Update to 4.5.5
Drop changes that were applied upstream. Fix/ignore ABI changes.
This commit is contained in:
parent
b88823f96b
commit
327c921aa7
|
@ -1,4 +1,91 @@
|
|||
linux (4.5.4-2) UNRELEASED; urgency=medium
|
||||
linux (4.5.5-1) UNRELEASED; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
|
||||
- decnet: Do not build routes to devices without decnet private data.
|
||||
- route: do not cache fib route info on local routes with oif
|
||||
- packet: fix heap info leak in PACKET_DIAG_MCLIST sock_diag interface
|
||||
- net: sched: do not requeue a NULL skb
|
||||
- bpf/verifier: reject invalid LD_ABS | BPF_DW instruction
|
||||
- cdc_mbim: apply "NDP to end" quirk to all Huawei devices
|
||||
- soreuseport: fix ordering for mixed v4/v6 sockets
|
||||
- net: use skb_postpush_rcsum instead of own implementations
|
||||
- vlan: pull on __vlan_insert_tag error path and fix csum correction
|
||||
- openvswitch: Orphan skbs before IPv6 defrag
|
||||
- openvswitch: use flow protocol when recalculating ipv6 checksums
|
||||
- net/mlx5_core: Fix soft lockup in steering error flow
|
||||
- net/mlx5e: Device's mtu field is u16 and not int
|
||||
- net/mlx5e: Fix minimum MTU
|
||||
- net/mlx5e: Use vport MTU rather than physical port MTU
|
||||
- ipv4/fib: don't warn when primary address is missing if in_dev is dead
|
||||
- net/mlx4_en: fix spurious timestamping callbacks
|
||||
- net: Implement net_dbg_ratelimited() for CONFIG_DYNAMIC_DEBUG case
|
||||
- gre: do not pull header in ICMP error processing
|
||||
- net_sched: introduce qdisc_replace() helper
|
||||
- net_sched: update hierarchical backlog too
|
||||
- sch_htb: update backlog as well
|
||||
- sch_dsmark: update backlog as well
|
||||
- netem: Segment GSO packets on enqueue
|
||||
- ipv6/ila: fix nlsize calculation for lwtunnel
|
||||
- net/mlx4_en: Fix endianness bug in IPV6 csum calculation
|
||||
- [x86] VSOCK: do not disconnect socket when peer has shutdown SEND only
|
||||
- net: bridge: fix old ioctl unlocked net device walk
|
||||
- bridge: fix igmp / mld query parsing
|
||||
- net: fix a kernel infoleak in x25 module
|
||||
- net: thunderx: avoid exposing kernel stack
|
||||
- tcp: refresh skb timestamp at retransmit time
|
||||
- net/route: enforce hoplimit max value
|
||||
- ocfs2: revert using ocfs2_acl_chmod to avoid inode cluster lock hang
|
||||
- ocfs2: fix posix_acl_create deadlock
|
||||
- zsmalloc: fix zs_can_compact() integer overflow
|
||||
- mm: thp: calculate the mapcount correctly for THP pages during WP faults
|
||||
- [x86] crypto: qat - fix invalid pf2vf_resp_wq logic
|
||||
- crypto: testmgr - Use kmalloc memory for RSA input
|
||||
- ALSA: usb-audio: Quirk for yet another Phoenix Audio devices (v2)
|
||||
- ALSA: usb-audio: Yet another Phoneix Audio device quirk
|
||||
- ALSA: hda - Fix subwoofer pin on ASUS N751 and N551
|
||||
- ALSA: hda - Fix white noise on Asus UX501VW headset
|
||||
- ALSA: hda - Fix broken reconfig
|
||||
- [armhf] spi: spi-ti-qspi: Fix FLEN and WLEN settings if bits_per_word is
|
||||
overridden
|
||||
- [armhf] spi: spi-ti-qspi: Handle truncated frames properly
|
||||
- perf diff: Fix duplicated output column
|
||||
- perf/core: Disable the event on a truncated AUX record
|
||||
- vfs: rename: check backing inode being equal
|
||||
- workqueue: fix rebind bound workers warning
|
||||
- [armhf] regulator: s2mps11: Fix invalid selector mask and voltages
|
||||
for buck9
|
||||
- [armhf] regulator: axp20x: Fix axp22x ldo_io voltage ranges
|
||||
- atomic_open(): fix the handling of create_error
|
||||
- qla1280: Don't allocate 512kb of host tags
|
||||
- tools lib traceevent: Do not reassign parg after collapse_tree()
|
||||
- Revert "[media] videobuf2-v4l2: Verify planes array in buffer dequeueing"
|
||||
- [x86] drm/i915: Update CDCLK_FREQ register on BDW after changing cdclk
|
||||
frequency
|
||||
- drm/radeon: fix PLL sharing on DCE6.1 (v2)
|
||||
- [x86] drm/i915: Bail out of pipe config compute loop on LPT
|
||||
- [x86] Revert "drm/i915: start adding dp mst audio"
|
||||
- [x86] drm/i915/bdw: Add missing delay during L3 SQC credit programming
|
||||
- drm/radeon: fix DP link training issue with second 4K monitor
|
||||
- drm/radeon: fix DP mode validation
|
||||
- [x86] drm/amdgpu: fix DP mode validation
|
||||
- btrfs: reada: Fix in-segment calculation for reada
|
||||
- Btrfs: fix truncate_space_check
|
||||
- btrfs: remove error message from search ioctl for nonexistent tree
|
||||
- btrfs: change max_inline default to 2048
|
||||
- Btrfs: fix unreplayable log after snapshot delete + parent dir fsync
|
||||
- Btrfs: fix file loss on log replay after renaming a file and fsync
|
||||
- Btrfs: fix extent_same allowing destination offset beyond i_size
|
||||
- Btrfs: fix deadlock between direct IO reads and buffered writes
|
||||
- Btrfs: fix race when checking if we can skip fsync'ing an inode
|
||||
- Btrfs: do not collect ordered extents when logging that inode exists
|
||||
- btrfs: csum_tree_block: return proper errno value
|
||||
- btrfs: do not write corrupted metadata blocks to disk
|
||||
- Btrfs: fix invalid reference in replace_path
|
||||
- btrfs: handle non-fatal errors in btrfs_qgroup_inherit()
|
||||
- btrfs: fallback to vmalloc in btrfs_compare_tree
|
||||
- Btrfs: don't use src fd for printk
|
||||
- btrfs: Reset IO error counters before start of device replacing
|
||||
|
||||
[ Salvatore Bonaccorso ]
|
||||
* tipc: check nl sock before parsing nested attributes (CVE-2016-4951)
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
[abi]
|
||||
abiname: 2
|
||||
ignore-changes:
|
||||
module:drivers/net/ethernet/*
|
||||
module:sound/hda/*
|
||||
zpci_disable_device
|
||||
zpci_enable_device
|
||||
|
|
|
@ -1,37 +0,0 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Wed, 20 Apr 2016 23:23:08 +0100
|
||||
Subject: atl2: Disable unimplemented scatter/gather feature
|
||||
Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8
|
||||
|
||||
atl2 includes NETIF_F_SG in hw_features even though it has no support
|
||||
for non-linear skbs. This bug was originally harmless since the
|
||||
driver does not claim to implement checksum offload and that used to
|
||||
be a requirement for SG.
|
||||
|
||||
Now that SG and checksum offload are independent features, if you
|
||||
explicitly enable SG *and* use one of the rare protocols that can use
|
||||
SG without checkusm offload, this potentially leaks sensitive
|
||||
information (before you notice that it just isn't working). Therefore
|
||||
this obscure bug has been designated CVE-2016-2117.
|
||||
|
||||
Reported-by: Justin Yackoski <jyackoski@crypto-nite.com>
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
Fixes: ec5f06156423 ("net: Kill link between CSUM and SG features.")
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
drivers/net/ethernet/atheros/atlx/atl2.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/net/ethernet/atheros/atlx/atl2.c b/drivers/net/ethernet/atheros/atlx/atl2.c
|
||||
index 8f76f4558a88..2ff465848b65 100644
|
||||
--- a/drivers/net/ethernet/atheros/atlx/atl2.c
|
||||
+++ b/drivers/net/ethernet/atheros/atlx/atl2.c
|
||||
@@ -1412,7 +1412,7 @@ static int atl2_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
|
||||
|
||||
err = -EIO;
|
||||
|
||||
- netdev->hw_features = NETIF_F_SG | NETIF_F_HW_VLAN_CTAG_RX;
|
||||
+ netdev->hw_features = NETIF_F_HW_VLAN_CTAG_RX;
|
||||
netdev->features |= (NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_CTAG_RX);
|
||||
|
||||
/* Init PHY as early as possible due to power saving issue */
|
|
@ -1,94 +0,0 @@
|
|||
From: Alexei Starovoitov <ast@fb.com>
|
||||
Date: Wed, 27 Apr 2016 18:56:21 -0700
|
||||
Subject: [3/3] bpf: fix check_map_func_compatibility logic
|
||||
Origin: https://git.kernel.org/linus/6aff67c85c9e5a4bc99e5211c1bac547936626ca
|
||||
|
||||
The commit 35578d798400 ("bpf: Implement function bpf_perf_event_read() that get the selected hardware PMU conuter")
|
||||
introduced clever way to check bpf_helper<->map_type compatibility.
|
||||
Later on commit a43eec304259 ("bpf: introduce bpf_perf_event_output() helper") adjusted
|
||||
the logic and inadvertently broke it.
|
||||
Get rid of the clever bool compare and go back to two-way check
|
||||
from map and from helper perspective.
|
||||
|
||||
Fixes: a43eec304259 ("bpf: introduce bpf_perf_event_output() helper")
|
||||
Reported-by: Jann Horn <jannh@google.com>
|
||||
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
|
||||
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
[bwh: Backported to 4.5:
|
||||
- Drop the STACK_TRACE case
|
||||
- No verbose() logging]
|
||||
---
|
||||
--- a/kernel/bpf/verifier.c
|
||||
+++ b/kernel/bpf/verifier.c
|
||||
@@ -239,15 +239,6 @@ static const char * const reg_type_str[]
|
||||
[CONST_IMM] = "imm",
|
||||
};
|
||||
|
||||
-static const struct {
|
||||
- int map_type;
|
||||
- int func_id;
|
||||
-} func_limit[] = {
|
||||
- {BPF_MAP_TYPE_PROG_ARRAY, BPF_FUNC_tail_call},
|
||||
- {BPF_MAP_TYPE_PERF_EVENT_ARRAY, BPF_FUNC_perf_event_read},
|
||||
- {BPF_MAP_TYPE_PERF_EVENT_ARRAY, BPF_FUNC_perf_event_output},
|
||||
-};
|
||||
-
|
||||
static void print_verifier_state(struct verifier_env *env)
|
||||
{
|
||||
enum bpf_reg_type t;
|
||||
@@ -898,24 +889,42 @@ static int check_func_arg(struct verifie
|
||||
|
||||
static int check_map_func_compatibility(struct bpf_map *map, int func_id)
|
||||
{
|
||||
- bool bool_map, bool_func;
|
||||
- int i;
|
||||
-
|
||||
if (!map)
|
||||
return 0;
|
||||
|
||||
- for (i = 0; i < ARRAY_SIZE(func_limit); i++) {
|
||||
- bool_map = (map->map_type == func_limit[i].map_type);
|
||||
- bool_func = (func_id == func_limit[i].func_id);
|
||||
- /* only when map & func pair match it can continue.
|
||||
- * don't allow any other map type to be passed into
|
||||
- * the special func;
|
||||
- */
|
||||
- if (bool_func && bool_map != bool_func)
|
||||
- return -EINVAL;
|
||||
+ /* We need a two way check, first is from map perspective ... */
|
||||
+ switch (map->map_type) {
|
||||
+ case BPF_MAP_TYPE_PROG_ARRAY:
|
||||
+ if (func_id != BPF_FUNC_tail_call)
|
||||
+ goto error;
|
||||
+ break;
|
||||
+ case BPF_MAP_TYPE_PERF_EVENT_ARRAY:
|
||||
+ if (func_id != BPF_FUNC_perf_event_read &&
|
||||
+ func_id != BPF_FUNC_perf_event_output)
|
||||
+ goto error;
|
||||
+ break;
|
||||
+ default:
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ /* ... and second from the function itself. */
|
||||
+ switch (func_id) {
|
||||
+ case BPF_FUNC_tail_call:
|
||||
+ if (map->map_type != BPF_MAP_TYPE_PROG_ARRAY)
|
||||
+ goto error;
|
||||
+ break;
|
||||
+ case BPF_FUNC_perf_event_read:
|
||||
+ case BPF_FUNC_perf_event_output:
|
||||
+ if (map->map_type != BPF_MAP_TYPE_PERF_EVENT_ARRAY)
|
||||
+ goto error;
|
||||
+ break;
|
||||
+ default:
|
||||
+ break;
|
||||
}
|
||||
|
||||
return 0;
|
||||
+error:
|
||||
+ return -EINVAL;
|
||||
}
|
||||
|
||||
static int check_call(struct verifier_env *env, int func_id)
|
|
@ -1,41 +0,0 @@
|
|||
From: Jann Horn <jannh@google.com>
|
||||
Date: Tue, 26 Apr 2016 22:26:26 +0200
|
||||
Subject: [1/3] bpf: fix double-fdput in replace_map_fd_with_map_ptr()
|
||||
Origin: https://git.kernel.org/linus/8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7
|
||||
|
||||
When bpf(BPF_PROG_LOAD, ...) was invoked with a BPF program whose bytecode
|
||||
references a non-map file descriptor as a map file descriptor, the error
|
||||
handling code called fdput() twice instead of once (in __bpf_map_get() and
|
||||
in replace_map_fd_with_map_ptr()). If the file descriptor table of the
|
||||
current task is shared, this causes f_count to be decremented too much,
|
||||
allowing the struct file to be freed while it is still in use
|
||||
(use-after-free). This can be exploited to gain root privileges by an
|
||||
unprivileged user.
|
||||
|
||||
This bug was introduced in
|
||||
commit 0246e64d9a5f ("bpf: handle pseudo BPF_LD_IMM64 insn"), but is only
|
||||
exploitable since
|
||||
commit 1be7f75d1668 ("bpf: enable non-root eBPF programs") because
|
||||
previously, CAP_SYS_ADMIN was required to reach the vulnerable code.
|
||||
|
||||
(posted publicly according to request by maintainer)
|
||||
|
||||
Signed-off-by: Jann Horn <jannh@google.com>
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Acked-by: Alexei Starovoitov <ast@kernel.org>
|
||||
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
kernel/bpf/verifier.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
--- a/kernel/bpf/verifier.c
|
||||
+++ b/kernel/bpf/verifier.c
|
||||
@@ -2003,7 +2003,6 @@ static int replace_map_fd_with_map_ptr(s
|
||||
if (IS_ERR(map)) {
|
||||
verbose("fd %d is not pointing to valid bpf_map\n",
|
||||
insn->imm);
|
||||
- fdput(f);
|
||||
return PTR_ERR(map);
|
||||
}
|
||||
|
|
@ -1,147 +0,0 @@
|
|||
From: Alexei Starovoitov <ast@fb.com>
|
||||
Date: Wed, 27 Apr 2016 18:56:20 -0700
|
||||
Subject: [2/3] bpf: fix refcnt overflow
|
||||
Origin: https://git.kernel.org/linus/92117d8443bc5afacc8d5ba82e541946310f106e
|
||||
|
||||
On a system with >32Gbyte of phyiscal memory and infinite RLIMIT_MEMLOCK,
|
||||
the malicious application may overflow 32-bit bpf program refcnt.
|
||||
It's also possible to overflow map refcnt on 1Tb system.
|
||||
Impose 32k hard limit which means that the same bpf program or
|
||||
map cannot be shared by more than 32k processes.
|
||||
|
||||
Fixes: 1be7f75d1668 ("bpf: enable non-root eBPF programs")
|
||||
Reported-by: Jann Horn <jannh@google.com>
|
||||
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
|
||||
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
include/linux/bpf.h | 3 ++-
|
||||
kernel/bpf/inode.c | 7 ++++---
|
||||
kernel/bpf/syscall.c | 24 ++++++++++++++++++++----
|
||||
kernel/bpf/verifier.c | 11 +++++++----
|
||||
4 files changed, 33 insertions(+), 12 deletions(-)
|
||||
|
||||
--- a/include/linux/bpf.h
|
||||
+++ b/include/linux/bpf.h
|
||||
@@ -165,12 +165,13 @@ void bpf_register_prog_type(struct bpf_p
|
||||
void bpf_register_map_type(struct bpf_map_type_list *tl);
|
||||
|
||||
struct bpf_prog *bpf_prog_get(u32 ufd);
|
||||
+struct bpf_prog *bpf_prog_inc(struct bpf_prog *prog);
|
||||
void bpf_prog_put(struct bpf_prog *prog);
|
||||
void bpf_prog_put_rcu(struct bpf_prog *prog);
|
||||
|
||||
struct bpf_map *bpf_map_get_with_uref(u32 ufd);
|
||||
struct bpf_map *__bpf_map_get(struct fd f);
|
||||
-void bpf_map_inc(struct bpf_map *map, bool uref);
|
||||
+struct bpf_map *bpf_map_inc(struct bpf_map *map, bool uref);
|
||||
void bpf_map_put_with_uref(struct bpf_map *map);
|
||||
void bpf_map_put(struct bpf_map *map);
|
||||
|
||||
--- a/kernel/bpf/inode.c
|
||||
+++ b/kernel/bpf/inode.c
|
||||
@@ -31,10 +31,10 @@ static void *bpf_any_get(void *raw, enum
|
||||
{
|
||||
switch (type) {
|
||||
case BPF_TYPE_PROG:
|
||||
- atomic_inc(&((struct bpf_prog *)raw)->aux->refcnt);
|
||||
+ raw = bpf_prog_inc(raw);
|
||||
break;
|
||||
case BPF_TYPE_MAP:
|
||||
- bpf_map_inc(raw, true);
|
||||
+ raw = bpf_map_inc(raw, true);
|
||||
break;
|
||||
default:
|
||||
WARN_ON_ONCE(1);
|
||||
@@ -297,7 +297,8 @@ static void *bpf_obj_do_get(const struct
|
||||
goto out;
|
||||
|
||||
raw = bpf_any_get(inode->i_private, *type);
|
||||
- touch_atime(&path);
|
||||
+ if (!IS_ERR(raw))
|
||||
+ touch_atime(&path);
|
||||
|
||||
path_put(&path);
|
||||
return raw;
|
||||
--- a/kernel/bpf/syscall.c
|
||||
+++ b/kernel/bpf/syscall.c
|
||||
@@ -201,11 +201,18 @@ struct bpf_map *__bpf_map_get(struct fd
|
||||
return f.file->private_data;
|
||||
}
|
||||
|
||||
-void bpf_map_inc(struct bpf_map *map, bool uref)
|
||||
+/* prog's and map's refcnt limit */
|
||||
+#define BPF_MAX_REFCNT 32768
|
||||
+
|
||||
+struct bpf_map *bpf_map_inc(struct bpf_map *map, bool uref)
|
||||
{
|
||||
- atomic_inc(&map->refcnt);
|
||||
+ if (atomic_inc_return(&map->refcnt) > BPF_MAX_REFCNT) {
|
||||
+ atomic_dec(&map->refcnt);
|
||||
+ return ERR_PTR(-EBUSY);
|
||||
+ }
|
||||
if (uref)
|
||||
atomic_inc(&map->usercnt);
|
||||
+ return map;
|
||||
}
|
||||
|
||||
struct bpf_map *bpf_map_get_with_uref(u32 ufd)
|
||||
@@ -217,7 +224,7 @@ struct bpf_map *bpf_map_get_with_uref(u3
|
||||
if (IS_ERR(map))
|
||||
return map;
|
||||
|
||||
- bpf_map_inc(map, true);
|
||||
+ map = bpf_map_inc(map, true);
|
||||
fdput(f);
|
||||
|
||||
return map;
|
||||
@@ -600,6 +607,15 @@ static struct bpf_prog *__bpf_prog_get(s
|
||||
return f.file->private_data;
|
||||
}
|
||||
|
||||
+struct bpf_prog *bpf_prog_inc(struct bpf_prog *prog)
|
||||
+{
|
||||
+ if (atomic_inc_return(&prog->aux->refcnt) > BPF_MAX_REFCNT) {
|
||||
+ atomic_dec(&prog->aux->refcnt);
|
||||
+ return ERR_PTR(-EBUSY);
|
||||
+ }
|
||||
+ return prog;
|
||||
+}
|
||||
+
|
||||
/* called by sockets/tracing/seccomp before attaching program to an event
|
||||
* pairs with bpf_prog_put()
|
||||
*/
|
||||
@@ -612,7 +628,7 @@ struct bpf_prog *bpf_prog_get(u32 ufd)
|
||||
if (IS_ERR(prog))
|
||||
return prog;
|
||||
|
||||
- atomic_inc(&prog->aux->refcnt);
|
||||
+ prog = bpf_prog_inc(prog);
|
||||
fdput(f);
|
||||
|
||||
return prog;
|
||||
--- a/kernel/bpf/verifier.c
|
||||
+++ b/kernel/bpf/verifier.c
|
||||
@@ -2022,15 +2022,18 @@ static int replace_map_fd_with_map_ptr(s
|
||||
return -E2BIG;
|
||||
}
|
||||
|
||||
- /* remember this map */
|
||||
- env->used_maps[env->used_map_cnt++] = map;
|
||||
-
|
||||
/* hold the map. If the program is rejected by verifier,
|
||||
* the map will be released by release_maps() or it
|
||||
* will be used by the valid program until it's unloaded
|
||||
* and all maps are released in free_bpf_prog_info()
|
||||
*/
|
||||
- bpf_map_inc(map, false);
|
||||
+ map = bpf_map_inc(map, false);
|
||||
+ if (IS_ERR(map)) {
|
||||
+ fdput(f);
|
||||
+ return PTR_ERR(map);
|
||||
+ }
|
||||
+ env->used_maps[env->used_map_cnt++] = map;
|
||||
+
|
||||
fdput(f);
|
||||
next_insn:
|
||||
insn++;
|
|
@ -1,31 +0,0 @@
|
|||
From: Herbert Xu <herbert@gondor.apana.org.au>
|
||||
Date: Wed, 4 May 2016 17:52:56 +0800
|
||||
Subject: crypto: hash - Fix page length clamping in hash walk
|
||||
Origin: https://git.kernel.org/linus/13f4bb78cf6a312bbdec367ba3da044b09bf0e29
|
||||
|
||||
The crypto hash walk code is broken when supplied with an offset
|
||||
greater than or equal to PAGE_SIZE. This patch fixes it by adjusting
|
||||
walk->pg and walk->offset when this happens.
|
||||
|
||||
Cc: <stable@vger.kernel.org>
|
||||
Reported-by: Steffen Klassert <steffen.klassert@secunet.com>
|
||||
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
||||
---
|
||||
crypto/ahash.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/crypto/ahash.c b/crypto/ahash.c
|
||||
index 5fc1f172963d..3887a98abcc3 100644
|
||||
--- a/crypto/ahash.c
|
||||
+++ b/crypto/ahash.c
|
||||
@@ -69,8 +69,9 @@ static int hash_walk_new_entry(struct crypto_hash_walk *walk)
|
||||
struct scatterlist *sg;
|
||||
|
||||
sg = walk->sg;
|
||||
- walk->pg = sg_page(sg);
|
||||
walk->offset = sg->offset;
|
||||
+ walk->pg = sg_page(walk->sg) + (walk->offset >> PAGE_SHIFT);
|
||||
+ walk->offset = offset_in_page(walk->offset);
|
||||
walk->entrylen = sg->length;
|
||||
|
||||
if (walk->entrylen > walk->total)
|
|
@ -1,60 +0,0 @@
|
|||
From: Al Viro <viro@zeniv.linux.org.uk>
|
||||
Date: Thu, 5 May 2016 16:25:35 -0400
|
||||
Subject: get_rock_ridge_filename(): handle malformed NM entries
|
||||
Origin: https://git.kernel.org/linus/99d825822eade8d827a1817357cbf3f889a552d6
|
||||
|
||||
Payloads of NM entries are not supposed to contain NUL. When we run
|
||||
into such, only the part prior to the first NUL goes into the
|
||||
concatenation (i.e. the directory entry name being encoded by a bunch
|
||||
of NM entries). We do stop when the amount collected so far + the
|
||||
claimed amount in the current NM entry exceed 254. So far, so good,
|
||||
but what we return as the total length is the sum of *claimed*
|
||||
sizes, not the actual amount collected. And that can grow pretty
|
||||
large - not unlimited, since you'd need to put CE entries in
|
||||
between to be able to get more than the maximum that could be
|
||||
contained in one isofs directory entry / continuation chunk and
|
||||
we are stop once we'd encountered 32 CEs, but you can get about 8Kb
|
||||
easily. And that's what will be passed to readdir callback as the
|
||||
name length. 8Kb __copy_to_user() from a buffer allocated by
|
||||
__get_free_page()
|
||||
|
||||
Cc: stable@vger.kernel.org # 0.98pl6+ (yes, really)
|
||||
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
||||
---
|
||||
fs/isofs/rock.c | 13 ++++++++++---
|
||||
1 file changed, 10 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c
|
||||
index 5384ceb35b1c..98b3eb7d8eaf 100644
|
||||
--- a/fs/isofs/rock.c
|
||||
+++ b/fs/isofs/rock.c
|
||||
@@ -203,6 +203,8 @@ int get_rock_ridge_filename(struct iso_directory_record *de,
|
||||
int retnamlen = 0;
|
||||
int truncate = 0;
|
||||
int ret = 0;
|
||||
+ char *p;
|
||||
+ int len;
|
||||
|
||||
if (!ISOFS_SB(inode->i_sb)->s_rock)
|
||||
return 0;
|
||||
@@ -267,12 +269,17 @@ repeat:
|
||||
rr->u.NM.flags);
|
||||
break;
|
||||
}
|
||||
- if ((strlen(retname) + rr->len - 5) >= 254) {
|
||||
+ len = rr->len - 5;
|
||||
+ if (retnamlen + len >= 254) {
|
||||
truncate = 1;
|
||||
break;
|
||||
}
|
||||
- strncat(retname, rr->u.NM.name, rr->len - 5);
|
||||
- retnamlen += rr->len - 5;
|
||||
+ p = memchr(rr->u.NM.name, '\0', len);
|
||||
+ if (unlikely(p))
|
||||
+ len = p - rr->u.NM.name;
|
||||
+ memcpy(retname + retnamlen, rr->u.NM.name, len);
|
||||
+ retnamlen += len;
|
||||
+ retname[retnamlen] = '\0';
|
||||
break;
|
||||
case SIG('R', 'E'):
|
||||
kfree(rs.buffer);
|
|
@ -1,29 +0,0 @@
|
|||
From: Kangjie Lu <kangjielu@gmail.com>
|
||||
Date: Tue, 3 May 2016 16:35:05 -0400
|
||||
Subject: net: fix infoleak in llc
|
||||
Origin: https://git.kernel.org/linus/b8670c09f37bdf2847cc44f36511a53afc6161fd
|
||||
|
||||
The stack object “info” has a total size of 12 bytes. Its last byte
|
||||
is padding which is not initialized and leaked via “put_cmsg”.
|
||||
|
||||
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/llc/af_llc.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
|
||||
index b3c52e3..8ae3ed9 100644
|
||||
--- a/net/llc/af_llc.c
|
||||
+++ b/net/llc/af_llc.c
|
||||
@@ -626,6 +626,7 @@ static void llc_cmsg_rcv(struct msghdr *msg, struct sk_buff *skb)
|
||||
if (llc->cmsg_flags & LLC_CMSG_PKTINFO) {
|
||||
struct llc_pktinfo info;
|
||||
|
||||
+ memset(&info, 0, sizeof(info));
|
||||
info.lpi_ifindex = llc_sk(skb->sk)->dev->ifindex;
|
||||
llc_pdu_decode_dsap(skb, &info.lpi_sap);
|
||||
llc_pdu_decode_da(skb, info.lpi_mac);
|
||||
--
|
||||
2.8.1
|
||||
|
|
@ -1,45 +0,0 @@
|
|||
From: Kangjie Lu <kangjielu@gmail.com>
|
||||
Date: Tue, 3 May 2016 16:46:24 -0400
|
||||
Subject: net: fix infoleak in rtnetlink
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Origin: https://git.kernel.org/linus/5f8e44741f9f216e33736ea4ec65ca9ac03036e6
|
||||
|
||||
The stack object “map” has a total size of 32 bytes. Its last 4
|
||||
bytes are padding generated by compiler. These padding bytes are
|
||||
not initialized and sent out via “nla_put”.
|
||||
|
||||
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/core/rtnetlink.c | 18 ++++++++++--------
|
||||
1 file changed, 10 insertions(+), 8 deletions(-)
|
||||
|
||||
--- a/net/core/rtnetlink.c
|
||||
+++ b/net/core/rtnetlink.c
|
||||
@@ -1176,14 +1176,16 @@ static noinline_for_stack int rtnl_fill_
|
||||
|
||||
static int rtnl_fill_link_ifmap(struct sk_buff *skb, struct net_device *dev)
|
||||
{
|
||||
- struct rtnl_link_ifmap map = {
|
||||
- .mem_start = dev->mem_start,
|
||||
- .mem_end = dev->mem_end,
|
||||
- .base_addr = dev->base_addr,
|
||||
- .irq = dev->irq,
|
||||
- .dma = dev->dma,
|
||||
- .port = dev->if_port,
|
||||
- };
|
||||
+ struct rtnl_link_ifmap map;
|
||||
+
|
||||
+ memset(&map, 0, sizeof(map));
|
||||
+ map.mem_start = dev->mem_start;
|
||||
+ map.mem_end = dev->mem_end;
|
||||
+ map.base_addr = dev->base_addr;
|
||||
+ map.irq = dev->irq;
|
||||
+ map.dma = dev->dma;
|
||||
+ map.port = dev->if_port;
|
||||
+
|
||||
if (nla_put(skb, IFLA_MAP, sizeof(map), &map))
|
||||
return -EMSGSIZE;
|
||||
|
|
@ -1,45 +0,0 @@
|
|||
From: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Date: Sat, 14 May 2016 11:11:44 -0700
|
||||
Subject: nf_conntrack: avoid kernel pointer value leak in slab name
|
||||
Origin: https://git.kernel.org/linus/31b0b385f69d8d5491a4bca288e25e63f1d945d0
|
||||
|
||||
The slab name ends up being visible in the directory structure under
|
||||
/sys, and even if you don't have access rights to the file you can see
|
||||
the filenames.
|
||||
|
||||
Just use a 64-bit counter instead of the pointer to the 'net' structure
|
||||
to generate a unique name.
|
||||
|
||||
This code will go away in 4.7 when the conntrack code moves to a single
|
||||
kmemcache, but this is the backportable simple solution to avoiding
|
||||
leaking kernel pointers to user space.
|
||||
|
||||
Fixes: 5b3501faa874 ("netfilter: nf_conntrack: per netns nf_conntrack_cachep")
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/netfilter/nf_conntrack_core.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/net/netfilter/nf_conntrack_core.c
|
||||
+++ b/net/netfilter/nf_conntrack_core.c
|
||||
@@ -1780,6 +1780,7 @@ void nf_conntrack_init_end(void)
|
||||
|
||||
int nf_conntrack_init_net(struct net *net)
|
||||
{
|
||||
+ static atomic64_t unique_id;
|
||||
int ret = -ENOMEM;
|
||||
int cpu;
|
||||
|
||||
@@ -1802,7 +1803,8 @@ int nf_conntrack_init_net(struct net *ne
|
||||
if (!net->ct.stat)
|
||||
goto err_pcpu_lists;
|
||||
|
||||
- net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net);
|
||||
+ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%llu",
|
||||
+ (u64)atomic64_inc_return(&unique_id));
|
||||
if (!net->ct.slabname)
|
||||
goto err_slabname;
|
||||
|
|
@ -1,245 +0,0 @@
|
|||
From: Mikko Rapeli <mikko.rapeli@iki.fi>
|
||||
Date: Sun, 24 Apr 2016 17:45:00 +0200
|
||||
Subject: uapi glibc compat: fix compile errors when glibc net/if.h included
|
||||
before linux/if.h
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Origin: https://git.kernel.org/linus/4a91cb61bb995e5571098188092e296192309c77
|
||||
Bug-Debian: https://bugs.debian.org/822393
|
||||
|
||||
glibc's net/if.h contains copies of definitions from linux/if.h and these
|
||||
conflict and cause build failures if both files are included by application
|
||||
source code. Changes in uapi headers, which fixed header file dependencies to
|
||||
include linux/if.h when it was needed, e.g. commit 1ffad83d, made the
|
||||
net/if.h and linux/if.h incompatibilities visible as build failures for
|
||||
userspace applications like iproute2 and xtables-addons.
|
||||
|
||||
This patch fixes compile errors when glibc net/if.h is included before
|
||||
linux/if.h:
|
||||
|
||||
./linux/if.h:99:21: error: redeclaration of enumerator ‘IFF_NOARP’
|
||||
./linux/if.h:98:23: error: redeclaration of enumerator ‘IFF_RUNNING’
|
||||
./linux/if.h:97:26: error: redeclaration of enumerator ‘IFF_NOTRAILERS’
|
||||
./linux/if.h:96:27: error: redeclaration of enumerator ‘IFF_POINTOPOINT’
|
||||
./linux/if.h:95:24: error: redeclaration of enumerator ‘IFF_LOOPBACK’
|
||||
./linux/if.h:94:21: error: redeclaration of enumerator ‘IFF_DEBUG’
|
||||
./linux/if.h:93:25: error: redeclaration of enumerator ‘IFF_BROADCAST’
|
||||
./linux/if.h:92:19: error: redeclaration of enumerator ‘IFF_UP’
|
||||
./linux/if.h:252:8: error: redefinition of ‘struct ifconf’
|
||||
./linux/if.h:203:8: error: redefinition of ‘struct ifreq’
|
||||
./linux/if.h:169:8: error: redefinition of ‘struct ifmap’
|
||||
./linux/if.h:107:23: error: redeclaration of enumerator ‘IFF_DYNAMIC’
|
||||
./linux/if.h:106:25: error: redeclaration of enumerator ‘IFF_AUTOMEDIA’
|
||||
./linux/if.h:105:23: error: redeclaration of enumerator ‘IFF_PORTSEL’
|
||||
./linux/if.h:104:25: error: redeclaration of enumerator ‘IFF_MULTICAST’
|
||||
./linux/if.h:103:21: error: redeclaration of enumerator ‘IFF_SLAVE’
|
||||
./linux/if.h:102:22: error: redeclaration of enumerator ‘IFF_MASTER’
|
||||
./linux/if.h:101:24: error: redeclaration of enumerator ‘IFF_ALLMULTI’
|
||||
./linux/if.h:100:23: error: redeclaration of enumerator ‘IFF_PROMISC’
|
||||
|
||||
The cases where linux/if.h is included before net/if.h need a similar fix in
|
||||
the glibc side, or the order of include files can be changed userspace
|
||||
code as a workaround.
|
||||
|
||||
This change was tested in x86 userspace on Debian unstable with
|
||||
scripts/headers_compile_test.sh:
|
||||
|
||||
$ make headers_install && \
|
||||
cd usr/include && ../../scripts/headers_compile_test.sh -l -k
|
||||
...
|
||||
cc -Wall -c -nostdinc -I /usr/lib/gcc/i586-linux-gnu/5/include -I /usr/lib/gcc/i586-linux-gnu/5/include-fixed -I . -I /home/mcfrisk/src/linux-2.6/usr/headers_compile_test_include.2uX2zH -I /home/mcfrisk/src/linux-2.6/usr/headers_compile_test_include.2uX2zH/i586-linux-gnu -o /dev/null ./linux/if.h_libc_before_kernel.h
|
||||
PASSED libc before kernel test: ./linux/if.h
|
||||
|
||||
Reported-by: Jan Engelhardt <jengelh@inai.de>
|
||||
Reported-by: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Reported-by: Stephen Hemminger <shemming@brocade.com>
|
||||
Reported-by: Waldemar Brodkorb <mail@waldemar-brodkorb.de>
|
||||
Cc: Gabriel Laskar <gabriel@lse.epita.fr>
|
||||
Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
include/uapi/linux/if.h | 28 +++++++++++++++++++++++++
|
||||
include/uapi/linux/libc-compat.h | 44 ++++++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 72 insertions(+)
|
||||
|
||||
diff --git a/include/uapi/linux/if.h b/include/uapi/linux/if.h
|
||||
index f80277569f24..e601c8c3bdc7 100644
|
||||
--- a/include/uapi/linux/if.h
|
||||
+++ b/include/uapi/linux/if.h
|
||||
@@ -19,14 +19,20 @@
|
||||
#ifndef _LINUX_IF_H
|
||||
#define _LINUX_IF_H
|
||||
|
||||
+#include <linux/libc-compat.h> /* for compatibility with glibc */
|
||||
#include <linux/types.h> /* for "__kernel_caddr_t" et al */
|
||||
#include <linux/socket.h> /* for "struct sockaddr" et al */
|
||||
#include <linux/compiler.h> /* for "__user" et al */
|
||||
|
||||
+#if __UAPI_DEF_IF_IFNAMSIZ
|
||||
#define IFNAMSIZ 16
|
||||
+#endif /* __UAPI_DEF_IF_IFNAMSIZ */
|
||||
#define IFALIASZ 256
|
||||
#include <linux/hdlc/ioctl.h>
|
||||
|
||||
+/* For glibc compatibility. An empty enum does not compile. */
|
||||
+#if __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO != 0 && \
|
||||
+ __UAPI_DEF_IF_NET_DEVICE_FLAGS != 0
|
||||
/**
|
||||
* enum net_device_flags - &struct net_device flags
|
||||
*
|
||||
@@ -68,6 +74,8 @@
|
||||
* @IFF_ECHO: echo sent packets. Volatile.
|
||||
*/
|
||||
enum net_device_flags {
|
||||
+/* for compatibility with glibc net/if.h */
|
||||
+#if __UAPI_DEF_IF_NET_DEVICE_FLAGS
|
||||
IFF_UP = 1<<0, /* sysfs */
|
||||
IFF_BROADCAST = 1<<1, /* volatile */
|
||||
IFF_DEBUG = 1<<2, /* sysfs */
|
||||
@@ -84,11 +92,17 @@ enum net_device_flags {
|
||||
IFF_PORTSEL = 1<<13, /* sysfs */
|
||||
IFF_AUTOMEDIA = 1<<14, /* sysfs */
|
||||
IFF_DYNAMIC = 1<<15, /* sysfs */
|
||||
+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS */
|
||||
+#if __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO
|
||||
IFF_LOWER_UP = 1<<16, /* volatile */
|
||||
IFF_DORMANT = 1<<17, /* volatile */
|
||||
IFF_ECHO = 1<<18, /* volatile */
|
||||
+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO */
|
||||
};
|
||||
+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO != 0 && __UAPI_DEF_IF_NET_DEVICE_FLAGS != 0 */
|
||||
|
||||
+/* for compatibility with glibc net/if.h */
|
||||
+#if __UAPI_DEF_IF_NET_DEVICE_FLAGS
|
||||
#define IFF_UP IFF_UP
|
||||
#define IFF_BROADCAST IFF_BROADCAST
|
||||
#define IFF_DEBUG IFF_DEBUG
|
||||
@@ -105,9 +119,13 @@ enum net_device_flags {
|
||||
#define IFF_PORTSEL IFF_PORTSEL
|
||||
#define IFF_AUTOMEDIA IFF_AUTOMEDIA
|
||||
#define IFF_DYNAMIC IFF_DYNAMIC
|
||||
+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS */
|
||||
+
|
||||
+#if __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO
|
||||
#define IFF_LOWER_UP IFF_LOWER_UP
|
||||
#define IFF_DORMANT IFF_DORMANT
|
||||
#define IFF_ECHO IFF_ECHO
|
||||
+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO */
|
||||
|
||||
#define IFF_VOLATILE (IFF_LOOPBACK|IFF_POINTOPOINT|IFF_BROADCAST|IFF_ECHO|\
|
||||
IFF_MASTER|IFF_SLAVE|IFF_RUNNING|IFF_LOWER_UP|IFF_DORMANT)
|
||||
@@ -166,6 +184,8 @@ enum {
|
||||
* being very small might be worth keeping for clean configuration.
|
||||
*/
|
||||
|
||||
+/* for compatibility with glibc net/if.h */
|
||||
+#if __UAPI_DEF_IF_IFMAP
|
||||
struct ifmap {
|
||||
unsigned long mem_start;
|
||||
unsigned long mem_end;
|
||||
@@ -175,6 +195,7 @@ struct ifmap {
|
||||
unsigned char port;
|
||||
/* 3 bytes spare */
|
||||
};
|
||||
+#endif /* __UAPI_DEF_IF_IFMAP */
|
||||
|
||||
struct if_settings {
|
||||
unsigned int type; /* Type of physical device or protocol */
|
||||
@@ -200,6 +221,8 @@ struct if_settings {
|
||||
* remainder may be interface specific.
|
||||
*/
|
||||
|
||||
+/* for compatibility with glibc net/if.h */
|
||||
+#if __UAPI_DEF_IF_IFREQ
|
||||
struct ifreq {
|
||||
#define IFHWADDRLEN 6
|
||||
union
|
||||
@@ -223,6 +246,7 @@ struct ifreq {
|
||||
struct if_settings ifru_settings;
|
||||
} ifr_ifru;
|
||||
};
|
||||
+#endif /* __UAPI_DEF_IF_IFREQ */
|
||||
|
||||
#define ifr_name ifr_ifrn.ifrn_name /* interface name */
|
||||
#define ifr_hwaddr ifr_ifru.ifru_hwaddr /* MAC address */
|
||||
@@ -249,6 +273,8 @@ struct ifreq {
|
||||
* must know all networks accessible).
|
||||
*/
|
||||
|
||||
+/* for compatibility with glibc net/if.h */
|
||||
+#if __UAPI_DEF_IF_IFCONF
|
||||
struct ifconf {
|
||||
int ifc_len; /* size of buffer */
|
||||
union {
|
||||
@@ -256,6 +282,8 @@ struct ifconf {
|
||||
struct ifreq __user *ifcu_req;
|
||||
} ifc_ifcu;
|
||||
};
|
||||
+#endif /* __UAPI_DEF_IF_IFCONF */
|
||||
+
|
||||
#define ifc_buf ifc_ifcu.ifcu_buf /* buffer address */
|
||||
#define ifc_req ifc_ifcu.ifcu_req /* array of structures */
|
||||
|
||||
diff --git a/include/uapi/linux/libc-compat.h b/include/uapi/linux/libc-compat.h
|
||||
index 7d024ceb075d..d5e38c73377c 100644
|
||||
--- a/include/uapi/linux/libc-compat.h
|
||||
+++ b/include/uapi/linux/libc-compat.h
|
||||
@@ -51,6 +51,40 @@
|
||||
/* We have included glibc headers... */
|
||||
#if defined(__GLIBC__)
|
||||
|
||||
+/* Coordinate with glibc net/if.h header. */
|
||||
+#if defined(_NET_IF_H)
|
||||
+
|
||||
+/* GLIBC headers included first so don't define anything
|
||||
+ * that would already be defined. */
|
||||
+
|
||||
+#define __UAPI_DEF_IF_IFCONF 0
|
||||
+#define __UAPI_DEF_IF_IFMAP 0
|
||||
+#define __UAPI_DEF_IF_IFNAMSIZ 0
|
||||
+#define __UAPI_DEF_IF_IFREQ 0
|
||||
+/* Everything up to IFF_DYNAMIC, matches net/if.h until glibc 2.23 */
|
||||
+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS 0
|
||||
+/* For the future if glibc adds IFF_LOWER_UP, IFF_DORMANT and IFF_ECHO */
|
||||
+#ifndef __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO
|
||||
+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 1
|
||||
+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO */
|
||||
+
|
||||
+#else /* _NET_IF_H */
|
||||
+
|
||||
+/* Linux headers included first, and we must define everything
|
||||
+ * we need. The expectation is that glibc will check the
|
||||
+ * __UAPI_DEF_* defines and adjust appropriately. */
|
||||
+
|
||||
+#define __UAPI_DEF_IF_IFCONF 1
|
||||
+#define __UAPI_DEF_IF_IFMAP 1
|
||||
+#define __UAPI_DEF_IF_IFNAMSIZ 1
|
||||
+#define __UAPI_DEF_IF_IFREQ 1
|
||||
+/* Everything up to IFF_DYNAMIC, matches net/if.h until glibc 2.23 */
|
||||
+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS 1
|
||||
+/* For the future if glibc adds IFF_LOWER_UP, IFF_DORMANT and IFF_ECHO */
|
||||
+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 1
|
||||
+
|
||||
+#endif /* _NET_IF_H */
|
||||
+
|
||||
/* Coordinate with glibc netinet/in.h header. */
|
||||
#if defined(_NETINET_IN_H)
|
||||
|
||||
@@ -117,6 +151,16 @@
|
||||
* that we need. */
|
||||
#else /* !defined(__GLIBC__) */
|
||||
|
||||
+/* Definitions for if.h */
|
||||
+#define __UAPI_DEF_IF_IFCONF 1
|
||||
+#define __UAPI_DEF_IF_IFMAP 1
|
||||
+#define __UAPI_DEF_IF_IFNAMSIZ 1
|
||||
+#define __UAPI_DEF_IF_IFREQ 1
|
||||
+/* Everything up to IFF_DYNAMIC, matches net/if.h until glibc 2.23 */
|
||||
+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS 1
|
||||
+/* For the future if glibc adds IFF_LOWER_UP, IFF_DORMANT and IFF_ECHO */
|
||||
+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 1
|
||||
+
|
||||
/* Definitions for in.h */
|
||||
#define __UAPI_DEF_IN_ADDR 1
|
||||
#define __UAPI_DEF_IN_IPPROTO 1
|
|
@ -0,0 +1,35 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Mon, 23 May 2016 01:25:47 +0100
|
||||
Subject: net/sched: Fix ABI change in 4.5.5
|
||||
Forwarded: not-needed
|
||||
|
||||
Restore the function qdisc_tree_decrease_qlen(), removed in 4.5.5.
|
||||
It can now be a trivial wrapper for its replacement,
|
||||
qdisc_tree_reduce_backlog().
|
||||
|
||||
---
|
||||
--- a/include/net/sch_generic.h
|
||||
+++ b/include/net/sch_generic.h
|
||||
@@ -398,6 +398,7 @@ void qdisc_reset(struct Qdisc *qdisc);
|
||||
void qdisc_destroy(struct Qdisc *qdisc);
|
||||
void qdisc_tree_reduce_backlog(struct Qdisc *qdisc, unsigned int n,
|
||||
unsigned int len);
|
||||
+void qdisc_tree_decrease_qlen(struct Qdisc *qdisc, unsigned int n);
|
||||
struct Qdisc *qdisc_alloc(struct netdev_queue *dev_queue,
|
||||
const struct Qdisc_ops *ops);
|
||||
struct Qdisc *qdisc_create_dflt(struct netdev_queue *dev_queue,
|
||||
--- a/net/sched/sch_api.c
|
||||
+++ b/net/sched/sch_api.c
|
||||
@@ -782,6 +782,12 @@ void qdisc_tree_reduce_backlog(struct Qd
|
||||
}
|
||||
EXPORT_SYMBOL(qdisc_tree_reduce_backlog);
|
||||
|
||||
+void qdisc_tree_decrease_qlen(struct Qdisc *sch, unsigned int n)
|
||||
+{
|
||||
+ qdisc_tree_reduce_backlog(sch, n, 0);
|
||||
+}
|
||||
+EXPORT_SYMBOL(qdisc_tree_decrease_qlen);
|
||||
+
|
||||
static void notify_and_destroy(struct net *net, struct sk_buff *skb,
|
||||
struct nlmsghdr *n, u32 clid,
|
||||
struct Qdisc *old, struct Qdisc *new)
|
|
@ -82,10 +82,8 @@ bugfix/all/disable-some-marvell-phys.patch
|
|||
bugfix/all/rtsx_usb_ms-use-msleep_interruptible-in-polling-loop.patch
|
||||
bugfix/all/mm-zone_device-depends-on-sparsemem_vmemmap.patch
|
||||
bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
|
||||
bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch
|
||||
bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch
|
||||
bugfix/all/mm-thp-kvm-fix-memory-corruption-in-KVM-with-THP-ena.patch
|
||||
bugfix/all/uapi-glibc-compat-fix-compile-errors-when-glibc-net-.patch
|
||||
bugfix/all/videobuf2-core-fix-crash-after-fixing-cve-2016-4568.patch
|
||||
bugfix/all/revert-stmmac-fix-eth0-no-phy-found-regression.patch
|
||||
|
||||
|
@ -135,16 +133,8 @@ bugfix/all/netfilter-x_tables-check-for-size-overflow.patch
|
|||
bugfix/all/netfilter-x_tables-validate-e-target_offset-early.patch
|
||||
bugfix/all/netfilter-x_tables-make-sure-e-next_offset-covers-re.patch
|
||||
bugfix/x86/x86-mm-32-enable-full-randomization-on-i386-and-x86_.patch
|
||||
bugfix/all/bpf-fix-double-fdput-in-replace_map_fd_with_map_ptr.patch
|
||||
bugfix/all/bpf-fix-refcnt-overflow.patch
|
||||
bugfix/all/bpf-fix-check_map_func_compatibility-logic.patch
|
||||
bugfix/all/KEYS-Fix-ASN.1-indefinite-length-object-parsing.patch
|
||||
bugfix/all/net-fix-infoleak-in-llc.patch
|
||||
bugfix/all/net-fix-infoleak-in-rtnetlink.patch
|
||||
bugfix/all/nf_conntrack-avoid-kernel-pointer-value-leak-in-slab.patch
|
||||
bugfix/all/do_splice_to-cap-the-size-before-passing-to-splice_r.patch
|
||||
bugfix/all/crypto-hash-fix-page-length-clamping-in-hash-walk.patch
|
||||
bugfix/all/get_rock_ridge_filename-handle-malformed-nm-entries.patch
|
||||
bugfix/all/KVM-MTRR-remove-MSR-0x2f8.patch
|
||||
bugfix/all/tipc-check-nl-sock-before-parsing-nested-attributes.patch
|
||||
|
||||
|
@ -174,3 +164,4 @@ bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch
|
|||
bugfix/all/power-cpupower-fix-manpages-NAME.patch
|
||||
bugfix/all/tools-lib-traceevent-fix-use-of-uninitialized-variables.patch
|
||||
bugfix/all/scripts-fix-x.509-pem-support-in-sign-file.patch
|
||||
debian/net-sched-fix-abi-change-in-4.5.5.patch
|
||||
|
|
Loading…
Reference in New Issue