core/linux-odroid to 3.8.13.30-5

This commit is contained in:
Kevin Mihelich 2016-10-26 02:54:41 +00:00
parent 4859145f68
commit b4eefb075d
6 changed files with 253 additions and 84 deletions

View file

@ -1,7 +1,7 @@
From 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 Mon Sep 17 00:00:00 2001 From a7c092a19768d6b6dbb5d4afea33136c4637d633 Mon Sep 17 00:00:00 2001
From: Yevgeny Pats <yevgeny@perception-point.io> From: Yevgeny Pats <yevgeny@perception-point.io>
Date: Tue, 19 Jan 2016 22:09:04 +0000 Date: Tue, 19 Jan 2016 22:09:04 +0000
Subject: KEYS: Fix keyring ref leak in join_session_keyring() Subject: [PATCH 1/4] KEYS: Fix keyring ref leak in join_session_keyring()
This fixes CVE-2016-0728. This fixes CVE-2016-0728.
@ -65,10 +65,10 @@ Signed-off-by: James Morris <james.l.morris@oracle.com>
1 file changed, 1 insertion(+) 1 file changed, 1 insertion(+)
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index a3f85d2..e6d50172 100644 index 42defae..cd871dc 100644
--- a/security/keys/process_keys.c --- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c +++ b/security/keys/process_keys.c
@@ -794,6 +794,7 @@ long join_session_keyring(const char *name) @@ -792,6 +792,7 @@ long join_session_keyring(const char *name)
ret = PTR_ERR(keyring); ret = PTR_ERR(keyring);
goto error2; goto error2;
} else if (keyring == new->session_keyring) { } else if (keyring == new->session_keyring) {
@ -77,5 +77,5 @@ index a3f85d2..e6d50172 100644
goto error2; goto error2;
} }
-- --
cgit v0.12 2.10.1

View file

@ -0,0 +1,101 @@
From 541267fab71436c4acb361f1557a881c3908b22e Mon Sep 17 00:00:00 2001
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Thu, 13 Oct 2016 13:07:36 -0700
Subject: [PATCH 2/4] mm: remove gup_flags FOLL_WRITE games from
__get_user_pages()
commit 19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619 upstream.
This is an ancient bug that was actually attempted to be fixed once
(badly) by me eleven years ago in commit 4ceb5db9757a ("Fix
get_user_pages() race for write access") but that was then undone due to
problems on s390 by commit f33ea7f404e5 ("fix get_user_pages bug").
In the meantime, the s390 situation has long been fixed, and we can now
fix it by checking the pte_dirty() bit properly (and do it better). The
s390 dirty bit was implemented in abf09bed3cce ("s390/mm: implement
software dirty bits") which made it into v3.9. Earlier kernels will
have to look at the page state itself.
Also, the VM has become more scalable, and what used a purely
theoretical race back then has become easier to trigger.
To fix it, we introduce a new internal FOLL_COW flag to mark the "yes,
we already did a COW" rather than play racy games with FOLL_WRITE that
is very fundamental, and then use the pte dirty flag to validate that
the FOLL_COW flag is still valid.
Reported-and-tested-by: Phil "not Paul" Oester <kernel@linuxace.com>
Acked-by: Hugh Dickins <hughd@google.com>
Reviewed-by: Michal Hocko <mhocko@suse.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Willy Tarreau <w@1wt.eu>
Cc: Nick Piggin <npiggin@gmail.com>
Cc: Greg Thelen <gthelen@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[wt: s/gup.c/memory.c; s/follow_page_pte/follow_page_mask;
s/faultin_page/__get_user_page]
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
include/linux/mm.h | 2 ++
mm/memory.c | 14 ++++++++++++--
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index dbade0f..218be84 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1723,6 +1723,8 @@ struct page *follow_page(struct vm_area_struct *, unsigned long address,
#define FOLL_SPLIT 0x80 /* don't return transhuge pages, split them */
#define FOLL_HWPOISON 0x100 /* check page is hwpoisoned */
#define FOLL_NUMA 0x200 /* force NUMA hinting page fault */
+#define FOLL_MIGRATION 0x400 /* wait for page to replace migration entry */
+#define FOLL_COW 0x4000 /* internal GUP flag */
typedef int (*pte_fn_t)(pte_t *pte, pgtable_t token, unsigned long addr,
void *data);
diff --git a/mm/memory.c b/mm/memory.c
index 4395fe8..326e9cd 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -1458,6 +1458,16 @@ int zap_vma_ptes(struct vm_area_struct *vma, unsigned long address,
}
EXPORT_SYMBOL_GPL(zap_vma_ptes);
+/*
+ * FOLL_FORCE can write to even unwritable pte's, but only
+ * after we've gone through a COW cycle and they are dirty.
+ */
+static inline bool can_follow_write_pte(pte_t pte, unsigned int flags)
+{
+ return pte_write(pte) ||
+ ((flags & FOLL_FORCE) && (flags & FOLL_COW) && pte_dirty(pte));
+}
+
/**
* follow_page - look up a page descriptor from a user-virtual address
* @vma: vm_area_struct mapping @address
@@ -1544,7 +1554,7 @@ split_fallthrough:
goto no_page;
if ((flags & FOLL_NUMA) && pte_numa(pte))
goto no_page;
- if ((flags & FOLL_WRITE) && !pte_write(pte))
+ if ((flags & FOLL_WRITE) && !can_follow_write_pte(pte, flags))
goto unlock;
page = vm_normal_page(vma, address, pte);
@@ -1847,7 +1857,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
*/
if ((ret & VM_FAULT_WRITE) &&
!(vma->vm_flags & VM_WRITE))
- foll_flags &= ~FOLL_WRITE;
+ foll_flags |= FOLL_COW;
cond_resched();
}
--
2.10.1

View file

@ -0,0 +1,35 @@
From 33ec211a483dd5fdc9c590f624ea395a237a59f1 Mon Sep 17 00:00:00 2001
From: Kevin Mihelich <kevin@archlinuxarm.org>
Date: Mon, 24 Oct 2016 19:33:31 -0600
Subject: [PATCH 3/4] Revert "media/mfc: use shipped firmware paths"
This reverts commit 6720e7ffffed9656b006553311b2d85abcd3f0b6.
---
drivers/media/platform/s5p-mfc/s5p_mfc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/s5p-mfc/s5p_mfc.c b/drivers/media/platform/s5p-mfc/s5p_mfc.c
index 6a1cef5..0da338c 100644
--- a/drivers/media/platform/s5p-mfc/s5p_mfc.c
+++ b/drivers/media/platform/s5p-mfc/s5p_mfc.c
@@ -1293,7 +1293,7 @@ static struct s5p_mfc_variant mfc_drvdata_v5 = {
.buf_size = &buf_size_v5,
.buf_align = &mfc_buf_align_v5,
.mclk_name = "sclk_mfc",
- .fw_name = "s5p-mfc/s5p-mfc.fw",
+ .fw_name = "s5p-mfc.fw",
};
struct s5p_mfc_buf_size_v6 mfc_buf_size_v6 = {
@@ -1320,7 +1320,7 @@ static struct s5p_mfc_variant mfc_drvdata_v6 = {
.buf_size = &buf_size_v6,
.buf_align = &mfc_buf_align_v6,
.mclk_name = "aclk_333",
- .fw_name = "s5p-mfc/s5p-mfc-v6.fw",
+ .fw_name = "s5p-mfc-v6.fw",
};
static struct platform_device_id mfc_driver_ids[] = {
--
2.10.1

View file

@ -0,0 +1,96 @@
From 9610e2bda9ccee379887600bac748aeb13a61cbe Mon Sep 17 00:00:00 2001
From: popcornmix <popcornmix@gmail.com>
Date: Tue, 26 Mar 2013 17:26:38 +0000
Subject: [PATCH 4/4] Allow mac address to be set in smsc95xx
Signed-off-by: popcornmix <popcornmix@gmail.com>
---
drivers/net/usb/smsc95xx.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 56 insertions(+)
diff --git a/drivers/net/usb/smsc95xx.c b/drivers/net/usb/smsc95xx.c
index 19a8db7..fdde874 100644
--- a/drivers/net/usb/smsc95xx.c
+++ b/drivers/net/usb/smsc95xx.c
@@ -54,6 +54,7 @@
#define FEATURE_8_WAKEUP_FILTERS (0x01)
#define FEATURE_PHY_NLP_CROSSOVER (0x02)
#define FEATURE_AUTOSUSPEND (0x04)
+#define MAC_ADDR_LEN (6)
struct smsc95xx_priv {
u32 mac_cr;
@@ -129,6 +130,10 @@ int smsc95xx_read_mac_addr(unsigned char *mac)
}
#endif
+static char *macaddr = ":";
+module_param(macaddr, charp, 0);
+MODULE_PARM_DESC(macaddr, "MAC address");
+
static int __must_check __smsc95xx_read_reg(struct usbnet *dev, u32 index,
u32 *data, int in_pm)
{
@@ -836,8 +841,59 @@ static int smsc95xx_ioctl(struct net_device *netdev, struct ifreq *rq, int cmd)
return generic_mii_ioctl(&dev->mii, if_mii(rq), cmd, NULL);
}
+/* Check the macaddr module parameter for a MAC address */
+static int smsc95xx_is_macaddr_param(struct usbnet *dev, u8 *dev_mac)
+{
+ int i, j, got_num, num;
+ u8 mtbl[MAC_ADDR_LEN];
+
+ if (macaddr[0] == ':')
+ return 0;
+
+ i = 0;
+ j = 0;
+ num = 0;
+ got_num = 0;
+ while (j < MAC_ADDR_LEN) {
+ if (macaddr[i] && macaddr[i] != ':') {
+ got_num++;
+ if ('0' <= macaddr[i] && macaddr[i] <= '9')
+ num = num * 16 + macaddr[i] - '0';
+ else if ('A' <= macaddr[i] && macaddr[i] <= 'F')
+ num = num * 16 + 10 + macaddr[i] - 'A';
+ else if ('a' <= macaddr[i] && macaddr[i] <= 'f')
+ num = num * 16 + 10 + macaddr[i] - 'a';
+ else
+ break;
+ i++;
+ } else if (got_num == 2) {
+ mtbl[j++] = (u8) num;
+ num = 0;
+ got_num = 0;
+ i++;
+ } else {
+ break;
+ }
+ }
+
+ if (j == MAC_ADDR_LEN) {
+ netif_dbg(dev, ifup, dev->net, "Overriding MAC address with: "
+ "%02x:%02x:%02x:%02x:%02x:%02x\n", mtbl[0], mtbl[1], mtbl[2],
+ mtbl[3], mtbl[4], mtbl[5]);
+ for (i = 0; i < MAC_ADDR_LEN; i++)
+ dev_mac[i] = mtbl[i];
+ return 1;
+ } else {
+ return 0;
+ }
+}
+
static void smsc95xx_init_mac_address(struct usbnet *dev)
{
+ /* Check module parameters */
+ if (smsc95xx_is_macaddr_param(dev, dev->net->dev_addr))
+ return;
+
/* try reading mac address from EEPROM */
if (smsc95xx_read_eeprom(dev, EEPROM_MAC_OFFSET, ETH_ALEN,
dev->net->dev_addr) == 0) {
--
2.10.1

View file

@ -8,7 +8,7 @@ pkgname=('linux-odroid-x' 'linux-odroid-x2' 'linux-odroid-u2' 'linux-headers-odr
_kernelname=${pkgname#linux} _kernelname=${pkgname#linux}
_basekernel=3.8 _basekernel=3.8
pkgver=${_basekernel}.13.30 pkgver=${_basekernel}.13.30
pkgrel=4 pkgrel=5
arch=('armv7h') arch=('armv7h')
url="http://github.com/hardkernel/linux/" url="http://github.com/hardkernel/linux/"
license=('GPL2') license=('GPL2')
@ -16,16 +16,20 @@ makedepends=('xmlto' 'docbook-xsl' 'kmod' 'git' 'inetutils' 'bc')
options=('!strip') options=('!strip')
_commit=ddfddf829693c6bb739074e1b14e9e4fa1c55ea8 _commit=ddfddf829693c6bb739074e1b14e9e4fa1c55ea8
source=("https://github.com/hardkernel/linux/archive/${_commit}.tar.gz" source=("https://github.com/hardkernel/linux/archive/${_commit}.tar.gz"
'add-gcc6-support.patch'
'rtl8812_to_v4_3_14_and_enable_rtl8821.patch.xz' 'rtl8812_to_v4_3_14_and_enable_rtl8821.patch.xz'
'kernel-CVE-2016-0728.patch' '0001-KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch'
'0002-mm-remove-gup_flags-FOLL_WRITE-games-from-__get_user.patch'
'0003-Revert-media-mfc-use-shipped-firmware-paths.patch'
'0004-Allow-mac-address-to-be-set-in-smsc95xx.patch'
'config_x' 'config_x'
'config_x2' 'config_x2'
'config_u2') 'config_u2')
md5sums=('e4ff4cbd8bd2145ba26e085de665d806' md5sums=('e4ff4cbd8bd2145ba26e085de665d806'
'840a69592300bf7cbc3ad317e8100114'
'c6d56cc8134dd25d97d0416ef98a3dfe' 'c6d56cc8134dd25d97d0416ef98a3dfe'
'6470e9783bd1c7a8feddc2d67f07afd5' 'a78459b6f959991291c0cf16efd701b8'
'b13dc91cba30802ee1e6cfd247c8925d'
'34bdc31e77b4b74348181ccbf7faaa32'
'3fbbb92df6a08005260e9f1aab28cf60'
'f54b9fa32d672116c73e6e3c9585929f' 'f54b9fa32d672116c73e6e3c9585929f'
'1211492fdd1125c68d03d0a1f8d6c498' '1211492fdd1125c68d03d0a1f8d6c498'
'13011519e5c36655bdb5315178c5c1fe') '13011519e5c36655bdb5315178c5c1fe')
@ -33,9 +37,13 @@ md5sums=('e4ff4cbd8bd2145ba26e085de665d806'
prepare() { prepare() {
cd "${srcdir}/linux-${_commit}" cd "${srcdir}/linux-${_commit}"
patch -Np1 -i ${srcdir}/add-gcc6-support.patch patch -p1 -i ../rtl8812_to_v4_3_14_and_enable_rtl8821.patch
patch -p1 -i ${srcdir}/rtl8812_to_v4_3_14_and_enable_rtl8821.patch patch -p1 -i ../0001-KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch
patch -p1 -i ${srcdir}/kernel-CVE-2016-0728.patch patch -p1 -i ../0002-mm-remove-gup_flags-FOLL_WRITE-games-from-__get_user.patch
patch -p1 -i ../0003-Revert-media-mfc-use-shipped-firmware-paths.patch
patch -p1 -i ../0004-Allow-mac-address-to-be-set-in-smsc95xx.patch
cp include/linux/compiler-gcc5.h include/linux/compiler-gcc6.h
# add pkgrel to extraversion # add pkgrel to extraversion
sed -ri "s|^(EXTRAVERSION =)(.*)|\1 \2-${pkgrel}|" Makefile sed -ri "s|^(EXTRAVERSION =)(.*)|\1 \2-${pkgrel}|" Makefile

View file

@ -1,71 +0,0 @@
--- /dev/null
+++ b/include/linux/compiler-gcc6.h
@@ -0,0 +1,66 @@
+#ifndef __LINUX_COMPILER_H
+#error "Please don't include <linux/compiler-gcc5.h> directly, include <linux/compiler.h> instead."
+#endif
+
+#define __used __attribute__((__used__))
+#define __must_check __attribute__((warn_unused_result))
+#define __compiler_offsetof(a, b) __builtin_offsetof(a, b)
+
+/* Mark functions as cold. gcc will assume any path leading to a call
+ to them will be unlikely. This means a lot of manual unlikely()s
+ are unnecessary now for any paths leading to the usual suspects
+ like BUG(), printk(), panic() etc. [but let's keep them for now for
+ older compilers]
+
+ Early snapshots of gcc 4.3 don't support this and we can't detect this
+ in the preprocessor, but we can live with this because they're unreleased.
+ Maketime probing would be overkill here.
+
+ gcc also has a __attribute__((__hot__)) to move hot functions into
+ a special section, but I don't see any sense in this right now in
+ the kernel context */
+#define __cold __attribute__((__cold__))
+
+#define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
+
+#ifndef __CHECKER__
+# define __compiletime_warning(message) __attribute__((warning(message)))
+# define __compiletime_error(message) __attribute__((error(message)))
+#endif /* __CHECKER__ */
+
+/*
+ * Mark a position in code as unreachable. This can be used to
+ * suppress control flow warnings after asm blocks that transfer
+ * control elsewhere.
+ *
+ * Early snapshots of gcc 4.5 don't support this and we can't detect
+ * this in the preprocessor, but we can live with this because they're
+ * unreleased. Really, we need to have autoconf for the kernel.
+ */
+#define unreachable() __builtin_unreachable()
+
+/* Mark a function definition as prohibited from being cloned. */
+#define __noclone __attribute__((__noclone__))
+
+/*
+ * Tell the optimizer that something else uses this function or variable.
+ */
+#define __visible __attribute__((externally_visible))
+
+/*
+ * GCC 'asm goto' miscompiles certain code sequences:
+ *
+ * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
+ *
+ * Work it around via a compiler barrier quirk suggested by Jakub Jelinek.
+ * Fixed in GCC 4.8.2 and later versions.
+ *
+ * (asm goto is automatically volatile - the naming reflects this.)
+ */
+#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
+
+#ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
+#define __HAVE_BUILTIN_BSWAP32__
+#define __HAVE_BUILTIN_BSWAP64__
+#define __HAVE_BUILTIN_BSWAP16__
+#endif /* CONFIG_ARCH_USE_BUILTIN_BSWAP */
--
1.9.1