]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
projects / thirdparty / kernel / stable-queue.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b901231)
3.4-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 28 Jun 2014 00:17:29 +0000 (17:17 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 28 Jun 2014 00:17:29 +0000 (17:17 -0700)
added patches:
target-explicitly-clear-ramdisk_mcp-backend-pages.patch

queue-3.4/series patch | blob | blame | history
queue-3.4/target-explicitly-clear-ramdisk_mcp-backend-pages.patch [new file with mode: 0644] patch | blob

diff --git a/queue-3.4/series b/queue-3.4/series
index a456d1015f8ba484ba7a52449a3a27590952947a..22cef92db70f8bd4722ccd78c475721e691debbb 100644 (file)
--- a/queue-3.4/series
+++ b/queue-3.4/series
@@ -28,3 +28,4 @@ usb-sierra-fix-urb-and-memory-leak-on-disconnect.patch
 usb-sierra-fix-remote-wakeup.patch
 acpi-fix-conflict-between-customized-dsdt-and-dsdt-local-copy.patch
 arm-stacktrace-avoid-listing-stacktrace-functions-in-stacktrace.patch
+target-explicitly-clear-ramdisk_mcp-backend-pages.patch
diff --git a/queue-3.4/target-explicitly-clear-ramdisk_mcp-backend-pages.patch b/queue-3.4/target-explicitly-clear-ramdisk_mcp-backend-pages.patch
new file mode 100644 (file)
index 0000000..bbd353f
--- /dev/null
+++ b/queue-3.4/target-explicitly-clear-ramdisk_mcp-backend-pages.patch
@@ -0,0 +1,42 @@
+From nab@linux-iscsi.org  Fri Jun 27 17:13:41 2014
+From: "Nicholas A. Bellinger" <nab@linux-iscsi.org>
+Date: Mon, 16 Jun 2014 20:59:52 +0000
+Subject: [PATCH] target: Explicitly clear ramdisk_mcp backend pages
+To: target-devel <target-devel@vger.kernel.org>
+Cc: Greg-KH <gregkh@linuxfoundation.org>, stable <stable@vger.kernel.org>, Nicholas Bellinger <nab@linux-iscsi.org>, Jorge Daniel Sequeira Matias <jdsm@tecnico.ulisboa.pt>
+Message-ID: <1402952392-30762-1-git-send-email-nab@linux-iscsi.org>
+
+
+[Note that a different patch to address the same issue went in during
+v3.15-rc1 (commit 4442dc8a), but includes a bunch of other changes that
+don't strictly apply to fixing the bug]
+
+This patch changes rd_allocate_sgl_table() to explicitly clear
+ramdisk_mcp backend memory pages by passing __GFP_ZERO into
+alloc_pages().
+
+This addresses a potential security issue where reading from a
+ramdisk_mcp could return sensitive information, and follows what
+>= v3.15 does to explicitly clear ramdisk_mcp memory at backend
+device initialization time.
+
+Reported-by: Jorge Daniel Sequeira Matias <jdsm@tecnico.ulisboa.pt>
+Cc: Jorge Daniel Sequeira Matias <jdsm@tecnico.ulisboa.pt>
+Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/target/target_core_rd.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/target/target_core_rd.c
++++ b/drivers/target/target_core_rd.c
+@@ -177,7 +177,7 @@ static int rd_build_device_space(struct
+                                               - 1;
+               for (j = 0; j < sg_per_table; j++) {
+-                      pg = alloc_pages(GFP_KERNEL, 0);
++                      pg = alloc_pages(GFP_KERNEL | __GFP_ZERO, 0);
+                       if (!pg) {
+                               pr_err("Unable to allocate scatterlist"
+                                       " pages for struct rd_dev_sg_table\n");
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git