--- /dev/null
+From 435d1a471598752446a72ad1201b3c980526d869 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 15 Jun 2020 16:24:08 -0400
+Subject: efi: Make it possible to disable efivar_ssdt entirely
+
+From: Peter Jones <pjones@redhat.com>
+
+commit 435d1a471598752446a72ad1201b3c980526d869 upstream.
+
+In most cases, such as CONFIG_ACPI_CUSTOM_DSDT and
+CONFIG_ACPI_TABLE_UPGRADE, boot-time modifications to firmware tables
+are tied to specific Kconfig options. Currently this is not the case
+for modifying the ACPI SSDT via the efivar_ssdt kernel command line
+option and associated EFI variable.
+
+This patch adds CONFIG_EFI_CUSTOM_SSDT_OVERLAYS, which defaults
+disabled, in order to allow enabling or disabling that feature during
+the build.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Link: https://lore.kernel.org/r/20200615202408.2242614-1-pjones@redhat.com
+Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/firmware/efi/Kconfig | 11 +++++++++++
+ drivers/firmware/efi/efi.c | 2 +-
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+--- a/drivers/firmware/efi/Kconfig
++++ b/drivers/firmware/efi/Kconfig
+@@ -129,6 +129,17 @@ config EFI_TEST
+ Say Y here to enable the runtime services support via /dev/efi_test.
+ If unsure, say N.
+
++config EFI_CUSTOM_SSDT_OVERLAYS
++ bool "Load custom ACPI SSDT overlay from an EFI variable"
++ depends on EFI_VARS && ACPI
++ default ACPI_TABLE_UPGRADE
++ help
++ Allow loading of an ACPI SSDT overlay from an EFI variable specified
++ by a kernel command line option.
++
++ See Documentation/admin-guide/acpi/ssdt-overlays.rst for more
++ information.
++
+ endmenu
+
+ config UEFI_CPER
+--- a/drivers/firmware/efi/efi.c
++++ b/drivers/firmware/efi/efi.c
+@@ -198,7 +198,7 @@ static void generic_ops_unregister(void)
+ efivars_unregister(&generic_efivars);
+ }
+
+-#if IS_ENABLED(CONFIG_ACPI)
++#ifdef CONFIG_EFI_CUSTOM_SSDT_OVERLAYS
+ #define EFIVAR_SSDT_NAME_MAX 16
+ static char efivar_ssdt[EFIVAR_SSDT_NAME_MAX] __initdata;
+ static int __init efivar_ssdt_setup(char *str)
--- /dev/null
+From MAILER-DAEMON Tue Jul 7 14:02:16 2020
+From: Vasily Averin <vvs@virtuozzo.com>
+Date: Tue, 09 Jun 2020 10:53:22 +0300
+Subject: netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6
+To: Pablo Neira Ayuso <pablo@netfilter.org>, netfilter-devel@vger.kernel.org
+Cc: Florian Westphal <fw@strlen.de>
+Message-ID: <c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com>
+
+From: Vasily Averin <vvs@virtuozzo.com>
+
+Could you please push this patch into stable@?
+it fixes memory corruption in kernels v3.5 .. v4.10
+
+Lost .data_len definition leads to write beyond end of
+struct nf_ct_h323_master. Usually it corrupts following
+struct nf_conn_nat, however if nat is not loaded it corrupts
+following slab object.
+
+In mainline this problem went away in v4.11,
+after commit 9f0f3ebeda47 ("netfilter: helpers: remove data_len usage
+for inkernel helpers") however many stable kernels are still affected.
+
+Fixes: 1afc56794e03 ("netfilter: nf_ct_helper: implement variable length helper private data") # v3.5
+cc: stable@vger.kernel.org
+Reviewed-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nf_conntrack_h323_main.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/netfilter/nf_conntrack_h323_main.c
++++ b/net/netfilter/nf_conntrack_h323_main.c
+@@ -1225,6 +1225,7 @@ static struct nf_conntrack_helper nf_con
+ {
+ .name = "Q.931",
+ .me = THIS_MODULE,
++ .data_len = sizeof(struct nf_ct_h323_master),
+ .tuple.src.l3num = AF_INET6,
+ .tuple.src.u.tcp.port = cpu_to_be16(Q931_PORT),
+ .tuple.dst.protonum = IPPROTO_TCP,
projects / thirdparty / kernel / stable-queue.git / commitdiff
