Linux v4.8.13
This commit is contained in:
parent
0f9843549d
commit
23b914572b
|
@ -0,0 +1,42 @@
|
|||
From a0ac402cfcdc904f9772e1762b3fda112dcc56a0 Mon Sep 17 00:00:00 2001
|
||||
From: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Date: Tue, 6 Dec 2016 16:18:14 -0800
|
||||
Subject: [PATCH] Don't feed anything but regular iovec's to
|
||||
blk_rq_map_user_iov
|
||||
|
||||
In theory we could map other things, but there's a reason that function
|
||||
is called "user_iov". Using anything else (like splice can do) just
|
||||
confuses it.
|
||||
|
||||
Reported-and-tested-by: Johannes Thumshirn <jthumshirn@suse.de>
|
||||
Cc: Al Viro <viro@ZenIV.linux.org.uk>
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
---
|
||||
block/blk-map.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/block/blk-map.c b/block/blk-map.c
|
||||
index b8657fa..27fd8d92 100644
|
||||
--- a/block/blk-map.c
|
||||
+++ b/block/blk-map.c
|
||||
@@ -118,6 +118,9 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq,
|
||||
struct iov_iter i;
|
||||
int ret;
|
||||
|
||||
+ if (!iter_is_iovec(iter))
|
||||
+ goto fail;
|
||||
+
|
||||
if (map_data)
|
||||
copy = true;
|
||||
else if (iov_iter_alignment(iter) & align)
|
||||
@@ -140,6 +143,7 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq,
|
||||
|
||||
unmap_rq:
|
||||
__blk_rq_unmap_user(bio);
|
||||
+fail:
|
||||
rq->bio = NULL;
|
||||
return -EINVAL;
|
||||
}
|
||||
--
|
||||
2.9.3
|
||||
|
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 12
|
||||
%define stable_update 13
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
@ -643,6 +643,9 @@ Patch857: 0001-packet-fix-race-condition-in-packet_set_ring.patch
|
|||
# CVE-2016-9793 rhbz 1402013 1402014
|
||||
Patch858: 0001-net-avoid-signed-overflows-for-SO_-SND-RCV-BUFFORCE.patch
|
||||
|
||||
# CVE-2016-9576 rhbz 1403145 1403146
|
||||
Patch859: 0001-Don-t-feed-anything-but-regular-iovec-s-to-blk_rq_ma.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
@ -2165,6 +2168,10 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Fri Dec 09 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.8.13-100
|
||||
- Linux v4.8.13
|
||||
- CVE-2016-9576 fix use after free in SCSI generic device interface (rhbz 1403145 1403146)
|
||||
|
||||
* Wed Dec 07 2016 Laura Abbott <labbott@fedoraproject.org>
|
||||
- Disable CONFIG_AF_KCM (rhbz 1402489)
|
||||
|
||||
|
|
Loading…
Reference in New Issue