3.17-stable patches

added patches:
	fs-add-a-missing-permission-check-to-do_umount.patch
	pci_ids-add-support-for-intel-quark-ilb.patch

diff --git a/queue-3.17/fs-add-a-missing-permission-check-to-do_umount.patch b/queue-3.17/fs-add-a-missing-permission-check-to-do_umount.patch
new file mode 100644 (file)
index 0000000..443ab09
--- /dev/null
+++ b/queue-3.17/fs-add-a-missing-permission-check-to-do_umount.patch
@@ -0,0 +1,32 @@
+From a1480dcc3c706e309a88884723446f2e84fedd5b Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto@amacapital.net>
+Date: Wed, 8 Oct 2014 12:32:47 -0700
+Subject: fs: Add a missing permission check to do_umount
+
+From: Andy Lutomirski <luto@amacapital.net>
+
+commit a1480dcc3c706e309a88884723446f2e84fedd5b upstream.
+
+Accessing do_remount_sb should require global CAP_SYS_ADMIN, but
+only one of the two call sites was appropriately protected.
+
+Fixes CVE-2014-7975.
+
+Signed-off-by: Andy Lutomirski <luto@amacapital.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/namespace.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/namespace.c
++++ b/fs/namespace.c
+@@ -1356,6 +1356,8 @@ static int do_umount(struct mount *mnt,
+                * Special case for "unmounting" root ...
+                * we just try to remount it readonly.
+                */
++              if (!capable(CAP_SYS_ADMIN))
++                      return -EPERM;
+               down_write(&sb->s_umount);
+               if (!(sb->s_flags & MS_RDONLY))
+                       retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);

diff --git a/queue-3.17/pci_ids-add-support-for-intel-quark-ilb.patch b/queue-3.17/pci_ids-add-support-for-intel-quark-ilb.patch
new file mode 100644 (file)
index 0000000..5c10cb0
--- /dev/null
+++ b/queue-3.17/pci_ids-add-support-for-intel-quark-ilb.patch
@@ -0,0 +1,33 @@
+From bb048713bba3ead39f6112910906d9fe3f88ede7 Mon Sep 17 00:00:00 2001
+From: Josef Ahmad <josef.ahmad@intel.com>
+Date: Tue, 2 Sep 2014 13:45:20 +0300
+Subject: pci_ids: Add support for Intel Quark ILB
+
+From: Josef Ahmad <josef.ahmad@intel.com>
+
+commit bb048713bba3ead39f6112910906d9fe3f88ede7 upstream.
+
+This patch adds the PCI id for Intel Quark ILB.
+It will be used for GPIO and Multifunction device driver.
+
+Signed-off-by: Josef Ahmad <josef.ahmad@intel.com>
+Acked-by: Bjorn Helgaas <bhelgaas@google.com>
+Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Signed-off-by: Lee Jones <lee.jones@linaro.org>
+Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/pci_ids.h |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/include/linux/pci_ids.h
++++ b/include/linux/pci_ids.h
+@@ -2557,6 +2557,7 @@
+ #define PCI_DEVICE_ID_INTEL_MFD_EMMC0 0x0823
+ #define PCI_DEVICE_ID_INTEL_MFD_EMMC1 0x0824
+ #define PCI_DEVICE_ID_INTEL_MRST_SD2  0x084F
++#define PCI_DEVICE_ID_INTEL_QUARK_X1000_ILB   0x095E
+ #define PCI_DEVICE_ID_INTEL_I960      0x0960
+ #define PCI_DEVICE_ID_INTEL_I960RM    0x0962
+ #define PCI_DEVICE_ID_INTEL_CENTERTON_ILB     0x0c60

diff --git a/queue-3.17/series b/queue-3.17/series
index 629a06e7e47cf40f5a2c008d0872442e507d60c6..de0196b52b6ed95384299b3e3a2f9892f66b5933 100644 (file)
--- a/queue-3.17/series
+++ b/queue-3.17/series
@@ -11,3 +11,5 @@ btrfs-fix-build_backref_tree-issue-with-multiple-shared-blocks.patch
 btrfs-fix-the-wrong-condition-judgment-about-subset-extent-map.patch
 btrfs-fix-race-in-wait_sync-ioctl.patch
 revert-btrfs-race-free-update-of-commit-root-for-ro-snapshots.patch
+fs-add-a-missing-permission-check-to-do_umount.patch
+pci_ids-add-support-for-intel-quark-ilb.patch