[BUG: 1488]: fix dirty COW vulnerability in the linux kernel (CVE-2016-5195)

Fixed by uplift of a kernel from 3.16.37 to 3.16.38. Even it is a local privilege escalation bug, which does not impact us, it is worth to have it fixed. Signed-off-by: Adam Wujek <adam.wujek@cern.ch>

[BUG: 1488]: fix dirty COW vulnerability in the linux kernel (CVE-2016-5195)
Fixed by uplift of a kernel from 3.16.37 to 3.16.38. Even it is a local privilege escalation bug, which does not impact us, it is worth to have it fixed. Signed-off-by: Adam Wujek <adam.wujek@cern.ch>
adfc11e4 · Adam Wujek · def8cb63 · adfc11e4 · adfc11e4 · adfc11e4
Commit adfc11e4 authored Dec 14, 2016 by Adam Wujek 💬
16 changed files
--- a/build/download-info
+++ b/build/download-info
@@ -15,8 +15,8 @@ barebox-2014.04.0.tar.bz2       e1f089fc24cc7f24478e663c0e3b91d9 \
   http://www.barebox.org/download/barebox-2014.04.0.tar.bz2
 # kernel
-linux-3.16.37.tar.xz            fc4e8c469cf852a128e160f2910c1f21 \
+linux-3.16.38.tar.xz            1af111d8ee7b57329611d4d804e9fe78 \
-   https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.16.37.tar.xz
+   https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.16.38.tar.xz
 # our gateware binaries
 wrs-gw-v5.0-20161214.tar.gz ad4dd1f4bef255d1ac4955c02775e264 \

--- a/build/wrs_build-all
+++ b/build/wrs_build-all
@@ -50,7 +50,7 @@ fi
 export WRS_SCRIPTS_DIR=${WRS_BASE_DIR}/scripts
 # Export Linux kernel version in use
-export KVER="3.16.37"
+export KVER="3.16.38"
 # Export Buildroot version in use
 export BRVER="2016.02"

--- a/configs/buildroot/wrs_release_br2_config
+++ b/configs/buildroot/wrs_release_br2_config
@@ -153,7 +153,7 @@ BR2_TOOLCHAIN_BUILDROOT_VENDOR="buildroot"
 # BR2_KERNEL_HEADERS_4_3 is not set
 # BR2_KERNEL_HEADERS_4_4 is not set
 BR2_KERNEL_HEADERS_VERSION=y
-BR2_DEFAULT_KERNEL_VERSION="3.16.37"
+BR2_DEFAULT_KERNEL_VERSION="3.16.38"
 # BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_4 is not set
 # BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_3 is not set
 # BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_2 is not set
@@ -180,7 +180,7 @@ BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_16=y
 # BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_1 is not set
 # BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_0 is not set
 # BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_REALLY_OLD is not set
-BR2_DEFAULT_KERNEL_HEADERS="3.16.37"
+BR2_DEFAULT_KERNEL_HEADERS="3.16.38"
 BR2_TOOLCHAIN_BUILDROOT_UCLIBC=y
 # BR2_TOOLCHAIN_BUILDROOT_GLIBC is not set
 # BR2_TOOLCHAIN_BUILDROOT_MUSL is not set

--- a/configs/wrs_linux_defconfig
+++ b/configs/wrs_linux_defconfig
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm 3.16.37 Kernel Configuration
+# Linux/arm 3.16.38 Kernel Configuration
 #
 CONFIG_ARM=y
 CONFIG_SYS_SUPPORTS_APM_EMULATION=y

--- a/doc/startup-guide/wrs-startup_guide.md
+++ b/doc/startup-guide/wrs-startup_guide.md
@@ -727,7 +727,7 @@ Specification
 | **I/O**            | 32bit Async Bridge with FPGA\                   |
 |                    | 100Base-T Ethernet                              |
 +--------------------+-------------------------------------------------+
-| **OS**             | Linux (Kernel v3.16.37)                         |
+| **OS**             | Linux (Kernel v3.16.38)                         |
 +--------------------+-------------------------------------------------+

--- a/doc/wrs-developer-manual.in
+++ b/doc/wrs-developer-manual.in
@@ -360,7 +360,7 @@ The messages of a download run are like the following ones:
    2016-12-14 17:10:46: --- Downloading base packages
    2016-12-14 17:10:50: Retrieved at91bootstrap-3-3.0.tar.gz from upstream
    2016-12-14 17:10:51: Retrieved barebox-2014.04.0.tar.bz2 from upstream
-    2016-12-14 17:11:21: Retrieved linux-3.16.37.tar.xz from upstream
+    2016-12-14 17:11:21: Retrieved linux-3.16.38.tar.xz from upstream
    2016-12-14 17:11:22: Retrieved wrs-gw-v5.0-20161214.tar.gz from upstream
    2016-12-14 17:11:27: Retrieved buildroot-2016.02.tar.bz2 from upstream
 @end smallexample
@@ -733,14 +733,14 @@ in two lines with a local variable to fit the page with in documentation):
 @node The Linux Kernel
 @subsection The Linux Kernel
-The kernel is currently version 3.16.37, compiled from an uncompressed
+The kernel is currently version 3.16.38, compiled from an uncompressed
 tar file (so not within a @i{git} repository).  The upstream
 vanilla kernel is downloaded, then
 local patches are applied (they come from a @i{git}
 repository, but they are currently applied with a simple @i{patch}
 command).
-The relevant patches are available in @i{patches/kernel/v3.16.37},
+The relevant patches are available in @i{patches/kernel/v3.16.38},
 and are currently the following ones:
 @example

--- a/patches/kernel/v3.16.37/0001-initramfs-stop-after-one-cpio-archive.patch
+++ b/patches/kernel/v3.16.37/0001-initramfs-stop-after-one-cpio-archive.patch
@@ -3,7 +3,7 @@ From: Alessandro Rubini <rubini@gnudd.com>
 Date: Sat, 20 Nov 2010 13:15:48 +0100
 Subject: [PATCH 1/9] initramfs: stop after one cpio archive
-Update to 3.16.37
+Update to 3.16.38
 =================
 This patch has been ported from 2.6.39.

--- a/patches/kernel/v3.16.37/0002-mtd_dataflash-Read-EDI-bytes-in-JEDEC-to-support-AT4.patch
+++ b/patches/kernel/v3.16.37/0002-mtd_dataflash-Read-EDI-bytes-in-JEDEC-to-support-AT4.patch
@@ -14,7 +14,7 @@ We have had two new fields in the struct flash_info:
   * edi_nbytes: number of optional bytes to read (1 or 2)
   * edi_jedec:  EDI value for a given chip
-Update to 3.16.37
+Update to 3.16.38
 =================
 This patch has been ported from 2.6.39.

--- a/patches/kernel/v3.16.37/0003-wr-switch-sam9m10g45ek-change-USB-vbus_pin-from-PB19.patch
+++ b/patches/kernel/v3.16.37/0003-wr-switch-sam9m10g45ek-change-USB-vbus_pin-from-PB19.patch
--- a/patches/kernel/v3.16.37/0004-wr-switch-sam9m10g45ek-enable-FPGA-access-from-EBI1-.patch
+++ b/patches/kernel/v3.16.37/0004-wr-switch-sam9m10g45ek-enable-FPGA-access-from-EBI1-.patch
--- a/patches/kernel/v3.16.37/0005-wr-switch-sam9m10g45ek-store-device-partitioning.patch
+++ b/patches/kernel/v3.16.37/0005-wr-switch-sam9m10g45ek-store-device-partitioning.patch
--- a/patches/kernel/v3.16.37/0006-wr-switch-sam9m10g45ek-more-relaxed-nand-timings.patch
+++ b/patches/kernel/v3.16.37/0006-wr-switch-sam9m10g45ek-more-relaxed-nand-timings.patch
@@ -3,7 +3,7 @@ From: Alessandro Rubini <rubini@gnudd.com>
 Date: Mon, 28 Jul 2014 15:20:59 +0200
 Subject: [PATCH 6/8] wr-switch (sam9m10g45ek): more relaxed nand timings
-Update to 3.16.37
+Update to 3.16.38
 =================
 This patch has been ported from 2.6.39.

--- a/patches/kernel/v3.16.37/0007-wr-switch-sam9m10g45ek-provide-bootcount-using-scrat.patch
+++ b/patches/kernel/v3.16.37/0007-wr-switch-sam9m10g45ek-provide-bootcount-using-scrat.patch
@@ -4,7 +4,7 @@ Date: Fri, 28 Nov 2014 14:18:27 +0100
 Subject: [PATCH 7/8] wr-switch (sam9m10g45ek): provide bootcount using scratch
 registers
-Update to 3.16.37
+Update to 3.16.38
 =================
 This patch has been ported from 2.6.39.

--- a/patches/kernel/v3.16.37/0008-wr-switch-at91-udc-force-full-speed.patch
+++ b/patches/kernel/v3.16.37/0008-wr-switch-at91-udc-force-full-speed.patch
@@ -9,7 +9,7 @@ autodetected high-speed), and thus they work.
 Speed is not a problem anyways, because it is just a serial port.
-Update to 3.16.37
+Update to 3.16.38
 =================
 This patch has been ported from 2.6.39.

--- a/patches/kernel/v3.16.37/0009-hack-architecture-to-boot-on-our-boot-loader.patch
+++ b/patches/kernel/v3.16.37/0009-hack-architecture-to-boot-on-our-boot-loader.patch
@@ -12,7 +12,7 @@ now it does not.
 Fixing the bootloader, in order to be based on the SAM9M10G45EK board
 as the kernel, requires much more effort for a little practical gain.
-The main problem is that the 3.16.37 kernel refues to boot since the
+The main problem is that the 3.16.38 kernel refues to boot since the
 boot-loader declares that the board in use is a PMG45 and not a SAM9M10EK
 as expected by the kernel. In order to make the kernel boot we have to
 provide this information:
@@ -34,7 +34,7 @@ wrong architecture provides wrong values.
 This choice give us the freedom to update the kernel without changing the
 boot-loader nor bootloader's environment . This means that for whatever
-eason we will be able to easily switch from 2.6.39 to 3.16.37 for debugging
+eason we will be able to easily switch from 2.6.39 to 3.16.38 for debugging
 purpose.
 Acked-by: Adam Wujek <adam.wujek@cern.ch>

--- a/patches/kernel/v3.16.37/0010-disable-BBT-for-the-nand-flash.patch
+++ b/patches/kernel/v3.16.37/0010-disable-BBT-for-the-nand-flash.patch