diff options
author | Thorsten Leemhuis <fedora@leemhuis.info> | 2016-06-02 07:45:29 +0200 |
---|---|---|
committer | Thorsten Leemhuis <fedora@leemhuis.info> | 2016-06-02 07:45:29 +0200 |
commit | c0920334e1f7e13ed191f3701cb1f7e5ce31d281 (patch) | |
tree | b75cfbb139db8f214d27872487c772bcf76f5723 | |
parent | ac09d8e18c5c54abbea64d96e8786ed18b180709 (diff) | |
parent | 48656c00cbba8ec15be3f9f5b2147e41dc8b642d (diff) | |
download | kernel-4.5.6-300.vanilla.knurd.1.fc24.tar.gz kernel-4.5.6-300.vanilla.knurd.1.fc24.tar.xz kernel-4.5.6-300.vanilla.knurd.1.fc24.zip |
Merge remote-tracking branch 'origin/f24' into f24-user-thl-vanilla-fedorakernel-4.5.6-300.vanilla.knurd.1.fc24
-rw-r--r-- | KVM-MTRR-remove-MSR-0x2f8.patch | 49 | ||||
-rw-r--r-- | arm-i.MX6-Utilite-device-dtb.patch | 319 | ||||
-rw-r--r-- | config-arm-generic | 64 | ||||
-rw-r--r-- | config-arm64 | 68 | ||||
-rw-r--r-- | config-armv7 | 6 | ||||
-rw-r--r-- | config-armv7-generic | 25 | ||||
-rw-r--r-- | config-generic | 2 | ||||
-rw-r--r-- | config-x86-generic | 2 | ||||
-rw-r--r-- | dmaengine-sun4i-support-module-autoloading.patch | 35 | ||||
-rw-r--r-- | kernel.spec | 29 | ||||
-rw-r--r-- | kvm-vmx-more-complete-state-update-on-APICv-on-off.patch | 112 | ||||
-rw-r--r-- | sources | 2 | ||||
-rw-r--r-- | sp5100_tco-properly-check-for-new-register-layouts.patch | 75 | ||||
-rw-r--r-- | tipc-check-nl-sock-before-parsing-nested-attributes.patch | 36 |
14 files changed, 634 insertions, 190 deletions
diff --git a/KVM-MTRR-remove-MSR-0x2f8.patch b/KVM-MTRR-remove-MSR-0x2f8.patch deleted file mode 100644 index 8066b2e8f..000000000 --- a/KVM-MTRR-remove-MSR-0x2f8.patch +++ /dev/null @@ -1,49 +0,0 @@ -From bb0f06280beb6507226627a85076ae349a23fe22 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com> -Date: Mon, 16 May 2016 09:45:35 -0400 -Subject: [PATCH] KVM: MTRR: remove MSR 0x2f8 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -MSR 0x2f8 accessed the 124th Variable Range MTRR ever since MTRR support -was introduced by 9ba075a664df ("KVM: MTRR support"). - -0x2f8 became harmful when 910a6aae4e2e ("KVM: MTRR: exactly define the -size of variable MTRRs") shrinked the array of VR MTRRs from 256 to 8, -which made access to index 124 out of bounds. The surrounding code only -WARNs in this situation, thus the guest gained a limited read/write -access to struct kvm_arch_vcpu. - -0x2f8 is not a valid VR MTRR MSR, because KVM has/advertises only 16 VR -MTRR MSRs, 0x200-0x20f. Every VR MTRR is set up using two MSRs, 0x2f8 -was treated as a PHYSBASE and 0x2f9 would be its PHYSMASK, but 0x2f9 was -not implemented in KVM, therefore 0x2f8 could never do anything useful -and getting rid of it is safe. - -This fixes CVE-2016-TBD. - -Fixes: 910a6aae4e2e ("KVM: MTRR: exactly define the size of variable MTRRs") -Cc: stable@vger.kernel.org -Reported-by: David Matlack <dmatlack@google.com> -Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> ---- - arch/x86/kvm/mtrr.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/arch/x86/kvm/mtrr.c b/arch/x86/kvm/mtrr.c -index 3f8c732117ec..c146f3c262c3 100644 ---- a/arch/x86/kvm/mtrr.c -+++ b/arch/x86/kvm/mtrr.c -@@ -44,8 +44,6 @@ static bool msr_mtrr_valid(unsigned msr) - case MSR_MTRRdefType: - case MSR_IA32_CR_PAT: - return true; -- case 0x2f8: -- return true; - } - return false; - } --- -2.5.5 - diff --git a/arm-i.MX6-Utilite-device-dtb.patch b/arm-i.MX6-Utilite-device-dtb.patch index 86f9e763d..1b98493b2 100644 --- a/arm-i.MX6-Utilite-device-dtb.patch +++ b/arm-i.MX6-Utilite-device-dtb.patch @@ -1,62 +1,335 @@ +From 6809645a740693c8c7fe1f86e396ae4c0cdac9ff Mon Sep 17 00:00:00 2001 From: Peter Robinson <pbrobinson@gmail.com> -Date: Fri, 11 Jul 2014 00:10:56 +0100 +Date: Sun, 29 May 2016 11:34:51 +0100 Subject: [PATCH] arm: i.MX6 Utilite device dtb --- - arch/arm/boot/dts/imx6q-cm-fx6.dts | 38 ++++++++++++++++++++++++++++++++++++++ - 1 file changed, 38 insertions(+) + arch/arm/boot/dts/Makefile | 1 + + arch/arm/boot/dts/imx6q-cm-fx6.dts | 136 ++++++++++++++++++++++++++++++++ + arch/arm/boot/dts/imx6q-utilite-pro.dts | 128 ++++++++++++++++++++++++++++++ + 3 files changed, 265 insertions(+) + create mode 100644 arch/arm/boot/dts/imx6q-utilite-pro.dts +diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile +index a4a6d70..90a85a2 100644 +--- a/arch/arm/boot/dts/Makefile ++++ b/arch/arm/boot/dts/Makefile +@@ -348,6 +348,7 @@ dtb-$(CONFIG_SOC_IMX6Q) += \ + imx6q-tx6q-1020-comtft.dtb \ + imx6q-tx6q-1110.dtb \ + imx6q-udoo.dtb \ ++ imx6q-utilite-pro.dtb \ + imx6q-wandboard.dtb \ + imx6q-wandboard-revb1.dtb + dtb-$(CONFIG_SOC_IMX6SL) += \ diff --git a/arch/arm/boot/dts/imx6q-cm-fx6.dts b/arch/arm/boot/dts/imx6q-cm-fx6.dts -index 99b46f8030ad..8b6ddd16dcc5 100644 +index 99b46f8..f4fc22e 100644 --- a/arch/arm/boot/dts/imx6q-cm-fx6.dts +++ b/arch/arm/boot/dts/imx6q-cm-fx6.dts -@@ -97,11 +97,49 @@ +@@ -31,6 +31,61 @@ + linux,default-trigger = "heartbeat"; + }; + }; ++ ++ regulators { ++ compatible = "simple-bus"; ++ #address-cells = <1>; ++ #size-cells = <0>; ++ ++ reg_usb_otg_vbus: usb_otg_vbus { ++ compatible = "regulator-fixed"; ++ regulator-name = "usb_otg_vbus"; ++ regulator-min-microvolt = <5000000>; ++ regulator-max-microvolt = <5000000>; ++ gpio = <&gpio3 22 0>; ++ enable-active-high; ++ }; ++ ++ reg_usb_h1_vbus: usb_h1_vbus { ++ compatible = "regulator-fixed"; ++ regulator-name = "usb_h1_vbus"; ++ regulator-min-microvolt = <5000000>; ++ regulator-max-microvolt = <5000000>; ++ gpio = <&gpio7 8 0>; ++ enable-active-high; ++ }; ++ }; ++}; ++ ++&ecspi1 { ++ fsl,spi-num-chipselects = <2>; ++ cs-gpios = <&gpio2 30 0>, <&gpio3 19 0>; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&pinctrl_ecspi1>; ++ status = "okay"; ++ ++ flash: m25p80@0 { ++ #address-cells = <1>; ++ #size-cells = <1>; ++ compatible = "st,m25p", "jedec,spi-nor"; ++ spi-max-frequency = <20000000>; ++ reg = <0>; ++ ++ partition@0 { ++ label = "uboot"; ++ reg = <0x0 0xc0000>; ++ }; ++ ++ partition@c0000 { ++ label = "uboot environment"; ++ reg = <0xc0000 0x40000>; ++ }; ++ ++ partition@100000 { ++ label = "reserved"; ++ reg = <0x100000 0x100000>; ++ }; ++ }; + }; + + &fec { +@@ -46,8 +101,31 @@ + status = "okay"; + }; + ++&i2c3 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&pinctrl_i2c3>; ++ status = "okay"; ++ clock-frequency = <100000>; ++ ++ eeprom@50 { ++ compatible = "at24,24c02"; ++ reg = <0x50>; ++ pagesize = <16>; ++ }; ++}; ++ + &iomuxc { + imx6q-cm-fx6 { ++ pinctrl_ecspi1: ecspi1grp { ++ fsl,pins = < ++ MX6QDL_PAD_EIM_D16__ECSPI1_SCLK 0x100b1 ++ MX6QDL_PAD_EIM_D17__ECSPI1_MISO 0x100b1 ++ MX6QDL_PAD_EIM_D18__ECSPI1_MOSI 0x100b1 ++ MX6QDL_PAD_EIM_EB2__GPIO2_IO30 0x100b1 ++ MX6QDL_PAD_EIM_D19__GPIO3_IO19 0x100b1 ++ >; ++ }; ++ + pinctrl_enet: enetgrp { + fsl,pins = < + MX6QDL_PAD_RGMII_RXC__RGMII_RXC 0x1b0b0 +@@ -91,17 +169,75 @@ + >; + }; + ++ pinctrl_i2c3: i2c3grp { ++ fsl,pins = < ++ MX6QDL_PAD_GPIO_3__I2C3_SCL 0x4001b8b1 ++ MX6QDL_PAD_GPIO_6__I2C3_SDA 0x4001b8b1 ++ >; ++ }; ++ ++ pinctrl_pcie: pciegrp { ++ fsl,pins = < ++ MX6QDL_PAD_ENET_RXD1__GPIO1_IO26 0x80000000 ++ MX6QDL_PAD_EIM_CS1__GPIO2_IO24 0x80000000 ++ >; ++ }; ++ + pinctrl_uart4: uart4grp { + fsl,pins = < + MX6QDL_PAD_KEY_COL0__UART4_TX_DATA 0x1b0b1 MX6QDL_PAD_KEY_ROW0__UART4_RX_DATA 0x1b0b1 >; }; + -+ pinctrl_usdhc1: usdhc1grp { ++ pinctrl_usbh1: usbh1grp { + fsl,pins = < -+ MX6QDL_PAD_SD1_CMD__SD1_CMD 0x17059 -+ MX6QDL_PAD_SD1_CLK__SD1_CLK 0x10059 -+ MX6QDL_PAD_SD1_DAT0__SD1_DATA0 0x17059 -+ MX6QDL_PAD_SD1_DAT1__SD1_DATA1 0x17059 -+ MX6QDL_PAD_SD1_DAT2__SD1_DATA2 0x17059 -+ MX6QDL_PAD_SD1_DAT3__SD1_DATA3 0x17059 ++ MX6QDL_PAD_SD3_RST__GPIO7_IO08 0x80000000 + >; + }; + -+ pinctrl_usdhc3: usdhc3grp { ++ pinctrl_usbotg: usbotggrp { + fsl,pins = < -+ MX6QDL_PAD_SD3_CMD__SD3_CMD 0x17059 -+ MX6QDL_PAD_SD3_CLK__SD3_CLK 0x10059 -+ MX6QDL_PAD_SD3_DAT0__SD3_DATA0 0x17059 -+ MX6QDL_PAD_SD3_DAT1__SD3_DATA1 0x17059 -+ MX6QDL_PAD_SD3_DAT2__SD3_DATA2 0x17059 -+ MX6QDL_PAD_SD3_DAT3__SD3_DATA3 0x17059 ++ MX6QDL_PAD_ENET_RX_ER__USB_OTG_ID 0x17059 ++ MX6QDL_PAD_EIM_D22__GPIO3_IO22 0x80000000 + >; + }; }; }; ++&pcie { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&pinctrl_pcie>; ++ reset-gpio = <&gpio1 26 0>; ++ power-on-gpio = <&gpio2 24 0>; ++ status = "okay"; ++}; ++ +&sata { + status = "okay"; +}; + ++&snvs_poweroff { ++ status = "okay"; ++}; ++ &uart4 { pinctrl-names = "default"; pinctrl-0 = <&pinctrl_uart4>; status = "okay"; }; + -+&usdhc1 { ++&usbotg { ++ vbus-supply = <®_usb_otg_vbus>; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&pinctrl_usbotg>; ++ dr_mode = "otg"; ++ status = "okay"; ++}; ++ ++&usbh1 { ++ vbus-supply = <®_usb_h1_vbus>; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&pinctrl_usbh1>; ++ status = "okay"; ++}; +diff --git a/arch/arm/boot/dts/imx6q-utilite-pro.dts b/arch/arm/boot/dts/imx6q-utilite-pro.dts +new file mode 100644 +index 0000000..3966595 +--- /dev/null ++++ b/arch/arm/boot/dts/imx6q-utilite-pro.dts +@@ -0,0 +1,128 @@ ++/* ++ * Copyright 2016 Christopher Spinrath ++ * Copyright 2013 CompuLab Ltd. ++ * ++ * Based on the GPLv2 licensed devicetree distributed with the vendor ++ * kernel for the Utilite Pro: ++ * Copyright 2013 CompuLab Ltd. ++ * Author: Valentin Raevsky <valentin@xxxxxxxxxxxxxx> ++ * ++ * The code contained herein is licensed under the GNU General Public ++ * License. You may obtain a copy of the GNU General Public License ++ * Version 2 or later at the following locations: ++ * ++ * http://www.opensource.org/licenses/gpl-license.html ++ * http://www.gnu.org/copyleft/gpl.html ++ */ ++ ++#include "imx6q-cm-fx6.dts" ++ ++/ { ++ model = "CompuLab Utilite Pro"; ++ compatible = "compulab,utilite-pro", "compulab,cm-fx6", "fsl,imx6q"; ++ ++ aliases { ++ ethernet1 = ð1; ++ rtc0 = &em3027; ++ rtc1 = &snvs_rtc; ++ }; ++ ++ gpio-keys { ++ compatible = "gpio-keys"; ++ power { ++ label = "Power Button"; ++ gpios = <&gpio1 29 1>; ++ linux,code = <116>; /* KEY_POWER */ ++ gpio-key,wakeup; ++ }; ++ }; ++}; ++ ++&hdmi { ++ ddc-i2c-bus = <&i2c2>; ++ status = "okay"; ++}; ++ ++&i2c1 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&pinctrl_i2c1>; ++ status = "okay"; ++ ++ eeprom@50 { ++ compatible = "at24,24c02"; ++ reg = <0x50>; ++ pagesize = <16>; ++ }; ++ ++ em3027: rtc@56 { ++ compatible = "emmicro,em3027"; ++ reg = <0x56>; ++ }; ++}; ++ ++&i2c2 { + pinctrl-names = "default"; -+ pinctrl-0 = <&pinctrl_usdhc1>; ++ pinctrl-0 = <&pinctrl_i2c2>; + status = "okay"; +}; + -+&usdhc3 { ++&iomuxc { + pinctrl-names = "default"; -+ pinctrl-0 = <&pinctrl_usdhc3>; ++ pinctrl-0 = <&pinctrl_hog>; ++ ++ hog { ++ pinctrl_hog: hoggrp { ++ fsl,pins = < ++ /* power button */ ++ MX6QDL_PAD_ENET_TXD1__GPIO1_IO29 0x80000000 ++ >; ++ }; ++ }; ++ ++ imx6q-utilite-pro { ++ pinctrl_i2c1: i2c1grp { ++ fsl,pins = < ++ MX6QDL_PAD_EIM_D21__I2C1_SCL 0x4001b8b1 ++ MX6QDL_PAD_EIM_D28__I2C1_SDA 0x4001b8b1 ++ >; ++ }; ++ ++ pinctrl_i2c2: i2c2grp { ++ fsl,pins = < ++ MX6QDL_PAD_KEY_COL3__I2C2_SCL 0x4001b8b1 ++ MX6QDL_PAD_KEY_ROW3__I2C2_SDA 0x4001b8b1 ++ >; ++ }; ++ ++ pinctrl_uart2: uart2grp { ++ fsl,pins = < ++ MX6QDL_PAD_GPIO_7__UART2_TX_DATA 0x1b0b1 ++ MX6QDL_PAD_GPIO_8__UART2_RX_DATA 0x1b0b1 ++ MX6QDL_PAD_SD4_DAT5__UART2_RTS_B 0x1b0b1 ++ MX6QDL_PAD_SD4_DAT6__UART2_CTS_B 0x1b0b1 ++ >; ++ }; ++ }; ++}; ++ ++&pcie { ++ pcie@0,0 { ++ reg = <0x000000 0 0 0 0>; ++ #address-cells = <3>; ++ #size-cells = <2>; ++ ++ /* non-removable i211 ethernet card */ ++ eth1: intel,i211@pcie0,0 { ++ reg = <0x010000 0 0 0 0>; ++ }; ++ }; ++}; ++ ++&uart2 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&pinctrl_uart2>; ++ fsl,uart-has-rtscts; ++ dma-names = "rx", "tx"; ++ dmas = <&sdma 27 4 0>, <&sdma 28 4 0>; + status = "okay"; +}; +-- +2.7.4 + diff --git a/config-arm-generic b/config-arm-generic index db4026b83..9cebbb0f6 100644 --- a/config-arm-generic +++ b/config-arm-generic @@ -9,6 +9,9 @@ CONFIG_HW_PERF_EVENTS=y CONFIG_NFS_FS=y CONFIG_FORCE_MAX_ZONEORDER=11 +CONFIG_SCHED_MC=y +CONFIG_SCHED_SMT=y + CONFIG_CC_STACKPROTECTOR=y # CONFIG_PID_IN_CONTEXTIDR is not set @@ -80,6 +83,15 @@ CONFIG_EDAC=y CONFIG_EDAC_MM_EDAC=m CONFIG_EDAC_LEGACY_SYSFS=y +# Regulators +CONFIG_REGULATOR=y +CONFIG_RFKILL_REGULATOR=m +CONFIG_REGULATOR_FIXED_VOLTAGE=y +CONFIG_REGULATOR_VIRTUAL_CONSUMER=m +CONFIG_REGULATOR_USERSPACE_CONSUMER=m +CONFIG_REGULATOR_GPIO=m +CONFIG_REGULATOR_PWM=m + # ARM VExpress CONFIG_ARCH_VEXPRESS=y CONFIG_MFD_VEXPRESS_SYSREG=y @@ -163,6 +175,18 @@ CONFIG_SND_HDA_TEGRA=m # CONFIG_ARM_TEGRA20_CPUFREQ is not set # CONFIG_MFD_NVEC is not set +# Qualcomm - Don't currently support IPQ router devices +# CONFIG_IPQ_GCC_806X is not set +# CONFIG_IPQ_LCC_806X is not set +# CONFIG_IPQ_GCC_4019 is not st +# CONFIG_PHY_QCOM_IPQ806X_SATA is not set +# CONFIG_DWMAC_IPQ806X is not set +# CONFIG_PINCTRL_IPQ8064 is not set +# CONFIG_PINCTRL_IPQ4019 is not set +# CONFIG_REGULATOR_QCOM_SPMI is not set +# CONFIG_QCOM_SPMI_IADC is not set +# CONFIG_QCOM_SPMI_VADC is not set + # Virt CONFIG_PARAVIRT=y CONFIG_PARAVIRT_TIME_ACCOUNTING=y @@ -174,9 +198,18 @@ CONFIG_EFI_VARS_PSTORE=y CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE=y # Power management / thermal / cpu scaling +CONFIG_PM_OPP=y +CONFIG_ARM_PSCI=y +CONFIG_THERMAL=y +CONFIG_CLOCK_THERMAL=y +CONFIG_CPUFREQ_DT=m +CONFIG_DEVFREQ_THERMAL=y # CONFIG_ARM_CPUIDLE is not set # CONFIG_ARM_DT_BL_CPUFREQ is not set # CONFIG_ARM_BIG_LITTLE_CPUFREQ is not set +CONFIG_SPMI=m +CONFIG_MFD_SPMI_PMIC=m +CONFIG_REGMAP_SPMI=m # Device tree CONFIG_DTC=y @@ -459,7 +492,6 @@ CONFIG_COMMON_CLK_SCPI=m # CONFIG_ARM_PTDUMP is not set # CONFIG_PATA_PLATFORM is not set -# CONFIG_USB_ULPI is not set # CONFIG_KEYBOARD_OMAP4 is not set # CONFIG_KEYBOARD_BCM is not set # CONFIG_PHY_SAMSUNG_USB2 is not set @@ -521,9 +553,37 @@ CONFIG_NET_VENDOR_MELLANOX=y # CONFIG_SERIAL_MAX310X is not set # CONFIG_SERIAL_IFX6X60 is not set +# regulator +# CONFIG_REGULATOR_AD5398 is not set +# CONFIG_REGULATOR_ANATOP is not set +# CONFIG_REGULATOR_DA9210 is not set +# CONFIG_REGULATOR_DA9211 is not set +# CONFIG_REGULATOR_FAN53555 is not set +# CONFIG_REGULATOR_ISL9305 is not set +# CONFIG_REGULATOR_ISL6271A is not set +# CONFIG_REGULATOR_LP3971 is not set +# CONFIG_REGULATOR_LP3972 is not set +# CONFIG_REGULATOR_LP872X is not set +# CONFIG_REGULATOR_LP8755 is not set +# CONFIG_REGULATOR_LTC3589 is not set +# CONFIG_REGULATOR_MAX1586 is not set +# CONFIG_REGULATOR_MAX8649 is not set +# CONFIG_REGULATOR_MAX8660 is not set +# CONFIG_REGULATOR_MAX8952 is not set +# CONFIG_REGULATOR_MAX8973 is not set +# CONFIG_REGULATOR_MT6311 is not set +# CONFIG_REGULATOR_PFUZE100 is not set +# CONFIG_REGULATOR_PV88060 is not set +# CONFIG_REGULATOR_PV88080 is not set +# CONFIG_REGULATOR_PV88090 is not set +# CONFIG_REGULATOR_TPS51632 is not set +# CONFIG_REGULATOR_TPS62360 is not set +# CONFIG_REGULATOR_TPS65023 is not set +# CONFIG_REGULATOR_TPS6507X is not set +# CONFIG_REGULATOR_TPS6524X is not set + # drm # CONFIG_DRM_VMWGFX is not set -# CONFIG_DRM_MSM_DSI is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_DEBUG_SET_MODULE_RONX is not set diff --git a/config-arm64 b/config-arm64 index 77dde021b..71ba5c8cd 100644 --- a/config-arm64 +++ b/config-arm64 @@ -1,13 +1,9 @@ CONFIG_64BIT=y CONFIG_ARM64=y -CONFIG_SCHED_MC=y -CONFIG_SCHED_SMT=y - -# CONFIG_CPU_BIG_ENDIAN is not set - # arm64 only SoCs CONFIG_ARCH_HISI=y +CONFIG_ARCH_QCOM=y CONFIG_ARCH_SEATTLE=y CONFIG_ARCH_SUNXI=y CONFIG_ARCH_TEGRA=y @@ -18,7 +14,6 @@ CONFIG_ARCH_XGENE=y # CONFIG_ARCH_FSL_LS2085A is not set # CONFIG_ARCH_LAYERSCAPE is not set # CONFIG_ARCH_MEDIATEK is not set -# CONFIG_ARCH_QCOM is not set # CONFIG_ARCH_RENESAS is not set # CONFIG_ARCH_SPRD is not set # CONFIG_ARCH_STRATIX10 is not set @@ -145,6 +140,7 @@ CONFIG_MFD_HI655X_PMIC=m CONFIG_REGULATOR_HI655X=m CONFIG_PHY_HI6220_USB=m CONFIG_COMMON_RESET_HI6220=m +# CONFIG_ARM_HISI_ACPU_CPUFREQ is not set # Tegra CONFIG_ARCH_TEGRA_132_SOC=y @@ -170,6 +166,66 @@ CONFIG_PWM_SUN4I=m # CONFIG_PHY_SUN9I_USB is not set CONFIG_NVMEM_SUNXI_SID=m +# qcom +# MSM8996 = SD-820, MSM8916 = SD-410 +CONFIG_SERIAL_MSM=y +CONFIG_SERIAL_MSM_CONSOLE=y +CONFIG_QCOM_GSBI=y +CONFIG_PCIE_QCOM=y +CONFIG_POWER_RESET_MSM=y +CONFIG_MMC_SDHCI_MSM=m +CONFIG_I2C_QUP=m +CONFIG_SPI_QUP=m +CONFIG_QCOM_WDT=m +CONFIG_MFD_QCOM_RPM=m +CONFIG_PINCTRL_MSM=y +CONFIG_PINCTRL_MSM8916=y +CONFIG_PINCTRL_MSM8996=y +CONFIG_REGULATOR_QCOM_RPM=m +CONFIG_REGULATOR_QCOM_SMD_RPM=m +CONFIG_QCOM_BAM_DMA=y +CONFIG_HWSPINLOCK_QCOM=m +CONFIG_HW_RANDOM_MSM=m +CONFIG_CRYPTO_DEV_QCE=m +CONFIG_RTC_DRV_PM8XXX=m +CONFIG_QCOM_QFPROM=m +CONFIG_QCOM_SMEM=m +CONFIG_QCOM_SMP2P=m +CONFIG_QCOM_SMSM=m +CONFIG_QCOM_SMD=m +CONFIG_QCOM_SMD_RPM=m +CONFIG_PINCTRL_QCOM_SPMI_PMIC=m +CONFIG_REGULATOR_QCOM_SPMI=m +CONFIG_QCOM_SPMI_TEMP_ALARM=m +CONFIG_QCOM_SPMI_IADC=m +CONFIG_QCOM_SPMI_VADC=m +CONFIG_SPMI_MSM_PMIC_ARB=m +CONFIG_USB_QCOM_8X16_PHY=m +CONFIG_USB_EHCI_MSM=m +CONFIG_USB_CHIPIDEA=m +CONFIG_USB_CHIPIDEA_UDC=y +CONFIG_USB_CHIPIDEA_HOST=y +CONFIG_USB_MSM_OTG=m +CONFIG_DRM_MSM=m +# CONFIG_DRM_MSM_DSI is not set +CONFIG_DRM_MSM_HDMI_HDCP=y +# CONFIG_DRM_MSM_REGISTER_LOGGING is not set +CONFIG_QCOM_WCNSS_CTRL=m +CONFIG_QCOM_COINCELL=m +# CONFIG_PHY_QCOM_APQ8064_SATA is not set +# CONFIG_PHY_QCOM_UFS is not set +# CONFIG_PINCTRL_QCOM_SSBI_PMIC is not set +# CONFIG_PINCTRL_APQ8064 is not set +# CONFIG_PINCTRL_APQ8084 is not set +# CONFIG_PINCTRL_MSM8660 is not set +# CONFIG_PINCTRL_MSM8960 is not set +# CONFIG_PINCTRL_MSM8X74 is not set +# CONFIG_PINCTRL_QDF2XXX is not set +# CONFIG_INPUT_PM8941_PWRKEY is not set +# CONFIG_INPUT_REGULATOR_HAPTIC is not set +# CONFIG_CHARGER_MANAGER is not set +# CONFIG_SENSORS_LTC2978_REGULATOR is not set + # ThunderX # CONFIG_MDIO_OCTEON is not set diff --git a/config-armv7 b/config-armv7 index 1a040d692..955ac2fb6 100644 --- a/config-armv7 +++ b/config-armv7 @@ -320,6 +320,9 @@ CONFIG_USB_DWC3_QCOM=m CONFIG_DWMAC_IPQ806X=m CONFIG_CRYPTO_DEV_QCE=m CONFIG_DRM_MSM=m +# CONFIG_DRM_MSM_DSI is not set +CONFIG_DRM_MSM_HDMI_HDCP=y +# CONFIG_DRM_MSM_REGISTER_LOGGING is not set CONFIG_DRM_MSM_FBDEV=y CONFIG_USB_EHCI_MSM=m CONFIG_MFD_PM8XXX=m @@ -328,10 +331,7 @@ CONFIG_INPUT_PM8XXX_VIBRATOR=m CONFIG_INPUT_PMIC8XXX_PWRKEY=m CONFIG_INPUT_PM8941_PWRKEY=m CONFIG_RTC_DRV_PM8XXX=m -# CONFIG_DRM_MSM_REGISTER_LOGGING is not set CONFIG_QCOM_WDT=m -CONFIG_MFD_SPMI_PMIC=m -CONFIG_SPMI=m CONFIG_SPMI_MSM_PMIC_ARB=m CONFIG_QCOM_SPMI_IADC=m CONFIG_QCOM_SPMI_VADC=m diff --git a/config-armv7-generic b/config-armv7-generic index bcfb36bb1..19aaa55ad 100644 --- a/config-armv7-generic +++ b/config-armv7-generic @@ -35,6 +35,7 @@ CONFIG_ARCH_HAS_TICK_BROADCAST=y CONFIG_IRQ_CROSSBAR=y CONFIG_IOMMU_IO_PGTABLE_LPAE=y CONFIG_CPU_SW_DOMAIN_PAN=y +CONFIG_ARM_CPU_SUSPEND=y # CONFIG_MCPM is not set # CONFIG_OABI_COMPAT is not set @@ -126,22 +127,9 @@ CONFIG_HIGHMEM=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y # CONFIG_ARM_MODULE_PLTS is not set -CONFIG_SCHED_MC=y -CONFIG_SCHED_SMT=y - CONFIG_RCU_FANOUT=32 -CONFIG_CHECKPOINT_RESTORE=y - -# Power management / thermal / cpu scaling -CONFIG_PM_OPP=y -CONFIG_ARM_CPU_SUSPEND=y -CONFIG_ARM_PSCI=y -CONFIG_THERMAL=y -CONFIG_CLOCK_THERMAL=y -# CONFIG_DEVFREQ_THERMAL is not set -CONFIG_CPUFREQ_DT=m -# CONFIG_ARM_BIG_LITTLE_CPUFREQ is not set +# Dynamic Voltage and Frequency Scaling CONFIG_PM_DEVFREQ=y CONFIG_PM_DEVFREQ_EVENT=y CONFIG_DEVFREQ_GOV_SIMPLE_ONDEMAND=y @@ -155,6 +143,7 @@ CONFIG_LSM_MMAP_MIN_ADDR=32768 CONFIG_XZ_DEC_ARM=y # CONFIG_PCI_LAYERSCAPE is not set + # Do NOT enable this, it breaks stuff and makes things go slow # CONFIG_UACCESS_WITH_MEMCPY is not set @@ -464,7 +453,6 @@ CONFIG_DRM_DW_HDMI_AHB_AUDIO=m # regmap CONFIG_REGMAP_SPI=m -CONFIG_REGMAP_SPMI=m CONFIG_REGMAP_MMIO=m CONFIG_REGMAP_IRQ=y @@ -591,12 +579,6 @@ CONFIG_RTC_DRV_TPS80031=m # CONFIG_RTC_DRV_XGENE is not set # Regulators -CONFIG_REGULATOR=y -CONFIG_RFKILL_REGULATOR=m -CONFIG_REGULATOR_FIXED_VOLTAGE=y -CONFIG_REGULATOR_VIRTUAL_CONSUMER=m -CONFIG_REGULATOR_USERSPACE_CONSUMER=m -CONFIG_REGULATOR_GPIO=m # CONFIG_REGULATOR_ACT8865 is not set CONFIG_REGULATOR_AD5398=m CONFIG_REGULATOR_DA9210=m @@ -630,7 +612,6 @@ CONFIG_REGULATOR_ANATOP=m CONFIG_REGULATOR_DA9211=m CONFIG_REGULATOR_ISL9305=m CONFIG_REGULATOR_MAX77802=m -CONFIG_REGULATOR_PWM=m # CONFIG_REGULATOR_MT6311 is not set CONFIG_SENSORS_LTC2978_REGULATOR=y diff --git a/config-generic b/config-generic index a62e247a8..e6e721c32 100644 --- a/config-generic +++ b/config-generic @@ -1412,8 +1412,6 @@ CONFIG_NET_VENDOR_AMD=y CONFIG_PCNET32=m CONFIG_AMD8111_ETH=m CONFIG_PCMCIA_NMCLAN=m -# CONFIG_AMD_XGBE is not set -# CONFIG_AMD_XGBE_PHY is not set CONFIG_NET_VENDOR_ARC=y CONFIG_ARC_EMAC=m diff --git a/config-x86-generic b/config-x86-generic index ea3d44975..2ad965e6f 100644 --- a/config-x86-generic +++ b/config-x86-generic @@ -281,7 +281,7 @@ CONFIG_KVM_INTEL=m CONFIG_KVM_AMD=m CONFIG_KVM_DEVICE_ASSIGNMENT=y CONFIG_LGUEST=m -CONFIG_LGUEST_GUEST=y +# CONFIG_LGUEST_GUEST is not set CONFIG_HYPERVISOR_GUEST=y CONFIG_PARAVIRT=y diff --git a/dmaengine-sun4i-support-module-autoloading.patch b/dmaengine-sun4i-support-module-autoloading.patch new file mode 100644 index 000000000..7d7937474 --- /dev/null +++ b/dmaengine-sun4i-support-module-autoloading.patch @@ -0,0 +1,35 @@ +From 94c622b2a742c6793d74a71280df0c3a5365a156 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Emilio=20L=C3=B3pez?= <emilio.lopez@collabora.co.uk> +Date: Sun, 21 Feb 2016 22:26:35 -0300 +Subject: [PATCH 33831/39109] dmaengine: sun4i: support module autoloading +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +MODULE_DEVICE_TABLE() is missing, so the module isn't auto-loading on +supported systems. This commit adds the missing line so it loads +automatically when building it as a module and running on a system +with the early sunxi DMA engine. + +Signed-off-by: Emilio López <emilio.lopez@collabora.co.uk> +Reviewed-by: Javier Martinez Canillas <javier@osg.samsung.com> +Signed-off-by: Vinod Koul <vinod.koul@intel.com> +--- + drivers/dma/sun4i-dma.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/dma/sun4i-dma.c b/drivers/dma/sun4i-dma.c +index 1661d518..e0df233 100644 +--- a/drivers/dma/sun4i-dma.c ++++ b/drivers/dma/sun4i-dma.c +@@ -1271,6 +1271,7 @@ static const struct of_device_id sun4i_dma_match[] = { + { .compatible = "allwinner,sun4i-a10-dma" }, + { /* sentinel */ }, + }; ++MODULE_DEVICE_TABLE(of, sun4i_dma_match); + + static struct platform_driver sun4i_dma_driver = { + .probe = sun4i_dma_probe, +-- +2.7.4 + diff --git a/kernel.spec b/kernel.spec index cc5cb040c..dffa7b6e7 100644 --- a/kernel.spec +++ b/kernel.spec @@ -59,7 +59,7 @@ Summary: The Linux kernel # Do we have a -stable update to apply? -%define stable_update 5 +%define stable_update 6 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -524,6 +524,8 @@ Patch422: geekbox-v4-device-tree-support.patch # http://www.spinics.net/lists/arm-kernel/msg483898.html Patch423: Initial-AllWinner-A64-and-PINE64-support.patch +Patch424: dmaengine-sun4i-support-module-autoloading.patch + # http://www.spinics.net/lists/linux-tegra/msg26029.html Patch426: usb-phy-tegra-Add-38.4MHz-clock-table-entry.patch @@ -662,9 +664,6 @@ Patch705: mm-thp-kvm-fix-memory-corruption-in-KVM-with-THP-ena.patch #CVE-2016-4482 rhbz 1332931 1332932 Patch706: USB-usbfs-fix-potential-infoleak-in-devio.patch -#rhbz 1328633 -Patch713: sp5100_tco-properly-check-for-new-register-layouts.patch - #CVE-2016-4569 rhbz 1334643 1334645 Patch714: ALSA-timer-Fix-leak-in-SNDRV_TIMER_IOCTL_PARAMS.patch Patch715: ALSA-timer-Fix-leak-in-events-via-snd_timer_user_cca.patch @@ -673,8 +672,11 @@ Patch716: ALSA-timer-Fix-leak-in-events-via-snd_timer_user_tin.patch #CVE-2016-0758 rhbz 1300257 1335386 Patch717: KEYS-Fix-ASN.1-indefinite-length-object-parsing.patch -#CVE-2016-3713 rhbz 1332139 1336410 -Patch718: KVM-MTRR-remove-MSR-0x2f8.patch +#CVE-2016-4440 rhbz 1337806 1337807 +Patch719: kvm-vmx-more-complete-state-update-on-APICv-on-off.patch + +#CVE-2016-4951 rhbz 1338625 1338626 +Patch720: tipc-check-nl-sock-before-parsing-nested-attributes.patch # END OF PATCH DEFINITIONS @@ -2200,6 +2202,21 @@ fi # # %changelog +* Wed Jun 01 2016 Justin M. Forbes <jforbes@fedoraproject.org> 4.5.6-300 +- Linux v4.5.6 + +* Sun May 29 2016 Peter Robinson <pbrobinson@fedoraproject.org> +- Update Utilite patch +- Fix AllWinner DMA driver loading +- Minor cleanups for ARM power/cpufreq management +- Initial Qualcomm ARM64 support (Dragonboard 410c) + +* Mon May 23 2016 Josh Boyer <jwboyer@fedoraproject.org> +- CVE-2016-4951 null ptr deref in tipc_nl_publ_dump (rhbz 1338625 1338626) + +* Fri May 20 2016 Josh Boyer <jwboyer@fedoraproject.org> +- CVE-2016-4440 kvm: incorrect state leading to APIC register access (rhbz 1337806 1337807) + * Thu May 19 2016 Josh Boyer <jwboyer@fedoraproject.org> - 4.5.5-300 - Linux v4.5.5 - CVE-2016-4913 isofs: info leak with malformed NM entries (rhbz 1337528 1337529) diff --git a/kvm-vmx-more-complete-state-update-on-APICv-on-off.patch b/kvm-vmx-more-complete-state-update-on-APICv-on-off.patch new file mode 100644 index 000000000..67043300c --- /dev/null +++ b/kvm-vmx-more-complete-state-update-on-APICv-on-off.patch @@ -0,0 +1,112 @@ +From: Roman Kagan <rkagan@virtuozzo.com> +Subject: [PATCH v3] kvm:vmx: more complete state update on APICv on/off +Date: 2016-05-18 14:48:20 GMT (1 day, 21 hours and 23 minutes ago) + +The function to update APICv on/off state (in particular, to deactivate +it when enabling Hyper-V SynIC), used to be incomplete: it didn't adjust +APICv-related fields among secondary processor-based VM-execution +controls. + +As a result, Windows 2012 guests would get stuck when SynIC-based +auto-EOI interrupt intersected with e.g. an IPI in the guest. + +In addition, the MSR intercept bitmap wasn't updated to correspond to +whether "virtualize x2APIC mode" was enabled. This path used not to be +triggered, since Windows didn't use x2APIC but rather their own +synthetic APIC access MSRs; however it represented a security risk +because the guest running in a SynIC-enabled VM could switch to x2APIC +and thus obtain direct access to host APIC MSRs (thanks to Yang Zhang +<yang.zhang.wz@gmail.com> for spotting this). + +The patch fixes those omissions. + +Signed-off-by: Roman Kagan <rkagan@virtuozzo.com> +Cc: Steve Rutherford <srutherford@google.com> +Cc: Yang Zhang <yang.zhang.wz@gmail.com> +--- +v2 -> v3: + - only switch to x2apic msr bitmap if virtualize x2apic mode is on in vmcs + +v1 -> v2: + - only update relevant bits in the secondary exec control + - update msr intercept bitmap (also make x2apic msr bitmap always + correspond to APICv) + + arch/x86/kvm/vmx.c | 48 ++++++++++++++++++++++++++++++------------------ + 1 file changed, 30 insertions(+), 18 deletions(-) + +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c +index ee1c8a9..cef741a 100644 +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -2418,7 +2418,9 @@ static void vmx_set_msr_bitmap(struct kvm_vcpu *vcpu) + + if (is_guest_mode(vcpu)) + msr_bitmap = vmx_msr_bitmap_nested; +- else if (vcpu->arch.apic_base & X2APIC_ENABLE) { ++ else if (cpu_has_secondary_exec_ctrls() && ++ (vmcs_read32(SECONDARY_VM_EXEC_CONTROL) & ++ SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE)) { + if (is_long_mode(vcpu)) + msr_bitmap = vmx_msr_bitmap_longmode_x2apic; + else +@@ -4783,6 +4785,19 @@ static void vmx_refresh_apicv_exec_ctrl(struct kvm_vcpu *vcpu) + struct vcpu_vmx *vmx = to_vmx(vcpu); + + vmcs_write32(PIN_BASED_VM_EXEC_CONTROL, vmx_pin_based_exec_ctrl(vmx)); ++ if (cpu_has_secondary_exec_ctrls()) { ++ if (kvm_vcpu_apicv_active(vcpu)) ++ vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL, ++ SECONDARY_EXEC_APIC_REGISTER_VIRT | ++ SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY); ++ else ++ vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL, ++ SECONDARY_EXEC_APIC_REGISTER_VIRT | ++ SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY); ++ } ++ ++ if (cpu_has_vmx_msr_bitmap()) ++ vmx_set_msr_bitmap(vcpu); + } + + static u32 vmx_exec_control(struct vcpu_vmx *vmx) +@@ -6329,23 +6344,20 @@ static __init int hardware_setup(void) + + set_bit(0, vmx_vpid_bitmap); /* 0 is reserved for host */ + +- if (enable_apicv) { +- for (msr = 0x800; msr <= 0x8ff; msr++) +- vmx_disable_intercept_msr_read_x2apic(msr); +- +- /* According SDM, in x2apic mode, the whole id reg is used. +- * But in KVM, it only use the highest eight bits. Need to +- * intercept it */ +- vmx_enable_intercept_msr_read_x2apic(0x802); +- /* TMCCT */ +- vmx_enable_intercept_msr_read_x2apic(0x839); +- /* TPR */ +- vmx_disable_intercept_msr_write_x2apic(0x808); +- /* EOI */ +- vmx_disable_intercept_msr_write_x2apic(0x80b); +- /* SELF-IPI */ +- vmx_disable_intercept_msr_write_x2apic(0x83f); +- } ++ for (msr = 0x800; msr <= 0x8ff; msr++) ++ vmx_disable_intercept_msr_read_x2apic(msr); ++ ++ /* According SDM, in x2apic mode, the whole id reg is used. But in ++ * KVM, it only use the highest eight bits. Need to intercept it */ ++ vmx_enable_intercept_msr_read_x2apic(0x802); ++ /* TMCCT */ ++ vmx_enable_intercept_msr_read_x2apic(0x839); ++ /* TPR */ ++ vmx_disable_intercept_msr_write_x2apic(0x808); ++ /* EOI */ ++ vmx_disable_intercept_msr_write_x2apic(0x80b); ++ /* SELF-IPI */ ++ vmx_disable_intercept_msr_write_x2apic(0x83f); + + if (enable_ept) { + kvm_mmu_set_mask_ptes(0ull, +-- +2.5.5 @@ -1,3 +1,3 @@ a60d48eee08ec0536d5efb17ca819aef linux-4.5.tar.xz 6f557fe90b800b615c85c2ca04da6154 perf-man-4.5.tar.gz -fe89010925304f6f07713741f0c8e811 patch-4.5.5.xz +165ea1f74c34d264f11be8c25d97635b patch-4.5.6.xz diff --git a/sp5100_tco-properly-check-for-new-register-layouts.patch b/sp5100_tco-properly-check-for-new-register-layouts.patch deleted file mode 100644 index 83c86d151..000000000 --- a/sp5100_tco-properly-check-for-new-register-layouts.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 5896a59895689db447e888c1714022bbb9526ede Mon Sep 17 00:00:00 2001 -From: Lucas Stach <dev@lynxeye.de> -Date: Tue, 3 May 2016 19:15:58 +0200 -Subject: [PATCH] sp5100_tco: properly check for new register layouts - -Commits 190aa4304de6 (Add AMD Mullins platform support) and -cca118fa2a0a94 (Add AMD Carrizo platform support) enabled the -driver on a lot more devices, but the following commit missed -a single location in the code when checking if the SB800 register -offsets should be used. This leads to the wrong register being -written which in turn causes ACPI to go haywire. - -Fix this by introducing a helper function to check for the new -register layout and use this consistently. - -https://bugzilla.kernel.org/show_bug.cgi?id=114201 -https://bugzilla.redhat.com/show_bug.cgi?id=1329910 -Fixes: bdecfcdb5461 (sp5100_tco: fix the device check for SB800 -and later chipsets) -Cc: stable@vger.kernel.org (4.5+) -Signed-off-by: Lucas Stach <dev@lynxeye.de> ---- - drivers/watchdog/sp5100_tco.c | 15 ++++++++++----- - 1 file changed, 10 insertions(+), 5 deletions(-) - -diff --git a/drivers/watchdog/sp5100_tco.c b/drivers/watchdog/sp5100_tco.c -index 6467b91..028618c 100644 ---- a/drivers/watchdog/sp5100_tco.c -+++ b/drivers/watchdog/sp5100_tco.c -@@ -73,6 +73,13 @@ MODULE_PARM_DESC(nowayout, "Watchdog cannot be stopped once started." - /* - * Some TCO specific functions - */ -+ -+static bool tco_has_sp5100_reg_layout(struct pci_dev *dev) -+{ -+ return dev->device == PCI_DEVICE_ID_ATI_SBX00_SMBUS && -+ dev->revision < 0x40; -+} -+ - static void tco_timer_start(void) - { - u32 val; -@@ -129,7 +136,7 @@ static void tco_timer_enable(void) - { - int val; - -- if (sp5100_tco_pci->revision >= 0x40) { -+ if (!tco_has_sp5100_reg_layout(sp5100_tco_pci)) { - /* For SB800 or later */ - /* Set the Watchdog timer resolution to 1 sec */ - outb(SB800_PM_WATCHDOG_CONFIG, SB800_IO_PM_INDEX_REG); -@@ -342,8 +349,7 @@ static unsigned char sp5100_tco_setupdevice(void) - /* - * Determine type of southbridge chipset. - */ -- if (sp5100_tco_pci->device == PCI_DEVICE_ID_ATI_SBX00_SMBUS && -- sp5100_tco_pci->revision < 0x40) { -+ if (tco_has_sp5100_reg_layout(sp5100_tco_pci)) { - dev_name = SP5100_DEVNAME; - index_reg = SP5100_IO_PM_INDEX_REG; - data_reg = SP5100_IO_PM_DATA_REG; -@@ -388,8 +394,7 @@ static unsigned char sp5100_tco_setupdevice(void) - * Secondly, Find the watchdog timer MMIO address - * from SBResource_MMIO register. - */ -- if (sp5100_tco_pci->device == PCI_DEVICE_ID_ATI_SBX00_SMBUS && -- sp5100_tco_pci->revision < 0x40) { -+ if (tco_has_sp5100_reg_layout(sp5100_tco_pci)) { - /* Read SBResource_MMIO from PCI config(PCI_Reg: 9Ch) */ - pci_read_config_dword(sp5100_tco_pci, - SP5100_SB_RESOURCE_MMIO_BASE, &val); --- -2.7.4 - diff --git a/tipc-check-nl-sock-before-parsing-nested-attributes.patch b/tipc-check-nl-sock-before-parsing-nested-attributes.patch new file mode 100644 index 000000000..09bfe1485 --- /dev/null +++ b/tipc-check-nl-sock-before-parsing-nested-attributes.patch @@ -0,0 +1,36 @@ +From 45e093ae2830cd1264677d47ff9a95a71f5d9f9c Mon Sep 17 00:00:00 2001 +From: Richard Alpe <richard.alpe@ericsson.com> +Date: Mon, 16 May 2016 11:14:54 +0200 +Subject: [PATCH] tipc: check nl sock before parsing nested attributes + +Make sure the socket for which the user is listing publication exists +before parsing the socket netlink attributes. + +Prior to this patch a call without any socket caused a NULL pointer +dereference in tipc_nl_publ_dump(). + +Tested-and-reported-by: Baozeng Ding <sploving1@gmail.com> +Signed-off-by: Richard Alpe <richard.alpe@ericsson.com> +Acked-by: Jon Maloy <jon.maloy@ericsson.cm> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/tipc/socket.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/tipc/socket.c b/net/tipc/socket.c +index 12628890c219..3b7a79991d55 100644 +--- a/net/tipc/socket.c ++++ b/net/tipc/socket.c +@@ -2853,6 +2853,9 @@ int tipc_nl_publ_dump(struct sk_buff *skb, struct netlink_callback *cb) + if (err) + return err; + ++ if (!attrs[TIPC_NLA_SOCK]) ++ return -EINVAL; ++ + err = nla_parse_nested(sock, TIPC_NLA_SOCK_MAX, + attrs[TIPC_NLA_SOCK], + tipc_nl_sock_policy); +-- +2.5.5 + |