diff options
author | Thorsten Leemhuis <fedora@leemhuis.info> | 2016-11-21 19:01:13 +0100 |
---|---|---|
committer | Thorsten Leemhuis <fedora@leemhuis.info> | 2016-11-21 19:01:13 +0100 |
commit | 4b777dcdeb728d3950fe02c15f7c8ee980b9b504 (patch) | |
tree | 38b6350b9d10515ffd9ee53955e1934d70de2bfd | |
parent | f26355ef26e794d6e53cf0ad0e8d5aab59f81d44 (diff) | |
parent | a6b7927cc3de55d346e7d193dde1b00db775a0fa (diff) | |
download | kernel-4.8.10-200.vanilla.knurd.1.fc24.tar.gz kernel-4.8.10-200.vanilla.knurd.1.fc24.tar.xz kernel-4.8.10-200.vanilla.knurd.1.fc24.zip |
Merge remote-tracking branch 'origin/f24' into f24-user-thl-vanilla-fedorakernel-4.8.10-200.vanilla.knurd.1.fc24
-rw-r--r-- | 0001-cpupower-Correct-return-type-of-cpu_power_is_cpu_onl.patch | 49 | ||||
-rw-r--r-- | 0001-tcp-take-care-of-truncations-done-by-sk_filter.patch | 105 | ||||
-rw-r--r-- | kernel.spec | 11 | ||||
-rw-r--r-- | sources | 2 |
4 files changed, 5 insertions, 162 deletions
diff --git a/0001-cpupower-Correct-return-type-of-cpu_power_is_cpu_onl.patch b/0001-cpupower-Correct-return-type-of-cpu_power_is_cpu_onl.patch deleted file mode 100644 index 05b8cf999..000000000 --- a/0001-cpupower-Correct-return-type-of-cpu_power_is_cpu_onl.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 9f692cbe4a01dd9e3c3e954ec6b59662b68f9ce4 Mon Sep 17 00:00:00 2001 -From: Laura Abbott <labbott@redhat.com> -Date: Fri, 9 Sep 2016 10:19:02 -0700 -Subject: [PATCH] cpupower: Correct return type of cpu_power_is_cpu_online in - cpufreq -To: Thomas Renninger <trenn@suse.com> -Cc: linux-pm@vger.kernel.org -Cc: linux-kernel@vger.kernel.org - -When converting to a shared library in ac5a181d065d ("cpupower: Add -cpuidle parts into library"), cpu_freq_cpu_exists was converted to -cpupower_is_cpu_online. cpu_req_cpu_exists returned 0 on success and --ENOSYS on failure whereas cpupower_is_cpu_online returns 1 on success. -Check for the correct return value in cpufreq-set. - -See https://bugzilla.redhat.com/show_bug.cgi?id=1374212 - -Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library") -Reported-by: Julian Seward <jseward@acm.org> -Signed-off-by: Laura Abbott <labbott@redhat.com> ---- - tools/power/cpupower/utils/cpufreq-set.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tools/power/cpupower/utils/cpufreq-set.c b/tools/power/cpupower/utils/cpufreq-set.c -index b4bf769..8971d71 100644 ---- a/tools/power/cpupower/utils/cpufreq-set.c -+++ b/tools/power/cpupower/utils/cpufreq-set.c -@@ -296,7 +296,7 @@ int cmd_freq_set(int argc, char **argv) - struct cpufreq_affected_cpus *cpus; - - if (!bitmask_isbitset(cpus_chosen, cpu) || -- cpupower_is_cpu_online(cpu)) -+ cpupower_is_cpu_online(cpu) != 1) - continue; - - cpus = cpufreq_get_related_cpus(cpu); -@@ -316,7 +316,7 @@ int cmd_freq_set(int argc, char **argv) - cpu <= bitmask_last(cpus_chosen); cpu++) { - - if (!bitmask_isbitset(cpus_chosen, cpu) || -- cpupower_is_cpu_online(cpu)) -+ cpupower_is_cpu_online(cpu) != 1) - continue; - - if (cpupower_is_cpu_online(cpu) != 1) --- -2.10.0 - diff --git a/0001-tcp-take-care-of-truncations-done-by-sk_filter.patch b/0001-tcp-take-care-of-truncations-done-by-sk_filter.patch deleted file mode 100644 index 1c9b2f022..000000000 --- a/0001-tcp-take-care-of-truncations-done-by-sk_filter.patch +++ /dev/null @@ -1,105 +0,0 @@ -From ac6e780070e30e4c35bd395acfe9191e6268bdd3 Mon Sep 17 00:00:00 2001 -From: Eric Dumazet <edumazet@google.com> -Date: Thu, 10 Nov 2016 13:12:35 -0800 -Subject: [PATCH] tcp: take care of truncations done by sk_filter() - -With syzkaller help, Marco Grassi found a bug in TCP stack, -crashing in tcp_collapse() - -Root cause is that sk_filter() can truncate the incoming skb, -but TCP stack was not really expecting this to happen. -It probably was expecting a simple DROP or ACCEPT behavior. - -We first need to make sure no part of TCP header could be removed. -Then we need to adjust TCP_SKB_CB(skb)->end_seq - -Many thanks to syzkaller team and Marco for giving us a reproducer. - -Signed-off-by: Eric Dumazet <edumazet@google.com> -Reported-by: Marco Grassi <marco.gra@gmail.com> -Reported-by: Vladis Dronov <vdronov@redhat.com> -Signed-off-by: David S. Miller <davem@davemloft.net> ---- - include/net/tcp.h | 1 + - net/ipv4/tcp_ipv4.c | 19 ++++++++++++++++++- - net/ipv6/tcp_ipv6.c | 6 ++++-- - 3 files changed, 23 insertions(+), 3 deletions(-) - -diff --git a/include/net/tcp.h b/include/net/tcp.h -index 304a8e1..123979f 100644 ---- a/include/net/tcp.h -+++ b/include/net/tcp.h -@@ -1220,6 +1220,7 @@ static inline void tcp_prequeue_init(struct tcp_sock *tp) - } - - bool tcp_prequeue(struct sock *sk, struct sk_buff *skb); -+int tcp_filter(struct sock *sk, struct sk_buff *skb); - - #undef STATE_TRACE - -diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index 61b7be3..2259114 100644 ---- a/net/ipv4/tcp_ipv4.c -+++ b/net/ipv4/tcp_ipv4.c -@@ -1564,6 +1564,21 @@ bool tcp_add_backlog(struct sock *sk, struct sk_buff *skb) - } - EXPORT_SYMBOL(tcp_prequeue); - -+int tcp_filter(struct sock *sk, struct sk_buff *skb) -+{ -+ struct tcphdr *th = (struct tcphdr *)skb->data; -+ unsigned int eaten = skb->len; -+ int err; -+ -+ err = sk_filter_trim_cap(sk, skb, th->doff * 4); -+ if (!err) { -+ eaten -= skb->len; -+ TCP_SKB_CB(skb)->end_seq -= eaten; -+ } -+ return err; -+} -+EXPORT_SYMBOL(tcp_filter); -+ - /* - * From tcp_input.c - */ -@@ -1676,8 +1691,10 @@ int tcp_v4_rcv(struct sk_buff *skb) - - nf_reset(skb); - -- if (sk_filter(sk, skb)) -+ if (tcp_filter(sk, skb)) - goto discard_and_relse; -+ th = (const struct tcphdr *)skb->data; -+ iph = ip_hdr(skb); - - skb->dev = NULL; - -diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 6ca23c2..b9f1fee 100644 ---- a/net/ipv6/tcp_ipv6.c -+++ b/net/ipv6/tcp_ipv6.c -@@ -1229,7 +1229,7 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) - if (skb->protocol == htons(ETH_P_IP)) - return tcp_v4_do_rcv(sk, skb); - -- if (sk_filter(sk, skb)) -+ if (tcp_filter(sk, skb)) - goto discard; - - /* -@@ -1457,8 +1457,10 @@ static int tcp_v6_rcv(struct sk_buff *skb) - if (tcp_v6_inbound_md5_hash(sk, skb)) - goto discard_and_relse; - -- if (sk_filter(sk, skb)) -+ if (tcp_filter(sk, skb)) - goto discard_and_relse; -+ th = (const struct tcphdr *)skb->data; -+ hdr = ipv6_hdr(skb); - - skb->dev = NULL; - --- -2.7.4 - diff --git a/kernel.spec b/kernel.spec index 20d1fb396..2c3e437ea 100644 --- a/kernel.spec +++ b/kernel.spec @@ -59,7 +59,7 @@ Summary: The Linux kernel # Do we have a -stable update to apply? -%define stable_update 8 +%define stable_update 10 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -638,9 +638,6 @@ Patch846: security-selinux-overlayfs-support.patch #rhbz 1360688 Patch847: rc-core-fix-repeat-events.patch -#rhbz 1374212 -Patch848: 0001-cpupower-Correct-return-type-of-cpu_power_is_cpu_onl.patch - #ongoing complaint, full discussion delayed until ksummit/plumbers Patch849: 0001-iio-Use-event-header-from-kernel-tree.patch @@ -659,9 +656,6 @@ Patch854: nouveau-add-maxwell-to-backlight-init.patch #rhbz 1385823 Patch855: 0001-platform-x86-ideapad-laptop-Add-Lenovo-Yoga-910-13IK.patch -#CVE-2016-8645 rhbz 1393904 1393908 -Patch856: 0001-tcp-take-care-of-truncations-done-by-sk_filter.patch - # END OF PATCH DEFINITIONS %endif @@ -2192,6 +2186,9 @@ fi # # %changelog +* Mon Nov 21 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.8.10-200 +- Linux v4.8.10 + * Tue Nov 15 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.8.8-200 - Linux v4.8.8 - Fix crash in tcp_collapse CVE-2016-8645 (rhbz 1393904 1393908) @@ -1,3 +1,3 @@ c1af0afbd3df35c1ccdc7a5118cd2d07 linux-4.8.tar.xz 0dad03f586e835d538d3e0d2cbdb9a28 perf-man-4.8.tar.gz -38e85040e09193251766975d6fd30d08 patch-4.8.8.xz +37eadcdaefae51ced736747cb817aa58 patch-4.8.10.xz |