Blame SOURCES/CVE-2021-33909.patch

fcbf4e
From: Joe Lawrence <joe.lawrence@redhat.com>
fcbf4e
Date: Tue,  6 Jul 2021 13:18:44 -0400
fcbf4e
Subject: [kernel team] [EMBARGOED KPATCH 7.9] seq_file: kpatch fix for
fcbf4e
	CVE-2021-33909
fcbf4e
fcbf4e
Kernels:
fcbf4e
3.10.0-1160.el7
fcbf4e
3.10.0-1160.2.1.el7
fcbf4e
3.10.0-1160.2.2.el7
fcbf4e
3.10.0-1160.6.1.el7
fcbf4e
3.10.0-1160.11.1.el7
fcbf4e
3.10.0-1160.15.2.el7
fcbf4e
3.10.0-1160.21.1.el7
fcbf4e
3.10.0-1160.24.1.el7
fcbf4e
3.10.0-1160.25.1.el7
fcbf4e
3.10.0-1160.31.1.el7
fcbf4e
fcbf4e
Changes since last build:
fcbf4e
arches: x86_64 ppc64le
fcbf4e
seq_file.o: changed function: seq_read
fcbf4e
seq_file.o: changed function: single_open_size
fcbf4e
seq_file.o: changed function: traverse
fcbf4e
---------------------------
fcbf4e
fcbf4e
Kernels:
fcbf4e
3.10.0-1160.el7
fcbf4e
3.10.0-1160.2.1.el7
fcbf4e
3.10.0-1160.2.2.el7
fcbf4e
3.10.0-1160.6.1.el7
fcbf4e
3.10.0-1160.11.1.el7
fcbf4e
3.10.0-1160.15.2.el7
fcbf4e
3.10.0-1160.21.1.el7
fcbf4e
3.10.0-1160.24.1.el7
fcbf4e
3.10.0-1160.25.1.el7
fcbf4e
3.10.0-1160.31.1.el7
fcbf4e
fcbf4e
Modifications:
fcbf4e
- inline PAGE_CACHE_SHIFT rather than including linux/pagemap.h and
fcbf4e
  fighting kABI fallout (and potentially more inadvertent changes)
fcbf4e
fcbf4e
commit 1236d5dd5b9f13ccbb44979a5652a4b137b968a4
fcbf4e
Author: Ian Kent <ikent@redhat.com>
fcbf4e
Date:   Thu Jul 1 09:13:59 2021 +0800
fcbf4e
fcbf4e
    seq_file: Disallow extremely large seq buffer allocations
fcbf4e
fcbf4e
    Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1975251
fcbf4e
fcbf4e
    Brew build: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=37832573
fcbf4e
fcbf4e
    Testing: The patch has been tested by Qualys and it has been
fcbf4e
             confirmed the patch fixes the problem.
fcbf4e
fcbf4e
    Upstream status: RHEL only (CVE-2021-33909)
fcbf4e
fcbf4e
    Conflicts: include/fs.h uses PAGE_CACHE_SHIFT in the definition of
fcbf4e
      MAX_RW_COUNT which isn't defined in fs/seq_file.c and including
fcbf4e
      linux/pagemap.h breaks kabi (since it makes kabi aware of additional
fcbf4e
      structs) even though there are no changes to any structures. So the
fcbf4e
      include needs to be added and excluded from the kabi calculation.
fcbf4e
fcbf4e
    Author: Eric Sandeen <sandeen@redhat.com>
fcbf4e
fcbf4e
    seq_file: Disallow extremely large seq buffer allocations
fcbf4e
fcbf4e
    There is no reasonable need for a buffer larger than this,
fcbf4e
    and it avoids int overflow pitfalls.
fcbf4e
fcbf4e
    Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
fcbf4e
    Signed-off-by: Eric Sandeen <sandeen@redhat.com>
fcbf4e
fcbf4e
    Signed-off-by: Ian Kent <ikent@redhat.com>
fcbf4e
fcbf4e
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
fcbf4e
Acked-by: Artem Savkov <asavkov@redhat.com>
fcbf4e
Acked-by: Yannick Cote <ycote@redhat.com>
fcbf4e
---
fcbf4e
fcbf4e
Z-MR: https://gitlab.com/redhat/prdsc/rhel/src/kernel-private/rhel-7/-/merge_requests/7
fcbf4e
fcbf4e
KT0 test PASS: https://beaker.engineering.redhat.com/jobs/5525685
fcbf4e
for kpatch-patch-3_10_0-1160-1-7.el7 scratch build:
fcbf4e
https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=37846414
fcbf4e
fcbf4e
 fs/seq_file.c | 23 +++++++++++++++++++++++
fcbf4e
 1 file changed, 23 insertions(+)
fcbf4e
fcbf4e
diff --git a/fs/seq_file.c b/fs/seq_file.c
fcbf4e
index bc7a9ec855aa..daef8f4bdbd0 100644
fcbf4e
--- a/fs/seq_file.c
fcbf4e
+++ b/fs/seq_file.c
fcbf4e
@@ -5,6 +5,26 @@
fcbf4e
  * initial implementation -- AV, Oct 2001.
fcbf4e
  */
fcbf4e
 
fcbf4e
+/* inline linux/pagemap.h :: PAGE_CACHE_MASK and dependency values */
fcbf4e
+
fcbf4e
+/* arch/x86/include/asm/page_types.h */
fcbf4e
+#ifdef __x86_64__
fcbf4e
+# define PAGE_CACHE_MASK	(~((1UL << 12)-1))
fcbf4e
+#endif
fcbf4e
+
fcbf4e
+/* arch/powerpc/include/asm/page.h */
fcbf4e
+#ifdef __powerpc64__
fcbf4e
+# if defined(CONFIG_PPC_256K_PAGES)
fcbf4e
+#  define PAGE_CACHE_MASK	(~((1 << 18) - 1))
fcbf4e
+# elif defined(CONFIG_PPC_64K_PAGES)
fcbf4e
+#  define PAGE_CACHE_MASK	(~((1 << 16) - 1))
fcbf4e
+# elif defined(CONFIG_PPC_16K_PAGES)
fcbf4e
+#  define PAGE_CACHE_MASK	(~((1 << 14) - 1))
fcbf4e
+# else
fcbf4e
+#  define PAGE_CACHE_MASK	(~((1 << 12) - 1))
fcbf4e
+# endif
fcbf4e
+#endif
fcbf4e
+
fcbf4e
 #include <linux/fs.h>
fcbf4e
 #include <linux/export.h>
fcbf4e
 #include <linux/seq_file.h>
fcbf4e
@@ -26,6 +46,9 @@ static void seq_set_overflow(struct seq_file *m)
fcbf4e
 
fcbf4e
 static void *seq_buf_alloc(unsigned long size)
fcbf4e
 {
fcbf4e
+	if (unlikely(size > MAX_RW_COUNT))
fcbf4e
+		return NULL;
fcbf4e
+
fcbf4e
 	return kvmalloc(size, GFP_KERNEL);
fcbf4e
 }
fcbf4e
 
fcbf4e
-- 
fcbf4e
2.26.3
fcbf4e
fcbf4e