DivestOS/Patches/Linux_CVEs/CVE-2016-6728/0.patch

48 lines
1.6 KiB
Diff

From 37b3cefe6c01bed2e048d7a42b1c4021f4ba279d Mon Sep 17 00:00:00 2001
From: Liam Mark <lmark@codeaurora.org>
Date: Wed, 12 Oct 2016 14:22:56 -0700
Subject: ion: disable system contig heap
A malicious application can take advantage of the ION contig heap to
create a specific memory chunk size to exercise a rowhammer attack on the
physical hardware.
So remove support for the ION contig heap.
Change-Id: I9cb454cebb74df291479cecc3533d2c684363f77
Signed-off-by: Liam Mark <lmark@codeaurora.org>
Signed-off-by: Prakash Gupta <guptap@codeaurora.org>
Signed-off-by: Meghana Ashok <meghanaa@codeaurora.org>
---
drivers/gpu/ion/ion_heap.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/ion/ion_heap.c b/drivers/gpu/ion/ion_heap.c
index 98c1a8c..061e22a 100644
--- a/drivers/gpu/ion/ion_heap.c
+++ b/drivers/gpu/ion/ion_heap.c
@@ -26,8 +26,9 @@ struct ion_heap *ion_heap_create(struct ion_platform_heap *heap_data)
switch ((int) heap_data->type) {
case ION_HEAP_TYPE_SYSTEM_CONTIG:
- heap = ion_system_contig_heap_create(heap_data);
- break;
+ pr_err("%s: Heap type is disabled: %d\n", __func__,
+ heap_data->type);
+ return ERR_PTR(-EINVAL);
case ION_HEAP_TYPE_SYSTEM:
heap = ion_system_heap_create(heap_data);
break;
@@ -71,7 +72,8 @@ void ion_heap_destroy(struct ion_heap *heap)
switch ((int) heap->type) {
case ION_HEAP_TYPE_SYSTEM_CONTIG:
- ion_system_contig_heap_destroy(heap);
+ pr_err("%s: Heap type is disabled: %d\n", __func__,
+ heap->type);
break;
case ION_HEAP_TYPE_SYSTEM:
ion_system_heap_destroy(heap);
--
cgit v1.1