--- /dev/null
+From cb5c6568867325f9905e80c96531d963bec8e5ea Mon Sep 17 00:00:00 2001
+From: Govindarajulu Varadarajan <gvaradar@cisco.com>
+Date: Mon, 30 Jul 2018 09:56:54 -0700
+Subject: enic: do not call enic_change_mtu in enic_probe
+
+From: Govindarajulu Varadarajan <gvaradar@cisco.com>
+
+commit cb5c6568867325f9905e80c96531d963bec8e5ea upstream.
+
+In commit ab123fe071c9 ("enic: handle mtu change for vf properly")
+ASSERT_RTNL() is added to _enic_change_mtu() to prevent it from being
+called without rtnl held. enic_probe() calls enic_change_mtu()
+without rtnl held. At this point netdev is not registered yet.
+Remove call to enic_change_mtu and assign the mtu to netdev->mtu.
+
+Fixes: ab123fe071c9 ("enic: handle mtu change for vf properly")
+Signed-off-by: Govindarajulu Varadarajan <gvaradar@cisco.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/cisco/enic/enic_main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/cisco/enic/enic_main.c
++++ b/drivers/net/ethernet/cisco/enic/enic_main.c
+@@ -2496,7 +2496,6 @@ static int enic_probe(struct pci_dev *pd
+ */
+
+ enic->port_mtu = enic->config.mtu;
+- (void)enic_change_mtu(netdev, enic->port_mtu);
+
+ err = enic_set_mac_addr(netdev, enic->mac_addr);
+ if (err) {
+@@ -2545,6 +2544,7 @@ static int enic_probe(struct pci_dev *pd
+ netdev->features |= NETIF_F_HIGHDMA;
+
+ netdev->priv_flags |= IFF_UNICAST_FLT;
++ netdev->mtu = enic->port_mtu;
+
+ err = register_netdev(netdev);
+ if (err) {
--- /dev/null
+From 3chas3@gmail.com Thu Sep 13 09:14:31 2018
+From: Chas Williams <3chas3@gmail.com>
+Date: Thu, 6 Sep 2018 11:10:41 -0400
+Subject: Fixes: Commit 86af955d02bb ("mm: numa: avoid waiting on freed migrated pages")
+To: stable@vger.kernel.org
+Cc: natechancellor@gmail.com, mark.rutland@arm.com, will.deacon@arm.com, steve.capper@arm.com, kirill.shutemov@linux.intel.com, vbabka@suse.cz, mgorman@suse.de, Chas Williams <chas3@att.com>
+Message-ID: <20180906151041.17597-1-3chas3@gmail.com>
+
+
+From: Chas Williams <chas3@att.com>
+
+Commit 86af955d02bb ("mm: numa: avoid waiting on freed migrated pages")
+was an incomplete backport of the upstream commit. It is necessary to
+always reset page_nid before attempting any early exit.
+
+The original commit conflicted due to lack of commit 82b0f8c39a38
+("mm: join struct fault_env and vm_fault") in 4.9 so it wasn't a clean
+application, and the change must have just gotten lost in the noise.
+
+Signed-off-by: Chas Williams <chas3@att.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/huge_memory.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/huge_memory.c
++++ b/mm/huge_memory.c
+@@ -1329,12 +1329,12 @@ int do_huge_pmd_numa_page(struct mm_stru
+
+ /* Migration could have started since the pmd_trans_migrating check */
+ if (!page_locked) {
++ page_nid = -1;
+ if (!get_page_unless_zero(page))
+ goto out_unlock;
+ spin_unlock(ptl);
+ wait_on_page_locked(page);
+ put_page(page);
+- page_nid = -1;
+ goto out;
+ }
+
--- /dev/null
+From tyhicks@canonical.com Thu Sep 13 09:00:58 2018
+From: Tyler Hicks <tyhicks@canonical.com>
+Date: Tue, 4 Sep 2018 15:24:04 +0000
+Subject: irda: Fix memory leak caused by repeated binds of irda socket
+To: stable@vger.kernel.org
+Message-ID: <1536074645-14160-2-git-send-email-tyhicks@canonical.com>
+
+From: Tyler Hicks <tyhicks@canonical.com>
+
+The irda_bind() function allocates memory for self->ias_obj without
+checking to see if the socket is already bound. A userspace process
+could repeatedly bind the socket, have each new object added into the
+LM-IAS database, and lose the reference to the old object assigned to
+the socket to exhaust memory resources. This patch errors out of the
+bind operation when self->ias_obj is already assigned.
+
+CVE-2018-6554
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
+Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
+Reviewed-by: Stefan Bader <stefan.bader@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/irda/af_irda.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/net/irda/af_irda.c
++++ b/net/irda/af_irda.c
+@@ -785,6 +785,13 @@ static int irda_bind(struct socket *sock
+ return -EINVAL;
+
+ lock_sock(sk);
++
++ /* Ensure that the socket is not already bound */
++ if (self->ias_obj) {
++ err = -EINVAL;
++ goto out;
++ }
++
+ #ifdef CONFIG_IRDA_ULTRA
+ /* Special care for Ultra sockets */
+ if ((sk->sk_type == SOCK_DGRAM) &&
--- /dev/null
+From tyhicks@canonical.com Thu Sep 13 09:02:40 2018
+From: Tyler Hicks <tyhicks@canonical.com>
+Date: Tue, 4 Sep 2018 15:24:05 +0000
+Subject: irda: Only insert new objects into the global database via setsockopt
+To: stable@vger.kernel.org
+Message-ID: <1536074645-14160-3-git-send-email-tyhicks@canonical.com>
+
+From: Tyler Hicks <tyhicks@canonical.com>
+
+The irda_setsockopt() function conditionally allocates memory for a new
+self->ias_object or, in some cases, reuses the existing
+self->ias_object. Existing objects were incorrectly reinserted into the
+LM_IAS database which corrupted the doubly linked list used for the
+hashbin implementation of the LM_IAS database. When combined with a
+memory leak in irda_bind(), this issue could be leveraged to create a
+use-after-free vulnerability in the hashbin list. This patch fixes the
+issue by only inserting newly allocated objects into the database.
+
+CVE-2018-6555
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
+Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
+Reviewed-by: Stefan Bader <stefan.bader@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/irda/af_irda.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/net/irda/af_irda.c
++++ b/net/irda/af_irda.c
+@@ -2051,7 +2051,11 @@ static int irda_setsockopt(struct socket
+ err = -EINVAL;
+ goto out;
+ }
+- irias_insert_object(ias_obj);
++
++ /* Only insert newly allocated objects */
++ if (free_ias)
++ irias_insert_object(ias_obj);
++
+ kfree(ias_opt);
+ break;
+ case IRLMP_IAS_DEL:
--- /dev/null
+From 914b087ff9e0e9a399a4927fa30793064afc0178 Mon Sep 17 00:00:00 2001
+From: Randy Dunlap <rdunlap@infradead.org>
+Date: Tue, 28 Aug 2018 12:59:10 -0700
+Subject: kbuild: make missing $DEPMOD a Warning instead of an Error
+
+From: Randy Dunlap <rdunlap@infradead.org>
+
+commit 914b087ff9e0e9a399a4927fa30793064afc0178 upstream.
+
+When $DEPMOD is not found, only print a warning instead of exiting
+with an error message and error status:
+
+Warning: 'make modules_install' requires /sbin/depmod. Please install it.
+This is probably in the kmod package.
+
+Change the Error to a Warning because "not all build hosts for cross
+compiling Linux are Linux systems and are able to provide a working
+port of depmod, especially at the file patch /sbin/depmod."
+
+I.e., "make modules_install" may be used to copy/install the
+loadable modules files to a target directory on a build system and
+then transferred to an embedded device where /sbin/depmod is run
+instead of it being run on the build system.
+
+Fixes: 934193a654c1 ("kbuild: verify that $DEPMOD is installed")
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Reported-by: H. Nikolaus Schaller <hns@goldelico.com>
+Cc: stable@vger.kernel.org
+Cc: Lucas De Marchi <lucas.demarchi@profusion.mobi>
+Cc: Lucas De Marchi <lucas.de.marchi@gmail.com>
+Cc: Michal Marek <michal.lkml@markovi.net>
+Cc: Jessica Yu <jeyu@kernel.org>
+Cc: Chih-Wei Huang <cwhuang@linux.org.tw>
+Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+Signed-off-by: Maxim Zhukov <mussitantesmortem@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ scripts/depmod.sh | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/scripts/depmod.sh
++++ b/scripts/depmod.sh
+@@ -15,9 +15,9 @@ if ! test -r System.map ; then
+ fi
+
+ if [ -z $(command -v $DEPMOD) ]; then
+- echo "'make modules_install' requires $DEPMOD. Please install it." >&2
++ echo "Warning: 'make modules_install' requires $DEPMOD. Please install it." >&2
+ echo "This is probably in the kmod package." >&2
+- exit 1
++ exit 0
+ fi
+
+ # older versions of depmod don't support -P <symbol-prefix>
btrfs-relocation-only-remove-reloc-rb_trees-if-reloc-control-has-been-initialized.patch
btrfs-don-t-remove-block-group-that-still-has-pinned-down-bytes.patch
debugobjects-make-stack-check-warning-more-informative.patch
+kbuild-make-missing-depmod-a-warning-instead-of-an-error.patch
+irda-fix-memory-leak-caused-by-repeated-binds-of-irda-socket.patch
+irda-only-insert-new-objects-into-the-global-database-via-setsockopt.patch
+enic-do-not-call-enic_change_mtu-in-enic_probe.patch
+fixes-commit-86af955d02bb-mm-numa-avoid-waiting-on-freed-migrated-pages.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
