Linux v5.5.7

4 files changed, 6 insertions, 141 deletions

diff --git a/0001-ASoC-SOF-Intel-hda-Add-iDisp4-DAI.patch b/0001-ASoC-SOF-Intel-hda-Add-iDisp4-DAI.patch
deleted file mode 100644
index e15ad5d75..000000000
--- a/0001-ASoC-SOF-Intel-hda-Add-iDisp4-DAI.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From e68d6696575e1af3f92125e842f2853708f34589 Mon Sep 17 00:00:00 2001
-From: Sathyanarayana Nujella <sathyanarayana.nujella@intel.com>
-Date: Fri, 20 Dec 2019 11:10:36 -0600
-Subject: [PATCH resend] ASoC: SOF: Intel: hda: Add iDisp4 DAI
-
-TGL supports more than three iDisp DAI's.
-Add support for iDisp4 CPU DAI.
-
-Without this patch, we saw the below error on our TGL DUT:
-   sof_rt5682 tgl_max98357a_rt5682: ASoC: CPU DAI iDisp4 Pin not registered
-
-Signed-off-by: Sathyanarayana Nujella <sathyanarayana.nujella@intel.com>
-Signed-off-by: Jairaj Arava <jairaj.arava@intel.com>
-Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
-Link: https://lore.kernel.org/r/20191220171037.10689-2-pierre-louis.bossart@linux.intel.com
-Signed-off-by: Mark Brown <broonie@kernel.org>
----
- sound/soc/sof/intel/hda-dai.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/sound/soc/sof/intel/hda-dai.c b/sound/soc/sof/intel/hda-dai.c
-index 2d9ac0035bd2..638812a41328 100644
---- a/sound/soc/sof/intel/hda-dai.c
-+++ b/sound/soc/sof/intel/hda-dai.c
-@@ -440,6 +440,10 @@ struct snd_soc_dai_driver skl_dai[] = {
- 	.name = "iDisp3 Pin",
- 	.ops = &hda_link_dai_ops,
- },
-+{
-+	.name = "iDisp4 Pin",
-+	.ops = &hda_link_dai_ops,
-+},
- {
- 	.name = "Analog CPU DAI",
- 	.ops = &hda_link_dai_ops,
--- 
-2.25.1
-
diff --git a/0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch b/0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch
deleted file mode 100644
index 6f3bd3c72..000000000
--- a/0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From a34309d16f41c48ffd90e56a6f865d6a1a8c49f0 Mon Sep 17 00:00:00 2001
-From: Catalin Marinas <catalin.marinas@arm.com>
-Date: Wed, 19 Feb 2020 12:31:56 +0000
-Subject: [PATCH] mm: Avoid creating virtual address aliases in
- brk()/mmap()/mremap()
-
-Currently the arm64 kernel ignores the top address byte passed to brk(),
-mmap() and mremap(). When the user is not aware of the 56-bit address
-limit or relies on the kernel to return an error, untagging such
-pointers has the potential to create address aliases in user-space.
-Passing a tagged address to munmap(), madvise() is permitted since the
-tagged pointer is expected to be inside an existing mapping.
-
-The current behaviour breaks the existing glibc malloc() implementation
-which relies on brk() with an address beyond 56-bit to be rejected by
-the kernel.
-
-Remove untagging in the above functions by partially reverting commit
-ce18d171cb73 ("mm: untag user pointers in mmap/munmap/mremap/brk"). In
-addition, update the arm64 tagged-address-abi.rst document accordingly.
-
-Link: https://bugzilla.redhat.com/1797052
-Fixes: ce18d171cb73 ("mm: untag user pointers in mmap/munmap/mremap/brk")
-Cc: <stable@vger.kernel.org> # 5.4.x-
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Florian Weimer <fweimer@redhat.com>
-Reported-by: Victor Stinner <vstinner@redhat.com>
-Acked-by: Will Deacon <will@kernel.org>
-Acked-by: Andrey Konovalov <andreyknvl@google.com>
-Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
----
- Documentation/arm64/tagged-address-abi.rst | 11 +++++++++--
- mm/mmap.c                                  |  4 ----
- mm/mremap.c                                |  1 -
- 3 files changed, 9 insertions(+), 7 deletions(-)
-
-diff --git a/Documentation/arm64/tagged-address-abi.rst b/Documentation/arm64/tagged-address-abi.rst
-index d4a85d535bf9..f6289116893c 100644
---- a/Documentation/arm64/tagged-address-abi.rst
-+++ b/Documentation/arm64/tagged-address-abi.rst
-@@ -44,8 +44,15 @@ The AArch64 Tagged Address ABI has two stages of relaxation depending
- how the user addresses are used by the kernel:
- 
- 1. User addresses not accessed by the kernel but used for address space
--   management (e.g. ``mmap()``, ``mprotect()``, ``madvise()``). The use
--   of valid tagged pointers in this context is always allowed.
-+   management (e.g. ``mprotect()``, ``madvise()``). The use of valid
-+   tagged pointers in this context is allowed with the exception of
-+   ``brk()``, ``mmap()`` and the ``new_address`` argument to
-+   ``mremap()`` as these have the potential of aliasing with existing
-+   user addresses.
-+
-+   NOTE: This behaviour changed in v5.6 and so some earlier kernels may
-+   incorrectly accept valid tagged pointers for the ``brk()``,
-+   ``mmap()`` and ``mremap()`` system calls.
- 
- 2. User addresses accessed by the kernel (e.g. ``write()``). This ABI
-    relaxation is disabled by default and the application thread needs to
-diff --git a/mm/mmap.c b/mm/mmap.c
-index 4390dbea4aa5..514cc19c5916 100644
---- a/mm/mmap.c
-+++ b/mm/mmap.c
-@@ -195,8 +195,6 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
- 	bool downgraded = false;
- 	LIST_HEAD(uf);
- 
--	brk = untagged_addr(brk);
--
- 	if (down_write_killable(&mm->mmap_sem))
- 		return -EINTR;
- 
-@@ -1583,8 +1581,6 @@ unsigned long ksys_mmap_pgoff(unsigned long addr, unsigned long len,
- 	struct file *file = NULL;
- 	unsigned long retval;
- 
--	addr = untagged_addr(addr);
--
- 	if (!(flags & MAP_ANONYMOUS)) {
- 		audit_mmap_fd(fd, flags);
- 		file = fget(fd);
-diff --git a/mm/mremap.c b/mm/mremap.c
-index 1fc8a29fbe3f..1d98281f7204 100644
---- a/mm/mremap.c
-+++ b/mm/mremap.c
-@@ -607,7 +607,6 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
- 	LIST_HEAD(uf_unmap);
- 
- 	addr = untagged_addr(addr);
--	new_addr = untagged_addr(new_addr);
- 
- 	if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE))
- 		return ret;
--- 
-2.24.1
-
diff --git a/kernel.spec b/kernel.spec
index 439e2331c..1b65193c6 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -56,7 +56,7 @@ Summary: The Linux kernel
 %if 0%{?released_kernel}
 
 # Do we have a -stable update to apply?
-%define stable_update 6
+%define stable_update 7
 # Set rpm version accordingly
 %if 0%{?stable_update}
 %define stablerev %{stable_update}
@@ -563,9 +563,6 @@ Patch505: ARM-fix-__get_user_check-in-case-uaccess_-calls-are-not-inlined.patch
 # ALSA code from v5.6 (Intel ASoC Sound Open Firmware driver support)
 Patch506: alsa-5.6.patch
 
-# rhbz 1797052
-Patch507: 0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch
-
 # i915 "critical" patch from upstream
 Patch508: 0001-drm-i915-Serialise-i915_active_acquire-with-__active.patch
 
@@ -575,9 +572,6 @@ Patch510: 0001-fs-Add-VirtualBox-guest-shared-folder-vboxsf-support.patch
 # rhbz 1800335
 Patch511: v2_20200128_dmoulding_me_com.patch
 
-# Fix 5.5.6 sof_hda regression (rhbz#1772498)
-Patch512: 0001-ASoC-SOF-Intel-hda-Add-iDisp4-DAI.patch
-
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1818,6 +1812,10 @@ fi
 #
 #
 %changelog
+* Fri Feb 28 2020 Justin M. Forbes <jforbes@fedoraproject.org> - 5.5.7-100
+- Linux v5.5.7
+- Fixes CVE-2020-2732 (rhbz 1805135 1806816)
+
 * Thu Feb 27 2020 Hans de Goede <hdegoede@redhat.com>
 - Fix 5.5.6 sof_hda regression (rhbz 1772498)
 
diff --git a/sources b/sources
index 9666a861c..f3efe913a 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 SHA512 (linux-5.5.tar.xz) = fa74fdabb5e63384a39e54da05b86a9ae9ea16179524b041fbbdffc7177e80b53600ae98d76be127ba216148f9dc55fe07ab20637e22c6d6030cb4aa09eb2f86
-SHA512 (patch-5.5.6.xz) = 4346b84f3dd748e09bd33586825ced2c66b36411005b7fa7e05f72c07ab17c2005d6d849eb4cd7e57d63052c7139473380a3b41baee94e44da492ca8495ac79c
+SHA512 (patch-5.5.7.xz) = 4c06199f301f6bab9555eec1b1b7bb5bbe3cb6400a74280bcd18888ea6548148d92730bb194447164a3d956ccc91081a238768e2bf99dfd44e77edc904ef7391