Overhaul CVE patches

2025-09-28 14:39:33 -04:00 · 2017-10-29 14:23:02 -04:00 · 2017-10-29 14:23:02 -04:00 · 92a0187dfb
commit 92a0187dfb
parent ce59045163
907 changed files with 301921 additions and 3819 deletions
--- a/Patches/Linux_CVEs-New/CVE-2014-9803/ANY/0.patch
+++ b/Patches/Linux_CVEs-New/CVE-2014-9803/ANY/0.patch
@ -0,0 +1,70 @@
+From 5a0fdfada3a2aa50d7b947a2e958bf00cbe0d830 Mon Sep 17 00:00:00 2001
+From: Catalin Marinas <catalin.marinas@arm.com>
+Date: Fri, 16 May 2014 16:44:32 +0100
+Subject: Revert "arm64: Introduce execute-only page access permissions"
+
+This reverts commit bc07c2c6e9ed125d362af0214b6313dca180cb08.
+
+While the aim is increased security for --x memory maps, it does not
+protect against kernel level reads. Until SECCOMP is implemented for
+arm64, revert this patch to avoid giving a false idea of execute-only
+mappings.
+
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+---
+ arch/arm64/include/asm/pgtable.h | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+(limited to 'arch/arm64/include/asm/pgtable.h')
+
+diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
+index e4c60d6..aa150ed 100644
+--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
+@@ -86,13 +86,12 @@ extern void __pgd_error(const char *file, int line, unsigned long val);
+ #define PAGE_COPY_EXEC		__pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN)
+ #define PAGE_READONLY		__pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN)
+ #define PAGE_READONLY_EXEC	__pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN)
+-#define PAGE_EXECONLY		__pgprot(_PAGE_DEFAULT | PTE_NG | PTE_PXN)
+ 
+ #define __P000  PAGE_NONE
+ #define __P001  PAGE_READONLY
+ #define __P010  PAGE_COPY
+ #define __P011  PAGE_COPY
+-#define __P100  PAGE_EXECONLY
+#define __P100  PAGE_READONLY_EXEC
+ #define __P101  PAGE_READONLY_EXEC
+ #define __P110  PAGE_COPY_EXEC
+ #define __P111  PAGE_COPY_EXEC
+@@ -101,7 +100,7 @@ extern void __pgd_error(const char *file, int line, unsigned long val);
+ #define __S001  PAGE_READONLY
+ #define __S010  PAGE_SHARED
+ #define __S011  PAGE_SHARED
+-#define __S100  PAGE_EXECONLY
+#define __S100  PAGE_READONLY_EXEC
+ #define __S101  PAGE_READONLY_EXEC
+ #define __S110  PAGE_SHARED_EXEC
+ #define __S111  PAGE_SHARED_EXEC
+@@ -137,8 +136,8 @@ extern struct page *empty_zero_page;
+ #define pte_write(pte)		(!!(pte_val(pte) & PTE_WRITE))
+ #define pte_exec(pte)		(!(pte_val(pte) & PTE_UXN))
+ 
+-#define pte_valid_ng(pte) \
+-	((pte_val(pte) & (PTE_VALID | PTE_NG)) == (PTE_VALID | PTE_NG))
+#define pte_valid_user(pte) \
+	((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER))
+ 
+ static inline pte_t pte_wrprotect(pte_t pte)
+ {
+@@ -192,7 +191,7 @@ extern void __sync_icache_dcache(pte_t pteval, unsigned long addr);
+ static inline void set_pte_at(struct mm_struct *mm, unsigned long addr,
+ 			      pte_t *ptep, pte_t pte)
+ {
+-	if (pte_valid_ng(pte)) {
+	if (pte_valid_user(pte)) {
+ 		if (!pte_special(pte) && pte_exec(pte))
+ 			__sync_icache_dcache(pte, addr);
+ 		if (pte_dirty(pte) && pte_write(pte))
+-- 
+cgit v1.1
+