--- /dev/null
+From cb5c6568867325f9905e80c96531d963bec8e5ea Mon Sep 17 00:00:00 2001
+From: Govindarajulu Varadarajan <gvaradar@cisco.com>
+Date: Mon, 30 Jul 2018 09:56:54 -0700
+Subject: enic: do not call enic_change_mtu in enic_probe
+
+From: Govindarajulu Varadarajan <gvaradar@cisco.com>
+
+commit cb5c6568867325f9905e80c96531d963bec8e5ea upstream.
+
+In commit ab123fe071c9 ("enic: handle mtu change for vf properly")
+ASSERT_RTNL() is added to _enic_change_mtu() to prevent it from being
+called without rtnl held. enic_probe() calls enic_change_mtu()
+without rtnl held. At this point netdev is not registered yet.
+Remove call to enic_change_mtu and assign the mtu to netdev->mtu.
+
+Fixes: ab123fe071c9 ("enic: handle mtu change for vf properly")
+Signed-off-by: Govindarajulu Varadarajan <gvaradar@cisco.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/cisco/enic/enic_main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/cisco/enic/enic_main.c
++++ b/drivers/net/ethernet/cisco/enic/enic_main.c
+@@ -2683,7 +2683,6 @@ static int enic_probe(struct pci_dev *pd
+ */
+
+ enic->port_mtu = enic->config.mtu;
+- (void)enic_change_mtu(netdev, enic->port_mtu);
+
+ err = enic_set_mac_addr(netdev, enic->mac_addr);
+ if (err) {
+@@ -2732,6 +2731,7 @@ static int enic_probe(struct pci_dev *pd
+ netdev->features |= NETIF_F_HIGHDMA;
+
+ netdev->priv_flags |= IFF_UNICAST_FLT;
++ netdev->mtu = enic->port_mtu;
+
+ err = register_netdev(netdev);
+ if (err) {
--- /dev/null
+From 3chas3@gmail.com Thu Sep 13 09:14:14 2018
+From: Chas Williams <3chas3@gmail.com>
+Date: Thu, 6 Sep 2018 11:11:27 -0400
+Subject: Fixes: Commit cdbf92675fad ("mm: numa: avoid waiting on freed migrated pages")
+To: stable@vger.kernel.org
+Cc: natechancellor@gmail.com, mark.rutland@arm.com, will.deacon@arm.com, steve.capper@arm.com, kirill.shutemov@linux.intel.com, vbabka@suse.cz, mgorman@suse.de, Chas Williams <chas3@att.com>
+Message-ID: <20180906151127.17686-1-3chas3@gmail.com>
+
+
+From: Chas Williams <chas3@att.com>
+
+Commit cdbf92675fad ("mm: numa: avoid waiting on freed migrated pages")
+was an incomplete backport of the upstream commit. It is necessary to
+always reset page_nid before attempting any early exit.
+
+The original commit conflicted due to lack of commit 82b0f8c39a38
+("mm: join struct fault_env and vm_fault") in 4.9 so it wasn't a clean
+application, and the change must have just gotten lost in the noise.
+
+Signed-off-by: Chas Williams <chas3@att.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/huge_memory.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/huge_memory.c
++++ b/mm/huge_memory.c
+@@ -1393,12 +1393,12 @@ int do_huge_pmd_numa_page(struct mm_stru
+
+ /* Migration could have started since the pmd_trans_migrating check */
+ if (!page_locked) {
++ page_nid = -1;
+ if (!get_page_unless_zero(page))
+ goto out_unlock;
+ spin_unlock(ptl);
+ wait_on_page_locked(page);
+ put_page(page);
+- page_nid = -1;
+ goto out;
+ }
+
--- /dev/null
+From tyhicks@canonical.com Thu Sep 13 09:00:58 2018
+From: Tyler Hicks <tyhicks@canonical.com>
+Date: Tue, 4 Sep 2018 15:24:04 +0000
+Subject: irda: Fix memory leak caused by repeated binds of irda socket
+To: stable@vger.kernel.org
+Message-ID: <1536074645-14160-2-git-send-email-tyhicks@canonical.com>
+
+From: Tyler Hicks <tyhicks@canonical.com>
+
+The irda_bind() function allocates memory for self->ias_obj without
+checking to see if the socket is already bound. A userspace process
+could repeatedly bind the socket, have each new object added into the
+LM-IAS database, and lose the reference to the old object assigned to
+the socket to exhaust memory resources. This patch errors out of the
+bind operation when self->ias_obj is already assigned.
+
+CVE-2018-6554
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
+Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
+Reviewed-by: Stefan Bader <stefan.bader@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/irda/af_irda.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/net/irda/af_irda.c
++++ b/net/irda/af_irda.c
+@@ -774,6 +774,13 @@ static int irda_bind(struct socket *sock
+ return -EINVAL;
+
+ lock_sock(sk);
++
++ /* Ensure that the socket is not already bound */
++ if (self->ias_obj) {
++ err = -EINVAL;
++ goto out;
++ }
++
+ #ifdef CONFIG_IRDA_ULTRA
+ /* Special care for Ultra sockets */
+ if ((sk->sk_type == SOCK_DGRAM) &&
--- /dev/null
+From tyhicks@canonical.com Thu Sep 13 09:02:40 2018
+From: Tyler Hicks <tyhicks@canonical.com>
+Date: Tue, 4 Sep 2018 15:24:05 +0000
+Subject: irda: Only insert new objects into the global database via setsockopt
+To: stable@vger.kernel.org
+Message-ID: <1536074645-14160-3-git-send-email-tyhicks@canonical.com>
+
+From: Tyler Hicks <tyhicks@canonical.com>
+
+The irda_setsockopt() function conditionally allocates memory for a new
+self->ias_object or, in some cases, reuses the existing
+self->ias_object. Existing objects were incorrectly reinserted into the
+LM_IAS database which corrupted the doubly linked list used for the
+hashbin implementation of the LM_IAS database. When combined with a
+memory leak in irda_bind(), this issue could be leveraged to create a
+use-after-free vulnerability in the hashbin list. This patch fixes the
+issue by only inserting newly allocated objects into the database.
+
+CVE-2018-6555
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
+Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
+Reviewed-by: Stefan Bader <stefan.bader@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/irda/af_irda.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/net/irda/af_irda.c
++++ b/net/irda/af_irda.c
+@@ -2027,7 +2027,11 @@ static int irda_setsockopt(struct socket
+ err = -EINVAL;
+ goto out;
+ }
+- irias_insert_object(ias_obj);
++
++ /* Only insert newly allocated objects */
++ if (free_ias)
++ irias_insert_object(ias_obj);
++
+ kfree(ias_opt);
+ break;
+ case IRLMP_IAS_DEL:
--- /dev/null
+From 914b087ff9e0e9a399a4927fa30793064afc0178 Mon Sep 17 00:00:00 2001
+From: Randy Dunlap <rdunlap@infradead.org>
+Date: Tue, 28 Aug 2018 12:59:10 -0700
+Subject: kbuild: make missing $DEPMOD a Warning instead of an Error
+
+From: Randy Dunlap <rdunlap@infradead.org>
+
+commit 914b087ff9e0e9a399a4927fa30793064afc0178 upstream.
+
+When $DEPMOD is not found, only print a warning instead of exiting
+with an error message and error status:
+
+Warning: 'make modules_install' requires /sbin/depmod. Please install it.
+This is probably in the kmod package.
+
+Change the Error to a Warning because "not all build hosts for cross
+compiling Linux are Linux systems and are able to provide a working
+port of depmod, especially at the file patch /sbin/depmod."
+
+I.e., "make modules_install" may be used to copy/install the
+loadable modules files to a target directory on a build system and
+then transferred to an embedded device where /sbin/depmod is run
+instead of it being run on the build system.
+
+Fixes: 934193a654c1 ("kbuild: verify that $DEPMOD is installed")
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Reported-by: H. Nikolaus Schaller <hns@goldelico.com>
+Cc: stable@vger.kernel.org
+Cc: Lucas De Marchi <lucas.demarchi@profusion.mobi>
+Cc: Lucas De Marchi <lucas.de.marchi@gmail.com>
+Cc: Michal Marek <michal.lkml@markovi.net>
+Cc: Jessica Yu <jeyu@kernel.org>
+Cc: Chih-Wei Huang <cwhuang@linux.org.tw>
+Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+Signed-off-by: Maxim Zhukov <mussitantesmortem@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ scripts/depmod.sh | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/scripts/depmod.sh
++++ b/scripts/depmod.sh
+@@ -15,9 +15,9 @@ if ! test -r System.map ; then
+ fi
+
+ if [ -z $(command -v $DEPMOD) ]; then
+- echo "'make modules_install' requires $DEPMOD. Please install it." >&2
++ echo "Warning: 'make modules_install' requires $DEPMOD. Please install it." >&2
+ echo "This is probably in the kmod package." >&2
+- exit 1
++ exit 0
+ fi
+
+ # older versions of depmod don't support -P <symbol-prefix>
--- /dev/null
+From festevam@gmail.com Thu Sep 13 09:05:29 2018
+From: Fabio Estevam <festevam@gmail.com>
+Date: Mon, 3 Sep 2018 10:39:48 -0300
+Subject: Revert "ARM: imx_v6_v7_defconfig: Select ULPI support"
+To: stable@vger.kernel.org
+Cc: shawnguo@kernel.org, rasmus.villemoes@prevas.dk, gregkh@linuxfoundation.org, Fabio Estevam <fabio.estevam@nxp.com>
+Message-ID: <1535981988-28790-1-git-send-email-festevam@gmail.com>
+
+From: Fabio Estevam <fabio.estevam@nxp.com>
+
+This reverts commit 0d0af17ae83d6feb29d676c72423461419df5110.
+
+This commit causes reboot to fail on imx6 wandboard, so let's
+revert it.
+
+Cc: <stable@vger.kernel.org> #4.4
+Reported-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
+Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm/configs/imx_v6_v7_defconfig | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/arch/arm/configs/imx_v6_v7_defconfig
++++ b/arch/arm/configs/imx_v6_v7_defconfig
+@@ -261,7 +261,6 @@ CONFIG_USB_STORAGE=y
+ CONFIG_USB_CHIPIDEA=y
+ CONFIG_USB_CHIPIDEA_UDC=y
+ CONFIG_USB_CHIPIDEA_HOST=y
+-CONFIG_USB_CHIPIDEA_ULPI=y
+ CONFIG_USB_SERIAL=m
+ CONFIG_USB_SERIAL_GENERIC=y
+ CONFIG_USB_SERIAL_FTDI_SIO=m
+@@ -288,7 +287,6 @@ CONFIG_USB_G_NCM=m
+ CONFIG_USB_GADGETFS=m
+ CONFIG_USB_MASS_STORAGE=m
+ CONFIG_USB_G_SERIAL=m
+-CONFIG_USB_ULPI_BUS=y
+ CONFIG_MMC=y
+ CONFIG_MMC_SDHCI=y
+ CONFIG_MMC_SDHCI_PLTFM=y
btrfs-don-t-remove-block-group-that-still-has-pinned-down-bytes.patch
debugobjects-make-stack-check-warning-more-informative.patch
x86-pae-use-64-bit-atomic-xchg-function-in-native_ptep_get_and_clear.patch
+kbuild-make-missing-depmod-a-warning-instead-of-an-error.patch
+irda-fix-memory-leak-caused-by-repeated-binds-of-irda-socket.patch
+irda-only-insert-new-objects-into-the-global-database-via-setsockopt.patch
+revert-arm-imx_v6_v7_defconfig-select-ulpi-support.patch
+enic-do-not-call-enic_change_mtu-in-enic_probe.patch
+fixes-commit-cdbf92675fad-mm-numa-avoid-waiting-on-freed-migrated-pages.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
