From a40974c3b14a2cfce8b0d959de6439b89852a4d9 Mon Sep 17 00:00:00 2001 From: Duncaen Date: Wed, 13 Jul 2016 17:51:37 +0200 Subject: [PATCH] linux3.18: update to 3.18.36. --- ...ing-ref-leak-in-join_session_keyring.patch | 75 +++++++++++++++++++ srcpkgs/linux3.18/template | 4 +- 2 files changed, 77 insertions(+), 2 deletions(-) create mode 100644 srcpkgs/linux3.18/patches/KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch diff --git a/srcpkgs/linux3.18/patches/KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch b/srcpkgs/linux3.18/patches/KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch new file mode 100644 index 00000000000..c4f6ca2b4c0 --- /dev/null +++ b/srcpkgs/linux3.18/patches/KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch @@ -0,0 +1,75 @@ +From 7ca88764d45c209791e8813131c1457c2e9e51e7 Mon Sep 17 00:00:00 2001 +From: Yevgeny Pats +Date: Mon, 11 Jan 2016 12:05:28 +0000 +Subject: KEYS: Fix keyring ref leak in join_session_keyring() + +If a thread is asked to join as a session keyring the keyring that's already +set as its session, we leak a keyring reference. + +This can be tested with the following program: + + #include + #include + #include + #include + + int main(int argc, const char *argv[]) + { + int i = 0; + key_serial_t serial; + + serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, + "leaked-keyring"); + if (serial < 0) { + perror("keyctl"); + return -1; + } + + if (keyctl(KEYCTL_SETPERM, serial, + KEY_POS_ALL | KEY_USR_ALL) < 0) { + perror("keyctl"); + return -1; + } + + for (i = 0; i < 100; i++) { + serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, + "leaked-keyring"); + if (serial < 0) { + perror("keyctl"); + return -1; + } + } + + return 0; + } + +If, after the program has run, there something like the following line in +/proc/keys: + +3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty + +with a usage count of 100 * the number of times the program has been run, +then the kernel is malfunctioning. If leaked-keyring has zero usages or +has been garbage collected, then the problem is fixed. + +Reported-by: Yevgeny Pats +Signed-off-by: David Howells +--- + security/keys/process_keys.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git security/keys/process_keys.c security/keys/process_keys.c +index a3f85d2..e6d50172 100644 +--- security/keys/process_keys.c ++++ security/keys/process_keys.c +@@ -794,6 +794,7 @@ long join_session_keyring(const char *name) + ret = PTR_ERR(keyring); + goto error2; + } else if (keyring == new->session_keyring) { ++ key_put(keyring); + ret = 0; + goto error2; + } +-- +2.7.0.rc3 + diff --git a/srcpkgs/linux3.18/template b/srcpkgs/linux3.18/template index 940efa36f54..3e31d9092ba 100644 --- a/srcpkgs/linux3.18/template +++ b/srcpkgs/linux3.18/template @@ -1,6 +1,6 @@ # Template file for 'linux3.18' pkgname=linux3.18 -version=3.18.35 +version=3.18.36 revision=1 wrksrc="linux-${version}" maintainer="Juan RP " @@ -8,7 +8,7 @@ homepage="http://www.kernel.org" license="GPL-2" short_desc="The Linux kernel and modules (${version%.*} series)" distfiles="${KERNEL_SITE}/kernel/v3.x/linux-${version}.tar.xz" -checksum=49ae4f7dc6e3c2cb82aff1ca79e6dd5b828d9d8fb808819089361d5c1247ef81 +checksum=78bb41d22b15af9f8da5c1e4f3cd8310bf81c89313102273a17ede7003a51e47 _kernver="${version}_${revision}"