Linux v4.12.4
This commit is contained in:
Justin M. Forbes
parent
91612fa839
commit
9219d489ea
|
|
@ -1,48 +0,0 @@
|
|||
From 70ac67826602edf8c0ccb413e5ba7eacf597a60c Mon Sep 17 00:00:00 2001
|
||||
From: Seunghun Han <kkamagui@gmail.com>
|
||||
Date: Tue, 18 Jul 2017 20:03:51 +0900
|
||||
Subject: x86/acpi: Prevent out of bound access caused by broken ACPI tables
|
||||
|
||||
The bus_irq argument of mp_override_legacy_irq() is used as the index into
|
||||
the isa_irq_to_gsi[] array. The bus_irq argument originates from
|
||||
ACPI_MADT_TYPE_IO_APIC and ACPI_MADT_TYPE_INTERRUPT items in the ACPI
|
||||
tables, but is nowhere sanity checked.
|
||||
|
||||
That allows broken or malicious ACPI tables to overwrite memory, which
|
||||
might cause malfunction, panic or arbitrary code execution.
|
||||
|
||||
Add a sanity check and emit a warning when that triggers.
|
||||
|
||||
[ tglx: Added warning and rewrote changelog ]
|
||||
|
||||
Signed-off-by: Seunghun Han <kkamagui@gmail.com>
|
||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: security@kernel.org
|
||||
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
|
||||
Cc: stable@vger.kernel.org
|
||||
---
|
||||
arch/x86/kernel/acpi/boot.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
|
||||
index 6bb6806..7491e73 100644
|
||||
--- a/arch/x86/kernel/acpi/boot.c
|
||||
+++ b/arch/x86/kernel/acpi/boot.c
|
||||
@@ -347,6 +347,14 @@ static void __init mp_override_legacy_irq(u8 bus_irq, u8 polarity, u8 trigger,
|
||||
struct mpc_intsrc mp_irq;
|
||||
|
||||
/*
|
||||
+ * Check bus_irq boundary.
|
||||
+ */
|
||||
+ if (bus_irq >= NR_IRQS_LEGACY) {
|
||||
+ pr_warn("Invalid bus_irq %u for legacy override\n", bus_irq);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
* Convert 'gsi' to 'ioapic.pin'.
|
||||
*/
|
||||
ioapic = mp_find_ioapic(gsi);
|
||||
--
|
||||
cgit v1.1
|
||||
|
||||
10
kernel.spec
10
kernel.spec
|
|
@ -42,7 +42,7 @@ Summary: The Linux kernel
|
|||
# For non-released -rc kernels, this will be appended after the rcX and
|
||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||
#
|
||||
%global baserelease 301
|
||||
%global baserelease 300
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
|
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 3
|
||||
%define stable_update 4
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
|
@ -668,9 +668,6 @@ Patch616: 0016-Input-silead-Do-not-try-to-directly-access-the-GPIO-.patch
|
|||
# CVE-2017-7542 rhbz 1473649 1473650
|
||||
Patch701: 0001-ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch
|
||||
|
||||
# CVE-2017-11473 rhbz 1473209 147310
|
||||
Patch702: CVE-2017-11473.patch
|
||||
|
||||
# rhbz 1431375
|
||||
Patch703: HID-rmi-Make-sure-the-HID-device-is-opened-on-resume.patch
|
||||
Patch704: input-rmi4-remove-the-need-for-artifical-IRQ.patch
|
||||
|
|
@ -2251,6 +2248,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Thu Jul 27 2017 Justin M. Forbes <jforbes@redhat.com> - 4.12.4-300
|
||||
- Linux v4.12.4
|
||||
|
||||
* Wed Jul 26 2017 Justin M. Forbes <jforbes@fedoraproject.org>
|
||||
- Fix mtx (rhbz 1471302)
|
||||
|
||||
|
|
|
|||
|
|
@ -45,54 +45,6 @@ index 600f5f9f7431..62580ad1b1f1 100644
|
|||
--
|
||||
2.13.0
|
||||
|
||||
From ccdf75f90484a87ddb29649304156a503bf5a829 Mon Sep 17 00:00:00 2001
|
||||
From: Bjorn Andersson <bjorn.andersson@linaro.org>
|
||||
Date: Wed, 28 Jun 2017 16:44:58 -0700
|
||||
Subject: [PATCH 2/6] spmi: Include OF based modalias in device uevent
|
||||
|
||||
Include the OF-based modalias in the uevent sent when registering SPMI
|
||||
devices, so that user space has a chance to autoload the kernel module
|
||||
for the device.
|
||||
|
||||
Reported-by: Rob Clark <robdclark@gmail.com>
|
||||
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
|
||||
Tested-by: Rob Clark <robdclark@gmail.com>
|
||||
Reviewed-by: Stephen Boyd <sboyd@codeaurora.org>
|
||||
---
|
||||
drivers/spmi/spmi.c | 12 ++++++++++++
|
||||
1 file changed, 12 insertions(+)
|
||||
|
||||
diff --git a/drivers/spmi/spmi.c b/drivers/spmi/spmi.c
|
||||
index 2b9b0941d9eb..6d23226e5f69 100644
|
||||
--- a/drivers/spmi/spmi.c
|
||||
+++ b/drivers/spmi/spmi.c
|
||||
@@ -365,11 +365,23 @@ static int spmi_drv_remove(struct device *dev)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static int spmi_drv_uevent(struct device *dev, struct kobj_uevent_env *env)
|
||||
+{
|
||||
+ int ret;
|
||||
+
|
||||
+ ret = of_device_uevent_modalias(dev, env);
|
||||
+ if (ret != -ENODEV)
|
||||
+ return ret;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static struct bus_type spmi_bus_type = {
|
||||
.name = "spmi",
|
||||
.match = spmi_device_match,
|
||||
.probe = spmi_drv_probe,
|
||||
.remove = spmi_drv_remove,
|
||||
+ .uevent = spmi_drv_uevent,
|
||||
};
|
||||
|
||||
/**
|
||||
--
|
||||
2.13.0
|
||||
|
||||
From 283d0e00a18b294ec56f1fb904896a546704faaf Mon Sep 17 00:00:00 2001
|
||||
From: Rob Clark <robdclark@gmail.com>
|
||||
Date: Fri, 30 Jun 2017 11:47:21 -0400
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1,3 +1,3 @@
|
|||
SHA512 (perf-man-4.12.tar.gz) = 4d3bbda1f520dba0007c351af46f45085fe4842074eb2e01aee736fd369df595f8f72ed6c1192715f1120bf3353279777f9dca1178fe93bffe5be2de700d409c
|
||||
SHA512 (linux-4.12.tar.xz) = 8e81b41b253e63233e92948941f44c6482acb52aa3a3fd172f03a38a86f2c35b2ad4fd407acd1bc3964673eba344fe104d3a03e3ff4bf9cd1f22bd44263bd728
|
||||
SHA512 (patch-4.12.3.xz) = a6ace68b6387665a1f77420b415a72032465fae6d99ec409487765ecf7cfb8a8458fe09f844662249f14e5739db3f82b28cdac705b0d54d4c6e268719d350c0d
|
||||
SHA512 (patch-4.12.4.xz) = 8a6b72524050733c166524230d85f808275a65c28f06444350ebb8c64dd4cab666f8629ef1d1d2b6c25c1f36820a1fd114510af5a38509df55f9c3071543e647
|
||||
|
|
|
|||
Loading…
Reference in New Issue