From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 7 Feb 2018 20:07:24 +0000 (-0800)
Subject: 3.18-stable patches
X-Git-Tag: v4.15.3~18
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d251265aa4e011d9b17b70dc18ff50acca809ef1;p=thirdparty%2Fkernel%2Fstable-queue.git

3.18-stable patches

added patches:
	arm-exynos_defconfig-enable-nfsv4-client.patch
	arm-exynos_defconfig-enable-options-to-mount-a-rootfs-via-nfs.patch
	keys-encrypted-fix-buffer-overread-in-valid_master_desc.patch
---

diff --git a/queue-3.18/arm-exynos_defconfig-enable-nfsv4-client.patch b/queue-3.18/arm-exynos_defconfig-enable-nfsv4-client.patch
new file mode 100644
index 00000000000..47058b48532
--- /dev/null
+++ b/queue-3.18/arm-exynos_defconfig-enable-nfsv4-client.patch
@@ -0,0 +1,35 @@
+From 1c1fb9b0c89a2506e556114c813a606bc1508d49 Mon Sep 17 00:00:00 2001
+From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
+Date: Wed, 25 Nov 2015 13:09:43 +0900
+Subject: ARM: exynos_defconfig: Enable NFSv4 client
+
+From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
+
+commit 1c1fb9b0c89a2506e556114c813a606bc1508d49 upstream.
+
+NFS client is already enabled (NFS_FS) and by default it enables clients
+for version 2 and 3. Enable explicitly the version 4 client to utilize
+the newer protocol.
+
+The NFS client is especially useful for testing kernel in automated
+environments (network boot with network file system).
+
+Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
+Reviewed-by: Javier Martinez Canillas <javier@osg.samsung.com>
+Signed-off-by: Guillaume Tucker <guillaume.tucker@collabora.com>
+Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm/configs/exynos_defconfig |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/arm/configs/exynos_defconfig
++++ b/arch/arm/configs/exynos_defconfig
+@@ -175,6 +175,7 @@ CONFIG_TMPFS_POSIX_ACL=y
+ CONFIG_CRAMFS=y
+ CONFIG_ROMFS_FS=y
+ CONFIG_NFS_FS=y
++CONFIG_NFS_V4=y
+ CONFIG_ROOT_NFS=y
+ CONFIG_NLS_CODEPAGE_437=y
+ CONFIG_NLS_ASCII=y
diff --git a/queue-3.18/arm-exynos_defconfig-enable-options-to-mount-a-rootfs-via-nfs.patch b/queue-3.18/arm-exynos_defconfig-enable-options-to-mount-a-rootfs-via-nfs.patch
new file mode 100644
index 00000000000..ffb0dd66f2b
--- /dev/null
+++ b/queue-3.18/arm-exynos_defconfig-enable-options-to-mount-a-rootfs-via-nfs.patch
@@ -0,0 +1,44 @@
+From 19f79ccf6d77409cd138bce8db206cdac7fd5ea7 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
+Date: Fri, 27 Mar 2015 01:50:16 +0900
+Subject: ARM: exynos_defconfig: Enable options to mount a rootfs via NFS
+
+From: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
+
+commit 19f79ccf6d77409cd138bce8db206cdac7fd5ea7 upstream.
+
+This patch enables the options to mount a rootfs over NFS and also
+support for automatic configuration of IP addresses during boot as
+needed by NFS.
+
+Signed-off-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
+Signed-off-by: Kukjin Kim <kgene@kernel.org>
+Signed-off-by: Guillaume Tucker <guillaume.tucker@collabora.com>
+Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm/configs/exynos_defconfig |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/arch/arm/configs/exynos_defconfig
++++ b/arch/arm/configs/exynos_defconfig
+@@ -33,6 +33,10 @@ CONFIG_PACKET=y
+ CONFIG_UNIX=y
+ CONFIG_NET_KEY=y
+ CONFIG_INET=y
++CONFIG_IP_PNP=y
++CONFIG_IP_PNP_DHCP=y
++CONFIG_IP_PNP_BOOTP=y
++CONFIG_IP_PNP_RARP=y
+ CONFIG_RFKILL_REGULATOR=y
+ CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
+ CONFIG_DEVTMPFS=y
+@@ -170,6 +174,8 @@ CONFIG_TMPFS=y
+ CONFIG_TMPFS_POSIX_ACL=y
+ CONFIG_CRAMFS=y
+ CONFIG_ROMFS_FS=y
++CONFIG_NFS_FS=y
++CONFIG_ROOT_NFS=y
+ CONFIG_NLS_CODEPAGE_437=y
+ CONFIG_NLS_ASCII=y
+ CONFIG_NLS_ISO8859_1=y
diff --git a/queue-3.18/keys-encrypted-fix-buffer-overread-in-valid_master_desc.patch b/queue-3.18/keys-encrypted-fix-buffer-overread-in-valid_master_desc.patch
new file mode 100644
index 00000000000..614f8f12861
--- /dev/null
+++ b/queue-3.18/keys-encrypted-fix-buffer-overread-in-valid_master_desc.patch
@@ -0,0 +1,68 @@
+From 794b4bc292f5d31739d89c0202c54e7dc9bc3add Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Thu, 8 Jun 2017 14:48:18 +0100
+Subject: KEYS: encrypted: fix buffer overread in valid_master_desc()
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 794b4bc292f5d31739d89c0202c54e7dc9bc3add upstream.
+
+With the 'encrypted' key type it was possible for userspace to provide a
+data blob ending with a master key description shorter than expected,
+e.g. 'keyctl add encrypted desc "new x" @s'.  When validating such a
+master key description, validate_master_desc() could read beyond the end
+of the buffer.  Fix this by using strncmp() instead of memcmp().  [Also
+clean up the code to deduplicate some logic.]
+
+Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Signed-off-by: James Morris <james.l.morris@oracle.com>
+Signed-off-by: Jin Qian <jinqian@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/keys/encrypted-keys/encrypted.c |   31 +++++++++++++++----------------
+ 1 file changed, 15 insertions(+), 16 deletions(-)
+
+--- a/security/keys/encrypted-keys/encrypted.c
++++ b/security/keys/encrypted-keys/encrypted.c
+@@ -141,23 +141,22 @@ static int valid_ecryptfs_desc(const cha
+  */
+ static int valid_master_desc(const char *new_desc, const char *orig_desc)
+ {
+-	if (!memcmp(new_desc, KEY_TRUSTED_PREFIX, KEY_TRUSTED_PREFIX_LEN)) {
+-		if (strlen(new_desc) == KEY_TRUSTED_PREFIX_LEN)
+-			goto out;
+-		if (orig_desc)
+-			if (memcmp(new_desc, orig_desc, KEY_TRUSTED_PREFIX_LEN))
+-				goto out;
+-	} else if (!memcmp(new_desc, KEY_USER_PREFIX, KEY_USER_PREFIX_LEN)) {
+-		if (strlen(new_desc) == KEY_USER_PREFIX_LEN)
+-			goto out;
+-		if (orig_desc)
+-			if (memcmp(new_desc, orig_desc, KEY_USER_PREFIX_LEN))
+-				goto out;
+-	} else
+-		goto out;
++	int prefix_len;
++
++	if (!strncmp(new_desc, KEY_TRUSTED_PREFIX, KEY_TRUSTED_PREFIX_LEN))
++		prefix_len = KEY_TRUSTED_PREFIX_LEN;
++	else if (!strncmp(new_desc, KEY_USER_PREFIX, KEY_USER_PREFIX_LEN))
++		prefix_len = KEY_USER_PREFIX_LEN;
++	else
++		return -EINVAL;
++
++	if (!new_desc[prefix_len])
++		return -EINVAL;
++
++	if (orig_desc && strncmp(new_desc, orig_desc, prefix_len))
++		return -EINVAL;
++
+ 	return 0;
+-out:
+-	return -EINVAL;
+ }
+ 
+ /*
diff --git a/queue-3.18/series b/queue-3.18/series
index 9db336baeb7..f1f75bca9d2 100644
--- a/queue-3.18/series
+++ b/queue-3.18/series
@@ -4,3 +4,6 @@ net-igmp-add-a-missing-rcu-locking-section.patch
 qlcnic-fix-deadlock-bug.patch
 r8169-fix-rtl8168ep-take-too-long-to-complete-driver-initialization.patch
 tcp-release-sk_frag.page-in-tcp_disconnect.patch
+arm-exynos_defconfig-enable-options-to-mount-a-rootfs-via-nfs.patch
+arm-exynos_defconfig-enable-nfsv4-client.patch
+keys-encrypted-fix-buffer-overread-in-valid_master_desc.patch