From aca53a5db6b03b6499a63f5c2d19cf7b9a11fc06 Mon Sep 17 00:00:00 2001 From: David P Date: Sat, 6 Jan 2018 17:21:08 -0300 Subject: updpkg: libre/linux-libre 4.14.12_gnu-1 --- ...-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch | 74 ------------- ...ack-out-of-bounds-read-on-socket-policy-l.patch | 49 +++++++++ ...css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch | 114 +++++++++++++++++++++ ...ack-out-of-bounds-read-on-socket-policy-l.patch | 49 --------- ...css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch | 114 --------------------- ...p-Only-use-the-alternate-fixed-mode-if-it.patch | 42 ++++++++ ...6-pti-Do-not-enable-PTI-on-AMD-processors.patch | 42 -------- libre/linux-libre/PKGBUILD | 31 +++--- libre/linux-libre/config.armv7h | 3 +- libre/linux-libre/config.i686 | 3 +- libre/linux-libre/config.x86_64 | 3 +- 11 files changed, 225 insertions(+), 299 deletions(-) delete mode 100644 libre/linux-libre/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch create mode 100644 libre/linux-libre/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch create mode 100644 libre/linux-libre/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch delete mode 100644 libre/linux-libre/0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch delete mode 100644 libre/linux-libre/0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch create mode 100644 libre/linux-libre/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch delete mode 100644 libre/linux-libre/0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch (limited to 'libre/linux-libre') diff --git a/libre/linux-libre/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch b/libre/linux-libre/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch deleted file mode 100644 index 4dca618a8..000000000 --- a/libre/linux-libre/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch +++ /dev/null @@ -1,74 +0,0 @@ -From d03c0ef520f40c6de691c37e0f168c87b3423015 Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: -References: -From: Steffen Klassert -Date: Wed, 15 Nov 2017 06:40:57 +0100 -Subject: [PATCH 4/7] Revert "xfrm: Fix stack-out-of-bounds read in - xfrm_state_find." - -This reverts commit c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e. - -This commit breaks transport mode when the policy template -has widlcard addresses configured, so revert it. - -Signed-off-by: Steffen Klassert ---- - net/xfrm/xfrm_policy.c | 29 ++++++++++++++++++----------- - 1 file changed, 18 insertions(+), 11 deletions(-) - -diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 2a6093840e7e856e..6bc16bb61b5533ef 100644 ---- a/net/xfrm/xfrm_policy.c -+++ b/net/xfrm/xfrm_policy.c -@@ -1362,29 +1362,36 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl, - struct net *net = xp_net(policy); - int nx; - int i, error; -+ xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family); -+ xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family); - xfrm_address_t tmp; - - for (nx = 0, i = 0; i < policy->xfrm_nr; i++) { - struct xfrm_state *x; -- xfrm_address_t *local; -- xfrm_address_t *remote; -+ xfrm_address_t *remote = daddr; -+ xfrm_address_t *local = saddr; - struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i]; - -- remote = &tmpl->id.daddr; -- local = &tmpl->saddr; -- if (xfrm_addr_any(local, tmpl->encap_family)) { -- error = xfrm_get_saddr(net, fl->flowi_oif, -- &tmp, remote, -- tmpl->encap_family, 0); -- if (error) -- goto fail; -- local = &tmp; -+ if (tmpl->mode == XFRM_MODE_TUNNEL || -+ tmpl->mode == XFRM_MODE_BEET) { -+ remote = &tmpl->id.daddr; -+ local = &tmpl->saddr; -+ if (xfrm_addr_any(local, tmpl->encap_family)) { -+ error = xfrm_get_saddr(net, fl->flowi_oif, -+ &tmp, remote, -+ tmpl->encap_family, 0); -+ if (error) -+ goto fail; -+ local = &tmp; -+ } - } - - x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family); - - if (x && x->km.state == XFRM_STATE_VALID) { - xfrm[nx++] = x; -+ daddr = remote; -+ saddr = local; - continue; - } - if (x) { --- -2.15.1 - diff --git a/libre/linux-libre/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/libre/linux-libre/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch new file mode 100644 index 000000000..edd7b24a3 --- /dev/null +++ b/libre/linux-libre/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch @@ -0,0 +1,49 @@ +From 3721d64246982f91a5bf863fc17ac60ff722e0c4 Mon Sep 17 00:00:00 2001 +Message-Id: <3721d64246982f91a5bf863fc17ac60ff722e0c4.1514959852.git.jan.steffens@gmail.com> +In-Reply-To: +References: +From: Steffen Klassert +Date: Fri, 22 Dec 2017 10:44:57 +0100 +Subject: [PATCH 5/7] xfrm: Fix stack-out-of-bounds read on socket policy + lookup. + +When we do tunnel or beet mode, we pass saddr and daddr from the +template to xfrm_state_find(), this is ok. On transport mode, +we pass the addresses from the flowi, assuming that the IP +addresses (and address family) don't change during transformation. +This assumption is wrong in the IPv4 mapped IPv6 case, packet +is IPv4 and template is IPv6. + +Fix this by catching address family missmatches of the policy +and the flow already before we do the lookup. + +Reported-by: syzbot +Signed-off-by: Steffen Klassert +--- + net/xfrm/xfrm_policy.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index 6bc16bb61b5533ef..50c5f46b5cca942e 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -1169,9 +1169,15 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, + again: + pol = rcu_dereference(sk->sk_policy[dir]); + if (pol != NULL) { +- bool match = xfrm_selector_match(&pol->selector, fl, family); ++ bool match; + int err = 0; + ++ if (pol->family != family) { ++ pol = NULL; ++ goto out; ++ } ++ ++ match = xfrm_selector_match(&pol->selector, fl, family); + if (match) { + if ((sk->sk_mark & pol->mark.m) != pol->mark.v) { + pol = NULL; +-- +2.15.1 + diff --git a/libre/linux-libre/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch b/libre/linux-libre/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch new file mode 100644 index 000000000..0a54ce129 --- /dev/null +++ b/libre/linux-libre/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch @@ -0,0 +1,114 @@ +From a79cb4d4e540c72a601ca0494e914565c16e2893 Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: +References: +From: Tejun Heo +Date: Wed, 20 Dec 2017 07:09:19 -0800 +Subject: [PATCH 6/7] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC + +While teaching css_task_iter to handle skipping over tasks which +aren't group leaders, bc2fb7ed089f ("cgroup: add @flags to +css_task_iter_start() and implement CSS_TASK_ITER_PROCS") introduced a +silly bug. + +CSS_TASK_ITER_PROCS is implemented by repeating +css_task_iter_advance() while the advanced cursor is pointing to a +non-leader thread. However, the cursor variable, @l, wasn't updated +when the iteration has to advance to the next css_set and the +following repetition would operate on the terminal @l from the +previous iteration which isn't pointing to a valid task leading to +oopses like the following or infinite looping. + + BUG: unable to handle kernel NULL pointer dereference at 0000000000000254 + IP: __task_pid_nr_ns+0xc7/0xf0 + PGD 0 P4D 0 + Oops: 0000 [#1] SMP + ... + CPU: 2 PID: 1 Comm: systemd Not tainted 4.14.4-200.fc26.x86_64 #1 + Hardware name: System manufacturer System Product Name/PRIME B350M-A, BIOS 3203 11/09/2017 + task: ffff88c4baee8000 task.stack: ffff96d5c3158000 + RIP: 0010:__task_pid_nr_ns+0xc7/0xf0 + RSP: 0018:ffff96d5c315bd50 EFLAGS: 00010206 + RAX: 0000000000000000 RBX: ffff88c4b68c6000 RCX: 0000000000000250 + RDX: ffffffffa5e47960 RSI: 0000000000000000 RDI: ffff88c490f6ab00 + RBP: ffff96d5c315bd50 R08: 0000000000001000 R09: 0000000000000005 + R10: ffff88c4be006b80 R11: ffff88c42f1b8004 R12: ffff96d5c315bf18 + R13: ffff88c42d7dd200 R14: ffff88c490f6a510 R15: ffff88c4b68c6000 + FS: 00007f9446f8ea00(0000) GS:ffff88c4be680000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 0000000000000254 CR3: 00000007f956f000 CR4: 00000000003406e0 + Call Trace: + cgroup_procs_show+0x19/0x30 + cgroup_seqfile_show+0x4c/0xb0 + kernfs_seq_show+0x21/0x30 + seq_read+0x2ec/0x3f0 + kernfs_fop_read+0x134/0x180 + __vfs_read+0x37/0x160 + ? security_file_permission+0x9b/0xc0 + vfs_read+0x8e/0x130 + SyS_read+0x55/0xc0 + entry_SYSCALL_64_fastpath+0x1a/0xa5 + RIP: 0033:0x7f94455f942d + RSP: 002b:00007ffe81ba2d00 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 + RAX: ffffffffffffffda RBX: 00005574e2233f00 RCX: 00007f94455f942d + RDX: 0000000000001000 RSI: 00005574e2321a90 RDI: 000000000000002b + RBP: 0000000000000000 R08: 00005574e2321a90 R09: 00005574e231de60 + R10: 00007f94458c8b38 R11: 0000000000000293 R12: 00007f94458c8ae0 + R13: 00007ffe81ba3800 R14: 0000000000000000 R15: 00005574e2116560 + Code: 04 74 0e 89 f6 48 8d 04 76 48 8d 04 c5 f0 05 00 00 48 8b bf b8 05 00 00 48 01 c7 31 c0 48 8b 0f 48 85 c9 74 18 8b b2 30 08 00 00 <3b> 71 04 77 0d 48 c1 e6 05 48 01 f1 48 3b 51 38 74 09 5d c3 8b + RIP: __task_pid_nr_ns+0xc7/0xf0 RSP: ffff96d5c315bd50 + +Fix it by moving the initialization of the cursor below the repeat +label. While at it, rename it to @next for readability. + +Signed-off-by: Tejun Heo +Fixes: bc2fb7ed089f ("cgroup: add @flags to css_task_iter_start() and implement CSS_TASK_ITER_PROCS") +Cc: stable@vger.kernel.org # v4.14+ +Reported-by: Laura Abbott +Reported-by: Bronek Kozicki +Reported-by: George Amanakis +Signed-off-by: Tejun Heo +--- + kernel/cgroup/cgroup.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c +index 44857278eb8aa6a2..030e4286f14c715e 100644 +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -4059,26 +4059,24 @@ static void css_task_iter_advance_css_set(struct css_task_iter *it) + + static void css_task_iter_advance(struct css_task_iter *it) + { +- struct list_head *l = it->task_pos; ++ struct list_head *next; + + lockdep_assert_held(&css_set_lock); +- WARN_ON_ONCE(!l); +- + repeat: + /* + * Advance iterator to find next entry. cset->tasks is consumed + * first and then ->mg_tasks. After ->mg_tasks, we move onto the + * next cset. + */ +- l = l->next; ++ next = it->task_pos->next; + +- if (l == it->tasks_head) +- l = it->mg_tasks_head->next; ++ if (next == it->tasks_head) ++ next = it->mg_tasks_head->next; + +- if (l == it->mg_tasks_head) ++ if (next == it->mg_tasks_head) + css_task_iter_advance_css_set(it); + else +- it->task_pos = l; ++ it->task_pos = next; + + /* if PROCS, skip over tasks which aren't group leaders */ + if ((it->flags & CSS_TASK_ITER_PROCS) && it->task_pos && +-- +2.15.1 + diff --git a/libre/linux-libre/0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/libre/linux-libre/0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch deleted file mode 100644 index edd7b24a3..000000000 --- a/libre/linux-libre/0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 3721d64246982f91a5bf863fc17ac60ff722e0c4 Mon Sep 17 00:00:00 2001 -Message-Id: <3721d64246982f91a5bf863fc17ac60ff722e0c4.1514959852.git.jan.steffens@gmail.com> -In-Reply-To: -References: -From: Steffen Klassert -Date: Fri, 22 Dec 2017 10:44:57 +0100 -Subject: [PATCH 5/7] xfrm: Fix stack-out-of-bounds read on socket policy - lookup. - -When we do tunnel or beet mode, we pass saddr and daddr from the -template to xfrm_state_find(), this is ok. On transport mode, -we pass the addresses from the flowi, assuming that the IP -addresses (and address family) don't change during transformation. -This assumption is wrong in the IPv4 mapped IPv6 case, packet -is IPv4 and template is IPv6. - -Fix this by catching address family missmatches of the policy -and the flow already before we do the lookup. - -Reported-by: syzbot -Signed-off-by: Steffen Klassert ---- - net/xfrm/xfrm_policy.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 6bc16bb61b5533ef..50c5f46b5cca942e 100644 ---- a/net/xfrm/xfrm_policy.c -+++ b/net/xfrm/xfrm_policy.c -@@ -1169,9 +1169,15 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, - again: - pol = rcu_dereference(sk->sk_policy[dir]); - if (pol != NULL) { -- bool match = xfrm_selector_match(&pol->selector, fl, family); -+ bool match; - int err = 0; - -+ if (pol->family != family) { -+ pol = NULL; -+ goto out; -+ } -+ -+ match = xfrm_selector_match(&pol->selector, fl, family); - if (match) { - if ((sk->sk_mark & pol->mark.m) != pol->mark.v) { - pol = NULL; --- -2.15.1 - diff --git a/libre/linux-libre/0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch b/libre/linux-libre/0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch deleted file mode 100644 index 0a54ce129..000000000 --- a/libre/linux-libre/0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch +++ /dev/null @@ -1,114 +0,0 @@ -From a79cb4d4e540c72a601ca0494e914565c16e2893 Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: -References: -From: Tejun Heo -Date: Wed, 20 Dec 2017 07:09:19 -0800 -Subject: [PATCH 6/7] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC - -While teaching css_task_iter to handle skipping over tasks which -aren't group leaders, bc2fb7ed089f ("cgroup: add @flags to -css_task_iter_start() and implement CSS_TASK_ITER_PROCS") introduced a -silly bug. - -CSS_TASK_ITER_PROCS is implemented by repeating -css_task_iter_advance() while the advanced cursor is pointing to a -non-leader thread. However, the cursor variable, @l, wasn't updated -when the iteration has to advance to the next css_set and the -following repetition would operate on the terminal @l from the -previous iteration which isn't pointing to a valid task leading to -oopses like the following or infinite looping. - - BUG: unable to handle kernel NULL pointer dereference at 0000000000000254 - IP: __task_pid_nr_ns+0xc7/0xf0 - PGD 0 P4D 0 - Oops: 0000 [#1] SMP - ... - CPU: 2 PID: 1 Comm: systemd Not tainted 4.14.4-200.fc26.x86_64 #1 - Hardware name: System manufacturer System Product Name/PRIME B350M-A, BIOS 3203 11/09/2017 - task: ffff88c4baee8000 task.stack: ffff96d5c3158000 - RIP: 0010:__task_pid_nr_ns+0xc7/0xf0 - RSP: 0018:ffff96d5c315bd50 EFLAGS: 00010206 - RAX: 0000000000000000 RBX: ffff88c4b68c6000 RCX: 0000000000000250 - RDX: ffffffffa5e47960 RSI: 0000000000000000 RDI: ffff88c490f6ab00 - RBP: ffff96d5c315bd50 R08: 0000000000001000 R09: 0000000000000005 - R10: ffff88c4be006b80 R11: ffff88c42f1b8004 R12: ffff96d5c315bf18 - R13: ffff88c42d7dd200 R14: ffff88c490f6a510 R15: ffff88c4b68c6000 - FS: 00007f9446f8ea00(0000) GS:ffff88c4be680000(0000) knlGS:0000000000000000 - CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 - CR2: 0000000000000254 CR3: 00000007f956f000 CR4: 00000000003406e0 - Call Trace: - cgroup_procs_show+0x19/0x30 - cgroup_seqfile_show+0x4c/0xb0 - kernfs_seq_show+0x21/0x30 - seq_read+0x2ec/0x3f0 - kernfs_fop_read+0x134/0x180 - __vfs_read+0x37/0x160 - ? security_file_permission+0x9b/0xc0 - vfs_read+0x8e/0x130 - SyS_read+0x55/0xc0 - entry_SYSCALL_64_fastpath+0x1a/0xa5 - RIP: 0033:0x7f94455f942d - RSP: 002b:00007ffe81ba2d00 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 - RAX: ffffffffffffffda RBX: 00005574e2233f00 RCX: 00007f94455f942d - RDX: 0000000000001000 RSI: 00005574e2321a90 RDI: 000000000000002b - RBP: 0000000000000000 R08: 00005574e2321a90 R09: 00005574e231de60 - R10: 00007f94458c8b38 R11: 0000000000000293 R12: 00007f94458c8ae0 - R13: 00007ffe81ba3800 R14: 0000000000000000 R15: 00005574e2116560 - Code: 04 74 0e 89 f6 48 8d 04 76 48 8d 04 c5 f0 05 00 00 48 8b bf b8 05 00 00 48 01 c7 31 c0 48 8b 0f 48 85 c9 74 18 8b b2 30 08 00 00 <3b> 71 04 77 0d 48 c1 e6 05 48 01 f1 48 3b 51 38 74 09 5d c3 8b - RIP: __task_pid_nr_ns+0xc7/0xf0 RSP: ffff96d5c315bd50 - -Fix it by moving the initialization of the cursor below the repeat -label. While at it, rename it to @next for readability. - -Signed-off-by: Tejun Heo -Fixes: bc2fb7ed089f ("cgroup: add @flags to css_task_iter_start() and implement CSS_TASK_ITER_PROCS") -Cc: stable@vger.kernel.org # v4.14+ -Reported-by: Laura Abbott -Reported-by: Bronek Kozicki -Reported-by: George Amanakis -Signed-off-by: Tejun Heo ---- - kernel/cgroup/cgroup.c | 14 ++++++-------- - 1 file changed, 6 insertions(+), 8 deletions(-) - -diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c -index 44857278eb8aa6a2..030e4286f14c715e 100644 ---- a/kernel/cgroup/cgroup.c -+++ b/kernel/cgroup/cgroup.c -@@ -4059,26 +4059,24 @@ static void css_task_iter_advance_css_set(struct css_task_iter *it) - - static void css_task_iter_advance(struct css_task_iter *it) - { -- struct list_head *l = it->task_pos; -+ struct list_head *next; - - lockdep_assert_held(&css_set_lock); -- WARN_ON_ONCE(!l); -- - repeat: - /* - * Advance iterator to find next entry. cset->tasks is consumed - * first and then ->mg_tasks. After ->mg_tasks, we move onto the - * next cset. - */ -- l = l->next; -+ next = it->task_pos->next; - -- if (l == it->tasks_head) -- l = it->mg_tasks_head->next; -+ if (next == it->tasks_head) -+ next = it->mg_tasks_head->next; - -- if (l == it->mg_tasks_head) -+ if (next == it->mg_tasks_head) - css_task_iter_advance_css_set(it); - else -- it->task_pos = l; -+ it->task_pos = next; - - /* if PROCS, skip over tasks which aren't group leaders */ - if ((it->flags & CSS_TASK_ITER_PROCS) && it->task_pos && --- -2.15.1 - diff --git a/libre/linux-libre/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch b/libre/linux-libre/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch new file mode 100644 index 000000000..5d36d15ac --- /dev/null +++ b/libre/linux-libre/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch @@ -0,0 +1,42 @@ +From cf45be4971bdd769c09e2a11db483510cd0bcc5f Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +From: Jim Bride +Date: Mon, 6 Nov 2017 13:38:57 -0800 +Subject: [PATCH 6/6] drm/i915/edp: Only use the alternate fixed mode if it's + asked for + +In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for +eDP if available."), the patch allows for the use of an alternate fixed +mode if it is available, but the patch was not ensuring that the only +time the alternate mode is used is when it is specifically requested. +This patch adds an additional comparison to intel_edp_compare_alt_mode +to ensure that we only use the alternate mode if it is directly +requested. + +Fixes: dc911f5bd8aac ("Allow alternate fixed mode for eDP if available.") +Cc: David Weinehall +Cc: Rodrigo Vivi +Signed-off-by: Jim Bride +--- + drivers/gpu/drm/i915/intel_dp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c +index 09f274419eea1c74..838cee312e8e6978 100644 +--- a/drivers/gpu/drm/i915/intel_dp.c ++++ b/drivers/gpu/drm/i915/intel_dp.c +@@ -1632,7 +1632,8 @@ static bool intel_edp_compare_alt_mode(struct drm_display_mode *m1, + m1->vdisplay == m2->vdisplay && + m1->vsync_start == m2->vsync_start && + m1->vsync_end == m2->vsync_end && +- m1->vtotal == m2->vtotal); ++ m1->vtotal == m2->vtotal && ++ m1->vrefresh == m2->vrefresh); + return bres; + } + +-- +2.15.1 + diff --git a/libre/linux-libre/0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch b/libre/linux-libre/0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch deleted file mode 100644 index f3af870c7..000000000 --- a/libre/linux-libre/0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 51786b65797aed683ca72293a3cb86a2cab987c0 Mon Sep 17 00:00:00 2001 -Message-Id: <51786b65797aed683ca72293a3cb86a2cab987c0.1514959852.git.jan.steffens@gmail.com> -In-Reply-To: -References: -From: Tom Lendacky -Date: Tue, 26 Dec 2017 23:43:54 -0600 -Subject: [PATCH 7/7] x86/cpu, x86/pti: Do not enable PTI on AMD processors - -AMD processors are not subject to the types of attacks that the kernel -page table isolation feature protects against. The AMD microarchitecture -does not allow memory references, including speculative references, that -access higher privileged data when running in a lesser privileged mode -when that access would result in a page fault. - -Disable page table isolation by default on AMD processors by not setting -the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI -is set. - -Signed-off-by: Tom Lendacky -Reviewed-by: Borislav Petkov ---- - arch/x86/kernel/cpu/common.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index f2a94dfb434e9a7c..b1be494ab4e8badf 100644 ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -899,8 +899,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) - - setup_force_cpu_cap(X86_FEATURE_ALWAYS); - -- /* Assume for now that ALL x86 CPUs are insecure */ -- setup_force_cpu_bug(X86_BUG_CPU_INSECURE); -+ if (c->x86_vendor != X86_VENDOR_AMD) -+ setup_force_cpu_bug(X86_BUG_CPU_INSECURE); - - fpu__init_system(c); - --- -2.15.1 - diff --git a/libre/linux-libre/PKGBUILD b/libre/linux-libre/PKGBUILD index 61d972543..65f997a8a 100644 --- a/libre/linux-libre/PKGBUILD +++ b/libre/linux-libre/PKGBUILD @@ -13,7 +13,7 @@ pkgbase=linux-libre # Build stock kernel #pkgbase=linux-libre-custom # Build kernel with a different name _pkgbasever=4.14-gnu -_pkgver=4.14.10-gnu +_pkgver=4.14.12-gnu _replacesarchkernel=('linux%') # '%' gets replaced with _kernelname _replacesoldkernels=() # '%' gets replaced with _kernelname @@ -59,14 +59,13 @@ source=( '0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch' '0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch' '0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch' - '0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch' - '0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch' - '0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch' - '0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch' + '0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch' + '0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch' + '0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch' ) sha512sums=('0d4b0b8ec1ffc39c59295adf56f6a2cccf77cad56d8a8bf8072624bbb52ba3e684147ebed91d1528d2685423dd784c5fca0f3650f874f2b93cfc6b7689b9a87f' 'SKIP' - 'f9b6f524702573a493745a3be29ceb923d370e1fdbe5c919a2579ebd8303725bfedd75cd103b79513012a9f1d30ec842718010a5bbecde27f83cb6b329c05297' + '2e8abb699328db2b156890b6ab966ba0c8cefbf64c909d13290c92ca99419b5fb06a53d3d93ed83ed6bd28edb6eeba73bd996f3cb2bc150c3b8709b2e2bbea17' 'SKIP' '13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3' 'SKIP' @@ -74,13 +73,13 @@ sha512sums=('0d4b0b8ec1ffc39c59295adf56f6a2cccf77cad56d8a8bf8072624bbb52ba3e6841 'SKIP' '7a3716bfe3b9f546da309c7492f3e08f8f506813afeb1c737a474c83313d5c313cf4582b65215c2cfce3b74d9d1021c96e8badafe8f6e5b01fe28d2b5c61ae78' 'SKIP' - '197d85bf105751d1210fc1b6e5bfe0fe22c1dccbe6d2403b65f7f987b6ddc3893f4c68e1e73e510d28c7dcdc458c645c9bf6209066465303265f74bfa0cbfd3b' - 'e65bceeba59b7e8ff138620918dcd6dd465fc87bb1e9351b903e5b0cc5dd353badd355a72f2c5402bd44bdd6cc10b5383f0992b4daf0c6142d1442ff8e3a78f9' - '4d76b5cba6a5112d52854429e97b765fd3dc1a2b68590f01b69e006b30c35d9dda8bd6caa53ddfafbb900b06d8418187815d063493d150d9d23fabd12cb34dba' + '702101a78169ad81532f416b44b74bf7723055169027489a1e95eea9909ed693f20fe3a595152f284cc0837ff09202231a82285c55c25db35447d15492f21aed' + 'c0cad633c02bfb3ac0dd3c3daaa044b808bf6f3cfbd1035c31d95dfca338d3ad0eae50f6d9c264f6e8eaa3b590d8b500401509f55f8198406c726f6727ce0b05' + '7ff4babbe27585e0576d0a66f03cf41bd7556f8047db36f5e1f8391f1c624466fb714a7cfd0d91ae608eb5a123dfb7ad315ee900d8a81c9a2b1b769f4eb356a4' '7ad5be75ee422dda3b80edd2eb614d8a9181e2c8228cd68b3881e2fb95953bf2dea6cbe7900ce1013c9de89b2802574b7b24869fc5d7a95d3cc3112c4d27063a' '4a8b324aee4cccf3a512ad04ce1a272d14e5b05c8de90feb82075f55ea3845948d817e1b0c6f298f5816834ddd3e5ce0a0e2619866289f3c1ab8fd2f35f04f44' '2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf' - 'd6d056420ff750bde128787bbd556a0e3d6bb3a924e03efedeb95ea71680cc796a4778cc523d7cdfb57220e62e103b56500515cbc9d3125887183c74125f68bf' + '6a9a290f0fa71973f40a0335017b65bac0486fe719fa79d5cab9358d03c43613f796f5cfcf68bd89964fcb71e05dcead40516b28f78cd25ab9a841c05cbd5874' 'SKIP' '29c709ee6892a668c77945142ed9749cb8a3135575a4316f4a3cc85fbda41c09fdd65e32507b654c96aa438bd2aed08c09919bb162daee969643aafd053321c4' '5b35ef2c675aed00ddf82b8a96a486230fad78f05b5a69c95a57632d6c7f428f026439f3ced72cf54156ffd4fd563e68d4285ba6f42428c00b966257951039c3' @@ -96,10 +95,9 @@ sha512sums=('0d4b0b8ec1ffc39c59295adf56f6a2cccf77cad56d8a8bf8072624bbb52ba3e6841 '05f2c577450cfeae4b66a7d022a9dd0dab0dbf36e9738423efa8f45aaf0755b48a89f1f88b042946205e681458f76c5c5177c16869094839b7b234e0e2b27511' 'fd9bdc818326fa36c9f1813d0d1821de5e325b646e1c307c197ad38bada7f298d35b4bc1bbf1c2854689f3ba71144879e799a1123037caccd6e3f64edfc22d54' '814517d08c35cc886fe3382619d41107d6139a703c27186d0ce58e187eaf4e84891572e58246750ac8602555794ed6f74d946565b98860787a0aa617fb946dda' - '7a5a6edf0879e59437b03166882e5afdc2dea9087819b1ada3aee22861a041896e305f136c61f0b8365cddff34852620fe2b3c51b5408d4c243a840b3dfe3059' 'e6605e923c967b5f8db619868b15ea5b0d4254c62cf12bb920f38659933d6ca25a643d3e044c4915a8309071461f5f14c55d0aa0329c113bce4780d4fa3afbb7' '0dec1482efe6e5d762a3061f365e43191484f055b738112452b8ca39e162b935d99cf16b25c0b253d6b532fabc54bde2f5c09be91887156ed6ae06d1558f94b9' - 'fda8b429d98b9017e0d72c91054c53afec6fab41abb06724bc1ce020863956215a3cdeb7692297d533d7426f8e2cc7f8d03c2570abf71e4b1d4f41fdb5fe63f0') + 'fcc40dc86dd432be76854e3c51889db488de0f1029ecc227b92c4f58c62ba928f7dc3b9515ac3ca0a08d6a0a72ca4a1a754d47c4fb274fe89f09a2a336088e7a') validpgpkeys=( '474402C8C582DAFBE389C427BCB7CF877E7D47A7' # Alexandre Oliva '6DB9C4B4F0D8C0DC432CF6E4227CA7C556B2BA78' # David P. @@ -162,14 +160,13 @@ prepare() { patch -Np1 -i ../0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch # https://bugs.archlinux.org/task/56605 - patch -Np1 -i ../0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch - patch -Np1 -i ../0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + patch -Np1 -i ../0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch # https://bugs.archlinux.org/task/56846 - patch -Np1 -i ../0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch + patch -Np1 -i ../0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch - # For AMD processors, keep PTI off by default - #patch -Np1 -i ../0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch + # https://bugs.archlinux.org/task/56711 + patch -Np1 -i ../0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch # maintain the TTY over USB disconnects # http://www.coreboot.org/EHCI_Gadget_Debug diff --git a/libre/linux-libre/config.armv7h b/libre/linux-libre/config.armv7h index 39ed8b475..7c369dcac 100644 --- a/libre/linux-libre/config.armv7h +++ b/libre/linux-libre/config.armv7h @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 4.14.8-gnu-1 Kernel Configuration +# Linux/arm 4.14.12-gnu-1 Kernel Configuration # CONFIG_ARM=y CONFIG_ARM_HAS_SG_CHAIN=y @@ -8433,6 +8433,7 @@ CONFIG_SECURITY=y # CONFIG_SECURITY_WRITABLE_HOOKS is not set CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y +CONFIG_PAGE_TABLE_ISOLATION=y # CONFIG_SECURITY_INFINIBAND is not set CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y diff --git a/libre/linux-libre/config.i686 b/libre/linux-libre/config.i686 index cc903c884..207de9398 100644 --- a/libre/linux-libre/config.i686 +++ b/libre/linux-libre/config.i686 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.4-gnu Kernel Configuration +# Linux/x86 4.14.12-gnu Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -8290,6 +8290,7 @@ CONFIG_SECURITY=y # CONFIG_SECURITY_WRITABLE_HOOKS is not set CONFIG_SECURITYFS=y # CONFIG_SECURITY_NETWORK is not set +CONFIG_PAGE_TABLE_ISOLATION=y # CONFIG_SECURITY_INFINIBAND is not set CONFIG_SECURITY_PATH=y # CONFIG_INTEL_TXT is not set diff --git a/libre/linux-libre/config.x86_64 b/libre/linux-libre/config.x86_64 index 8b7751b72..0cdd17a02 100644 --- a/libre/linux-libre/config.x86_64 +++ b/libre/linux-libre/config.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.4-gnu-1 Kernel Configuration +# Linux/x86 4.14.12-gnu-1 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -8073,6 +8073,7 @@ CONFIG_SECURITY=y # CONFIG_SECURITY_WRITABLE_HOOKS is not set CONFIG_SECURITYFS=y # CONFIG_SECURITY_NETWORK is not set +CONFIG_PAGE_TABLE_ISOLATION=y # CONFIG_SECURITY_INFINIBAND is not set # CONFIG_SECURITY_PATH is not set # CONFIG_INTEL_TXT is not set -- cgit v1.2.3