Merge branch 'f23' of ssh://pkgs.fedoraproject.org/kernel into f23-pf. Fedora 23 kernel 4.3.3
This commit is contained in:
commit
338e57dc54
|
@ -1,76 +0,0 @@
|
|||
From d856e14fb043b742f94170db36b812770a2591d0 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Thu, 15 Oct 2015 17:21:37 +0100
|
||||
Subject: [PATCH 1/2] KEYS: Fix crash when attempt to garbage collect an
|
||||
uninstantiated keyring
|
||||
|
||||
The following sequence of commands:
|
||||
|
||||
i=`keyctl add user a a @s`
|
||||
keyctl request2 keyring foo bar @t
|
||||
keyctl unlink $i @s
|
||||
|
||||
tries to invoke an upcall to instantiate a keyring if one doesn't already
|
||||
exist by that name within the user's keyring set. However, if the upcall
|
||||
fails, the code sets keyring->type_data.reject_error to -ENOKEY or some
|
||||
other error code. When the key is garbage collected, the key destroy
|
||||
function is called unconditionally and keyring_destroy() uses list_empty()
|
||||
on keyring->type_data.link - which is in a union with reject_error.
|
||||
Subsequently, the kernel tries to unlink the keyring from the keyring names
|
||||
list - which oopses like this:
|
||||
|
||||
BUG: unable to handle kernel paging request at 00000000ffffff8a
|
||||
IP: [<ffffffff8126e051>] keyring_destroy+0x3d/0x88
|
||||
...
|
||||
Workqueue: events key_garbage_collector
|
||||
...
|
||||
RIP: 0010:[<ffffffff8126e051>] keyring_destroy+0x3d/0x88
|
||||
RSP: 0018:ffff88003e2f3d30 EFLAGS: 00010203
|
||||
RAX: 00000000ffffff82 RBX: ffff88003bf1a900 RCX: 0000000000000000
|
||||
RDX: 0000000000000000 RSI: 000000003bfc6901 RDI: ffffffff81a73a40
|
||||
RBP: ffff88003e2f3d38 R08: 0000000000000152 R09: 0000000000000000
|
||||
R10: ffff88003e2f3c18 R11: 000000000000865b R12: ffff88003bf1a900
|
||||
R13: 0000000000000000 R14: ffff88003bf1a908 R15: ffff88003e2f4000
|
||||
...
|
||||
CR2: 00000000ffffff8a CR3: 000000003e3ec000 CR4: 00000000000006f0
|
||||
...
|
||||
Call Trace:
|
||||
[<ffffffff8126c756>] key_gc_unused_keys.constprop.1+0x5d/0x10f
|
||||
[<ffffffff8126ca71>] key_garbage_collector+0x1fa/0x351
|
||||
[<ffffffff8105ec9b>] process_one_work+0x28e/0x547
|
||||
[<ffffffff8105fd17>] worker_thread+0x26e/0x361
|
||||
[<ffffffff8105faa9>] ? rescuer_thread+0x2a8/0x2a8
|
||||
[<ffffffff810648ad>] kthread+0xf3/0xfb
|
||||
[<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2
|
||||
[<ffffffff815f2ccf>] ret_from_fork+0x3f/0x70
|
||||
[<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2
|
||||
|
||||
Note the value in RAX. This is a 32-bit representation of -ENOKEY.
|
||||
|
||||
The solution is to only call ->destroy() if the key was successfully
|
||||
instantiated.
|
||||
|
||||
Reported-by: Dmitry Vyukov <dvyukov@google.com>
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
security/keys/gc.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/security/keys/gc.c b/security/keys/gc.c
|
||||
index c7952375ac53..11c36627adbf 100644
|
||||
--- a/security/keys/gc.c
|
||||
+++ b/security/keys/gc.c
|
||||
@@ -149,7 +149,9 @@ static noinline void key_gc_unused_keys(struct list_head *keys)
|
||||
atomic_dec(&key->user->nikeys);
|
||||
|
||||
/* now throw away the key memory */
|
||||
- if (key->type->destroy)
|
||||
+ if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags) &&
|
||||
+ !test_bit(KEY_FLAG_NEGATIVE, &key->flags) &&
|
||||
+ key->type->destroy)
|
||||
key->type->destroy(key);
|
||||
|
||||
key_user_put(key->user);
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,91 @@
|
|||
From 0d3f6d297bfb7af24d0508460fdb3d1ec4903fa3 Mon Sep 17 00:00:00 2001
|
||||
From: Martin KaFai Lau <kafai@fb.com>
|
||||
Date: Wed, 11 Nov 2015 11:51:06 -0800
|
||||
Subject: [PATCH] ipv6: Avoid creating RTF_CACHE from a rt that is not managed
|
||||
by fib6 tree
|
||||
|
||||
The original bug report:
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1272571
|
||||
|
||||
The setup has a IPv4 GRE tunnel running in a IPSec. The bug
|
||||
happens when ndisc starts sending router solicitation at the gre
|
||||
interface. The simplified oops stack is like:
|
||||
|
||||
__lock_acquire+0x1b2/0x1c30
|
||||
lock_acquire+0xb9/0x140
|
||||
_raw_write_lock_bh+0x3f/0x50
|
||||
__ip6_ins_rt+0x2e/0x60
|
||||
ip6_ins_rt+0x49/0x50
|
||||
~~~~~~~~
|
||||
__ip6_rt_update_pmtu.part.54+0x145/0x250
|
||||
ip6_rt_update_pmtu+0x2e/0x40
|
||||
~~~~~~~~
|
||||
ip_tunnel_xmit+0x1f1/0xf40
|
||||
__gre_xmit+0x7a/0x90
|
||||
ipgre_xmit+0x15a/0x220
|
||||
dev_hard_start_xmit+0x2bd/0x480
|
||||
__dev_queue_xmit+0x696/0x730
|
||||
dev_queue_xmit+0x10/0x20
|
||||
neigh_direct_output+0x11/0x20
|
||||
ip6_finish_output2+0x21f/0x770
|
||||
ip6_finish_output+0xa7/0x1d0
|
||||
ip6_output+0x56/0x190
|
||||
~~~~~~~~
|
||||
ndisc_send_skb+0x1d9/0x400
|
||||
ndisc_send_rs+0x88/0xc0
|
||||
~~~~~~~~
|
||||
|
||||
The rt passed to ip6_rt_update_pmtu() is created by
|
||||
icmp6_dst_alloc() and it is not managed by the fib6 tree,
|
||||
so its rt6i_table == NULL. When __ip6_rt_update_pmtu() creates
|
||||
a RTF_CACHE clone, the newly created clone also has rt6i_table == NULL
|
||||
and it causes the ip6_ins_rt() oops.
|
||||
|
||||
During pmtu update, we only want to create a RTF_CACHE clone
|
||||
from a rt which is currently managed (or owned) by the
|
||||
fib6 tree. It means either rt->rt6i_node != NULL or
|
||||
rt is a RTF_PCPU clone.
|
||||
|
||||
It is worth to note that rt6i_table may not be NULL even it is
|
||||
not (yet) managed by the fib6 tree (e.g. addrconf_dst_alloc()).
|
||||
Hence, rt6i_node is a better check instead of rt6i_table.
|
||||
|
||||
Fixes: 45e4fd26683c ("ipv6: Only create RTF_CACHE routes after encountering pmtu")
|
||||
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
|
||||
Reported-by: Chris Siebenmann <cks-rhbugzilla@cs.toronto.edu>
|
||||
Cc: Chris Siebenmann <cks-rhbugzilla@cs.toronto.edu>
|
||||
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/ipv6/route.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
|
||||
index c8bc9b4..74907c5 100644
|
||||
--- a/net/ipv6/route.c
|
||||
+++ b/net/ipv6/route.c
|
||||
@@ -1322,6 +1322,12 @@ static void rt6_do_update_pmtu(struct rt6_info *rt, u32 mtu)
|
||||
rt6_update_expires(rt, net->ipv6.sysctl.ip6_rt_mtu_expires);
|
||||
}
|
||||
|
||||
+static bool rt6_cache_allowed_for_pmtu(const struct rt6_info *rt)
|
||||
+{
|
||||
+ return !(rt->rt6i_flags & RTF_CACHE) &&
|
||||
+ (rt->rt6i_flags & RTF_PCPU || rt->rt6i_node);
|
||||
+}
|
||||
+
|
||||
static void __ip6_rt_update_pmtu(struct dst_entry *dst, const struct sock *sk,
|
||||
const struct ipv6hdr *iph, u32 mtu)
|
||||
{
|
||||
@@ -1335,7 +1341,7 @@ static void __ip6_rt_update_pmtu(struct dst_entry *dst, const struct sock *sk,
|
||||
if (mtu >= dst_mtu(dst))
|
||||
return;
|
||||
|
||||
- if (rt6->rt6i_flags & RTF_CACHE) {
|
||||
+ if (!rt6_cache_allowed_for_pmtu(rt6)) {
|
||||
rt6_do_update_pmtu(rt6, mtu);
|
||||
} else {
|
||||
const struct in6_addr *daddr, *saddr;
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,63 @@
|
|||
From 721ebb3cf4788107424f92ac2da6cfce20c67297 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Robinson <pbrobinson@gmail.com>
|
||||
Date: Sun, 1 Nov 2015 23:54:08 +0000
|
||||
Subject: [PATCH] watchdog: omap_wdt: fix null pointer dereference
|
||||
|
||||
Fix issue from two patches overlapping causing a kernel oops
|
||||
|
||||
[ 3569.297449] Unable to handle kernel NULL pointer dereference at virtual address 00000088
|
||||
[ 3569.306272] pgd = dc894000
|
||||
[ 3569.309287] [00000088] *pgd=00000000
|
||||
[ 3569.313104] Internal error: Oops: 5 [#1] SMP ARM
|
||||
[ 3569.317986] Modules linked in: ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_filter ebtable_nat ebtable_broute bridge stp llc ebtables ip6table_security ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_filter ip6_tables iptable_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle musb_dsps cppi41 musb_hdrc phy_am335x udc_core phy_generic phy_am335x_control omap_sham omap_aes omap_rng omap_hwspinlock omap_mailbox hwspinlock_core musb_am335x omap_wdt at24 8250_omap leds_gpio cpufreq_dt smsc davinci_mdio mmc_block ti_cpsw cpsw_common ptp pps_core cpsw_ale davinci_cpdma omap_hsmmc omap_dma mmc_core i2c_dev
|
||||
[ 3569.386293] CPU: 0 PID: 1429 Comm: wdctl Not tainted 4.3.0-0.rc7.git0.1.fc24.armv7hl #1
|
||||
[ 3569.394740] Hardware name: Generic AM33XX (Flattened Device Tree)
|
||||
[ 3569.401179] task: dbd11a00 ti: dbaac000 task.ti: dbaac000
|
||||
[ 3569.406917] PC is at omap_wdt_get_timeleft+0xc/0x20 [omap_wdt]
|
||||
[ 3569.413106] LR is at watchdog_ioctl+0x3cc/0x42c
|
||||
[ 3569.417902] pc : [<bf0ab138>] lr : [<c0739c54>] psr: 600f0013
|
||||
[ 3569.417902] sp : dbaadf18 ip : 00000003 fp : 7f5d3bbe
|
||||
[ 3569.430014] r10: 00000000 r9 : 00000003 r8 : bef21ab8
|
||||
[ 3569.435535] r7 : dbbc0f7c r6 : dbbc0f18 r5 : bef21ab8 r4 : 00000000
|
||||
[ 3569.442427] r3 : 00000000 r2 : 00000000 r1 : 8004570a r0 : dbbc0f18
|
||||
[ 3569.449323] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
|
||||
[ 3569.456858] Control: 10c5387d Table: 9c894019 DAC: 00000051
|
||||
[ 3569.462927] Process wdctl (pid: 1429, stack limit = 0xdbaac220)
|
||||
[ 3569.469179] Stack: (0xdbaadf18 to 0xdbaae000)
|
||||
[ 3569.473790] df00: bef21ab8 dbf60e38
|
||||
[ 3569.482441] df20: dc91b840 8004570a bef21ab8 c03988a4 dbaadf48 dc854000 00000000 dd313850
|
||||
[ 3569.491092] df40: ddf033b8 0000570a dc91b80b dbaadf3c dbf60e38 00000020 c0df9250 c0df6c48
|
||||
[ 3569.499741] df60: dc91b840 8004570a 00000000 dc91b840 dc91b840 8004570a bef21ab8 00000003
|
||||
[ 3569.508389] df80: 00000000 c03989d4 bef21b74 7f5d3bad 00000003 00000036 c020fcc4 dbaac000
|
||||
[ 3569.517037] dfa0: 00000000 c020fb00 bef21b74 7f5d3bad 00000003 8004570a bef21ab8 00000001
|
||||
[ 3569.525685] dfc0: bef21b74 7f5d3bad 00000003 00000036 00000001 00000000 7f5e4eb0 7f5d3bbe
|
||||
[ 3569.534334] dfe0: 7f5e4f10 bef21a3c 7f5d0a54 b6e97e0c a00f0010 00000003 00000000 00000000
|
||||
[ 3569.543038] [<bf0ab138>] (omap_wdt_get_timeleft [omap_wdt]) from [<c0739c54>] (watchdog_ioctl+0x3cc/0x42c)
|
||||
[ 3569.553266] [<c0739c54>] (watchdog_ioctl) from [<c03988a4>] (do_vfs_ioctl+0x5bc/0x698)
|
||||
[ 3569.561648] [<c03988a4>] (do_vfs_ioctl) from [<c03989d4>] (SyS_ioctl+0x54/0x7c)
|
||||
[ 3569.569400] [<c03989d4>] (SyS_ioctl) from [<c020fb00>] (ret_fast_syscall+0x0/0x3c)
|
||||
[ 3569.577413] Code: e12fff1e e52de004 e8bd4000 e5903060 (e5933088)
|
||||
[ 3569.584089] ---[ end trace cec3039bd3ae610a ]---
|
||||
|
||||
Cc: <stable@vger.kernel.org> # v4.2+
|
||||
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
|
||||
---
|
||||
drivers/watchdog/omap_wdt.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/watchdog/omap_wdt.c b/drivers/watchdog/omap_wdt.c
|
||||
index d96bee0..6f17c93 100644
|
||||
--- a/drivers/watchdog/omap_wdt.c
|
||||
+++ b/drivers/watchdog/omap_wdt.c
|
||||
@@ -205,7 +205,7 @@ static int omap_wdt_set_timeout(struct watchdog_device *wdog,
|
||||
|
||||
static unsigned int omap_wdt_get_timeleft(struct watchdog_device *wdog)
|
||||
{
|
||||
- struct omap_wdt_dev *wdev = watchdog_get_drvdata(wdog);
|
||||
+ struct omap_wdt_dev *wdev = to_omap_wdt_dev(wdog);
|
||||
void __iomem *base = wdev->base;
|
||||
u32 value;
|
||||
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,86 @@
|
|||
From 680ac028240f8747f31c03986fbcf18b2b521e93 Mon Sep 17 00:00:00 2001
|
||||
From: Borislav Petkov <bp@suse.de>
|
||||
Date: Mon, 27 Jul 2015 09:58:05 +0200
|
||||
Subject: [PATCH] x86/cpu/cacheinfo: Fix teardown path
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Philip Müller reported a hang when booting 32-bit 4.1 kernel on
|
||||
an AMD box. A fragment of the splat was enough to pinpoint the
|
||||
issue:
|
||||
|
||||
task: f58e0000 ti: f58e8000 task.ti: f58e800
|
||||
EIP: 0060:[<c135a903>] EFLAGS: 00010206 CPU: 0
|
||||
EIP is at free_cache_attributes+0x83/0xd0
|
||||
EAX: 00000001 EBX: f589d46c ECX: 00000090 EDX: 360c2000
|
||||
ESI: 00000000 EDI: c1724a80 EBP: f58e9ec0 ESP: f58e9ea0
|
||||
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
|
||||
CR0: 8005003b CR2: 000000ac CR3: 01731000 CR4: 000006d0
|
||||
|
||||
cache_shared_cpu_map_setup() did check sibling CPUs cacheinfo
|
||||
descriptor while the respective teardown path
|
||||
cache_shared_cpu_map_remove() didn't. Fix that.
|
||||
|
||||
From tglx's version: to be on the safe side, move the cacheinfo
|
||||
descriptor check to free_cache_attributes(), thus cleaning up
|
||||
the hotplug path a little and making this even more robust.
|
||||
|
||||
Reported-by: Philip Müller <philm@manjaro.org>
|
||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||
Cc: <stable@vger.kernel.org> # v4.1+
|
||||
Cc: Andre Przywara <andre.przywara@arm.com>
|
||||
Cc: Guenter Roeck <linux@roeck-us.net>
|
||||
Cc: H. Peter Anvin <hpa@zytor.com>
|
||||
Cc: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
||||
Cc: Sudeep Holla <sudeep.holla@arm.com>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: linux-kernel@vger.kernel.org
|
||||
Cc: manjaro-dev@manjaro.org
|
||||
Link: http://lkml.kernel.org/r/20150727075805.GA20416@nazgul.tnic
|
||||
Link: https://lkml.kernel.org/r/55B47BB8.6080202@manjaro.org
|
||||
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
||||
---
|
||||
drivers/base/cacheinfo.c | 10 ++++++++--
|
||||
1 file changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/base/cacheinfo.c b/drivers/base/cacheinfo.c
|
||||
index 764280a91776..e9fd32e91668 100644
|
||||
--- a/drivers/base/cacheinfo.c
|
||||
+++ b/drivers/base/cacheinfo.c
|
||||
@@ -148,7 +148,11 @@ static void cache_shared_cpu_map_remove(unsigned int cpu)
|
||||
|
||||
if (sibling == cpu) /* skip itself */
|
||||
continue;
|
||||
+
|
||||
sib_cpu_ci = get_cpu_cacheinfo(sibling);
|
||||
+ if (!sib_cpu_ci->info_list)
|
||||
+ continue;
|
||||
+
|
||||
sib_leaf = sib_cpu_ci->info_list + index;
|
||||
cpumask_clear_cpu(cpu, &sib_leaf->shared_cpu_map);
|
||||
cpumask_clear_cpu(sibling, &this_leaf->shared_cpu_map);
|
||||
@@ -159,6 +163,9 @@ static void cache_shared_cpu_map_remove(unsigned int cpu)
|
||||
|
||||
static void free_cache_attributes(unsigned int cpu)
|
||||
{
|
||||
+ if (!per_cpu_cacheinfo(cpu))
|
||||
+ return;
|
||||
+
|
||||
cache_shared_cpu_map_remove(cpu);
|
||||
|
||||
kfree(per_cpu_cacheinfo(cpu));
|
||||
@@ -514,8 +521,7 @@ static int cacheinfo_cpu_callback(struct notifier_block *nfb,
|
||||
break;
|
||||
case CPU_DEAD:
|
||||
cache_remove_dev(cpu);
|
||||
- if (per_cpu_cacheinfo(cpu))
|
||||
- free_cache_attributes(cpu);
|
||||
+ free_cache_attributes(cpu);
|
||||
break;
|
||||
}
|
||||
return notifier_from_errno(rc);
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,61 +0,0 @@
|
|||
From fd7cd061adcf5f7503515ba52b6a724642a839c8 Mon Sep 17 00:00:00 2001
|
||||
From: Laura Abbott <labbott@fedoraproject.org>
|
||||
Date: Mon, 12 Oct 2015 11:30:13 +0300
|
||||
Subject: [PATCH] xhci: Add spurious wakeup quirk for LynxPoint-LP controllers
|
||||
|
||||
We received several reports of systems rebooting and powering on
|
||||
after an attempted shutdown. Testing showed that setting
|
||||
XHCI_SPURIOUS_WAKEUP quirk in addition to the XHCI_SPURIOUS_REBOOT
|
||||
quirk allowed the system to shutdown as expected for LynxPoint-LP
|
||||
xHCI controllers. Set the quirk back.
|
||||
|
||||
Note that the quirk was originally introduced for LynxPoint and
|
||||
LynxPoint-LP just for this same reason. See:
|
||||
|
||||
commit 638298dc66ea ("xhci: Fix spurious wakeups after S5 on Haswell")
|
||||
|
||||
It was later limited to only concern HP machines as it caused
|
||||
regression on some machines, see both bug and commit:
|
||||
|
||||
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=66171
|
||||
commit 6962d914f317 ("xhci: Limit the spurious wakeup fix only to HP machines")
|
||||
|
||||
Later it was discovered that the powering on after shutdown
|
||||
was limited to LynxPoint-LP (Haswell-ULT) and that some non-LP HP
|
||||
machine suffered from spontaneous resume from S3 (which should
|
||||
not be related to the SPURIOUS_WAKEUP quirk at all). An attempt
|
||||
to fix this then removed the SPURIOUS_WAKEUP flag usage completely.
|
||||
|
||||
commit b45abacde3d5 ("xhci: no switching back on non-ULT Haswell")
|
||||
|
||||
Current understanding is that LynxPoint-LP (Haswell ULT) machines
|
||||
need the SPURIOUS_WAKEUP quirk, otherwise they will restart, and
|
||||
plain Lynxpoint (Haswell) machines may _not_ have the quirk
|
||||
set otherwise they again will restart.
|
||||
|
||||
Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
|
||||
Cc: Takashi Iwai <tiwai@suse.de>
|
||||
Cc: Oliver Neukum <oneukum@suse.com>
|
||||
[Added more history to commit message -Mathias]
|
||||
Cc: stable <stable@vger.kernel.org>
|
||||
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
|
||||
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||
---
|
||||
drivers/usb/host/xhci-pci.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c
|
||||
index c79d336..c47d3e4 100644
|
||||
--- a/drivers/usb/host/xhci-pci.c
|
||||
+++ b/drivers/usb/host/xhci-pci.c
|
||||
@@ -147,6 +147,7 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci)
|
||||
if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
|
||||
pdev->device == PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI) {
|
||||
xhci->quirks |= XHCI_SPURIOUS_REBOOT;
|
||||
+ xhci->quirks |= XHCI_SPURIOUS_WAKEUP;
|
||||
}
|
||||
if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
|
||||
(pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI ||
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
From 93f27344ac019135dd5ff31a518f1ef2d9e4e4a1 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Mon, 19 Oct 2015 11:33:38 +0100
|
||||
Subject: [PATCH 2/2] KEYS: Don't permit request_key() to construct a new
|
||||
keyring
|
||||
|
||||
If request_key() is used to find a keyring, only do the search part - don't
|
||||
do the construction part if the keyring was not found by the search. We
|
||||
don't really want keyrings in the negative instantiated state since the
|
||||
rejected/negative instantiation error value in the payload is unioned with
|
||||
keyring metadata.
|
||||
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
security/keys/request_key.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
|
||||
index 486ef6fa393b..0d6253124278 100644
|
||||
--- a/security/keys/request_key.c
|
||||
+++ b/security/keys/request_key.c
|
||||
@@ -440,6 +440,9 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx,
|
||||
|
||||
kenter("");
|
||||
|
||||
+ if (ctx->index_key.type == &key_type_keyring)
|
||||
+ return ERR_PTR(-EPERM);
|
||||
+
|
||||
user = key_user_lookup(current_fsuid());
|
||||
if (!user)
|
||||
return ERR_PTR(-ENOMEM);
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
From 4b85149b764cd024e3dd2aff9eb22a9e1aadd1fa Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 08:39:37 -0500
|
||||
Subject: [PATCH] ACPI: Limit access to custom_method
|
||||
Subject: [PATCH 04/20] ACPI: Limit access to custom_method
|
||||
|
||||
custom_method effectively allows arbitrary access to system memory, making
|
||||
it possible for an attacker to circumvent restrictions on module loading.
|
||||
|
@ -25,3 +26,6 @@ index c68e72414a67..4277938af700 100644
|
|||
if (!(*ppos)) {
|
||||
/* parse the table header to get the table length */
|
||||
if (count <= sizeof(struct acpi_table_header))
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From 34e3e23e08fdccbf4637deab0cf03070d4f2226d Mon Sep 17 00:00:00 2001
|
||||
From: Dave Howells <dhowells@redhat.com>
|
||||
Date: Tue, 23 Oct 2012 09:30:54 -0400
|
||||
Subject: [PATCH] Add EFI signature data types
|
||||
Subject: [PATCH 15/20] Add EFI signature data types
|
||||
|
||||
Add the data types that are used for containing hashes, keys and certificates
|
||||
for cryptographic verification.
|
||||
|
@ -51,3 +52,6 @@ index de3e45088d4a..fac43c611614 100644
|
|||
/*
|
||||
* All runtime access to EFI goes through this structure:
|
||||
*/
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From c279ba86f93cf6a75d078e2d0e3f59d4ba8a2dd0 Mon Sep 17 00:00:00 2001
|
||||
From: Dave Howells <dhowells@redhat.com>
|
||||
Date: Tue, 23 Oct 2012 09:36:28 -0400
|
||||
Subject: [PATCH] Add an EFI signature blob parser and key loader.
|
||||
Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader.
|
||||
|
||||
X.509 certificates are loaded into the specified keyring as asymmetric type
|
||||
keys.
|
||||
|
@ -32,7 +33,7 @@ index 4870f28403f5..4a1b50d73b80 100644
|
|||
+
|
||||
endif # ASYMMETRIC_KEY_TYPE
|
||||
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
|
||||
index e47fcd9ac5e8..6512f6596785 100644
|
||||
index cd1406f9b14a..d9db380bbe53 100644
|
||||
--- a/crypto/asymmetric_keys/Makefile
|
||||
+++ b/crypto/asymmetric_keys/Makefile
|
||||
@@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
|
||||
|
@ -173,3 +174,6 @@ index fac43c611614..414c3c3d988d 100644
|
|||
/**
|
||||
* efi_range_is_wc - check the WC bit on an address range
|
||||
* @start: starting kvirt address
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
From 37431394b3eeb1ef6d38d0e6b2693210606c2c2c Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 18:36:30 -0400
|
||||
Subject: [PATCH] Add option to automatically enforce module signatures when in
|
||||
Secure Boot mode
|
||||
Subject: [PATCH 10/20] Add option to automatically enforce module signatures
|
||||
when in Secure Boot mode
|
||||
|
||||
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
|
||||
only load signed bootloaders and kernels. Certain use cases may also
|
||||
|
@ -20,10 +21,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
|||
7 files changed, 69 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
|
||||
index 82fbdbc1e0b0..a811210ad486 100644
|
||||
index 95a4d34af3fd..b8527c6b7646 100644
|
||||
--- a/Documentation/x86/zero-page.txt
|
||||
+++ b/Documentation/x86/zero-page.txt
|
||||
@@ -30,6 +30,8 @@ Offset Proto Name Meaning
|
||||
@@ -31,6 +31,8 @@ Offset Proto Name Meaning
|
||||
1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below)
|
||||
1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer
|
||||
(below)
|
||||
|
@ -33,10 +34,10 @@ index 82fbdbc1e0b0..a811210ad486 100644
|
|||
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
|
||||
2D0/A00 ALL e820_map E820 memory map table
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index 3dbb7e7909ca..4da6644b1fd0 100644
|
||||
index cc0d73eac047..14db458f4774 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1703,6 +1703,16 @@ config EFI_MIXED
|
||||
@@ -1734,6 +1734,16 @@ config EFI_MIXED
|
||||
|
||||
If unsure, say N.
|
||||
|
||||
|
@ -54,7 +55,7 @@ index 3dbb7e7909ca..4da6644b1fd0 100644
|
|||
def_bool y
|
||||
prompt "Enable seccomp to safely compute untrusted bytecode"
|
||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||
index 2c82bd150d43..1ef8ea7f8ed9 100644
|
||||
index ee1b6d346b98..b4de3faa3f29 100644
|
||||
--- a/arch/x86/boot/compressed/eboot.c
|
||||
+++ b/arch/x86/boot/compressed/eboot.c
|
||||
@@ -12,6 +12,7 @@
|
||||
|
@ -115,7 +116,7 @@ index 2c82bd150d43..1ef8ea7f8ed9 100644
|
|||
|
||||
setup_efi_pci(boot_params);
|
||||
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
|
||||
index ab456dc233b5..74ba4083e7ce 100644
|
||||
index 329254373479..b61f8533c0fd 100644
|
||||
--- a/arch/x86/include/uapi/asm/bootparam.h
|
||||
+++ b/arch/x86/include/uapi/asm/bootparam.h
|
||||
@@ -134,7 +134,8 @@ struct boot_params {
|
||||
|
@ -129,10 +130,10 @@ index ab456dc233b5..74ba4083e7ce 100644
|
|||
* The sentinel is set to a nonzero value (0xff) in header.S.
|
||||
*
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 80f874bf999e..c2e4f52cad30 100644
|
||||
index baadbf90a7c5..1ac118146e90 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -1160,6 +1160,12 @@ void __init setup_arch(char **cmdline_p)
|
||||
@@ -1135,6 +1135,12 @@ void __init setup_arch(char **cmdline_p)
|
||||
|
||||
io_delay_init();
|
||||
|
||||
|
@ -146,10 +147,10 @@ index 80f874bf999e..c2e4f52cad30 100644
|
|||
* Parse the ACPI tables for possible boot-time SMP configuration.
|
||||
*/
|
||||
diff --git a/include/linux/module.h b/include/linux/module.h
|
||||
index 57474384b66b..b69d657c3700 100644
|
||||
index db386349cd01..4b8df91f03cd 100644
|
||||
--- a/include/linux/module.h
|
||||
+++ b/include/linux/module.h
|
||||
@@ -189,6 +189,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
|
||||
@@ -273,6 +273,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
|
||||
|
||||
struct notifier_block;
|
||||
|
||||
|
@ -163,10 +164,10 @@ index 57474384b66b..b69d657c3700 100644
|
|||
|
||||
extern int modules_disabled; /* for sysctl */
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index e9869c497175..87fa14fedc88 100644
|
||||
index 7f045246e123..2b403ab0ef29 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -4084,6 +4084,13 @@ void module_layout(struct module *mod,
|
||||
@@ -4088,6 +4088,13 @@ void module_layout(struct module *mod,
|
||||
EXPORT_SYMBOL(module_layout);
|
||||
#endif
|
||||
|
||||
|
@ -180,3 +181,6 @@ index e9869c497175..87fa14fedc88 100644
|
|||
bool secure_modules(void)
|
||||
{
|
||||
#ifdef CONFIG_MODULE_SIG
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From a1aaf20cffb1a949c5d6b1198690c7c30cfda4d5 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 17:58:15 -0400
|
||||
Subject: [PATCH] Add secure_modules() call
|
||||
Subject: [PATCH 01/20] Add secure_modules() call
|
||||
|
||||
Provide a single call to allow kernel code to determine whether the system
|
||||
has been configured to either disable module loading entirely or to load
|
||||
|
@ -16,10 +17,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
|||
2 files changed, 16 insertions(+)
|
||||
|
||||
diff --git a/include/linux/module.h b/include/linux/module.h
|
||||
index d67b1932cc59..57474384b66b 100644
|
||||
index 3a19c79918e0..db386349cd01 100644
|
||||
--- a/include/linux/module.h
|
||||
+++ b/include/linux/module.h
|
||||
@@ -551,6 +551,8 @@ static inline bool module_requested_async_probing(struct module *module)
|
||||
@@ -635,6 +635,8 @@ static inline bool module_requested_async_probing(struct module *module)
|
||||
return module && module->async_probe_requested;
|
||||
}
|
||||
|
||||
|
@ -28,7 +29,7 @@ index d67b1932cc59..57474384b66b 100644
|
|||
#else /* !CONFIG_MODULES... */
|
||||
|
||||
/* Given an address, look for it in the exception tables. */
|
||||
@@ -667,6 +669,10 @@ static inline bool module_requested_async_probing(struct module *module)
|
||||
@@ -751,6 +753,10 @@ static inline bool module_requested_async_probing(struct module *module)
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -40,10 +41,10 @@ index d67b1932cc59..57474384b66b 100644
|
|||
|
||||
#ifdef CONFIG_SYSFS
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index 4d2b82e610e2..e9869c497175 100644
|
||||
index b86b7bf1be38..7f045246e123 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -4083,3 +4083,13 @@ void module_layout(struct module *mod,
|
||||
@@ -4087,3 +4087,13 @@ void module_layout(struct module *mod,
|
||||
}
|
||||
EXPORT_SYMBOL(module_layout);
|
||||
#endif
|
||||
|
@ -57,3 +58,6 @@ index 4d2b82e610e2..e9869c497175 100644
|
|||
+#endif
|
||||
+}
|
||||
+EXPORT_SYMBOL(secure_modules);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From 16d2ba5d5bc46e67e6aa7a3d113fbcc18c217388 Mon Sep 17 00:00:00 2001
|
||||
From: Kyle McMartin <kyle@redhat.com>
|
||||
Date: Fri, 30 Aug 2013 09:28:51 -0400
|
||||
Subject: [PATCH] Add sysrq option to disable secure boot mode
|
||||
Subject: [PATCH 20/20] Add sysrq option to disable secure boot mode
|
||||
|
||||
Bugzilla: N/A
|
||||
Upstream-status: Fedora mustard
|
||||
|
@ -15,7 +16,7 @@ Upstream-status: Fedora mustard
|
|||
7 files changed, 64 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 5def6b4143fa..1eac9d22cb0b 100644
|
||||
index f93826b8522c..41679b1aca83 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -70,6 +70,11 @@
|
||||
|
@ -30,7 +31,7 @@ index 5def6b4143fa..1eac9d22cb0b 100644
|
|||
#include <video/edid.h>
|
||||
|
||||
#include <asm/mtrr.h>
|
||||
@@ -1286,6 +1291,37 @@ void __init i386_reserve_resources(void)
|
||||
@@ -1261,6 +1266,37 @@ void __init i386_reserve_resources(void)
|
||||
|
||||
#endif /* CONFIG_X86_32 */
|
||||
|
||||
|
@ -69,10 +70,10 @@ index 5def6b4143fa..1eac9d22cb0b 100644
|
|||
.notifier_call = dump_kernel_offset
|
||||
};
|
||||
diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
|
||||
index 421e29e4cd81..61c1eb97806c 100644
|
||||
index 345df9b03aed..dea6a6c4a39b 100644
|
||||
--- a/drivers/input/misc/uinput.c
|
||||
+++ b/drivers/input/misc/uinput.c
|
||||
@@ -366,6 +366,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
|
||||
@@ -364,6 +364,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
|
||||
if (!udev->dev)
|
||||
return -ENOMEM;
|
||||
|
||||
|
@ -81,10 +82,10 @@ index 421e29e4cd81..61c1eb97806c 100644
|
|||
input_set_drvdata(udev->dev, udev);
|
||||
|
||||
diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
|
||||
index b5b427888b24..289c7898a3b0 100644
|
||||
index 95b330a9ea98..dfa3e154a719 100644
|
||||
--- a/drivers/tty/sysrq.c
|
||||
+++ b/drivers/tty/sysrq.c
|
||||
@@ -465,6 +465,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
|
||||
@@ -472,6 +472,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
|
||||
/* x: May be registered on mips for TLB dump */
|
||||
/* x: May be registered on ppc/powerpc for xmon */
|
||||
/* x: May be registered on sparc64 for global PMU dump */
|
||||
|
@ -92,7 +93,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
NULL, /* x */
|
||||
/* y: May be registered on sparc64 for global register dump */
|
||||
NULL, /* y */
|
||||
@@ -508,7 +509,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
|
||||
@@ -515,7 +516,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
|
||||
sysrq_key_table[i] = op_p;
|
||||
}
|
||||
|
||||
|
@ -101,7 +102,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
{
|
||||
struct sysrq_key_op *op_p;
|
||||
int orig_log_level;
|
||||
@@ -528,11 +529,15 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
@@ -535,11 +536,15 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
|
||||
op_p = __sysrq_get_key_op(key);
|
||||
if (op_p) {
|
||||
|
@ -118,7 +119,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
pr_cont("%s\n", op_p->action_msg);
|
||||
console_loglevel = orig_log_level;
|
||||
op_p->handler(key);
|
||||
@@ -564,7 +569,7 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
@@ -571,7 +576,7 @@ void __handle_sysrq(int key, bool check_mask)
|
||||
void handle_sysrq(int key)
|
||||
{
|
||||
if (sysrq_on())
|
||||
|
@ -127,7 +128,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
}
|
||||
EXPORT_SYMBOL(handle_sysrq);
|
||||
|
||||
@@ -645,7 +650,7 @@ static void sysrq_do_reset(unsigned long _state)
|
||||
@@ -652,7 +657,7 @@ static void sysrq_do_reset(unsigned long _state)
|
||||
static void sysrq_handle_reset_request(struct sysrq_state *state)
|
||||
{
|
||||
if (state->reset_requested)
|
||||
|
@ -136,7 +137,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
|
||||
if (sysrq_reset_downtime_ms)
|
||||
mod_timer(&state->keyreset_timer,
|
||||
@@ -796,8 +801,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
|
||||
@@ -803,8 +808,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
|
||||
|
||||
default:
|
||||
if (sysrq->active && value && value != 2) {
|
||||
|
@ -148,7 +149,7 @@ index b5b427888b24..289c7898a3b0 100644
|
|||
}
|
||||
break;
|
||||
}
|
||||
@@ -1077,7 +1084,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
|
||||
@@ -1084,7 +1091,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
|
||||
|
||||
if (get_user(c, buf))
|
||||
return -EFAULT;
|
||||
|
@ -228,7 +229,7 @@ index 4121345498e0..0ff3cef5df96 100644
|
|||
|
||||
return 0;
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index 87fa14fedc88..61385e686d49 100644
|
||||
index 2b403ab0ef29..7818c110e95c 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -292,7 +292,7 @@ static void module_assert_mutex_or_preempt(void)
|
||||
|
@ -240,3 +241,6 @@ index 87fa14fedc88..61385e686d49 100644
|
|||
#ifndef CONFIG_MODULE_SIG_FORCE
|
||||
module_param(sig_enforce, bool_enable_only, 0644);
|
||||
#endif /* !CONFIG_MODULE_SIG_FORCE */
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
From 37e81f1a82ba4f214c05c4cc3807378753c7a867 Mon Sep 17 00:00:00 2001
|
||||
From: Allen Hung <allen_hung@dell.com>
|
||||
Date: Fri, 20 Nov 2015 18:21:06 +0800
|
||||
Subject: [PATCH] HID: multitouch: enable palm rejection if device implements
|
||||
confidence usage
|
||||
|
||||
The usage Confidence is mandary to Windows Precision Touchpad devices. The
|
||||
appearance of this usage is checked in hidinput_connect but the quirk
|
||||
MT_QUIRK_VALID_IS_CONFIDENCE is not applied to device accordingly.
|
||||
Apply this quirk and also remove quirk MT_QUIRK_ALWAYS_VALID to enable palm
|
||||
rejection for the WIN 8 touchpad devices which have implemented usage
|
||||
Confidence in its input reports.
|
||||
|
||||
Tested on Dell XPS 13 laptop.
|
||||
|
||||
Signed-off-by: Allen Hung <allen_hung@dell.com>
|
||||
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
|
||||
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
||||
---
|
||||
drivers/hid/hid-multitouch.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
|
||||
index 7c811252c1ce..0c94348a168d 100644
|
||||
--- a/drivers/hid/hid-multitouch.c
|
||||
+++ b/drivers/hid/hid-multitouch.c
|
||||
@@ -448,6 +448,11 @@ static int mt_touch_input_mapping(struct hid_device *hdev, struct hid_input *hi,
|
||||
mt_store_field(usage, td, hi);
|
||||
return 1;
|
||||
case HID_DG_CONFIDENCE:
|
||||
+ if (cls->name == MT_CLS_WIN_8 &&
|
||||
+ field->application == HID_DG_TOUCHPAD) {
|
||||
+ cls->quirks &= ~MT_QUIRK_ALWAYS_VALID;
|
||||
+ cls->quirks |= MT_QUIRK_VALID_IS_CONFIDENCE;
|
||||
+ }
|
||||
mt_store_field(usage, td, hi);
|
||||
return 1;
|
||||
case HID_DG_TIPSWITCH:
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,117 @@
|
|||
From b9a532277938798b53178d5a66af6e2915cb27cf Mon Sep 17 00:00:00 2001
|
||||
From: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Date: Wed, 30 Sep 2015 12:48:40 -0400
|
||||
Subject: [PATCH] Initialize msg/shm IPC objects before doing ipc_addid()
|
||||
|
||||
As reported by Dmitry Vyukov, we really shouldn't do ipc_addid() before
|
||||
having initialized the IPC object state. Yes, we initialize the IPC
|
||||
object in a locked state, but with all the lockless RCU lookup work,
|
||||
that IPC object lock no longer means that the state cannot be seen.
|
||||
|
||||
We already did this for the IPC semaphore code (see commit e8577d1f0329:
|
||||
"ipc/sem.c: fully initialize sem_array before making it visible") but we
|
||||
clearly forgot about msg and shm.
|
||||
|
||||
Reported-by: Dmitry Vyukov <dvyukov@google.com>
|
||||
Cc: Manfred Spraul <manfred@colorfullife.com>
|
||||
Cc: Davidlohr Bueso <dbueso@suse.de>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
---
|
||||
ipc/msg.c | 14 +++++++-------
|
||||
ipc/shm.c | 13 +++++++------
|
||||
ipc/util.c | 8 ++++----
|
||||
3 files changed, 18 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/ipc/msg.c b/ipc/msg.c
|
||||
index 66c4f567eb73..1471db9a7e61 100644
|
||||
--- a/ipc/msg.c
|
||||
+++ b/ipc/msg.c
|
||||
@@ -137,13 +137,6 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
|
||||
return retval;
|
||||
}
|
||||
|
||||
- /* ipc_addid() locks msq upon success. */
|
||||
- id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni);
|
||||
- if (id < 0) {
|
||||
- ipc_rcu_putref(msq, msg_rcu_free);
|
||||
- return id;
|
||||
- }
|
||||
-
|
||||
msq->q_stime = msq->q_rtime = 0;
|
||||
msq->q_ctime = get_seconds();
|
||||
msq->q_cbytes = msq->q_qnum = 0;
|
||||
@@ -153,6 +146,13 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
|
||||
INIT_LIST_HEAD(&msq->q_receivers);
|
||||
INIT_LIST_HEAD(&msq->q_senders);
|
||||
|
||||
+ /* ipc_addid() locks msq upon success. */
|
||||
+ id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni);
|
||||
+ if (id < 0) {
|
||||
+ ipc_rcu_putref(msq, msg_rcu_free);
|
||||
+ return id;
|
||||
+ }
|
||||
+
|
||||
ipc_unlock_object(&msq->q_perm);
|
||||
rcu_read_unlock();
|
||||
|
||||
diff --git a/ipc/shm.c b/ipc/shm.c
|
||||
index 222131e8e38f..41787276e141 100644
|
||||
--- a/ipc/shm.c
|
||||
+++ b/ipc/shm.c
|
||||
@@ -551,12 +551,6 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
|
||||
if (IS_ERR(file))
|
||||
goto no_file;
|
||||
|
||||
- id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
|
||||
- if (id < 0) {
|
||||
- error = id;
|
||||
- goto no_id;
|
||||
- }
|
||||
-
|
||||
shp->shm_cprid = task_tgid_vnr(current);
|
||||
shp->shm_lprid = 0;
|
||||
shp->shm_atim = shp->shm_dtim = 0;
|
||||
@@ -565,6 +559,13 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
|
||||
shp->shm_nattch = 0;
|
||||
shp->shm_file = file;
|
||||
shp->shm_creator = current;
|
||||
+
|
||||
+ id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
|
||||
+ if (id < 0) {
|
||||
+ error = id;
|
||||
+ goto no_id;
|
||||
+ }
|
||||
+
|
||||
list_add(&shp->shm_clist, ¤t->sysvshm.shm_clist);
|
||||
|
||||
/*
|
||||
diff --git a/ipc/util.c b/ipc/util.c
|
||||
index be4230020a1f..0f401d94b7c6 100644
|
||||
--- a/ipc/util.c
|
||||
+++ b/ipc/util.c
|
||||
@@ -237,6 +237,10 @@ int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int size)
|
||||
rcu_read_lock();
|
||||
spin_lock(&new->lock);
|
||||
|
||||
+ current_euid_egid(&euid, &egid);
|
||||
+ new->cuid = new->uid = euid;
|
||||
+ new->gid = new->cgid = egid;
|
||||
+
|
||||
id = idr_alloc(&ids->ipcs_idr, new,
|
||||
(next_id < 0) ? 0 : ipcid_to_idx(next_id), 0,
|
||||
GFP_NOWAIT);
|
||||
@@ -249,10 +253,6 @@ int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int size)
|
||||
|
||||
ids->in_use++;
|
||||
|
||||
- current_euid_egid(&euid, &egid);
|
||||
- new->cuid = new->uid = euid;
|
||||
- new->gid = new->cgid = egid;
|
||||
-
|
||||
if (next_id < 0) {
|
||||
new->seq = ids->seq++;
|
||||
if (ids->seq > IPCID_SEQ_MAX)
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
From a0edc539fda3f0a4a271f47a0fcf79d1305c1444 Mon Sep 17 00:00:00 2001
|
||||
From: Vladis Dronov <vdronov@redhat.com>
|
||||
Date: Wed, 25 Nov 2015 16:31:35 +0100
|
||||
Subject: [PATCH] Input: aiptek: fix crash on detecting device without
|
||||
endpoints
|
||||
|
||||
The aiptek driver crashes in aiptek_probe() when a specially crafted usb device
|
||||
without endpoints is detected. This fix adds a check that the device has proper
|
||||
configuration expected by the driver. Also an error return value is changed to
|
||||
more matching one in one of the error paths.
|
||||
|
||||
Reported-by: Ralf Spenneberg <ralf@spenneberg.net>
|
||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||
---
|
||||
drivers/input/tablet/aiptek.c | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/drivers/input/tablet/aiptek.c b/drivers/input/tablet/aiptek.c
|
||||
index e7f966da6efa..78c0732fbb57 100644
|
||||
--- a/drivers/input/tablet/aiptek.c
|
||||
+++ b/drivers/input/tablet/aiptek.c
|
||||
@@ -1819,6 +1819,15 @@ aiptek_probe(struct usb_interface *intf, const struct usb_device_id *id)
|
||||
input_set_abs_params(inputdev, ABS_TILT_Y, AIPTEK_TILT_MIN, AIPTEK_TILT_MAX, 0, 0);
|
||||
input_set_abs_params(inputdev, ABS_WHEEL, AIPTEK_WHEEL_MIN, AIPTEK_WHEEL_MAX - 1, 0, 0);
|
||||
|
||||
+ /* Verify that a device really has an endpoint
|
||||
+ */
|
||||
+ if (intf->altsetting[0].desc.bNumEndpoints < 1) {
|
||||
+ dev_warn(&intf->dev,
|
||||
+ "interface has %d endpoints, but must have minimum 1\n",
|
||||
+ intf->altsetting[0].desc.bNumEndpoints);
|
||||
+ err = -ENODEV;
|
||||
+ goto fail3;
|
||||
+ }
|
||||
endpoint = &intf->altsetting[0].endpoint[0].desc;
|
||||
|
||||
/* Go set up our URB, which is called when the tablet receives
|
||||
@@ -1861,6 +1870,7 @@ aiptek_probe(struct usb_interface *intf, const struct usb_device_id *id)
|
||||
if (i == ARRAY_SIZE(speeds)) {
|
||||
dev_info(&intf->dev,
|
||||
"Aiptek tried all speeds, no sane response\n");
|
||||
+ err = -ENODEV;
|
||||
goto fail3;
|
||||
}
|
||||
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
From f630ce576114bfede02d8a0bafa97e4d6f978a74 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 26 Oct 2012 12:36:24 -0400
|
||||
Subject: [PATCH] KEYS: Add a system blacklist keyring
|
||||
Subject: [PATCH 17/20] KEYS: Add a system blacklist keyring
|
||||
|
||||
This adds an additional keyring that is used to store certificates that
|
||||
are blacklisted. This keyring is searched first when loading signed modules
|
||||
|
@ -9,72 +10,15 @@ useful in cases where third party certificates are used for module signing.
|
|||
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
certs/system_keyring.c | 27 +++++++++++++++++++++++++++
|
||||
include/keys/system_keyring.h | 4 ++++
|
||||
init/Kconfig | 9 +++++++++
|
||||
kernel/module_signing.c | 12 ++++++++++++
|
||||
kernel/system_keyring.c | 17 +++++++++++++++++
|
||||
4 files changed, 42 insertions(+)
|
||||
3 files changed, 40 insertions(+)
|
||||
|
||||
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
|
||||
index 72665eb80692..2c7b80d31366 100644
|
||||
--- a/include/keys/system_keyring.h
|
||||
+++ b/include/keys/system_keyring.h
|
||||
@@ -28,4 +28,8 @@ static inline struct key *get_system_trusted_keyring(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+extern struct key *system_blacklist_keyring;
|
||||
+#endif
|
||||
+
|
||||
#endif /* _KEYS_SYSTEM_KEYRING_H */
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index af09b4fb43d2..62f6fd191e4f 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1752,6 +1752,15 @@ config SYSTEM_TRUSTED_KEYRING
|
||||
|
||||
Keys in this keyring are used by module signature checking.
|
||||
|
||||
+config SYSTEM_BLACKLIST_KEYRING
|
||||
+ bool "Provide system-wide ring of blacklisted keys"
|
||||
+ depends on KEYS
|
||||
+ help
|
||||
+ Provide a system keyring to which blacklisted keys can be added.
|
||||
+ Keys in the keyring are considered entirely untrusted. Keys in this
|
||||
+ keyring are used by the module signature checking to reject loading
|
||||
+ of modules signed with a blacklisted key.
|
||||
+
|
||||
config PROFILING
|
||||
bool "Profiling support"
|
||||
help
|
||||
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
|
||||
index be5b8fac4bd0..fed815fcdaf2 100644
|
||||
--- a/kernel/module_signing.c
|
||||
+++ b/kernel/module_signing.c
|
||||
@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
|
||||
|
||||
pr_debug("Look up: \"%s\"\n", id);
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ key = keyring_search(make_key_ref(system_blacklist_keyring, 1),
|
||||
+ &key_type_asymmetric, id);
|
||||
+ if (!IS_ERR(key)) {
|
||||
+ /* module is signed with a cert in the blacklist. reject */
|
||||
+ pr_err("Module key '%s' is in blacklist\n", id);
|
||||
+ key_ref_put(key);
|
||||
+ kfree(id);
|
||||
+ return ERR_PTR(-EKEYREJECTED);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
key = keyring_search(make_key_ref(system_trusted_keyring, 1),
|
||||
&key_type_asymmetric, id);
|
||||
if (IS_ERR(key))
|
||||
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
|
||||
index 875f64e8935b..c15e93f5a418 100644
|
||||
--- a/kernel/system_keyring.c
|
||||
+++ b/kernel/system_keyring.c
|
||||
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
|
||||
index 2570598b784d..53733822993f 100644
|
||||
--- a/certs/system_keyring.c
|
||||
+++ b/certs/system_keyring.c
|
||||
@@ -20,6 +20,9 @@
|
||||
|
||||
struct key *system_trusted_keyring;
|
||||
|
@ -90,7 +34,7 @@ index 875f64e8935b..c15e93f5a418 100644
|
|||
|
||||
set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
|
||||
+
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
|
||||
+ KUIDT_INIT(0), KGIDT_INIT(0),
|
||||
+ current_cred(),
|
||||
|
@ -106,3 +50,56 @@ index 875f64e8935b..c15e93f5a418 100644
|
|||
return 0;
|
||||
}
|
||||
|
||||
@@ -138,6 +155,16 @@ int system_verify_data(const void *data, unsigned long len,
|
||||
if (ret < 0)
|
||||
goto error;
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+ ret = pkcs7_validate_trust(pkcs7, system_blacklist_keyring, &trusted);
|
||||
+ if (!ret) {
|
||||
+ /* module is signed with a cert in the blacklist. reject */
|
||||
+ pr_err("Module key is in the blacklist\n");
|
||||
+ ret = -EKEYREJECTED;
|
||||
+ goto error;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
ret = pkcs7_validate_trust(pkcs7, system_trusted_keyring, &trusted);
|
||||
if (ret < 0)
|
||||
goto error;
|
||||
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
|
||||
index b20cd885c1fd..51d8ddc60e0f 100644
|
||||
--- a/include/keys/system_keyring.h
|
||||
+++ b/include/keys/system_keyring.h
|
||||
@@ -35,4 +35,8 @@ extern int system_verify_data(const void *data, unsigned long len,
|
||||
enum key_being_used_for usage);
|
||||
#endif
|
||||
|
||||
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
|
||||
+extern struct key *system_blacklist_keyring;
|
||||
+#endif
|
||||
+
|
||||
#endif /* _KEYS_SYSTEM_KEYRING_H */
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index 02da9f1fd9df..782d26f02885 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1783,6 +1783,15 @@ config SYSTEM_DATA_VERIFICATION
|
||||
module verification, kexec image verification and firmware blob
|
||||
verification.
|
||||
|
||||
+config SYSTEM_BLACKLIST_KEYRING
|
||||
+ bool "Provide system-wide ring of blacklisted keys"
|
||||
+ depends on KEYS
|
||||
+ help
|
||||
+ Provide a system keyring to which blacklisted keys can be added.
|
||||
+ Keys in the keyring are considered entirely untrusted. Keys in this
|
||||
+ keyring are used by the module signature checking to reject loading
|
||||
+ of modules signed with a blacklisted key.
|
||||
+
|
||||
config PROFILING
|
||||
bool "Profiling support"
|
||||
help
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,125 @@
|
|||
From 3b34bea74e636583d34c8e472237a0bea1e3ba93 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Tue, 24 Nov 2015 21:36:31 +0000
|
||||
Subject: [PATCH] KEYS: Fix handling of stored error in a negatively
|
||||
instantiated user key
|
||||
|
||||
If a user key gets negatively instantiated, an error code is cached in the
|
||||
payload area. A negatively instantiated key may be then be positively
|
||||
instantiated by updating it with valid data. However, the ->update key
|
||||
type method must be aware that the error code may be there.
|
||||
|
||||
The following may be used to trigger the bug in the user key type:
|
||||
|
||||
keyctl request2 user user "" @u
|
||||
keyctl add user user "a" @u
|
||||
|
||||
which manifests itself as:
|
||||
|
||||
BUG: unable to handle kernel paging request at 00000000ffffff8a
|
||||
IP: [<ffffffff810a376f>] __call_rcu.constprop.76+0x1f/0x280 kernel/rcu/tree.c:3046
|
||||
PGD 7cc30067 PUD 0
|
||||
Oops: 0002 [#1] SMP
|
||||
Modules linked in:
|
||||
CPU: 3 PID: 2644 Comm: a.out Not tainted 4.3.0+ #49
|
||||
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
|
||||
task: ffff88003ddea700 ti: ffff88003dd88000 task.ti: ffff88003dd88000
|
||||
RIP: 0010:[<ffffffff810a376f>] [<ffffffff810a376f>] __call_rcu.constprop.76+0x1f/0x280
|
||||
[<ffffffff810a376f>] __call_rcu.constprop.76+0x1f/0x280 kernel/rcu/tree.c:3046
|
||||
RSP: 0018:ffff88003dd8bdb0 EFLAGS: 00010246
|
||||
RAX: 00000000ffffff82 RBX: 0000000000000000 RCX: 0000000000000001
|
||||
RDX: ffffffff81e3fe40 RSI: 0000000000000000 RDI: 00000000ffffff82
|
||||
RBP: ffff88003dd8bde0 R08: ffff88007d2d2da0 R09: 0000000000000000
|
||||
R10: 0000000000000000 R11: ffff88003e8073c0 R12: 00000000ffffff82
|
||||
R13: ffff88003dd8be68 R14: ffff88007d027600 R15: ffff88003ddea700
|
||||
FS: 0000000000b92880(0063) GS:ffff88007fd00000(0000) knlGS:0000000000000000
|
||||
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
|
||||
CR2: 00000000ffffff8a CR3: 000000007cc5f000 CR4: 00000000000006e0
|
||||
Stack:
|
||||
ffff88003dd8bdf0 ffffffff81160a8a 0000000000000000 00000000ffffff82
|
||||
ffff88003dd8be68 ffff88007d027600 ffff88003dd8bdf0 ffffffff810a39e5
|
||||
ffff88003dd8be20 ffffffff812a31ab ffff88007d027600 ffff88007d027620
|
||||
Call Trace:
|
||||
[<ffffffff810a39e5>] kfree_call_rcu+0x15/0x20 kernel/rcu/tree.c:3136
|
||||
[<ffffffff812a31ab>] user_update+0x8b/0xb0 security/keys/user_defined.c:129
|
||||
[< inline >] __key_update security/keys/key.c:730
|
||||
[<ffffffff8129e5c1>] key_create_or_update+0x291/0x440 security/keys/key.c:908
|
||||
[< inline >] SYSC_add_key security/keys/keyctl.c:125
|
||||
[<ffffffff8129fc21>] SyS_add_key+0x101/0x1e0 security/keys/keyctl.c:60
|
||||
[<ffffffff8185f617>] entry_SYSCALL_64_fastpath+0x12/0x6a arch/x86/entry/entry_64.S:185
|
||||
|
||||
Note the error code (-ENOKEY) in EDX.
|
||||
|
||||
A similar bug can be tripped by:
|
||||
|
||||
keyctl request2 trusted user "" @u
|
||||
keyctl add trusted user "a" @u
|
||||
|
||||
This should also affect encrypted keys - but that has to be correctly
|
||||
parameterised or it will fail with EINVAL before getting to the bit that
|
||||
will crashes.
|
||||
|
||||
Reported-by: Dmitry Vyukov <dvyukov@google.com>
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
|
||||
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
||||
---
|
||||
security/keys/encrypted-keys/encrypted.c | 2 ++
|
||||
security/keys/trusted.c | 5 ++++-
|
||||
security/keys/user_defined.c | 5 ++++-
|
||||
3 files changed, 10 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
|
||||
index 7bed4ad7cd76..0a374a2ce030 100644
|
||||
--- a/security/keys/encrypted-keys/encrypted.c
|
||||
+++ b/security/keys/encrypted-keys/encrypted.c
|
||||
@@ -845,6 +845,8 @@ static int encrypted_update(struct key *key, struct key_preparsed_payload *prep)
|
||||
size_t datalen = prep->datalen;
|
||||
int ret = 0;
|
||||
|
||||
+ if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))
|
||||
+ return -ENOKEY;
|
||||
if (datalen <= 0 || datalen > 32767 || !prep->data)
|
||||
return -EINVAL;
|
||||
|
||||
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
|
||||
index c0594cb07ada..aeb38f1a12e7 100644
|
||||
--- a/security/keys/trusted.c
|
||||
+++ b/security/keys/trusted.c
|
||||
@@ -984,13 +984,16 @@ static void trusted_rcu_free(struct rcu_head *rcu)
|
||||
*/
|
||||
static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
|
||||
{
|
||||
- struct trusted_key_payload *p = key->payload.data;
|
||||
+ struct trusted_key_payload *p;
|
||||
struct trusted_key_payload *new_p;
|
||||
struct trusted_key_options *new_o;
|
||||
size_t datalen = prep->datalen;
|
||||
char *datablob;
|
||||
int ret = 0;
|
||||
|
||||
+ if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))
|
||||
+ return -ENOKEY;
|
||||
+ p = key->payload.data;
|
||||
if (!p->migratable)
|
||||
return -EPERM;
|
||||
if (datalen <= 0 || datalen > 32767 || !prep->data)
|
||||
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
|
||||
index 36b47bbd3d8c..7cf22260bdff 100644
|
||||
--- a/security/keys/user_defined.c
|
||||
+++ b/security/keys/user_defined.c
|
||||
@@ -120,7 +120,10 @@ int user_update(struct key *key, struct key_preparsed_payload *prep)
|
||||
|
||||
if (ret == 0) {
|
||||
/* attach the new data, displacing the old */
|
||||
- zap = key->payload.data;
|
||||
+ if (!test_bit(KEY_FLAG_NEGATIVE, &key->flags))
|
||||
+ zap = key->payload.data;
|
||||
+ else
|
||||
+ zap = NULL;
|
||||
rcu_assign_keypointer(key, upayload);
|
||||
key->expiry = 0;
|
||||
}
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,108 @@
|
|||
From f144220f72062ed5359e0211f130670c915a12dd Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Mon, 14 Dec 2015 10:36:31 -0500
|
||||
Subject: [PATCH] KEYS: Fix race between read and revoke
|
||||
|
||||
There's a race between keyctl_read() and keyctl_revoke(). If the revoke
|
||||
happens between keyctl_read() checking the validity of a key and the key's
|
||||
semaphore being taken, then the key type read method will see a revoked key.
|
||||
|
||||
This causes a problem for the user-defined key type because it assumes in
|
||||
its read method that there will always be a payload in a non-revoked key
|
||||
and doesn't check for a NULL pointer.
|
||||
|
||||
Fix this by making keyctl_read() check the validity of a key after taking
|
||||
semaphore instead of before.
|
||||
|
||||
This was discovered by a multithreaded test program generated by syzkaller
|
||||
(http://github.com/google/syzkaller). Here's a cleaned up version:
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <keyutils.h>
|
||||
#include <pthread.h>
|
||||
void *thr0(void *arg)
|
||||
{
|
||||
key_serial_t key = (unsigned long)arg;
|
||||
keyctl_revoke(key);
|
||||
return 0;
|
||||
}
|
||||
void *thr1(void *arg)
|
||||
{
|
||||
key_serial_t key = (unsigned long)arg;
|
||||
char buffer[16];
|
||||
keyctl_read(key, buffer, 16);
|
||||
return 0;
|
||||
}
|
||||
int main()
|
||||
{
|
||||
key_serial_t key = add_key("user", "%", "foo", 3, KEY_SPEC_USER_KEYRING);
|
||||
pthread_t th[5];
|
||||
pthread_create(&th[0], 0, thr0, (void *)(unsigned long)key);
|
||||
pthread_create(&th[1], 0, thr1, (void *)(unsigned long)key);
|
||||
pthread_create(&th[2], 0, thr0, (void *)(unsigned long)key);
|
||||
pthread_create(&th[3], 0, thr1, (void *)(unsigned long)key);
|
||||
pthread_join(th[0], 0);
|
||||
pthread_join(th[1], 0);
|
||||
pthread_join(th[2], 0);
|
||||
pthread_join(th[3], 0);
|
||||
return 0;
|
||||
}
|
||||
|
||||
Build as:
|
||||
|
||||
cc -o keyctl-race keyctl-race.c -lkeyutils -lpthread
|
||||
|
||||
Run as:
|
||||
|
||||
while keyctl-race; do :; done
|
||||
|
||||
as it may need several iterations to crash the kernel. The crash can be
|
||||
summarised as:
|
||||
|
||||
BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
|
||||
IP: [<ffffffff81279b08>] user_read+0x56/0xa3
|
||||
...
|
||||
Call Trace:
|
||||
[<ffffffff81276aa9>] keyctl_read_key+0xb6/0xd7
|
||||
[<ffffffff81277815>] SyS_keyctl+0x83/0xe0
|
||||
[<ffffffff815dbb97>] entry_SYSCALL_64_fastpath+0x12/0x6f
|
||||
|
||||
Reported-by: Dmitry Vyukov <dvyukov@google.com>
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
security/keys/keyctl.c | 18 +++++++++---------
|
||||
1 file changed, 9 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
|
||||
index fb111eafcb89..1c3872aeed14 100644
|
||||
--- a/security/keys/keyctl.c
|
||||
+++ b/security/keys/keyctl.c
|
||||
@@ -751,16 +751,16 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
|
||||
|
||||
/* the key is probably readable - now try to read it */
|
||||
can_read_key:
|
||||
- ret = key_validate(key);
|
||||
- if (ret == 0) {
|
||||
- ret = -EOPNOTSUPP;
|
||||
- if (key->type->read) {
|
||||
- /* read the data with the semaphore held (since we
|
||||
- * might sleep) */
|
||||
- down_read(&key->sem);
|
||||
+ ret = -EOPNOTSUPP;
|
||||
+ if (key->type->read) {
|
||||
+ /* Read the data with the semaphore held (since we might sleep)
|
||||
+ * to protect against the key being updated or revoked.
|
||||
+ */
|
||||
+ down_read(&key->sem);
|
||||
+ ret = key_validate(key);
|
||||
+ if (ret == 0)
|
||||
ret = key->type->read(key, buffer, buflen);
|
||||
- up_read(&key->sem);
|
||||
- }
|
||||
+ up_read(&key->sem);
|
||||
}
|
||||
|
||||
error2:
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,80 @@
|
|||
From 48bb9bb210c6c2f185d891e3e7a401d849409f84 Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Tue, 10 Nov 2015 13:22:53 +0100
|
||||
Subject: [PATCH 2/2] KVM: svm: unconditionally intercept #DB
|
||||
|
||||
This is needed to avoid the possibility that the guest triggers
|
||||
an infinite stream of #DB exceptions (CVE-2015-8104).
|
||||
|
||||
VMX is not affected: because it does not save DR6 in the VMCS,
|
||||
it already intercepts #DB unconditionally.
|
||||
|
||||
Reported-by: Jan Beulich <jbeulich@suse.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/svm.c | 14 +++-----------
|
||||
1 file changed, 3 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
|
||||
index 7203b3cc71b5..184e50b3c35a 100644
|
||||
--- a/arch/x86/kvm/svm.c
|
||||
+++ b/arch/x86/kvm/svm.c
|
||||
@@ -1111,6 +1111,7 @@ static void init_vmcb(struct vcpu_svm *svm)
|
||||
set_exception_intercept(svm, UD_VECTOR);
|
||||
set_exception_intercept(svm, MC_VECTOR);
|
||||
set_exception_intercept(svm, AC_VECTOR);
|
||||
+ set_exception_intercept(svm, DB_VECTOR);
|
||||
|
||||
set_intercept(svm, INTERCEPT_INTR);
|
||||
set_intercept(svm, INTERCEPT_NMI);
|
||||
@@ -1645,20 +1646,13 @@ static void svm_set_segment(struct kvm_vcpu *vcpu,
|
||||
mark_dirty(svm->vmcb, VMCB_SEG);
|
||||
}
|
||||
|
||||
-static void update_db_bp_intercept(struct kvm_vcpu *vcpu)
|
||||
+static void update_bp_intercept(struct kvm_vcpu *vcpu)
|
||||
{
|
||||
struct vcpu_svm *svm = to_svm(vcpu);
|
||||
|
||||
- clr_exception_intercept(svm, DB_VECTOR);
|
||||
clr_exception_intercept(svm, BP_VECTOR);
|
||||
|
||||
- if (svm->nmi_singlestep)
|
||||
- set_exception_intercept(svm, DB_VECTOR);
|
||||
-
|
||||
if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
|
||||
- if (vcpu->guest_debug &
|
||||
- (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))
|
||||
- set_exception_intercept(svm, DB_VECTOR);
|
||||
if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
|
||||
set_exception_intercept(svm, BP_VECTOR);
|
||||
} else
|
||||
@@ -1764,7 +1758,6 @@ static int db_interception(struct vcpu_svm *svm)
|
||||
if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP))
|
||||
svm->vmcb->save.rflags &=
|
||||
~(X86_EFLAGS_TF | X86_EFLAGS_RF);
|
||||
- update_db_bp_intercept(&svm->vcpu);
|
||||
}
|
||||
|
||||
if (svm->vcpu.guest_debug &
|
||||
@@ -3753,7 +3746,6 @@ static void enable_nmi_window(struct kvm_vcpu *vcpu)
|
||||
*/
|
||||
svm->nmi_singlestep = true;
|
||||
svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
|
||||
- update_db_bp_intercept(vcpu);
|
||||
}
|
||||
|
||||
static int svm_set_tss_addr(struct kvm *kvm, unsigned int addr)
|
||||
@@ -4379,7 +4371,7 @@ static struct kvm_x86_ops svm_x86_ops = {
|
||||
.vcpu_load = svm_vcpu_load,
|
||||
.vcpu_put = svm_vcpu_put,
|
||||
|
||||
- .update_db_bp_intercept = update_db_bp_intercept,
|
||||
+ .update_db_bp_intercept = update_bp_intercept,
|
||||
.get_msr = svm_get_msr,
|
||||
.set_msr = svm_set_msr,
|
||||
.get_segment_base = svm_get_segment_base,
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
From 2246a781c8dbb1207a0b0abbfae201f998c3954b Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 26 Oct 2012 12:42:16 -0400
|
||||
Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot
|
||||
|
@ -25,12 +26,12 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
|||
create mode 100644 kernel/modsign_uefi.c
|
||||
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index 414c3c3d988d..d920a6be6c8b 100644
|
||||
index 85ef051ac6fb..a042b2ece788 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -601,6 +601,12 @@ void efi_native_runtime_setup(void);
|
||||
#define EFI_CERT_X509_GUID \
|
||||
EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
|
||||
@@ -600,6 +600,12 @@ typedef struct {
|
||||
u64 table;
|
||||
} efi_config_table_64_t;
|
||||
|
||||
+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
|
||||
+ EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
|
||||
|
@ -40,12 +41,12 @@ index 414c3c3d988d..d920a6be6c8b 100644
|
|||
+
|
||||
typedef struct {
|
||||
efi_guid_t guid;
|
||||
u64 table;
|
||||
u32 table;
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index 62f6fd191e4f..648bb79d6b73 100644
|
||||
index 02da9f1fd9df..90c73a0564b1 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1906,6 +1906,15 @@ config MODULE_SIG_ALL
|
||||
@@ -1924,6 +1924,15 @@ config MODULE_SIG_ALL
|
||||
comment "Do not forget to sign required modules with scripts/sign-file"
|
||||
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
|
||||
|
||||
|
@ -62,26 +63,26 @@ index 62f6fd191e4f..648bb79d6b73 100644
|
|||
prompt "Which hash algorithm should modules be signed with?"
|
||||
depends on MODULE_SIG
|
||||
diff --git a/kernel/Makefile b/kernel/Makefile
|
||||
index 43c4c920f30a..3193574387ac 100644
|
||||
index d4988410b410..55e886239e7e 100644
|
||||
--- a/kernel/Makefile
|
||||
+++ b/kernel/Makefile
|
||||
@@ -48,6 +48,7 @@ obj-$(CONFIG_UID16) += uid16.o
|
||||
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
|
||||
@@ -47,6 +47,7 @@ endif
|
||||
obj-$(CONFIG_UID16) += uid16.o
|
||||
obj-$(CONFIG_MODULES) += module.o
|
||||
obj-$(CONFIG_MODULE_SIG) += module_signing.o
|
||||
+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
|
||||
obj-$(CONFIG_KALLSYMS) += kallsyms.o
|
||||
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
|
||||
obj-$(CONFIG_KEXEC) += kexec.o
|
||||
@@ -101,6 +102,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
|
||||
obj-$(CONFIG_KEXEC_CORE) += kexec_core.o
|
||||
@@ -103,6 +104,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
|
||||
|
||||
$(obj)/configs.o: $(obj)/config_data.h
|
||||
obj-$(CONFIG_HAS_IOMEM) += memremap.o
|
||||
|
||||
+$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
|
||||
+
|
||||
$(obj)/configs.o: $(obj)/config_data.h
|
||||
|
||||
# config_data.h contains the same information as ikconfig.h but gzipped.
|
||||
# Info from config_data can be extracted from /proc/config*
|
||||
targets += config_data.gz
|
||||
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
|
||||
new file mode 100644
|
||||
index 000000000000..94b0eb38a284
|
||||
|
@ -180,3 +181,6 @@ index 000000000000..94b0eb38a284
|
|||
+ return rc;
|
||||
+}
|
||||
+late_initcall(load_uefi_certs);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From d7c9efa4ab647d6ccb617f2504e79a398d56f7d4 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Thu, 3 Oct 2013 10:14:23 -0400
|
||||
Subject: [PATCH] MODSIGN: Support not importing certs from db
|
||||
Subject: [PATCH 19/20] MODSIGN: Support not importing certs from db
|
||||
|
||||
If a user tells shim to not use the certs/hashes in the UEFI db variable
|
||||
for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
|
||||
|
@ -78,3 +79,6 @@ index 94b0eb38a284..ae28b974d49a 100644
|
|||
}
|
||||
|
||||
mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
From 655fbf360e1481db4f06001f893d388c15ac307f Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Thu, 8 Mar 2012 10:10:38 -0500
|
||||
Subject: [PATCH] PCI: Lock down BAR access when module security is enabled
|
||||
Subject: [PATCH 02/20] PCI: Lock down BAR access when module security is
|
||||
enabled
|
||||
|
||||
Any hardware that can potentially generate DMA has to be locked down from
|
||||
userspace in order to avoid it being possible for an attacker to modify
|
||||
|
@ -111,3 +113,6 @@ index b91c4da68365..98f5637304d1 100644
|
|||
return -EPERM;
|
||||
|
||||
dev = pci_get_bus_and_slot(bus, dfn);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,77 +0,0 @@
|
|||
From 09dca584f0b6b3bb4fc5f13a388274cd76b69f18 Mon Sep 17 00:00:00 2001
|
||||
From: Quentin Casasnovas <quentin.casasnovas@oracle.com>
|
||||
Date: Fri, 16 Oct 2015 17:11:42 +0200
|
||||
Subject: [PATCH] RDS: fix race condition when sending a message on unbound
|
||||
socket.
|
||||
|
||||
Sasha's found a NULL pointer dereference in the RDS connection code when
|
||||
sending a message to an apparently unbound socket. The problem is caused
|
||||
by the code checking if the socket is bound in rds_sendmsg(), which checks
|
||||
the rs_bound_addr field without taking a lock on the socket. This opens a
|
||||
race where rs_bound_addr is temporarily set but where the transport is not
|
||||
in rds_bind(), leading to a NULL pointer dereference when trying to
|
||||
dereference 'trans' in __rds_conn_create().
|
||||
|
||||
Vegard wrote a reproducer for this issue, so kindly ask him to share if
|
||||
you're interested.
|
||||
|
||||
I cannot reproduce the NULL pointer dereference using Vegard's reproducer
|
||||
with this patch, whereas I could without.
|
||||
|
||||
Complete earlier incomplete fix to CVE-2015-6937:
|
||||
|
||||
74e98eb08588 ("RDS: verify the underlying transport exists before creating a connection")
|
||||
|
||||
Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
|
||||
Reviewed-by: Vegard Nossum <vegard.nossum@oracle.com>
|
||||
Reviewed-by: Sasha Levin <sasha.levin@oracle.com>
|
||||
Cc: Vegard Nossum <vegard.nossum@oracle.com>
|
||||
Cc: Sasha Levin <sasha.levin@oracle.com>
|
||||
Cc: Chien Yen <chien.yen@oracle.com>
|
||||
Cc: Santosh Shilimkar <santosh.shilimkar@oracle.com>
|
||||
Cc: David S. Miller <davem@davemloft.net>
|
||||
Cc: stable@vger.kernel.org
|
||||
---
|
||||
net/rds/connection.c | 6 ------
|
||||
net/rds/send.c | 4 +++-
|
||||
2 files changed, 3 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/net/rds/connection.c b/net/rds/connection.c
|
||||
index 9d66705f9d41..da6da57e5f36 100644
|
||||
--- a/net/rds/connection.c
|
||||
+++ b/net/rds/connection.c
|
||||
@@ -187,12 +187,6 @@ new_conn:
|
||||
}
|
||||
}
|
||||
|
||||
- if (trans == NULL) {
|
||||
- kmem_cache_free(rds_conn_slab, conn);
|
||||
- conn = ERR_PTR(-ENODEV);
|
||||
- goto out;
|
||||
- }
|
||||
-
|
||||
conn->c_trans = trans;
|
||||
|
||||
ret = trans->conn_alloc(conn, gfp);
|
||||
diff --git a/net/rds/send.c b/net/rds/send.c
|
||||
index e9430f537f9c..7b30c0f3180d 100644
|
||||
--- a/net/rds/send.c
|
||||
+++ b/net/rds/send.c
|
||||
@@ -986,11 +986,13 @@ int rds_sendmsg(struct socket *sock, struct msghdr *msg, size_t payload_len)
|
||||
release_sock(sk);
|
||||
}
|
||||
|
||||
- /* racing with another thread binding seems ok here */
|
||||
+ lock_sock(sk);
|
||||
if (daddr == 0 || rs->rs_bound_addr == 0) {
|
||||
+ release_sock(sk);
|
||||
ret = -ENOTCONN; /* XXX not a great errno */
|
||||
goto out;
|
||||
}
|
||||
+ release_sock(sk);
|
||||
|
||||
/* size of rm including all sgs */
|
||||
ret = rds_rm_size(msg, payload_len);
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
From d4ae417828427de74e9f857f9caa49580aecf1fe Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 09:28:15 -0500
|
||||
Subject: [PATCH] Restrict /dev/mem and /dev/kmem when module loading is
|
||||
Subject: [PATCH 06/20] Restrict /dev/mem and /dev/kmem when module loading is
|
||||
restricted
|
||||
|
||||
Allowing users to write to address space makes it possible for the kernel
|
||||
|
@ -36,3 +37,6 @@ index 53fe675f9bd7..b52c88860532 100644
|
|||
if (p < (unsigned long) high_memory) {
|
||||
unsigned long to_write = min_t(unsigned long, count,
|
||||
(unsigned long)high_memory - p);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,81 @@
|
|||
From 10d98bced414c6fc1d09db123e7f762d91b5ebea Mon Sep 17 00:00:00 2001
|
||||
From: Johan Hovold <johan@kernel.org>
|
||||
Date: Wed, 23 Sep 2015 11:41:42 -0700
|
||||
Subject: [PATCH] USB: whiteheat: fix potential null-deref at probe
|
||||
|
||||
Fix potential null-pointer dereference at probe by making sure that the
|
||||
required endpoints are present.
|
||||
|
||||
The whiteheat driver assumes there are at least five pairs of bulk
|
||||
endpoints, of which the final pair is used for the "command port". An
|
||||
attempt to bind to an interface with fewer bulk endpoints would
|
||||
currently lead to an oops.
|
||||
|
||||
Fixes CVE-2015-5257.
|
||||
|
||||
Reported-by: Moein Ghasemzadeh <moein@istuary.com>
|
||||
Cc: stable <stable@vger.kernel.org>
|
||||
Signed-off-by: Johan Hovold <johan@kernel.org>
|
||||
---
|
||||
drivers/usb/serial/whiteheat.c | 31 +++++++++++++++++++++++++++++++
|
||||
1 file changed, 31 insertions(+)
|
||||
|
||||
diff --git a/drivers/usb/serial/whiteheat.c b/drivers/usb/serial/whiteheat.c
|
||||
index 6c3734d2b45a..d3ea90bef84d 100644
|
||||
--- a/drivers/usb/serial/whiteheat.c
|
||||
+++ b/drivers/usb/serial/whiteheat.c
|
||||
@@ -80,6 +80,8 @@ static int whiteheat_firmware_download(struct usb_serial *serial,
|
||||
static int whiteheat_firmware_attach(struct usb_serial *serial);
|
||||
|
||||
/* function prototypes for the Connect Tech WhiteHEAT serial converter */
|
||||
+static int whiteheat_probe(struct usb_serial *serial,
|
||||
+ const struct usb_device_id *id);
|
||||
static int whiteheat_attach(struct usb_serial *serial);
|
||||
static void whiteheat_release(struct usb_serial *serial);
|
||||
static int whiteheat_port_probe(struct usb_serial_port *port);
|
||||
@@ -116,6 +118,7 @@ static struct usb_serial_driver whiteheat_device = {
|
||||
.description = "Connect Tech - WhiteHEAT",
|
||||
.id_table = id_table_std,
|
||||
.num_ports = 4,
|
||||
+ .probe = whiteheat_probe,
|
||||
.attach = whiteheat_attach,
|
||||
.release = whiteheat_release,
|
||||
.port_probe = whiteheat_port_probe,
|
||||
@@ -217,6 +220,34 @@ static int whiteheat_firmware_attach(struct usb_serial *serial)
|
||||
/*****************************************************************************
|
||||
* Connect Tech's White Heat serial driver functions
|
||||
*****************************************************************************/
|
||||
+
|
||||
+static int whiteheat_probe(struct usb_serial *serial,
|
||||
+ const struct usb_device_id *id)
|
||||
+{
|
||||
+ struct usb_host_interface *iface_desc;
|
||||
+ struct usb_endpoint_descriptor *endpoint;
|
||||
+ size_t num_bulk_in = 0;
|
||||
+ size_t num_bulk_out = 0;
|
||||
+ size_t min_num_bulk;
|
||||
+ unsigned int i;
|
||||
+
|
||||
+ iface_desc = serial->interface->cur_altsetting;
|
||||
+
|
||||
+ for (i = 0; i < iface_desc->desc.bNumEndpoints; i++) {
|
||||
+ endpoint = &iface_desc->endpoint[i].desc;
|
||||
+ if (usb_endpoint_is_bulk_in(endpoint))
|
||||
+ ++num_bulk_in;
|
||||
+ if (usb_endpoint_is_bulk_out(endpoint))
|
||||
+ ++num_bulk_out;
|
||||
+ }
|
||||
+
|
||||
+ min_num_bulk = COMMAND_PORT + 1;
|
||||
+ if (num_bulk_in < min_num_bulk || num_bulk_out < min_num_bulk)
|
||||
+ return -ENODEV;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static int whiteheat_attach(struct usb_serial *serial)
|
||||
{
|
||||
struct usb_serial_port *command_port;
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,7 +1,8 @@
|
|||
From 32d3dc2147823a32c8a7771d8fe0f2d1ef057c6a Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@redhat.com>
|
||||
Date: Mon, 25 Jun 2012 19:57:30 -0400
|
||||
Subject: [PATCH] acpi: Ignore acpi_rsdp kernel parameter when module loading
|
||||
is restricted
|
||||
Subject: [PATCH 07/20] acpi: Ignore acpi_rsdp kernel parameter when module
|
||||
loading is restricted
|
||||
|
||||
This option allows userspace to pass the RSDP address to the kernel, which
|
||||
makes it possible for a user to circumvent any restrictions imposed on
|
||||
|
@ -13,10 +14,10 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
|||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
|
||||
index 3b8963f21b36..a5ae6a7fef5e 100644
|
||||
index 739a4a6b3b9b..9ef2a020a7a9 100644
|
||||
--- a/drivers/acpi/osl.c
|
||||
+++ b/drivers/acpi/osl.c
|
||||
@@ -44,6 +44,7 @@
|
||||
@@ -40,6 +40,7 @@
|
||||
#include <linux/list.h>
|
||||
#include <linux/jiffies.h>
|
||||
#include <linux/semaphore.h>
|
||||
|
@ -24,7 +25,7 @@ index 3b8963f21b36..a5ae6a7fef5e 100644
|
|||
|
||||
#include <asm/io.h>
|
||||
#include <asm/uaccess.h>
|
||||
@@ -255,7 +256,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
|
||||
@@ -253,7 +254,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
|
||||
acpi_physical_address __init acpi_os_get_root_pointer(void)
|
||||
{
|
||||
#ifdef CONFIG_KEXEC
|
||||
|
@ -33,3 +34,6 @@ index 3b8963f21b36..a5ae6a7fef5e 100644
|
|||
return acpi_rsdp;
|
||||
#endif
|
||||
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
From 221255aee67ec1c752001080aafec0c4e9390d95 Mon Sep 17 00:00:00 2001
|
||||
From: Hannes Reinecke <hare@suse.de>
|
||||
Date: Tue, 1 Dec 2015 10:16:42 +0100
|
||||
Subject: scsi: ignore errors from scsi_dh_add_device()
|
||||
|
||||
device handler initialisation might fail due to a number of
|
||||
reasons. But as device_handlers are optional this shouldn't
|
||||
cause us to disable the device entirely.
|
||||
So just ignore errors from scsi_dh_add_device().
|
||||
|
||||
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.com>
|
||||
Reviewed-by: Christoph Hellwig <hch@lst.de>
|
||||
Signed-off-by: Hannes Reinecke <hare@suse.de>
|
||||
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
||||
---
|
||||
drivers/scsi/scsi_sysfs.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
|
||||
index fc3cd26..d015374 100644
|
||||
--- a/drivers/scsi/scsi_sysfs.c
|
||||
+++ b/drivers/scsi/scsi_sysfs.c
|
||||
@@ -1120,11 +1120,12 @@ int scsi_sysfs_add_sdev(struct scsi_device *sdev)
|
||||
}
|
||||
|
||||
error = scsi_dh_add_device(sdev);
|
||||
- if (error) {
|
||||
+ if (error)
|
||||
+ /*
|
||||
+ * device_handler is optional, so any error can be ignored
|
||||
+ */
|
||||
sdev_printk(KERN_INFO, sdev,
|
||||
"failed to add device handler: %d\n", error);
|
||||
- return error;
|
||||
- }
|
||||
|
||||
device_enable_async_suspend(&sdev->sdev_dev);
|
||||
error = device_add(&sdev->sdev_dev);
|
||||
--
|
||||
cgit v0.11.2
|
||||
|
|
@ -1,7 +1,8 @@
|
|||
From 32f701d40657cc3c982b8cba4bf73452ccdd6697 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Mar 2012 08:46:50 -0500
|
||||
Subject: [PATCH] asus-wmi: Restrict debugfs interface when module loading is
|
||||
restricted
|
||||
Subject: [PATCH 05/20] asus-wmi: Restrict debugfs interface when module
|
||||
loading is restricted
|
||||
|
||||
We have no way of validating what all of the Asus WMI methods do on a
|
||||
given machine, and there's a risk that some will allow hardware state to
|
||||
|
@ -48,3 +49,6 @@ index efbc3f0c592b..071171be4b7f 100644
|
|||
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
|
||||
1, asus->debug.method_id,
|
||||
&input, &output);
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
From a08748fb2221ef03d54071e5ddfcc1b0cee6961c Mon Sep 17 00:00:00 2001
|
||||
From: Tejun Heo <tj@kernel.org>
|
||||
Date: Sat, 5 Sep 2015 15:47:36 -0400
|
||||
Subject: [PATCH] block: blkg_destroy_all() should clear q->root_blkg and
|
||||
->root_rl.blkg
|
||||
|
||||
While making the root blkg unconditional, ec13b1d6f0a0 ("blkcg: always
|
||||
create the blkcg_gq for the root blkcg") removed the part which clears
|
||||
q->root_blkg and ->root_rl.blkg during q exit. This leaves the two
|
||||
pointers dangling after blkg_destroy_all(). blk-throttle exit path
|
||||
performs blkg traversals and dereferences ->root_blkg and can lead to
|
||||
the following oops.
|
||||
|
||||
BUG: unable to handle kernel NULL pointer dereference at 0000000000000558
|
||||
IP: [<ffffffff81389746>] __blkg_lookup+0x26/0x70
|
||||
...
|
||||
task: ffff88001b4e2580 ti: ffff88001ac0c000 task.ti: ffff88001ac0c000
|
||||
RIP: 0010:[<ffffffff81389746>] [<ffffffff81389746>] __blkg_lookup+0x26/0x70
|
||||
...
|
||||
Call Trace:
|
||||
[<ffffffff8138d14a>] blk_throtl_drain+0x5a/0x110
|
||||
[<ffffffff8138a108>] blkcg_drain_queue+0x18/0x20
|
||||
[<ffffffff81369a70>] __blk_drain_queue+0xc0/0x170
|
||||
[<ffffffff8136a101>] blk_queue_bypass_start+0x61/0x80
|
||||
[<ffffffff81388c59>] blkcg_deactivate_policy+0x39/0x100
|
||||
[<ffffffff8138d328>] blk_throtl_exit+0x38/0x50
|
||||
[<ffffffff8138a14e>] blkcg_exit_queue+0x3e/0x50
|
||||
[<ffffffff8137016e>] blk_release_queue+0x1e/0xc0
|
||||
...
|
||||
|
||||
While the bug is a straigh-forward use-after-free bug, it is tricky to
|
||||
reproduce because blkg release is RCU protected and the rest of exit
|
||||
path usually finishes before RCU grace period.
|
||||
|
||||
This patch fixes the bug by updating blkg_destro_all() to clear
|
||||
q->root_blkg and ->root_rl.blkg.
|
||||
|
||||
Signed-off-by: Tejun Heo <tj@kernel.org>
|
||||
Reported-by: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Reported-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Link: http://lkml.kernel.org/g/CA+5PVA5rzQ0s4723n5rHBcxQa9t0cW8BPPBekr_9aMRoWt2aYg@mail.gmail.com
|
||||
Fixes: ec13b1d6f0a0 ("blkcg: always create the blkcg_gq for the root blkcg")
|
||||
Cc: stable@vger.kernel.org # v4.2+
|
||||
---
|
||||
block/blk-cgroup.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c
|
||||
index d6283b3f5db5..9cc48d1d7abb 100644
|
||||
--- a/block/blk-cgroup.c
|
||||
+++ b/block/blk-cgroup.c
|
||||
@@ -387,6 +387,9 @@ static void blkg_destroy_all(struct request_queue *q)
|
||||
blkg_destroy(blkg);
|
||||
spin_unlock(&blkcg->lock);
|
||||
}
|
||||
+
|
||||
+ q->root_blkg = NULL;
|
||||
+ q->root_rl.blkg = NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
From 5233252fce714053f0151680933571a2da9cbfb4 Mon Sep 17 00:00:00 2001
|
||||
From: "David S. Miller" <davem@davemloft.net>
|
||||
Date: Tue, 15 Dec 2015 15:39:08 -0500
|
||||
Subject: [PATCH] bluetooth: Validate socket address length in sco_sock_bind().
|
||||
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/bluetooth/sco.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
|
||||
index fe129663bd3f..f52bcbf2e58c 100644
|
||||
--- a/net/bluetooth/sco.c
|
||||
+++ b/net/bluetooth/sco.c
|
||||
@@ -526,6 +526,9 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
|
||||
if (!addr || addr->sa_family != AF_BLUETOOTH)
|
||||
return -EINVAL;
|
||||
|
||||
+ if (addr_len < sizeof(struct sockaddr_sco))
|
||||
+ return -EINVAL;
|
||||
+
|
||||
lock_sock(sk);
|
||||
|
||||
if (sk->sk_state != BT_OPEN) {
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -40,6 +40,8 @@ CONFIG_FB_SIMPLE=y
|
|||
CONFIG_HAVE_PERF_REGS=y
|
||||
CONFIG_HAVE_PERF_USER_STACK_DUMP=y
|
||||
|
||||
CONFIG_ARM_PMU=y
|
||||
|
||||
# ARM AMBA generic HW
|
||||
CONFIG_ARM_AMBA=y
|
||||
CONFIG_KERNEL_MODE_NEON=y
|
||||
|
@ -64,6 +66,17 @@ CONFIG_RTC_DRV_PL031=y
|
|||
CONFIG_PL330_DMA=m
|
||||
CONFIG_GPIO_PL061=y
|
||||
CONFIG_USB_ISP1760=m
|
||||
CONFIG_ARM_PL172_MPMC=m
|
||||
|
||||
# HW crypto and rng
|
||||
CONFIG_ARM_CRYPTO=y
|
||||
CONFIG_CRYPTO_AES_ARM=y
|
||||
CONFIG_CRYPTO_AES_ARM_BS=y
|
||||
CONFIG_CRYPTO_SHA1_ARM=y
|
||||
CONFIG_CRYPTO_SHA256_ARM=y
|
||||
CONFIG_CRYPTO_SHA1_ARM_NEON=y
|
||||
CONFIG_CRYPTO_SHA512_ARM_NEON=y
|
||||
CONFIG_CRYPTO_SHA512_ARM=y
|
||||
|
||||
# ARM VExpress
|
||||
CONFIG_ARCH_VEXPRESS=y
|
||||
|
@ -106,6 +119,8 @@ CONFIG_OF_NET=y
|
|||
CONFIG_OF_OVERLAY=y
|
||||
CONFIG_OF_PCI_IRQ=m
|
||||
CONFIG_OF_PCI=m
|
||||
# CONFIG_PCI_HOST_GENERIC is not set
|
||||
# CONFIG_PCIE_IPROC is not set
|
||||
CONFIG_OF_RESERVED_MEM=y
|
||||
CONFIG_OF_RESOLVE=y
|
||||
CONFIG_PM_GENERIC_DOMAINS_OF=y
|
||||
|
@ -122,15 +137,6 @@ CONFIG_MAILBOX=y
|
|||
CONFIG_ARM_MHU=m
|
||||
# CONFIG_PL320_MBOX is not set
|
||||
|
||||
# HW crypto and rng
|
||||
CONFIG_ARM_CRYPTO=y
|
||||
CONFIG_CRYPTO_AES_ARM=m
|
||||
# CONFIG_CRYPTO_AES_ARM_BS is not set
|
||||
CONFIG_CRYPTO_SHA1_ARM=m
|
||||
CONFIG_CRYPTO_SHA256_ARM=m
|
||||
CONFIG_CRYPTO_SHA1_ARM_NEON=m
|
||||
CONFIG_CRYPTO_SHA512_ARM_NEON=m
|
||||
CONFIG_CRYPTO_SHA512_ARM=m
|
||||
# USB
|
||||
CONFIG_USB_OHCI_HCD_PLATFORM=m
|
||||
CONFIG_USB_EHCI_HCD_PLATFORM=m
|
||||
|
@ -213,6 +219,7 @@ CONFIG_I2C_MUX_GPIO=m
|
|||
CONFIG_I2C_MUX_PINCTRL=m
|
||||
CONFIG_I2C_MUX_PCA9541=m
|
||||
CONFIG_I2C_MUX_PCA954x=m
|
||||
CONFIG_I2C_MUX_REG=m
|
||||
|
||||
# spi
|
||||
CONFIG_SPI_PL022=m
|
||||
|
@ -280,6 +287,7 @@ CONFIG_VFIO_AMBA=m
|
|||
# CONFIG_KEYBOARD_OMAP4 is not set
|
||||
# CONFIG_KEYBOARD_BCM is not set
|
||||
# CONFIG_PHY_SAMSUNG_USB2 is not set
|
||||
# CONFIG_OMAP_GPMC_DEBUG is not set
|
||||
|
||||
### turn off things which make no sense on embedded SoC
|
||||
|
||||
|
@ -349,3 +357,6 @@ CONFIG_VFIO_AMBA=m
|
|||
# CONFIG_BMP085_SPI is not set
|
||||
# CONFIG_TI_DAC7512 is not set
|
||||
# CONFIG_SPI_ROCKCHIP is not set
|
||||
|
||||
# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
|
||||
CONFIG_CHECKPOINT_RESTORE=y
|
||||
|
|
26
config-arm64
26
config-arm64
|
@ -18,6 +18,10 @@ CONFIG_ARCH_XGENE=y
|
|||
# CONFIG_ARCH_QCOM is not set
|
||||
# CONFIG_ARCH_SPRD is not set
|
||||
# CONFIG_ARCH_ZYNQMP is not set
|
||||
# CONFIG_ARCH_BCM_IPROC is not set
|
||||
# CONFIG_ARCH_BERLIN is not set
|
||||
# CONFIG_ARCH_ROCKCHIP is not set
|
||||
|
||||
|
||||
# Erratum
|
||||
CONFIG_ARM64_ERRATUM_826319=y
|
||||
|
@ -36,7 +40,10 @@ CONFIG_ARM_SMMU_V3=y
|
|||
CONFIG_ARCH_HAS_HOLES_MEMORYMODEL=y
|
||||
CONFIG_ARCH_REQUIRE_GPIOLIB=y
|
||||
CONFIG_ARM64_64K_PAGES=y
|
||||
# CONFIG_COMPAT is not set
|
||||
|
||||
CONFIG_ARM64_HW_AFDBM=y
|
||||
CONFIG_ARM64_PAN=y
|
||||
CONFIG_ARM64_LSE_ATOMICS=y
|
||||
|
||||
CONFIG_BCMA_POSSIBLE=y
|
||||
CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0
|
||||
|
@ -83,13 +90,13 @@ CONFIG_ACPI_NFIT=m
|
|||
CONFIG_PCC=y
|
||||
|
||||
CONFIG_ARM64_CRYPTO=y
|
||||
CONFIG_CRYPTO_SHA1_ARM64_CE=m
|
||||
CONFIG_CRYPTO_SHA2_ARM64_CE=m
|
||||
CONFIG_CRYPTO_SHA1_ARM64_CE=y
|
||||
CONFIG_CRYPTO_SHA2_ARM64_CE=y
|
||||
CONFIG_CRYPTO_GHASH_ARM64_CE=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE_CCM=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE_BLK=m
|
||||
CONFIG_CRYPTO_AES_ARM64_NEON_BLK=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE=y
|
||||
CONFIG_CRYPTO_AES_ARM64_CE_CCM=y
|
||||
CONFIG_CRYPTO_AES_ARM64_CE_BLK=y
|
||||
CONFIG_CRYPTO_AES_ARM64_NEON_BLK=y
|
||||
CONFIG_CRYPTO_CRC32_ARM64=m
|
||||
CONFIG_CRYPTO_DEV_CCP=y
|
||||
CONFIG_CRYPTO_DEV_CCP_DD=m
|
||||
|
@ -138,6 +145,10 @@ CONFIG_AMD_XGBE_PHY=m
|
|||
# HiSilicon
|
||||
CONFIG_POWER_RESET_HISI=y
|
||||
CONFIG_HISI_THERMAL=m
|
||||
CONFIG_STUB_CLK_HI6220=y
|
||||
|
||||
# ThunderX
|
||||
# CONFIG_MDIO_OCTEON is not set
|
||||
|
||||
CONFIG_NET_VENDOR_MELLANOX=y
|
||||
CONFIG_MLX4_EN=m
|
||||
|
@ -165,3 +176,4 @@ CONFIG_ND_BLK=m
|
|||
CONFIG_DEBUG_SECTION_MISMATCH=y
|
||||
|
||||
# CONFIG_FSL_MC_BUS is not set
|
||||
# CONFIG_FUJITSU_ES is not set
|
||||
|
|
16
config-armv7
16
config-armv7
|
@ -25,8 +25,6 @@ CONFIG_SOC_OMAP3430=y
|
|||
CONFIG_SOC_TI81XX=y
|
||||
# CONFIG_MACH_NOKIA_RX51 is not set
|
||||
# CONFIG_MACH_OMAP_LDP is not set
|
||||
# CONFIG_MACH_OMAP3530_LV_SOM is not set
|
||||
# CONFIG_MACH_OMAP3_TORPEDO is not set
|
||||
# CONFIG_MACH_OMAP3517EVM is not set
|
||||
# CONFIG_MACH_OMAP3_PANDORA is not set
|
||||
|
||||
|
@ -284,6 +282,7 @@ CONFIG_PINCTRL_MSM8960=m
|
|||
CONFIG_PINCTRL_MSM8X74=m
|
||||
CONFIG_PINCTRL_MSM8916=m
|
||||
CONFIG_PINCTRL_QCOM_SPMI_PMIC=m
|
||||
CONFIG_PINCTRL_QCOM_SSBI_PMIC=m
|
||||
CONFIG_COMMON_CLK_QCOM=m
|
||||
# CONFIG_MSM_GCC_8916 is not set
|
||||
# CONFIG_IPQ_LCC_806X is not set
|
||||
|
@ -339,6 +338,13 @@ CONFIG_SND_SOC_LPASS_PLATFORM=m
|
|||
CONFIG_SND_SOC_STORM=m
|
||||
CONFIG_PHY_QCOM_UFS=m
|
||||
CONFIG_HWSPINLOCK_QCOM=m
|
||||
CONFIG_QCOM_COINCELL=m
|
||||
CONFIG_USB_QCOM_8X16_PHY=m
|
||||
CONFIG_QCOM_SMD=m
|
||||
CONFIG_QCOM_SMD_RPM=m
|
||||
CONFIG_QCOM_SMEM=m
|
||||
CONFIG_REGULATOR_QCOM_SMD_RPM=m
|
||||
# CONFIG_QCOM_SMEM is not set
|
||||
|
||||
# i.MX
|
||||
# CONFIG_MXC_DEBUG_BOARD is not set
|
||||
|
@ -348,6 +354,7 @@ CONFIG_SOC_IMX53=y
|
|||
CONFIG_SOC_IMX6Q=y
|
||||
CONFIG_SOC_IMX6SL=y
|
||||
CONFIG_SOC_IMX6SX=y
|
||||
CONFIG_SOC_IMX6UL=y
|
||||
CONFIG_SOC_IMX7D=y
|
||||
# CONFIG_SOC_LS1021A is not set
|
||||
# CONFIG_SOC_VF610 is not set
|
||||
|
@ -371,6 +378,7 @@ CONFIG_NET_VENDOR_FREESCALE=y
|
|||
CONFIG_FEC=m
|
||||
# CONFIG_FSL_PQ_MDIO is not set
|
||||
# CONFIG_FSL_XGMAC_MDIO is not set
|
||||
CONFIG_KEYBOARD_SNVS_PWRKEY=m
|
||||
CONFIG_KEYBOARD_IMX=m
|
||||
CONFIG_KEYBOARD_STMPE=m
|
||||
CONFIG_TOUCHSCREEN_STMPE=m
|
||||
|
@ -404,6 +412,7 @@ CONFIG_RTC_DRV_SNVS=m
|
|||
CONFIG_FB_MXS=m
|
||||
# CONFIG_FB_MX3 is not set
|
||||
# CONFIG_FB_IMX is not set
|
||||
CONFIG_TOUCHSCREEN_IMX6UL_TSC=m
|
||||
|
||||
CONFIG_SND_IMX_SOC=m
|
||||
CONFIG_SND_SOC_FSL_ASOC_CARD=m
|
||||
|
@ -493,8 +502,6 @@ CONFIG_ARCH_EXYNOS4=y
|
|||
CONFIG_SOC_EXYNOS4212=y
|
||||
CONFIG_SOC_EXYNOS4412=y
|
||||
CONFIG_SOC_EXYNOS4415=y
|
||||
CONFIG_ARM_EXYNOS4210_CPUFREQ=y
|
||||
CONFIG_ARM_EXYNOS4X12_CPUFREQ=y
|
||||
CONFIG_AK8975=m
|
||||
CONFIG_CM36651=m
|
||||
CONFIG_KEYBOARD_SAMSUNG=m
|
||||
|
@ -620,6 +627,7 @@ CONFIG_CADENCE_WATCHDOG=m
|
|||
CONFIG_REGULATOR_ISL9305=m
|
||||
CONFIG_EDAC_SYNOPSYS=m
|
||||
CONFIG_PINCTRL_ZYNQ=y
|
||||
CONFIG_AXI_DMAC=m
|
||||
|
||||
# Multi function devices
|
||||
CONFIG_MFD_88PM800=m
|
||||
|
|
|
@ -33,6 +33,7 @@ CONFIG_XZ_DEC_ARMTHUMB=y
|
|||
CONFIG_ARCH_HAS_TICK_BROADCAST=y
|
||||
CONFIG_IRQ_CROSSBAR=y
|
||||
CONFIG_IOMMU_IO_PGTABLE_LPAE=y
|
||||
CONFIG_CPU_SW_DOMAIN_PAN=y
|
||||
|
||||
# CONFIG_MCPM is not set
|
||||
# CONFIG_OABI_COMPAT is not set
|
||||
|
@ -141,7 +142,6 @@ CONFIG_XZ_DEC_ARM=y
|
|||
|
||||
CONFIG_PCI_HOST_GENERIC=y
|
||||
# CONFIG_PCI_LAYERSCAPE is not set
|
||||
# CONFIG_PCIE_IPROC is not set
|
||||
# Do NOT enable this, it breaks stuff and makes things go slow
|
||||
# CONFIG_UACCESS_WITH_MEMCPY is not set
|
||||
|
||||
|
@ -183,6 +183,7 @@ CONFIG_MACH_SUN7I=y
|
|||
CONFIG_MACH_SUN8I=y
|
||||
# CONFIG_MACH_SUN9I is not set
|
||||
CONFIG_SUNXI_SRAM=y
|
||||
CONFIG_DMA_SUN4I=m
|
||||
CONFIG_DMA_SUN6I=m
|
||||
CONFIG_SUNXI_WATCHDOG=m
|
||||
CONFIG_NET_VENDOR_ALLWINNER=y
|
||||
|
@ -215,6 +216,8 @@ CONFIG_MTD_NAND_SUNXI=m
|
|||
CONFIG_SERIO_SUN4I_PS2=m
|
||||
CONFIG_KEYBOARD_SUN4I_LRADC=m
|
||||
CONFIG_PWM_SUN4I=m
|
||||
CONFIG_USB_MUSB_SUNXI=m
|
||||
CONFIG_CRYPTO_DEV_SUN4I_SS=m
|
||||
|
||||
# Exynos
|
||||
CONFIG_ARCH_EXYNOS3=y
|
||||
|
@ -229,8 +232,6 @@ CONFIG_SOC_EXYNOS5410=y
|
|||
CONFIG_SOC_EXYNOS5800=y
|
||||
CONFIG_SERIAL_SAMSUNG=y
|
||||
CONFIG_SERIAL_SAMSUNG_CONSOLE=y
|
||||
CONFIG_ARM_EXYNOS_CPUFREQ=m
|
||||
CONFIG_ARM_EXYNOS5250_CPUFREQ=y
|
||||
CONFIG_ARM_EXYNOS5440_CPUFREQ=m
|
||||
CONFIG_ARM_EXYNOS_CPU_FREQ_BOOST_SW=y
|
||||
# CONFIG_ARM_EXYNOS_CPUIDLE is not set
|
||||
|
@ -352,6 +353,9 @@ CONFIG_DRM_ROCKCHIP=m
|
|||
CONFIG_ROCKCHIP_DW_HDMI=m
|
||||
CONFIG_PHY_ROCKCHIP_USB=m
|
||||
CONFIG_DWMAC_ROCKCHIP=m
|
||||
CONFIG_SND_SOC_ROCKCHIP_MAX98090=m
|
||||
CONFIG_SND_SOC_ROCKCHIP_RT5645=m
|
||||
CONFIG_REGULATOR_ACT8865=m
|
||||
|
||||
# Tegra
|
||||
CONFIG_ARCH_TEGRA_114_SOC=y
|
||||
|
@ -393,6 +397,8 @@ CONFIG_TEGRA_SOCTHERM=m
|
|||
CONFIG_TEGRA_MC=y
|
||||
CONFIG_TEGRA124_EMC=y
|
||||
CONFIG_ARM_TEGRA_DEVFREQ=m
|
||||
# CONFIG_ARM_TEGRA20_CPUFREQ is not set
|
||||
CONFIG_ARM_TEGRA124_CPUFREQ=m
|
||||
|
||||
# Jetson TK1
|
||||
CONFIG_PINCTRL_AS3722=y
|
||||
|
@ -457,6 +463,7 @@ CONFIG_COMMON_CLK_SI5351=m
|
|||
CONFIG_RTC_DRV_ARMADA38X=m
|
||||
# CONFIG_CACHE_FEROCEON_L2 is not set
|
||||
# CONFIG_CACHE_FEROCEON_L2_WRITETHROUGH is not set
|
||||
CONFIG_LEDS_NS2=m
|
||||
|
||||
# DRM panels
|
||||
CONFIG_DRM_PANEL=y
|
||||
|
@ -464,6 +471,9 @@ CONFIG_DRM_PANEL_SIMPLE=m
|
|||
CONFIG_DRM_PANEL_LD9040=m
|
||||
CONFIG_DRM_PANEL_S6E8AA0=m
|
||||
CONFIG_DRM_PANEL_SHARP_LQ101R1SX01=m
|
||||
CONFIG_DRM_PANEL_LG_LG4573=m
|
||||
CONFIG_DRM_PANEL_SAMSUNG_LD9040=m
|
||||
CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0=m
|
||||
CONFIG_DRM_DW_HDMI=m
|
||||
|
||||
# regmap
|
||||
|
@ -718,6 +728,7 @@ CONFIG_REGULATOR_DA9211=m
|
|||
CONFIG_REGULATOR_ISL9305=m
|
||||
CONFIG_REGULATOR_MAX77802=m
|
||||
CONFIG_REGULATOR_PWM=m
|
||||
# CONFIG_REGULATOR_MT6311 is not set
|
||||
CONFIG_SENSORS_LTC2978_REGULATOR=y
|
||||
|
||||
CONFIG_POWER_AVS=y
|
||||
|
@ -748,6 +759,7 @@ CONFIG_SENSORS_ISL29028=m
|
|||
CONFIG_SENSORS_LIS3_SPI=m
|
||||
CONFIG_SENSORS_LM70=m
|
||||
CONFIG_SENSORS_MAX1111=m
|
||||
CONFIG_MPL3115=m
|
||||
CONFIG_SI7005=m
|
||||
CONFIG_SI7020=m
|
||||
|
||||
|
@ -856,6 +868,7 @@ CONFIG_R8188EU=m
|
|||
# CONFIG_DRM_TILCDC is not set
|
||||
# CONFIG_DRM_IMX is not set
|
||||
# CONFIG_DRM_STI is not set
|
||||
# CONFIG_DRM_FSL_DCU is not set
|
||||
# CONFIG_AHCI_IMX is not set
|
||||
# CONFIG_IMX_THERMAL is not set
|
||||
# CONFIG_TI_DAC7512 is not set
|
||||
|
|
|
@ -12,6 +12,7 @@ CONFIG_ARCH_KEYSTONE=y
|
|||
# CONFIG_ARCH_AXXIA is not set
|
||||
|
||||
CONFIG_ARM_LPAE=y
|
||||
# CONFIG_CPU_SW_DOMAIN_PAN is not set
|
||||
CONFIG_SYS_SUPPORTS_HUGETLBFS=y
|
||||
CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
|
||||
CONFIG_ARM_VIRT_EXT=y
|
||||
|
|
|
@ -90,7 +90,7 @@ CONFIG_RTLWIFI_DEBUG=y
|
|||
CONFIG_DEBUG_OBJECTS_WORK=y
|
||||
|
||||
CONFIG_DMADEVICES_DEBUG=y
|
||||
CONFIG_DMADEVICES_VDEBUG=y
|
||||
# CONFIG_DMADEVICES_VDEBUG is not set
|
||||
|
||||
CONFIG_PM_ADVANCED_DEBUG=y
|
||||
|
||||
|
|
|
@ -51,8 +51,10 @@ CONFIG_LOG_CPU_MAX_BUF_SHIFT=12
|
|||
CONFIG_KALLSYMS=y
|
||||
CONFIG_KALLSYMS_ALL=y
|
||||
CONFIG_FUTEX=y
|
||||
# CONFIG_FAIL_FUTEX is not set
|
||||
CONFIG_EPOLL=y
|
||||
CONFIG_BPF_SYSCALL=y
|
||||
CONFIG_USERFAULTFD=y
|
||||
CONFIG_IOSCHED_NOOP=y
|
||||
CONFIG_IOSCHED_DEADLINE=y
|
||||
CONFIG_IOSCHED_CFQ=y
|
||||
|
@ -67,6 +69,7 @@ CONFIG_NET_NS=y
|
|||
CONFIG_USER_NS=y
|
||||
|
||||
CONFIG_POSIX_MQUEUE=y
|
||||
CONFIG_KDBUS=m
|
||||
# CONFIG_PREEMPT_NONE is not set
|
||||
CONFIG_PREEMPT_VOLUNTARY=y
|
||||
# CONFIG_PREEMPT is not set
|
||||
|
@ -143,6 +146,8 @@ CONFIG_MMC_TIFM_SD=m
|
|||
CONFIG_MMC_WBSD=m
|
||||
CONFIG_MMC_VIA_SDMMC=m
|
||||
CONFIG_MMC_SDHCI_PLTFM=m
|
||||
# CONFIG_MMC_SDHCI_OF is not set
|
||||
# CONFIG_MMC_SDHCI_OF_AT91 is not set
|
||||
CONFIG_MMC_CB710=m
|
||||
CONFIG_MMC_RICOH_MMC=y
|
||||
CONFIG_MMC_USHC=m
|
||||
|
@ -172,10 +177,12 @@ CONFIG_INFINIBAND_SRPT=m
|
|||
CONFIG_INFINIBAND_USER_MAD=m
|
||||
CONFIG_INFINIBAND_USER_ACCESS=m
|
||||
CONFIG_INFINIBAND_ON_DEMAND_PAGING=y
|
||||
CONFIG_INFINIBAND_IPATH=m
|
||||
# Deprecated and moved to staging
|
||||
# CONFIG_INFINIBAND_IPATH is not set
|
||||
CONFIG_INFINIBAND_ISER=m
|
||||
CONFIG_INFINIBAND_ISERT=m
|
||||
CONFIG_INFINIBAND_AMSO1100=m
|
||||
# Deprecated and moved to staging
|
||||
# CONFIG_INFINIBAND_AMSO1100 is not set
|
||||
# CONFIG_INFINIBAND_AMSO1100_DEBUG is not set
|
||||
CONFIG_INFINIBAND_CXGB3=m
|
||||
CONFIG_INFINIBAND_CXGB4=m
|
||||
|
@ -320,6 +327,8 @@ CONFIG_MTD_CFI_I2=y
|
|||
# CONFIG_MTD_NAND_ECC_BCH is not set
|
||||
# CONFIG_MTD_NAND_DISKONCHIP is not set
|
||||
# CONFIG_MTD_NAND_HISI504 is not set
|
||||
# CONFIG_MTD_NAND_DENALI_PCI is not set
|
||||
# CONFIG_MTD_NAND_DENALI_DT is not set
|
||||
# CONFIG_MTD_LPDDR is not set
|
||||
CONFIG_MTD_UBI=m
|
||||
CONFIG_MTD_UBI_WL_THRESHOLD=4096
|
||||
|
@ -349,6 +358,7 @@ CONFIG_HOTPLUG_PCI_ACPI_IBM=m
|
|||
# CONFIG_ND_BLK is not set
|
||||
# CONFIG_BTT is not set
|
||||
|
||||
# CONFIG_NVMEM is not set
|
||||
|
||||
#
|
||||
# Block devices
|
||||
|
@ -382,6 +392,7 @@ CONFIG_BLK_DEV_RAM_SIZE=16384
|
|||
CONFIG_BLK_DEV_PMEM=m
|
||||
CONFIG_BLK_DEV_INITRD=y
|
||||
CONFIG_BLK_DEV_IO_TRACE=y
|
||||
CONFIG_BLK_DEV_RAM_DAX=y
|
||||
|
||||
CONFIG_BLK_DEV_BSG=y
|
||||
CONFIG_BLK_DEV_BSGLIB=y
|
||||
|
@ -818,6 +829,7 @@ CONFIG_IP_VS_PROTO_ESP=y
|
|||
CONFIG_IP_VS_PROTO_AH=y
|
||||
CONFIG_IP_VS_PROTO_SCTP=y
|
||||
CONFIG_IP_VS_FO=m
|
||||
CONFIG_IP_VS_OVF=m
|
||||
CONFIG_IP_VS_IPV6=y
|
||||
CONFIG_IP_VS_RR=m
|
||||
CONFIG_IP_VS_WRR=m
|
||||
|
@ -846,6 +858,7 @@ CONFIG_INET6_AH=m
|
|||
CONFIG_INET6_ESP=m
|
||||
CONFIG_INET6_IPCOMP=m
|
||||
CONFIG_IPV6_MIP6=y
|
||||
CONFIG_IPV6_ILA=m
|
||||
CONFIG_IPV6_VTI=m
|
||||
CONFIG_IPV6_SIT=m
|
||||
CONFIG_IPV6_SIT_6RD=y
|
||||
|
@ -1073,8 +1086,12 @@ CONFIG_NFT_REJECT=m
|
|||
CONFIG_NFT_COMPAT=m
|
||||
|
||||
CONFIG_NF_TABLES_IPV4=m
|
||||
CONFIG_NF_DUP_IPV4=m
|
||||
CONFIG_NF_DUP_IPV6=m
|
||||
CONFIG_NF_REJECT_IPV6=m
|
||||
CONFIG_NFT_REJECT_IPV4=m
|
||||
CONFIG_NFT_DUP_IPV4=m
|
||||
CONFIG_NFT_DUP_IPV6=m
|
||||
CONFIG_NFT_CHAIN_ROUTE_IPV4=m
|
||||
CONFIG_NFT_CHAIN_NAT_IPV4=m
|
||||
CONFIG_NF_TABLES_ARP=m
|
||||
|
@ -1262,6 +1279,7 @@ CONFIG_BATMAN_ADV_MCAST=y
|
|||
|
||||
# CONFIG_BATMAN_ADV_DEBUG is not set
|
||||
CONFIG_OPENVSWITCH=m
|
||||
CONFIG_OPENVSWITCH_CONNTRACK=y
|
||||
CONFIG_OPENVSWITCH_GRE=y
|
||||
CONFIG_OPENVSWITCH_VXLAN=y
|
||||
CONFIG_OPENVSWITCH_GENEVE=y
|
||||
|
@ -1300,6 +1318,7 @@ CONFIG_TUN=m
|
|||
# CONFIG_TUN_VNET_CROSS_LE is not set
|
||||
CONFIG_VETH=m
|
||||
CONFIG_NLMON=m
|
||||
CONFIG_NET_VRF=m
|
||||
|
||||
#
|
||||
# ATM
|
||||
|
@ -1353,6 +1372,8 @@ CONFIG_L2TP_ETH=m
|
|||
|
||||
# CONFIG_CAIF is not set
|
||||
|
||||
CONFIG_LWTUNNEL=y
|
||||
|
||||
CONFIG_RFKILL=m
|
||||
CONFIG_RFKILL_GPIO=m
|
||||
CONFIG_RFKILL_INPUT=y
|
||||
|
@ -1574,6 +1595,9 @@ CONFIG_SUNGEM=m
|
|||
CONFIG_CASSINI=m
|
||||
CONFIG_NIU=m
|
||||
|
||||
# CONFIG_NET_VENDOR_SYNOPSYS is not set
|
||||
# CONFIG_SYNOPSYS_DWC_ETH_QOS is not set
|
||||
|
||||
CONFIG_NET_VENDOR_TEHUTI=y
|
||||
CONFIG_TEHUTI=m
|
||||
|
||||
|
@ -1600,6 +1624,7 @@ CONFIG_BCM87XX_PHY=m
|
|||
CONFIG_CICADA_PHY=m
|
||||
CONFIG_DAVICOM_PHY=m
|
||||
CONFIG_DP83640_PHY=m
|
||||
CONFIG_MICROCHIP_PHY=m
|
||||
CONFIG_FIXED_PHY=y
|
||||
CONFIG_MDIO_BITBANG=m
|
||||
CONFIG_MDIO_BCM_UNIMAC=m
|
||||
|
@ -1617,7 +1642,10 @@ CONFIG_STE10XP=m
|
|||
CONFIG_VITESSE_PHY=m
|
||||
CONFIG_MICREL_PHY=m
|
||||
CONFIG_DP83867_PHY=m
|
||||
CONFIG_DP83848_PHY=m
|
||||
# CONFIG_MICREL_KS8995MA is not set
|
||||
CONFIG_AQUANTIA_PHY=m
|
||||
CONFIG_TERANETICS_PHY=m
|
||||
|
||||
CONFIG_MII=m
|
||||
CONFIG_NET_CORE=y
|
||||
|
@ -1632,6 +1660,7 @@ CONFIG_BCMGENET=m
|
|||
CONFIG_BNX2=m
|
||||
CONFIG_BNX2X=m
|
||||
CONFIG_BNX2X_SRIOV=y
|
||||
CONFIG_BNX2X_VXLAN=y
|
||||
CONFIG_CNIC=m
|
||||
CONFIG_FEALNX=m
|
||||
CONFIG_ETHOC=m
|
||||
|
@ -1649,6 +1678,7 @@ CONFIG_JME=m
|
|||
# CONFIG_MLX4_EN is not set
|
||||
# CONFIG_MLX4_EN_VXLAN is not set
|
||||
# CONFIG_MLX5_CORE is not set
|
||||
# CONFIG_MLXSW_CORE is not set
|
||||
# CONFIG_SFC is not set
|
||||
|
||||
# CONFIG_FDDI is not set
|
||||
|
@ -1861,6 +1891,7 @@ CONFIG_USB_NET_RNDIS_WLAN=m
|
|||
CONFIG_USB_NET_KALMIA=m
|
||||
CONFIG_USB_NET_QMI_WWAN=m
|
||||
CONFIG_USB_NET_SMSC75XX=m
|
||||
CONFIG_USB_NET_CH9200=m
|
||||
# CONFIG_WL_TI is not set
|
||||
CONFIG_ZD1211RW=m
|
||||
# CONFIG_ZD1211RW_DEBUG is not set
|
||||
|
@ -1893,14 +1924,15 @@ CONFIG_IEEE802154_SOCKET=m
|
|||
CONFIG_IEEE802154_6LOWPAN=m
|
||||
CONFIG_IEEE802154_DRIVERS=m
|
||||
CONFIG_IEEE802154_FAKELB=m
|
||||
CONFIG_IEEE802154_ATUSB=m
|
||||
CONFIG_IEEE802154_CC2520=m
|
||||
# CONFIG_IEEE802154_AT86RF230 is not set
|
||||
# CONFIG_IEEE802154_MRF24J40 is not set
|
||||
CONFIG_IEEE802154_ATUSB=m
|
||||
|
||||
CONFIG_MAC802154=m
|
||||
CONFIG_NET_MPLS_GSO=m
|
||||
CONFIG_MPLS_ROUTING=m
|
||||
CONFIG_MPLS_IPTUNNEL=m
|
||||
|
||||
CONFIG_NET_SWITCHDEV=y
|
||||
|
||||
|
@ -2017,6 +2049,7 @@ CONFIG_NFC_ST21NFCA_I2C=m
|
|||
# CONFIG_NFC_NCI_SPI is not set
|
||||
# CONFIG_NFC_NCI_UART is not set
|
||||
# CONFIG_NFC_ST_NCI is not set
|
||||
# CONFIG_NFC_S3FWRN5_I2C is not set
|
||||
|
||||
|
||||
#
|
||||
|
@ -2062,6 +2095,7 @@ CONFIG_WINBOND_FIR=m
|
|||
#
|
||||
CONFIG_BT=m
|
||||
CONFIG_BT_BREDR=y
|
||||
CONFIG_BT_HS=y
|
||||
CONFIG_BT_LE=y
|
||||
CONFIG_BT_6LOWPAN=m
|
||||
# CONFIG_BT_SELFTEST is not set
|
||||
|
@ -2090,6 +2124,7 @@ CONFIG_BT_HCIUART_ATH3K=y
|
|||
CONFIG_BT_HCIUART_3WIRE=y
|
||||
CONFIG_BT_HCIUART_INTEL=y
|
||||
CONFIG_BT_HCIUART_BCM=y
|
||||
CONFIG_BT_HCIUART_QCA=y
|
||||
CONFIG_BT_HCIDTL1=m
|
||||
CONFIG_BT_HCIBT3C=m
|
||||
CONFIG_BT_HCIBLUECARD=m
|
||||
|
@ -2103,6 +2138,7 @@ CONFIG_BT_HCIUART_LL=y
|
|||
CONFIG_BT_MRVL=m
|
||||
CONFIG_BT_MRVL_SDIO=m
|
||||
CONFIG_BT_ATH3K=m
|
||||
CONFIG_BT_QCA=m
|
||||
CONFIG_BT_WILINK=m
|
||||
|
||||
#
|
||||
|
@ -2420,6 +2456,7 @@ CONFIG_TOUCHSCREEN_ZFORCE=m
|
|||
# CONFIG_TOUCHSCREEN_CHIPONE_ICN8318 is not set
|
||||
# CONFIG_TOUCHSCREEN_SX8654 is not set
|
||||
# CONFIG_TOUCHSCREEN_WDT87XX_I2C is not set
|
||||
# CONFIG_TOUCHSCREEN_IMX6UL_TSC is not set
|
||||
|
||||
CONFIG_INPUT_MISC=y
|
||||
CONFIG_INPUT_E3X0_BUTTON=m
|
||||
|
@ -2503,6 +2540,7 @@ CONFIG_SERIAL_JSM=m
|
|||
|
||||
# CONFIG_SERIAL_ALTERA_JTAGUART is not set
|
||||
# CONFIG_SERIAL_ALTERA_UART is not set
|
||||
# CONFIG_SERIAL_UARTLITE is not set
|
||||
|
||||
#
|
||||
# Non-8250 serial port support
|
||||
|
@ -2542,6 +2580,7 @@ CONFIG_I2C_CHARDEV=m
|
|||
# CONFIG_I2C_MUX_GPIO is not set
|
||||
# CONFIG_I2C_MUX_PCA9541 is not set
|
||||
# CONFIG_I2C_MUX_PINCTRL is not set
|
||||
# CONFIG_I2C_MUX_REG is not set
|
||||
#
|
||||
|
||||
#
|
||||
|
@ -2570,6 +2609,7 @@ CONFIG_I2C_ALGOPCA=m
|
|||
# CONFIG_I2C_NFORCE2_S4985 is not set
|
||||
# CONFIG_I2C_EG20T is not set
|
||||
# CONFIG_I2C_CBUS_GPIO is not set
|
||||
# CONFIG_I2C_EMEV2 is not set
|
||||
CONFIG_I2C_VIPERBOARD=m
|
||||
|
||||
CONFIG_EEPROM_AT24=m
|
||||
|
@ -2761,6 +2801,7 @@ CONFIG_SENSORS_AD7314=m
|
|||
CONFIG_PMBUS=m
|
||||
CONFIG_SENSORS_PMBUS=m
|
||||
CONFIG_SENSORS_MAX16064=m
|
||||
CONFIG_SENSORS_MAX20751=m
|
||||
CONFIG_SENSORS_LM25066=m
|
||||
CONFIG_SENSORS_LTC2978=m
|
||||
CONFIG_SENSORS_MAX34440=m
|
||||
|
@ -2788,7 +2829,7 @@ CONFIG_HID_SENSOR_IIO_TRIGGER=m
|
|||
# CONFIG_AD5380 is not set
|
||||
# CONFIG_AD5064 is not set
|
||||
# CONFIG_BMA180 is not set
|
||||
# CONFIG_BMC150_ACCEL is not set
|
||||
CONFIG_BMC150_ACCEL=m
|
||||
# CONFIG_MAX1363 is not set
|
||||
# CONFIG_MAX517 is not set
|
||||
# CONFIG_MAX5821 is not set
|
||||
|
@ -2882,6 +2923,9 @@ CONFIG_ACPI_ALS=m
|
|||
CONFIG_KXCJK1013=m
|
||||
# CONFIG_ISL29125 is not set
|
||||
# CONFIG_JSA1212 is not set
|
||||
CONFIG_RPR0521=m
|
||||
CONFIG_OPT3001=m
|
||||
CONFIG_PA12203001=m
|
||||
# CONFIG_TCS3414 is not set
|
||||
# CONFIG_AK09911 is not set
|
||||
# CONFIG_T5403 is not set
|
||||
|
@ -3106,6 +3150,7 @@ CONFIG_RTC_DRV_PCF85063=m
|
|||
# CONFIG_RTC_DRV_ISL12057 is not set
|
||||
# CONFIG_RTC_DRV_XGENE is not set
|
||||
# CONFIG_RTC_DRV_ABB5ZES3 is not set
|
||||
# CONFIG_RTC_DRV_ZYNQMP is not set
|
||||
|
||||
CONFIG_R3964=m
|
||||
# CONFIG_APPLICOM is not set
|
||||
|
@ -3131,6 +3176,7 @@ CONFIG_VGA_ARB_MAX_GPUS=16
|
|||
|
||||
|
||||
CONFIG_DRM=m
|
||||
CONFIG_DRM_FBDEV_EMULATION=y
|
||||
CONFIG_DRM_LOAD_EDID_FIRMWARE=y
|
||||
CONFIG_DRM_AST=m # do not enable on f17 or older
|
||||
CONFIG_DRM_CIRRUS_QEMU=m # do not enable on f17 or older
|
||||
|
@ -3159,6 +3205,8 @@ CONFIG_DRM_NOUVEAU_BACKLIGHT=y
|
|||
CONFIG_DRM_I2C_ADV7511=m
|
||||
CONFIG_DRM_I2C_CH7006=m
|
||||
CONFIG_DRM_I2C_SIL164=m
|
||||
# CONFIG_DRM_NXP_PTN3460 is not set
|
||||
# CONFIG_DRM_PARADE_PS8622 is not set
|
||||
CONFIG_DRM_I2C_NXP_TDA998X=m
|
||||
CONFIG_DRM_UDL=m
|
||||
CONFIG_DRM_VMWGFX=m
|
||||
|
@ -3171,6 +3219,7 @@ CONFIG_DRM_PS8622=m
|
|||
# CONFIG_DRM_PANEL is not set
|
||||
# CONFIG_DRM_PANEL_SIMPLE is not set
|
||||
# CONFIG_DRM_PANEL_S6E8AA0 is not set
|
||||
# CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0 is not set
|
||||
CONFIG_DRM_VGEM=m
|
||||
|
||||
#
|
||||
|
@ -3342,6 +3391,7 @@ CONFIG_DVB_FIREDTV=m
|
|||
CONFIG_DVB_NGENE=m
|
||||
CONFIG_DVB_DDBRIDGE=m
|
||||
CONFIG_DVB_SMIPCIE=m
|
||||
CONFIG_DVB_NETUP_UNIDVB=m
|
||||
CONFIG_DVB_USB_TECHNISAT_USB2=m
|
||||
CONFIG_DVB_USB_V2=m
|
||||
|
||||
|
@ -3443,6 +3493,7 @@ CONFIG_V4L_MEM2MEM_DRIVERS=y
|
|||
# CONFIG_VIDEO_SH_VEU is not set
|
||||
# CONFIG_VIDEO_RENESAS_VSP1 is not set
|
||||
# CONFIG_V4L_TEST_DRIVERS is not set
|
||||
# CONFIG_DVB_PLATFORM_DRIVERS is not set
|
||||
|
||||
#
|
||||
# Broadcom Crystal HD video decoder driver
|
||||
|
@ -3525,6 +3576,7 @@ CONFIG_FB_EFI=y
|
|||
# CONFIG_FB_UDL is not set
|
||||
# CONFIG_FB_GOLDFISH is not set
|
||||
# CONFIG_FB_OPENCORES is not set
|
||||
# CONFIG_FB_SM712 is not set
|
||||
|
||||
# CONFIG_FIRMWARE_EDID is not set
|
||||
|
||||
|
@ -3765,6 +3817,7 @@ CONFIG_USB_SL811_HCD_ISO=y
|
|||
# CONFIG_USB_SL811_CS is not set
|
||||
# CONFIG_USB_R8A66597_HCD is not set
|
||||
CONFIG_USB_XHCI_HCD=y
|
||||
# CONFIG_USB_XHCI_PLATFORM is not set
|
||||
# CONFIG_USB_MAX3421_HCD is not set
|
||||
|
||||
#
|
||||
|
@ -3873,6 +3926,7 @@ CONFIG_HID_EMS_FF=m
|
|||
CONFIG_HID_ELECOM=m
|
||||
CONFIG_HID_ELO=m
|
||||
CONFIG_HID_EZKEY=m
|
||||
CONFIG_HID_GEMBIRD=m
|
||||
CONFIG_HID_UCLOGIC=m
|
||||
CONFIG_HID_WALTOP=m
|
||||
CONFIG_HID_ACRUX=m
|
||||
|
@ -3976,6 +4030,7 @@ CONFIG_USB_KAWETH=m
|
|||
CONFIG_USB_PEGASUS=m
|
||||
CONFIG_USB_RTL8150=m
|
||||
CONFIG_USB_RTL8152=m
|
||||
CONFIG_USB_LAN78XX=m
|
||||
CONFIG_USB_USBNET=m
|
||||
CONFIG_USB_SPEEDTOUCH=m
|
||||
CONFIG_USB_NET_AX8817X=m
|
||||
|
@ -4260,6 +4315,7 @@ CONFIG_MFD_VIPERBOARD=m
|
|||
# CONFIG_MFD_RT5033 is not set
|
||||
# CONFIG_MFD_SKY81452 is not set
|
||||
# CONFIG_MFD_MAX77843 is not set
|
||||
# CONFIG_MFD_DA9062 is not set
|
||||
# CONFIG_EZX_PCAP is not set
|
||||
# CONFIG_INTEL_SOC_PMIC is not set
|
||||
|
||||
|
@ -4273,7 +4329,7 @@ CONFIG_MISC_FILESYSTEMS=y
|
|||
# CONFIG_EXT2_FS is not set
|
||||
# CONFIG_EXT3_FS is not set
|
||||
CONFIG_EXT4_FS=y
|
||||
CONFIG_EXT4_USE_FOR_EXT23=y
|
||||
CONFIG_EXT4_USE_FOR_EXT2=y
|
||||
CONFIG_EXT4_FS_POSIX_ACL=y
|
||||
CONFIG_EXT4_FS_SECURITY=y
|
||||
# CONFIG_EXT4_ENCRYPTION is not set
|
||||
|
@ -4310,7 +4366,7 @@ CONFIG_AUTOFS4_FS=y
|
|||
# CONFIG_EXOFS_FS is not set
|
||||
# CONFIG_EXOFS_DEBUG is not set
|
||||
CONFIG_NILFS2_FS=m
|
||||
# CONFIG_FS_DAX is not set
|
||||
CONFIG_FS_DAX=y
|
||||
# CONFIG_LOGFS is not set
|
||||
CONFIG_CEPH_FS=m
|
||||
CONFIG_CEPH_FSCACHE=y
|
||||
|
@ -4609,6 +4665,7 @@ CONFIG_HEADERS_CHECK=y
|
|||
# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
|
||||
# CONFIG_DEBUG_LOCKDEP is not set
|
||||
# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
|
||||
# CONFIG_STATIC_KEYS_SELFTEST is not set
|
||||
|
||||
# DEBUG options that don't get enabled/disabled with 'make debug/release'
|
||||
|
||||
|
@ -4846,6 +4903,7 @@ CONFIG_BACKLIGHT_LP855X=m
|
|||
# CONFIG_BACKLIGHT_GPIO is not set
|
||||
# CONFIG_BACKLIGHT_LV5207LP is not set
|
||||
# CONFIG_BACKLIGHT_BD6107 is not set
|
||||
# CONFIG_BACKLIGHT_PM8941_WLED is not set
|
||||
|
||||
CONFIG_LCD_CLASS_DEVICE=m
|
||||
CONFIG_LCD_PLATFORM=m
|
||||
|
@ -4879,6 +4937,7 @@ CONFIG_CGROUPS=y
|
|||
CONFIG_CGROUP_CPUACCT=y
|
||||
CONFIG_CGROUP_DEVICE=y
|
||||
CONFIG_CGROUP_FREEZER=y
|
||||
CONFIG_CGROUP_PIDS=y
|
||||
CONFIG_CGROUP_SCHED=y
|
||||
CONFIG_MEMCG=y
|
||||
CONFIG_MEMCG_SWAP=y
|
||||
|
@ -5065,6 +5124,10 @@ CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
|
|||
# CONFIG_SND_SOC_TS3A227E is not set
|
||||
# CONFIG_SND_SOC_XTFPGA_I2S is not set
|
||||
# CONFIG_SND_SOC_STA32X is not set
|
||||
# CONFIG_SND_SOC_CS4349 is not set
|
||||
# CONFIG_SND_SOC_GTM601 is not set
|
||||
# CONFIG_SND_SOC_STI_SAS is not set
|
||||
#
|
||||
|
||||
CONFIG_BALLOON_COMPACTION=y
|
||||
CONFIG_COMPACTION=y
|
||||
|
@ -5128,6 +5191,7 @@ CONFIG_DMA_ENGINE=y
|
|||
CONFIG_DW_DMAC_CORE=m
|
||||
CONFIG_DW_DMAC=m
|
||||
CONFIG_DW_DMAC_PCI=m
|
||||
# CONFIG_IDMA64 is not set
|
||||
# CONFIG_DW_DMAC_BIG_ENDIAN_IO is not set
|
||||
# CONFIG_TIMB_DMA is not set
|
||||
# CONFIG_DMATEST is not set
|
||||
|
@ -5353,6 +5417,7 @@ CONFIG_STAGING_MEDIA=y
|
|||
# CONFIG_I2C_BCM2048 is not set
|
||||
# CONFIG_DT3155 is not set
|
||||
# CONFIG_PRISM2_USB is not set
|
||||
# CONFIG_MOST is not set
|
||||
CONFIG_USB_ATMEL=m
|
||||
# CONFIG_COMEDI is not set
|
||||
# CONFIG_PANEL is not set
|
||||
|
@ -5404,6 +5469,7 @@ CONFIG_USBIP_HOST=m
|
|||
# CONFIG_FB_SM7XX is not set
|
||||
# CONFIG_FB_TFT is not set
|
||||
# CONFIG_FB_SM750 is not set
|
||||
# CONFIG_STAGING_RDMA is not set
|
||||
# END OF STAGING
|
||||
|
||||
#
|
||||
|
@ -5481,6 +5547,8 @@ CONFIG_ZSMALLOC=y
|
|||
# CONFIG_ZSMALLOC_STAT is not set
|
||||
# CONFIG_PGTABLE_MAPPING is not set
|
||||
|
||||
# CONFIG_IDLE_PAGE_TRACKING is not set
|
||||
|
||||
# CONFIG_MDIO_GPIO is not set
|
||||
# CONFIG_KEYBOARD_GPIO is not set
|
||||
# CONFIG_KEYBOARD_GPIO_POLLED is not set
|
||||
|
@ -5528,6 +5596,7 @@ CONFIG_GPIO_VIPERBOARD=m
|
|||
# CONFIG_GPIO_MCP23S08 is not set
|
||||
# CONFIG_GPIO_XILINX is not set
|
||||
# CONFIG_GPIO_ALTERA is not set
|
||||
# CONFIG_GPIO_ZX is not set
|
||||
|
||||
# FIXME: Why?
|
||||
|
||||
|
@ -5568,6 +5637,7 @@ CONFIG_PSTORE_RAM=m
|
|||
# CONFIG_MEMTEST is not set
|
||||
# CONFIG_TEST_HEXDUMP is not set
|
||||
# CONFIG_TEST_RHASHTABLE is not set
|
||||
# CONFIG_TEST_STATIC_KEYS is not set
|
||||
|
||||
# CONFIG_AVERAGE is not set
|
||||
# CONFIG_VMXNET3 is not set
|
||||
|
|
|
@ -14,6 +14,7 @@ CONFIG_PPC_PSERIES=y
|
|||
# CONFIG_PPC_PMAC is not set
|
||||
# CONFIG_PPC_PMAC64 is not set
|
||||
# CONFIG_PPC_PS3 is not set
|
||||
CONFIG_HIBERNATION=n
|
||||
|
||||
CONFIG_EXTRA_TARGETS=""
|
||||
|
||||
|
@ -127,6 +128,7 @@ CONFIG_MTD_POWERNV_FLASH=m
|
|||
CONFIG_PPC_TRANSACTIONAL_MEM=y
|
||||
CONFIG_BLK_DEV_RSXX=m
|
||||
CONFIG_CXL=m
|
||||
CONFIG_CXLFLASH=m
|
||||
CONFIG_IBMEBUS=y
|
||||
CONFIG_EHEA=m
|
||||
CONFIG_INFINIBAND_EHCA=m
|
||||
|
@ -209,6 +211,7 @@ CONFIG_CAPI_EICON=y
|
|||
CONFIG_LEDS_TRIGGER_TIMER=m
|
||||
CONFIG_LEDS_TRIGGER_HEARTBEAT=m
|
||||
CONFIG_LEDS_TRIGGER_GPIO=m
|
||||
CONFIG_LEDS_POWERNV=m
|
||||
|
||||
CONFIG_USB_EHCI_HCD_PPC_OF=y
|
||||
CONFIG_USB_OHCI_HCD_PCI=y
|
||||
|
@ -358,6 +361,8 @@ CONFIG_I2C_MPC=m
|
|||
# CONFIG_NET_VENDOR_PASEMI is not set
|
||||
# CONFIG_NET_VENDOR_TOSHIBA is not set
|
||||
|
||||
CONFIG_MDIO_OCTEON=m
|
||||
|
||||
# CONFIG_OF_UNITTEST is not set
|
||||
# CONFIG_OF_OVERLAY is not set
|
||||
# CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
CONFIG_CPU_LITTLE_ENDIAN=y
|
||||
|
||||
CONFIG_POWER7_CPU=y
|
||||
|
||||
# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
|
||||
CONFIG_CHECKPOINT_RESTORE=y
|
||||
|
|
|
@ -201,6 +201,7 @@ CONFIG_VMCP=y
|
|||
CONFIG_SCHED_MC=y
|
||||
CONFIG_SCHED_BOOK=y
|
||||
CONFIG_SCHED_TOPOLOGY=y
|
||||
# CONFIG_NUMA is not set
|
||||
|
||||
# CONFIG_WARN_DYNAMIC_STACK is not set
|
||||
|
||||
|
@ -290,6 +291,7 @@ CONFIG_HOTPLUG_PCI_S390=y
|
|||
# CONFIG_SH_ETH is not set
|
||||
# CONFIG_NET_VENDOR_VIA is not set
|
||||
# CONFIG_IEEE802154_DRIVERS is not set
|
||||
# CONFIG_MDIO_OCTEON is not set
|
||||
|
||||
# CONFIG_FMC is not set
|
||||
|
||||
|
|
|
@ -4,6 +4,8 @@ CONFIG_X86_EXTENDED_PLATFORM=y
|
|||
|
||||
CONFIG_X86_GENERIC=y
|
||||
|
||||
# CONFIG_X86_LEGACY_VM86 is not set
|
||||
|
||||
CONFIG_HPET=y
|
||||
CONFIG_HPET_TIMER=y
|
||||
# CONFIG_HPET_MMAP is not set
|
||||
|
@ -34,9 +36,7 @@ CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
|
|||
CONFIG_X86_PAT=y
|
||||
CONFIG_X86_PM_TIMER=y
|
||||
|
||||
# This requires changes to binutils and the compiler. Plus you can't actually
|
||||
# buy hardware with MPX yet. So... leave it off until all of that seems set.
|
||||
# CONFIG_X86_INTEL_MPX is not set
|
||||
CONFIG_X86_INTEL_MPX=y
|
||||
|
||||
CONFIG_EFI=y
|
||||
CONFIG_EFI_STUB=y
|
||||
|
@ -111,6 +111,7 @@ CONFIG_XPOWER_PMIC_OPREGION=y
|
|||
CONFIG_GPIO_CRYSTAL_COVE=y
|
||||
CONFIG_AXP288_ADC=y
|
||||
CONFIG_AXP288_FUEL_GAUGE=y
|
||||
# CONFIG_PWM_CRC is not set
|
||||
|
||||
|
||||
CONFIG_X86_INTEL_PSTATE=y
|
||||
|
@ -133,6 +134,7 @@ CONFIG_CRYPTO_DEV_CCP=y
|
|||
CONFIG_CRYPTO_DEV_CCP_DD=m
|
||||
CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
|
||||
CONFIG_CRYPTO_DEV_QAT_DH895xCC=m
|
||||
CONFIG_CRYPTO_DEV_QAT_DH895xCCVF=m
|
||||
|
||||
CONFIG_GENERIC_ISA_DMA=y
|
||||
|
||||
|
@ -310,6 +312,9 @@ CONFIG_XEN_PCIDEV_BACKEND=m
|
|||
CONFIG_XEN_ACPI_PROCESSOR=m
|
||||
# CONFIG_XEN_SCSI_FRONTEND is not set
|
||||
# CONFIG_XEN_SCSI_BACKEND is not set
|
||||
CONFIG_XEN_SYMS=y
|
||||
|
||||
CONFIG_SPI_PXA2XX=m
|
||||
|
||||
CONFIG_MTD_ESB2ROM=m
|
||||
CONFIG_MTD_CK804XROM=m
|
||||
|
@ -457,6 +462,8 @@ CONFIG_CRYPTO_CRC32_PCLMUL=m
|
|||
|
||||
CONFIG_HP_ACCEL=m
|
||||
|
||||
CONFIG_SURFACE_PRO3_BUTTON=m
|
||||
|
||||
# CONFIG_RAPIDIO is not set
|
||||
|
||||
CONFIG_SCHED_SMT=y
|
||||
|
@ -498,10 +505,14 @@ CONFIG_NFC_MICROREAD_MEI=m
|
|||
# CONFIG_X86_GOLDFISH is not set
|
||||
|
||||
CONFIG_X86_INTEL_LPSS=y
|
||||
CONFIG_IDMA64=m
|
||||
|
||||
# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
|
||||
# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set
|
||||
|
||||
CONFIG_MFD_INTEL_LPSS_ACPI=m
|
||||
CONFIG_MFD_INTEL_LPSS_PCI=m
|
||||
|
||||
CONFIG_IOSF_MBI=m
|
||||
# CONFIG_IOSF_MBI_DEBUG is not set
|
||||
CONFIG_PWM_LPSS=m
|
||||
|
@ -536,6 +547,7 @@ CONFIG_X86_PKG_TEMP_THERMAL=m
|
|||
CONFIG_INTEL_SOC_DTS_THERMAL=m
|
||||
CONFIG_INT340X_THERMAL=m
|
||||
CONFIG_INTEL_RAPL=m
|
||||
CONFIG_INTEL_PCH_THERMAL=m
|
||||
|
||||
CONFIG_VMWARE_VMCI=m
|
||||
CONFIG_VMWARE_VMCI_VSOCKETS=m
|
||||
|
@ -554,6 +566,8 @@ CONFIG_MODULE_SIG_ALL=y
|
|||
# CONFIG_MODULE_SIG_SHA1 is not set
|
||||
CONFIG_MODULE_SIG_SHA256=y
|
||||
# CONFIG_MODULE_SIG_FORCE is not set
|
||||
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
|
||||
CONFIG_SYSTEM_TRUSTED_KEYS=""
|
||||
CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
|
||||
CONFIG_EFI_SIGNATURE_LIST_PARSER=y
|
||||
|
||||
|
@ -563,9 +577,11 @@ CONFIG_EFI_SIGNATURE_LIST_PARSER=y
|
|||
CONFIG_MODULE_SIG_UEFI=y
|
||||
|
||||
CONFIG_VMXNET3=m
|
||||
CONFIG_FUJITSU_ES=m
|
||||
CONFIG_VFIO_PCI_VGA=y
|
||||
|
||||
CONFIG_PCH_CAN=m
|
||||
|
||||
# CONFIG_X86_DEBUG_FPU is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_AMD_MCE_INJ is not set
|
||||
|
|
|
@ -86,6 +86,8 @@ CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
|
|||
CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
|
||||
CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
|
||||
CONFIG_CRYPTO_DES3_EDE_X86_64=m
|
||||
CONFIG_CRYPTO_POLY1305_X86_64=m
|
||||
CONFIG_CRYPTO_CHACHA20_X86_64=m
|
||||
# staging crypto
|
||||
# CONFIG_CRYPTO_SKEIN is not set
|
||||
|
||||
|
@ -134,6 +136,7 @@ CONFIG_XEN_SYS_HYPERVISOR=y
|
|||
# CONFIG_XEN_MCE_LOG is not set
|
||||
# CONFIG_XEN_STUB is not set
|
||||
# CONFIG_XEN_PVH is not set
|
||||
CONFIG_XEN_512GB=y
|
||||
|
||||
CONFIG_PROVIDE_OHCI1394_DMA_INIT=y
|
||||
|
||||
|
@ -199,6 +202,8 @@ CONFIG_BTT=y
|
|||
CONFIG_ND_BTT=m
|
||||
CONFIG_ND_BLK=m
|
||||
|
||||
CONFIG_MDIO_OCTEON=m
|
||||
|
||||
CONFIG_NO_HZ_FULL=y
|
||||
# CONFIG_NO_HZ_IDLE is not set
|
||||
# CONFIG_NO_HZ_FULL_ALL is not set
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
From c0ea161a6e7158281f64bc6d41126da43cb08f14 Mon Sep 17 00:00:00 2001
|
||||
From: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
Date: Sat, 15 Aug 2015 13:36:12 -0500
|
||||
Subject: [PATCH 1/2] dcache: Handle escaped paths in prepend_path
|
||||
|
||||
commit cde93be45a8a90d8c264c776fab63487b5038a65 upstream.
|
||||
|
||||
A rename can result in a dentry that by walking up d_parent
|
||||
will never reach it's mnt_root. For lack of a better term
|
||||
I call this an escaped path.
|
||||
|
||||
prepend_path is called by four different functions __d_path,
|
||||
d_absolute_path, d_path, and getcwd.
|
||||
|
||||
__d_path only wants to see paths are connected to the root it passes
|
||||
in. So __d_path needs prepend_path to return an error.
|
||||
|
||||
d_absolute_path similarly wants to see paths that are connected to
|
||||
some root. Escaped paths are not connected to any mnt_root so
|
||||
d_absolute_path needs prepend_path to return an error greater
|
||||
than 1. So escaped paths will be treated like paths on lazily
|
||||
unmounted mounts.
|
||||
|
||||
getcwd needs to prepend "(unreachable)" so getcwd also needs
|
||||
prepend_path to return an error.
|
||||
|
||||
d_path is the interesting hold out. d_path just wants to print
|
||||
something, and does not care about the weird cases. Which raises
|
||||
the question what should be printed?
|
||||
|
||||
Given that <escaped_path>/<anything> should result in -ENOENT I
|
||||
believe it is desirable for escaped paths to be printed as empty
|
||||
paths. As there are not really any meaninful path components when
|
||||
considered from the perspective of a mount tree.
|
||||
|
||||
So tweak prepend_path to return an empty path with an new error
|
||||
code of 3 when it encounters an escaped path.
|
||||
|
||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
||||
---
|
||||
fs/dcache.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/fs/dcache.c b/fs/dcache.c
|
||||
index 9b5fe503f6cb..e3b44ca75a1b 100644
|
||||
--- a/fs/dcache.c
|
||||
+++ b/fs/dcache.c
|
||||
@@ -2926,6 +2926,13 @@ restart:
|
||||
|
||||
if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
|
||||
struct mount *parent = ACCESS_ONCE(mnt->mnt_parent);
|
||||
+ /* Escaped? */
|
||||
+ if (dentry != vfsmnt->mnt_root) {
|
||||
+ bptr = *buffer;
|
||||
+ blen = *buflen;
|
||||
+ error = 3;
|
||||
+ break;
|
||||
+ }
|
||||
/* Global root? */
|
||||
if (mnt != parent) {
|
||||
dentry = ACCESS_ONCE(mnt->mnt_mountpoint);
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
From 31e64826785b5bafef7a6361516c060be2bca253 Mon Sep 17 00:00:00 2001
|
||||
From: Bastien Nocera <hadess@hadess.net>
|
||||
Date: Thu, 20 May 2010 10:30:31 -0400
|
||||
Subject: [PATCH] disable i8042 check on apple mac
|
||||
|
@ -17,11 +18,11 @@ Signed-off-by: Bastien Nocera <hadess@hadess.net>
|
|||
1 file changed, 22 insertions(+)
|
||||
|
||||
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
|
||||
index 4022b75eaad7..1aaf06aa7b0f 100644
|
||||
index c9c98f0ab284..5137185e14a9 100644
|
||||
--- a/drivers/input/serio/i8042.c
|
||||
+++ b/drivers/input/serio/i8042.c
|
||||
@@ -1506,6 +1506,22 @@ static struct platform_driver i8042_driver = {
|
||||
.shutdown = i8042_shutdown,
|
||||
@@ -1540,6 +1540,22 @@ static struct notifier_block i8042_kbd_bind_notifier_block = {
|
||||
.notifier_call = i8042_kbd_bind_notifier,
|
||||
};
|
||||
|
||||
+#ifdef CONFIG_DMI
|
||||
|
@ -43,7 +44,7 @@ index 4022b75eaad7..1aaf06aa7b0f 100644
|
|||
static int __init i8042_init(void)
|
||||
{
|
||||
struct platform_device *pdev;
|
||||
@@ -1513,6 +1529,12 @@ static int __init i8042_init(void)
|
||||
@@ -1547,6 +1563,12 @@ static int __init i8042_init(void)
|
||||
|
||||
dbg_init();
|
||||
|
||||
|
@ -56,3 +57,6 @@ index 4022b75eaad7..1aaf06aa7b0f 100644
|
|||
err = i8042_platform_init();
|
||||
if (err)
|
||||
return err;
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
From 02f47b49ab1cdbe62ceb71b658e2c469799ae368 Mon Sep 17 00:00:00 2001
|
||||
From: Adam Jackson <ajax@redhat.com>
|
||||
Date: Wed, 13 Nov 2013 10:17:24 -0500
|
||||
Subject: [PATCH] drm/i915: hush check crtc state
|
||||
|
@ -14,15 +15,18 @@ Upstream-status: http://lists.freedesktop.org/archives/intel-gfx/2013-November/0
|
|||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
|
||||
index 647b1404c441..e102a06f26e0 100644
|
||||
index ca9278be49f7..308ac0539a87 100644
|
||||
--- a/drivers/gpu/drm/i915/intel_display.c
|
||||
+++ b/drivers/gpu/drm/i915/intel_display.c
|
||||
@@ -12322,7 +12322,7 @@ check_crtc_state(struct drm_device *dev)
|
||||
|
||||
if (active &&
|
||||
!intel_pipe_config_compare(dev, crtc->config, &pipe_config)) {
|
||||
@@ -12688,7 +12688,7 @@ check_crtc_state(struct drm_device *dev, struct drm_atomic_state *old_state)
|
||||
sw_config = to_intel_crtc_state(crtc->state);
|
||||
if (!intel_pipe_config_compare(dev, sw_config,
|
||||
pipe_config, false)) {
|
||||
- I915_STATE_WARN(1, "pipe state doesn't match!\n");
|
||||
+ DRM_DEBUG_KMS("pipe state doesn't match!\n");
|
||||
intel_dump_pipe_config(crtc, &pipe_config,
|
||||
intel_dump_pipe_config(intel_crtc, pipe_config,
|
||||
"[hw state]");
|
||||
intel_dump_pipe_config(crtc, crtc->config,
|
||||
intel_dump_pipe_config(intel_crtc, sw_config,
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,62 +0,0 @@
|
|||
From ae93580ee59c02395c1711d3e6b90546b8137b86 Mon Sep 17 00:00:00 2001
|
||||
From: Alex Deucher <alexander.deucher@amd.com>
|
||||
Date: Tue, 27 Oct 2015 10:56:44 -0400
|
||||
Subject: [PATCH 2/2] drm/radeon: fix dpms when driver backlight control is
|
||||
disabled
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
If driver backlight control is disabled, either by driver
|
||||
parameter or default per-asic setting, revert to the old behavior.
|
||||
|
||||
Fixes a regression in commit:
|
||||
4281f46ef839050d2ef60348f661eb463c21cc2e
|
||||
|
||||
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
|
||||
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
---
|
||||
drivers/gpu/drm/radeon/atombios_encoders.c | 18 ++++++++++++++----
|
||||
1 file changed, 14 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/drivers/gpu/drm/radeon/atombios_encoders.c b/drivers/gpu/drm/radeon/atombios_encoders.c
|
||||
index 933fd1bc849b..bb292143997e 100644
|
||||
--- a/drivers/gpu/drm/radeon/atombios_encoders.c
|
||||
+++ b/drivers/gpu/drm/radeon/atombios_encoders.c
|
||||
@@ -1625,9 +1625,14 @@ radeon_atom_encoder_dpms_avivo(struct drm_encoder *encoder, int mode)
|
||||
} else
|
||||
atom_execute_table(rdev->mode_info.atom_context, index, (uint32_t *)&args);
|
||||
if (radeon_encoder->devices & (ATOM_DEVICE_LCD_SUPPORT)) {
|
||||
- struct radeon_encoder_atom_dig *dig = radeon_encoder->enc_priv;
|
||||
+ if (rdev->mode_info.bl_encoder) {
|
||||
+ struct radeon_encoder_atom_dig *dig = radeon_encoder->enc_priv;
|
||||
|
||||
- atombios_set_backlight_level(radeon_encoder, dig->backlight_level);
|
||||
+ atombios_set_backlight_level(radeon_encoder, dig->backlight_level);
|
||||
+ } else {
|
||||
+ args.ucAction = ATOM_LCD_BLON;
|
||||
+ atom_execute_table(rdev->mode_info.atom_context, index, (uint32_t *)&args);
|
||||
+ }
|
||||
}
|
||||
break;
|
||||
case DRM_MODE_DPMS_STANDBY:
|
||||
@@ -1707,8 +1712,13 @@ radeon_atom_encoder_dpms_dig(struct drm_encoder *encoder, int mode)
|
||||
if (ASIC_IS_DCE4(rdev))
|
||||
atombios_dig_encoder_setup(encoder, ATOM_ENCODER_CMD_DP_VIDEO_ON, 0);
|
||||
}
|
||||
- if (radeon_encoder->devices & (ATOM_DEVICE_LCD_SUPPORT))
|
||||
- atombios_set_backlight_level(radeon_encoder, dig->backlight_level);
|
||||
+ if (radeon_encoder->devices & (ATOM_DEVICE_LCD_SUPPORT)) {
|
||||
+ if (rdev->mode_info.bl_encoder)
|
||||
+ atombios_set_backlight_level(radeon_encoder, dig->backlight_level);
|
||||
+ else
|
||||
+ atombios_dig_transmitter_setup(encoder,
|
||||
+ ATOM_TRANSMITTER_ACTION_LCD_BLON, 0, 0);
|
||||
+ }
|
||||
if (ext_encoder)
|
||||
atombios_external_encoder_setup(encoder, ext_encoder, ATOM_ENABLE);
|
||||
break;
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,59 +0,0 @@
|
|||
From 4cee6a9057d5e13911f0cb6e143d11dc1a3245dd Mon Sep 17 00:00:00 2001
|
||||
From: Alex Deucher <alexander.deucher@amd.com>
|
||||
Date: Wed, 28 Oct 2015 14:26:32 -0400
|
||||
Subject: [PATCH 1/2] drm/radeon: move bl encoder assignment into bl init
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
So that the bl encoder will be null if the GPU does not
|
||||
control the backlight.
|
||||
|
||||
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
|
||||
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
---
|
||||
drivers/gpu/drm/radeon/atombios_encoders.c | 1 +
|
||||
drivers/gpu/drm/radeon/radeon_encoders.c | 1 -
|
||||
drivers/gpu/drm/radeon/radeon_legacy_encoders.c | 1 +
|
||||
3 files changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/gpu/drm/radeon/atombios_encoders.c b/drivers/gpu/drm/radeon/atombios_encoders.c
|
||||
index 65adb9c72377..933fd1bc849b 100644
|
||||
--- a/drivers/gpu/drm/radeon/atombios_encoders.c
|
||||
+++ b/drivers/gpu/drm/radeon/atombios_encoders.c
|
||||
@@ -237,6 +237,7 @@ void radeon_atom_backlight_init(struct radeon_encoder *radeon_encoder,
|
||||
backlight_update_status(bd);
|
||||
|
||||
DRM_INFO("radeon atom DIG backlight initialized\n");
|
||||
+ rdev->mode_info.bl_encoder = radeon_encoder;
|
||||
|
||||
return;
|
||||
|
||||
diff --git a/drivers/gpu/drm/radeon/radeon_encoders.c b/drivers/gpu/drm/radeon/radeon_encoders.c
|
||||
index ef99917f000d..c6ee80216cf4 100644
|
||||
--- a/drivers/gpu/drm/radeon/radeon_encoders.c
|
||||
+++ b/drivers/gpu/drm/radeon/radeon_encoders.c
|
||||
@@ -194,7 +194,6 @@ static void radeon_encoder_add_backlight(struct radeon_encoder *radeon_encoder,
|
||||
radeon_atom_backlight_init(radeon_encoder, connector);
|
||||
else
|
||||
radeon_legacy_backlight_init(radeon_encoder, connector);
|
||||
- rdev->mode_info.bl_encoder = radeon_encoder;
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/drivers/gpu/drm/radeon/radeon_legacy_encoders.c b/drivers/gpu/drm/radeon/radeon_legacy_encoders.c
|
||||
index 45715307db71..30de43366eae 100644
|
||||
--- a/drivers/gpu/drm/radeon/radeon_legacy_encoders.c
|
||||
+++ b/drivers/gpu/drm/radeon/radeon_legacy_encoders.c
|
||||
@@ -441,6 +441,7 @@ void radeon_legacy_backlight_init(struct radeon_encoder *radeon_encoder,
|
||||
backlight_update_status(bd);
|
||||
|
||||
DRM_INFO("radeon legacy LVDS backlight initialized\n");
|
||||
+ rdev->mode_info.bl_encoder = radeon_encoder;
|
||||
|
||||
return;
|
||||
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
From b4467813ec088c13bd8c9f1eafb7c29d889d7c8f Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 27 Aug 2013 13:33:03 -0400
|
||||
Subject: [PATCH] efi: Add EFI_SECURE_BOOT bit
|
||||
Subject: [PATCH 13/20] efi: Add EFI_SECURE_BOOT bit
|
||||
|
||||
UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
|
||||
for use with efi_enabled.
|
||||
|
@ -12,10 +13,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
|||
2 files changed, 3 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index c2e4f52cad30..5def6b4143fa 100644
|
||||
index 1ac118146e90..f93826b8522c 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -1162,7 +1162,9 @@ void __init setup_arch(char **cmdline_p)
|
||||
@@ -1137,7 +1137,9 @@ void __init setup_arch(char **cmdline_p)
|
||||
|
||||
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
if (boot_params.secure_boot) {
|
||||
|
@ -37,3 +38,6 @@ index 85ef051ac6fb..de3e45088d4a 100644
|
|||
|
||||
#ifdef CONFIG_EFI
|
||||
/*
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From 9ef94251448aa463c5937ee8e8e27d6fd9529509 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 5 Feb 2013 19:25:05 -0500
|
||||
Subject: [PATCH] efi: Disable secure boot if shim is in insecure mode
|
||||
Subject: [PATCH 11/20] efi: Disable secure boot if shim is in insecure mode
|
||||
|
||||
A user can manually tell the shim boot loader to disable validation of
|
||||
images it loads. When a user does this, it creates a UEFI variable called
|
||||
|
@ -14,7 +15,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
|||
1 file changed, 19 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||
index 1ef8ea7f8ed9..d82dc9c1c19e 100644
|
||||
index b4de3faa3f29..5cc2ef570390 100644
|
||||
--- a/arch/x86/boot/compressed/eboot.c
|
||||
+++ b/arch/x86/boot/compressed/eboot.c
|
||||
@@ -830,8 +830,9 @@ out:
|
||||
|
@ -52,3 +53,6 @@ index 1ef8ea7f8ed9..d82dc9c1c19e 100644
|
|||
return 1;
|
||||
}
|
||||
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From 0081083434db41c15b72eced975da0bd9b80566b Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 27 Aug 2013 13:28:43 -0400
|
||||
Subject: [PATCH] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
|
||||
Subject: [PATCH 12/20] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
|
||||
|
||||
The functionality of the config option is dependent upon the platform being
|
||||
UEFI based. Reflect this in the config deps.
|
||||
|
@ -11,10 +12,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
|||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index 4da6644b1fd0..341a1457f7c7 100644
|
||||
index 14db458f4774..f6ff0a86d841 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1704,7 +1704,8 @@ config EFI_MIXED
|
||||
@@ -1735,7 +1735,8 @@ config EFI_MIXED
|
||||
If unsure, say N.
|
||||
|
||||
config EFI_SECURE_BOOT_SIG_ENFORCE
|
||||
|
@ -24,3 +25,6 @@ index 4da6644b1fd0..341a1457f7c7 100644
|
|||
prompt "Force module signing when UEFI Secure Boot is enabled"
|
||||
---help---
|
||||
UEFI Secure Boot provides a mechanism for ensuring that the
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From 51abecb00c48941cc3db19701cc73e65082924bb Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Fri, 20 Jun 2014 08:53:24 -0400
|
||||
Subject: [PATCH] hibernate: Disable in a signed modules environment
|
||||
Subject: [PATCH 14/20] hibernate: Disable in a signed modules environment
|
||||
|
||||
There is currently no way to verify the resume image when returning
|
||||
from hibernate. This might compromise the signed modules trust model,
|
||||
|
@ -33,3 +34,6 @@ index 690f78f210f2..037303a1cba9 100644
|
|||
}
|
||||
|
||||
/**
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
From 72695420d48c264b3ca0dacccda1a4789a52c2f6 Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Fri, 24 Jul 2015 11:45:28 +0200
|
||||
Subject: [PATCH] ideapad-laptop: Add Lenovo Yoga 3 14 to no_hw_rfkill dmi list
|
||||
|
||||
Like some of the other Yoga models the Lenovo Yoga 3 14 does not have a
|
||||
hw rfkill switch, and trying to read the hw rfkill switch through the
|
||||
ideapad module causes it to always reported blocking breaking wifi.
|
||||
|
||||
This commit adds the Lenovo Yoga 3 14 to the no_hw_rfkill dmi list, fixing
|
||||
the wifi breakage.
|
||||
|
||||
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1239050
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
drivers/platform/x86/ideapad-laptop.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
|
||||
index 76b57388d01b..81c3e582309a 100644
|
||||
--- a/drivers/platform/x86/ideapad-laptop.c
|
||||
+++ b/drivers/platform/x86/ideapad-laptop.c
|
||||
@@ -853,6 +853,13 @@ static const struct dmi_system_id no_hw_rfkill_list[] = {
|
||||
},
|
||||
},
|
||||
{
|
||||
+ .ident = "Lenovo Yoga 3 14",
|
||||
+ .matches = {
|
||||
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
|
||||
+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Yoga 3 14"),
|
||||
+ },
|
||||
+ },
|
||||
+ {
|
||||
.ident = "Lenovo Yoga 3 Pro 1370",
|
||||
.matches = {
|
||||
DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
From 332faabbaab64876396be48f1a1cf72b31d53a9d Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Mon, 9 Nov 2015 17:09:05 +0100
|
||||
Subject: [PATCH] ideapad-laptop: Add Lenovo Yoga 900 to no_hw_rfkill dmi list
|
||||
|
||||
Like some of the other Yoga models the Lenovo Yoga 900 does not have a
|
||||
hw rfkill switch, and trying to read the hw rfkill switch through the
|
||||
ideapad module causes it to always reported blocking breaking wifi.
|
||||
|
||||
This commit adds the Lenovo Yoga 900 to the no_hw_rfkill dmi list, fixing
|
||||
the wifi breakage.
|
||||
|
||||
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1275490
|
||||
Cc: stable@vger.kernel.org
|
||||
Reported-and-tested-by: Kevin Fenzi <kevin@scrye.com>
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
drivers/platform/x86/ideapad-laptop.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
|
||||
index fce49f3c6ed6..d4a48b4d161a 100644
|
||||
--- a/drivers/platform/x86/ideapad-laptop.c
|
||||
+++ b/drivers/platform/x86/ideapad-laptop.c
|
||||
@@ -873,6 +873,13 @@ static const struct dmi_system_id no_hw_rfkill_list[] = {
|
||||
DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo YOGA 3 Pro-1370"),
|
||||
},
|
||||
},
|
||||
+ {
|
||||
+ .ident = "Lenovo Yoga 900",
|
||||
+ .matches = {
|
||||
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
|
||||
+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo YOGA 900"),
|
||||
+ },
|
||||
+ },
|
||||
{}
|
||||
};
|
||||
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,40 @@
|
|||
From 14b627c610f93c2700f9a3825ac10c35d51acfe4 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Mon, 7 Dec 2015 13:50:38 -0500
|
||||
Subject: [PATCH] ideapad-laptop: Add Lenovo ideapad Y700-17ISK to no_hw_rfkill
|
||||
dmi list
|
||||
|
||||
One of the newest ideapad models also lacks a physical hw rfkill switch,
|
||||
and trying to read the hw rfkill switch through the ideapad module
|
||||
causes it to always reported blocking breaking wifi.
|
||||
|
||||
Fix it by adding this model to the DMI list.
|
||||
|
||||
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1286293
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
---
|
||||
drivers/platform/x86/ideapad-laptop.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
|
||||
index a313dfc0245f..d28db0e793df 100644
|
||||
--- a/drivers/platform/x86/ideapad-laptop.c
|
||||
+++ b/drivers/platform/x86/ideapad-laptop.c
|
||||
@@ -865,6 +865,13 @@ static const struct dmi_system_id no_hw_rfkill_list[] = {
|
||||
},
|
||||
},
|
||||
{
|
||||
+ .ident = "Lenovo ideapad Y700-17ISK",
|
||||
+ .matches = {
|
||||
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
|
||||
+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo ideapad Y700-17ISK"),
|
||||
+ },
|
||||
+ },
|
||||
+ {
|
||||
.ident = "Lenovo Yoga 2 11 / 13 / Pro",
|
||||
.matches = {
|
||||
DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -16,10 +16,10 @@ Upstream-status: Fedora mustard
|
|||
3 files changed, 2 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c
|
||||
index 30b7bbfdc558..95863902627f 100644
|
||||
index 9717d5f20139..a3101d2fd936 100644
|
||||
--- a/drivers/base/power/main.c
|
||||
+++ b/drivers/base/power/main.c
|
||||
@@ -123,8 +123,6 @@ void device_pm_unlock(void)
|
||||
@@ -122,8 +122,6 @@ void device_pm_unlock(void)
|
||||
*/
|
||||
void device_pm_add(struct device *dev)
|
||||
{
|
||||
|
@ -29,7 +29,7 @@ index 30b7bbfdc558..95863902627f 100644
|
|||
if (dev->parent && dev->parent->power.is_prepared)
|
||||
dev_warn(dev, "parent %s should not be sleeping\n",
|
||||
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
|
||||
index cb5ece77fd7d..4022b75eaad7 100644
|
||||
index 986a71c614b0..bfb0b2280df0 100644
|
||||
--- a/drivers/input/serio/i8042.c
|
||||
+++ b/drivers/input/serio/i8042.c
|
||||
@@ -871,7 +871,6 @@ static int __init i8042_check_aux(void)
|
||||
|
@ -41,7 +41,7 @@ index cb5ece77fd7d..4022b75eaad7 100644
|
|||
}
|
||||
|
||||
diff --git a/net/can/af_can.c b/net/can/af_can.c
|
||||
index 7933e62a7318..96a911003af7 100644
|
||||
index 32d710eaf1fc..af4a20b86ee7 100644
|
||||
--- a/net/can/af_can.c
|
||||
+++ b/net/can/af_can.c
|
||||
@@ -155,13 +155,9 @@ static int can_create(struct net *net, struct socket *sock, int protocol,
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
From 7877d76b409181af38d307b98d8fed1024f3c9c2 Mon Sep 17 00:00:00 2001
|
||||
From: Roland McGrath <roland@redhat.com>
|
||||
Date: Mon, 6 Oct 2008 23:03:03 -0700
|
||||
Subject: [PATCH] kbuild: AFTER_LINK
|
||||
|
@ -62,7 +63,7 @@ index effca9404b17..713891a92d23 100644
|
|||
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
|
||||
|
||||
diff --git a/arch/s390/kernel/vdso32/Makefile b/arch/s390/kernel/vdso32/Makefile
|
||||
index 8ad2b34ad151..e153572ab351 100644
|
||||
index ee8a18e50a25..63e33fa049f8 100644
|
||||
--- a/arch/s390/kernel/vdso32/Makefile
|
||||
+++ b/arch/s390/kernel/vdso32/Makefile
|
||||
@@ -43,7 +43,8 @@ $(obj-vdso32): %.o: %.S
|
||||
|
@ -76,7 +77,7 @@ index 8ad2b34ad151..e153572ab351 100644
|
|||
cmd_vdso32as = $(CC) $(a_flags) -c -o $@ $<
|
||||
|
||||
diff --git a/arch/s390/kernel/vdso64/Makefile b/arch/s390/kernel/vdso64/Makefile
|
||||
index 2a8ddfd12a5b..452ca53561fe 100644
|
||||
index c4b03f9ed228..550450fc2f95 100644
|
||||
--- a/arch/s390/kernel/vdso64/Makefile
|
||||
+++ b/arch/s390/kernel/vdso64/Makefile
|
||||
@@ -43,7 +43,8 @@ $(obj-vdso64): %.o: %.S
|
||||
|
@ -90,7 +91,7 @@ index 2a8ddfd12a5b..452ca53561fe 100644
|
|||
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
|
||||
|
||||
diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
|
||||
index e97032069f88..9ea82f444dea 100644
|
||||
index a3d0767a6b29..078c9be1db8f 100644
|
||||
--- a/arch/x86/entry/vdso/Makefile
|
||||
+++ b/arch/x86/entry/vdso/Makefile
|
||||
@@ -172,8 +172,9 @@ $(vdso32-images:%=$(obj)/%.dbg): $(obj)/vdso32-%.so.dbg: FORCE \
|
||||
|
@ -103,7 +104,7 @@ index e97032069f88..9ea82f444dea 100644
|
|||
+ $(if $(AFTER_LINK),; $(AFTER_LINK)) && \
|
||||
+ sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
|
||||
|
||||
VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv) \
|
||||
VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=both) \
|
||||
$(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS)
|
||||
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
|
||||
index 1a10d8ac8162..092d0c0cf72c 100755
|
||||
|
@ -120,3 +121,6 @@ index 1a10d8ac8162..092d0c0cf72c 100755
|
|||
}
|
||||
|
||||
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
205
kernel.spec
205
kernel.spec
|
@ -46,14 +46,14 @@ Summary: The Linux kernel
|
|||
# base_sublevel is the kernel version we're starting with and patching
|
||||
# on top of -- for example, 3.1-rc7-git1 starts with a 3.0 base,
|
||||
# which yields a base_sublevel of 0.
|
||||
%define base_sublevel 2
|
||||
%define base_sublevel 3
|
||||
|
||||
## If this is a released kernel ##
|
||||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
#+Hu Pf against 4.2.5 v4.2-pf3: https://pf.natalenko.name/forum/index.php?topic=363.0
|
||||
%define stable_update 5
|
||||
#+Hu Pf against 4.3.3 v4.3-pf3: https://pf.natalenko.name/news/?p=111
|
||||
%define stable_update 3
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
@ -392,8 +392,12 @@ BuildRequires: rpm-build, elfutils
|
|||
%define debuginfo_args --strict-build-id -r
|
||||
%endif
|
||||
|
||||
%ifarch %{ix86} x86_64
|
||||
# MODULE_SIG is enabled in config-x86-generic and needs these:
|
||||
BuildRequires: openssl openssl-devel
|
||||
%endif
|
||||
|
||||
%if %{signmodules}
|
||||
BuildRequires: openssl
|
||||
BuildRequires: pesign >= 0.10-4
|
||||
%endif
|
||||
|
||||
|
@ -508,15 +512,13 @@ Patch455: usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
|
|||
|
||||
Patch456: arm64-acpi-drop-expert-patch.patch
|
||||
|
||||
Patch457: showmem-cma-correct-reserved-memory-calculation.patch
|
||||
Patch457: ARM-tegra-usb-no-reset.patch
|
||||
|
||||
Patch458: ARM-tegra-usb-no-reset.patch
|
||||
Patch458: ARM-dts-Add-am335x-bonegreen.patch
|
||||
|
||||
Patch459: regulator-axp20x-module-alias.patch
|
||||
Patch459: 0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch
|
||||
|
||||
Patch460: regulator-anatop-module-alias.patch
|
||||
|
||||
Patch461: ARM-dts-Add-am335x-bonegreen.patch
|
||||
Patch460: mfd-wm8994-Ensure-that-the-whole-MFD-is-built-into-a.patch
|
||||
|
||||
Patch463: arm-i.MX6-Utilite-device-dtb.patch
|
||||
|
||||
|
@ -526,8 +528,6 @@ Patch467: die-floppy-die.patch
|
|||
|
||||
Patch468: no-pcspkr-modalias.patch
|
||||
|
||||
Patch469: input-silence-i8042-noise.patch
|
||||
|
||||
Patch470: silence-fbcon-logo.patch
|
||||
|
||||
Patch471: Kbuild-Add-an-option-to-enable-GCC-VTA.patch
|
||||
|
@ -596,47 +596,63 @@ Patch502: firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch
|
|||
|
||||
Patch503: drm-i915-turn-off-wc-mmaps.patch
|
||||
|
||||
#rhbz 1244511
|
||||
Patch507: HID-chicony-Add-support-for-Acer-Aspire-Switch-12.patch
|
||||
|
||||
Patch508: kexec-uefi-copy-secure_boot-flag-in-boot-params.patch
|
||||
|
||||
#rhbz 1239050
|
||||
Patch509: ideapad-laptop-Add-Lenovo-Yoga-3-14-to-no_hw_rfkill-.patch
|
||||
|
||||
#rhbz 1253789
|
||||
Patch510: iSCSI-let-session-recovery_tmo-sysfs-writes-persist.patch
|
||||
|
||||
#rhbz 1257534
|
||||
Patch513: nv46-Change-mc-subdev-oclass-from-nv44-to-nv4c.patch
|
||||
|
||||
#rhbz 1257500
|
||||
Patch517: vmwgfx-Rework-device-initialization.patch
|
||||
Patch518: drm-vmwgfx-Allow-dropped-masters-render-node-like-ac.patch
|
||||
|
||||
#CVE-2015-6937 rhbz 1263139 1263140
|
||||
Patch523: RDS-verify-the-underlying-transport-exists-before-cr.patch
|
||||
#CVE-2015-7990 rhbz 1276437 1276438
|
||||
Patch524: RDS-fix-race-condition-when-sending-a-message-on-unb.patch
|
||||
|
||||
#rhbz 1265978
|
||||
Patch536: si2168-Bounds-check-firmware.patch
|
||||
Patch537: si2157-Bounds-check-firmware.patch
|
||||
|
||||
#rhbz 1272172
|
||||
Patch540: 0001-KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch
|
||||
Patch541: 0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch
|
||||
|
||||
#rhbz 1257131
|
||||
Patch542: 0001-xhci-Add-spurious-wakeup-quirk-for-LynxPoint-LP-cont.patch
|
||||
|
||||
#CVE-2015-7799 rhbz 1271134 1271135
|
||||
Patch543: isdn_ppp-Add-checks-for-allocation-failure-in-isdn_p.patch
|
||||
Patch544: ppp-slip-Validate-VJ-compression-slot-parameters-com.patch
|
||||
Patch512: isdn_ppp-Add-checks-for-allocation-failure-in-isdn_p.patch
|
||||
Patch513: ppp-slip-Validate-VJ-compression-slot-parameters-com.patch
|
||||
|
||||
#rhbz 1278407
|
||||
Patch545: drm-radeon-move-bl-encoder-assignment-into-bl-init.patch
|
||||
Patch546: drm-radeon-fix-dpms-when-driver-backlight-control-is.patch
|
||||
#CVE-2015-8104 rhbz 1278496 1279691
|
||||
Patch551: KVM-svm-unconditionally-intercept-DB.patch
|
||||
|
||||
#rhbz 1269300
|
||||
Patch552: megaraid_sas-Do-not-use-PAGE_SIZE-for-max_sectors.patch
|
||||
|
||||
#rhbz 1275490
|
||||
Patch553: ideapad-laptop-Add-Lenovo-Yoga-900-to-no_hw_rfkill-d.patch
|
||||
|
||||
#rhbz 1279189
|
||||
Patch556: netfilter-ipset-Fix-extension-alignment.patch
|
||||
Patch557: netfilter-ipset-Fix-hash-type-expiration.patch
|
||||
Patch558: netfilter-ipset-Fix-hash-type-expire-release-empty-h.patch
|
||||
|
||||
#rhbz 1284059
|
||||
Patch566: KEYS-Fix-handling-of-stored-error-in-a-negatively-in.patch
|
||||
|
||||
#CVE-2015-7833 rhbz 1270158 1270160
|
||||
Patch567: usbvision-fix-crash-on-detecting-device-with-invalid.patch
|
||||
|
||||
#CVE-2015-7515 rhbz 1285326 1285331
|
||||
Patch568: Input-aiptek-fix-crash-on-detecting-device-without-e.patch
|
||||
|
||||
#rhbz 1287819
|
||||
Patch570: HID-multitouch-enable-palm-rejection-if-device-imple.patch
|
||||
|
||||
#rhbz 1286293
|
||||
Patch571: ideapad-laptop-Add-Lenovo-ideapad-Y700-17ISK-to-no_h.patch
|
||||
|
||||
#rhbz 1288687
|
||||
Patch572: alua_fix.patch
|
||||
|
||||
#CVE-XXXX-XXXX rhbz 1291329 1291332
|
||||
Patch574: ovl-fix-permission-checking-for-setattr.patch
|
||||
|
||||
#CVE-2015-7550 rhbz 1291197 1291198
|
||||
Patch575: KEYS-Fix-race-between-read-and-revoke.patch
|
||||
|
||||
#CVE-2015-8543 rhbz 1290475 1290477
|
||||
Patch576: net-add-validation-for-the-socket-syscall-protocol-a.patch
|
||||
|
||||
#CVE-2015-8569 rhbz 1292045 1292047
|
||||
Patch600: pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
|
||||
|
||||
Patch601: vrf-fix-memory-leak-on-registration.patch
|
||||
|
||||
#CVE-2015-8575 rhbz 1292840 1292841
|
||||
Patch602: bluetooth-Validate-socket-address-length-in-sco_sock.patch
|
||||
|
||||
#CVE-2015-8709 rhbz 1295287 1295288
|
||||
Patch603: ptrace-being-capable-wrt-a-process-requires-mapped-u.patch
|
||||
|
||||
|
||||
################# Hubbitus patches
|
||||
|
@ -1371,11 +1387,9 @@ BuildKernel() {
|
|||
cp configs/$Config .config
|
||||
|
||||
%if %{signmodules}
|
||||
cp %{SOURCE11} .
|
||||
cp %{SOURCE11} certs/.
|
||||
%endif
|
||||
|
||||
chmod +x scripts/sign-file
|
||||
|
||||
Arch=`head -1 .config | cut -b 3-`
|
||||
echo USING ARCH=$Arch
|
||||
|
||||
|
@ -1617,8 +1631,8 @@ BuildKernel() {
|
|||
|
||||
%if %{signmodules}
|
||||
# Save the signing keys so we can sign the modules in __modsign_install_post
|
||||
cp signing_key.priv signing_key.priv.sign${Flav}
|
||||
cp signing_key.x509 signing_key.x509.sign${Flav}
|
||||
cp certs/signing_key.pem certs/signing_key.pem.sign${Flav}
|
||||
cp certs/signing_key.x509 certs/signing_key.x509.sign${Flav}
|
||||
%endif
|
||||
|
||||
# Move the devel headers out of the root file system
|
||||
|
@ -1713,16 +1727,16 @@ popd
|
|||
%define __modsign_install_post \
|
||||
if [ "%{signmodules}" -eq "1" ]; then \
|
||||
if [ "%{with_pae}" -ne "0" ]; then \
|
||||
%{modsign_cmd} signing_key.priv.sign+%{pae} signing_key.x509.sign+%{pae} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}/ \
|
||||
%{modsign_cmd} certs/signing_key.pem.sign+%{pae} certs/signing_key.x509.sign+%{pae} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}/ \
|
||||
fi \
|
||||
if [ "%{with_debug}" -ne "0" ]; then \
|
||||
%{modsign_cmd} signing_key.priv.sign+debug signing_key.x509.sign+debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+debug/ \
|
||||
%{modsign_cmd} certs/signing_key.pem.sign+debug certs/signing_key.x509.sign+debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+debug/ \
|
||||
fi \
|
||||
if [ "%{with_pae_debug}" -ne "0" ]; then \
|
||||
%{modsign_cmd} signing_key.priv.sign+%{pae}debug signing_key.x509.sign+%{pae}debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}debug/ \
|
||||
%{modsign_cmd} certs/signing_key.pem.sign+%{pae}debug certs/signing_key.x509.sign+%{pae}debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}debug/ \
|
||||
fi \
|
||||
if [ "%{with_up}" -ne "0" ]; then \
|
||||
%{modsign_cmd} signing_key.priv.sign signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
|
||||
%{modsign_cmd} certs/signing_key.pem.sign certs/signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
|
||||
fi \
|
||||
fi \
|
||||
if [ "%{zipmodules}" -eq "1" ]; then \
|
||||
|
@ -1983,6 +1997,7 @@ fi
|
|||
%{_libdir}/traceevent/plugins/*
|
||||
%dir %{_libexecdir}/perf-core
|
||||
%{_libexecdir}/perf-core/*
|
||||
%{_datadir}/perf-core/*
|
||||
%{_mandir}/man[1-8]/perf*
|
||||
%{_sysconfdir}/bash_completion.d/perf
|
||||
%doc linux-%{KVERREL}/tools/perf/Documentation/examples.txt
|
||||
|
@ -2111,6 +2126,80 @@ fi
|
|||
# and build.
|
||||
#
|
||||
%changelog
|
||||
* Tue Jan 05 2016 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2015-8709 ptrace: potential priv escalation with userns (rhbz 1295287 1295288)
|
||||
- Merge 4.3.3 from stabilization branch
|
||||
|
||||
* Fri Dec 18 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2015-8575 information leak in sco_sock_bind (rhbz 1292840 1292841)
|
||||
|
||||
* Thu Dec 17 2015 Justin M. Forbes <jforbes@fedoraproject.org>
|
||||
- Fix for memory leak in vrf
|
||||
|
||||
* Thu Dec 17 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2015-8569 info leak from getsockname (rhbz 1292045 1292047)
|
||||
|
||||
* Tue Dec 15 2015 Justin Forbes <jforbes@fedoraproject.org> - 4.2.8-300
|
||||
- Linux v4.2.8
|
||||
|
||||
* Tue Dec 15 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2015-8543 ipv6: DoS via NULL pointer dereference (rhbz 1290475 1290477)
|
||||
|
||||
* Mon Dec 14 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2015-7550 Race between read and revoke keys (rhbz 1291197 1291198)
|
||||
- CVE-XXXX-XXXX permission bypass on overlayfs (rhbz 1291329 1291332)
|
||||
|
||||
* Fri Dec 11 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2013-7446 unix sockects use after free (rhbz 1282688 1282712)
|
||||
|
||||
* Thu Dec 10 2015 Laura Abbott <labbott@redhat.com>
|
||||
- Ignore errors from scsi_dh_add_device (rhbz 1288687)
|
||||
|
||||
* Thu Dec 10 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Fix rfkill issues on ideapad Y700-17ISK (rhbz 1286293)
|
||||
|
||||
* Wed Dec 09 2015 Justin Forbes <jforbes@fedoraproject.org> - 4.2.7-300
|
||||
- Linux v4.2.7
|
||||
|
||||
* Thu Dec 03 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Add patch to fix palm rejection on certain touchpads (rhbz 1287819)
|
||||
- Add new PCI ids for wireless, including Lenovo Yoga (rhbz 1275490)
|
||||
|
||||
* Tue Dec 01 2015 Laura Abbott <labbott@redhat.com>
|
||||
- Enable CONFIG_X86_INTEL_MPX (rhbz 1287279)
|
||||
|
||||
* Tue Dec 01 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2015-7515 aiptek: crash on invalid device descriptors (rhbz 1285326 1285331)
|
||||
- CVE-2015-7833 usbvision: crash on invalid device descriptors (rhbz 1270158 1270160)
|
||||
|
||||
* Mon Nov 30 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Fix crash in add_key (rhbz 1284059)
|
||||
- CVE-2015-8374 btrfs: info leak when truncating compressed/inlined extents (rhbz 1286261 1286262)
|
||||
|
||||
* Sun Nov 22 2015 Peter Robinson <pbrobinson@fedoraproject.org>
|
||||
- Fix sound issue on some ARM devices (tested on Arndale)
|
||||
|
||||
* Fri Nov 20 2015 Justin M. Forbes <jmforbes@fedoraproject.org> - 4.2.6-301
|
||||
- Fix for GRE tunnel running in IPSec (rhbz 1272571)
|
||||
- Fix KVM on specific hardware (rhbz 1278688)
|
||||
|
||||
* Mon Nov 16 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Fix ipset netfilter issues (rhbz 1279189)
|
||||
|
||||
* Thu Nov 12 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2015-5327 x509 time validation
|
||||
|
||||
* Tue Nov 10 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Fix Yoga 900 rfkill switch issues (rhbz 1275490)
|
||||
|
||||
* Tue Nov 10 2015 Justin M. Forbes <jforbes@fedoraproject.org> - 4.2.6-300
|
||||
- Linux v4.2.6
|
||||
|
||||
* Tue Nov 10 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Fix incorrect size calculations in megaraid with 64K pages (rhbz 1269300)
|
||||
- CVE-2015-8104 kvm: DoS infinite loop in microcode DB exception (rhbz 1278496 1279691)
|
||||
- CVE-2015-5307 kvm: DoS infinite loop in microcode AC exception (rhbz 1277172 1279688)
|
||||
|
||||
* Sat Nov 07 2015 Pavel Alexeev <Pahan@Hubbitus.info> - 4.2.5-300.hu.1.pf3
|
||||
- Update to Fedora23.
|
||||
- Merge fc23 branch.
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
From 6306cad6e5663424c08e5ebdfdcfd799c5537bfe Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 9 Aug 2013 03:33:56 -0400
|
||||
Subject: [PATCH] kexec: Disable at runtime if the kernel enforces module
|
||||
|
@ -13,18 +14,18 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
|
|||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/kernel/kexec.c b/kernel/kexec.c
|
||||
index a785c1015e25..81d6b404f33c 100644
|
||||
index 4c5edc357923..db431971dbd4 100644
|
||||
--- a/kernel/kexec.c
|
||||
+++ b/kernel/kexec.c
|
||||
@@ -36,6 +36,7 @@
|
||||
#include <linux/syscore_ops.h>
|
||||
#include <linux/compiler.h>
|
||||
#include <linux/hugetlb.h>
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <linux/mm.h>
|
||||
#include <linux/file.h>
|
||||
#include <linux/kexec.h>
|
||||
+#include <linux/module.h>
|
||||
|
||||
#include <asm/page.h>
|
||||
#include <asm/uaccess.h>
|
||||
@@ -1258,6 +1259,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
|
||||
#include <linux/mutex.h>
|
||||
#include <linux/list.h>
|
||||
#include <linux/syscalls.h>
|
||||
@@ -133,6 +134,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
|
||||
return -EPERM;
|
||||
|
||||
/*
|
||||
|
@ -38,3 +39,6 @@ index a785c1015e25..81d6b404f33c 100644
|
|||
* Verify we have a legal set of flags
|
||||
* This leaves us room for future extensions.
|
||||
*/
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
From c6f081c88ab76d5a40365b94c1f5839e099b2b2b Mon Sep 17 00:00:00 2001
|
||||
From: "sumit.saxena@avagotech.com" <sumit.saxena@avagotech.com>
|
||||
Date: Thu, 15 Oct 2015 13:40:04 +0530
|
||||
Subject: [PATCH] megaraid_sas: Do not use PAGE_SIZE for max_sectors
|
||||
|
||||
Do not use PAGE_SIZE marco to calculate max_sectors per I/O
|
||||
request. Driver code assumes PAGE_SIZE will be always 4096 which can
|
||||
lead to wrongly calculated value if PAGE_SIZE is not 4096. This issue
|
||||
was reported in Ubuntu Bugzilla Bug #1475166.
|
||||
|
||||
Cc: <stable@vger.kernel.org>
|
||||
Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com>
|
||||
Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com>
|
||||
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
|
||||
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
|
||||
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
||||
---
|
||||
drivers/scsi/megaraid/megaraid_sas.h | 2 ++
|
||||
drivers/scsi/megaraid/megaraid_sas_base.c | 2 +-
|
||||
2 files changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/scsi/megaraid/megaraid_sas.h b/drivers/scsi/megaraid/megaraid_sas.h
|
||||
index 20c37541963f..ebf821b94cb6 100644
|
||||
--- a/drivers/scsi/megaraid/megaraid_sas.h
|
||||
+++ b/drivers/scsi/megaraid/megaraid_sas.h
|
||||
@@ -364,6 +364,8 @@ enum MR_EVT_ARGS {
|
||||
MR_EVT_ARGS_GENERIC,
|
||||
};
|
||||
|
||||
+
|
||||
+#define SGE_BUFFER_SIZE 4096
|
||||
/*
|
||||
* define constants for device list query options
|
||||
*/
|
||||
diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
|
||||
index eaa81e552fd2..a9eb10ebc6ed 100644
|
||||
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
|
||||
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
|
||||
@@ -4752,7 +4752,7 @@ static int megasas_init_fw(struct megasas_instance *instance)
|
||||
|
||||
|
||||
instance->max_sectors_per_req = instance->max_num_sge *
|
||||
- PAGE_SIZE / 512;
|
||||
+ SGE_BUFFER_SIZE / 512;
|
||||
if (tmp_sectors && (instance->max_sectors_per_req > tmp_sectors))
|
||||
instance->max_sectors_per_req = tmp_sectors;
|
||||
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
From 567a18f57213647e2c31bbdc7f6b8f9991d22fad Mon Sep 17 00:00:00 2001
|
||||
From: Peter Robinson <pbrobinson@gmail.com>
|
||||
Date: Fri, 13 Nov 2015 19:03:29 +0000
|
||||
Subject: [PATCH] mfd: wm8994: Ensure that the whole MFD is built into a single
|
||||
module
|
||||
|
||||
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
|
||||
---
|
||||
drivers/mfd/Makefile | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/mfd/Makefile b/drivers/mfd/Makefile
|
||||
index a59e3fc..4a767ef 100644
|
||||
--- a/drivers/mfd/Makefile
|
||||
+++ b/drivers/mfd/Makefile
|
||||
@@ -61,7 +61,8 @@ wm8350-objs := wm8350-core.o wm8350-regmap.o wm8350-gpio.o
|
||||
wm8350-objs += wm8350-irq.o
|
||||
obj-$(CONFIG_MFD_WM8350) += wm8350.o
|
||||
obj-$(CONFIG_MFD_WM8350_I2C) += wm8350-i2c.o
|
||||
-obj-$(CONFIG_MFD_WM8994) += wm8994-core.o wm8994-irq.o wm8994-regmap.o
|
||||
+wm8994-objs := wm8994-core.o wm8994-irq.o wm8994-regmap.o
|
||||
+obj-$(CONFIG_MFD_WM8994) += wm8994.o
|
||||
|
||||
obj-$(CONFIG_TPS6105X) += tps6105x.o
|
||||
obj-$(CONFIG_TPS65010) += tps65010.o
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,139 @@
|
|||
From 4da7dc22c91ad2c3144cb1d0d96e9611bc86da47 Mon Sep 17 00:00:00 2001
|
||||
From: Hannes Frederic Sowa <hannes@stressinduktion.org>
|
||||
Date: Mon, 14 Dec 2015 22:03:39 +0100
|
||||
Subject: [PATCH] net: add validation for the socket syscall protocol argument
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
郭永刚 reported that one could simply crash the kernel as root by
|
||||
using a simple program:
|
||||
|
||||
int socket_fd;
|
||||
struct sockaddr_in addr;
|
||||
addr.sin_port = 0;
|
||||
addr.sin_addr.s_addr = INADDR_ANY;
|
||||
addr.sin_family = 10;
|
||||
|
||||
socket_fd = socket(10,3,0x40000000);
|
||||
connect(socket_fd , &addr,16);
|
||||
|
||||
AF_INET, AF_INET6 sockets actually only support 8-bit protocol
|
||||
identifiers. inet_sock's skc_protocol field thus is sized accordingly,
|
||||
thus larger protocol identifiers simply cut off the higher bits and
|
||||
store a zero in the protocol fields.
|
||||
|
||||
This could lead to e.g. NULL function pointer because as a result of
|
||||
the cut off inet_num is zero and we call down to inet_autobind, which
|
||||
is NULL for raw sockets.
|
||||
|
||||
kernel: Call Trace:
|
||||
kernel: [<ffffffff816db90e>] ? inet_autobind+0x2e/0x70
|
||||
kernel: [<ffffffff816db9a4>] inet_dgram_connect+0x54/0x80
|
||||
kernel: [<ffffffff81645069>] SYSC_connect+0xd9/0x110
|
||||
kernel: [<ffffffff810ac51b>] ? ptrace_notify+0x5b/0x80
|
||||
kernel: [<ffffffff810236d8>] ? syscall_trace_enter_phase2+0x108/0x200
|
||||
kernel: [<ffffffff81645e0e>] SyS_connect+0xe/0x10
|
||||
kernel: [<ffffffff81779515>] tracesys_phase2+0x84/0x89
|
||||
|
||||
I found no particular commit which introduced this problem.
|
||||
|
||||
CVE: CVE-2015-8543
|
||||
Cc: Cong Wang <cwang@twopensource.com>
|
||||
Reported-by: 郭永刚 <guoyonggang@360.cn>
|
||||
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
include/net/sock.h | 1 +
|
||||
net/ax25/af_ax25.c | 3 +++
|
||||
net/decnet/af_decnet.c | 3 +++
|
||||
net/ipv4/af_inet.c | 3 +++
|
||||
net/ipv6/af_inet6.c | 3 +++
|
||||
net/irda/af_irda.c | 3 +++
|
||||
6 files changed, 16 insertions(+)
|
||||
|
||||
diff --git a/include/net/sock.h b/include/net/sock.h
|
||||
index 52d27ee924f4..2fa1fc00e8cb 100644
|
||||
--- a/include/net/sock.h
|
||||
+++ b/include/net/sock.h
|
||||
@@ -403,6 +403,7 @@ struct sock {
|
||||
sk_no_check_rx : 1,
|
||||
sk_userlocks : 4,
|
||||
sk_protocol : 8,
|
||||
+#define SK_PROTOCOL_MAX U8_MAX
|
||||
sk_type : 16;
|
||||
kmemcheck_bitfield_end(flags);
|
||||
int sk_wmem_queued;
|
||||
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
|
||||
index ae3a47f9d1d5..fbd0acf80b13 100644
|
||||
--- a/net/ax25/af_ax25.c
|
||||
+++ b/net/ax25/af_ax25.c
|
||||
@@ -805,6 +805,9 @@ static int ax25_create(struct net *net, struct socket *sock, int protocol,
|
||||
struct sock *sk;
|
||||
ax25_cb *ax25;
|
||||
|
||||
+ if (protocol < 0 || protocol > SK_PROTOCOL_MAX)
|
||||
+ return -EINVAL;
|
||||
+
|
||||
if (!net_eq(net, &init_net))
|
||||
return -EAFNOSUPPORT;
|
||||
|
||||
diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
|
||||
index eebf5ac8ce18..13d6b1a6e0fc 100644
|
||||
--- a/net/decnet/af_decnet.c
|
||||
+++ b/net/decnet/af_decnet.c
|
||||
@@ -678,6 +678,9 @@ static int dn_create(struct net *net, struct socket *sock, int protocol,
|
||||
{
|
||||
struct sock *sk;
|
||||
|
||||
+ if (protocol < 0 || protocol > SK_PROTOCOL_MAX)
|
||||
+ return -EINVAL;
|
||||
+
|
||||
if (!net_eq(net, &init_net))
|
||||
return -EAFNOSUPPORT;
|
||||
|
||||
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
|
||||
index 11c4ca13ec3b..5c5db6636704 100644
|
||||
--- a/net/ipv4/af_inet.c
|
||||
+++ b/net/ipv4/af_inet.c
|
||||
@@ -257,6 +257,9 @@ static int inet_create(struct net *net, struct socket *sock, int protocol,
|
||||
int try_loading_module = 0;
|
||||
int err;
|
||||
|
||||
+ if (protocol < 0 || protocol >= IPPROTO_MAX)
|
||||
+ return -EINVAL;
|
||||
+
|
||||
sock->state = SS_UNCONNECTED;
|
||||
|
||||
/* Look for the requested type/protocol pair. */
|
||||
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
|
||||
index 8ec0df75f1c4..9f5137cd604e 100644
|
||||
--- a/net/ipv6/af_inet6.c
|
||||
+++ b/net/ipv6/af_inet6.c
|
||||
@@ -109,6 +109,9 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol,
|
||||
int try_loading_module = 0;
|
||||
int err;
|
||||
|
||||
+ if (protocol < 0 || protocol >= IPPROTO_MAX)
|
||||
+ return -EINVAL;
|
||||
+
|
||||
/* Look for the requested type/protocol pair. */
|
||||
lookup_protocol:
|
||||
err = -ESOCKTNOSUPPORT;
|
||||
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
|
||||
index e6aa48b5395c..923abd6b3064 100644
|
||||
--- a/net/irda/af_irda.c
|
||||
+++ b/net/irda/af_irda.c
|
||||
@@ -1086,6 +1086,9 @@ static int irda_create(struct net *net, struct socket *sock, int protocol,
|
||||
struct sock *sk;
|
||||
struct irda_sock *self;
|
||||
|
||||
+ if (protocol < 0 || protocol > SK_PROTOCOL_MAX)
|
||||
+ return -EINVAL;
|
||||
+
|
||||
if (net != &init_net)
|
||||
return -EAFNOSUPPORT;
|
||||
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,76 @@
|
|||
From patchwork Thu Oct 1 12:39:26 2015
|
||||
Content-Type: text/plain; charset="utf-8"
|
||||
MIME-Version: 1.0
|
||||
Content-Transfer-Encoding: 7bit
|
||||
Subject: [net] inet: fix race in reqsk_queue_unlink()
|
||||
From: Eric Dumazet <eric.dumazet@gmail.com>
|
||||
X-Patchwork-Id: 524966
|
||||
Message-Id: <1443703166.32531.47.camel@edumazet-glaptop2.roam.corp.google.com>
|
||||
To: David Miller <davem@davemloft.net>
|
||||
Cc: netdev <netdev@vger.kernel.org>, Yuchung Cheng <ycheng@google.com>
|
||||
Date: Thu, 01 Oct 2015 05:39:26 -0700
|
||||
|
||||
From: Eric Dumazet <edumazet@google.com>
|
||||
|
||||
reqsk_timer_handler() tests if icsk_accept_queue.listen_opt
|
||||
is NULL at its beginning.
|
||||
|
||||
By the time it calls inet_csk_reqsk_queue_drop() and
|
||||
reqsk_queue_unlink(), listener might have been closed and
|
||||
inet_csk_listen_stop() had called reqsk_queue_yank_acceptq()
|
||||
which sets icsk_accept_queue.listen_opt to NULL
|
||||
|
||||
We therefore need to correctly check listen_opt being NULL
|
||||
after holding syn_wait_lock for proper synchronization.
|
||||
|
||||
Fixes: fa76ce7328b2 ("inet: get rid of central tcp/dccp listener timer")
|
||||
Fixes: b357a364c57c ("inet: fix possible panic in reqsk_queue_unlink()")
|
||||
Signed-off-by: Eric Dumazet <edumazet@google.com>
|
||||
Cc: Yuchung Cheng <ycheng@google.com>
|
||||
---
|
||||
net/ipv4/inet_connection_sock.c | 19 ++++++++++---------
|
||||
1 file changed, 10 insertions(+), 9 deletions(-)
|
||||
|
||||
|
||||
|
||||
--
|
||||
To unsubscribe from this list: send the line "unsubscribe netdev" in
|
||||
the body of a message to majordomo@vger.kernel.org
|
||||
More majordomo info at http://vger.kernel.org/majordomo-info.html
|
||||
|
||||
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
|
||||
index 7bb9c39e0a4d..61b45a17fc73 100644
|
||||
--- a/net/ipv4/inet_connection_sock.c
|
||||
+++ b/net/ipv4/inet_connection_sock.c
|
||||
@@ -577,21 +577,22 @@ EXPORT_SYMBOL(inet_rtx_syn_ack);
|
||||
static bool reqsk_queue_unlink(struct request_sock_queue *queue,
|
||||
struct request_sock *req)
|
||||
{
|
||||
- struct listen_sock *lopt = queue->listen_opt;
|
||||
struct request_sock **prev;
|
||||
+ struct listen_sock *lopt;
|
||||
bool found = false;
|
||||
|
||||
spin_lock(&queue->syn_wait_lock);
|
||||
-
|
||||
- for (prev = &lopt->syn_table[req->rsk_hash]; *prev != NULL;
|
||||
- prev = &(*prev)->dl_next) {
|
||||
- if (*prev == req) {
|
||||
- *prev = req->dl_next;
|
||||
- found = true;
|
||||
- break;
|
||||
+ lopt = queue->listen_opt;
|
||||
+ if (lopt) {
|
||||
+ for (prev = &lopt->syn_table[req->rsk_hash]; *prev != NULL;
|
||||
+ prev = &(*prev)->dl_next) {
|
||||
+ if (*prev == req) {
|
||||
+ *prev = req->dl_next;
|
||||
+ found = true;
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
-
|
||||
spin_unlock(&queue->syn_wait_lock);
|
||||
if (timer_pending(&req->rsk_timer) && del_timer_sync(&req->rsk_timer))
|
||||
reqsk_put(req);
|
|
@ -0,0 +1,481 @@
|
|||
From 55301931f78c0fdbb8f76dfdb3f914e9eef1f273 Mon Sep 17 00:00:00 2001
|
||||
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
Date: Sat, 7 Nov 2015 11:21:47 +0100
|
||||
Subject: [PATCH 1/3] netfilter: ipset: Fix extension alignment
|
||||
|
||||
The data extensions in ipset lacked the proper memory alignment and
|
||||
thus could lead to kernel crash on several architectures. Therefore
|
||||
the structures have been reorganized and alignment attributes added
|
||||
where needed. The patch was tested on armv7h by Gerhard Wiesinger and
|
||||
on x86_64, sparc64 by Jozsef Kadlecsik.
|
||||
|
||||
Reported-by: Gerhard Wiesinger <lists@wiesinger.com>
|
||||
Tested-by: Gerhard Wiesinger <lists@wiesinger.com>
|
||||
Tested-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
---
|
||||
include/linux/netfilter/ipset/ip_set.h | 2 +-
|
||||
net/netfilter/ipset/ip_set_bitmap_gen.h | 17 +++-----
|
||||
net/netfilter/ipset/ip_set_bitmap_ip.c | 14 ++-----
|
||||
net/netfilter/ipset/ip_set_bitmap_ipmac.c | 64 ++++++++++++++-----------------
|
||||
net/netfilter/ipset/ip_set_bitmap_port.c | 18 ++++-----
|
||||
net/netfilter/ipset/ip_set_core.c | 14 ++++---
|
||||
net/netfilter/ipset/ip_set_hash_gen.h | 11 ++++--
|
||||
net/netfilter/ipset/ip_set_list_set.c | 5 ++-
|
||||
8 files changed, 65 insertions(+), 80 deletions(-)
|
||||
|
||||
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h
|
||||
index 48bb01edcf30..0e1f433cc4b7 100644
|
||||
--- a/include/linux/netfilter/ipset/ip_set.h
|
||||
+++ b/include/linux/netfilter/ipset/ip_set.h
|
||||
@@ -421,7 +421,7 @@ extern void ip_set_free(void *members);
|
||||
extern int ip_set_get_ipaddr4(struct nlattr *nla, __be32 *ipaddr);
|
||||
extern int ip_set_get_ipaddr6(struct nlattr *nla, union nf_inet_addr *ipaddr);
|
||||
extern size_t ip_set_elem_len(struct ip_set *set, struct nlattr *tb[],
|
||||
- size_t len);
|
||||
+ size_t len, size_t align);
|
||||
extern int ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[],
|
||||
struct ip_set_ext *ext);
|
||||
|
||||
diff --git a/net/netfilter/ipset/ip_set_bitmap_gen.h b/net/netfilter/ipset/ip_set_bitmap_gen.h
|
||||
index d05e759ed0fa..b0bc475f641e 100644
|
||||
--- a/net/netfilter/ipset/ip_set_bitmap_gen.h
|
||||
+++ b/net/netfilter/ipset/ip_set_bitmap_gen.h
|
||||
@@ -33,7 +33,7 @@
|
||||
#define mtype_gc IPSET_TOKEN(MTYPE, _gc)
|
||||
#define mtype MTYPE
|
||||
|
||||
-#define get_ext(set, map, id) ((map)->extensions + (set)->dsize * (id))
|
||||
+#define get_ext(set, map, id) ((map)->extensions + ((set)->dsize * (id)))
|
||||
|
||||
static void
|
||||
mtype_gc_init(struct ip_set *set, void (*gc)(unsigned long ul_set))
|
||||
@@ -67,12 +67,9 @@ mtype_destroy(struct ip_set *set)
|
||||
del_timer_sync(&map->gc);
|
||||
|
||||
ip_set_free(map->members);
|
||||
- if (set->dsize) {
|
||||
- if (set->extensions & IPSET_EXT_DESTROY)
|
||||
- mtype_ext_cleanup(set);
|
||||
- ip_set_free(map->extensions);
|
||||
- }
|
||||
- kfree(map);
|
||||
+ if (set->dsize && set->extensions & IPSET_EXT_DESTROY)
|
||||
+ mtype_ext_cleanup(set);
|
||||
+ ip_set_free(map);
|
||||
|
||||
set->data = NULL;
|
||||
}
|
||||
@@ -92,16 +89,14 @@ mtype_head(struct ip_set *set, struct sk_buff *skb)
|
||||
{
|
||||
const struct mtype *map = set->data;
|
||||
struct nlattr *nested;
|
||||
+ size_t memsize = sizeof(*map) + map->memsize;
|
||||
|
||||
nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
|
||||
if (!nested)
|
||||
goto nla_put_failure;
|
||||
if (mtype_do_head(skb, map) ||
|
||||
nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) ||
|
||||
- nla_put_net32(skb, IPSET_ATTR_MEMSIZE,
|
||||
- htonl(sizeof(*map) +
|
||||
- map->memsize +
|
||||
- set->dsize * map->elements)))
|
||||
+ nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)))
|
||||
goto nla_put_failure;
|
||||
if (unlikely(ip_set_put_flags(skb, set)))
|
||||
goto nla_put_failure;
|
||||
diff --git a/net/netfilter/ipset/ip_set_bitmap_ip.c b/net/netfilter/ipset/ip_set_bitmap_ip.c
|
||||
index 64a564334418..4783efff0bde 100644
|
||||
--- a/net/netfilter/ipset/ip_set_bitmap_ip.c
|
||||
+++ b/net/netfilter/ipset/ip_set_bitmap_ip.c
|
||||
@@ -41,7 +41,6 @@ MODULE_ALIAS("ip_set_bitmap:ip");
|
||||
/* Type structure */
|
||||
struct bitmap_ip {
|
||||
void *members; /* the set members */
|
||||
- void *extensions; /* data extensions */
|
||||
u32 first_ip; /* host byte order, included in range */
|
||||
u32 last_ip; /* host byte order, included in range */
|
||||
u32 elements; /* number of max elements in the set */
|
||||
@@ -49,6 +48,8 @@ struct bitmap_ip {
|
||||
size_t memsize; /* members size */
|
||||
u8 netmask; /* subnet netmask */
|
||||
struct timer_list gc; /* garbage collection */
|
||||
+ unsigned char extensions[0] /* data extensions */
|
||||
+ __aligned(__alignof__(u64));
|
||||
};
|
||||
|
||||
/* ADT structure for generic function args */
|
||||
@@ -224,13 +225,6 @@ init_map_ip(struct ip_set *set, struct bitmap_ip *map,
|
||||
map->members = ip_set_alloc(map->memsize);
|
||||
if (!map->members)
|
||||
return false;
|
||||
- if (set->dsize) {
|
||||
- map->extensions = ip_set_alloc(set->dsize * elements);
|
||||
- if (!map->extensions) {
|
||||
- kfree(map->members);
|
||||
- return false;
|
||||
- }
|
||||
- }
|
||||
map->first_ip = first_ip;
|
||||
map->last_ip = last_ip;
|
||||
map->elements = elements;
|
||||
@@ -316,13 +310,13 @@ bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
|
||||
pr_debug("hosts %u, elements %llu\n",
|
||||
hosts, (unsigned long long)elements);
|
||||
|
||||
- map = kzalloc(sizeof(*map), GFP_KERNEL);
|
||||
+ set->dsize = ip_set_elem_len(set, tb, 0, 0);
|
||||
+ map = ip_set_alloc(sizeof(*map) + elements * set->dsize);
|
||||
if (!map)
|
||||
return -ENOMEM;
|
||||
|
||||
map->memsize = bitmap_bytes(0, elements - 1);
|
||||
set->variant = &bitmap_ip;
|
||||
- set->dsize = ip_set_elem_len(set, tb, 0);
|
||||
if (!init_map_ip(set, map, first_ip, last_ip,
|
||||
elements, hosts, netmask)) {
|
||||
kfree(map);
|
||||
diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
|
||||
index 1430535118fb..29dde208381d 100644
|
||||
--- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
|
||||
+++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
|
||||
@@ -47,24 +47,26 @@ enum {
|
||||
/* Type structure */
|
||||
struct bitmap_ipmac {
|
||||
void *members; /* the set members */
|
||||
- void *extensions; /* MAC + data extensions */
|
||||
u32 first_ip; /* host byte order, included in range */
|
||||
u32 last_ip; /* host byte order, included in range */
|
||||
u32 elements; /* number of max elements in the set */
|
||||
size_t memsize; /* members size */
|
||||
struct timer_list gc; /* garbage collector */
|
||||
+ unsigned char extensions[0] /* MAC + data extensions */
|
||||
+ __aligned(__alignof__(u64));
|
||||
};
|
||||
|
||||
/* ADT structure for generic function args */
|
||||
struct bitmap_ipmac_adt_elem {
|
||||
+ unsigned char ether[ETH_ALEN] __aligned(2);
|
||||
u16 id;
|
||||
- unsigned char *ether;
|
||||
+ u16 add_mac;
|
||||
};
|
||||
|
||||
struct bitmap_ipmac_elem {
|
||||
unsigned char ether[ETH_ALEN];
|
||||
unsigned char filled;
|
||||
-} __attribute__ ((aligned));
|
||||
+} __aligned(__alignof__(u64));
|
||||
|
||||
static inline u32
|
||||
ip_to_id(const struct bitmap_ipmac *m, u32 ip)
|
||||
@@ -72,11 +74,11 @@ ip_to_id(const struct bitmap_ipmac *m, u32 ip)
|
||||
return ip - m->first_ip;
|
||||
}
|
||||
|
||||
-static inline struct bitmap_ipmac_elem *
|
||||
-get_elem(void *extensions, u16 id, size_t dsize)
|
||||
-{
|
||||
- return (struct bitmap_ipmac_elem *)(extensions + id * dsize);
|
||||
-}
|
||||
+#define get_elem(extensions, id, dsize) \
|
||||
+ (struct bitmap_ipmac_elem *)(extensions + (id) * (dsize))
|
||||
+
|
||||
+#define get_const_elem(extensions, id, dsize) \
|
||||
+ (const struct bitmap_ipmac_elem *)(extensions + (id) * (dsize))
|
||||
|
||||
/* Common functions */
|
||||
|
||||
@@ -88,10 +90,9 @@ bitmap_ipmac_do_test(const struct bitmap_ipmac_adt_elem *e,
|
||||
|
||||
if (!test_bit(e->id, map->members))
|
||||
return 0;
|
||||
- elem = get_elem(map->extensions, e->id, dsize);
|
||||
- if (elem->filled == MAC_FILLED)
|
||||
- return !e->ether ||
|
||||
- ether_addr_equal(e->ether, elem->ether);
|
||||
+ elem = get_const_elem(map->extensions, e->id, dsize);
|
||||
+ if (e->add_mac && elem->filled == MAC_FILLED)
|
||||
+ return ether_addr_equal(e->ether, elem->ether);
|
||||
/* Trigger kernel to fill out the ethernet address */
|
||||
return -EAGAIN;
|
||||
}
|
||||
@@ -103,7 +104,7 @@ bitmap_ipmac_gc_test(u16 id, const struct bitmap_ipmac *map, size_t dsize)
|
||||
|
||||
if (!test_bit(id, map->members))
|
||||
return 0;
|
||||
- elem = get_elem(map->extensions, id, dsize);
|
||||
+ elem = get_const_elem(map->extensions, id, dsize);
|
||||
/* Timer not started for the incomplete elements */
|
||||
return elem->filled == MAC_FILLED;
|
||||
}
|
||||
@@ -133,7 +134,7 @@ bitmap_ipmac_add_timeout(unsigned long *timeout,
|
||||
* and we can reuse it later when MAC is filled out,
|
||||
* possibly by the kernel
|
||||
*/
|
||||
- if (e->ether)
|
||||
+ if (e->add_mac)
|
||||
ip_set_timeout_set(timeout, t);
|
||||
else
|
||||
*timeout = t;
|
||||
@@ -150,7 +151,7 @@ bitmap_ipmac_do_add(const struct bitmap_ipmac_adt_elem *e,
|
||||
elem = get_elem(map->extensions, e->id, dsize);
|
||||
if (test_bit(e->id, map->members)) {
|
||||
if (elem->filled == MAC_FILLED) {
|
||||
- if (e->ether &&
|
||||
+ if (e->add_mac &&
|
||||
(flags & IPSET_FLAG_EXIST) &&
|
||||
!ether_addr_equal(e->ether, elem->ether)) {
|
||||
/* memcpy isn't atomic */
|
||||
@@ -159,7 +160,7 @@ bitmap_ipmac_do_add(const struct bitmap_ipmac_adt_elem *e,
|
||||
ether_addr_copy(elem->ether, e->ether);
|
||||
}
|
||||
return IPSET_ADD_FAILED;
|
||||
- } else if (!e->ether)
|
||||
+ } else if (!e->add_mac)
|
||||
/* Already added without ethernet address */
|
||||
return IPSET_ADD_FAILED;
|
||||
/* Fill the MAC address and trigger the timer activation */
|
||||
@@ -168,7 +169,7 @@ bitmap_ipmac_do_add(const struct bitmap_ipmac_adt_elem *e,
|
||||
ether_addr_copy(elem->ether, e->ether);
|
||||
elem->filled = MAC_FILLED;
|
||||
return IPSET_ADD_START_STORED_TIMEOUT;
|
||||
- } else if (e->ether) {
|
||||
+ } else if (e->add_mac) {
|
||||
/* We can store MAC too */
|
||||
ether_addr_copy(elem->ether, e->ether);
|
||||
elem->filled = MAC_FILLED;
|
||||
@@ -191,7 +192,7 @@ bitmap_ipmac_do_list(struct sk_buff *skb, const struct bitmap_ipmac *map,
|
||||
u32 id, size_t dsize)
|
||||
{
|
||||
const struct bitmap_ipmac_elem *elem =
|
||||
- get_elem(map->extensions, id, dsize);
|
||||
+ get_const_elem(map->extensions, id, dsize);
|
||||
|
||||
return nla_put_ipaddr4(skb, IPSET_ATTR_IP,
|
||||
htonl(map->first_ip + id)) ||
|
||||
@@ -213,7 +214,7 @@ bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb,
|
||||
{
|
||||
struct bitmap_ipmac *map = set->data;
|
||||
ipset_adtfn adtfn = set->variant->adt[adt];
|
||||
- struct bitmap_ipmac_adt_elem e = { .id = 0 };
|
||||
+ struct bitmap_ipmac_adt_elem e = { .id = 0, .add_mac = 1 };
|
||||
struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);
|
||||
u32 ip;
|
||||
|
||||
@@ -231,7 +232,7 @@ bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb,
|
||||
return -EINVAL;
|
||||
|
||||
e.id = ip_to_id(map, ip);
|
||||
- e.ether = eth_hdr(skb)->h_source;
|
||||
+ memcpy(e.ether, eth_hdr(skb)->h_source, ETH_ALEN);
|
||||
|
||||
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
|
||||
}
|
||||
@@ -265,11 +266,10 @@ bitmap_ipmac_uadt(struct ip_set *set, struct nlattr *tb[],
|
||||
return -IPSET_ERR_BITMAP_RANGE;
|
||||
|
||||
e.id = ip_to_id(map, ip);
|
||||
- if (tb[IPSET_ATTR_ETHER])
|
||||
- e.ether = nla_data(tb[IPSET_ATTR_ETHER]);
|
||||
- else
|
||||
- e.ether = NULL;
|
||||
-
|
||||
+ if (tb[IPSET_ATTR_ETHER]) {
|
||||
+ memcpy(e.ether, nla_data(tb[IPSET_ATTR_ETHER]), ETH_ALEN);
|
||||
+ e.add_mac = 1;
|
||||
+ }
|
||||
ret = adtfn(set, &e, &ext, &ext, flags);
|
||||
|
||||
return ip_set_eexist(ret, flags) ? 0 : ret;
|
||||
@@ -300,13 +300,6 @@ init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map,
|
||||
map->members = ip_set_alloc(map->memsize);
|
||||
if (!map->members)
|
||||
return false;
|
||||
- if (set->dsize) {
|
||||
- map->extensions = ip_set_alloc(set->dsize * elements);
|
||||
- if (!map->extensions) {
|
||||
- kfree(map->members);
|
||||
- return false;
|
||||
- }
|
||||
- }
|
||||
map->first_ip = first_ip;
|
||||
map->last_ip = last_ip;
|
||||
map->elements = elements;
|
||||
@@ -361,14 +354,15 @@ bitmap_ipmac_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
|
||||
if (elements > IPSET_BITMAP_MAX_RANGE + 1)
|
||||
return -IPSET_ERR_BITMAP_RANGE_SIZE;
|
||||
|
||||
- map = kzalloc(sizeof(*map), GFP_KERNEL);
|
||||
+ set->dsize = ip_set_elem_len(set, tb,
|
||||
+ sizeof(struct bitmap_ipmac_elem),
|
||||
+ __alignof__(struct bitmap_ipmac_elem));
|
||||
+ map = ip_set_alloc(sizeof(*map) + elements * set->dsize);
|
||||
if (!map)
|
||||
return -ENOMEM;
|
||||
|
||||
map->memsize = bitmap_bytes(0, elements - 1);
|
||||
set->variant = &bitmap_ipmac;
|
||||
- set->dsize = ip_set_elem_len(set, tb,
|
||||
- sizeof(struct bitmap_ipmac_elem));
|
||||
if (!init_map_ipmac(set, map, first_ip, last_ip, elements)) {
|
||||
kfree(map);
|
||||
return -ENOMEM;
|
||||
diff --git a/net/netfilter/ipset/ip_set_bitmap_port.c b/net/netfilter/ipset/ip_set_bitmap_port.c
|
||||
index 5338ccd5da46..7f0c733358a4 100644
|
||||
--- a/net/netfilter/ipset/ip_set_bitmap_port.c
|
||||
+++ b/net/netfilter/ipset/ip_set_bitmap_port.c
|
||||
@@ -35,12 +35,13 @@ MODULE_ALIAS("ip_set_bitmap:port");
|
||||
/* Type structure */
|
||||
struct bitmap_port {
|
||||
void *members; /* the set members */
|
||||
- void *extensions; /* data extensions */
|
||||
u16 first_port; /* host byte order, included in range */
|
||||
u16 last_port; /* host byte order, included in range */
|
||||
u32 elements; /* number of max elements in the set */
|
||||
size_t memsize; /* members size */
|
||||
struct timer_list gc; /* garbage collection */
|
||||
+ unsigned char extensions[0] /* data extensions */
|
||||
+ __aligned(__alignof__(u64));
|
||||
};
|
||||
|
||||
/* ADT structure for generic function args */
|
||||
@@ -209,13 +210,6 @@ init_map_port(struct ip_set *set, struct bitmap_port *map,
|
||||
map->members = ip_set_alloc(map->memsize);
|
||||
if (!map->members)
|
||||
return false;
|
||||
- if (set->dsize) {
|
||||
- map->extensions = ip_set_alloc(set->dsize * map->elements);
|
||||
- if (!map->extensions) {
|
||||
- kfree(map->members);
|
||||
- return false;
|
||||
- }
|
||||
- }
|
||||
map->first_port = first_port;
|
||||
map->last_port = last_port;
|
||||
set->timeout = IPSET_NO_TIMEOUT;
|
||||
@@ -232,6 +226,7 @@ bitmap_port_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
|
||||
{
|
||||
struct bitmap_port *map;
|
||||
u16 first_port, last_port;
|
||||
+ u32 elements;
|
||||
|
||||
if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
|
||||
!ip_set_attr_netorder(tb, IPSET_ATTR_PORT_TO) ||
|
||||
@@ -248,14 +243,15 @@ bitmap_port_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
|
||||
last_port = tmp;
|
||||
}
|
||||
|
||||
- map = kzalloc(sizeof(*map), GFP_KERNEL);
|
||||
+ elements = last_port - first_port + 1;
|
||||
+ set->dsize = ip_set_elem_len(set, tb, 0, 0);
|
||||
+ map = ip_set_alloc(sizeof(*map) + elements * set->dsize);
|
||||
if (!map)
|
||||
return -ENOMEM;
|
||||
|
||||
- map->elements = last_port - first_port + 1;
|
||||
+ map->elements = elements;
|
||||
map->memsize = bitmap_bytes(0, map->elements);
|
||||
set->variant = &bitmap_port;
|
||||
- set->dsize = ip_set_elem_len(set, tb, 0);
|
||||
if (!init_map_port(set, map, first_port, last_port)) {
|
||||
kfree(map);
|
||||
return -ENOMEM;
|
||||
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
|
||||
index 338b4047776f..cab4bc06cddd 100644
|
||||
--- a/net/netfilter/ipset/ip_set_core.c
|
||||
+++ b/net/netfilter/ipset/ip_set_core.c
|
||||
@@ -364,25 +364,27 @@ add_extension(enum ip_set_ext_id id, u32 flags, struct nlattr *tb[])
|
||||
}
|
||||
|
||||
size_t
|
||||
-ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], size_t len)
|
||||
+ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], size_t len,
|
||||
+ size_t align)
|
||||
{
|
||||
enum ip_set_ext_id id;
|
||||
- size_t offset = len;
|
||||
u32 cadt_flags = 0;
|
||||
|
||||
if (tb[IPSET_ATTR_CADT_FLAGS])
|
||||
cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
|
||||
if (cadt_flags & IPSET_FLAG_WITH_FORCEADD)
|
||||
set->flags |= IPSET_CREATE_FLAG_FORCEADD;
|
||||
+ if (!align)
|
||||
+ align = 1;
|
||||
for (id = 0; id < IPSET_EXT_ID_MAX; id++) {
|
||||
if (!add_extension(id, cadt_flags, tb))
|
||||
continue;
|
||||
- offset = ALIGN(offset, ip_set_extensions[id].align);
|
||||
- set->offset[id] = offset;
|
||||
+ len = ALIGN(len, ip_set_extensions[id].align);
|
||||
+ set->offset[id] = len;
|
||||
set->extensions |= ip_set_extensions[id].type;
|
||||
- offset += ip_set_extensions[id].len;
|
||||
+ len += ip_set_extensions[id].len;
|
||||
}
|
||||
- return offset;
|
||||
+ return ALIGN(len, align);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(ip_set_elem_len);
|
||||
|
||||
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
|
||||
index 691b54fcaf2a..4ff22194ce55 100644
|
||||
--- a/net/netfilter/ipset/ip_set_hash_gen.h
|
||||
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
|
||||
@@ -72,8 +72,9 @@ struct hbucket {
|
||||
DECLARE_BITMAP(used, AHASH_MAX_TUNED);
|
||||
u8 size; /* size of the array */
|
||||
u8 pos; /* position of the first free entry */
|
||||
- unsigned char value[0]; /* the array of the values */
|
||||
-} __attribute__ ((aligned));
|
||||
+ unsigned char value[0] /* the array of the values */
|
||||
+ __aligned(__alignof__(u64));
|
||||
+};
|
||||
|
||||
/* The hash table: the table size stored here in order to make resizing easy */
|
||||
struct htable {
|
||||
@@ -1323,12 +1324,14 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
|
||||
#endif
|
||||
set->variant = &IPSET_TOKEN(HTYPE, 4_variant);
|
||||
set->dsize = ip_set_elem_len(set, tb,
|
||||
- sizeof(struct IPSET_TOKEN(HTYPE, 4_elem)));
|
||||
+ sizeof(struct IPSET_TOKEN(HTYPE, 4_elem)),
|
||||
+ __alignof__(struct IPSET_TOKEN(HTYPE, 4_elem)));
|
||||
#ifndef IP_SET_PROTO_UNDEF
|
||||
} else {
|
||||
set->variant = &IPSET_TOKEN(HTYPE, 6_variant);
|
||||
set->dsize = ip_set_elem_len(set, tb,
|
||||
- sizeof(struct IPSET_TOKEN(HTYPE, 6_elem)));
|
||||
+ sizeof(struct IPSET_TOKEN(HTYPE, 6_elem)),
|
||||
+ __alignof__(struct IPSET_TOKEN(HTYPE, 6_elem)));
|
||||
}
|
||||
#endif
|
||||
if (tb[IPSET_ATTR_TIMEOUT]) {
|
||||
diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c
|
||||
index 5a30ce6e8c90..bbede95c9f68 100644
|
||||
--- a/net/netfilter/ipset/ip_set_list_set.c
|
||||
+++ b/net/netfilter/ipset/ip_set_list_set.c
|
||||
@@ -31,7 +31,7 @@ struct set_elem {
|
||||
struct rcu_head rcu;
|
||||
struct list_head list;
|
||||
ip_set_id_t id;
|
||||
-};
|
||||
+} __aligned(__alignof__(u64));
|
||||
|
||||
struct set_adt_elem {
|
||||
ip_set_id_t id;
|
||||
@@ -618,7 +618,8 @@ list_set_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
|
||||
size = IP_SET_LIST_MIN_SIZE;
|
||||
|
||||
set->variant = &set_variant;
|
||||
- set->dsize = ip_set_elem_len(set, tb, sizeof(struct set_elem));
|
||||
+ set->dsize = ip_set_elem_len(set, tb, sizeof(struct set_elem),
|
||||
+ __alignof__(struct set_elem));
|
||||
if (!init_list_set(net, set, size))
|
||||
return -ENOMEM;
|
||||
if (tb[IPSET_ATTR_TIMEOUT]) {
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
From 7210b25e452780f0792e04dd9f84f3a02c582ab7 Mon Sep 17 00:00:00 2001
|
||||
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
Date: Sat, 7 Nov 2015 11:23:34 +0100
|
||||
Subject: [PATCH 2/3] netfilter: ipset: Fix hash:* type expiration
|
||||
|
||||
Incorrect index was used when the data blob was shrinked at expiration,
|
||||
which could lead to falsely expired entries and memory leak when
|
||||
the comment extension was used too.
|
||||
|
||||
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
---
|
||||
net/netfilter/ipset/ip_set_hash_gen.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
|
||||
index 4ff22194ce55..fa4f6374bb73 100644
|
||||
--- a/net/netfilter/ipset/ip_set_hash_gen.h
|
||||
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
|
||||
@@ -523,7 +523,7 @@ mtype_expire(struct ip_set *set, struct htype *h, u8 nets_length, size_t dsize)
|
||||
continue;
|
||||
data = ahash_data(n, j, dsize);
|
||||
memcpy(tmp->value + d * dsize, data, dsize);
|
||||
- set_bit(j, tmp->used);
|
||||
+ set_bit(d, tmp->used);
|
||||
d++;
|
||||
}
|
||||
tmp->pos = d;
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
From 03fdcf282c8fe212efae0d1229fb8594ffe60b17 Mon Sep 17 00:00:00 2001
|
||||
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
Date: Sat, 7 Nov 2015 11:24:51 +0100
|
||||
Subject: [PATCH 3/3] netfilter: ipset: Fix hash type expire: release empty
|
||||
hash bucket block
|
||||
|
||||
When all entries are expired/all slots are empty, release the bucket.
|
||||
|
||||
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
---
|
||||
net/netfilter/ipset/ip_set_hash_gen.h | 13 +++++++++----
|
||||
1 file changed, 9 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
|
||||
index fa4f6374bb73..e5336ab36d67 100644
|
||||
--- a/net/netfilter/ipset/ip_set_hash_gen.h
|
||||
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
|
||||
@@ -476,7 +476,7 @@ static void
|
||||
mtype_expire(struct ip_set *set, struct htype *h, u8 nets_length, size_t dsize)
|
||||
{
|
||||
struct htable *t;
|
||||
- struct hbucket *n;
|
||||
+ struct hbucket *n, *tmp;
|
||||
struct mtype_elem *data;
|
||||
u32 i, j, d;
|
||||
#ifdef IP_SET_HASH_WITH_NETS
|
||||
@@ -511,9 +511,14 @@ mtype_expire(struct ip_set *set, struct htype *h, u8 nets_length, size_t dsize)
|
||||
}
|
||||
}
|
||||
if (d >= AHASH_INIT_SIZE) {
|
||||
- struct hbucket *tmp = kzalloc(sizeof(*tmp) +
|
||||
- (n->size - AHASH_INIT_SIZE) * dsize,
|
||||
- GFP_ATOMIC);
|
||||
+ if (d >= n->size) {
|
||||
+ rcu_assign_pointer(hbucket(t, i), NULL);
|
||||
+ kfree_rcu(n, rcu);
|
||||
+ continue;
|
||||
+ }
|
||||
+ tmp = kzalloc(sizeof(*tmp) +
|
||||
+ (n->size - AHASH_INIT_SIZE) * dsize,
|
||||
+ GFP_ATOMIC);
|
||||
if (!tmp)
|
||||
/* Still try to delete expired elements */
|
||||
continue;
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
From acff81ec2c79492b180fade3c2894425cd35a545 Mon Sep 17 00:00:00 2001
|
||||
From: Miklos Szeredi <miklos@szeredi.hu>
|
||||
Date: Fri, 4 Dec 2015 19:18:48 +0100
|
||||
Subject: [PATCH] ovl: fix permission checking for setattr
|
||||
|
||||
[Al Viro] The bug is in being too enthusiastic about optimizing ->setattr()
|
||||
away - instead of "copy verbatim with metadata" + "chmod/chown/utimes"
|
||||
(with the former being always safe and the latter failing in case of
|
||||
insufficient permissions) it tries to combine these two. Note that copyup
|
||||
itself will have to do ->setattr() anyway; _that_ is where the elevated
|
||||
capabilities are right. Having these two ->setattr() (one to set verbatim
|
||||
copy of metadata, another to do what overlayfs ->setattr() had been asked
|
||||
to do in the first place) combined is where it breaks.
|
||||
|
||||
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
|
||||
Cc: <stable@vger.kernel.org>
|
||||
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
||||
---
|
||||
fs/overlayfs/inode.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
|
||||
index ec0c2a050043..961284936917 100644
|
||||
--- a/fs/overlayfs/inode.c
|
||||
+++ b/fs/overlayfs/inode.c
|
||||
@@ -49,13 +49,13 @@ int ovl_setattr(struct dentry *dentry, struct iattr *attr)
|
||||
if (err)
|
||||
goto out;
|
||||
|
||||
- upperdentry = ovl_dentry_upper(dentry);
|
||||
- if (upperdentry) {
|
||||
+ err = ovl_copy_up(dentry);
|
||||
+ if (!err) {
|
||||
+ upperdentry = ovl_dentry_upper(dentry);
|
||||
+
|
||||
mutex_lock(&upperdentry->d_inode->i_mutex);
|
||||
err = notify_change(upperdentry, attr, NULL);
|
||||
mutex_unlock(&upperdentry->d_inode->i_mutex);
|
||||
- } else {
|
||||
- err = ovl_copy_up_last(dentry, attr, false);
|
||||
}
|
||||
ovl_drop_write(dentry);
|
||||
out:
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
From: Pantelis Antoniou <panto@antoniou-consulting.com>
|
||||
Date: Sat, 15 Sep 2012 12:00:41 +0300
|
||||
Subject: [PATCH] pinctrl: pinctrl-single must be initialized early.
|
||||
|
||||
When using pinctrl-single to handle i2c initialization, it has
|
||||
to be done early. Whether this is the best way to do so, is an
|
||||
exercise left to the reader.
|
||||
---
|
||||
drivers/pinctrl/pinctrl-single.c | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c
|
||||
index 69e84427f913..f21cf4291476 100644
|
||||
--- a/drivers/pinctrl/pinctrl-single.c
|
||||
+++ b/drivers/pinctrl/pinctrl-single.c
|
||||
@@ -2025,7 +2025,17 @@ static struct platform_driver pcs_driver = {
|
||||
#endif
|
||||
};
|
||||
|
||||
-module_platform_driver(pcs_driver);
|
||||
+static int __init pcs_init(void)
|
||||
+{
|
||||
+ return platform_driver_register(&pcs_driver);
|
||||
+}
|
||||
+postcore_initcall(pcs_init);
|
||||
+
|
||||
+static void __exit pcs_exit(void)
|
||||
+{
|
||||
+ platform_driver_unregister(&pcs_driver);
|
||||
+}
|
||||
+module_exit(pcs_exit);
|
||||
|
||||
MODULE_AUTHOR("Tony Lindgren <tony@atomide.com>");
|
||||
MODULE_DESCRIPTION("One-register-per-pin type device tree based pinctrl driver");
|
|
@ -0,0 +1,39 @@
|
|||
From 16c5a158e97d5b1f6c8bf86b006c1349f025d4e0 Mon Sep 17 00:00:00 2001
|
||||
From: WANG Cong <xiyou.wangcong@gmail.com>
|
||||
Date: Mon, 14 Dec 2015 13:48:36 -0800
|
||||
Subject: [PATCH] pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
|
||||
|
||||
Reported-by: Dmitry Vyukov <dvyukov@gmail.com>
|
||||
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
drivers/net/ppp/pptp.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c
|
||||
index fc69e41d0950..597c53e0a2ec 100644
|
||||
--- a/drivers/net/ppp/pptp.c
|
||||
+++ b/drivers/net/ppp/pptp.c
|
||||
@@ -419,6 +419,9 @@ static int pptp_bind(struct socket *sock, struct sockaddr *uservaddr,
|
||||
struct pptp_opt *opt = &po->proto.pptp;
|
||||
int error = 0;
|
||||
|
||||
+ if (sockaddr_len < sizeof(struct sockaddr_pppox))
|
||||
+ return -EINVAL;
|
||||
+
|
||||
lock_sock(sk);
|
||||
|
||||
opt->src_addr = sp->sa_addr.pptp;
|
||||
@@ -440,6 +443,9 @@ static int pptp_connect(struct socket *sock, struct sockaddr *uservaddr,
|
||||
struct flowi4 fl4;
|
||||
int error = 0;
|
||||
|
||||
+ if (sockaddr_len < sizeof(struct sockaddr_pppox))
|
||||
+ return -EINVAL;
|
||||
+
|
||||
if (sp->sa_protocol != PX_PROTO_PPTP)
|
||||
return -EINVAL;
|
||||
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,108 @@
|
|||
From 64a37c8197f4e1c2637cd80326f4649282176369 Mon Sep 17 00:00:00 2001
|
||||
From: Jann Horn <jann@thejh.net>
|
||||
Date: Sat, 26 Dec 2015 03:52:31 +0100
|
||||
Subject: [PATCH] ptrace: being capable wrt a process requires mapped uids/gids
|
||||
|
||||
ptrace_has_cap() checks whether the current process should be
|
||||
treated as having a certain capability for ptrace checks
|
||||
against another process. Until now, this was equivalent to
|
||||
has_ns_capability(current, target_ns, CAP_SYS_PTRACE).
|
||||
|
||||
However, if a root-owned process wants to enter a user
|
||||
namespace for some reason without knowing who owns it and
|
||||
therefore can't change to the namespace owner's uid and gid
|
||||
before entering, as soon as it has entered the namespace,
|
||||
the namespace owner can attach to it via ptrace and thereby
|
||||
gain access to its uid and gid.
|
||||
|
||||
While it is possible for the entering process to switch to
|
||||
the uid of a claimed namespace owner before entering,
|
||||
causing the attempt to enter to fail if the claimed uid is
|
||||
wrong, this doesn't solve the problem of determining an
|
||||
appropriate gid.
|
||||
|
||||
With this change, the entering process can first enter the
|
||||
namespace and then safely inspect the namespace's
|
||||
properties, e.g. through /proc/self/{uid_map,gid_map},
|
||||
assuming that the namespace owner doesn't have access to
|
||||
uid 0.
|
||||
|
||||
Changed in v2: The caller needs to be capable in the
|
||||
namespace into which tcred's uids/gids can be mapped.
|
||||
|
||||
Signed-off-by: Jann Horn <jann@thejh.net>
|
||||
---
|
||||
kernel/ptrace.c | 33 ++++++++++++++++++++++++++++-----
|
||||
1 file changed, 28 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
|
||||
index 787320de68e0..407c382b45c8 100644
|
||||
--- a/kernel/ptrace.c
|
||||
+++ b/kernel/ptrace.c
|
||||
@@ -20,6 +20,7 @@
|
||||
#include <linux/uio.h>
|
||||
#include <linux/audit.h>
|
||||
#include <linux/pid_namespace.h>
|
||||
+#include <linux/user_namespace.h>
|
||||
#include <linux/syscalls.h>
|
||||
#include <linux/uaccess.h>
|
||||
#include <linux/regset.h>
|
||||
@@ -207,12 +208,34 @@ static int ptrace_check_attach(struct task_struct *child, bool ignore_state)
|
||||
return ret;
|
||||
}
|
||||
|
||||
-static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode)
|
||||
+static bool ptrace_has_cap(const struct cred *tcred, unsigned int mode)
|
||||
{
|
||||
+ struct user_namespace *tns = tcred->user_ns;
|
||||
+
|
||||
+ /* When a root-owned process enters a user namespace created by a
|
||||
+ * malicious user, the user shouldn't be able to execute code under
|
||||
+ * uid 0 by attaching to the root-owned process via ptrace.
|
||||
+ * Therefore, similar to the capable_wrt_inode_uidgid() check,
|
||||
+ * verify that all the uids and gids of the target process are
|
||||
+ * mapped into a namespace below the current one in which the caller
|
||||
+ * is capable.
|
||||
+ * No fsuid/fsgid check because __ptrace_may_access doesn't do it
|
||||
+ * either.
|
||||
+ */
|
||||
+ while (
|
||||
+ !kuid_has_mapping(tns, tcred->euid) ||
|
||||
+ !kuid_has_mapping(tns, tcred->suid) ||
|
||||
+ !kuid_has_mapping(tns, tcred->uid) ||
|
||||
+ !kgid_has_mapping(tns, tcred->egid) ||
|
||||
+ !kgid_has_mapping(tns, tcred->sgid) ||
|
||||
+ !kgid_has_mapping(tns, tcred->gid)) {
|
||||
+ tns = tns->parent;
|
||||
+ }
|
||||
+
|
||||
if (mode & PTRACE_MODE_NOAUDIT)
|
||||
- return has_ns_capability_noaudit(current, ns, CAP_SYS_PTRACE);
|
||||
+ return has_ns_capability_noaudit(current, tns, CAP_SYS_PTRACE);
|
||||
else
|
||||
- return has_ns_capability(current, ns, CAP_SYS_PTRACE);
|
||||
+ return has_ns_capability(current, tns, CAP_SYS_PTRACE);
|
||||
}
|
||||
|
||||
/* Returns 0 on success, -errno on denial. */
|
||||
@@ -241,7 +264,7 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
|
||||
gid_eq(cred->gid, tcred->sgid) &&
|
||||
gid_eq(cred->gid, tcred->gid))
|
||||
goto ok;
|
||||
- if (ptrace_has_cap(tcred->user_ns, mode))
|
||||
+ if (ptrace_has_cap(tcred, mode))
|
||||
goto ok;
|
||||
rcu_read_unlock();
|
||||
return -EPERM;
|
||||
@@ -252,7 +275,7 @@ ok:
|
||||
dumpable = get_dumpable(task->mm);
|
||||
rcu_read_lock();
|
||||
if (dumpable != SUID_DUMP_USER &&
|
||||
- !ptrace_has_cap(__task_cred(task)->user_ns, mode)) {
|
||||
+ !ptrace_has_cap(__task_cred(task), mode)) {
|
||||
rcu_read_unlock();
|
||||
return -EPERM;
|
||||
}
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
From d702ffd4d1df73b9c620af1654af42ff5b8d5c09 Fri Sep 18 19:09:07 2015
|
||||
From: Luis de Bethencourt <luis@debethencourt.com>
|
||||
Date: Fri Sep 18 19:09:07 2015 +0200
|
||||
|
||||
regulator: anatop: Fix module autoload for OF platform driver
|
||||
|
||||
This platform driver has a OF device ID table but the OF module
|
||||
alias information is not created so module autoloading won't work.
|
||||
|
||||
Signed-off-by: Luis de Bethencourt <luisbg@osg.samsung.com>
|
||||
Signed-off-by: Mark Brown <broonie@kernel.org>
|
||||
|
||||
diff --git a/drivers/regulator/anatop-regulator.c b/drivers/regulator/anatop-regulator.c
|
||||
index 738adfa..52ea605 100644
|
||||
--- a/drivers/regulator/anatop-regulator.c
|
||||
+++ b/drivers/regulator/anatop-regulator.c
|
||||
@@ -318,6 +318,7 @@ static const struct of_device_id of_anatop_regulator_match_tbl[] = {
|
||||
{ .compatible = "fsl,anatop-regulator", },
|
||||
{ /* end */ }
|
||||
};
|
||||
+MODULE_DEVICE_TABLE(of, of_anatop_regulator_match_tbl);
|
||||
|
||||
static struct platform_driver anatop_regulator_driver = {
|
||||
.driver = {
|
|
@ -1,61 +0,0 @@
|
|||
From 3a83eda52f34b97168b70098ef0e34dbcaeaaf8f Mon Sep 17 00:00:00 2001
|
||||
From: Vishnu Pratap Singh <vishnu.ps@samsung.com>
|
||||
Date: Tue, 25 Aug 2015 00:04:44 +0000
|
||||
Subject: lib/show_mem.c: correct reserved memory calculation
|
||||
|
||||
CMA reserved memory is not part of total reserved memory.
|
||||
Currently when we print the total reserve memory it considers
|
||||
cma as part of reserve memory and do minus of totalcma_pages
|
||||
from reserved, which is wrong. In cases where total reserved
|
||||
is less than cma reserved we will get negative values & while
|
||||
printing we print as unsigned and we will get a very large value.
|
||||
|
||||
Below is the show mem output on X86 ubuntu based system where
|
||||
CMA reserved is 100MB (25600 pages) & total reserved is ~40MB(10316 pages).
|
||||
And reserve memory shows a large value because of this bug.
|
||||
|
||||
Before:
|
||||
[ 127.066430] 898908 pages RAM
|
||||
[ 127.066432] 671682 pages HighMem/MovableOnly
|
||||
[ 127.066434] 4294952012 pages reserved
|
||||
[ 127.066436] 25600 pages cma reserved
|
||||
|
||||
After:
|
||||
[ 44.663129] 898908 pages RAM
|
||||
[ 44.663130] 671682 pages HighMem/MovableOnly
|
||||
[ 44.663130] 10316 pages reserved
|
||||
[ 44.663131] 25600 pages cma reserved
|
||||
|
||||
Signed-off-by: Vishnu Pratap Singh <vishnu.ps@samsung.com>
|
||||
Cc: Michal Nazarewicz <mina86@mina86.com>
|
||||
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
|
||||
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
|
||||
Cc: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
|
||||
Cc: Sasha Levin <sasha.levin@oracle.com>
|
||||
Cc: Danesh Petigara <dpetigara@broadcom.com>
|
||||
Cc: Laura Abbott <lauraa@codeaurora.org>
|
||||
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
|
||||
---
|
||||
lib/show_mem.c | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/lib/show_mem.c b/lib/show_mem.c
|
||||
index adc98e18..1feed6a 100644
|
||||
--- a/lib/show_mem.c
|
||||
+++ b/lib/show_mem.c
|
||||
@@ -38,11 +38,9 @@ void show_mem(unsigned int filter)
|
||||
|
||||
printk("%lu pages RAM\n", total);
|
||||
printk("%lu pages HighMem/MovableOnly\n", highmem);
|
||||
+ printk("%lu pages reserved\n", reserved);
|
||||
#ifdef CONFIG_CMA
|
||||
- printk("%lu pages reserved\n", (reserved - totalcma_pages));
|
||||
printk("%lu pages cma reserved\n", totalcma_pages);
|
||||
-#else
|
||||
- printk("%lu pages reserved\n", reserved);
|
||||
#endif
|
||||
#ifdef CONFIG_QUICKLIST
|
||||
printk("%lu pages in pagetable cache\n",
|
||||
--
|
||||
cgit v0.11.2
|
||||
|
6
sources
6
sources
|
@ -1,3 +1,3 @@
|
|||
3d5ea06d767e2f35c999eeadafc76523 linux-4.2.tar.xz
|
||||
4c964bfba54d65b5b54cc898baddecad perf-man-4.2.tar.gz
|
||||
19e47863ca441b2e11f90f25fb6c41ec patch-4.2.5.xz
|
||||
58b35794eee3b6d52ce7be39357801e7 linux-4.3.tar.xz
|
||||
7c516c9528b9f9aac0136944b0200b7e perf-man-4.3.tar.gz
|
||||
d3235b3640ae6ac1ab579171943fda4b patch-4.3.3.xz
|
||||
|
|
|
@ -0,0 +1,49 @@
|
|||
From 2ea39fc263c6a7589e15edb7d2d1c89fa569be53 Mon Sep 17 00:00:00 2001
|
||||
From: Vladis Dronov <vdronov@redhat.com>
|
||||
Date: Mon, 16 Nov 2015 15:55:11 -0200
|
||||
Subject: [PATCH] usbvision: fix crash on detecting device with invalid
|
||||
configuration
|
||||
|
||||
The usbvision driver crashes when a specially crafted usb device with invalid
|
||||
number of interfaces or endpoints is detected. This fix adds checks that the
|
||||
device has proper configuration expected by the driver.
|
||||
|
||||
Reported-by: Ralf Spenneberg <ralf@spenneberg.net>
|
||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
|
||||
---
|
||||
drivers/media/usb/usbvision/usbvision-video.c | 16 +++++++++++++++-
|
||||
1 file changed, 15 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/media/usb/usbvision/usbvision-video.c b/drivers/media/usb/usbvision/usbvision-video.c
|
||||
index b693206f66dd..d1dc1a198e3e 100644
|
||||
--- a/drivers/media/usb/usbvision/usbvision-video.c
|
||||
+++ b/drivers/media/usb/usbvision/usbvision-video.c
|
||||
@@ -1463,9 +1463,23 @@ static int usbvision_probe(struct usb_interface *intf,
|
||||
|
||||
if (usbvision_device_data[model].interface >= 0)
|
||||
interface = &dev->actconfig->interface[usbvision_device_data[model].interface]->altsetting[0];
|
||||
- else
|
||||
+ else if (ifnum < dev->actconfig->desc.bNumInterfaces)
|
||||
interface = &dev->actconfig->interface[ifnum]->altsetting[0];
|
||||
+ else {
|
||||
+ dev_err(&intf->dev, "interface %d is invalid, max is %d\n",
|
||||
+ ifnum, dev->actconfig->desc.bNumInterfaces - 1);
|
||||
+ ret = -ENODEV;
|
||||
+ goto err_usb;
|
||||
+ }
|
||||
+
|
||||
+ if (interface->desc.bNumEndpoints < 2) {
|
||||
+ dev_err(&intf->dev, "interface %d has %d endpoints, but must"
|
||||
+ " have minimum 2\n", ifnum, interface->desc.bNumEndpoints);
|
||||
+ ret = -ENODEV;
|
||||
+ goto err_usb;
|
||||
+ }
|
||||
endpoint = &interface->endpoint[1].desc;
|
||||
+
|
||||
if (!usb_endpoint_xfer_isoc(endpoint)) {
|
||||
dev_err(&intf->dev, "%s: interface %d. has non-ISO endpoint!\n",
|
||||
__func__, ifnum);
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,110 @@
|
|||
From 14588dfe2e411056df5ba85ef88ad51730a2fa0a Mon Sep 17 00:00:00 2001
|
||||
From: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
Date: Sat, 15 Aug 2015 20:27:13 -0500
|
||||
Subject: [PATCH 2/2] vfs: Test for and handle paths that are unreachable from
|
||||
their mnt_root
|
||||
|
||||
commit 397d425dc26da728396e66d392d5dcb8dac30c37 upstream.
|
||||
|
||||
In rare cases a directory can be renamed out from under a bind mount.
|
||||
In those cases without special handling it becomes possible to walk up
|
||||
the directory tree to the root dentry of the filesystem and down
|
||||
from the root dentry to every other file or directory on the filesystem.
|
||||
|
||||
Like division by zero .. from an unconnected path can not be given
|
||||
a useful semantic as there is no predicting at which path component
|
||||
the code will realize it is unconnected. We certainly can not match
|
||||
the current behavior as the current behavior is a security hole.
|
||||
|
||||
Therefore when encounting .. when following an unconnected path
|
||||
return -ENOENT.
|
||||
|
||||
- Add a function path_connected to verify path->dentry is reachable
|
||||
from path->mnt.mnt_root. AKA to validate that rename did not do
|
||||
something nasty to the bind mount.
|
||||
|
||||
To avoid races path_connected must be called after following a path
|
||||
component to it's next path component.
|
||||
|
||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
||||
---
|
||||
fs/namei.c | 27 +++++++++++++++++++++++++--
|
||||
1 file changed, 25 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/fs/namei.c b/fs/namei.c
|
||||
index 1c2105ed20c5..29b927938b8c 100644
|
||||
--- a/fs/namei.c
|
||||
+++ b/fs/namei.c
|
||||
@@ -560,6 +560,24 @@ static int __nd_alloc_stack(struct nameidata *nd)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+/**
|
||||
+ * path_connected - Verify that a path->dentry is below path->mnt.mnt_root
|
||||
+ * @path: nameidate to verify
|
||||
+ *
|
||||
+ * Rename can sometimes move a file or directory outside of a bind
|
||||
+ * mount, path_connected allows those cases to be detected.
|
||||
+ */
|
||||
+static bool path_connected(const struct path *path)
|
||||
+{
|
||||
+ struct vfsmount *mnt = path->mnt;
|
||||
+
|
||||
+ /* Only bind mounts can have disconnected paths */
|
||||
+ if (mnt->mnt_root == mnt->mnt_sb->s_root)
|
||||
+ return true;
|
||||
+
|
||||
+ return is_subdir(path->dentry, mnt->mnt_root);
|
||||
+}
|
||||
+
|
||||
static inline int nd_alloc_stack(struct nameidata *nd)
|
||||
{
|
||||
if (likely(nd->depth != EMBEDDED_LEVELS))
|
||||
@@ -1296,6 +1314,8 @@ static int follow_dotdot_rcu(struct nameidata *nd)
|
||||
return -ECHILD;
|
||||
nd->path.dentry = parent;
|
||||
nd->seq = seq;
|
||||
+ if (unlikely(!path_connected(&nd->path)))
|
||||
+ return -ENOENT;
|
||||
break;
|
||||
} else {
|
||||
struct mount *mnt = real_mount(nd->path.mnt);
|
||||
@@ -1396,7 +1416,7 @@ static void follow_mount(struct path *path)
|
||||
}
|
||||
}
|
||||
|
||||
-static void follow_dotdot(struct nameidata *nd)
|
||||
+static int follow_dotdot(struct nameidata *nd)
|
||||
{
|
||||
if (!nd->root.mnt)
|
||||
set_root(nd);
|
||||
@@ -1412,6 +1432,8 @@ static void follow_dotdot(struct nameidata *nd)
|
||||
/* rare case of legitimate dget_parent()... */
|
||||
nd->path.dentry = dget_parent(nd->path.dentry);
|
||||
dput(old);
|
||||
+ if (unlikely(!path_connected(&nd->path)))
|
||||
+ return -ENOENT;
|
||||
break;
|
||||
}
|
||||
if (!follow_up(&nd->path))
|
||||
@@ -1419,6 +1441,7 @@ static void follow_dotdot(struct nameidata *nd)
|
||||
}
|
||||
follow_mount(&nd->path);
|
||||
nd->inode = nd->path.dentry->d_inode;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1634,7 +1657,7 @@ static inline int handle_dots(struct nameidata *nd, int type)
|
||||
if (nd->flags & LOOKUP_RCU) {
|
||||
return follow_dotdot_rcu(nd);
|
||||
} else
|
||||
- follow_dotdot(nd);
|
||||
+ return follow_dotdot(nd);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
From 5780068e17af44a98d432d31448bb18a99ce64dc Mon Sep 17 00:00:00 2001
|
||||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Tue, 15 Dec 2015 15:12:43 +0000
|
||||
Subject: [PATCH] vrf: Fix memory leak on registration failure in vrf_newlink()
|
||||
|
||||
The backported version of commit 7f109f7cc371 ("vrf: fix double free
|
||||
and memory corruption on register_netdevice failure") incorrectly
|
||||
removed a kfree() from the failure path as well as the free_netdev().
|
||||
Add that back.
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
drivers/net/vrf.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
|
||||
index c9e309c..6c25fd0 100644
|
||||
--- a/drivers/net/vrf.c
|
||||
+++ b/drivers/net/vrf.c
|
||||
@@ -581,6 +581,7 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev,
|
||||
{
|
||||
struct net_vrf *vrf = netdev_priv(dev);
|
||||
struct net_vrf_dev *vrf_ptr;
|
||||
+ int err;
|
||||
|
||||
if (!data || !data[IFLA_VRF_TABLE])
|
||||
return -EINVAL;
|
||||
@@ -598,7 +599,10 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev,
|
||||
|
||||
rcu_assign_pointer(dev->vrf_ptr, vrf_ptr);
|
||||
|
||||
- return register_netdev(dev);
|
||||
+ err = register_netdev(dev);
|
||||
+ if (err)
|
||||
+ kfree(vrf_ptr);
|
||||
+ return err;
|
||||
}
|
||||
|
||||
static size_t vrf_nl_getsize(const struct net_device *dev)
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -1,6 +1,8 @@
|
|||
From 7a3cdd26e6d38031338a6cb591ec2f3faaa9234b Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Thu, 8 Mar 2012 10:35:59 -0500
|
||||
Subject: [PATCH] x86: Lock down IO port access when module security is enabled
|
||||
Subject: [PATCH 03/20] x86: Lock down IO port access when module security is
|
||||
enabled
|
||||
|
||||
IO port access would permit users to gain access to PCI configuration
|
||||
registers, which in turn (on a lot of hardware) give access to MMIO register
|
||||
|
@ -65,3 +67,6 @@ index 6b1721f978c2..53fe675f9bd7 100644
|
|||
if (!access_ok(VERIFY_READ, buf, count))
|
||||
return -EFAULT;
|
||||
while (count-- > 0 && i < 65536) {
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
From c076ed5eed97cba612d7efec41359815c5547f4c Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Fri, 8 Feb 2013 11:12:13 -0800
|
||||
Subject: [PATCH] x86: Restrict MSR access when module loading is restricted
|
||||
Subject: [PATCH 09/20] x86: Restrict MSR access when module loading is
|
||||
restricted
|
||||
|
||||
Writing to MSRs should not be allowed if module loading is restricted,
|
||||
since it could lead to execution of arbitrary code in kernel mode. Based
|
||||
|
@ -37,3 +39,6 @@ index 113e70784854..26c2f83fc470 100644
|
|||
if (copy_from_user(®s, uregs, sizeof regs)) {
|
||||
err = -EFAULT;
|
||||
break;
|
||||
--
|
||||
2.4.3
|
||||
|
||||
|
|
Loading…
Reference in New Issue