aufs: Update support patches to aufs4.5-20160523

- mmap: Fix use-after-free in remap_file_pages(2)

debian/changelog

@@ -3,6 +3,10 @@ linux (4.5.4-2) UNRELEASED; urgency=medium
   [ Salvatore Bonaccorso ]
   * tipc: check nl sock before parsing nested attributes (CVE-2016-4951)
 
+  [ Ben Hutchings ]
+  * aufs: Update support patches to aufs4.5-20160523
+    - mmap: Fix use-after-free in remap_file_pages(2)
+
  -- Salvatore Bonaccorso <carnil@debian.org>  Sat, 21 May 2016 16:47:59 +0200
 
 linux (4.5.4-1) unstable; urgency=medium

debian/patches/features/all/aufs4/aufs4-base.patch

@@ -1,7 +1,7 @@
 From: J. R. Okajima <hooanon05@yahoo.co.jp>
 Date: Wed Mar 16 17:10:20 2016 +0900
 Subject: aufs4.5 base patch
-Origin: https://github.com/sfjro/aufs4-standalone/tree/91164538a2f52c72b79a657ca3675cb55152413d
+Origin: https://github.com/sfjro/aufs4-standalone/tree/0ebb0adcc850096856d38fa1f6ab0ce35244f9bf
 Bug-Debian: https://bugs.debian.org/541828
 
 Patch headers added by debian/patches/features/all/aufs4/gen-patch

debian/patches/features/all/aufs4/aufs4-mmap.patch

@@ -1,7 +1,7 @@
 From: J. R. Okajima <hooanon05@yahoo.co.jp>
-Date: Wed Mar 16 17:10:20 2016 +0900
+Date: Fri May 13 12:12:34 2016 +0900
 Subject: aufs4.5 mmap patch
-Origin: https://github.com/sfjro/aufs4-standalone/tree/91164538a2f52c72b79a657ca3675cb55152413d
+Origin: https://github.com/sfjro/aufs4-standalone/tree/0ebb0adcc850096856d38fa1f6ab0ce35244f9bf
 Bug-Debian: https://bugs.debian.org/541828
 
 Patch headers added by debian/patches/features/all/aufs4/gen-patch
@@ -184,7 +184,7 @@ index 8132787..3f7de66 100644
  
  	return VM_FAULT_WRITE;
 diff --git a/mm/mmap.c b/mm/mmap.c
-index 76d1ec2..fdd163e 100644
+index 76d1ec2..298bc71 100644
 --- a/mm/mmap.c
 +++ b/mm/mmap.c
 @@ -290,7 +290,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
@@ -233,28 +233,45 @@ index 76d1ec2..fdd163e 100644
  	unlink_anon_vmas(new);
   out_free_mpol:
  	mpol_put(vma_policy(new));
-@@ -2640,7 +2640,6 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
+@@ -2640,7 +2640,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
  	struct vm_area_struct *vma;
  	unsigned long populate = 0;
  	unsigned long ret = -EINVAL;
 -	struct file *file;
++	struct file *file, *prfile;
  
  	pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. "
  			"See Documentation/vm/remap_file_pages.txt.\n",
-@@ -2708,10 +2707,10 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
+@@ -2708,10 +2708,27 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
  		}
  	}
  
 -	file = get_file(vma->vm_file);
 +	vma_get_file(vma);
++	file = vma->vm_file;
++	prfile = vma->vm_prfile;
  	ret = do_mmap_pgoff(vma->vm_file, start, size,
  			prot, flags, pgoff, &populate);
--	fput(file);
-+	vma_fput(vma);
++	if (!IS_ERR_VALUE(ret) && file && prfile) {
++		struct vm_area_struct *new_vma;
++
++		new_vma = find_vma(mm, ret);
++		if (!new_vma->vm_prfile)
++			new_vma->vm_prfile = prfile;
++		if (new_vma != vma)
++			get_file(prfile);
++	}
++	/*
++	 * two fput()s instead of vma_fput(vma),
++	 * coz vma may not be available anymore.
++	 */
+ 	fput(file);
++	if (prfile)
++		fput(prfile);
  out:
  	up_write(&mm->mmap_sem);
  	if (populate)
-@@ -2982,7 +2981,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
+@@ -2982,7 +2999,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
  		if (anon_vma_clone(new_vma, vma))
  			goto out_free_mempol;
  		if (new_vma->vm_file)

debian/patches/features/all/aufs4/aufs4-standalone.patch

@@ -1,7 +1,7 @@
 From: J. R. Okajima <hooanon05@yahoo.co.jp>
 Date: Wed Mar 16 17:10:20 2016 +0900
 Subject: aufs4.5 standalone patch
-Origin: https://github.com/sfjro/aufs4-standalone/tree/91164538a2f52c72b79a657ca3675cb55152413d
+Origin: https://github.com/sfjro/aufs4-standalone/tree/0ebb0adcc850096856d38fa1f6ab0ce35244f9bf
 Bug-Debian: https://bugs.debian.org/541828
 
 Patch headers added by debian/patches/features/all/aufs4/gen-patch