Update Linux CVE patches

Patches/Linux_CVEs/CVE-2017-0510/3.4/3.patch

@@ -0,0 +1,213 @@
+From faca1e5a1ca8f637ac0c213094159ea4fae059f9 Mon Sep 17 00:00:00 2001
+From: Mark Salyzyn <salyzyn@google.com>
+Date: Tue, 20 Dec 2016 15:59:19 -0800
+Subject: [PATCH] BACKPORT: fiq_debugger: restrict access to critical commands.
+
+Sysrq must be enabled via /proc/sys/kernel/sysrq as a security
+measure to enable various critical fiq debugger commands that
+either leak information or can be used as a system attack.
+
+Default disabled, this will leave the reboot, reset, irqs, sleep,
+nosleep, console and ps commands.  Reboot and reset commands
+will be restricted from taking any parameters.  We will also
+switch to showing the limited command set in this mode.
+
+Signed-off-by: Mark Salyzyn <salyzyn@google.com>
+Bug: 32402555
+[d-cagle@codeaurora.org: Resolve merge conflict]
+Git-repo: https://android.googlesource.com/kernel/msm
+Git-commit: 1031836c0895f1f5a05c25efec83bfa11aa08ca9
+Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>
+
+Backport reference:
+ * Adapted for arch/arm/common/fiq_debugger.c
+ * Adapt to the old use of debug_printf
+
+Change-Id: I0a6aecd9b3d5bd62db06beac76682349854198d7
+Signed-off-by: Adrian DC <radian.dc@gmail.com>
+---
+
+diff --git a/arch/arm/common/fiq_debugger.c b/arch/arm/common/fiq_debugger.c
+index 518b4b5..5e0e3ed 100644
+--- a/arch/arm/common/fiq_debugger.c
++++ b/arch/arm/common/fiq_debugger.c
+@@ -30,6 +30,7 @@
+ #include <linux/sched.h>
+ #include <linux/slab.h>
+ #include <linux/smp.h>
++#include <linux/sysrq.h>
+ #include <linux/timer.h>
+ #include <linux/tty.h>
+ #include <linux/tty_flip.h>
+@@ -580,12 +581,13 @@
+ 		cmd += 6;
+ 		while (*cmd == ' ')
+ 			cmd++;
+-		if (cmd != '\0')
++		if ((cmd != '\0') && sysrq_on())
+ 			kernel_restart(cmd);
+ 		else
+ 			kernel_restart(NULL);
+ 	} else {
+-		debug_printf(state, "unknown work command '%s'\n", work_cmd);
++		debug_printf(state, "unknown work command '%s'\n",
++				work_cmd);
+ 	}
+ }
+ 
+@@ -608,26 +610,40 @@
+ 
+ static void debug_help(struct fiq_debugger_state *state)
+ {
+-	debug_printf(state,	"FIQ Debugger commands:\n"
+-				" pc            PC status\n"
+-				" regs          Register dump\n"
+-				" allregs       Extended Register dump\n"
+-				" bt            Stack trace\n"
+-				" reboot [<c>]  Reboot with command <c>\n"
+-				" reset [<c>]   Hard reset with command <c>\n"
+-				" irqs          Interupt status\n"
+-				" kmsg          Kernel log\n"
+-				" version       Kernel version\n");
+-	debug_printf(state,	" sleep         Allow sleep while in FIQ\n"
+-				" nosleep       Disable sleep while in FIQ\n"
+-				" console       Switch terminal to console\n"
+-				" cpu           Current CPU\n"
+-				" cpu <number>  Switch to CPU<number>\n");
+-	debug_printf(state,	" ps            Process list\n"
+-				" sysrq         sysrq options\n"
+-				" sysrq <param> Execute sysrq with <param>\n");
++	debug_printf(state,
++			"FIQ Debugger commands:\n");
++	if (sysrq_on()) {
++		debug_printf(state,
++			" pc            PC status\n"
++			" regs          Register dump\n"
++			" allregs       Extended Register dump\n"
++			" bt            Stack trace\n");
++		debug_printf(state,
++			" reboot [<c>]  Reboot with command <c>\n"
++			" reset [<c>]   Hard reset with command <c>\n"
++			" irqs          Interrupt status\n"
++			" kmsg          Kernel log\n"
++			" version       Kernel version\n");
++		debug_printf(state,
++			" cpu           Current CPU\n"
++			" cpu <number>  Switch to CPU<number>\n"
++			" sysrq         sysrq options\n"
++			" sysrq <param> Execute sysrq with <param>\n");
++	} else {
++		debug_printf(state,
++			" reboot        Reboot\n"
++			" reset         Hard reset\n"
++			" irqs          Interrupt status\n");
++	}
++	debug_printf(state,
++			" sleep         Allow sleep while in FIQ\n"
++			" nosleep       Disable sleep while in FIQ\n"
++			" console       Switch terminal to console\n"
++			" ps            Process list\n");
+ #ifdef CONFIG_KGDB
+-	debug_printf(state,	" kgdb          Enter kernel debugger\n");
++	if (fiq_kgdb_enable) {
++		debug_printf(state,
++			" kgdb          Enter kernel debugger\n");
+ #endif
+ }
+ 
+@@ -657,19 +673,24 @@
+ 	if (!strcmp(cmd, "help") || !strcmp(cmd, "?")) {
+ 		debug_help(state);
+ 	} else if (!strcmp(cmd, "pc")) {
+-		debug_printf(state, " pc %08x cpsr %08x mode %s\n",
+-			regs[15], regs[16], mode_name(regs[16]));
++		if (sysrq_on())
++			debug_printf(state, " pc %08x cpsr %08x mode %s\n",
++				regs[15], regs[16], mode_name(regs[16]));
+ 	} else if (!strcmp(cmd, "regs")) {
+-		dump_regs(state, regs);
++		if (sysrq_on())
++			dump_regs(state, regs);
+ 	} else if (!strcmp(cmd, "allregs")) {
+-		dump_allregs(state, regs);
++		if (sysrq_on())
++			dump_allregs(state, regs);
+ 	} else if (!strcmp(cmd, "bt")) {
+-		dump_stacktrace(state, (struct pt_regs *)regs, 100, svc_sp);
++		if (sysrq_on())
++			dump_stacktrace(state, (struct pt_regs *)regs,
++					100, svc_sp);
+ 	} else if (!strncmp(cmd, "reset", 5)) {
+ 		cmd += 5;
+ 		while (*cmd == ' ')
+ 			cmd++;
+-		if (*cmd) {
++		if (*cmd && sysrq_on()) {
+ 			char tmp_cmd[32];
+ 			strlcpy(tmp_cmd, cmd, sizeof(tmp_cmd));
+ 			machine_restart(tmp_cmd);
+@@ -679,9 +700,12 @@
+ 	} else if (!strcmp(cmd, "irqs")) {
+ 		dump_irqs(state);
+ 	} else if (!strcmp(cmd, "kmsg")) {
+-		dump_kernel_log(state);
++		if (sysrq_on())
++			dump_kernel_log(state);
+ 	} else if (!strcmp(cmd, "version")) {
+-		debug_printf(state, "%s\n", linux_banner);
++		if (sysrq_on())
++			debug_printf(state, "%s\n",
++					linux_banner);
+ 	} else if (!strcmp(cmd, "sleep")) {
+ 		state->no_sleep = false;
+ 		debug_printf(state, "enabling sleep\n");
+@@ -693,14 +717,17 @@
+ 		debug_uart_flush(state);
+ 		state->console_enable = true;
+ 	} else if (!strcmp(cmd, "cpu")) {
+-		debug_printf(state, "cpu %d\n", state->current_cpu);
+-	} else if (!strncmp(cmd, "cpu ", 4)) {
++		if (sysrq_on())
++			debug_printf(state, "cpu %d\n",
++					state->current_cpu);
++	} else if (!strncmp(cmd, "cpu ", 4) && sysrq_on()) {
+ 		unsigned long cpu = 0;
+ 		if (strict_strtoul(cmd + 4, 10, &cpu) == 0)
+ 			switch_cpu(state, cpu);
+ 		else
+ 			debug_printf(state, "invalid cpu\n");
+-		debug_printf(state, "cpu %d\n", state->current_cpu);
++		debug_printf(state, "cpu %d\n",
++				    state->current_cpu);
+ 	} else {
+ 		if (state->debug_busy) {
+ 			debug_printf(state,
+diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
+index 05728894..6efbfb7 100644
+--- a/drivers/tty/sysrq.c
++++ b/drivers/tty/sysrq.c
+@@ -49,10 +49,11 @@
+ static int __read_mostly sysrq_enabled = SYSRQ_DEFAULT_ENABLE;
+ static bool __read_mostly sysrq_always_enabled;
+ 
+-static bool sysrq_on(void)
++bool sysrq_on(void)
+ {
+ 	return sysrq_enabled || sysrq_always_enabled;
+ }
++EXPORT_SYMBOL(sysrq_on);
+ 
+ /*
+  * A value of 1 means 'all', other nonzero values are an op mask:
+diff --git a/include/linux/sysrq.h b/include/linux/sysrq.h
+index 7faf933..5a0bd93 100644
+--- a/include/linux/sysrq.h
++++ b/include/linux/sysrq.h
+@@ -45,6 +45,7 @@
+  * are available -- else NULL's).
+  */
+ 
++bool sysrq_on(void);
+ void handle_sysrq(int key);
+ void __handle_sysrq(int key, bool check_mask);
+ int register_sysrq_key(int key, struct sysrq_key_op *op);