From 9ce7aa325ebdc86426390b0f8adc3ea43d3b8b7d Mon Sep 17 00:00:00 2001 From: Stijn Segers Date: Sat, 4 Aug 2018 18:08:26 +0200 Subject: kernel: bump 4.14 to 4.14.60 for 18.06 * Refreshed patches. * Patches made redundant by changes upstream: - target/linux/ramips/patches-4.14/0036-mtd-fix-cfi-cmdset-0002-erase-status-check.patch * Patches accepted upstream: - target/linux/apm821xx/patches-4.14/020-0001-crypto-crypto4xx-remove-bad-list_del.patch - target/linux/apm821xx/patches-4.14/020-0011-crypto-crypto4xx-fix-crypto4xx_build_pdr-crypto4xx_b.patch - target/linux/brcm63xx/patches-4.14/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch - target/linux/brcm63xx/patches-4.14/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch - target/linux/generic/backport-4.14/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch - target/linux/generic/pending-4.14/900-gen_stats-fix-netlink-stats-padding.patch The ext4 regression introduced in 4.14.55 has been fixed by 4.14.60 (commit f547aa20b4f61662ad3e1a2040bb3cc5778f19b0). Fixes the following CVEs: - CVE-2018-10876 - CVE-2018-10877 - CVE-2018-10879 - CVE-2018-10880 - CVE-2018-10881 - CVE-2018-10882 - CVE-2018-10883 Thanks to Stijn Tintel for the CVE list :-). Compile-tested on: ramips/mt7621, x86/64 Run-tested on: ramips/mt7621, x86/64 Signed-off-by: Stijn Segers --- ...f_tables-add-single-table-list-for-all-fa.patch | 58 +++++++++++----------- 1 file changed, 29 insertions(+), 29 deletions(-) (limited to 'target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch') diff --git a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch index 59bffa2ada..320a90c11c 100644 --- a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch +++ b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch @@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; } -@@ -2827,7 +2824,7 @@ static int nf_tables_fill_set(struct sk_ +@@ -2828,7 +2825,7 @@ static int nf_tables_fill_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -679,7 +679,7 @@ Signed-off-by: Pablo Neira Ayuso nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -2919,10 +2916,8 @@ static int nf_tables_dump_sets(struct sk +@@ -2920,10 +2917,8 @@ static int nf_tables_dump_sets(struct sk { const struct nft_set *set; unsigned int idx, s_idx = cb->args[0]; @@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_ctx *ctx = cb->data, ctx_set; if (cb->args[1]) -@@ -2931,51 +2926,44 @@ static int nf_tables_dump_sets(struct sk +@@ -2932,51 +2927,44 @@ static int nf_tables_dump_sets(struct sk rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -771,7 +771,7 @@ Signed-off-by: Pablo Neira Ayuso } cb->args[1] = 1; done: -@@ -3185,11 +3173,12 @@ static int nf_tables_newset(struct net * +@@ -3186,11 +3174,12 @@ static int nf_tables_newset(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -786,7 +786,7 @@ Signed-off-by: Pablo Neira Ayuso set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3458,12 +3447,12 @@ static int nft_ctx_init_from_elemattr(st +@@ -3459,12 +3448,12 @@ static int nft_ctx_init_from_elemattr(st if (IS_ERR(afi)) return PTR_ERR(afi); @@ -802,7 +802,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; } -@@ -3568,7 +3557,6 @@ static int nf_tables_dump_set(struct sk_ +@@ -3569,7 +3558,6 @@ static int nf_tables_dump_set(struct sk_ { struct nft_set_dump_ctx *dump_ctx = cb->data; struct net *net = sock_net(skb->sk); @@ -810,7 +810,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_set *set; struct nft_set_dump_args args; -@@ -3580,21 +3568,19 @@ static int nf_tables_dump_set(struct sk_ +@@ -3581,21 +3569,19 @@ static int nf_tables_dump_set(struct sk_ int event; rcu_read_lock(); @@ -841,7 +841,7 @@ Signed-off-by: Pablo Neira Ayuso } break; } -@@ -3614,7 +3600,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3615,7 +3601,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -850,7 +850,7 @@ Signed-off-by: Pablo Neira Ayuso nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -3716,7 +3702,7 @@ static int nf_tables_fill_setelem_info(s +@@ -3717,7 +3703,7 @@ static int nf_tables_fill_setelem_info(s goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -859,7 +859,7 @@ Signed-off-by: Pablo Neira Ayuso nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -3960,7 +3946,7 @@ static int nft_add_set_elem(struct nft_c +@@ -3961,7 +3947,7 @@ static int nft_add_set_elem(struct nft_c list_for_each_entry(binding, &set->bindings, list) { struct nft_ctx bind_ctx = { .net = ctx->net, @@ -868,7 +868,7 @@ Signed-off-by: Pablo Neira Ayuso .table = ctx->table, .chain = (struct nft_chain *)binding->chain, }; -@@ -4509,7 +4495,8 @@ static int nf_tables_newobj(struct net * +@@ -4510,7 +4496,8 @@ static int nf_tables_newobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -878,7 +878,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -4527,7 +4514,7 @@ static int nf_tables_newobj(struct net * +@@ -4528,7 +4515,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -887,7 +887,7 @@ Signed-off-by: Pablo Neira Ayuso type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4604,7 +4591,6 @@ struct nft_obj_filter { +@@ -4605,7 +4592,6 @@ struct nft_obj_filter { static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -895,7 +895,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; unsigned int idx = 0, s_idx = cb->args[0]; struct nft_obj_filter *filter = cb->data; -@@ -4619,38 +4605,37 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4620,38 +4606,37 @@ static int nf_tables_dump_obj(struct sk_ rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -960,7 +960,7 @@ Signed-off-by: Pablo Neira Ayuso } } done: -@@ -4737,7 +4722,8 @@ static int nf_tables_getobj(struct net * +@@ -4738,7 +4723,8 @@ static int nf_tables_getobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -4797,7 +4783,8 @@ static int nf_tables_delobj(struct net * +@@ -4798,7 +4784,8 @@ static int nf_tables_delobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -4808,7 +4795,7 @@ static int nf_tables_delobj(struct net * +@@ -4809,7 +4796,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -989,7 +989,7 @@ Signed-off-by: Pablo Neira Ayuso return nft_delobj(&ctx, obj); } -@@ -4846,7 +4833,7 @@ static void nf_tables_obj_notify(const s +@@ -4847,7 +4834,7 @@ static void nf_tables_obj_notify(const s struct nft_object *obj, int event) { nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event, @@ -998,7 +998,7 @@ Signed-off-by: Pablo Neira Ayuso } /* -@@ -5036,7 +5023,7 @@ void nft_flow_table_iterate(struct net * +@@ -5037,7 +5024,7 @@ void nft_flow_table_iterate(struct net * rcu_read_lock(); list_for_each_entry_rcu(afi, &net->nft.af_info, list) { @@ -1007,7 +1007,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry_rcu(flowtable, &table->flowtables, list) { iter(&flowtable->data, data); } -@@ -5084,7 +5071,8 @@ static int nf_tables_newflowtable(struct +@@ -5085,7 +5072,8 @@ static int nf_tables_newflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1017,7 +1017,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5101,7 +5089,7 @@ static int nf_tables_newflowtable(struct +@@ -5102,7 +5090,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -1026,7 +1026,7 @@ Signed-off-by: Pablo Neira Ayuso flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5182,7 +5170,8 @@ static int nf_tables_delflowtable(struct +@@ -5183,7 +5171,8 @@ static int nf_tables_delflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1036,7 +1036,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5193,7 +5182,7 @@ static int nf_tables_delflowtable(struct +@@ -5194,7 +5183,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1045,7 +1045,7 @@ Signed-off-by: Pablo Neira Ayuso return nft_delflowtable(&ctx, flowtable); } -@@ -5262,40 +5251,37 @@ static int nf_tables_dump_flowtable(stru +@@ -5263,40 +5252,37 @@ static int nf_tables_dump_flowtable(stru struct net *net = sock_net(skb->sk); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso } } done: -@@ -5380,7 +5366,8 @@ static int nf_tables_getflowtable(struct +@@ -5381,7 +5367,8 @@ static int nf_tables_getflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5423,7 +5410,7 @@ static void nf_tables_flowtable_notify(s +@@ -5424,7 +5411,7 @@ static void nf_tables_flowtable_notify(s err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, ctx->seq, event, 0, @@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso if (err < 0) { kfree_skb(skb); goto err; -@@ -5501,17 +5488,14 @@ static int nf_tables_flowtable_event(str +@@ -5502,17 +5489,14 @@ static int nf_tables_flowtable_event(str struct net_device *dev = netdev_notifier_info_to_dev(ptr); struct nft_flowtable *flowtable; struct nft_table *table; @@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso } } nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -6532,6 +6516,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); +@@ -6533,6 +6517,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); static int __net_init nf_tables_init_net(struct net *net) { INIT_LIST_HEAD(&net->nft.af_info); @@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso INIT_LIST_HEAD(&net->nft.commit_list); net->nft.base_seq = 1; return 0; -@@ -6568,10 +6553,10 @@ static void __nft_release_afinfo(struct +@@ -6569,10 +6554,10 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, -- cgit v1.2.3