Linux v4.6-3623-g0b7962a

ata, regulator, gpio, HID, livepatching, networking, dm, block, vfs, fs, timers, crypto merges
author: Laura Abbott <labbott@fedoraproject.org> 2016-05-18 08:28:46 -0700
committer: Laura Abbott <labbott@fedoraproject.org> 2016-05-18 08:32:30 -0700
commit: af495309bb553b4659f08470ac94fedf74b3845a (patch)
tree: f540f17c8dea7042a98db7f6b1d6729817829d27
parent: 3856ef7eb1db56671e00a069af6c0614c6b21c7f (diff)
download: kernel-af495309bb553b4659f08470ac94fedf74b3845a.tar.gz
kernel-af495309bb553b4659f08470ac94fedf74b3845a.tar.xz
kernel-af495309bb553b4659f08470ac94fedf74b3845a.zip
9 files changed, 60 insertions, 311 deletions
diff --git a/Add-secure_modules-call.patch b/Add-secure_modules-call.patch
index b6e039ff0..5c272a983 100644
--- a/Add-secure_modules-call.patch
+++ b/Add-secure_modules-call.patch
@@ -1,4 +1,4 @@
-From a1aaf20cffb1a949c5d6b1198690c7c30cfda4d5 Mon Sep 17 00:00:00 2001
+From 0f6eec5ca124baf1372fb4edeacd11a002378f5e Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 17:58:15 -0400
 Subject: [PATCH 01/20] Add secure_modules() call
@@ -17,19 +17,19 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  2 files changed, 16 insertions(+)
 
 diff --git a/include/linux/module.h b/include/linux/module.h
-index 3a19c79918e0..db386349cd01 100644
+index 3daf2b3..082298a 100644
 --- a/include/linux/module.h
 +++ b/include/linux/module.h
-@@ -635,6 +635,8 @@ static inline bool module_requested_async_probing(struct module *module)
- 	return module && module->async_probe_requested;
+@@ -655,6 +655,8 @@ static inline bool is_livepatch_module(struct module *mod)
  }
+ #endif /* CONFIG_LIVEPATCH */
  
 +extern bool secure_modules(void);
 +
  #else /* !CONFIG_MODULES... */
  
  /* Given an address, look for it in the exception tables. */
-@@ -751,6 +753,10 @@ static inline bool module_requested_async_probing(struct module *module)
+@@ -771,6 +773,10 @@ static inline bool module_requested_async_probing(struct module *module)
  	return false;
  }
  
@@ -41,10 +41,10 @@ index 3a19c79918e0..db386349cd01 100644
  
  #ifdef CONFIG_SYSFS
 diff --git a/kernel/module.c b/kernel/module.c
-index b86b7bf1be38..7f045246e123 100644
+index 5f71aa6..3c38496 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -4087,3 +4087,13 @@ void module_layout(struct module *mod,
+@@ -4199,3 +4199,13 @@ void module_layout(struct module *mod,
  }
  EXPORT_SYMBOL(module_layout);
  #endif
@@ -59,5 +59,5 @@ index b86b7bf1be38..7f045246e123 100644
 +}
 +EXPORT_SYMBOL(secure_modules);
 -- 
-2.4.3
+2.5.5
 
diff --git a/antenna_select.patch b/antenna_select.patch
deleted file mode 100644
index 15763e9bc..000000000
--- a/antenna_select.patch
+++ /dev/null
@@ -1,227 +0,0 @@
-From c18d8f5095715c56bb3cd9cba64242542632054b Mon Sep 17 00:00:00 2001
-From: Larry Finger <Larry.Finger@lwfinger.net>
-Date: Wed, 16 Mar 2016 13:33:34 -0500
-Subject: rtlwifi: rtl8723be: Add antenna select module parameter
-
-A number of new laptops have been delivered with only a single antenna.
-In principle, this is OK; however, a problem arises when the on-board
-EEPROM is programmed to use the other antenna connection. The option
-of opening the computer and moving the connector is not always possible
-as it will void the warranty in some cases. In addition, this solution
-breaks the Windows driver when the box dual boots Linux and Windows.
-
-A fix involving a new module parameter has been developed.  This commit
-adds the new parameter and implements the changes needed for the driver.
-
-Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
-Cc: Stable <stable@vger.kernel.org> [V4.0+]
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
----
- drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c | 5 +++++
- drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c | 3 +++
- drivers/net/wireless/realtek/rtlwifi/wifi.h         | 3 +++
- 3 files changed, 11 insertions(+)
-
-diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c
-index c983d2f..5a3df91 100644
---- a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c
-+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c
-@@ -2684,6 +2684,7 @@ void rtl8723be_read_bt_coexist_info_from_hwpg(struct ieee80211_hw *hw,
- 					      bool auto_load_fail, u8 *hwinfo)
- {
- 	struct rtl_priv *rtlpriv = rtl_priv(hw);
-+	struct rtl_mod_params *mod_params = rtlpriv->cfg->mod_params;
- 	u8 value;
- 	u32 tmpu_32;
- 
-@@ -2702,6 +2703,10 @@ void rtl8723be_read_bt_coexist_info_from_hwpg(struct ieee80211_hw *hw,
- 		rtlpriv->btcoexist.btc_info.ant_num = ANT_X2;
- 	}
- 
-+	/* override ant_num / ant_path */
-+	if (mod_params->ant_sel)
-+		rtlpriv->btcoexist.btc_info.ant_num =
-+			(mod_params->ant_sel == 1 ? ANT_X2 : ANT_X1);
- }
- 
- void rtl8723be_bt_reg_init(struct ieee80211_hw *hw)
-diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c
-index a78eaed..2101793 100644
---- a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c
-+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c
-@@ -273,6 +273,7 @@ static struct rtl_mod_params rtl8723be_mod_params = {
- 	.msi_support = false,
- 	.disable_watchdog = false,
- 	.debug = DBG_EMERG,
-+	.ant_sel = 0,
- };
- 
- static struct rtl_hal_cfg rtl8723be_hal_cfg = {
-@@ -394,6 +395,7 @@ module_param_named(fwlps, rtl8723be_mod_params.fwctrl_lps, bool, 0444);
- module_param_named(msi, rtl8723be_mod_params.msi_support, bool, 0444);
- module_param_named(disable_watchdog, rtl8723be_mod_params.disable_watchdog,
- 		   bool, 0444);
-+module_param_named(ant_sel, rtl8723be_mod_params.ant_sel, int, 0444);
- MODULE_PARM_DESC(swenc, "Set to 1 for software crypto (default 0)\n");
- MODULE_PARM_DESC(ips, "Set to 0 to not use link power save (default 1)\n");
- MODULE_PARM_DESC(swlps, "Set to 1 to use SW control power save (default 0)\n");
-@@ -402,6 +404,7 @@ MODULE_PARM_DESC(msi, "Set to 1 to use MSI interrupts mode (default 0)\n");
- MODULE_PARM_DESC(debug, "Set debug level (0-5) (default 0)");
- MODULE_PARM_DESC(disable_watchdog,
- 		 "Set to 1 to disable the watchdog (default 0)\n");
-+MODULE_PARM_DESC(ant_sel, "Set to 1 or 2 to force antenna number (default 0)\n");
- 
- static SIMPLE_DEV_PM_OPS(rtlwifi_pm_ops, rtl_pci_suspend, rtl_pci_resume);
- 
-diff --git a/drivers/net/wireless/realtek/rtlwifi/wifi.h b/drivers/net/wireless/realtek/rtlwifi/wifi.h
-index 554d814..93bd7fc 100644
---- a/drivers/net/wireless/realtek/rtlwifi/wifi.h
-+++ b/drivers/net/wireless/realtek/rtlwifi/wifi.h
-@@ -2246,6 +2246,9 @@ struct rtl_mod_params {
- 
- 	/* default 0: 1 means do not disable interrupts */
- 	bool int_clear;
-+
-+	/* select antenna */
-+	int ant_sel;
- };
- 
- struct rtl_hal_usbint_cfg {
--- 
-cgit v0.12
-
-From baa1702290953295e421f0f433e2b1ff4815827c Mon Sep 17 00:00:00 2001
-From: Larry Finger <Larry.Finger@lwfinger.net>
-Date: Wed, 16 Mar 2016 13:33:35 -0500
-Subject: rtlwifi: btcoexist: Implement antenna selection
-
-The previous patch added an option to rtl8723be to manually select the
-antenna for those cases when only a single antenna is present, and the
-on-board EEPROM is incorrectly programmed. This patch implements the
-necessary changes in the Bluetooth coexistence driver.
-
-Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
-Cc: Stable <stable@vger.kernel.org> [V4.0+]
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
----
- .../realtek/rtlwifi/btcoexist/halbtc8723b2ant.c    |  9 ++++++--
- .../realtek/rtlwifi/btcoexist/halbtcoutsrc.c       | 27 +++++++++++++++++++++-
- .../realtek/rtlwifi/btcoexist/halbtcoutsrc.h       |  2 +-
- .../wireless/realtek/rtlwifi/btcoexist/rtl_btc.c   |  5 +++-
- 4 files changed, 38 insertions(+), 5 deletions(-)
-
-diff --git a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c
-index c43ab59..77cbd10 100644
---- a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c
-+++ b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c
-@@ -1203,7 +1203,6 @@ static void btc8723b2ant_set_ant_path(struct btc_coexist *btcoexist,
- 
- 		/* Force GNT_BT to low */
- 		btcoexist->btc_write_1byte_bitmask(btcoexist, 0x765, 0x18, 0x0);
--		btcoexist->btc_write_2byte(btcoexist, 0x948, 0x0);
- 
- 		if (board_info->btdm_ant_pos == BTC_ANTENNA_AT_MAIN_PORT) {
- 			/* tell firmware "no antenna inverse" */
-@@ -1211,19 +1210,25 @@ static void btc8723b2ant_set_ant_path(struct btc_coexist *btcoexist,
- 			h2c_parameter[1] = 1;  /* ext switch type */
- 			btcoexist->btc_fill_h2c(btcoexist, 0x65, 2,
- 						h2c_parameter);
-+			btcoexist->btc_write_2byte(btcoexist, 0x948, 0x0);
- 		} else {
- 			/* tell firmware "antenna inverse" */
- 			h2c_parameter[0] = 1;
- 			h2c_parameter[1] = 1;  /* ext switch type */
- 			btcoexist->btc_fill_h2c(btcoexist, 0x65, 2,
- 						h2c_parameter);
-+			btcoexist->btc_write_2byte(btcoexist, 0x948, 0x280);
- 		}
- 	}
- 
- 	/* ext switch setting */
- 	if (use_ext_switch) {
- 		/* fixed internal switch S1->WiFi, S0->BT */
--		btcoexist->btc_write_2byte(btcoexist, 0x948, 0x0);
-+		if (board_info->btdm_ant_pos == BTC_ANTENNA_AT_MAIN_PORT)
-+			btcoexist->btc_write_2byte(btcoexist, 0x948, 0x0);
-+		else
-+			btcoexist->btc_write_2byte(btcoexist, 0x948, 0x280);
-+
- 		switch (antpos_type) {
- 		case BTC_ANT_WIFI_AT_MAIN:
- 			/* ext switch main at wifi */
-diff --git a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c
-index b2791c8..babd149 100644
---- a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c
-+++ b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c
-@@ -965,13 +965,38 @@ void exhalbtc_set_chip_type(u8 chip_type)
- 	}
- }
- 
--void exhalbtc_set_ant_num(u8 type, u8 ant_num)
-+void exhalbtc_set_ant_num(struct rtl_priv *rtlpriv, u8 type, u8 ant_num)
- {
- 	if (BT_COEX_ANT_TYPE_PG == type) {
- 		gl_bt_coexist.board_info.pg_ant_num = ant_num;
- 		gl_bt_coexist.board_info.btdm_ant_num = ant_num;
-+		/* The antenna position:
-+		 * Main (default) or Aux for pgAntNum=2 && btdmAntNum =1.
-+		 * The antenna position should be determined by
-+		 * auto-detect mechanism.
-+		 * The following is assumed to main,
-+		 * and those must be modified
-+		 * if y auto-detect mechanism is ready
-+		 */
-+		if ((gl_bt_coexist.board_info.pg_ant_num == 2) &&
-+		    (gl_bt_coexist.board_info.btdm_ant_num == 1))
-+			gl_bt_coexist.board_info.btdm_ant_pos =
-+						       BTC_ANTENNA_AT_MAIN_PORT;
-+		else
-+			gl_bt_coexist.board_info.btdm_ant_pos =
-+						       BTC_ANTENNA_AT_MAIN_PORT;
- 	} else if (BT_COEX_ANT_TYPE_ANTDIV == type) {
- 		gl_bt_coexist.board_info.btdm_ant_num = ant_num;
-+		gl_bt_coexist.board_info.btdm_ant_pos =
-+						       BTC_ANTENNA_AT_MAIN_PORT;
-+	} else if (type == BT_COEX_ANT_TYPE_DETECTED) {
-+		gl_bt_coexist.board_info.btdm_ant_num = ant_num;
-+		if (rtlpriv->cfg->mod_params->ant_sel == 1)
-+			gl_bt_coexist.board_info.btdm_ant_pos =
-+				BTC_ANTENNA_AT_AUX_PORT;
-+		else
-+			gl_bt_coexist.board_info.btdm_ant_pos =
-+				BTC_ANTENNA_AT_MAIN_PORT;
- 	}
- }
- 
-diff --git a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.h b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.h
-index 0a903ea..f41ca57 100644
---- a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.h
-+++ b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.h
-@@ -535,7 +535,7 @@ void exhalbtc_set_bt_patch_version(u16 bt_hci_version, u16 bt_patch_version);
- void exhalbtc_update_min_bt_rssi(char bt_rssi);
- void exhalbtc_set_bt_exist(bool bt_exist);
- void exhalbtc_set_chip_type(u8 chip_type);
--void exhalbtc_set_ant_num(u8 type, u8 ant_num);
-+void exhalbtc_set_ant_num(struct rtl_priv *rtlpriv, u8 type, u8 ant_num);
- void exhalbtc_display_bt_coex_info(struct btc_coexist *btcoexist);
- void exhalbtc_signal_compensation(struct btc_coexist *btcoexist,
- 				  u8 *rssi_wifi, u8 *rssi_bt);
-diff --git a/drivers/net/wireless/realtek/rtlwifi/btcoexist/rtl_btc.c b/drivers/net/wireless/realtek/rtlwifi/btcoexist/rtl_btc.c
-index b9b0cb7..d3fd921 100644
---- a/drivers/net/wireless/realtek/rtlwifi/btcoexist/rtl_btc.c
-+++ b/drivers/net/wireless/realtek/rtlwifi/btcoexist/rtl_btc.c
-@@ -72,7 +72,10 @@ void rtl_btc_init_hal_vars(struct rtl_priv *rtlpriv)
- 		 __func__, bt_type);
- 	exhalbtc_set_chip_type(bt_type);
- 
--	exhalbtc_set_ant_num(BT_COEX_ANT_TYPE_PG, ant_num);
-+	if (rtlpriv->cfg->mod_params->ant_sel == 1)
-+		exhalbtc_set_ant_num(rtlpriv, BT_COEX_ANT_TYPE_DETECTED, 1);
-+	else
-+		exhalbtc_set_ant_num(rtlpriv, BT_COEX_ANT_TYPE_PG, ant_num);
- }
- 
- void rtl_btc_init_hw_config(struct rtl_priv *rtlpriv)
--- 
-cgit v0.12
-
diff --git a/config-arm-generic b/config-arm-generic
index 989dbf7fc..4bb634ff6 100644
--- a/config-arm-generic
+++ b/config-arm-generic
@@ -540,3 +540,6 @@ CONFIG_CHECKPOINT_RESTORE=y
 # CONFIG_PINCTRL_CHERRYVIEW is not set
 # CONFIG_PINCTRL_BROXTON is not set
 # CONFIG_PINCTRL_SUNRISEPOINT is not set
+
+# CONFIG_HW_RANDOM_HISI is not set
+# CONFIG_QRTR is not set
diff --git a/config-armv7 b/config-armv7
index bcf054c3e..755cefa99 100644
--- a/config-armv7
+++ b/config-armv7
@@ -415,6 +415,7 @@ CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=m
 CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=m
 # CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG is not set
 # CONFIG_CRYPTO_DEV_MXS_DCP is not set
+# CONFIG_CRYPTO_DEV_MXC_SCC is not set
 CONFIG_RTC_DRV_SNVS=m
 CONFIG_FB_MXS=m
 # CONFIG_FB_MX3 is not set
diff --git a/config-generic b/config-generic
index 272fa4a75..70731ecda 100644
--- a/config-generic
+++ b/config-generic
@@ -813,6 +813,7 @@ CONFIG_NET_IPVTI=m
 CONFIG_NET_FOU=m
 CONFIG_NET_FOU_IP_TUNNELS=y
 CONFIG_GENEVE=m
+CONFIG_GTP=m
 CONFIG_MACSEC=m
 CONFIG_INET_AH=m
 CONFIG_INET_ESP=m
@@ -1565,6 +1566,10 @@ CONFIG_QLGE=m
 CONFIG_NETXEN_NIC=m
 CONFIG_QED=m
 CONFIG_QEDE=m
+CONFIG_QED_SRIOV=y
+# CONFIG_QEDE_VXLAN is not set
+# CONFIG_QEDE_GENEVE is not set
+
 
 # CONFIG_NET_VENDOR_QUALCOMM is not set
 
@@ -1634,6 +1639,7 @@ CONFIG_VIA_VELOCITY=m
 CONFIG_NET_VENDOR_WIZNET=y
 CONFIG_WIZNET_W5100=m
 CONFIG_WIZNET_W5300=m
+CONFIG_WIZNET_W5100_SPI=m
 CONFIG_NET_VENDOR_XIRCOM=y
 CONFIG_PCMCIA_XIRC2PS=m
 
@@ -1714,6 +1720,7 @@ CONFIG_MLXSW_CORE_HWMON=y
 CONFIG_MLXSW_PCI=m
 CONFIG_MLXSW_SWITCHX2=m
 CONFIG_MLXSW_SPECTRUM=m
+CONFIG_MLXSW_SPECTRUM_DCB=y
 # CONFIG_MLX4_DEBUG is not set
 # CONFIG_SFC is not set
 
@@ -2107,6 +2114,8 @@ CONFIG_NFC_PORT100=m
 CONFIG_NFC_PN544=m
 CONFIG_NFC_PN544_I2C=m
 CONFIG_NFC_PN533=m
+CONFIG_NFC_PN533_USB=m
+CONFIG_NFC_PN533_I2C=m
 CONFIG_NFC_MICROREAD=m
 CONFIG_NFC_MICROREAD_I2C=m
 CONFIG_NFC_TRF7970A=m
@@ -4101,6 +4110,7 @@ CONFIG_HID_LENOVO=m
 CONFIG_HID_CORSAIR=m
 CONFIG_HID_GFRM=m
 CONFIG_HID_CMEDIA=m
+CONFIG_HID_ASUS=m
 
 #
 # USB Imaging devices
@@ -5570,6 +5580,7 @@ CONFIG_NET_DSA_MV88E6131=m
 CONFIG_NET_DSA_MV88E6123=m
 CONFIG_NET_DSA_MV88E6171=m
 CONFIG_NET_DSA_MV88E6352=m
+CONFIG_NET_DSA_MV88E6XXX=m
 CONFIG_NET_DSA_BCM_SF2=m
 
 # Used by Maemo, we don't care.
diff --git a/gitrev b/gitrev
index 643bfe242..8c6b6aeb3 100644
--- a/gitrev
+++ b/gitrev
@@ -1 +1 @@
-16490980e396fac079248b23b1dd81e7d48bebf3
+0b7962a6c4a37ef3cbb25d976af7b9ec4ce8ad01
diff --git a/kernel.spec b/kernel.spec
index 8941c6ae1..2e9416cae 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -42,7 +42,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 2
+%global baserelease 1
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -69,7 +69,7 @@ Summary: The Linux kernel
 # The rc snapshot level
 %define rcrev 0
 # The git snapshot level
-%define gitrev 2
+%define gitrev 3
 # Set rpm version accordingly
 %define rpmversion 4.%{upstream_sublevel}.0
 %endif
@@ -606,9 +606,6 @@ Patch641: disable-CONFIG_EXPERT-for-ZONE_DMA.patch
 #CVE-2016-3134 rhbz 1317383 1317384
 Patch665: netfilter-x_tables-deal-with-bogus-nextoffset-values.patch
 
-#rhbz 1309487
-Patch701: antenna_select.patch
-
 #CVE-2016-4482 rhbz 1332931 1332932
 Patch706: USB-usbfs-fix-potential-infoleak-in-devio.patch
 
@@ -2145,6 +2142,11 @@ fi
 #
 # 
 %changelog
+* Wed May 18 2016 Laura Abbott <labbott@redhat.com> - 4.7.0-0.rc0.git3.1
+- Linux v4.6-3623-g0b7962a
+- ata, regulator, gpio, HID, livepatching, networking, dm, block, vfs, fs,
+  timers, crypto merges 
+
 * Tue May 17 2016 Laura Abbott <labbott@redhat.com> - 4.7.0-0.rc0.git2.2
 - Adjust solib for cpupower
 
diff --git a/netfilter-x_tables-deal-with-bogus-nextoffset-values.patch b/netfilter-x_tables-deal-with-bogus-nextoffset-values.patch
index ebfe1716f..e6f5fa6f5 100644
--- a/netfilter-x_tables-deal-with-bogus-nextoffset-values.patch
+++ b/netfilter-x_tables-deal-with-bogus-nextoffset-values.patch
@@ -1,6 +1,7 @@
-Subject:    [PATCH nf] netfilter: x_tables: deal with bogus nextoffset values
-From:       Florian Westphal <fw () strlen ! de>
-Date:       2016-03-10 0:56:02
+From 2b32a7d82223d76ace432305b18c5816cadff878 Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw () strlen ! de>
+Date: Thu, 10 Mar 2016 00:56:02 -0800
+Subject: [PATCH] netfilter: x_tables: deal with bogus nextoffset values
 
 Ben Hawkes says:
 
@@ -22,16 +23,16 @@ when we move to a next entry as well.
 
 Signed-off-by: Florian Westphal <fw@strlen.de>
 ---
- net/ipv4/netfilter/arp_tables.c | 16 ++++++++--------
- net/ipv4/netfilter/ip_tables.c  | 15 ++++++++-------
- net/ipv6/netfilter/ip6_tables.c | 13 ++++++-------
- 3 files changed, 22 insertions(+), 22 deletions(-)
+ net/ipv4/netfilter/arp_tables.c | 8 ++++++++
+ net/ipv4/netfilter/ip_tables.c  | 8 ++++++++
+ net/ipv6/netfilter/ip6_tables.c | 6 ++++++
+ 3 files changed, 22 insertions(+)
 
 diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
-index b488cac..5a0b591 100644
+index 2033f92..a9b6c76 100644
 --- a/net/ipv4/netfilter/arp_tables.c
 +++ b/net/ipv4/netfilter/arp_tables.c
-@@ -437,6 +437,10 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
+@@ -376,6 +376,10 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
  
  				/* Move along one */
  				size = e->next_offset;
@@ -41,25 +42,10 @@ index b488cac..5a0b591 100644
 +
  				e = (struct arpt_entry *)
  					(entry0 + pos + size);
- 				e->counters.pcnt = pos;
-@@ -447,14 +451,6 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
- 				if (strcmp(t->target.u.user.name,
- 					   XT_STANDARD_TARGET) == 0 &&
- 				    newpos >= 0) {
--					if (newpos > newinfo->size -
--						sizeof(struct arpt_entry)) {
--						duprintf("mark_source_chains: "
--							"bad verdict (%i)\n",
--								newpos);
--						return 0;
--					}
--
- 					/* This a jump; chase it. */
- 					duprintf("Jump rule %u -> %u\n",
- 						 pos, newpos);
-@@ -462,6 +458,10 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
- 					/* ... this is a fallthru */
- 					newpos = pos + e->next_offset;
+ 				if (pos + size >= newinfo->size)
+@@ -399,6 +403,10 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
+ 					if (newpos >= newinfo->size)
+ 						return 0;
  				}
 +
 +				if (newpos > newinfo->size - sizeof(*e))
@@ -69,10 +55,10 @@ index b488cac..5a0b591 100644
  					(entry0 + newpos);
  				e->counters.pcnt = pos;
 diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
-index b99affa..ceb995f 100644
+index 54906e0..7530ecd 100644
 --- a/net/ipv4/netfilter/ip_tables.c
 +++ b/net/ipv4/netfilter/ip_tables.c
-@@ -519,6 +519,10 @@ mark_source_chains(const struct xt_table_info *newinfo,
+@@ -447,6 +447,10 @@ mark_source_chains(const struct xt_table_info *newinfo,
  
  				/* Move along one */
  				size = e->next_offset;
@@ -82,24 +68,10 @@ index b99affa..ceb995f 100644
 +
  				e = (struct ipt_entry *)
  					(entry0 + pos + size);
- 				e->counters.pcnt = pos;
-@@ -529,13 +533,6 @@ mark_source_chains(const struct xt_table_info *newinfo,
- 				if (strcmp(t->target.u.user.name,
- 					   XT_STANDARD_TARGET) == 0 &&
- 				    newpos >= 0) {
--					if (newpos > newinfo->size -
--						sizeof(struct ipt_entry)) {
--						duprintf("mark_source_chains: "
--							"bad verdict (%i)\n",
--								newpos);
--						return 0;
--					}
- 					/* This a jump; chase it. */
- 					duprintf("Jump rule %u -> %u\n",
- 						 pos, newpos);
-@@ -543,6 +540,10 @@ mark_source_chains(const struct xt_table_info *newinfo,
- 					/* ... this is a fallthru */
- 					newpos = pos + e->next_offset;
+ 				if (pos + size >= newinfo->size)
+@@ -470,6 +474,10 @@ mark_source_chains(const struct xt_table_info *newinfo,
+ 					if (newpos >= newinfo->size)
+ 						return 0;
  				}
 +
 +				if (newpos > newinfo->size - sizeof(*e))
@@ -109,10 +81,10 @@ index b99affa..ceb995f 100644
  					(entry0 + newpos);
  				e->counters.pcnt = pos;
 diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
-index 99425cf..d88a794 100644
+index 63e06c3..894da69 100644
 --- a/net/ipv6/netfilter/ip6_tables.c
 +++ b/net/ipv6/netfilter/ip6_tables.c
-@@ -531,6 +531,8 @@ mark_source_chains(const struct xt_table_info *newinfo,
+@@ -474,6 +474,8 @@ mark_source_chains(const struct xt_table_info *newinfo,
  
  				/* Move along one */
  				size = e->next_offset;
@@ -120,24 +92,10 @@ index 99425cf..d88a794 100644
 +					return 0;
  				e = (struct ip6t_entry *)
  					(entry0 + pos + size);
- 				e->counters.pcnt = pos;
-@@ -541,13 +543,6 @@ mark_source_chains(const struct xt_table_info *newinfo,
- 				if (strcmp(t->target.u.user.name,
- 					   XT_STANDARD_TARGET) == 0 &&
- 				    newpos >= 0) {
--					if (newpos > newinfo->size -
--						sizeof(struct ip6t_entry)) {
--						duprintf("mark_source_chains: "
--							"bad verdict (%i)\n",
--								newpos);
--						return 0;
--					}
- 					/* This a jump; chase it. */
- 					duprintf("Jump rule %u -> %u\n",
- 						 pos, newpos);
-@@ -555,6 +550,10 @@ mark_source_chains(const struct xt_table_info *newinfo,
- 					/* ... this is a fallthru */
- 					newpos = pos + e->next_offset;
+ 				if (pos + size >= newinfo->size)
+@@ -497,6 +499,10 @@ mark_source_chains(const struct xt_table_info *newinfo,
+ 					if (newpos >= newinfo->size)
+ 						return 0;
  				}
 +
 +				if (newpos > newinfo->size - sizeof(*e))
@@ -147,4 +105,5 @@ index 99425cf..d88a794 100644
  					(entry0 + newpos);
  				e->counters.pcnt = pos;
 -- 
-2.4.10
+2.5.5
+
diff --git a/sources b/sources
index 44f0cb49c..aba95baad 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
 d2927020e24a76da4ab482a8bc3e9ef3  linux-4.6.tar.xz
 fd23b14b9d474c3dfacb6e8ee82d3a51  perf-man-4.6.tar.gz
-b4e91b6e98c1688667b509dc14edbbcd  patch-4.6-git2.xz
+a3fb92fb10d4f6c55784379085f5fbad  patch-4.6-git3.xz
author	Laura Abbott <labbott@fedoraproject.org>	2016-05-18 08:28:46 -0700
committer	Laura Abbott <labbott@fedoraproject.org>	2016-05-18 08:32:30 -0700
commit	af495309bb553b4659f08470ac94fedf74b3845a (patch)
tree	f540f17c8dea7042a98db7f6b1d6729817829d27
parent	3856ef7eb1db56671e00a069af6c0614c6b21c7f (diff)
download	kernel-af495309bb553b4659f08470ac94fedf74b3845a.tar.gz kernel-af495309bb553b4659f08470ac94fedf74b3845a.tar.xz kernel-af495309bb553b4659f08470ac94fedf74b3845a.zip