Linux v4.8.3
This commit is contained in:
parent
de79447876
commit
7bb512ee31
|
@ -1,81 +0,0 @@
|
|||
From a397ba829d7f8aff4c90af3704573a28ccd61a59 Mon Sep 17 00:00:00 2001
|
||||
From: Marcelo Cerri <marcelo.cerri@canonical.com>
|
||||
Date: Wed, 28 Sep 2016 13:42:09 -0300
|
||||
Subject: [PATCH] crypto: ghash-generic - move common definitions to a new
|
||||
header file
|
||||
|
||||
Move common values and types used by ghash-generic to a new header file
|
||||
so drivers can directly use ghash-generic as a fallback implementation.
|
||||
|
||||
Fixes: cc333cd68dfa ("crypto: vmx - Adding GHASH routines for VMX module")
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Marcelo Cerri <marcelo.cerri@canonical.com>
|
||||
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
||||
---
|
||||
crypto/ghash-generic.c | 13 +------------
|
||||
include/crypto/ghash.h | 23 +++++++++++++++++++++++
|
||||
2 files changed, 24 insertions(+), 12 deletions(-)
|
||||
create mode 100644 include/crypto/ghash.h
|
||||
|
||||
diff --git a/crypto/ghash-generic.c b/crypto/ghash-generic.c
|
||||
index bac7099..12ad3e3 100644
|
||||
--- a/crypto/ghash-generic.c
|
||||
+++ b/crypto/ghash-generic.c
|
||||
@@ -14,24 +14,13 @@
|
||||
|
||||
#include <crypto/algapi.h>
|
||||
#include <crypto/gf128mul.h>
|
||||
+#include <crypto/ghash.h>
|
||||
#include <crypto/internal/hash.h>
|
||||
#include <linux/crypto.h>
|
||||
#include <linux/init.h>
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/module.h>
|
||||
|
||||
-#define GHASH_BLOCK_SIZE 16
|
||||
-#define GHASH_DIGEST_SIZE 16
|
||||
-
|
||||
-struct ghash_ctx {
|
||||
- struct gf128mul_4k *gf128;
|
||||
-};
|
||||
-
|
||||
-struct ghash_desc_ctx {
|
||||
- u8 buffer[GHASH_BLOCK_SIZE];
|
||||
- u32 bytes;
|
||||
-};
|
||||
-
|
||||
static int ghash_init(struct shash_desc *desc)
|
||||
{
|
||||
struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
|
||||
diff --git a/include/crypto/ghash.h b/include/crypto/ghash.h
|
||||
new file mode 100644
|
||||
index 0000000..2a61c9b
|
||||
--- /dev/null
|
||||
+++ b/include/crypto/ghash.h
|
||||
@@ -0,0 +1,23 @@
|
||||
+/*
|
||||
+ * Common values for GHASH algorithms
|
||||
+ */
|
||||
+
|
||||
+#ifndef __CRYPTO_GHASH_H__
|
||||
+#define __CRYPTO_GHASH_H__
|
||||
+
|
||||
+#include <linux/types.h>
|
||||
+#include <crypto/gf128mul.h>
|
||||
+
|
||||
+#define GHASH_BLOCK_SIZE 16
|
||||
+#define GHASH_DIGEST_SIZE 16
|
||||
+
|
||||
+struct ghash_ctx {
|
||||
+ struct gf128mul_4k *gf128;
|
||||
+};
|
||||
+
|
||||
+struct ghash_desc_ctx {
|
||||
+ u8 buffer[GHASH_BLOCK_SIZE];
|
||||
+ u32 bytes;
|
||||
+};
|
||||
+
|
||||
+#endif
|
||||
--
|
||||
2.7.4
|
||||
|
|
@ -1,103 +0,0 @@
|
|||
From 80da44c29d997e28c4442825f35f4ac339813877 Mon Sep 17 00:00:00 2001
|
||||
From: Marcelo Cerri <marcelo.cerri@canonical.com>
|
||||
Date: Wed, 28 Sep 2016 13:42:10 -0300
|
||||
Subject: [PATCH] crypto: vmx - Fix memory corruption caused by p8_ghash
|
||||
|
||||
This patch changes the p8_ghash driver to use ghash-generic as a fixed
|
||||
fallback implementation. This allows the correct value of descsize to be
|
||||
defined directly in its shash_alg structure and avoids problems with
|
||||
incorrect buffer sizes when its state is exported or imported.
|
||||
|
||||
Reported-by: Jan Stancek <jstancek@redhat.com>
|
||||
Fixes: cc333cd68dfa ("crypto: vmx - Adding GHASH routines for VMX module")
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Marcelo Cerri <marcelo.cerri@canonical.com>
|
||||
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
||||
---
|
||||
drivers/crypto/vmx/ghash.c | 31 ++++++++++++++++---------------
|
||||
1 file changed, 16 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/drivers/crypto/vmx/ghash.c b/drivers/crypto/vmx/ghash.c
|
||||
index 6c999cb0..27a94a1 100644
|
||||
--- a/drivers/crypto/vmx/ghash.c
|
||||
+++ b/drivers/crypto/vmx/ghash.c
|
||||
@@ -26,16 +26,13 @@
|
||||
#include <linux/hardirq.h>
|
||||
#include <asm/switch_to.h>
|
||||
#include <crypto/aes.h>
|
||||
+#include <crypto/ghash.h>
|
||||
#include <crypto/scatterwalk.h>
|
||||
#include <crypto/internal/hash.h>
|
||||
#include <crypto/b128ops.h>
|
||||
|
||||
#define IN_INTERRUPT in_interrupt()
|
||||
|
||||
-#define GHASH_BLOCK_SIZE (16)
|
||||
-#define GHASH_DIGEST_SIZE (16)
|
||||
-#define GHASH_KEY_LEN (16)
|
||||
-
|
||||
void gcm_init_p8(u128 htable[16], const u64 Xi[2]);
|
||||
void gcm_gmult_p8(u64 Xi[2], const u128 htable[16]);
|
||||
void gcm_ghash_p8(u64 Xi[2], const u128 htable[16],
|
||||
@@ -55,16 +52,11 @@ struct p8_ghash_desc_ctx {
|
||||
|
||||
static int p8_ghash_init_tfm(struct crypto_tfm *tfm)
|
||||
{
|
||||
- const char *alg;
|
||||
+ const char *alg = "ghash-generic";
|
||||
struct crypto_shash *fallback;
|
||||
struct crypto_shash *shash_tfm = __crypto_shash_cast(tfm);
|
||||
struct p8_ghash_ctx *ctx = crypto_tfm_ctx(tfm);
|
||||
|
||||
- if (!(alg = crypto_tfm_alg_name(tfm))) {
|
||||
- printk(KERN_ERR "Failed to get algorithm name.\n");
|
||||
- return -ENOENT;
|
||||
- }
|
||||
-
|
||||
fallback = crypto_alloc_shash(alg, 0, CRYPTO_ALG_NEED_FALLBACK);
|
||||
if (IS_ERR(fallback)) {
|
||||
printk(KERN_ERR
|
||||
@@ -78,10 +70,18 @@ static int p8_ghash_init_tfm(struct crypto_tfm *tfm)
|
||||
crypto_shash_set_flags(fallback,
|
||||
crypto_shash_get_flags((struct crypto_shash
|
||||
*) tfm));
|
||||
- ctx->fallback = fallback;
|
||||
|
||||
- shash_tfm->descsize = sizeof(struct p8_ghash_desc_ctx)
|
||||
- + crypto_shash_descsize(fallback);
|
||||
+ /* Check if the descsize defined in the algorithm is still enough. */
|
||||
+ if (shash_tfm->descsize < sizeof(struct p8_ghash_desc_ctx)
|
||||
+ + crypto_shash_descsize(fallback)) {
|
||||
+ printk(KERN_ERR
|
||||
+ "Desc size of the fallback implementation (%s) does not match the expected value: %lu vs %u\n",
|
||||
+ alg,
|
||||
+ shash_tfm->descsize - sizeof(struct p8_ghash_desc_ctx),
|
||||
+ crypto_shash_descsize(fallback));
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+ ctx->fallback = fallback;
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -113,7 +113,7 @@ static int p8_ghash_setkey(struct crypto_shash *tfm, const u8 *key,
|
||||
{
|
||||
struct p8_ghash_ctx *ctx = crypto_tfm_ctx(crypto_shash_tfm(tfm));
|
||||
|
||||
- if (keylen != GHASH_KEY_LEN)
|
||||
+ if (keylen != GHASH_BLOCK_SIZE)
|
||||
return -EINVAL;
|
||||
|
||||
preempt_disable();
|
||||
@@ -211,7 +211,8 @@ struct shash_alg p8_ghash_alg = {
|
||||
.update = p8_ghash_update,
|
||||
.final = p8_ghash_final,
|
||||
.setkey = p8_ghash_setkey,
|
||||
- .descsize = sizeof(struct p8_ghash_desc_ctx),
|
||||
+ .descsize = sizeof(struct p8_ghash_desc_ctx)
|
||||
+ + sizeof(struct ghash_desc_ctx),
|
||||
.base = {
|
||||
.cra_name = "ghash",
|
||||
.cra_driver_name = "p8_ghash",
|
||||
--
|
||||
2.7.4
|
||||
|
|
@ -1,41 +0,0 @@
|
|||
From: Dan Carpenter <dan.carpenter@oracle.com>
|
||||
Date: 2016-09-15 13:44:56
|
||||
Subject: [patch v2] arcmsr: buffer overflow in arcmsr_iop_message_xfer()
|
||||
|
||||
We need to put an upper bound on "user_len" so the memcpy() doesn't
|
||||
overflow.
|
||||
|
||||
Reported-by: Marco Grassi <marco.gra@gmail.com>
|
||||
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
|
||||
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
|
||||
|
||||
diff --git a/drivers/scsi/arcmsr/arcmsr_hba.c b/drivers/scsi/arcmsr/arcmsr_hba.c
|
||||
index 7640498..110eca9 100644
|
||||
--- a/drivers/scsi/arcmsr/arcmsr_hba.c
|
||||
+++ b/drivers/scsi/arcmsr/arcmsr_hba.c
|
||||
@@ -2388,7 +2388,8 @@ static int arcmsr_iop_message_xfer(struct AdapterControlBlock *acb,
|
||||
}
|
||||
case ARCMSR_MESSAGE_WRITE_WQBUFFER: {
|
||||
unsigned char *ver_addr;
|
||||
- int32_t user_len, cnt2end;
|
||||
+ uint32_t user_len;
|
||||
+ int32_t cnt2end;
|
||||
uint8_t *pQbuffer, *ptmpuserbuffer;
|
||||
ver_addr = kmalloc(ARCMSR_API_DATA_BUFLEN, GFP_ATOMIC);
|
||||
if (!ver_addr) {
|
||||
@@ -2397,6 +2398,11 @@ static int arcmsr_iop_message_xfer(struct AdapterControlBlock *acb,
|
||||
}
|
||||
ptmpuserbuffer = ver_addr;
|
||||
user_len = pcmdmessagefld->cmdmessage.Length;
|
||||
+ if (user_len > ARCMSR_API_DATA_BUFLEN) {
|
||||
+ retvalue = ARCMSR_MESSAGE_FAIL;
|
||||
+ kfree(ver_addr);
|
||||
+ goto message_out;
|
||||
+ }
|
||||
memcpy(ptmpuserbuffer,
|
||||
pcmdmessagefld->messagedatabuffer, user_len);
|
||||
spin_lock_irqsave(&acb->wqbuffer_lock, flags);
|
||||
--
|
||||
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
|
||||
the body of a message to majordomo@vger.kernel.org
|
||||
More majordomo info at http://vger.kernel.org/majordomo-info.html
|
|
@ -1,95 +0,0 @@
|
|||
From 61d19a658598b2d3ea80a5a02a59d9ea0ff08ce6 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Mon, 3 Oct 2016 19:43:03 +0200
|
||||
Subject: [PATCH] drm: virtio: reinstate drm_virtio_set_busid()
|
||||
|
||||
Before commit a325725633c2 ("drm: Lobotomize set_busid nonsense for !pci
|
||||
drivers"), several DRM drivers for platform devices used to expose an
|
||||
explicit "drm_driver.set_busid" callback, invariably backed by
|
||||
drm_platform_set_busid().
|
||||
|
||||
Commit a325725633c2 removed drm_platform_set_busid(), along with the
|
||||
referring .set_busid field initializations. This was justified because
|
||||
interchangeable functionality had been implemented in drm_dev_alloc() /
|
||||
drm_dev_init(), which DRM_IOCTL_SET_VERSION would rely on going forward.
|
||||
|
||||
However, commit a325725633c2 also removed drm_virtio_set_busid(), for
|
||||
which the same consolidation was not appropriate: this .set_busid callback
|
||||
had been implemented with drm_pci_set_busid(), and not
|
||||
drm_platform_set_busid(). The error regressed Xorg/xserver on QEMU's
|
||||
"virtio-vga" card; the drmGetBusid() function from libdrm would no longer
|
||||
return stable PCI identifiers like "pci:0000:00:02.0", but rather unstable
|
||||
platform ones like "virtio0".
|
||||
|
||||
Reinstate drm_virtio_set_busid() with judicious use of
|
||||
|
||||
git checkout -p a325725633c2^ -- drivers/gpu/drm/virtio
|
||||
|
||||
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
|
||||
Cc: Daniel Vetter <daniel.vetter@intel.com>
|
||||
Cc: David Airlie <airlied@redhat.com>
|
||||
Cc: Emil Velikov <emil.l.velikov@gmail.com>
|
||||
Cc: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Cc: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
||||
Cc: Hans de Goede <hdegoede@redhat.com>
|
||||
Cc: Joachim Frieben <jfrieben@hotmail.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Reported-by: Joachim Frieben <jfrieben@hotmail.com>
|
||||
Fixes: a325725633c26aa66ab940f762a6b0778edf76c0
|
||||
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1366842
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Emil Velikov <emil.l.velikov@gmail.com>
|
||||
---
|
||||
drivers/gpu/drm/virtio/virtgpu_drm_bus.c | 10 ++++++++++
|
||||
drivers/gpu/drm/virtio/virtgpu_drv.c | 1 +
|
||||
drivers/gpu/drm/virtio/virtgpu_drv.h | 1 +
|
||||
3 files changed, 12 insertions(+)
|
||||
|
||||
diff --git a/drivers/gpu/drm/virtio/virtgpu_drm_bus.c b/drivers/gpu/drm/virtio/virtgpu_drm_bus.c
|
||||
index 7f0e93f87a55..88a39165edd5 100644
|
||||
--- a/drivers/gpu/drm/virtio/virtgpu_drm_bus.c
|
||||
+++ b/drivers/gpu/drm/virtio/virtgpu_drm_bus.c
|
||||
@@ -27,6 +27,16 @@
|
||||
|
||||
#include "virtgpu_drv.h"
|
||||
|
||||
+int drm_virtio_set_busid(struct drm_device *dev, struct drm_master *master)
|
||||
+{
|
||||
+ struct pci_dev *pdev = dev->pdev;
|
||||
+
|
||||
+ if (pdev) {
|
||||
+ return drm_pci_set_busid(dev, master);
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static void virtio_pci_kick_out_firmware_fb(struct pci_dev *pci_dev)
|
||||
{
|
||||
struct apertures_struct *ap;
|
||||
diff --git a/drivers/gpu/drm/virtio/virtgpu_drv.c b/drivers/gpu/drm/virtio/virtgpu_drv.c
|
||||
index c13f70cfc461..5820b7020ae5 100644
|
||||
--- a/drivers/gpu/drm/virtio/virtgpu_drv.c
|
||||
+++ b/drivers/gpu/drm/virtio/virtgpu_drv.c
|
||||
@@ -117,6 +117,7 @@ static const struct file_operations virtio_gpu_driver_fops = {
|
||||
|
||||
static struct drm_driver driver = {
|
||||
.driver_features = DRIVER_MODESET | DRIVER_GEM | DRIVER_PRIME | DRIVER_RENDER | DRIVER_ATOMIC,
|
||||
+ .set_busid = drm_virtio_set_busid,
|
||||
.load = virtio_gpu_driver_load,
|
||||
.unload = virtio_gpu_driver_unload,
|
||||
.open = virtio_gpu_driver_open,
|
||||
diff --git a/drivers/gpu/drm/virtio/virtgpu_drv.h b/drivers/gpu/drm/virtio/virtgpu_drv.h
|
||||
index b18ef3111f0c..acf556a35cb2 100644
|
||||
--- a/drivers/gpu/drm/virtio/virtgpu_drv.h
|
||||
+++ b/drivers/gpu/drm/virtio/virtgpu_drv.h
|
||||
@@ -49,6 +49,7 @@
|
||||
#define DRIVER_PATCHLEVEL 1
|
||||
|
||||
/* virtgpu_drm_bus.c */
|
||||
+int drm_virtio_set_busid(struct drm_device *dev, struct drm_master *master);
|
||||
int drm_virtio_init(struct drm_driver *driver, struct virtio_device *vdev);
|
||||
|
||||
struct virtio_gpu_object {
|
||||
--
|
||||
2.7.4
|
||||
|
15
kernel.spec
15
kernel.spec
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 3
|
||||
%define stable_update 4
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
@ -625,16 +625,6 @@ Patch848: 0001-cpupower-Correct-return-type-of-cpu_power_is_cpu_onl.patch
|
|||
#ongoing complaint, full discussion delayed until ksummit/plumbers
|
||||
Patch849: 0001-iio-Use-event-header-from-kernel-tree.patch
|
||||
|
||||
#CVE-2016-7425 rhbz 1377330 1377331
|
||||
Patch850: arcmsr-buffer-overflow-in-archmsr_iop_message_xfer.patch
|
||||
|
||||
#rhbz 1366842
|
||||
Patch851: drm-virtio-reinstate-drm_virtio_set_busid.patch
|
||||
|
||||
# Fix memory corruption caused by p8_ghash
|
||||
Patch852: 0001-crypto-ghash-generic-move-common-definitions-to-a-ne.patch
|
||||
Patch853: 0001-crypto-vmx-Fix-memory-corruption-caused-by-p8_ghash.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
@ -2171,6 +2161,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Mon Oct 24 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.8.4-300
|
||||
- Linux v4.8.4
|
||||
|
||||
* Thu Oct 20 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.8.3-300
|
||||
- Linux v4.8.3
|
||||
- CVE-2016-5195 (rhbz 1384344 1387080)
|
||||
|
|
Loading…
Reference in New Issue