derfelot
commented
1 year ago Missed this one, but from what I can tell you have addressed this, right?
So I will close it :)
(doing a bit of clean-up)
Closed Flamefire closed 1 year ago
derfelot
commented
1 year ago Missed this one, but from what I can tell you have addressed this, right?
So I will close it :)
(doing a bit of clean-up)
Flamefire
commented
1 year ago Yes, fixed by #77
In the March 22 ASB I found a patch for the binder component for CVE-2021-39686 cherrypicked from this commit.
That relies on a hook introduced earlier
Both this patches apply (almost) cleanly to our kernel tree and look reasonable/correct but don't work right away: The device bootloops when starting the kernel, i.e. after SONY logo before the Lineage logo is shown.
I found the cause why it works upstream: Another commit greatly simplified the hook-list initialization which is not yet in our kernel. So we need that or manual
LIST_HEAD_INIT. I like the former much more. However that commit yields a conflict as hooks have been added and removed in mainline. In a first test I resolved the conflict by simply removing ourLIST_HEAD_INITstuff which is the right thing as for the removal it doesn't matter if there were additions or removals before.So I started a big effort in backporting the changes to the hooks which makes the kernel safer as far as I can tell. See my WIP branch for that. (cc @bananafunction)
TLDR: Are you interested in that or otherwise in just the minimal patch to fix the CVE (3 commits mentioned above)? I'll use the remainder of this issue to explain and basically document what I did so far (ongoing work) also for me as a reference. I hope you don't mind.
At the start is a simple and reasonable standalone change:
Then I needed quite a few commits for which I found the following upstream discussion/merge:
For the last one above I would need the patch series from this merge see kernel.org but I gave up after to many conflicts due to upstream changes. I could resolve the conflict of 2602625b7e46576b00db619ac788c508ba3bcb2c however by inspection of the code and basically backport that commit.