Linux v4.6-3623-g0b7962a

ata, regulator, gpio, HID, livepatching, networking, dm, block, vfs, fs,
timers, crypto merges
This commit is contained in:
Laura Abbott 2016-05-18 08:28:46 -07:00
parent 3856ef7eb1
commit af495309bb
9 changed files with 60 additions and 311 deletions

View File

@ -1,4 +1,4 @@
From a1aaf20cffb1a949c5d6b1198690c7c30cfda4d5 Mon Sep 17 00:00:00 2001 From 0f6eec5ca124baf1372fb4edeacd11a002378f5e Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com> From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 17:58:15 -0400 Date: Fri, 9 Aug 2013 17:58:15 -0400
Subject: [PATCH 01/20] Add secure_modules() call Subject: [PATCH 01/20] Add secure_modules() call
@ -17,19 +17,19 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
2 files changed, 16 insertions(+) 2 files changed, 16 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h diff --git a/include/linux/module.h b/include/linux/module.h
index 3a19c79918e0..db386349cd01 100644 index 3daf2b3..082298a 100644
--- a/include/linux/module.h --- a/include/linux/module.h
+++ b/include/linux/module.h +++ b/include/linux/module.h
@@ -635,6 +635,8 @@ static inline bool module_requested_async_probing(struct module *module) @@ -655,6 +655,8 @@ static inline bool is_livepatch_module(struct module *mod)
return module && module->async_probe_requested;
} }
#endif /* CONFIG_LIVEPATCH */
+extern bool secure_modules(void); +extern bool secure_modules(void);
+ +
#else /* !CONFIG_MODULES... */ #else /* !CONFIG_MODULES... */
/* Given an address, look for it in the exception tables. */ /* Given an address, look for it in the exception tables. */
@@ -751,6 +753,10 @@ static inline bool module_requested_async_probing(struct module *module) @@ -771,6 +773,10 @@ static inline bool module_requested_async_probing(struct module *module)
return false; return false;
} }
@ -41,10 +41,10 @@ index 3a19c79918e0..db386349cd01 100644
#ifdef CONFIG_SYSFS #ifdef CONFIG_SYSFS
diff --git a/kernel/module.c b/kernel/module.c diff --git a/kernel/module.c b/kernel/module.c
index b86b7bf1be38..7f045246e123 100644 index 5f71aa6..3c38496 100644
--- a/kernel/module.c --- a/kernel/module.c
+++ b/kernel/module.c +++ b/kernel/module.c
@@ -4087,3 +4087,13 @@ void module_layout(struct module *mod, @@ -4199,3 +4199,13 @@ void module_layout(struct module *mod,
} }
EXPORT_SYMBOL(module_layout); EXPORT_SYMBOL(module_layout);
#endif #endif
@ -59,5 +59,5 @@ index b86b7bf1be38..7f045246e123 100644
+} +}
+EXPORT_SYMBOL(secure_modules); +EXPORT_SYMBOL(secure_modules);
-- --
2.4.3 2.5.5

View File

@ -1,227 +0,0 @@
From c18d8f5095715c56bb3cd9cba64242542632054b Mon Sep 17 00:00:00 2001
From: Larry Finger <Larry.Finger@lwfinger.net>
Date: Wed, 16 Mar 2016 13:33:34 -0500
Subject: rtlwifi: rtl8723be: Add antenna select module parameter
A number of new laptops have been delivered with only a single antenna.
In principle, this is OK; however, a problem arises when the on-board
EEPROM is programmed to use the other antenna connection. The option
of opening the computer and moving the connector is not always possible
as it will void the warranty in some cases. In addition, this solution
breaks the Windows driver when the box dual boots Linux and Windows.
A fix involving a new module parameter has been developed. This commit
adds the new parameter and implements the changes needed for the driver.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org> [V4.0+]
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
---
drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c | 5 +++++
drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c | 3 +++
drivers/net/wireless/realtek/rtlwifi/wifi.h | 3 +++
3 files changed, 11 insertions(+)
diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c
index c983d2f..5a3df91 100644
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c
@@ -2684,6 +2684,7 @@ void rtl8723be_read_bt_coexist_info_from_hwpg(struct ieee80211_hw *hw,
bool auto_load_fail, u8 *hwinfo)
{
struct rtl_priv *rtlpriv = rtl_priv(hw);
+ struct rtl_mod_params *mod_params = rtlpriv->cfg->mod_params;
u8 value;
u32 tmpu_32;
@@ -2702,6 +2703,10 @@ void rtl8723be_read_bt_coexist_info_from_hwpg(struct ieee80211_hw *hw,
rtlpriv->btcoexist.btc_info.ant_num = ANT_X2;
}
+ /* override ant_num / ant_path */
+ if (mod_params->ant_sel)
+ rtlpriv->btcoexist.btc_info.ant_num =
+ (mod_params->ant_sel == 1 ? ANT_X2 : ANT_X1);
}
void rtl8723be_bt_reg_init(struct ieee80211_hw *hw)
diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c
index a78eaed..2101793 100644
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c
@@ -273,6 +273,7 @@ static struct rtl_mod_params rtl8723be_mod_params = {
.msi_support = false,
.disable_watchdog = false,
.debug = DBG_EMERG,
+ .ant_sel = 0,
};
static struct rtl_hal_cfg rtl8723be_hal_cfg = {
@@ -394,6 +395,7 @@ module_param_named(fwlps, rtl8723be_mod_params.fwctrl_lps, bool, 0444);
module_param_named(msi, rtl8723be_mod_params.msi_support, bool, 0444);
module_param_named(disable_watchdog, rtl8723be_mod_params.disable_watchdog,
bool, 0444);
+module_param_named(ant_sel, rtl8723be_mod_params.ant_sel, int, 0444);
MODULE_PARM_DESC(swenc, "Set to 1 for software crypto (default 0)\n");
MODULE_PARM_DESC(ips, "Set to 0 to not use link power save (default 1)\n");
MODULE_PARM_DESC(swlps, "Set to 1 to use SW control power save (default 0)\n");
@@ -402,6 +404,7 @@ MODULE_PARM_DESC(msi, "Set to 1 to use MSI interrupts mode (default 0)\n");
MODULE_PARM_DESC(debug, "Set debug level (0-5) (default 0)");
MODULE_PARM_DESC(disable_watchdog,
"Set to 1 to disable the watchdog (default 0)\n");
+MODULE_PARM_DESC(ant_sel, "Set to 1 or 2 to force antenna number (default 0)\n");
static SIMPLE_DEV_PM_OPS(rtlwifi_pm_ops, rtl_pci_suspend, rtl_pci_resume);
diff --git a/drivers/net/wireless/realtek/rtlwifi/wifi.h b/drivers/net/wireless/realtek/rtlwifi/wifi.h
index 554d814..93bd7fc 100644
--- a/drivers/net/wireless/realtek/rtlwifi/wifi.h
+++ b/drivers/net/wireless/realtek/rtlwifi/wifi.h
@@ -2246,6 +2246,9 @@ struct rtl_mod_params {
/* default 0: 1 means do not disable interrupts */
bool int_clear;
+
+ /* select antenna */
+ int ant_sel;
};
struct rtl_hal_usbint_cfg {
--
cgit v0.12
From baa1702290953295e421f0f433e2b1ff4815827c Mon Sep 17 00:00:00 2001
From: Larry Finger <Larry.Finger@lwfinger.net>
Date: Wed, 16 Mar 2016 13:33:35 -0500
Subject: rtlwifi: btcoexist: Implement antenna selection
The previous patch added an option to rtl8723be to manually select the
antenna for those cases when only a single antenna is present, and the
on-board EEPROM is incorrectly programmed. This patch implements the
necessary changes in the Bluetooth coexistence driver.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org> [V4.0+]
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
---
.../realtek/rtlwifi/btcoexist/halbtc8723b2ant.c | 9 ++++++--
.../realtek/rtlwifi/btcoexist/halbtcoutsrc.c | 27 +++++++++++++++++++++-
.../realtek/rtlwifi/btcoexist/halbtcoutsrc.h | 2 +-
.../wireless/realtek/rtlwifi/btcoexist/rtl_btc.c | 5 +++-
4 files changed, 38 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c
index c43ab59..77cbd10 100644
--- a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c
+++ b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c
@@ -1203,7 +1203,6 @@ static void btc8723b2ant_set_ant_path(struct btc_coexist *btcoexist,
/* Force GNT_BT to low */
btcoexist->btc_write_1byte_bitmask(btcoexist, 0x765, 0x18, 0x0);
- btcoexist->btc_write_2byte(btcoexist, 0x948, 0x0);
if (board_info->btdm_ant_pos == BTC_ANTENNA_AT_MAIN_PORT) {
/* tell firmware "no antenna inverse" */
@@ -1211,19 +1210,25 @@ static void btc8723b2ant_set_ant_path(struct btc_coexist *btcoexist,
h2c_parameter[1] = 1; /* ext switch type */
btcoexist->btc_fill_h2c(btcoexist, 0x65, 2,
h2c_parameter);
+ btcoexist->btc_write_2byte(btcoexist, 0x948, 0x0);
} else {
/* tell firmware "antenna inverse" */
h2c_parameter[0] = 1;
h2c_parameter[1] = 1; /* ext switch type */
btcoexist->btc_fill_h2c(btcoexist, 0x65, 2,
h2c_parameter);
+ btcoexist->btc_write_2byte(btcoexist, 0x948, 0x280);
}
}
/* ext switch setting */
if (use_ext_switch) {
/* fixed internal switch S1->WiFi, S0->BT */
- btcoexist->btc_write_2byte(btcoexist, 0x948, 0x0);
+ if (board_info->btdm_ant_pos == BTC_ANTENNA_AT_MAIN_PORT)
+ btcoexist->btc_write_2byte(btcoexist, 0x948, 0x0);
+ else
+ btcoexist->btc_write_2byte(btcoexist, 0x948, 0x280);
+
switch (antpos_type) {
case BTC_ANT_WIFI_AT_MAIN:
/* ext switch main at wifi */
diff --git a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c
index b2791c8..babd149 100644
--- a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c
+++ b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c
@@ -965,13 +965,38 @@ void exhalbtc_set_chip_type(u8 chip_type)
}
}
-void exhalbtc_set_ant_num(u8 type, u8 ant_num)
+void exhalbtc_set_ant_num(struct rtl_priv *rtlpriv, u8 type, u8 ant_num)
{
if (BT_COEX_ANT_TYPE_PG == type) {
gl_bt_coexist.board_info.pg_ant_num = ant_num;
gl_bt_coexist.board_info.btdm_ant_num = ant_num;
+ /* The antenna position:
+ * Main (default) or Aux for pgAntNum=2 && btdmAntNum =1.
+ * The antenna position should be determined by
+ * auto-detect mechanism.
+ * The following is assumed to main,
+ * and those must be modified
+ * if y auto-detect mechanism is ready
+ */
+ if ((gl_bt_coexist.board_info.pg_ant_num == 2) &&
+ (gl_bt_coexist.board_info.btdm_ant_num == 1))
+ gl_bt_coexist.board_info.btdm_ant_pos =
+ BTC_ANTENNA_AT_MAIN_PORT;
+ else
+ gl_bt_coexist.board_info.btdm_ant_pos =
+ BTC_ANTENNA_AT_MAIN_PORT;
} else if (BT_COEX_ANT_TYPE_ANTDIV == type) {
gl_bt_coexist.board_info.btdm_ant_num = ant_num;
+ gl_bt_coexist.board_info.btdm_ant_pos =
+ BTC_ANTENNA_AT_MAIN_PORT;
+ } else if (type == BT_COEX_ANT_TYPE_DETECTED) {
+ gl_bt_coexist.board_info.btdm_ant_num = ant_num;
+ if (rtlpriv->cfg->mod_params->ant_sel == 1)
+ gl_bt_coexist.board_info.btdm_ant_pos =
+ BTC_ANTENNA_AT_AUX_PORT;
+ else
+ gl_bt_coexist.board_info.btdm_ant_pos =
+ BTC_ANTENNA_AT_MAIN_PORT;
}
}
diff --git a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.h b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.h
index 0a903ea..f41ca57 100644
--- a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.h
+++ b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.h
@@ -535,7 +535,7 @@ void exhalbtc_set_bt_patch_version(u16 bt_hci_version, u16 bt_patch_version);
void exhalbtc_update_min_bt_rssi(char bt_rssi);
void exhalbtc_set_bt_exist(bool bt_exist);
void exhalbtc_set_chip_type(u8 chip_type);
-void exhalbtc_set_ant_num(u8 type, u8 ant_num);
+void exhalbtc_set_ant_num(struct rtl_priv *rtlpriv, u8 type, u8 ant_num);
void exhalbtc_display_bt_coex_info(struct btc_coexist *btcoexist);
void exhalbtc_signal_compensation(struct btc_coexist *btcoexist,
u8 *rssi_wifi, u8 *rssi_bt);
diff --git a/drivers/net/wireless/realtek/rtlwifi/btcoexist/rtl_btc.c b/drivers/net/wireless/realtek/rtlwifi/btcoexist/rtl_btc.c
index b9b0cb7..d3fd921 100644
--- a/drivers/net/wireless/realtek/rtlwifi/btcoexist/rtl_btc.c
+++ b/drivers/net/wireless/realtek/rtlwifi/btcoexist/rtl_btc.c
@@ -72,7 +72,10 @@ void rtl_btc_init_hal_vars(struct rtl_priv *rtlpriv)
__func__, bt_type);
exhalbtc_set_chip_type(bt_type);
- exhalbtc_set_ant_num(BT_COEX_ANT_TYPE_PG, ant_num);
+ if (rtlpriv->cfg->mod_params->ant_sel == 1)
+ exhalbtc_set_ant_num(rtlpriv, BT_COEX_ANT_TYPE_DETECTED, 1);
+ else
+ exhalbtc_set_ant_num(rtlpriv, BT_COEX_ANT_TYPE_PG, ant_num);
}
void rtl_btc_init_hw_config(struct rtl_priv *rtlpriv)
--
cgit v0.12

View File

@ -540,3 +540,6 @@ CONFIG_CHECKPOINT_RESTORE=y
# CONFIG_PINCTRL_CHERRYVIEW is not set # CONFIG_PINCTRL_CHERRYVIEW is not set
# CONFIG_PINCTRL_BROXTON is not set # CONFIG_PINCTRL_BROXTON is not set
# CONFIG_PINCTRL_SUNRISEPOINT is not set # CONFIG_PINCTRL_SUNRISEPOINT is not set
# CONFIG_HW_RANDOM_HISI is not set
# CONFIG_QRTR is not set

View File

@ -415,6 +415,7 @@ CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=m
CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=m CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=m
# CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG is not set # CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG is not set
# CONFIG_CRYPTO_DEV_MXS_DCP is not set # CONFIG_CRYPTO_DEV_MXS_DCP is not set
# CONFIG_CRYPTO_DEV_MXC_SCC is not set
CONFIG_RTC_DRV_SNVS=m CONFIG_RTC_DRV_SNVS=m
CONFIG_FB_MXS=m CONFIG_FB_MXS=m
# CONFIG_FB_MX3 is not set # CONFIG_FB_MX3 is not set

View File

@ -813,6 +813,7 @@ CONFIG_NET_IPVTI=m
CONFIG_NET_FOU=m CONFIG_NET_FOU=m
CONFIG_NET_FOU_IP_TUNNELS=y CONFIG_NET_FOU_IP_TUNNELS=y
CONFIG_GENEVE=m CONFIG_GENEVE=m
CONFIG_GTP=m
CONFIG_MACSEC=m CONFIG_MACSEC=m
CONFIG_INET_AH=m CONFIG_INET_AH=m
CONFIG_INET_ESP=m CONFIG_INET_ESP=m
@ -1565,6 +1566,10 @@ CONFIG_QLGE=m
CONFIG_NETXEN_NIC=m CONFIG_NETXEN_NIC=m
CONFIG_QED=m CONFIG_QED=m
CONFIG_QEDE=m CONFIG_QEDE=m
CONFIG_QED_SRIOV=y
# CONFIG_QEDE_VXLAN is not set
# CONFIG_QEDE_GENEVE is not set
# CONFIG_NET_VENDOR_QUALCOMM is not set # CONFIG_NET_VENDOR_QUALCOMM is not set
@ -1634,6 +1639,7 @@ CONFIG_VIA_VELOCITY=m
CONFIG_NET_VENDOR_WIZNET=y CONFIG_NET_VENDOR_WIZNET=y
CONFIG_WIZNET_W5100=m CONFIG_WIZNET_W5100=m
CONFIG_WIZNET_W5300=m CONFIG_WIZNET_W5300=m
CONFIG_WIZNET_W5100_SPI=m
CONFIG_NET_VENDOR_XIRCOM=y CONFIG_NET_VENDOR_XIRCOM=y
CONFIG_PCMCIA_XIRC2PS=m CONFIG_PCMCIA_XIRC2PS=m
@ -1714,6 +1720,7 @@ CONFIG_MLXSW_CORE_HWMON=y
CONFIG_MLXSW_PCI=m CONFIG_MLXSW_PCI=m
CONFIG_MLXSW_SWITCHX2=m CONFIG_MLXSW_SWITCHX2=m
CONFIG_MLXSW_SPECTRUM=m CONFIG_MLXSW_SPECTRUM=m
CONFIG_MLXSW_SPECTRUM_DCB=y
# CONFIG_MLX4_DEBUG is not set # CONFIG_MLX4_DEBUG is not set
# CONFIG_SFC is not set # CONFIG_SFC is not set
@ -2107,6 +2114,8 @@ CONFIG_NFC_PORT100=m
CONFIG_NFC_PN544=m CONFIG_NFC_PN544=m
CONFIG_NFC_PN544_I2C=m CONFIG_NFC_PN544_I2C=m
CONFIG_NFC_PN533=m CONFIG_NFC_PN533=m
CONFIG_NFC_PN533_USB=m
CONFIG_NFC_PN533_I2C=m
CONFIG_NFC_MICROREAD=m CONFIG_NFC_MICROREAD=m
CONFIG_NFC_MICROREAD_I2C=m CONFIG_NFC_MICROREAD_I2C=m
CONFIG_NFC_TRF7970A=m CONFIG_NFC_TRF7970A=m
@ -4101,6 +4110,7 @@ CONFIG_HID_LENOVO=m
CONFIG_HID_CORSAIR=m CONFIG_HID_CORSAIR=m
CONFIG_HID_GFRM=m CONFIG_HID_GFRM=m
CONFIG_HID_CMEDIA=m CONFIG_HID_CMEDIA=m
CONFIG_HID_ASUS=m
# #
# USB Imaging devices # USB Imaging devices
@ -5570,6 +5580,7 @@ CONFIG_NET_DSA_MV88E6131=m
CONFIG_NET_DSA_MV88E6123=m CONFIG_NET_DSA_MV88E6123=m
CONFIG_NET_DSA_MV88E6171=m CONFIG_NET_DSA_MV88E6171=m
CONFIG_NET_DSA_MV88E6352=m CONFIG_NET_DSA_MV88E6352=m
CONFIG_NET_DSA_MV88E6XXX=m
CONFIG_NET_DSA_BCM_SF2=m CONFIG_NET_DSA_BCM_SF2=m
# Used by Maemo, we don't care. # Used by Maemo, we don't care.

2
gitrev
View File

@ -1 +1 @@
16490980e396fac079248b23b1dd81e7d48bebf3 0b7962a6c4a37ef3cbb25d976af7b9ec4ce8ad01

View File

@ -42,7 +42,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and # For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
# #
%global baserelease 2 %global baserelease 1
%global fedora_build %{baserelease} %global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching # base_sublevel is the kernel version we're starting with and patching
@ -69,7 +69,7 @@ Summary: The Linux kernel
# The rc snapshot level # The rc snapshot level
%define rcrev 0 %define rcrev 0
# The git snapshot level # The git snapshot level
%define gitrev 2 %define gitrev 3
# Set rpm version accordingly # Set rpm version accordingly
%define rpmversion 4.%{upstream_sublevel}.0 %define rpmversion 4.%{upstream_sublevel}.0
%endif %endif
@ -606,9 +606,6 @@ Patch641: disable-CONFIG_EXPERT-for-ZONE_DMA.patch
#CVE-2016-3134 rhbz 1317383 1317384 #CVE-2016-3134 rhbz 1317383 1317384
Patch665: netfilter-x_tables-deal-with-bogus-nextoffset-values.patch Patch665: netfilter-x_tables-deal-with-bogus-nextoffset-values.patch
#rhbz 1309487
Patch701: antenna_select.patch
#CVE-2016-4482 rhbz 1332931 1332932 #CVE-2016-4482 rhbz 1332931 1332932
Patch706: USB-usbfs-fix-potential-infoleak-in-devio.patch Patch706: USB-usbfs-fix-potential-infoleak-in-devio.patch
@ -2145,6 +2142,11 @@ fi
# #
# #
%changelog %changelog
* Wed May 18 2016 Laura Abbott <labbott@redhat.com> - 4.7.0-0.rc0.git3.1
- Linux v4.6-3623-g0b7962a
- ata, regulator, gpio, HID, livepatching, networking, dm, block, vfs, fs,
timers, crypto merges
* Tue May 17 2016 Laura Abbott <labbott@redhat.com> - 4.7.0-0.rc0.git2.2 * Tue May 17 2016 Laura Abbott <labbott@redhat.com> - 4.7.0-0.rc0.git2.2
- Adjust solib for cpupower - Adjust solib for cpupower

View File

@ -1,6 +1,7 @@
Subject: [PATCH nf] netfilter: x_tables: deal with bogus nextoffset values From 2b32a7d82223d76ace432305b18c5816cadff878 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw () strlen ! de> From: Florian Westphal <fw () strlen ! de>
Date: 2016-03-10 0:56:02 Date: Thu, 10 Mar 2016 00:56:02 -0800
Subject: [PATCH] netfilter: x_tables: deal with bogus nextoffset values
Ben Hawkes says: Ben Hawkes says:
@ -22,16 +23,16 @@ when we move to a next entry as well.
Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Florian Westphal <fw@strlen.de>
--- ---
net/ipv4/netfilter/arp_tables.c | 16 ++++++++-------- net/ipv4/netfilter/arp_tables.c | 8 ++++++++
net/ipv4/netfilter/ip_tables.c | 15 ++++++++------- net/ipv4/netfilter/ip_tables.c | 8 ++++++++
net/ipv6/netfilter/ip6_tables.c | 13 ++++++------- net/ipv6/netfilter/ip6_tables.c | 6 ++++++
3 files changed, 22 insertions(+), 22 deletions(-) 3 files changed, 22 insertions(+)
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index b488cac..5a0b591 100644 index 2033f92..a9b6c76 100644
--- a/net/ipv4/netfilter/arp_tables.c --- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c
@@ -437,6 +437,10 @@ static int mark_source_chains(const struct xt_table_info *newinfo, @@ -376,6 +376,10 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
/* Move along one */ /* Move along one */
size = e->next_offset; size = e->next_offset;
@ -41,25 +42,10 @@ index b488cac..5a0b591 100644
+ +
e = (struct arpt_entry *) e = (struct arpt_entry *)
(entry0 + pos + size); (entry0 + pos + size);
e->counters.pcnt = pos; if (pos + size >= newinfo->size)
@@ -447,14 +451,6 @@ static int mark_source_chains(const struct xt_table_info *newinfo, @@ -399,6 +403,10 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
if (strcmp(t->target.u.user.name, if (newpos >= newinfo->size)
XT_STANDARD_TARGET) == 0 && return 0;
newpos >= 0) {
- if (newpos > newinfo->size -
- sizeof(struct arpt_entry)) {
- duprintf("mark_source_chains: "
- "bad verdict (%i)\n",
- newpos);
- return 0;
- }
-
/* This a jump; chase it. */
duprintf("Jump rule %u -> %u\n",
pos, newpos);
@@ -462,6 +458,10 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
/* ... this is a fallthru */
newpos = pos + e->next_offset;
} }
+ +
+ if (newpos > newinfo->size - sizeof(*e)) + if (newpos > newinfo->size - sizeof(*e))
@ -69,10 +55,10 @@ index b488cac..5a0b591 100644
(entry0 + newpos); (entry0 + newpos);
e->counters.pcnt = pos; e->counters.pcnt = pos;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index b99affa..ceb995f 100644 index 54906e0..7530ecd 100644
--- a/net/ipv4/netfilter/ip_tables.c --- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c
@@ -519,6 +519,10 @@ mark_source_chains(const struct xt_table_info *newinfo, @@ -447,6 +447,10 @@ mark_source_chains(const struct xt_table_info *newinfo,
/* Move along one */ /* Move along one */
size = e->next_offset; size = e->next_offset;
@ -82,24 +68,10 @@ index b99affa..ceb995f 100644
+ +
e = (struct ipt_entry *) e = (struct ipt_entry *)
(entry0 + pos + size); (entry0 + pos + size);
e->counters.pcnt = pos; if (pos + size >= newinfo->size)
@@ -529,13 +533,6 @@ mark_source_chains(const struct xt_table_info *newinfo, @@ -470,6 +474,10 @@ mark_source_chains(const struct xt_table_info *newinfo,
if (strcmp(t->target.u.user.name, if (newpos >= newinfo->size)
XT_STANDARD_TARGET) == 0 && return 0;
newpos >= 0) {
- if (newpos > newinfo->size -
- sizeof(struct ipt_entry)) {
- duprintf("mark_source_chains: "
- "bad verdict (%i)\n",
- newpos);
- return 0;
- }
/* This a jump; chase it. */
duprintf("Jump rule %u -> %u\n",
pos, newpos);
@@ -543,6 +540,10 @@ mark_source_chains(const struct xt_table_info *newinfo,
/* ... this is a fallthru */
newpos = pos + e->next_offset;
} }
+ +
+ if (newpos > newinfo->size - sizeof(*e)) + if (newpos > newinfo->size - sizeof(*e))
@ -109,10 +81,10 @@ index b99affa..ceb995f 100644
(entry0 + newpos); (entry0 + newpos);
e->counters.pcnt = pos; e->counters.pcnt = pos;
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 99425cf..d88a794 100644 index 63e06c3..894da69 100644
--- a/net/ipv6/netfilter/ip6_tables.c --- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c
@@ -531,6 +531,8 @@ mark_source_chains(const struct xt_table_info *newinfo, @@ -474,6 +474,8 @@ mark_source_chains(const struct xt_table_info *newinfo,
/* Move along one */ /* Move along one */
size = e->next_offset; size = e->next_offset;
@ -120,24 +92,10 @@ index 99425cf..d88a794 100644
+ return 0; + return 0;
e = (struct ip6t_entry *) e = (struct ip6t_entry *)
(entry0 + pos + size); (entry0 + pos + size);
e->counters.pcnt = pos; if (pos + size >= newinfo->size)
@@ -541,13 +543,6 @@ mark_source_chains(const struct xt_table_info *newinfo, @@ -497,6 +499,10 @@ mark_source_chains(const struct xt_table_info *newinfo,
if (strcmp(t->target.u.user.name, if (newpos >= newinfo->size)
XT_STANDARD_TARGET) == 0 && return 0;
newpos >= 0) {
- if (newpos > newinfo->size -
- sizeof(struct ip6t_entry)) {
- duprintf("mark_source_chains: "
- "bad verdict (%i)\n",
- newpos);
- return 0;
- }
/* This a jump; chase it. */
duprintf("Jump rule %u -> %u\n",
pos, newpos);
@@ -555,6 +550,10 @@ mark_source_chains(const struct xt_table_info *newinfo,
/* ... this is a fallthru */
newpos = pos + e->next_offset;
} }
+ +
+ if (newpos > newinfo->size - sizeof(*e)) + if (newpos > newinfo->size - sizeof(*e))
@ -147,4 +105,5 @@ index 99425cf..d88a794 100644
(entry0 + newpos); (entry0 + newpos);
e->counters.pcnt = pos; e->counters.pcnt = pos;
-- --
2.4.10 2.5.5

View File

@ -1,3 +1,3 @@
d2927020e24a76da4ab482a8bc3e9ef3 linux-4.6.tar.xz d2927020e24a76da4ab482a8bc3e9ef3 linux-4.6.tar.xz
fd23b14b9d474c3dfacb6e8ee82d3a51 perf-man-4.6.tar.gz fd23b14b9d474c3dfacb6e8ee82d3a51 perf-man-4.6.tar.gz
b4e91b6e98c1688667b509dc14edbbcd patch-4.6-git2.xz a3fb92fb10d4f6c55784379085f5fbad patch-4.6-git3.xz