Merge remote-tracking branch 'origin/f24' into f24-user-thl-vanilla-fedorakernel-4.8.10-200.vanilla.knurd.1.fc24

4 files changed, 5 insertions, 162 deletions

diff --git a/0001-cpupower-Correct-return-type-of-cpu_power_is_cpu_onl.patch b/0001-cpupower-Correct-return-type-of-cpu_power_is_cpu_onl.patch
deleted file mode 100644
index 05b8cf999..000000000
--- a/0001-cpupower-Correct-return-type-of-cpu_power_is_cpu_onl.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 9f692cbe4a01dd9e3c3e954ec6b59662b68f9ce4 Mon Sep 17 00:00:00 2001
-From: Laura Abbott <labbott@redhat.com>
-Date: Fri, 9 Sep 2016 10:19:02 -0700
-Subject: [PATCH] cpupower: Correct return type of cpu_power_is_cpu_online in
- cpufreq
-To: Thomas Renninger <trenn@suse.com>
-Cc: linux-pm@vger.kernel.org
-Cc: linux-kernel@vger.kernel.org
-
-When converting to a shared library in ac5a181d065d ("cpupower: Add
-cpuidle parts into library"), cpu_freq_cpu_exists was converted to
-cpupower_is_cpu_online. cpu_req_cpu_exists returned 0 on success and
--ENOSYS on failure whereas cpupower_is_cpu_online returns 1 on success.
-Check for the correct return value in cpufreq-set.
-
-See https://bugzilla.redhat.com/show_bug.cgi?id=1374212
-
-Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library")
-Reported-by: Julian Seward <jseward@acm.org>
-Signed-off-by: Laura Abbott <labbott@redhat.com>
----
- tools/power/cpupower/utils/cpufreq-set.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/tools/power/cpupower/utils/cpufreq-set.c b/tools/power/cpupower/utils/cpufreq-set.c
-index b4bf769..8971d71 100644
---- a/tools/power/cpupower/utils/cpufreq-set.c
-+++ b/tools/power/cpupower/utils/cpufreq-set.c
-@@ -296,7 +296,7 @@ int cmd_freq_set(int argc, char **argv)
- 			struct cpufreq_affected_cpus *cpus;
- 
- 			if (!bitmask_isbitset(cpus_chosen, cpu) ||
--			    cpupower_is_cpu_online(cpu))
-+			    cpupower_is_cpu_online(cpu) != 1)
- 				continue;
- 
- 			cpus = cpufreq_get_related_cpus(cpu);
-@@ -316,7 +316,7 @@ int cmd_freq_set(int argc, char **argv)
- 	     cpu <= bitmask_last(cpus_chosen); cpu++) {
- 
- 		if (!bitmask_isbitset(cpus_chosen, cpu) ||
--		    cpupower_is_cpu_online(cpu))
-+		    cpupower_is_cpu_online(cpu) != 1)
- 			continue;
- 
- 		if (cpupower_is_cpu_online(cpu) != 1)
--- 
-2.10.0
-
diff --git a/0001-tcp-take-care-of-truncations-done-by-sk_filter.patch b/0001-tcp-take-care-of-truncations-done-by-sk_filter.patch
deleted file mode 100644
index 1c9b2f022..000000000
--- a/0001-tcp-take-care-of-truncations-done-by-sk_filter.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-From ac6e780070e30e4c35bd395acfe9191e6268bdd3 Mon Sep 17 00:00:00 2001
-From: Eric Dumazet <edumazet@google.com>
-Date: Thu, 10 Nov 2016 13:12:35 -0800
-Subject: [PATCH] tcp: take care of truncations done by sk_filter()
-
-With syzkaller help, Marco Grassi found a bug in TCP stack,
-crashing in tcp_collapse()
-
-Root cause is that sk_filter() can truncate the incoming skb,
-but TCP stack was not really expecting this to happen.
-It probably was expecting a simple DROP or ACCEPT behavior.
-
-We first need to make sure no part of TCP header could be removed.
-Then we need to adjust TCP_SKB_CB(skb)->end_seq
-
-Many thanks to syzkaller team and Marco for giving us a reproducer.
-
-Signed-off-by: Eric Dumazet <edumazet@google.com>
-Reported-by: Marco Grassi <marco.gra@gmail.com>
-Reported-by: Vladis Dronov <vdronov@redhat.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- include/net/tcp.h   |  1 +
- net/ipv4/tcp_ipv4.c | 19 ++++++++++++++++++-
- net/ipv6/tcp_ipv6.c |  6 ++++--
- 3 files changed, 23 insertions(+), 3 deletions(-)
-
-diff --git a/include/net/tcp.h b/include/net/tcp.h
-index 304a8e1..123979f 100644
---- a/include/net/tcp.h
-+++ b/include/net/tcp.h
-@@ -1220,6 +1220,7 @@ static inline void tcp_prequeue_init(struct tcp_sock *tp)
- }
-
- bool tcp_prequeue(struct sock *sk, struct sk_buff *skb);
-+int tcp_filter(struct sock *sk, struct sk_buff *skb);
-
- #undef STATE_TRACE
-
-diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
-index 61b7be3..2259114 100644
---- a/net/ipv4/tcp_ipv4.c
-+++ b/net/ipv4/tcp_ipv4.c
-@@ -1564,6 +1564,21 @@ bool tcp_add_backlog(struct sock *sk, struct sk_buff *skb)
- }
- EXPORT_SYMBOL(tcp_prequeue);
-
-+int tcp_filter(struct sock *sk, struct sk_buff *skb)
-+{
-+	struct tcphdr *th = (struct tcphdr *)skb->data;
-+	unsigned int eaten = skb->len;
-+	int err;
-+
-+	err = sk_filter_trim_cap(sk, skb, th->doff * 4);
-+	if (!err) {
-+		eaten -= skb->len;
-+		TCP_SKB_CB(skb)->end_seq -= eaten;
-+	}
-+	return err;
-+}
-+EXPORT_SYMBOL(tcp_filter);
-+
- /*
-  *	From tcp_input.c
-  */
-@@ -1676,8 +1691,10 @@ int tcp_v4_rcv(struct sk_buff *skb)
-
- 	nf_reset(skb);
-
--	if (sk_filter(sk, skb))
-+	if (tcp_filter(sk, skb))
- 		goto discard_and_relse;
-+	th = (const struct tcphdr *)skb->data;
-+	iph = ip_hdr(skb);
-
- 	skb->dev = NULL;
-
-diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
-index 6ca23c2..b9f1fee 100644
---- a/net/ipv6/tcp_ipv6.c
-+++ b/net/ipv6/tcp_ipv6.c
-@@ -1229,7 +1229,7 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
- 	if (skb->protocol == htons(ETH_P_IP))
- 		return tcp_v4_do_rcv(sk, skb);
-
--	if (sk_filter(sk, skb))
-+	if (tcp_filter(sk, skb))
- 		goto discard;
-
- 	/*
-@@ -1457,8 +1457,10 @@ static int tcp_v6_rcv(struct sk_buff *skb)
- 	if (tcp_v6_inbound_md5_hash(sk, skb))
- 		goto discard_and_relse;
-
--	if (sk_filter(sk, skb))
-+	if (tcp_filter(sk, skb))
- 		goto discard_and_relse;
-+	th = (const struct tcphdr *)skb->data;
-+	hdr = ipv6_hdr(skb);
-
- 	skb->dev = NULL;
-
--- 
-2.7.4
-
diff --git a/kernel.spec b/kernel.spec
index 20d1fb396..2c3e437ea 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -59,7 +59,7 @@ Summary: The Linux kernel
 
 
 # Do we have a -stable update to apply?
-%define stable_update 8
+%define stable_update 10
 # Set rpm version accordingly
 %if 0%{?stable_update}
 %define stablerev %{stable_update}
@@ -638,9 +638,6 @@ Patch846: security-selinux-overlayfs-support.patch
 #rhbz 1360688
 Patch847: rc-core-fix-repeat-events.patch
 
-#rhbz 1374212
-Patch848: 0001-cpupower-Correct-return-type-of-cpu_power_is_cpu_onl.patch
-
 #ongoing complaint, full discussion delayed until ksummit/plumbers
 Patch849: 0001-iio-Use-event-header-from-kernel-tree.patch
 
@@ -659,9 +656,6 @@ Patch854: nouveau-add-maxwell-to-backlight-init.patch
 #rhbz 1385823
 Patch855: 0001-platform-x86-ideapad-laptop-Add-Lenovo-Yoga-910-13IK.patch
 
-#CVE-2016-8645 rhbz 1393904 1393908
-Patch856: 0001-tcp-take-care-of-truncations-done-by-sk_filter.patch
-
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -2192,6 +2186,9 @@ fi
 #
 # 
 %changelog
+* Mon Nov 21 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.8.10-200
+- Linux v4.8.10
+
 * Tue Nov 15 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.8.8-200
 - Linux v4.8.8
 - Fix crash in tcp_collapse CVE-2016-8645 (rhbz 1393904 1393908)
diff --git a/sources b/sources
index 0da55e4e1..7e081ec62 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
 c1af0afbd3df35c1ccdc7a5118cd2d07  linux-4.8.tar.xz
 0dad03f586e835d538d3e0d2cbdb9a28  perf-man-4.8.tar.gz
-38e85040e09193251766975d6fd30d08  patch-4.8.8.xz
+37eadcdaefae51ced736747cb817aa58  patch-4.8.10.xz