Patching production kernel is a risky business.
Following procedure will help you to fix the problem.
Step # 1: Make sure your product is affected
Step # 1: Make sure your product is affected
First find out if your product is affected by reported exploit.Also make sure bug affects your architectures. For example, a bug may only
affect 64 bit or 32 bit platform.
Step # 2: Apply patch
You better apply and test patch in a test environment. Please note that some
vendors such as Redhat and Suse modifies or backports kernel. So it is good idea
to apply patch to their kernel source code tree. Otherwise you can always grab and apply patch to latest kernel version.
WARNING! These
instructions require having the skills of a sysadmin. Personally, I avoid
recompiling any kernel unless absolutely necessary. Wrong kernel option can disable
hardware or may not boot system at all. If you don't understand the internal
kernel dependencies don't try this on a production box.
Change directory to your kernel source code:
Download and save patch file as fix.vmsplice.exploit.patch:
Output:
To Compile and install Linux Kernel please check http://www.linuxhowto.in/2012/06/howto-compile-linux-kernel.html
I hope this HowTO will save someones time.
Don't forget to "Like" us on Facebook"!!!!! :)
Copyright © 2012 LINUXHOWTO.IN
Step # 3: How do I apply kernel patch?
WARNING! These
instructions require having the skills of a sysadmin. Personally, I avoid
recompiling any kernel unless absolutely necessary. Wrong kernel option can disable
hardware or may not boot system at all. If you don't understand the internal
kernel dependencies don't try this on a production box.# cd linux-3.0.xx.yy Download and save patch file as fix.vmsplice.exploit.patch:
#
cat fix.vmsplice.exploit.patchOutput:
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1234,7 +1234,7 @@ static int get_iovec_page_array(const struct iovec __user *iov,
if (unlikely(!len))
break;
error = -EFAULT;
- if (unlikely(!base))
+ if (!access_ok(VERIFY_READ, base, len))
break;
/*
Now apply patch using patch
command :
The following usage is most commonly used:
To apply a patch, one could run the following command in a shell:
Patches can be undone, or reversed, with the '-R' option:
$ patch -p1 <
{/path/to/patch/file}To apply a patch, one could run the following command in a shell:
$
patch < /path/to/filePatches can be undone, or reversed, with the '-R' option:
$ patch -R
< /path/to/fileTo Compile and install Linux Kernel please check http://www.linuxhowto.in/2012/06/howto-compile-linux-kernel.html
I hope this HowTO will save someones time.
Don't forget to "Like" us on Facebook"!!!!! :)
DISCLAIMER:
The information provided on this website comes without warranty of any kind and
is distributed AS IS. Every effort has been made to provide the information as
accurate as possible, but no warranty or fitness is implied. The information
may be incomplete, may contain errors or may have become out of date. The use
of this information described herein is your responsibility, and to use it in
your own environments do so at your own risk.
No comments:
Post a Comment