Re: [OpenWrt-Devel] [PATCH] CVE-2016-5195 backport to linux-3.18.36 for Chaos Calmer

2016-10-21 Thread Florian Fainelli 
On 10/21/2016 07:43 AM, revelstone wrote:
> Here is a backport for Chaos Calmer of commit
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619]19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
> that patches
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195]CVE-2016-5195
> 
> /DL
> 
> Signed-off-by: dl12345 

While this is appreciated, why not just wait for the stable tree to get
updated and update to the next stable 3.18 (and others)?
-- 
Florian
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] CVE-2016-5195 backport to linux-3.18.36 for Chaos Calmer

2016-10-21 Thread revelstone 
Here is a backport for Chaos Calmer of commit 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619]19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
 that patches 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195]CVE-2016-5195

/DL
Signed-off-by: dl12345 --- 
.../generic/patches-3.18/099-CVE-2016-5195.patch   | 47 ++ 
1 file changed, 47 insertions(+) create mode 100644 
target/linux/generic/patches-3.18/099-CVE-2016-5195.patch
diff --git a/target/linux/generic/patches-3.18/099-CVE-2016-5195.patch 
b/target/linux/generic/patches-3.18/099-CVE-2016-5195.patchnew file mode 
100644index 000..2febc79--- /dev/null+++ 
b/target/linux/generic/patches-3.18/099-CVE-2016-5195.patch@@ -0,0 +1,47 @@+--- 
a/include/linux/mm.h b/include/linux/mm.h+@@ -2029,6 +2029,7 @@ static 
inline struct page *follow_page(s+ #define FOLL_NUMA 0x200 /* force NUMA 
hinting page fault */+ #define FOLL_MIGRATION 0x400 /* wait for page to replace 
migration entry */+ #define FOLL_TRIED 0x800 /* a retry, previous pass started 
an IO */++#define FOLL_COW 0x4000 /* internal GUP flag */+ + typedef int 
(*pte_fn_t)(pte_t *pte, pgtable_t token, unsigned long addr,+  void *data);+--- 
a/mm/gup.c b/mm/gup.c+@@ -32,6 +32,16 @@ static struct page 
*no_page_table(struct+  return NULL;+ }+ ++/*++ * FOLL_FORCE can write to even 
unwritable pte's, but only++ * after we've gone through a COW cycle and they 
are dirty.++ */++static inline bool can_follow_write_pte(pte_t pte, unsigned 
int flags)++{++ return pte_write(pte) ||++ ((flags & FOLL_FORCE) && (flags & 
FOLL_COW) && pte_dirty(pte));++}+++ static struct page *follow_page_pte(struct 
vm_area_struct *vma,+  unsigned long address, pmd_t *pmd, unsigned int flags)+ 
{+@@ -66,7 +76,7 @@ retry:+  }+  if ((flags & FOLL_NUMA) && pte_numa(pte))+  
goto no_page;+- if ((flags & FOLL_WRITE) && !pte_write(pte)) {++ if ((flags & 
FOLL_WRITE) && !can_follow_write_pte(pte, flags)) {+  pte_unmap_unlock(ptep, 
ptl);+  return NULL;+  }+@@ -315,7 +325,7 @@ static int faultin_page(struct 
task_stru+   * reCOWed by userspace write).+   */+  if ((ret & VM_FAULT_WRITE) 
&& !(vma->vm_flags & VM_WRITE))+- *flags &= ~FOLL_WRITE;++ *flags |= FOLL_COW;+ 
 return 0;+ }+ -- 1.8.3.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel