3.10-rc4

merged: radeon-use-max_bus-speed-to-activate-gen2-speeds.patch merged: iscsi-target-fix-heap-buffer-overflow-on-error.patch
2013-06-04 17:14:21 -04:00 · 2013-06-04 17:14:21 -04:00 · bc6523eec2
commit bc6523eec2
parent f58391d7ed
5 changed files with 37 additions and 193 deletions
--- a/Modify-UEFI-anti-bricking-code.patch
+++ b/Modify-UEFI-anti-bricking-code.patch
@ -1,7 +1,14 @@
-From 2380baac8b96f6e93ef72135d1b60d686d7f82e6 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
-Date: Sat, 1 Jun 2013 16:06:20 -0400
+To: rja@sgi.com
+Cc: mingo@kernel.org, torvalds@linux-foundation.org, bp@alien8.de,
+        jkosina@suse.cz, jlee@suse.com, matt.fleming@intel.com,
+        linux-efi@vger.kernel.org, x86@kernel.org,
+        linux-kernel@vger.kernel.org, tglx@linutronix.de, hpa@linux.intel.com,
+        akpm@linux-foundation.org,
+        Matthew Garrett <matthew.garrett@nebula.com>
 Subject: [PATCH] Modify UEFI anti-bricking code
+Date:	Sat,  1 Jun 2013 16:06:20 -0400
+Message-Id: <1370117180-1712-1-git-send-email-matthew.garrett@nebula.com>

 This patch reworks the UEFI anti-bricking code, including an effective
 reversion of cc5a080c and 31ff2f20. It turns out that calling
@ -33,8 +40,8 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
 arch/x86/boot/compressed/eboot.c      |  47 ----------
 arch/x86/include/asm/efi.h            |   7 --
 arch/x86/include/uapi/asm/bootparam.h |   1 -
- arch/x86/platform/efi/efi.c           | 167 +++++++++-------------------------
- 4 files changed, 44 insertions(+), 178 deletions(-)
+ arch/x86/platform/efi/efi.c           | 169 +++++++++-------------------------
+ 4 files changed, 45 insertions(+), 179 deletions(-)

 diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
 index 35ee62f..c205035 100644
@ -132,10 +139,10 @@ index 0874424..c15ddaf 100644
 /* ram_size flags */
 #define RAMDISK_IMAGE_START_MASK	0x07FF
 diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
-index e4a86a6..beb5d5f 100644
+index 82089d8..63e167a 100644
 --- a/arch/x86/platform/efi/efi.c
 +++ b/arch/x86/platform/efi/efi.c
-@@ -41,7 +41,6 @@
+@@ -42,7 +42,6 @@
 #include <linux/io.h>
 #include <linux/reboot.h>
 #include <linux/bcd.h>
@ -143,7 +150,7 @@ index e4a86a6..beb5d5f 100644
 
 #include <asm/setup.h>
 #include <asm/efi.h>
-@@ -52,13 +51,6 @@
+@@ -54,13 +53,6 @@
 
 #define EFI_DEBUG	1
 
@ -157,7 +164,7 @@ index e4a86a6..beb5d5f 100644
 struct efi __read_mostly efi = {
 	.mps        = EFI_INVALID_TABLE_ADDR,
 	.acpi       = EFI_INVALID_TABLE_ADDR,
-@@ -77,13 +69,6 @@ struct efi_memory_map memmap;
+@@ -79,13 +71,6 @@ struct efi_memory_map memmap;
 static struct efi efi_phys __initdata;
 static efi_system_table_t efi_systab __initdata;
 
@ -171,7 +178,7 @@ index e4a86a6..beb5d5f 100644
 unsigned long x86_efi_facility;
 
 /*
-@@ -186,53 +171,8 @@ static efi_status_t virt_efi_get_next_variable(unsigned long *name_size,
+@@ -188,53 +173,8 @@ static efi_status_t virt_efi_get_next_variable(unsigned long *name_size,
 					       efi_char16_t *name,
 					       efi_guid_t *vendor)
 {
@ -180,8 +187,7 @@ index e4a86a6..beb5d5f 100644
 -	static u64 var_size;
 -
 -	status = efi_call_virt3(get_next_variable,
-+	return efi_call_virt3(get_next_variable,
- 				name_size, name, vendor);
+-				name_size, name, vendor);
 -
 -	if (status == EFI_NOT_FOUND) {
 -		finished = true;
@ -194,7 +200,7 @@ index e4a86a6..beb5d5f 100644
 -	}
 -
 -	if (boot_used_size && !finished) {
-		unsigned long size;
+-		unsigned long size = 0;
 -		u32 attr;
 -		efi_status_t s;
 -		void *tmp;
@ -223,10 +229,12 @@ index e4a86a6..beb5d5f 100644
 -	}
 -
 -	return status;
+	return efi_call_virt3(get_next_variable,
+			      name_size, name, vendor);
 }
 
 static efi_status_t virt_efi_set_variable(efi_char16_t *name,
-@@ -241,34 +181,9 @@ static efi_status_t virt_efi_set_variable(efi_char16_t *name,
+@@ -243,34 +183,9 @@ static efi_status_t virt_efi_set_variable(efi_char16_t *name,
 					  unsigned long data_size,
 					  void *data)
 {
@ -264,7 +272,7 @@ index e4a86a6..beb5d5f 100644
 }
 
 static efi_status_t virt_efi_query_variable_info(u32 attr,
-@@ -776,9 +691,6 @@ void __init efi_init(void)
+@@ -786,9 +701,6 @@ void __init efi_init(void)
 	char vendor[100] = "unknown";
 	int i = 0;
 	void *tmp;
@ -274,7 +282,7 @@ index e4a86a6..beb5d5f 100644
 
 #ifdef CONFIG_X86_32
 	if (boot_params.efi_info.efi_systab_hi ||
-@@ -796,22 +708,6 @@ void __init efi_init(void)
+@@ -806,22 +718,6 @@ void __init efi_init(void)
 	if (efi_systab_init(efi_phys.systab))
 		return;
 
@ -297,7 +305,7 @@ index e4a86a6..beb5d5f 100644
 	set_bit(EFI_SYSTEM_TABLES, &x86_efi_facility);
 
 	/*
-@@ -1131,28 +1027,53 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size)
+@@ -1141,28 +1037,53 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size)
 	if (status != EFI_SUCCESS)
 		return status;
 
@ -369,3 +377,8 @@ index e4a86a6..beb5d5f 100644
 -- 
 1.8.1.4

+--
+To unsubscribe from this list: send the line "unsubscribe linux-efi" in
+the body of a message to majordomo@vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html
+
--- a/iscsi-target-fix-heap-buffer-overflow-on-error.patch
+++ b/iscsi-target-fix-heap-buffer-overflow-on-error.patch
@ -1,63 +0,0 @@
-From cea4dcfdad926a27a18e188720efe0f2c9403456 Mon Sep 17 00:00:00 2001
-From: Kees Cook <keescook@chromium.org>
-Date: Thu, 23 May 2013 17:32:17 +0000
-Subject: iscsi-target: fix heap buffer overflow on error
-
-If a key was larger than 64 bytes, as checked by iscsi_check_key(), the
-error response packet, generated by iscsi_add_notunderstood_response(),
-would still attempt to copy the entire key into the packet, overflowing
-the structure on the heap.
-
-Remote preauthentication kernel memory corruption was possible if a
-target was configured and listening on the network.
-
-CVE-2013-2850
-
-Signed-off-by: Kees Cook <keescook@chromium.org>
-Cc: stable@vger.kernel.org
-Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
---
-diff --git a/drivers/target/iscsi/iscsi_target_parameters.c b/drivers/target/iscsi/iscsi_target_parameters.c
-index c2185fc..e382221 100644
--- a/drivers/target/iscsi/iscsi_target_parameters.c
-+++ b/drivers/target/iscsi/iscsi_target_parameters.c
-@@ -758,9 +758,9 @@ static int iscsi_add_notunderstood_response(
- 	}
- 	INIT_LIST_HEAD(&extra_response->er_list);
- 
-	strncpy(extra_response->key, key, strlen(key) + 1);
-	strncpy(extra_response->value, NOTUNDERSTOOD,
-			strlen(NOTUNDERSTOOD) + 1);
-+	strlcpy(extra_response->key, key, sizeof(extra_response->key));
-+	strlcpy(extra_response->value, NOTUNDERSTOOD,
-+		sizeof(extra_response->value));
- 
- 	list_add_tail(&extra_response->er_list,
- 			&param_list->extra_response_list);
-@@ -1629,8 +1629,6 @@ int iscsi_decode_text_input(
- 
- 		if (phase & PHASE_SECURITY) {
- 			if (iscsi_check_for_auth_key(key) > 0) {
-				char *tmpptr = key + strlen(key);
-				*tmpptr = '=';
- 				kfree(tmpbuf);
- 				return 1;
- 			}
-diff --git a/drivers/target/iscsi/iscsi_target_parameters.h b/drivers/target/iscsi/iscsi_target_parameters.h
-index 915b067..a47046a 100644
--- a/drivers/target/iscsi/iscsi_target_parameters.h
-+++ b/drivers/target/iscsi/iscsi_target_parameters.h
-@@ -1,8 +1,10 @@
- #ifndef ISCSI_PARAMETERS_H
- #define ISCSI_PARAMETERS_H
- 
-+#include <scsi/iscsi_proto.h>
-+
- struct iscsi_extra_response {
-	char key[64];
-+	char key[KEY_MAXLEN];
- 	char value[32];
- 	struct list_head er_list;
- } ____cacheline_aligned;
--
-cgit v0.9.2
--- a/kernel.spec
+++ b/kernel.spec
@ -62,7 +62,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 2
+%global baserelease 1
 %global fedora_build %{baserelease}

 # base_sublevel is the kernel version we're starting with and patching
@ -93,7 +93,7 @@ Summary: The Linux kernel
 # The next upstream release sublevel (base_sublevel+1)
 %define upstream_sublevel %(echo $((%{base_sublevel} + 1)))
 # The rc snapshot level
-%define rcrev 3
+%define rcrev 4
 # The git snapshot level
 %define gitrev 0
 # Set rpm version accordingly
@ -733,18 +733,12 @@ Patch22001: selinux-apply-different-permission-to-ptrace-child.patch
 #rhbz 927469
 Patch23006: fix-child-thread-introspection.patch

-#rhbz 961527
-Patch25021: radeon-use-max_bus-speed-to-activate-gen2-speeds.patch
-
 #rhbz 964367
 Patch25023: hp-wmi-fix-incorrect-rfkill-set-hw-state.patch

 #rhbz 948262
 Patch25024: intel_iommu-Downgrade-the-warning-if-enabling-irq-remapping-fails.patch

-#CVE-2013-2850 rhbz 968036 969272
-Patch25025: iscsi-target-fix-heap-buffer-overflow-on-error.patch
-
 #rhbz 964335
 Patch25026: Modify-UEFI-anti-bricking-code.patch

@ -1424,18 +1418,12 @@ ApplyPatch 0001-kmsg-Honor-dmesg_restrict-sysctl-on-dev-kmsg.patch
 #rhbz 927469
 ApplyPatch fix-child-thread-introspection.patch

-#rhbz 961527
-ApplyPatch radeon-use-max_bus-speed-to-activate-gen2-speeds.patch
-
 #rhbz 964367
 ApplyPatch hp-wmi-fix-incorrect-rfkill-set-hw-state.patch

 #rhbz 948262
 ApplyPatch intel_iommu-Downgrade-the-warning-if-enabling-irq-remapping-fails.patch

-#CVE-2013-2850 rhbz 968036 969272
-ApplyPatch iscsi-target-fix-heap-buffer-overflow-on-error.patch
-
 #rhbz 964335
 ApplyPatch Modify-UEFI-anti-bricking-code.patch

@ -2244,6 +2232,11 @@ fi
 #                 ||----w |
 #                 ||     ||
 %changelog
+* Tue Jun 04 2013 Dave Jones <davej@redhat.com> - 3.10.0-0.rc4.git0.1
+- 3.10-rc4
+  merged: radeon-use-max_bus-speed-to-activate-gen2-speeds.patch
+  merged: iscsi-target-fix-heap-buffer-overflow-on-error.patch
+
 * Mon Jun 03 2013 Josh Boyer <jwboyer@redhat.com>
 - Fix UEFI anti-bricking code (rhbz 964335)

--- a/radeon-use-max_bus-speed-to-activate-gen2-speeds.patch
+++ b/radeon-use-max_bus-speed-to-activate-gen2-speeds.patch
@ -1,99 +0,0 @@
-radeon: use max_bus_speed to activate gen2 speeds
-
-radeon currently uses a drm function to get the speed capabilities for
-the bus, drm_pcie_get_speed_cap_mask. However, this is a non-standard
-method of performing this detection and this patch changes it to use
-the max_bus_speed attribute.
-
-From: Lucas Kannebley Tavares <lucaskt at linux.vnet.ibm.com>
-Signed-off-by: Kleber Sacilotto de Souza <klebers at linux.vnet.ibm.com>
---
- drivers/gpu/drm/radeon/evergreen.c |   10 +++-------
- drivers/gpu/drm/radeon/r600.c      |    9 ++-------
- drivers/gpu/drm/radeon/rv770.c     |    9 ++-------
- 3 files changed, 7 insertions(+), 21 deletions(-)
-
-diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c
-index 105bafb..3966696 100644
--- a/drivers/gpu/drm/radeon/evergreen.c
-+++ b/drivers/gpu/drm/radeon/evergreen.c
-@@ -4992,8 +4992,7 @@ void evergreen_fini(struct radeon_device *rdev)
- 
- void evergreen_pcie_gen2_enable(struct radeon_device *rdev)
- {
-	u32 link_width_cntl, speed_cntl, mask;
-	int ret;
-+	u32 link_width_cntl, speed_cntl;
- 
- 	if (radeon_pcie_gen2 == 0)
- 		return;
-@@ -5008,11 +5007,8 @@ void evergreen_pcie_gen2_enable(struct radeon_device *rdev)
- 	if (ASIC_IS_X2(rdev))
- 		return;
- 
-	ret = drm_pcie_get_speed_cap_mask(rdev->ddev, &mask);
-	if (ret != 0)
-		return;
-
-	if (!(mask & DRM_PCIE_SPEED_50))
-+	if ((rdev->pdev->bus->max_bus_speed != PCIE_SPEED_5_0GT) &&
-+		(rdev->pdev->bus->max_bus_speed != PCIE_SPEED_8_0GT))
- 		return;
- 
- 	speed_cntl = RREG32_PCIE_PORT(PCIE_LC_SPEED_CNTL);
-diff --git a/drivers/gpu/drm/radeon/r600.c b/drivers/gpu/drm/radeon/r600.c
-index 1a08008..b45e648 100644
--- a/drivers/gpu/drm/radeon/r600.c
-+++ b/drivers/gpu/drm/radeon/r600.c
-@@ -4631,8 +4631,6 @@ static void r600_pcie_gen2_enable(struct radeon_device *rdev)
- {
- 	u32 link_width_cntl, lanes, speed_cntl, training_cntl, tmp;
- 	u16 link_cntl2;
-	u32 mask;
-	int ret;
- 
- 	if (radeon_pcie_gen2 == 0)
- 		return;
-@@ -4651,11 +4649,8 @@ static void r600_pcie_gen2_enable(struct radeon_device *rdev)
- 	if (rdev->family <= CHIP_R600)
- 		return;
- 
-	ret = drm_pcie_get_speed_cap_mask(rdev->ddev, &mask);
-	if (ret != 0)
-		return;
-
-	if (!(mask & DRM_PCIE_SPEED_50))
-+	if ((rdev->pdev->bus->max_bus_speed != PCIE_SPEED_5_0GT) &&
-+		(rdev->pdev->bus->max_bus_speed != PCIE_SPEED_8_0GT))
- 		return;
- 
- 	speed_cntl = RREG32_PCIE_PORT(PCIE_LC_SPEED_CNTL);
-diff --git a/drivers/gpu/drm/radeon/rv770.c b/drivers/gpu/drm/radeon/rv770.c
-index 83f612a..a6af4aa 100644
--- a/drivers/gpu/drm/radeon/rv770.c
-+++ b/drivers/gpu/drm/radeon/rv770.c
-@@ -2113,8 +2113,6 @@ static void rv770_pcie_gen2_enable(struct radeon_device *rdev)
- {
- 	u32 link_width_cntl, lanes, speed_cntl, tmp;
- 	u16 link_cntl2;
-	u32 mask;
-	int ret;
- 
- 	if (radeon_pcie_gen2 == 0)
- 		return;
-@@ -2129,11 +2127,8 @@ static void rv770_pcie_gen2_enable(struct radeon_device *rdev)
- 	if (ASIC_IS_X2(rdev))
- 		return;
- 
-	ret = drm_pcie_get_speed_cap_mask(rdev->ddev, &mask);
-	if (ret != 0)
-		return;
-
-	if (!(mask & DRM_PCIE_SPEED_50))
-+	if ((rdev->pdev->bus->max_bus_speed != PCIE_SPEED_5_0GT) &&
-+		(rdev->pdev->bus->max_bus_speed != PCIE_SPEED_8_0GT))
- 		return;
- 
- 	DRM_INFO("enabling PCIE gen 2 link speeds, disable with radeon.pcie_gen2=0\n");
-- 
-1.7.1
--- a/2
+++ b/2
@ -1,2 +1,2 @@
 4348c9b6b2eb3144d601e87c19d5d909  linux-3.9.tar.xz
-bc974df2cd7a1b1216a2c518ce4ab756  patch-3.10-rc3.xz
+ae685dcb736096739eb20122a1395f6e  patch-3.10-rc4.xz