diff options
| author | Stijn Tintel <stijn@linux-ipv6.be> | 2019-01-17 01:01:18 +0200 |
|---|---|---|
| committer | Stijn Tintel <stijn@linux-ipv6.be> | 2019-01-17 03:04:13 +0200 |
| commit | a37098a2d013f89a97ee001d5fb0980e538d2dee (patch) | |
| tree | dc6dd90582fd78f3b69364328f4415a9dfcb4dd7 /target/linux/generic/backport-4.19 | |
| parent | 76cc7665211266c810e59ebd74b810f69aaf8706 (diff) | |
| download | upstream-a37098a2d013f89a97ee001d5fb0980e538d2dee.tar.gz upstream-a37098a2d013f89a97ee001d5fb0980e538d2dee.tar.bz2 upstream-a37098a2d013f89a97ee001d5fb0980e538d2dee.zip | |
kernel: bump 4.19 to 4.19.16
Refresh patches.
Remove upstreamed patches:
- backport/096-mips-math-emu-Write-protect-delay-slot-emulation-pages.patch
- backport/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
- backport/424-v4.20-net-dsa-fix-88e6060-roaming.patch
- hack/100-mtd-rawnand-qcom-fix-memory-corruption-that-causes-p.patch
- pending/510-f2fs-fix-sanity_check_raw_super-on-big-endian-machines.patch
Update patch that no longer applies:
- backport/343-netfilter-nft_flow_offload-handle-netdevice-events-f.patch
Compile-tested: mesongx
Runtime-tested: mesongx
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Diffstat (limited to 'target/linux/generic/backport-4.19')
6 files changed, 15 insertions, 212 deletions
diff --git a/target/linux/generic/backport-4.19/096-mips-math-emu-Write-protect-delay-slot-emulation-pages.patch b/target/linux/generic/backport-4.19/096-mips-math-emu-Write-protect-delay-slot-emulation-pages.patch deleted file mode 100644 index f428285a64..0000000000 --- a/target/linux/generic/backport-4.19/096-mips-math-emu-Write-protect-delay-slot-emulation-pages.patch +++ /dev/null @@ -1,119 +0,0 @@ -From adcc81f148d733b7e8e641300c5590a2cdc13bf3 Mon Sep 17 00:00:00 2001 -From: Paul Burton <paul.burton@mips.com> -Date: Thu, 20 Dec 2018 17:45:43 +0000 -Subject: MIPS: math-emu: Write-protect delay slot emulation pages - -Mapping the delay slot emulation page as both writeable & executable -presents a security risk, in that if an exploit can write to & jump into -the page then it can be used as an easy way to execute arbitrary code. - -Prevent this by mapping the page read-only for userland, and using -access_process_vm() with the FOLL_FORCE flag to write to it from -mips_dsemul(). - -This will likely be less efficient due to copy_to_user_page() performing -cache maintenance on a whole page, rather than a single line as in the -previous use of flush_cache_sigtramp(). However this delay slot -emulation code ought not to be running in any performance critical paths -anyway so this isn't really a problem, and we can probably do better in -copy_to_user_page() anyway in future. - -A major advantage of this approach is that the fix is small & simple to -backport to stable kernels. - -Reported-by: Andy Lutomirski <luto@kernel.org> -Signed-off-by: Paul Burton <paul.burton@mips.com> -Fixes: 432c6bacbd0c ("MIPS: Use per-mm page to execute branch delay slot instructions") -Cc: stable@vger.kernel.org # v4.8+ -Cc: linux-mips@vger.kernel.org -Cc: linux-kernel@vger.kernel.org -Cc: Rich Felker <dalias@libc.org> -Cc: David Daney <david.daney@cavium.com> ---- - arch/mips/kernel/vdso.c | 4 ++-- - arch/mips/math-emu/dsemul.c | 38 ++++++++++++++++++++------------------ - 2 files changed, 22 insertions(+), 20 deletions(-) - ---- a/arch/mips/kernel/vdso.c -+++ b/arch/mips/kernel/vdso.c -@@ -126,8 +126,8 @@ int arch_setup_additional_pages(struct l - - /* Map delay slot emulation page */ - base = mmap_region(NULL, STACK_TOP, PAGE_SIZE, -- VM_READ|VM_WRITE|VM_EXEC| -- VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, -+ VM_READ | VM_EXEC | -+ VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC, - 0, NULL); - if (IS_ERR_VALUE(base)) { - ret = base; ---- a/arch/mips/math-emu/dsemul.c -+++ b/arch/mips/math-emu/dsemul.c -@@ -214,8 +214,9 @@ int mips_dsemul(struct pt_regs *regs, mi - { - int isa16 = get_isa16_mode(regs->cp0_epc); - mips_instruction break_math; -- struct emuframe __user *fr; -- int err, fr_idx; -+ unsigned long fr_uaddr; -+ struct emuframe fr; -+ int fr_idx, ret; - - /* NOP is easy */ - if (ir == 0) -@@ -250,27 +251,31 @@ int mips_dsemul(struct pt_regs *regs, mi - fr_idx = alloc_emuframe(); - if (fr_idx == BD_EMUFRAME_NONE) - return SIGBUS; -- fr = &dsemul_page()[fr_idx]; - - /* Retrieve the appropriately encoded break instruction */ - break_math = BREAK_MATH(isa16); - - /* Write the instructions to the frame */ - if (isa16) { -- err = __put_user(ir >> 16, -- (u16 __user *)(&fr->emul)); -- err |= __put_user(ir & 0xffff, -- (u16 __user *)((long)(&fr->emul) + 2)); -- err |= __put_user(break_math >> 16, -- (u16 __user *)(&fr->badinst)); -- err |= __put_user(break_math & 0xffff, -- (u16 __user *)((long)(&fr->badinst) + 2)); -+ union mips_instruction _emul = { -+ .halfword = { ir >> 16, ir } -+ }; -+ union mips_instruction _badinst = { -+ .halfword = { break_math >> 16, break_math } -+ }; -+ -+ fr.emul = _emul.word; -+ fr.badinst = _badinst.word; - } else { -- err = __put_user(ir, &fr->emul); -- err |= __put_user(break_math, &fr->badinst); -+ fr.emul = ir; -+ fr.badinst = break_math; - } - -- if (unlikely(err)) { -+ /* Write the frame to user memory */ -+ fr_uaddr = (unsigned long)&dsemul_page()[fr_idx]; -+ ret = access_process_vm(current, fr_uaddr, &fr, sizeof(fr), -+ FOLL_FORCE | FOLL_WRITE); -+ if (unlikely(ret != sizeof(fr))) { - MIPS_FPU_EMU_INC_STATS(errors); - free_emuframe(fr_idx, current->mm); - return SIGBUS; -@@ -282,10 +287,7 @@ int mips_dsemul(struct pt_regs *regs, mi - atomic_set(¤t->thread.bd_emu_frame, fr_idx); - - /* Change user register context to execute the frame */ -- regs->cp0_epc = (unsigned long)&fr->emul | isa16; -- -- /* Ensure the icache observes our newly written frame */ -- flush_cache_sigtramp((unsigned long)&fr->emul); -+ regs->cp0_epc = fr_uaddr | isa16; - - return 0; - } diff --git a/target/linux/generic/backport-4.19/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch b/target/linux/generic/backport-4.19/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch deleted file mode 100644 index 3f5267eb75..0000000000 --- a/target/linux/generic/backport-4.19/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 508b09046c0f21678652fb66fd1e9959d55591d2 Mon Sep 17 00:00:00 2001 -From: Alin Nastac <alin.nastac@gmail.com> -Date: Wed, 21 Nov 2018 14:00:30 +0100 -Subject: [PATCH] netfilter: ipv6: Preserve link scope traffic original oif - -When ip6_route_me_harder is invoked, it resets outgoing interface of: - - link-local scoped packets sent by neighbor discovery - - multicast packets sent by MLD host - - multicast packets send by MLD proxy daemon that sets outgoing - interface through IPV6_PKTINFO ipi6_ifindex - -Link-local and multicast packets must keep their original oif after -ip6_route_me_harder is called. - -Signed-off-by: Alin Nastac <alin.nastac@gmail.com> -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - net/ipv6/netfilter.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/net/ipv6/netfilter.c -+++ b/net/ipv6/netfilter.c -@@ -24,7 +24,8 @@ int ip6_route_me_harder(struct net *net, - unsigned int hh_len; - struct dst_entry *dst; - struct flowi6 fl6 = { -- .flowi6_oif = sk ? sk->sk_bound_dev_if : 0, -+ .flowi6_oif = sk && sk->sk_bound_dev_if ? sk->sk_bound_dev_if : -+ rt6_need_strict(&iph->daddr) ? skb_dst(skb)->dev->ifindex : 0, - .flowi6_mark = skb->mark, - .flowi6_uid = sock_net_uid(net, sk), - .daddr = iph->daddr, diff --git a/target/linux/generic/backport-4.19/100-arm-cns3xxx-fix-writing-to-wrong-PCI-registers-after.patch b/target/linux/generic/backport-4.19/100-arm-cns3xxx-fix-writing-to-wrong-PCI-registers-after.patch index 458515a0b5..faeb3e4170 100644 --- a/target/linux/generic/backport-4.19/100-arm-cns3xxx-fix-writing-to-wrong-PCI-registers-after.patch +++ b/target/linux/generic/backport-4.19/100-arm-cns3xxx-fix-writing-to-wrong-PCI-registers-after.patch @@ -61,11 +61,9 @@ CC: stable@vger.kernel.org # v4.0+ arch/arm/mach-cns3xxx/pcie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/arch/arm/mach-cns3xxx/pcie.c b/arch/arm/mach-cns3xxx/pcie.c -index 318394ed5c7a..5e11ad3164e0 100644 --- a/arch/arm/mach-cns3xxx/pcie.c +++ b/arch/arm/mach-cns3xxx/pcie.c -@@ -83,7 +83,7 @@ static void __iomem *cns3xxx_pci_map_bus(struct pci_bus *bus, +@@ -83,7 +83,7 @@ static void __iomem *cns3xxx_pci_map_bus } else /* remote PCI bus */ base = cnspci->cfg1_regs + ((busno & 0xf) << 20); @@ -74,6 +72,3 @@ index 318394ed5c7a..5e11ad3164e0 100644 } static int cns3xxx_pci_read_config(struct pci_bus *bus, unsigned int devfn, --- -2.17.1 - diff --git a/target/linux/generic/backport-4.19/343-netfilter-nft_flow_offload-handle-netdevice-events-f.patch b/target/linux/generic/backport-4.19/343-netfilter-nft_flow_offload-handle-netdevice-events-f.patch index 0badce1b73..51c9e488e9 100644 --- a/target/linux/generic/backport-4.19/343-netfilter-nft_flow_offload-handle-netdevice-events-f.patch +++ b/target/linux/generic/backport-4.19/343-netfilter-nft_flow_offload-handle-netdevice-events-f.patch @@ -48,7 +48,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>"); --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c -@@ -193,44 +193,14 @@ static struct nft_expr_type nft_flow_off +@@ -193,47 +193,14 @@ static struct nft_expr_type nft_flow_off .owner = THIS_MODULE, }; @@ -73,7 +73,9 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { - int err; - -- register_netdevice_notifier(&flow_offload_netdev_notifier); +- err = register_netdevice_notifier(&flow_offload_netdev_notifier); +- if (err) +- goto err; - - err = nft_register_expr(&nft_flow_offload_type); - if (err < 0) @@ -83,6 +85,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> - -register_expr: - unregister_netdevice_notifier(&flow_offload_netdev_notifier); +-err: - return err; + return nft_register_expr(&nft_flow_offload_type); } diff --git a/target/linux/generic/backport-4.19/424-v4.20-net-dsa-fix-88e6060-roaming.patch b/target/linux/generic/backport-4.19/424-v4.20-net-dsa-fix-88e6060-roaming.patch deleted file mode 100644 index a242623983..0000000000 --- a/target/linux/generic/backport-4.19/424-v4.20-net-dsa-fix-88e6060-roaming.patch +++ /dev/null @@ -1,44 +0,0 @@ -From a74515604a7b171f2702bdcbd1e231225fb456d0 Mon Sep 17 00:00:00 2001 -From: Anderson Luiz Alves <alacn1@gmail.com> -Date: Fri, 30 Nov 2018 21:58:36 -0200 -Subject: [PATCH] mv88e6060: disable hardware level MAC learning - -Disable hardware level MAC learning because it breaks station roaming. -When enabled it drops all frames that arrive from a MAC address -that is on a different port at learning table. - -Signed-off-by: Anderson Luiz Alves <alacn1@gmail.com> -Reviewed-by: Andrew Lunn <andrew@lunn.ch> -Signed-off-by: David S. Miller <davem@davemloft.net> ---- - drivers/net/dsa/mv88e6060.c | 10 +++------- - 1 file changed, 3 insertions(+), 7 deletions(-) - ---- a/drivers/net/dsa/mv88e6060.c -+++ b/drivers/net/dsa/mv88e6060.c -@@ -116,8 +116,7 @@ static int mv88e6060_switch_reset(struct - /* Reset the switch. */ - REG_WRITE(REG_GLOBAL, GLOBAL_ATU_CONTROL, - GLOBAL_ATU_CONTROL_SWRESET | -- GLOBAL_ATU_CONTROL_ATUSIZE_1024 | -- GLOBAL_ATU_CONTROL_ATE_AGE_5MIN); -+ GLOBAL_ATU_CONTROL_LEARNDIS); - - /* Wait up to one second for reset to complete. */ - timeout = jiffies + 1 * HZ; -@@ -142,13 +141,10 @@ static int mv88e6060_setup_global(struct - */ - REG_WRITE(REG_GLOBAL, GLOBAL_CONTROL, GLOBAL_CONTROL_MAX_FRAME_1536); - -- /* Enable automatic address learning, set the address -- * database size to 1024 entries, and set the default aging -- * time to 5 minutes. -+ /* Disable automatic address learning. - */ - REG_WRITE(REG_GLOBAL, GLOBAL_ATU_CONTROL, -- GLOBAL_ATU_CONTROL_ATUSIZE_1024 | -- GLOBAL_ATU_CONTROL_ATE_AGE_5MIN); -+ GLOBAL_ATU_CONTROL_LEARNDIS); - - return 0; - } diff --git a/target/linux/generic/backport-4.19/500-ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch b/target/linux/generic/backport-4.19/500-ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch index 345a73cf46..53e2c2aaba 100644 --- a/target/linux/generic/backport-4.19/500-ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch +++ b/target/linux/generic/backport-4.19/500-ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch @@ -36,7 +36,7 @@ Signed-off-by: Richard Weinberger <richard@nod.at> --- a/fs/ubifs/replay.c +++ b/fs/ubifs/replay.c -@@ -210,6 +210,38 @@ static int trun_remove_range(struct ubif +@@ -242,6 +242,38 @@ static bool inode_still_linked(struct ub } /** @@ -75,15 +75,15 @@ Signed-off-by: Richard Weinberger <richard@nod.at> * apply_replay_entry - apply a replay entry to the TNC. * @c: UBIFS file-system description object * @r: replay entry to apply -@@ -236,6 +268,11 @@ static int apply_replay_entry(struct ubi - { - ino_t inum = key_inum(c, &r->key); +@@ -270,6 +302,11 @@ static int apply_replay_entry(struct ubi -+ if (inode_still_linked(c, r)) { -+ err = 0; + if (inode_still_linked(c, r)) { + err = 0; + break; + } + - err = ubifs_tnc_remove_ino(c, inum); - break; - } ++ if (inode_still_linked(c, r)) { ++ err = 0; + break; + } + |