Browse code
Kernels: Fix for CVE-2018-12233
A vulnerability was found in JFS file system
and the fix for this vulnerability has been
backported to kernel version 4.9.118
Change-Id: I5bb0759af875ee3d2385c9702bb604ae520c477e
Signed-off-by: srinidhira0 <srinidhir@vmware.com>
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5470
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Srivatsa S. Bhat <srivatsab@vmware.com>
srinidhira0 authored on 2018/08/09 21:32:01Showing 5 changed files
- SPECS/linux/0001-jfs-Fix-inconsistency-between-memory-allocation-and-ea_buf_maxsize.patch
- SPECS/linux/linux-aws.spec
- SPECS/linux/linux-esx.spec
- SPECS/linux/linux-secure.spec
- SPECS/linux/linux.spec
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,48 @@ |
| 0 |
+commit 92d34134193e5b129dc24f8d79cb9196626e8d7a Mon Sep 17 00:00:00 2001 |
|
| 1 |
+ |
|
| 2 |
+Author: Shankara Pailoor <shankarapailoor@gmail.com> |
|
| 3 |
+Date: Tue, 5 Jun 2018 08:33:27 -0500 |
|
| 4 |
+Subject: [PATCH] jfs: Fix inconsistency between memory allocation and |
|
| 5 |
+ ea_buf->max_size |
|
| 6 |
+ |
|
| 7 |
+The code is assuming the buffer is max_size length, but we weren't |
|
| 8 |
+allocating enough space for it. |
|
| 9 |
+ |
|
| 10 |
+Signed-off-by: Shankara Pailoor <shankarapailoor@gmail.com> |
|
| 11 |
+Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com> |
|
| 12 |
+ |
|
| 13 |
+[ Srinidhi Rao : Backported this change to 4.9 ] |
|
| 14 |
+Signed-off-by: srinidhira0 <srinidhir@vmware.com> |
|
| 15 |
+--- |
|
| 16 |
+ fs/jfs/xattr.c | 10 ++++++---- |
|
| 17 |
+ 1 file changed, 6 insertions(+), 4 deletions(-) |
|
| 18 |
+ |
|
| 19 |
+diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c |
|
| 20 |
+index c60f3d3..a679798 100644 |
|
| 21 |
+--- a/fs/jfs/xattr.c |
|
| 22 |
+@@ -491,15 +491,17 @@ static int ea_get(struct inode *inode, struct ea_buffer *ea_buf, int min_size) |
|
| 23 |
+ if (size > PSIZE) {
|
|
| 24 |
+ /* |
|
| 25 |
+ * To keep the rest of the code simple. Allocate a |
|
| 26 |
+- * contiguous buffer to work with |
|
| 27 |
++ * contiguous buffer to work with. Make the buffer large |
|
| 28 |
++ * enough to make use of the whole extent. |
|
| 29 |
+ */ |
|
| 30 |
+- ea_buf->xattr = kmalloc(size, GFP_KERNEL); |
|
| 31 |
++ ea_buf->max_size = (size + sb->s_blocksize - 1) & |
|
| 32 |
++ ~(sb->s_blocksize - 1); |
|
| 33 |
++ |
|
| 34 |
++ ea_buf->xattr = kmalloc(ea_buf->max_size, GFP_KERNEL); |
|
| 35 |
+ if (ea_buf->xattr == NULL) |
|
| 36 |
+ return -ENOMEM; |
|
| 37 |
+ |
|
| 38 |
+ ea_buf->flag = EA_MALLOC; |
|
| 39 |
+- ea_buf->max_size = (size + sb->s_blocksize - 1) & |
|
| 40 |
+- ~(sb->s_blocksize - 1); |
|
| 41 |
+ |
|
| 42 |
+ if (ea_size == 0) |
|
| 43 |
+ return 0; |
|
| 44 |
+-- |
|
| 45 |
+2.7.4 |
|
| 46 |
+ |
| ... | ... |
@@ -2,7 +2,7 @@ |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-aws |
| 4 | 4 |
Version: 4.9.118 |
| 5 |
-Release: 1%{?kat_build:.%kat_build}%{?dist}
|
|
| 5 |
+Release: 2%{?kat_build:.%kat_build}%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| ... | ... |
@@ -65,6 +65,8 @@ Patch45: 0001-xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch |
| 65 | 65 |
Patch46: 0001-xfs-move-inode-fork-verifiers-to-xfs-dinode-verify.patch |
| 66 | 66 |
Patch47: 0002-xfs-verify-dinode-header-first.patch |
| 67 | 67 |
Patch48: 0003-xfs-enhance-dinode-verifier.patch |
| 68 |
+# Fix for CVE-2018-12233 |
|
| 69 |
+Patch49: 0001-jfs-Fix-inconsistency-between-memory-allocation-and-ea_buf_maxsize.patch |
|
| 68 | 70 |
|
| 69 | 71 |
Patch70: 0001-fork-unconditionally-clear-stack-on-fork.patch |
| 70 | 72 |
|
| ... | ... |
@@ -233,6 +235,7 @@ This package contains the 'perf' performance analysis tools for Linux kernel. |
| 233 | 233 |
%patch46 -p1 |
| 234 | 234 |
%patch47 -p1 |
| 235 | 235 |
%patch48 -p1 |
| 236 |
+%patch49 -p1 |
|
| 236 | 237 |
|
| 237 | 238 |
%patch70 -p1 |
| 238 | 239 |
|
| ... | ... |
@@ -444,6 +447,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
|
| 444 | 444 |
/usr/share/doc/* |
| 445 | 445 |
|
| 446 | 446 |
%changelog |
| 447 |
+* Thu Aug 09 2018 Srinidhi Rao <srinidhir@vmware.com> 4.9.118-2 |
|
| 448 |
+- Fix CVE-2018-12233 |
|
| 447 | 449 |
* Tue Aug 07 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.118-1 |
| 448 | 450 |
- Update to version 4.9.118 |
| 449 | 451 |
* Mon Jul 30 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.116-1 |
| ... | ... |
@@ -2,7 +2,7 @@ |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-esx |
| 4 | 4 |
Version: 4.9.118 |
| 5 |
-Release: 1%{?dist}
|
|
| 5 |
+Release: 2%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| ... | ... |
@@ -62,6 +62,8 @@ Patch45: 0001-xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch |
| 62 | 62 |
Patch46: 0001-xfs-move-inode-fork-verifiers-to-xfs-dinode-verify.patch |
| 63 | 63 |
Patch47: 0002-xfs-verify-dinode-header-first.patch |
| 64 | 64 |
Patch48: 0003-xfs-enhance-dinode-verifier.patch |
| 65 |
+# Fix for CVE-2018-12233 |
|
| 66 |
+Patch49: 0001-jfs-Fix-inconsistency-between-memory-allocation-and-ea_buf_maxsize.patch |
|
| 65 | 67 |
|
| 66 | 68 |
Patch70: 0001-fork-unconditionally-clear-stack-on-fork.patch |
| 67 | 69 |
|
| ... | ... |
@@ -143,6 +145,7 @@ The Linux package contains the Linux kernel doc files |
| 143 | 143 |
%patch46 -p1 |
| 144 | 144 |
%patch47 -p1 |
| 145 | 145 |
%patch48 -p1 |
| 146 |
+%patch49 -p1 |
|
| 146 | 147 |
|
| 147 | 148 |
%patch70 -p1 |
| 148 | 149 |
|
| ... | ... |
@@ -241,6 +244,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
|
| 241 | 241 |
/usr/src/linux-headers-%{uname_r}
|
| 242 | 242 |
|
| 243 | 243 |
%changelog |
| 244 |
+* Thu Aug 09 2018 Srinidhi Rao <srinidhir@vmware.com> 4.9.118-2 |
|
| 245 |
+- Fix CVE-2018-12233 |
|
| 244 | 246 |
* Tue Aug 07 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.118-1 |
| 245 | 247 |
- Update to version 4.9.118 |
| 246 | 248 |
* Mon Jul 30 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.116-1 |
| ... | ... |
@@ -2,7 +2,7 @@ |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-secure |
| 4 | 4 |
Version: 4.9.118 |
| 5 |
-Release: 1%{?kat_build:.%kat_build}%{?dist}
|
|
| 5 |
+Release: 2%{?kat_build:.%kat_build}%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| ... | ... |
@@ -71,6 +71,8 @@ Patch47: 0001-xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch |
| 71 | 71 |
Patch48: 0001-xfs-move-inode-fork-verifiers-to-xfs-dinode-verify.patch |
| 72 | 72 |
Patch49: 0002-xfs-verify-dinode-header-first.patch |
| 73 | 73 |
Patch50: 0003-xfs-enhance-dinode-verifier.patch |
| 74 |
+# Fix for CVE-2018-12233 |
|
| 75 |
+Patch51: 0001-jfs-Fix-inconsistency-between-memory-allocation-and-ea_buf_maxsize.patch |
|
| 74 | 76 |
|
| 75 | 77 |
Patch70: 0001-fork-unconditionally-clear-stack-on-fork.patch |
| 76 | 78 |
|
| ... | ... |
@@ -199,6 +201,7 @@ EOF |
| 199 | 199 |
%patch48 -p1 |
| 200 | 200 |
%patch49 -p1 |
| 201 | 201 |
%patch50 -p1 |
| 202 |
+%patch51 -p1 |
|
| 202 | 203 |
|
| 203 | 204 |
%patch70 -p1 |
| 204 | 205 |
|
| ... | ... |
@@ -336,6 +339,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
|
| 336 | 336 |
/usr/src/linux-headers-%{uname_r}
|
| 337 | 337 |
|
| 338 | 338 |
%changelog |
| 339 |
+* Thu Aug 09 2018 Srinidhi Rao <srinidhir@vmware.com> 4.9.118-2 |
|
| 340 |
+- Fix CVE-2018-12233 |
|
| 339 | 341 |
* Tue Aug 07 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.118-1 |
| 340 | 342 |
- Update to version 4.9.118 |
| 341 | 343 |
* Mon Jul 30 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.116-1 |
| ... | ... |
@@ -2,7 +2,7 @@ |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux |
| 4 | 4 |
Version: 4.9.118 |
| 5 |
-Release: 1%{?kat_build:.%kat_build}%{?dist}
|
|
| 5 |
+Release: 2%{?kat_build:.%kat_build}%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| ... | ... |
@@ -70,6 +70,8 @@ Patch45: 0001-xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch |
| 70 | 70 |
Patch46: 0001-xfs-move-inode-fork-verifiers-to-xfs-dinode-verify.patch |
| 71 | 71 |
Patch47: 0002-xfs-verify-dinode-header-first.patch |
| 72 | 72 |
Patch48: 0003-xfs-enhance-dinode-verifier.patch |
| 73 |
+# Fix for CVE-2018-12233 |
|
| 74 |
+Patch49: 0001-jfs-Fix-inconsistency-between-memory-allocation-and-ea_buf_maxsize.patch |
|
| 73 | 75 |
|
| 74 | 76 |
Patch70: 0001-fork-unconditionally-clear-stack-on-fork.patch |
| 75 | 77 |
|
| ... | ... |
@@ -191,6 +193,7 @@ This package contains the 'perf' performance analysis tools for Linux kernel. |
| 191 | 191 |
%patch46 -p1 |
| 192 | 192 |
%patch47 -p1 |
| 193 | 193 |
%patch48 -p1 |
| 194 |
+%patch49 -p1 |
|
| 194 | 195 |
|
| 195 | 196 |
%patch70 -p1 |
| 196 | 197 |
|
| ... | ... |
@@ -367,6 +370,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
|
| 367 | 367 |
/usr/share/doc/* |
| 368 | 368 |
|
| 369 | 369 |
%changelog |
| 370 |
+* Thu Aug 09 2018 Srinidhi Rao <srinidhir@vmware.com> 4.9.118-2 |
|
| 371 |
+- Fix CVE-2018-12233 |
|
| 370 | 372 |
* Tue Aug 07 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.118-1 |
| 371 | 373 |
- Update to version 4.9.118 |
| 372 | 374 |
* Mon Jul 30 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.116-1 |