debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

Update to 4.9-rc5

This commit is contained in:
Ben Hutchings 2016-11-13 20:35:21 +00:00
parent 993ab494e5
commit b15e0cf459
8 changed files with 20 additions and 257 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
debian/changelog vendored
View File

@ -1,4 +1,6 @@
linux (4.9~rc3-1~exp2) UNRELEASED; urgency=medium
linux (4.9~rc5-1~exp1) UNRELEASED; urgency=medium
* New upstream release candidate
[ Aurelien Jarno ]
* Enable MAC802154, IEEE802154_ADF7242, IEEE802154_AT86RF230,

20
debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch vendored
View File

@ -355,7 +355,7 @@ upstream submission.
}
--- a/drivers/media/usb/dvb-usb/dib0700_devices.c
+++ b/drivers/media/usb/dvb-usb/dib0700_devices.c
@@ -2410,12 +2410,9 @@ static int stk9090m_frontend_attach(stru
@@ -2411,12 +2411,9 @@ static int stk9090m_frontend_attach(stru
dib9000_i2c_enumeration(&adap->dev->i2c_adap, 1, 0x10, 0x80);
@ -370,7 +370,7 @@ upstream submission.
stk9090m_config.microcode_B_fe_size = state->frontend_firmware->size;
stk9090m_config.microcode_B_fe_buffer = state->frontend_firmware->data;
@@ -2476,12 +2473,9 @@ static int nim9090md_frontend_attach(str
@@ -2477,12 +2474,9 @@ static int nim9090md_frontend_attach(str
msleep(20);
dib0700_set_gpio(adap->dev, GPIO0, GPIO_OUT, 1);
@ -406,7 +406,7 @@ upstream submission.
case CYPRESS_AN2135:
--- a/drivers/media/usb/dvb-usb/gp8psk.c
+++ b/drivers/media/usb/dvb-usb/gp8psk.c
@@ -116,20 +116,14 @@ static int gp8psk_load_bcm4500fw(struct
@@ -134,20 +134,14 @@ static int gp8psk_load_bcm4500fw(struct
const u8 *ptr;
u8 *buf;
if ((ret = request_firmware(&fw, bcm4500_firmware,
@ -1032,7 +1032,7 @@ upstream submission.
--- a/drivers/media/usb/s2255/s2255drv.c
+++ b/drivers/media/usb/s2255/s2255drv.c
@@ -2297,10 +2297,8 @@ static int s2255_probe(struct usb_interf
@@ -2308,10 +2308,8 @@ static int s2255_probe(struct usb_interf
}
/* load the first chunk */
if (request_firmware(&dev->fw_data->fw,
@ -1163,7 +1163,7 @@ upstream submission.
--- a/drivers/net/ethernet/broadcom/bnx2.c
+++ b/drivers/net/ethernet/broadcom/bnx2.c
@@ -3720,16 +3720,13 @@ static int bnx2_request_uncached_firmwar
@@ -3725,16 +3725,13 @@ static int bnx2_request_uncached_firmwar
}
rc = request_firmware(&bp->mips_firmware, mips_fw_file, &bp->pdev->dev);
@ -1731,17 +1731,17 @@ upstream submission.
if (!err)
goto found_alt;
}
- pr_err("Firmware %s not available\n", rtlpriv->cfg->fw_name);
- pr_err("Selected firmware is not available\n");
rtlpriv->max_fw_size = 0;
return;
}
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c
@@ -94,7 +94,6 @@ static void rtl92se_fw_cb(const struct f
@@ -95,7 +95,6 @@ static void rtl92se_fw_cb(const struct f
"Firmware callback routine entered!\n");
complete(&rtlpriv->firmware_loading_complete);
if (!firmware) {
- pr_err("Firmware %s not available\n", rtlpriv->cfg->fw_name);
- pr_err("Firmware %s not available\n", fw_name);
rtlpriv->max_fw_size = 0;
return;
}
@ -1965,7 +1965,7 @@ upstream submission.
if (qla82xx_validate_firmware_blob(vha,
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -5620,8 +5620,6 @@ qla2x00_request_firmware(scsi_qla_host_t
@@ -5636,8 +5636,6 @@ qla2x00_request_firmware(scsi_qla_host_t
goto out;
if (request_firmware(&blob->fw, blob->name, &ha->pdev->dev)) {
@ -2526,7 +2526,7 @@ upstream submission.
filename, emu->firmware->size);
--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
@@ -1812,10 +1812,8 @@ static void azx_firmware_cb(const struct
@@ -1815,10 +1815,8 @@ static void azx_firmware_cb(const struct
struct azx *chip = card->private_data;
struct pci_dev *pci = chip->pci;

4
debian/patches/bugfix/all/kbuild-add-fno-pie.patch vendored
View File

@ -25,9 +25,9 @@ Signed-off-by: Michal Marek <mmarek@suse.com>
--- a/Makefile
+++ b/Makefile
@@ -624,6 +624,8 @@ include arch/$(SRCARCH)/Makefile
@@ -623,6 +623,8 @@ include arch/$(SRCARCH)/Makefile
KBUILD_CFLAGS += $(call cc-option,-fno-delete-null-pointer-checks,)
KBUILD_CFLAGS += $(call cc-disable-warning,maybe-uninitialized,)
KBUILD_CFLAGS += $(call cc-disable-warning,frame-address,)
+KBUILD_CFLAGS += $(call cc-option,-fno-PIE)
+KBUILD_AFLAGS += $(call cc-option,-fno-PIE)

8
debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch vendored
View File

@ -64,16 +64,16 @@ the kernel.
# Usage: KBUILD_ARFLAGS := $(call ar-option,D)
--- a/Makefile
+++ b/Makefile
@@ -634,6 +634,8 @@ KBUILD_CFLAGS += -O2
endif
endif
@@ -642,6 +642,8 @@ endif
KBUILD_CFLAGS += $(call cc-ifversion, -lt, 0409, \
$(call cc-disable-warning,maybe-uninitialized,))
+NOSTDINC_FLAGS += -nostdinc
+
# Tell gcc to never replace conditional load with a non-conditional one
KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
@@ -752,7 +754,7 @@ KBUILD_CFLAGS += $(call cc-option, -fno-
@@ -760,7 +762,7 @@ KBUILD_CFLAGS += $(call cc-option, -fno-
endif
# arch Makefile may override CC so keep this after arch Makefile is included

201
debian/patches/bugfix/all/net-add-recursion-limit-to-gro.patch vendored
View File

@ -1,201 +0,0 @@
From: Sabrina Dubroca <sd@queasysnail.net>
Date: Mon, 10 Oct 2016 15:43:46 +0200
Subject: net: add recursion limit to GRO
Origin: https://patchwork.ozlabs.org/patch/680412/
Currently, GRO can do unlimited recursion through the gro_receive
handlers. This was fixed for tunneling protocols by limiting tunnel GRO
to one level with encap_mark, but both VLAN and TEB still have this
problem. Thus, the kernel is vulnerable to a stack overflow, if we
receive a packet composed entirely of VLAN headers.
This patch adds a recursion counter to the GRO layer to prevent stack
overflow. When a gro_receive function hits the recursion limit, GRO is
aborted for this skb and it is processed normally.
Thanks to Vladimír Beneš <vbenes@redhat.com> for the initial bug report.
Fixes: CVE-2016-7039
Fixes: 9b174d88c257 ("net: Add Transparent Ethernet Bridging GRO support.")
Fixes: 66e5133f19e9 ("vlan: Add GRO support for non hardware accelerated vlan")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Jiri Benc <jbenc@redhat.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
---
drivers/net/geneve.c | 2 +-
drivers/net/vxlan.c | 2 +-
include/linux/netdevice.h | 24 +++++++++++++++++++++++-
net/8021q/vlan.c | 2 +-
net/core/dev.c | 1 +
net/ethernet/eth.c | 2 +-
net/ipv4/af_inet.c | 2 +-
net/ipv4/fou.c | 4 ++--
net/ipv4/gre_offload.c | 2 +-
net/ipv4/udp_offload.c | 8 +++++++-
net/ipv6/ip6_offload.c | 2 +-
11 files changed, 40 insertions(+), 11 deletions(-)
--- a/drivers/net/geneve.c
+++ b/drivers/net/geneve.c
@@ -471,7 +471,7 @@ static struct sk_buff **geneve_gro_recei
skb_gro_pull(skb, gh_len);
skb_gro_postpull_rcsum(skb, gh, gh_len);
- pp = ptype->callbacks.gro_receive(head, skb);
+ pp = call_gro_receive(ptype->callbacks.gro_receive, head, skb);
flush = 0;
out_unlock:
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -601,7 +601,7 @@ static struct sk_buff **vxlan_gro_receiv
}
}
- pp = eth_gro_receive(head, skb);
+ pp = call_gro_receive(eth_gro_receive, head, skb);
flush = 0;
out:
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -2114,7 +2114,10 @@ struct napi_gro_cb {
/* Used to determine if flush_id can be ignored */
u8 is_atomic:1;
- /* 5 bit hole */
+ /* Number of gro_receive callbacks this packet already went through */
+ u8 recursion_counter:4;
+
+ /* 1 bit hole */
/* used to support CHECKSUM_COMPLETE for tunneling protocols */
__wsum csum;
@@ -2125,6 +2128,25 @@ struct napi_gro_cb {
#define NAPI_GRO_CB(skb) ((struct napi_gro_cb *)(skb)->cb)
+#define GRO_RECURSION_LIMIT 15
+static inline int gro_recursion_inc_test(struct sk_buff *skb)
+{
+ return ++NAPI_GRO_CB(skb)->recursion_counter == GRO_RECURSION_LIMIT;
+}
+
+typedef struct sk_buff **(*gro_receive_t)(struct sk_buff **, struct sk_buff *);
+static inline struct sk_buff **call_gro_receive(gro_receive_t cb,
+ struct sk_buff **head,
+ struct sk_buff *skb)
+{
+ if (gro_recursion_inc_test(skb)) {
+ NAPI_GRO_CB(skb)->flush |= 1;
+ return NULL;
+ }
+
+ return cb(head, skb);
+}
+
struct packet_type {
__be16 type; /* This is really htons(ether_type). */
struct net_device *dev; /* NULL is wildcarded here */
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
@@ -664,7 +664,7 @@ static struct sk_buff **vlan_gro_receive
skb_gro_pull(skb, sizeof(*vhdr));
skb_gro_postpull_rcsum(skb, vhdr, sizeof(*vhdr));
- pp = ptype->callbacks.gro_receive(head, skb);
+ pp = call_gro_receive(ptype->callbacks.gro_receive, head, skb);
out_unlock:
rcu_read_unlock();
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -4500,6 +4500,7 @@ static enum gro_result dev_gro_receive(s
NAPI_GRO_CB(skb)->flush = 0;
NAPI_GRO_CB(skb)->free = 0;
NAPI_GRO_CB(skb)->encap_mark = 0;
+ NAPI_GRO_CB(skb)->recursion_counter = 0;
NAPI_GRO_CB(skb)->is_fou = 0;
NAPI_GRO_CB(skb)->is_atomic = 1;
NAPI_GRO_CB(skb)->gro_remcsum_start = 0;
--- a/net/ethernet/eth.c
+++ b/net/ethernet/eth.c
@@ -439,7 +439,7 @@ struct sk_buff **eth_gro_receive(struct
skb_gro_pull(skb, sizeof(*eh));
skb_gro_postpull_rcsum(skb, eh, sizeof(*eh));
- pp = ptype->callbacks.gro_receive(head, skb);
+ pp = call_gro_receive(ptype->callbacks.gro_receive, head, skb);
out_unlock:
rcu_read_unlock();
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1388,7 +1388,7 @@ struct sk_buff **inet_gro_receive(struct
skb_gro_pull(skb, sizeof(*iph));
skb_set_transport_header(skb, skb_gro_offset(skb));
- pp = ops->callbacks.gro_receive(head, skb);
+ pp = call_gro_receive(ops->callbacks.gro_receive, head, skb);
out_unlock:
rcu_read_unlock();
--- a/net/ipv4/fou.c
+++ b/net/ipv4/fou.c
@@ -219,7 +219,7 @@ static struct sk_buff **fou_gro_receive(
if (!ops || !ops->callbacks.gro_receive)
goto out_unlock;
- pp = ops->callbacks.gro_receive(head, skb);
+ pp = call_gro_receive(ops->callbacks.gro_receive, head, skb);
out_unlock:
rcu_read_unlock();
@@ -387,7 +387,7 @@ static struct sk_buff **gue_gro_receive(
if (WARN_ON_ONCE(!ops || !ops->callbacks.gro_receive))
goto out_unlock;
- pp = ops->callbacks.gro_receive(head, skb);
+ pp = call_gro_receive(ops->callbacks.gro_receive, head, skb);
flush = 0;
out_unlock:
--- a/net/ipv4/gre_offload.c
+++ b/net/ipv4/gre_offload.c
@@ -227,7 +227,7 @@ static struct sk_buff **gre_gro_receive(
/* Adjusted NAPI_GRO_CB(skb)->csum after skb_gro_pull()*/
skb_gro_postpull_rcsum(skb, greh, grehlen);
- pp = ptype->callbacks.gro_receive(head, skb);
+ pp = call_gro_receive(ptype->callbacks.gro_receive, head, skb);
flush = 0;
out_unlock:
--- a/net/ipv4/udp_offload.c
+++ b/net/ipv4/udp_offload.c
@@ -293,7 +293,13 @@ unflush:
skb_gro_pull(skb, sizeof(struct udphdr)); /* pull encapsulating udp header */
skb_gro_postpull_rcsum(skb, uh, sizeof(struct udphdr));
- pp = udp_sk(sk)->gro_receive(sk, head, skb);
+
+ if (gro_recursion_inc_test(skb)) {
+ flush = 1;
+ pp = NULL;
+ } else {
+ pp = udp_sk(sk)->gro_receive(sk, head, skb);
+ }
out_unlock:
rcu_read_unlock();
--- a/net/ipv6/ip6_offload.c
+++ b/net/ipv6/ip6_offload.c
@@ -243,7 +243,7 @@ static struct sk_buff **ipv6_gro_receive
skb_gro_postpull_rcsum(skb, iph, nlen);
- pp = ops->callbacks.gro_receive(head, skb);
+ pp = call_gro_receive(ops->callbacks.gro_receive, head, skb);
out_unlock:
rcu_read_unlock();

36
debian/patches/bugfix/all/netfilter-xt_nflog-fix-unexpected-truncated-packet.patch vendored
View File

@ -1,36 +0,0 @@
From: Liping Zhang <liping.zhang@spreadtrum.com>
Date: Tue, 11 Oct 2016 21:03:45 +0800
Subject: netfilter: xt_NFLOG: fix unexpected truncated packet
Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=6d19375b58763fefc2f215fb45117d3353ced888
Bug-Debian: https://bugs.debian.org/841261
Justin and Chris spotted that iptables NFLOG target was broken when they
upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
"results in segfaults in ulogd-2.0.5".
Because "struct nf_loginfo li;" is a local variable, and flags will be
filled with garbage value, not inited to zero. So if it contains 0x1,
packets will not be logged to the userspace anymore.
Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate packets")
Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com>
Reported-by: Chris Caputo <ccaputo@alt.net>
Tested-by: Chris Caputo <ccaputo@alt.net>
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/xt_NFLOG.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
index 018eed7e1ff1..8668a5c18dc3 100644
--- a/net/netfilter/xt_NFLOG.c
+++ b/net/netfilter/xt_NFLOG.c
@@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
li.u.ulog.copy_len = info->len;
li.u.ulog.group = info->group;
li.u.ulog.qthreshold = info->threshold;
+ li.u.ulog.flags = 0;
if (info->flags & XT_NFLOG_F_COPY_LEN)
li.u.ulog.flags |= NF_LOG_F_COPY_LEN;

2
debian/patches/debian/kernelvariables.patch vendored
View File

@ -58,7 +58,7 @@ use of $(ARCH) needs to be moved after this.
export KCONFIG_CONFIG
@@ -373,6 +337,44 @@ LDFLAGS_vmlinux =
CFLAGS_GCOV = -fprofile-arcs -ftest-coverage -fno-tree-loop-im
CFLAGS_GCOV = -fprofile-arcs -ftest-coverage -fno-tree-loop-im -Wno-maybe-uninitialized
CFLAGS_KCOV := $(call cc-option,-fsanitize-coverage=trace-pc,)
+-include $(obj)/.kernelvariables

2
debian/patches/series vendored
View File

@ -62,7 +62,6 @@ bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch
bugfix/all/ext4-fix-bug-838544.patch
bugfix/all/mm-memcontrol-use-special-workqueue-for-creating-per-memcg-caches.patch
bugfix/all/netfilter-xt_nflog-fix-unexpected-truncated-packet.patch
bugfix/all/kbuild-add-fno-pie.patch
bugfix/x86/scripts-has-stack-protector-add-fno-pie.patch
bugfix/x86/x86-kexec-add-fno-pie.patch
@ -96,7 +95,6 @@ features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.pa
# Security fixes
bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/all/net-add-recursion-limit-to-gro.patch
# ABI maintenance