Update to 3.12.3
svn path=/dists/trunk/linux/; revision=20853
This commit is contained in:
parent
8a38dc4ec5
commit
71edc68822
|
@ -1,15 +1,15 @@
|
|||
linux (3.12.2-1~exp1) UNRELEASED; urgency=low
|
||||
linux (3.12.3-1~exp1) UNRELEASED; urgency=low
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.1
|
||||
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.2
|
||||
- libertas: potential oops in debugfs (CVE-2013-6378)
|
||||
- exec/ptrace: fix get_dumpable() incorrect tests (CVE-2013-2929)
|
||||
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.3
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* [rt] Update to 3.12.0-rt2 and reenable
|
||||
* HID: Enable UHID as module (Closes: #729338)
|
||||
- HID: uhid: fix leak for 64/32 UHID_CREATE
|
||||
* [sh4] Remove some accidental inconsistencies in config
|
||||
* Enable CHECKPOINT_RESTORE (Closes: #682700)
|
||||
* Enable JUMP_LABEL (Closes: #730071)
|
||||
|
|
|
@ -1,28 +0,0 @@
|
|||
From: David Herrmann <dh.herrmann@gmail.com>
|
||||
Date: Tue, 26 Nov 2013 13:58:18 +0100
|
||||
Subject: HID: uhid: fix leak for 64/32 UHID_CREATE
|
||||
Origin: http://mid.gmane.org/1385470698-6036-1-git-send-email-dh.herrmann@gmail.com
|
||||
|
||||
UHID allows short writes so user-space can omit unused fields. We
|
||||
automatically set them to 0 in the kernel. However, the 64/32 bit
|
||||
compat-handler didn't do that in the UHID_CREATE fallback. This will
|
||||
reveal random kernel heap data (of random size, even) to user-space.
|
||||
|
||||
Reported-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
---
|
||||
drivers/hid/uhid.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/drivers/hid/uhid.c
|
||||
+++ b/drivers/hid/uhid.c
|
||||
@@ -287,7 +287,7 @@ static int uhid_event_from_user(const ch
|
||||
*/
|
||||
struct uhid_create_req_compat *compat;
|
||||
|
||||
- compat = kmalloc(sizeof(*compat), GFP_KERNEL);
|
||||
+ compat = kzalloc(sizeof(*compat), GFP_KERNEL);
|
||||
if (!compat)
|
||||
return -ENOMEM;
|
||||
|
|
@ -1,43 +0,0 @@
|
|||
From: Ursula Braun <ursula.braun@de.ibm.com>
|
||||
Date: Wed, 6 Nov 2013 09:04:52 +0100
|
||||
Subject: qeth: avoid buffer overflow in snmp ioctl
|
||||
Origin: https://git.kernel.org/linus/6fb392b1a63ae36c31f62bc3fc8630b49d602b62
|
||||
|
||||
Check user-defined length in snmp ioctl request and allow request
|
||||
only if it fits into a qeth command buffer.
|
||||
|
||||
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
|
||||
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
|
||||
Reviewed-by: Heiko Carstens <heicars2@linux.vnet.ibm.com>
|
||||
Reported-by: Nico Golde <nico@ngolde.de>
|
||||
Reported-by: Fabian Yamaguchi <fabs@goesec.de>
|
||||
Cc: <stable@vger.kernel.org>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
drivers/s390/net/qeth_core_main.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/s390/net/qeth_core_main.c b/drivers/s390/net/qeth_core_main.c
|
||||
index 0a328d0..bd8c09e 100644
|
||||
--- a/drivers/s390/net/qeth_core_main.c
|
||||
+++ b/drivers/s390/net/qeth_core_main.c
|
||||
@@ -4451,7 +4451,7 @@ int qeth_snmp_command(struct qeth_card *card, char __user *udata)
|
||||
struct qeth_cmd_buffer *iob;
|
||||
struct qeth_ipa_cmd *cmd;
|
||||
struct qeth_snmp_ureq *ureq;
|
||||
- int req_len;
|
||||
+ unsigned int req_len;
|
||||
struct qeth_arp_query_info qinfo = {0, };
|
||||
int rc = 0;
|
||||
|
||||
@@ -4467,6 +4467,10 @@ int qeth_snmp_command(struct qeth_card *card, char __user *udata)
|
||||
/* skip 4 bytes (data_len struct member) to get req_len */
|
||||
if (copy_from_user(&req_len, udata + sizeof(int), sizeof(int)))
|
||||
return -EFAULT;
|
||||
+ if (req_len > (QETH_BUFSIZE - IPA_PDU_HEADER_SIZE -
|
||||
+ sizeof(struct qeth_ipacmd_hdr) -
|
||||
+ sizeof(struct qeth_ipacmd_setadpparms_hdr)))
|
||||
+ return -EINVAL;
|
||||
ureq = memdup_user(udata, req_len + sizeof(struct qeth_snmp_ureq_hdr));
|
||||
if (IS_ERR(ureq)) {
|
||||
QETH_CARD_TEXT(card, 2, "snmpnome");
|
|
@ -1,39 +0,0 @@
|
|||
From 7f095a71d6bc49d7c33ed33ebc26daf4867ee4c8 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Pfaff <tpfaff@pcs.com>
|
||||
Date: Fri, 11 Oct 2013 12:42:49 +0200
|
||||
Subject: [PATCH] genirq: Set the irq thread policy without checking
|
||||
CAP_SYS_NICE
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/3.12/patches-3.12.1-rt4.tar.xz
|
||||
|
||||
In commit ee23871389 ("genirq: Set irq thread to RT priority on
|
||||
creation") we moved the assigment of the thread's priority from the
|
||||
thread's function into __setup_irq(). That function may run in user
|
||||
context for instance if the user opens an UART node and then driver
|
||||
calls requests in the ->open() callback. That user may not have
|
||||
CAP_SYS_NICE and so the irq thread won't run with the SCHED_OTHER
|
||||
policy.
|
||||
|
||||
This patch uses sched_setscheduler_nocheck() so we omit the CAP_SYS_NICE
|
||||
check which is otherwise required for the SCHED_OTHER policy.
|
||||
|
||||
Cc: Ivo Sieben <meltedpianoman@gmail.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Cc: stable-rt@vger.kernel.org
|
||||
Signed-off-by: Thomas Pfaff <tpfaff@pcs.com>
|
||||
[bigeasy: rewrite the changelog]
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
---
|
||||
kernel/irq/manage.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/kernel/irq/manage.c
|
||||
+++ b/kernel/irq/manage.c
|
||||
@@ -956,7 +956,7 @@ static int
|
||||
goto out_mput;
|
||||
}
|
||||
|
||||
- sched_setscheduler(t, SCHED_FIFO, ¶m);
|
||||
+ sched_setscheduler_nocheck(t, SCHED_FIFO, ¶m);
|
||||
|
||||
/*
|
||||
* We keep the reference to the task struct even if
|
|
@ -74,11 +74,9 @@ features/all/mvsas-Recognise-device-subsystem-9485-9485-as-88SE94.patch
|
|||
bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch
|
||||
debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
|
||||
bugfix/all/UAPI-include-asm-byteorder.h-in-linux-raid-md_p.h.patch
|
||||
bugfix/all/HID-uhid-fix-leak-for-64-32-UHID_CREATE.mbox
|
||||
bugfix/all/net-clamp-msg_namelen-instead-of-returning-an-error.patch
|
||||
bugfix/all/tcp-tsq-restore-minimal-amount-of-queueing.patch
|
||||
bugfix/all/rds-prevent-bug_on-triggered-by-congestion-update-to-loopback.patch
|
||||
bugfix/all/ipv6-fix-headroom-calculation-in-udp6_ufo_fragment.patch
|
||||
bugfix/s390/qeth-avoid-buffer-overflow-in-snmp-ioctl.patch
|
||||
bugfix/all/xfs-underflow-bug-in-xfs_attrlist_by_handle.patch
|
||||
bugfix/arm/ahci-imx-Explicitly-clear-IMX6Q_GPR13_SATA_MPLL_CLK_.patch
|
||||
|
|
|
@ -10,7 +10,6 @@ features/all/rt/lockdep-Correctly-annotate-hardirq-context-in-irq_ex.patch
|
|||
############################################################
|
||||
# UPSTREAM FIXES, patches pending
|
||||
############################################################
|
||||
features/all/rt/genirq-Set-the-irq-thread-policy-without-checking-CA.patch
|
||||
|
||||
############################################################
|
||||
# Stuff broken upstream, patches submitted
|
||||
|
|
Loading…
Reference in New Issue