyICpzYXZlZF9jbWRsaW5lczsKQEAgLTEzMjAsMTIgKzEzMjAsMjMgQEAKIAkJcmV0dXJuIC1FTk9NRU07CiAJfQogCisJcy0+bWFwX2NtZGxpbmVfdG9fdGdpZCA9IGttYWxsb2NfYXJyYXkodmFsLAorCQkJCQkgICAgICAgc2l6ZW9mKCpzLT5tYXBfY21kbGluZV90b190Z2lkKSwKKwkJCQkJICAgICAgIEdGUF9LRVJORUwpOworCWlmICghcy0+bWFwX2NtZGxpbmVfdG9fdGdpZCkgeworCQlrZnJlZShzLT5tYXBfY21kbGluZV90b19waWQpOworCQlrZnJlZShzLT5zYXZlZF9jbWRsaW5lcyk7CisJCXJldHVybiAtRU5PTUVNOworCX0KKwogCXMtPmNtZGxpbmVfaWR4ID0gMDsKIAlzLT5jbWRsaW5lX251bSA9IHZhbDsKIAltZW1zZXQoJnMtPm1hcF9waWRfdG9fY21kbGluZSwgTk9fQ01ETElORV9NQVAsCiAJICAgICAgIHNpemVvZihzLT5tYXBfcGlkX3RvX2NtZGxpbmUpKTsKIAltZW1zZXQocy0+bWFwX2NtZGxpbmVfdG9fcGlkLCBOT19DTURMSU5FX01BUCwKIAkgICAgICAgdmFsICogc2l6ZW9mKCpzLT5tYXBfY21kbGluZV90b19waWQpKTsKKwltZW1zZXQocy0+bWFwX2NtZGxpbmVfdG9fdGdpZCwgTk9fQ01ETElORV9NQVAsCisJICAgICAgIHZhbCAqIHNpemVvZigqcy0+bWFwX2NtZGxpbmVfdG9fdGdpZCkpOwogCiAJcmV0dXJuIDA7CiB9CkBAIC0xNDkxLDE0ICsxNTAyLDE3IEBACiAJaWYgKCF0c2stPnBpZCB8fCB1bmxpa2VseSh0c2stPnBpZCA+IFBJRF9NQVhfREVGQVVMVCkpCiAJCXJldHVybiAwOwogCisJcHJlZW1wdF9kaXNhYmxlKCk7CiAJLyoKIAkgKiBJdCdzIG5vdCB0aGUgZW5kIG9mIHRoZSB3b3JsZCBpZiB3ZSBkb24ndCBnZXQKIAkgKiB0aGUgbG9jaywgYnV0IHdlIGFsc28gZG9uJ3Qgd2FudCB0byBzcGluCiAJICogbm9yIGRvIHdlIHdhbnQgdG8gZGlzYWJsZSBpbnRlcnJ1cHRzLAogCSAqIHNvIGlmIHdlIG1pc3MgaGVyZSwgdGhlbiBiZXR0ZXIgbHVjayBuZXh0IHRpbWUuCiAJICovCi0JaWYgKCFhcmNoX3NwaW5fdHJ5bG9jaygmdHJhY2VfY21kbGluZV9sb2NrKSkKKwlpZiAoIWFyY2hfc3Bpbl90cnlsb2NrKCZ0cmFjZV9jbWRsaW5lX2xvY2spKSB7CisJCXByZWVtcHRfZW5hYmxlKCk7CiAJCXJldHVybiAwOworCX0KIAogCWlkeCA9IHNhdmVkY21kLT5tYXBfcGlkX3RvX2NtZGxpbmVbdHNrLT5waWRdOwogCWlmIChpZHggPT0gTk9fQ01ETElORV9NQVApIHsKQEAgLTE1MjEsOCArMTUzNSw5IEBACiAJfQogCiAJc2V0X2NtZGxpbmUoaWR4LCB0c2stPmNvbW0pOwotCXNhdmVkX3RnaWRzW2lkeF0gPSB0c2stPnRnaWQ7CisJc2F2ZWRjbWQtPm1hcF9jbWRsaW5lX3RvX3RnaWRbaWR4XSA9IHRzay0+dGdpZDsKIAlhcmNoX3NwaW5fdW5sb2NrKCZ0cmFjZV9jbWRsaW5lX2xvY2spOworCXByZWVtcHRfZW5hYmxlKCk7CiAKIAlyZXR1cm4gMTsKIH0KQEAgLTE1NjQsMTkgKzE1NzksMjkgQEAKIAlwcmVlbXB0X2VuYWJsZSgpOwogfQogCi1pbnQgdHJhY2VfZmluZF90Z2lkKGludCBwaWQpCitzdGF0aWMgaW50IF9fZmluZF90Z2lkX2xvY2tlZChpbnQgcGlkKQogewogCXVuc2lnbmVkIG1hcDsKIAlpbnQgdGdpZDsKIAotCXByZWVtcHRfZGlzYWJsZSgpOwotCWFyY2hfc3Bpbl9sb2NrKCZ0cmFjZV9jbWRsaW5lX2xvY2spOwogCW1hcCA9IHNhdmVkY21kLT5tYXBfcGlkX3RvX2NtZGxpbmVbcGlkXTsKIAlpZiAobWFwICE9IE5PX0NNRExJTkVfTUFQKQotCQl0Z2lkID0gc2F2ZWRfdGdpZHNbbWFwXTsKKwkJdGdpZCA9IHNhdmVkY21kLT5tYXBfY21kbGluZV90b190Z2lkW21hcF07CiAJZWxzZQogCQl0Z2lkID0gLTE7CiAKKwlyZXR1cm4gdGdpZDsKK30KKworaW50IHRyYWNlX2ZpbmRfdGdpZChpbnQgcGlkKQoreworCWludCB0Z2lkOworCisJcHJlZW1wdF9kaXNhYmxlKCk7CisJYXJjaF9zcGluX2xvY2soJnRyYWNlX2NtZGxpbmVfbG9jayk7CisKKwl0Z2lkID0gX19maW5kX3RnaWRfbG9ja2VkKHBpZCk7CisKIAlhcmNoX3NwaW5fdW5sb2NrKCZ0cmFjZV9jbWRsaW5lX2xvY2spOwogCXByZWVtcHRfZW5hYmxlKCk7CiAKQEAgLTM4NzcsMTAgKzM5MDIsMTUgQEAKIHsKIAljaGFyIGJ1Zls2NF07CiAJaW50IHI7CisJdW5zaWduZWQgaW50IG47CiAKKwlwcmVlbXB0X2Rpc2FibGUoKTsKIAlhcmNoX3NwaW5fbG9jaygmdHJhY2VfY21kbGluZV9sb2NrKTsKLQlyID0gc2NucHJpbnRmKGJ1Ziwgc2l6ZW9mKGJ1ZiksICIldVxuIiwgc2F2ZWRjbWQtPmNtZGxpbmVfbnVtKTsKKwluID0gc2F2ZWRjbWQtPmNtZGxpbmVfbnVtOwogCWFyY2hfc3Bpbl91bmxvY2soJnRyYWNlX2NtZGxpbmVfbG9jayk7CisJcHJlZW1wdF9lbmFibGUoKTsKKworCXIgPSBzY25wcmludGYoYnVmLCBzaXplb2YoYnVmKSwgIiV1XG4iLCBuKTsKIAogCXJldHVybiBzaW1wbGVfcmVhZF9mcm9tX2J1ZmZlcih1YnVmLCBjbnQsIHBwb3MsIGJ1Ziwgcik7CiB9CkBAIC0zODg5LDYgKzM5MTksNyBAQAogewogCWtmcmVlKHMtPnNhdmVkX2NtZGxpbmVzKTsKIAlrZnJlZShzLT5tYXBfY21kbGluZV90b19waWQpOworCWtmcmVlKHMtPm1hcF9jbWRsaW5lX3RvX3RnaWQpOwogCWtmcmVlKHMpOwogfQogCkBAIC0zOTA1LDEwICszOTM2LDEyIEBACiAJCXJldHVybiAtRU5PTUVNOwogCX0KIAorCXByZWVtcHRfZGlzYWJsZSgpOwogCWFyY2hfc3Bpbl9sb2NrKCZ0cmFjZV9jbWRsaW5lX2xvY2spOwogCXNhdmVkY21kX3RlbXAgPSBzYXZlZGNtZDsKIAlzYXZlZGNtZCA9IHM7CiAJYXJjaF9zcGluX3VubG9jaygmdHJhY2VfY21kbGluZV9sb2NrKTsKKwlwcmVlbXB0X2VuYWJsZSgpOwogCWZyZWVfc2F2ZWRfY21kbGluZXNfYnVmZmVyKHNhdmVkY21kX3RlbXApOwogCiAJcmV0dXJuIDA7CkBAIC0zOTUxLDMzICszOTg0LDYxIEBACiAJY2hhciAqZmlsZV9idWY7CiAJY2hhciAqYnVmOwogCWludCBsZW4gPSAwOwotCWludCBwaWQ7CiAJaW50IGk7CisJaW50ICpwaWRzOworCWludCBuID0gMDsKIAotCWZpbGVfYnVmID0ga21hbGxvYyhTQVZFRF9DTURMSU5FU19ERUZBVUxUKigxNisxKzE2KSwgR0ZQX0tFUk5FTCk7Ci0JaWYgKCFmaWxlX2J1ZikKKwlwcmVlbXB0X2Rpc2FibGUoKTsKKwlhcmNoX3NwaW5fbG9jaygmdHJhY2VfY21kbGluZV9sb2NrKTsKKworCXBpZHMgPSBrbWFsbG9jX2FycmF5KHNhdmVkY21kLT5jbWRsaW5lX251bSwgMipzaXplb2YoaW50KSwgR0ZQX0tFUk5FTCk7CisJaWYgKCFwaWRzKSB7CisJCWFyY2hfc3Bpbl91bmxvY2soJnRyYWNlX2NtZGxpbmVfbG9jayk7CisJCXByZWVtcHRfZW5hYmxlKCk7CiAJCXJldHVybiAtRU5PTUVNOworCX0KIAotCWJ1ZiA9IGZpbGVfYnVmOwotCi0JZm9yIChpID0gMDsgaSA8IFNBVkVEX0NNRExJTkVTX0RFRkFVTFQ7IGkrKykgewotCQlpbnQgdGdpZDsKLQkJaW50IHI7CisJZm9yIChpID0gMDsgaSA8IHNhdmVkY21kLT5jbWRsaW5lX251bTsgaSsrKSB7CisJCWludCBwaWQ7CiAKIAkJcGlkID0gc2F2ZWRjbWQtPm1hcF9jbWRsaW5lX3RvX3BpZFtpXTsKIAkJaWYgKHBpZCA9PSAtMSB8fCBwaWQgPT0gTk9fQ01ETElORV9NQVApCiAJCQljb250aW51ZTsKIAotCQl0Z2lkID0gdHJhY2VfZmluZF90Z2lkKHBpZCk7Ci0JCXIgPSBzcHJpbnRmKGJ1ZiwgIiVkICVkXG4iLCBwaWQsIHRnaWQpOworCQlwaWRzW25dID0gcGlkOworCQlwaWRzW24rMV0gPSBfX2ZpbmRfdGdpZF9sb2NrZWQocGlkKTsKKwkJbiArPSAyOworCX0KKwlhcmNoX3NwaW5fdW5sb2NrKCZ0cmFjZV9jbWRsaW5lX2xvY2spOworCXByZWVtcHRfZW5hYmxlKCk7CisKKwlpZiAobiA9PSAwKSB7CisJCWtmcmVlKHBpZHMpOworCQlyZXR1cm4gMDsKKwl9CisKKwkvKiBlbm91Z2ggdG8gaG9sZCBtYXggcGFpciBvZiBwaWRzICsgc3BhY2UsIGxyIGFuZCBudWwgKi8KKwlsZW4gPSBuICogMTI7CisJZmlsZV9idWYgPSBrbWFsbG9jKGxlbiwgR0ZQX0tFUk5FTCk7CisJaWYgKCFmaWxlX2J1ZikgeworCQlrZnJlZShwaWRzKTsKKwkJcmV0dXJuIC1FTk9NRU07CisJfQorCisJYnVmID0gZmlsZV9idWY7CisJZm9yIChpID0gMDsgaSA8IG4gJiYgbGVuID4gMDsgaSArPSAyKSB7CisJCWludCByOworCisJCXIgPSBzbnByaW50ZihidWYsIGxlbiwgIiVkICVkXG4iLCBwaWRzW2ldLCBwaWRzW2krMV0pOwogCQlidWYgKz0gcjsKLQkJbGVuICs9IHI7CisJCWxlbiAtPSByOwogCX0KIAogCWxlbiA9IHNpbXBsZV9yZWFkX2Zyb21fYnVmZmVyKHVidWYsIGNudCwgcHBvcywKLQkJCQkgICAgICBmaWxlX2J1ZiwgbGVuKTsKKwkJCQkgICAgICBmaWxlX2J1ZiwgYnVmIC0gZmlsZV9idWYpOwogCiAJa2ZyZWUoZmlsZV9idWYpOworCWtmcmVlKHBpZHMpOwogCiAJcmV0dXJuIGxlbjsKIH0K \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-0750/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0750/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0750/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0750/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0751/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0751/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0751/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0751/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0786/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0786/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0786/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0786/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0787/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0787/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0787/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0787/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0788/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0788/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0788/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0788/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0789/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0789/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0789/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0789/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0790/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0790/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0790/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0790/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0791/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0791/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0791/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0791/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0792/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-0792/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0792/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-0792/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0794/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-0794/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0794/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-0794/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0824/3.18/0.patch b/Patches/Linux_CVEs/CVE-2017-0824/3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0824/3.18/0.patch rename to Patches/Linux_CVEs/CVE-2017-0824/3.18/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-0825/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-0825/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-0825/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-0825/3.10/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-1000251/3.0/2.patch b/Patches/Linux_CVEs/CVE-2017-1000251/3.0/2.patch new file mode 100644 index 00000000..352eafd2 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-1000251/3.0/2.patch @@ -0,0 +1,403 @@ +From 2e073d2001f354982b777a38d931002a62395de1 Mon Sep 17 00:00:00 2001 +From: Ben Seri +Date: Sat, 09 Sep 2017 23:15:59 +0200 +Subject: [PATCH] Bluetooth: Properly check L2CAP config option output buffer length + +Validate the output buffer length for L2CAP config requests and responses +to avoid overflowing the stack buffer used for building the option blocks. + +Change-Id: I7a0ff0b9dd0156c0e6383214a9c86e4ec4c0d236 +Cc: stable@vger.kernel.org +Signed-off-by: Ben Seri +Signed-off-by: Marcel Holtmann +Signed-off-by: Linus Torvalds +CVE-2017-1000251 +Signed-off-by: Kevin F. Haggerty +--- + +diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h +index ef5e849..b868343 100644 +--- a/include/net/bluetooth/l2cap.h ++++ b/include/net/bluetooth/l2cap.h +@@ -668,7 +668,7 @@ + + u8 l2cap_get_ident(struct l2cap_conn *conn); + void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data); +-int l2cap_build_conf_req(struct sock *sk, void *data); ++int l2cap_build_conf_req(struct sock *sk, void *data, size_t data_size); + int __l2cap_wait_ack(struct sock *sk); + + struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len); +diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c +index af0dcba..a4ab0ff 100644 +--- a/net/bluetooth/l2cap_core.c ++++ b/net/bluetooth/l2cap_core.c +@@ -910,7 +910,7 @@ + + l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; + l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, +- l2cap_build_conf_req(sk, buf), buf); ++ l2cap_build_conf_req(sk, buf, sizeof(buf)), buf); + l2cap_pi(sk)->num_conf_req++; + } + +@@ -2892,11 +2892,14 @@ + return len; + } + +-static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val) ++static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val, size_t size) + { + struct l2cap_conf_opt *opt = *ptr; + + BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val); ++ ++ if (size < L2CAP_CONF_OPT_SIZE + len) ++ return; + + opt->type = type; + opt->len = len; +@@ -3275,12 +3278,13 @@ + } + } + +-int l2cap_build_conf_req(struct sock *sk, void *data) ++int l2cap_build_conf_req(struct sock *sk, void *data, size_t data_size) + { + struct l2cap_pinfo *pi = l2cap_pi(sk); + struct l2cap_conf_req *req = data; + struct l2cap_conf_rfc rfc = { .mode = pi->mode }; + void *ptr = req->data; ++ void *endptr = data + data_size; + + BT_DBG("sk %p", sk); + +@@ -3301,7 +3305,7 @@ + + done: + if (pi->imtu != L2CAP_DEFAULT_MTU) +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu); ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu, endptr - ptr); + + switch (pi->mode) { + case L2CAP_MODE_BASIC: +@@ -3316,7 +3320,7 @@ + rfc.max_pdu_size = 0; + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), +- (unsigned long) &rfc); ++ (unsigned long) &rfc, endptr - ptr); + break; + + case L2CAP_MODE_ERTM: +@@ -3333,12 +3337,12 @@ + rfc.max_pdu_size = cpu_to_le16(pi->imtu); + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), +- (unsigned long) &rfc); ++ (unsigned long) &rfc, endptr - ptr); + + if ((pi->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW) && + pi->extended_control) { + l2cap_add_conf_opt(&ptr, L2CAP_CONF_EXT_WINDOW, 2, +- pi->tx_win); ++ pi->tx_win, endptr - ptr); + } + + if (pi->amp_id) { +@@ -3346,7 +3350,7 @@ + struct l2cap_conf_ext_fs fs = {1, 1, 0xFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}; + l2cap_add_conf_opt(&ptr, L2CAP_CONF_EXT_FS, +- sizeof(fs), (unsigned long) &fs); ++ sizeof(fs), (unsigned long) &fs, endptr - ptr); + } + + if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS)) +@@ -3355,7 +3359,7 @@ + if (pi->fcs == L2CAP_FCS_NONE || + pi->conf_state & L2CAP_CONF_NO_FCS_RECV) { + pi->fcs = L2CAP_FCS_NONE; +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs); ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs, endptr - ptr); + } + break; + +@@ -3369,11 +3373,11 @@ + rfc.max_pdu_size = cpu_to_le16(pi->imtu); + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), +- (unsigned long) &rfc); ++ (unsigned long) &rfc, endptr - ptr); + + if ((pi->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW) && + pi->extended_control) { +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_EXT_WINDOW, 2, 0); ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_EXT_WINDOW, 2, 0, endptr - ptr); + } + + if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS)) +@@ -3382,7 +3386,7 @@ + if (pi->fcs == L2CAP_FCS_NONE || + pi->conf_state & L2CAP_CONF_NO_FCS_RECV) { + pi->fcs = L2CAP_FCS_NONE; +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs); ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs, endptr - ptr); + } + break; + } +@@ -3394,12 +3398,13 @@ + } + + +-static int l2cap_build_amp_reconf_req(struct sock *sk, void *data) ++static int l2cap_build_amp_reconf_req(struct sock *sk, void *data, size_t data_size) + { + struct l2cap_pinfo *pi = l2cap_pi(sk); + struct l2cap_conf_req *req = data; + struct l2cap_conf_rfc rfc = { .mode = pi->mode }; + void *ptr = req->data; ++ void *endptr = data + data_size; + + BT_DBG("sk %p", sk); + +@@ -3420,7 +3425,7 @@ + } + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), +- (unsigned long) &rfc); ++ (unsigned long) &rfc, endptr - ptr); + + if (pi->conn->feat_mask & L2CAP_FEAT_FCS) { + /* TODO assign fcs for br/edr based on socket config option */ +@@ -3431,7 +3436,7 @@ + else + pi->local_conf.fcs = L2CAP_FCS_CRC16; + +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->local_conf.fcs); ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->local_conf.fcs, endptr - ptr); + pi->fcs = pi->local_conf.fcs | pi->remote_conf.fcs; + } + +@@ -3441,11 +3446,12 @@ + return ptr - data; + } + +-static int l2cap_parse_conf_req(struct sock *sk, void *data) ++static int l2cap_parse_conf_req(struct sock *sk, void *data, size_t data_size) + { + struct l2cap_pinfo *pi = l2cap_pi(sk); + struct l2cap_conf_rsp *rsp = data; + void *ptr = rsp->data; ++ void *endptr = data + data_size; + void *req = pi->conf_req; + int len = pi->conf_len; + int type, hint, olen; +@@ -3563,7 +3569,8 @@ + return -ECONNREFUSED; + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, +- sizeof(rfc), (unsigned long) &rfc); ++ sizeof(rfc), (unsigned long) &rfc, ++ endptr - ptr); + } + + +@@ -3583,7 +3590,7 @@ + pi->omtu = mtu; + pi->conf_state |= L2CAP_CONF_MTU_DONE; + } +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu); ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu, endptr - ptr); + + switch (rfc.mode) { + case L2CAP_MODE_BASIC: +@@ -3601,11 +3608,11 @@ + pi->conf_state |= L2CAP_CONF_MODE_DONE; + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, +- sizeof(rfc), (unsigned long) &rfc); ++ sizeof(rfc), (unsigned long) &rfc, endptr - ptr); + + if (pi->conf_state & L2CAP_CONF_LOCKSTEP) + l2cap_add_conf_opt(&ptr, L2CAP_CONF_EXT_FS, +- sizeof(fs), (unsigned long) &fs); ++ sizeof(fs), (unsigned long) &fs, endptr - ptr); + + break; + +@@ -3615,7 +3622,7 @@ + pi->conf_state |= L2CAP_CONF_MODE_DONE; + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, +- sizeof(rfc), (unsigned long) &rfc); ++ sizeof(rfc), (unsigned long) &rfc, endptr - ptr); + + break; + +@@ -3659,11 +3666,12 @@ + return ptr - data; + } + +-static int l2cap_parse_amp_move_reconf_req(struct sock *sk, void *data) ++static int l2cap_parse_amp_move_reconf_req(struct sock *sk, void *data, size_t data_size) + { + struct l2cap_pinfo *pi = l2cap_pi(sk); + struct l2cap_conf_rsp *rsp = data; + void *ptr = rsp->data; ++ void *endptr = data + data_size; + void *req = pi->conf_req; + int len = pi->conf_len; + int type, hint, olen; +@@ -3750,13 +3758,13 @@ + + BT_DBG("mtu %d omtu %d", mtu, pi->omtu); + +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu); ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu, endptr - ptr); + + /* Don't allow extended transmit window to change. */ + if (tx_win != pi->remote_tx_win) { + result = L2CAP_CONF_UNACCEPT; + l2cap_add_conf_opt(&ptr, L2CAP_CONF_EXT_WINDOW, 2, +- pi->remote_tx_win); ++ pi->remote_tx_win, endptr - ptr); + } + + pi->remote_mps = rfc.max_pdu_size; +@@ -3769,7 +3777,7 @@ + } + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, +- sizeof(rfc), (unsigned long) &rfc); ++ sizeof(rfc), (unsigned long) &rfc, endptr - ptr); + } + + if (result != L2CAP_CONF_SUCCESS) +@@ -3788,11 +3796,12 @@ + return ptr - data; + } + +-static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result) ++static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, size_t size, u16 *result) + { + struct l2cap_pinfo *pi = l2cap_pi(sk); + struct l2cap_conf_req *req = data; + void *ptr = req->data; ++ void *endptr = data + size; + int type, olen; + unsigned long val; + struct l2cap_conf_rfc rfc; +@@ -3815,13 +3824,13 @@ + pi->imtu = L2CAP_DEFAULT_MIN_MTU; + } else + pi->imtu = val; +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu); ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu, endptr - ptr); + break; + + case L2CAP_CONF_FLUSH_TO: + pi->flush_to = val; + l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, +- 2, pi->flush_to); ++ 2, pi->flush_to, endptr - ptr); + break; + + case L2CAP_CONF_RFC: +@@ -3835,7 +3844,7 @@ + pi->fcs = 0; + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, +- sizeof(rfc), (unsigned long) &rfc); ++ sizeof(rfc), (unsigned long) &rfc, endptr - ptr); + break; + + case L2CAP_CONF_EXT_WINDOW: +@@ -3845,7 +3854,7 @@ + pi->tx_win = L2CAP_TX_WIN_MAX_ENHANCED; + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_EXT_WINDOW, +- 2, pi->tx_win); ++ 2, pi->tx_win, endptr - ptr); + break; + + default: +@@ -4204,7 +4213,7 @@ + u8 buf[128]; + l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; + l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, +- l2cap_build_conf_req(sk, buf), buf); ++ l2cap_build_conf_req(sk, buf, sizeof(buf)), buf); + l2cap_pi(sk)->num_conf_req++; + } + +@@ -4255,7 +4264,7 @@ + l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; + + l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, +- l2cap_build_conf_req(sk, req), req); ++ l2cap_build_conf_req(sk, req, sizeof(req)), req); + l2cap_pi(sk)->num_conf_req++; + break; + +@@ -4359,9 +4368,9 @@ + + /* Complete config. */ + if (!amp_move_reconf) +- len = l2cap_parse_conf_req(sk, rspbuf); ++ len = l2cap_parse_conf_req(sk, rspbuf, sizeof(rspbuf)); + else +- len = l2cap_parse_amp_move_reconf_req(sk, rspbuf); ++ len = l2cap_parse_amp_move_reconf_req(sk, rspbuf, sizeof(rspbuf)); + + if (len < 0) { + l2cap_send_disconn_req(conn, sk, ECONNRESET); +@@ -4410,7 +4419,7 @@ + u8 buf[64]; + l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; + l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, +- l2cap_build_conf_req(sk, buf), buf); ++ l2cap_build_conf_req(sk, buf, sizeof(buf)), buf); + l2cap_pi(sk)->num_conf_req++; + } + +@@ -4506,7 +4515,7 @@ + /* throw out any old stored conf requests */ + result = L2CAP_CONF_SUCCESS; + len = l2cap_parse_conf_rsp(sk, rsp->data, +- len, req, &result); ++ len, req, sizeof(req), &result); + if (len < 0) { + l2cap_send_disconn_req(conn, sk, ECONNRESET); + goto done; +@@ -5306,7 +5315,7 @@ + l2cap_send_cmd(pi->conn, + l2cap_get_ident(pi->conn), + L2CAP_CONF_REQ, +- l2cap_build_conf_req(sk, buf), buf); ++ l2cap_build_conf_req(sk, buf, sizeof(buf)), buf); + l2cap_pi(sk)->num_conf_req++; + } + } else { +@@ -6870,7 +6879,7 @@ + pi = l2cap_pi(sk); + + l2cap_send_cmd(pi->conn, l2cap_get_ident(pi->conn), L2CAP_CONF_REQ, +- l2cap_build_amp_reconf_req(sk, buf), buf); ++ l2cap_build_amp_reconf_req(sk, buf, sizeof(buf)), buf); + return err; + } + +diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c +index 6e229d1..aa17999 100644 +--- a/net/bluetooth/l2cap_sock.c ++++ b/net/bluetooth/l2cap_sock.c +@@ -1031,7 +1031,7 @@ + + l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; + l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, +- l2cap_build_conf_req(sk, buf), buf); ++ l2cap_build_conf_req(sk, buf, sizeof(buf)), buf); + l2cap_pi(sk)->num_conf_req++; + + release_sock(sk); diff --git a/Patches/Linux_CVEs/CVE-2017-1000251/3.0/2.patch.base64 b/Patches/Linux_CVEs/CVE-2017-1000251/3.0/2.patch.base64 new file mode 100644 index 00000000..a84e7f2a --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-1000251/3.0/2.patch.base64 @@ -0,0 +1 @@ +RnJvbSAyZTA3M2QyMDAxZjM1NDk4MmI3NzdhMzhkOTMxMDAyYTYyMzk1ZGUxIE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBCZW4gU2VyaSA8YmVuQGFybWlzLmNvbT4KRGF0ZTogU2F0LCAwOSBTZXAgMjAxNyAyMzoxNTo1OSArMDIwMApTdWJqZWN0OiBbUEFUQ0hdIEJsdWV0b290aDogUHJvcGVybHkgY2hlY2sgTDJDQVAgY29uZmlnIG9wdGlvbiBvdXRwdXQgYnVmZmVyIGxlbmd0aAoKVmFsaWRhdGUgdGhlIG91dHB1dCBidWZmZXIgbGVuZ3RoIGZvciBMMkNBUCBjb25maWcgcmVxdWVzdHMgYW5kIHJlc3BvbnNlcwp0byBhdm9pZCBvdmVyZmxvd2luZyB0aGUgc3RhY2sgYnVmZmVyIHVzZWQgZm9yIGJ1aWxkaW5nIHRoZSBvcHRpb24gYmxvY2tzLgoKQ2hhbmdlLUlkOiBJN2EwZmYwYjlkZDAxNTZjMGU2MzgzMjE0YTljODZlNGVjNGMwZDIzNgpDYzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpTaWduZWQtb2ZmLWJ5OiBCZW4gU2VyaSA8YmVuQGFybWlzLmNvbT4KU2lnbmVkLW9mZi1ieTogTWFyY2VsIEhvbHRtYW5uIDxtYXJjZWxAaG9sdG1hbm4ub3JnPgpTaWduZWQtb2ZmLWJ5OiBMaW51cyBUb3J2YWxkcyA8dG9ydmFsZHNAbGludXgtZm91bmRhdGlvbi5vcmc+CkNWRS0yMDE3LTEwMDAyNTEKU2lnbmVkLW9mZi1ieTogS2V2aW4gRi4gSGFnZ2VydHkgPGhhZ2dlcnRrQGxpbmVhZ2Vvcy5vcmc+Ci0tLQoKZGlmZiAtLWdpdCBhL2luY2x1ZGUvbmV0L2JsdWV0b290aC9sMmNhcC5oIGIvaW5jbHVkZS9uZXQvYmx1ZXRvb3RoL2wyY2FwLmgKaW5kZXggZWY1ZTg0OS4uYjg2ODM0MyAxMDA2NDQKLS0tIGEvaW5jbHVkZS9uZXQvYmx1ZXRvb3RoL2wyY2FwLmgKKysrIGIvaW5jbHVkZS9uZXQvYmx1ZXRvb3RoL2wyY2FwLmgKQEAgLTY2OCw3ICs2NjgsNyBAQAogCiB1OCBsMmNhcF9nZXRfaWRlbnQoc3RydWN0IGwyY2FwX2Nvbm4gKmNvbm4pOwogdm9pZCBsMmNhcF9zZW5kX2NtZChzdHJ1Y3QgbDJjYXBfY29ubiAqY29ubiwgdTggaWRlbnQsIHU4IGNvZGUsIHUxNiBsZW4sIHZvaWQgKmRhdGEpOwotaW50IGwyY2FwX2J1aWxkX2NvbmZfcmVxKHN0cnVjdCBzb2NrICpzaywgdm9pZCAqZGF0YSk7CitpbnQgbDJjYXBfYnVpbGRfY29uZl9yZXEoc3RydWN0IHNvY2sgKnNrLCB2b2lkICpkYXRhLCBzaXplX3QgZGF0YV9zaXplKTsKIGludCBfX2wyY2FwX3dhaXRfYWNrKHN0cnVjdCBzb2NrICpzayk7CiAKIHN0cnVjdCBza19idWZmICpsMmNhcF9jcmVhdGVfY29ubmxlc3NfcGR1KHN0cnVjdCBzb2NrICpzaywgc3RydWN0IG1zZ2hkciAqbXNnLCBzaXplX3QgbGVuKTsKZGlmZiAtLWdpdCBhL25ldC9ibHVldG9vdGgvbDJjYXBfY29yZS5jIGIvbmV0L2JsdWV0b290aC9sMmNhcF9jb3JlLmMKaW5kZXggYWYwZGNiYS4uYTRhYjBmZiAxMDA2NDQKLS0tIGEvbmV0L2JsdWV0b290aC9sMmNhcF9jb3JlLmMKKysrIGIvbmV0L2JsdWV0b290aC9sMmNhcF9jb3JlLmMKQEAgLTkxMCw3ICs5MTAsNyBAQAogCiAJCQlsMmNhcF9waShzayktPmNvbmZfc3RhdGUgfD0gTDJDQVBfQ09ORl9SRVFfU0VOVDsKIAkJCWwyY2FwX3NlbmRfY21kKGNvbm4sIGwyY2FwX2dldF9pZGVudChjb25uKSwgTDJDQVBfQ09ORl9SRVEsCi0JCQkJCQlsMmNhcF9idWlsZF9jb25mX3JlcShzaywgYnVmKSwgYnVmKTsKKwkJCQkJCWwyY2FwX2J1aWxkX2NvbmZfcmVxKHNrLCBidWYsIHNpemVvZihidWYpKSwgYnVmKTsKIAkJCWwyY2FwX3BpKHNrKS0+bnVtX2NvbmZfcmVxKys7CiAJCX0KIApAQCAtMjg5MiwxMSArMjg5MiwxNCBAQAogCXJldHVybiBsZW47CiB9CiAKLXN0YXRpYyB2b2lkIGwyY2FwX2FkZF9jb25mX29wdCh2b2lkICoqcHRyLCB1OCB0eXBlLCB1OCBsZW4sIHVuc2lnbmVkIGxvbmcgdmFsKQorc3RhdGljIHZvaWQgbDJjYXBfYWRkX2NvbmZfb3B0KHZvaWQgKipwdHIsIHU4IHR5cGUsIHU4IGxlbiwgdW5zaWduZWQgbG9uZyB2YWwsIHNpemVfdCBzaXplKQogewogCXN0cnVjdCBsMmNhcF9jb25mX29wdCAqb3B0ID0gKnB0cjsKIAogCUJUX0RCRygidHlwZSAweCUyLjJ4IGxlbiAlZCB2YWwgMHglbHgiLCB0eXBlLCBsZW4sIHZhbCk7CisKKwlpZiAoc2l6ZSA8IEwyQ0FQX0NPTkZfT1BUX1NJWkUgKyBsZW4pCisJCXJldHVybjsKIAogCW9wdC0+dHlwZSA9IHR5cGU7CiAJb3B0LT5sZW4gID0gbGVuOwpAQCAtMzI3NSwxMiArMzI3OCwxMyBAQAogCX0KIH0KIAotaW50IGwyY2FwX2J1aWxkX2NvbmZfcmVxKHN0cnVjdCBzb2NrICpzaywgdm9pZCAqZGF0YSkKK2ludCBsMmNhcF9idWlsZF9jb25mX3JlcShzdHJ1Y3Qgc29jayAqc2ssIHZvaWQgKmRhdGEsIHNpemVfdCBkYXRhX3NpemUpCiB7CiAJc3RydWN0IGwyY2FwX3BpbmZvICpwaSA9IGwyY2FwX3BpKHNrKTsKIAlzdHJ1Y3QgbDJjYXBfY29uZl9yZXEgKnJlcSA9IGRhdGE7CiAJc3RydWN0IGwyY2FwX2NvbmZfcmZjIHJmYyA9IHsgLm1vZGUgPSBwaS0+bW9kZSB9OwogCXZvaWQgKnB0ciA9IHJlcS0+ZGF0YTsKKwl2b2lkICplbmRwdHIgPSBkYXRhICsgZGF0YV9zaXplOwogCiAJQlRfREJHKCJzayAlcCIsIHNrKTsKIApAQCAtMzMwMSw3ICszMzA1LDcgQEAKIAogZG9uZToKIAlpZiAocGktPmltdHUgIT0gTDJDQVBfREVGQVVMVF9NVFUpCi0JCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX01UVSwgMiwgcGktPmltdHUpOworCQlsMmNhcF9hZGRfY29uZl9vcHQoJnB0ciwgTDJDQVBfQ09ORl9NVFUsIDIsIHBpLT5pbXR1LCBlbmRwdHIgLSBwdHIpOwogCiAJc3dpdGNoIChwaS0+bW9kZSkgewogCWNhc2UgTDJDQVBfTU9ERV9CQVNJQzoKQEAgLTMzMTYsNyArMzMyMCw3IEBACiAJCXJmYy5tYXhfcGR1X3NpemUgICAgPSAwOwogCiAJCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX1JGQywgc2l6ZW9mKHJmYyksCi0JCQkJCQkJKHVuc2lnbmVkIGxvbmcpICZyZmMpOworCQkJCSAgICh1bnNpZ25lZCBsb25nKSAmcmZjLCBlbmRwdHIgLSBwdHIpOwogCQlicmVhazsKIAogCWNhc2UgTDJDQVBfTU9ERV9FUlRNOgpAQCAtMzMzMywxMiArMzMzNywxMiBAQAogCQkJcmZjLm1heF9wZHVfc2l6ZSA9IGNwdV90b19sZTE2KHBpLT5pbXR1KTsKIAogCQlsMmNhcF9hZGRfY29uZl9vcHQoJnB0ciwgTDJDQVBfQ09ORl9SRkMsIHNpemVvZihyZmMpLAotCQkJCQkJCSh1bnNpZ25lZCBsb25nKSAmcmZjKTsKKwkJCQkgICAodW5zaWduZWQgbG9uZykgJnJmYywgZW5kcHRyIC0gcHRyKTsKIAogCQlpZiAoKHBpLT5jb25uLT5mZWF0X21hc2sgJiBMMkNBUF9GRUFUX0VYVF9XSU5ET1cpICYmCiAJCQlwaS0+ZXh0ZW5kZWRfY29udHJvbCkgewogCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfRVhUX1dJTkRPVywgMiwKLQkJCQkJcGktPnR4X3dpbik7CisJCQkJCSAgIHBpLT50eF93aW4sIGVuZHB0ciAtIHB0cik7CiAJCX0KIAogCQlpZiAocGktPmFtcF9pZCkgewpAQCAtMzM0Niw3ICszMzUwLDcgQEAKIAkJCXN0cnVjdCBsMmNhcF9jb25mX2V4dF9mcyBmcyA9IHsxLCAxLCAweEZGRkYsCiAJCQkJCTB4RkZGRkZGRkYsIDB4RkZGRkZGRkYsIDB4RkZGRkZGRkZ9OwogCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfRVhUX0ZTLAotCQkJCXNpemVvZihmcyksICh1bnNpZ25lZCBsb25nKSAmZnMpOworCQkJCXNpemVvZihmcyksICh1bnNpZ25lZCBsb25nKSAmZnMsIGVuZHB0ciAtIHB0cik7CiAJCX0KIAogCQlpZiAoIShwaS0+Y29ubi0+ZmVhdF9tYXNrICYgTDJDQVBfRkVBVF9GQ1MpKQpAQCAtMzM1NSw3ICszMzU5LDcgQEAKIAkJaWYgKHBpLT5mY3MgPT0gTDJDQVBfRkNTX05PTkUgfHwKIAkJCQlwaS0+Y29uZl9zdGF0ZSAmIEwyQ0FQX0NPTkZfTk9fRkNTX1JFQ1YpIHsKIAkJCXBpLT5mY3MgPSBMMkNBUF9GQ1NfTk9ORTsKLQkJCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX0ZDUywgMSwgcGktPmZjcyk7CisJCQlsMmNhcF9hZGRfY29uZl9vcHQoJnB0ciwgTDJDQVBfQ09ORl9GQ1MsIDEsIHBpLT5mY3MsIGVuZHB0ciAtIHB0cik7CiAJCX0KIAkJYnJlYWs7CiAKQEAgLTMzNjksMTEgKzMzNzMsMTEgQEAKIAkJCXJmYy5tYXhfcGR1X3NpemUgPSBjcHVfdG9fbGUxNihwaS0+aW10dSk7CiAKIAkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfUkZDLCBzaXplb2YocmZjKSwKLQkJCQkJCQkodW5zaWduZWQgbG9uZykgJnJmYyk7CisJCQkJICAgKHVuc2lnbmVkIGxvbmcpICZyZmMsIGVuZHB0ciAtIHB0cik7CiAKIAkJaWYgKChwaS0+Y29ubi0+ZmVhdF9tYXNrICYgTDJDQVBfRkVBVF9FWFRfV0lORE9XKSAmJgogCQkJcGktPmV4dGVuZGVkX2NvbnRyb2wpIHsKLQkJCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX0VYVF9XSU5ET1csIDIsIDApOworCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfRVhUX1dJTkRPVywgMiwgMCwgZW5kcHRyIC0gcHRyKTsKIAkJfQogCiAJCWlmICghKHBpLT5jb25uLT5mZWF0X21hc2sgJiBMMkNBUF9GRUFUX0ZDUykpCkBAIC0zMzgyLDcgKzMzODYsNyBAQAogCQlpZiAocGktPmZjcyA9PSBMMkNBUF9GQ1NfTk9ORSB8fAogCQkJCXBpLT5jb25mX3N0YXRlICYgTDJDQVBfQ09ORl9OT19GQ1NfUkVDVikgewogCQkJcGktPmZjcyA9IEwyQ0FQX0ZDU19OT05FOwotCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfRkNTLCAxLCBwaS0+ZmNzKTsKKwkJCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX0ZDUywgMSwgcGktPmZjcywgZW5kcHRyIC0gcHRyKTsKIAkJfQogCQlicmVhazsKIAl9CkBAIC0zMzk0LDEyICszMzk4LDEzIEBACiB9CiAKIAotc3RhdGljIGludCBsMmNhcF9idWlsZF9hbXBfcmVjb25mX3JlcShzdHJ1Y3Qgc29jayAqc2ssIHZvaWQgKmRhdGEpCitzdGF0aWMgaW50IGwyY2FwX2J1aWxkX2FtcF9yZWNvbmZfcmVxKHN0cnVjdCBzb2NrICpzaywgdm9pZCAqZGF0YSwgc2l6ZV90IGRhdGFfc2l6ZSkKIHsKIAlzdHJ1Y3QgbDJjYXBfcGluZm8gKnBpID0gbDJjYXBfcGkoc2spOwogCXN0cnVjdCBsMmNhcF9jb25mX3JlcSAqcmVxID0gZGF0YTsKIAlzdHJ1Y3QgbDJjYXBfY29uZl9yZmMgcmZjID0geyAubW9kZSA9IHBpLT5tb2RlIH07CiAJdm9pZCAqcHRyID0gcmVxLT5kYXRhOworCXZvaWQgKmVuZHB0ciA9IGRhdGEgKyBkYXRhX3NpemU7CiAKIAlCVF9EQkcoInNrICVwIiwgc2spOwogCkBAIC0zNDIwLDcgKzM0MjUsNyBAQAogCX0KIAogCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX1JGQywgc2l6ZW9mKHJmYyksCi0JCQkJCQkodW5zaWduZWQgbG9uZykgJnJmYyk7CisJCQkgICAodW5zaWduZWQgbG9uZykgJnJmYywgZW5kcHRyIC0gcHRyKTsKIAogCWlmIChwaS0+Y29ubi0+ZmVhdF9tYXNrICYgTDJDQVBfRkVBVF9GQ1MpIHsKIAkJLyogVE9ETyBhc3NpZ24gZmNzIGZvciBici9lZHIgYmFzZWQgb24gc29ja2V0IGNvbmZpZyBvcHRpb24gKi8KQEAgLTM0MzEsNyArMzQzNiw3IEBACiAJCWVsc2UKIAkJCXBpLT5sb2NhbF9jb25mLmZjcyA9IEwyQ0FQX0ZDU19DUkMxNjsKIAotCQlsMmNhcF9hZGRfY29uZl9vcHQoJnB0ciwgTDJDQVBfQ09ORl9GQ1MsIDEsIHBpLT5sb2NhbF9jb25mLmZjcyk7CisJCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX0ZDUywgMSwgcGktPmxvY2FsX2NvbmYuZmNzLCBlbmRwdHIgLSBwdHIpOwogCQlwaS0+ZmNzID0gcGktPmxvY2FsX2NvbmYuZmNzIHwgcGktPnJlbW90ZV9jb25mLmZjczsKIAl9CiAKQEAgLTM0NDEsMTEgKzM0NDYsMTIgQEAKIAlyZXR1cm4gcHRyIC0gZGF0YTsKIH0KIAotc3RhdGljIGludCBsMmNhcF9wYXJzZV9jb25mX3JlcShzdHJ1Y3Qgc29jayAqc2ssIHZvaWQgKmRhdGEpCitzdGF0aWMgaW50IGwyY2FwX3BhcnNlX2NvbmZfcmVxKHN0cnVjdCBzb2NrICpzaywgdm9pZCAqZGF0YSwgc2l6ZV90IGRhdGFfc2l6ZSkKIHsKIAlzdHJ1Y3QgbDJjYXBfcGluZm8gKnBpID0gbDJjYXBfcGkoc2spOwogCXN0cnVjdCBsMmNhcF9jb25mX3JzcCAqcnNwID0gZGF0YTsKIAl2b2lkICpwdHIgPSByc3AtPmRhdGE7CisJdm9pZCAqZW5kcHRyID0gZGF0YSArIGRhdGFfc2l6ZTsKIAl2b2lkICpyZXEgPSBwaS0+Y29uZl9yZXE7CiAJaW50IGxlbiA9IHBpLT5jb25mX2xlbjsKIAlpbnQgdHlwZSwgaGludCwgb2xlbjsKQEAgLTM1NjMsNyArMzU2OSw4IEBACiAJCQlyZXR1cm4gLUVDT05OUkVGVVNFRDsKIAogCQlsMmNhcF9hZGRfY29uZl9vcHQoJnB0ciwgTDJDQVBfQ09ORl9SRkMsCi0JCQkJCXNpemVvZihyZmMpLCAodW5zaWduZWQgbG9uZykgJnJmYyk7CisJCQkJICAgc2l6ZW9mKHJmYyksICh1bnNpZ25lZCBsb25nKSAmcmZjLAorCQkJCSAgIGVuZHB0ciAtIHB0cik7CiAJfQogCiAKQEAgLTM1ODMsNyArMzU5MCw3IEBACiAJCQlwaS0+b210dSA9IG10dTsKIAkJCXBpLT5jb25mX3N0YXRlIHw9IEwyQ0FQX0NPTkZfTVRVX0RPTkU7CiAJCX0KLQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfTVRVLCAyLCBwaS0+b210dSk7CisJCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX01UVSwgMiwgcGktPm9tdHUsIGVuZHB0ciAtIHB0cik7CiAKIAkJc3dpdGNoIChyZmMubW9kZSkgewogCQljYXNlIEwyQ0FQX01PREVfQkFTSUM6CkBAIC0zNjAxLDExICszNjA4LDExIEBACiAJCQlwaS0+Y29uZl9zdGF0ZSB8PSBMMkNBUF9DT05GX01PREVfRE9ORTsKIAogCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfUkZDLAotCQkJCQlzaXplb2YocmZjKSwgKHVuc2lnbmVkIGxvbmcpICZyZmMpOworCQkJCQlzaXplb2YocmZjKSwgKHVuc2lnbmVkIGxvbmcpICZyZmMsIGVuZHB0ciAtIHB0cik7CiAKIAkJCWlmIChwaS0+Y29uZl9zdGF0ZSAmIEwyQ0FQX0NPTkZfTE9DS1NURVApCiAJCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfRVhUX0ZTLAotCQkJCQlzaXplb2YoZnMpLCAodW5zaWduZWQgbG9uZykgJmZzKTsKKwkJCQkJc2l6ZW9mKGZzKSwgKHVuc2lnbmVkIGxvbmcpICZmcywgZW5kcHRyIC0gcHRyKTsKIAogCQkJYnJlYWs7CiAKQEAgLTM2MTUsNyArMzYyMiw3IEBACiAJCQlwaS0+Y29uZl9zdGF0ZSB8PSBMMkNBUF9DT05GX01PREVfRE9ORTsKIAogCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfUkZDLAotCQkJCQlzaXplb2YocmZjKSwgKHVuc2lnbmVkIGxvbmcpICZyZmMpOworCQkJCQlzaXplb2YocmZjKSwgKHVuc2lnbmVkIGxvbmcpICZyZmMsIGVuZHB0ciAtIHB0cik7CiAKIAkJCWJyZWFrOwogCkBAIC0zNjU5LDExICszNjY2LDEyIEBACiAJcmV0dXJuIHB0ciAtIGRhdGE7CiB9CiAKLXN0YXRpYyBpbnQgbDJjYXBfcGFyc2VfYW1wX21vdmVfcmVjb25mX3JlcShzdHJ1Y3Qgc29jayAqc2ssIHZvaWQgKmRhdGEpCitzdGF0aWMgaW50IGwyY2FwX3BhcnNlX2FtcF9tb3ZlX3JlY29uZl9yZXEoc3RydWN0IHNvY2sgKnNrLCB2b2lkICpkYXRhLCBzaXplX3QgZGF0YV9zaXplKQogewogCXN0cnVjdCBsMmNhcF9waW5mbyAqcGkgPSBsMmNhcF9waShzayk7CiAJc3RydWN0IGwyY2FwX2NvbmZfcnNwICpyc3AgPSBkYXRhOwogCXZvaWQgKnB0ciA9IHJzcC0+ZGF0YTsKKwl2b2lkICplbmRwdHIgPSBkYXRhICsgZGF0YV9zaXplOwogCXZvaWQgKnJlcSA9IHBpLT5jb25mX3JlcTsKIAlpbnQgbGVuID0gcGktPmNvbmZfbGVuOwogCWludCB0eXBlLCBoaW50LCBvbGVuOwpAQCAtMzc1MCwxMyArMzc1OCwxMyBAQAogCiAJCUJUX0RCRygibXR1ICVkIG9tdHUgJWQiLCBtdHUsIHBpLT5vbXR1KTsKIAotCQlsMmNhcF9hZGRfY29uZl9vcHQoJnB0ciwgTDJDQVBfQ09ORl9NVFUsIDIsIHBpLT5vbXR1KTsKKwkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfTVRVLCAyLCBwaS0+b210dSwgZW5kcHRyIC0gcHRyKTsKIAogCQkvKiBEb24ndCBhbGxvdyBleHRlbmRlZCB0cmFuc21pdCB3aW5kb3cgdG8gY2hhbmdlLiAqLwogCQlpZiAodHhfd2luICE9IHBpLT5yZW1vdGVfdHhfd2luKSB7CiAJCQlyZXN1bHQgPSBMMkNBUF9DT05GX1VOQUNDRVBUOwogCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfRVhUX1dJTkRPVywgMiwKLQkJCQkJcGktPnJlbW90ZV90eF93aW4pOworCQkJCQlwaS0+cmVtb3RlX3R4X3dpbiwgZW5kcHRyIC0gcHRyKTsKIAkJfQogCiAJCXBpLT5yZW1vdGVfbXBzID0gcmZjLm1heF9wZHVfc2l6ZTsKQEAgLTM3NjksNyArMzc3Nyw3IEBACiAJCX0KIAogCQlsMmNhcF9hZGRfY29uZl9vcHQoJnB0ciwgTDJDQVBfQ09ORl9SRkMsCi0JCQkJCXNpemVvZihyZmMpLCAodW5zaWduZWQgbG9uZykgJnJmYyk7CisJCQkJCXNpemVvZihyZmMpLCAodW5zaWduZWQgbG9uZykgJnJmYywgZW5kcHRyIC0gcHRyKTsKIAl9CiAKIAlpZiAocmVzdWx0ICE9IEwyQ0FQX0NPTkZfU1VDQ0VTUykKQEAgLTM3ODgsMTEgKzM3OTYsMTIgQEAKIAlyZXR1cm4gcHRyIC0gZGF0YTsKIH0KIAotc3RhdGljIGludCBsMmNhcF9wYXJzZV9jb25mX3JzcChzdHJ1Y3Qgc29jayAqc2ssIHZvaWQgKnJzcCwgaW50IGxlbiwgdm9pZCAqZGF0YSwgdTE2ICpyZXN1bHQpCitzdGF0aWMgaW50IGwyY2FwX3BhcnNlX2NvbmZfcnNwKHN0cnVjdCBzb2NrICpzaywgdm9pZCAqcnNwLCBpbnQgbGVuLCB2b2lkICpkYXRhLCBzaXplX3Qgc2l6ZSwgdTE2ICpyZXN1bHQpCiB7CiAJc3RydWN0IGwyY2FwX3BpbmZvICpwaSA9IGwyY2FwX3BpKHNrKTsKIAlzdHJ1Y3QgbDJjYXBfY29uZl9yZXEgKnJlcSA9IGRhdGE7CiAJdm9pZCAqcHRyID0gcmVxLT5kYXRhOworCXZvaWQgKmVuZHB0ciA9IGRhdGEgKyBzaXplOwogCWludCB0eXBlLCBvbGVuOwogCXVuc2lnbmVkIGxvbmcgdmFsOwogCXN0cnVjdCBsMmNhcF9jb25mX3JmYyByZmM7CkBAIC0zODE1LDEzICszODI0LDEzIEBACiAJCQkJcGktPmltdHUgPSBMMkNBUF9ERUZBVUxUX01JTl9NVFU7CiAJCQl9IGVsc2UKIAkJCQlwaS0+aW10dSA9IHZhbDsKLQkJCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX01UVSwgMiwgcGktPmltdHUpOworCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfTVRVLCAyLCBwaS0+aW10dSwgZW5kcHRyIC0gcHRyKTsKIAkJCWJyZWFrOwogCiAJCWNhc2UgTDJDQVBfQ09ORl9GTFVTSF9UTzoKIAkJCXBpLT5mbHVzaF90byA9IHZhbDsKIAkJCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX0ZMVVNIX1RPLAotCQkJCQkJCTIsIHBpLT5mbHVzaF90byk7CisJCQkJCQkJMiwgcGktPmZsdXNoX3RvLCBlbmRwdHIgLSBwdHIpOwogCQkJYnJlYWs7CiAKIAkJY2FzZSBMMkNBUF9DT05GX1JGQzoKQEAgLTM4MzUsNyArMzg0NCw3IEBACiAJCQlwaS0+ZmNzID0gMDsKIAogCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfUkZDLAotCQkJCQlzaXplb2YocmZjKSwgKHVuc2lnbmVkIGxvbmcpICZyZmMpOworCQkJCQlzaXplb2YocmZjKSwgKHVuc2lnbmVkIGxvbmcpICZyZmMsIGVuZHB0ciAtIHB0cik7CiAJCQlicmVhazsKIAogCQljYXNlIEwyQ0FQX0NPTkZfRVhUX1dJTkRPVzoKQEAgLTM4NDUsNyArMzg1NCw3IEBACiAJCQkJcGktPnR4X3dpbiA9IEwyQ0FQX1RYX1dJTl9NQVhfRU5IQU5DRUQ7CiAKIAkJCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX0VYVF9XSU5ET1csCi0JCQkJCTIsIHBpLT50eF93aW4pOworCQkJCQkyLCBwaS0+dHhfd2luLCBlbmRwdHIgLSBwdHIpOwogCQkJYnJlYWs7CiAKIAkJZGVmYXVsdDoKQEAgLTQyMDQsNyArNDIxMyw3IEBACiAJCXU4IGJ1ZlsxMjhdOwogCQlsMmNhcF9waShzayktPmNvbmZfc3RhdGUgfD0gTDJDQVBfQ09ORl9SRVFfU0VOVDsKIAkJbDJjYXBfc2VuZF9jbWQoY29ubiwgbDJjYXBfZ2V0X2lkZW50KGNvbm4pLCBMMkNBUF9DT05GX1JFUSwKLQkJCQkJbDJjYXBfYnVpbGRfY29uZl9yZXEoc2ssIGJ1ZiksIGJ1Zik7CisJCQkJCWwyY2FwX2J1aWxkX2NvbmZfcmVxKHNrLCBidWYsIHNpemVvZihidWYpKSwgYnVmKTsKIAkJbDJjYXBfcGkoc2spLT5udW1fY29uZl9yZXErKzsKIAl9CiAKQEAgLTQyNTUsNyArNDI2NCw3IEBACiAJCWwyY2FwX3BpKHNrKS0+Y29uZl9zdGF0ZSB8PSBMMkNBUF9DT05GX1JFUV9TRU5UOwogCiAJCWwyY2FwX3NlbmRfY21kKGNvbm4sIGwyY2FwX2dldF9pZGVudChjb25uKSwgTDJDQVBfQ09ORl9SRVEsCi0JCQkJCWwyY2FwX2J1aWxkX2NvbmZfcmVxKHNrLCByZXEpLCByZXEpOworCQkJCQlsMmNhcF9idWlsZF9jb25mX3JlcShzaywgcmVxLCBzaXplb2YocmVxKSksIHJlcSk7CiAJCWwyY2FwX3BpKHNrKS0+bnVtX2NvbmZfcmVxKys7CiAJCWJyZWFrOwogCkBAIC00MzU5LDkgKzQzNjgsOSBAQAogCiAJLyogQ29tcGxldGUgY29uZmlnLiAqLwogCWlmICghYW1wX21vdmVfcmVjb25mKQotCQlsZW4gPSBsMmNhcF9wYXJzZV9jb25mX3JlcShzaywgcnNwYnVmKTsKKwkJbGVuID0gbDJjYXBfcGFyc2VfY29uZl9yZXEoc2ssIHJzcGJ1Ziwgc2l6ZW9mKHJzcGJ1ZikpOwogCWVsc2UKLQkJbGVuID0gbDJjYXBfcGFyc2VfYW1wX21vdmVfcmVjb25mX3JlcShzaywgcnNwYnVmKTsKKwkJbGVuID0gbDJjYXBfcGFyc2VfYW1wX21vdmVfcmVjb25mX3JlcShzaywgcnNwYnVmLCBzaXplb2YocnNwYnVmKSk7CiAKIAlpZiAobGVuIDwgMCkgewogCQlsMmNhcF9zZW5kX2Rpc2Nvbm5fcmVxKGNvbm4sIHNrLCBFQ09OTlJFU0VUKTsKQEAgLTQ0MTAsNyArNDQxOSw3IEBACiAJCXU4IGJ1Zls2NF07CiAJCWwyY2FwX3BpKHNrKS0+Y29uZl9zdGF0ZSB8PSBMMkNBUF9DT05GX1JFUV9TRU5UOwogCQlsMmNhcF9zZW5kX2NtZChjb25uLCBsMmNhcF9nZXRfaWRlbnQoY29ubiksIEwyQ0FQX0NPTkZfUkVRLAotCQkJCQlsMmNhcF9idWlsZF9jb25mX3JlcShzaywgYnVmKSwgYnVmKTsKKwkJCQkJbDJjYXBfYnVpbGRfY29uZl9yZXEoc2ssIGJ1Ziwgc2l6ZW9mKGJ1ZikpLCBidWYpOwogCQlsMmNhcF9waShzayktPm51bV9jb25mX3JlcSsrOwogCX0KIApAQCAtNDUwNiw3ICs0NTE1LDcgQEAKIAkJCS8qIHRocm93IG91dCBhbnkgb2xkIHN0b3JlZCBjb25mIHJlcXVlc3RzICovCiAJCQlyZXN1bHQgPSBMMkNBUF9DT05GX1NVQ0NFU1M7CiAJCQlsZW4gPSBsMmNhcF9wYXJzZV9jb25mX3JzcChzaywgcnNwLT5kYXRhLAotCQkJCQkJCWxlbiwgcmVxLCAmcmVzdWx0KTsKKwkJCQkJCQlsZW4sIHJlcSwgc2l6ZW9mKHJlcSksICZyZXN1bHQpOwogCQkJaWYgKGxlbiA8IDApIHsKIAkJCQlsMmNhcF9zZW5kX2Rpc2Nvbm5fcmVxKGNvbm4sIHNrLCBFQ09OTlJFU0VUKTsKIAkJCQlnb3RvIGRvbmU7CkBAIC01MzA2LDcgKzUzMTUsNyBAQAogCQkJCWwyY2FwX3NlbmRfY21kKHBpLT5jb25uLAogCQkJCQlsMmNhcF9nZXRfaWRlbnQocGktPmNvbm4pLAogCQkJCQlMMkNBUF9DT05GX1JFUSwKLQkJCQkJbDJjYXBfYnVpbGRfY29uZl9yZXEoc2ssIGJ1ZiksIGJ1Zik7CisJCQkJCWwyY2FwX2J1aWxkX2NvbmZfcmVxKHNrLCBidWYsIHNpemVvZihidWYpKSwgYnVmKTsKIAkJCQlsMmNhcF9waShzayktPm51bV9jb25mX3JlcSsrOwogCQkJfQogCQl9IGVsc2UgewpAQCAtNjg3MCw3ICs2ODc5LDcgQEAKIAlwaSA9IGwyY2FwX3BpKHNrKTsKIAogCWwyY2FwX3NlbmRfY21kKHBpLT5jb25uLCBsMmNhcF9nZXRfaWRlbnQocGktPmNvbm4pLCBMMkNBUF9DT05GX1JFUSwKLQkJCQlsMmNhcF9idWlsZF9hbXBfcmVjb25mX3JlcShzaywgYnVmKSwgYnVmKTsKKwkJCQlsMmNhcF9idWlsZF9hbXBfcmVjb25mX3JlcShzaywgYnVmLCBzaXplb2YoYnVmKSksIGJ1Zik7CiAJcmV0dXJuIGVycjsKIH0KIApkaWZmIC0tZ2l0IGEvbmV0L2JsdWV0b290aC9sMmNhcF9zb2NrLmMgYi9uZXQvYmx1ZXRvb3RoL2wyY2FwX3NvY2suYwppbmRleCA2ZTIyOWQxLi5hYTE3OTk5IDEwMDY0NAotLS0gYS9uZXQvYmx1ZXRvb3RoL2wyY2FwX3NvY2suYworKysgYi9uZXQvYmx1ZXRvb3RoL2wyY2FwX3NvY2suYwpAQCAtMTAzMSw3ICsxMDMxLDcgQEAKIAogCQlsMmNhcF9waShzayktPmNvbmZfc3RhdGUgfD0gTDJDQVBfQ09ORl9SRVFfU0VOVDsKIAkJbDJjYXBfc2VuZF9jbWQoY29ubiwgbDJjYXBfZ2V0X2lkZW50KGNvbm4pLCBMMkNBUF9DT05GX1JFUSwKLQkJCQlsMmNhcF9idWlsZF9jb25mX3JlcShzaywgYnVmKSwgYnVmKTsKKwkJCQlsMmNhcF9idWlsZF9jb25mX3JlcShzaywgYnVmLCBzaXplb2YoYnVmKSksIGJ1Zik7CiAJCWwyY2FwX3BpKHNrKS0+bnVtX2NvbmZfcmVxKys7CiAKIAkJcmVsZWFzZV9zb2NrKHNrKTsK \ No newline at end of file diff --git a/Patches/Linux_CVEs/CVE-2017-1000251/3.4/1.patch b/Patches/Linux_CVEs/CVE-2017-1000251/3.4/1.patch new file mode 100644 index 00000000..375cecb9 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-1000251/3.4/1.patch @@ -0,0 +1,411 @@ +From a8149a65c1db9c3980873a32e4a96331b7a61f5b Mon Sep 17 00:00:00 2001 +From: Ben Seri +Date: Sat, 09 Sep 2017 23:15:59 +0200 +Subject: [PATCH] Bluetooth: Properly check L2CAP config option output buffer length + +Validate the output buffer length for L2CAP config requests and responses +to avoid overflowing the stack buffer used for building the option blocks. + +Change-Id: I7a0ff0b9dd0156c0e6383214a9c86e4ec4c0d236 +Cc: stable@vger.kernel.org +Signed-off-by: Ben Seri +Signed-off-by: Marcel Holtmann +Signed-off-by: Linus Torvalds +CVE-2017-1000251 +Signed-off-by: Kevin F. Haggerty +--- + +diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h +index 9c2b735..8e281b4 100644 +--- a/include/net/bluetooth/l2cap.h ++++ b/include/net/bluetooth/l2cap.h +@@ -670,7 +670,7 @@ + + u8 l2cap_get_ident(struct l2cap_conn *conn); + void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data); +-int l2cap_build_conf_req(struct sock *sk, void *data); ++int l2cap_build_conf_req(struct sock *sk, void *data, size_t data_size); + int __l2cap_wait_ack(struct sock *sk); + + struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len); +diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c +index a554160..aba12f2 100644 +--- a/net/bluetooth/l2cap_core.c ++++ b/net/bluetooth/l2cap_core.c +@@ -926,7 +926,7 @@ + + l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; + l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, +- l2cap_build_conf_req(sk, buf), buf); ++ l2cap_build_conf_req(sk, buf, sizeof(buf)), buf); + l2cap_pi(sk)->num_conf_req++; + } + +@@ -2923,11 +2923,14 @@ + return len; + } + +-static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val) ++static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val, size_t size) + { + struct l2cap_conf_opt *opt = *ptr; + + BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val); ++ ++ if (size < L2CAP_CONF_OPT_SIZE + len) ++ return; + + opt->type = type; + opt->len = len; +@@ -3312,12 +3315,13 @@ + } + } + +-int l2cap_build_conf_req(struct sock *sk, void *data) ++int l2cap_build_conf_req(struct sock *sk, void *data, size_t data_size) + { + struct l2cap_pinfo *pi = l2cap_pi(sk); + struct l2cap_conf_req *req = data; + struct l2cap_conf_rfc rfc = { .mode = pi->mode }; + void *ptr = req->data; ++ void *endptr = data + data_size; + + BT_DBG("sk %p mode %d", sk, pi->mode); + +@@ -3338,7 +3342,7 @@ + + done: + if (pi->imtu != L2CAP_DEFAULT_MTU) +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu); ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu, endptr - ptr); + + switch (pi->mode) { + case L2CAP_MODE_BASIC: +@@ -3352,7 +3356,7 @@ + rfc.max_pdu_size = 0; + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), +- (unsigned long) &rfc); ++ (unsigned long) &rfc, endptr - ptr); + break; + + case L2CAP_MODE_ERTM: +@@ -3369,12 +3373,12 @@ + rfc.max_pdu_size = cpu_to_le16(pi->imtu); + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), +- (unsigned long) &rfc); ++ (unsigned long) &rfc, endptr - ptr); + + if ((pi->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW) && + pi->extended_control) { + l2cap_add_conf_opt(&ptr, L2CAP_CONF_EXT_WINDOW, 2, +- pi->tx_win); ++ pi->tx_win, endptr - ptr); + } + + if (pi->amp_id) { +@@ -3382,7 +3386,7 @@ + struct l2cap_conf_ext_fs fs = {1, 1, 0xFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}; + l2cap_add_conf_opt(&ptr, L2CAP_CONF_EXT_FS, +- sizeof(fs), (unsigned long) &fs); ++ sizeof(fs), (unsigned long) &fs, endptr - ptr); + } + + if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS)) +@@ -3391,7 +3395,7 @@ + if (pi->fcs == L2CAP_FCS_NONE || + pi->conf_state & L2CAP_CONF_NO_FCS_RECV) { + pi->fcs = L2CAP_FCS_NONE; +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs); ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs, endptr - ptr); + } + break; + +@@ -3406,11 +3410,11 @@ + rfc.max_pdu_size = cpu_to_le16(pi->imtu); + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), +- (unsigned long) &rfc); ++ (unsigned long) &rfc, endptr - ptr); + + if ((pi->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW) && + pi->extended_control) { +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_EXT_WINDOW, 2, 0); ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_EXT_WINDOW, 2, 0, endptr - ptr); + } + + if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS)) +@@ -3419,7 +3423,7 @@ + if (pi->fcs == L2CAP_FCS_NONE || + pi->conf_state & L2CAP_CONF_NO_FCS_RECV) { + pi->fcs = L2CAP_FCS_NONE; +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs); ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs, endptr - ptr); + } + break; + } +@@ -3431,12 +3435,13 @@ + } + + +-static int l2cap_build_amp_reconf_req(struct sock *sk, void *data) ++static int l2cap_build_amp_reconf_req(struct sock *sk, void *data, size_t data_size) + { + struct l2cap_pinfo *pi = l2cap_pi(sk); + struct l2cap_conf_req *req = data; + struct l2cap_conf_rfc rfc = { .mode = pi->mode }; + void *ptr = req->data; ++ void *endptr = data + data_size; + + BT_DBG("sk %p", sk); + +@@ -3457,7 +3462,7 @@ + } + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), +- (unsigned long) &rfc); ++ (unsigned long) &rfc, endptr - ptr); + + if (pi->conn->feat_mask & L2CAP_FEAT_FCS) { + /* TODO assign fcs for br/edr based on socket config option */ +@@ -3468,7 +3473,7 @@ + else + pi->local_conf.fcs = L2CAP_FCS_CRC16; + +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->local_conf.fcs); ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->local_conf.fcs, endptr - ptr); + pi->fcs = pi->local_conf.fcs | pi->remote_conf.fcs; + } + +@@ -3478,11 +3483,12 @@ + return ptr - data; + } + +-static int l2cap_parse_conf_req(struct sock *sk, void *data) ++static int l2cap_parse_conf_req(struct sock *sk, void *data, size_t data_size) + { + struct l2cap_pinfo *pi = l2cap_pi(sk); + struct l2cap_conf_rsp *rsp = data; + void *ptr = rsp->data; ++ void *endptr = data + data_size; + void *req = pi->conf_req; + int len = pi->conf_len; + int type, hint, olen; +@@ -3605,7 +3611,8 @@ + return -ECONNREFUSED; + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, +- sizeof(rfc), (unsigned long) &rfc); ++ sizeof(rfc), (unsigned long) &rfc, ++ endptr - ptr); + } + + +@@ -3624,7 +3631,7 @@ + pi->omtu = mtu; + pi->conf_state |= L2CAP_CONF_MTU_DONE; + } +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu); ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu, endptr - ptr); + + switch (rfc.mode) { + case L2CAP_MODE_BASIC: +@@ -3642,11 +3649,11 @@ + pi->conf_state |= L2CAP_CONF_MODE_DONE; + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, +- sizeof(rfc), (unsigned long) &rfc); ++ sizeof(rfc), (unsigned long) &rfc, endptr - ptr); + + if (pi->conf_state & L2CAP_CONF_LOCKSTEP) + l2cap_add_conf_opt(&ptr, L2CAP_CONF_EXT_FS, +- sizeof(fs), (unsigned long) &fs); ++ sizeof(fs), (unsigned long) &fs, endptr - ptr); + + break; + +@@ -3656,7 +3663,7 @@ + pi->conf_state |= L2CAP_CONF_MODE_DONE; + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, +- sizeof(rfc), (unsigned long) &rfc); ++ sizeof(rfc), (unsigned long) &rfc, endptr - ptr); + + break; + +@@ -3696,11 +3703,12 @@ + return ptr - data; + } + +-static int l2cap_parse_amp_move_reconf_req(struct sock *sk, void *data) ++static int l2cap_parse_amp_move_reconf_req(struct sock *sk, void *data, size_t data_size) + { + struct l2cap_pinfo *pi = l2cap_pi(sk); + struct l2cap_conf_rsp *rsp = data; + void *ptr = rsp->data; ++ void *endptr = data + data_size; + void *req = pi->conf_req; + int len = pi->conf_len; + int type, hint, olen; +@@ -3787,13 +3795,13 @@ + + BT_DBG("mtu %d omtu %d", mtu, pi->omtu); + +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu); ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu, endptr - ptr); + + /* Don't allow extended transmit window to change. */ + if (tx_win != pi->remote_tx_win) { + result = L2CAP_CONF_UNACCEPT; + l2cap_add_conf_opt(&ptr, L2CAP_CONF_EXT_WINDOW, 2, +- pi->remote_tx_win); ++ pi->remote_tx_win, endptr - ptr); + } + + pi->remote_mps = rfc.max_pdu_size; +@@ -3806,7 +3814,7 @@ + } + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, +- sizeof(rfc), (unsigned long) &rfc); ++ sizeof(rfc), (unsigned long) &rfc, endptr - ptr); + } + + if (result != L2CAP_CONF_SUCCESS) +@@ -3825,11 +3833,12 @@ + return ptr - data; + } + +-static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result) ++static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, size_t size, u16 *result) + { + struct l2cap_pinfo *pi = l2cap_pi(sk); + struct l2cap_conf_req *req = data; + void *ptr = req->data; ++ void *endptr = data + size; + int type, olen; + unsigned long val; + struct l2cap_conf_rfc rfc; +@@ -3852,13 +3861,13 @@ + pi->imtu = L2CAP_DEFAULT_MIN_MTU; + } else + pi->imtu = val; +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu); ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu, endptr - ptr); + break; + + case L2CAP_CONF_FLUSH_TO: + pi->flush_to = val; + l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, +- 2, pi->flush_to); ++ 2, pi->flush_to, endptr - ptr); + break; + + case L2CAP_CONF_RFC: +@@ -3872,14 +3881,14 @@ + pi->fcs = 0; + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, +- sizeof(rfc), (unsigned long) &rfc); ++ sizeof(rfc), (unsigned long) &rfc, endptr - ptr); + break; + + case L2CAP_CONF_EXT_WINDOW: + pi->ack_win = min_t(u16, val, pi->ack_win); + + l2cap_add_conf_opt(&ptr, L2CAP_CONF_EXT_WINDOW, +- 2, pi->tx_win); ++ 2, pi->tx_win, endptr - ptr); + break; + + default: +@@ -4262,7 +4271,7 @@ + u8 buf[128]; + l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; + l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, +- l2cap_build_conf_req(sk, buf), buf); ++ l2cap_build_conf_req(sk, buf, sizeof(buf)), buf); + l2cap_pi(sk)->num_conf_req++; + } + +@@ -4320,7 +4329,7 @@ + l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; + + l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, +- l2cap_build_conf_req(sk, req), req); ++ l2cap_build_conf_req(sk, req, sizeof(req)), req); + l2cap_pi(sk)->num_conf_req++; + break; + +@@ -4427,9 +4436,9 @@ + + /* Complete config. */ + if (!amp_move_reconf) +- len = l2cap_parse_conf_req(sk, rspbuf); ++ len = l2cap_parse_conf_req(sk, rspbuf, sizeof(rspbuf)); + else +- len = l2cap_parse_amp_move_reconf_req(sk, rspbuf); ++ len = l2cap_parse_amp_move_reconf_req(sk, rspbuf, sizeof(rspbuf)); + + if (len < 0) { + l2cap_send_disconn_req(conn, sk, ECONNRESET); +@@ -4478,7 +4487,7 @@ + u8 buf[64]; + l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; + l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, +- l2cap_build_conf_req(sk, buf), buf); ++ l2cap_build_conf_req(sk, buf, sizeof(buf)), buf); + l2cap_pi(sk)->num_conf_req++; + } + +@@ -4575,7 +4584,7 @@ + /* throw out any old stored conf requests */ + result = L2CAP_CONF_SUCCESS; + len = l2cap_parse_conf_rsp(sk, rsp->data, +- len, req, &result); ++ len, req, sizeof(req), &result); + if (len < 0) { + l2cap_send_disconn_req(conn, sk, ECONNRESET); + goto done; +@@ -5397,7 +5406,7 @@ + l2cap_send_cmd(pi->conn, + l2cap_get_ident(pi->conn), + L2CAP_CONF_REQ, +- l2cap_build_conf_req(sk, buf), buf); ++ l2cap_build_conf_req(sk, buf, sizeof(buf)), buf); + l2cap_pi(sk)->num_conf_req++; + } + } else { +@@ -6959,7 +6968,7 @@ + pi = l2cap_pi(sk); + + l2cap_send_cmd(pi->conn, l2cap_get_ident(pi->conn), L2CAP_CONF_REQ, +- l2cap_build_amp_reconf_req(sk, buf), buf); ++ l2cap_build_amp_reconf_req(sk, buf, sizeof(buf)), buf); + return err; + } + +@@ -7694,7 +7703,7 @@ + l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; + l2cap_send_cmd(conn, l2cap_get_ident(conn), + L2CAP_CONF_REQ, +- l2cap_build_conf_req(sk, buf), ++ l2cap_build_conf_req(sk, buf, sizeof(buf)), + buf); + l2cap_pi(sk)->num_conf_req++; + } +diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c +index 6da494f..baf1af7 100644 +--- a/net/bluetooth/l2cap_sock.c ++++ b/net/bluetooth/l2cap_sock.c +@@ -1036,7 +1036,7 @@ + + l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; + l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, +- l2cap_build_conf_req(sk, buf), buf); ++ l2cap_build_conf_req(sk, buf, sizeof(buf)), buf); + l2cap_pi(sk)->num_conf_req++; + + release_sock(sk); diff --git a/Patches/Linux_CVEs/CVE-2017-1000251/3.4/1.patch.base64 b/Patches/Linux_CVEs/CVE-2017-1000251/3.4/1.patch.base64 new file mode 100644 index 00000000..8fbe0c27 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-1000251/3.4/1.patch.base64 @@ -0,0 +1 @@ +RnJvbSBhODE0OWE2NWMxZGI5YzM5ODA4NzNhMzJlNGE5NjMzMWI3YTYxZjViIE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBCZW4gU2VyaSA8YmVuQGFybWlzLmNvbT4KRGF0ZTogU2F0LCAwOSBTZXAgMjAxNyAyMzoxNTo1OSArMDIwMApTdWJqZWN0OiBbUEFUQ0hdIEJsdWV0b290aDogUHJvcGVybHkgY2hlY2sgTDJDQVAgY29uZmlnIG9wdGlvbiBvdXRwdXQgYnVmZmVyIGxlbmd0aAoKVmFsaWRhdGUgdGhlIG91dHB1dCBidWZmZXIgbGVuZ3RoIGZvciBMMkNBUCBjb25maWcgcmVxdWVzdHMgYW5kIHJlc3BvbnNlcwp0byBhdm9pZCBvdmVyZmxvd2luZyB0aGUgc3RhY2sgYnVmZmVyIHVzZWQgZm9yIGJ1aWxkaW5nIHRoZSBvcHRpb24gYmxvY2tzLgoKQ2hhbmdlLUlkOiBJN2EwZmYwYjlkZDAxNTZjMGU2MzgzMjE0YTljODZlNGVjNGMwZDIzNgpDYzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpTaWduZWQtb2ZmLWJ5OiBCZW4gU2VyaSA8YmVuQGFybWlzLmNvbT4KU2lnbmVkLW9mZi1ieTogTWFyY2VsIEhvbHRtYW5uIDxtYXJjZWxAaG9sdG1hbm4ub3JnPgpTaWduZWQtb2ZmLWJ5OiBMaW51cyBUb3J2YWxkcyA8dG9ydmFsZHNAbGludXgtZm91bmRhdGlvbi5vcmc+CkNWRS0yMDE3LTEwMDAyNTEKU2lnbmVkLW9mZi1ieTogS2V2aW4gRi4gSGFnZ2VydHkgPGhhZ2dlcnRrQGxpbmVhZ2Vvcy5vcmc+Ci0tLQoKZGlmZiAtLWdpdCBhL2luY2x1ZGUvbmV0L2JsdWV0b290aC9sMmNhcC5oIGIvaW5jbHVkZS9uZXQvYmx1ZXRvb3RoL2wyY2FwLmgKaW5kZXggOWMyYjczNS4uOGUyODFiNCAxMDA2NDQKLS0tIGEvaW5jbHVkZS9uZXQvYmx1ZXRvb3RoL2wyY2FwLmgKKysrIGIvaW5jbHVkZS9uZXQvYmx1ZXRvb3RoL2wyY2FwLmgKQEAgLTY3MCw3ICs2NzAsNyBAQAogCiB1OCBsMmNhcF9nZXRfaWRlbnQoc3RydWN0IGwyY2FwX2Nvbm4gKmNvbm4pOwogdm9pZCBsMmNhcF9zZW5kX2NtZChzdHJ1Y3QgbDJjYXBfY29ubiAqY29ubiwgdTggaWRlbnQsIHU4IGNvZGUsIHUxNiBsZW4sIHZvaWQgKmRhdGEpOwotaW50IGwyY2FwX2J1aWxkX2NvbmZfcmVxKHN0cnVjdCBzb2NrICpzaywgdm9pZCAqZGF0YSk7CitpbnQgbDJjYXBfYnVpbGRfY29uZl9yZXEoc3RydWN0IHNvY2sgKnNrLCB2b2lkICpkYXRhLCBzaXplX3QgZGF0YV9zaXplKTsKIGludCBfX2wyY2FwX3dhaXRfYWNrKHN0cnVjdCBzb2NrICpzayk7CiAKIHN0cnVjdCBza19idWZmICpsMmNhcF9jcmVhdGVfY29ubmxlc3NfcGR1KHN0cnVjdCBzb2NrICpzaywgc3RydWN0IG1zZ2hkciAqbXNnLCBzaXplX3QgbGVuKTsKZGlmZiAtLWdpdCBhL25ldC9ibHVldG9vdGgvbDJjYXBfY29yZS5jIGIvbmV0L2JsdWV0b290aC9sMmNhcF9jb3JlLmMKaW5kZXggYTU1NDE2MC4uYWJhMTJmMiAxMDA2NDQKLS0tIGEvbmV0L2JsdWV0b290aC9sMmNhcF9jb3JlLmMKKysrIGIvbmV0L2JsdWV0b290aC9sMmNhcF9jb3JlLmMKQEAgLTkyNiw3ICs5MjYsNyBAQAogCiAJCQlsMmNhcF9waShzayktPmNvbmZfc3RhdGUgfD0gTDJDQVBfQ09ORl9SRVFfU0VOVDsKIAkJCWwyY2FwX3NlbmRfY21kKGNvbm4sIGwyY2FwX2dldF9pZGVudChjb25uKSwgTDJDQVBfQ09ORl9SRVEsCi0JCQkJCQlsMmNhcF9idWlsZF9jb25mX3JlcShzaywgYnVmKSwgYnVmKTsKKwkJCQkJCWwyY2FwX2J1aWxkX2NvbmZfcmVxKHNrLCBidWYsIHNpemVvZihidWYpKSwgYnVmKTsKIAkJCWwyY2FwX3BpKHNrKS0+bnVtX2NvbmZfcmVxKys7CiAJCX0KIApAQCAtMjkyMywxMSArMjkyMywxNCBAQAogCXJldHVybiBsZW47CiB9CiAKLXN0YXRpYyB2b2lkIGwyY2FwX2FkZF9jb25mX29wdCh2b2lkICoqcHRyLCB1OCB0eXBlLCB1OCBsZW4sIHVuc2lnbmVkIGxvbmcgdmFsKQorc3RhdGljIHZvaWQgbDJjYXBfYWRkX2NvbmZfb3B0KHZvaWQgKipwdHIsIHU4IHR5cGUsIHU4IGxlbiwgdW5zaWduZWQgbG9uZyB2YWwsIHNpemVfdCBzaXplKQogewogCXN0cnVjdCBsMmNhcF9jb25mX29wdCAqb3B0ID0gKnB0cjsKIAogCUJUX0RCRygidHlwZSAweCUyLjJ4IGxlbiAlZCB2YWwgMHglbHgiLCB0eXBlLCBsZW4sIHZhbCk7CisKKwlpZiAoc2l6ZSA8IEwyQ0FQX0NPTkZfT1BUX1NJWkUgKyBsZW4pCisJCXJldHVybjsKIAogCW9wdC0+dHlwZSA9IHR5cGU7CiAJb3B0LT5sZW4gID0gbGVuOwpAQCAtMzMxMiwxMiArMzMxNSwxMyBAQAogCX0KIH0KIAotaW50IGwyY2FwX2J1aWxkX2NvbmZfcmVxKHN0cnVjdCBzb2NrICpzaywgdm9pZCAqZGF0YSkKK2ludCBsMmNhcF9idWlsZF9jb25mX3JlcShzdHJ1Y3Qgc29jayAqc2ssIHZvaWQgKmRhdGEsIHNpemVfdCBkYXRhX3NpemUpCiB7CiAJc3RydWN0IGwyY2FwX3BpbmZvICpwaSA9IGwyY2FwX3BpKHNrKTsKIAlzdHJ1Y3QgbDJjYXBfY29uZl9yZXEgKnJlcSA9IGRhdGE7CiAJc3RydWN0IGwyY2FwX2NvbmZfcmZjIHJmYyA9IHsgLm1vZGUgPSBwaS0+bW9kZSB9OwogCXZvaWQgKnB0ciA9IHJlcS0+ZGF0YTsKKwl2b2lkICplbmRwdHIgPSBkYXRhICsgZGF0YV9zaXplOwogCiAJQlRfREJHKCJzayAlcCBtb2RlICVkIiwgc2ssIHBpLT5tb2RlKTsKIApAQCAtMzMzOCw3ICszMzQyLDcgQEAKIAogZG9uZToKIAlpZiAocGktPmltdHUgIT0gTDJDQVBfREVGQVVMVF9NVFUpCi0JCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX01UVSwgMiwgcGktPmltdHUpOworCQlsMmNhcF9hZGRfY29uZl9vcHQoJnB0ciwgTDJDQVBfQ09ORl9NVFUsIDIsIHBpLT5pbXR1LCBlbmRwdHIgLSBwdHIpOwogCiAJc3dpdGNoIChwaS0+bW9kZSkgewogCWNhc2UgTDJDQVBfTU9ERV9CQVNJQzoKQEAgLTMzNTIsNyArMzM1Niw3IEBACiAJCXJmYy5tYXhfcGR1X3NpemUgICAgPSAwOwogCiAJCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX1JGQywgc2l6ZW9mKHJmYyksCi0JCQkJCQkJKHVuc2lnbmVkIGxvbmcpICZyZmMpOworCQkJCSAgICh1bnNpZ25lZCBsb25nKSAmcmZjLCBlbmRwdHIgLSBwdHIpOwogCQlicmVhazsKIAogCWNhc2UgTDJDQVBfTU9ERV9FUlRNOgpAQCAtMzM2OSwxMiArMzM3MywxMiBAQAogCQkJcmZjLm1heF9wZHVfc2l6ZSA9IGNwdV90b19sZTE2KHBpLT5pbXR1KTsKIAogCQlsMmNhcF9hZGRfY29uZl9vcHQoJnB0ciwgTDJDQVBfQ09ORl9SRkMsIHNpemVvZihyZmMpLAotCQkJCQkJCSh1bnNpZ25lZCBsb25nKSAmcmZjKTsKKwkJCQkgICAodW5zaWduZWQgbG9uZykgJnJmYywgZW5kcHRyIC0gcHRyKTsKIAogCQlpZiAoKHBpLT5jb25uLT5mZWF0X21hc2sgJiBMMkNBUF9GRUFUX0VYVF9XSU5ET1cpICYmCiAJCQlwaS0+ZXh0ZW5kZWRfY29udHJvbCkgewogCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfRVhUX1dJTkRPVywgMiwKLQkJCQkJcGktPnR4X3dpbik7CisJCQkJCSAgIHBpLT50eF93aW4sIGVuZHB0ciAtIHB0cik7CiAJCX0KIAogCQlpZiAocGktPmFtcF9pZCkgewpAQCAtMzM4Miw3ICszMzg2LDcgQEAKIAkJCXN0cnVjdCBsMmNhcF9jb25mX2V4dF9mcyBmcyA9IHsxLCAxLCAweEZGRkYsCiAJCQkJCTB4RkZGRkZGRkYsIDB4RkZGRkZGRkYsIDB4RkZGRkZGRkZ9OwogCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfRVhUX0ZTLAotCQkJCXNpemVvZihmcyksICh1bnNpZ25lZCBsb25nKSAmZnMpOworCQkJCXNpemVvZihmcyksICh1bnNpZ25lZCBsb25nKSAmZnMsIGVuZHB0ciAtIHB0cik7CiAJCX0KIAogCQlpZiAoIShwaS0+Y29ubi0+ZmVhdF9tYXNrICYgTDJDQVBfRkVBVF9GQ1MpKQpAQCAtMzM5MSw3ICszMzk1LDcgQEAKIAkJaWYgKHBpLT5mY3MgPT0gTDJDQVBfRkNTX05PTkUgfHwKIAkJCQlwaS0+Y29uZl9zdGF0ZSAmIEwyQ0FQX0NPTkZfTk9fRkNTX1JFQ1YpIHsKIAkJCXBpLT5mY3MgPSBMMkNBUF9GQ1NfTk9ORTsKLQkJCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX0ZDUywgMSwgcGktPmZjcyk7CisJCQlsMmNhcF9hZGRfY29uZl9vcHQoJnB0ciwgTDJDQVBfQ09ORl9GQ1MsIDEsIHBpLT5mY3MsIGVuZHB0ciAtIHB0cik7CiAJCX0KIAkJYnJlYWs7CiAKQEAgLTM0MDYsMTEgKzM0MTAsMTEgQEAKIAkJCXJmYy5tYXhfcGR1X3NpemUgPSBjcHVfdG9fbGUxNihwaS0+aW10dSk7CiAKIAkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfUkZDLCBzaXplb2YocmZjKSwKLQkJCQkJCQkodW5zaWduZWQgbG9uZykgJnJmYyk7CisJCQkJICAgKHVuc2lnbmVkIGxvbmcpICZyZmMsIGVuZHB0ciAtIHB0cik7CiAKIAkJaWYgKChwaS0+Y29ubi0+ZmVhdF9tYXNrICYgTDJDQVBfRkVBVF9FWFRfV0lORE9XKSAmJgogCQkJcGktPmV4dGVuZGVkX2NvbnRyb2wpIHsKLQkJCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX0VYVF9XSU5ET1csIDIsIDApOworCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfRVhUX1dJTkRPVywgMiwgMCwgZW5kcHRyIC0gcHRyKTsKIAkJfQogCiAJCWlmICghKHBpLT5jb25uLT5mZWF0X21hc2sgJiBMMkNBUF9GRUFUX0ZDUykpCkBAIC0zNDE5LDcgKzM0MjMsNyBAQAogCQlpZiAocGktPmZjcyA9PSBMMkNBUF9GQ1NfTk9ORSB8fAogCQkJCXBpLT5jb25mX3N0YXRlICYgTDJDQVBfQ09ORl9OT19GQ1NfUkVDVikgewogCQkJcGktPmZjcyA9IEwyQ0FQX0ZDU19OT05FOwotCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfRkNTLCAxLCBwaS0+ZmNzKTsKKwkJCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX0ZDUywgMSwgcGktPmZjcywgZW5kcHRyIC0gcHRyKTsKIAkJfQogCQlicmVhazsKIAl9CkBAIC0zNDMxLDEyICszNDM1LDEzIEBACiB9CiAKIAotc3RhdGljIGludCBsMmNhcF9idWlsZF9hbXBfcmVjb25mX3JlcShzdHJ1Y3Qgc29jayAqc2ssIHZvaWQgKmRhdGEpCitzdGF0aWMgaW50IGwyY2FwX2J1aWxkX2FtcF9yZWNvbmZfcmVxKHN0cnVjdCBzb2NrICpzaywgdm9pZCAqZGF0YSwgc2l6ZV90IGRhdGFfc2l6ZSkKIHsKIAlzdHJ1Y3QgbDJjYXBfcGluZm8gKnBpID0gbDJjYXBfcGkoc2spOwogCXN0cnVjdCBsMmNhcF9jb25mX3JlcSAqcmVxID0gZGF0YTsKIAlzdHJ1Y3QgbDJjYXBfY29uZl9yZmMgcmZjID0geyAubW9kZSA9IHBpLT5tb2RlIH07CiAJdm9pZCAqcHRyID0gcmVxLT5kYXRhOworCXZvaWQgKmVuZHB0ciA9IGRhdGEgKyBkYXRhX3NpemU7CiAKIAlCVF9EQkcoInNrICVwIiwgc2spOwogCkBAIC0zNDU3LDcgKzM0NjIsNyBAQAogCX0KIAogCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX1JGQywgc2l6ZW9mKHJmYyksCi0JCQkJCQkodW5zaWduZWQgbG9uZykgJnJmYyk7CisJCQkgICAodW5zaWduZWQgbG9uZykgJnJmYywgZW5kcHRyIC0gcHRyKTsKIAogCWlmIChwaS0+Y29ubi0+ZmVhdF9tYXNrICYgTDJDQVBfRkVBVF9GQ1MpIHsKIAkJLyogVE9ETyBhc3NpZ24gZmNzIGZvciBici9lZHIgYmFzZWQgb24gc29ja2V0IGNvbmZpZyBvcHRpb24gKi8KQEAgLTM0NjgsNyArMzQ3Myw3IEBACiAJCWVsc2UKIAkJCXBpLT5sb2NhbF9jb25mLmZjcyA9IEwyQ0FQX0ZDU19DUkMxNjsKIAotCQlsMmNhcF9hZGRfY29uZl9vcHQoJnB0ciwgTDJDQVBfQ09ORl9GQ1MsIDEsIHBpLT5sb2NhbF9jb25mLmZjcyk7CisJCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX0ZDUywgMSwgcGktPmxvY2FsX2NvbmYuZmNzLCBlbmRwdHIgLSBwdHIpOwogCQlwaS0+ZmNzID0gcGktPmxvY2FsX2NvbmYuZmNzIHwgcGktPnJlbW90ZV9jb25mLmZjczsKIAl9CiAKQEAgLTM0NzgsMTEgKzM0ODMsMTIgQEAKIAlyZXR1cm4gcHRyIC0gZGF0YTsKIH0KIAotc3RhdGljIGludCBsMmNhcF9wYXJzZV9jb25mX3JlcShzdHJ1Y3Qgc29jayAqc2ssIHZvaWQgKmRhdGEpCitzdGF0aWMgaW50IGwyY2FwX3BhcnNlX2NvbmZfcmVxKHN0cnVjdCBzb2NrICpzaywgdm9pZCAqZGF0YSwgc2l6ZV90IGRhdGFfc2l6ZSkKIHsKIAlzdHJ1Y3QgbDJjYXBfcGluZm8gKnBpID0gbDJjYXBfcGkoc2spOwogCXN0cnVjdCBsMmNhcF9jb25mX3JzcCAqcnNwID0gZGF0YTsKIAl2b2lkICpwdHIgPSByc3AtPmRhdGE7CisJdm9pZCAqZW5kcHRyID0gZGF0YSArIGRhdGFfc2l6ZTsKIAl2b2lkICpyZXEgPSBwaS0+Y29uZl9yZXE7CiAJaW50IGxlbiA9IHBpLT5jb25mX2xlbjsKIAlpbnQgdHlwZSwgaGludCwgb2xlbjsKQEAgLTM2MDUsNyArMzYxMSw4IEBACiAJCQlyZXR1cm4gLUVDT05OUkVGVVNFRDsKIAogCQlsMmNhcF9hZGRfY29uZl9vcHQoJnB0ciwgTDJDQVBfQ09ORl9SRkMsCi0JCQkJCXNpemVvZihyZmMpLCAodW5zaWduZWQgbG9uZykgJnJmYyk7CisJCQkJICAgc2l6ZW9mKHJmYyksICh1bnNpZ25lZCBsb25nKSAmcmZjLAorCQkJCSAgIGVuZHB0ciAtIHB0cik7CiAJfQogCiAKQEAgLTM2MjQsNyArMzYzMSw3IEBACiAJCQlwaS0+b210dSA9IG10dTsKIAkJCXBpLT5jb25mX3N0YXRlIHw9IEwyQ0FQX0NPTkZfTVRVX0RPTkU7CiAJCX0KLQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfTVRVLCAyLCBwaS0+b210dSk7CisJCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX01UVSwgMiwgcGktPm9tdHUsIGVuZHB0ciAtIHB0cik7CiAKIAkJc3dpdGNoIChyZmMubW9kZSkgewogCQljYXNlIEwyQ0FQX01PREVfQkFTSUM6CkBAIC0zNjQyLDExICszNjQ5LDExIEBACiAJCQlwaS0+Y29uZl9zdGF0ZSB8PSBMMkNBUF9DT05GX01PREVfRE9ORTsKIAogCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfUkZDLAotCQkJCQlzaXplb2YocmZjKSwgKHVuc2lnbmVkIGxvbmcpICZyZmMpOworCQkJCQlzaXplb2YocmZjKSwgKHVuc2lnbmVkIGxvbmcpICZyZmMsIGVuZHB0ciAtIHB0cik7CiAKIAkJCWlmIChwaS0+Y29uZl9zdGF0ZSAmIEwyQ0FQX0NPTkZfTE9DS1NURVApCiAJCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfRVhUX0ZTLAotCQkJCQlzaXplb2YoZnMpLCAodW5zaWduZWQgbG9uZykgJmZzKTsKKwkJCQkJc2l6ZW9mKGZzKSwgKHVuc2lnbmVkIGxvbmcpICZmcywgZW5kcHRyIC0gcHRyKTsKIAogCQkJYnJlYWs7CiAKQEAgLTM2NTYsNyArMzY2Myw3IEBACiAJCQlwaS0+Y29uZl9zdGF0ZSB8PSBMMkNBUF9DT05GX01PREVfRE9ORTsKIAogCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfUkZDLAotCQkJCQlzaXplb2YocmZjKSwgKHVuc2lnbmVkIGxvbmcpICZyZmMpOworCQkJCQlzaXplb2YocmZjKSwgKHVuc2lnbmVkIGxvbmcpICZyZmMsIGVuZHB0ciAtIHB0cik7CiAKIAkJCWJyZWFrOwogCkBAIC0zNjk2LDExICszNzAzLDEyIEBACiAJcmV0dXJuIHB0ciAtIGRhdGE7CiB9CiAKLXN0YXRpYyBpbnQgbDJjYXBfcGFyc2VfYW1wX21vdmVfcmVjb25mX3JlcShzdHJ1Y3Qgc29jayAqc2ssIHZvaWQgKmRhdGEpCitzdGF0aWMgaW50IGwyY2FwX3BhcnNlX2FtcF9tb3ZlX3JlY29uZl9yZXEoc3RydWN0IHNvY2sgKnNrLCB2b2lkICpkYXRhLCBzaXplX3QgZGF0YV9zaXplKQogewogCXN0cnVjdCBsMmNhcF9waW5mbyAqcGkgPSBsMmNhcF9waShzayk7CiAJc3RydWN0IGwyY2FwX2NvbmZfcnNwICpyc3AgPSBkYXRhOwogCXZvaWQgKnB0ciA9IHJzcC0+ZGF0YTsKKwl2b2lkICplbmRwdHIgPSBkYXRhICsgZGF0YV9zaXplOwogCXZvaWQgKnJlcSA9IHBpLT5jb25mX3JlcTsKIAlpbnQgbGVuID0gcGktPmNvbmZfbGVuOwogCWludCB0eXBlLCBoaW50LCBvbGVuOwpAQCAtMzc4NywxMyArMzc5NSwxMyBAQAogCiAJCUJUX0RCRygibXR1ICVkIG9tdHUgJWQiLCBtdHUsIHBpLT5vbXR1KTsKIAotCQlsMmNhcF9hZGRfY29uZl9vcHQoJnB0ciwgTDJDQVBfQ09ORl9NVFUsIDIsIHBpLT5vbXR1KTsKKwkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfTVRVLCAyLCBwaS0+b210dSwgZW5kcHRyIC0gcHRyKTsKIAogCQkvKiBEb24ndCBhbGxvdyBleHRlbmRlZCB0cmFuc21pdCB3aW5kb3cgdG8gY2hhbmdlLiAqLwogCQlpZiAodHhfd2luICE9IHBpLT5yZW1vdGVfdHhfd2luKSB7CiAJCQlyZXN1bHQgPSBMMkNBUF9DT05GX1VOQUNDRVBUOwogCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfRVhUX1dJTkRPVywgMiwKLQkJCQkJcGktPnJlbW90ZV90eF93aW4pOworCQkJCQlwaS0+cmVtb3RlX3R4X3dpbiwgZW5kcHRyIC0gcHRyKTsKIAkJfQogCiAJCXBpLT5yZW1vdGVfbXBzID0gcmZjLm1heF9wZHVfc2l6ZTsKQEAgLTM4MDYsNyArMzgxNCw3IEBACiAJCX0KIAogCQlsMmNhcF9hZGRfY29uZl9vcHQoJnB0ciwgTDJDQVBfQ09ORl9SRkMsCi0JCQkJCXNpemVvZihyZmMpLCAodW5zaWduZWQgbG9uZykgJnJmYyk7CisJCQkJCXNpemVvZihyZmMpLCAodW5zaWduZWQgbG9uZykgJnJmYywgZW5kcHRyIC0gcHRyKTsKIAl9CiAKIAlpZiAocmVzdWx0ICE9IEwyQ0FQX0NPTkZfU1VDQ0VTUykKQEAgLTM4MjUsMTEgKzM4MzMsMTIgQEAKIAlyZXR1cm4gcHRyIC0gZGF0YTsKIH0KIAotc3RhdGljIGludCBsMmNhcF9wYXJzZV9jb25mX3JzcChzdHJ1Y3Qgc29jayAqc2ssIHZvaWQgKnJzcCwgaW50IGxlbiwgdm9pZCAqZGF0YSwgdTE2ICpyZXN1bHQpCitzdGF0aWMgaW50IGwyY2FwX3BhcnNlX2NvbmZfcnNwKHN0cnVjdCBzb2NrICpzaywgdm9pZCAqcnNwLCBpbnQgbGVuLCB2b2lkICpkYXRhLCBzaXplX3Qgc2l6ZSwgdTE2ICpyZXN1bHQpCiB7CiAJc3RydWN0IGwyY2FwX3BpbmZvICpwaSA9IGwyY2FwX3BpKHNrKTsKIAlzdHJ1Y3QgbDJjYXBfY29uZl9yZXEgKnJlcSA9IGRhdGE7CiAJdm9pZCAqcHRyID0gcmVxLT5kYXRhOworCXZvaWQgKmVuZHB0ciA9IGRhdGEgKyBzaXplOwogCWludCB0eXBlLCBvbGVuOwogCXVuc2lnbmVkIGxvbmcgdmFsOwogCXN0cnVjdCBsMmNhcF9jb25mX3JmYyByZmM7CkBAIC0zODUyLDEzICszODYxLDEzIEBACiAJCQkJcGktPmltdHUgPSBMMkNBUF9ERUZBVUxUX01JTl9NVFU7CiAJCQl9IGVsc2UKIAkJCQlwaS0+aW10dSA9IHZhbDsKLQkJCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX01UVSwgMiwgcGktPmltdHUpOworCQkJbDJjYXBfYWRkX2NvbmZfb3B0KCZwdHIsIEwyQ0FQX0NPTkZfTVRVLCAyLCBwaS0+aW10dSwgZW5kcHRyIC0gcHRyKTsKIAkJCWJyZWFrOwogCiAJCWNhc2UgTDJDQVBfQ09ORl9GTFVTSF9UTzoKIAkJCXBpLT5mbHVzaF90byA9IHZhbDsKIAkJCWwyY2FwX2FkZF9jb25mX29wdCgmcHRyLCBMMkNBUF9DT05GX0ZMVVNIX1RPLAotCQkJCQkJCTIsIHBpLT5mbHVzaF90byk7CisJCQkJCQkJMiwgcGktPmZsdXNoX3RvLCBlbmRwdHIgLSBwdHIpOwogCQkJYnJlYWs7CiAKIAkJY2FzZSBMMkNBUF9DT05GX1JGQzoKQEAgLTM4NzIsMTQgKzM4ODEsMTQgQEAKIAkJCXBpLT5mY3MgPSAwOwogCiAJCQlsMmNhcF9hZGRfY29uZl9vcHQoJnB0ciwgTDJDQVBfQ09ORl9SRkMsCi0JCQkJCXNpemVvZihyZmMpLCAodW5zaWduZWQgbG9uZykgJnJmYyk7CisJCQkJCXNpemVvZihyZmMpLCAodW5zaWduZWQgbG9uZykgJnJmYywgZW5kcHRyIC0gcHRyKTsKIAkJCWJyZWFrOwogCiAJCWNhc2UgTDJDQVBfQ09ORl9FWFRfV0lORE9XOgogCQkJcGktPmFja193aW4gPSBtaW5fdCh1MTYsIHZhbCwgcGktPmFja193aW4pOwogCiAJCQlsMmNhcF9hZGRfY29uZl9vcHQoJnB0ciwgTDJDQVBfQ09ORl9FWFRfV0lORE9XLAotCQkJCQkyLCBwaS0+dHhfd2luKTsKKwkJCQkJMiwgcGktPnR4X3dpbiwgZW5kcHRyIC0gcHRyKTsKIAkJCWJyZWFrOwogCiAJCWRlZmF1bHQ6CkBAIC00MjYyLDcgKzQyNzEsNyBAQAogCQl1OCBidWZbMTI4XTsKIAkJbDJjYXBfcGkoc2spLT5jb25mX3N0YXRlIHw9IEwyQ0FQX0NPTkZfUkVRX1NFTlQ7CiAJCWwyY2FwX3NlbmRfY21kKGNvbm4sIGwyY2FwX2dldF9pZGVudChjb25uKSwgTDJDQVBfQ09ORl9SRVEsCi0JCQkJCWwyY2FwX2J1aWxkX2NvbmZfcmVxKHNrLCBidWYpLCBidWYpOworCQkJCQlsMmNhcF9idWlsZF9jb25mX3JlcShzaywgYnVmLCBzaXplb2YoYnVmKSksIGJ1Zik7CiAJCWwyY2FwX3BpKHNrKS0+bnVtX2NvbmZfcmVxKys7CiAJfQogCkBAIC00MzIwLDcgKzQzMjksNyBAQAogCQlsMmNhcF9waShzayktPmNvbmZfc3RhdGUgfD0gTDJDQVBfQ09ORl9SRVFfU0VOVDsKIAogCQlsMmNhcF9zZW5kX2NtZChjb25uLCBsMmNhcF9nZXRfaWRlbnQoY29ubiksIEwyQ0FQX0NPTkZfUkVRLAotCQkJCQlsMmNhcF9idWlsZF9jb25mX3JlcShzaywgcmVxKSwgcmVxKTsKKwkJCQkJbDJjYXBfYnVpbGRfY29uZl9yZXEoc2ssIHJlcSwgc2l6ZW9mKHJlcSkpLCByZXEpOwogCQlsMmNhcF9waShzayktPm51bV9jb25mX3JlcSsrOwogCQlicmVhazsKIApAQCAtNDQyNyw5ICs0NDM2LDkgQEAKIAogCS8qIENvbXBsZXRlIGNvbmZpZy4gKi8KIAlpZiAoIWFtcF9tb3ZlX3JlY29uZikKLQkJbGVuID0gbDJjYXBfcGFyc2VfY29uZl9yZXEoc2ssIHJzcGJ1Zik7CisJCWxlbiA9IGwyY2FwX3BhcnNlX2NvbmZfcmVxKHNrLCByc3BidWYsIHNpemVvZihyc3BidWYpKTsKIAllbHNlCi0JCWxlbiA9IGwyY2FwX3BhcnNlX2FtcF9tb3ZlX3JlY29uZl9yZXEoc2ssIHJzcGJ1Zik7CisJCWxlbiA9IGwyY2FwX3BhcnNlX2FtcF9tb3ZlX3JlY29uZl9yZXEoc2ssIHJzcGJ1Ziwgc2l6ZW9mKHJzcGJ1ZikpOwogCiAJaWYgKGxlbiA8IDApIHsKIAkJbDJjYXBfc2VuZF9kaXNjb25uX3JlcShjb25uLCBzaywgRUNPTk5SRVNFVCk7CkBAIC00NDc4LDcgKzQ0ODcsNyBAQAogCQl1OCBidWZbNjRdOwogCQlsMmNhcF9waShzayktPmNvbmZfc3RhdGUgfD0gTDJDQVBfQ09ORl9SRVFfU0VOVDsKIAkJbDJjYXBfc2VuZF9jbWQoY29ubiwgbDJjYXBfZ2V0X2lkZW50KGNvbm4pLCBMMkNBUF9DT05GX1JFUSwKLQkJCQkJbDJjYXBfYnVpbGRfY29uZl9yZXEoc2ssIGJ1ZiksIGJ1Zik7CisJCQkJCWwyY2FwX2J1aWxkX2NvbmZfcmVxKHNrLCBidWYsIHNpemVvZihidWYpKSwgYnVmKTsKIAkJbDJjYXBfcGkoc2spLT5udW1fY29uZl9yZXErKzsKIAl9CiAKQEAgLTQ1NzUsNyArNDU4NCw3IEBACiAJCQkvKiB0aHJvdyBvdXQgYW55IG9sZCBzdG9yZWQgY29uZiByZXF1ZXN0cyAqLwogCQkJcmVzdWx0ID0gTDJDQVBfQ09ORl9TVUNDRVNTOwogCQkJbGVuID0gbDJjYXBfcGFyc2VfY29uZl9yc3Aoc2ssIHJzcC0+ZGF0YSwKLQkJCQkJCQlsZW4sIHJlcSwgJnJlc3VsdCk7CisJCQkJCQkJbGVuLCByZXEsIHNpemVvZihyZXEpLCAmcmVzdWx0KTsKIAkJCWlmIChsZW4gPCAwKSB7CiAJCQkJbDJjYXBfc2VuZF9kaXNjb25uX3JlcShjb25uLCBzaywgRUNPTk5SRVNFVCk7CiAJCQkJZ290byBkb25lOwpAQCAtNTM5Nyw3ICs1NDA2LDcgQEAKIAkJCQlsMmNhcF9zZW5kX2NtZChwaS0+Y29ubiwKIAkJCQkJbDJjYXBfZ2V0X2lkZW50KHBpLT5jb25uKSwKIAkJCQkJTDJDQVBfQ09ORl9SRVEsCi0JCQkJCWwyY2FwX2J1aWxkX2NvbmZfcmVxKHNrLCBidWYpLCBidWYpOworCQkJCQlsMmNhcF9idWlsZF9jb25mX3JlcShzaywgYnVmLCBzaXplb2YoYnVmKSksIGJ1Zik7CiAJCQkJbDJjYXBfcGkoc2spLT5udW1fY29uZl9yZXErKzsKIAkJCX0KIAkJfSBlbHNlIHsKQEAgLTY5NTksNyArNjk2OCw3IEBACiAJcGkgPSBsMmNhcF9waShzayk7CiAKIAlsMmNhcF9zZW5kX2NtZChwaS0+Y29ubiwgbDJjYXBfZ2V0X2lkZW50KHBpLT5jb25uKSwgTDJDQVBfQ09ORl9SRVEsCi0JCQkJbDJjYXBfYnVpbGRfYW1wX3JlY29uZl9yZXEoc2ssIGJ1ZiksIGJ1Zik7CisJCQkJbDJjYXBfYnVpbGRfYW1wX3JlY29uZl9yZXEoc2ssIGJ1Ziwgc2l6ZW9mKGJ1ZikpLCBidWYpOwogCXJldHVybiBlcnI7CiB9CiAKQEAgLTc2OTQsNyArNzcwMyw3IEBACiAJCQkJbDJjYXBfcGkoc2spLT5jb25mX3N0YXRlIHw9IEwyQ0FQX0NPTkZfUkVRX1NFTlQ7CiAJCQkJbDJjYXBfc2VuZF9jbWQoY29ubiwgbDJjYXBfZ2V0X2lkZW50KGNvbm4pLAogCQkJCQkgICAgICAgTDJDQVBfQ09ORl9SRVEsCi0JCQkJCSAgICAgICBsMmNhcF9idWlsZF9jb25mX3JlcShzaywgYnVmKSwKKwkJCQkJICAgICAgIGwyY2FwX2J1aWxkX2NvbmZfcmVxKHNrLCBidWYsIHNpemVvZihidWYpKSwKIAkJCQkJICAgICAgIGJ1Zik7CiAJCQkJbDJjYXBfcGkoc2spLT5udW1fY29uZl9yZXErKzsKIAkJCX0KZGlmZiAtLWdpdCBhL25ldC9ibHVldG9vdGgvbDJjYXBfc29jay5jIGIvbmV0L2JsdWV0b290aC9sMmNhcF9zb2NrLmMKaW5kZXggNmRhNDk0Zi4uYmFmMWFmNyAxMDA2NDQKLS0tIGEvbmV0L2JsdWV0b290aC9sMmNhcF9zb2NrLmMKKysrIGIvbmV0L2JsdWV0b290aC9sMmNhcF9zb2NrLmMKQEAgLTEwMzYsNyArMTAzNiw3IEBACiAKIAkJbDJjYXBfcGkoc2spLT5jb25mX3N0YXRlIHw9IEwyQ0FQX0NPTkZfUkVRX1NFTlQ7CiAJCWwyY2FwX3NlbmRfY21kKGNvbm4sIGwyY2FwX2dldF9pZGVudChjb25uKSwgTDJDQVBfQ09ORl9SRVEsCi0JCQkJbDJjYXBfYnVpbGRfY29uZl9yZXEoc2ssIGJ1ZiksIGJ1Zik7CisJCQkJbDJjYXBfYnVpbGRfY29uZl9yZXEoc2ssIGJ1Ziwgc2l6ZW9mKGJ1ZikpLCBidWYpOwogCQlsMmNhcF9waShzayktPm51bV9jb25mX3JlcSsrOwogCiAJCXJlbGVhc2Vfc29jayhzayk7Cg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-1000251/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-1000251/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-1000251/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-1000251/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-1000364/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-1000364/3.10/0.patch new file mode 100644 index 00000000..3c057152 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-1000364/3.10/0.patch @@ -0,0 +1,47 @@ +From 1b92e2fd0b29a21ef3a6a5cd80328730aa6a4bc6 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Mon, 19 Jun 2017 17:34:05 +0200 +Subject: [PATCH] Allow stack to grow up to address space limit + +commit bd726c90b6b8ce87602208701b208a208e6d5600 upstream. + +Fix expand_upwards() on architectures with an upward-growing stack (parisc, +metag and partly IA-64) to allow the stack to reliably grow exactly up to +the address space limit given by TASK_SIZE. + +Change-Id: I911e49b27d519aae257bf57cadff303e25872a14 +Signed-off-by: Helge Deller +Acked-by: Hugh Dickins +Signed-off-by: Linus Torvalds +Signed-off-by: Willy Tarreau +--- + +diff --git a/mm/mmap.c b/mm/mmap.c +index b6ad709..fa6f890 100644 +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -2154,16 +2154,19 @@ + if (!(vma->vm_flags & VM_GROWSUP)) + return -EFAULT; + +- /* Guard against wrapping around to address 0. */ ++ /* Guard against exceeding limits of the address space. */ + address &= PAGE_MASK; +- address += PAGE_SIZE; +- if (!address) ++ if (address >= TASK_SIZE) + return -ENOMEM; ++ address += PAGE_SIZE; + + /* Enforce stack_guard_gap */ + gap_addr = address + stack_guard_gap; +- if (gap_addr < address) +- return -ENOMEM; ++ ++ /* Guard against overflow */ ++ if (gap_addr < address || gap_addr > TASK_SIZE) ++ gap_addr = TASK_SIZE; ++ + next = vma->vm_next; + if (next && next->vm_start < gap_addr) { + if (!(next->vm_flags & VM_GROWSUP)) diff --git a/Patches/Linux_CVEs/CVE-2017-1000364/3.10/0.patch.base64 b/Patches/Linux_CVEs/CVE-2017-1000364/3.10/0.patch.base64 new file mode 100644 index 00000000..21e7141a --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-1000364/3.10/0.patch.base64 @@ -0,0 +1 @@ +RnJvbSAxYjkyZTJmZDBiMjlhMjFlZjNhNmE1Y2Q4MDMyODczMGFhNmE0YmM2IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBIZWxnZSBEZWxsZXIgPGRlbGxlckBnbXguZGU+CkRhdGU6IE1vbiwgMTkgSnVuIDIwMTcgMTc6MzQ6MDUgKzAyMDAKU3ViamVjdDogW1BBVENIXSBBbGxvdyBzdGFjayB0byBncm93IHVwIHRvIGFkZHJlc3Mgc3BhY2UgbGltaXQKCmNvbW1pdCBiZDcyNmM5MGI2YjhjZTg3NjAyMjA4NzAxYjIwOGEyMDhlNmQ1NjAwIHVwc3RyZWFtLgoKRml4IGV4cGFuZF91cHdhcmRzKCkgb24gYXJjaGl0ZWN0dXJlcyB3aXRoIGFuIHVwd2FyZC1ncm93aW5nIHN0YWNrIChwYXJpc2MsCm1ldGFnIGFuZCBwYXJ0bHkgSUEtNjQpIHRvIGFsbG93IHRoZSBzdGFjayB0byByZWxpYWJseSBncm93IGV4YWN0bHkgdXAgdG8KdGhlIGFkZHJlc3Mgc3BhY2UgbGltaXQgZ2l2ZW4gYnkgVEFTS19TSVpFLgoKQ2hhbmdlLUlkOiBJOTExZTQ5YjI3ZDUxOWFhZTI1N2JmNTdjYWRmZjMwM2UyNTg3MmExNApTaWduZWQtb2ZmLWJ5OiBIZWxnZSBEZWxsZXIgPGRlbGxlckBnbXguZGU+CkFja2VkLWJ5OiBIdWdoIERpY2tpbnMgPGh1Z2hkQGdvb2dsZS5jb20+ClNpZ25lZC1vZmYtYnk6IExpbnVzIFRvcnZhbGRzIDx0b3J2YWxkc0BsaW51eC1mb3VuZGF0aW9uLm9yZz4KU2lnbmVkLW9mZi1ieTogV2lsbHkgVGFycmVhdSA8d0Axd3QuZXU+Ci0tLQoKZGlmZiAtLWdpdCBhL21tL21tYXAuYyBiL21tL21tYXAuYwppbmRleCBiNmFkNzA5Li5mYTZmODkwIDEwMDY0NAotLS0gYS9tbS9tbWFwLmMKKysrIGIvbW0vbW1hcC5jCkBAIC0yMTU0LDE2ICsyMTU0LDE5IEBACiAJaWYgKCEodm1hLT52bV9mbGFncyAmIFZNX0dST1dTVVApKQogCQlyZXR1cm4gLUVGQVVMVDsKIAotCS8qIEd1YXJkIGFnYWluc3Qgd3JhcHBpbmcgYXJvdW5kIHRvIGFkZHJlc3MgMC4gKi8KKwkvKiBHdWFyZCBhZ2FpbnN0IGV4Y2VlZGluZyBsaW1pdHMgb2YgdGhlIGFkZHJlc3Mgc3BhY2UuICovCiAJYWRkcmVzcyAmPSBQQUdFX01BU0s7Ci0JYWRkcmVzcyArPSBQQUdFX1NJWkU7Ci0JaWYgKCFhZGRyZXNzKQorCWlmIChhZGRyZXNzID49IFRBU0tfU0laRSkKIAkJcmV0dXJuIC1FTk9NRU07CisJYWRkcmVzcyArPSBQQUdFX1NJWkU7CiAKIAkvKiBFbmZvcmNlIHN0YWNrX2d1YXJkX2dhcCAqLwogCWdhcF9hZGRyID0gYWRkcmVzcyArIHN0YWNrX2d1YXJkX2dhcDsKLQlpZiAoZ2FwX2FkZHIgPCBhZGRyZXNzKQotCQlyZXR1cm4gLUVOT01FTTsKKworCS8qIEd1YXJkIGFnYWluc3Qgb3ZlcmZsb3cgKi8KKwlpZiAoZ2FwX2FkZHIgPCBhZGRyZXNzIHx8IGdhcF9hZGRyID4gVEFTS19TSVpFKQorCQlnYXBfYWRkciA9IFRBU0tfU0laRTsKKwogCW5leHQgPSB2bWEtPnZtX25leHQ7CiAJaWYgKG5leHQgJiYgbmV4dC0+dm1fc3RhcnQgPCBnYXBfYWRkcikgewogCQlpZiAoIShuZXh0LT52bV9mbGFncyAmIFZNX0dST1dTVVApKQo= \ No newline at end of file diff --git a/Patches/Linux_CVEs/CVE-2017-1000364/3.10/1.patch b/Patches/Linux_CVEs/CVE-2017-1000364/3.10/1.patch new file mode 100644 index 00000000..164af9bd --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-1000364/3.10/1.patch @@ -0,0 +1,860 @@ +From 9954e33ef0e1f5e1136c1bdde1e18f40e9c8af69 Mon Sep 17 00:00:00 2001 +From: Hugh Dickins +Date: Mon, 19 Jun 2017 04:03:24 -0700 +Subject: [PATCH] mm: larger stack guard gap, between vmas + +commit 1be7107fbe18eed3e319a6c3e83c78254b693acb upstream. + +Stack guard page is a useful feature to reduce a risk of stack smashing +into a different mapping. We have been using a single page gap which +is sufficient to prevent having stack adjacent to a different mapping. +But this seems to be insufficient in the light of the stack usage in +userspace. E.g. glibc uses as large as 64kB alloca() in many commonly +used functions. Others use constructs liks gid_t buffer[NGROUPS_MAX] +which is 256kB or stack strings with MAX_ARG_STRLEN. + +This will become especially dangerous for suid binaries and the default +no limit for the stack size limit because those applications can be +tricked to consume a large portion of the stack and a single glibc call +could jump over the guard page. These attacks are not theoretical, +unfortunatelly. + +Make those attacks less probable by increasing the stack guard gap +to 1MB (on systems with 4k pages; but make it depend on the page size +because systems with larger base pages might cap stack allocations in +the PAGE_SIZE units) which should cover larger alloca() and VLA stack +allocations. It is obviously not a full fix because the problem is +somehow inherent, but it should reduce attack space a lot. + +One could argue that the gap size should be configurable from userspace, +but that can be done later when somebody finds that the new 1MB is wrong +for some special case applications. For now, add a kernel command line +option (stack_guard_gap) to specify the stack gap size (in page units). + +Implementation wise, first delete all the old code for stack guard page: +because although we could get away with accounting one extra page in a +stack vma, accounting a larger gap can break userspace - case in point, +a program run with "ulimit -S -v 20000" failed when the 1MB gap was +counted for RLIMIT_AS; similar problems could come with RLIMIT_MLOCK +and strict non-overcommit mode. + +Instead of keeping gap inside the stack vma, maintain the stack guard +gap as a gap between vmas: using vm_start_gap() in place of vm_start +(or vm_end_gap() in place of vm_end if VM_GROWSUP) in just those few +places which need to respect the gap - mainly arch_get_unmapped_area(), +and and the vma tree's subtree_gap support for that. + +Change-Id: I899511079c5057ee5299ef1aff5ab8f0c77c740d +Original-patch-by: Oleg Nesterov +Original-patch-by: Michal Hocko +Signed-off-by: Hugh Dickins +[wt: backport to 4.11: adjust context] +[wt: backport to 4.9: adjust context ; kernel doc was not in admin-guide] +[wt: backport to 4.4: adjust context ; drop ppc hugetlb_radix changes] +[wt: backport to 3.18: adjust context ; no FOLL_POPULATE ; + s390 uses generic arch_get_unmapped_area()] +[wt: backport to 3.16: adjust context] +[wt: backport to 3.10: adjust context ; code logic in PARISC's + arch_get_unmapped_area() wasn't found ; code inserted into + expand_upwards() and expand_downwards() runs under anon_vma lock; + changes for gup.c:faultin_page go to memory.c:__get_user_pages(); + included Hugh Dickins' fixes] +Signed-off-by: Willy Tarreau +--- + +diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt +index 2fcbee1..a91d035 100644 +--- a/Documentation/kernel-parameters.txt ++++ b/Documentation/kernel-parameters.txt +@@ -2918,6 +2918,13 @@ + spia_pedr= + spia_peddr= + ++ stack_guard_gap= [MM] ++ override the default stack gap protection. The value ++ is in page units and it defines how many pages prior ++ to (for stacks growing down) resp. after (for stacks ++ growing up) the main stack are reserved for no other ++ mapping. Default value is 256 pages. ++ + stacktrace [FTRACE] + Enabled the stack tracer on boot up. + +diff --git a/arch/arc/mm/mmap.c b/arch/arc/mm/mmap.c +index 2e06d56..cf4ae69 100644 +--- a/arch/arc/mm/mmap.c ++++ b/arch/arc/mm/mmap.c +@@ -64,7 +64,7 @@ + + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c +index 2d689d1..dae47df 100644 +--- a/arch/arm/mm/mmap.c ++++ b/arch/arm/mm/mmap.c +@@ -89,7 +89,7 @@ + + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +@@ -140,7 +140,7 @@ + addr = PAGE_ALIGN(addr); + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +diff --git a/arch/frv/mm/elf-fdpic.c b/arch/frv/mm/elf-fdpic.c +index 836f147..efa59f1 100644 +--- a/arch/frv/mm/elf-fdpic.c ++++ b/arch/frv/mm/elf-fdpic.c +@@ -74,7 +74,7 @@ + addr = PAGE_ALIGN(addr); + vma = find_vma(current->mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + goto success; + } + +diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c +index 5ab9e96..7f46346 100644 +--- a/arch/mips/mm/mmap.c ++++ b/arch/mips/mm/mmap.c +@@ -92,7 +92,7 @@ + + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c +index 7ce9cf3..887365a 100644 +--- a/arch/powerpc/mm/slice.c ++++ b/arch/powerpc/mm/slice.c +@@ -103,7 +103,7 @@ + if ((mm->task_size - len) < addr) + return 0; + vma = find_vma(mm, addr); +- return (!vma || (addr + len) <= vma->vm_start); ++ return (!vma || (addr + len) <= vm_start_gap(vma)); + } + + static int slice_low_has_vma(struct mm_struct *mm, unsigned long slice) +diff --git a/arch/sh/mm/mmap.c b/arch/sh/mm/mmap.c +index 6777177..7df7d59 100644 +--- a/arch/sh/mm/mmap.c ++++ b/arch/sh/mm/mmap.c +@@ -63,7 +63,7 @@ + + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +@@ -113,7 +113,7 @@ + + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c +index 21bca21..ea80c0b 100644 +--- a/arch/sparc/kernel/sys_sparc_64.c ++++ b/arch/sparc/kernel/sys_sparc_64.c +@@ -119,7 +119,7 @@ + + vma = find_vma(mm, addr); + if (task_size - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +@@ -182,7 +182,7 @@ + + vma = find_vma(mm, addr); + if (task_size - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c +index 9639964..64ee888 100644 +--- a/arch/sparc/mm/hugetlbpage.c ++++ b/arch/sparc/mm/hugetlbpage.c +@@ -118,7 +118,7 @@ + addr = ALIGN(addr, HPAGE_SIZE); + vma = find_vma(mm, addr); + if (task_size - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + if (mm->get_unmapped_area == arch_get_unmapped_area) +diff --git a/arch/tile/mm/hugetlbpage.c b/arch/tile/mm/hugetlbpage.c +index 0ac3599..d435215 100644 +--- a/arch/tile/mm/hugetlbpage.c ++++ b/arch/tile/mm/hugetlbpage.c +@@ -302,7 +302,7 @@ + addr = ALIGN(addr, huge_page_size(h)); + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + if (current->mm->get_unmapped_area == arch_get_unmapped_area) +diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c +index 30277e2..d050393 100644 +--- a/arch/x86/kernel/sys_x86_64.c ++++ b/arch/x86/kernel/sys_x86_64.c +@@ -127,7 +127,7 @@ + addr = PAGE_ALIGN(addr); + vma = find_vma(mm, addr); + if (end - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +@@ -166,7 +166,7 @@ + addr = PAGE_ALIGN(addr); + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c +index 4348803..1bb5570 100644 +--- a/arch/x86/mm/hugetlbpage.c ++++ b/arch/x86/mm/hugetlbpage.c +@@ -349,7 +349,7 @@ + addr = ALIGN(addr, huge_page_size(h)); + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + if (mm->get_unmapped_area == arch_get_unmapped_area) +diff --git a/arch/xtensa/kernel/syscall.c b/arch/xtensa/kernel/syscall.c +index 5d3f7a1..1ff0b92 100644 +--- a/arch/xtensa/kernel/syscall.c ++++ b/arch/xtensa/kernel/syscall.c +@@ -86,7 +86,7 @@ + /* At this point: (!vmm || addr < vmm->vm_end). */ + if (TASK_SIZE - len < addr) + return -ENOMEM; +- if (!vmm || addr + len <= vmm->vm_start) ++ if (!vmm || addr + len <= vm_start_gap(vmm)) + return addr; + addr = vmm->vm_end; + if (flags & MAP_SHARED) +diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c +index 4e5f332..db7d89c 100644 +--- a/fs/hugetlbfs/inode.c ++++ b/fs/hugetlbfs/inode.c +@@ -169,7 +169,7 @@ + addr = ALIGN(addr, huge_page_size(h)); + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c +index f7cf04b..ced4a0b 100644 +--- a/fs/proc/task_mmu.c ++++ b/fs/proc/task_mmu.c +@@ -322,11 +322,7 @@ + + /* We don't show the stack guard page in /proc/maps */ + start = vma->vm_start; +- if (stack_guard_page_start(vma, start)) +- start += PAGE_SIZE; + end = vma->vm_end; +- if (stack_guard_page_end(vma, end)) +- end -= PAGE_SIZE; + + seq_setwidth(m, 25 + sizeof(void *) * 6 - 1); + seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu ", +diff --git a/include/linux/mm.h b/include/linux/mm.h +index 6713bcd..1ed4b4b 100644 +--- a/include/linux/mm.h ++++ b/include/linux/mm.h +@@ -1098,34 +1098,6 @@ + int clear_page_dirty_for_io(struct page *page); + int get_cmdline(struct task_struct *task, char *buffer, int buflen); + +-/* Is the vma a continuation of the stack vma above it? */ +-static inline int vma_growsdown(struct vm_area_struct *vma, unsigned long addr) +-{ +- return vma && (vma->vm_end == addr) && (vma->vm_flags & VM_GROWSDOWN); +-} +- +-static inline int stack_guard_page_start(struct vm_area_struct *vma, +- unsigned long addr) +-{ +- return (vma->vm_flags & VM_GROWSDOWN) && +- (vma->vm_start == addr) && +- !vma_growsdown(vma->vm_prev, addr); +-} +- +-/* Is the vma a continuation of the stack vma below it? */ +-static inline int vma_growsup(struct vm_area_struct *vma, unsigned long addr) +-{ +- return vma && (vma->vm_start == addr) && (vma->vm_flags & VM_GROWSUP); +-} +- +-static inline int stack_guard_page_end(struct vm_area_struct *vma, +- unsigned long addr) +-{ +- return (vma->vm_flags & VM_GROWSUP) && +- (vma->vm_end == addr) && +- !vma_growsup(vma->vm_next, addr); +-} +- + extern pid_t + vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group); + +@@ -1677,6 +1649,7 @@ + struct address_space *mapping, + struct file *filp); + ++extern unsigned long stack_guard_gap; + /* Generic expand stack which grows the stack according to GROWS{UP,DOWN} */ + extern int expand_stack(struct vm_area_struct *vma, unsigned long address); + +@@ -1705,6 +1678,30 @@ + return vma; + } + ++static inline unsigned long vm_start_gap(struct vm_area_struct *vma) ++{ ++ unsigned long vm_start = vma->vm_start; ++ ++ if (vma->vm_flags & VM_GROWSDOWN) { ++ vm_start -= stack_guard_gap; ++ if (vm_start > vma->vm_start) ++ vm_start = 0; ++ } ++ return vm_start; ++} ++ ++static inline unsigned long vm_end_gap(struct vm_area_struct *vma) ++{ ++ unsigned long vm_end = vma->vm_end; ++ ++ if (vma->vm_flags & VM_GROWSUP) { ++ vm_end += stack_guard_gap; ++ if (vm_end < vma->vm_end) ++ vm_end = -PAGE_SIZE; ++ } ++ return vm_end; ++} ++ + static inline unsigned long vma_pages(struct vm_area_struct *vma) + { + return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT; +diff --git a/mm/memory.c b/mm/memory.c +index 0c03425..ed90be3 100644 +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -1478,8 +1478,6 @@ + return alloc_page(GFP_HIGHUSER); + } + +-static inline int stack_guard_page(struct vm_area_struct *vma, unsigned long addr); +- + static bool __need_migrate_cma_page(struct page *page, + struct vm_area_struct *vma, + unsigned long start, unsigned int flags) +@@ -1791,12 +1789,6 @@ + return page; + } + +-static inline int stack_guard_page(struct vm_area_struct *vma, unsigned long addr) +-{ +- return stack_guard_page_start(vma, addr) || +- stack_guard_page_end(vma, addr+PAGE_SIZE); +-} +- + /** + * __get_user_pages() - pin user pages in memory + * @tsk: task_struct of target task +@@ -1977,11 +1969,6 @@ + int ret; + unsigned int fault_flags = 0; + +- /* For mlock, just skip the stack guard page. */ +- if (foll_flags & FOLL_MLOCK) { +- if (stack_guard_page(vma, start)) +- goto next_page; +- } + if (foll_flags & FOLL_WRITE) + fault_flags |= FAULT_FLAG_WRITE; + if (nonblocking) +@@ -3353,40 +3340,6 @@ + } + + /* +- * This is like a special single-page "expand_{down|up}wards()", +- * except we must first make sure that 'address{-|+}PAGE_SIZE' +- * doesn't hit another vma. +- */ +-static inline int check_stack_guard_page(struct vm_area_struct *vma, unsigned long address) +-{ +- address &= PAGE_MASK; +- if ((vma->vm_flags & VM_GROWSDOWN) && address == vma->vm_start) { +- struct vm_area_struct *prev = vma->vm_prev; +- +- /* +- * Is there a mapping abutting this one below? +- * +- * That's only ok if it's the same stack mapping +- * that has gotten split.. +- */ +- if (prev && prev->vm_end == address) +- return prev->vm_flags & VM_GROWSDOWN ? 0 : -ENOMEM; +- +- return expand_downwards(vma, address - PAGE_SIZE); +- } +- if ((vma->vm_flags & VM_GROWSUP) && address + PAGE_SIZE == vma->vm_end) { +- struct vm_area_struct *next = vma->vm_next; +- +- /* As VM_GROWSDOWN but s/below/above/ */ +- if (next && next->vm_start == address + PAGE_SIZE) +- return next->vm_flags & VM_GROWSUP ? 0 : -ENOMEM; +- +- return expand_upwards(vma, address + PAGE_SIZE); +- } +- return 0; +-} +- +-/* + * We enter with non-exclusive mmap_sem (to exclude vma changes, + * but allow concurrent faults), and pte mapped but not yet locked. + * We return with mmap_sem still held, but pte unmapped and unlocked. +@@ -3404,10 +3357,6 @@ + /* File mapping without ->vm_ops ? */ + if (vma->vm_flags & VM_SHARED) + return VM_FAULT_SIGBUS; +- +- /* Check if we need to add a guard page to the stack */ +- if (check_stack_guard_page(vma, address) < 0) +- return VM_FAULT_SIGSEGV; + + /* Use the zero-page for reads */ + if (!(flags & FAULT_FLAG_WRITE)) { +diff --git a/mm/mmap.c b/mm/mmap.c +index 4767b9d..70cf32e 100644 +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -275,6 +275,7 @@ + unsigned long rlim, retval; + unsigned long newbrk, oldbrk; + struct mm_struct *mm = current->mm; ++ struct vm_area_struct *next; + unsigned long min_brk; + bool populate; + +@@ -320,7 +321,8 @@ + } + + /* Check against existing mmap mappings. */ +- if (find_vma_intersection(mm, oldbrk, newbrk+PAGE_SIZE)) ++ next = find_vma(mm, oldbrk); ++ if (next && newbrk + PAGE_SIZE > vm_start_gap(next)) + goto out; + + /* Ok, looks good - let it rip. */ +@@ -343,10 +345,22 @@ + + static long vma_compute_subtree_gap(struct vm_area_struct *vma) + { +- unsigned long max, subtree_gap; +- max = vma->vm_start; +- if (vma->vm_prev) +- max -= vma->vm_prev->vm_end; ++ unsigned long max, prev_end, subtree_gap; ++ ++ /* ++ * Note: in the rare case of a VM_GROWSDOWN above a VM_GROWSUP, we ++ * allow two stack_guard_gaps between them here, and when choosing ++ * an unmapped area; whereas when expanding we only require one. ++ * That's a little inconsistent, but keeps the code here simpler. ++ */ ++ max = vm_start_gap(vma); ++ if (vma->vm_prev) { ++ prev_end = vm_end_gap(vma->vm_prev); ++ if (max > prev_end) ++ max -= prev_end; ++ else ++ max = 0; ++ } + if (vma->vm_rb.rb_left) { + subtree_gap = rb_entry(vma->vm_rb.rb_left, + struct vm_area_struct, vm_rb)->rb_subtree_gap; +@@ -430,7 +444,7 @@ + list_for_each_entry(avc, &vma->anon_vma_chain, same_vma) + anon_vma_interval_tree_verify(avc); + vma_unlock_anon_vma(vma); +- highest_address = vma->vm_end; ++ highest_address = vm_end_gap(vma); + vma = vma->vm_next; + i++; + } +@@ -598,7 +612,7 @@ + if (vma->vm_next) + vma_gap_update(vma->vm_next); + else +- mm->highest_vm_end = vma->vm_end; ++ mm->highest_vm_end = vm_end_gap(vma); + + /* + * vma->vm_prev wasn't known when we followed the rbtree to find the +@@ -847,7 +861,7 @@ + vma_gap_update(vma); + if (end_changed) { + if (!next) +- mm->highest_vm_end = end; ++ mm->highest_vm_end = vm_end_gap(vma); + else if (!adjust_next) + vma_gap_update(next); + } +@@ -890,7 +904,7 @@ + else if (next) + vma_gap_update(next); + else +- mm->highest_vm_end = end; ++ WARN_ON(mm->highest_vm_end != vm_end_gap(vma)); + } + if (insert && file) + uprobe_mmap(insert); +@@ -1691,7 +1705,7 @@ + + while (true) { + /* Visit left subtree if it looks promising */ +- gap_end = vma->vm_start; ++ gap_end = vm_start_gap(vma); + if (gap_end >= low_limit && vma->vm_rb.rb_left) { + struct vm_area_struct *left = + rb_entry(vma->vm_rb.rb_left, +@@ -1702,7 +1716,7 @@ + } + } + +- gap_start = vma->vm_prev ? vma->vm_prev->vm_end : 0; ++ gap_start = vma->vm_prev ? vm_end_gap(vma->vm_prev) : 0; + check_current: + /* Check if current node has a suitable gap */ + if (gap_start > high_limit) +@@ -1729,8 +1743,8 @@ + vma = rb_entry(rb_parent(prev), + struct vm_area_struct, vm_rb); + if (prev == vma->vm_rb.rb_left) { +- gap_start = vma->vm_prev->vm_end; +- gap_end = vma->vm_start; ++ gap_start = vm_end_gap(vma->vm_prev); ++ gap_end = vm_start_gap(vma); + goto check_current; + } + } +@@ -1794,7 +1808,7 @@ + + while (true) { + /* Visit right subtree if it looks promising */ +- gap_start = vma->vm_prev ? vma->vm_prev->vm_end : 0; ++ gap_start = vma->vm_prev ? vm_end_gap(vma->vm_prev) : 0; + if (gap_start <= high_limit && vma->vm_rb.rb_right) { + struct vm_area_struct *right = + rb_entry(vma->vm_rb.rb_right, +@@ -1807,7 +1821,7 @@ + + check_current: + /* Check if current node has a suitable gap */ +- gap_end = vma->vm_start; ++ gap_end = vm_start_gap(vma); + if (gap_end < low_limit) + return -ENOMEM; + if (gap_start <= high_limit && gap_end - gap_start >= length) +@@ -1833,7 +1847,7 @@ + struct vm_area_struct, vm_rb); + if (prev == vma->vm_rb.rb_right) { + gap_start = vma->vm_prev ? +- vma->vm_prev->vm_end : 0; ++ vm_end_gap(vma->vm_prev) : 0; + goto check_current; + } + } +@@ -1871,7 +1885,7 @@ + unsigned long len, unsigned long pgoff, unsigned long flags) + { + struct mm_struct *mm = current->mm; +- struct vm_area_struct *vma; ++ struct vm_area_struct *vma, *prev; + struct vm_unmapped_area_info info; + + if (len > TASK_SIZE - mmap_min_addr) { +@@ -1887,9 +1901,10 @@ + + if (addr) { + addr = PAGE_ALIGN(addr); +- vma = find_vma(mm, addr); ++ vma = find_vma_prev(mm, addr, &prev); + if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma)) && ++ (!prev || addr >= vm_end_gap(prev))) + return addr; + } + +@@ -1920,7 +1935,7 @@ + const unsigned long len, const unsigned long pgoff, + const unsigned long flags) + { +- struct vm_area_struct *vma; ++ struct vm_area_struct *vma, *prev; + struct mm_struct *mm = current->mm; + unsigned long addr = addr0; + struct vm_unmapped_area_info info; +@@ -1941,9 +1956,10 @@ + /* requesting a specific address */ + if (addr) { + addr = PAGE_ALIGN(addr); +- vma = find_vma(mm, addr); ++ vma = find_vma_prev(mm, addr, &prev); + if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma)) && ++ (!prev || addr >= vm_end_gap(prev))) + return addr; + } + +@@ -2076,21 +2092,19 @@ + * update accounting. This is shared with both the + * grow-up and grow-down cases. + */ +-static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, unsigned long grow) ++static int acct_stack_growth(struct vm_area_struct *vma, ++ unsigned long size, unsigned long grow) + { + struct mm_struct *mm = vma->vm_mm; + struct rlimit *rlim = current->signal->rlim; +- unsigned long new_start, actual_size; ++ unsigned long new_start; + + /* address space limit tests */ + if (!may_expand_vm(mm, grow)) + return -ENOMEM; + + /* Stack limit test */ +- actual_size = size; +- if (size && (vma->vm_flags & (VM_GROWSUP | VM_GROWSDOWN))) +- actual_size -= PAGE_SIZE; +- if (actual_size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) ++ if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) + return -ENOMEM; + + /* mlock limit tests */ +@@ -2131,32 +2145,40 @@ + */ + int expand_upwards(struct vm_area_struct *vma, unsigned long address) + { +- int error; ++ struct vm_area_struct *next; ++ unsigned long gap_addr; ++ int error = 0; + + if (!(vma->vm_flags & VM_GROWSUP)) + return -EFAULT; + +- /* +- * We must make sure the anon_vma is allocated +- * so that the anon_vma locking is not a noop. +- */ ++ /* Guard against wrapping around to address 0. */ ++ address &= PAGE_MASK; ++ address += PAGE_SIZE; ++ if (!address) ++ return -ENOMEM; ++ ++ /* Enforce stack_guard_gap */ ++ gap_addr = address + stack_guard_gap; ++ if (gap_addr < address) ++ return -ENOMEM; ++ next = vma->vm_next; ++ if (next && next->vm_start < gap_addr) { ++ if (!(next->vm_flags & VM_GROWSUP)) ++ return -ENOMEM; ++ /* Check that both stack segments have the same anon_vma? */ ++ } ++ ++ /* We must make sure the anon_vma is allocated. */ + if (unlikely(anon_vma_prepare(vma))) + return -ENOMEM; +- vma_lock_anon_vma(vma); + + /* + * vma->vm_start/vm_end cannot change under us because the caller + * is required to hold the mmap_sem in read mode. We need the + * anon_vma lock to serialize against concurrent expand_stacks. +- * Also guard against wrapping around to address 0. + */ +- if (address < PAGE_ALIGN(address+4)) +- address = PAGE_ALIGN(address+4); +- else { +- vma_unlock_anon_vma(vma); +- return -ENOMEM; +- } +- error = 0; ++ vma_lock_anon_vma(vma); + + /* Somebody else might have raced and expanded it already */ + if (address > vma->vm_end) { +@@ -2187,7 +2209,7 @@ + if (vma->vm_next) + vma_gap_update(vma->vm_next); + else +- vma->vm_mm->highest_vm_end = address; ++ vma->vm_mm->highest_vm_end = vm_end_gap(vma); + spin_unlock(&vma->vm_mm->page_table_lock); + + perf_event_mmap(vma); +@@ -2207,27 +2229,36 @@ + int expand_downwards(struct vm_area_struct *vma, + unsigned long address) + { ++ struct vm_area_struct *prev; ++ unsigned long gap_addr; + int error; +- +- /* +- * We must make sure the anon_vma is allocated +- * so that the anon_vma locking is not a noop. +- */ +- if (unlikely(anon_vma_prepare(vma))) +- return -ENOMEM; + + address &= PAGE_MASK; + error = security_mmap_addr(address); + if (error) + return error; + +- vma_lock_anon_vma(vma); ++ /* Enforce stack_guard_gap */ ++ gap_addr = address - stack_guard_gap; ++ if (gap_addr > address) ++ return -ENOMEM; ++ prev = vma->vm_prev; ++ if (prev && prev->vm_end > gap_addr) { ++ if (!(prev->vm_flags & VM_GROWSDOWN)) ++ return -ENOMEM; ++ /* Check that both stack segments have the same anon_vma? */ ++ } ++ ++ /* We must make sure the anon_vma is allocated. */ ++ if (unlikely(anon_vma_prepare(vma))) ++ return -ENOMEM; + + /* + * vma->vm_start/vm_end cannot change under us because the caller + * is required to hold the mmap_sem in read mode. We need the + * anon_vma lock to serialize against concurrent expand_stacks. + */ ++ vma_lock_anon_vma(vma); + + /* Somebody else might have raced and expanded it already */ + if (address < vma->vm_start) { +@@ -2269,28 +2300,25 @@ + return error; + } + +-/* +- * Note how expand_stack() refuses to expand the stack all the way to +- * abut the next virtual mapping, *unless* that mapping itself is also +- * a stack mapping. We want to leave room for a guard page, after all +- * (the guard page itself is not added here, that is done by the +- * actual page faulting logic) +- * +- * This matches the behavior of the guard page logic (see mm/memory.c: +- * check_stack_guard_page()), which only allows the guard page to be +- * removed under these circumstances. +- */ ++/* enforced gap between the expanding stack and other mappings. */ ++unsigned long stack_guard_gap = 256UL< +Debugged-by: Linus Torvalds +Signed-off-by: Hugh Dickins +Acked-by: Michal Hocko +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + +diff --git a/mm/mmap.c b/mm/mmap.c +index 70cf32e..b6ad709 100644 +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -1721,7 +1721,8 @@ + /* Check if current node has a suitable gap */ + if (gap_start > high_limit) + return -ENOMEM; +- if (gap_end >= low_limit && gap_end - gap_start >= length) ++ if (gap_end >= low_limit && ++ gap_end > gap_start && gap_end - gap_start >= length) + goto found; + + /* Visit right subtree if it looks promising */ +@@ -1824,7 +1825,8 @@ + gap_end = vm_start_gap(vma); + if (gap_end < low_limit) + return -ENOMEM; +- if (gap_start <= high_limit && gap_end - gap_start >= length) ++ if (gap_start <= high_limit && ++ gap_end > gap_start && gap_end - gap_start >= length) + goto found; + + /* Visit left subtree if it looks promising */ diff --git a/Patches/Linux_CVEs/CVE-2017-1000364/3.10/2.patch.base64 b/Patches/Linux_CVEs/CVE-2017-1000364/3.10/2.patch.base64 new file mode 100644 index 00000000..c21c7c63 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-1000364/3.10/2.patch.base64 @@ -0,0 +1 @@ +RnJvbSA5ZDVlODYyOGY2YjEwOTA0YjVjNDhiNWUzMWYwMWE5OGIzNzBhYjUzIE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBIdWdoIERpY2tpbnMgPGh1Z2hkQGdvb2dsZS5jb20+CkRhdGU6IFR1ZSwgMjAgSnVuIDIwMTcgMDI6MTA6NDQgLTA3MDAKU3ViamVjdDogW1BBVENIXSBtbTogZml4IG5ldyBjcmFzaCBpbiB1bm1hcHBlZF9hcmVhX3RvcGRvd24oKQoKY29tbWl0IGY0Y2I3NjdkNzZjZjdlZTcyZjk3ZGQ3NmY2Y2ZhNmM3NmE1ZWRjODkgdXBzdHJlYW0uCgpUcmluaXR5IGdldHMga2VybmVsIEJVRyBhdCBtbS9tbWFwLmM6MTk2MyEgaW4gYWJvdXQgMyBtaW51dGVzIG9mCm1tYXAgdGVzdGluZy4gIFRoYXQncyB0aGUgVk1fQlVHX09OKGdhcF9lbmQgPCBnYXBfc3RhcnQpIGF0IHRoZQplbmQgb2YgdW5tYXBwZWRfYXJlYV90b3Bkb3duKCkuICBMaW51cyBwb2ludHMgb3V0IGhvdyBNQVBfRklYRUQKKHdoaWNoIGRvZXMgbm90IGhhdmUgdG8gcmVzcGVjdCBvdXIgc3RhY2sgZ3VhcmQgZ2FwIGludGVudGlvbnMpCmNvdWxkIHJlc3VsdCBpbiBnYXBfZW5kIGJlbG93IGdhcF9zdGFydCB0aGVyZS4gIEZpeCB0aGF0LCBhbmQKdGhlIHNpbWlsYXIgY2FzZSBpbiBpdHMgYWx0ZXJuYXRpdmUsIHVubWFwcGVkX2FyZWEoKS4KCkZpeGVzOiAxYmU3MTA3ZmJlMTggKCJtbTogbGFyZ2VyIHN0YWNrIGd1YXJkIGdhcCwgYmV0d2VlbiB2bWFzIikKQ2hhbmdlLUlkOiBJNDQwM2UwMzJhNjJmMDM0ZGY3OTkxYTNhYTA4ZjU2YWU3ZjdhMjBhNgpSZXBvcnRlZC1ieTogRGF2ZSBKb25lcyA8ZGF2ZWpAY29kZW1vbmtleS5vcmcudWs+CkRlYnVnZ2VkLWJ5OiBMaW51cyBUb3J2YWxkcyA8dG9ydmFsZHNAbGludXgtZm91bmRhdGlvbi5vcmc+ClNpZ25lZC1vZmYtYnk6IEh1Z2ggRGlja2lucyA8aHVnaGRAZ29vZ2xlLmNvbT4KQWNrZWQtYnk6IE1pY2hhbCBIb2NrbyA8bWhvY2tvQHN1c2UuY29tPgpTaWduZWQtb2ZmLWJ5OiBMaW51cyBUb3J2YWxkcyA8dG9ydmFsZHNAbGludXgtZm91bmRhdGlvbi5vcmc+ClNpZ25lZC1vZmYtYnk6IEdyZWcgS3JvYWgtSGFydG1hbiA8Z3JlZ2toQGxpbnV4Zm91bmRhdGlvbi5vcmc+Ci0tLQoKZGlmZiAtLWdpdCBhL21tL21tYXAuYyBiL21tL21tYXAuYwppbmRleCA3MGNmMzJlLi5iNmFkNzA5IDEwMDY0NAotLS0gYS9tbS9tbWFwLmMKKysrIGIvbW0vbW1hcC5jCkBAIC0xNzIxLDcgKzE3MjEsOCBAQAogCQkvKiBDaGVjayBpZiBjdXJyZW50IG5vZGUgaGFzIGEgc3VpdGFibGUgZ2FwICovCiAJCWlmIChnYXBfc3RhcnQgPiBoaWdoX2xpbWl0KQogCQkJcmV0dXJuIC1FTk9NRU07Ci0JCWlmIChnYXBfZW5kID49IGxvd19saW1pdCAmJiBnYXBfZW5kIC0gZ2FwX3N0YXJ0ID49IGxlbmd0aCkKKwkJaWYgKGdhcF9lbmQgPj0gbG93X2xpbWl0ICYmCisJCSAgICBnYXBfZW5kID4gZ2FwX3N0YXJ0ICYmIGdhcF9lbmQgLSBnYXBfc3RhcnQgPj0gbGVuZ3RoKQogCQkJZ290byBmb3VuZDsKIAogCQkvKiBWaXNpdCByaWdodCBzdWJ0cmVlIGlmIGl0IGxvb2tzIHByb21pc2luZyAqLwpAQCAtMTgyNCw3ICsxODI1LDggQEAKIAkJZ2FwX2VuZCA9IHZtX3N0YXJ0X2dhcCh2bWEpOwogCQlpZiAoZ2FwX2VuZCA8IGxvd19saW1pdCkKIAkJCXJldHVybiAtRU5PTUVNOwotCQlpZiAoZ2FwX3N0YXJ0IDw9IGhpZ2hfbGltaXQgJiYgZ2FwX2VuZCAtIGdhcF9zdGFydCA+PSBsZW5ndGgpCisJCWlmIChnYXBfc3RhcnQgPD0gaGlnaF9saW1pdCAmJgorCQkgICAgZ2FwX2VuZCA+IGdhcF9zdGFydCAmJiBnYXBfZW5kIC0gZ2FwX3N0YXJ0ID49IGxlbmd0aCkKIAkJCWdvdG8gZm91bmQ7CiAKIAkJLyogVmlzaXQgbGVmdCBzdWJ0cmVlIGlmIGl0IGxvb2tzIHByb21pc2luZyAqLwo= \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-1000364/3.18/3.patch b/Patches/Linux_CVEs/CVE-2017-1000364/3.18/3.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-1000364/3.18/3.patch rename to Patches/Linux_CVEs/CVE-2017-1000364/3.18/3.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-1000364/3.18/6.patch b/Patches/Linux_CVEs/CVE-2017-1000364/3.18/6.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-1000364/3.18/6.patch rename to Patches/Linux_CVEs/CVE-2017-1000364/3.18/6.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-1000364/3.18/7.patch b/Patches/Linux_CVEs/CVE-2017-1000364/3.18/7.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-1000364/3.18/7.patch rename to Patches/Linux_CVEs/CVE-2017-1000364/3.18/7.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-1000364/3.2/8.patch b/Patches/Linux_CVEs/CVE-2017-1000364/3.2/8.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-1000364/3.2/8.patch rename to Patches/Linux_CVEs/CVE-2017-1000364/3.2/8.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-1000364/3.2/9.patch b/Patches/Linux_CVEs/CVE-2017-1000364/3.2/9.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-1000364/3.2/9.patch rename to Patches/Linux_CVEs/CVE-2017-1000364/3.2/9.patch diff --git a/Patches/Linux_CVEs/CVE-2017-1000364/3.4/4.patch b/Patches/Linux_CVEs/CVE-2017-1000364/3.4/4.patch new file mode 100644 index 00000000..a73c3166 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-1000364/3.4/4.patch @@ -0,0 +1,700 @@ +From 45c60e595758ce93431e72051c52552ee57af3a1 Mon Sep 17 00:00:00 2001 +From: Hugh Dickins +Date: Mon, 19 Jun 2017 04:03:24 -0700 +Subject: [PATCH] mm: larger stack guard gap, between vmas + +commit 1be7107fbe18eed3e319a6c3e83c78254b693acb upstream. + +Stack guard page is a useful feature to reduce a risk of stack smashing +into a different mapping. We have been using a single page gap which +is sufficient to prevent having stack adjacent to a different mapping. +But this seems to be insufficient in the light of the stack usage in +userspace. E.g. glibc uses as large as 64kB alloca() in many commonly +used functions. Others use constructs liks gid_t buffer[NGROUPS_MAX] +which is 256kB or stack strings with MAX_ARG_STRLEN. + +This will become especially dangerous for suid binaries and the default +no limit for the stack size limit because those applications can be +tricked to consume a large portion of the stack and a single glibc call +could jump over the guard page. These attacks are not theoretical, +unfortunatelly. + +Make those attacks less probable by increasing the stack guard gap +to 1MB (on systems with 4k pages; but make it depend on the page size +because systems with larger base pages might cap stack allocations in +the PAGE_SIZE units) which should cover larger alloca() and VLA stack +allocations. It is obviously not a full fix because the problem is +somehow inherent, but it should reduce attack space a lot. + +One could argue that the gap size should be configurable from userspace, +but that can be done later when somebody finds that the new 1MB is wrong +for some special case applications. For now, add a kernel command line +option (stack_guard_gap) to specify the stack gap size (in page units). + +Implementation wise, first delete all the old code for stack guard page: +because although we could get away with accounting one extra page in a +stack vma, accounting a larger gap can break userspace - case in point, +a program run with "ulimit -S -v 20000" failed when the 1MB gap was +counted for RLIMIT_AS; similar problems could come with RLIMIT_MLOCK +and strict non-overcommit mode. + +Instead of keeping gap inside the stack vma, maintain the stack guard +gap as a gap between vmas: using vm_start_gap() in place of vm_start +(or vm_end_gap() in place of vm_end if VM_GROWSUP) in just those few +places which need to respect the gap - mainly arch_get_unmapped_area(), +and and the vma tree's subtree_gap support for that. + +Change-Id: I611023b0bfe1cab7b3e5da13e331a7baaaaf6eb0 +Original-patch-by: Oleg Nesterov +Original-patch-by: Michal Hocko +Signed-off-by: Hugh Dickins +[wt: backport to 4.11: adjust context] +[wt: backport to 4.9: adjust context ; kernel doc was not in admin-guide] +[wt: backport to 4.4: adjust context ; drop ppc hugetlb_radix changes] +[wt: backport to 3.18: adjust context ; no FOLL_POPULATE ; + s390 uses generic arch_get_unmapped_area()] +[wt: backport to 3.16: adjust context] +[wt: backport to 3.10: adjust context ; code logic in PARISC's + arch_get_unmapped_area() wasn't found ; code inserted into + expand_upwards() and expand_downwards() runs under anon_vma lock; + changes for gup.c:faultin_page go to memory.c:__get_user_pages(); + included Hugh Dickins' fixes] +Signed-off-by: Willy Tarreau +Signed-off-by: Flex1911 +--- + +diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt +index 9a1c759..53be2c9 100644 +--- a/Documentation/kernel-parameters.txt ++++ b/Documentation/kernel-parameters.txt +@@ -2550,6 +2550,13 @@ + spia_pedr= + spia_peddr= + ++ stack_guard_gap= [MM] ++ override the default stack gap protection. The value ++ is in page units and it defines how many pages prior ++ to (for stacks growing down) resp. after (for stacks ++ growing up) the main stack are reserved for no other ++ mapping. Default value is 256 pages. ++ + stacktrace [FTRACE] + Enabled the stack tracer on boot up. + +diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c +index a26960a..f058ca2 100644 +--- a/arch/arm/mm/mmap.c ++++ b/arch/arm/mm/mmap.c +@@ -101,7 +101,7 @@ + + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + if (len > mm->cached_hole_size) { +@@ -183,7 +183,7 @@ + addr = PAGE_ALIGN(addr); + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +diff --git a/arch/frv/mm/elf-fdpic.c b/arch/frv/mm/elf-fdpic.c +index 385fd30..cd76056 100644 +--- a/arch/frv/mm/elf-fdpic.c ++++ b/arch/frv/mm/elf-fdpic.c +@@ -74,7 +74,7 @@ + addr = PAGE_ALIGN(addr); + vma = find_vma(current->mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + goto success; + } + +diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c +index 302d779..63c07bd 100644 +--- a/arch/mips/mm/mmap.c ++++ b/arch/mips/mm/mmap.c +@@ -103,7 +103,7 @@ + + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c +index 73709f7..9cf001f 100644 +--- a/arch/powerpc/mm/slice.c ++++ b/arch/powerpc/mm/slice.c +@@ -98,7 +98,7 @@ + if ((mm->task_size - len) < addr) + return 0; + vma = find_vma(mm, addr); +- return (!vma || (addr + len) <= vma->vm_start); ++ return (!vma || (addr + len) <= vm_start_gap(vma)); + } + + static int slice_low_has_vma(struct mm_struct *mm, unsigned long slice) +diff --git a/arch/sh/mm/mmap.c b/arch/sh/mm/mmap.c +index afeb710..d027416 100644 +--- a/arch/sh/mm/mmap.c ++++ b/arch/sh/mm/mmap.c +@@ -75,7 +75,7 @@ + + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +@@ -158,7 +158,7 @@ + + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c +index 3ee51f1..10a83ac 100644 +--- a/arch/sparc/kernel/sys_sparc_64.c ++++ b/arch/sparc/kernel/sys_sparc_64.c +@@ -147,7 +147,7 @@ + + vma = find_vma(mm, addr); + if (task_size - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +@@ -237,7 +237,7 @@ + + vma = find_vma(mm, addr); + if (task_size - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c +index 07e1453..9f07641 100644 +--- a/arch/sparc/mm/hugetlbpage.c ++++ b/arch/sparc/mm/hugetlbpage.c +@@ -182,7 +182,7 @@ + addr = ALIGN(addr, HPAGE_SIZE); + vma = find_vma(mm, addr); + if (task_size - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + if (mm->get_unmapped_area == arch_get_unmapped_area) +diff --git a/arch/tile/mm/hugetlbpage.c b/arch/tile/mm/hugetlbpage.c +index 42cfcba..d659736 100644 +--- a/arch/tile/mm/hugetlbpage.c ++++ b/arch/tile/mm/hugetlbpage.c +@@ -312,7 +312,7 @@ + addr = ALIGN(addr, huge_page_size(h)); + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + if (current->mm->get_unmapped_area == arch_get_unmapped_area) +diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c +index b4d3c39..996378b 100644 +--- a/arch/x86/kernel/sys_x86_64.c ++++ b/arch/x86/kernel/sys_x86_64.c +@@ -141,7 +141,7 @@ + addr = PAGE_ALIGN(addr); + vma = find_vma(mm, addr); + if (end - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + if (((flags & MAP_32BIT) || test_thread_flag(TIF_ADDR32)) +@@ -213,7 +213,7 @@ + addr = PAGE_ALIGN(addr); + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c +index f6679a7..dbc90e6 100644 +--- a/arch/x86/mm/hugetlbpage.c ++++ b/arch/x86/mm/hugetlbpage.c +@@ -411,7 +411,7 @@ + addr = ALIGN(addr, huge_page_size(h)); + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + if (mm->get_unmapped_area == arch_get_unmapped_area) +diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c +index 001ef01..628b324 100644 +--- a/fs/hugetlbfs/inode.c ++++ b/fs/hugetlbfs/inode.c +@@ -169,7 +169,7 @@ + addr = ALIGN(addr, huge_page_size(h)); + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + +diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c +index ef5c7e2..6234004 100644 +--- a/fs/proc/task_mmu.c ++++ b/fs/proc/task_mmu.c +@@ -283,11 +283,7 @@ + + /* We don't show the stack guard page in /proc/maps */ + start = vma->vm_start; +- if (stack_guard_page_start(vma, start)) +- start += PAGE_SIZE; + end = vma->vm_end; +- if (stack_guard_page_end(vma, end)) +- end -= PAGE_SIZE; + + seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu %n", + start, +diff --git a/include/linux/mm.h b/include/linux/mm.h +index ce57fd0..e597775 100644 +--- a/include/linux/mm.h ++++ b/include/linux/mm.h +@@ -1030,34 +1030,6 @@ + int set_page_dirty_lock(struct page *page); + int clear_page_dirty_for_io(struct page *page); + +-/* Is the vma a continuation of the stack vma above it? */ +-static inline int vma_growsdown(struct vm_area_struct *vma, unsigned long addr) +-{ +- return vma && (vma->vm_end == addr) && (vma->vm_flags & VM_GROWSDOWN); +-} +- +-static inline int stack_guard_page_start(struct vm_area_struct *vma, +- unsigned long addr) +-{ +- return (vma->vm_flags & VM_GROWSDOWN) && +- (vma->vm_start == addr) && +- !vma_growsdown(vma->vm_prev, addr); +-} +- +-/* Is the vma a continuation of the stack vma below it? */ +-static inline int vma_growsup(struct vm_area_struct *vma, unsigned long addr) +-{ +- return vma && (vma->vm_start == addr) && (vma->vm_flags & VM_GROWSUP); +-} +- +-static inline int stack_guard_page_end(struct vm_area_struct *vma, +- unsigned long addr) +-{ +- return (vma->vm_flags & VM_GROWSUP) && +- (vma->vm_end == addr) && +- !vma_growsup(vma->vm_next, addr); +-} +- + extern pid_t + vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group); + +@@ -1467,6 +1439,7 @@ + struct address_space *mapping, + struct file *filp); + ++extern unsigned long stack_guard_gap; + /* Generic expand stack which grows the stack according to GROWS{UP,DOWN} */ + extern int expand_stack(struct vm_area_struct *vma, unsigned long address); + +@@ -1495,6 +1468,30 @@ + return vma; + } + ++static inline unsigned long vm_start_gap(struct vm_area_struct *vma) ++{ ++ unsigned long vm_start = vma->vm_start; ++ ++ if (vma->vm_flags & VM_GROWSDOWN) { ++ vm_start -= stack_guard_gap; ++ if (vm_start > vma->vm_start) ++ vm_start = 0; ++ } ++ return vm_start; ++} ++ ++static inline unsigned long vm_end_gap(struct vm_area_struct *vma) ++{ ++ unsigned long vm_end = vma->vm_end; ++ ++ if (vma->vm_flags & VM_GROWSUP) { ++ vm_end += stack_guard_gap; ++ if (vm_end < vma->vm_end) ++ vm_end = -PAGE_SIZE; ++ } ++ return vm_end; ++} ++ + static inline unsigned long vma_pages(struct vm_area_struct *vma) + { + return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT; +diff --git a/mm/memory.c b/mm/memory.c +index 60a7dfc..e722760 100644 +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -1619,12 +1619,6 @@ + return page; + } + +-static inline int stack_guard_page(struct vm_area_struct *vma, unsigned long addr) +-{ +- return stack_guard_page_start(vma, addr) || +- stack_guard_page_end(vma, addr+PAGE_SIZE); +-} +- + /** + * __get_user_pages() - pin user pages in memory + * @tsk: task_struct of target task +@@ -1775,11 +1769,6 @@ + int ret; + unsigned int fault_flags = 0; + +- /* For mlock, just skip the stack guard page. */ +- if (foll_flags & FOLL_MLOCK) { +- if (stack_guard_page(vma, start)) +- goto next_page; +- } + if (foll_flags & FOLL_WRITE) + fault_flags |= FAULT_FLAG_WRITE; + if (nonblocking) +@@ -3087,40 +3076,6 @@ + } + + /* +- * This is like a special single-page "expand_{down|up}wards()", +- * except we must first make sure that 'address{-|+}PAGE_SIZE' +- * doesn't hit another vma. +- */ +-static inline int check_stack_guard_page(struct vm_area_struct *vma, unsigned long address) +-{ +- address &= PAGE_MASK; +- if ((vma->vm_flags & VM_GROWSDOWN) && address == vma->vm_start) { +- struct vm_area_struct *prev = vma->vm_prev; +- +- /* +- * Is there a mapping abutting this one below? +- * +- * That's only ok if it's the same stack mapping +- * that has gotten split.. +- */ +- if (prev && prev->vm_end == address) +- return prev->vm_flags & VM_GROWSDOWN ? 0 : -ENOMEM; +- +- expand_downwards(vma, address - PAGE_SIZE); +- } +- if ((vma->vm_flags & VM_GROWSUP) && address + PAGE_SIZE == vma->vm_end) { +- struct vm_area_struct *next = vma->vm_next; +- +- /* As VM_GROWSDOWN but s/below/above/ */ +- if (next && next->vm_start == address + PAGE_SIZE) +- return next->vm_flags & VM_GROWSUP ? 0 : -ENOMEM; +- +- expand_upwards(vma, address + PAGE_SIZE); +- } +- return 0; +-} +- +-/* + * We enter with non-exclusive mmap_sem (to exclude vma changes, + * but allow concurrent faults), and pte mapped but not yet locked. + * We return with mmap_sem still held, but pte unmapped and unlocked. +@@ -3137,10 +3092,6 @@ + + /* File mapping without ->vm_ops ? */ + if (vma->vm_flags & VM_SHARED) +- return VM_FAULT_SIGBUS; +- +- /* Check if we need to add a guard page to the stack */ +- if (check_stack_guard_page(vma, address) < 0) + return VM_FAULT_SIGBUS; + + /* Use the zero-page for reads */ +diff --git a/mm/mmap.c b/mm/mmap.c +index e495a84..b94a982 100644 +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -259,6 +259,7 @@ + unsigned long rlim, retval; + unsigned long newbrk, oldbrk; + struct mm_struct *mm = current->mm; ++ struct vm_area_struct *next; + unsigned long min_brk; + + down_write(&mm->mmap_sem); +@@ -303,7 +304,8 @@ + } + + /* Check against existing mmap mappings. */ +- if (find_vma_intersection(mm, oldbrk, newbrk+PAGE_SIZE)) ++ next = find_vma(mm, oldbrk); ++ if (next && newbrk + PAGE_SIZE > vm_start_gap(next)) + goto out; + + /* Ok, looks good - let it rip. */ +@@ -1426,8 +1428,8 @@ + unsigned long len, unsigned long pgoff, unsigned long flags) + { + struct mm_struct *mm = current->mm; +- struct vm_area_struct *vma; +- unsigned long start_addr; ++ struct vm_area_struct *vma, *prev; ++ unsigned long start_addr, vm_start, prev_end; + + if (len > TASK_SIZE) + return -ENOMEM; +@@ -1437,9 +1439,10 @@ + + if (addr) { + addr = PAGE_ALIGN(addr); +- vma = find_vma(mm, addr); ++ vma = find_vma_prev(mm, addr, &prev); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma)) && ++ (!prev || addr >= vm_end_gap(prev))) + return addr; + } + if (len > mm->cached_hole_size) { +@@ -1450,7 +1453,17 @@ + } + + full_search: +- for (vma = find_vma(mm, addr); ; vma = vma->vm_next) { ++ for (vma = find_vma_prev(mm, addr, &prev); ; prev = vma, ++ vma = vma->vm_next) { ++ if (prev) { ++ prev_end = vm_end_gap(prev); ++ if (addr < prev_end) { ++ addr = prev_end; ++ /* If vma already violates gap, forget it */ ++ if (vma && addr > vma->vm_start) ++ addr = vma->vm_start; ++ } ++ } + /* At this point: (!vma || addr < vma->vm_end). */ + if (TASK_SIZE - len < addr) { + /* +@@ -1465,16 +1478,16 @@ + } + return -ENOMEM; + } +- if (!vma || addr + len <= vma->vm_start) { ++ vm_start = vma ? vm_start_gap(vma) : TASK_SIZE; ++ if (addr + len <= vm_start) { + /* + * Remember the place where we stopped the search: + */ + mm->free_area_cache = addr + len; + return addr; + } +- if (addr + mm->cached_hole_size < vma->vm_start) +- mm->cached_hole_size = vma->vm_start - addr; +- addr = vma->vm_end; ++ if (addr + mm->cached_hole_size < vm_start) ++ mm->cached_hole_size = vm_start - addr; + } + } + #endif +@@ -1498,9 +1511,10 @@ + const unsigned long len, const unsigned long pgoff, + const unsigned long flags) + { +- struct vm_area_struct *vma; ++ struct vm_area_struct *vma, *prev; + struct mm_struct *mm = current->mm; + unsigned long addr = addr0, start_addr; ++ unsigned long vm_start, prev_end; + + /* requested length too big for entire address space */ + if (len > TASK_SIZE) +@@ -1512,9 +1526,10 @@ + /* requesting a specific address */ + if (addr) { + addr = PAGE_ALIGN(addr); +- vma = find_vma(mm, addr); ++ vma = find_vma_prev(mm, addr, &prev); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma)) && ++ (!prev || addr >= vm_end_gap(prev))) + return addr; + } + +@@ -1538,18 +1553,21 @@ + * else if new region fits below vma->vm_start, + * return with success: + */ +- vma = find_vma(mm, addr); +- if (!vma || addr+len <= vma->vm_start) ++ vma = find_vma_prev(mm, addr, &prev); ++ vm_start = vma ? vm_start_gap(vma) : mm->mmap_base; ++ prev_end = vm_end_gap(prev); ++ ++ if (addr + len <= vm_start && addr >= prev_end) + /* remember the address as a hint for next time */ + return (mm->free_area_cache = addr); + + /* remember the largest hole we saw so far */ +- if (addr + mm->cached_hole_size < vma->vm_start) +- mm->cached_hole_size = vma->vm_start - addr; +- ++ if (addr + mm->cached_hole_size < vm_start) ++ mm->cached_hole_size = vm_start - addr; ++ + /* try just below the current vma->vm_start */ +- addr = vma->vm_start-len; +- } while (len < vma->vm_start); ++ addr = vm_start - len; ++ } while (len < vm_start); + + fail: + /* +@@ -1749,7 +1767,9 @@ + */ + int expand_upwards(struct vm_area_struct *vma, unsigned long address) + { +- int error; ++ struct vm_area_struct *next; ++ unsigned long gap_addr; ++ int error = 0; + + if (!(vma->vm_flags & VM_GROWSUP)) + return -EFAULT; +@@ -1758,23 +1778,33 @@ + * We must make sure the anon_vma is allocated + * so that the anon_vma locking is not a noop. + */ ++ /* Guard against wrapping around to address 0. */ ++ address &= PAGE_MASK; ++ address += PAGE_SIZE; ++ if (!address) ++ return -ENOMEM; ++ ++ /* Enforce stack_guard_gap */ ++ gap_addr = address + stack_guard_gap; ++ if (gap_addr < address) ++ return -ENOMEM; ++ next = vma->vm_next; ++ if (next && next->vm_start < gap_addr) { ++ if (!(next->vm_flags & VM_GROWSUP)) ++ return -ENOMEM; ++ /* Check that both stack segments have the same anon_vma? */ ++ } ++ ++ /* We must make sure the anon_vma is allocated. */ + if (unlikely(anon_vma_prepare(vma))) + return -ENOMEM; +- vma_lock_anon_vma(vma); + + /* + * vma->vm_start/vm_end cannot change under us because the caller + * is required to hold the mmap_sem in read mode. We need the + * anon_vma lock to serialize against concurrent expand_stacks. +- * Also guard against wrapping around to address 0. + */ +- if (address < PAGE_ALIGN(address+4)) +- address = PAGE_ALIGN(address+4); +- else { +- vma_unlock_anon_vma(vma); +- return -ENOMEM; +- } +- error = 0; ++ vma_lock_anon_vma(vma); + + /* Somebody else might have raced and expanded it already */ + if (address > vma->vm_end) { +@@ -1804,27 +1834,36 @@ + int expand_downwards(struct vm_area_struct *vma, + unsigned long address) + { ++ struct vm_area_struct *prev; ++ unsigned long gap_addr; + int error; +- +- /* +- * We must make sure the anon_vma is allocated +- * so that the anon_vma locking is not a noop. +- */ +- if (unlikely(anon_vma_prepare(vma))) +- return -ENOMEM; + + address &= PAGE_MASK; + error = security_file_mmap(NULL, 0, 0, 0, address, 1); + if (error) + return error; + +- vma_lock_anon_vma(vma); ++ /* Enforce stack_guard_gap */ ++ gap_addr = address - stack_guard_gap; ++ if (gap_addr > address) ++ return -ENOMEM; ++ prev = vma->vm_prev; ++ if (prev && prev->vm_end > gap_addr) { ++ if (!(prev->vm_flags & VM_GROWSDOWN)) ++ return -ENOMEM; ++ /* Check that both stack segments have the same anon_vma? */ ++ } ++ ++ /* We must make sure the anon_vma is allocated. */ ++ if (unlikely(anon_vma_prepare(vma))) ++ return -ENOMEM; + + /* + * vma->vm_start/vm_end cannot change under us because the caller + * is required to hold the mmap_sem in read mode. We need the + * anon_vma lock to serialize against concurrent expand_stacks. + */ ++ vma_lock_anon_vma(vma); + + /* Somebody else might have raced and expanded it already */ + if (address < vma->vm_start) { +@@ -1848,6 +1887,23 @@ + return error; + } + ++/* enforced gap between the expanding stack and other mappings. */ ++unsigned long stack_guard_gap = 256UL< +Acked-by: Rik van Riel +Acked-by: Michal Hocko +Cc: Alexander Viro +Cc: Qualys Security Advisory +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +Change-Id: I9db26a068e9448fb688a87fe3bae876f23483583 +--- + +diff --git a/fs/exec.c b/fs/exec.c +index 5725280..7d5dbc0 100644 +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -196,7 +196,25 @@ + + if (write) { + unsigned long size = bprm->vma->vm_end - bprm->vma->vm_start; ++ unsigned long ptr_size; + struct rlimit *rlim; ++ ++ /* ++ * Since the stack will hold pointers to the strings, we ++ * must account for them as well. ++ * ++ * The size calculation is the entire vma while each arg page is ++ * built, so each time we get here it's calculating how far it ++ * is currently (rather than each call being just the newly ++ * added size from the arg page). As a result, we need to ++ * always add the entire size of the pointers, so that on the ++ * last call to get_arg_page() we'll actually have the entire ++ * correct size. ++ */ ++ ptr_size = (bprm->argc + bprm->envc) * sizeof(void *); ++ if (ptr_size > ULONG_MAX - size) ++ goto fail; ++ size += ptr_size; + + acct_arg_size(bprm, size / PAGE_SIZE); + +@@ -215,13 +233,15 @@ + * to work from. + */ + rlim = current->signal->rlim; +- if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur) / 4) { +- put_page(page); +- return NULL; +- } ++ if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur) / 4) ++ goto fail; + } + + return page; ++ ++fail: ++ put_page(page); ++ return NULL; + } + + static void put_arg_page(struct page *page) diff --git a/Patches/Linux_CVEs/CVE-2017-1000365/3.10/0.patch.base64 b/Patches/Linux_CVEs/CVE-2017-1000365/3.10/0.patch.base64 new file mode 100644 index 00000000..456c004f --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-1000365/3.10/0.patch.base64 @@ -0,0 +1 @@ +RnJvbSA4NDhjZDk1OWExZDk1NjI1YWUxMmZmNzYzNTA4MzY0ZjUxN2FiODU4IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLZWVzIENvb2sgPGtlZXNjb29rQGNocm9taXVtLm9yZz4KRGF0ZTogRnJpLCAyMyBKdW4gMjAxNyAxNTowODo1NyAtMDcwMApTdWJqZWN0OiBbUEFUQ0hdIGZzL2V4ZWMuYzogYWNjb3VudCBmb3IgYXJndi9lbnZwIHBvaW50ZXJzCgpjb21taXQgOThkYTdkMDg4NTBmYjhiZGViMzk1ZDYzNjhlZDE1NzUzMzA0YWEwYyB1cHN0cmVhbS4KCldoZW4gbGltaXRpbmcgdGhlIGFyZ3YvZW52cCBzdHJpbmdzIGR1cmluZyBleGVjIHRvIDEvNCBvZiB0aGUgc3RhY2sgbGltaXQsCnRoZSBzdG9yYWdlIG9mIHRoZSBwb2ludGVycyB0byB0aGUgc3RyaW5ncyB3YXMgbm90IGluY2x1ZGVkLiAgVGhpcyBtZWFucwp0aGF0IGFuIGV4ZWMgd2l0aCBodWdlIG51bWJlcnMgb2YgdGlueSBzdHJpbmdzIGNvdWxkIGVhdCAxLzQgb2YgdGhlIHN0YWNrCmxpbWl0IGluIHN0cmluZ3MgYW5kIHRoZW4gYWRkaXRpb25hbCBzcGFjZSB3b3VsZCBiZSBsYXRlciB1c2VkIGJ5IHRoZQpwb2ludGVycyB0byB0aGUgc3RyaW5ncy4KCkZvciBleGFtcGxlLCBvbiAzMi1iaXQgd2l0aCBhIDhNQiBzdGFjayBybGltaXQsIGFuIGV4ZWMgd2l0aCAxNjc3NzIxCnNpbmdsZS1ieXRlIHN0cmluZ3Mgd291bGQgY29uc3VtZSBsZXNzIHRoYW4gMk1CIG9mIHN0YWNrLCB0aGUgbWF4ICg4TUIgLwo0KSBhbW91bnQgYWxsb3dlZCwgYnV0IHRoZSBwb2ludGVycyB0byB0aGUgc3RyaW5ncyB3b3VsZCBjb25zdW1lIHRoZQpyZW1haW5pbmcgYWRkaXRpb25hbCBzdGFjayBzcGFjZSAoMTY3NzcyMSAqIDQgPT0gNjcxMDg4NCkuCgpUaGUgcmVzdWx0ICgxNjc3NzIxICsgNjcxMDg4NCA9PSA4Mzg4NjA1KSB3b3VsZCBleGhhdXN0IHN0YWNrIHNwYWNlCmVudGlyZWx5LiAgQ29udHJvbGxpbmcgdGhpcyBzdGFjayBleGhhdXN0aW9uIGNvdWxkIHJlc3VsdCBpbgpwYXRob2xvZ2ljYWwgYmVoYXZpb3IgaW4gc2V0dWlkIGJpbmFyaWVzIChDVkUtMjAxNy0xMDAwMzY1KS4KCltha3BtQGxpbnV4LWZvdW5kYXRpb24ub3JnOiBhZGRpdGlvbmFsIGNvbW1lbnRpbmcgZnJvbSBLZWVzXQpGaXhlczogYjZhMmZlYTM5MzE4ICgibW06IHZhcmlhYmxlIGxlbmd0aCBhcmd1bWVudCBzdXBwb3J0IikKTGluazogaHR0cDovL2xrbWwua2VybmVsLm9yZy9yLzIwMTcwNjIyMDAxNzIwLkdBMzIxNzNAYmVhc3QKU2lnbmVkLW9mZi1ieTogS2VlcyBDb29rIDxrZWVzY29va0BjaHJvbWl1bS5vcmc+CkFja2VkLWJ5OiBSaWsgdmFuIFJpZWwgPHJpZWxAcmVkaGF0LmNvbT4KQWNrZWQtYnk6IE1pY2hhbCBIb2NrbyA8bWhvY2tvQHN1c2UuY29tPgpDYzogQWxleGFuZGVyIFZpcm8gPHZpcm9AemVuaXYubGludXgub3JnLnVrPgpDYzogUXVhbHlzIFNlY3VyaXR5IEFkdmlzb3J5IDxxc2FAcXVhbHlzLmNvbT4KU2lnbmVkLW9mZi1ieTogQW5kcmV3IE1vcnRvbiA8YWtwbUBsaW51eC1mb3VuZGF0aW9uLm9yZz4KU2lnbmVkLW9mZi1ieTogTGludXMgVG9ydmFsZHMgPHRvcnZhbGRzQGxpbnV4LWZvdW5kYXRpb24ub3JnPgpTaWduZWQtb2ZmLWJ5OiBHcmVnIEtyb2FoLUhhcnRtYW4gPGdyZWdraEBsaW51eGZvdW5kYXRpb24ub3JnPgoKQ2hhbmdlLUlkOiBJOWRiMjZhMDY4ZTk0NDhmYjY4OGE4N2ZlM2JhZTg3NmYyMzQ4MzU4MwotLS0KCmRpZmYgLS1naXQgYS9mcy9leGVjLmMgYi9mcy9leGVjLmMKaW5kZXggNTcyNTI4MC4uN2Q1ZGJjMCAxMDA2NDQKLS0tIGEvZnMvZXhlYy5jCisrKyBiL2ZzL2V4ZWMuYwpAQCAtMTk2LDcgKzE5NiwyNSBAQAogCiAJaWYgKHdyaXRlKSB7CiAJCXVuc2lnbmVkIGxvbmcgc2l6ZSA9IGJwcm0tPnZtYS0+dm1fZW5kIC0gYnBybS0+dm1hLT52bV9zdGFydDsKKwkJdW5zaWduZWQgbG9uZyBwdHJfc2l6ZTsKIAkJc3RydWN0IHJsaW1pdCAqcmxpbTsKKworCQkvKgorCQkgKiBTaW5jZSB0aGUgc3RhY2sgd2lsbCBob2xkIHBvaW50ZXJzIHRvIHRoZSBzdHJpbmdzLCB3ZQorCQkgKiBtdXN0IGFjY291bnQgZm9yIHRoZW0gYXMgd2VsbC4KKwkJICoKKwkJICogVGhlIHNpemUgY2FsY3VsYXRpb24gaXMgdGhlIGVudGlyZSB2bWEgd2hpbGUgZWFjaCBhcmcgcGFnZSBpcworCQkgKiBidWlsdCwgc28gZWFjaCB0aW1lIHdlIGdldCBoZXJlIGl0J3MgY2FsY3VsYXRpbmcgaG93IGZhciBpdAorCQkgKiBpcyBjdXJyZW50bHkgKHJhdGhlciB0aGFuIGVhY2ggY2FsbCBiZWluZyBqdXN0IHRoZSBuZXdseQorCQkgKiBhZGRlZCBzaXplIGZyb20gdGhlIGFyZyBwYWdlKS4gIEFzIGEgcmVzdWx0LCB3ZSBuZWVkIHRvCisJCSAqIGFsd2F5cyBhZGQgdGhlIGVudGlyZSBzaXplIG9mIHRoZSBwb2ludGVycywgc28gdGhhdCBvbiB0aGUKKwkJICogbGFzdCBjYWxsIHRvIGdldF9hcmdfcGFnZSgpIHdlJ2xsIGFjdHVhbGx5IGhhdmUgdGhlIGVudGlyZQorCQkgKiBjb3JyZWN0IHNpemUuCisJCSAqLworCQlwdHJfc2l6ZSA9IChicHJtLT5hcmdjICsgYnBybS0+ZW52YykgKiBzaXplb2Yodm9pZCAqKTsKKwkJaWYgKHB0cl9zaXplID4gVUxPTkdfTUFYIC0gc2l6ZSkKKwkJCWdvdG8gZmFpbDsKKwkJc2l6ZSArPSBwdHJfc2l6ZTsKIAogCQlhY2N0X2FyZ19zaXplKGJwcm0sIHNpemUgLyBQQUdFX1NJWkUpOwogCkBAIC0yMTUsMTMgKzIzMywxNSBAQAogCQkgKiAgICB0byB3b3JrIGZyb20uCiAJCSAqLwogCQlybGltID0gY3VycmVudC0+c2lnbmFsLT5ybGltOwotCQlpZiAoc2l6ZSA+IEFDQ0VTU19PTkNFKHJsaW1bUkxJTUlUX1NUQUNLXS5ybGltX2N1cikgLyA0KSB7Ci0JCQlwdXRfcGFnZShwYWdlKTsKLQkJCXJldHVybiBOVUxMOwotCQl9CisJCWlmIChzaXplID4gQUNDRVNTX09OQ0UocmxpbVtSTElNSVRfU1RBQ0tdLnJsaW1fY3VyKSAvIDQpCisJCQlnb3RvIGZhaWw7CiAJfQogCiAJcmV0dXJuIHBhZ2U7CisKK2ZhaWw6CisJcHV0X3BhZ2UocGFnZSk7CisJcmV0dXJuIE5VTEw7CiB9CiAKIHN0YXRpYyB2b2lkIHB1dF9hcmdfcGFnZShzdHJ1Y3QgcGFnZSAqcGFnZSkK \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-1000365/3.18/1.patch b/Patches/Linux_CVEs/CVE-2017-1000365/3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-1000365/3.18/1.patch rename to Patches/Linux_CVEs/CVE-2017-1000365/3.18/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-1000380/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-1000380/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-1000380/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-1000380/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-1000380/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-1000380/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-1000380/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-1000380/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-10661/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-10661/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-10661/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-10661/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-10662/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-10662/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-10662/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-10662/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-10663/3.18/1.patch b/Patches/Linux_CVEs/CVE-2017-10663/3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-10663/3.18/1.patch rename to Patches/Linux_CVEs/CVE-2017-10663/3.18/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-10663/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-10663/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-10663/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-10663/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-10996/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-10996/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-10996/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-10996/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-10997/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-10997/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-10997/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-10997/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-10998/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-10998/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-10998/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-10998/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-10998/3.18/1.patch b/Patches/Linux_CVEs/CVE-2017-10998/3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-10998/3.18/1.patch rename to Patches/Linux_CVEs/CVE-2017-10998/3.18/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-10999/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-10999/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-10999/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-10999/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11000/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-11000/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11000/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-11000/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11001/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-11001/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11001/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-11001/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11002/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-11002/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11002/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-11002/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11040/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-11040/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11040/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-11040/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11046/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-11046/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11046/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-11046/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11048/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-11048/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11048/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-11048/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11050/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-11050/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11050/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-11050/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11050/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-11050/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11050/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-11050/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11051/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-11051/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11051/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-11051/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11051/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-11051/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11051/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-11051/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11052/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-11052/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11052/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-11052/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11052/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-11052/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11052/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-11052/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11053/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-11053/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11053/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-11053/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11053/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-11053/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11053/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-11053/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11054/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-11054/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11054/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-11054/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11054/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-11054/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11054/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-11054/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11055/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-11055/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11055/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-11055/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11055/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-11055/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11055/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-11055/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11056/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-11056/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11056/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-11056/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11057/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-11057/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11057/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-11057/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11059/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-11059/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11059/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-11059/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11060/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-11060/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11060/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-11060/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11060/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-11060/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11060/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-11060/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11060/ANY/2.patch b/Patches/Linux_CVEs/CVE-2017-11060/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11060/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2017-11060/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11061/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-11061/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11061/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-11061/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11061/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-11061/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11061/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-11061/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11062/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-11062/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11062/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-11062/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11062/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-11062/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11062/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-11062/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11064/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-11064/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11064/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-11064/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11064/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-11064/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11064/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-11064/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11067/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-11067/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11067/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-11067/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11067/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-11067/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11067/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-11067/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-11600/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-11600/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-11600/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-11600/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-12146/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-12146/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-12146/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-12146/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-12153/3.16/0.patch b/Patches/Linux_CVEs/CVE-2017-12153/3.16/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-12153/3.16/0.patch rename to Patches/Linux_CVEs/CVE-2017-12153/3.16/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-15265/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-15265/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-15265/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-15265/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-2618/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-2618/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-2618/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-2618/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-2636/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-2636/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-2636/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-2636/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-2671/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-2671/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-2671/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-2671/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-5546/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-5546/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-5546/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-5546/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-5547/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-5547/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-5547/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-5547/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-5550/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-5550/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-5550/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-5550/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-5551/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-5551/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-5551/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-5551/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-5669/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-5669/ANY/0.patch new file mode 100644 index 00000000..6ee31aef --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-5669/ANY/0.patch @@ -0,0 +1,70 @@ +From e1d35d4dc7f089e6c9c080d556feedf9c706f0c7 Mon Sep 17 00:00:00 2001 +From: Davidlohr Bueso +Date: Wed, 8 Feb 2017 10:28:24 +1100 +Subject: [PATCH] ipc/shm: Fix shmat mmap nil-page protection + +The issue is described here, with a nice testcase: + + https://bugzilla.kernel.org/show_bug.cgi?id=192931 + +The problem is that shmat() calls do_mmap_pgoff() with MAP_FIXED, and the +address rounded down to 0. For the regular mmap case, the protection +mentioned above is that the kernel gets to generate the address -- +arch_get_unmapped_area() will always check for MAP_FIXED and return that +address. So by the time we do security_mmap_addr(0) things get funky for +shmat(). + +The testcase itself shows that while a regular user crashes, root will not +have a problem attaching a nil-page. There are two possible fixes to +this. The first, and which this patch does, is to simply allow root to +crash as well -- this is also regular mmap behavior, ie when hacking up +the testcase and adding mmap(... |MAP_FIXED). While this approach is the +safer option, the second alternative is to ignore SHM_RND if the rounded +address is 0, thus only having MAP_SHARED flags. This makes the behavior +of shmat() identical to the mmap() case. The downside of this is +obviously user visible, but does make sense in that it maintains semantics +after the round-down wrt 0 address and mmap. + +Passes shm related ltp tests. + +Link: http://lkml.kernel.org/r/1486050195-18629-1-git-send-email-dave@stgolabs.net +Signed-off-by: Davidlohr Bueso +Reported-by: Gareth Evans +Cc: Manfred Spraul +Cc: Michael Kerrisk +Signed-off-by: Andrew Morton +--- + ipc/shm.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/ipc/shm.c b/ipc/shm.c +index d7805acb44fd4..06ea9ef7f54a7 100644 +--- a/ipc/shm.c ++++ b/ipc/shm.c +@@ -1091,8 +1091,8 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf) + * "raddr" thing points to kernel space, and there has to be a wrapper around + * this. + */ +-long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, +- unsigned long shmlba) ++long do_shmat(int shmid, char __user *shmaddr, int shmflg, ++ ulong *raddr, unsigned long shmlba) + { + struct shmid_kernel *shp; + unsigned long addr; +@@ -1113,8 +1113,13 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, + goto out; + else if ((addr = (ulong)shmaddr)) { + if (addr & (shmlba - 1)) { +- if (shmflg & SHM_RND) +- addr &= ~(shmlba - 1); /* round down */ ++ /* ++ * Round down to the nearest multiple of shmlba. ++ * For sane do_mmap_pgoff() parameters, avoid ++ * round downs that trigger nil-page and MAP_FIXED. ++ */ ++ if ((shmflg & SHM_RND) && addr >= shmlba) ++ addr &= ~(shmlba - 1); + else + #ifndef __ARCH_FORCE_SHMLBA + if (addr & ~PAGE_MASK) diff --git a/Patches/Linux_CVEs-New/CVE-2017-5669/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-5669/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-5669/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-5669/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-5897/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-5897/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-5897/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-5897/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-5967/3.10/1.patch b/Patches/Linux_CVEs/CVE-2017-5967/3.10/1.patch new file mode 100644 index 00000000..596f8405 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-5967/3.10/1.patch @@ -0,0 +1,908 @@ +From 0407c7a2f4734cd55902753d788fdbdc32ed7fd9 Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Wed, 08 Feb 2017 11:26:59 -0800 +Subject: [PATCH] time: Remove CONFIG_TIMER_STATS + +Currently CONFIG_TIMER_STATS exposes process information across namespaces: + +kernel/time/timer_list.c print_timer(): + + SEQ_printf(m, ", %s/%d", tmp, timer->start_pid); + +/proc/timer_list: + + #11: <0000000000000000>, hrtimer_wakeup, S:01, do_nanosleep, cron/2570 + +Given that the tracer can give the same information, this patch entirely +removes CONFIG_TIMER_STATS. + +Change-Id: Ice26d74094d3ad563808342c1604ad444234844b +Suggested-by: Thomas Gleixner +Signed-off-by: Kees Cook +Acked-by: John Stultz +Cc: Nicolas Pitre +Cc: linux-doc@vger.kernel.org +Cc: Lai Jiangshan +Cc: Shuah Khan +Cc: Xing Gao +Cc: Jonathan Corbet +Cc: Jessica Frazelle +Cc: kernel-hardening@lists.openwall.com +Cc: Nicolas Iooss +Cc: "Paul E. McKenney" +Cc: Petr Mladek +Cc: Richard Cochran +Cc: Tejun Heo +Cc: Michal Marek +Cc: Josh Poimboeuf +Cc: Dmitry Vyukov +Cc: Oleg Nesterov +Cc: "Eric W. Biederman" +Cc: Olof Johansson +Cc: Andrew Morton +Cc: linux-api@vger.kernel.org +Cc: Arjan van de Ven +Link: http://lkml.kernel.org/r/20170208192659.GA32582@beast +Signed-off-by: Thomas Gleixner +--- + +diff --git a/Documentation/timers/timer_stats.txt b/Documentation/timers/timer_stats.txt +deleted file mode 100644 +index 8abd40b..0000000 +--- a/Documentation/timers/timer_stats.txt ++++ /dev/null +@@ -1,73 +0,0 @@ +-timer_stats - timer usage statistics +------------------------------------- +- +-timer_stats is a debugging facility to make the timer (ab)usage in a Linux +-system visible to kernel and userspace developers. If enabled in the config +-but not used it has almost zero runtime overhead, and a relatively small +-data structure overhead. Even if collection is enabled runtime all the +-locking is per-CPU and lookup is hashed. +- +-timer_stats should be used by kernel and userspace developers to verify that +-their code does not make unduly use of timers. This helps to avoid unnecessary +-wakeups, which should be avoided to optimize power consumption. +- +-It can be enabled by CONFIG_TIMER_STATS in the "Kernel hacking" configuration +-section. +- +-timer_stats collects information about the timer events which are fired in a +-Linux system over a sample period: +- +-- the pid of the task(process) which initialized the timer +-- the name of the process which initialized the timer +-- the function where the timer was initialized +-- the callback function which is associated to the timer +-- the number of events (callbacks) +- +-timer_stats adds an entry to /proc: /proc/timer_stats +- +-This entry is used to control the statistics functionality and to read out the +-sampled information. +- +-The timer_stats functionality is inactive on bootup. +- +-To activate a sample period issue: +-# echo 1 >/proc/timer_stats +- +-To stop a sample period issue: +-# echo 0 >/proc/timer_stats +- +-The statistics can be retrieved by: +-# cat /proc/timer_stats +- +-The readout of /proc/timer_stats automatically disables sampling. The sampled +-information is kept until a new sample period is started. This allows multiple +-readouts. +- +-Sample output of /proc/timer_stats: +- +-Timerstats sample period: 3.888770 s +- 12, 0 swapper hrtimer_stop_sched_tick (hrtimer_sched_tick) +- 15, 1 swapper hcd_submit_urb (rh_timer_func) +- 4, 959 kedac schedule_timeout (process_timeout) +- 1, 0 swapper page_writeback_init (wb_timer_fn) +- 28, 0 swapper hrtimer_stop_sched_tick (hrtimer_sched_tick) +- 22, 2948 IRQ 4 tty_flip_buffer_push (delayed_work_timer_fn) +- 3, 3100 bash schedule_timeout (process_timeout) +- 1, 1 swapper queue_delayed_work_on (delayed_work_timer_fn) +- 1, 1 swapper queue_delayed_work_on (delayed_work_timer_fn) +- 1, 1 swapper neigh_table_init_no_netlink (neigh_periodic_timer) +- 1, 2292 ip __netdev_watchdog_up (dev_watchdog) +- 1, 23 events/1 do_cache_clean (delayed_work_timer_fn) +-90 total events, 30.0 events/sec +- +-The first column is the number of events, the second column the pid, the third +-column is the name of the process. The forth column shows the function which +-initialized the timer and in parenthesis the callback function which was +-executed on expiry. +- +- Thomas, Ingo +- +-Added flag to indicate 'deferrable timer' in /proc/timer_stats. A deferrable +-timer will appear as follows +- 10D, 1 swapper queue_delayed_work_on (delayed_work_timer_fn) +- +diff --git a/include/linux/hrtimer.h b/include/linux/hrtimer.h +index 0302bbe..765d9e7 100644 +--- a/include/linux/hrtimer.h ++++ b/include/linux/hrtimer.h +@@ -96,12 +96,6 @@ + * @function: timer expiry callback function + * @base: pointer to the timer base (per cpu and per clock) + * @state: state information (See bit values above) +- * @start_site: timer statistics field to store the site where the timer +- * was started +- * @start_comm: timer statistics field to store the name of the process which +- * started the timer +- * @start_pid: timer statistics field to store the pid of the task which +- * started the timer + * + * The hrtimer structure must be initialized by hrtimer_init() + */ +@@ -111,11 +105,6 @@ + enum hrtimer_restart (*function)(struct hrtimer *); + struct hrtimer_clock_base *base; + unsigned long state; +-#ifdef CONFIG_TIMER_STATS +- int start_pid; +- void *start_site; +- char start_comm[16]; +-#endif + }; + + /** +diff --git a/include/linux/timer.h b/include/linux/timer.h +index 8c5a197..7c8adfa 100644 +--- a/include/linux/timer.h ++++ b/include/linux/timer.h +@@ -23,11 +23,6 @@ + + int slack; + +-#ifdef CONFIG_TIMER_STATS +- int start_pid; +- void *start_site; +- char start_comm[16]; +-#endif + #ifdef CONFIG_LOCKDEP + struct lockdep_map lockdep_map; + #endif +@@ -193,49 +188,6 @@ + * jiffie. + */ + extern unsigned long get_next_timer_interrupt(unsigned long now); +- +-/* +- * Timer-statistics info: +- */ +-#ifdef CONFIG_TIMER_STATS +- +-extern int timer_stats_active; +- +-#define TIMER_STATS_FLAG_DEFERRABLE 0x1 +- +-extern void init_timer_stats(void); +- +-extern void timer_stats_update_stats(void *timer, pid_t pid, void *startf, +- void *timerf, char *comm, +- unsigned int timer_flag); +- +-extern void __timer_stats_timer_set_start_info(struct timer_list *timer, +- void *addr); +- +-static inline void timer_stats_timer_set_start_info(struct timer_list *timer) +-{ +- if (likely(!timer_stats_active)) +- return; +- __timer_stats_timer_set_start_info(timer, __builtin_return_address(0)); +-} +- +-static inline void timer_stats_timer_clear_start_info(struct timer_list *timer) +-{ +- timer->start_site = NULL; +-} +-#else +-static inline void init_timer_stats(void) +-{ +-} +- +-static inline void timer_stats_timer_set_start_info(struct timer_list *timer) +-{ +-} +- +-static inline void timer_stats_timer_clear_start_info(struct timer_list *timer) +-{ +-} +-#endif + + extern void add_timer(struct timer_list *timer); + +diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c +index 47067de..c9c3a6c 100644 +--- a/kernel/hrtimer.c ++++ b/kernel/hrtimer.c +@@ -827,34 +827,6 @@ + clock_was_set_delayed(); + } + +-static inline void timer_stats_hrtimer_set_start_info(struct hrtimer *timer) +-{ +-#ifdef CONFIG_TIMER_STATS +- if (timer->start_site) +- return; +- timer->start_site = __builtin_return_address(0); +- memcpy(timer->start_comm, current->comm, TASK_COMM_LEN); +- timer->start_pid = current->pid; +-#endif +-} +- +-static inline void timer_stats_hrtimer_clear_start_info(struct hrtimer *timer) +-{ +-#ifdef CONFIG_TIMER_STATS +- timer->start_site = NULL; +-#endif +-} +- +-static inline void timer_stats_account_hrtimer(struct hrtimer *timer) +-{ +-#ifdef CONFIG_TIMER_STATS +- if (likely(!timer_stats_active)) +- return; +- timer_stats_update_stats(timer, timer->start_pid, timer->start_site, +- timer->function, timer->start_comm, 0); +-#endif +-} +- + /* + * Counterpart to lock_hrtimer_base above: + */ +@@ -988,7 +960,6 @@ + * rare case and less expensive than a smp call. + */ + debug_deactivate(timer); +- timer_stats_hrtimer_clear_start_info(timer); + reprogram = base->cpu_base == &__get_cpu_var(hrtimer_bases); + /* + * We must preserve the CALLBACK state flag here, +@@ -1033,8 +1004,6 @@ + + /* Switch the timer base, if necessary: */ + new_base = switch_hrtimer_base(timer, base, mode & HRTIMER_MODE_PINNED); +- +- timer_stats_hrtimer_set_start_info(timer); + + leftmost = enqueue_hrtimer(timer, new_base); + +@@ -1211,12 +1180,6 @@ + base = hrtimer_clockid_to_base(clock_id); + timer->base = &cpu_base->clock_base[base]; + timerqueue_init(&timer->node); +- +-#ifdef CONFIG_TIMER_STATS +- timer->start_site = NULL; +- timer->start_pid = -1; +- memset(timer->start_comm, 0, TASK_COMM_LEN); +-#endif + } + + /** +@@ -1264,7 +1227,6 @@ + + debug_deactivate(timer); + __remove_hrtimer(timer, base, HRTIMER_STATE_CALLBACK, 0); +- timer_stats_account_hrtimer(timer); + fn = timer->function; + + /* +diff --git a/kernel/time/Makefile b/kernel/time/Makefile +index aa91af5..fd87e51 100644 +--- a/kernel/time/Makefile ++++ b/kernel/time/Makefile +@@ -7,4 +7,3 @@ + obj-$(CONFIG_GENERIC_SCHED_CLOCK) += sched_clock.o + obj-$(CONFIG_TICK_ONESHOT) += tick-oneshot.o + obj-$(CONFIG_TICK_ONESHOT) += tick-sched.o +-obj-$(CONFIG_TIMER_STATS) += timer_stats.o +diff --git a/kernel/time/timer_list.c b/kernel/time/timer_list.c +index 61ed862..f6a1043 100644 +--- a/kernel/time/timer_list.c ++++ b/kernel/time/timer_list.c +@@ -57,21 +57,11 @@ + print_timer(struct seq_file *m, struct hrtimer *taddr, struct hrtimer *timer, + int idx, u64 now) + { +-#ifdef CONFIG_TIMER_STATS +- char tmp[TASK_COMM_LEN + 1]; +-#endif + SEQ_printf(m, " #%d: ", idx); + print_name_offset(m, taddr); + SEQ_printf(m, ", "); + print_name_offset(m, timer->function); + SEQ_printf(m, ", S:%02lx", timer->state); +-#ifdef CONFIG_TIMER_STATS +- SEQ_printf(m, ", "); +- print_name_offset(m, timer->start_site); +- memcpy(tmp, timer->start_comm, TASK_COMM_LEN); +- tmp[TASK_COMM_LEN] = 0; +- SEQ_printf(m, ", %s/%d", tmp, timer->start_pid); +-#endif + SEQ_printf(m, "\n"); + SEQ_printf(m, " # expires at %Lu-%Lu nsecs [in %Ld to %Ld nsecs]\n", + (unsigned long long)ktime_to_ns(hrtimer_get_softexpires(timer)), +diff --git a/kernel/time/timer_stats.c b/kernel/time/timer_stats.c +deleted file mode 100644 +index 0b537f2..0000000 +--- a/kernel/time/timer_stats.c ++++ /dev/null +@@ -1,425 +0,0 @@ +-/* +- * kernel/time/timer_stats.c +- * +- * Collect timer usage statistics. +- * +- * Copyright(C) 2006, Red Hat, Inc., Ingo Molnar +- * Copyright(C) 2006 Timesys Corp., Thomas Gleixner +- * +- * timer_stats is based on timer_top, a similar functionality which was part of +- * Con Kolivas dyntick patch set. It was developed by Daniel Petrini at the +- * Instituto Nokia de Tecnologia - INdT - Manaus. timer_top's design was based +- * on dynamic allocation of the statistics entries and linear search based +- * lookup combined with a global lock, rather than the static array, hash +- * and per-CPU locking which is used by timer_stats. It was written for the +- * pre hrtimer kernel code and therefore did not take hrtimers into account. +- * Nevertheless it provided the base for the timer_stats implementation and +- * was a helpful source of inspiration. Kudos to Daniel and the Nokia folks +- * for this effort. +- * +- * timer_top.c is +- * Copyright (C) 2005 Instituto Nokia de Tecnologia - INdT - Manaus +- * Written by Daniel Petrini +- * timer_top.c was released under the GNU General Public License version 2 +- * +- * We export the addresses and counting of timer functions being called, +- * the pid and cmdline from the owner process if applicable. +- * +- * Start/stop data collection: +- * # echo [1|0] >/proc/timer_stats +- * +- * Display the information collected so far: +- * # cat /proc/timer_stats +- * +- * This program is free software; you can redistribute it and/or modify +- * it under the terms of the GNU General Public License version 2 as +- * published by the Free Software Foundation. +- */ +- +-#include +-#include +-#include +-#include +-#include +-#include +- +-#include +- +-/* +- * This is our basic unit of interest: a timer expiry event identified +- * by the timer, its start/expire functions and the PID of the task that +- * started the timer. We count the number of times an event happens: +- */ +-struct entry { +- /* +- * Hash list: +- */ +- struct entry *next; +- +- /* +- * Hash keys: +- */ +- void *timer; +- void *start_func; +- void *expire_func; +- pid_t pid; +- +- /* +- * Number of timeout events: +- */ +- unsigned long count; +- unsigned int timer_flag; +- +- /* +- * We save the command-line string to preserve +- * this information past task exit: +- */ +- char comm[TASK_COMM_LEN + 1]; +- +-} ____cacheline_aligned_in_smp; +- +-/* +- * Spinlock protecting the tables - not taken during lookup: +- */ +-static DEFINE_RAW_SPINLOCK(table_lock); +- +-/* +- * Per-CPU lookup locks for fast hash lookup: +- */ +-static DEFINE_PER_CPU(raw_spinlock_t, tstats_lookup_lock); +- +-/* +- * Mutex to serialize state changes with show-stats activities: +- */ +-static DEFINE_MUTEX(show_mutex); +- +-/* +- * Collection status, active/inactive: +- */ +-int __read_mostly timer_stats_active; +- +-/* +- * Beginning/end timestamps of measurement: +- */ +-static ktime_t time_start, time_stop; +- +-/* +- * tstat entry structs only get allocated while collection is +- * active and never freed during that time - this simplifies +- * things quite a bit. +- * +- * They get freed when a new collection period is started. +- */ +-#define MAX_ENTRIES_BITS 10 +-#define MAX_ENTRIES (1UL << MAX_ENTRIES_BITS) +- +-static unsigned long nr_entries; +-static struct entry entries[MAX_ENTRIES]; +- +-static atomic_t overflow_count; +- +-/* +- * The entries are in a hash-table, for fast lookup: +- */ +-#define TSTAT_HASH_BITS (MAX_ENTRIES_BITS - 1) +-#define TSTAT_HASH_SIZE (1UL << TSTAT_HASH_BITS) +-#define TSTAT_HASH_MASK (TSTAT_HASH_SIZE - 1) +- +-#define __tstat_hashfn(entry) \ +- (((unsigned long)(entry)->timer ^ \ +- (unsigned long)(entry)->start_func ^ \ +- (unsigned long)(entry)->expire_func ^ \ +- (unsigned long)(entry)->pid ) & TSTAT_HASH_MASK) +- +-#define tstat_hashentry(entry) (tstat_hash_table + __tstat_hashfn(entry)) +- +-static struct entry *tstat_hash_table[TSTAT_HASH_SIZE] __read_mostly; +- +-static void reset_entries(void) +-{ +- nr_entries = 0; +- memset(entries, 0, sizeof(entries)); +- memset(tstat_hash_table, 0, sizeof(tstat_hash_table)); +- atomic_set(&overflow_count, 0); +-} +- +-static struct entry *alloc_entry(void) +-{ +- if (nr_entries >= MAX_ENTRIES) +- return NULL; +- +- return entries + nr_entries++; +-} +- +-static int match_entries(struct entry *entry1, struct entry *entry2) +-{ +- return entry1->timer == entry2->timer && +- entry1->start_func == entry2->start_func && +- entry1->expire_func == entry2->expire_func && +- entry1->pid == entry2->pid; +-} +- +-/* +- * Look up whether an entry matching this item is present +- * in the hash already. Must be called with irqs off and the +- * lookup lock held: +- */ +-static struct entry *tstat_lookup(struct entry *entry, char *comm) +-{ +- struct entry **head, *curr, *prev; +- +- head = tstat_hashentry(entry); +- curr = *head; +- +- /* +- * The fastpath is when the entry is already hashed, +- * we do this with the lookup lock held, but with the +- * table lock not held: +- */ +- while (curr) { +- if (match_entries(curr, entry)) +- return curr; +- +- curr = curr->next; +- } +- /* +- * Slowpath: allocate, set up and link a new hash entry: +- */ +- prev = NULL; +- curr = *head; +- +- raw_spin_lock(&table_lock); +- /* +- * Make sure we have not raced with another CPU: +- */ +- while (curr) { +- if (match_entries(curr, entry)) +- goto out_unlock; +- +- prev = curr; +- curr = curr->next; +- } +- +- curr = alloc_entry(); +- if (curr) { +- *curr = *entry; +- curr->count = 0; +- curr->next = NULL; +- memcpy(curr->comm, comm, TASK_COMM_LEN); +- +- smp_mb(); /* Ensure that curr is initialized before insert */ +- +- if (prev) +- prev->next = curr; +- else +- *head = curr; +- } +- out_unlock: +- raw_spin_unlock(&table_lock); +- +- return curr; +-} +- +-/** +- * timer_stats_update_stats - Update the statistics for a timer. +- * @timer: pointer to either a timer_list or a hrtimer +- * @pid: the pid of the task which set up the timer +- * @startf: pointer to the function which did the timer setup +- * @timerf: pointer to the timer callback function of the timer +- * @comm: name of the process which set up the timer +- * +- * When the timer is already registered, then the event counter is +- * incremented. Otherwise the timer is registered in a free slot. +- */ +-void timer_stats_update_stats(void *timer, pid_t pid, void *startf, +- void *timerf, char *comm, +- unsigned int timer_flag) +-{ +- /* +- * It doesn't matter which lock we take: +- */ +- raw_spinlock_t *lock; +- struct entry *entry, input; +- unsigned long flags; +- +- if (likely(!timer_stats_active)) +- return; +- +- lock = &per_cpu(tstats_lookup_lock, raw_smp_processor_id()); +- +- input.timer = timer; +- input.start_func = startf; +- input.expire_func = timerf; +- input.pid = pid; +- input.timer_flag = timer_flag; +- +- raw_spin_lock_irqsave(lock, flags); +- if (!timer_stats_active) +- goto out_unlock; +- +- entry = tstat_lookup(&input, comm); +- if (likely(entry)) +- entry->count++; +- else +- atomic_inc(&overflow_count); +- +- out_unlock: +- raw_spin_unlock_irqrestore(lock, flags); +-} +- +-static void print_name_offset(struct seq_file *m, unsigned long addr) +-{ +- char symname[KSYM_NAME_LEN]; +- +- if (lookup_symbol_name(addr, symname) < 0) +- seq_printf(m, "<%p>", (void *)addr); +- else +- seq_printf(m, "%s", symname); +-} +- +-static int tstats_show(struct seq_file *m, void *v) +-{ +- struct timespec period; +- struct entry *entry; +- unsigned long ms; +- long events = 0; +- ktime_t time; +- int i; +- +- mutex_lock(&show_mutex); +- /* +- * If still active then calculate up to now: +- */ +- if (timer_stats_active) +- time_stop = ktime_get(); +- +- time = ktime_sub(time_stop, time_start); +- +- period = ktime_to_timespec(time); +- ms = period.tv_nsec / 1000000; +- +- seq_puts(m, "Timer Stats Version: v0.2\n"); +- seq_printf(m, "Sample period: %ld.%03ld s\n", period.tv_sec, ms); +- if (atomic_read(&overflow_count)) +- seq_printf(m, "Overflow: %d entries\n", +- atomic_read(&overflow_count)); +- +- for (i = 0; i < nr_entries; i++) { +- entry = entries + i; +- if (entry->timer_flag & TIMER_STATS_FLAG_DEFERRABLE) { +- seq_printf(m, "%4luD, %5d %-16s ", +- entry->count, entry->pid, entry->comm); +- } else { +- seq_printf(m, " %4lu, %5d %-16s ", +- entry->count, entry->pid, entry->comm); +- } +- +- print_name_offset(m, (unsigned long)entry->start_func); +- seq_puts(m, " ("); +- print_name_offset(m, (unsigned long)entry->expire_func); +- seq_puts(m, ")\n"); +- +- events += entry->count; +- } +- +- ms += period.tv_sec * 1000; +- if (!ms) +- ms = 1; +- +- if (events && period.tv_sec) +- seq_printf(m, "%ld total events, %ld.%03ld events/sec\n", +- events, events * 1000 / ms, +- (events * 1000000 / ms) % 1000); +- else +- seq_printf(m, "%ld total events\n", events); +- +- mutex_unlock(&show_mutex); +- +- return 0; +-} +- +-/* +- * After a state change, make sure all concurrent lookup/update +- * activities have stopped: +- */ +-static void sync_access(void) +-{ +- unsigned long flags; +- int cpu; +- +- for_each_online_cpu(cpu) { +- raw_spinlock_t *lock = &per_cpu(tstats_lookup_lock, cpu); +- +- raw_spin_lock_irqsave(lock, flags); +- /* nothing */ +- raw_spin_unlock_irqrestore(lock, flags); +- } +-} +- +-static ssize_t tstats_write(struct file *file, const char __user *buf, +- size_t count, loff_t *offs) +-{ +- char ctl[2]; +- +- if (count != 2 || *offs) +- return -EINVAL; +- +- if (copy_from_user(ctl, buf, count)) +- return -EFAULT; +- +- mutex_lock(&show_mutex); +- switch (ctl[0]) { +- case '0': +- if (timer_stats_active) { +- timer_stats_active = 0; +- time_stop = ktime_get(); +- sync_access(); +- } +- break; +- case '1': +- if (!timer_stats_active) { +- reset_entries(); +- time_start = ktime_get(); +- smp_mb(); +- timer_stats_active = 1; +- } +- break; +- default: +- count = -EINVAL; +- } +- mutex_unlock(&show_mutex); +- +- return count; +-} +- +-static int tstats_open(struct inode *inode, struct file *filp) +-{ +- return single_open(filp, tstats_show, NULL); +-} +- +-static const struct file_operations tstats_fops = { +- .open = tstats_open, +- .read = seq_read, +- .write = tstats_write, +- .llseek = seq_lseek, +- .release = single_release, +-}; +- +-void __init init_timer_stats(void) +-{ +- int cpu; +- +- for_each_possible_cpu(cpu) +- raw_spin_lock_init(&per_cpu(tstats_lookup_lock, cpu)); +-} +- +-static int __init init_tstats_procfs(void) +-{ +- struct proc_dir_entry *pe; +- +- pe = proc_create("timer_stats", 0644, NULL, &tstats_fops); +- if (!pe) +- return -ENOMEM; +- return 0; +-} +-__initcall(init_tstats_procfs); +diff --git a/kernel/timer.c b/kernel/timer.c +index 5733076..8bff0a9 100644 +--- a/kernel/timer.c ++++ b/kernel/timer.c +@@ -397,34 +397,6 @@ + } + } + +-#ifdef CONFIG_TIMER_STATS +-void __timer_stats_timer_set_start_info(struct timer_list *timer, void *addr) +-{ +- if (timer->start_site) +- return; +- +- timer->start_site = addr; +- memcpy(timer->start_comm, current->comm, TASK_COMM_LEN); +- timer->start_pid = current->pid; +-} +- +-static void timer_stats_account_timer(struct timer_list *timer) +-{ +- unsigned int flag = 0; +- +- if (likely(!timer->start_site)) +- return; +- if (unlikely(tbase_get_deferrable(timer->base))) +- flag |= TIMER_STATS_FLAG_DEFERRABLE; +- +- timer_stats_update_stats(timer, timer->start_pid, timer->start_site, +- timer->function, timer->start_comm, flag); +-} +- +-#else +-static void timer_stats_account_timer(struct timer_list *timer) {} +-#endif +- + #ifdef CONFIG_DEBUG_OBJECTS_TIMERS + + static struct debug_obj_descr timer_debug_descr; +@@ -637,11 +609,6 @@ + timer->entry.next = NULL; + timer->base = (void *)((unsigned long)base | flags); + timer->slack = -1; +-#ifdef CONFIG_TIMER_STATS +- timer->start_site = NULL; +- timer->start_pid = -1; +- memset(timer->start_comm, 0, TASK_COMM_LEN); +-#endif + lockdep_init_map(&timer->lockdep_map, name, key, 0); + } + +@@ -739,7 +706,6 @@ + unsigned long flags; + int ret = 0 , cpu; + +- timer_stats_timer_set_start_info(timer); + BUG_ON(!timer->function); + + base = lock_timer_base(timer, &flags); +@@ -943,7 +909,6 @@ + struct tvec_base *base = per_cpu(tvec_bases, cpu); + unsigned long flags; + +- timer_stats_timer_set_start_info(timer); + BUG_ON(timer_pending(timer) || !timer->function); + spin_lock_irqsave(&base->lock, flags); + timer_set_base(timer, base); +@@ -981,7 +946,6 @@ + + debug_assert_init(timer); + +- timer_stats_timer_clear_start_info(timer); + if (timer_pending(timer)) { + base = lock_timer_base(timer, &flags); + ret = detach_if_pending(timer, base, true); +@@ -1009,10 +973,9 @@ + + base = lock_timer_base(timer, &flags); + +- if (base->running_timer != timer) { +- timer_stats_timer_clear_start_info(timer); ++ if (base->running_timer != timer) + ret = detach_if_pending(timer, base, true); +- } ++ + spin_unlock_irqrestore(&base->lock, flags); + + return ret; +@@ -1192,8 +1155,6 @@ + fn = timer->function; + data = timer->data; + irqsafe = tbase_get_irqsafe(timer->base); +- +- timer_stats_account_timer(timer); + + base->running_timer = timer; + detach_expired_timer(timer, base); +@@ -1695,7 +1656,6 @@ + + err = timer_cpu_notify(&timers_nb, (unsigned long)CPU_UP_PREPARE, + (void *)(long)smp_processor_id()); +- init_timer_stats(); + + BUG_ON(err != NOTIFY_OK); + +diff --git a/kernel/workqueue.c b/kernel/workqueue.c +index 2505648..562f1a5 100755 +--- a/kernel/workqueue.c ++++ b/kernel/workqueue.c +@@ -1448,8 +1448,6 @@ + return; + } + +- timer_stats_timer_set_start_info(&dwork->timer); +- + dwork->wq = wq; + dwork->cpu = cpu; + timer->expires = jiffies + delay; +diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug +index a0818f1..822e2be 100755 +--- a/lib/Kconfig.debug ++++ b/lib/Kconfig.debug +@@ -400,20 +400,6 @@ + application, you can say N to avoid the very slight overhead + this adds. + +-config TIMER_STATS +- bool "Collect kernel timers statistics" +- depends on DEBUG_KERNEL && PROC_FS +- help +- If you say Y here, additional code will be inserted into the +- timer routines to collect statistics about kernel timers being +- reprogrammed. The statistics can be read from /proc/timer_stats. +- The statistics collection is started by writing 1 to /proc/timer_stats, +- writing 0 stops it. This feature is useful to collect information +- about timer usage patterns in kernel and userspace. This feature +- is lightweight if enabled in the kernel config but not activated +- (it defaults to deactivated on bootup and will only be activated +- if some application like powertop activates it explicitly). +- + config DEBUG_OBJECTS + bool "Debug object operations" + depends on DEBUG_KERNEL diff --git a/Patches/Linux_CVEs-New/CVE-2017-5967/3.10/1.patch.base64 b/Patches/Linux_CVEs/CVE-2017-5967/3.10/1.patch.base64 similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-5967/3.10/1.patch.base64 rename to Patches/Linux_CVEs/CVE-2017-5967/3.10/1.patch.base64 diff --git a/Patches/Linux_CVEs/CVE-2017-5967/3.18/2.patch b/Patches/Linux_CVEs/CVE-2017-5967/3.18/2.patch new file mode 100644 index 00000000..90b2f55c --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-5967/3.18/2.patch @@ -0,0 +1,20 @@ +From 63d41fb2b101ff0bd786deab3c60114d38d47048 Mon Sep 17 00:00:00 2001 +From: Christopher R. Palmer +Date: Sat, 29 Apr 2017 06:44:14 -0400 +Subject: [PATCH] pme: defconfig: Remove CONFIG_TIMER_STATS + +Change-Id: Ib4c88393eccc70e998f3a7dcc9f9a4de5230735c +--- + +diff --git a/arch/arm64/configs/pme_defconfig b/arch/arm64/configs/pme_defconfig +index b145bb6..6ad8818 100644 +--- a/arch/arm64/configs/pme_defconfig ++++ b/arch/arm64/configs/pme_defconfig +@@ -4414,7 +4414,6 @@ + # CONFIG_PANIC_ON_RT_THROTTLING is not set + # CONFIG_SCHEDSTATS is not set + # CONFIG_SCHED_STACK_END_CHECK is not set +-CONFIG_TIMER_STATS=y + # CONFIG_DEBUG_MODULE_SCAN_OFF is not set + # CONFIG_DEBUG_TASK_STACK_SCAN_OFF is not set + # CONFIG_DEBUG_PREEMPT is not set diff --git a/Patches/Linux_CVEs-New/CVE-2017-5967/3.18/2.patch.base64 b/Patches/Linux_CVEs/CVE-2017-5967/3.18/2.patch.base64 similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-5967/3.18/2.patch.base64 rename to Patches/Linux_CVEs/CVE-2017-5967/3.18/2.patch.base64 diff --git a/Patches/Linux_CVEs-New/CVE-2017-5967/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-5967/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-5967/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-5967/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-5970/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-5970/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-5970/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-5970/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-5972/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-5972/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-5972/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-5972/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-5986/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-5986/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-5986/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-5986/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-6001/3.4/0.patch b/Patches/Linux_CVEs/CVE-2017-6001/3.4/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-6001/3.4/0.patch rename to Patches/Linux_CVEs/CVE-2017-6001/3.4/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-6074/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-6074/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-6074/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-6074/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-6074/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-6074/ANY/1.patch new file mode 100644 index 00000000..79c6a180 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-6074/ANY/1.patch @@ -0,0 +1,47 @@ +From 5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 Mon Sep 17 00:00:00 2001 +From: Andrey Konovalov +Date: Thu, 16 Feb 2017 17:22:46 +0100 +Subject: dccp: fix freeing skb too early for IPV6_RECVPKTINFO + +In the current DCCP implementation an skb for a DCCP_PKT_REQUEST packet +is forcibly freed via __kfree_skb in dccp_rcv_state_process if +dccp_v6_conn_request successfully returns. + +However, if IPV6_RECVPKTINFO is set on a socket, the address of the skb +is saved to ireq->pktopts and the ref count for skb is incremented in +dccp_v6_conn_request, so skb is still in use. Nevertheless, it gets freed +in dccp_rcv_state_process. + +Fix by calling consume_skb instead of doing goto discard and therefore +calling __kfree_skb. + +Similar fixes for TCP: + +fb7e2399ec17f1004c0e0ccfd17439f8759ede01 [TCP]: skb is unexpectedly freed. +0aea76d35c9651d55bbaf746e7914e5f9ae5a25d tcp: SYN packets are now +simply consumed + +Signed-off-by: Andrey Konovalov +Acked-by: Eric Dumazet +Signed-off-by: David S. Miller +--- + net/dccp/input.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/net/dccp/input.c b/net/dccp/input.c +index ba34718..8fedc2d 100644 +--- a/net/dccp/input.c ++++ b/net/dccp/input.c +@@ -606,7 +606,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb, + if (inet_csk(sk)->icsk_af_ops->conn_request(sk, + skb) < 0) + return 1; +- goto discard; ++ consume_skb(skb); ++ return 0; + } + if (dh->dccph_type == DCCP_PKT_RESET) + goto discard; +-- +cgit v1.1 + diff --git a/Patches/Linux_CVEs-New/CVE-2017-6214/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-6214/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-6214/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-6214/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-6214/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-6214/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-6214/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-6214/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-6346/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-6345/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-6346/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-6345/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-6346/3.18/1.patch b/Patches/Linux_CVEs/CVE-2017-6346/3.18/1.patch new file mode 100644 index 00000000..665dc9ea --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-6346/3.18/1.patch @@ -0,0 +1,53 @@ +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index 05cfee7..2ae5ae2 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -1429,13 +1429,16 @@ + return -EINVAL; + } + +- if (!po->running) +- return -EINVAL; +- +- if (po->fanout) +- return -EALREADY; +- + mutex_lock(&fanout_mutex); ++ ++ err = -EINVAL; ++ if (!po->running) ++ goto out; ++ ++ err = -EALREADY; ++ if (po->fanout) ++ goto out; ++ + match = NULL; + list_for_each_entry(f, &fanout_list, list) { + if (f->id == id && +@@ -1491,17 +1494,16 @@ + struct packet_sock *po = pkt_sk(sk); + struct packet_fanout *f; + +- f = po->fanout; +- if (!f) +- return; +- + mutex_lock(&fanout_mutex); +- po->fanout = NULL; ++ f = po->fanout; ++ if (f) { ++ po->fanout = NULL; + +- if (atomic_dec_and_test(&f->sk_ref)) { +- list_del(&f->list); +- dev_remove_pack(&f->prot_hook); +- kfree(f); ++ if (atomic_dec_and_test(&f->sk_ref)) { ++ list_del(&f->list); ++ dev_remove_pack(&f->prot_hook); ++ kfree(f); ++ } + } + mutex_unlock(&fanout_mutex); + } diff --git a/Patches/Linux_CVEs/CVE-2017-6346/3.18/1.patch.base64 b/Patches/Linux_CVEs/CVE-2017-6346/3.18/1.patch.base64 new file mode 100644 index 00000000..57eacd49 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-6346/3.18/1.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL25ldC9wYWNrZXQvYWZfcGFja2V0LmMgYi9uZXQvcGFja2V0L2FmX3BhY2tldC5jCmluZGV4IDA1Y2ZlZTcuLjJhZTVhZTIgMTAwNjQ0Ci0tLSBhL25ldC9wYWNrZXQvYWZfcGFja2V0LmMKKysrIGIvbmV0L3BhY2tldC9hZl9wYWNrZXQuYwpAQCAtMTQyOSwxMyArMTQyOSwxNiBAQAogCQlyZXR1cm4gLUVJTlZBTDsKIAl9CiAKLQlpZiAoIXBvLT5ydW5uaW5nKQotCQlyZXR1cm4gLUVJTlZBTDsKLQotCWlmIChwby0+ZmFub3V0KQotCQlyZXR1cm4gLUVBTFJFQURZOwotCiAJbXV0ZXhfbG9jaygmZmFub3V0X211dGV4KTsKKworCWVyciA9IC1FSU5WQUw7CisJaWYgKCFwby0+cnVubmluZykKKwkJZ290byBvdXQ7CisKKwllcnIgPSAtRUFMUkVBRFk7CisJaWYgKHBvLT5mYW5vdXQpCisJCWdvdG8gb3V0OworCiAJbWF0Y2ggPSBOVUxMOwogCWxpc3RfZm9yX2VhY2hfZW50cnkoZiwgJmZhbm91dF9saXN0LCBsaXN0KSB7CiAJCWlmIChmLT5pZCA9PSBpZCAmJgpAQCAtMTQ5MSwxNyArMTQ5NCwxNiBAQAogCXN0cnVjdCBwYWNrZXRfc29jayAqcG8gPSBwa3Rfc2soc2spOwogCXN0cnVjdCBwYWNrZXRfZmFub3V0ICpmOwogCi0JZiA9IHBvLT5mYW5vdXQ7Ci0JaWYgKCFmKQotCQlyZXR1cm47Ci0KIAltdXRleF9sb2NrKCZmYW5vdXRfbXV0ZXgpOwotCXBvLT5mYW5vdXQgPSBOVUxMOworCWYgPSBwby0+ZmFub3V0OworCWlmIChmKSB7CisJCXBvLT5mYW5vdXQgPSBOVUxMOwogCi0JaWYgKGF0b21pY19kZWNfYW5kX3Rlc3QoJmYtPnNrX3JlZikpIHsKLQkJbGlzdF9kZWwoJmYtPmxpc3QpOwotCQlkZXZfcmVtb3ZlX3BhY2soJmYtPnByb3RfaG9vayk7Ci0JCWtmcmVlKGYpOworCQlpZiAoYXRvbWljX2RlY19hbmRfdGVzdCgmZi0+c2tfcmVmKSkgeworCQkJbGlzdF9kZWwoJmYtPmxpc3QpOworCQkJZGV2X3JlbW92ZV9wYWNrKCZmLT5wcm90X2hvb2spOworCQkJa2ZyZWUoZik7CisJCX0KIAl9CiAJbXV0ZXhfdW5sb2NrKCZmYW5vdXRfbXV0ZXgpOwogfQo= \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-9075/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-6346/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9075/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-6346/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-6347/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-6347/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-6347/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-6347/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-6348/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-6348/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-6348/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-6348/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-6353/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-6353/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-6353/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-6353/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-6421/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-6421/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-6421/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-6421/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-6423/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-6423/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-6423/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-6423/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-6424/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-6424/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-6424/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-6424/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-6424/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-6424/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-6424/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-6424/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-6425/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-6425/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-6425/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-6425/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-6426/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-6426/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-6426/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-6426/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-6874/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-6874/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-6874/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-6874/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-6951/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-6951/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-6951/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-6951/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7184/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7184/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7184/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-7184/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7184/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-7184/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7184/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-7184/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7187/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-7187/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7187/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-7187/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7277/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7277/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7277/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-7277/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7277/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-7277/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7277/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-7277/ANY/1.patch diff --git a/Patches/Linux_CVEs/CVE-2017-7308/3.18/0.patch b/Patches/Linux_CVEs/CVE-2017-7308/3.18/0.patch new file mode 100644 index 00000000..e1efaa13 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-7308/3.18/0.patch @@ -0,0 +1,15 @@ +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index bcd8142..86b3e2f 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -3808,8 +3808,8 @@ + if (unlikely(req->tp_block_size & (PAGE_SIZE - 1))) + goto out; + if (po->tp_version >= TPACKET_V3 && +- (int)(req->tp_block_size - +- BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0) ++ req->tp_block_size <= ++ BLK_PLUS_PRIV((u64)req_u->req3.tp_sizeof_priv)) + goto out; + if (unlikely(req->tp_frame_size < po->tp_hdrlen + + po->tp_reserve)) diff --git a/Patches/Linux_CVEs/CVE-2017-7308/3.18/0.patch.base64 b/Patches/Linux_CVEs/CVE-2017-7308/3.18/0.patch.base64 new file mode 100644 index 00000000..c19832cd --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-7308/3.18/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL25ldC9wYWNrZXQvYWZfcGFja2V0LmMgYi9uZXQvcGFja2V0L2FmX3BhY2tldC5jCmluZGV4IGJjZDgxNDIuLjg2YjNlMmYgMTAwNjQ0Ci0tLSBhL25ldC9wYWNrZXQvYWZfcGFja2V0LmMKKysrIGIvbmV0L3BhY2tldC9hZl9wYWNrZXQuYwpAQCAtMzgwOCw4ICszODA4LDggQEAKIAkJaWYgKHVubGlrZWx5KHJlcS0+dHBfYmxvY2tfc2l6ZSAmIChQQUdFX1NJWkUgLSAxKSkpCiAJCQlnb3RvIG91dDsKIAkJaWYgKHBvLT50cF92ZXJzaW9uID49IFRQQUNLRVRfVjMgJiYKLQkJICAgIChpbnQpKHJlcS0+dHBfYmxvY2tfc2l6ZSAtCi0JCQkgIEJMS19QTFVTX1BSSVYocmVxX3UtPnJlcTMudHBfc2l6ZW9mX3ByaXYpKSA8PSAwKQorCQkgICAgcmVxLT50cF9ibG9ja19zaXplIDw9CisJCQkgIEJMS19QTFVTX1BSSVYoKHU2NClyZXFfdS0+cmVxMy50cF9zaXplb2ZfcHJpdikpCiAJCQlnb3RvIG91dDsKIAkJaWYgKHVubGlrZWx5KHJlcS0+dHBfZnJhbWVfc2l6ZSA8IHBvLT50cF9oZHJsZW4gKwogCQkJCQlwby0+dHBfcmVzZXJ2ZSkpCg== \ No newline at end of file diff --git a/Patches/Linux_CVEs/CVE-2017-7308/3.18/1.patch b/Patches/Linux_CVEs/CVE-2017-7308/3.18/1.patch new file mode 100644 index 00000000..f6203084 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-7308/3.18/1.patch @@ -0,0 +1,13 @@ +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index 86b3e2f..9c80212 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -3820,6 +3820,8 @@ + rb->frames_per_block = req->tp_block_size/req->tp_frame_size; + if (unlikely(rb->frames_per_block <= 0)) + goto out; ++ if (unlikely(req->tp_block_size > UINT_MAX / req->tp_block_nr)) ++ goto out; + if (unlikely((rb->frames_per_block * req->tp_block_nr) != + req->tp_frame_nr)) + goto out; diff --git a/Patches/Linux_CVEs/CVE-2017-7308/3.18/1.patch.base64 b/Patches/Linux_CVEs/CVE-2017-7308/3.18/1.patch.base64 new file mode 100644 index 00000000..fc2a099a --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-7308/3.18/1.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL25ldC9wYWNrZXQvYWZfcGFja2V0LmMgYi9uZXQvcGFja2V0L2FmX3BhY2tldC5jCmluZGV4IDg2YjNlMmYuLjljODAyMTIgMTAwNjQ0Ci0tLSBhL25ldC9wYWNrZXQvYWZfcGFja2V0LmMKKysrIGIvbmV0L3BhY2tldC9hZl9wYWNrZXQuYwpAQCAtMzgyMCw2ICszODIwLDggQEAKIAkJcmItPmZyYW1lc19wZXJfYmxvY2sgPSByZXEtPnRwX2Jsb2NrX3NpemUvcmVxLT50cF9mcmFtZV9zaXplOwogCQlpZiAodW5saWtlbHkocmItPmZyYW1lc19wZXJfYmxvY2sgPD0gMCkpCiAJCQlnb3RvIG91dDsKKwkJaWYgKHVubGlrZWx5KHJlcS0+dHBfYmxvY2tfc2l6ZSA+IFVJTlRfTUFYIC8gcmVxLT50cF9ibG9ja19ucikpCisJCQlnb3RvIG91dDsKIAkJaWYgKHVubGlrZWx5KChyYi0+ZnJhbWVzX3Blcl9ibG9jayAqIHJlcS0+dHBfYmxvY2tfbnIpICE9CiAJCQkJCXJlcS0+dHBfZnJhbWVfbnIpKQogCQkJZ290byBvdXQ7Cg== \ No newline at end of file diff --git a/Patches/Linux_CVEs/CVE-2017-7308/3.18/2.patch b/Patches/Linux_CVEs/CVE-2017-7308/3.18/2.patch new file mode 100644 index 00000000..d268e7b0 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-7308/3.18/2.patch @@ -0,0 +1,13 @@ +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index 9c80212..05cfee7 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -3314,6 +3314,8 @@ + return -EBUSY; + if (copy_from_user(&val, optval, sizeof(val))) + return -EFAULT; ++ if (val > INT_MAX) ++ return -EINVAL; + po->tp_reserve = val; + return 0; + } diff --git a/Patches/Linux_CVEs/CVE-2017-7308/3.18/2.patch.base64 b/Patches/Linux_CVEs/CVE-2017-7308/3.18/2.patch.base64 new file mode 100644 index 00000000..1dfb5aab --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-7308/3.18/2.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL25ldC9wYWNrZXQvYWZfcGFja2V0LmMgYi9uZXQvcGFja2V0L2FmX3BhY2tldC5jCmluZGV4IDljODAyMTIuLjA1Y2ZlZTcgMTAwNjQ0Ci0tLSBhL25ldC9wYWNrZXQvYWZfcGFja2V0LmMKKysrIGIvbmV0L3BhY2tldC9hZl9wYWNrZXQuYwpAQCAtMzMxNCw2ICszMzE0LDggQEAKIAkJCXJldHVybiAtRUJVU1k7CiAJCWlmIChjb3B5X2Zyb21fdXNlcigmdmFsLCBvcHR2YWwsIHNpemVvZih2YWwpKSkKIAkJCXJldHVybiAtRUZBVUxUOworCQlpZiAodmFsID4gSU5UX01BWCkKKwkJCXJldHVybiAtRUlOVkFMOwogCQlwby0+dHBfcmVzZXJ2ZSA9IHZhbDsKIAkJcmV0dXJuIDA7CiAJfQo= \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-7364/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7364/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7364/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-7364/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7366/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7366/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7366/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-7366/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7366/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-7366/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7366/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-7366/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7368/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7368/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7368/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-7368/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7369/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-7369/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7369/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-7369/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7369/3.18/1.patch b/Patches/Linux_CVEs/CVE-2017-7369/3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7369/3.18/1.patch rename to Patches/Linux_CVEs/CVE-2017-7369/3.18/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7370/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7370/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7370/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-7370/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7371/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7371/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7371/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-7371/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-7371/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-7371/ANY/1.patch new file mode 100644 index 00000000..19b01e18 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-7371/ANY/1.patch @@ -0,0 +1,45 @@ +From 9d5a0bc7f6318821fddf9fc0ac9a05e58bb00a6b Mon Sep 17 00:00:00 2001 +From: Sungjun Park +Date: Mon, 23 Jan 2017 13:28:44 -0800 +Subject: bluetooth: Fix free data pointer routine + +Data pointer has been reused after freed it. So, +it has been moved to after using the data pointer +to clean up resource and freed it. + +Change-Id: Ibc94e092134ff1f36e896c679ade7f639254a24d +Signed-off-by: Sungjun Park +--- + drivers/bluetooth/btfm_slim.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/drivers/bluetooth/btfm_slim.c b/drivers/bluetooth/btfm_slim.c +index 5fb00b9..1c6e256 100644 +--- a/drivers/bluetooth/btfm_slim.c ++++ b/drivers/bluetooth/btfm_slim.c +@@ -1,4 +1,4 @@ +-/* Copyright (c) 2016, The Linux Foundation. All rights reserved. ++/* Copyright (c) 2017, The Linux Foundation. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 and +@@ -509,7 +509,6 @@ static int btfm_slim_remove(struct slim_device *slim) + BTFMSLIM_DBG(""); + mutex_destroy(&btfm_slim->io_lock); + mutex_destroy(&btfm_slim->xfer_lock); +- kfree(btfm_slim); + snd_soc_unregister_codec(&slim->dev); + + BTFMSLIM_DBG("slim_remove_device() - btfm_slim->slim_ifd"); +@@ -517,6 +516,8 @@ static int btfm_slim_remove(struct slim_device *slim) + + BTFMSLIM_DBG("slim_remove_device() - btfm_slim->slim_pgd"); + slim_remove_device(slim); ++ ++ kfree(btfm_slim); + return 0; + } + +-- +cgit v1.1 + diff --git a/Patches/Linux_CVEs-New/CVE-2017-7372/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7372/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7372/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-7372/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7373/3.10/1.patch b/Patches/Linux_CVEs/CVE-2017-7373/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7373/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2017-7373/3.10/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7373/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7373/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7373/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-7373/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7374/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7374/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7374/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-7374/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7472/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7472/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7472/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-7472/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7487/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7487/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7487/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-7487/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-7495/3.18/1.patch b/Patches/Linux_CVEs/CVE-2017-7495/3.18/1.patch new file mode 100644 index 00000000..6204174f --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-7495/3.18/1.patch @@ -0,0 +1,87 @@ +From 3127779c064c6358310e542c725fe1f64dd6a60f Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Mon, 17 Sep 2001 00:00:00 +0200 +Subject: [PATCH] ext4: fix data exposure after a crash + +commit 06bd3c36a733ac27962fea7d6f47168841376824 upstream. + +Huang has reported that in his powerfail testing he is seeing stale +block contents in some of recently allocated blocks although he mounts +ext4 in data=ordered mode. After some investigation I have found out +that indeed when delayed allocation is used, we don't add inode to +transaction's list of inodes needing flushing before commit. Originally +we were doing that but commit f3b59291a69d removed the logic with a +flawed argument that it is not needed. + +The problem is that although for delayed allocated blocks we write their +contents immediately after allocating them, there is no guarantee that +the IO scheduler or device doesn't reorder things and thus transaction +allocating blocks and attaching them to inode can reach stable storage +before actual block contents. Actually whenever we attach freshly +allocated blocks to inode using a written extent, we should add inode to +transaction's ordered inode list to make sure we properly wait for block +contents to be written before committing the transaction. So that is +what we do in this patch. This also handles other cases where stale data +exposure was possible - like filling hole via mmap in +data=ordered,nodelalloc mode. + +The only exception to the above rule are extending direct IO writes where +blkdev_direct_IO() waits for IO to complete before increasing i_size and +thus stale data exposure is not possible. For now we don't complicate +the code with optimizing this special case since the overhead is pretty +low. In case this is observed to be a performance problem we can always +handle it using a special flag to ext4_map_blocks(). + +Change-Id: I9f8b371c9fd716bf3d8af3780ce43e73d80cfb28 +Fixes: f3b59291a69d0b734be1fc8be489fef2dd846d3d +Reported-by: "HUANG Weller (CM/ESW12-CN)" +Tested-by: "HUANG Weller (CM/ESW12-CN)" +Signed-off-by: Jan Kara +Signed-off-by: Theodore Ts'o +[bwh: Backported to 3.16: + - Drop check for EXT4_GET_BLOCKS_ZERO flag + - Adjust context] +Signed-off-by: Ben Hutchings +--- + +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c +index 9d358dc..f472aed 100644 +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -661,6 +661,20 @@ + ret = check_block_validity(inode, map); + if (ret != 0) + return ret; ++ ++ /* ++ * Inodes with freshly allocated blocks where contents will be ++ * visible after transaction commit must be on transaction's ++ * ordered data list. ++ */ ++ if (map->m_flags & EXT4_MAP_NEW && ++ !(map->m_flags & EXT4_MAP_UNWRITTEN) && ++ !IS_NOQUOTA(inode) && ++ ext4_should_order_data(inode)) { ++ ret = ext4_jbd2_file_inode(handle, inode); ++ if (ret) ++ return ret; ++ } + } + return retval; + } +@@ -1116,15 +1130,6 @@ + int i_size_changed = 0; + + trace_ext4_write_end(inode, pos, len, copied); +- if (ext4_test_inode_state(inode, EXT4_STATE_ORDERED_MODE)) { +- ret = ext4_jbd2_file_inode(handle, inode); +- if (ret) { +- unlock_page(page); +- page_cache_release(page); +- goto errout; +- } +- } +- + if (ext4_has_inline_data(inode)) { + ret = ext4_write_inline_data_end(inode, pos, len, + copied, page); diff --git a/Patches/Linux_CVEs/CVE-2017-7495/3.18/1.patch.base64 b/Patches/Linux_CVEs/CVE-2017-7495/3.18/1.patch.base64 new file mode 100644 index 00000000..9708ac07 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-7495/3.18/1.patch.base64 @@ -0,0 +1 @@ +RnJvbSAzMTI3Nzc5YzA2NGM2MzU4MzEwZTU0MmM3MjVmZTFmNjRkZDZhNjBmIE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKYW4gS2FyYSA8amFja0BzdXNlLmN6PgpEYXRlOiBNb24sIDE3IFNlcCAyMDAxIDAwOjAwOjAwICswMjAwClN1YmplY3Q6IFtQQVRDSF0gZXh0NDogZml4IGRhdGEgZXhwb3N1cmUgYWZ0ZXIgYSBjcmFzaAoKY29tbWl0IDA2YmQzYzM2YTczM2FjMjc5NjJmZWE3ZDZmNDcxNjg4NDEzNzY4MjQgdXBzdHJlYW0uCgpIdWFuZyBoYXMgcmVwb3J0ZWQgdGhhdCBpbiBoaXMgcG93ZXJmYWlsIHRlc3RpbmcgaGUgaXMgc2VlaW5nIHN0YWxlCmJsb2NrIGNvbnRlbnRzIGluIHNvbWUgb2YgcmVjZW50bHkgYWxsb2NhdGVkIGJsb2NrcyBhbHRob3VnaCBoZSBtb3VudHMKZXh0NCBpbiBkYXRhPW9yZGVyZWQgbW9kZS4gQWZ0ZXIgc29tZSBpbnZlc3RpZ2F0aW9uIEkgaGF2ZSBmb3VuZCBvdXQKdGhhdCBpbmRlZWQgd2hlbiBkZWxheWVkIGFsbG9jYXRpb24gaXMgdXNlZCwgd2UgZG9uJ3QgYWRkIGlub2RlIHRvCnRyYW5zYWN0aW9uJ3MgbGlzdCBvZiBpbm9kZXMgbmVlZGluZyBmbHVzaGluZyBiZWZvcmUgY29tbWl0LiBPcmlnaW5hbGx5CndlIHdlcmUgZG9pbmcgdGhhdCBidXQgY29tbWl0IGYzYjU5MjkxYTY5ZCByZW1vdmVkIHRoZSBsb2dpYyB3aXRoIGEKZmxhd2VkIGFyZ3VtZW50IHRoYXQgaXQgaXMgbm90IG5lZWRlZC4KClRoZSBwcm9ibGVtIGlzIHRoYXQgYWx0aG91Z2ggZm9yIGRlbGF5ZWQgYWxsb2NhdGVkIGJsb2NrcyB3ZSB3cml0ZSB0aGVpcgpjb250ZW50cyBpbW1lZGlhdGVseSBhZnRlciBhbGxvY2F0aW5nIHRoZW0sIHRoZXJlIGlzIG5vIGd1YXJhbnRlZSB0aGF0CnRoZSBJTyBzY2hlZHVsZXIgb3IgZGV2aWNlIGRvZXNuJ3QgcmVvcmRlciB0aGluZ3MgYW5kIHRodXMgdHJhbnNhY3Rpb24KYWxsb2NhdGluZyBibG9ja3MgYW5kIGF0dGFjaGluZyB0aGVtIHRvIGlub2RlIGNhbiByZWFjaCBzdGFibGUgc3RvcmFnZQpiZWZvcmUgYWN0dWFsIGJsb2NrIGNvbnRlbnRzLiBBY3R1YWxseSB3aGVuZXZlciB3ZSBhdHRhY2ggZnJlc2hseQphbGxvY2F0ZWQgYmxvY2tzIHRvIGlub2RlIHVzaW5nIGEgd3JpdHRlbiBleHRlbnQsIHdlIHNob3VsZCBhZGQgaW5vZGUgdG8KdHJhbnNhY3Rpb24ncyBvcmRlcmVkIGlub2RlIGxpc3QgdG8gbWFrZSBzdXJlIHdlIHByb3Blcmx5IHdhaXQgZm9yIGJsb2NrCmNvbnRlbnRzIHRvIGJlIHdyaXR0ZW4gYmVmb3JlIGNvbW1pdHRpbmcgdGhlIHRyYW5zYWN0aW9uLiBTbyB0aGF0IGlzCndoYXQgd2UgZG8gaW4gdGhpcyBwYXRjaC4gVGhpcyBhbHNvIGhhbmRsZXMgb3RoZXIgY2FzZXMgd2hlcmUgc3RhbGUgZGF0YQpleHBvc3VyZSB3YXMgcG9zc2libGUgLSBsaWtlIGZpbGxpbmcgaG9sZSB2aWEgbW1hcCBpbgpkYXRhPW9yZGVyZWQsbm9kZWxhbGxvYyBtb2RlLgoKVGhlIG9ubHkgZXhjZXB0aW9uIHRvIHRoZSBhYm92ZSBydWxlIGFyZSBleHRlbmRpbmcgZGlyZWN0IElPIHdyaXRlcyB3aGVyZQpibGtkZXZfZGlyZWN0X0lPKCkgd2FpdHMgZm9yIElPIHRvIGNvbXBsZXRlIGJlZm9yZSBpbmNyZWFzaW5nIGlfc2l6ZSBhbmQKdGh1cyBzdGFsZSBkYXRhIGV4cG9zdXJlIGlzIG5vdCBwb3NzaWJsZS4gRm9yIG5vdyB3ZSBkb24ndCBjb21wbGljYXRlCnRoZSBjb2RlIHdpdGggb3B0aW1pemluZyB0aGlzIHNwZWNpYWwgY2FzZSBzaW5jZSB0aGUgb3ZlcmhlYWQgaXMgcHJldHR5Cmxvdy4gSW4gY2FzZSB0aGlzIGlzIG9ic2VydmVkIHRvIGJlIGEgcGVyZm9ybWFuY2UgcHJvYmxlbSB3ZSBjYW4gYWx3YXlzCmhhbmRsZSBpdCB1c2luZyBhIHNwZWNpYWwgZmxhZyB0byBleHQ0X21hcF9ibG9ja3MoKS4KCkNoYW5nZS1JZDogSTlmOGIzNzFjOWZkNzE2YmYzZDhhZjM3ODBjZTQzZTczZDgwY2ZiMjgKRml4ZXM6IGYzYjU5MjkxYTY5ZDBiNzM0YmUxZmM4YmU0ODlmZWYyZGQ4NDZkM2QKUmVwb3J0ZWQtYnk6ICJIVUFORyBXZWxsZXIgKENNL0VTVzEyLUNOKSIgPFdlbGxlci5IdWFuZ0Bjbi5ib3NjaC5jb20+ClRlc3RlZC1ieTogIkhVQU5HIFdlbGxlciAoQ00vRVNXMTItQ04pIiA8V2VsbGVyLkh1YW5nQGNuLmJvc2NoLmNvbT4KU2lnbmVkLW9mZi1ieTogSmFuIEthcmEgPGphY2tAc3VzZS5jej4KU2lnbmVkLW9mZi1ieTogVGhlb2RvcmUgVHMnbyA8dHl0c29AbWl0LmVkdT4KW2J3aDogQmFja3BvcnRlZCB0byAzLjE2OgogLSBEcm9wIGNoZWNrIGZvciBFWFQ0X0dFVF9CTE9DS1NfWkVSTyBmbGFnCiAtIEFkanVzdCBjb250ZXh0XQpTaWduZWQtb2ZmLWJ5OiBCZW4gSHV0Y2hpbmdzIDxiZW5AZGVjYWRlbnQub3JnLnVrPgotLS0KCmRpZmYgLS1naXQgYS9mcy9leHQ0L2lub2RlLmMgYi9mcy9leHQ0L2lub2RlLmMKaW5kZXggOWQzNThkYy4uZjQ3MmFlZCAxMDA2NDQKLS0tIGEvZnMvZXh0NC9pbm9kZS5jCisrKyBiL2ZzL2V4dDQvaW5vZGUuYwpAQCAtNjYxLDYgKzY2MSwyMCBAQAogCQlyZXQgPSBjaGVja19ibG9ja192YWxpZGl0eShpbm9kZSwgbWFwKTsKIAkJaWYgKHJldCAhPSAwKQogCQkJcmV0dXJuIHJldDsKKworCQkvKgorCQkgKiBJbm9kZXMgd2l0aCBmcmVzaGx5IGFsbG9jYXRlZCBibG9ja3Mgd2hlcmUgY29udGVudHMgd2lsbCBiZQorCQkgKiB2aXNpYmxlIGFmdGVyIHRyYW5zYWN0aW9uIGNvbW1pdCBtdXN0IGJlIG9uIHRyYW5zYWN0aW9uJ3MKKwkJICogb3JkZXJlZCBkYXRhIGxpc3QuCisJCSAqLworCQlpZiAobWFwLT5tX2ZsYWdzICYgRVhUNF9NQVBfTkVXICYmCisJCSAgICAhKG1hcC0+bV9mbGFncyAmIEVYVDRfTUFQX1VOV1JJVFRFTikgJiYKKwkJICAgICFJU19OT1FVT1RBKGlub2RlKSAmJgorCQkgICAgZXh0NF9zaG91bGRfb3JkZXJfZGF0YShpbm9kZSkpIHsKKwkJCXJldCA9IGV4dDRfamJkMl9maWxlX2lub2RlKGhhbmRsZSwgaW5vZGUpOworCQkJaWYgKHJldCkKKwkJCQlyZXR1cm4gcmV0OworCQl9CiAJfQogCXJldHVybiByZXR2YWw7CiB9CkBAIC0xMTE2LDE1ICsxMTMwLDYgQEAKIAlpbnQgaV9zaXplX2NoYW5nZWQgPSAwOwogCiAJdHJhY2VfZXh0NF93cml0ZV9lbmQoaW5vZGUsIHBvcywgbGVuLCBjb3BpZWQpOwotCWlmIChleHQ0X3Rlc3RfaW5vZGVfc3RhdGUoaW5vZGUsIEVYVDRfU1RBVEVfT1JERVJFRF9NT0RFKSkgewotCQlyZXQgPSBleHQ0X2piZDJfZmlsZV9pbm9kZShoYW5kbGUsIGlub2RlKTsKLQkJaWYgKHJldCkgewotCQkJdW5sb2NrX3BhZ2UocGFnZSk7Ci0JCQlwYWdlX2NhY2hlX3JlbGVhc2UocGFnZSk7Ci0JCQlnb3RvIGVycm91dDsKLQkJfQotCX0KLQogCWlmIChleHQ0X2hhc19pbmxpbmVfZGF0YShpbm9kZSkpIHsKIAkJcmV0ID0gZXh0NF93cml0ZV9pbmxpbmVfZGF0YV9lbmQoaW5vZGUsIHBvcywgbGVuLAogCQkJCQkJIGNvcGllZCwgcGFnZSk7Cg== \ No newline at end of file diff --git a/Patches/Linux_CVEs/CVE-2017-7495/3.18/2.patch b/Patches/Linux_CVEs/CVE-2017-7495/3.18/2.patch new file mode 100644 index 00000000..b56d5a52 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-7495/3.18/2.patch @@ -0,0 +1,77 @@ +From df6099279dc346ec77158d5f52d3176dbd0a1e4c Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Mon, 04 Jul 2016 10:14:01 -0400 +Subject: [PATCH] ext4: fix deadlock during page writeback + +[ Upstream commit 646caa9c8e196880b41cd3e3d33a2ebc752bdb85 ] + +Commit 06bd3c36a733 (ext4: fix data exposure after a crash) uncovered a +deadlock in ext4_writepages() which was previously much harder to hit. +After this commit xfstest generic/130 reproduces the deadlock on small +filesystems. + +The problem happens when ext4_do_update_inode() sets LARGE_FILE feature +and marks current inode handle as synchronous. That subsequently results +in ext4_journal_stop() called from ext4_writepages() to block waiting for +transaction commit while still holding page locks, reference to io_end, +and some prepared bio in mpd structure each of which can possibly block +transaction commit from completing and thus results in deadlock. + +Fix the problem by releasing page locks, io_end reference, and +submitting prepared bio before calling ext4_journal_stop(). + +[ Changed to defer the call to ext4_journal_stop() only if the handle + is synchronous. --tytso ] + +Change-Id: I724640d96ffaa03e512cd0b48cea056b4030c382 +Reported-and-tested-by: Eryu Guan +Signed-off-by: Theodore Ts'o +CC: stable@vger.kernel.org +Signed-off-by: Jan Kara +Signed-off-by: Sasha Levin +--- + +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c +index f472aed..5aa499f 100644 +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -2554,13 +2554,36 @@ + done = true; + } + } +- ext4_journal_stop(handle); ++ /* ++ * Caution: If the handle is synchronous, ++ * ext4_journal_stop() can wait for transaction commit ++ * to finish which may depend on writeback of pages to ++ * complete or on page lock to be released. In that ++ * case, we have to wait until after after we have ++ * submitted all the IO, released page locks we hold, ++ * and dropped io_end reference (for extent conversion ++ * to be able to complete) before stopping the handle. ++ */ ++ if (!ext4_handle_valid(handle) || handle->h_sync == 0) { ++ ext4_journal_stop(handle); ++ handle = NULL; ++ } + /* Submit prepared bio */ + ext4_io_submit(&mpd.io_submit); + /* Unlock pages we didn't use */ + mpage_release_unused_pages(&mpd, give_up_on_write); +- /* Drop our io_end reference we got from init */ +- ext4_put_io_end(mpd.io_submit.io_end); ++ /* ++ * Drop our io_end reference we got from init. We have ++ * to be careful and use deferred io_end finishing if ++ * we are still holding the transaction as we can ++ * release the last reference to io_end which may end ++ * up doing unwritten extent conversion. ++ */ ++ if (handle) { ++ ext4_put_io_end_defer(mpd.io_submit.io_end); ++ ext4_journal_stop(handle); ++ } else ++ ext4_put_io_end(mpd.io_submit.io_end); + + if (ret == -ENOSPC && sbi->s_journal) { + /* diff --git a/Patches/Linux_CVEs/CVE-2017-7495/3.18/2.patch.base64 b/Patches/Linux_CVEs/CVE-2017-7495/3.18/2.patch.base64 new file mode 100644 index 00000000..70d51e63 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-7495/3.18/2.patch.base64 @@ -0,0 +1 @@ +RnJvbSBkZjYwOTkyNzlkYzM0NmVjNzcxNThkNWY1MmQzMTc2ZGJkMGExZTRjIE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKYW4gS2FyYSA8amFja0BzdXNlLmN6PgpEYXRlOiBNb24sIDA0IEp1bCAyMDE2IDEwOjE0OjAxIC0wNDAwClN1YmplY3Q6IFtQQVRDSF0gZXh0NDogZml4IGRlYWRsb2NrIGR1cmluZyBwYWdlIHdyaXRlYmFjawoKWyBVcHN0cmVhbSBjb21taXQgNjQ2Y2FhOWM4ZTE5Njg4MGI0MWNkM2UzZDMzYTJlYmM3NTJiZGI4NSBdCgpDb21taXQgMDZiZDNjMzZhNzMzIChleHQ0OiBmaXggZGF0YSBleHBvc3VyZSBhZnRlciBhIGNyYXNoKSB1bmNvdmVyZWQgYQpkZWFkbG9jayBpbiBleHQ0X3dyaXRlcGFnZXMoKSB3aGljaCB3YXMgcHJldmlvdXNseSBtdWNoIGhhcmRlciB0byBoaXQuCkFmdGVyIHRoaXMgY29tbWl0IHhmc3Rlc3QgZ2VuZXJpYy8xMzAgcmVwcm9kdWNlcyB0aGUgZGVhZGxvY2sgb24gc21hbGwKZmlsZXN5c3RlbXMuCgpUaGUgcHJvYmxlbSBoYXBwZW5zIHdoZW4gZXh0NF9kb191cGRhdGVfaW5vZGUoKSBzZXRzIExBUkdFX0ZJTEUgZmVhdHVyZQphbmQgbWFya3MgY3VycmVudCBpbm9kZSBoYW5kbGUgYXMgc3luY2hyb25vdXMuIFRoYXQgc3Vic2VxdWVudGx5IHJlc3VsdHMKaW4gZXh0NF9qb3VybmFsX3N0b3AoKSBjYWxsZWQgZnJvbSBleHQ0X3dyaXRlcGFnZXMoKSB0byBibG9jayB3YWl0aW5nIGZvcgp0cmFuc2FjdGlvbiBjb21taXQgd2hpbGUgc3RpbGwgaG9sZGluZyBwYWdlIGxvY2tzLCByZWZlcmVuY2UgdG8gaW9fZW5kLAphbmQgc29tZSBwcmVwYXJlZCBiaW8gaW4gbXBkIHN0cnVjdHVyZSBlYWNoIG9mIHdoaWNoIGNhbiBwb3NzaWJseSBibG9jawp0cmFuc2FjdGlvbiBjb21taXQgZnJvbSBjb21wbGV0aW5nIGFuZCB0aHVzIHJlc3VsdHMgaW4gZGVhZGxvY2suCgpGaXggdGhlIHByb2JsZW0gYnkgcmVsZWFzaW5nIHBhZ2UgbG9ja3MsIGlvX2VuZCByZWZlcmVuY2UsIGFuZApzdWJtaXR0aW5nIHByZXBhcmVkIGJpbyBiZWZvcmUgY2FsbGluZyBleHQ0X2pvdXJuYWxfc3RvcCgpLgoKWyBDaGFuZ2VkIHRvIGRlZmVyIHRoZSBjYWxsIHRvIGV4dDRfam91cm5hbF9zdG9wKCkgb25seSBpZiB0aGUgaGFuZGxlCiAgaXMgc3luY2hyb25vdXMuICAtLXR5dHNvIF0KCkNoYW5nZS1JZDogSTcyNDY0MGQ5NmZmYWEwM2U1MTJjZDBiNDhjZWEwNTZiNDAzMGMzODIKUmVwb3J0ZWQtYW5kLXRlc3RlZC1ieTogRXJ5dSBHdWFuIDxlZ3VhbkByZWRoYXQuY29tPgpTaWduZWQtb2ZmLWJ5OiBUaGVvZG9yZSBUcydvIDx0eXRzb0BtaXQuZWR1PgpDQzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpTaWduZWQtb2ZmLWJ5OiBKYW4gS2FyYSA8amFja0BzdXNlLmN6PgpTaWduZWQtb2ZmLWJ5OiBTYXNoYSBMZXZpbiA8YWxleGFuZGVyLmxldmluQHZlcml6b24uY29tPgotLS0KCmRpZmYgLS1naXQgYS9mcy9leHQ0L2lub2RlLmMgYi9mcy9leHQ0L2lub2RlLmMKaW5kZXggZjQ3MmFlZC4uNWFhNDk5ZiAxMDA2NDQKLS0tIGEvZnMvZXh0NC9pbm9kZS5jCisrKyBiL2ZzL2V4dDQvaW5vZGUuYwpAQCAtMjU1NCwxMyArMjU1NCwzNiBAQAogCQkJCWRvbmUgPSB0cnVlOwogCQkJfQogCQl9Ci0JCWV4dDRfam91cm5hbF9zdG9wKGhhbmRsZSk7CisJCS8qCisJCSAqIENhdXRpb246IElmIHRoZSBoYW5kbGUgaXMgc3luY2hyb25vdXMsCisJCSAqIGV4dDRfam91cm5hbF9zdG9wKCkgY2FuIHdhaXQgZm9yIHRyYW5zYWN0aW9uIGNvbW1pdAorCQkgKiB0byBmaW5pc2ggd2hpY2ggbWF5IGRlcGVuZCBvbiB3cml0ZWJhY2sgb2YgcGFnZXMgdG8KKwkJICogY29tcGxldGUgb3Igb24gcGFnZSBsb2NrIHRvIGJlIHJlbGVhc2VkLiAgSW4gdGhhdAorCQkgKiBjYXNlLCB3ZSBoYXZlIHRvIHdhaXQgdW50aWwgYWZ0ZXIgYWZ0ZXIgd2UgaGF2ZQorCQkgKiBzdWJtaXR0ZWQgYWxsIHRoZSBJTywgcmVsZWFzZWQgcGFnZSBsb2NrcyB3ZSBob2xkLAorCQkgKiBhbmQgZHJvcHBlZCBpb19lbmQgcmVmZXJlbmNlIChmb3IgZXh0ZW50IGNvbnZlcnNpb24KKwkJICogdG8gYmUgYWJsZSB0byBjb21wbGV0ZSkgYmVmb3JlIHN0b3BwaW5nIHRoZSBoYW5kbGUuCisJCSAqLworCQlpZiAoIWV4dDRfaGFuZGxlX3ZhbGlkKGhhbmRsZSkgfHwgaGFuZGxlLT5oX3N5bmMgPT0gMCkgeworCQkJZXh0NF9qb3VybmFsX3N0b3AoaGFuZGxlKTsKKwkJCWhhbmRsZSA9IE5VTEw7CisJCX0KIAkJLyogU3VibWl0IHByZXBhcmVkIGJpbyAqLwogCQlleHQ0X2lvX3N1Ym1pdCgmbXBkLmlvX3N1Ym1pdCk7CiAJCS8qIFVubG9jayBwYWdlcyB3ZSBkaWRuJ3QgdXNlICovCiAJCW1wYWdlX3JlbGVhc2VfdW51c2VkX3BhZ2VzKCZtcGQsIGdpdmVfdXBfb25fd3JpdGUpOwotCQkvKiBEcm9wIG91ciBpb19lbmQgcmVmZXJlbmNlIHdlIGdvdCBmcm9tIGluaXQgKi8KLQkJZXh0NF9wdXRfaW9fZW5kKG1wZC5pb19zdWJtaXQuaW9fZW5kKTsKKwkJLyoKKwkJICogRHJvcCBvdXIgaW9fZW5kIHJlZmVyZW5jZSB3ZSBnb3QgZnJvbSBpbml0LiBXZSBoYXZlCisJCSAqIHRvIGJlIGNhcmVmdWwgYW5kIHVzZSBkZWZlcnJlZCBpb19lbmQgZmluaXNoaW5nIGlmCisJCSAqIHdlIGFyZSBzdGlsbCBob2xkaW5nIHRoZSB0cmFuc2FjdGlvbiBhcyB3ZSBjYW4KKwkJICogcmVsZWFzZSB0aGUgbGFzdCByZWZlcmVuY2UgdG8gaW9fZW5kIHdoaWNoIG1heSBlbmQKKwkJICogdXAgZG9pbmcgdW53cml0dGVuIGV4dGVudCBjb252ZXJzaW9uLgorCQkgKi8KKwkJaWYgKGhhbmRsZSkgeworCQkJZXh0NF9wdXRfaW9fZW5kX2RlZmVyKG1wZC5pb19zdWJtaXQuaW9fZW5kKTsKKwkJCWV4dDRfam91cm5hbF9zdG9wKGhhbmRsZSk7CisJCX0gZWxzZQorCQkJZXh0NF9wdXRfaW9fZW5kKG1wZC5pb19zdWJtaXQuaW9fZW5kKTsKIAogCQlpZiAocmV0ID09IC1FTk9TUEMgJiYgc2JpLT5zX2pvdXJuYWwpIHsKIAkJCS8qCg== \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-7495/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7495/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7495/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-7495/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7616/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7616/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7616/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-7616/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7618/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7618/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7618/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-7618/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7889/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7889/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7889/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-7889/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-7979/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7979/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-7979/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-7979/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8233/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8233/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8233/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8233/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8234/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8234/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8234/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8234/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8235/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8235/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8235/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8235/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8236/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8236/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8236/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8236/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8237/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8237/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8237/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8237/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8239/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8239/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8239/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8239/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8240/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8240/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8240/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8240/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8241/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8241/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8241/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8241/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8242/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8242/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8242/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8242/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8244/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-8244/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8244/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-8244/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8244/3.18/1.patch b/Patches/Linux_CVEs/CVE-2017-8244/3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8244/3.18/1.patch rename to Patches/Linux_CVEs/CVE-2017-8244/3.18/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8244/4.4/2.patch b/Patches/Linux_CVEs/CVE-2017-8244/4.4/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8244/4.4/2.patch rename to Patches/Linux_CVEs/CVE-2017-8244/4.4/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8245/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-8245/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8245/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-8245/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8245/3.18/1.patch b/Patches/Linux_CVEs/CVE-2017-8245/3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8245/3.18/1.patch rename to Patches/Linux_CVEs/CVE-2017-8245/3.18/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8245/4.4/2.patch b/Patches/Linux_CVEs/CVE-2017-8245/4.4/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8245/4.4/2.patch rename to Patches/Linux_CVEs/CVE-2017-8245/4.4/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8246/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-8246/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8246/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-8246/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8246/3.18/1.patch b/Patches/Linux_CVEs/CVE-2017-8246/3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8246/3.18/1.patch rename to Patches/Linux_CVEs/CVE-2017-8246/3.18/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8246/4.4/2.patch b/Patches/Linux_CVEs/CVE-2017-8246/4.4/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8246/4.4/2.patch rename to Patches/Linux_CVEs/CVE-2017-8246/4.4/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8247/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8247/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8247/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8247/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8250/3.18/0.patch b/Patches/Linux_CVEs/CVE-2017-8250/3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8250/3.18/0.patch rename to Patches/Linux_CVEs/CVE-2017-8250/3.18/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8251/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-8251/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8251/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-8251/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8253/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8253/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8253/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8253/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8254/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8254/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8254/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8254/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8256/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8256/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8256/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8256/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8257/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8257/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8257/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8257/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8259/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8259/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8259/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8259/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8260/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-8260/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8260/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-8260/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8261/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8261/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8261/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8261/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-8262/3.10/1.patch b/Patches/Linux_CVEs/CVE-2017-8262/3.10/1.patch new file mode 100644 index 00000000..62263ec7 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-8262/3.10/1.patch @@ -0,0 +1,53 @@ +diff --git a/drivers/gpu/msm/kgsl.c b/drivers/gpu/msm/kgsl.c +index 640e6c1..57e3ea3 100644 +--- a/drivers/gpu/msm/kgsl.c ++++ b/drivers/gpu/msm/kgsl.c +@@ -1,4 +1,4 @@ +-/* Copyright (c) 2008-2016, The Linux Foundation. All rights reserved. ++/* Copyright (c) 2008-2017, The Linux Foundation. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 and +@@ -167,8 +167,11 @@ + { + struct kgsl_mem_entry *entry = kzalloc(sizeof(*entry), GFP_KERNEL); + +- if (entry) ++ if (entry) { + kref_init(&entry->refcount); ++ /* put this ref in the caller functions after init */ ++ kref_get(&entry->refcount); ++ } + + return entry; + } +@@ -3019,6 +3022,9 @@ + trace_kgsl_mem_map(entry, param->fd); + + kgsl_mem_entry_commit_process(private, entry); ++ ++ /* put the extra refcount for kgsl_mem_entry_create() */ ++ kgsl_mem_entry_put(entry); + return result; + + error_attach: +@@ -3343,6 +3349,9 @@ + param->flags = entry->memdesc.flags; + + kgsl_mem_entry_commit_process(private, entry); ++ ++ /* put the extra refcount for kgsl_mem_entry_create() */ ++ kgsl_mem_entry_put(entry); + return result; + err: + kgsl_sharedmem_free(&entry->memdesc); +@@ -3382,6 +3391,9 @@ + param->gpuaddr = entry->memdesc.gpuaddr; + + kgsl_mem_entry_commit_process(private, entry); ++ ++ /* put the extra refcount for kgsl_mem_entry_create() */ ++ kgsl_mem_entry_put(entry); + return result; + err: + if (entry) diff --git a/Patches/Linux_CVEs/CVE-2017-8262/3.10/1.patch.base64 b/Patches/Linux_CVEs/CVE-2017-8262/3.10/1.patch.base64 new file mode 100644 index 00000000..126f126e --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-8262/3.10/1.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2RyaXZlcnMvZ3B1L21zbS9rZ3NsLmMgYi9kcml2ZXJzL2dwdS9tc20va2dzbC5jCmluZGV4IDY0MGU2YzEuLjU3ZTNlYTMgMTAwNjQ0Ci0tLSBhL2RyaXZlcnMvZ3B1L21zbS9rZ3NsLmMKKysrIGIvZHJpdmVycy9ncHUvbXNtL2tnc2wuYwpAQCAtMSw0ICsxLDQgQEAKLS8qIENvcHlyaWdodCAoYykgMjAwOC0yMDE2LCBUaGUgTGludXggRm91bmRhdGlvbi4gQWxsIHJpZ2h0cyByZXNlcnZlZC4KKy8qIENvcHlyaWdodCAoYykgMjAwOC0yMDE3LCBUaGUgTGludXggRm91bmRhdGlvbi4gQWxsIHJpZ2h0cyByZXNlcnZlZC4KICAqCiAgKiBUaGlzIHByb2dyYW0gaXMgZnJlZSBzb2Z0d2FyZTsgeW91IGNhbiByZWRpc3RyaWJ1dGUgaXQgYW5kL29yIG1vZGlmeQogICogaXQgdW5kZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2ZXJzaW9uIDIgYW5kCkBAIC0xNjcsOCArMTY3LDExIEBACiB7CiAJc3RydWN0IGtnc2xfbWVtX2VudHJ5ICplbnRyeSA9IGt6YWxsb2Moc2l6ZW9mKCplbnRyeSksIEdGUF9LRVJORUwpOwogCi0JaWYgKGVudHJ5KQorCWlmIChlbnRyeSkgewogCQlrcmVmX2luaXQoJmVudHJ5LT5yZWZjb3VudCk7CisJCS8qIHB1dCB0aGlzIHJlZiBpbiB0aGUgY2FsbGVyIGZ1bmN0aW9ucyBhZnRlciBpbml0ICovCisJCWtyZWZfZ2V0KCZlbnRyeS0+cmVmY291bnQpOworCX0KIAogCXJldHVybiBlbnRyeTsKIH0KQEAgLTMwMTksNiArMzAyMiw5IEBACiAJdHJhY2Vfa2dzbF9tZW1fbWFwKGVudHJ5LCBwYXJhbS0+ZmQpOwogCiAJa2dzbF9tZW1fZW50cnlfY29tbWl0X3Byb2Nlc3MocHJpdmF0ZSwgZW50cnkpOworCisJLyogcHV0IHRoZSBleHRyYSByZWZjb3VudCBmb3Iga2dzbF9tZW1fZW50cnlfY3JlYXRlKCkgKi8KKwlrZ3NsX21lbV9lbnRyeV9wdXQoZW50cnkpOwogCXJldHVybiByZXN1bHQ7CiAKIGVycm9yX2F0dGFjaDoKQEAgLTMzNDMsNiArMzM0OSw5IEBACiAJcGFyYW0tPmZsYWdzID0gZW50cnktPm1lbWRlc2MuZmxhZ3M7CiAKIAlrZ3NsX21lbV9lbnRyeV9jb21taXRfcHJvY2Vzcyhwcml2YXRlLCBlbnRyeSk7CisKKwkvKiBwdXQgdGhlIGV4dHJhIHJlZmNvdW50IGZvciBrZ3NsX21lbV9lbnRyeV9jcmVhdGUoKSAqLworCWtnc2xfbWVtX2VudHJ5X3B1dChlbnRyeSk7CiAJcmV0dXJuIHJlc3VsdDsKIGVycjoKIAlrZ3NsX3NoYXJlZG1lbV9mcmVlKCZlbnRyeS0+bWVtZGVzYyk7CkBAIC0zMzgyLDYgKzMzOTEsOSBAQAogCXBhcmFtLT5ncHVhZGRyID0gZW50cnktPm1lbWRlc2MuZ3B1YWRkcjsKIAogCWtnc2xfbWVtX2VudHJ5X2NvbW1pdF9wcm9jZXNzKHByaXZhdGUsIGVudHJ5KTsKKworCS8qIHB1dCB0aGUgZXh0cmEgcmVmY291bnQgZm9yIGtnc2xfbWVtX2VudHJ5X2NyZWF0ZSgpICovCisJa2dzbF9tZW1fZW50cnlfcHV0KGVudHJ5KTsKIAlyZXR1cm4gcmVzdWx0OwogZXJyOgogCWlmIChlbnRyeSkK \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-8262/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8262/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8262/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8262/ANY/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-8263/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8263/ANY/0.patch new file mode 100644 index 00000000..c98858d7 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-8263/ANY/0.patch @@ -0,0 +1,94 @@ +diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c +index 7fbdf65..79ec3da 100644 +--- a/drivers/staging/android/ashmem.c ++++ b/drivers/staging/android/ashmem.c +@@ -32,7 +32,6 @@ + #include + #include + #include +-#include + + #define ASHMEM_NAME_PREFIX "dev/ashmem/" + #define ASHMEM_NAME_PREFIX_LEN (sizeof(ASHMEM_NAME_PREFIX) - 1) +@@ -704,51 +703,6 @@ + } + #endif + +-static int ashmem_cache_op(struct ashmem_area *asma, +- void (*cache_func)(unsigned long vstart, unsigned long length, +- unsigned long pstart)) +-{ +- int ret = 0; +- struct vm_area_struct *vma; +-#ifdef CONFIG_OUTER_CACHE +- unsigned long vaddr; +-#endif +- if (!asma->vm_start) +- return -EINVAL; +- +- down_read(¤t->mm->mmap_sem); +- vma = find_vma(current->mm, asma->vm_start); +- if (!vma) { +- ret = -EINVAL; +- goto done; +- } +- if (vma->vm_file != asma->file) { +- ret = -EINVAL; +- goto done; +- } +- if ((asma->vm_start + asma->size) > vma->vm_end) { +- ret = -EINVAL; +- goto done; +- } +-#ifndef CONFIG_OUTER_CACHE +- cache_func(asma->vm_start, asma->size, 0); +-#else +- for (vaddr = asma->vm_start; vaddr < asma->vm_start + asma->size; +- vaddr += PAGE_SIZE) { +- unsigned long physaddr; +- physaddr = virtaddr_to_physaddr(vaddr); +- if (!physaddr) +- return -EINVAL; +- cache_func(vaddr, PAGE_SIZE, physaddr); +- } +-#endif +-done: +- up_read(¤t->mm->mmap_sem); +- if (ret) +- asma->vm_start = 0; +- return ret; +-} +- + static long ashmem_ioctl(struct file *file, unsigned int cmd, unsigned long arg) + { + struct ashmem_area *asma = file->private_data; +@@ -794,15 +748,6 @@ + ashmem_shrink(&ashmem_shrinker, &sc); + } + break; +- case ASHMEM_CACHE_FLUSH_RANGE: +- ret = ashmem_cache_op(asma, &clean_and_invalidate_caches); +- break; +- case ASHMEM_CACHE_CLEAN_RANGE: +- ret = ashmem_cache_op(asma, &clean_caches); +- break; +- case ASHMEM_CACHE_INV_RANGE: +- ret = ashmem_cache_op(asma, &invalidate_caches); +- break; + } + + return ret; +diff --git a/include/uapi/linux/ashmem.h b/include/uapi/linux/ashmem.h +index 7965b39..0a8a9aa 100644 +--- a/include/uapi/linux/ashmem.h ++++ b/include/uapi/linux/ashmem.h +@@ -34,9 +34,6 @@ + #define ASHMEM_UNPIN _IOW(__ASHMEMIOC, 8, struct ashmem_pin) + #define ASHMEM_GET_PIN_STATUS _IO(__ASHMEMIOC, 9) + #define ASHMEM_PURGE_ALL_CACHES _IO(__ASHMEMIOC, 10) +-#define ASHMEM_CACHE_FLUSH_RANGE _IO(__ASHMEMIOC, 11) +-#define ASHMEM_CACHE_CLEAN_RANGE _IO(__ASHMEMIOC, 12) +-#define ASHMEM_CACHE_INV_RANGE _IO(__ASHMEMIOC, 13) + + /* support of 32bit userspace on 64bit platforms */ + #ifdef CONFIG_COMPAT diff --git a/Patches/Linux_CVEs/CVE-2017-8263/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2017-8263/ANY/0.patch.base64 new file mode 100644 index 00000000..b3699e58 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-8263/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2RyaXZlcnMvc3RhZ2luZy9hbmRyb2lkL2FzaG1lbS5jIGIvZHJpdmVycy9zdGFnaW5nL2FuZHJvaWQvYXNobWVtLmMKaW5kZXggN2ZiZGY2NS4uNzllYzNkYSAxMDA2NDQKLS0tIGEvZHJpdmVycy9zdGFnaW5nL2FuZHJvaWQvYXNobWVtLmMKKysrIGIvZHJpdmVycy9zdGFnaW5nL2FuZHJvaWQvYXNobWVtLmMKQEAgLTMyLDcgKzMyLDYgQEAKICNpbmNsdWRlIDxsaW51eC9tdXRleC5oPgogI2luY2x1ZGUgPGxpbnV4L3NobWVtX2ZzLmg+CiAjaW5jbHVkZSA8bGludXgvYXNobWVtLmg+Ci0jaW5jbHVkZSA8YXNtL2NhY2hlZmx1c2guaD4KIAogI2RlZmluZSBBU0hNRU1fTkFNRV9QUkVGSVggImRldi9hc2htZW0vIgogI2RlZmluZSBBU0hNRU1fTkFNRV9QUkVGSVhfTEVOIChzaXplb2YoQVNITUVNX05BTUVfUFJFRklYKSAtIDEpCkBAIC03MDQsNTEgKzcwMyw2IEBACiB9CiAjZW5kaWYKIAotc3RhdGljIGludCBhc2htZW1fY2FjaGVfb3Aoc3RydWN0IGFzaG1lbV9hcmVhICphc21hLAotCXZvaWQgKCpjYWNoZV9mdW5jKSh1bnNpZ25lZCBsb25nIHZzdGFydCwgdW5zaWduZWQgbG9uZyBsZW5ndGgsCi0JCQkJdW5zaWduZWQgbG9uZyBwc3RhcnQpKQotewotCWludCByZXQgPSAwOwotCXN0cnVjdCB2bV9hcmVhX3N0cnVjdCAqdm1hOwotI2lmZGVmIENPTkZJR19PVVRFUl9DQUNIRQotCXVuc2lnbmVkIGxvbmcgdmFkZHI7Ci0jZW5kaWYKLQlpZiAoIWFzbWEtPnZtX3N0YXJ0KQotCQlyZXR1cm4gLUVJTlZBTDsKLQotCWRvd25fcmVhZCgmY3VycmVudC0+bW0tPm1tYXBfc2VtKTsKLQl2bWEgPSBmaW5kX3ZtYShjdXJyZW50LT5tbSwgYXNtYS0+dm1fc3RhcnQpOwotCWlmICghdm1hKSB7Ci0JCXJldCA9IC1FSU5WQUw7Ci0JCWdvdG8gZG9uZTsKLQl9Ci0JaWYgKHZtYS0+dm1fZmlsZSAhPSBhc21hLT5maWxlKSB7Ci0JCXJldCA9IC1FSU5WQUw7Ci0JCWdvdG8gZG9uZTsKLQl9Ci0JaWYgKChhc21hLT52bV9zdGFydCArIGFzbWEtPnNpemUpID4gdm1hLT52bV9lbmQpIHsKLQkJcmV0ID0gLUVJTlZBTDsKLQkJZ290byBkb25lOwotCX0KLSNpZm5kZWYgQ09ORklHX09VVEVSX0NBQ0hFCi0JY2FjaGVfZnVuYyhhc21hLT52bV9zdGFydCwgYXNtYS0+c2l6ZSwgMCk7Ci0jZWxzZQotCWZvciAodmFkZHIgPSBhc21hLT52bV9zdGFydDsgdmFkZHIgPCBhc21hLT52bV9zdGFydCArIGFzbWEtPnNpemU7Ci0JCXZhZGRyICs9IFBBR0VfU0laRSkgewotCQl1bnNpZ25lZCBsb25nIHBoeXNhZGRyOwotCQlwaHlzYWRkciA9IHZpcnRhZGRyX3RvX3BoeXNhZGRyKHZhZGRyKTsKLQkJaWYgKCFwaHlzYWRkcikKLQkJCXJldHVybiAtRUlOVkFMOwotCQljYWNoZV9mdW5jKHZhZGRyLCBQQUdFX1NJWkUsIHBoeXNhZGRyKTsKLQl9Ci0jZW5kaWYKLWRvbmU6Ci0JdXBfcmVhZCgmY3VycmVudC0+bW0tPm1tYXBfc2VtKTsKLQlpZiAocmV0KQotCQlhc21hLT52bV9zdGFydCA9IDA7Ci0JcmV0dXJuIHJldDsKLX0KLQogc3RhdGljIGxvbmcgYXNobWVtX2lvY3RsKHN0cnVjdCBmaWxlICpmaWxlLCB1bnNpZ25lZCBpbnQgY21kLCB1bnNpZ25lZCBsb25nIGFyZykKIHsKIAlzdHJ1Y3QgYXNobWVtX2FyZWEgKmFzbWEgPSBmaWxlLT5wcml2YXRlX2RhdGE7CkBAIC03OTQsMTUgKzc0OCw2IEBACiAJCQlhc2htZW1fc2hyaW5rKCZhc2htZW1fc2hyaW5rZXIsICZzYyk7CiAJCX0KIAkJYnJlYWs7Ci0JY2FzZSBBU0hNRU1fQ0FDSEVfRkxVU0hfUkFOR0U6Ci0JCXJldCA9IGFzaG1lbV9jYWNoZV9vcChhc21hLCAmY2xlYW5fYW5kX2ludmFsaWRhdGVfY2FjaGVzKTsKLQkJYnJlYWs7Ci0JY2FzZSBBU0hNRU1fQ0FDSEVfQ0xFQU5fUkFOR0U6Ci0JCXJldCA9IGFzaG1lbV9jYWNoZV9vcChhc21hLCAmY2xlYW5fY2FjaGVzKTsKLQkJYnJlYWs7Ci0JY2FzZSBBU0hNRU1fQ0FDSEVfSU5WX1JBTkdFOgotCQlyZXQgPSBhc2htZW1fY2FjaGVfb3AoYXNtYSwgJmludmFsaWRhdGVfY2FjaGVzKTsKLQkJYnJlYWs7CiAJfQogCiAJcmV0dXJuIHJldDsKZGlmZiAtLWdpdCBhL2luY2x1ZGUvdWFwaS9saW51eC9hc2htZW0uaCBiL2luY2x1ZGUvdWFwaS9saW51eC9hc2htZW0uaAppbmRleCA3OTY1YjM5Li4wYThhOWFhIDEwMDY0NAotLS0gYS9pbmNsdWRlL3VhcGkvbGludXgvYXNobWVtLmgKKysrIGIvaW5jbHVkZS91YXBpL2xpbnV4L2FzaG1lbS5oCkBAIC0zNCw5ICszNCw2IEBACiAjZGVmaW5lIEFTSE1FTV9VTlBJTgkJX0lPVyhfX0FTSE1FTUlPQywgOCwgc3RydWN0IGFzaG1lbV9waW4pCiAjZGVmaW5lIEFTSE1FTV9HRVRfUElOX1NUQVRVUwlfSU8oX19BU0hNRU1JT0MsIDkpCiAjZGVmaW5lIEFTSE1FTV9QVVJHRV9BTExfQ0FDSEVTCV9JTyhfX0FTSE1FTUlPQywgMTApCi0jZGVmaW5lIEFTSE1FTV9DQUNIRV9GTFVTSF9SQU5HRQlfSU8oX19BU0hNRU1JT0MsIDExKQotI2RlZmluZSBBU0hNRU1fQ0FDSEVfQ0xFQU5fUkFOR0UJX0lPKF9fQVNITUVNSU9DLCAxMikKLSNkZWZpbmUgQVNITUVNX0NBQ0hFX0lOVl9SQU5HRQkJX0lPKF9fQVNITUVNSU9DLCAxMykKIAogLyogc3VwcG9ydCBvZiAzMmJpdCB1c2Vyc3BhY2Ugb24gNjRiaXQgcGxhdGZvcm1zICovCiAjaWZkZWYgQ09ORklHX0NPTVBBVAo= \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-8264/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-8264/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8264/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-8264/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8264/3.18/1.patch b/Patches/Linux_CVEs/CVE-2017-8264/3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8264/3.18/1.patch rename to Patches/Linux_CVEs/CVE-2017-8264/3.18/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8265/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8265/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8265/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8265/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8266/3.10/1.patch b/Patches/Linux_CVEs/CVE-2017-8266/3.10/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8266/3.10/1.patch rename to Patches/Linux_CVEs/CVE-2017-8266/3.10/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8266/3.18/0.patch b/Patches/Linux_CVEs/CVE-2017-8266/3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8266/3.18/0.patch rename to Patches/Linux_CVEs/CVE-2017-8266/3.18/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-8267/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8267/ANY/0.patch new file mode 100644 index 00000000..c98858d7 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-8267/ANY/0.patch @@ -0,0 +1,94 @@ +diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c +index 7fbdf65..79ec3da 100644 +--- a/drivers/staging/android/ashmem.c ++++ b/drivers/staging/android/ashmem.c +@@ -32,7 +32,6 @@ + #include + #include + #include +-#include + + #define ASHMEM_NAME_PREFIX "dev/ashmem/" + #define ASHMEM_NAME_PREFIX_LEN (sizeof(ASHMEM_NAME_PREFIX) - 1) +@@ -704,51 +703,6 @@ + } + #endif + +-static int ashmem_cache_op(struct ashmem_area *asma, +- void (*cache_func)(unsigned long vstart, unsigned long length, +- unsigned long pstart)) +-{ +- int ret = 0; +- struct vm_area_struct *vma; +-#ifdef CONFIG_OUTER_CACHE +- unsigned long vaddr; +-#endif +- if (!asma->vm_start) +- return -EINVAL; +- +- down_read(¤t->mm->mmap_sem); +- vma = find_vma(current->mm, asma->vm_start); +- if (!vma) { +- ret = -EINVAL; +- goto done; +- } +- if (vma->vm_file != asma->file) { +- ret = -EINVAL; +- goto done; +- } +- if ((asma->vm_start + asma->size) > vma->vm_end) { +- ret = -EINVAL; +- goto done; +- } +-#ifndef CONFIG_OUTER_CACHE +- cache_func(asma->vm_start, asma->size, 0); +-#else +- for (vaddr = asma->vm_start; vaddr < asma->vm_start + asma->size; +- vaddr += PAGE_SIZE) { +- unsigned long physaddr; +- physaddr = virtaddr_to_physaddr(vaddr); +- if (!physaddr) +- return -EINVAL; +- cache_func(vaddr, PAGE_SIZE, physaddr); +- } +-#endif +-done: +- up_read(¤t->mm->mmap_sem); +- if (ret) +- asma->vm_start = 0; +- return ret; +-} +- + static long ashmem_ioctl(struct file *file, unsigned int cmd, unsigned long arg) + { + struct ashmem_area *asma = file->private_data; +@@ -794,15 +748,6 @@ + ashmem_shrink(&ashmem_shrinker, &sc); + } + break; +- case ASHMEM_CACHE_FLUSH_RANGE: +- ret = ashmem_cache_op(asma, &clean_and_invalidate_caches); +- break; +- case ASHMEM_CACHE_CLEAN_RANGE: +- ret = ashmem_cache_op(asma, &clean_caches); +- break; +- case ASHMEM_CACHE_INV_RANGE: +- ret = ashmem_cache_op(asma, &invalidate_caches); +- break; + } + + return ret; +diff --git a/include/uapi/linux/ashmem.h b/include/uapi/linux/ashmem.h +index 7965b39..0a8a9aa 100644 +--- a/include/uapi/linux/ashmem.h ++++ b/include/uapi/linux/ashmem.h +@@ -34,9 +34,6 @@ + #define ASHMEM_UNPIN _IOW(__ASHMEMIOC, 8, struct ashmem_pin) + #define ASHMEM_GET_PIN_STATUS _IO(__ASHMEMIOC, 9) + #define ASHMEM_PURGE_ALL_CACHES _IO(__ASHMEMIOC, 10) +-#define ASHMEM_CACHE_FLUSH_RANGE _IO(__ASHMEMIOC, 11) +-#define ASHMEM_CACHE_CLEAN_RANGE _IO(__ASHMEMIOC, 12) +-#define ASHMEM_CACHE_INV_RANGE _IO(__ASHMEMIOC, 13) + + /* support of 32bit userspace on 64bit platforms */ + #ifdef CONFIG_COMPAT diff --git a/Patches/Linux_CVEs/CVE-2017-8267/ANY/0.patch.base64 b/Patches/Linux_CVEs/CVE-2017-8267/ANY/0.patch.base64 new file mode 100644 index 00000000..b3699e58 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-8267/ANY/0.patch.base64 @@ -0,0 +1 @@ +ZGlmZiAtLWdpdCBhL2RyaXZlcnMvc3RhZ2luZy9hbmRyb2lkL2FzaG1lbS5jIGIvZHJpdmVycy9zdGFnaW5nL2FuZHJvaWQvYXNobWVtLmMKaW5kZXggN2ZiZGY2NS4uNzllYzNkYSAxMDA2NDQKLS0tIGEvZHJpdmVycy9zdGFnaW5nL2FuZHJvaWQvYXNobWVtLmMKKysrIGIvZHJpdmVycy9zdGFnaW5nL2FuZHJvaWQvYXNobWVtLmMKQEAgLTMyLDcgKzMyLDYgQEAKICNpbmNsdWRlIDxsaW51eC9tdXRleC5oPgogI2luY2x1ZGUgPGxpbnV4L3NobWVtX2ZzLmg+CiAjaW5jbHVkZSA8bGludXgvYXNobWVtLmg+Ci0jaW5jbHVkZSA8YXNtL2NhY2hlZmx1c2guaD4KIAogI2RlZmluZSBBU0hNRU1fTkFNRV9QUkVGSVggImRldi9hc2htZW0vIgogI2RlZmluZSBBU0hNRU1fTkFNRV9QUkVGSVhfTEVOIChzaXplb2YoQVNITUVNX05BTUVfUFJFRklYKSAtIDEpCkBAIC03MDQsNTEgKzcwMyw2IEBACiB9CiAjZW5kaWYKIAotc3RhdGljIGludCBhc2htZW1fY2FjaGVfb3Aoc3RydWN0IGFzaG1lbV9hcmVhICphc21hLAotCXZvaWQgKCpjYWNoZV9mdW5jKSh1bnNpZ25lZCBsb25nIHZzdGFydCwgdW5zaWduZWQgbG9uZyBsZW5ndGgsCi0JCQkJdW5zaWduZWQgbG9uZyBwc3RhcnQpKQotewotCWludCByZXQgPSAwOwotCXN0cnVjdCB2bV9hcmVhX3N0cnVjdCAqdm1hOwotI2lmZGVmIENPTkZJR19PVVRFUl9DQUNIRQotCXVuc2lnbmVkIGxvbmcgdmFkZHI7Ci0jZW5kaWYKLQlpZiAoIWFzbWEtPnZtX3N0YXJ0KQotCQlyZXR1cm4gLUVJTlZBTDsKLQotCWRvd25fcmVhZCgmY3VycmVudC0+bW0tPm1tYXBfc2VtKTsKLQl2bWEgPSBmaW5kX3ZtYShjdXJyZW50LT5tbSwgYXNtYS0+dm1fc3RhcnQpOwotCWlmICghdm1hKSB7Ci0JCXJldCA9IC1FSU5WQUw7Ci0JCWdvdG8gZG9uZTsKLQl9Ci0JaWYgKHZtYS0+dm1fZmlsZSAhPSBhc21hLT5maWxlKSB7Ci0JCXJldCA9IC1FSU5WQUw7Ci0JCWdvdG8gZG9uZTsKLQl9Ci0JaWYgKChhc21hLT52bV9zdGFydCArIGFzbWEtPnNpemUpID4gdm1hLT52bV9lbmQpIHsKLQkJcmV0ID0gLUVJTlZBTDsKLQkJZ290byBkb25lOwotCX0KLSNpZm5kZWYgQ09ORklHX09VVEVSX0NBQ0hFCi0JY2FjaGVfZnVuYyhhc21hLT52bV9zdGFydCwgYXNtYS0+c2l6ZSwgMCk7Ci0jZWxzZQotCWZvciAodmFkZHIgPSBhc21hLT52bV9zdGFydDsgdmFkZHIgPCBhc21hLT52bV9zdGFydCArIGFzbWEtPnNpemU7Ci0JCXZhZGRyICs9IFBBR0VfU0laRSkgewotCQl1bnNpZ25lZCBsb25nIHBoeXNhZGRyOwotCQlwaHlzYWRkciA9IHZpcnRhZGRyX3RvX3BoeXNhZGRyKHZhZGRyKTsKLQkJaWYgKCFwaHlzYWRkcikKLQkJCXJldHVybiAtRUlOVkFMOwotCQljYWNoZV9mdW5jKHZhZGRyLCBQQUdFX1NJWkUsIHBoeXNhZGRyKTsKLQl9Ci0jZW5kaWYKLWRvbmU6Ci0JdXBfcmVhZCgmY3VycmVudC0+bW0tPm1tYXBfc2VtKTsKLQlpZiAocmV0KQotCQlhc21hLT52bV9zdGFydCA9IDA7Ci0JcmV0dXJuIHJldDsKLX0KLQogc3RhdGljIGxvbmcgYXNobWVtX2lvY3RsKHN0cnVjdCBmaWxlICpmaWxlLCB1bnNpZ25lZCBpbnQgY21kLCB1bnNpZ25lZCBsb25nIGFyZykKIHsKIAlzdHJ1Y3QgYXNobWVtX2FyZWEgKmFzbWEgPSBmaWxlLT5wcml2YXRlX2RhdGE7CkBAIC03OTQsMTUgKzc0OCw2IEBACiAJCQlhc2htZW1fc2hyaW5rKCZhc2htZW1fc2hyaW5rZXIsICZzYyk7CiAJCX0KIAkJYnJlYWs7Ci0JY2FzZSBBU0hNRU1fQ0FDSEVfRkxVU0hfUkFOR0U6Ci0JCXJldCA9IGFzaG1lbV9jYWNoZV9vcChhc21hLCAmY2xlYW5fYW5kX2ludmFsaWRhdGVfY2FjaGVzKTsKLQkJYnJlYWs7Ci0JY2FzZSBBU0hNRU1fQ0FDSEVfQ0xFQU5fUkFOR0U6Ci0JCXJldCA9IGFzaG1lbV9jYWNoZV9vcChhc21hLCAmY2xlYW5fY2FjaGVzKTsKLQkJYnJlYWs7Ci0JY2FzZSBBU0hNRU1fQ0FDSEVfSU5WX1JBTkdFOgotCQlyZXQgPSBhc2htZW1fY2FjaGVfb3AoYXNtYSwgJmludmFsaWRhdGVfY2FjaGVzKTsKLQkJYnJlYWs7CiAJfQogCiAJcmV0dXJuIHJldDsKZGlmZiAtLWdpdCBhL2luY2x1ZGUvdWFwaS9saW51eC9hc2htZW0uaCBiL2luY2x1ZGUvdWFwaS9saW51eC9hc2htZW0uaAppbmRleCA3OTY1YjM5Li4wYThhOWFhIDEwMDY0NAotLS0gYS9pbmNsdWRlL3VhcGkvbGludXgvYXNobWVtLmgKKysrIGIvaW5jbHVkZS91YXBpL2xpbnV4L2FzaG1lbS5oCkBAIC0zNCw5ICszNCw2IEBACiAjZGVmaW5lIEFTSE1FTV9VTlBJTgkJX0lPVyhfX0FTSE1FTUlPQywgOCwgc3RydWN0IGFzaG1lbV9waW4pCiAjZGVmaW5lIEFTSE1FTV9HRVRfUElOX1NUQVRVUwlfSU8oX19BU0hNRU1JT0MsIDkpCiAjZGVmaW5lIEFTSE1FTV9QVVJHRV9BTExfQ0FDSEVTCV9JTyhfX0FTSE1FTUlPQywgMTApCi0jZGVmaW5lIEFTSE1FTV9DQUNIRV9GTFVTSF9SQU5HRQlfSU8oX19BU0hNRU1JT0MsIDExKQotI2RlZmluZSBBU0hNRU1fQ0FDSEVfQ0xFQU5fUkFOR0UJX0lPKF9fQVNITUVNSU9DLCAxMikKLSNkZWZpbmUgQVNITUVNX0NBQ0hFX0lOVl9SQU5HRQkJX0lPKF9fQVNITUVNSU9DLCAxMykKIAogLyogc3VwcG9ydCBvZiAzMmJpdCB1c2Vyc3BhY2Ugb24gNjRiaXQgcGxhdGZvcm1zICovCiAjaWZkZWYgQ09ORklHX0NPTVBBVAo= \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-8268/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8268/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8268/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8268/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8269/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8269/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8269/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8269/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8277/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8277/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8277/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8277/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8280/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8280/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8280/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8280/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8281/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-8281/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8281/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-8281/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-8281/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-8281/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-8281/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-8281/ANY/1.patch diff --git a/Patches/Linux_CVEs/CVE-2017-8890/3.4/0.patch b/Patches/Linux_CVEs/CVE-2017-8890/3.4/0.patch new file mode 100644 index 00000000..f2e74280 --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-8890/3.4/0.patch @@ -0,0 +1,37 @@ +From f52d6739f6a67cf1c918a4557e88b519b9135930 Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Tue, 09 May 2017 06:29:19 -0700 +Subject: [PATCH] dccp/tcp: do not inherit mc_list from parent + +syzkaller found a way to trigger double frees from ip_mc_drop_socket() + +It turns out that leave a copy of parent mc_list at accept() time, +which is very bad. + +Very similar to commit 8b485ce69876 ("tcp: do not inherit +fastopen_req from parent") + +Initial report from Pray3r, completed by Andrey one. +Thanks a lot to them ! + +Change-Id: I2eac7b825a5b597af14a0573b76b685131c46726 +Signed-off-by: Eric Dumazet +Reported-by: Pray3r +Reported-by: Andrey Konovalov +Tested-by: Andrey Konovalov +Signed-off-by: David S. Miller +--- + +diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c +index fb10d58..325edfe 100644 +--- a/net/ipv4/inet_connection_sock.c ++++ b/net/ipv4/inet_connection_sock.c +@@ -618,6 +618,8 @@ + inet_sk(newsk)->inet_sport = inet_rsk(req)->loc_port; + newsk->sk_write_space = sk_stream_write_space; + ++ inet_sk(newsk)->mc_list = NULL; ++ + newsk->sk_mark = inet_rsk(req)->ir_mark; + + newicsk->icsk_retransmits = 0; diff --git a/Patches/Linux_CVEs/CVE-2017-8890/3.4/0.patch.base64 b/Patches/Linux_CVEs/CVE-2017-8890/3.4/0.patch.base64 new file mode 100644 index 00000000..8f12cd9d --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-8890/3.4/0.patch.base64 @@ -0,0 +1 @@ +RnJvbSBmNTJkNjczOWY2YTY3Y2YxYzkxOGE0NTU3ZTg4YjUxOWI5MTM1OTMwIE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBFcmljIER1bWF6ZXQgPGVkdW1hemV0QGdvb2dsZS5jb20+CkRhdGU6IFR1ZSwgMDkgTWF5IDIwMTcgMDY6Mjk6MTkgLTA3MDAKU3ViamVjdDogW1BBVENIXSBkY2NwL3RjcDogZG8gbm90IGluaGVyaXQgbWNfbGlzdCBmcm9tIHBhcmVudAoKc3l6a2FsbGVyIGZvdW5kIGEgd2F5IHRvIHRyaWdnZXIgZG91YmxlIGZyZWVzIGZyb20gaXBfbWNfZHJvcF9zb2NrZXQoKQoKSXQgdHVybnMgb3V0IHRoYXQgbGVhdmUgYSBjb3B5IG9mIHBhcmVudCBtY19saXN0IGF0IGFjY2VwdCgpIHRpbWUsCndoaWNoIGlzIHZlcnkgYmFkLgoKVmVyeSBzaW1pbGFyIHRvIGNvbW1pdCA4YjQ4NWNlNjk4NzYgKCJ0Y3A6IGRvIG5vdCBpbmhlcml0CmZhc3RvcGVuX3JlcSBmcm9tIHBhcmVudCIpCgpJbml0aWFsIHJlcG9ydCBmcm9tIFByYXkzciwgY29tcGxldGVkIGJ5IEFuZHJleSBvbmUuClRoYW5rcyBhIGxvdCB0byB0aGVtICEKCkNoYW5nZS1JZDogSTJlYWM3YjgyNWE1YjU5N2FmMTRhMDU3M2I3NmI2ODUxMzFjNDY3MjYKU2lnbmVkLW9mZi1ieTogRXJpYyBEdW1hemV0IDxlZHVtYXpldEBnb29nbGUuY29tPgpSZXBvcnRlZC1ieTogUHJheTNyIDxwcmF5M3IuekBnbWFpbC5jb20+ClJlcG9ydGVkLWJ5OiBBbmRyZXkgS29ub3ZhbG92IDxhbmRyZXlrbnZsQGdvb2dsZS5jb20+ClRlc3RlZC1ieTogQW5kcmV5IEtvbm92YWxvdiA8YW5kcmV5a252bEBnb29nbGUuY29tPgpTaWduZWQtb2ZmLWJ5OiBEYXZpZCBTLiBNaWxsZXIgPGRhdmVtQGRhdmVtbG9mdC5uZXQ+Ci0tLQoKZGlmZiAtLWdpdCBhL25ldC9pcHY0L2luZXRfY29ubmVjdGlvbl9zb2NrLmMgYi9uZXQvaXB2NC9pbmV0X2Nvbm5lY3Rpb25fc29jay5jCmluZGV4IGZiMTBkNTguLjMyNWVkZmUgMTAwNjQ0Ci0tLSBhL25ldC9pcHY0L2luZXRfY29ubmVjdGlvbl9zb2NrLmMKKysrIGIvbmV0L2lwdjQvaW5ldF9jb25uZWN0aW9uX3NvY2suYwpAQCAtNjE4LDYgKzYxOCw4IEBACiAJCWluZXRfc2sobmV3c2spLT5pbmV0X3Nwb3J0ID0gaW5ldF9yc2socmVxKS0+bG9jX3BvcnQ7CiAJCW5ld3NrLT5za193cml0ZV9zcGFjZSA9IHNrX3N0cmVhbV93cml0ZV9zcGFjZTsKIAorCQlpbmV0X3NrKG5ld3NrKS0+bWNfbGlzdCA9IE5VTEw7CisKIAkJbmV3c2stPnNrX21hcmsgPSBpbmV0X3JzayhyZXEpLT5pcl9tYXJrOwogCiAJCW5ld2ljc2stPmljc2tfcmV0cmFuc21pdHMgPSAwOwo= \ No newline at end of file diff --git a/Patches/Linux_CVEs-New/CVE-2017-9074/3.2/1.patch b/Patches/Linux_CVEs/CVE-2017-9074/3.2/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9074/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2017-9074/3.2/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9074/3.2/2.patch b/Patches/Linux_CVEs/CVE-2017-9074/3.2/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9074/3.2/2.patch rename to Patches/Linux_CVEs/CVE-2017-9074/3.2/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9074/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9074/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9074/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9074/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9076/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9075/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9076/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9075/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-6345/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-9076/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-6345/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-9076/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9077/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9077/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9077/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9077/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9150/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9150/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9150/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9150/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9242/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9242/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9242/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9242/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9676/3.0/1.patch b/Patches/Linux_CVEs/CVE-2017-9676/3.0/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9676/3.0/1.patch rename to Patches/Linux_CVEs/CVE-2017-9676/3.0/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9676/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9676/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9676/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9676/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9677/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-9677/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9677/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-9677/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9677/3.18/1.patch b/Patches/Linux_CVEs/CVE-2017-9677/3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9677/3.18/1.patch rename to Patches/Linux_CVEs/CVE-2017-9677/3.18/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9678/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9678/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9678/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9678/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9679/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9679/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9679/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9679/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9680/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9680/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9680/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9680/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9682/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9682/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9682/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9682/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9684/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9684/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9684/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9684/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9684/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-9684/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9684/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-9684/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9684/ANY/2.patch b/Patches/Linux_CVEs/CVE-2017-9684/ANY/2.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9684/ANY/2.patch rename to Patches/Linux_CVEs/CVE-2017-9684/ANY/2.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9686/3.18/0.patch b/Patches/Linux_CVEs/CVE-2017-9686/3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9686/3.18/0.patch rename to Patches/Linux_CVEs/CVE-2017-9686/3.18/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9687/3.18/0.patch b/Patches/Linux_CVEs/CVE-2017-9687/3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9687/3.18/0.patch rename to Patches/Linux_CVEs/CVE-2017-9687/3.18/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9691/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9691/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9691/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9691/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9691/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-9691/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9691/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-9691/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9692/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9692/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9692/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9692/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9693/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9693/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9693/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9693/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9694/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9694/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9694/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9694/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9697/3.18/0.patch b/Patches/Linux_CVEs/CVE-2017-9697/3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9697/3.18/0.patch rename to Patches/Linux_CVEs/CVE-2017-9697/3.18/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9706/3.10/0.patch b/Patches/Linux_CVEs/CVE-2017-9706/3.10/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9706/3.10/0.patch rename to Patches/Linux_CVEs/CVE-2017-9706/3.10/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9714/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9714/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9714/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9714/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9714/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-9714/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9714/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-9714/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9715/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9715/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9715/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9715/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9715/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-9715/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9715/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-9715/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9717/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9717/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9717/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9717/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9717/ANY/1.patch b/Patches/Linux_CVEs/CVE-2017-9717/ANY/1.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9717/ANY/1.patch rename to Patches/Linux_CVEs/CVE-2017-9717/ANY/1.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9720/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9720/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9720/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9720/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9724/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9724/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9724/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9724/ANY/0.patch diff --git a/Patches/Linux_CVEs-New/CVE-2017-9725/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-9725/ANY/0.patch similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2017-9725/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2017-9725/ANY/0.patch diff --git a/Patches/Linux_CVEs/LVT-2017-0001/3.0/0.patch b/Patches/Linux_CVEs/LVT-2017-0001/3.0/0.patch new file mode 100644 index 00000000..60ca075d --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0001/3.0/0.patch @@ -0,0 +1,213 @@ +From 37639228b9d0c6b7ae27f706c777305fd8c93b83 Mon Sep 17 00:00:00 2001 +From: Tom Marshall +Date: Fri, 28 Apr 2017 22:46:37 +0000 +Subject: [PATCH] kernel: Only expose su when daemon is running + +Note: this is for the 3.0 kernel and lacks the read-only mount point +logic due to the non-extensible readdir implementation. + +It has been claimed that the PG implementation of 'su' has security +vulnerabilities even when disabled. Unfortunately, the people that +find these vulnerabilities often like to keep them private so they +can profit from exploits while leaving users exposed to malicious +hackers. + +In order to reduce the attack surface for vulnerabilites, it is +therefore necessary to make 'su' completely inaccessible when it +is not in use (except by the root and system users). + +Change-Id: Ia7d50ba46c3d932c2b0ca5fc8e9ec69ec9045f85 +--- + +diff --git a/fs/exec.c b/fs/exec.c +index 21379c3..5188cea 100644 +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -1538,6 +1538,11 @@ + if (retval < 0) + goto out; + ++ if (capable(CAP_SYS_ADMIN) && d_is_su(file->f_dentry)) { ++ current->flags |= PF_SU; ++ su_exec(); ++ } ++ + /* execve succeeded */ + current->fs->in_exec = 0; + current->in_execve = 0; +diff --git a/fs/namei.c b/fs/namei.c +index c78d051..60e83a2 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -1616,6 +1616,11 @@ + } + } + ++ if (!err) { ++ if (d_is_su(nd->path.dentry) && !su_visible()) ++ err = -ENOENT; ++ } ++ + if (base) + fput(base); + +diff --git a/fs/readdir.c b/fs/readdir.c +index 356f715..0362f9e 100644 +--- a/fs/readdir.c ++++ b/fs/readdir.c +@@ -47,6 +47,14 @@ + + EXPORT_SYMBOL(vfs_readdir); + ++static bool hide_name(const char *name, int namlen) ++{ ++ if (namlen == 2 && !memcmp(name, "su", 2)) ++ if (!su_visible()) ++ return true; ++ return false; ++} ++ + /* + * Traditional linux readdir() handling.. + * +@@ -84,6 +92,8 @@ + buf->result = -EOVERFLOW; + return -EOVERFLOW; + } ++ if (hide_name(name, namlen)) ++ return 0; + buf->result++; + dirent = buf->dirent; + if (!access_ok(VERIFY_WRITE, dirent, +@@ -163,6 +173,8 @@ + buf->error = -EOVERFLOW; + return -EOVERFLOW; + } ++ if (hide_name(name, namlen)) ++ return 0; + dirent = buf->previous; + if (dirent) { + if (__put_user(offset, &dirent->d_off)) +@@ -244,6 +256,8 @@ + buf->error = -EINVAL; /* only used if we fail.. */ + if (reclen > buf->count) + return -EINVAL; ++ if (hide_name(name, namlen)) ++ return 0; + dirent = buf->previous; + if (dirent) { + if (__put_user(offset, &dirent->d_off)) +diff --git a/include/linux/dcache.h b/include/linux/dcache.h +index 33cf6ce..81982da 100644 +--- a/include/linux/dcache.h ++++ b/include/linux/dcache.h +@@ -427,6 +427,11 @@ + + extern struct dentry *lookup_create(struct nameidata *nd, int is_dir); + ++static inline bool d_is_su(const struct dentry *dentry) ++{ ++ return dentry && dentry->d_name.len == 2 && !memcmp(dentry->d_name.name, "su", 2); ++} ++ + extern int sysctl_vfs_cache_pressure; + + #endif /* __LINUX_DCACHE_H */ +diff --git a/include/linux/sched.h b/include/linux/sched.h +index 18203a1..b6cf92f 100644 +--- a/include/linux/sched.h ++++ b/include/linux/sched.h +@@ -93,6 +93,12 @@ + + #include + ++int su_instances(void); ++bool su_running(void); ++bool su_visible(void); ++void su_exec(void); ++void su_exit(void); ++ + struct exec_domain; + struct futex_pi_state; + struct robust_list_head; +@@ -1811,6 +1817,8 @@ + #define PF_FREEZER_SKIP 0x40000000 /* Freezer should not count it as freezable */ + #define PF_FREEZER_NOSIG 0x80000000 /* Freezer won't send signals to it */ + ++#define PF_SU 0x00001000 /* task is su */ ++ + /* + * Only the _current_ task can read/write to tsk->flags, but other + * tasks can access tsk->flags in readonly mode for example +diff --git a/kernel/exit.c b/kernel/exit.c +index 1e019f3..a0aca0c 100644 +--- a/kernel/exit.c ++++ b/kernel/exit.c +@@ -956,6 +956,11 @@ + exit_irq_thread(); + + exit_signals(tsk); /* sets PF_EXITING */ ++ ++ if (tsk->flags & PF_SU) { ++ su_exit(); ++ } ++ + /* + * tsk->flags are checked in the futex code to protect against + * an exiting task cleaning up the robust pi futexes. +diff --git a/kernel/fork.c b/kernel/fork.c +index 3c26774..84cbf39 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -291,6 +291,8 @@ + if (err) + goto out; + ++ tsk->flags &= ~PF_SU; ++ + tsk->stack = ti; + + err = prop_local_init_single(&tsk->dirties); +diff --git a/kernel/sched.c b/kernel/sched.c +index cc6d028..1b64dac 100644 +--- a/kernel/sched.c ++++ b/kernel/sched.c +@@ -84,6 +84,38 @@ + #define CREATE_TRACE_POINTS + #include + ++static atomic_t __su_instances; ++ ++int su_instances(void) ++{ ++ return atomic_read(&__su_instances); ++} ++ ++bool su_running(void) ++{ ++ return su_instances() > 0; ++} ++ ++bool su_visible(void) ++{ ++ uid_t uid = current_uid(); ++ if (su_running()) ++ return true; ++ if (uid == 0 || uid == 1000) ++ return true; ++ return false; ++} ++ ++void su_exec(void) ++{ ++ atomic_inc(&__su_instances); ++} ++ ++void su_exit(void) ++{ ++ atomic_dec(&__su_instances); ++} ++ + ATOMIC_NOTIFIER_HEAD(migration_notifier_head); + + /* diff --git a/Patches/Linux_CVEs/LVT-2017-0001/3.0/0.patch.base64 b/Patches/Linux_CVEs/LVT-2017-0001/3.0/0.patch.base64 new file mode 100644 index 00000000..b40e7c9d --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0001/3.0/0.patch.base64 @@ -0,0 +1 @@ +RnJvbSAzNzYzOTIyOGI5ZDBjNmI3YWUyN2Y3MDZjNzc3MzA1ZmQ4YzkzYjgzIE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBUb20gTWFyc2hhbGwgPHRkbS5jb2RlQGdtYWlsLmNvbT4KRGF0ZTogRnJpLCAyOCBBcHIgMjAxNyAyMjo0NjozNyArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGtlcm5lbDogT25seSBleHBvc2Ugc3Ugd2hlbiBkYWVtb24gaXMgcnVubmluZwoKTm90ZTogdGhpcyBpcyBmb3IgdGhlIDMuMCBrZXJuZWwgYW5kIGxhY2tzIHRoZSByZWFkLW9ubHkgbW91bnQgcG9pbnQKbG9naWMgZHVlIHRvIHRoZSBub24tZXh0ZW5zaWJsZSByZWFkZGlyIGltcGxlbWVudGF0aW9uLgoKSXQgaGFzIGJlZW4gY2xhaW1lZCB0aGF0IHRoZSBQRyBpbXBsZW1lbnRhdGlvbiBvZiAnc3UnIGhhcyBzZWN1cml0eQp2dWxuZXJhYmlsaXRpZXMgZXZlbiB3aGVuIGRpc2FibGVkLiAgVW5mb3J0dW5hdGVseSwgdGhlIHBlb3BsZSB0aGF0CmZpbmQgdGhlc2UgdnVsbmVyYWJpbGl0aWVzIG9mdGVuIGxpa2UgdG8ga2VlcCB0aGVtIHByaXZhdGUgc28gdGhleQpjYW4gcHJvZml0IGZyb20gZXhwbG9pdHMgd2hpbGUgbGVhdmluZyB1c2VycyBleHBvc2VkIHRvIG1hbGljaW91cwpoYWNrZXJzLgoKSW4gb3JkZXIgdG8gcmVkdWNlIHRoZSBhdHRhY2sgc3VyZmFjZSBmb3IgdnVsbmVyYWJpbGl0ZXMsIGl0IGlzCnRoZXJlZm9yZSBuZWNlc3NhcnkgdG8gbWFrZSAnc3UnIGNvbXBsZXRlbHkgaW5hY2Nlc3NpYmxlIHdoZW4gaXQKaXMgbm90IGluIHVzZSAoZXhjZXB0IGJ5IHRoZSByb290IGFuZCBzeXN0ZW0gdXNlcnMpLgoKQ2hhbmdlLUlkOiBJYTdkNTBiYTQ2YzNkOTMyYzJiMGNhNWZjOGU5ZWM2OWVjOTA0NWY4NQotLS0KCmRpZmYgLS1naXQgYS9mcy9leGVjLmMgYi9mcy9leGVjLmMKaW5kZXggMjEzNzljMy4uNTE4OGNlYSAxMDA2NDQKLS0tIGEvZnMvZXhlYy5jCisrKyBiL2ZzL2V4ZWMuYwpAQCAtMTUzOCw2ICsxNTM4LDExIEBACiAJaWYgKHJldHZhbCA8IDApCiAJCWdvdG8gb3V0OwogCisJaWYgKGNhcGFibGUoQ0FQX1NZU19BRE1JTikgJiYgZF9pc19zdShmaWxlLT5mX2RlbnRyeSkpIHsKKwkJY3VycmVudC0+ZmxhZ3MgfD0gUEZfU1U7CisJCXN1X2V4ZWMoKTsKKwl9CisKIAkvKiBleGVjdmUgc3VjY2VlZGVkICovCiAJY3VycmVudC0+ZnMtPmluX2V4ZWMgPSAwOwogCWN1cnJlbnQtPmluX2V4ZWN2ZSA9IDA7CmRpZmYgLS1naXQgYS9mcy9uYW1laS5jIGIvZnMvbmFtZWkuYwppbmRleCBjNzhkMDUxLi42MGU4M2EyIDEwMDY0NAotLS0gYS9mcy9uYW1laS5jCisrKyBiL2ZzL25hbWVpLmMKQEAgLTE2MTYsNiArMTYxNiwxMSBAQAogCQl9CiAJfQogCisJaWYgKCFlcnIpIHsKKwkJaWYgKGRfaXNfc3UobmQtPnBhdGguZGVudHJ5KSAmJiAhc3VfdmlzaWJsZSgpKQorCQkJZXJyID0gLUVOT0VOVDsKKwl9CisKIAlpZiAoYmFzZSkKIAkJZnB1dChiYXNlKTsKIApkaWZmIC0tZ2l0IGEvZnMvcmVhZGRpci5jIGIvZnMvcmVhZGRpci5jCmluZGV4IDM1NmY3MTUuLjAzNjJmOWUgMTAwNjQ0Ci0tLSBhL2ZzL3JlYWRkaXIuYworKysgYi9mcy9yZWFkZGlyLmMKQEAgLTQ3LDYgKzQ3LDE0IEBACiAKIEVYUE9SVF9TWU1CT0wodmZzX3JlYWRkaXIpOwogCitzdGF0aWMgYm9vbCBoaWRlX25hbWUoY29uc3QgY2hhciAqbmFtZSwgaW50IG5hbWxlbikKK3sKKwlpZiAobmFtbGVuID09IDIgJiYgIW1lbWNtcChuYW1lLCAic3UiLCAyKSkKKwkJaWYgKCFzdV92aXNpYmxlKCkpCisJCQlyZXR1cm4gdHJ1ZTsKKwlyZXR1cm4gZmFsc2U7Cit9CisKIC8qCiAgKiBUcmFkaXRpb25hbCBsaW51eCByZWFkZGlyKCkgaGFuZGxpbmcuLgogICoKQEAgLTg0LDYgKzkyLDggQEAKIAkJYnVmLT5yZXN1bHQgPSAtRU9WRVJGTE9XOwogCQlyZXR1cm4gLUVPVkVSRkxPVzsKIAl9CisJaWYgKGhpZGVfbmFtZShuYW1lLCBuYW1sZW4pKQorCQlyZXR1cm4gMDsKIAlidWYtPnJlc3VsdCsrOwogCWRpcmVudCA9IGJ1Zi0+ZGlyZW50OwogCWlmICghYWNjZXNzX29rKFZFUklGWV9XUklURSwgZGlyZW50LApAQCAtMTYzLDYgKzE3Myw4IEBACiAJCWJ1Zi0+ZXJyb3IgPSAtRU9WRVJGTE9XOwogCQlyZXR1cm4gLUVPVkVSRkxPVzsKIAl9CisJaWYgKGhpZGVfbmFtZShuYW1lLCBuYW1sZW4pKQorCQlyZXR1cm4gMDsKIAlkaXJlbnQgPSBidWYtPnByZXZpb3VzOwogCWlmIChkaXJlbnQpIHsKIAkJaWYgKF9fcHV0X3VzZXIob2Zmc2V0LCAmZGlyZW50LT5kX29mZikpCkBAIC0yNDQsNiArMjU2LDggQEAKIAlidWYtPmVycm9yID0gLUVJTlZBTDsJLyogb25seSB1c2VkIGlmIHdlIGZhaWwuLiAqLwogCWlmIChyZWNsZW4gPiBidWYtPmNvdW50KQogCQlyZXR1cm4gLUVJTlZBTDsKKwlpZiAoaGlkZV9uYW1lKG5hbWUsIG5hbWxlbikpCisJCXJldHVybiAwOwogCWRpcmVudCA9IGJ1Zi0+cHJldmlvdXM7CiAJaWYgKGRpcmVudCkgewogCQlpZiAoX19wdXRfdXNlcihvZmZzZXQsICZkaXJlbnQtPmRfb2ZmKSkKZGlmZiAtLWdpdCBhL2luY2x1ZGUvbGludXgvZGNhY2hlLmggYi9pbmNsdWRlL2xpbnV4L2RjYWNoZS5oCmluZGV4IDMzY2Y2Y2UuLjgxOTgyZGEgMTAwNjQ0Ci0tLSBhL2luY2x1ZGUvbGludXgvZGNhY2hlLmgKKysrIGIvaW5jbHVkZS9saW51eC9kY2FjaGUuaApAQCAtNDI3LDYgKzQyNywxMSBAQAogCiBleHRlcm4gc3RydWN0IGRlbnRyeSAqbG9va3VwX2NyZWF0ZShzdHJ1Y3QgbmFtZWlkYXRhICpuZCwgaW50IGlzX2Rpcik7CiAKK3N0YXRpYyBpbmxpbmUgYm9vbCBkX2lzX3N1KGNvbnN0IHN0cnVjdCBkZW50cnkgKmRlbnRyeSkKK3sKKwlyZXR1cm4gZGVudHJ5ICYmIGRlbnRyeS0+ZF9uYW1lLmxlbiA9PSAyICYmICFtZW1jbXAoZGVudHJ5LT5kX25hbWUubmFtZSwgInN1IiwgMik7Cit9CisKIGV4dGVybiBpbnQgc3lzY3RsX3Zmc19jYWNoZV9wcmVzc3VyZTsKIAogI2VuZGlmCS8qIF9fTElOVVhfRENBQ0hFX0ggKi8KZGlmZiAtLWdpdCBhL2luY2x1ZGUvbGludXgvc2NoZWQuaCBiL2luY2x1ZGUvbGludXgvc2NoZWQuaAppbmRleCAxODIwM2ExLi5iNmNmOTJmIDEwMDY0NAotLS0gYS9pbmNsdWRlL2xpbnV4L3NjaGVkLmgKKysrIGIvaW5jbHVkZS9saW51eC9zY2hlZC5oCkBAIC05Myw2ICs5MywxMiBAQAogCiAjaW5jbHVkZSA8YXNtL3Byb2Nlc3Nvci5oPgogCitpbnQgIHN1X2luc3RhbmNlcyh2b2lkKTsKK2Jvb2wgc3VfcnVubmluZyh2b2lkKTsKK2Jvb2wgc3VfdmlzaWJsZSh2b2lkKTsKK3ZvaWQgc3VfZXhlYyh2b2lkKTsKK3ZvaWQgc3VfZXhpdCh2b2lkKTsKKwogc3RydWN0IGV4ZWNfZG9tYWluOwogc3RydWN0IGZ1dGV4X3BpX3N0YXRlOwogc3RydWN0IHJvYnVzdF9saXN0X2hlYWQ7CkBAIC0xODExLDYgKzE4MTcsOCBAQAogI2RlZmluZSBQRl9GUkVFWkVSX1NLSVAJMHg0MDAwMDAwMAkvKiBGcmVlemVyIHNob3VsZCBub3QgY291bnQgaXQgYXMgZnJlZXphYmxlICovCiAjZGVmaW5lIFBGX0ZSRUVaRVJfTk9TSUcgMHg4MDAwMDAwMAkvKiBGcmVlemVyIHdvbid0IHNlbmQgc2lnbmFscyB0byBpdCAqLwogCisjZGVmaW5lIFBGX1NVCQkweDAwMDAxMDAwICAgICAgLyogdGFzayBpcyBzdSAqLworCiAvKgogICogT25seSB0aGUgX2N1cnJlbnRfIHRhc2sgY2FuIHJlYWQvd3JpdGUgdG8gdHNrLT5mbGFncywgYnV0IG90aGVyCiAgKiB0YXNrcyBjYW4gYWNjZXNzIHRzay0+ZmxhZ3MgaW4gcmVhZG9ubHkgbW9kZSBmb3IgZXhhbXBsZQpkaWZmIC0tZ2l0IGEva2VybmVsL2V4aXQuYyBiL2tlcm5lbC9leGl0LmMKaW5kZXggMWUwMTlmMy4uYTBhY2EwYyAxMDA2NDQKLS0tIGEva2VybmVsL2V4aXQuYworKysgYi9rZXJuZWwvZXhpdC5jCkBAIC05NTYsNiArOTU2LDExIEBACiAJZXhpdF9pcnFfdGhyZWFkKCk7CiAKIAlleGl0X3NpZ25hbHModHNrKTsgIC8qIHNldHMgUEZfRVhJVElORyAqLworCisJaWYgKHRzay0+ZmxhZ3MgJiBQRl9TVSkgeworCQlzdV9leGl0KCk7CisJfQorCiAJLyoKIAkgKiB0c2stPmZsYWdzIGFyZSBjaGVja2VkIGluIHRoZSBmdXRleCBjb2RlIHRvIHByb3RlY3QgYWdhaW5zdAogCSAqIGFuIGV4aXRpbmcgdGFzayBjbGVhbmluZyB1cCB0aGUgcm9idXN0IHBpIGZ1dGV4ZXMuCmRpZmYgLS1naXQgYS9rZXJuZWwvZm9yay5jIGIva2VybmVsL2ZvcmsuYwppbmRleCAzYzI2Nzc0Li44NGNiZjM5IDEwMDY0NAotLS0gYS9rZXJuZWwvZm9yay5jCisrKyBiL2tlcm5lbC9mb3JrLmMKQEAgLTI5MSw2ICsyOTEsOCBAQAogCWlmIChlcnIpCiAJCWdvdG8gb3V0OwogCisJdHNrLT5mbGFncyAmPSB+UEZfU1U7CisKIAl0c2stPnN0YWNrID0gdGk7CiAKIAllcnIgPSBwcm9wX2xvY2FsX2luaXRfc2luZ2xlKCZ0c2stPmRpcnRpZXMpOwpkaWZmIC0tZ2l0IGEva2VybmVsL3NjaGVkLmMgYi9rZXJuZWwvc2NoZWQuYwppbmRleCBjYzZkMDI4Li4xYjY0ZGFjIDEwMDY0NAotLS0gYS9rZXJuZWwvc2NoZWQuYworKysgYi9rZXJuZWwvc2NoZWQuYwpAQCAtODQsNiArODQsMzggQEAKICNkZWZpbmUgQ1JFQVRFX1RSQUNFX1BPSU5UUwogI2luY2x1ZGUgPHRyYWNlL2V2ZW50cy9zY2hlZC5oPgogCitzdGF0aWMgYXRvbWljX3QgX19zdV9pbnN0YW5jZXM7CisKK2ludCBzdV9pbnN0YW5jZXModm9pZCkKK3sKKwlyZXR1cm4gYXRvbWljX3JlYWQoJl9fc3VfaW5zdGFuY2VzKTsKK30KKworYm9vbCBzdV9ydW5uaW5nKHZvaWQpCit7CisJcmV0dXJuIHN1X2luc3RhbmNlcygpID4gMDsKK30KKworYm9vbCBzdV92aXNpYmxlKHZvaWQpCit7CisJdWlkX3QgdWlkID0gY3VycmVudF91aWQoKTsKKwlpZiAoc3VfcnVubmluZygpKQorCQlyZXR1cm4gdHJ1ZTsKKwlpZiAodWlkID09IDAgfHwgdWlkID09IDEwMDApCisJCXJldHVybiB0cnVlOworCXJldHVybiBmYWxzZTsKK30KKwordm9pZCBzdV9leGVjKHZvaWQpCit7CisJYXRvbWljX2luYygmX19zdV9pbnN0YW5jZXMpOworfQorCit2b2lkIHN1X2V4aXQodm9pZCkKK3sKKwlhdG9taWNfZGVjKCZfX3N1X2luc3RhbmNlcyk7Cit9CisKIEFUT01JQ19OT1RJRklFUl9IRUFEKG1pZ3JhdGlvbl9ub3RpZmllcl9oZWFkKTsKIAogLyoK \ No newline at end of file diff --git a/Patches/Linux_CVEs/LVT-2017-0001/3.10/2.patch b/Patches/Linux_CVEs/LVT-2017-0001/3.10/2.patch new file mode 100644 index 00000000..aa76e0df --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0001/3.10/2.patch @@ -0,0 +1,246 @@ +From 9bf58feca7c29ccff89abce4b4fce3394ebaf437 Mon Sep 17 00:00:00 2001 +From: Tom Marshall +Date: Wed, 25 Jan 2017 18:01:03 +0100 +Subject: [PATCH] kernel: Only expose su when daemon is running + +It has been claimed that the PG implementation of 'su' has security +vulnerabilities even when disabled. Unfortunately, the people that +find these vulnerabilities often like to keep them private so they +can profit from exploits while leaving users exposed to malicious +hackers. + +In order to reduce the attack surface for vulnerabilites, it is +therefore necessary to make 'su' completely inaccessible when it +is not in use (except by the root and system users). + +Change-Id: I79716c72f74d0b7af34ec3a8054896c6559a181d +--- + +diff --git a/fs/exec.c b/fs/exec.c +index 227eb92..6f3965a 100644 +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -1564,6 +1564,11 @@ + if (retval < 0) + goto out; + ++ if (capable(CAP_SYS_ADMIN) && d_is_su(file->f_dentry)) { ++ current->flags |= PF_SU; ++ su_exec(); ++ } ++ + /* execve succeeded */ + current->fs->in_exec = 0; + current->in_execve = 0; +diff --git a/fs/namei.c b/fs/namei.c +index 827f0eb..a52456c 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -2000,6 +2000,14 @@ + } + } + ++ if (!err) { ++ struct super_block *sb = nd->inode->i_sb; ++ if (sb->s_flags & MS_RDONLY) { ++ if (d_is_su(nd->path.dentry) && !su_visible()) ++ err = -ENOENT; ++ } ++ } ++ + if (base) + fput(base); + +diff --git a/fs/readdir.c b/fs/readdir.c +index d46eca8..d52d18d 100644 +--- a/fs/readdir.c ++++ b/fs/readdir.c +@@ -39,6 +39,7 @@ + if (!IS_DEADDIR(inode)) { + if (file->f_op->iterate) { + ctx->pos = file->f_pos; ++ ctx->romnt = (inode->i_sb->s_flags & MS_RDONLY); + res = file->f_op->iterate(file, ctx); + file->f_pos = ctx->pos; + } else { +@@ -52,6 +53,14 @@ + return res; + } + EXPORT_SYMBOL(iterate_dir); ++ ++static bool hide_name(const char *name, int namlen) ++{ ++ if (namlen == 2 && !memcmp(name, "su", 2)) ++ if (!su_visible()) ++ return true; ++ return false; ++} + + /* + * Traditional linux readdir() handling.. +@@ -91,6 +100,8 @@ + buf->result = -EOVERFLOW; + return -EOVERFLOW; + } ++ if (hide_name(name, namlen) && buf->ctx.romnt) ++ return 0; + buf->result++; + dirent = buf->dirent; + if (!access_ok(VERIFY_WRITE, dirent, +@@ -168,6 +179,8 @@ + buf->error = -EOVERFLOW; + return -EOVERFLOW; + } ++ if (hide_name(name, namlen) && buf->ctx.romnt) ++ return 0; + dirent = buf->previous; + if (dirent) { + if (__put_user(offset, &dirent->d_off)) +@@ -246,6 +259,8 @@ + buf->error = -EINVAL; /* only used if we fail.. */ + if (reclen > buf->count) + return -EINVAL; ++ if (hide_name(name, namlen) && buf->ctx.romnt) ++ return 0; + dirent = buf->previous; + if (dirent) { + if (__put_user(offset, &dirent->d_off)) +diff --git a/include/linux/dcache.h b/include/linux/dcache.h +index f84e0ee..5b04e17 100644 +--- a/include/linux/dcache.h ++++ b/include/linux/dcache.h +@@ -413,6 +413,11 @@ + return dentry->d_flags & DCACHE_MOUNTED; + } + ++static inline bool d_is_su(const struct dentry *dentry) ++{ ++ return dentry->d_name.len == 2 && !memcmp(dentry->d_name.name, "su", 2); ++} ++ + extern int sysctl_vfs_cache_pressure; + + #endif /* __LINUX_DCACHE_H */ +diff --git a/include/linux/fs.h b/include/linux/fs.h +index 8aae0ef..d07e5a1 100644 +--- a/include/linux/fs.h ++++ b/include/linux/fs.h +@@ -1538,6 +1538,7 @@ + struct dir_context { + const filldir_t actor; + loff_t pos; ++ bool romnt; + }; + + static inline bool dir_emit(struct dir_context *ctx, +diff --git a/include/linux/sched.h b/include/linux/sched.h +index 9152f12..349a064 100644 +--- a/include/linux/sched.h ++++ b/include/linux/sched.h +@@ -55,6 +55,12 @@ + + #include + ++int su_instances(void); ++bool su_running(void); ++bool su_visible(void); ++void su_exec(void); ++void su_exit(void); ++ + #define SCHED_ATTR_SIZE_VER0 48 /* sizeof first published struct */ + + /* +@@ -1822,6 +1828,8 @@ + #define PF_FREEZER_SKIP 0x40000000 /* Freezer should not count it as freezable */ + #define PF_WAKE_UP_IDLE 0x80000000 /* try to wake up on an idle CPU */ + ++#define PF_SU 0x10000000 /* task is su */ ++ + /* + * Only the _current_ task can read/write to tsk->flags, but other + * tasks can access tsk->flags in readonly mode for example +diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h +index 8e522cbc..cb4c867 100644 +--- a/include/linux/uidgid.h ++++ b/include/linux/uidgid.h +@@ -64,6 +64,9 @@ + #define GLOBAL_ROOT_UID KUIDT_INIT(0) + #define GLOBAL_ROOT_GID KGIDT_INIT(0) + ++#define GLOBAL_SYSTEM_UID KUIDT_INIT(1000) ++#define GLOBAL_SYSTEM_GID KGIDT_INIT(1000) ++ + #define INVALID_UID KUIDT_INIT(-1) + #define INVALID_GID KGIDT_INIT(-1) + +diff --git a/kernel/exit.c b/kernel/exit.c +index 540bad4..e58c525 100644 +--- a/kernel/exit.c ++++ b/kernel/exit.c +@@ -777,6 +777,10 @@ + + sched_exit(tsk); + ++ if (tsk->flags & PF_SU) { ++ su_exit(); ++ } ++ + /* + * tsk->flags are checked in the futex code to protect against + * an exiting task cleaning up the robust pi futexes. +diff --git a/kernel/fork.c b/kernel/fork.c +index 924c17c..fc5b8c4 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -326,6 +326,8 @@ + if (err) + goto free_ti; + ++ tsk->flags &= ~PF_SU; ++ + tsk->stack = ti; + #ifdef CONFIG_SECCOMP + /* +diff --git a/kernel/sched/core.c b/kernel/sched/core.c +index f888065..5f80d13 100644 +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -114,6 +114,38 @@ + local_irq_restore(dflags); \ + } while (0) + ++static atomic_t __su_instances; ++ ++int su_instances(void) ++{ ++ return atomic_read(&__su_instances); ++} ++ ++bool su_running(void) ++{ ++ return su_instances() > 0; ++} ++ ++bool su_visible(void) ++{ ++ kuid_t uid = current_uid(); ++ if (su_running()) ++ return true; ++ if (uid_eq(uid, GLOBAL_ROOT_UID) || uid_eq(uid, GLOBAL_SYSTEM_UID)) ++ return true; ++ return false; ++} ++ ++void su_exec(void) ++{ ++ atomic_inc(&__su_instances); ++} ++ ++void su_exit(void) ++{ ++ atomic_dec(&__su_instances); ++} ++ + const char *task_event_names[] = {"PUT_PREV_TASK", "PICK_NEXT_TASK", + "TASK_WAKE", "TASK_MIGRATE", "TASK_UPDATE", + "IRQ_UPDATE"}; diff --git a/Patches/Linux_CVEs/LVT-2017-0001/3.10/2.patch.base64 b/Patches/Linux_CVEs/LVT-2017-0001/3.10/2.patch.base64 new file mode 100644 index 00000000..29786325 --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0001/3.10/2.patch.base64 @@ -0,0 +1 @@ +RnJvbSA5YmY1OGZlY2E3YzI5Y2NmZjg5YWJjZTRiNGZjZTMzOTRlYmFmNDM3IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBUb20gTWFyc2hhbGwgPHRkbS5jb2RlQGdtYWlsLmNvbT4KRGF0ZTogV2VkLCAyNSBKYW4gMjAxNyAxODowMTowMyArMDEwMApTdWJqZWN0OiBbUEFUQ0hdIGtlcm5lbDogT25seSBleHBvc2Ugc3Ugd2hlbiBkYWVtb24gaXMgcnVubmluZwoKSXQgaGFzIGJlZW4gY2xhaW1lZCB0aGF0IHRoZSBQRyBpbXBsZW1lbnRhdGlvbiBvZiAnc3UnIGhhcyBzZWN1cml0eQp2dWxuZXJhYmlsaXRpZXMgZXZlbiB3aGVuIGRpc2FibGVkLiAgVW5mb3J0dW5hdGVseSwgdGhlIHBlb3BsZSB0aGF0CmZpbmQgdGhlc2UgdnVsbmVyYWJpbGl0aWVzIG9mdGVuIGxpa2UgdG8ga2VlcCB0aGVtIHByaXZhdGUgc28gdGhleQpjYW4gcHJvZml0IGZyb20gZXhwbG9pdHMgd2hpbGUgbGVhdmluZyB1c2VycyBleHBvc2VkIHRvIG1hbGljaW91cwpoYWNrZXJzLgoKSW4gb3JkZXIgdG8gcmVkdWNlIHRoZSBhdHRhY2sgc3VyZmFjZSBmb3IgdnVsbmVyYWJpbGl0ZXMsIGl0IGlzCnRoZXJlZm9yZSBuZWNlc3NhcnkgdG8gbWFrZSAnc3UnIGNvbXBsZXRlbHkgaW5hY2Nlc3NpYmxlIHdoZW4gaXQKaXMgbm90IGluIHVzZSAoZXhjZXB0IGJ5IHRoZSByb290IGFuZCBzeXN0ZW0gdXNlcnMpLgoKQ2hhbmdlLUlkOiBJNzk3MTZjNzJmNzRkMGI3YWYzNGVjM2E4MDU0ODk2YzY1NTlhMTgxZAotLS0KCmRpZmYgLS1naXQgYS9mcy9leGVjLmMgYi9mcy9leGVjLmMKaW5kZXggMjI3ZWI5Mi4uNmYzOTY1YSAxMDA2NDQKLS0tIGEvZnMvZXhlYy5jCisrKyBiL2ZzL2V4ZWMuYwpAQCAtMTU2NCw2ICsxNTY0LDExIEBACiAJaWYgKHJldHZhbCA8IDApCiAJCWdvdG8gb3V0OwogCisJaWYgKGNhcGFibGUoQ0FQX1NZU19BRE1JTikgJiYgZF9pc19zdShmaWxlLT5mX2RlbnRyeSkpIHsKKwkJY3VycmVudC0+ZmxhZ3MgfD0gUEZfU1U7CisJCXN1X2V4ZWMoKTsKKwl9CisKIAkvKiBleGVjdmUgc3VjY2VlZGVkICovCiAJY3VycmVudC0+ZnMtPmluX2V4ZWMgPSAwOwogCWN1cnJlbnQtPmluX2V4ZWN2ZSA9IDA7CmRpZmYgLS1naXQgYS9mcy9uYW1laS5jIGIvZnMvbmFtZWkuYwppbmRleCA4MjdmMGViLi5hNTI0NTZjIDEwMDY0NAotLS0gYS9mcy9uYW1laS5jCisrKyBiL2ZzL25hbWVpLmMKQEAgLTIwMDAsNiArMjAwMCwxNCBAQAogCQl9CiAJfQogCisJaWYgKCFlcnIpIHsKKwkJc3RydWN0IHN1cGVyX2Jsb2NrICpzYiA9IG5kLT5pbm9kZS0+aV9zYjsKKwkJaWYgKHNiLT5zX2ZsYWdzICYgTVNfUkRPTkxZKSB7CisJCQlpZiAoZF9pc19zdShuZC0+cGF0aC5kZW50cnkpICYmICFzdV92aXNpYmxlKCkpCisJCQkJZXJyID0gLUVOT0VOVDsKKwkJfQorCX0KKwogCWlmIChiYXNlKQogCQlmcHV0KGJhc2UpOwogCmRpZmYgLS1naXQgYS9mcy9yZWFkZGlyLmMgYi9mcy9yZWFkZGlyLmMKaW5kZXggZDQ2ZWNhOC4uZDUyZDE4ZCAxMDA2NDQKLS0tIGEvZnMvcmVhZGRpci5jCisrKyBiL2ZzL3JlYWRkaXIuYwpAQCAtMzksNiArMzksNyBAQAogCWlmICghSVNfREVBRERJUihpbm9kZSkpIHsKIAkJaWYgKGZpbGUtPmZfb3AtPml0ZXJhdGUpIHsKIAkJCWN0eC0+cG9zID0gZmlsZS0+Zl9wb3M7CisJCQljdHgtPnJvbW50ID0gKGlub2RlLT5pX3NiLT5zX2ZsYWdzICYgTVNfUkRPTkxZKTsKIAkJCXJlcyA9IGZpbGUtPmZfb3AtPml0ZXJhdGUoZmlsZSwgY3R4KTsKIAkJCWZpbGUtPmZfcG9zID0gY3R4LT5wb3M7CiAJCX0gZWxzZSB7CkBAIC01Miw2ICs1MywxNCBAQAogCXJldHVybiByZXM7CiB9CiBFWFBPUlRfU1lNQk9MKGl0ZXJhdGVfZGlyKTsKKworc3RhdGljIGJvb2wgaGlkZV9uYW1lKGNvbnN0IGNoYXIgKm5hbWUsIGludCBuYW1sZW4pCit7CisJaWYgKG5hbWxlbiA9PSAyICYmICFtZW1jbXAobmFtZSwgInN1IiwgMikpCisJCWlmICghc3VfdmlzaWJsZSgpKQorCQkJcmV0dXJuIHRydWU7CisJcmV0dXJuIGZhbHNlOworfQogCiAvKgogICogVHJhZGl0aW9uYWwgbGludXggcmVhZGRpcigpIGhhbmRsaW5nLi4KQEAgLTkxLDYgKzEwMCw4IEBACiAJCWJ1Zi0+cmVzdWx0ID0gLUVPVkVSRkxPVzsKIAkJcmV0dXJuIC1FT1ZFUkZMT1c7CiAJfQorCWlmIChoaWRlX25hbWUobmFtZSwgbmFtbGVuKSAmJiBidWYtPmN0eC5yb21udCkKKwkJcmV0dXJuIDA7CiAJYnVmLT5yZXN1bHQrKzsKIAlkaXJlbnQgPSBidWYtPmRpcmVudDsKIAlpZiAoIWFjY2Vzc19vayhWRVJJRllfV1JJVEUsIGRpcmVudCwKQEAgLTE2OCw2ICsxNzksOCBAQAogCQlidWYtPmVycm9yID0gLUVPVkVSRkxPVzsKIAkJcmV0dXJuIC1FT1ZFUkZMT1c7CiAJfQorCWlmIChoaWRlX25hbWUobmFtZSwgbmFtbGVuKSAmJiBidWYtPmN0eC5yb21udCkKKwkJcmV0dXJuIDA7CiAJZGlyZW50ID0gYnVmLT5wcmV2aW91czsKIAlpZiAoZGlyZW50KSB7CiAJCWlmIChfX3B1dF91c2VyKG9mZnNldCwgJmRpcmVudC0+ZF9vZmYpKQpAQCAtMjQ2LDYgKzI1OSw4IEBACiAJYnVmLT5lcnJvciA9IC1FSU5WQUw7CS8qIG9ubHkgdXNlZCBpZiB3ZSBmYWlsLi4gKi8KIAlpZiAocmVjbGVuID4gYnVmLT5jb3VudCkKIAkJcmV0dXJuIC1FSU5WQUw7CisJaWYgKGhpZGVfbmFtZShuYW1lLCBuYW1sZW4pICYmIGJ1Zi0+Y3R4LnJvbW50KQorCQlyZXR1cm4gMDsKIAlkaXJlbnQgPSBidWYtPnByZXZpb3VzOwogCWlmIChkaXJlbnQpIHsKIAkJaWYgKF9fcHV0X3VzZXIob2Zmc2V0LCAmZGlyZW50LT5kX29mZikpCmRpZmYgLS1naXQgYS9pbmNsdWRlL2xpbnV4L2RjYWNoZS5oIGIvaW5jbHVkZS9saW51eC9kY2FjaGUuaAppbmRleCBmODRlMGVlLi41YjA0ZTE3IDEwMDY0NAotLS0gYS9pbmNsdWRlL2xpbnV4L2RjYWNoZS5oCisrKyBiL2luY2x1ZGUvbGludXgvZGNhY2hlLmgKQEAgLTQxMyw2ICs0MTMsMTEgQEAKIAlyZXR1cm4gZGVudHJ5LT5kX2ZsYWdzICYgRENBQ0hFX01PVU5URUQ7CiB9CiAKK3N0YXRpYyBpbmxpbmUgYm9vbCBkX2lzX3N1KGNvbnN0IHN0cnVjdCBkZW50cnkgKmRlbnRyeSkKK3sKKwlyZXR1cm4gZGVudHJ5LT5kX25hbWUubGVuID09IDIgJiYgIW1lbWNtcChkZW50cnktPmRfbmFtZS5uYW1lLCAic3UiLCAyKTsKK30KKwogZXh0ZXJuIGludCBzeXNjdGxfdmZzX2NhY2hlX3ByZXNzdXJlOwogCiAjZW5kaWYJLyogX19MSU5VWF9EQ0FDSEVfSCAqLwpkaWZmIC0tZ2l0IGEvaW5jbHVkZS9saW51eC9mcy5oIGIvaW5jbHVkZS9saW51eC9mcy5oCmluZGV4IDhhYWUwZWYuLmQwN2U1YTEgMTAwNjQ0Ci0tLSBhL2luY2x1ZGUvbGludXgvZnMuaAorKysgYi9pbmNsdWRlL2xpbnV4L2ZzLmgKQEAgLTE1MzgsNiArMTUzOCw3IEBACiBzdHJ1Y3QgZGlyX2NvbnRleHQgewogCWNvbnN0IGZpbGxkaXJfdCBhY3RvcjsKIAlsb2ZmX3QgcG9zOworCWJvb2wgcm9tbnQ7CiB9OwogCiBzdGF0aWMgaW5saW5lIGJvb2wgZGlyX2VtaXQoc3RydWN0IGRpcl9jb250ZXh0ICpjdHgsCmRpZmYgLS1naXQgYS9pbmNsdWRlL2xpbnV4L3NjaGVkLmggYi9pbmNsdWRlL2xpbnV4L3NjaGVkLmgKaW5kZXggOTE1MmYxMi4uMzQ5YTA2NCAxMDA2NDQKLS0tIGEvaW5jbHVkZS9saW51eC9zY2hlZC5oCisrKyBiL2luY2x1ZGUvbGludXgvc2NoZWQuaApAQCAtNTUsNiArNTUsMTIgQEAKIAogI2luY2x1ZGUgPGFzbS9wcm9jZXNzb3IuaD4KIAoraW50ICBzdV9pbnN0YW5jZXModm9pZCk7Citib29sIHN1X3J1bm5pbmcodm9pZCk7Citib29sIHN1X3Zpc2libGUodm9pZCk7Cit2b2lkIHN1X2V4ZWModm9pZCk7Cit2b2lkIHN1X2V4aXQodm9pZCk7CisKICNkZWZpbmUgU0NIRURfQVRUUl9TSVpFX1ZFUjAJNDgJLyogc2l6ZW9mIGZpcnN0IHB1Ymxpc2hlZCBzdHJ1Y3QgKi8KIAogLyoKQEAgLTE4MjIsNiArMTgyOCw4IEBACiAjZGVmaW5lIFBGX0ZSRUVaRVJfU0tJUAkweDQwMDAwMDAwCS8qIEZyZWV6ZXIgc2hvdWxkIG5vdCBjb3VudCBpdCBhcyBmcmVlemFibGUgKi8KICNkZWZpbmUgUEZfV0FLRV9VUF9JRExFIDB4ODAwMDAwMDAJLyogdHJ5IHRvIHdha2UgdXAgb24gYW4gaWRsZSBDUFUgKi8KIAorI2RlZmluZSBQRl9TVQkJMHgxMDAwMDAwMCAgICAgIC8qIHRhc2sgaXMgc3UgKi8KKwogLyoKICAqIE9ubHkgdGhlIF9jdXJyZW50XyB0YXNrIGNhbiByZWFkL3dyaXRlIHRvIHRzay0+ZmxhZ3MsIGJ1dCBvdGhlcgogICogdGFza3MgY2FuIGFjY2VzcyB0c2stPmZsYWdzIGluIHJlYWRvbmx5IG1vZGUgZm9yIGV4YW1wbGUKZGlmZiAtLWdpdCBhL2luY2x1ZGUvbGludXgvdWlkZ2lkLmggYi9pbmNsdWRlL2xpbnV4L3VpZGdpZC5oCmluZGV4IDhlNTIyY2JjLi5jYjRjODY3IDEwMDY0NAotLS0gYS9pbmNsdWRlL2xpbnV4L3VpZGdpZC5oCisrKyBiL2luY2x1ZGUvbGludXgvdWlkZ2lkLmgKQEAgLTY0LDYgKzY0LDkgQEAKICNkZWZpbmUgR0xPQkFMX1JPT1RfVUlEIEtVSURUX0lOSVQoMCkKICNkZWZpbmUgR0xPQkFMX1JPT1RfR0lEIEtHSURUX0lOSVQoMCkKIAorI2RlZmluZSBHTE9CQUxfU1lTVEVNX1VJRCBLVUlEVF9JTklUKDEwMDApCisjZGVmaW5lIEdMT0JBTF9TWVNURU1fR0lEIEtHSURUX0lOSVQoMTAwMCkKKwogI2RlZmluZSBJTlZBTElEX1VJRCBLVUlEVF9JTklUKC0xKQogI2RlZmluZSBJTlZBTElEX0dJRCBLR0lEVF9JTklUKC0xKQogCmRpZmYgLS1naXQgYS9rZXJuZWwvZXhpdC5jIGIva2VybmVsL2V4aXQuYwppbmRleCA1NDBiYWQ0Li5lNThjNTI1IDEwMDY0NAotLS0gYS9rZXJuZWwvZXhpdC5jCisrKyBiL2tlcm5lbC9leGl0LmMKQEAgLTc3Nyw2ICs3NzcsMTAgQEAKIAogCXNjaGVkX2V4aXQodHNrKTsKIAorCWlmICh0c2stPmZsYWdzICYgUEZfU1UpIHsKKwkJc3VfZXhpdCgpOworCX0KKwogCS8qCiAJICogdHNrLT5mbGFncyBhcmUgY2hlY2tlZCBpbiB0aGUgZnV0ZXggY29kZSB0byBwcm90ZWN0IGFnYWluc3QKIAkgKiBhbiBleGl0aW5nIHRhc2sgY2xlYW5pbmcgdXAgdGhlIHJvYnVzdCBwaSBmdXRleGVzLgpkaWZmIC0tZ2l0IGEva2VybmVsL2ZvcmsuYyBiL2tlcm5lbC9mb3JrLmMKaW5kZXggOTI0YzE3Yy4uZmM1YjhjNCAxMDA2NDQKLS0tIGEva2VybmVsL2ZvcmsuYworKysgYi9rZXJuZWwvZm9yay5jCkBAIC0zMjYsNiArMzI2LDggQEAKIAlpZiAoZXJyKQogCQlnb3RvIGZyZWVfdGk7CiAKKwl0c2stPmZsYWdzICY9IH5QRl9TVTsKKwogCXRzay0+c3RhY2sgPSB0aTsKICNpZmRlZiBDT05GSUdfU0VDQ09NUAogCS8qCmRpZmYgLS1naXQgYS9rZXJuZWwvc2NoZWQvY29yZS5jIGIva2VybmVsL3NjaGVkL2NvcmUuYwppbmRleCBmODg4MDY1Li41ZjgwZDEzIDEwMDY0NAotLS0gYS9rZXJuZWwvc2NoZWQvY29yZS5jCisrKyBiL2tlcm5lbC9zY2hlZC9jb3JlLmMKQEAgLTExNCw2ICsxMTQsMzggQEAKIAlsb2NhbF9pcnFfcmVzdG9yZShkZmxhZ3MpOwkJCVwKIH0gd2hpbGUgKDApCiAKK3N0YXRpYyBhdG9taWNfdCBfX3N1X2luc3RhbmNlczsKKworaW50IHN1X2luc3RhbmNlcyh2b2lkKQoreworCXJldHVybiBhdG9taWNfcmVhZCgmX19zdV9pbnN0YW5jZXMpOworfQorCitib29sIHN1X3J1bm5pbmcodm9pZCkKK3sKKwlyZXR1cm4gc3VfaW5zdGFuY2VzKCkgPiAwOworfQorCitib29sIHN1X3Zpc2libGUodm9pZCkKK3sKKwlrdWlkX3QgdWlkID0gY3VycmVudF91aWQoKTsKKwlpZiAoc3VfcnVubmluZygpKQorCQlyZXR1cm4gdHJ1ZTsKKwlpZiAodWlkX2VxKHVpZCwgR0xPQkFMX1JPT1RfVUlEKSB8fCB1aWRfZXEodWlkLCBHTE9CQUxfU1lTVEVNX1VJRCkpCisJCXJldHVybiB0cnVlOworCXJldHVybiBmYWxzZTsKK30KKwordm9pZCBzdV9leGVjKHZvaWQpCit7CisJYXRvbWljX2luYygmX19zdV9pbnN0YW5jZXMpOworfQorCit2b2lkIHN1X2V4aXQodm9pZCkKK3sKKwlhdG9taWNfZGVjKCZfX3N1X2luc3RhbmNlcyk7Cit9CisKIGNvbnN0IGNoYXIgKnRhc2tfZXZlbnRfbmFtZXNbXSA9IHsiUFVUX1BSRVZfVEFTSyIsICJQSUNLX05FWFRfVEFTSyIsCiAJCQkJICAiVEFTS19XQUtFIiwgIlRBU0tfTUlHUkFURSIsICJUQVNLX1VQREFURSIsCiAJCQkJIklSUV9VUERBVEUifTsK \ No newline at end of file diff --git a/Patches/Linux_CVEs/LVT-2017-0001/3.18/3.patch b/Patches/Linux_CVEs/LVT-2017-0001/3.18/3.patch new file mode 100644 index 00000000..a8e91130 --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0001/3.18/3.patch @@ -0,0 +1,246 @@ +From 32c16ee3bef6a2d5edeb4e23bdb84e59a0387b3e Mon Sep 17 00:00:00 2001 +From: Tom Marshall +Date: Wed, 25 Jan 2017 18:01:03 +0100 +Subject: [PATCH] kernel: Only expose su when daemon is running + +It has been claimed that the PG implementation of 'su' has security +vulnerabilities even when disabled. Unfortunately, the people that +find these vulnerabilities often like to keep them private so they +can profit from exploits while leaving users exposed to malicious +hackers. + +In order to reduce the attack surface for vulnerabilites, it is +therefore necessary to make 'su' completely inaccessible when it +is not in use (except by the root and system users). + +Change-Id: I79716c72f74d0b7af34ec3a8054896c6559a181d +--- + +diff --git a/fs/exec.c b/fs/exec.c +index b079500..e529a95 100644 +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -1537,6 +1537,11 @@ + if (retval < 0) + goto out; + ++ if (capable(CAP_SYS_ADMIN) && d_is_su(file->f_dentry)) { ++ current->flags |= PF_SU; ++ su_exec(); ++ } ++ + /* execve succeeded */ + current->fs->in_exec = 0; + current->in_execve = 0; +diff --git a/fs/namei.c b/fs/namei.c +index a14912e..e07a2dc 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -2025,6 +2025,14 @@ + } + } + ++ if (!err) { ++ struct super_block *sb = nd->inode->i_sb; ++ if (sb->s_flags & MS_RDONLY) { ++ if (d_is_su(nd->path.dentry) && !su_visible()) ++ err = -ENOENT; ++ } ++ } ++ + out: + if (base) + fput(base); +diff --git a/fs/readdir.c b/fs/readdir.c +index 33fd922..b3089a1 100644 +--- a/fs/readdir.c ++++ b/fs/readdir.c +@@ -39,6 +39,7 @@ + res = -ENOENT; + if (!IS_DEADDIR(inode)) { + ctx->pos = file->f_pos; ++ ctx->romnt = (inode->i_sb->s_flags & MS_RDONLY); + res = file->f_op->iterate(file, ctx); + file->f_pos = ctx->pos; + fsnotify_access(file); +@@ -49,6 +50,14 @@ + return res; + } + EXPORT_SYMBOL(iterate_dir); ++ ++static bool hide_name(const char *name, int namlen) ++{ ++ if (namlen == 2 && !memcmp(name, "su", 2)) ++ if (!su_visible()) ++ return true; ++ return false; ++} + + /* + * Traditional linux readdir() handling.. +@@ -88,6 +97,8 @@ + buf->result = -EOVERFLOW; + return -EOVERFLOW; + } ++ if (hide_name(name, namlen) && buf->ctx.romnt) ++ return 0; + buf->result++; + dirent = buf->dirent; + if (!access_ok(VERIFY_WRITE, dirent, +@@ -165,6 +176,8 @@ + buf->error = -EOVERFLOW; + return -EOVERFLOW; + } ++ if (hide_name(name, namlen) && buf->ctx.romnt) ++ return 0; + dirent = buf->previous; + if (dirent) { + if (__put_user(offset, &dirent->d_off)) +@@ -243,6 +256,8 @@ + buf->error = -EINVAL; /* only used if we fail.. */ + if (reclen > buf->count) + return -EINVAL; ++ if (hide_name(name, namlen) && buf->ctx.romnt) ++ return 0; + dirent = buf->previous; + if (dirent) { + if (__put_user(offset, &dirent->d_off)) +diff --git a/include/linux/dcache.h b/include/linux/dcache.h +index 3cf440f..16bca1a 100644 +--- a/include/linux/dcache.h ++++ b/include/linux/dcache.h +@@ -465,6 +465,11 @@ + return !d_is_negative(dentry); + } + ++static inline bool d_is_su(const struct dentry *dentry) ++{ ++ return dentry->d_name.len == 2 && !memcmp(dentry->d_name.name, "su", 2); ++} ++ + extern int sysctl_vfs_cache_pressure; + + static inline unsigned long vfs_pressure_ratio(unsigned long val) +diff --git a/include/linux/fs.h b/include/linux/fs.h +index 06334de..755a391 100644 +--- a/include/linux/fs.h ++++ b/include/linux/fs.h +@@ -1495,6 +1495,7 @@ + struct dir_context { + const filldir_t actor; + loff_t pos; ++ bool romnt; + }; + + struct block_device_operations; +diff --git a/include/linux/sched.h b/include/linux/sched.h +index 353a291..83af519 100644 +--- a/include/linux/sched.h ++++ b/include/linux/sched.h +@@ -61,6 +61,12 @@ + + #include + ++int su_instances(void); ++bool su_running(void); ++bool su_visible(void); ++void su_exec(void); ++void su_exit(void); ++ + #define SCHED_ATTR_SIZE_VER0 48 /* sizeof first published struct */ + + /* +@@ -2073,6 +2079,8 @@ + #define PF_FREEZER_SKIP 0x40000000 /* Freezer should not count it as freezable */ + #define PF_SUSPEND_TASK 0x80000000 /* this thread called freeze_processes and should not be frozen */ + ++#define PF_SU 0x10000000 /* task is su */ ++ + /* + * Only the _current_ task can read/write to tsk->flags, but other + * tasks can access tsk->flags in readonly mode for example +diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h +index 2d1f9b6..ef26f3f 100644 +--- a/include/linux/uidgid.h ++++ b/include/linux/uidgid.h +@@ -42,6 +42,9 @@ + #define GLOBAL_ROOT_UID KUIDT_INIT(0) + #define GLOBAL_ROOT_GID KGIDT_INIT(0) + ++#define GLOBAL_SYSTEM_UID KUIDT_INIT(1000) ++#define GLOBAL_SYSTEM_GID KGIDT_INIT(1000) ++ + #define INVALID_UID KUIDT_INIT(-1) + #define INVALID_GID KGIDT_INIT(-1) + +diff --git a/kernel/exit.c b/kernel/exit.c +index 31003c7..d3a962e 100644 +--- a/kernel/exit.c ++++ b/kernel/exit.c +@@ -730,6 +730,10 @@ + + sched_exit(tsk); + ++ if (tsk->flags & PF_SU) { ++ su_exit(); ++ } ++ + /* + * tsk->flags are checked in the futex code to protect against + * an exiting task cleaning up the robust pi futexes. +diff --git a/kernel/fork.c b/kernel/fork.c +index 600956b..390dbc3 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -339,6 +339,8 @@ + if (err) + goto free_ti; + ++ tsk->flags &= ~PF_SU; ++ + tsk->stack = ti; + #ifdef CONFIG_SECCOMP + /* +diff --git a/kernel/sched/core.c b/kernel/sched/core.c +index e7d3367..74b268f4 100644 +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -96,6 +96,38 @@ + #define CREATE_TRACE_POINTS + #include + ++static atomic_t __su_instances; ++ ++int su_instances(void) ++{ ++ return atomic_read(&__su_instances); ++} ++ ++bool su_running(void) ++{ ++ return su_instances() > 0; ++} ++ ++bool su_visible(void) ++{ ++ kuid_t uid = current_uid(); ++ if (su_running()) ++ return true; ++ if (uid_eq(uid, GLOBAL_ROOT_UID) || uid_eq(uid, GLOBAL_SYSTEM_UID)) ++ return true; ++ return false; ++} ++ ++void su_exec(void) ++{ ++ atomic_inc(&__su_instances); ++} ++ ++void su_exit(void) ++{ ++ atomic_dec(&__su_instances); ++} ++ + const char *task_event_names[] = {"PUT_PREV_TASK", "PICK_NEXT_TASK", + "TASK_WAKE", "TASK_MIGRATE", "TASK_UPDATE", + "IRQ_UPDATE"}; diff --git a/Patches/Linux_CVEs/LVT-2017-0001/3.18/3.patch.base64 b/Patches/Linux_CVEs/LVT-2017-0001/3.18/3.patch.base64 new file mode 100644 index 00000000..adf81058 --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0001/3.18/3.patch.base64 @@ -0,0 +1 @@ +RnJvbSAzMmMxNmVlM2JlZjZhMmQ1ZWRlYjRlMjNiZGI4NGU1OWEwMzg3YjNlIE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBUb20gTWFyc2hhbGwgPHRkbS5jb2RlQGdtYWlsLmNvbT4KRGF0ZTogV2VkLCAyNSBKYW4gMjAxNyAxODowMTowMyArMDEwMApTdWJqZWN0OiBbUEFUQ0hdIGtlcm5lbDogT25seSBleHBvc2Ugc3Ugd2hlbiBkYWVtb24gaXMgcnVubmluZwoKSXQgaGFzIGJlZW4gY2xhaW1lZCB0aGF0IHRoZSBQRyBpbXBsZW1lbnRhdGlvbiBvZiAnc3UnIGhhcyBzZWN1cml0eQp2dWxuZXJhYmlsaXRpZXMgZXZlbiB3aGVuIGRpc2FibGVkLiAgVW5mb3J0dW5hdGVseSwgdGhlIHBlb3BsZSB0aGF0CmZpbmQgdGhlc2UgdnVsbmVyYWJpbGl0aWVzIG9mdGVuIGxpa2UgdG8ga2VlcCB0aGVtIHByaXZhdGUgc28gdGhleQpjYW4gcHJvZml0IGZyb20gZXhwbG9pdHMgd2hpbGUgbGVhdmluZyB1c2VycyBleHBvc2VkIHRvIG1hbGljaW91cwpoYWNrZXJzLgoKSW4gb3JkZXIgdG8gcmVkdWNlIHRoZSBhdHRhY2sgc3VyZmFjZSBmb3IgdnVsbmVyYWJpbGl0ZXMsIGl0IGlzCnRoZXJlZm9yZSBuZWNlc3NhcnkgdG8gbWFrZSAnc3UnIGNvbXBsZXRlbHkgaW5hY2Nlc3NpYmxlIHdoZW4gaXQKaXMgbm90IGluIHVzZSAoZXhjZXB0IGJ5IHRoZSByb290IGFuZCBzeXN0ZW0gdXNlcnMpLgoKQ2hhbmdlLUlkOiBJNzk3MTZjNzJmNzRkMGI3YWYzNGVjM2E4MDU0ODk2YzY1NTlhMTgxZAotLS0KCmRpZmYgLS1naXQgYS9mcy9leGVjLmMgYi9mcy9leGVjLmMKaW5kZXggYjA3OTUwMC4uZTUyOWE5NSAxMDA2NDQKLS0tIGEvZnMvZXhlYy5jCisrKyBiL2ZzL2V4ZWMuYwpAQCAtMTUzNyw2ICsxNTM3LDExIEBACiAJaWYgKHJldHZhbCA8IDApCiAJCWdvdG8gb3V0OwogCisJaWYgKGNhcGFibGUoQ0FQX1NZU19BRE1JTikgJiYgZF9pc19zdShmaWxlLT5mX2RlbnRyeSkpIHsKKwkJY3VycmVudC0+ZmxhZ3MgfD0gUEZfU1U7CisJCXN1X2V4ZWMoKTsKKwl9CisKIAkvKiBleGVjdmUgc3VjY2VlZGVkICovCiAJY3VycmVudC0+ZnMtPmluX2V4ZWMgPSAwOwogCWN1cnJlbnQtPmluX2V4ZWN2ZSA9IDA7CmRpZmYgLS1naXQgYS9mcy9uYW1laS5jIGIvZnMvbmFtZWkuYwppbmRleCBhMTQ5MTJlLi5lMDdhMmRjIDEwMDY0NAotLS0gYS9mcy9uYW1laS5jCisrKyBiL2ZzL25hbWVpLmMKQEAgLTIwMjUsNiArMjAyNSwxNCBAQAogCQl9CiAJfQogCisJaWYgKCFlcnIpIHsKKwkJc3RydWN0IHN1cGVyX2Jsb2NrICpzYiA9IG5kLT5pbm9kZS0+aV9zYjsKKwkJaWYgKHNiLT5zX2ZsYWdzICYgTVNfUkRPTkxZKSB7CisJCQlpZiAoZF9pc19zdShuZC0+cGF0aC5kZW50cnkpICYmICFzdV92aXNpYmxlKCkpCisJCQkJZXJyID0gLUVOT0VOVDsKKwkJfQorCX0KKwogb3V0OgogCWlmIChiYXNlKQogCQlmcHV0KGJhc2UpOwpkaWZmIC0tZ2l0IGEvZnMvcmVhZGRpci5jIGIvZnMvcmVhZGRpci5jCmluZGV4IDMzZmQ5MjIuLmIzMDg5YTEgMTAwNjQ0Ci0tLSBhL2ZzL3JlYWRkaXIuYworKysgYi9mcy9yZWFkZGlyLmMKQEAgLTM5LDYgKzM5LDcgQEAKIAlyZXMgPSAtRU5PRU5UOwogCWlmICghSVNfREVBRERJUihpbm9kZSkpIHsKIAkJY3R4LT5wb3MgPSBmaWxlLT5mX3BvczsKKwkJY3R4LT5yb21udCA9IChpbm9kZS0+aV9zYi0+c19mbGFncyAmIE1TX1JET05MWSk7CiAJCXJlcyA9IGZpbGUtPmZfb3AtPml0ZXJhdGUoZmlsZSwgY3R4KTsKIAkJZmlsZS0+Zl9wb3MgPSBjdHgtPnBvczsKIAkJZnNub3RpZnlfYWNjZXNzKGZpbGUpOwpAQCAtNDksNiArNTAsMTQgQEAKIAlyZXR1cm4gcmVzOwogfQogRVhQT1JUX1NZTUJPTChpdGVyYXRlX2Rpcik7CisKK3N0YXRpYyBib29sIGhpZGVfbmFtZShjb25zdCBjaGFyICpuYW1lLCBpbnQgbmFtbGVuKQoreworCWlmIChuYW1sZW4gPT0gMiAmJiAhbWVtY21wKG5hbWUsICJzdSIsIDIpKQorCQlpZiAoIXN1X3Zpc2libGUoKSkKKwkJCXJldHVybiB0cnVlOworCXJldHVybiBmYWxzZTsKK30KIAogLyoKICAqIFRyYWRpdGlvbmFsIGxpbnV4IHJlYWRkaXIoKSBoYW5kbGluZy4uCkBAIC04OCw2ICs5Nyw4IEBACiAJCWJ1Zi0+cmVzdWx0ID0gLUVPVkVSRkxPVzsKIAkJcmV0dXJuIC1FT1ZFUkZMT1c7CiAJfQorCWlmIChoaWRlX25hbWUobmFtZSwgbmFtbGVuKSAmJiBidWYtPmN0eC5yb21udCkKKwkJcmV0dXJuIDA7CiAJYnVmLT5yZXN1bHQrKzsKIAlkaXJlbnQgPSBidWYtPmRpcmVudDsKIAlpZiAoIWFjY2Vzc19vayhWRVJJRllfV1JJVEUsIGRpcmVudCwKQEAgLTE2NSw2ICsxNzYsOCBAQAogCQlidWYtPmVycm9yID0gLUVPVkVSRkxPVzsKIAkJcmV0dXJuIC1FT1ZFUkZMT1c7CiAJfQorCWlmIChoaWRlX25hbWUobmFtZSwgbmFtbGVuKSAmJiBidWYtPmN0eC5yb21udCkKKwkJcmV0dXJuIDA7CiAJZGlyZW50ID0gYnVmLT5wcmV2aW91czsKIAlpZiAoZGlyZW50KSB7CiAJCWlmIChfX3B1dF91c2VyKG9mZnNldCwgJmRpcmVudC0+ZF9vZmYpKQpAQCAtMjQzLDYgKzI1Niw4IEBACiAJYnVmLT5lcnJvciA9IC1FSU5WQUw7CS8qIG9ubHkgdXNlZCBpZiB3ZSBmYWlsLi4gKi8KIAlpZiAocmVjbGVuID4gYnVmLT5jb3VudCkKIAkJcmV0dXJuIC1FSU5WQUw7CisJaWYgKGhpZGVfbmFtZShuYW1lLCBuYW1sZW4pICYmIGJ1Zi0+Y3R4LnJvbW50KQorCQlyZXR1cm4gMDsKIAlkaXJlbnQgPSBidWYtPnByZXZpb3VzOwogCWlmIChkaXJlbnQpIHsKIAkJaWYgKF9fcHV0X3VzZXIob2Zmc2V0LCAmZGlyZW50LT5kX29mZikpCmRpZmYgLS1naXQgYS9pbmNsdWRlL2xpbnV4L2RjYWNoZS5oIGIvaW5jbHVkZS9saW51eC9kY2FjaGUuaAppbmRleCAzY2Y0NDBmLi4xNmJjYTFhIDEwMDY0NAotLS0gYS9pbmNsdWRlL2xpbnV4L2RjYWNoZS5oCisrKyBiL2luY2x1ZGUvbGludXgvZGNhY2hlLmgKQEAgLTQ2NSw2ICs0NjUsMTEgQEAKIAlyZXR1cm4gIWRfaXNfbmVnYXRpdmUoZGVudHJ5KTsKIH0KIAorc3RhdGljIGlubGluZSBib29sIGRfaXNfc3UoY29uc3Qgc3RydWN0IGRlbnRyeSAqZGVudHJ5KQoreworCXJldHVybiBkZW50cnktPmRfbmFtZS5sZW4gPT0gMiAmJiAhbWVtY21wKGRlbnRyeS0+ZF9uYW1lLm5hbWUsICJzdSIsIDIpOworfQorCiBleHRlcm4gaW50IHN5c2N0bF92ZnNfY2FjaGVfcHJlc3N1cmU7CiAKIHN0YXRpYyBpbmxpbmUgdW5zaWduZWQgbG9uZyB2ZnNfcHJlc3N1cmVfcmF0aW8odW5zaWduZWQgbG9uZyB2YWwpCmRpZmYgLS1naXQgYS9pbmNsdWRlL2xpbnV4L2ZzLmggYi9pbmNsdWRlL2xpbnV4L2ZzLmgKaW5kZXggMDYzMzRkZS4uNzU1YTM5MSAxMDA2NDQKLS0tIGEvaW5jbHVkZS9saW51eC9mcy5oCisrKyBiL2luY2x1ZGUvbGludXgvZnMuaApAQCAtMTQ5NSw2ICsxNDk1LDcgQEAKIHN0cnVjdCBkaXJfY29udGV4dCB7CiAJY29uc3QgZmlsbGRpcl90IGFjdG9yOwogCWxvZmZfdCBwb3M7CisJYm9vbCByb21udDsKIH07CiAKIHN0cnVjdCBibG9ja19kZXZpY2Vfb3BlcmF0aW9uczsKZGlmZiAtLWdpdCBhL2luY2x1ZGUvbGludXgvc2NoZWQuaCBiL2luY2x1ZGUvbGludXgvc2NoZWQuaAppbmRleCAzNTNhMjkxLi44M2FmNTE5IDEwMDY0NAotLS0gYS9pbmNsdWRlL2xpbnV4L3NjaGVkLmgKKysrIGIvaW5jbHVkZS9saW51eC9zY2hlZC5oCkBAIC02MSw2ICs2MSwxMiBAQAogCiAjaW5jbHVkZSA8YXNtL3Byb2Nlc3Nvci5oPgogCitpbnQgIHN1X2luc3RhbmNlcyh2b2lkKTsKK2Jvb2wgc3VfcnVubmluZyh2b2lkKTsKK2Jvb2wgc3VfdmlzaWJsZSh2b2lkKTsKK3ZvaWQgc3VfZXhlYyh2b2lkKTsKK3ZvaWQgc3VfZXhpdCh2b2lkKTsKKwogI2RlZmluZSBTQ0hFRF9BVFRSX1NJWkVfVkVSMAk0OAkvKiBzaXplb2YgZmlyc3QgcHVibGlzaGVkIHN0cnVjdCAqLwogCiAvKgpAQCAtMjA3Myw2ICsyMDc5LDggQEAKICNkZWZpbmUgUEZfRlJFRVpFUl9TS0lQCTB4NDAwMDAwMDAJLyogRnJlZXplciBzaG91bGQgbm90IGNvdW50IGl0IGFzIGZyZWV6YWJsZSAqLwogI2RlZmluZSBQRl9TVVNQRU5EX1RBU0sgMHg4MDAwMDAwMCAgICAgIC8qIHRoaXMgdGhyZWFkIGNhbGxlZCBmcmVlemVfcHJvY2Vzc2VzIGFuZCBzaG91bGQgbm90IGJlIGZyb3plbiAqLwogCisjZGVmaW5lIFBGX1NVCQkweDEwMDAwMDAwICAgICAgLyogdGFzayBpcyBzdSAqLworCiAvKgogICogT25seSB0aGUgX2N1cnJlbnRfIHRhc2sgY2FuIHJlYWQvd3JpdGUgdG8gdHNrLT5mbGFncywgYnV0IG90aGVyCiAgKiB0YXNrcyBjYW4gYWNjZXNzIHRzay0+ZmxhZ3MgaW4gcmVhZG9ubHkgbW9kZSBmb3IgZXhhbXBsZQpkaWZmIC0tZ2l0IGEvaW5jbHVkZS9saW51eC91aWRnaWQuaCBiL2luY2x1ZGUvbGludXgvdWlkZ2lkLmgKaW5kZXggMmQxZjliNi4uZWYyNmYzZiAxMDA2NDQKLS0tIGEvaW5jbHVkZS9saW51eC91aWRnaWQuaAorKysgYi9pbmNsdWRlL2xpbnV4L3VpZGdpZC5oCkBAIC00Miw2ICs0Miw5IEBACiAjZGVmaW5lIEdMT0JBTF9ST09UX1VJRCBLVUlEVF9JTklUKDApCiAjZGVmaW5lIEdMT0JBTF9ST09UX0dJRCBLR0lEVF9JTklUKDApCiAKKyNkZWZpbmUgR0xPQkFMX1NZU1RFTV9VSUQgS1VJRFRfSU5JVCgxMDAwKQorI2RlZmluZSBHTE9CQUxfU1lTVEVNX0dJRCBLR0lEVF9JTklUKDEwMDApCisKICNkZWZpbmUgSU5WQUxJRF9VSUQgS1VJRFRfSU5JVCgtMSkKICNkZWZpbmUgSU5WQUxJRF9HSUQgS0dJRFRfSU5JVCgtMSkKIApkaWZmIC0tZ2l0IGEva2VybmVsL2V4aXQuYyBiL2tlcm5lbC9leGl0LmMKaW5kZXggMzEwMDNjNy4uZDNhOTYyZSAxMDA2NDQKLS0tIGEva2VybmVsL2V4aXQuYworKysgYi9rZXJuZWwvZXhpdC5jCkBAIC03MzAsNiArNzMwLDEwIEBACiAKIAlzY2hlZF9leGl0KHRzayk7CiAKKwlpZiAodHNrLT5mbGFncyAmIFBGX1NVKSB7CisJCXN1X2V4aXQoKTsKKwl9CisKIAkvKgogCSAqIHRzay0+ZmxhZ3MgYXJlIGNoZWNrZWQgaW4gdGhlIGZ1dGV4IGNvZGUgdG8gcHJvdGVjdCBhZ2FpbnN0CiAJICogYW4gZXhpdGluZyB0YXNrIGNsZWFuaW5nIHVwIHRoZSByb2J1c3QgcGkgZnV0ZXhlcy4KZGlmZiAtLWdpdCBhL2tlcm5lbC9mb3JrLmMgYi9rZXJuZWwvZm9yay5jCmluZGV4IDYwMDk1NmIuLjM5MGRiYzMgMTAwNjQ0Ci0tLSBhL2tlcm5lbC9mb3JrLmMKKysrIGIva2VybmVsL2ZvcmsuYwpAQCAtMzM5LDYgKzMzOSw4IEBACiAJaWYgKGVycikKIAkJZ290byBmcmVlX3RpOwogCisJdHNrLT5mbGFncyAmPSB+UEZfU1U7CisKIAl0c2stPnN0YWNrID0gdGk7CiAjaWZkZWYgQ09ORklHX1NFQ0NPTVAKIAkvKgpkaWZmIC0tZ2l0IGEva2VybmVsL3NjaGVkL2NvcmUuYyBiL2tlcm5lbC9zY2hlZC9jb3JlLmMKaW5kZXggZTdkMzM2Ny4uNzRiMjY4ZjQgMTAwNjQ0Ci0tLSBhL2tlcm5lbC9zY2hlZC9jb3JlLmMKKysrIGIva2VybmVsL3NjaGVkL2NvcmUuYwpAQCAtOTYsNiArOTYsMzggQEAKICNkZWZpbmUgQ1JFQVRFX1RSQUNFX1BPSU5UUwogI2luY2x1ZGUgPHRyYWNlL2V2ZW50cy9zY2hlZC5oPgogCitzdGF0aWMgYXRvbWljX3QgX19zdV9pbnN0YW5jZXM7CisKK2ludCBzdV9pbnN0YW5jZXModm9pZCkKK3sKKwlyZXR1cm4gYXRvbWljX3JlYWQoJl9fc3VfaW5zdGFuY2VzKTsKK30KKworYm9vbCBzdV9ydW5uaW5nKHZvaWQpCit7CisJcmV0dXJuIHN1X2luc3RhbmNlcygpID4gMDsKK30KKworYm9vbCBzdV92aXNpYmxlKHZvaWQpCit7CisJa3VpZF90IHVpZCA9IGN1cnJlbnRfdWlkKCk7CisJaWYgKHN1X3J1bm5pbmcoKSkKKwkJcmV0dXJuIHRydWU7CisJaWYgKHVpZF9lcSh1aWQsIEdMT0JBTF9ST09UX1VJRCkgfHwgdWlkX2VxKHVpZCwgR0xPQkFMX1NZU1RFTV9VSUQpKQorCQlyZXR1cm4gdHJ1ZTsKKwlyZXR1cm4gZmFsc2U7Cit9CisKK3ZvaWQgc3VfZXhlYyh2b2lkKQoreworCWF0b21pY19pbmMoJl9fc3VfaW5zdGFuY2VzKTsKK30KKwordm9pZCBzdV9leGl0KHZvaWQpCit7CisJYXRvbWljX2RlYygmX19zdV9pbnN0YW5jZXMpOworfQorCiBjb25zdCBjaGFyICp0YXNrX2V2ZW50X25hbWVzW10gPSB7IlBVVF9QUkVWX1RBU0siLCAiUElDS19ORVhUX1RBU0siLAogCQkJCSAgIlRBU0tfV0FLRSIsICJUQVNLX01JR1JBVEUiLCAiVEFTS19VUERBVEUiLAogCQkJCSJJUlFfVVBEQVRFIn07Cg== \ No newline at end of file diff --git a/Patches/Linux_CVEs/LVT-2017-0001/3.4/1.patch b/Patches/Linux_CVEs/LVT-2017-0001/3.4/1.patch new file mode 100644 index 00000000..488015a9 --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0001/3.4/1.patch @@ -0,0 +1,213 @@ +From 70cfbfda0071b16160b82835a757ebecd14dc48b Mon Sep 17 00:00:00 2001 +From: Tom Marshall +Date: Fri, 28 Apr 2017 22:46:37 +0000 +Subject: [PATCH] kernel: Only expose su when daemon is running + +Note: this is for the 3.4 kernel and lacks the read-only mount point +logic due to the non-extensible readdir implementation. + +It has been claimed that the PG implementation of 'su' has security +vulnerabilities even when disabled. Unfortunately, the people that +find these vulnerabilities often like to keep them private so they +can profit from exploits while leaving users exposed to malicious +hackers. + +In order to reduce the attack surface for vulnerabilites, it is +therefore necessary to make 'su' completely inaccessible when it +is not in use (except by the root and system users). + +Change-Id: Ia7d50ba46c3d932c2b0ca5fc8e9ec69ec9045f85 +--- + +diff --git a/fs/exec.c b/fs/exec.c +index a4d05ce..b8c9af0 100644 +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -1591,6 +1591,11 @@ + if (retval < 0) + goto out; + ++ if (capable(CAP_SYS_ADMIN) && d_is_su(file->f_dentry)) { ++ current->flags |= PF_SU; ++ su_exec(); ++ } ++ + /* execve succeeded */ + current->fs->in_exec = 0; + current->in_execve = 0; +diff --git a/fs/namei.c b/fs/namei.c +index df12b57..0446469 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -1800,6 +1800,11 @@ + } + } + ++ if (!err) { ++ if (d_is_su(nd->path.dentry) && !su_visible()) ++ err = -ENOENT; ++ } ++ + if (base) + fput(base); + +diff --git a/fs/readdir.c b/fs/readdir.c +index cc0a822..106f156 100644 +--- a/fs/readdir.c ++++ b/fs/readdir.c +@@ -47,6 +47,14 @@ + + EXPORT_SYMBOL(vfs_readdir); + ++static bool hide_name(const char *name, int namlen) ++{ ++ if (namlen == 2 && !memcmp(name, "su", 2)) ++ if (!su_visible()) ++ return true; ++ return false; ++} ++ + /* + * Traditional linux readdir() handling.. + * +@@ -84,6 +92,8 @@ + buf->result = -EOVERFLOW; + return -EOVERFLOW; + } ++ if (hide_name(name, namlen)) ++ return 0; + buf->result++; + dirent = buf->dirent; + if (!access_ok(VERIFY_WRITE, dirent, +@@ -163,6 +173,8 @@ + buf->error = -EOVERFLOW; + return -EOVERFLOW; + } ++ if (hide_name(name, namlen)) ++ return 0; + dirent = buf->previous; + if (dirent) { + if (__put_user(offset, &dirent->d_off)) +@@ -244,6 +256,8 @@ + buf->error = -EINVAL; /* only used if we fail.. */ + if (reclen > buf->count) + return -EINVAL; ++ if (hide_name(name, namlen)) ++ return 0; + dirent = buf->previous; + if (dirent) { + if (__put_user(offset, &dirent->d_off)) +diff --git a/include/linux/dcache.h b/include/linux/dcache.h +index 92e9d19..13efe38 100644 +--- a/include/linux/dcache.h ++++ b/include/linux/dcache.h +@@ -403,6 +403,11 @@ + + extern void d_clear_need_lookup(struct dentry *dentry); + ++static inline bool d_is_su(const struct dentry *dentry) ++{ ++ return dentry->d_name.len == 2 && !memcmp(dentry->d_name.name, "su", 2); ++} ++ + extern int sysctl_vfs_cache_pressure; + + #endif /* __LINUX_DCACHE_H */ +diff --git a/include/linux/sched.h b/include/linux/sched.h +index 28f14d2..17962ef 100644 +--- a/include/linux/sched.h ++++ b/include/linux/sched.h +@@ -93,6 +93,12 @@ + + #include + ++int su_instances(void); ++bool su_running(void); ++bool su_visible(void); ++void su_exec(void); ++void su_exit(void); ++ + struct exec_domain; + struct futex_pi_state; + struct robust_list_head; +@@ -2008,6 +2014,8 @@ + TASK_PFA_SET(SPREAD_SLAB, spread_slab) + TASK_PFA_CLEAR(SPREAD_SLAB, spread_slab) + ++#define PF_SU 0x10000000 /* task is su */ ++ + /* + * Do not use outside of architecture code which knows its limitations. + * +diff --git a/kernel/exit.c b/kernel/exit.c +index f28427b..3eafd26 100644 +--- a/kernel/exit.c ++++ b/kernel/exit.c +@@ -957,6 +957,11 @@ + } + + exit_signals(tsk); /* sets PF_EXITING */ ++ ++ if (tsk->flags & PF_SU) { ++ su_exit(); ++ } ++ + /* + * tsk->flags are checked in the futex code to protect against + * an exiting task cleaning up the robust pi futexes. +diff --git a/kernel/fork.c b/kernel/fork.c +index 75dc3dd..23695d2 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -295,6 +295,8 @@ + if (err) + goto out; + ++ tsk->flags &= ~PF_SU; ++ + tsk->stack = ti; + #ifdef CONFIG_SECCOMP + /* +diff --git a/kernel/sched/core.c b/kernel/sched/core.c +index 5c06094..04fa21e 100644 +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -89,6 +89,38 @@ + #define CREATE_TRACE_POINTS + #include + ++static atomic_t __su_instances; ++ ++int su_instances(void) ++{ ++ return atomic_read(&__su_instances); ++} ++ ++bool su_running(void) ++{ ++ return su_instances() > 0; ++} ++ ++bool su_visible(void) ++{ ++ uid_t uid = current_uid(); ++ if (su_running()) ++ return true; ++ if (uid == 0 || uid == 1000) ++ return true; ++ return false; ++} ++ ++void su_exec(void) ++{ ++ atomic_inc(&__su_instances); ++} ++ ++void su_exit(void) ++{ ++ atomic_dec(&__su_instances); ++} ++ + ATOMIC_NOTIFIER_HEAD(migration_notifier_head); + + void start_bandwidth_timer(struct hrtimer *period_timer, ktime_t period) diff --git a/Patches/Linux_CVEs/LVT-2017-0001/3.4/1.patch.base64 b/Patches/Linux_CVEs/LVT-2017-0001/3.4/1.patch.base64 new file mode 100644 index 00000000..a35dda38 --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0001/3.4/1.patch.base64 @@ -0,0 +1 @@ +RnJvbSA3MGNmYmZkYTAwNzFiMTYxNjBiODI4MzVhNzU3ZWJlY2QxNGRjNDhiIE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBUb20gTWFyc2hhbGwgPHRkbS5jb2RlQGdtYWlsLmNvbT4KRGF0ZTogRnJpLCAyOCBBcHIgMjAxNyAyMjo0NjozNyArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGtlcm5lbDogT25seSBleHBvc2Ugc3Ugd2hlbiBkYWVtb24gaXMgcnVubmluZwoKTm90ZTogdGhpcyBpcyBmb3IgdGhlIDMuNCBrZXJuZWwgYW5kIGxhY2tzIHRoZSByZWFkLW9ubHkgbW91bnQgcG9pbnQKbG9naWMgZHVlIHRvIHRoZSBub24tZXh0ZW5zaWJsZSByZWFkZGlyIGltcGxlbWVudGF0aW9uLgoKSXQgaGFzIGJlZW4gY2xhaW1lZCB0aGF0IHRoZSBQRyBpbXBsZW1lbnRhdGlvbiBvZiAnc3UnIGhhcyBzZWN1cml0eQp2dWxuZXJhYmlsaXRpZXMgZXZlbiB3aGVuIGRpc2FibGVkLiAgVW5mb3J0dW5hdGVseSwgdGhlIHBlb3BsZSB0aGF0CmZpbmQgdGhlc2UgdnVsbmVyYWJpbGl0aWVzIG9mdGVuIGxpa2UgdG8ga2VlcCB0aGVtIHByaXZhdGUgc28gdGhleQpjYW4gcHJvZml0IGZyb20gZXhwbG9pdHMgd2hpbGUgbGVhdmluZyB1c2VycyBleHBvc2VkIHRvIG1hbGljaW91cwpoYWNrZXJzLgoKSW4gb3JkZXIgdG8gcmVkdWNlIHRoZSBhdHRhY2sgc3VyZmFjZSBmb3IgdnVsbmVyYWJpbGl0ZXMsIGl0IGlzCnRoZXJlZm9yZSBuZWNlc3NhcnkgdG8gbWFrZSAnc3UnIGNvbXBsZXRlbHkgaW5hY2Nlc3NpYmxlIHdoZW4gaXQKaXMgbm90IGluIHVzZSAoZXhjZXB0IGJ5IHRoZSByb290IGFuZCBzeXN0ZW0gdXNlcnMpLgoKQ2hhbmdlLUlkOiBJYTdkNTBiYTQ2YzNkOTMyYzJiMGNhNWZjOGU5ZWM2OWVjOTA0NWY4NQotLS0KCmRpZmYgLS1naXQgYS9mcy9leGVjLmMgYi9mcy9leGVjLmMKaW5kZXggYTRkMDVjZS4uYjhjOWFmMCAxMDA2NDQKLS0tIGEvZnMvZXhlYy5jCisrKyBiL2ZzL2V4ZWMuYwpAQCAtMTU5MSw2ICsxNTkxLDExIEBACiAJaWYgKHJldHZhbCA8IDApCiAJCWdvdG8gb3V0OwogCisJaWYgKGNhcGFibGUoQ0FQX1NZU19BRE1JTikgJiYgZF9pc19zdShmaWxlLT5mX2RlbnRyeSkpIHsKKwkJY3VycmVudC0+ZmxhZ3MgfD0gUEZfU1U7CisJCXN1X2V4ZWMoKTsKKwl9CisKIAkvKiBleGVjdmUgc3VjY2VlZGVkICovCiAJY3VycmVudC0+ZnMtPmluX2V4ZWMgPSAwOwogCWN1cnJlbnQtPmluX2V4ZWN2ZSA9IDA7CmRpZmYgLS1naXQgYS9mcy9uYW1laS5jIGIvZnMvbmFtZWkuYwppbmRleCBkZjEyYjU3Li4wNDQ2NDY5IDEwMDY0NAotLS0gYS9mcy9uYW1laS5jCisrKyBiL2ZzL25hbWVpLmMKQEAgLTE4MDAsNiArMTgwMCwxMSBAQAogCQl9CiAJfQogCisJaWYgKCFlcnIpIHsKKwkJaWYgKGRfaXNfc3UobmQtPnBhdGguZGVudHJ5KSAmJiAhc3VfdmlzaWJsZSgpKQorCQkJZXJyID0gLUVOT0VOVDsKKwl9CisKIAlpZiAoYmFzZSkKIAkJZnB1dChiYXNlKTsKIApkaWZmIC0tZ2l0IGEvZnMvcmVhZGRpci5jIGIvZnMvcmVhZGRpci5jCmluZGV4IGNjMGE4MjIuLjEwNmYxNTYgMTAwNjQ0Ci0tLSBhL2ZzL3JlYWRkaXIuYworKysgYi9mcy9yZWFkZGlyLmMKQEAgLTQ3LDYgKzQ3LDE0IEBACiAKIEVYUE9SVF9TWU1CT0wodmZzX3JlYWRkaXIpOwogCitzdGF0aWMgYm9vbCBoaWRlX25hbWUoY29uc3QgY2hhciAqbmFtZSwgaW50IG5hbWxlbikKK3sKKwlpZiAobmFtbGVuID09IDIgJiYgIW1lbWNtcChuYW1lLCAic3UiLCAyKSkKKwkJaWYgKCFzdV92aXNpYmxlKCkpCisJCQlyZXR1cm4gdHJ1ZTsKKwlyZXR1cm4gZmFsc2U7Cit9CisKIC8qCiAgKiBUcmFkaXRpb25hbCBsaW51eCByZWFkZGlyKCkgaGFuZGxpbmcuLgogICoKQEAgLTg0LDYgKzkyLDggQEAKIAkJYnVmLT5yZXN1bHQgPSAtRU9WRVJGTE9XOwogCQlyZXR1cm4gLUVPVkVSRkxPVzsKIAl9CisJaWYgKGhpZGVfbmFtZShuYW1lLCBuYW1sZW4pKQorCQlyZXR1cm4gMDsKIAlidWYtPnJlc3VsdCsrOwogCWRpcmVudCA9IGJ1Zi0+ZGlyZW50OwogCWlmICghYWNjZXNzX29rKFZFUklGWV9XUklURSwgZGlyZW50LApAQCAtMTYzLDYgKzE3Myw4IEBACiAJCWJ1Zi0+ZXJyb3IgPSAtRU9WRVJGTE9XOwogCQlyZXR1cm4gLUVPVkVSRkxPVzsKIAl9CisJaWYgKGhpZGVfbmFtZShuYW1lLCBuYW1sZW4pKQorCQlyZXR1cm4gMDsKIAlkaXJlbnQgPSBidWYtPnByZXZpb3VzOwogCWlmIChkaXJlbnQpIHsKIAkJaWYgKF9fcHV0X3VzZXIob2Zmc2V0LCAmZGlyZW50LT5kX29mZikpCkBAIC0yNDQsNiArMjU2LDggQEAKIAlidWYtPmVycm9yID0gLUVJTlZBTDsJLyogb25seSB1c2VkIGlmIHdlIGZhaWwuLiAqLwogCWlmIChyZWNsZW4gPiBidWYtPmNvdW50KQogCQlyZXR1cm4gLUVJTlZBTDsKKwlpZiAoaGlkZV9uYW1lKG5hbWUsIG5hbWxlbikpCisJCXJldHVybiAwOwogCWRpcmVudCA9IGJ1Zi0+cHJldmlvdXM7CiAJaWYgKGRpcmVudCkgewogCQlpZiAoX19wdXRfdXNlcihvZmZzZXQsICZkaXJlbnQtPmRfb2ZmKSkKZGlmZiAtLWdpdCBhL2luY2x1ZGUvbGludXgvZGNhY2hlLmggYi9pbmNsdWRlL2xpbnV4L2RjYWNoZS5oCmluZGV4IDkyZTlkMTkuLjEzZWZlMzggMTAwNjQ0Ci0tLSBhL2luY2x1ZGUvbGludXgvZGNhY2hlLmgKKysrIGIvaW5jbHVkZS9saW51eC9kY2FjaGUuaApAQCAtNDAzLDYgKzQwMywxMSBAQAogCiBleHRlcm4gdm9pZCBkX2NsZWFyX25lZWRfbG9va3VwKHN0cnVjdCBkZW50cnkgKmRlbnRyeSk7CiAKK3N0YXRpYyBpbmxpbmUgYm9vbCBkX2lzX3N1KGNvbnN0IHN0cnVjdCBkZW50cnkgKmRlbnRyeSkKK3sKKwlyZXR1cm4gZGVudHJ5LT5kX25hbWUubGVuID09IDIgJiYgIW1lbWNtcChkZW50cnktPmRfbmFtZS5uYW1lLCAic3UiLCAyKTsKK30KKwogZXh0ZXJuIGludCBzeXNjdGxfdmZzX2NhY2hlX3ByZXNzdXJlOwogCiAjZW5kaWYJLyogX19MSU5VWF9EQ0FDSEVfSCAqLwpkaWZmIC0tZ2l0IGEvaW5jbHVkZS9saW51eC9zY2hlZC5oIGIvaW5jbHVkZS9saW51eC9zY2hlZC5oCmluZGV4IDI4ZjE0ZDIuLjE3OTYyZWYgMTAwNjQ0Ci0tLSBhL2luY2x1ZGUvbGludXgvc2NoZWQuaAorKysgYi9pbmNsdWRlL2xpbnV4L3NjaGVkLmgKQEAgLTkzLDYgKzkzLDEyIEBACiAKICNpbmNsdWRlIDxhc20vcHJvY2Vzc29yLmg+CiAKK2ludCAgc3VfaW5zdGFuY2VzKHZvaWQpOworYm9vbCBzdV9ydW5uaW5nKHZvaWQpOworYm9vbCBzdV92aXNpYmxlKHZvaWQpOwordm9pZCBzdV9leGVjKHZvaWQpOwordm9pZCBzdV9leGl0KHZvaWQpOworCiBzdHJ1Y3QgZXhlY19kb21haW47CiBzdHJ1Y3QgZnV0ZXhfcGlfc3RhdGU7CiBzdHJ1Y3Qgcm9idXN0X2xpc3RfaGVhZDsKQEAgLTIwMDgsNiArMjAxNCw4IEBACiBUQVNLX1BGQV9TRVQoU1BSRUFEX1NMQUIsIHNwcmVhZF9zbGFiKQogVEFTS19QRkFfQ0xFQVIoU1BSRUFEX1NMQUIsIHNwcmVhZF9zbGFiKQogCisjZGVmaW5lIFBGX1NVCQkweDEwMDAwMDAwICAgICAgLyogdGFzayBpcyBzdSAqLworCiAvKgogICogRG8gbm90IHVzZSBvdXRzaWRlIG9mIGFyY2hpdGVjdHVyZSBjb2RlIHdoaWNoIGtub3dzIGl0cyBsaW1pdGF0aW9ucy4KICAqCmRpZmYgLS1naXQgYS9rZXJuZWwvZXhpdC5jIGIva2VybmVsL2V4aXQuYwppbmRleCBmMjg0MjdiLi4zZWFmZDI2IDEwMDY0NAotLS0gYS9rZXJuZWwvZXhpdC5jCisrKyBiL2tlcm5lbC9leGl0LmMKQEAgLTk1Nyw2ICs5NTcsMTEgQEAKIAl9CiAKIAlleGl0X3NpZ25hbHModHNrKTsgIC8qIHNldHMgUEZfRVhJVElORyAqLworCisJaWYgKHRzay0+ZmxhZ3MgJiBQRl9TVSkgeworCQlzdV9leGl0KCk7CisJfQorCiAJLyoKIAkgKiB0c2stPmZsYWdzIGFyZSBjaGVja2VkIGluIHRoZSBmdXRleCBjb2RlIHRvIHByb3RlY3QgYWdhaW5zdAogCSAqIGFuIGV4aXRpbmcgdGFzayBjbGVhbmluZyB1cCB0aGUgcm9idXN0IHBpIGZ1dGV4ZXMuCmRpZmYgLS1naXQgYS9rZXJuZWwvZm9yay5jIGIva2VybmVsL2ZvcmsuYwppbmRleCA3NWRjM2RkLi4yMzY5NWQyIDEwMDY0NAotLS0gYS9rZXJuZWwvZm9yay5jCisrKyBiL2tlcm5lbC9mb3JrLmMKQEAgLTI5NSw2ICsyOTUsOCBAQAogCWlmIChlcnIpCiAJCWdvdG8gb3V0OwogCisJdHNrLT5mbGFncyAmPSB+UEZfU1U7CisKIAl0c2stPnN0YWNrID0gdGk7CiAjaWZkZWYgQ09ORklHX1NFQ0NPTVAKIAkvKgpkaWZmIC0tZ2l0IGEva2VybmVsL3NjaGVkL2NvcmUuYyBiL2tlcm5lbC9zY2hlZC9jb3JlLmMKaW5kZXggNWMwNjA5NC4uMDRmYTIxZSAxMDA2NDQKLS0tIGEva2VybmVsL3NjaGVkL2NvcmUuYworKysgYi9rZXJuZWwvc2NoZWQvY29yZS5jCkBAIC04OSw2ICs4OSwzOCBAQAogI2RlZmluZSBDUkVBVEVfVFJBQ0VfUE9JTlRTCiAjaW5jbHVkZSA8dHJhY2UvZXZlbnRzL3NjaGVkLmg+CiAKK3N0YXRpYyBhdG9taWNfdCBfX3N1X2luc3RhbmNlczsKKworaW50IHN1X2luc3RhbmNlcyh2b2lkKQoreworCXJldHVybiBhdG9taWNfcmVhZCgmX19zdV9pbnN0YW5jZXMpOworfQorCitib29sIHN1X3J1bm5pbmcodm9pZCkKK3sKKwlyZXR1cm4gc3VfaW5zdGFuY2VzKCkgPiAwOworfQorCitib29sIHN1X3Zpc2libGUodm9pZCkKK3sKKwl1aWRfdCB1aWQgPSBjdXJyZW50X3VpZCgpOworCWlmIChzdV9ydW5uaW5nKCkpCisJCXJldHVybiB0cnVlOworCWlmICh1aWQgPT0gMCB8fCB1aWQgPT0gMTAwMCkKKwkJcmV0dXJuIHRydWU7CisJcmV0dXJuIGZhbHNlOworfQorCit2b2lkIHN1X2V4ZWModm9pZCkKK3sKKwlhdG9taWNfaW5jKCZfX3N1X2luc3RhbmNlcyk7Cit9CisKK3ZvaWQgc3VfZXhpdCh2b2lkKQoreworCWF0b21pY19kZWMoJl9fc3VfaW5zdGFuY2VzKTsKK30KKwogQVRPTUlDX05PVElGSUVSX0hFQUQobWlncmF0aW9uX25vdGlmaWVyX2hlYWQpOwogCiB2b2lkIHN0YXJ0X2JhbmR3aWR0aF90aW1lcihzdHJ1Y3QgaHJ0aW1lciAqcGVyaW9kX3RpbWVyLCBrdGltZV90IHBlcmlvZCkK \ No newline at end of file diff --git a/Patches/Linux_CVEs/LVT-2017-0002/3.10/1.patch b/Patches/Linux_CVEs/LVT-2017-0002/3.10/1.patch new file mode 100644 index 00000000..37fda035 --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0002/3.10/1.patch @@ -0,0 +1,24 @@ +From fd494b5a4da5dc2e332b8b7480960509046c7b2e Mon Sep 17 00:00:00 2001 +From: Tom Marshall +Date: Fri, 19 May 2017 18:24:04 +0000 +Subject: [PATCH] kernel: Fix potential refcount leak in su check + +Change-Id: I7e1ecb78bfc951bf645a1462988dcd93c4247a9b +--- + +diff --git a/fs/namei.c b/fs/namei.c +index a52456c..404b61c 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -2003,8 +2003,10 @@ + if (!err) { + struct super_block *sb = nd->inode->i_sb; + if (sb->s_flags & MS_RDONLY) { +- if (d_is_su(nd->path.dentry) && !su_visible()) ++ if (d_is_su(nd->path.dentry) && !su_visible()) { ++ path_put(&nd->path); + err = -ENOENT; ++ } + } + } + diff --git a/Patches/Linux_CVEs/LVT-2017-0002/3.10/1.patch.base64 b/Patches/Linux_CVEs/LVT-2017-0002/3.10/1.patch.base64 new file mode 100644 index 00000000..a5ef0584 --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0002/3.10/1.patch.base64 @@ -0,0 +1 @@ +RnJvbSBmZDQ5NGI1YTRkYTVkYzJlMzMyYjhiNzQ4MDk2MDUwOTA0NmM3YjJlIE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBUb20gTWFyc2hhbGwgPHRkbS5jb2RlQGdtYWlsLmNvbT4KRGF0ZTogRnJpLCAxOSBNYXkgMjAxNyAxODoyNDowNCArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGtlcm5lbDogRml4IHBvdGVudGlhbCByZWZjb3VudCBsZWFrIGluIHN1IGNoZWNrCgpDaGFuZ2UtSWQ6IEk3ZTFlY2I3OGJmYzk1MWJmNjQ1YTE0NjI5ODhkY2Q5M2M0MjQ3YTliCi0tLQoKZGlmZiAtLWdpdCBhL2ZzL25hbWVpLmMgYi9mcy9uYW1laS5jCmluZGV4IGE1MjQ1NmMuLjQwNGI2MWMgMTAwNjQ0Ci0tLSBhL2ZzL25hbWVpLmMKKysrIGIvZnMvbmFtZWkuYwpAQCAtMjAwMyw4ICsyMDAzLDEwIEBACiAJaWYgKCFlcnIpIHsKIAkJc3RydWN0IHN1cGVyX2Jsb2NrICpzYiA9IG5kLT5pbm9kZS0+aV9zYjsKIAkJaWYgKHNiLT5zX2ZsYWdzICYgTVNfUkRPTkxZKSB7Ci0JCQlpZiAoZF9pc19zdShuZC0+cGF0aC5kZW50cnkpICYmICFzdV92aXNpYmxlKCkpCisJCQlpZiAoZF9pc19zdShuZC0+cGF0aC5kZW50cnkpICYmICFzdV92aXNpYmxlKCkpIHsKKwkJCQlwYXRoX3B1dCgmbmQtPnBhdGgpOwogCQkJCWVyciA9IC1FTk9FTlQ7CisJCQl9CiAJCX0KIAl9CiAK \ No newline at end of file diff --git a/Patches/Linux_CVEs/LVT-2017-0002/3.18/2.patch b/Patches/Linux_CVEs/LVT-2017-0002/3.18/2.patch new file mode 100644 index 00000000..a78a9950 --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0002/3.18/2.patch @@ -0,0 +1,24 @@ +From 3a4bd3fb9eb3db4ccb8103ba37ea5082836dba36 Mon Sep 17 00:00:00 2001 +From: Tom Marshall +Date: Thu, 18 May 2017 23:50:22 +0000 +Subject: [PATCH] kernel: Fix potential refcount leak in su check + +Change-Id: I8d2c8bed65a01eb0928308df638a04449a5bd881 +--- + +diff --git a/fs/namei.c b/fs/namei.c +index e07a2dc..f588830 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -2028,8 +2028,10 @@ + if (!err) { + struct super_block *sb = nd->inode->i_sb; + if (sb->s_flags & MS_RDONLY) { +- if (d_is_su(nd->path.dentry) && !su_visible()) ++ if (d_is_su(nd->path.dentry) && !su_visible()) { ++ path_put(&nd->path); + err = -ENOENT; ++ } + } + } + diff --git a/Patches/Linux_CVEs/LVT-2017-0002/3.18/2.patch.base64 b/Patches/Linux_CVEs/LVT-2017-0002/3.18/2.patch.base64 new file mode 100644 index 00000000..bec6be8b --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0002/3.18/2.patch.base64 @@ -0,0 +1 @@ +RnJvbSAzYTRiZDNmYjllYjNkYjRjY2I4MTAzYmEzN2VhNTA4MjgzNmRiYTM2IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBUb20gTWFyc2hhbGwgPHRkbS5jb2RlQGdtYWlsLmNvbT4KRGF0ZTogVGh1LCAxOCBNYXkgMjAxNyAyMzo1MDoyMiArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGtlcm5lbDogRml4IHBvdGVudGlhbCByZWZjb3VudCBsZWFrIGluIHN1IGNoZWNrCgpDaGFuZ2UtSWQ6IEk4ZDJjOGJlZDY1YTAxZWIwOTI4MzA4ZGY2MzhhMDQ0NDlhNWJkODgxCi0tLQoKZGlmZiAtLWdpdCBhL2ZzL25hbWVpLmMgYi9mcy9uYW1laS5jCmluZGV4IGUwN2EyZGMuLmY1ODg4MzAgMTAwNjQ0Ci0tLSBhL2ZzL25hbWVpLmMKKysrIGIvZnMvbmFtZWkuYwpAQCAtMjAyOCw4ICsyMDI4LDEwIEBACiAJaWYgKCFlcnIpIHsKIAkJc3RydWN0IHN1cGVyX2Jsb2NrICpzYiA9IG5kLT5pbm9kZS0+aV9zYjsKIAkJaWYgKHNiLT5zX2ZsYWdzICYgTVNfUkRPTkxZKSB7Ci0JCQlpZiAoZF9pc19zdShuZC0+cGF0aC5kZW50cnkpICYmICFzdV92aXNpYmxlKCkpCisJCQlpZiAoZF9pc19zdShuZC0+cGF0aC5kZW50cnkpICYmICFzdV92aXNpYmxlKCkpIHsKKwkJCQlwYXRoX3B1dCgmbmQtPnBhdGgpOwogCQkJCWVyciA9IC1FTk9FTlQ7CisJCQl9CiAJCX0KIAl9CiAK \ No newline at end of file diff --git a/Patches/Linux_CVEs/LVT-2017-0002/3.4/0.patch b/Patches/Linux_CVEs/LVT-2017-0002/3.4/0.patch new file mode 100644 index 00000000..7339ec8b --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0002/3.4/0.patch @@ -0,0 +1,24 @@ +From 0f29566b5fad388cc4a07402f9651d86f1fe2b45 Mon Sep 17 00:00:00 2001 +From: Tom Marshall +Date: Fri, 19 May 2017 18:24:49 +0000 +Subject: [PATCH] kernel: Fix potential refcount leak in su check + +Change-Id: I3d241ae805ba708c18bccfd5e5d6cdcc8a5bc1c8 +--- + +diff --git a/fs/namei.c b/fs/namei.c +index 414fc51..689339e 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -1803,8 +1803,10 @@ + if (!err) { + struct super_block *sb = nd->inode->i_sb; + if (sb->s_flags & MS_RDONLY) { +- if (d_is_su(nd->path.dentry) && !su_visible()) ++ if (d_is_su(nd->path.dentry) && !su_visible()) { ++ path_put(&nd->path); + err = -ENOENT; ++ } + } + } + diff --git a/Patches/Linux_CVEs/LVT-2017-0002/3.4/0.patch.base64 b/Patches/Linux_CVEs/LVT-2017-0002/3.4/0.patch.base64 new file mode 100644 index 00000000..5f3cf1a0 --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0002/3.4/0.patch.base64 @@ -0,0 +1 @@ +RnJvbSAwZjI5NTY2YjVmYWQzODhjYzRhMDc0MDJmOTY1MWQ4NmYxZmUyYjQ1IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBUb20gTWFyc2hhbGwgPHRkbS5jb2RlQGdtYWlsLmNvbT4KRGF0ZTogRnJpLCAxOSBNYXkgMjAxNyAxODoyNDo0OSArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGtlcm5lbDogRml4IHBvdGVudGlhbCByZWZjb3VudCBsZWFrIGluIHN1IGNoZWNrCgpDaGFuZ2UtSWQ6IEkzZDI0MWFlODA1YmE3MDhjMThiY2NmZDVlNWQ2Y2RjYzhhNWJjMWM4Ci0tLQoKZGlmZiAtLWdpdCBhL2ZzL25hbWVpLmMgYi9mcy9uYW1laS5jCmluZGV4IDQxNGZjNTEuLjY4OTMzOWUgMTAwNjQ0Ci0tLSBhL2ZzL25hbWVpLmMKKysrIGIvZnMvbmFtZWkuYwpAQCAtMTgwMyw4ICsxODAzLDEwIEBACiAJaWYgKCFlcnIpIHsKIAkJc3RydWN0IHN1cGVyX2Jsb2NrICpzYiA9IG5kLT5pbm9kZS0+aV9zYjsKIAkJaWYgKHNiLT5zX2ZsYWdzICYgTVNfUkRPTkxZKSB7Ci0JCQlpZiAoZF9pc19zdShuZC0+cGF0aC5kZW50cnkpICYmICFzdV92aXNpYmxlKCkpCisJCQlpZiAoZF9pc19zdShuZC0+cGF0aC5kZW50cnkpICYmICFzdV92aXNpYmxlKCkpIHsKKwkJCQlwYXRoX3B1dCgmbmQtPnBhdGgpOwogCQkJCWVyciA9IC1FTk9FTlQ7CisJCQl9CiAJCX0KIAl9CiAK \ No newline at end of file diff --git a/Patches/Linux_CVEs/LVT-2017-0003/3.10/0.patch b/Patches/Linux_CVEs/LVT-2017-0003/3.10/0.patch new file mode 100644 index 00000000..acc38862 --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0003/3.10/0.patch @@ -0,0 +1,26 @@ +From 984ee30b63ad26f934cb67ef280200fc161583c1 Mon Sep 17 00:00:00 2001 +From: Alberto97 +Date: Tue, 23 May 2017 21:47:00 +0200 +Subject: [PATCH] Fix "hide su" patch for 3.10 + +Without this, "ls system/xbin" returns "ls: system/xbin/su: No such file or directory" +if root is disabled in Developer Settings. +This happens because EXT4 uses "readdir" instead of "iterate". +3.18 kernel, instead, unconditionally goes for the "iterate" way here +and that explains why I'm not seeing this error there. + +Change-Id: I26426683df0fd199a80f053294f352e31754bec5 +--- + +diff --git a/fs/readdir.c b/fs/readdir.c +index d52d18d..e1b7e19 100644 +--- a/fs/readdir.c ++++ b/fs/readdir.c +@@ -43,6 +43,7 @@ + res = file->f_op->iterate(file, ctx); + file->f_pos = ctx->pos; + } else { ++ ctx->romnt = (inode->i_sb->s_flags & MS_RDONLY); + res = file->f_op->readdir(file, ctx, ctx->actor); + ctx->pos = file->f_pos; + } diff --git a/Patches/Linux_CVEs/LVT-2017-0003/3.10/0.patch.base64 b/Patches/Linux_CVEs/LVT-2017-0003/3.10/0.patch.base64 new file mode 100644 index 00000000..fdb05285 --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0003/3.10/0.patch.base64 @@ -0,0 +1 @@ +RnJvbSA5ODRlZTMwYjYzYWQyNmY5MzRjYjY3ZWYyODAyMDBmYzE2MTU4M2MxIE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbGJlcnRvOTcgPGFsYmVydG9wMjE5N0BnbWFpbC5jb20+CkRhdGU6IFR1ZSwgMjMgTWF5IDIwMTcgMjE6NDc6MDAgKzAyMDAKU3ViamVjdDogW1BBVENIXSBGaXggImhpZGUgc3UiIHBhdGNoIGZvciAzLjEwCgpXaXRob3V0IHRoaXMsICJscyBzeXN0ZW0veGJpbiIgcmV0dXJucyAibHM6IHN5c3RlbS94YmluL3N1OiBObyBzdWNoIGZpbGUgb3IgZGlyZWN0b3J5IgppZiByb290IGlzIGRpc2FibGVkIGluIERldmVsb3BlciBTZXR0aW5ncy4KVGhpcyBoYXBwZW5zIGJlY2F1c2UgRVhUNCB1c2VzICJyZWFkZGlyIiBpbnN0ZWFkIG9mICJpdGVyYXRlIi4KMy4xOCBrZXJuZWwsIGluc3RlYWQsIHVuY29uZGl0aW9uYWxseSBnb2VzIGZvciB0aGUgIml0ZXJhdGUiIHdheSBoZXJlCmFuZCB0aGF0IGV4cGxhaW5zIHdoeSBJJ20gbm90IHNlZWluZyB0aGlzIGVycm9yIHRoZXJlLgoKQ2hhbmdlLUlkOiBJMjY0MjY2ODNkZjBmZDE5OWE4MGYwNTMyOTRmMzUyZTMxNzU0YmVjNQotLS0KCmRpZmYgLS1naXQgYS9mcy9yZWFkZGlyLmMgYi9mcy9yZWFkZGlyLmMKaW5kZXggZDUyZDE4ZC4uZTFiN2UxOSAxMDA2NDQKLS0tIGEvZnMvcmVhZGRpci5jCisrKyBiL2ZzL3JlYWRkaXIuYwpAQCAtNDMsNiArNDMsNyBAQAogCQkJcmVzID0gZmlsZS0+Zl9vcC0+aXRlcmF0ZShmaWxlLCBjdHgpOwogCQkJZmlsZS0+Zl9wb3MgPSBjdHgtPnBvczsKIAkJfSBlbHNlIHsKKwkJCWN0eC0+cm9tbnQgPSAoaW5vZGUtPmlfc2ItPnNfZmxhZ3MgJiBNU19SRE9OTFkpOwogCQkJcmVzID0gZmlsZS0+Zl9vcC0+cmVhZGRpcihmaWxlLCBjdHgsIGN0eC0+YWN0b3IpOwogCQkJY3R4LT5wb3MgPSBmaWxlLT5mX3BvczsKIAkJfQo= \ No newline at end of file diff --git a/Patches/Linux_CVEs/LVT-2017-0004/3.10/1.patch b/Patches/Linux_CVEs/LVT-2017-0004/3.10/1.patch new file mode 100644 index 00000000..ec67f66e --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0004/3.10/1.patch @@ -0,0 +1,50 @@ +From 9b854303a58e8e0f4d9c40010fc88d5c280706d9 Mon Sep 17 00:00:00 2001 +From: Andrea Arcangeli +Date: Tue, 25 Jul 2017 22:22:45 +0200 +Subject: [PATCH] fs/exec: fix use after free in execve + +"file" can be already freed if bprm->file is NULL after +search_binary_handler() return. binfmt_script will do exactly that for +example. If the VM reuses the file after fput run(), this will result in +a use ater free. + +So obtain d_is_su before search_binary_handler() runs. + +This should explain this crash: + +[25333.009554] Unable to handle kernel NULL pointer dereference at virtual address 00000185 +[..] +[25333.009918] [2: am:21861] PC is at do_execve+0x354/0x474 + +Change-Id: I2a8a814d1c0aa75625be83cb30432cf13f1a0681 +Signed-off-by: Kevin F. Haggerty +--- + +diff --git a/fs/exec.c b/fs/exec.c +index 0ca8cba..c98c680 100644 +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -1490,6 +1490,7 @@ + bool clear_in_exec; + int retval; + const struct cred *cred = current_cred(); ++ bool is_su; + + /* + * We move the actual failure in case of RLIMIT_NPROC excess from +@@ -1566,11 +1567,14 @@ + if (retval < 0) + goto out; + ++ /* search_binary_handler can release file and it may be freed */ ++ is_su = d_is_su(file->f_dentry); ++ + retval = search_binary_handler(bprm); + if (retval < 0) + goto out; + +- if (d_is_su(file->f_dentry) && capable(CAP_SYS_ADMIN)) { ++ if (is_su && capable(CAP_SYS_ADMIN)) { + current->flags |= PF_SU; + su_exec(); + } diff --git a/Patches/Linux_CVEs/LVT-2017-0004/3.10/1.patch.base64 b/Patches/Linux_CVEs/LVT-2017-0004/3.10/1.patch.base64 new file mode 100644 index 00000000..52b53994 --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0004/3.10/1.patch.base64 @@ -0,0 +1 @@ +RnJvbSA5Yjg1NDMwM2E1OGU4ZTBmNGQ5YzQwMDEwZmM4OGQ1YzI4MDcwNmQ5IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbmRyZWEgQXJjYW5nZWxpIDxhbmRyZWFAY3B1c2hhcmUuY29tPgpEYXRlOiBUdWUsIDI1IEp1bCAyMDE3IDIyOjIyOjQ1ICswMjAwClN1YmplY3Q6IFtQQVRDSF0gZnMvZXhlYzogZml4IHVzZSBhZnRlciBmcmVlIGluIGV4ZWN2ZQoKImZpbGUiIGNhbiBiZSBhbHJlYWR5IGZyZWVkIGlmIGJwcm0tPmZpbGUgaXMgTlVMTCBhZnRlcgpzZWFyY2hfYmluYXJ5X2hhbmRsZXIoKSByZXR1cm4uIGJpbmZtdF9zY3JpcHQgd2lsbCBkbyBleGFjdGx5IHRoYXQgZm9yCmV4YW1wbGUuIElmIHRoZSBWTSByZXVzZXMgdGhlIGZpbGUgYWZ0ZXIgZnB1dCBydW4oKSwgdGhpcyB3aWxsIHJlc3VsdCBpbgphIHVzZSBhdGVyIGZyZWUuCgpTbyBvYnRhaW4gZF9pc19zdSBiZWZvcmUgc2VhcmNoX2JpbmFyeV9oYW5kbGVyKCkgcnVucy4KClRoaXMgc2hvdWxkIGV4cGxhaW4gdGhpcyBjcmFzaDoKClsyNTMzMy4wMDk1NTRdIFVuYWJsZSB0byBoYW5kbGUga2VybmVsIE5VTEwgcG9pbnRlciBkZXJlZmVyZW5jZSBhdCB2aXJ0dWFsIGFkZHJlc3MgMDAwMDAxODUKWy4uXQpbMjUzMzMuMDA5OTE4XSBbMjogICAgICAgICAgICAgYW06MjE4NjFdIFBDIGlzIGF0IGRvX2V4ZWN2ZSsweDM1NC8weDQ3NAoKQ2hhbmdlLUlkOiBJMmE4YTgxNGQxYzBhYTc1NjI1YmU4M2NiMzA0MzJjZjEzZjFhMDY4MQpTaWduZWQtb2ZmLWJ5OiBLZXZpbiBGLiBIYWdnZXJ0eSA8aGFnZ2VydGtAbGluZWFnZW9zLm9yZz4KLS0tCgpkaWZmIC0tZ2l0IGEvZnMvZXhlYy5jIGIvZnMvZXhlYy5jCmluZGV4IDBjYThjYmEuLmM5OGM2ODAgMTAwNjQ0Ci0tLSBhL2ZzL2V4ZWMuYworKysgYi9mcy9leGVjLmMKQEAgLTE0OTAsNiArMTQ5MCw3IEBACiAJYm9vbCBjbGVhcl9pbl9leGVjOwogCWludCByZXR2YWw7CiAJY29uc3Qgc3RydWN0IGNyZWQgKmNyZWQgPSBjdXJyZW50X2NyZWQoKTsKKwlib29sIGlzX3N1OwogCiAJLyoKIAkgKiBXZSBtb3ZlIHRoZSBhY3R1YWwgZmFpbHVyZSBpbiBjYXNlIG9mIFJMSU1JVF9OUFJPQyBleGNlc3MgZnJvbQpAQCAtMTU2NiwxMSArMTU2NywxNCBAQAogCWlmIChyZXR2YWwgPCAwKQogCQlnb3RvIG91dDsKIAorCS8qIHNlYXJjaF9iaW5hcnlfaGFuZGxlciBjYW4gcmVsZWFzZSBmaWxlIGFuZCBpdCBtYXkgYmUgZnJlZWQgKi8KKwlpc19zdSA9IGRfaXNfc3UoZmlsZS0+Zl9kZW50cnkpOworCiAJcmV0dmFsID0gc2VhcmNoX2JpbmFyeV9oYW5kbGVyKGJwcm0pOwogCWlmIChyZXR2YWwgPCAwKQogCQlnb3RvIG91dDsKIAotCWlmIChkX2lzX3N1KGZpbGUtPmZfZGVudHJ5KSAmJiBjYXBhYmxlKENBUF9TWVNfQURNSU4pKSB7CisJaWYgKGlzX3N1ICYmIGNhcGFibGUoQ0FQX1NZU19BRE1JTikpIHsKIAkJY3VycmVudC0+ZmxhZ3MgfD0gUEZfU1U7CiAJCXN1X2V4ZWMoKTsKIAl9Cg== \ No newline at end of file diff --git a/Patches/Linux_CVEs/LVT-2017-0004/3.18/2.patch b/Patches/Linux_CVEs/LVT-2017-0004/3.18/2.patch new file mode 100644 index 00000000..67b5cbd0 --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0004/3.18/2.patch @@ -0,0 +1,50 @@ +From 988e4530c2ce74a789c7cba210520d78b9a10132 Mon Sep 17 00:00:00 2001 +From: Andrea Arcangeli +Date: Tue, 25 Jul 2017 22:22:45 +0200 +Subject: [PATCH] fs/exec: fix use after free in execve + +"file" can be already freed if bprm->file is NULL after +exec_binprm() return. binfmt_script will do exactly that for +example. If the VM reuses the file after fput run(), this will result in +a use ater free. + +So obtain d_is_su before exec_binprm() runs. + +This should explain this crash: + +[25333.009554] Unable to handle kernel NULL pointer dereference at virtual address 00000185 +[..] +[25333.009918] [2: am:21861] PC is at do_execve+0x354/0x474 + +Change-Id: I2a8a814d1c0aa75625be83cb30432cf13f1a0681 +Signed-off-by: Kevin F. Haggerty +--- + +diff --git a/fs/exec.c b/fs/exec.c +index 1838704..69b0dbd 100644 +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -1458,6 +1458,7 @@ + struct file *file; + struct files_struct *displaced; + int retval; ++ bool is_su; + + if (IS_ERR(filename)) + return PTR_ERR(filename); +@@ -1533,11 +1534,14 @@ + if (retval < 0) + goto out; + ++ /* search_binary_handler can release file and it may be freed */ ++ is_su = d_is_su(file->f_dentry); ++ + retval = exec_binprm(bprm); + if (retval < 0) + goto out; + +- if (d_is_su(file->f_dentry) && capable(CAP_SYS_ADMIN)) { ++ if (is_su && capable(CAP_SYS_ADMIN)) { + current->flags |= PF_SU; + su_exec(); + } diff --git a/Patches/Linux_CVEs/LVT-2017-0004/3.18/2.patch.base64 b/Patches/Linux_CVEs/LVT-2017-0004/3.18/2.patch.base64 new file mode 100644 index 00000000..90170977 --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0004/3.18/2.patch.base64 @@ -0,0 +1 @@ +RnJvbSA5ODhlNDUzMGMyY2U3NGE3ODljN2NiYTIxMDUyMGQ3OGI5YTEwMTMyIE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbmRyZWEgQXJjYW5nZWxpIDxhbmRyZWFAY3B1c2hhcmUuY29tPgpEYXRlOiBUdWUsIDI1IEp1bCAyMDE3IDIyOjIyOjQ1ICswMjAwClN1YmplY3Q6IFtQQVRDSF0gZnMvZXhlYzogZml4IHVzZSBhZnRlciBmcmVlIGluIGV4ZWN2ZQoKImZpbGUiIGNhbiBiZSBhbHJlYWR5IGZyZWVkIGlmIGJwcm0tPmZpbGUgaXMgTlVMTCBhZnRlcgpleGVjX2JpbnBybSgpIHJldHVybi4gYmluZm10X3NjcmlwdCB3aWxsIGRvIGV4YWN0bHkgdGhhdCBmb3IKZXhhbXBsZS4gSWYgdGhlIFZNIHJldXNlcyB0aGUgZmlsZSBhZnRlciBmcHV0IHJ1bigpLCB0aGlzIHdpbGwgcmVzdWx0IGluCmEgdXNlIGF0ZXIgZnJlZS4KClNvIG9idGFpbiBkX2lzX3N1IGJlZm9yZSBleGVjX2JpbnBybSgpIHJ1bnMuCgpUaGlzIHNob3VsZCBleHBsYWluIHRoaXMgY3Jhc2g6CgpbMjUzMzMuMDA5NTU0XSBVbmFibGUgdG8gaGFuZGxlIGtlcm5lbCBOVUxMIHBvaW50ZXIgZGVyZWZlcmVuY2UgYXQgdmlydHVhbCBhZGRyZXNzIDAwMDAwMTg1ClsuLl0KWzI1MzMzLjAwOTkxOF0gWzI6ICAgICAgICAgICAgIGFtOjIxODYxXSBQQyBpcyBhdCBkb19leGVjdmUrMHgzNTQvMHg0NzQKCkNoYW5nZS1JZDogSTJhOGE4MTRkMWMwYWE3NTYyNWJlODNjYjMwNDMyY2YxM2YxYTA2ODEKU2lnbmVkLW9mZi1ieTogS2V2aW4gRi4gSGFnZ2VydHkgPGhhZ2dlcnRrQGxpbmVhZ2Vvcy5vcmc+Ci0tLQoKZGlmZiAtLWdpdCBhL2ZzL2V4ZWMuYyBiL2ZzL2V4ZWMuYwppbmRleCAxODM4NzA0Li42OWIwZGJkIDEwMDY0NAotLS0gYS9mcy9leGVjLmMKKysrIGIvZnMvZXhlYy5jCkBAIC0xNDU4LDYgKzE0NTgsNyBAQAogCXN0cnVjdCBmaWxlICpmaWxlOwogCXN0cnVjdCBmaWxlc19zdHJ1Y3QgKmRpc3BsYWNlZDsKIAlpbnQgcmV0dmFsOworCWJvb2wgaXNfc3U7CiAKIAlpZiAoSVNfRVJSKGZpbGVuYW1lKSkKIAkJcmV0dXJuIFBUUl9FUlIoZmlsZW5hbWUpOwpAQCAtMTUzMywxMSArMTUzNCwxNCBAQAogCWlmIChyZXR2YWwgPCAwKQogCQlnb3RvIG91dDsKIAorCS8qIHNlYXJjaF9iaW5hcnlfaGFuZGxlciBjYW4gcmVsZWFzZSBmaWxlIGFuZCBpdCBtYXkgYmUgZnJlZWQgKi8KKwlpc19zdSA9IGRfaXNfc3UoZmlsZS0+Zl9kZW50cnkpOworCiAJcmV0dmFsID0gZXhlY19iaW5wcm0oYnBybSk7CiAJaWYgKHJldHZhbCA8IDApCiAJCWdvdG8gb3V0OwogCi0JaWYgKGRfaXNfc3UoZmlsZS0+Zl9kZW50cnkpICYmIGNhcGFibGUoQ0FQX1NZU19BRE1JTikpIHsKKwlpZiAoaXNfc3UgJiYgY2FwYWJsZShDQVBfU1lTX0FETUlOKSkgewogCQljdXJyZW50LT5mbGFncyB8PSBQRl9TVTsKIAkJc3VfZXhlYygpOwogCX0K \ No newline at end of file diff --git a/Patches/Linux_CVEs/LVT-2017-0004/3.4/0.patch b/Patches/Linux_CVEs/LVT-2017-0004/3.4/0.patch new file mode 100644 index 00000000..10acfdee --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0004/3.4/0.patch @@ -0,0 +1,50 @@ +From be1421e7f5948f7c9f7ff351ec47c19da7498686 Mon Sep 17 00:00:00 2001 +From: Andrea Arcangeli +Date: Tue, 25 Jul 2017 22:22:45 +0200 +Subject: [PATCH] fs/exec: fix use after free in execve + +"file" can be already freed if bprm->file is NULL after +search_binary_handler() return. binfmt_script will do exactly that for +example. If the VM reuses the file after fput run(), this will result in +a use ater free. + +So obtain d_is_su before search_binary_handler() runs. + +This should explain this crash: + +[25333.009554] Unable to handle kernel NULL pointer dereference at virtual address 00000185 +[..] +[25333.009918] [2: am:21861] PC is at do_execve+0x354/0x474 + +Change-Id: I2a8a814d1c0aa75625be83cb30432cf13f1a0681 +Signed-off-by: Kevin F. Haggerty +--- + +diff --git a/fs/exec.c b/fs/exec.c +index 73e9bd4..5d2a2f0 100644 +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -1511,6 +1511,7 @@ + bool clear_in_exec; + int retval; + const struct cred *cred = current_cred(); ++ bool is_su; + + /* + * We move the actual failure in case of RLIMIT_NPROC excess from +@@ -1587,11 +1588,14 @@ + if (retval < 0) + goto out; + ++ /* search_binary_handler can release file and it may be freed */ ++ is_su = d_is_su(file->f_dentry); ++ + retval = search_binary_handler(bprm,regs); + if (retval < 0) + goto out; + +- if (d_is_su(file->f_dentry) && capable(CAP_SYS_ADMIN)) { ++ if (is_su && capable(CAP_SYS_ADMIN)) { + current->flags |= PF_SU; + su_exec(); + } diff --git a/Patches/Linux_CVEs/LVT-2017-0004/3.4/0.patch.base64 b/Patches/Linux_CVEs/LVT-2017-0004/3.4/0.patch.base64 new file mode 100644 index 00000000..01239c3d --- /dev/null +++ b/Patches/Linux_CVEs/LVT-2017-0004/3.4/0.patch.base64 @@ -0,0 +1 @@ +RnJvbSBiZTE0MjFlN2Y1OTQ4ZjdjOWY3ZmYzNTFlYzQ3YzE5ZGE3NDk4Njg2IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbmRyZWEgQXJjYW5nZWxpIDxhbmRyZWFAY3B1c2hhcmUuY29tPgpEYXRlOiBUdWUsIDI1IEp1bCAyMDE3IDIyOjIyOjQ1ICswMjAwClN1YmplY3Q6IFtQQVRDSF0gZnMvZXhlYzogZml4IHVzZSBhZnRlciBmcmVlIGluIGV4ZWN2ZQoKImZpbGUiIGNhbiBiZSBhbHJlYWR5IGZyZWVkIGlmIGJwcm0tPmZpbGUgaXMgTlVMTCBhZnRlcgpzZWFyY2hfYmluYXJ5X2hhbmRsZXIoKSByZXR1cm4uIGJpbmZtdF9zY3JpcHQgd2lsbCBkbyBleGFjdGx5IHRoYXQgZm9yCmV4YW1wbGUuIElmIHRoZSBWTSByZXVzZXMgdGhlIGZpbGUgYWZ0ZXIgZnB1dCBydW4oKSwgdGhpcyB3aWxsIHJlc3VsdCBpbgphIHVzZSBhdGVyIGZyZWUuCgpTbyBvYnRhaW4gZF9pc19zdSBiZWZvcmUgc2VhcmNoX2JpbmFyeV9oYW5kbGVyKCkgcnVucy4KClRoaXMgc2hvdWxkIGV4cGxhaW4gdGhpcyBjcmFzaDoKClsyNTMzMy4wMDk1NTRdIFVuYWJsZSB0byBoYW5kbGUga2VybmVsIE5VTEwgcG9pbnRlciBkZXJlZmVyZW5jZSBhdCB2aXJ0dWFsIGFkZHJlc3MgMDAwMDAxODUKWy4uXQpbMjUzMzMuMDA5OTE4XSBbMjogICAgICAgICAgICAgYW06MjE4NjFdIFBDIGlzIGF0IGRvX2V4ZWN2ZSsweDM1NC8weDQ3NAoKQ2hhbmdlLUlkOiBJMmE4YTgxNGQxYzBhYTc1NjI1YmU4M2NiMzA0MzJjZjEzZjFhMDY4MQpTaWduZWQtb2ZmLWJ5OiBLZXZpbiBGLiBIYWdnZXJ0eSA8aGFnZ2VydGtAbGluZWFnZW9zLm9yZz4KLS0tCgpkaWZmIC0tZ2l0IGEvZnMvZXhlYy5jIGIvZnMvZXhlYy5jCmluZGV4IDczZTliZDQuLjVkMmEyZjAgMTAwNjQ0Ci0tLSBhL2ZzL2V4ZWMuYworKysgYi9mcy9leGVjLmMKQEAgLTE1MTEsNiArMTUxMSw3IEBACiAJYm9vbCBjbGVhcl9pbl9leGVjOwogCWludCByZXR2YWw7CiAJY29uc3Qgc3RydWN0IGNyZWQgKmNyZWQgPSBjdXJyZW50X2NyZWQoKTsKKwlib29sIGlzX3N1OwogCiAJLyoKIAkgKiBXZSBtb3ZlIHRoZSBhY3R1YWwgZmFpbHVyZSBpbiBjYXNlIG9mIFJMSU1JVF9OUFJPQyBleGNlc3MgZnJvbQpAQCAtMTU4NywxMSArMTU4OCwxNCBAQAogCWlmIChyZXR2YWwgPCAwKQogCQlnb3RvIG91dDsKIAorCS8qIHNlYXJjaF9iaW5hcnlfaGFuZGxlciBjYW4gcmVsZWFzZSBmaWxlIGFuZCBpdCBtYXkgYmUgZnJlZWQgKi8KKwlpc19zdSA9IGRfaXNfc3UoZmlsZS0+Zl9kZW50cnkpOworCiAJcmV0dmFsID0gc2VhcmNoX2JpbmFyeV9oYW5kbGVyKGJwcm0scmVncyk7CiAJaWYgKHJldHZhbCA8IDApCiAJCWdvdG8gb3V0OwogCi0JaWYgKGRfaXNfc3UoZmlsZS0+Zl9kZW50cnkpICYmIGNhcGFibGUoQ0FQX1NZU19BRE1JTikpIHsKKwlpZiAoaXNfc3UgJiYgY2FwYWJsZShDQVBfU1lTX0FETUlOKSkgewogCQljdXJyZW50LT5mbGFncyB8PSBQRl9TVTsKIAkJc3VfZXhlYygpOwogCX0K \ No newline at end of file diff --git a/Scripts/LineageOS-14.1/00init.sh b/Scripts/LineageOS-14.1/00init.sh index 87d0c678..b04b48dc 100644 --- a/Scripts/LineageOS-14.1/00init.sh +++ b/Scripts/LineageOS-14.1/00init.sh @@ -8,7 +8,7 @@ export base; patches="/mnt/Drive-1/Development/Other/Android_ROMs/Patches/LineageOS-14.1/"; export patches; -cvePatches="/mnt/Drive-1/Development/Other/Android_ROMs/Patches/Linux_CVEs-New/"; +cvePatches="/mnt/Drive-1/Development/Other/Android_ROMs/Patches/Linux_CVEs/"; export cvePatches; scripts="/mnt/Drive-1/Development/Other/Android_ROMs/Scripts/LineageOS-14.1/";