Linux v4.8.11
This commit is contained in:
parent
c8564d4747
commit
db161bf785
|
@ -1,61 +0,0 @@
|
|||
From 1aab956c7b8872fb6976328316bfad62c6e67cf8 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala@linux.intel.com>
|
||||
Date: Fri, 21 Oct 2016 16:44:38 +0300
|
||||
Subject: [PATCH] drm/i915: Refresh that status of MST capable connectors in
|
||||
->detect()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Once we've determined that the sink is MST capable we never end up
|
||||
running through the full detect cycle again, despite getting HPDs.
|
||||
Fix tht by ripping out the incorrect piece of code responsible.
|
||||
|
||||
This got broken when I moved the long HPD handling to the ->detect()
|
||||
hook, but failed to remove the leftover code.
|
||||
|
||||
Cc: Ander Conselvan de Oliveira <conselvan2@gmail.com>
|
||||
Cc: drm-intel-fixes@lists.freedesktop.org
|
||||
Cc: Rui Tiago Matos <tiagomatos@gmail.com>
|
||||
Tested-by: Rui Tiago Matos <tiagomatos@gmail.com>
|
||||
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98323
|
||||
Cc: Kirill A. Shutemov <kirill@shutemov.name>
|
||||
Tested-by: Kirill A. Shutemov <kirill@shutemov.name>
|
||||
References: https://bugs.freedesktop.org/show_bug.cgi?id=98306
|
||||
Fixes: 27d4efc5591a ("drm/i915: Move long hpd handling into the hotplug work")
|
||||
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
|
||||
Link: http://patchwork.freedesktop.org/patch/msgid/1477057478-29328-1-git-send-email-ville.syrjala@linux.intel.com
|
||||
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
|
||||
---
|
||||
drivers/gpu/drm/i915/intel_dp.c | 10 ----------
|
||||
1 file changed, 10 deletions(-)
|
||||
|
||||
diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c
|
||||
index f30db8f..80db8a3 100644
|
||||
--- a/drivers/gpu/drm/i915/intel_dp.c
|
||||
+++ b/drivers/gpu/drm/i915/intel_dp.c
|
||||
@@ -4492,21 +4492,11 @@ static enum drm_connector_status
|
||||
intel_dp_detect(struct drm_connector *connector, bool force)
|
||||
{
|
||||
struct intel_dp *intel_dp = intel_attached_dp(connector);
|
||||
- struct intel_digital_port *intel_dig_port = dp_to_dig_port(intel_dp);
|
||||
- struct intel_encoder *intel_encoder = &intel_dig_port->base;
|
||||
enum drm_connector_status status = connector->status;
|
||||
|
||||
DRM_DEBUG_KMS("[CONNECTOR:%d:%s]\n",
|
||||
connector->base.id, connector->name);
|
||||
|
||||
- if (intel_dp->is_mst) {
|
||||
- /* MST devices are disconnected from a monitor POV */
|
||||
- intel_dp_unset_edid(intel_dp);
|
||||
- if (intel_encoder->type != INTEL_OUTPUT_EDP)
|
||||
- intel_encoder->type = INTEL_OUTPUT_DP;
|
||||
- return connector_status_disconnected;
|
||||
- }
|
||||
-
|
||||
/* If full detect is not performed yet, do a full detect */
|
||||
if (!intel_dp->detect_done)
|
||||
status = intel_dp_long_pulse(intel_dp->attached_connector);
|
||||
--
|
||||
2.7.4
|
||||
|
|
@ -0,0 +1,100 @@
|
|||
From f5527fffff3f002b0a6b376163613b82f69de073 Mon Sep 17 00:00:00 2001
|
||||
From: Andrey Ryabinin <aryabinin@virtuozzo.com>
|
||||
Date: Thu, 24 Nov 2016 13:23:10 +0000
|
||||
Subject: [PATCH] mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]
|
||||
|
||||
This fixes CVE-2016-8650.
|
||||
|
||||
If mpi_powm() is given a zero exponent, it wants to immediately return
|
||||
either 1 or 0, depending on the modulus. However, if the result was
|
||||
initalised with zero limb space, no limbs space is allocated and a
|
||||
NULL-pointer exception ensues.
|
||||
|
||||
Fix this by allocating a minimal amount of limb space for the result when
|
||||
the 0-exponent case when the result is 1 and not touching the limb space
|
||||
when the result is 0.
|
||||
|
||||
This affects the use of RSA keys and X.509 certificates that carry them.
|
||||
|
||||
BUG: unable to handle kernel NULL pointer dereference at (null)
|
||||
IP: [<ffffffff8138ce5d>] mpi_powm+0x32/0x7e6
|
||||
PGD 0
|
||||
Oops: 0002 [#1] SMP
|
||||
Modules linked in:
|
||||
CPU: 3 PID: 3014 Comm: keyctl Not tainted 4.9.0-rc6-fscache+ #278
|
||||
Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
|
||||
task: ffff8804011944c0 task.stack: ffff880401294000
|
||||
RIP: 0010:[<ffffffff8138ce5d>] [<ffffffff8138ce5d>] mpi_powm+0x32/0x7e6
|
||||
RSP: 0018:ffff880401297ad8 EFLAGS: 00010212
|
||||
RAX: 0000000000000000 RBX: ffff88040868bec0 RCX: ffff88040868bba0
|
||||
RDX: ffff88040868b260 RSI: ffff88040868bec0 RDI: ffff88040868bee0
|
||||
RBP: ffff880401297ba8 R08: 0000000000000000 R09: 0000000000000000
|
||||
R10: 0000000000000047 R11: ffffffff8183b210 R12: 0000000000000000
|
||||
R13: ffff8804087c7600 R14: 000000000000001f R15: ffff880401297c50
|
||||
FS: 00007f7a7918c700(0000) GS:ffff88041fb80000(0000) knlGS:0000000000000000
|
||||
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
|
||||
CR2: 0000000000000000 CR3: 0000000401250000 CR4: 00000000001406e0
|
||||
Stack:
|
||||
ffff88040868bec0 0000000000000020 ffff880401297b00 ffffffff81376cd4
|
||||
0000000000000100 ffff880401297b10 ffffffff81376d12 ffff880401297b30
|
||||
ffffffff81376f37 0000000000000100 0000000000000000 ffff880401297ba8
|
||||
Call Trace:
|
||||
[<ffffffff81376cd4>] ? __sg_page_iter_next+0x43/0x66
|
||||
[<ffffffff81376d12>] ? sg_miter_get_next_page+0x1b/0x5d
|
||||
[<ffffffff81376f37>] ? sg_miter_next+0x17/0xbd
|
||||
[<ffffffff8138ba3a>] ? mpi_read_raw_from_sgl+0xf2/0x146
|
||||
[<ffffffff8132a95c>] rsa_verify+0x9d/0xee
|
||||
[<ffffffff8132acca>] ? pkcs1pad_sg_set_buf+0x2e/0xbb
|
||||
[<ffffffff8132af40>] pkcs1pad_verify+0xc0/0xe1
|
||||
[<ffffffff8133cb5e>] public_key_verify_signature+0x1b0/0x228
|
||||
[<ffffffff8133d974>] x509_check_for_self_signed+0xa1/0xc4
|
||||
[<ffffffff8133cdde>] x509_cert_parse+0x167/0x1a1
|
||||
[<ffffffff8133d609>] x509_key_preparse+0x21/0x1a1
|
||||
[<ffffffff8133c3d7>] asymmetric_key_preparse+0x34/0x61
|
||||
[<ffffffff812fc9f3>] key_create_or_update+0x145/0x399
|
||||
[<ffffffff812fe227>] SyS_add_key+0x154/0x19e
|
||||
[<ffffffff81001c2b>] do_syscall_64+0x80/0x191
|
||||
[<ffffffff816825e4>] entry_SYSCALL64_slow_path+0x25/0x25
|
||||
Code: 56 41 55 41 54 53 48 81 ec a8 00 00 00 44 8b 71 04 8b 42 04 4c 8b 67 18 45 85 f6 89 45 80 0f 84 b4 06 00 00 85 c0 75 2f 41 ff ce <49> c7 04 24 01 00 00 00 b0 01 75 0b 48 8b 41 18 48 83 38 01 0f
|
||||
RIP [<ffffffff8138ce5d>] mpi_powm+0x32/0x7e6
|
||||
RSP <ffff880401297ad8>
|
||||
CR2: 0000000000000000
|
||||
---[ end trace d82015255d4a5d8d ]---
|
||||
|
||||
Basically, this is a backport of a libgcrypt patch:
|
||||
|
||||
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=6e1adb05d290aeeb1c230c763970695f4a538526
|
||||
|
||||
Fixes: cdec9cb5167a ("crypto: GnuPG based MPI lib - source files (part 1)")
|
||||
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
|
||||
cc: linux-ima-devel@lists.sourceforge.net
|
||||
cc: stable@vger.kernel.org
|
||||
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
||||
---
|
||||
lib/mpi/mpi-pow.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/mpi/mpi-pow.c b/lib/mpi/mpi-pow.c
|
||||
index 5464c87..e24388a 100644
|
||||
--- a/lib/mpi/mpi-pow.c
|
||||
+++ b/lib/mpi/mpi-pow.c
|
||||
@@ -64,8 +64,13 @@ int mpi_powm(MPI res, MPI base, MPI exp, MPI mod)
|
||||
if (!esize) {
|
||||
/* Exponent is zero, result is 1 mod MOD, i.e., 1 or 0
|
||||
* depending on if MOD equals 1. */
|
||||
- rp[0] = 1;
|
||||
res->nlimbs = (msize == 1 && mod->d[0] == 1) ? 0 : 1;
|
||||
+ if (res->nlimbs) {
|
||||
+ if (mpi_resize(res, 1) < 0)
|
||||
+ goto enomem;
|
||||
+ rp = res->d;
|
||||
+ rp[0] = 1;
|
||||
+ }
|
||||
res->sign = 0;
|
||||
goto leave;
|
||||
}
|
||||
--
|
||||
2.9.3
|
||||
|
12
kernel.spec
12
kernel.spec
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 10
|
||||
%define stable_update 11
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
@ -631,15 +631,15 @@ Patch850: v3-vfio-pci-Fix-integer-overflows-bitmask-check.patch
|
|||
#rhbz 1325354
|
||||
Patch852: 0001-HID-input-ignore-System-Control-application-usages-i.patch
|
||||
|
||||
#rhbz 1392885
|
||||
Patch853: 0001-drm-i915-Refresh-that-status-of-MST-capable-connecto.patch
|
||||
|
||||
#rhbz 1390308
|
||||
Patch854: nouveau-add-maxwell-to-backlight-init.patch
|
||||
|
||||
#rhbz 1385823
|
||||
Patch855: 0001-platform-x86-ideapad-laptop-Add-Lenovo-Yoga-910-13IK.patch
|
||||
|
||||
# CVE-2016-8650 rhbz 1395187 1398463
|
||||
Patch856: 0001-mpi-Fix-NULL-ptr-dereference-in-mpi_powm-ver-3.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
@ -2167,6 +2167,10 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Mon Nov 28 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.8.11-200
|
||||
- Linux v4.8.11
|
||||
- CVE-2016-8650 Fix NULL ptr dereference in mpi_powm() (rhbz 1395187 1398463)
|
||||
|
||||
* Mon Nov 28 2016 Peter Robinson <pbrobinson@fedoraproject.org>
|
||||
- Add upstream patch to fix all ARMv7 devices set to initial 200Mhz
|
||||
|
||||
|
|
Loading…
Reference in New Issue