diff options
author | Jeremy Cline <jcline@redhat.com> | 2018-06-26 09:33:54 -0400 |
---|---|---|
committer | Jeremy Cline <jcline@redhat.com> | 2018-06-26 09:39:28 -0400 |
commit | 4342af80cf699246191c0d53ec2c4d529cece4d2 (patch) | |
tree | eef1a5aa088692c6201b4c18b0b936c0431d2d09 | |
parent | 1afc41f1405272d498032119b5c20408e8a15db3 (diff) | |
download | kernel-4342af80cf699246191c0d53ec2c4d529cece4d2.tar.gz kernel-4342af80cf699246191c0d53ec2c4d529cece4d2.tar.xz kernel-4342af80cf699246191c0d53ec2c4d529cece4d2.zip |
Linux v4.17.3
-rw-r--r-- | 0001-media-uvcvideo-Prevent-setting-unavailable-flags.patch | 65 | ||||
-rw-r--r-- | 0001-socket-close-race-condition-between-sock_close-and-s.patch | 91 | ||||
-rw-r--r-- | kernel.spec | 12 | ||||
-rw-r--r-- | sources | 2 |
4 files changed, 6 insertions, 164 deletions
diff --git a/0001-media-uvcvideo-Prevent-setting-unavailable-flags.patch b/0001-media-uvcvideo-Prevent-setting-unavailable-flags.patch deleted file mode 100644 index 76f2ce025..000000000 --- a/0001-media-uvcvideo-Prevent-setting-unavailable-flags.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 0dc68cabdb626e33d02561529e6a4c681b72a784 Mon Sep 17 00:00:00 2001 -From: Kieran Bingham <kieran.bingham@ideasonboard.com> -Date: Wed, 21 Mar 2018 11:43:08 -0400 -Subject: [PATCH] media: uvcvideo: Prevent setting unavailable flags - -The addition of an extra operation to use the GET_INFO command -overwrites all existing flags from the uvc_ctrls table. This includes -setting all controls as supporting GET_MIN, GET_MAX, GET_RES, and -GET_DEF regardless of whether they do or not. - -Move the initialisation of these control capabilities directly to the -uvc_ctrl_fill_xu_info() call where they were originally located in that -use case, and ensure that the new functionality in uvc_ctrl_get_flags() -will only set flags based on their reported capability from the GET_INFO -call. - -Fixes: 859086ae3636 ("media: uvcvideo: Apply flags from device to actual properties") - -Cc: stable@vger.kernel.org -Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com> -Tested-by: Guennadi Liakhovetski <guennadi.liakhovetski@intel.com> -Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> -Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> ---- - drivers/media/usb/uvc/uvc_ctrl.c | 17 +++++++++-------- - 1 file changed, 9 insertions(+), 8 deletions(-) - -diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c -index 102594ec3e97..a36b4fb949fa 100644 ---- a/drivers/media/usb/uvc/uvc_ctrl.c -+++ b/drivers/media/usb/uvc/uvc_ctrl.c -@@ -1607,14 +1607,12 @@ static int uvc_ctrl_get_flags(struct uvc_device *dev, - ret = uvc_query_ctrl(dev, UVC_GET_INFO, ctrl->entity->id, dev->intfnum, - info->selector, data, 1); - if (!ret) -- info->flags = UVC_CTRL_FLAG_GET_MIN | UVC_CTRL_FLAG_GET_MAX -- | UVC_CTRL_FLAG_GET_RES | UVC_CTRL_FLAG_GET_DEF -- | (data[0] & UVC_CONTROL_CAP_GET ? -- UVC_CTRL_FLAG_GET_CUR : 0) -- | (data[0] & UVC_CONTROL_CAP_SET ? -- UVC_CTRL_FLAG_SET_CUR : 0) -- | (data[0] & UVC_CONTROL_CAP_AUTOUPDATE ? -- UVC_CTRL_FLAG_AUTO_UPDATE : 0); -+ info->flags |= (data[0] & UVC_CONTROL_CAP_GET ? -+ UVC_CTRL_FLAG_GET_CUR : 0) -+ | (data[0] & UVC_CONTROL_CAP_SET ? -+ UVC_CTRL_FLAG_SET_CUR : 0) -+ | (data[0] & UVC_CONTROL_CAP_AUTOUPDATE ? -+ UVC_CTRL_FLAG_AUTO_UPDATE : 0); - - kfree(data); - return ret; -@@ -1689,6 +1687,9 @@ static int uvc_ctrl_fill_xu_info(struct uvc_device *dev, - - info->size = le16_to_cpup((__le16 *)data); - -+ info->flags = UVC_CTRL_FLAG_GET_MIN | UVC_CTRL_FLAG_GET_MAX -+ | UVC_CTRL_FLAG_GET_RES | UVC_CTRL_FLAG_GET_DEF; -+ - ret = uvc_ctrl_get_flags(dev, ctrl, info); - if (ret < 0) { - uvc_trace(UVC_TRACE_CONTROL, --- -2.17.1 - diff --git a/0001-socket-close-race-condition-between-sock_close-and-s.patch b/0001-socket-close-race-condition-between-sock_close-and-s.patch deleted file mode 100644 index 90f52fc3f..000000000 --- a/0001-socket-close-race-condition-between-sock_close-and-s.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 6d8c50dcb029872b298eea68cc6209c866fd3e14 Mon Sep 17 00:00:00 2001 -From: Cong Wang <xiyou.wangcong@gmail.com> -Date: Thu, 7 Jun 2018 13:39:49 -0700 -Subject: [PATCH] socket: close race condition between sock_close() and - sockfs_setattr() - -fchownat() doesn't even hold refcnt of fd until it figures out -fd is really needed (otherwise is ignored) and releases it after -it resolves the path. This means sock_close() could race with -sockfs_setattr(), which leads to a NULL pointer dereference -since typically we set sock->sk to NULL in ->release(). - -As pointed out by Al, this is unique to sockfs. So we can fix this -in socket layer by acquiring inode_lock in sock_close() and -checking against NULL in sockfs_setattr(). - -sock_release() is called in many places, only the sock_close() -path matters here. And fortunately, this should not affect normal -sock_close() as it is only called when the last fd refcnt is gone. -It only affects sock_close() with a parallel sockfs_setattr() in -progress, which is not common. - -Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.") -Reported-by: shankarapailoor <shankarapailoor@gmail.com> -Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> -Cc: Lorenzo Colitti <lorenzo@google.com> -Cc: Al Viro <viro@zeniv.linux.org.uk> -Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> -Signed-off-by: David S. Miller <davem@davemloft.net> ---- - net/socket.c | 18 +++++++++++++++--- - 1 file changed, 15 insertions(+), 3 deletions(-) - -diff --git a/net/socket.c b/net/socket.c -index af57d85bcb48..8a109012608a 100644 ---- a/net/socket.c -+++ b/net/socket.c -@@ -541,7 +541,10 @@ static int sockfs_setattr(struct dentry *dentry, struct iattr *iattr) - if (!err && (iattr->ia_valid & ATTR_UID)) { - struct socket *sock = SOCKET_I(d_inode(dentry)); - -- sock->sk->sk_uid = iattr->ia_uid; -+ if (sock->sk) -+ sock->sk->sk_uid = iattr->ia_uid; -+ else -+ err = -ENOENT; - } - - return err; -@@ -590,12 +593,16 @@ EXPORT_SYMBOL(sock_alloc); - * an inode not a file. - */ - --void sock_release(struct socket *sock) -+static void __sock_release(struct socket *sock, struct inode *inode) - { - if (sock->ops) { - struct module *owner = sock->ops->owner; - -+ if (inode) -+ inode_lock(inode); - sock->ops->release(sock); -+ if (inode) -+ inode_unlock(inode); - sock->ops = NULL; - module_put(owner); - } -@@ -609,6 +616,11 @@ void sock_release(struct socket *sock) - } - sock->file = NULL; - } -+ -+void sock_release(struct socket *sock) -+{ -+ __sock_release(sock, NULL); -+} - EXPORT_SYMBOL(sock_release); - - void __sock_tx_timestamp(__u16 tsflags, __u8 *tx_flags) -@@ -1171,7 +1183,7 @@ static int sock_mmap(struct file *file, struct vm_area_struct *vma) - - static int sock_close(struct inode *inode, struct file *filp) - { -- sock_release(SOCKET_I(inode)); -+ __sock_release(SOCKET_I(inode), inode); - return 0; - } - --- -2.17.1 - diff --git a/kernel.spec b/kernel.spec index cc7037f88..79cae2b73 100644 --- a/kernel.spec +++ b/kernel.spec @@ -54,7 +54,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 2 +%define stable_update 3 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -633,9 +633,6 @@ Patch503: kexec-bzimage-verify-pe-signature-fix.patch # https://www.spinics.net/lists/linux-acpi/msg82405.html Patch504: mailbox-ACPI-erroneous-error-message-when-parsing-ACPI.patch -# CVE-2018-12232 rhbz 1590215 1590216 -Patch506: 0001-socket-close-race-condition-between-sock_close-and-s.patch - # https://www.spinics.net/lists/platform-driver-x86/msg15719.html Patch507: platform-x86-dell-laptop-Fix-keyboard-backlight-time.patch @@ -654,9 +651,6 @@ Patch511: 2-2-xen-netfront-Update-features-after-registering-netdev.patch # CVE-2018-12633 rhbz 1594170 1594172 Patch512: 0001-virt-vbox-Only-copy_from_user-the-request-header-onc.patch -# rhbz 1590304 -Patch513: 0001-media-uvcvideo-Prevent-setting-unavailable-flags.patch - # rhbz 1592454 Patch514: 0001-media-uvcvideo-Support-realtek-s-UVC-1.5-device.patch @@ -1912,6 +1906,10 @@ fi # # %changelog +* Tue Jun 26 2018 Jeremy Cline <jcline@redhat.com> - 4.17.3-100 +- Linux v4.17.3 +- Don't log an error if RTC_NVMEM isn't enabled (rhbz 1568276) + * Mon Jun 25 2018 Laura Abbott <labbott@fedoraproject.org> - Some webcam fixes (rhbz 1592454 1590304) - Fix for armv7 siginfo ABI regression (rhbz 1591516) @@ -1,2 +1,2 @@ SHA512 (linux-4.17.tar.xz) = 4d9de340a26155a89ea8773131c76220cc2057f2b5d031b467b60e8b14c1842518e2d60a863d8c695f0f7640f3f18d43826201984a238dade857b6cef79837db -SHA512 (patch-4.17.2.xz) = d85fc2637720c19320e82fa221e0e8e2b640d2b8c6faf4678f3902ca8a634a1e2cdcac1242628da9d9500921a41c6c8cec7371098533e5035034a1faa2373c65 +SHA512 (patch-4.17.3.xz) = c0b3dfb1c1d64edc74cb3b35a4d6160ccf80b5b58d19e5a11dde372ab515c350576f8981b3816e4e8689da38b792eb85b3ef46581d65d7c51c72943dea7409f4 |