|
|
fcbf4e |
From: Joe Lawrence <joe.lawrence@redhat.com>
|
|
|
fcbf4e |
Date: Tue, 6 Jul 2021 13:18:44 -0400
|
|
|
fcbf4e |
Subject: [kernel team] [EMBARGOED KPATCH 7.9] seq_file: kpatch fix for
|
|
|
fcbf4e |
CVE-2021-33909
|
|
|
fcbf4e |
|
|
|
fcbf4e |
Kernels:
|
|
|
fcbf4e |
3.10.0-1160.el7
|
|
|
fcbf4e |
3.10.0-1160.2.1.el7
|
|
|
fcbf4e |
3.10.0-1160.2.2.el7
|
|
|
fcbf4e |
3.10.0-1160.6.1.el7
|
|
|
fcbf4e |
3.10.0-1160.11.1.el7
|
|
|
fcbf4e |
3.10.0-1160.15.2.el7
|
|
|
fcbf4e |
3.10.0-1160.21.1.el7
|
|
|
fcbf4e |
3.10.0-1160.24.1.el7
|
|
|
fcbf4e |
3.10.0-1160.25.1.el7
|
|
|
fcbf4e |
3.10.0-1160.31.1.el7
|
|
|
fcbf4e |
|
|
|
fcbf4e |
Changes since last build:
|
|
|
fcbf4e |
arches: x86_64 ppc64le
|
|
|
fcbf4e |
seq_file.o: changed function: seq_read
|
|
|
fcbf4e |
seq_file.o: changed function: single_open_size
|
|
|
fcbf4e |
seq_file.o: changed function: traverse
|
|
|
fcbf4e |
---------------------------
|
|
|
fcbf4e |
|
|
|
fcbf4e |
Kernels:
|
|
|
fcbf4e |
3.10.0-1160.el7
|
|
|
fcbf4e |
3.10.0-1160.2.1.el7
|
|
|
fcbf4e |
3.10.0-1160.2.2.el7
|
|
|
fcbf4e |
3.10.0-1160.6.1.el7
|
|
|
fcbf4e |
3.10.0-1160.11.1.el7
|
|
|
fcbf4e |
3.10.0-1160.15.2.el7
|
|
|
fcbf4e |
3.10.0-1160.21.1.el7
|
|
|
fcbf4e |
3.10.0-1160.24.1.el7
|
|
|
fcbf4e |
3.10.0-1160.25.1.el7
|
|
|
fcbf4e |
3.10.0-1160.31.1.el7
|
|
|
fcbf4e |
|
|
|
fcbf4e |
Modifications:
|
|
|
fcbf4e |
- inline PAGE_CACHE_SHIFT rather than including linux/pagemap.h and
|
|
|
fcbf4e |
fighting kABI fallout (and potentially more inadvertent changes)
|
|
|
fcbf4e |
|
|
|
fcbf4e |
commit 1236d5dd5b9f13ccbb44979a5652a4b137b968a4
|
|
|
fcbf4e |
Author: Ian Kent <ikent@redhat.com>
|
|
|
fcbf4e |
Date: Thu Jul 1 09:13:59 2021 +0800
|
|
|
fcbf4e |
|
|
|
fcbf4e |
seq_file: Disallow extremely large seq buffer allocations
|
|
|
fcbf4e |
|
|
|
fcbf4e |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1975251
|
|
|
fcbf4e |
|
|
|
fcbf4e |
Brew build: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=37832573
|
|
|
fcbf4e |
|
|
|
fcbf4e |
Testing: The patch has been tested by Qualys and it has been
|
|
|
fcbf4e |
confirmed the patch fixes the problem.
|
|
|
fcbf4e |
|
|
|
fcbf4e |
Upstream status: RHEL only (CVE-2021-33909)
|
|
|
fcbf4e |
|
|
|
fcbf4e |
Conflicts: include/fs.h uses PAGE_CACHE_SHIFT in the definition of
|
|
|
fcbf4e |
MAX_RW_COUNT which isn't defined in fs/seq_file.c and including
|
|
|
fcbf4e |
linux/pagemap.h breaks kabi (since it makes kabi aware of additional
|
|
|
fcbf4e |
structs) even though there are no changes to any structures. So the
|
|
|
fcbf4e |
include needs to be added and excluded from the kabi calculation.
|
|
|
fcbf4e |
|
|
|
fcbf4e |
Author: Eric Sandeen <sandeen@redhat.com>
|
|
|
fcbf4e |
|
|
|
fcbf4e |
seq_file: Disallow extremely large seq buffer allocations
|
|
|
fcbf4e |
|
|
|
fcbf4e |
There is no reasonable need for a buffer larger than this,
|
|
|
fcbf4e |
and it avoids int overflow pitfalls.
|
|
|
fcbf4e |
|
|
|
fcbf4e |
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
|
|
|
fcbf4e |
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
|
|
|
fcbf4e |
|
|
|
fcbf4e |
Signed-off-by: Ian Kent <ikent@redhat.com>
|
|
|
fcbf4e |
|
|
|
fcbf4e |
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
|
|
|
fcbf4e |
Acked-by: Artem Savkov <asavkov@redhat.com>
|
|
|
fcbf4e |
Acked-by: Yannick Cote <ycote@redhat.com>
|
|
|
fcbf4e |
---
|
|
|
fcbf4e |
|
|
|
fcbf4e |
Z-MR: https://gitlab.com/redhat/prdsc/rhel/src/kernel-private/rhel-7/-/merge_requests/7
|
|
|
fcbf4e |
|
|
|
fcbf4e |
KT0 test PASS: https://beaker.engineering.redhat.com/jobs/5525685
|
|
|
fcbf4e |
for kpatch-patch-3_10_0-1160-1-7.el7 scratch build:
|
|
|
fcbf4e |
https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=37846414
|
|
|
fcbf4e |
|
|
|
fcbf4e |
fs/seq_file.c | 23 +++++++++++++++++++++++
|
|
|
fcbf4e |
1 file changed, 23 insertions(+)
|
|
|
fcbf4e |
|
|
|
fcbf4e |
diff --git a/fs/seq_file.c b/fs/seq_file.c
|
|
|
fcbf4e |
index bc7a9ec855aa..daef8f4bdbd0 100644
|
|
|
fcbf4e |
--- a/fs/seq_file.c
|
|
|
fcbf4e |
+++ b/fs/seq_file.c
|
|
|
fcbf4e |
@@ -5,6 +5,26 @@
|
|
|
fcbf4e |
* initial implementation -- AV, Oct 2001.
|
|
|
fcbf4e |
*/
|
|
|
fcbf4e |
|
|
|
fcbf4e |
+/* inline linux/pagemap.h :: PAGE_CACHE_MASK and dependency values */
|
|
|
fcbf4e |
+
|
|
|
fcbf4e |
+/* arch/x86/include/asm/page_types.h */
|
|
|
fcbf4e |
+#ifdef __x86_64__
|
|
|
fcbf4e |
+# define PAGE_CACHE_MASK (~((1UL << 12)-1))
|
|
|
fcbf4e |
+#endif
|
|
|
fcbf4e |
+
|
|
|
fcbf4e |
+/* arch/powerpc/include/asm/page.h */
|
|
|
fcbf4e |
+#ifdef __powerpc64__
|
|
|
fcbf4e |
+# if defined(CONFIG_PPC_256K_PAGES)
|
|
|
fcbf4e |
+# define PAGE_CACHE_MASK (~((1 << 18) - 1))
|
|
|
fcbf4e |
+# elif defined(CONFIG_PPC_64K_PAGES)
|
|
|
fcbf4e |
+# define PAGE_CACHE_MASK (~((1 << 16) - 1))
|
|
|
fcbf4e |
+# elif defined(CONFIG_PPC_16K_PAGES)
|
|
|
fcbf4e |
+# define PAGE_CACHE_MASK (~((1 << 14) - 1))
|
|
|
fcbf4e |
+# else
|
|
|
fcbf4e |
+# define PAGE_CACHE_MASK (~((1 << 12) - 1))
|
|
|
fcbf4e |
+# endif
|
|
|
fcbf4e |
+#endif
|
|
|
fcbf4e |
+
|
|
|
fcbf4e |
#include <linux/fs.h>
|
|
|
fcbf4e |
#include <linux/export.h>
|
|
|
fcbf4e |
#include <linux/seq_file.h>
|
|
|
fcbf4e |
@@ -26,6 +46,9 @@ static void seq_set_overflow(struct seq_file *m)
|
|
|
fcbf4e |
|
|
|
fcbf4e |
static void *seq_buf_alloc(unsigned long size)
|
|
|
fcbf4e |
{
|
|
|
fcbf4e |
+ if (unlikely(size > MAX_RW_COUNT))
|
|
|
fcbf4e |
+ return NULL;
|
|
|
fcbf4e |
+
|
|
|
fcbf4e |
return kvmalloc(size, GFP_KERNEL);
|
|
|
fcbf4e |
}
|
|
|
fcbf4e |
|
|
|
fcbf4e |
--
|
|
|
fcbf4e |
2.26.3
|
|
|
fcbf4e |
|
|
|
fcbf4e |
|