From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 19 Oct 2014 23:19:18 +0000 (+0800)
Subject: 3.17-stable patches
X-Git-Tag: v3.10.59~37
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=79760d81a1d1546f7a2e99a9dbdc5b726fb0c255;p=thirdparty%2Fkernel%2Fstable-queue.git

3.17-stable patches

added patches:
	fs-add-a-missing-permission-check-to-do_umount.patch
	pci_ids-add-support-for-intel-quark-ilb.patch
---

diff --git a/queue-3.17/fs-add-a-missing-permission-check-to-do_umount.patch b/queue-3.17/fs-add-a-missing-permission-check-to-do_umount.patch
new file mode 100644
index 00000000000..443ab09eddf
--- /dev/null
+++ b/queue-3.17/fs-add-a-missing-permission-check-to-do_umount.patch
@@ -0,0 +1,32 @@
+From a1480dcc3c706e309a88884723446f2e84fedd5b Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto@amacapital.net>
+Date: Wed, 8 Oct 2014 12:32:47 -0700
+Subject: fs: Add a missing permission check to do_umount
+
+From: Andy Lutomirski <luto@amacapital.net>
+
+commit a1480dcc3c706e309a88884723446f2e84fedd5b upstream.
+
+Accessing do_remount_sb should require global CAP_SYS_ADMIN, but
+only one of the two call sites was appropriately protected.
+
+Fixes CVE-2014-7975.
+
+Signed-off-by: Andy Lutomirski <luto@amacapital.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/namespace.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/namespace.c
++++ b/fs/namespace.c
+@@ -1356,6 +1356,8 @@ static int do_umount(struct mount *mnt,
+ 		 * Special case for "unmounting" root ...
+ 		 * we just try to remount it readonly.
+ 		 */
++		if (!capable(CAP_SYS_ADMIN))
++			return -EPERM;
+ 		down_write(&sb->s_umount);
+ 		if (!(sb->s_flags & MS_RDONLY))
+ 			retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
diff --git a/queue-3.17/pci_ids-add-support-for-intel-quark-ilb.patch b/queue-3.17/pci_ids-add-support-for-intel-quark-ilb.patch
new file mode 100644
index 00000000000..5c10cb03271
--- /dev/null
+++ b/queue-3.17/pci_ids-add-support-for-intel-quark-ilb.patch
@@ -0,0 +1,33 @@
+From bb048713bba3ead39f6112910906d9fe3f88ede7 Mon Sep 17 00:00:00 2001
+From: Josef Ahmad <josef.ahmad@intel.com>
+Date: Tue, 2 Sep 2014 13:45:20 +0300
+Subject: pci_ids: Add support for Intel Quark ILB
+
+From: Josef Ahmad <josef.ahmad@intel.com>
+
+commit bb048713bba3ead39f6112910906d9fe3f88ede7 upstream.
+
+This patch adds the PCI id for Intel Quark ILB.
+It will be used for GPIO and Multifunction device driver.
+
+Signed-off-by: Josef Ahmad <josef.ahmad@intel.com>
+Acked-by: Bjorn Helgaas <bhelgaas@google.com>
+Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Signed-off-by: Lee Jones <lee.jones@linaro.org>
+Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/pci_ids.h |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/include/linux/pci_ids.h
++++ b/include/linux/pci_ids.h
+@@ -2557,6 +2557,7 @@
+ #define PCI_DEVICE_ID_INTEL_MFD_EMMC0	0x0823
+ #define PCI_DEVICE_ID_INTEL_MFD_EMMC1	0x0824
+ #define PCI_DEVICE_ID_INTEL_MRST_SD2	0x084F
++#define PCI_DEVICE_ID_INTEL_QUARK_X1000_ILB	0x095E
+ #define PCI_DEVICE_ID_INTEL_I960	0x0960
+ #define PCI_DEVICE_ID_INTEL_I960RM	0x0962
+ #define PCI_DEVICE_ID_INTEL_CENTERTON_ILB	0x0c60
diff --git a/queue-3.17/series b/queue-3.17/series
index 629a06e7e47..de0196b52b6 100644
--- a/queue-3.17/series
+++ b/queue-3.17/series
@@ -11,3 +11,5 @@ btrfs-fix-build_backref_tree-issue-with-multiple-shared-blocks.patch
 btrfs-fix-the-wrong-condition-judgment-about-subset-extent-map.patch
 btrfs-fix-race-in-wait_sync-ioctl.patch
 revert-btrfs-race-free-update-of-commit-root-for-ro-snapshots.patch
+fs-add-a-missing-permission-check-to-do_umount.patch
+pci_ids-add-support-for-intel-quark-ilb.patch