rpms
/
kernel
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Linux v4.4

This commit is contained in:
Laura Abbott 2016-01-14 09:37:36 -08:00
parent cdfa7cd82c
commit a2bb5001cb
40 changed files with 479 additions and 1930 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch
View File

@ -1,63 +0,0 @@
From 721ebb3cf4788107424f92ac2da6cfce20c67297 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Sun, 1 Nov 2015 23:54:08 +0000
Subject: [PATCH] watchdog: omap_wdt: fix null pointer dereference
Fix issue from two patches overlapping causing a kernel oops
[ 3569.297449] Unable to handle kernel NULL pointer dereference at virtual address 00000088
[ 3569.306272] pgd = dc894000
[ 3569.309287] [00000088] *pgd=00000000
[ 3569.313104] Internal error: Oops: 5 [#1] SMP ARM
[ 3569.317986] Modules linked in: ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_filter ebtable_nat ebtable_broute bridge stp llc ebtables ip6table_security ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_filter ip6_tables iptable_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle musb_dsps cppi41 musb_hdrc phy_am335x udc_core phy_generic phy_am335x_control omap_sham omap_aes omap_rng omap_hwspinlock omap_mailbox hwspinlock_core musb_am335x omap_wdt at24 8250_omap leds_gpio cpufreq_dt smsc davinci_mdio mmc_block ti_cpsw cpsw_common ptp pps_core cpsw_ale davinci_cpdma omap_hsmmc omap_dma mmc_core i2c_dev
[ 3569.386293] CPU: 0 PID: 1429 Comm: wdctl Not tainted 4.3.0-0.rc7.git0.1.fc24.armv7hl #1
[ 3569.394740] Hardware name: Generic AM33XX (Flattened Device Tree)
[ 3569.401179] task: dbd11a00 ti: dbaac000 task.ti: dbaac000
[ 3569.406917] PC is at omap_wdt_get_timeleft+0xc/0x20 [omap_wdt]
[ 3569.413106] LR is at watchdog_ioctl+0x3cc/0x42c
[ 3569.417902] pc : [<bf0ab138>] lr : [<c0739c54>] psr: 600f0013
[ 3569.417902] sp : dbaadf18 ip : 00000003 fp : 7f5d3bbe
[ 3569.430014] r10: 00000000 r9 : 00000003 r8 : bef21ab8
[ 3569.435535] r7 : dbbc0f7c r6 : dbbc0f18 r5 : bef21ab8 r4 : 00000000
[ 3569.442427] r3 : 00000000 r2 : 00000000 r1 : 8004570a r0 : dbbc0f18
[ 3569.449323] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 3569.456858] Control: 10c5387d Table: 9c894019 DAC: 00000051
[ 3569.462927] Process wdctl (pid: 1429, stack limit = 0xdbaac220)
[ 3569.469179] Stack: (0xdbaadf18 to 0xdbaae000)
[ 3569.473790] df00: bef21ab8 dbf60e38
[ 3569.482441] df20: dc91b840 8004570a bef21ab8 c03988a4 dbaadf48 dc854000 00000000 dd313850
[ 3569.491092] df40: ddf033b8 0000570a dc91b80b dbaadf3c dbf60e38 00000020 c0df9250 c0df6c48
[ 3569.499741] df60: dc91b840 8004570a 00000000 dc91b840 dc91b840 8004570a bef21ab8 00000003
[ 3569.508389] df80: 00000000 c03989d4 bef21b74 7f5d3bad 00000003 00000036 c020fcc4 dbaac000
[ 3569.517037] dfa0: 00000000 c020fb00 bef21b74 7f5d3bad 00000003 8004570a bef21ab8 00000001
[ 3569.525685] dfc0: bef21b74 7f5d3bad 00000003 00000036 00000001 00000000 7f5e4eb0 7f5d3bbe
[ 3569.534334] dfe0: 7f5e4f10 bef21a3c 7f5d0a54 b6e97e0c a00f0010 00000003 00000000 00000000
[ 3569.543038] [<bf0ab138>] (omap_wdt_get_timeleft [omap_wdt]) from [<c0739c54>] (watchdog_ioctl+0x3cc/0x42c)
[ 3569.553266] [<c0739c54>] (watchdog_ioctl) from [<c03988a4>] (do_vfs_ioctl+0x5bc/0x698)
[ 3569.561648] [<c03988a4>] (do_vfs_ioctl) from [<c03989d4>] (SyS_ioctl+0x54/0x7c)
[ 3569.569400] [<c03989d4>] (SyS_ioctl) from [<c020fb00>] (ret_fast_syscall+0x0/0x3c)
[ 3569.577413] Code: e12fff1e e52de004 e8bd4000 e5903060 (e5933088)
[ 3569.584089] ---[ end trace cec3039bd3ae610a ]---
Cc: <stable@vger.kernel.org> # v4.2+
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
---
drivers/watchdog/omap_wdt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/watchdog/omap_wdt.c b/drivers/watchdog/omap_wdt.c
index d96bee0..6f17c93 100644
--- a/drivers/watchdog/omap_wdt.c
+++ b/drivers/watchdog/omap_wdt.c
@@ -205,7 +205,7 @@ static int omap_wdt_set_timeout(struct watchdog_device *wdog,
static unsigned int omap_wdt_get_timeleft(struct watchdog_device *wdog)
{
- struct omap_wdt_dev *wdev = watchdog_get_drvdata(wdog);
+ struct omap_wdt_dev *wdev = to_omap_wdt_dev(wdog);
void __iomem *base = wdev->base;
u32 value;
--
2.5.0

103
ARM-dts-Add-am335x-bonegreen.patch
View File

@ -1,103 +0,0 @@
From patchwork Fri Sep 25 15:10:31 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: ARM: dts: Add am335x-bonegreen
From: Robert Nelson <robertcnelson@gmail.com>
X-Patchwork-Id: 7265851
Message-Id: <1443193831-5693-1-git-send-email-robertcnelson@gmail.com>
To: tony@atomide.com, devicetree@vger.kernel.org
Cc: linux-omap@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
Robert Nelson <robertcnelson@gmail.com>, Jason Kridner <jkridner@gmail.com>
Date: Fri, 25 Sep 2015 10:10:31 -0500
SeeedStudio BeagleBone Green (BBG) is clone of the BeagleBone Black (BBB) minus
the HDMI port and addition of two Grove connectors (i2c2 and usart2).
This board can be identified by the 1A value after A335BNLT (BBB) in the at24 eeprom:
1A: [aa 55 33 ee 41 33 33 35 42 4e 4c 54 1a 00 00 00 |.U3.A335BNLT....|]
http://beagleboard.org/green
http://www.seeedstudio.com/wiki/Beaglebone_green
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
CC: Tony Lindgren <tony@atomide.com>
CC: Jason Kridner <jkridner@gmail.com>
---
arch/arm/boot/dts/Makefile | 1 +
arch/arm/boot/dts/am335x-bonegreen.dts | 53 ++++++++++++++++++++++++++++++++++
2 files changed, 54 insertions(+)
create mode 100644 arch/arm/boot/dts/am335x-bonegreen.dts
diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile
index 233159d..e45d771 100644
--- a/arch/arm/boot/dts/Makefile
+++ b/arch/arm/boot/dts/Makefile
@@ -446,6 +446,7 @@ dtb-$(CONFIG_SOC_AM33XX) += \
am335x-base0033.dtb \
am335x-bone.dtb \
am335x-boneblack.dtb \
+ am335x-bonegreen.dtb \
am335x-sl50.dtb \
am335x-evm.dtb \
am335x-evmsk.dtb \
diff --git a/arch/arm/boot/dts/am335x-bonegreen.dts b/arch/arm/boot/dts/am335x-bonegreen.dts
new file mode 100644
index 0000000..0f65bda
--- /dev/null
+++ b/arch/arm/boot/dts/am335x-bonegreen.dts
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+/dts-v1/;
+
+#include "am33xx.dtsi"
+#include "am335x-bone-common.dtsi"
+
+/ {
+ model = "TI AM335x BeagleBone Green";
+ compatible = "ti,am335x-bone-green", "ti,am335x-bone-black", "ti,am335x-bone", "ti,am33xx";
+};
+
+&ldo3_reg {
+ regulator-min-microvolt = <1800000>;
+ regulator-max-microvolt = <1800000>;
+ regulator-always-on;
+};
+
+&mmc1 {
+ vmmc-supply = <&vmmcsd_fixed>;
+};
+
+&mmc2 {
+ vmmc-supply = <&vmmcsd_fixed>;
+ pinctrl-names = "default";
+ pinctrl-0 = <&emmc_pins>;
+ bus-width = <8>;
+ status = "okay";
+};
+
+&am33xx_pinmux {
+ uart2_pins: uart2_pins {
+ pinctrl-single,pins = <
+ 0x150 (PIN_INPUT | MUX_MODE1) /* spi0_sclk.uart2_rxd */
+ 0x154 (PIN_OUTPUT | MUX_MODE1) /* spi0_d0.uart2_txd */
+ >;
+ };
+};
+
+&uart2 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&uart2_pins>;
+ status = "okay";
+};
+
+&rtc {
+ system-power-controller;
+};

14
Add-EFI-signature-data-types.patch
View File

@ -1,4 +1,4 @@
From 34e3e23e08fdccbf4637deab0cf03070d4f2226d Mon Sep 17 00:00:00 2001
From 47f6b5c281137394d627e275cb80980492d00d84 Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:30:54 -0400
Subject: [PATCH 15/20] Add EFI signature data types
@ -15,12 +15,12 @@ Signed-off-by: David Howells <dhowells@redhat.com>
1 file changed, 20 insertions(+)
diff --git a/include/linux/efi.h b/include/linux/efi.h
index de3e45088d4a..fac43c611614 100644
index 4dc970e..82d6218 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -595,6 +595,12 @@ void efi_native_runtime_setup(void);
#define DEVICE_TREE_GUID \
EFI_GUID( 0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 )
@@ -599,6 +599,12 @@ void efi_native_runtime_setup(void);
#define EFI_PROPERTIES_TABLE_GUID \
EFI_GUID( 0x880aaca3, 0x4adc, 0x4a04, 0x90, 0x79, 0xb7, 0x47, 0x34, 0x08, 0x25, 0xe5 )
+#define EFI_CERT_SHA256_GUID \
+ EFI_GUID( 0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 )
@ -31,7 +31,7 @@ index de3e45088d4a..fac43c611614 100644
typedef struct {
efi_guid_t guid;
u64 table;
@@ -810,6 +816,20 @@ typedef struct _efi_file_io_interface {
@@ -823,6 +829,20 @@ typedef struct {
#define EFI_INVALID_TABLE_ADDR (~0UL)
@ -53,5 +53,5 @@ index de3e45088d4a..fac43c611614 100644
* All runtime access to EFI goes through this structure:
*/
--
2.4.3
2.5.0

48
Input-aiptek-fix-crash-on-detecting-device-without-e.patch
View File

@ -1,48 +0,0 @@
From a0edc539fda3f0a4a271f47a0fcf79d1305c1444 Mon Sep 17 00:00:00 2001
From: Vladis Dronov <vdronov@redhat.com>
Date: Wed, 25 Nov 2015 16:31:35 +0100
Subject: [PATCH] Input: aiptek: fix crash on detecting device without
endpoints
The aiptek driver crashes in aiptek_probe() when a specially crafted usb device
without endpoints is detected. This fix adds a check that the device has proper
configuration expected by the driver. Also an error return value is changed to
more matching one in one of the error paths.
Reported-by: Ralf Spenneberg <ralf@spenneberg.net>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
drivers/input/tablet/aiptek.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/input/tablet/aiptek.c b/drivers/input/tablet/aiptek.c
index e7f966da6efa..78c0732fbb57 100644
--- a/drivers/input/tablet/aiptek.c
+++ b/drivers/input/tablet/aiptek.c
@@ -1819,6 +1819,15 @@ aiptek_probe(struct usb_interface *intf, const struct usb_device_id *id)
input_set_abs_params(inputdev, ABS_TILT_Y, AIPTEK_TILT_MIN, AIPTEK_TILT_MAX, 0, 0);
input_set_abs_params(inputdev, ABS_WHEEL, AIPTEK_WHEEL_MIN, AIPTEK_WHEEL_MAX - 1, 0, 0);
+ /* Verify that a device really has an endpoint
+ */
+ if (intf->altsetting[0].desc.bNumEndpoints < 1) {
+ dev_warn(&intf->dev,
+ "interface has %d endpoints, but must have minimum 1\n",
+ intf->altsetting[0].desc.bNumEndpoints);
+ err = -ENODEV;
+ goto fail3;
+ }
endpoint = &intf->altsetting[0].endpoint[0].desc;
/* Go set up our URB, which is called when the tablet receives
@@ -1861,6 +1870,7 @@ aiptek_probe(struct usb_interface *intf, const struct usb_device_id *id)
if (i == ARRAY_SIZE(speeds)) {
dev_info(&intf->dev,
"Aiptek tried all speeds, no sane response\n");
+ err = -ENODEV;
goto fail3;
}
--
2.5.0

125
KEYS-Fix-handling-of-stored-error-in-a-negatively-in.patch
View File

@ -1,125 +0,0 @@
From 3b34bea74e636583d34c8e472237a0bea1e3ba93 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 24 Nov 2015 21:36:31 +0000
Subject: [PATCH] KEYS: Fix handling of stored error in a negatively
instantiated user key
If a user key gets negatively instantiated, an error code is cached in the
payload area. A negatively instantiated key may be then be positively
instantiated by updating it with valid data. However, the ->update key
type method must be aware that the error code may be there.
The following may be used to trigger the bug in the user key type:
keyctl request2 user user "" @u
keyctl add user user "a" @u
which manifests itself as:
BUG: unable to handle kernel paging request at 00000000ffffff8a
IP: [<ffffffff810a376f>] __call_rcu.constprop.76+0x1f/0x280 kernel/rcu/tree.c:3046
PGD 7cc30067 PUD 0
Oops: 0002 [#1] SMP
Modules linked in:
CPU: 3 PID: 2644 Comm: a.out Not tainted 4.3.0+ #49
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88003ddea700 ti: ffff88003dd88000 task.ti: ffff88003dd88000
RIP: 0010:[<ffffffff810a376f>] [<ffffffff810a376f>] __call_rcu.constprop.76+0x1f/0x280
[<ffffffff810a376f>] __call_rcu.constprop.76+0x1f/0x280 kernel/rcu/tree.c:3046
RSP: 0018:ffff88003dd8bdb0 EFLAGS: 00010246
RAX: 00000000ffffff82 RBX: 0000000000000000 RCX: 0000000000000001
RDX: ffffffff81e3fe40 RSI: 0000000000000000 RDI: 00000000ffffff82
RBP: ffff88003dd8bde0 R08: ffff88007d2d2da0 R09: 0000000000000000
R10: 0000000000000000 R11: ffff88003e8073c0 R12: 00000000ffffff82
R13: ffff88003dd8be68 R14: ffff88007d027600 R15: ffff88003ddea700
FS: 0000000000b92880(0063) GS:ffff88007fd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00000000ffffff8a CR3: 000000007cc5f000 CR4: 00000000000006e0
Stack:
ffff88003dd8bdf0 ffffffff81160a8a 0000000000000000 00000000ffffff82
ffff88003dd8be68 ffff88007d027600 ffff88003dd8bdf0 ffffffff810a39e5
ffff88003dd8be20 ffffffff812a31ab ffff88007d027600 ffff88007d027620
Call Trace:
[<ffffffff810a39e5>] kfree_call_rcu+0x15/0x20 kernel/rcu/tree.c:3136
[<ffffffff812a31ab>] user_update+0x8b/0xb0 security/keys/user_defined.c:129
[< inline >] __key_update security/keys/key.c:730
[<ffffffff8129e5c1>] key_create_or_update+0x291/0x440 security/keys/key.c:908
[< inline >] SYSC_add_key security/keys/keyctl.c:125
[<ffffffff8129fc21>] SyS_add_key+0x101/0x1e0 security/keys/keyctl.c:60
[<ffffffff8185f617>] entry_SYSCALL_64_fastpath+0x12/0x6a arch/x86/entry/entry_64.S:185
Note the error code (-ENOKEY) in EDX.
A similar bug can be tripped by:
keyctl request2 trusted user "" @u
keyctl add trusted user "a" @u
This should also affect encrypted keys - but that has to be correctly
parameterised or it will fail with EINVAL before getting to the bit that
will crashes.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
---
security/keys/encrypted-keys/encrypted.c | 2 ++
security/keys/trusted.c | 5 ++++-
security/keys/user_defined.c | 5 ++++-
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 7bed4ad7cd76..0a374a2ce030 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -845,6 +845,8 @@ static int encrypted_update(struct key *key, struct key_preparsed_payload *prep)
size_t datalen = prep->datalen;
int ret = 0;
+ if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))
+ return -ENOKEY;
if (datalen <= 0 || datalen > 32767 || !prep->data)
return -EINVAL;
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index c0594cb07ada..aeb38f1a12e7 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -984,13 +984,16 @@ static void trusted_rcu_free(struct rcu_head *rcu)
*/
static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
{
- struct trusted_key_payload *p = key->payload.data;
+ struct trusted_key_payload *p;
struct trusted_key_payload *new_p;
struct trusted_key_options *new_o;
size_t datalen = prep->datalen;
char *datablob;
int ret = 0;
+ if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))
+ return -ENOKEY;
+ p = key->payload.data;
if (!p->migratable)
return -EPERM;
if (datalen <= 0 || datalen > 32767 || !prep->data)
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index 36b47bbd3d8c..7cf22260bdff 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -120,7 +120,10 @@ int user_update(struct key *key, struct key_preparsed_payload *prep)
if (ret == 0) {
/* attach the new data, displacing the old */
- zap = key->payload.data;
+ if (!test_bit(KEY_FLAG_NEGATIVE, &key->flags))
+ zap = key->payload.data;
+ else
+ zap = NULL;
rcu_assign_keypointer(key, upayload);
key->expiry = 0;
}
--
2.5.0

108
KEYS-Fix-race-between-read-and-revoke.patch
View File

@ -1,108 +0,0 @@
From f144220f72062ed5359e0211f130670c915a12dd Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Mon, 14 Dec 2015 10:36:31 -0500
Subject: [PATCH] KEYS: Fix race between read and revoke
There's a race between keyctl_read() and keyctl_revoke(). If the revoke
happens between keyctl_read() checking the validity of a key and the key's
semaphore being taken, then the key type read method will see a revoked key.
This causes a problem for the user-defined key type because it assumes in
its read method that there will always be a payload in a non-revoked key
and doesn't check for a NULL pointer.
Fix this by making keyctl_read() check the validity of a key after taking
semaphore instead of before.
This was discovered by a multithreaded test program generated by syzkaller
(http://github.com/google/syzkaller). Here's a cleaned up version:
#include <sys/types.h>
#include <keyutils.h>
#include <pthread.h>
void *thr0(void *arg)
{
key_serial_t key = (unsigned long)arg;
keyctl_revoke(key);
return 0;
}
void *thr1(void *arg)
{
key_serial_t key = (unsigned long)arg;
char buffer[16];
keyctl_read(key, buffer, 16);
return 0;
}
int main()
{
key_serial_t key = add_key("user", "%", "foo", 3, KEY_SPEC_USER_KEYRING);
pthread_t th[5];
pthread_create(&th[0], 0, thr0, (void *)(unsigned long)key);
pthread_create(&th[1], 0, thr1, (void *)(unsigned long)key);
pthread_create(&th[2], 0, thr0, (void *)(unsigned long)key);
pthread_create(&th[3], 0, thr1, (void *)(unsigned long)key);
pthread_join(th[0], 0);
pthread_join(th[1], 0);
pthread_join(th[2], 0);
pthread_join(th[3], 0);
return 0;
}
Build as:
cc -o keyctl-race keyctl-race.c -lkeyutils -lpthread
Run as:
while keyctl-race; do :; done
as it may need several iterations to crash the kernel. The crash can be
summarised as:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
IP: [<ffffffff81279b08>] user_read+0x56/0xa3
...
Call Trace:
[<ffffffff81276aa9>] keyctl_read_key+0xb6/0xd7
[<ffffffff81277815>] SyS_keyctl+0x83/0xe0
[<ffffffff815dbb97>] entry_SYSCALL_64_fastpath+0x12/0x6f
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---
security/keys/keyctl.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index fb111eafcb89..1c3872aeed14 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -751,16 +751,16 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
/* the key is probably readable - now try to read it */
can_read_key:
- ret = key_validate(key);
- if (ret == 0) {
- ret = -EOPNOTSUPP;
- if (key->type->read) {
- /* read the data with the semaphore held (since we
- * might sleep) */
- down_read(&key->sem);
+ ret = -EOPNOTSUPP;
+ if (key->type->read) {
+ /* Read the data with the semaphore held (since we might sleep)
+ * to protect against the key being updated or revoked.
+ */
+ down_read(&key->sem);
+ ret = key_validate(key);
+ if (ret == 0)
ret = key->type->read(key, buffer, buflen);
- up_read(&key->sem);
- }
+ up_read(&key->sem);
}
error2:
--
2.5.0

80
KVM-svm-unconditionally-intercept-DB.patch
View File

@ -1,80 +0,0 @@
From 48bb9bb210c6c2f185d891e3e7a401d849409f84 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 10 Nov 2015 13:22:53 +0100
Subject: [PATCH 2/2] KVM: svm: unconditionally intercept #DB
This is needed to avoid the possibility that the guest triggers
an infinite stream of #DB exceptions (CVE-2015-8104).
VMX is not affected: because it does not save DR6 in the VMCS,
it already intercepts #DB unconditionally.
Reported-by: Jan Beulich <jbeulich@suse.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/svm.c | 14 +++-----------
1 file changed, 3 insertions(+), 11 deletions(-)
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 7203b3cc71b5..184e50b3c35a 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1111,6 +1111,7 @@ static void init_vmcb(struct vcpu_svm *svm)
set_exception_intercept(svm, UD_VECTOR);
set_exception_intercept(svm, MC_VECTOR);
set_exception_intercept(svm, AC_VECTOR);
+ set_exception_intercept(svm, DB_VECTOR);
set_intercept(svm, INTERCEPT_INTR);
set_intercept(svm, INTERCEPT_NMI);
@@ -1645,20 +1646,13 @@ static void svm_set_segment(struct kvm_vcpu *vcpu,
mark_dirty(svm->vmcb, VMCB_SEG);
}
-static void update_db_bp_intercept(struct kvm_vcpu *vcpu)
+static void update_bp_intercept(struct kvm_vcpu *vcpu)
{
struct vcpu_svm *svm = to_svm(vcpu);
- clr_exception_intercept(svm, DB_VECTOR);
clr_exception_intercept(svm, BP_VECTOR);
- if (svm->nmi_singlestep)
- set_exception_intercept(svm, DB_VECTOR);
-
if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
- if (vcpu->guest_debug &
- (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))
- set_exception_intercept(svm, DB_VECTOR);
if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
set_exception_intercept(svm, BP_VECTOR);
} else
@@ -1764,7 +1758,6 @@ static int db_interception(struct vcpu_svm *svm)
if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP))
svm->vmcb->save.rflags &=
~(X86_EFLAGS_TF | X86_EFLAGS_RF);
- update_db_bp_intercept(&svm->vcpu);
}
if (svm->vcpu.guest_debug &
@@ -3753,7 +3746,6 @@ static void enable_nmi_window(struct kvm_vcpu *vcpu)
*/
svm->nmi_singlestep = true;
svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
- update_db_bp_intercept(vcpu);
}
static int svm_set_tss_addr(struct kvm *kvm, unsigned int addr)
@@ -4379,7 +4371,7 @@ static struct kvm_x86_ops svm_x86_ops = {
.vcpu_load = svm_vcpu_load,
.vcpu_put = svm_vcpu_put,
- .update_db_bp_intercept = update_db_bp_intercept,
+ .update_db_bp_intercept = update_bp_intercept,
.get_msr = svm_get_msr,
.set_msr = svm_set_msr,
.get_segment_base = svm_get_segment_base,
--
2.4.3

14
arm64-avoid-needing-console-to-enable-serial-console.patch
View File

@ -1,3 +1,4 @@
From ede02df9a481ba07348e6fd4393ba2e273ef16d8 Mon Sep 17 00:00:00 2001
From: Mark Salter <msalter@redhat.com>
Date: Wed, 25 Mar 2015 14:17:50 -0400
Subject: [PATCH] arm64: avoid needing console= to enable serial console
@ -14,13 +15,13 @@ Signed-off-by: Mark Salter <msalter@redhat.com>
1 file changed, 19 insertions(+)
diff --git a/arch/arm64/kernel/setup.c b/arch/arm64/kernel/setup.c
index f3067d4d4e35..6f8d814c4e5c 100644
index 8119479..ea9ff80 100644
--- a/arch/arm64/kernel/setup.c
+++ b/arch/arm64/kernel/setup.c
@@ -568,3 +568,22 @@ const struct seq_operations cpuinfo_op = {
.stop = c_stop,
.show = c_show
};
@@ -381,3 +381,22 @@ static int __init topology_init(void)
return 0;
}
subsys_initcall(topology_init);
+
+/*
+ * Temporary hack to avoid need for console= on command line
@ -40,3 +41,6 @@ index f3067d4d4e35..6f8d814c4e5c 100644
+ return 0;
+}
+early_initcall(arm64_console_setup);
--
2.5.0

27
bluetooth-Validate-socket-address-length-in-sco_sock.patch
View File

@ -1,27 +0,0 @@
From 5233252fce714053f0151680933571a2da9cbfb4 Mon Sep 17 00:00:00 2001
From: "David S. Miller" <davem@davemloft.net>
Date: Tue, 15 Dec 2015 15:39:08 -0500
Subject: [PATCH] bluetooth: Validate socket address length in sco_sock_bind().
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/bluetooth/sco.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index fe129663bd3f..f52bcbf2e58c 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -526,6 +526,9 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
if (!addr || addr->sa_family != AF_BLUETOOTH)
return -EINVAL;
+ if (addr_len < sizeof(struct sockaddr_sco))
+ return -EINVAL;
+
lock_sock(sk);
if (sk->sk_state != BT_OPEN) {
--
2.5.0

55
config-arm-generic
View File

@ -7,8 +7,8 @@ CONFIG_SERIAL_EARLYCON_ARM_SEMIHOST=y
CONFIG_FB_SSD1307=m
CONFIG_HW_PERF_EVENTS=y
CONFIG_NFS_FS=y
CONFIG_FORCE_MAX_ZONEORDER=11
CONFIG_CRASH=m
CONFIG_CC_STACKPROTECTOR=y
# CONFIG_PID_IN_CONTEXTIDR is not set
@ -94,6 +94,35 @@ CONFIG_CLKSRC_VERSATILE=y
CONFIG_POWER_RESET_VERSATILE=y
# CONFIG_ARM_CHARLCD is not set
# Rockchips
CONFIG_ARCH_ROCKCHIP=y
CONFIG_I2C_RK3X=m
CONFIG_SPI_ROCKCHIP=m
CONFIG_PWM_ROCKCHIP=m
CONFIG_ROCKCHIP_SARADC=m
CONFIG_ROCKCHIP_IODOMAIN=m
CONFIG_MMC_DW_ROCKCHIP=m
CONFIG_EMAC_ROCKCHIP=m
CONFIG_MFD_RK808=m
CONFIG_COMMON_CLK_RK808=m
CONFIG_REGULATOR_RK808=m
CONFIG_RTC_DRV_RK808=m
CONFIG_RTC_DRV_HYM8563=m
CONFIG_ROCKCHIP_SARADC=m
CONFIG_ROCKCHIP_IOMMU=y
CONFIG_ROCKCHIP_THERMAL=m
CONFIG_DRM_ROCKCHIP=m
CONFIG_ROCKCHIP_DW_HDMI=m
CONFIG_PHY_ROCKCHIP_USB=m
CONFIG_DWMAC_ROCKCHIP=m
CONFIG_SND_SOC_ROCKCHIP=m
CONFIG_SND_SOC_ROCKCHIP_I2S=m
CONFIG_SND_SOC_ROCKCHIP_MAX98090=m
CONFIG_SND_SOC_ROCKCHIP_RT5645=m
CONFIG_SND_SOC_ROCKCHIP_SPDIF=m
CONFIG_REGULATOR_ACT8865=m
CONFIG_ROCKCHIP_PM_DOMAINS=y
# Tegra
# CONFIG_TEGRA_AHB is not set
@ -136,6 +165,7 @@ CONFIG_THERMAL_OF=y
CONFIG_MAILBOX=y
CONFIG_ARM_MHU=m
# CONFIG_PL320_MBOX is not set
CONFIG_ARM_SCPI_PROTOCOL=m
# USB
CONFIG_USB_OHCI_HCD_PLATFORM=m
@ -144,6 +174,7 @@ CONFIG_USB_XHCI_PLATFORM=m
# MMC/SD
CONFIG_MMC_SPI=m
CONFIG_MMC_SDHCI_OF_ARASAN=m
# Designware (used by numerous devices)
CONFIG_MMC_DW=m
@ -170,6 +201,9 @@ CONFIG_USB_DWC3_ULPI=y
CONFIG_DW_WATCHDOG=m
CONFIG_PCIE_DW=y
# CONFIG_MMC_DW_EXYNOS is not set
CONFIG_I2C_DESIGNWARE_CORE=m
CONFIG_I2C_DESIGNWARE_PLATFORM=m
CONFIG_GPIO_DWAPB=m
# External Connectors
CONFIG_EXTCON=m
@ -210,6 +244,13 @@ CONFIG_POWER_RESET_GPIO_RESTART=y
CONFIG_POWER_RESET_RESTART=y
# CONFIG_GPIO_74XX_MMIO is not set
# Pin stuff
CONFIG_PINMUX=y
CONFIG_PINCONF=y
CONFIG_PINCTRL=y
CONFIG_GENERIC_PINCONF=y
CONFIG_PINCTRL_SINGLE=m
#i2c
CONFIG_I2C_ARB_GPIO_CHALLENGE=m
CONFIG_I2C_BOARDINFO=y
@ -227,6 +268,7 @@ CONFIG_SPI_PL022=m
# Sensors
CONFIG_SENSORS_IIO_HWMON=m
CONFIG_IIO_SYSFS_TRIGGER=m
CONFIG_SENSORS_ARM_SCPI=m
# PHY framework
CONFIG_GENERIC_PHY=y
@ -279,6 +321,7 @@ CONFIG_VFIO_AMBA=m
# CONFIG_COMMON_CLK_SI570 is not set
# CONFIG_COMMON_CLK_QCOM is not set
CONFIG_COMMON_CLK_SCPI=m
# CONFIG_ARM_PTDUMP is not set
@ -305,6 +348,7 @@ CONFIG_VFIO_AMBA=m
# netdrv
CONFIG_NET_VENDOR_MELLANOX=y
# CONFIG_NET_VENDOR_3COM is not set
# CONFIG_NET_VENDOR_ADAPTEC is not set
# CONFIG_NET_VENDOR_BROADCOM is not set
@ -314,7 +358,6 @@ CONFIG_VFIO_AMBA=m
# CONFIG_NET_VENDOR_DEC is not set
# CONFIG_NET_VENDOR_EMULEX is not set
# CONFIG_NET_VENDOR_EXAR is not set
# CONFIG_NET_VENDOR_MELLANOX is not set
# CONFIG_NET_VENDOR_QLOGIC is not set
# CONFIG_NET_VENDOR_SUN is not set
# CONFIG_NET_VENDOR_WIZNET is not set
@ -352,11 +395,15 @@ CONFIG_VFIO_AMBA=m
# CONFIG_DEBUG_SET_MODULE_RONX is not set
# CONFIG_CORESIGHT is not set
# CONFIG_LATTICE_ECP3_CONFIG is not set
# CONFIG_BMP085_SPI is not set
# CONFIG_TI_DAC7512 is not set
# CONFIG_SPI_ROCKCHIP is not set
# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
CONFIG_CHECKPOINT_RESTORE=y
# Bad Intel shit we don't care about
# CONFIG_PINCTRL_BAYTRAIL is not set
# CONFIG_PINCTRL_CHERRYVIEW is not set
# CONFIG_PINCTRL_BROXTON is not set
# CONFIG_PINCTRL_SUNRISEPOINT is not set

49
config-arm64
View File

@ -10,18 +10,18 @@ CONFIG_SCHED_SMT=y
CONFIG_ARCH_HISI=y
CONFIG_ARCH_SEATTLE=y
CONFIG_ARCH_XGENE=y
# CONFIG_ARCH_THUNDER is not set
# CONFIG_ARCH_EXYNOS7 is not set
# CONFIG_ARCH_FSL_LS2085A is not set
# CONFIG_ARCH_MEDIATEK is not set
# CONFIG_ARCH_TEGRA is not set
# CONFIG_ARCH_QCOM is not set
# CONFIG_ARCH_SPRD is not set
# CONFIG_ARCH_ZYNQMP is not set
# CONFIG_ARCH_BCM_IPROC is not set
# CONFIG_ARCH_BERLIN is not set
# CONFIG_ARCH_ROCKCHIP is not set
# CONFIG_ARCH_EXYNOS7 is not set
# CONFIG_ARCH_FSL_LS2085A is not set
# CONFIG_ARCH_LAYERSCAPE is not set
# CONFIG_ARCH_MEDIATEK is not set
# CONFIG_ARCH_QCOM is not set
# CONFIG_ARCH_SPRD is not set
# CONFIG_ARCH_STRATIX10 is not set
# CONFIG_ARCH_TEGRA is not set
# CONFIG_ARCH_THUNDER is not set
# CONFIG_ARCH_ZYNQMP is not set
# Erratum
CONFIG_ARM64_ERRATUM_826319=y
@ -30,6 +30,9 @@ CONFIG_ARM64_ERRATUM_824069=y
CONFIG_ARM64_ERRATUM_819472=y
CONFIG_ARM64_ERRATUM_832075=y
CONFIG_ARM64_ERRATUM_843419=y
CONFIG_ARM64_ERRATUM_834220=y
CONFIG_CAVIUM_ERRATUM_22375=y
CONFIG_CAVIUM_ERRATUM_23154=y
# AMBA / VExpress
# CONFIG_RTC_DRV_PL030 is not set
@ -56,17 +59,17 @@ CONFIG_CONSOLE_TRANSLATIONS=y
CONFIG_HAVE_64BIT_ALIGNED_ACCESS=y
CONFIG_HVC_DRIVER=y
# CONFIG_HVC_DCC is not set
CONFIG_HZ=100
CONFIG_KVM=y
CONFIG_KVM_ARM_MAX_VCPUS=8
CONFIG_KVM_ARM_MAX_VCPUS=16
CONFIG_RCU_FANOUT=64
CONFIG_SPARSE_IRQ=y
CONFIG_SPARSEMEM_VMEMMAP=y
# CONFIG_SYS_HYPERVISOR is not set
# CONFIG_THERMAL is not set
CONFIG_EFI=y
CONFIG_EFI_VARS=y
@ -88,6 +91,11 @@ CONFIG_ACPI_CUSTOM_METHOD=m
CONFIG_ACPI_NFIT=m
# CONFIG_ACPI_NFIT_DEBUG is not set
CONFIG_PCC=y
CONFIG_ACPI_CPPC_CPUFREQ=y
CONFIG_ACPI_PROCESSOR=y
CONFIG_ACPI_THERMAL=y
CONFIG_I2C_SCMI=m
CONFIG_SENSORS_ACPI_POWER=m
CONFIG_ARM64_CRYPTO=y
CONFIG_CRYPTO_SHA1_ARM64_CE=y
@ -105,7 +113,6 @@ CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
# APM Xgene
CONFIG_POWER_RESET_XGENE=y
CONFIG_COMMON_CLK_XGENE=y
CONFIG_AHCI_XGENE=y
CONFIG_PHY_XGENE=y
CONFIG_NET_XGENE=y
@ -115,6 +122,9 @@ CONFIG_GPIO_XGENE=y
CONFIG_GPIO_XGENE_SB=m
CONFIG_XGENE_DMA=m
CONFIG_EDAC_XGENE=m
CONFIG_PCI_XGENE=y
CONFIG_PCI_XGENE_MSI=y
CONFIG_I2C_XGENE_SLIMPRO=m
# busted build for various reasons
# uses pci_* for some reason to allocate DMA buffers
@ -125,36 +135,29 @@ CONFIG_EDAC_XGENE=m
# CONFIG_PARPORT_PC is not set
# CONFIG_VGA_CONSOLE is not set
CONFIG_PCI_XGENE=y
CONFIG_PCI_XGENE_MSI=y
# CONFIG_HOTPLUG_PCI_SHPC is not set
# CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
# CONFIG_PNP_DEBUG_MESSAGES is not set
CONFIG_I2C_SCMI=m
CONFIG_I2C_XGENE_SLIMPRO=m
CONFIG_SENSORS_ACPI_POWER=m
# AMD Seattle
CONFIG_NET_SB1000=y
CONFIG_AMD_XGBE=m
CONFIG_AMD_XGBE_PHY=m
# CONFIG_AMD_XGBE_DCB is not set
# CONFIG_VFIO_PLATFORM_AMDXGBE_RESET is not set
CONFIG_PINCTRL_AMD=y
# HiSilicon
CONFIG_POWER_RESET_HISI=y
CONFIG_HISI_THERMAL=m
CONFIG_STUB_CLK_HI6220=y
CONFIG_PCI_HISI=y
# ThunderX
# CONFIG_MDIO_OCTEON is not set
CONFIG_NET_VENDOR_MELLANOX=y
CONFIG_MLX4_EN=m
CONFIG_MLX4_EN_DCB=y
CONFIG_MLX4_EN_VXLAN=y
# CONFIG_IMX_THERMAL is not set
CONFIG_DMI=y

34
config-armv7
View File

@ -5,7 +5,6 @@
CONFIG_ARCH_MXC=y
CONFIG_ARCH_OMAP3=y
CONFIG_ARCH_OMAP4=y
CONFIG_ARCH_PICOXCELL=y
CONFIG_ARCH_QCOM=y
CONFIG_ARCH_TEGRA=y
CONFIG_ARCH_U8500=y
@ -22,7 +21,7 @@ CONFIG_ARCH_OMAP2PLUS_TYPICAL=y
CONFIG_SOC_OMAP5=y
# CONFIG_SOC_DRA7XX is not set
CONFIG_SOC_OMAP3430=y
CONFIG_SOC_TI81XX=y
# CONFIG_SOC_TI81XX is not set
# CONFIG_MACH_NOKIA_RX51 is not set
# CONFIG_MACH_OMAP_LDP is not set
# CONFIG_MACH_OMAP3517EVM is not set
@ -63,9 +62,9 @@ CONFIG_TWL4030_MADC=m
CONFIG_TWL4030_POWER=y
CONFIG_TWL4030_WATCHDOG=m
CONFIG_BATTERY_TWL4030_MADC=m
CONFIG_BATTERY_BQ27x00=m
CONFIG_BATTERY_BQ27X00_I2C=y
CONFIG_BATTERY_BQ27X00_PLATFORM=y
CONFIG_BATTERY_BQ27XXX=m
CONFIG_BATTERY_BQ27XXX_I2C=y
CONFIG_BATTERY_BQ27XXX_PLATFORM=y
CONFIG_OMAP_USB2=m
CONFIG_OMAP_CONTROL_PHY=m
CONFIG_TI_PIPE3=m
@ -84,9 +83,9 @@ CONFIG_USB_EHCI_HCD_OMAP=m
CONFIG_USB_OHCI_HCD_OMAP3=m
CONFIG_USB_MUSB_AM35X=m
CONFIG_USB_MUSB_OMAP2PLUS=m
CONFIG_USB_INVENTRA_DMA=y
CONFIG_USB_DWC3_OMAP=m
CONFIG_MMC_OMAP=m
CONFIG_MMC_OMAP_HS=m
CONFIG_RTC_DRV_MAX8907=m
# CONFIG_RTC_DRV_TWL92330 is not set
CONFIG_RTC_DRV_TWL4030=y
@ -240,8 +239,6 @@ CONFIG_TI_CPSW=m
CONFIG_TI_CPSW_PHY_SEL=y
CONFIG_TI_CPSW_ALE=m
CONFIG_TI_CPTS=y
# Builtin needed for BBone White
CONFIG_REGULATOR_TPS65217=y
CONFIG_TI_EMIF=m
CONFIG_DRM_TILCDC=m
# We only need this until the BBB dts is actually updated
@ -265,6 +262,13 @@ CONFIG_VIDEO_AM437X_VPFE=m
CONFIG_UIO_PRUSS=m
CONFIG_WKUP_M3_RPROC=m
# Builtin needed for BBone White
CONFIG_MFD_TPS65217=y
CONFIG_REGULATOR_TPS65217=y
CONFOG_CHARGER_TPS65217=m
CONFIG_BACKLIGHT_TPS65217=m
CONFIG_REGULATOR_TPS65217=m
CONFIG_CAN_C_CAN=m
CONFIG_CAN_C_CAN_PLATFORM=m
@ -351,6 +355,7 @@ CONFIG_REGULATOR_QCOM_SMD_RPM=m
CONFIG_SOC_IMX50=y
CONFIG_SOC_IMX51=y
CONFIG_SOC_IMX53=y
CONFIG_SOC_IMX6=y
CONFIG_SOC_IMX6Q=y
CONFIG_SOC_IMX6SL=y
CONFIG_SOC_IMX6SX=y
@ -408,6 +413,7 @@ CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API=m
CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=m
CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=m
# CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG is not set
# CONFIG_CRYPTO_DEV_MXS_DCP is not set
CONFIG_RTC_DRV_SNVS=m
CONFIG_FB_MXS=m
# CONFIG_FB_MX3 is not set
@ -546,17 +552,6 @@ CONFIG_SENSORS_AB8500=m
CONFIG_STE_MODEM_RPROC=m
CONFIG_STIH415_RESET=y
CONFIG_IIO_ST_GYRO_I2C_3AXIS=m
CONFIG_IIO_ST_GYRO_SPI_3AXIS=m
CONFIG_IIO_ST_MAGN_I2C_3AXIS=m
CONFIG_IIO_ST_MAGN_SPI_3AXIS=m
CONFIG_IIO_ST_PRESS=m
CONFIG_IIO_ST_PRESS_I2C=m
CONFIG_IIO_ST_PRESS_SPI=m
CONFIG_IIO_ST_SENSORS_I2C=m
CONFIG_IIO_ST_SENSORS_SPI=m
CONFIG_IIO_ST_SENSORS_CORE=m
# Allwinner
CONFIG_MACH_SUN4I=y
CONFIG_MACH_SUN5I=y
@ -609,7 +604,6 @@ CONFIG_GPIO_ZYNQ=m
CONFIG_I2C_XILINX=m
CONFIG_SPI_XILINX=m
CONFIG_SPI_CADENCE=m
CONFIG_MMC_SDHCI_OF_ARASAN=m
CONFIG_I2C_CADENCE=m
CONFIG_XILINX_WATCHDOG=m
CONFIG_XILINX_XADC=m

67
config-armv7-generic
View File

@ -50,7 +50,6 @@ CONFIG_CPU_SW_DOMAIN_PAN=y
# Platforms enabled/disabled globally on ARMv7
CONFIG_ARCH_EXYNOS=y
CONFIG_ARCH_HIGHBANK=y
CONFIG_ARCH_ROCKCHIP=y
CONFIG_ARCH_SUNXI=y
CONFIG_ARCH_TEGRA=y
CONFIG_ARCH_VEXPRESS_CORTEX_A5_A9_ERRATA=y
@ -76,6 +75,7 @@ CONFIG_ARCH_VIRT=y
# CONFIG_ARCH_AT91 is not set
# CONFIG_ARCH_UNIPHIER is not set
# CONFIG_ARCH_ZX is not set
# CONFIG_SOC_BRCMSTB is not set
# errata
# v5/v6
@ -126,6 +126,7 @@ CONFIG_ARM_CPU_SUSPEND=y
CONFIG_ARM_PSCI=y
CONFIG_THERMAL=y
CONFIG_CLOCK_THERMAL=y
# CONFIG_DEVFREQ_THERMAL is not set
CONFIG_CPUFREQ_DT=m
# CONFIG_ARM_BIG_LITTLE_CPUFREQ is not set
CONFIG_PM_DEVFREQ=y
@ -200,11 +201,12 @@ CONFIG_GPIO_PCA953X=m
CONFIG_GPIO_PCF857X=m
CONFIG_TOUCHSCREEN_SUN4I=m
CONFIG_MFD_AXP20X=y
CONFIG_AXP20X_POWER=m
CONFIG_INPUT_AXP20X_PEK=m
CONFIG_REGULATOR_AXP20X=m
CONFIG_AXP288_FUEL_GAUGE=m
CONFIG_AXP288_ADC=m
CONFIG_EXTCON_AXP288=m
CONFIG_INPUT_AXP20X_PEK=m
CONFIG_REGULATOR_AXP20X=m
CONFIG_AXP288_CHARGER=m
CONFIG_TOUCHSCREEN_CHIPONE_ICN8318=m
CONFIG_IR_SUNXI=m
@ -218,6 +220,8 @@ CONFIG_KEYBOARD_SUN4I_LRADC=m
CONFIG_PWM_SUN4I=m
CONFIG_USB_MUSB_SUNXI=m
CONFIG_CRYPTO_DEV_SUN4I_SS=m
CONFIG_SND_SUN4I_CODEC=m
CONFIG_SUNXI_RSB=m
# Exynos
CONFIG_ARCH_EXYNOS3=y
@ -287,6 +291,7 @@ CONFIG_DRM_EXYNOS_HDMI=y
CONFIG_DRM_EXYNOS_IPP=y
CONFIG_DRM_EXYNOS_ROTATOR=y
CONFIG_DRM_EXYNOS_VIDI=y
CONFIG_DRM_EXYNOS_MIXER=y
CONFIG_PHY_EXYNOS_DP_VIDEO=m
# CONFIG_FB_S3C is not set
CONFIG_PHY_EXYNOS_MIPI_VIDEO=m
@ -329,34 +334,8 @@ CONFIG_LEDS_MAX8997=m
CONFIG_RTC_DRV_MAX8997=m
CONFIG_RTC_DRV_MAX77686=m
CONFIG_RTC_DRV_MAX77802=m
CONFIG_RTC_DRV_RK808=m
CONFIG_EXTCON_MAX8997=m
# Rockchips
CONFIG_I2C_RK3X=m
CONFIG_SPI_ROCKCHIP=m
CONFIG_PWM_ROCKCHIP=m
CONFIG_ROCKCHIP_SARADC=m
CONFIG_ROCKCHIP_IODOMAIN=m
CONFIG_MMC_DW_ROCKCHIP=m
CONFIG_EMAC_ROCKCHIP=m
CONFIG_MFD_RK808=m
CONFIG_COMMON_CLK_RK808=m
CONFIG_REGULATOR_RK808=m
CONFIG_RTC_DRV_HYM8563=m
CONFIG_ROCKCHIP_SARADC=m
CONFIG_ROCKCHIP_IOMMU=y
CONFIG_SND_SOC_ROCKCHIP=m
CONFIG_SND_SOC_ROCKCHIP_I2S=m
CONFIG_ROCKCHIP_THERMAL=m
CONFIG_DRM_ROCKCHIP=m
CONFIG_ROCKCHIP_DW_HDMI=m
CONFIG_PHY_ROCKCHIP_USB=m
CONFIG_DWMAC_ROCKCHIP=m
CONFIG_SND_SOC_ROCKCHIP_MAX98090=m
CONFIG_SND_SOC_ROCKCHIP_RT5645=m
CONFIG_REGULATOR_ACT8865=m
# Tegra
CONFIG_ARCH_TEGRA_114_SOC=y
CONFIG_ARCH_TEGRA_124_SOC=y
@ -410,6 +389,8 @@ CONFIG_RTC_DRV_AS3722=y
# TI Generic
CONFIG_TI_SOC_THERMAL=m
CONFIG_TI_THERMAL=y
# CONFIG_OMAP3_THERMAL is not set
CONFIG_MMC_OMAP_HS=m
# mvebu
CONFIG_ARCH_MVEBU=y
@ -475,6 +456,7 @@ CONFIG_DRM_PANEL_LG_LG4573=m
CONFIG_DRM_PANEL_SAMSUNG_LD9040=m
CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0=m
CONFIG_DRM_DW_HDMI=m
# CONFIG_DRM_DW_HDMI_AHB_AUDIO is not set
# regmap
CONFIG_REGMAP_SPI=m
@ -496,8 +478,7 @@ CONFIG_USB_GADGET_STORAGE_NUM_BUFFERS=2
CONFIG_USB_MUSB_HDRC=m
CONFIG_USB_MUSB_DUAL_ROLE=y
CONFIG_USB_MUSB_DSPS=m
# Use PIO on musb as upstream doesn't support multiple DMA engines yet :-/
CONFIG_MUSB_PIO_ONLY=y
# CONFIG_MUSB_PIO_ONLY is not set
# CONFIG_USB_MUSB_TUSB6010 is not set
# CONFIG_USB_MUSB_UX500 is not set
CONFIG_USB_GPIO_VBUS=m
@ -541,7 +522,6 @@ CONFIG_USB_CONFIGFS_SERIAL=y
# Multifunction Devices
CONFIG_MFD_TPS65090=y
CONFIG_MFD_TPS65217=y
CONFIG_MFD_TPS65910=y
CONFIG_MFD_TPS65912=y
CONFIG_MFD_TPS65912_I2C=y
@ -562,11 +542,6 @@ CONFIG_MFD_TPS65912_SPI=y
#
# Pin stuff
CONFIG_PINMUX=y
CONFIG_PINCONF=y
CONFIG_PINCTRL=y
CONFIG_PINCTRL_SINGLE=y
CONFIG_GENERIC_PINCONF=y
# CONFIG_PINCTRL_AMD is not set
# CONFIG_PINCTRL_SAMSUNG is not set
# CONFIG_PINCTRL_MSM8X74 is not set
@ -619,8 +594,6 @@ CONFIG_SPI_XCOMM=m
CONFIG_NFC_NCI_SPI=y
# i2c
CONFIG_I2C_DESIGNWARE_CORE=m
CONFIG_I2C_DESIGNWARE_PLATFORM=m
CONFIG_I2C_MV64XXX=m
# HW crypto and rng
@ -668,9 +641,6 @@ CONFIG_SND_ARM=y
CONFIG_SND_SOC_AC97_BUS=y
CONFIG_SND_SOC_AC97_CODEC=y
# Displays
CONFIG_BACKLIGHT_TPS65217=m
# RTC
CONFIG_RTC_DRV_DS1305=m
CONFIG_RTC_DRV_DS1390=m
@ -747,11 +717,11 @@ CONFIG_TMP006=m
CONFIG_BMP085=y
CONFIG_BMP085_I2C=m
CONFIG_BMP085_SPI=m
CONFIG_DHT11=m
CONFIG_MPL3115=m
CONFIG_BMP280=m
CONFIG_SENSORS_AD7314=m
CONFIG_SENSORS_ADCXX=m
CONFIG_SENSORS_ADS7871=m
CONFIG_SENSORS_BH1780=m
CONFIG_SENSORS_GPIO_FAN=m
CONFIG_SENSORS_HTU21=m
CONFIG_SENSORS_ISL29018=m
@ -759,11 +729,12 @@ CONFIG_SENSORS_ISL29028=m
CONFIG_SENSORS_LIS3_SPI=m
CONFIG_SENSORS_LM70=m
CONFIG_SENSORS_MAX1111=m
CONFIG_MPL115=m
CONFIG_MPL3115=m
CONFIG_DHT11=m
CONFIG_SI7005=m
CONFIG_SI7020=m
# LCD panels
CONFIG_LCD_L4F00242T03=m
CONFIG_LCD_LMS283GF05=m
CONFIG_LCD_LTV350QV=m
@ -902,7 +873,6 @@ CONFIG_R8188EU=m
# CONFIG_SCSI_ACARD is not set
# CONFIG_SFC is not set
# CONFIG_SND_ALI5451 is not set
# CONFIG_MLX4_EN is not set
# CONFIG_POWER_RESET_QNAP is not set
# CONFIG_MMC_TMIO is not set
# CONFIG_PINCTRL_IMX35 is not set
@ -936,3 +906,8 @@ CONFIG_R8188EU=m
# CONFIG_CRYPTO_DEV_UX500_DEBUG is not set
# CONFIG_AB8500_DEBUG is not set
# CONFIG_ARM_KERNMEM_PERMS is not set
# CONFIG_VFIO_PLATFORM_AMDXGBE_RESET is not set
# Altera?
# CONFIG_PCIE_ALTERA is not set

2
config-debug
View File

@ -31,7 +31,7 @@ CONFIG_LOCK_STAT=y
CONFIG_DEBUG_STACK_USAGE=y
CONFIG_ACPI_DEBUG=y
# CONFIG_ACPI_DEBUGGER is not set
CONFIG_DEBUG_SG=y
CONFIG_DEBUG_PI_LIST=y

112
config-generic
View File

@ -160,7 +160,7 @@ CONFIG_MMC_MTK=m
# CONFIG_MMC_SDHCI_OF_ARASAN is not set
# CONFIG_MMC_SDHCI_F_SDH30 is not set
# CONFIG_MMC_USDHI6ROL0 is not set
# CONFIG_MMC_SDHCI_OF_ESDHC is not set
CONFIG_CB710_CORE=m
# CONFIG_CB710_DEBUG is not set
@ -189,14 +189,12 @@ CONFIG_INFINIBAND_CXGB4=m
CONFIG_SCSI_CXGB3_ISCSI=m
CONFIG_SCSI_CXGB4_ISCSI=m
# CONFIG_INFINIBAND_CXGB3_DEBUG is not set
CONFIG_MLX4_INFINIBAND=m
CONFIG_MLX5_INFINIBAND=m
CONFIG_INFINIBAND_NES=m
# CONFIG_INFINIBAND_NES_DEBUG is not set
CONFIG_INFINIBAND_QIB=m
CONFIG_INFINIBAND_QIB_DCA=y
# CONFIG_INFINIBAND_OCRDMA is not set
# CONFIG_INFINIBAND_USNIC is not set
CONFIG_INFINIBAND_OCRDMA=m
CONFIG_INFINIBAND_USNIC=m
#
# Executable file formats
@ -360,6 +358,8 @@ CONFIG_HOTPLUG_PCI_ACPI_IBM=m
# CONFIG_NVMEM is not set
# CONFIG_FPGA is not set
#
# Block devices
#
@ -585,6 +585,8 @@ CONFIG_FCOE_FNIC=m
CONFIG_SCSI_SNIC=m
# CONFIG_SCSI_SNIC_DEBUG_FS is not set
# CONFIG_NVM is not set
CONFIG_ATA=y
CONFIG_ATA_BMDMA=y
CONFIG_ATA_VERBOSE_ERROR=y
@ -897,6 +899,7 @@ CONFIG_NETFILTER_NETLINK_ACCT=m
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NETFILTER_NETLINK_QUEUE_CT=y
CONFIG_NETFILTER_NETLINK_LOG=m
# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set
CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_SET=m
CONFIG_NETFILTER_XT_MARK=m
@ -1428,7 +1431,8 @@ CONFIG_CHELSIO_T1_1G=y
CONFIG_CHELSIO_T3=m
CONFIG_CHELSIO_T4=m
CONFIG_CHELSIO_T4VF=m
# CONFIG_CHELSIO_T4_DCB is not set
CONFIG_CHELSIO_T4_DCB=y
# CONFIG_CHELSIO_T4_FCOE is not set
CONFIG_NET_VENDOR_CISCO=y
CONFIG_ENIC=m
@ -1544,6 +1548,8 @@ CONFIG_QLCNIC_VXLAN=y
CONFIG_QLCNIC_HWMON=y
CONFIG_QLGE=m
CONFIG_NETXEN_NIC=m
CONFIG_QED=m
CONFIG_QEDE=m
# CONFIG_NET_VENDOR_QUALCOMM is not set
@ -1673,12 +1679,20 @@ CONFIG_JME=m
#
# Ethernet (10000 Mbit)
# CONFIG_NET_VENDOR_AURORA is not set
#
# CONFIG_IP1000 is not set
# CONFIG_MLX4_EN is not set
# CONFIG_MLX4_EN_VXLAN is not set
# CONFIG_MLX5_CORE is not set
CONFIG_MLX4_CORE=m
CONFIG_MLX4_EN=m
CONFIG_MLX4_EN_DCB=y
CONFIG_MLX4_EN_VXLAN=y
CONFIG_MLX4_INFINIBAND=m
CONFIG_MLX5_CORE=m
CONFIG_MLX5_CORE_EN=y
CONFIG_MLX5_INFINIBAND=m
# CONFIG_MLXSW_CORE is not set
# CONFIG_MLX4_DEBUG is not set
# CONFIG_SFC is not set
# CONFIG_FDDI is not set
@ -1832,6 +1846,8 @@ CONFIG_LIBERTAS_SDIO=m
# CONFIG_LIBERTAS_THINFIRM is not set
# CONFIG_LIBERTAS_SPI is not set
CONFIG_LIBERTAS_MESH=y
CONFIG_BNXT=m
CONFIG_BNXT_SRIOV=y
CONFIG_IWLWIFI=m
CONFIG_IWLDVM=m
@ -1913,6 +1929,9 @@ CONFIG_RTL8723AE=m
CONFIG_RTL8723BE=m
CONFIG_RTL8188EE=m
CONFIG_RTL8821AE=m
CONFIG_RTL8XXXU=m
# Untested is intentionally disabled in stable branches
# CONFIG_RTL8XXXU_UNTESTED is not set
CONFIG_MWIFIEX=m
CONFIG_MWIFIEX_SDIO=m
@ -1928,6 +1947,8 @@ CONFIG_IEEE802154_ATUSB=m
CONFIG_IEEE802154_CC2520=m
# CONFIG_IEEE802154_AT86RF230 is not set
# CONFIG_IEEE802154_MRF24J40 is not set
# CONFIG_IEEE802154_NL802154_EXPERIMENTAL is not set
# CONFIG_IEEE802154_AT86RF230_DEBUGFS is not set
CONFIG_MAC802154=m
CONFIG_NET_MPLS_GSO=m
@ -2010,6 +2031,7 @@ CONFIG_CAN_GS_USB=m
CONFIG_CAN_8DEV_USB=m
CONFIG_CAN_SOFTING=m
# CONFIG_CAN_SOFTING_CS is not set
CONFIG_CAN_SUN4I=m
CONFIG_NETROM=m
CONFIG_ROSE=m
@ -2050,7 +2072,9 @@ CONFIG_NFC_ST21NFCA_I2C=m
# CONFIG_NFC_NCI_UART is not set
# CONFIG_NFC_ST_NCI is not set
# CONFIG_NFC_S3FWRN5_I2C is not set
# CONFIG_NFC_FDP is not set
# CONFIG_NFC_MRVL_I2C is not set
# CONFIG_NFC_MRVL_SPI is not set
#
# IrDA (infrared) support
@ -2264,6 +2288,8 @@ CONFIG_GIGASET_M105=m
#
# CONFIG_PHONE is not set
# CONFIG_NET_L3_MASTER_DEV is not set
#
# Input device support
#
@ -2328,6 +2354,7 @@ CONFIG_SERIO_ARC_PS2=m
# CONFIG_SERIO_PARKBD is not set
# CONFIG_SERIO_PCIPS2 is not set
# CONFIG_SERIO_LIBPS2 is not set
# CONFIG_USERIO is not set
#
# Input Device Drivers
@ -2457,6 +2484,9 @@ CONFIG_TOUCHSCREEN_ZFORCE=m
# CONFIG_TOUCHSCREEN_SX8654 is not set
# CONFIG_TOUCHSCREEN_WDT87XX_I2C is not set
# CONFIG_TOUCHSCREEN_IMX6UL_TSC is not set
# CONFIG_TOUCHSCREEN_FT6236 is not set
# CONFIG_TOUCHSCREEN_ROHM_BU21023 is not set
# CONFIG_TOUCHSCREEN_TSC2004 is not set
CONFIG_INPUT_MISC=y
CONFIG_INPUT_E3X0_BUTTON=m
@ -2528,6 +2558,8 @@ CONFIG_SERIAL_8250_SHARE_IRQ=y
CONFIG_SERIAL_8250_RSA=y
CONFIG_SERIAL_8250_DW=y
# CONFIG_SERIAL_8250_INGENIC is not set
CONFIG_SERIAL_8250_RT288X=y
CONFIG_SERIAL_8250_MID=y
CONFIG_CYCLADES=m
# CONFIG_CYZ_INTR is not set
# CONFIG_MOXA_INTELLIO is not set
@ -2581,7 +2613,7 @@ CONFIG_I2C_CHARDEV=m
# CONFIG_I2C_MUX_PCA9541 is not set
# CONFIG_I2C_MUX_PINCTRL is not set
# CONFIG_I2C_MUX_REG is not set
#
# CONFIG_I2C_CADENCE is not set
#
# I2C Algorithms
@ -2808,6 +2840,7 @@ CONFIG_SENSORS_MAX34440=m
CONFIG_SENSORS_MAX8688=m
CONFIG_SENSORS_MAX1668=m
CONFIG_SENSORS_MAX197=m
CONFIG_SENSORS_MAX31790=m
CONFIG_SENSORS_TPS40422=m
# CONFIG_NTB is not set
@ -2931,6 +2964,18 @@ CONFIG_PA12203001=m
# CONFIG_T5403 is not set
# CONFIG_MCP4922 is not set
# CONFIG_MAX1027 is not set
# CONFIG_MXC4005 is not set
# CONFIG_VZ89X is not set
# CONFIG_HDC100X is not set
# CONFIG_HTU21 is not set
# CONFIG_APDS9960 is not set
# CONFIG_US5182D is not set
# CONFIG_MCP4531 is not set
# CONFIG_MS5637 is not set
# CONFIG_LIDAR_LITE_V2 is not set
# CONFIG_TSYS01 is not set
# CONFIG_TSYS02D is not set
# CONFIG_HI8435 is not set
# staging IIO drivers
# CONFIG_AD7291 is not set
@ -3065,6 +3110,7 @@ CONFIG_WM831X_WATCHDOG=m
# CONFIG_GPIO_WATCHDOG is not set
# CONFIG_XILINX_WATCHDOG is not set
# CONFIG_CADENCE_WATCHDOG is not set
# CONFIG_BCM7038_WDT is not set
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_TIMERIOMEM=m
@ -3151,6 +3197,7 @@ CONFIG_RTC_DRV_PCF85063=m
# CONFIG_RTC_DRV_XGENE is not set
# CONFIG_RTC_DRV_ABB5ZES3 is not set
# CONFIG_RTC_DRV_ZYNQMP is not set
# CONFIG_RTC_DRV_RV8803 is not set
CONFIG_R3964=m
# CONFIG_APPLICOM is not set
@ -3577,6 +3624,7 @@ CONFIG_FB_EFI=y
# CONFIG_FB_GOLDFISH is not set
# CONFIG_FB_OPENCORES is not set
# CONFIG_FB_SM712 is not set
# CONFIG_FB_IBM_GXT4500 is not set
# CONFIG_FIRMWARE_EDID is not set
@ -3767,6 +3815,8 @@ CONFIG_SND_DICE=m
CONFIG_SND_OXFW=m
CONFIG_SND_FIREWORKS=m
CONFIG_SND_BEBOB=m
CONFIG_SND_FIREWIRE_DIGI00X=m
CONFIG_SND_FIREWIRE_TASCAM=m
#
# Open Sound System
@ -3803,7 +3853,6 @@ CONFIG_USB_EHCI_TT_NEWSCHED=y
# CONFIG_USB_ISP116X_HCD is not set
# CONFIG_USB_ISP1760 is not set
CONFIG_USB_ISP1362_HCD=m
CONFIG_USB_FUSBH200_HCD=m
# CONFIG_USB_FOTG210_HCD is not set
# CONFIG_USB_GR_UDC is not set
CONFIG_USB_OHCI_HCD=y
@ -3949,7 +3998,8 @@ CONFIG_HID_BELKIN=m
CONFIG_HID_APPLEIR=m
# CONFIG_HID_CP2112 is not set
CONFIG_HID_LENOVO=m
CONFIG_HID_CORSAIR=m
CONFIG_HID_GFRM=m
#
# USB Imaging devices
@ -4239,6 +4289,7 @@ CONFIG_SSB_PCMCIAHOST=y
# CONFIG_SSB_DEBUG is not set
CONFIG_SSB_DRIVER_PCICORE=y
CONFIG_SSB_DRIVER_GPIO=y
CONFIG_SSB_HOST_SOC=y
# Multifunction USB devices
# CONFIG_MFD_PCF50633 is not set
@ -4318,7 +4369,7 @@ CONFIG_MFD_VIPERBOARD=m
# CONFIG_MFD_DA9062 is not set
# CONFIG_EZX_PCAP is not set
# CONFIG_INTEL_SOC_PMIC is not set
# CONFIG_MFD_ATMEL_FLEXCOM is not set
#
# File systems
@ -4552,6 +4603,7 @@ CONFIG_GFS2_FS_LOCKING_DLM=y
CONFIG_UBIFS_FS=m
# CONFIG_UBIFS_FS_ADVANCED_COMPR is not set
CONFIG_UBIFS_ATIME_SUPPORT=y
#
# Partition Types
@ -4704,6 +4756,7 @@ CONFIG_MEMORY_FAILURE=y
CONFIG_HWPOISON_INJECT=m
CONFIG_CROSS_MEMORY_ATTACH=y
# CONFIG_DEBUG_SECTION_MISMATCH is not set
CONFIG_SECTION_MISMATCH_WARN_ONLY=y
# CONFIG_BACKTRACE_SELF_TEST is not set
CONFIG_LATENCYTOP=y
# CONFIG_COMPAT_BRK is not set
@ -4711,8 +4764,8 @@ CONFIG_LATENCYTOP=y
# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
CONFIG_EARLY_PRINTK_DBGP=y
# CONFIG_PAGE_POISONING is not set
# CONFIG_CRASH_DUMP is not set
# CONFIG_CRASH is not set
CONFIG_CRASH=m
CONFIG_CRASH_DUMP=y
# CONFIG_GCOV_KERNEL is not set
CONFIG_KGDB=y
@ -4838,7 +4891,7 @@ CONFIG_CRYPTO_CHACHA20=m
CONFIG_CRYPTO_842=m
CONFIG_CRYPTO_DRBG_HASH=y
CONFIG_CRYPTO_DRBG_CTR=y
CONFIG_CRYPTO_KEYWRAP=m
@ -5059,6 +5112,7 @@ CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
# CONFIG_SND_SOC_AK4554 is not set
# CONFIG_SND_SOC_AK4642 is not set
# CONFIG_SND_SOC_AK5386 is not set
# CONFIG_SND_SOC_AK4613 is not set
# CONFIG_SND_SOC_CS42L52 is not set
# CONFIG_SND_SOC_CS42L73 is not set
# CONFIG_SND_SOC_CS4270 is not set
@ -5201,6 +5255,7 @@ CONFIG_ASYNC_TX_DMA=y
# CONFIG_HSU_DMA is not set
# CONFIG_HSU_DMA_PCI is not set
# CONFIG_XGENE_DMA is not set
# CONFIG_INTEL_IDMA64 is not set
CONFIG_UNUSED_SYMBOLS=y
@ -5222,6 +5277,7 @@ CONFIG_FUNCTION_PROFILER=y
CONFIG_RING_BUFFER_BENCHMARK=m
# CONFIG_RING_BUFFER_STARTUP_TEST is not set
# CONFIG_TRACE_ENUM_MAP_FILE is not set
# CONFIG_TRACING_EVENTS_GPIO is not set
# CONFIG_RBTREE_TEST is not set
# CONFIG_INTERVAL_TREE_TEST is not set
CONFIG_FUNCTION_TRACER=y
@ -5265,7 +5321,7 @@ CONFIG_APM_POWER=m
# CONFIG_BATTERY_DS2782 is not set
# CONFIG_BATTERY_SBS is not set
# CONFIG_BATTERY_DS2780 is not set
# CONFIG_BATTERY_BQ27x00 is not set
# CONFIG_BATTERY_BQ27XXX is not set
# CONFIG_BATTERY_MAX17040 is not set
# CONFIG_BATTERY_MAX17042 is not set
# CONFIG_BATTERY_GOLDFISH is not set
@ -5281,6 +5337,9 @@ CONFIG_APM_POWER=m
# CONFIG_CHARGER_BQ24257 is not set
# CONFIG_CHARGER_BQ25890 is not set
# CONFIG_CHARGER_RT9455 is not set
# CONFIG_CHARGER_QCOM_SMBB is not set
# CONFIG_CHARGER_TPS65217 is not set
# CONFIG_AXP20X_POWER is not set
CONFIG_POWER_RESET=y
# CONFIG_POWER_RESET_LTC2952 is not set
@ -5308,7 +5367,7 @@ CONFIG_UIO_PCI_GENERIC=m
CONFIG_VFIO=m
CONFIG_VFIO_IOMMU_TYPE1=m
CONFIG_VFIO_PCI=m
# CONFIG_VFIO_NOIOMMU is not set
# LIRC
CONFIG_LIRC_STAGING=y
@ -5470,6 +5529,7 @@ CONFIG_USBIP_HOST=m
# CONFIG_FB_TFT is not set
# CONFIG_FB_SM750 is not set
# CONFIG_STAGING_RDMA is not set
# CONFIG_WILC1000_DRIVER is not set
# END OF STAGING
#
@ -5597,6 +5657,9 @@ CONFIG_GPIO_VIPERBOARD=m
# CONFIG_GPIO_XILINX is not set
# CONFIG_GPIO_ALTERA is not set
# CONFIG_GPIO_ZX is not set
# CONFIG_GPIO_AMDPT is not set
# CONFIG_GPIO_104_IDIO_16 is not set
# CONFIG_GPIO_IT87 is not set
# FIXME: Why?
@ -5638,6 +5701,7 @@ CONFIG_PSTORE_RAM=m
# CONFIG_TEST_HEXDUMP is not set
# CONFIG_TEST_RHASHTABLE is not set
# CONFIG_TEST_STATIC_KEYS is not set
# CONFIG_TEST_PRINTF is not set
# CONFIG_AVERAGE is not set
# CONFIG_VMXNET3 is not set
@ -5663,6 +5727,7 @@ CONFIG_IOMMU_SUPPORT=y
# CONFIG_MAILBOX is not set
# CONFIG_ALTERA_MBOX is not set
# CONFIG_MAILBOX_TEST is not set
# CONFIG_RESET_CONTROLLER is not set
@ -5711,3 +5776,12 @@ CONFIG_POWERCAP=y
# set in x86-generic presently
# CONFIG_TOUCHSCREEN_GOODIX is not set
# CONFIG_INTEL_TH is not set
# CONFIG_STM is not set
# CONFIG_STM_DUMMY is not set
# CONFIG_STM_SOURCE_CONSOLE is not set
# CONFIG_AHCI_QORIQ is not set
# CONFIG_COMMON_CLK_SI514 is not set
# CONFIG_CLK_QORIQ is not set

1
config-nodebug
View File

@ -31,6 +31,7 @@ CONFIG_CPUMASK_OFFSTACK=y
# CONFIG_DEBUG_STACK_USAGE is not set
# CONFIG_ACPI_DEBUG is not set
# CONFIG_ACPI_DEBUGGER is not set
# CONFIG_DEBUG_SG is not set
# CONFIG_DEBUG_PI_LIST is not set

10
config-powerpc64-generic
View File

@ -64,8 +64,6 @@ CONFIG_CGROUP_HUGETLB=y
CONFIG_RCU_FANOUT=64
CONFIG_RCU_FANOUT_LEAF=16
CONFIG_CRASH=m
CONFIG_CRASH_DUMP=y
CONFIG_FA_DUMP=y
CONFIG_RELOCATABLE=y
@ -166,6 +164,7 @@ CONFIG_SCSI_IPR_TRACE=y
CONFIG_SCSI_IPR_DUMP=y
CONFIG_SERIAL_ICOM=m
# CONFIG_SERIAL_8250 is not set
# Things we might want to review for newer architectures
# CONFIG_PCIEPORTBUS is not set
@ -260,10 +259,6 @@ CONFIG_SND_PPC=y
CONFIG_NET_VENDOR_IBM=y
CONFIG_MLX4_EN=m
CONFIG_MLX4_EN_DCB=y
CONFIG_MLX4_EN_VXLAN=y
# CONFIG_SERIO_XILINX_XPS_PS2 is not set
# CONFIG_PPC_SMLPAR is not set
@ -316,8 +311,6 @@ CONFIG_PPC_EMULATED_STATS=y
CONFIG_SWIOTLB=y
# CONFIG_RDS is not set
CONFIG_PPC_DISABLE_WERROR=y
# CONFIG_STRICT_MM_TYPECHECKS is not set
@ -337,7 +330,6 @@ CONFIG_GPIO_WM831X=m
# CONFIG_MFD_TPS65912_I2C is not set
# CONFIG_MFD_WL1273_CORE is not set
# CONFIG_XPS_USB_HCD_XILINX is not set
# CONFIG_MMC_SDHCI_OF_ESDHC is not set
# CONFIG_MMC_SDHCI_OF_HLWD is not set
# CONFIG_MFD_AAT2870_CORE is not set

27
config-s390x
View File

@ -14,6 +14,8 @@ CONFIG_HZ_100=y
CONFIG_LOG_BUF_SHIFT=16
CONFIG_IRQ_DOMAIN_DEBUG=y
#
# I/O subsystem configuration
#
@ -127,10 +129,12 @@ CONFIG_MSDOS_PARTITION=y
#
# S390 crypto hw
#
CONFIG_CRYPTO_AES_S390=m
CONFIG_CRYPTO_DES_S390=m
CONFIG_CRYPTO_GHASH_S390=m
CONFIG_CRYPTO_SHA1_S390=m
CONFIG_CRYPTO_SHA256_S390=m
CONFIG_CRYPTO_DES_S390=m
CONFIG_CRYPTO_AES_S390=m
CONFIG_CRYPTO_SHA512_S390=m
#
# Kernel hacking
@ -170,7 +174,7 @@ CONFIG_S390_VMUR=m
CONFIG_CTCM=m
CONFIG_QETH_L2=m
CONFIG_QETH_L3=m
CONFIG_CRYPTO_SHA512_S390=m
CONFIG_KVM=m
# CONFIG_KVM_S390_UCONTROL is not set
CONFIG_S390_GUEST=y
@ -205,8 +209,6 @@ CONFIG_SCHED_TOPOLOGY=y
# CONFIG_WARN_DYNAMIC_STACK is not set
CONFIG_CRYPTO_GHASH_S390=m
# CONFIG_TRANSPARENT_HUGEPAGE is not set
CONFIG_SCM_BUS=y
CONFIG_EADM_SCH=m
@ -292,20 +294,5 @@ CONFIG_HOTPLUG_PCI_S390=y
# CONFIG_NET_VENDOR_VIA is not set
# CONFIG_IEEE802154_DRIVERS is not set
# CONFIG_MDIO_OCTEON is not set
# CONFIG_FMC is not set
# CONFIG_OF is not set
CONFIG_MLX4_EN=m
CONFIG_MLX4_EN_DCB=y
CONFIG_MLX4_EN_VXLAN=y
CONFIG_INFINIBAND=m
CONFIG_INFINIBAND_USER_ACCESS=m
CONFIG_MLX4_INFINIBAND=m
CONFIG_RDS=m
CONFIG_RDS_RDMA=m
CONFIG_RDS_TCP=m
CONFIG_IRQ_DOMAIN_DEBUG=y
CONFIG_CRASH=m

22
config-x86-generic
View File

@ -48,6 +48,7 @@ CONFIG_EFI_PCDP=y
CONFIG_FB_EFI=y
CONFIG_EARLY_PRINTK_EFI=y
CONFIG_EFI_RUNTIME_MAP=y
# CONFIG_EFI_FAKE_MEMMAP is not set
# needs FB_SIMPLE to work correctly
# CONFIG_X86_SYSFB is not set
@ -57,6 +58,7 @@ CONFIG_EFI_RUNTIME_MAP=y
CONFIG_INTEL_IOMMU=y
CONFIG_INTEL_IOMMU_FLOPPY_WA=y
# CONFIG_INTEL_IOMMU_DEFAULT_ON is not set
CONFIG_INTEL_IOMMU_SVM=y
CONFIG_SCSI_ADVANSYS=m
CONFIG_CAPI_EICON=y
@ -70,6 +72,7 @@ CONFIG_MMIOTRACE=y
# CONFIG_MMIOTRACE_TEST is not set
# CONFIG_DEBUG_PER_CPU_MAPS is not set
CONFIG_DEBUG_RODATA=y
CONFIG_DEBUG_WX=y
CONFIG_DEBUG_STACKOVERFLOW=y
CONFIG_ACPI=y
@ -102,7 +105,7 @@ CONFIG_ACPI_IPMI=m
CONFIG_ACPI_CUSTOM_METHOD=m
CONFIG_ACPI_BGRT=y
# CONFIG_ACPI_EXTLOG is not set
CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y
# CONFIG_ACPI_REV_OVERRIDE_POSSIBLE is not set
CONFIG_INTEL_SOC_PMIC=y
CONFIG_PMIC_OPREGION=y
@ -263,9 +266,7 @@ CONFIG_TOUCHSCREEN_GOODIX=m
CONFIG_VIA_WDT=m
CONFIG_IE6XX_WDT=m
CONFIG_CRASH_DUMP=y
CONFIG_PROC_VMCORE=y
CONFIG_CRASH=m
CONFIG_KVM=m
CONFIG_KVM_INTEL=m
@ -314,7 +315,14 @@ CONFIG_XEN_ACPI_PROCESSOR=m
# CONFIG_XEN_SCSI_BACKEND is not set
CONFIG_XEN_SYMS=y
CONFIG_SPI=y
CONFIG_SPI_MASTER=y
CONFIG_SPI_PXA2XX=m
# CONFIG_CAN_MCP251X is not set
# CONFIG_SPI_CADENCE is not set
# CONFIG_SPI_ZYNQMP_GQSPI is not set
# CONFIG_DRM_PANEL_SAMSUNG_LD9040 is not set
# CONFIG_DRM_PANEL_LG_LG4573 is not set
CONFIG_MTD_ESB2ROM=m
CONFIG_MTD_CK804XROM=m
@ -342,6 +350,7 @@ CONFIG_ISCSI_IBFT=m
CONFIG_DMADEVICES=y
CONFIG_INTEL_IOATDMA=m
CONFIG_INTEL_IDMA64=m
CONFIG_SENSORS_I5K_AMB=m
CONFIG_SENSORS_FAM15H_POWER=m
@ -394,6 +403,7 @@ CONFIG_ACPI_CMPC=m
CONFIG_MSI_WMI=m
CONFIG_TOSHIBA_BT_RFKILL=m
CONFIG_TOSHIBA_HAPS=m
CONFIG_TOSHIBA_WMI=m
CONFIG_VGA_SWITCHEROO=y
CONFIG_LPC_SCH=m
@ -520,9 +530,10 @@ CONFIG_PWM_LPSS_PCI=m
CONFIG_PWM_LPSS_PLATFORM=m
CONFIG_PINCTRL=y
CONFIG_PINCTRL_BAYTRAIL=y
CONFIG_PINCTRL_CHERRYVIEW=m
CONFIG_PINCTRL_CHERRYVIEW=y
# CONFIG_PINCTRL_AMD is not set
CONFIG_PINCTRL_SUNRISEPOINT=m
CONFIG_PINCTRL_BROXTON=m
#baytrail/cherrytrail stuff
CONFIG_KEYBOARD_GPIO=m
@ -538,9 +549,10 @@ CONFIG_SND_SOC_INTEL_BYTCR_RT5640_MACH=m
CONFIG_SND_SOC_INTEL_CHT_BSW_RT5672_MACH=m
CONFIG_SND_SOC_INTEL_CHT_BSW_RT5645_MACH=m
CONFIG_SND_SOC_INTEL_CHT_BSW_MAX98090_TI_MACH=m
CONFIG_SND_SOC_INTEL_SKL_RT286_MACH=m
CONFIG_SND_SOC_AC97_CODEC=m
# CONFIG_SND_SOC_TAS571X is not set
# CONFIG_SND_SUN4I_CODEC is not set
# CONFIG_INTEL_POWERCLAMP is not set
CONFIG_X86_PKG_TEMP_THERMAL=m

13
config-x86_64-generic
View File

@ -61,6 +61,7 @@ CONFIG_INTEL_MIC_HOST=m
CONFIG_INTEL_MIC_CARD=m
CONFIG_INTEL_MIC_BUS=m
CONFIG_INTEL_MIC_X100_DMA=m
CONFIG_MIC_COSM=m
# SHPC has half-arsed PCI probing, which makes it load on too many systems
CONFIG_HOTPLUG_PCI_SHPC=m
@ -135,7 +136,7 @@ CONFIG_XEN_DEV_EVTCHN=m
CONFIG_XEN_SYS_HYPERVISOR=y
# CONFIG_XEN_MCE_LOG is not set
# CONFIG_XEN_STUB is not set
# CONFIG_XEN_PVH is not set
CONFIG_XEN_PVH=y
CONFIG_XEN_512GB=y
CONFIG_PROVIDE_OHCI1394_DMA_INIT=y
@ -183,10 +184,6 @@ CONFIG_NTB_TRANSPORT=m
# 10GigE
#
CONFIG_IP1000=m
CONFIG_MLX4_EN=m
CONFIG_MLX4_EN_DCB=y
CONFIG_MLX4_EN_VXLAN=y
# CONFIG_MLX4_DEBUG is not set
CONFIG_SFC=m
CONFIG_SFC_MCDI_MON=y
CONFIG_SFC_SRIOV=y
@ -209,3 +206,9 @@ CONFIG_NO_HZ_FULL=y
# CONFIG_NO_HZ_FULL_ALL is not set
# CONFIG_NO_HZ_FULL_SYSIDLE is not set
# CONFIG_CONTEXT_TRACKING_FORCE is not set
# Turn on CONFIG_CMA for THP
CONFIG_CMA=y
# CONFIG_CMA_DEBUG is not set
# CONFIG_CMA_DEBUGFS is not set
CONFIG_CMA_AREAS=7

68
drm-i915-shut-up-gen8-SDE-irq-dmesg-noise-again.patch Normal file
View File

@ -0,0 +1,68 @@
From 41ed5ee704b784a4fca02787311d59c243563013 Mon Sep 17 00:00:00 2001
From: Jani Nikula <jani.nikula@intel.com>
Date: Thu, 7 Jan 2016 10:29:10 +0200
Subject: [PATCH] drm/i915: shut up gen8+ SDE irq dmesg noise, again
We still keep getting
[ 4.249930] [drm:gen8_irq_handler [i915]] *ERROR* The master control interrupt lied (SDE)!
This reverts
commit 820da7ae46332fa709b171eb7ba57cbd023fa6df
Author: Jani Nikula <jani.nikula@intel.com>
Date: Wed Nov 25 16:47:23 2015 +0200
Revert "drm/i915: shut up gen8+ SDE irq dmesg noise"
which in itself is a revert, so this is just doing
commit 97e5ed1111dcc5300a0f59a55248cd243937a8ab
Author: Daniel Vetter <daniel.vetter@ffwll.ch>
Date: Fri Oct 23 10:56:12 2015 +0200
drm/i915: shut up gen8+ SDE irq dmesg noise
all over again. I'll stop pretending I understand what's going on like I
did when I thought I'd fixed this for good in
commit 6a39d7c986be4fd18eb019e9cdbf774ec36c9f77
Author: Jani Nikula <jani.nikula@intel.com>
Date: Wed Nov 25 16:47:22 2015 +0200
drm/i915: fix the SDE irq dmesg warnings properly
Reported-by: Chris Wilson <chris@chris-wilson.co.uk>
Reference: http://mid.gmane.org/20151213124945.GA5715@nuc-i3427.alporthouse.com
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=92084
Cc: drm-intel-fixes@lists.freedesktop.org
Fixes: 820da7ae4633 ("Revert "drm/i915: shut up gen8+ SDE irq dmesg noise"")
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
---
drivers/gpu/drm/i915/i915_irq.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
index 0d228f909dcb..0f42a2782afc 100644
--- a/drivers/gpu/drm/i915/i915_irq.c
+++ b/drivers/gpu/drm/i915/i915_irq.c
@@ -2354,9 +2354,13 @@ static irqreturn_t gen8_irq_handler(int irq, void *arg)
spt_irq_handler(dev, pch_iir);
else
cpt_irq_handler(dev, pch_iir);
- } else
- DRM_ERROR("The master control interrupt lied (SDE)!\n");
-
+ } else {
+ /*
+ * Like on previous PCH there seems to be something
+ * fishy going on with forwarding PCH interrupts.
+ */
+ DRM_DEBUG_DRIVER("The master control interrupt lied (SDE)!\n");
+ }
}
I915_WRITE_FW(GEN8_MASTER_IRQ, GEN8_MASTER_IRQ_CONTROL);
--
2.5.0

16
efi-Add-EFI_SECURE_BOOT-bit.patch
View File

@ -1,4 +1,4 @@
From b4467813ec088c13bd8c9f1eafb7c29d889d7c8f Mon Sep 17 00:00:00 2001
From c01ff700ea4192ae04b306fef725d62189550236 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:33:03 -0400
Subject: [PATCH 13/20] efi: Add EFI_SECURE_BOOT bit
@ -13,10 +13,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
2 files changed, 3 insertions(+)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 1ac118146e90..f93826b8522c 100644
index f3b804f..a401ff8 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1137,7 +1137,9 @@ void __init setup_arch(char **cmdline_p)
@@ -1145,7 +1145,9 @@ void __init setup_arch(char **cmdline_p)
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
if (boot_params.secure_boot) {
@ -27,17 +27,17 @@ index 1ac118146e90..f93826b8522c 100644
#endif
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 85ef051ac6fb..de3e45088d4a 100644
index 569b5a8..4dc970e 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -959,6 +959,7 @@ extern int __init efi_setup_pcdp_console(char *);
#define EFI_PARAVIRT 6 /* Access is via a paravirt interface */
@@ -980,6 +980,7 @@ extern int __init efi_setup_pcdp_console(char *);
#define EFI_ARCH_1 7 /* First arch-specific bit */
#define EFI_DBG 8 /* Print additional debug info at runtime */
+#define EFI_SECURE_BOOT 9 /* Are we in Secure Boot mode? */
#define EFI_NX_PE_DATA 9 /* Can runtime data regions be mapped non-executable? */
+#define EFI_SECURE_BOOT 10 /* Are we in Secure Boot mode? */
#ifdef CONFIG_EFI
/*
--
2.4.3
2.5.0

41
ideapad-laptop-Add-Lenovo-Yoga-900-to-no_hw_rfkill-d.patch
View File

@ -1,41 +0,0 @@
From 332faabbaab64876396be48f1a1cf72b31d53a9d Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Mon, 9 Nov 2015 17:09:05 +0100
Subject: [PATCH] ideapad-laptop: Add Lenovo Yoga 900 to no_hw_rfkill dmi list
Like some of the other Yoga models the Lenovo Yoga 900 does not have a
hw rfkill switch, and trying to read the hw rfkill switch through the
ideapad module causes it to always reported blocking breaking wifi.
This commit adds the Lenovo Yoga 900 to the no_hw_rfkill dmi list, fixing
the wifi breakage.
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1275490
Cc: stable@vger.kernel.org
Reported-and-tested-by: Kevin Fenzi <kevin@scrye.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/platform/x86/ideapad-laptop.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
index fce49f3c6ed6..d4a48b4d161a 100644
--- a/drivers/platform/x86/ideapad-laptop.c
+++ b/drivers/platform/x86/ideapad-laptop.c
@@ -873,6 +873,13 @@ static const struct dmi_system_id no_hw_rfkill_list[] = {
DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo YOGA 3 Pro-1370"),
},
},
+ {
+ .ident = "Lenovo Yoga 900",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo YOGA 900"),
+ },
+ },
{}
};
--
2.4.3

40
isdn_ppp-Add-checks-for-allocation-failure-in-isdn_p.patch
View File

@ -1,40 +0,0 @@
From 59f271755df42fce6d38ebdf5b7502666b1e0c36 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Sun, 1 Nov 2015 16:21:24 +0000
Subject: [PATCH 1/2] isdn_ppp: Add checks for allocation failure in
isdn_ppp_open()
Compile-tested only.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
drivers/isdn/i4l/isdn_ppp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/isdn/i4l/isdn_ppp.c b/drivers/isdn/i4l/isdn_ppp.c
index c4198fa490bf..86f9abebcb72 100644
--- a/drivers/isdn/i4l/isdn_ppp.c
+++ b/drivers/isdn/i4l/isdn_ppp.c
@@ -301,6 +301,8 @@ isdn_ppp_open(int min, struct file *file)
is->compflags = 0;
is->reset = isdn_ppp_ccp_reset_alloc(is);
+ if (!is->reset)
+ return -ENOMEM;
is->lp = NULL;
is->mp_seqno = 0; /* MP sequence number */
@@ -320,6 +322,10 @@ isdn_ppp_open(int min, struct file *file)
* VJ header compression init
*/
is->slcomp = slhc_init(16, 16); /* not necessary for 2. link in bundle */
+ if (!is->slcomp) {
+ isdn_ppp_ccp_reset_free(is);
+ return -ENOMEM;
+ }
#endif
#ifdef CONFIG_IPPP_FILTER
is->pass_filter = NULL;
--
2.4.3

24
kbuild-AFTER_LINK.patch
View File

@ -1,4 +1,4 @@
From 7877d76b409181af38d307b98d8fed1024f3c9c2 Mon Sep 17 00:00:00 2001
From a9488dbeccf188f0bd83b9d5704892f2c0f97fdc Mon Sep 17 00:00:00 2001
From: Roland McGrath <roland@redhat.com>
Date: Mon, 6 Oct 2008 23:03:03 -0700
Subject: [PATCH] kbuild: AFTER_LINK
@ -21,10 +21,10 @@ Signed-off-by: Roland McGrath <roland@redhat.com>
7 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile
index f6fe17d88da5..eb6ddbf37f30 100644
index b467fd0..feeff5e 100644
--- a/arch/arm64/kernel/vdso/Makefile
+++ b/arch/arm64/kernel/vdso/Makefile
@@ -52,7 +52,8 @@ $(obj-vdso): %.o: %.S FORCE
@@ -55,7 +55,8 @@ $(obj-vdso): %.o: %.S FORCE
# Actual build commands
quiet_cmd_vdsold = VDSOL $@
@ -35,7 +35,7 @@ index f6fe17d88da5..eb6ddbf37f30 100644
cmd_vdsoas = $(CC) $(a_flags) -c -o $@ $<
diff --git a/arch/powerpc/kernel/vdso32/Makefile b/arch/powerpc/kernel/vdso32/Makefile
index 53e6c9b979ec..e427844e9bb0 100644
index 6abffb7..7b103bb 100644
--- a/arch/powerpc/kernel/vdso32/Makefile
+++ b/arch/powerpc/kernel/vdso32/Makefile
@@ -43,7 +43,8 @@ $(obj-vdso32): %.o: %.S
@ -49,7 +49,7 @@ index 53e6c9b979ec..e427844e9bb0 100644
cmd_vdso32as = $(CROSS32CC) $(a_flags) -c -o $@ $<
diff --git a/arch/powerpc/kernel/vdso64/Makefile b/arch/powerpc/kernel/vdso64/Makefile
index effca9404b17..713891a92d23 100644
index 8c8f2ae..a743ebe 100644
--- a/arch/powerpc/kernel/vdso64/Makefile
+++ b/arch/powerpc/kernel/vdso64/Makefile
@@ -36,7 +36,8 @@ $(obj-vdso64): %.o: %.S
@ -63,7 +63,7 @@ index effca9404b17..713891a92d23 100644
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
diff --git a/arch/s390/kernel/vdso32/Makefile b/arch/s390/kernel/vdso32/Makefile
index ee8a18e50a25..63e33fa049f8 100644
index ee8a18e..63e33fa 100644
--- a/arch/s390/kernel/vdso32/Makefile
+++ b/arch/s390/kernel/vdso32/Makefile
@@ -43,7 +43,8 @@ $(obj-vdso32): %.o: %.S
@ -77,7 +77,7 @@ index ee8a18e50a25..63e33fa049f8 100644
cmd_vdso32as = $(CC) $(a_flags) -c -o $@ $<
diff --git a/arch/s390/kernel/vdso64/Makefile b/arch/s390/kernel/vdso64/Makefile
index c4b03f9ed228..550450fc2f95 100644
index c4b03f9..550450f 100644
--- a/arch/s390/kernel/vdso64/Makefile
+++ b/arch/s390/kernel/vdso64/Makefile
@@ -43,7 +43,8 @@ $(obj-vdso64): %.o: %.S
@ -91,10 +91,10 @@ index c4b03f9ed228..550450fc2f95 100644
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
index a3d0767a6b29..078c9be1db8f 100644
index 265c0ed..fd90c7d 100644
--- a/arch/x86/entry/vdso/Makefile
+++ b/arch/x86/entry/vdso/Makefile
@@ -172,8 +172,9 @@ $(vdso32-images:%=$(obj)/%.dbg): $(obj)/vdso32-%.so.dbg: FORCE \
@@ -159,8 +159,9 @@ $(obj)/vdso32.so.dbg: FORCE \
quiet_cmd_vdso = VDSO $@
cmd_vdso = $(CC) -nostdlib -o $@ \
$(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter %.lds,$(^F))) \
@ -107,11 +107,11 @@ index a3d0767a6b29..078c9be1db8f 100644
VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=both) \
$(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS)
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
index 1a10d8ac8162..092d0c0cf72c 100755
index dacf71a..72cbefd 100755
--- a/scripts/link-vmlinux.sh
+++ b/scripts/link-vmlinux.sh
@@ -65,6 +65,10 @@ vmlinux_link()
-lutil ${1}
-lutil -lrt ${1}
rm -f linux
fi
+ if [ -n "${AFTER_LINK}" ]; then
@ -122,5 +122,5 @@ index 1a10d8ac8162..092d0c0cf72c 100755
--
2.4.3
2.5.0

55
kernel.spec
View File

@ -46,13 +46,13 @@ Summary: The Linux kernel
# base_sublevel is the kernel version we're starting with and patching
# on top of -- for example, 3.1-rc7-git1 starts with a 3.0 base,
# which yields a base_sublevel of 0.
%define base_sublevel 3
%define base_sublevel 4
## If this is a released kernel ##
%if 0%{?released_kernel}
# Do we have a -stable update to apply?
%define stable_update 3
%define stable_update 0
# Set rpm version accordingly
%if 0%{?stable_update}
%define stablerev %{stable_update}
@ -502,16 +502,10 @@ Patch453: amd-xgbe-phy-a0-Add-support-for-XGBE-PHY-on-A0.patch
Patch454: arm64-avoid-needing-console-to-enable-serial-console.patch
Patch455: usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
Patch456: arm64-acpi-drop-expert-patch.patch
Patch457: ARM-tegra-usb-no-reset.patch
Patch458: ARM-dts-Add-am335x-bonegreen.patch
Patch459: 0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch
Patch460: mfd-wm8994-Ensure-that-the-whole-MFD-is-built-into-a.patch
Patch463: arm-i.MX6-Utilite-device-dtb.patch
@ -592,33 +586,9 @@ Patch503: drm-i915-turn-off-wc-mmaps.patch
Patch508: kexec-uefi-copy-secure_boot-flag-in-boot-params.patch
#CVE-2015-7799 rhbz 1271134 1271135
Patch512: isdn_ppp-Add-checks-for-allocation-failure-in-isdn_p.patch
Patch513: ppp-slip-Validate-VJ-compression-slot-parameters-com.patch
#CVE-2015-8104 rhbz 1278496 1279691
Patch551: KVM-svm-unconditionally-intercept-DB.patch
#rhbz 1269300
Patch552: megaraid_sas-Do-not-use-PAGE_SIZE-for-max_sectors.patch
#rhbz 1275490
Patch553: ideapad-laptop-Add-Lenovo-Yoga-900-to-no_hw_rfkill-d.patch
#rhbz 1279189
Patch556: netfilter-ipset-Fix-extension-alignment.patch
Patch557: netfilter-ipset-Fix-hash-type-expiration.patch
Patch558: netfilter-ipset-Fix-hash-type-expire-release-empty-h.patch
#rhbz 1284059
Patch566: KEYS-Fix-handling-of-stored-error-in-a-negatively-in.patch
#CVE-2015-7833 rhbz 1270158 1270160
Patch567: usbvision-fix-crash-on-detecting-device-with-invalid.patch
#CVE-2015-7515 rhbz 1285326 1285331
Patch568: Input-aiptek-fix-crash-on-detecting-device-without-e.patch
#rhbz 1287819
Patch570: HID-multitouch-enable-palm-rejection-if-device-imple.patch
@ -628,22 +598,10 @@ Patch571: ideapad-laptop-Add-Lenovo-ideapad-Y700-17ISK-to-no_h.patch
#rhbz 1288687
Patch572: alua_fix.patch
#CVE-XXXX-XXXX rhbz 1291329 1291332
Patch574: ovl-fix-permission-checking-for-setattr.patch
#CVE-2015-8709 rhbz 1295287 1295288
Patch603: ptrace-being-capable-wrt-a-process-requires-mapped-u.patch
#CVE-2015-7550 rhbz 1291197 1291198
Patch575: KEYS-Fix-race-between-read-and-revoke.patch
#CVE-2015-8543 rhbz 1290475 1290477
Patch576: net-add-validation-for-the-socket-syscall-protocol-a.patch
#CVE-2015-8569 rhbz 1292045 1292047
Patch600: pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
Patch601: vrf-fix-memory-leak-on-registration.patch
#CVE-2015-8575 rhbz 1292840 1292841
Patch602: bluetooth-Validate-socket-address-length-in-sco_sock.patch
Patch604: drm-i915-shut-up-gen8-SDE-irq-dmesg-noise-again.patch
# END OF PATCH DEFINITIONS
@ -2088,6 +2046,9 @@ fi
#
#
%changelog
* Thu Jan 14 2015 Laura Abbott <labbott@fedoraproject.org>
- Linux v4.4
* Fri Dec 18 2015 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2015-8575 information leak in sco_sock_bind (rhbz 1292840 1292841)

50
megaraid_sas-Do-not-use-PAGE_SIZE-for-max_sectors.patch
View File

@ -1,50 +0,0 @@
From c6f081c88ab76d5a40365b94c1f5839e099b2b2b Mon Sep 17 00:00:00 2001
From: "sumit.saxena@avagotech.com" <sumit.saxena@avagotech.com>
Date: Thu, 15 Oct 2015 13:40:04 +0530
Subject: [PATCH] megaraid_sas: Do not use PAGE_SIZE for max_sectors
Do not use PAGE_SIZE marco to calculate max_sectors per I/O
request. Driver code assumes PAGE_SIZE will be always 4096 which can
lead to wrongly calculated value if PAGE_SIZE is not 4096. This issue
was reported in Ubuntu Bugzilla Bug #1475166.
Cc: <stable@vger.kernel.org>
Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com>
Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com>
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
---
drivers/scsi/megaraid/megaraid_sas.h | 2 ++
drivers/scsi/megaraid/megaraid_sas_base.c | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/megaraid/megaraid_sas.h b/drivers/scsi/megaraid/megaraid_sas.h
index 20c37541963f..ebf821b94cb6 100644
--- a/drivers/scsi/megaraid/megaraid_sas.h
+++ b/drivers/scsi/megaraid/megaraid_sas.h
@@ -364,6 +364,8 @@ enum MR_EVT_ARGS {
MR_EVT_ARGS_GENERIC,
};
+
+#define SGE_BUFFER_SIZE 4096
/*
* define constants for device list query options
*/
diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
index eaa81e552fd2..a9eb10ebc6ed 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -4752,7 +4752,7 @@ static int megasas_init_fw(struct megasas_instance *instance)
instance->max_sectors_per_req = instance->max_num_sge *
- PAGE_SIZE / 512;
+ SGE_BUFFER_SIZE / 512;
if (tmp_sectors && (instance->max_sectors_per_req > tmp_sectors))
instance->max_sectors_per_req = tmp_sectors;
--
2.4.3

139
net-add-validation-for-the-socket-syscall-protocol-a.patch
View File

@ -1,139 +0,0 @@
From 4da7dc22c91ad2c3144cb1d0d96e9611bc86da47 Mon Sep 17 00:00:00 2001
From: Hannes Frederic Sowa <hannes@stressinduktion.org>
Date: Mon, 14 Dec 2015 22:03:39 +0100
Subject: [PATCH] net: add validation for the socket syscall protocol argument
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
郭永刚 reported that one could simply crash the kernel as root by
using a simple program:
int socket_fd;
struct sockaddr_in addr;
addr.sin_port = 0;
addr.sin_addr.s_addr = INADDR_ANY;
addr.sin_family = 10;
socket_fd = socket(10,3,0x40000000);
connect(socket_fd , &addr,16);
AF_INET, AF_INET6 sockets actually only support 8-bit protocol
identifiers. inet_sock's skc_protocol field thus is sized accordingly,
thus larger protocol identifiers simply cut off the higher bits and
store a zero in the protocol fields.
This could lead to e.g. NULL function pointer because as a result of
the cut off inet_num is zero and we call down to inet_autobind, which
is NULL for raw sockets.
kernel: Call Trace:
kernel: [<ffffffff816db90e>] ? inet_autobind+0x2e/0x70
kernel: [<ffffffff816db9a4>] inet_dgram_connect+0x54/0x80
kernel: [<ffffffff81645069>] SYSC_connect+0xd9/0x110
kernel: [<ffffffff810ac51b>] ? ptrace_notify+0x5b/0x80
kernel: [<ffffffff810236d8>] ? syscall_trace_enter_phase2+0x108/0x200
kernel: [<ffffffff81645e0e>] SyS_connect+0xe/0x10
kernel: [<ffffffff81779515>] tracesys_phase2+0x84/0x89
I found no particular commit which introduced this problem.
CVE: CVE-2015-8543
Cc: Cong Wang <cwang@twopensource.com>
Reported-by: 郭永刚 <guoyonggang@360.cn>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
include/net/sock.h | 1 +
net/ax25/af_ax25.c | 3 +++
net/decnet/af_decnet.c | 3 +++
net/ipv4/af_inet.c | 3 +++
net/ipv6/af_inet6.c | 3 +++
net/irda/af_irda.c | 3 +++
6 files changed, 16 insertions(+)
diff --git a/include/net/sock.h b/include/net/sock.h
index 52d27ee924f4..2fa1fc00e8cb 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -403,6 +403,7 @@ struct sock {
sk_no_check_rx : 1,
sk_userlocks : 4,
sk_protocol : 8,
+#define SK_PROTOCOL_MAX U8_MAX
sk_type : 16;
kmemcheck_bitfield_end(flags);
int sk_wmem_queued;
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index ae3a47f9d1d5..fbd0acf80b13 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -805,6 +805,9 @@ static int ax25_create(struct net *net, struct socket *sock, int protocol,
struct sock *sk;
ax25_cb *ax25;
+ if (protocol < 0 || protocol > SK_PROTOCOL_MAX)
+ return -EINVAL;
+
if (!net_eq(net, &init_net))
return -EAFNOSUPPORT;
diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
index eebf5ac8ce18..13d6b1a6e0fc 100644
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -678,6 +678,9 @@ static int dn_create(struct net *net, struct socket *sock, int protocol,
{
struct sock *sk;
+ if (protocol < 0 || protocol > SK_PROTOCOL_MAX)
+ return -EINVAL;
+
if (!net_eq(net, &init_net))
return -EAFNOSUPPORT;
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 11c4ca13ec3b..5c5db6636704 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -257,6 +257,9 @@ static int inet_create(struct net *net, struct socket *sock, int protocol,
int try_loading_module = 0;
int err;
+ if (protocol < 0 || protocol >= IPPROTO_MAX)
+ return -EINVAL;
+
sock->state = SS_UNCONNECTED;
/* Look for the requested type/protocol pair. */
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 8ec0df75f1c4..9f5137cd604e 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -109,6 +109,9 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol,
int try_loading_module = 0;
int err;
+ if (protocol < 0 || protocol >= IPPROTO_MAX)
+ return -EINVAL;
+
/* Look for the requested type/protocol pair. */
lookup_protocol:
err = -ESOCKTNOSUPPORT;
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index e6aa48b5395c..923abd6b3064 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -1086,6 +1086,9 @@ static int irda_create(struct net *net, struct socket *sock, int protocol,
struct sock *sk;
struct irda_sock *self;
+ if (protocol < 0 || protocol > SK_PROTOCOL_MAX)
+ return -EINVAL;
+
if (net != &init_net)
return -EAFNOSUPPORT;
--
2.5.0

481
netfilter-ipset-Fix-extension-alignment.patch
View File

@ -1,481 +0,0 @@
From 55301931f78c0fdbb8f76dfdb3f914e9eef1f273 Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Sat, 7 Nov 2015 11:21:47 +0100
Subject: [PATCH 1/3] netfilter: ipset: Fix extension alignment
The data extensions in ipset lacked the proper memory alignment and
thus could lead to kernel crash on several architectures. Therefore
the structures have been reorganized and alignment attributes added
where needed. The patch was tested on armv7h by Gerhard Wiesinger and
on x86_64, sparc64 by Jozsef Kadlecsik.
Reported-by: Gerhard Wiesinger <lists@wiesinger.com>
Tested-by: Gerhard Wiesinger <lists@wiesinger.com>
Tested-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
include/linux/netfilter/ipset/ip_set.h | 2 +-
net/netfilter/ipset/ip_set_bitmap_gen.h | 17 +++-----
net/netfilter/ipset/ip_set_bitmap_ip.c | 14 ++-----
net/netfilter/ipset/ip_set_bitmap_ipmac.c | 64 ++++++++++++++-----------------
net/netfilter/ipset/ip_set_bitmap_port.c | 18 ++++-----
net/netfilter/ipset/ip_set_core.c | 14 ++++---
net/netfilter/ipset/ip_set_hash_gen.h | 11 ++++--
net/netfilter/ipset/ip_set_list_set.c | 5 ++-
8 files changed, 65 insertions(+), 80 deletions(-)
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h
index 48bb01edcf30..0e1f433cc4b7 100644
--- a/include/linux/netfilter/ipset/ip_set.h
+++ b/include/linux/netfilter/ipset/ip_set.h
@@ -421,7 +421,7 @@ extern void ip_set_free(void *members);
extern int ip_set_get_ipaddr4(struct nlattr *nla, __be32 *ipaddr);
extern int ip_set_get_ipaddr6(struct nlattr *nla, union nf_inet_addr *ipaddr);
extern size_t ip_set_elem_len(struct ip_set *set, struct nlattr *tb[],
- size_t len);
+ size_t len, size_t align);
extern int ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[],
struct ip_set_ext *ext);
diff --git a/net/netfilter/ipset/ip_set_bitmap_gen.h b/net/netfilter/ipset/ip_set_bitmap_gen.h
index d05e759ed0fa..b0bc475f641e 100644
--- a/net/netfilter/ipset/ip_set_bitmap_gen.h
+++ b/net/netfilter/ipset/ip_set_bitmap_gen.h
@@ -33,7 +33,7 @@
#define mtype_gc IPSET_TOKEN(MTYPE, _gc)
#define mtype MTYPE
-#define get_ext(set, map, id) ((map)->extensions + (set)->dsize * (id))
+#define get_ext(set, map, id) ((map)->extensions + ((set)->dsize * (id)))
static void
mtype_gc_init(struct ip_set *set, void (*gc)(unsigned long ul_set))
@@ -67,12 +67,9 @@ mtype_destroy(struct ip_set *set)
del_timer_sync(&map->gc);
ip_set_free(map->members);
- if (set->dsize) {
- if (set->extensions & IPSET_EXT_DESTROY)
- mtype_ext_cleanup(set);
- ip_set_free(map->extensions);
- }
- kfree(map);
+ if (set->dsize && set->extensions & IPSET_EXT_DESTROY)
+ mtype_ext_cleanup(set);
+ ip_set_free(map);
set->data = NULL;
}
@@ -92,16 +89,14 @@ mtype_head(struct ip_set *set, struct sk_buff *skb)
{
const struct mtype *map = set->data;
struct nlattr *nested;
+ size_t memsize = sizeof(*map) + map->memsize;
nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
if (!nested)
goto nla_put_failure;
if (mtype_do_head(skb, map) ||
nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) ||
- nla_put_net32(skb, IPSET_ATTR_MEMSIZE,
- htonl(sizeof(*map) +
- map->memsize +
- set->dsize * map->elements)))
+ nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)))
goto nla_put_failure;
if (unlikely(ip_set_put_flags(skb, set)))
goto nla_put_failure;
diff --git a/net/netfilter/ipset/ip_set_bitmap_ip.c b/net/netfilter/ipset/ip_set_bitmap_ip.c
index 64a564334418..4783efff0bde 100644
--- a/net/netfilter/ipset/ip_set_bitmap_ip.c
+++ b/net/netfilter/ipset/ip_set_bitmap_ip.c
@@ -41,7 +41,6 @@ MODULE_ALIAS("ip_set_bitmap:ip");
/* Type structure */
struct bitmap_ip {
void *members; /* the set members */
- void *extensions; /* data extensions */
u32 first_ip; /* host byte order, included in range */
u32 last_ip; /* host byte order, included in range */
u32 elements; /* number of max elements in the set */
@@ -49,6 +48,8 @@ struct bitmap_ip {
size_t memsize; /* members size */
u8 netmask; /* subnet netmask */
struct timer_list gc; /* garbage collection */
+ unsigned char extensions[0] /* data extensions */
+ __aligned(__alignof__(u64));
};
/* ADT structure for generic function args */
@@ -224,13 +225,6 @@ init_map_ip(struct ip_set *set, struct bitmap_ip *map,
map->members = ip_set_alloc(map->memsize);
if (!map->members)
return false;
- if (set->dsize) {
- map->extensions = ip_set_alloc(set->dsize * elements);
- if (!map->extensions) {
- kfree(map->members);
- return false;
- }
- }
map->first_ip = first_ip;
map->last_ip = last_ip;
map->elements = elements;
@@ -316,13 +310,13 @@ bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
pr_debug("hosts %u, elements %llu\n",
hosts, (unsigned long long)elements);
- map = kzalloc(sizeof(*map), GFP_KERNEL);
+ set->dsize = ip_set_elem_len(set, tb, 0, 0);
+ map = ip_set_alloc(sizeof(*map) + elements * set->dsize);
if (!map)
return -ENOMEM;
map->memsize = bitmap_bytes(0, elements - 1);
set->variant = &bitmap_ip;
- set->dsize = ip_set_elem_len(set, tb, 0);
if (!init_map_ip(set, map, first_ip, last_ip,
elements, hosts, netmask)) {
kfree(map);
diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
index 1430535118fb..29dde208381d 100644
--- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
+++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
@@ -47,24 +47,26 @@ enum {
/* Type structure */
struct bitmap_ipmac {
void *members; /* the set members */
- void *extensions; /* MAC + data extensions */
u32 first_ip; /* host byte order, included in range */
u32 last_ip; /* host byte order, included in range */
u32 elements; /* number of max elements in the set */
size_t memsize; /* members size */
struct timer_list gc; /* garbage collector */
+ unsigned char extensions[0] /* MAC + data extensions */
+ __aligned(__alignof__(u64));
};
/* ADT structure for generic function args */
struct bitmap_ipmac_adt_elem {
+ unsigned char ether[ETH_ALEN] __aligned(2);
u16 id;
- unsigned char *ether;
+ u16 add_mac;
};
struct bitmap_ipmac_elem {
unsigned char ether[ETH_ALEN];
unsigned char filled;
-} __attribute__ ((aligned));
+} __aligned(__alignof__(u64));
static inline u32
ip_to_id(const struct bitmap_ipmac *m, u32 ip)
@@ -72,11 +74,11 @@ ip_to_id(const struct bitmap_ipmac *m, u32 ip)
return ip - m->first_ip;
}
-static inline struct bitmap_ipmac_elem *
-get_elem(void *extensions, u16 id, size_t dsize)
-{
- return (struct bitmap_ipmac_elem *)(extensions + id * dsize);
-}
+#define get_elem(extensions, id, dsize) \
+ (struct bitmap_ipmac_elem *)(extensions + (id) * (dsize))
+
+#define get_const_elem(extensions, id, dsize) \
+ (const struct bitmap_ipmac_elem *)(extensions + (id) * (dsize))
/* Common functions */
@@ -88,10 +90,9 @@ bitmap_ipmac_do_test(const struct bitmap_ipmac_adt_elem *e,
if (!test_bit(e->id, map->members))
return 0;
- elem = get_elem(map->extensions, e->id, dsize);
- if (elem->filled == MAC_FILLED)
- return !e->ether ||
- ether_addr_equal(e->ether, elem->ether);
+ elem = get_const_elem(map->extensions, e->id, dsize);
+ if (e->add_mac && elem->filled == MAC_FILLED)
+ return ether_addr_equal(e->ether, elem->ether);
/* Trigger kernel to fill out the ethernet address */
return -EAGAIN;
}
@@ -103,7 +104,7 @@ bitmap_ipmac_gc_test(u16 id, const struct bitmap_ipmac *map, size_t dsize)
if (!test_bit(id, map->members))
return 0;
- elem = get_elem(map->extensions, id, dsize);
+ elem = get_const_elem(map->extensions, id, dsize);
/* Timer not started for the incomplete elements */
return elem->filled == MAC_FILLED;
}
@@ -133,7 +134,7 @@ bitmap_ipmac_add_timeout(unsigned long *timeout,
* and we can reuse it later when MAC is filled out,
* possibly by the kernel
*/
- if (e->ether)
+ if (e->add_mac)
ip_set_timeout_set(timeout, t);
else
*timeout = t;
@@ -150,7 +151,7 @@ bitmap_ipmac_do_add(const struct bitmap_ipmac_adt_elem *e,
elem = get_elem(map->extensions, e->id, dsize);
if (test_bit(e->id, map->members)) {
if (elem->filled == MAC_FILLED) {
- if (e->ether &&
+ if (e->add_mac &&
(flags & IPSET_FLAG_EXIST) &&
!ether_addr_equal(e->ether, elem->ether)) {
/* memcpy isn't atomic */
@@ -159,7 +160,7 @@ bitmap_ipmac_do_add(const struct bitmap_ipmac_adt_elem *e,
ether_addr_copy(elem->ether, e->ether);
}
return IPSET_ADD_FAILED;
- } else if (!e->ether)
+ } else if (!e->add_mac)
/* Already added without ethernet address */
return IPSET_ADD_FAILED;
/* Fill the MAC address and trigger the timer activation */
@@ -168,7 +169,7 @@ bitmap_ipmac_do_add(const struct bitmap_ipmac_adt_elem *e,
ether_addr_copy(elem->ether, e->ether);
elem->filled = MAC_FILLED;
return IPSET_ADD_START_STORED_TIMEOUT;
- } else if (e->ether) {
+ } else if (e->add_mac) {
/* We can store MAC too */
ether_addr_copy(elem->ether, e->ether);
elem->filled = MAC_FILLED;
@@ -191,7 +192,7 @@ bitmap_ipmac_do_list(struct sk_buff *skb, const struct bitmap_ipmac *map,
u32 id, size_t dsize)
{
const struct bitmap_ipmac_elem *elem =
- get_elem(map->extensions, id, dsize);
+ get_const_elem(map->extensions, id, dsize);
return nla_put_ipaddr4(skb, IPSET_ATTR_IP,
htonl(map->first_ip + id)) ||
@@ -213,7 +214,7 @@ bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb,
{
struct bitmap_ipmac *map = set->data;
ipset_adtfn adtfn = set->variant->adt[adt];
- struct bitmap_ipmac_adt_elem e = { .id = 0 };
+ struct bitmap_ipmac_adt_elem e = { .id = 0, .add_mac = 1 };
struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);
u32 ip;
@@ -231,7 +232,7 @@ bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb,
return -EINVAL;
e.id = ip_to_id(map, ip);
- e.ether = eth_hdr(skb)->h_source;
+ memcpy(e.ether, eth_hdr(skb)->h_source, ETH_ALEN);
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
}
@@ -265,11 +266,10 @@ bitmap_ipmac_uadt(struct ip_set *set, struct nlattr *tb[],
return -IPSET_ERR_BITMAP_RANGE;
e.id = ip_to_id(map, ip);
- if (tb[IPSET_ATTR_ETHER])
- e.ether = nla_data(tb[IPSET_ATTR_ETHER]);
- else
- e.ether = NULL;
-
+ if (tb[IPSET_ATTR_ETHER]) {
+ memcpy(e.ether, nla_data(tb[IPSET_ATTR_ETHER]), ETH_ALEN);
+ e.add_mac = 1;
+ }
ret = adtfn(set, &e, &ext, &ext, flags);
return ip_set_eexist(ret, flags) ? 0 : ret;
@@ -300,13 +300,6 @@ init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map,
map->members = ip_set_alloc(map->memsize);
if (!map->members)
return false;
- if (set->dsize) {
- map->extensions = ip_set_alloc(set->dsize * elements);
- if (!map->extensions) {
- kfree(map->members);
- return false;
- }
- }
map->first_ip = first_ip;
map->last_ip = last_ip;
map->elements = elements;
@@ -361,14 +354,15 @@ bitmap_ipmac_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
if (elements > IPSET_BITMAP_MAX_RANGE + 1)
return -IPSET_ERR_BITMAP_RANGE_SIZE;
- map = kzalloc(sizeof(*map), GFP_KERNEL);
+ set->dsize = ip_set_elem_len(set, tb,
+ sizeof(struct bitmap_ipmac_elem),
+ __alignof__(struct bitmap_ipmac_elem));
+ map = ip_set_alloc(sizeof(*map) + elements * set->dsize);
if (!map)
return -ENOMEM;
map->memsize = bitmap_bytes(0, elements - 1);
set->variant = &bitmap_ipmac;
- set->dsize = ip_set_elem_len(set, tb,
- sizeof(struct bitmap_ipmac_elem));
if (!init_map_ipmac(set, map, first_ip, last_ip, elements)) {
kfree(map);
return -ENOMEM;
diff --git a/net/netfilter/ipset/ip_set_bitmap_port.c b/net/netfilter/ipset/ip_set_bitmap_port.c
index 5338ccd5da46..7f0c733358a4 100644
--- a/net/netfilter/ipset/ip_set_bitmap_port.c
+++ b/net/netfilter/ipset/ip_set_bitmap_port.c
@@ -35,12 +35,13 @@ MODULE_ALIAS("ip_set_bitmap:port");
/* Type structure */
struct bitmap_port {
void *members; /* the set members */
- void *extensions; /* data extensions */
u16 first_port; /* host byte order, included in range */
u16 last_port; /* host byte order, included in range */
u32 elements; /* number of max elements in the set */
size_t memsize; /* members size */
struct timer_list gc; /* garbage collection */
+ unsigned char extensions[0] /* data extensions */
+ __aligned(__alignof__(u64));
};
/* ADT structure for generic function args */
@@ -209,13 +210,6 @@ init_map_port(struct ip_set *set, struct bitmap_port *map,
map->members = ip_set_alloc(map->memsize);
if (!map->members)
return false;
- if (set->dsize) {
- map->extensions = ip_set_alloc(set->dsize * map->elements);
- if (!map->extensions) {
- kfree(map->members);
- return false;
- }
- }
map->first_port = first_port;
map->last_port = last_port;
set->timeout = IPSET_NO_TIMEOUT;
@@ -232,6 +226,7 @@ bitmap_port_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
{
struct bitmap_port *map;
u16 first_port, last_port;
+ u32 elements;
if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
!ip_set_attr_netorder(tb, IPSET_ATTR_PORT_TO) ||
@@ -248,14 +243,15 @@ bitmap_port_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
last_port = tmp;
}
- map = kzalloc(sizeof(*map), GFP_KERNEL);
+ elements = last_port - first_port + 1;
+ set->dsize = ip_set_elem_len(set, tb, 0, 0);
+ map = ip_set_alloc(sizeof(*map) + elements * set->dsize);
if (!map)
return -ENOMEM;
- map->elements = last_port - first_port + 1;
+ map->elements = elements;
map->memsize = bitmap_bytes(0, map->elements);
set->variant = &bitmap_port;
- set->dsize = ip_set_elem_len(set, tb, 0);
if (!init_map_port(set, map, first_port, last_port)) {
kfree(map);
return -ENOMEM;
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 338b4047776f..cab4bc06cddd 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -364,25 +364,27 @@ add_extension(enum ip_set_ext_id id, u32 flags, struct nlattr *tb[])
}
size_t
-ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], size_t len)
+ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], size_t len,
+ size_t align)
{
enum ip_set_ext_id id;
- size_t offset = len;
u32 cadt_flags = 0;
if (tb[IPSET_ATTR_CADT_FLAGS])
cadt_flags = ip_set_get_h32(tb[IPSET_ATTR_CADT_FLAGS]);
if (cadt_flags & IPSET_FLAG_WITH_FORCEADD)
set->flags |= IPSET_CREATE_FLAG_FORCEADD;
+ if (!align)
+ align = 1;
for (id = 0; id < IPSET_EXT_ID_MAX; id++) {
if (!add_extension(id, cadt_flags, tb))
continue;
- offset = ALIGN(offset, ip_set_extensions[id].align);
- set->offset[id] = offset;
+ len = ALIGN(len, ip_set_extensions[id].align);
+ set->offset[id] = len;
set->extensions |= ip_set_extensions[id].type;
- offset += ip_set_extensions[id].len;
+ len += ip_set_extensions[id].len;
}
- return offset;
+ return ALIGN(len, align);
}
EXPORT_SYMBOL_GPL(ip_set_elem_len);
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index 691b54fcaf2a..4ff22194ce55 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -72,8 +72,9 @@ struct hbucket {
DECLARE_BITMAP(used, AHASH_MAX_TUNED);
u8 size; /* size of the array */
u8 pos; /* position of the first free entry */
- unsigned char value[0]; /* the array of the values */
-} __attribute__ ((aligned));
+ unsigned char value[0] /* the array of the values */
+ __aligned(__alignof__(u64));
+};
/* The hash table: the table size stored here in order to make resizing easy */
struct htable {
@@ -1323,12 +1324,14 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
#endif
set->variant = &IPSET_TOKEN(HTYPE, 4_variant);
set->dsize = ip_set_elem_len(set, tb,
- sizeof(struct IPSET_TOKEN(HTYPE, 4_elem)));
+ sizeof(struct IPSET_TOKEN(HTYPE, 4_elem)),
+ __alignof__(struct IPSET_TOKEN(HTYPE, 4_elem)));
#ifndef IP_SET_PROTO_UNDEF
} else {
set->variant = &IPSET_TOKEN(HTYPE, 6_variant);
set->dsize = ip_set_elem_len(set, tb,
- sizeof(struct IPSET_TOKEN(HTYPE, 6_elem)));
+ sizeof(struct IPSET_TOKEN(HTYPE, 6_elem)),
+ __alignof__(struct IPSET_TOKEN(HTYPE, 6_elem)));
}
#endif
if (tb[IPSET_ATTR_TIMEOUT]) {
diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c
index 5a30ce6e8c90..bbede95c9f68 100644
--- a/net/netfilter/ipset/ip_set_list_set.c
+++ b/net/netfilter/ipset/ip_set_list_set.c
@@ -31,7 +31,7 @@ struct set_elem {
struct rcu_head rcu;
struct list_head list;
ip_set_id_t id;
-};
+} __aligned(__alignof__(u64));
struct set_adt_elem {
ip_set_id_t id;
@@ -618,7 +618,8 @@ list_set_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
size = IP_SET_LIST_MIN_SIZE;
set->variant = &set_variant;
- set->dsize = ip_set_elem_len(set, tb, sizeof(struct set_elem));
+ set->dsize = ip_set_elem_len(set, tb, sizeof(struct set_elem),
+ __alignof__(struct set_elem));
if (!init_list_set(net, set, size))
return -ENOMEM;
if (tb[IPSET_ATTR_TIMEOUT]) {
--
2.4.3

30
netfilter-ipset-Fix-hash-type-expiration.patch
View File

@ -1,30 +0,0 @@
From 7210b25e452780f0792e04dd9f84f3a02c582ab7 Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Sat, 7 Nov 2015 11:23:34 +0100
Subject: [PATCH 2/3] netfilter: ipset: Fix hash:* type expiration
Incorrect index was used when the data blob was shrinked at expiration,
which could lead to falsely expired entries and memory leak when
the comment extension was used too.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
net/netfilter/ipset/ip_set_hash_gen.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index 4ff22194ce55..fa4f6374bb73 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -523,7 +523,7 @@ mtype_expire(struct ip_set *set, struct htype *h, u8 nets_length, size_t dsize)
continue;
data = ahash_data(n, j, dsize);
memcpy(tmp->value + d * dsize, data, dsize);
- set_bit(j, tmp->used);
+ set_bit(d, tmp->used);
d++;
}
tmp->pos = d;
--
2.4.3

47
netfilter-ipset-Fix-hash-type-expire-release-empty-h.patch
View File

@ -1,47 +0,0 @@
From 03fdcf282c8fe212efae0d1229fb8594ffe60b17 Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Sat, 7 Nov 2015 11:24:51 +0100
Subject: [PATCH 3/3] netfilter: ipset: Fix hash type expire: release empty
hash bucket block
When all entries are expired/all slots are empty, release the bucket.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
net/netfilter/ipset/ip_set_hash_gen.h | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index fa4f6374bb73..e5336ab36d67 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -476,7 +476,7 @@ static void
mtype_expire(struct ip_set *set, struct htype *h, u8 nets_length, size_t dsize)
{
struct htable *t;
- struct hbucket *n;
+ struct hbucket *n, *tmp;
struct mtype_elem *data;
u32 i, j, d;
#ifdef IP_SET_HASH_WITH_NETS
@@ -511,9 +511,14 @@ mtype_expire(struct ip_set *set, struct htype *h, u8 nets_length, size_t dsize)
}
}
if (d >= AHASH_INIT_SIZE) {
- struct hbucket *tmp = kzalloc(sizeof(*tmp) +
- (n->size - AHASH_INIT_SIZE) * dsize,
- GFP_ATOMIC);
+ if (d >= n->size) {
+ rcu_assign_pointer(hbucket(t, i), NULL);
+ kfree_rcu(n, rcu);
+ continue;
+ }
+ tmp = kzalloc(sizeof(*tmp) +
+ (n->size - AHASH_INIT_SIZE) * dsize,
+ GFP_ATOMIC);
if (!tmp)
/* Still try to delete expired elements */
continue;
--
2.4.3

46
ovl-fix-permission-checking-for-setattr.patch
View File

@ -1,46 +0,0 @@
From acff81ec2c79492b180fade3c2894425cd35a545 Mon Sep 17 00:00:00 2001
From: Miklos Szeredi <miklos@szeredi.hu>
Date: Fri, 4 Dec 2015 19:18:48 +0100
Subject: [PATCH] ovl: fix permission checking for setattr
[Al Viro] The bug is in being too enthusiastic about optimizing ->setattr()
away - instead of "copy verbatim with metadata" + "chmod/chown/utimes"
(with the former being always safe and the latter failing in case of
insufficient permissions) it tries to combine these two. Note that copyup
itself will have to do ->setattr() anyway; _that_ is where the elevated
capabilities are right. Having these two ->setattr() (one to set verbatim
copy of metadata, another to do what overlayfs ->setattr() had been asked
to do in the first place) combined is where it breaks.
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Cc: <stable@vger.kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
fs/overlayfs/inode.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index ec0c2a050043..961284936917 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -49,13 +49,13 @@ int ovl_setattr(struct dentry *dentry, struct iattr *attr)
if (err)
goto out;
- upperdentry = ovl_dentry_upper(dentry);
- if (upperdentry) {
+ err = ovl_copy_up(dentry);
+ if (!err) {
+ upperdentry = ovl_dentry_upper(dentry);
+
mutex_lock(&upperdentry->d_inode->i_mutex);
err = notify_change(upperdentry, attr, NULL);
mutex_unlock(&upperdentry->d_inode->i_mutex);
- } else {
- err = ovl_copy_up_last(dentry, attr, false);
}
ovl_drop_write(dentry);
out:
--
2.5.0

139
ppp-slip-Validate-VJ-compression-slot-parameters-com.patch
View File

@ -1,139 +0,0 @@
From a8bc90052f18348718412cebf7b569da95bad264 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Sun, 1 Nov 2015 16:22:53 +0000
Subject: [PATCH 2/2] ppp, slip: Validate VJ compression slot parameters
completely
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Currently slhc_init() treats out-of-range values of rslots and tslots
as equivalent to 0, except that if tslots is too large it will
dereference a null pointer (CVE-2015-7799).
Add a range-check at the top of the function and make it return an
ERR_PTR() on error instead of NULL. Change the callers accordingly.
Compile-tested only.
Reported-by: 郭永刚 <guoyonggang@360.cn>
References: http://article.gmane.org/gmane.comp.security.oss.general/17908
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
drivers/isdn/i4l/isdn_ppp.c | 10 ++++------
drivers/net/ppp/ppp_generic.c | 6 ++----
drivers/net/slip/slhc.c | 12 ++++++++----
drivers/net/slip/slip.c | 2 +-
4 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/drivers/isdn/i4l/isdn_ppp.c b/drivers/isdn/i4l/isdn_ppp.c
index 86f9abebcb72..9c1e8adaf4fc 100644
--- a/drivers/isdn/i4l/isdn_ppp.c
+++ b/drivers/isdn/i4l/isdn_ppp.c
@@ -322,9 +322,9 @@ isdn_ppp_open(int min, struct file *file)
* VJ header compression init
*/
is->slcomp = slhc_init(16, 16); /* not necessary for 2. link in bundle */
- if (!is->slcomp) {
+ if (IS_ERR(is->slcomp)) {
isdn_ppp_ccp_reset_free(is);
- return -ENOMEM;
+ return PTR_ERR(is->slcomp);
}
#endif
#ifdef CONFIG_IPPP_FILTER
@@ -573,10 +573,8 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
is->maxcid = val;
#ifdef CONFIG_ISDN_PPP_VJ
sltmp = slhc_init(16, val);
- if (!sltmp) {
- printk(KERN_ERR "ippp, can't realloc slhc struct\n");
- return -ENOMEM;
- }
+ if (IS_ERR(sltmp))
+ return PTR_ERR(sltmp);
if (is->slcomp)
slhc_free(is->slcomp);
is->slcomp = sltmp;
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index ed00446759b2..9a863c6a6a33 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -721,10 +721,8 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
val &= 0xffff;
}
vj = slhc_init(val2+1, val+1);
- if (!vj) {
- netdev_err(ppp->dev,
- "PPP: no memory (VJ compressor)\n");
- err = -ENOMEM;
+ if (IS_ERR(vj)) {
+ err = PTR_ERR(vj);
break;
}
ppp_lock(ppp);
diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c
index 079f7adfcde5..27ed25252aac 100644
--- a/drivers/net/slip/slhc.c
+++ b/drivers/net/slip/slhc.c
@@ -84,8 +84,9 @@ static long decode(unsigned char **cpp);
static unsigned char * put16(unsigned char *cp, unsigned short x);
static unsigned short pull16(unsigned char **cpp);
-/* Initialize compression data structure
+/* Allocate compression data structure
* slots must be in range 0 to 255 (zero meaning no compression)
+ * Returns pointer to structure or ERR_PTR() on error.
*/
struct slcompress *
slhc_init(int rslots, int tslots)
@@ -94,11 +95,14 @@ slhc_init(int rslots, int tslots)
register struct cstate *ts;
struct slcompress *comp;
+ if (rslots < 0 || rslots > 255 || tslots < 0 || tslots > 255)
+ return ERR_PTR(-EINVAL);
+
comp = kzalloc(sizeof(struct slcompress), GFP_KERNEL);
if (! comp)
goto out_fail;
- if ( rslots > 0 && rslots < 256 ) {
+ if (rslots > 0) {
size_t rsize = rslots * sizeof(struct cstate);
comp->rstate = kzalloc(rsize, GFP_KERNEL);
if (! comp->rstate)
@@ -106,7 +110,7 @@ slhc_init(int rslots, int tslots)
comp->rslot_limit = rslots - 1;
}
- if ( tslots > 0 && tslots < 256 ) {
+ if (tslots > 0) {
size_t tsize = tslots * sizeof(struct cstate);
comp->tstate = kzalloc(tsize, GFP_KERNEL);
if (! comp->tstate)
@@ -141,7 +145,7 @@ out_free2:
out_free:
kfree(comp);
out_fail:
- return NULL;
+ return ERR_PTR(-ENOMEM);
}
diff --git a/drivers/net/slip/slip.c b/drivers/net/slip/slip.c
index 05387b1e2e95..a17d86a57734 100644
--- a/drivers/net/slip/slip.c
+++ b/drivers/net/slip/slip.c
@@ -164,7 +164,7 @@ static int sl_alloc_bufs(struct slip *sl, int mtu)
if (cbuff == NULL)
goto err_exit;
slcomp = slhc_init(16, 16);
- if (slcomp == NULL)
+ if (IS_ERR(slcomp))
goto err_exit;
#endif
spin_lock_bh(&sl->lock);
--
2.4.3

39
pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
View File

@ -1,39 +0,0 @@
From 16c5a158e97d5b1f6c8bf86b006c1349f025d4e0 Mon Sep 17 00:00:00 2001
From: WANG Cong <xiyou.wangcong@gmail.com>
Date: Mon, 14 Dec 2015 13:48:36 -0800
Subject: [PATCH] pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
Reported-by: Dmitry Vyukov <dvyukov@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ppp/pptp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c
index fc69e41d0950..597c53e0a2ec 100644
--- a/drivers/net/ppp/pptp.c
+++ b/drivers/net/ppp/pptp.c
@@ -419,6 +419,9 @@ static int pptp_bind(struct socket *sock, struct sockaddr *uservaddr,
struct pptp_opt *opt = &po->proto.pptp;
int error = 0;
+ if (sockaddr_len < sizeof(struct sockaddr_pppox))
+ return -EINVAL;
+
lock_sock(sk);
opt->src_addr = sp->sa_addr.pptp;
@@ -440,6 +443,9 @@ static int pptp_connect(struct socket *sock, struct sockaddr *uservaddr,
struct flowi4 fl4;
int error = 0;
+ if (sockaddr_len < sizeof(struct sockaddr_pppox))
+ return -EINVAL;
+
if (sp->sa_protocol != PX_PROTO_PPTP)
return -EINVAL;
--
2.5.0

108
ptrace-being-capable-wrt-a-process-requires-mapped-u.patch Normal file
View File

@ -0,0 +1,108 @@
From 64a37c8197f4e1c2637cd80326f4649282176369 Mon Sep 17 00:00:00 2001
From: Jann Horn <jann@thejh.net>
Date: Sat, 26 Dec 2015 03:52:31 +0100
Subject: [PATCH] ptrace: being capable wrt a process requires mapped uids/gids
ptrace_has_cap() checks whether the current process should be
treated as having a certain capability for ptrace checks
against another process. Until now, this was equivalent to
has_ns_capability(current, target_ns, CAP_SYS_PTRACE).
However, if a root-owned process wants to enter a user
namespace for some reason without knowing who owns it and
therefore can't change to the namespace owner's uid and gid
before entering, as soon as it has entered the namespace,
the namespace owner can attach to it via ptrace and thereby
gain access to its uid and gid.
While it is possible for the entering process to switch to
the uid of a claimed namespace owner before entering,
causing the attempt to enter to fail if the claimed uid is
wrong, this doesn't solve the problem of determining an
appropriate gid.
With this change, the entering process can first enter the
namespace and then safely inspect the namespace's
properties, e.g. through /proc/self/{uid_map,gid_map},
assuming that the namespace owner doesn't have access to
uid 0.
Changed in v2: The caller needs to be capable in the
namespace into which tcred's uids/gids can be mapped.
Signed-off-by: Jann Horn <jann@thejh.net>
---
kernel/ptrace.c | 33 ++++++++++++++++++++++++++++-----
1 file changed, 28 insertions(+), 5 deletions(-)
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index 787320de68e0..407c382b45c8 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -20,6 +20,7 @@
#include <linux/uio.h>
#include <linux/audit.h>
#include <linux/pid_namespace.h>
+#include <linux/user_namespace.h>
#include <linux/syscalls.h>
#include <linux/uaccess.h>
#include <linux/regset.h>
@@ -207,12 +208,34 @@ static int ptrace_check_attach(struct task_struct *child, bool ignore_state)
return ret;
}
-static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode)
+static bool ptrace_has_cap(const struct cred *tcred, unsigned int mode)
{
+ struct user_namespace *tns = tcred->user_ns;
+
+ /* When a root-owned process enters a user namespace created by a
+ * malicious user, the user shouldn't be able to execute code under
+ * uid 0 by attaching to the root-owned process via ptrace.
+ * Therefore, similar to the capable_wrt_inode_uidgid() check,
+ * verify that all the uids and gids of the target process are
+ * mapped into a namespace below the current one in which the caller
+ * is capable.
+ * No fsuid/fsgid check because __ptrace_may_access doesn't do it
+ * either.
+ */
+ while (
+ !kuid_has_mapping(tns, tcred->euid) ||
+ !kuid_has_mapping(tns, tcred->suid) ||
+ !kuid_has_mapping(tns, tcred->uid) ||
+ !kgid_has_mapping(tns, tcred->egid) ||
+ !kgid_has_mapping(tns, tcred->sgid) ||
+ !kgid_has_mapping(tns, tcred->gid)) {
+ tns = tns->parent;
+ }
+
if (mode & PTRACE_MODE_NOAUDIT)
- return has_ns_capability_noaudit(current, ns, CAP_SYS_PTRACE);
+ return has_ns_capability_noaudit(current, tns, CAP_SYS_PTRACE);
else
- return has_ns_capability(current, ns, CAP_SYS_PTRACE);
+ return has_ns_capability(current, tns, CAP_SYS_PTRACE);
}
/* Returns 0 on success, -errno on denial. */
@@ -241,7 +264,7 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
gid_eq(cred->gid, tcred->sgid) &&
gid_eq(cred->gid, tcred->gid))
goto ok;
- if (ptrace_has_cap(tcred->user_ns, mode))
+ if (ptrace_has_cap(tcred, mode))
goto ok;
rcu_read_unlock();
return -EPERM;
@@ -252,7 +275,7 @@ ok:
dumpable = get_dumpable(task->mm);
rcu_read_lock();
if (dumpable != SUID_DUMP_USER &&
- !ptrace_has_cap(__task_cred(task)->user_ns, mode)) {
+ !ptrace_has_cap(__task_cred(task), mode)) {
rcu_read_unlock();
return -EPERM;
}
--
2.5.0

13
scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
View File

@ -1,3 +1,4 @@
From 7afe9a8d7dca86a8f35250f21f5f0a62ea2fedf7 Mon Sep 17 00:00:00 2001
From: "kernel-team@fedoraproject.org" <kernel-team@fedoraproject.org>
Date: Fri, 10 Feb 2012 14:56:13 -0500
Subject: [PATCH] scsi: sd_revalidate_disk prevent NULL ptr deref
@ -9,18 +10,19 @@ Upstream-status: Fedora mustard (might be worth dropping...)
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index 3b2fcb4fada0..f0f9e8574303 100644
index 3d22fc3..07aec76 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -2717,13 +2717,18 @@ static int sd_try_extended_inquiry(struct scsi_device *sdp)
@@ -2825,7 +2825,7 @@ static inline u32 logical_to_sectors(struct scsi_device *sdev, u32 blocks)
static int sd_revalidate_disk(struct gendisk *disk)
{
struct scsi_disk *sdkp = scsi_disk(disk);
- struct scsi_device *sdp = sdkp->device;
+ struct scsi_device *sdp;
struct request_queue *q = sdkp->disk->queue;
unsigned char *buffer;
unsigned int max_xfer;
unsigned int dev_max, rw_max;
@@ -2833,6 +2833,11 @@ static int sd_revalidate_disk(struct gendisk *disk)
SCSI_LOG_HLQUEUE(3, sd_printk(KERN_INFO, sdkp,
"sd_revalidate_disk\n"));
@ -32,3 +34,6 @@ index 3b2fcb4fada0..f0f9e8574303 100644
/*
* If the device is offline, don't try and read capacity or any
* of the other niceties.
--
2.5.0

5
sources
View File

@ -1,3 +1,2 @@
58b35794eee3b6d52ce7be39357801e7 linux-4.3.tar.xz
7c516c9528b9f9aac0136944b0200b7e perf-man-4.3.tar.gz
d3235b3640ae6ac1ab579171943fda4b patch-4.3.3.xz
9a78fa2eb6c68ca5a40ed5af08142599 linux-4.4.tar.xz
dcbc8fe378a676d5d0dd208cf524e144 perf-man-4.4.tar.gz

40
usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
View File

@ -1,40 +0,0 @@
From: Mark Langsdorf <mlangsdo@redhat.com>
Date: Wed, 25 Mar 2015 14:12:51 -0400
Subject: [PATCH] usb: make xhci platform driver use 64 bit or 32 bit DMA
The xhci platform driver needs to work on systems that either only
support 64-bit DMA or only support 32-bit DMA. Attempt to set a
coherent dma mask for 64-bit DMA, and attempt again with 32-bit
DMA if that fails.
Signed-off-by: Mark Langsdorf <mlangsdo@redhat.com>
---
drivers/usb/host/xhci-plat.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c
index 890ad9d9d329..122b1fb12b7e 100644
--- a/drivers/usb/host/xhci-plat.c
+++ b/drivers/usb/host/xhci-plat.c
@@ -93,14 +93,13 @@ static int xhci_plat_probe(struct platform_device *pdev)
if (irq < 0)
return -ENODEV;
- /* Initialize dma_mask and coherent_dma_mask to 32-bits */
- ret = dma_set_coherent_mask(&pdev->dev, DMA_BIT_MASK(32));
- if (ret)
- return ret;
- if (!pdev->dev.dma_mask)
- pdev->dev.dma_mask = &pdev->dev.coherent_dma_mask;
- else
- dma_set_mask(&pdev->dev, DMA_BIT_MASK(32));
+ /* Try setting the coherent_dma_mask to 64 bits, then try 32 bits */
+ ret = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(64));
+ if (ret) {
+ ret = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(32));
+ if (ret)
+ return ret;
+ }
hcd = usb_create_hcd(driver, &pdev->dev, dev_name(&pdev->dev));
if (!hcd)

42
vrf-fix-memory-leak-on-registration.patch
View File

@ -1,42 +0,0 @@
From 5780068e17af44a98d432d31448bb18a99ce64dc Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Tue, 15 Dec 2015 15:12:43 +0000
Subject: [PATCH] vrf: Fix memory leak on registration failure in vrf_newlink()
The backported version of commit 7f109f7cc371 ("vrf: fix double free
and memory corruption on register_netdevice failure") incorrectly
removed a kfree() from the failure path as well as the free_netdev().
Add that back.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
drivers/net/vrf.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
index c9e309c..6c25fd0 100644
--- a/drivers/net/vrf.c
+++ b/drivers/net/vrf.c
@@ -581,6 +581,7 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev,
{
struct net_vrf *vrf = netdev_priv(dev);
struct net_vrf_dev *vrf_ptr;
+ int err;
if (!data || !data[IFLA_VRF_TABLE])
return -EINVAL;
@@ -598,7 +599,10 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev,
rcu_assign_pointer(dev->vrf_ptr, vrf_ptr);
- return register_netdev(dev);
+ err = register_netdev(dev);
+ if (err)
+ kfree(vrf_ptr);
+ return err;
}
static size_t vrf_nl_getsize(const struct net_device *dev)
--
2.5.0

12
watchdog-Disable-watchdog-on-virtual-machines.patch
View File

@ -1,3 +1,4 @@
From f1293c68aff98cd913a59b151aac938ec4ce4857 Mon Sep 17 00:00:00 2001
From: Dave Jones <davej@redhat.com>
Date: Tue, 24 Jun 2014 08:43:34 -0400
Subject: [PATCH] watchdog: Disable watchdog on virtual machines.
@ -20,7 +21,7 @@ Signed-off-by: Dave Jones <davej@redhat.com>
1 file changed, 29 insertions(+)
diff --git a/kernel/watchdog.c b/kernel/watchdog.c
index a6ffa43f2993..b378b762844a 100644
index 18f34cf..6aadffe 100644
--- a/kernel/watchdog.c
+++ b/kernel/watchdog.c
@@ -20,6 +20,7 @@
@ -31,8 +32,8 @@ index a6ffa43f2993..b378b762844a 100644
#include <asm/irq_regs.h>
#include <linux/kvm_para.h>
@@ -155,6 +156,32 @@ static int __init softlockup_all_cpu_backtrace_setup(char *str)
__setup("softlockup_all_cpu_backtrace=", softlockup_all_cpu_backtrace_setup);
@@ -185,6 +186,32 @@ static int __init hardlockup_all_cpu_backtrace_setup(char *str)
__setup("hardlockup_all_cpu_backtrace=", hardlockup_all_cpu_backtrace_setup);
#endif
+static int disable_watchdog(const struct dmi_system_id *d)
@ -64,7 +65,7 @@ index a6ffa43f2993..b378b762844a 100644
/*
* Hard-lockup warnings should be triggered after just a few seconds. Soft-
* lockups can have false positives under extreme conditions. So we generally
@@ -928,6 +955,8 @@ int proc_watchdog_cpumask(struct ctl_table *table, int write,
@@ -1030,6 +1057,8 @@ out:
void __init lockup_detector_init(void)
{
@ -73,3 +74,6 @@ index a6ffa43f2993..b378b762844a 100644
set_sample_period();
#ifdef CONFIG_NO_HZ_FULL
--
2.5.0