rpms
/
kernel
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Linux v4.16.7

This commit is contained in:
Jeremy Cline 2018-05-01 18:58:33 -04:00
parent 9be75b8abe
commit 4cb1c26d72
No known key found for this signature in database
GPG Key ID: 9223308FA9B246DB
7 changed files with 168 additions and 260 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
0001-Temporarily-work-around-gcc-aliasing-warning-error.patch
View File

@ -1,27 +0,0 @@
From 991b5e95d4fe7778c8f5e7d7f478d01134d51ca7 Mon Sep 17 00:00:00 2001
From: Laura Abbott <labbott@redhat.com>
Date: Wed, 14 Mar 2018 14:20:02 -0700
Subject: [PATCH] Temporarily work around gcc aliasing warning/error
Signed-off-by: Laura Abbott <labbott@redhat.com>
---
tools/lib/str_error_r.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/lib/str_error_r.c b/tools/lib/str_error_r.c
index d6d65537b0d9..c0ede4f6adae 100644
--- a/tools/lib/str_error_r.c
+++ b/tools/lib/str_error_r.c
@@ -21,7 +21,8 @@
char *str_error_r(int errnum, char *buf, size_t buflen)
{
int err = strerror_r(errnum, buf, buflen);
+ void *temp = buf;
if (err)
- snprintf(buf, buflen, "INTERNAL ERROR: strerror_r(%d, %p, %zd)=%d", errnum, buf, buflen, err);
+ snprintf(buf, buflen, "INTERNAL ERROR: strerror_r(%d, %p, %zd)=%d", errnum, temp, buflen, err);
return buf;
}
--
2.16.2

66
Revert-random-fix-crng_ready-test.patch
View File

@ -1,66 +0,0 @@
From ee203f9d1d02d7c3f1204a057517a632002edb7b Mon Sep 17 00:00:00 2001
From: Jeremy Cline <jeremy@jcline.org>
Date: Tue, 1 May 2018 14:32:05 -0400
Subject: [PATCH] Revert "random: fix crng_ready() test"
This reverts commit cd8d7a5778a4abf76ee8fe8f1bfcf78976029f8d.
This is a short-term solution to rhbz 1572944.
Signed-off-by: Jeremy Cline <jeremy@jcline.org>
---
drivers/char/random.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 38729baed6ee..7670e81bb0b9 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -427,7 +427,7 @@ struct crng_state primary_crng = {
* its value (from 0->1->2).
*/
static int crng_init = 0;
-#define crng_ready() (likely(crng_init > 1))
+#define crng_ready() (likely(crng_init > 0))
static int crng_init_cnt = 0;
static unsigned long crng_global_init_time = 0;
#define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE)
@@ -798,7 +798,7 @@ static int crng_fast_load(const char *cp, size_t len)
if (!spin_trylock_irqsave(&primary_crng.lock, flags))
return 0;
- if (crng_init != 0) {
+ if (crng_ready()) {
spin_unlock_irqrestore(&primary_crng.lock, flags);
return 0;
}
@@ -905,7 +905,7 @@ static void _extract_crng(struct crng_state *crng,
{
unsigned long v, flags;
- if (crng_ready() &&
+ if (crng_init > 1 &&
(time_after(crng_global_init_time, crng->init_time) ||
time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL)))
crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);
@@ -1190,7 +1190,7 @@ void add_interrupt_randomness(int irq, int irq_flags)
fast_mix(fast_pool);
add_interrupt_bench(cycles);
- if (unlikely(crng_init == 0)) {
+ if (!crng_ready()) {
if ((fast_pool->count >= 64) &&
crng_fast_load((char *) fast_pool->pool,
sizeof(fast_pool->pool))) {
@@ -2272,7 +2272,7 @@ void add_hwgenerator_randomness(const char *buffer, size_t count,
{
struct entropy_store *poolp = &input_pool;
- if (unlikely(crng_init == 0)) {
+ if (!crng_ready()) {
crng_fast_load(buffer, count);
return;
}
--
2.17.0

160
Revert-the-random-series-for-4.16.4.patch Normal file
View File

@ -0,0 +1,160 @@
From 5744a0927df22f46e4b7f134b3dfb405fdfcf6ce Mon Sep 17 00:00:00 2001
From: Jeremy Cline <jeremy@jcline.org>
Date: Wed, 2 May 2018 15:16:29 -0400
Subject: [PATCH 1/2] Revert "random: use a different mixing algorithm for
add_device_randomness()"
This reverts commit 89b59f050347d376c2ace8b1ceb908a218cfdc2e.
Signed-off-by: Jeremy Cline <jeremy@jcline.org>
---
drivers/char/random.c | 55 ++++---------------------------------------
1 file changed, 4 insertions(+), 51 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 8f4e11842c60..aa5b04af86c6 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -831,10 +831,6 @@ static void numa_crng_init(void)
static void numa_crng_init(void) {}
#endif
-/*
- * crng_fast_load() can be called by code in the interrupt service
- * path. So we can't afford to dilly-dally.
- */
static int crng_fast_load(const char *cp, size_t len)
{
unsigned long flags;
@@ -861,51 +857,6 @@ static int crng_fast_load(const char *cp, size_t len)
return 1;
}
-/*
- * crng_slow_load() is called by add_device_randomness, which has two
- * attributes. (1) We can't trust the buffer passed to it is
- * guaranteed to be unpredictable (so it might not have any entropy at
- * all), and (2) it doesn't have the performance constraints of
- * crng_fast_load().
- *
- * So we do something more comprehensive which is guaranteed to touch
- * all of the primary_crng's state, and which uses a LFSR with a
- * period of 255 as part of the mixing algorithm. Finally, we do
- * *not* advance crng_init_cnt since buffer we may get may be something
- * like a fixed DMI table (for example), which might very well be
- * unique to the machine, but is otherwise unvarying.
- */
-static int crng_slow_load(const char *cp, size_t len)
-{
- unsigned long flags;
- static unsigned char lfsr = 1;
- unsigned char tmp;
- unsigned i, max = CHACHA20_KEY_SIZE;
- const char * src_buf = cp;
- char * dest_buf = (char *) &primary_crng.state[4];
-
- if (!spin_trylock_irqsave(&primary_crng.lock, flags))
- return 0;
- if (crng_init != 0) {
- spin_unlock_irqrestore(&primary_crng.lock, flags);
- return 0;
- }
- if (len > max)
- max = len;
-
- for (i = 0; i < max ; i++) {
- tmp = lfsr;
- lfsr >>= 1;
- if (tmp & 1)
- lfsr ^= 0xE1;
- tmp = dest_buf[i % CHACHA20_KEY_SIZE];
- dest_buf[i % CHACHA20_KEY_SIZE] ^= src_buf[i % len] ^ lfsr;
- lfsr += (tmp << 3) | (tmp >> 5);
- }
- spin_unlock_irqrestore(&primary_crng.lock, flags);
- return 1;
-}
-
static void crng_reseed(struct crng_state *crng, struct entropy_store *r)
{
unsigned long flags;
@@ -1089,8 +1040,10 @@ void add_device_randomness(const void *buf, unsigned int size)
unsigned long time = random_get_entropy() ^ jiffies;
unsigned long flags;
- if (!crng_ready() && size)
- crng_slow_load(buf, size);
+ if (!crng_ready()) {
+ crng_fast_load(buf, size);
+ return;
+ }
trace_add_device_randomness(size, _RET_IP_);
spin_lock_irqsave(&input_pool.lock, flags);
--
2.17.0
From e1b1b5b62740b0e6ea8258a4eb81b2a336538fed Mon Sep 17 00:00:00 2001
From: Jeremy Cline <jeremy@jcline.org>
Date: Wed, 2 May 2018 15:18:03 -0400
Subject: [PATCH 2/2] Revert "random: fix crng_ready() test"
This reverts commit cd8d7a5778a4abf76ee8fe8f1bfcf78976029f8d.
Signed-off-by: Jeremy Cline <jeremy@jcline.org>
---
drivers/char/random.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index aa5b04af86c6..ef05cc685b74 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -428,7 +428,7 @@ struct crng_state primary_crng = {
* its value (from 0->1->2).
*/
static int crng_init = 0;
-#define crng_ready() (likely(crng_init > 1))
+#define crng_ready() (likely(crng_init > 0))
static int crng_init_cnt = 0;
static unsigned long crng_global_init_time = 0;
#define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE)
@@ -838,7 +838,7 @@ static int crng_fast_load(const char *cp, size_t len)
if (!spin_trylock_irqsave(&primary_crng.lock, flags))
return 0;
- if (crng_init != 0) {
+ if (crng_ready()) {
spin_unlock_irqrestore(&primary_crng.lock, flags);
return 0;
}
@@ -913,7 +913,7 @@ static void _extract_crng(struct crng_state *crng,
{
unsigned long v, flags;
- if (crng_ready() &&
+ if (crng_init > 1 &&
(time_after(crng_global_init_time, crng->init_time) ||
time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL)))
crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);
@@ -1200,7 +1200,7 @@ void add_interrupt_randomness(int irq, int irq_flags)
fast_mix(fast_pool);
add_interrupt_bench(cycles);
- if (unlikely(crng_init == 0)) {
+ if (!crng_ready()) {
if ((fast_pool->count >= 64) &&
crng_fast_load((char *) fast_pool->pool,
sizeof(fast_pool->pool))) {
@@ -2269,7 +2269,7 @@ void add_hwgenerator_randomness(const char *buffer, size_t count,
{
struct entropy_store *poolp = &input_pool;
- if (unlikely(crng_init == 0)) {
+ if (!crng_ready()) {
crng_fast_load(buffer, count);
return;
}
--
2.17.0

16
kernel.spec
View File

@ -42,7 +42,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
#
%global baserelease 101
%global baserelease 100
%global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching
@ -54,7 +54,7 @@ Summary: The Linux kernel
%if 0%{?released_kernel}
# Do we have a -stable update to apply?
%define stable_update 6
%define stable_update 7
# Set rpm version accordingly
%if 0%{?stable_update}
%define stablerev %{stable_update}
@ -494,9 +494,6 @@ Patch001: kbuild-AFTER_LINK.patch
# ongoing complaint, full discussion delayed until ksummit/plumbers
Patch002: 0001-iio-Use-event-header-from-kernel-tree.patch
# gcc -Werror=aliasing workaround
Patch003: 0001-Temporarily-work-around-gcc-aliasing-warning-error.patch
%if !%{nopatches}
# Git trees.
@ -646,14 +643,11 @@ Patch503: v3-2-2-Input-synaptics---Lenovo-X1-Carbon-5-should-use-SMBUS-RMI.patch
# rhbz 1549316
Patch504: ipmi-fixes.patch
# rhbz 1565131
Patch507: xhci-Fix-Kernel-oops-in-xhci-dbgtty.patch
# rhbz 1514836
Patch508: Bluetooth-btusb-autosuspend-XPS-13-9360-fixes.patch
# rhbz 1572944
Patch509: Revert-random-fix-crng_ready-test.patch
Patch509: Revert-the-random-series-for-4.16.4.patch
# END OF PATCH DEFINITIONS
@ -1927,6 +1921,10 @@ fi
#
#
%changelog
* Wed May 02 2018 Jeremy Cline <jeremy@jcline.org> - 4.16.7-100
- Linux v4.16.7
- Revert a second patch related to CVE-2018-1108 4.16.4 (rhbz 1572944)
* Tue May 01 2018 Jeremy Cline <jeremy@jcline.org> - 4.16.6-101
- Revert the fix for CVE-2018-1108 (rhbz 1572944)

62
mvebu-a37xx-fixes.patch
View File

@ -1,65 +1,3 @@
From patchwork Sun Apr 22 12:33:46 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: serial: mvebu-uart: Fix local flags handling on termios update
From: Marc Zyngier <Marc.Zyngier@arm.com>
X-Patchwork-Id: 10354521
Message-Id: <20180422123346.15538-1-marc.zyngier@arm.com>
To: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org
Cc: Gregory CLEMENT <gregory.clement@free-electrons.com>,
Allen Yan <yanwei@marvell.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Miquel Raynal <miquel.raynal@free-electrons.com>
Date: Sun, 22 Apr 2018 13:33:46 +0100
Commit 68a0db1d7da2 reworked the baud rate selection, but also added
a (not so) subtle change in the way the local flags (c_lflag in the
termios structure) are handled, forcing the new flags to always be the
same as the old ones.
The reason for that particular change is both obscure and undocumented.
It also completely breaks userspace. Something as trivial as getty is
unusable:
<example>
Debian GNU/Linux 9 sy-borg ttyMV0
sy-borg login: root
root
[timeout]
Debian GNU/Linux 9 sy-borg ttyMV0
</example>
which is quite obvious in retrospect: getty cannot get in control of
the echo mode, is stuck in canonical mode, and times out without ever
seeing anything valid. It also begs the question of how this change was
ever tested.
The fix is pretty obvious: stop messing with c_lflag, and the world
will be a happier place.
Cc: stable@vger.kernel.org # 4.15+
Fixes: 68a0db1d7da2 ("serial: mvebu-uart: add function to change baudrate")
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
---
drivers/tty/serial/mvebu-uart.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/tty/serial/mvebu-uart.c b/drivers/tty/serial/mvebu-uart.c
index 750e5645dc85..f503fab1e268 100644
--- a/drivers/tty/serial/mvebu-uart.c
+++ b/drivers/tty/serial/mvebu-uart.c
@@ -495,7 +495,6 @@ static void mvebu_uart_set_termios(struct uart_port *port,
termios->c_iflag |= old->c_iflag & ~(INPCK | IGNPAR);
termios->c_cflag &= CREAD | CBAUD;
termios->c_cflag |= old->c_cflag & ~(CREAD | CBAUD);
- termios->c_lflag = old->c_lflag;
}
spin_unlock_irqrestore(&port->lock, flags);
From patchwork Sun Mar 25 19:57:36 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0

2
sources
View File

@ -1,2 +1,2 @@
SHA512 (linux-4.16.tar.xz) = ab47849314b177d0eec9dbf261f33972b0d89fb92fb0650130ffa7abc2f36c0fab2d06317dc1683c51a472a9a631573a9b1e7258d6281a2ee189897827f14662
SHA512 (patch-4.16.6.xz) = 151f3fedfb025f090e0f3d747890366933236b11d1f2bf8794c7d0309f9bb577c01fbfcd6ac073b3c49657543961592c643e896c6a57fe8df6ecde89270d0b36
SHA512 (patch-4.16.7.xz) = 576c2b520d444e11a9ca45ed3ed03822007ab6ff778a1759aa0f65c96946fe3e169e71d48d11e6d3b8627a99cdc20abfb0c84d7b6c9b0d2afa4d5fee9ed3aa41

95
xhci-Fix-Kernel-oops-in-xhci-dbgtty.patch
View File

@ -1,95 +0,0 @@
From patchwork Fri Apr 13 12:55:34 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: xhci: Fix Kernel oops in xhci dbgtty
From: Mathias Nyman <mathias.nyman@linux.intel.com>
X-Patchwork-Id: 10340045
Message-Id: <1523624134-29224-1-git-send-email-mathias.nyman@linux.intel.com>
To: <gregkh@linuxfoundation.org>
Cc: <linux-usb@vger.kernel.org>, Zhengjun Xing <zhengjun.xing@linux.intel.com>,
"# 4 . 16" <stable@vger.kernel.org>,
Mathias Nyman <mathias.nyman@linux.intel.com>
Date: Fri, 13 Apr 2018 15:55:34 +0300
From: Zhengjun Xing <zhengjun.xing@linux.intel.com>
tty_unregister_driver may be called more than 1 time in some
hotplug cases,it will cause the kernel oops. This patch checked
dbc_tty_driver to make sure it is unregistered only 1 time.
[ 175.741404] BUG: unable to handle kernel NULL pointer dereference at 0000000000000034
[ 175.742309] IP: tty_unregister_driver+0x9/0x70
[ 175.743148] PGD 0 P4D 0
[ 175.743981] Oops: 0000 [#1] SMP PTI
[ 175.753904] RIP: 0010:tty_unregister_driver+0x9/0x70
[ 175.754817] RSP: 0018:ffffa8ff831d3bb0 EFLAGS: 00010246
[ 175.755753] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 175.756685] RDX: ffff92089c616000 RSI: ffffe64fe1b26080 RDI: 0000000000000000
[ 175.757608] RBP: ffff92086c988230 R08: 000000006c982701 R09: 00000001801e0016
[ 175.758533] R10: ffffa8ff831d3b48 R11: ffff92086c982100 R12: ffff92086c98827c
[ 175.759462] R13: ffff92086c988398 R14: 0000000000000060 R15: ffff92089c5e9b40
[ 175.760401] FS: 0000000000000000(0000) GS:ffff9208a0100000(0000) knlGS:0000000000000000
[ 175.761334] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 175.762270] CR2: 0000000000000034 CR3: 000000011800a003 CR4: 00000000003606e0
[ 175.763225] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 175.764164] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 175.765091] Call Trace:
[ 175.766014] xhci_dbc_tty_unregister_driver+0x11/0x30
[ 175.766960] xhci_dbc_exit+0x2a/0x40
[ 175.767889] xhci_stop+0x57/0x1c0
[ 175.768824] usb_remove_hcd+0x100/0x250
[ 175.769708] usb_hcd_pci_remove+0x68/0x130
[ 175.770574] pci_device_remove+0x3b/0xc0
[ 175.771435] device_release_driver_internal+0x157/0x230
[ 175.772343] pci_stop_bus_device+0x74/0xa0
[ 175.773205] pci_stop_bus_device+0x2b/0xa0
[ 175.774061] pci_stop_bus_device+0x2b/0xa0
[ 175.774907] pci_stop_bus_device+0x2b/0xa0
[ 175.775741] pci_stop_bus_device+0x2b/0xa0
[ 175.776618] pci_stop_bus_device+0x2b/0xa0
[ 175.777452] pci_stop_bus_device+0x2b/0xa0
[ 175.778273] pci_stop_bus_device+0x2b/0xa0
[ 175.779092] pci_stop_bus_device+0x2b/0xa0
[ 175.779908] pci_stop_bus_device+0x2b/0xa0
[ 175.780750] pci_stop_bus_device+0x2b/0xa0
[ 175.781543] pci_stop_and_remove_bus_device+0xe/0x20
[ 175.782338] pciehp_unconfigure_device+0xb8/0x160
[ 175.783128] pciehp_disable_slot+0x4f/0xd0
[ 175.783920] pciehp_power_thread+0x82/0xa0
[ 175.784766] process_one_work+0x147/0x3c0
[ 175.785564] worker_thread+0x4a/0x440
[ 175.786376] kthread+0xf8/0x130
[ 175.787174] ? rescuer_thread+0x360/0x360
[ 175.787964] ? kthread_associate_blkcg+0x90/0x90
[ 175.788798] ret_from_fork+0x35/0x40
Cc: <stable@vger.kernel.org> # 4.16
Fixes: dfba2174dc42 ("usb: xhci: Add DbC support in xHCI driver")
Signed-off-by: Zhengjun Xing <zhengjun.xing@linux.intel.com>
Tested-by: Christian Kellner <christian@kellner.me>
Reviewed-by: Christian Kellner <christian@kellner.me>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
---
drivers/usb/host/xhci-dbgtty.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/host/xhci-dbgtty.c b/drivers/usb/host/xhci-dbgtty.c
index 48779c4..eb494ec5 100644
--- a/drivers/usb/host/xhci-dbgtty.c
+++ b/drivers/usb/host/xhci-dbgtty.c
@@ -320,9 +320,11 @@ int xhci_dbc_tty_register_driver(struct xhci_hcd *xhci)
void xhci_dbc_tty_unregister_driver(void)
{
- tty_unregister_driver(dbc_tty_driver);
- put_tty_driver(dbc_tty_driver);
- dbc_tty_driver = NULL;
+ if (dbc_tty_driver) {
+ tty_unregister_driver(dbc_tty_driver);
+ put_tty_driver(dbc_tty_driver);
+ dbc_tty_driver = NULL;
+ }
}
static void dbc_rx_push(unsigned long _port)