mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-28 11:43:25 +02:00
linux: Fix for CVE-2022-0847 aka Dirty Pipe
https://dirtypipe.cm4all.com Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
@@ -141,6 +141,9 @@ ifeq "$(BUILD_ARCH)" "aarch64"
|
|||||||
endif
|
endif
|
||||||
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-3.14.79-amba-fix.patch
|
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-3.14.79-amba-fix.patch
|
||||||
|
|
||||||
|
# Fix for CVE-2022-0847 aka Dirty Pipe
|
||||||
|
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel-5.15-CVE-2022-0847.patch
|
||||||
|
|
||||||
ifeq "$(KCFG)" "-headers"
|
ifeq "$(KCFG)" "-headers"
|
||||||
# Install the header files
|
# Install the header files
|
||||||
cd $(DIR_APP) && make ARCH=$(HEADERS_ARCH) $(EXTRAMAKE) headers
|
cd $(DIR_APP) && make ARCH=$(HEADERS_ARCH) $(EXTRAMAKE) headers
|
||||||
|
|||||||
46
src/patches/kernel-5.15-CVE-2022-0847.patch
Normal file
46
src/patches/kernel-5.15-CVE-2022-0847.patch
Normal file
@@ -0,0 +1,46 @@
|
|||||||
|
From 114e9f141822e6977633d322c1b03e89bd209932 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Max Kellermann <max.kellermann@ionos.com>
|
||||||
|
Date: Mon, 21 Feb 2022 11:03:13 +0100
|
||||||
|
Subject: [PATCH] lib/iov_iter: initialize "flags" in new pipe_buffer
|
||||||
|
|
||||||
|
commit 9d2231c5d74e13b2a0546fee6737ee4446017903 upstream.
|
||||||
|
|
||||||
|
The functions copy_page_to_iter_pipe() and push_pipe() can both
|
||||||
|
allocate a new pipe_buffer, but the "flags" member initializer is
|
||||||
|
missing.
|
||||||
|
|
||||||
|
Fixes: 241699cd72a8 ("new iov_iter flavour: pipe-backed")
|
||||||
|
To: Alexander Viro <viro@zeniv.linux.org.uk>
|
||||||
|
To: linux-fsdevel@vger.kernel.org
|
||||||
|
To: linux-kernel@vger.kernel.org
|
||||||
|
Cc: stable@vger.kernel.org
|
||||||
|
Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
|
||||||
|
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
||||||
|
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||||
|
---
|
||||||
|
lib/iov_iter.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/iov_iter.c b/lib/iov_iter.c
|
||||||
|
index 60b5e6edfbaa..c5b2f0f4b8a8 100644
|
||||||
|
--- a/lib/iov_iter.c
|
||||||
|
+++ b/lib/iov_iter.c
|
||||||
|
@@ -416,6 +416,7 @@ static size_t copy_page_to_iter_pipe(struct page *page, size_t offset, size_t by
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
buf->ops = &page_cache_pipe_buf_ops;
|
||||||
|
+ buf->flags = 0;
|
||||||
|
get_page(page);
|
||||||
|
buf->page = page;
|
||||||
|
buf->offset = offset;
|
||||||
|
@@ -532,6 +533,7 @@ static size_t push_pipe(struct iov_iter *i, size_t size,
|
||||||
|
break;
|
||||||
|
|
||||||
|
buf->ops = &default_pipe_buf_ops;
|
||||||
|
+ buf->flags = 0;
|
||||||
|
buf->page = page;
|
||||||
|
buf->offset = 0;
|
||||||
|
buf->len = min_t(ssize_t, left, PAGE_SIZE);
|
||||||
|
--
|
||||||
|
2.30.2
|
||||||
|
|
||||||
Reference in New Issue
Block a user