--- /dev/null
+From foo@baz Tue Aug 21 07:39:57 CEST 2018
+From: Hangbin Liu <liuhangbin@gmail.com>
+Date: Tue, 14 Aug 2018 17:28:26 +0800
+Subject: cls_matchall: fix tcf_unbind_filter missing
+
+From: Hangbin Liu <liuhangbin@gmail.com>
+
+[ Upstream commit a51c76b4dfb30496dc65396a957ef0f06af7fb22 ]
+
+Fix tcf_unbind_filter missing in cls_matchall as this will trigger
+WARN_ON() in cbq_destroy_class().
+
+Fixes: fd62d9f5c575f ("net/sched: matchall: Fix configuration race")
+Reported-by: Li Shuang <shuali@redhat.com>
+Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
+Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sched/cls_matchall.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/sched/cls_matchall.c
++++ b/net/sched/cls_matchall.c
+@@ -94,6 +94,8 @@ static bool mall_destroy(struct tcf_prot
+ if (!head)
+ return true;
+
++ tcf_unbind_filter(tp, &head->res);
++
+ if (tc_should_offload(dev, tp, head->flags))
+ mall_destroy_hw_filter(tp, head, (unsigned long) head);
+
--- /dev/null
+From foo@baz Tue Aug 21 07:39:57 CEST 2018
+From: Kees Cook <keescook@chromium.org>
+Date: Wed, 15 Aug 2018 12:14:05 -0700
+Subject: isdn: Disable IIOCDBGVAR
+
+From: Kees Cook <keescook@chromium.org>
+
+[ Upstream commit 5e22002aa8809e2efab2da95855f73f63e14a36c ]
+
+It was possible to directly leak the kernel address where the isdn_dev
+structure pointer was stored. This is a kernel ASLR bypass for anyone
+with access to the ioctl. The code had been present since the beginning
+of git history, though this shouldn't ever be needed for normal operation,
+therefore remove it.
+
+Reported-by: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Karsten Keil <isdn@linux-pingi.de>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/isdn/i4l/isdn_common.c | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+--- a/drivers/isdn/i4l/isdn_common.c
++++ b/drivers/isdn/i4l/isdn_common.c
+@@ -1655,13 +1655,7 @@ isdn_ioctl(struct file *file, uint cmd,
+ } else
+ return -EINVAL;
+ case IIOCDBGVAR:
+- if (arg) {
+- if (copy_to_user(argp, &dev, sizeof(ulong)))
+- return -EFAULT;
+- return 0;
+- } else
+- return -EINVAL;
+- break;
++ return -EINVAL;
+ default:
+ if ((cmd & IIOCDRVCTL) == IIOCDRVCTL)
+ cmd = ((cmd >> _IOC_NRSHIFT) & _IOC_NRMASK) & ISDN_DRVIOCTL_MASK;
alsa-hda-correct-asrock-b85m-itx-power_save-blacklist-entry.patch
alsa-memalloc-don-t-exceed-over-the-requested-size.patch
alsa-vxpocket-fix-invalid-endian-conversions.patch
+isdn-disable-iiocdbgvar.patch
+cls_matchall-fix-tcf_unbind_filter-missing.patch
usb-serial-sierra-fix-potential-deadlock-at-close.patch
usb-option-add-support-for-dw5821e.patch
acpi-pm-save-nvs-memory-for-asus-1025c-laptop.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
