diff options
5 files changed, 172 insertions, 14 deletions
diff --git a/libre-testing/linux-libre/0001-sdhci-revert.patch b/libre-testing/linux-libre/0001-sdhci-revert.patch new file mode 100644 index 000000000..5d4afd644 --- /dev/null +++ b/libre-testing/linux-libre/0001-sdhci-revert.patch @@ -0,0 +1,25 @@ +index 2cadf08..b48565e 100644 +--- a/drivers/mmc/host/sdhci.c ++++ b/drivers/mmc/host/sdhci.c +@@ -1895,9 +1895,9 @@ static int sdhci_execute_tuning(struct mmc_host *mmc, u32 opcode) + tuning_count = host->tuning_count; + + /* +- * The Host Controller needs tuning only in case of SDR104 mode +- * and for SDR50 mode when Use Tuning for SDR50 is set in the +- * Capabilities register. ++ * The Host Controller needs tuning in case of SDR104 and DDR50 ++ * mode, and for SDR50 mode when Use Tuning for SDR50 is set in ++ * the Capabilities register. + * If the Host Controller supports the HS200 mode then the + * tuning function has to be executed. + */ +@@ -1917,6 +1917,7 @@ static int sdhci_execute_tuning(struct mmc_host *mmc, u32 opcode) + break; + + case MMC_TIMING_UHS_SDR104: ++ case MMC_TIMING_UHS_DDR50: + break; + + case MMC_TIMING_UHS_SDR50: +generated by cgit v0.11.2 at 2016-01-01 22:11:38 (GMT) diff --git a/libre-testing/linux-libre/CVE-2016-0728.patch b/libre-testing/linux-libre/CVE-2016-0728.patch new file mode 100644 index 000000000..e915d8219 --- /dev/null +++ b/libre-testing/linux-libre/CVE-2016-0728.patch @@ -0,0 +1,78 @@ +From 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 Mon Sep 17 00:00:00 2001 +From: Yevgeny Pats <yevgeny@perception-point.io> +Date: Tue, 19 Jan 2016 22:09:04 +0000 +Subject: [PATCH] KEYS: Fix keyring ref leak in join_session_keyring() + +This fixes CVE-2016-0728. + +If a thread is asked to join as a session keyring the keyring that's already +set as its session, we leak a keyring reference. + +This can be tested with the following program: + + #include <stddef.h> + #include <stdio.h> + #include <sys/types.h> + #include <keyutils.h> + + int main(int argc, const char *argv[]) + { + int i = 0; + key_serial_t serial; + + serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, + "leaked-keyring"); + if (serial < 0) { + perror("keyctl"); + return -1; + } + + if (keyctl(KEYCTL_SETPERM, serial, + KEY_POS_ALL | KEY_USR_ALL) < 0) { + perror("keyctl"); + return -1; + } + + for (i = 0; i < 100; i++) { + serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, + "leaked-keyring"); + if (serial < 0) { + perror("keyctl"); + return -1; + } + } + + return 0; + } + +If, after the program has run, there something like the following line in +/proc/keys: + +3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty + +with a usage count of 100 * the number of times the program has been run, +then the kernel is malfunctioning. If leaked-keyring has zero usages or +has been garbage collected, then the problem is fixed. + +Reported-by: Yevgeny Pats <yevgeny@perception-point.io> +Signed-off-by: David Howells <dhowells@redhat.com> +Acked-by: Don Zickus <dzickus@redhat.com> +Acked-by: Prarit Bhargava <prarit@redhat.com> +Acked-by: Jarod Wilson <jarod@redhat.com> +Signed-off-by: James Morris <james.l.morris@oracle.com> +--- + security/keys/process_keys.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c +index a3f85d2a..e6d50172 100644 +--- a/security/keys/process_keys.c ++++ b/security/keys/process_keys.c +@@ -794,6 +794,7 @@ long join_session_keyring(const char *name) + ret = PTR_ERR(keyring); + goto error2; + } else if (keyring == new->session_keyring) { ++ key_put(keyring); + ret = 0; + goto error2; + } diff --git a/libre-testing/linux-libre/PKGBUILD b/libre-testing/linux-libre/PKGBUILD index 6925946d5..1dd3a5aac 100644 --- a/libre-testing/linux-libre/PKGBUILD +++ b/libre-testing/linux-libre/PKGBUILD @@ -20,7 +20,7 @@ _replacesoldmodules=() # '%' gets replaced with _kernelname _srcname=linux-${_pkgbasever%-*} _archpkgver=${_pkgver%-*} pkgver=${_pkgver//-/_} -pkgrel=3 +pkgrel=4 rcnrel=armv7-x3 arch=('i686' 'x86_64' 'armv7h') url="http://linux-libre.fsfla.org/" @@ -45,6 +45,9 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgbasever}/li # standard config files for mkinitcpio ramdisk 'linux.preset' 'change-default-console-loglevel.patch' + 'tpmdd-devel-v3-base-platform-fix-binding-for-drivers-without-probe-callback.patch' + 'CVE-2016-0728.patch' + '0001-sdhci-revert.patch' '0001-drm-radeon-Make-the-driver-load-without-the-firmwares.patch' '0002-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch' # armv7h patches @@ -69,9 +72,12 @@ sha256sums=('f53e99866c751f21412737d1f06b0721e207f495c8c64f97dffb681795ee69a0' 'SKIP' '12bab1b743a4ee7602ad355f1d4582799f38d125202cffeea1c395bece25776c' 'd67f719de2d9b9cba751b0ad9e0d41f8ccf2dd301961c975b55edf740c34fd6c' - '8c5a492751701c13e79f3cbc4d1142664c089fb5bee9431cc1df669be45be222' + '98873b55f22ef3210c25e5f3147120d66cb1258906c7347e4f526ed6917013e0' 'f0d90e756f14533ee67afda280500511a62465b4f76adcc5effa95a40045179c' '1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99' + 'ab57037ecee0a425c612babdff47c831378bca0bff063a1308599989a350226d' + '03bed5b1c6ef34a917e218a46d38cd1347c5ab5693131996113c6cad275dc4e9' + '5313df7cb5b4d005422bd4cd0dae956b2dadba8f3db904275aaf99ac53894375' '61370b766e0c60b407c29d2c44b3f55fc352e9049c448bc8fcddb0efc53e42fc' '3d3266bd082321dccf429cc2200d1a4d870d2031546f9f591b6dfbb698294808' '031beb6ec9b55a0425b938141ec06e200ca17cc50d69f605643b8ddb6065a55e' @@ -131,6 +137,18 @@ prepare() { # add latest fixes from stable queue, if needed # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git + + # revert http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9faac7b95ea4f9e83b7a914084cc81ef1632fd91 + # fixes #47778 sdhci broken on some boards + # https://bugzilla.kernel.org/show_bug.cgi?id=106541 + patch -Rp1 -i "${srcdir}/0001-sdhci-revert.patch" + + # fixes #47805 kernel panics on platform modules + # https://bugzilla.kernel.org/show_bug.cgi?id=110751 + patch -Np1 -i "${srcdir}/tpmdd-devel-v3-base-platform-fix-binding-for-drivers-without-probe-callback.patch" + + # fixes #47820 CVE-2016-0728.patch + patch -Np1 -i "${srcdir}/CVE-2016-0728.patch" # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param) # remove this when a Kconfig knob is made available by upstream diff --git a/libre-testing/linux-libre/config.armv7h b/libre-testing/linux-libre/config.armv7h index 0a92be7bd..d1fa41572 100644 --- a/libre-testing/linux-libre/config.armv7h +++ b/libre-testing/linux-libre/config.armv7h @@ -1310,11 +1310,11 @@ CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y CONFIG_SCTP_COOKIE_HMAC_MD5=y CONFIG_SCTP_COOKIE_HMAC_SHA1=y CONFIG_RDS=m -# CONFIG_RDS_RDMA is not set +CONFIG_RDS_RDMA=m CONFIG_RDS_TCP=m # CONFIG_RDS_DEBUG is not set CONFIG_TIPC=m -# CONFIG_TIPC_MEDIA_IB is not set +CONFIG_TIPC_MEDIA_IB=y CONFIG_TIPC_MEDIA_UDP=y CONFIG_ATM=m CONFIG_ATM_CLIP=m @@ -1494,7 +1494,14 @@ CONFIG_CAN_GRCAN=m # CONFIG_CAN_RCAR is not set CONFIG_CAN_SUN4I=m CONFIG_CAN_XILINXCAN=m -# CONFIG_CAN_SJA1000 is not set +CONFIG_CAN_SJA1000=m +CONFIG_CAN_SJA1000_ISA=m +# CONFIG_CAN_SJA1000_PLATFORM is not set +CONFIG_CAN_EMS_PCI=m +CONFIG_CAN_PEAK_PCI=m +CONFIG_CAN_PEAK_PCIEC=y +CONFIG_CAN_KVASER_PCI=m +CONFIG_CAN_PLX_PCI=m CONFIG_CAN_C_CAN=m CONFIG_CAN_C_CAN_PLATFORM=m # CONFIG_CAN_C_CAN_PCI is not set @@ -1657,8 +1664,8 @@ CONFIG_RFKILL_INPUT=y CONFIG_RFKILL_REGULATOR=m # CONFIG_RFKILL_GPIO is not set CONFIG_NET_9P=m -# CONFIG_NET_9P_VIRTIO is not set -# CONFIG_NET_9P_RDMA is not set +CONFIG_NET_9P_VIRTIO=m +CONFIG_NET_9P_RDMA=m # CONFIG_NET_9P_DEBUG is not set # CONFIG_CAIF is not set CONFIG_CEPH_LIB=m @@ -1951,8 +1958,8 @@ CONFIG_AD525X_DPOT_SPI=m # CONFIG_DUMMY_IRQ is not set # CONFIG_PHANTOM is not set CONFIG_SGI_IOC4=m -CONFIG_TIFM_CORE=y -CONFIG_TIFM_7XX1=y +CONFIG_TIFM_CORE=m +CONFIG_TIFM_7XX1=m CONFIG_ICS932S401=y CONFIG_ENCLOSURE_SERVICES=m # CONFIG_HP_ILO is not set @@ -1987,7 +1994,7 @@ CONFIG_EEPROM_LEGACY=m CONFIG_EEPROM_MAX6875=m CONFIG_EEPROM_93CX6=m CONFIG_EEPROM_93XX46=m -CONFIG_CB710_CORE=y +CONFIG_CB710_CORE=m # CONFIG_CB710_DEBUG is not set CONFIG_CB710_DEBUG_ASSUMPTIONS=y @@ -2296,7 +2303,13 @@ CONFIG_LOOPBACK_TARGET=m CONFIG_TCM_FC=m CONFIG_ISCSI_TARGET=m CONFIG_SBP_TARGET=m -# CONFIG_FUSION is not set +CONFIG_FUSION=y +CONFIG_FUSION_SPI=m +CONFIG_FUSION_FC=m +CONFIG_FUSION_SAS=m +CONFIG_FUSION_MAX_SGE=128 +CONFIG_FUSION_CTL=m +# CONFIG_FUSION_LOGGING is not set # # IEEE 1394 (FireWire) support @@ -5909,9 +5922,9 @@ CONFIG_MMC_SDHCI_S3C_DMA=y CONFIG_MMC_OMAP=y CONFIG_MMC_OMAP_HS=y # CONFIG_MMC_MXC is not set -CONFIG_MMC_TIFM_SD=y +CONFIG_MMC_TIFM_SD=m CONFIG_MMC_MVSDIO=y -CONFIG_MMC_CB710=y +CONFIG_MMC_CB710=m CONFIG_MMC_VIA_SDMMC=y CONFIG_MMC_DW=y CONFIG_MMC_DW_PLTFM=y @@ -5985,7 +5998,7 @@ CONFIG_LEDS_LM355x=m # LED driver for blink(1) USB RGB LED is under Special HID drivers (HID_THINGM) # CONFIG_LEDS_BLINKM=m -# CONFIG_LEDS_SYSCON is not set +CONFIG_LEDS_SYSCON=y # # LED Triggers diff --git a/libre-testing/linux-libre/tpmdd-devel-v3-base-platform-fix-binding-for-drivers-without-probe-callback.patch b/libre-testing/linux-libre/tpmdd-devel-v3-base-platform-fix-binding-for-drivers-without-probe-callback.patch new file mode 100644 index 000000000..691ab79b9 --- /dev/null +++ b/libre-testing/linux-libre/tpmdd-devel-v3-base-platform-fix-binding-for-drivers-without-probe-callback.patch @@ -0,0 +1,24 @@ +diff --git a/drivers/base/platform.c b/drivers/base/platform.c +index 1dd6d3b..176b59f 100644 +--- a/drivers/base/platform.c ++++ b/drivers/base/platform.c +@@ -513,10 +513,15 @@ static int platform_drv_probe(struct device *_dev) + return ret; + + ret = dev_pm_domain_attach(_dev, true); +- if (ret != -EPROBE_DEFER && drv->probe) { +- ret = drv->probe(dev); +- if (ret) +- dev_pm_domain_detach(_dev, true); ++ if (ret != -EPROBE_DEFER) { ++ if (drv->probe) { ++ ret = drv->probe(dev); ++ if (ret) ++ dev_pm_domain_detach(_dev, true); ++ } else { ++ /* don't fail if just dev_pm_domain_attach failed */ ++ ret = 0; ++ } + } + + if (drv->prevent_deferred_probe && ret == -EPROBE_DEFER) { |