diff options
author | P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com> | 2022-12-02 20:53:31 +0300 |
---|---|---|
committer | P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com> | 2022-12-02 21:09:30 +0300 |
commit | 7dd3ed26ca09df0e582be8cc2780bba588bdd11e (patch) | |
tree | ee5b64acbe5374240089bc65c9443dd29df482f8 /meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-2503.patch | |
parent | e0c224c79550bf49928bfb75f629233b1ef07c7a (diff) | |
download | openbmc-7dd3ed26ca09df0e582be8cc2780bba588bdd11e.tar.xz |
Update to internal 1-0.92
Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-2503.patch')
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-2503.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-2503.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-2503.patch new file mode 100644 index 000000000..189b6ce19 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-2503.patch @@ -0,0 +1,35 @@ +From 69712b170237ec5979f168149cd31e851a465853 Mon Sep 17 00:00:00 2001 +From: Sarthak Kukreti <sarthakkukreti@google.com> +Date: Tue, 31 May 2022 15:56:40 -0400 +Subject: [PATCH] dm verity: set DM_TARGET_IMMUTABLE feature flag + +commit 4caae58406f8ceb741603eee460d79bacca9b1b5 upstream. + +The device-mapper framework provides a mechanism to mark targets as +immutable (and hence fail table reloads that try to change the target +type). Add the DM_TARGET_IMMUTABLE flag to the dm-verity target's +feature flags to prevent switching the verity target with a different +target type. + +Fixes: a4ffc152198e ("dm: add verity target") +Cc: stable@vger.kernel.org +Signed-off-by: Sarthak Kukreti <sarthakkukreti@google.com> +Reviewed-by: Kees Cook <keescook@chromium.org> +Signed-off-by: Mike Snitzer <snitzer@kernel.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/md/dm-verity-target.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c +index 88288c8d6bc8c0..426299ceb33d7d 100644 +--- a/drivers/md/dm-verity-target.c ++++ b/drivers/md/dm-verity-target.c +@@ -1312,6 +1312,7 @@ static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv) + + static struct target_type verity_target = { + .name = "verity", ++ .features = DM_TARGET_IMMUTABLE, + .version = {1, 8, 0}, + .module = THIS_MODULE, + .ctr = verity_ctr, |