Linux v4.8.10
This commit is contained in:
parent
a0974068fe
commit
611b29e802
|
@ -1,49 +0,0 @@
|
|||
From 9f692cbe4a01dd9e3c3e954ec6b59662b68f9ce4 Mon Sep 17 00:00:00 2001
|
||||
From: Laura Abbott <labbott@redhat.com>
|
||||
Date: Fri, 9 Sep 2016 10:19:02 -0700
|
||||
Subject: [PATCH] cpupower: Correct return type of cpu_power_is_cpu_online in
|
||||
cpufreq
|
||||
To: Thomas Renninger <trenn@suse.com>
|
||||
Cc: linux-pm@vger.kernel.org
|
||||
Cc: linux-kernel@vger.kernel.org
|
||||
|
||||
When converting to a shared library in ac5a181d065d ("cpupower: Add
|
||||
cpuidle parts into library"), cpu_freq_cpu_exists was converted to
|
||||
cpupower_is_cpu_online. cpu_req_cpu_exists returned 0 on success and
|
||||
-ENOSYS on failure whereas cpupower_is_cpu_online returns 1 on success.
|
||||
Check for the correct return value in cpufreq-set.
|
||||
|
||||
See https://bugzilla.redhat.com/show_bug.cgi?id=1374212
|
||||
|
||||
Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library")
|
||||
Reported-by: Julian Seward <jseward@acm.org>
|
||||
Signed-off-by: Laura Abbott <labbott@redhat.com>
|
||||
---
|
||||
tools/power/cpupower/utils/cpufreq-set.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/tools/power/cpupower/utils/cpufreq-set.c b/tools/power/cpupower/utils/cpufreq-set.c
|
||||
index b4bf769..8971d71 100644
|
||||
--- a/tools/power/cpupower/utils/cpufreq-set.c
|
||||
+++ b/tools/power/cpupower/utils/cpufreq-set.c
|
||||
@@ -296,7 +296,7 @@ int cmd_freq_set(int argc, char **argv)
|
||||
struct cpufreq_affected_cpus *cpus;
|
||||
|
||||
if (!bitmask_isbitset(cpus_chosen, cpu) ||
|
||||
- cpupower_is_cpu_online(cpu))
|
||||
+ cpupower_is_cpu_online(cpu) != 1)
|
||||
continue;
|
||||
|
||||
cpus = cpufreq_get_related_cpus(cpu);
|
||||
@@ -316,7 +316,7 @@ int cmd_freq_set(int argc, char **argv)
|
||||
cpu <= bitmask_last(cpus_chosen); cpu++) {
|
||||
|
||||
if (!bitmask_isbitset(cpus_chosen, cpu) ||
|
||||
- cpupower_is_cpu_online(cpu))
|
||||
+ cpupower_is_cpu_online(cpu) != 1)
|
||||
continue;
|
||||
|
||||
if (cpupower_is_cpu_online(cpu) != 1)
|
||||
--
|
||||
2.10.0
|
||||
|
|
@ -1,105 +0,0 @@
|
|||
From ac6e780070e30e4c35bd395acfe9191e6268bdd3 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Dumazet <edumazet@google.com>
|
||||
Date: Thu, 10 Nov 2016 13:12:35 -0800
|
||||
Subject: [PATCH] tcp: take care of truncations done by sk_filter()
|
||||
|
||||
With syzkaller help, Marco Grassi found a bug in TCP stack,
|
||||
crashing in tcp_collapse()
|
||||
|
||||
Root cause is that sk_filter() can truncate the incoming skb,
|
||||
but TCP stack was not really expecting this to happen.
|
||||
It probably was expecting a simple DROP or ACCEPT behavior.
|
||||
|
||||
We first need to make sure no part of TCP header could be removed.
|
||||
Then we need to adjust TCP_SKB_CB(skb)->end_seq
|
||||
|
||||
Many thanks to syzkaller team and Marco for giving us a reproducer.
|
||||
|
||||
Signed-off-by: Eric Dumazet <edumazet@google.com>
|
||||
Reported-by: Marco Grassi <marco.gra@gmail.com>
|
||||
Reported-by: Vladis Dronov <vdronov@redhat.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
include/net/tcp.h | 1 +
|
||||
net/ipv4/tcp_ipv4.c | 19 ++++++++++++++++++-
|
||||
net/ipv6/tcp_ipv6.c | 6 ++++--
|
||||
3 files changed, 23 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/include/net/tcp.h b/include/net/tcp.h
|
||||
index 304a8e1..123979f 100644
|
||||
--- a/include/net/tcp.h
|
||||
+++ b/include/net/tcp.h
|
||||
@@ -1220,6 +1220,7 @@ static inline void tcp_prequeue_init(struct tcp_sock *tp)
|
||||
}
|
||||
|
||||
bool tcp_prequeue(struct sock *sk, struct sk_buff *skb);
|
||||
+int tcp_filter(struct sock *sk, struct sk_buff *skb);
|
||||
|
||||
#undef STATE_TRACE
|
||||
|
||||
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
|
||||
index 61b7be3..2259114 100644
|
||||
--- a/net/ipv4/tcp_ipv4.c
|
||||
+++ b/net/ipv4/tcp_ipv4.c
|
||||
@@ -1564,6 +1564,21 @@ bool tcp_add_backlog(struct sock *sk, struct sk_buff *skb)
|
||||
}
|
||||
EXPORT_SYMBOL(tcp_prequeue);
|
||||
|
||||
+int tcp_filter(struct sock *sk, struct sk_buff *skb)
|
||||
+{
|
||||
+ struct tcphdr *th = (struct tcphdr *)skb->data;
|
||||
+ unsigned int eaten = skb->len;
|
||||
+ int err;
|
||||
+
|
||||
+ err = sk_filter_trim_cap(sk, skb, th->doff * 4);
|
||||
+ if (!err) {
|
||||
+ eaten -= skb->len;
|
||||
+ TCP_SKB_CB(skb)->end_seq -= eaten;
|
||||
+ }
|
||||
+ return err;
|
||||
+}
|
||||
+EXPORT_SYMBOL(tcp_filter);
|
||||
+
|
||||
/*
|
||||
* From tcp_input.c
|
||||
*/
|
||||
@@ -1676,8 +1691,10 @@ int tcp_v4_rcv(struct sk_buff *skb)
|
||||
|
||||
nf_reset(skb);
|
||||
|
||||
- if (sk_filter(sk, skb))
|
||||
+ if (tcp_filter(sk, skb))
|
||||
goto discard_and_relse;
|
||||
+ th = (const struct tcphdr *)skb->data;
|
||||
+ iph = ip_hdr(skb);
|
||||
|
||||
skb->dev = NULL;
|
||||
|
||||
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
|
||||
index 6ca23c2..b9f1fee 100644
|
||||
--- a/net/ipv6/tcp_ipv6.c
|
||||
+++ b/net/ipv6/tcp_ipv6.c
|
||||
@@ -1229,7 +1229,7 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
|
||||
if (skb->protocol == htons(ETH_P_IP))
|
||||
return tcp_v4_do_rcv(sk, skb);
|
||||
|
||||
- if (sk_filter(sk, skb))
|
||||
+ if (tcp_filter(sk, skb))
|
||||
goto discard;
|
||||
|
||||
/*
|
||||
@@ -1457,8 +1457,10 @@ static int tcp_v6_rcv(struct sk_buff *skb)
|
||||
if (tcp_v6_inbound_md5_hash(sk, skb))
|
||||
goto discard_and_relse;
|
||||
|
||||
- if (sk_filter(sk, skb))
|
||||
+ if (tcp_filter(sk, skb))
|
||||
goto discard_and_relse;
|
||||
+ th = (const struct tcphdr *)skb->data;
|
||||
+ hdr = ipv6_hdr(skb);
|
||||
|
||||
skb->dev = NULL;
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
11
kernel.spec
11
kernel.spec
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 8
|
||||
%define stable_update 10
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
@ -620,9 +620,6 @@ Patch846: security-selinux-overlayfs-support.patch
|
|||
#rhbz 1360688
|
||||
Patch847: rc-core-fix-repeat-events.patch
|
||||
|
||||
#rhbz 1374212
|
||||
Patch848: 0001-cpupower-Correct-return-type-of-cpu_power_is_cpu_onl.patch
|
||||
|
||||
#ongoing complaint, full discussion delayed until ksummit/plumbers
|
||||
Patch849: 0001-iio-Use-event-header-from-kernel-tree.patch
|
||||
|
||||
|
@ -638,9 +635,6 @@ Patch853: 0001-drm-i915-Refresh-that-status-of-MST-capable-connecto.patch
|
|||
#rhbz 1390308
|
||||
Patch854: nouveau-add-maxwell-to-backlight-init.patch
|
||||
|
||||
#CVE-2016-8645 rhbz 1393904 1393908
|
||||
Patch856: 0001-tcp-take-care-of-truncations-done-by-sk_filter.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
@ -2163,6 +2157,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Mon Nov 21 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.8.10-100
|
||||
- Linux v4.8.10
|
||||
|
||||
* Tue Nov 15 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.8.8-100
|
||||
- Linux v4.8.8
|
||||
- Fix crash in tcp_collapse CVE-2016-8645 (rhbz 1393904 1393908)
|
||||
|
|
Loading…
Reference in New Issue