Update to 3.8.5
svn path=/dists/trunk/linux/; revision=19953
This commit is contained in:
parent
55da5d676a
commit
b79f46c9b9
|
@ -1,7 +1,10 @@
|
|||
linux (3.8.4-1~experimental.1) UNRELEASED; urgency=low
|
||||
linux (3.8.5-1~experimental.1) UNRELEASED; urgency=low
|
||||
|
||||
* New upstream stable update:
|
||||
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
|
||||
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.5
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* signal: Fix use of missing sa_restorer field (build regression
|
||||
introduced by fix for CVE-2013-0914)
|
||||
|
||||
|
|
|
@ -1,75 +0,0 @@
|
|||
From: Seth Forshee <seth.forshee@canonical.com>
|
||||
Date: Mon, 11 Mar 2013 16:17:50 -0500
|
||||
Subject: efivars: Add module parameter to disable use as a pstore backend
|
||||
|
||||
commit ec0971ba5372a4dfa753f232449d23a8fd98490e upstream.
|
||||
|
||||
We know that with some firmware implementations writing too much data to
|
||||
UEFI variables can lead to bricking machines. Recent changes attempt to
|
||||
address this issue, but for some it may still be prudent to avoid
|
||||
writing large amounts of data until the solution has been proven on a
|
||||
wide variety of hardware.
|
||||
|
||||
Crash dumps or other data from pstore can potentially be a large data
|
||||
source. Add a pstore_module parameter to efivars to allow disabling its
|
||||
use as a backend for pstore. Also add a config option,
|
||||
CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE, to allow setting the default
|
||||
value of this paramter to true (i.e. disabled by default).
|
||||
|
||||
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
|
||||
Cc: Josh Boyer <jwboyer@redhat.com>
|
||||
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
|
||||
Cc: Seiji Aguchi <seiji.aguchi@hds.com>
|
||||
Cc: Tony Luck <tony.luck@intel.com>
|
||||
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
|
||||
---
|
||||
drivers/firmware/Kconfig | 9 +++++++++
|
||||
drivers/firmware/efivars.c | 8 +++++++-
|
||||
2 files changed, 16 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/firmware/Kconfig b/drivers/firmware/Kconfig
|
||||
index 898023d..42c759a 100644
|
||||
--- a/drivers/firmware/Kconfig
|
||||
+++ b/drivers/firmware/Kconfig
|
||||
@@ -62,6 +62,15 @@ config EFI_VARS_PSTORE
|
||||
will allow writing console messages, crash dumps, or anything
|
||||
else supported by pstore to EFI variables.
|
||||
|
||||
+config EFI_VARS_PSTORE_DEFAULT_DISABLE
|
||||
+ bool "Disable using efivars as a pstore backend by default"
|
||||
+ depends on EFI_VARS_PSTORE
|
||||
+ default n
|
||||
+ help
|
||||
+ Saying Y here will disable the use of efivars as a storage
|
||||
+ backend for pstore by default. This setting can be overridden
|
||||
+ using the efivars module's pstore_disable parameter.
|
||||
+
|
||||
config EFI_PCDP
|
||||
bool "Console device selection via EFI PCDP or HCDP table"
|
||||
depends on ACPI && EFI && IA64
|
||||
diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c
|
||||
index 37b6f24..6607daf 100644
|
||||
--- a/drivers/firmware/efivars.c
|
||||
+++ b/drivers/firmware/efivars.c
|
||||
@@ -103,6 +103,11 @@ MODULE_VERSION(EFIVARS_VERSION);
|
||||
*/
|
||||
#define GUID_LEN 36
|
||||
|
||||
+static bool efivars_pstore_disable =
|
||||
+ IS_ENABLED(EFI_VARS_PSTORE_DEFAULT_DISABLE);
|
||||
+
|
||||
+module_param_named(pstore_disable, efivars_pstore_disable, bool, 0644);
|
||||
+
|
||||
/*
|
||||
* The maximum size of VariableName + Data = 1024
|
||||
* Therefore, it's reasonable to save that much
|
||||
@@ -2009,7 +2014,8 @@ int register_efivars(struct efivars *efivars,
|
||||
if (error)
|
||||
unregister_efivars(efivars);
|
||||
|
||||
- efivar_pstore_register(efivars);
|
||||
+ if (!efivars_pstore_disable)
|
||||
+ efivar_pstore_register(efivars);
|
||||
|
||||
register_filesystem(&efivarfs_type);
|
||||
|
|
@ -1,140 +0,0 @@
|
|||
From: Seth Forshee <seth.forshee@canonical.com>
|
||||
Date: Thu, 7 Mar 2013 11:40:17 -0600
|
||||
Subject: efivars: Allow disabling use as a pstore backend
|
||||
|
||||
commit ed9dc8ce7a1c8115dba9483a9b51df8b63a2e0ef upstream.
|
||||
|
||||
Add a new option, CONFIG_EFI_VARS_PSTORE, which can be set to N to
|
||||
avoid using efivars as a backend to pstore, as some users may want to
|
||||
compile out the code completely.
|
||||
|
||||
Set the default to Y to maintain backwards compatability, since this
|
||||
feature has always been enabled until now.
|
||||
|
||||
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
|
||||
Cc: Josh Boyer <jwboyer@redhat.com>
|
||||
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
|
||||
Cc: Seiji Aguchi <seiji.aguchi@hds.com>
|
||||
Cc: Tony Luck <tony.luck@intel.com>
|
||||
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
|
||||
---
|
||||
drivers/firmware/Kconfig | 9 +++++++
|
||||
drivers/firmware/efivars.c | 64 ++++++++++++++------------------------------
|
||||
2 files changed, 29 insertions(+), 44 deletions(-)
|
||||
|
||||
diff --git a/drivers/firmware/Kconfig b/drivers/firmware/Kconfig
|
||||
index 9b00072..898023d 100644
|
||||
--- a/drivers/firmware/Kconfig
|
||||
+++ b/drivers/firmware/Kconfig
|
||||
@@ -53,6 +53,15 @@ config EFI_VARS
|
||||
Subsequent efibootmgr releases may be found at:
|
||||
<http://linux.dell.com/efibootmgr>
|
||||
|
||||
+config EFI_VARS_PSTORE
|
||||
+ bool "Register efivars backend for pstore"
|
||||
+ depends on EFI_VARS && PSTORE
|
||||
+ default y
|
||||
+ help
|
||||
+ Say Y here to enable use efivars as a backend to pstore. This
|
||||
+ will allow writing console messages, crash dumps, or anything
|
||||
+ else supported by pstore to EFI variables.
|
||||
+
|
||||
config EFI_PCDP
|
||||
bool "Console device selection via EFI PCDP or HCDP table"
|
||||
depends on ACPI && EFI && IA64
|
||||
diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c
|
||||
index fe62aa3..37b6f24 100644
|
||||
--- a/drivers/firmware/efivars.c
|
||||
+++ b/drivers/firmware/efivars.c
|
||||
@@ -1309,9 +1309,7 @@ static const struct inode_operations efivarfs_dir_inode_operations = {
|
||||
.create = efivarfs_create,
|
||||
};
|
||||
|
||||
-static struct pstore_info efi_pstore_info;
|
||||
-
|
||||
-#ifdef CONFIG_PSTORE
|
||||
+#ifdef CONFIG_EFI_VARS_PSTORE
|
||||
|
||||
static int efi_pstore_open(struct pstore_info *psi)
|
||||
{
|
||||
@@ -1514,38 +1512,6 @@ static int efi_pstore_erase(enum pstore_type_id type, u64 id, int count,
|
||||
|
||||
return 0;
|
||||
}
|
||||
-#else
|
||||
-static int efi_pstore_open(struct pstore_info *psi)
|
||||
-{
|
||||
- return 0;
|
||||
-}
|
||||
-
|
||||
-static int efi_pstore_close(struct pstore_info *psi)
|
||||
-{
|
||||
- return 0;
|
||||
-}
|
||||
-
|
||||
-static ssize_t efi_pstore_read(u64 *id, enum pstore_type_id *type, int *count,
|
||||
- struct timespec *timespec,
|
||||
- char **buf, struct pstore_info *psi)
|
||||
-{
|
||||
- return -1;
|
||||
-}
|
||||
-
|
||||
-static int efi_pstore_write(enum pstore_type_id type,
|
||||
- enum kmsg_dump_reason reason, u64 *id,
|
||||
- unsigned int part, int count, size_t size,
|
||||
- struct pstore_info *psi)
|
||||
-{
|
||||
- return 0;
|
||||
-}
|
||||
-
|
||||
-static int efi_pstore_erase(enum pstore_type_id type, u64 id, int count,
|
||||
- struct timespec time, struct pstore_info *psi)
|
||||
-{
|
||||
- return 0;
|
||||
-}
|
||||
-#endif
|
||||
|
||||
static struct pstore_info efi_pstore_info = {
|
||||
.owner = THIS_MODULE,
|
||||
@@ -1557,6 +1523,24 @@ static struct pstore_info efi_pstore_info = {
|
||||
.erase = efi_pstore_erase,
|
||||
};
|
||||
|
||||
+static void efivar_pstore_register(struct efivars *efivars)
|
||||
+{
|
||||
+ efivars->efi_pstore_info = efi_pstore_info;
|
||||
+ efivars->efi_pstore_info.buf = kmalloc(4096, GFP_KERNEL);
|
||||
+ if (efivars->efi_pstore_info.buf) {
|
||||
+ efivars->efi_pstore_info.bufsize = 1024;
|
||||
+ efivars->efi_pstore_info.data = efivars;
|
||||
+ spin_lock_init(&efivars->efi_pstore_info.buf_lock);
|
||||
+ pstore_register(&efivars->efi_pstore_info);
|
||||
+ }
|
||||
+}
|
||||
+#else
|
||||
+static void efivar_pstore_register(struct efivars *efivars)
|
||||
+{
|
||||
+ return;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
static ssize_t efivar_create(struct file *filp, struct kobject *kobj,
|
||||
struct bin_attribute *bin_attr,
|
||||
char *buf, loff_t pos, size_t count)
|
||||
@@ -2025,15 +2009,7 @@ int register_efivars(struct efivars *efivars,
|
||||
if (error)
|
||||
unregister_efivars(efivars);
|
||||
|
||||
- efivars->efi_pstore_info = efi_pstore_info;
|
||||
-
|
||||
- efivars->efi_pstore_info.buf = kmalloc(4096, GFP_KERNEL);
|
||||
- if (efivars->efi_pstore_info.buf) {
|
||||
- efivars->efi_pstore_info.bufsize = 1024;
|
||||
- efivars->efi_pstore_info.data = efivars;
|
||||
- spin_lock_init(&efivars->efi_pstore_info.buf_lock);
|
||||
- pstore_register(&efivars->efi_pstore_info);
|
||||
- }
|
||||
+ efivar_pstore_register(efivars);
|
||||
|
||||
register_filesystem(&efivarfs_type);
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Fri, 22 Mar 2013 19:43:53 +0000
|
||||
Subject: efivars: Fix check for CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE
|
||||
|
||||
The 'CONFIG_' prefix is not implicit in IS_ENABLED().
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
Cc: Seth Forshee <seth.forshee@canonical.com>
|
||||
Cc: <stable@vger.kernel.org>
|
||||
---
|
||||
drivers/firmware/efivars.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/drivers/firmware/efivars.c
|
||||
+++ b/drivers/firmware/efivars.c
|
||||
@@ -105,7 +105,7 @@ MODULE_ALIAS("platform:efivars");
|
||||
#define GUID_LEN 36
|
||||
|
||||
static bool efivars_pstore_disable =
|
||||
- IS_ENABLED(EFI_VARS_PSTORE_DEFAULT_DISABLE);
|
||||
+ IS_ENABLED(CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE);
|
||||
|
||||
module_param_named(pstore_disable, efivars_pstore_disable, bool, 0644);
|
||||
|
|
@ -1,31 +0,0 @@
|
|||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Sun, 17 Mar 2013 02:46:09 +0000
|
||||
Subject: vhost/net: fix heads usage of ubuf_info
|
||||
|
||||
commit 46aa92d1ba162b4b3d6b7102440e459d4e4ee255 upstream.
|
||||
|
||||
ubuf info allocator uses guest controlled head as an index,
|
||||
so a malicious guest could put the same head entry in the ring twice,
|
||||
and we will get two callbacks on the same value.
|
||||
To fix use upend_idx which is guaranteed to be unique.
|
||||
|
||||
Reported-by: Rusty Russell <rusty@rustcorp.com.au>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
drivers/vhost/net.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/drivers/vhost/net.c
|
||||
+++ b/drivers/vhost/net.c
|
||||
@@ -339,7 +339,8 @@ static void handle_tx(struct vhost_net *
|
||||
msg.msg_controllen = 0;
|
||||
ubufs = NULL;
|
||||
} else {
|
||||
- struct ubuf_info *ubuf = &vq->ubuf_info[head];
|
||||
+ struct ubuf_info *ubuf;
|
||||
+ ubuf = vq->ubuf_info + vq->upend_idx;
|
||||
|
||||
vq->heads[vq->upend_idx].len =
|
||||
VHOST_DMA_IN_PROGRESS;
|
|
@ -1,49 +0,0 @@
|
|||
From: Kees Cook <keescook@chromium.org>
|
||||
Date: Mon, 11 Mar 2013 17:31:45 -0700
|
||||
Subject: drm/i915: bounds check execbuffer relocation count
|
||||
|
||||
commit 3118a4f652c7b12c752f3222af0447008f9b2368 upstream.
|
||||
|
||||
It is possible to wrap the counter used to allocate the buffer for
|
||||
relocation copies. This could lead to heap writing overflows.
|
||||
|
||||
CVE-2013-0913
|
||||
|
||||
v3: collapse test, improve comment
|
||||
v2: move check into validate_exec_list
|
||||
|
||||
Signed-off-by: Kees Cook <keescook@chromium.org>
|
||||
Reported-by: Pinkie Pie
|
||||
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
|
||||
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
drivers/gpu/drm/i915/i915_gem_execbuffer.c | 11 ++++++++---
|
||||
1 file changed, 8 insertions(+), 3 deletions(-)
|
||||
|
||||
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
|
||||
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
|
||||
@@ -907,15 +907,20 @@ validate_exec_list(struct drm_i915_gem_e
|
||||
int count)
|
||||
{
|
||||
int i;
|
||||
+ int relocs_total = 0;
|
||||
+ int relocs_max = INT_MAX / sizeof(struct drm_i915_gem_relocation_entry);
|
||||
|
||||
for (i = 0; i < count; i++) {
|
||||
char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr;
|
||||
int length; /* limited by fault_in_pages_readable() */
|
||||
|
||||
- /* First check for malicious input causing overflow */
|
||||
- if (exec[i].relocation_count >
|
||||
- INT_MAX / sizeof(struct drm_i915_gem_relocation_entry))
|
||||
+ /* First check for malicious input causing overflow in
|
||||
+ * the worst case where we need to allocate the entire
|
||||
+ * relocation tree as a single array.
|
||||
+ */
|
||||
+ if (exec[i].relocation_count > relocs_max - relocs_total)
|
||||
return -EINVAL;
|
||||
+ relocs_total += exec[i].relocation_count;
|
||||
|
||||
length = exec[i].relocation_count *
|
||||
sizeof(struct drm_i915_gem_relocation_entry);
|
|
@ -80,15 +80,10 @@ bugfix/mips/mips-add-dependencies-for-have_arch_transparent_hugepage.patch
|
|||
bugfix/all/signal-fix-use-of-missing-sa_restorer-field.patch
|
||||
bugfix/all/kernel-signal.c-use-__ARCH_HAS_SA_RESTORER-instead-o.patch
|
||||
debian/efi-autoload-efivars.patch
|
||||
bugfix/all/vhost-net-fix-heads-usage-of-ubuf_info.patch
|
||||
bugfix/all/efivars-Allow-disabling-use-as-a-pstore-backend.patch
|
||||
bugfix/all/efivars-Add-module-parameter-to-disable-use-as-a-pst.patch
|
||||
bugfix/all/efivars-Fix-check-for-CONFIG_EFI_VARS_PSTORE_DEFAULT.patch
|
||||
bugfix/all/efi_pstore-Introducing-workqueue-updating-sysfs.patch
|
||||
bugfix/all/efivars-explicitly-calculate-length-of-VariableName.patch
|
||||
bugfix/all/efivars-Handle-duplicate-names-from-get_next_variabl.patch
|
||||
debian/efivars-remove-check-for-50-full-on-write.patch
|
||||
bugfix/x86/drm-i915-bounds-check-execbuffer-relocation-count.patch
|
||||
bugfix/x86/KVM-x86-fix-for-buffer-overflow-in-handling-of-MSR_K.patch
|
||||
bugfix/x86/KVM-x86-Convert-MSR_KVM_SYSTEM_TIME-to-use-gfn_to_hv.patch
|
||||
bugfix/all/KVM-Fix-bounds-checking-in-ioapic-indirect-register-.patch
|
||||
|
|
Loading…
Reference in New Issue