From 22b9f99b87fa1ff991180cabf02dd04d1bddce2b Mon Sep 17 00:00:00 2001 From: Stijn Tintel Date: Tue, 31 Jul 2018 05:11:07 +0300 Subject: kernel: bump 4.14 to 4.14.59 Drop patch that was superseded upstream: ramips/0036-mtd-fix-cfi-cmdset-0002-erase-status-check.patch Drop upstreamed patches: - apm821xx/020-0001-crypto-crypto4xx-remove-bad-list_del.patch - apm821xx/020-0011-crypto-crypto4xx-fix-crypto4xx_build_pdr-crypto4xx_b.patch - ath79/0011-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch - brcm63xx/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch - brcm63xx/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch - generic/backport/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch - generic/pending/170-usb-dwc2-Fix-DMA-alignment-to-start-at-allocated-boun.patch - generic/pending/900-gen_stats-fix-netlink-stats-padding.patch In 4.14.55, a patch was introduced that breaks ext4 images in some cases. The newly introduced patch backport-4.14/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch addresses this breakage. Fixes the following CVEs: - CVE-2018-10876 - CVE-2018-10877 - CVE-2018-10879 - CVE-2018-10880 - CVE-2018-10881 - CVE-2018-10882 - CVE-2018-10883 Compile-tested: ath79, octeon, x86/64 Runtime-tested: ath79, octeon, x86/64 Signed-off-by: Stijn Tintel --- .../900-gen_stats-fix-netlink-stats-padding.patch | 49 ---------------------- 1 file changed, 49 deletions(-) delete mode 100644 target/linux/generic/pending-4.14/900-gen_stats-fix-netlink-stats-padding.patch (limited to 'target/linux/generic/pending-4.14/900-gen_stats-fix-netlink-stats-padding.patch') diff --git a/target/linux/generic/pending-4.14/900-gen_stats-fix-netlink-stats-padding.patch b/target/linux/generic/pending-4.14/900-gen_stats-fix-netlink-stats-padding.patch deleted file mode 100644 index f5ceecca93..0000000000 --- a/target/linux/generic/pending-4.14/900-gen_stats-fix-netlink-stats-padding.patch +++ /dev/null @@ -1,49 +0,0 @@ -The gen_stats facility will add a header for the toplevel nlattr of type -TCA_STATS2 that contains all stats added by qdisc callbacks. A reference -to this header is stored in the gnet_dump struct, and when all the -per-qdisc callbacks have finished adding their stats, the length of the -containing header will be adjusted to the right value. - -However, on architectures that need padding (i.e., that don't set -CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS), the padding nlattr is added -before the stats, which means that the stored pointer will point to the -padding, and so when the header is fixed up, the result is just a very -big padding nlattr. Because most qdiscs also supply the legacy TCA_STATS -struct, this problem has been mostly invisible, but we exposed it with -the netlink attribute-based statistics in CAKE. - -Fix the issue by fixing up the stored pointer if it points to a padding -nlattr. - -Tested-by: Pete Heist -Tested-by: Kevin Darbyshire-Bryant -Signed-off-by: Toke Høiland-Jørgensen ---- - net/core/gen_stats.c | 16 ++++++++++++++-- - 1 file changed, 14 insertions(+), 2 deletions(-) - ---- a/net/core/gen_stats.c -+++ b/net/core/gen_stats.c -@@ -77,8 +77,20 @@ gnet_stats_start_copy_compat(struct sk_b - d->lock = lock; - spin_lock_bh(lock); - } -- if (d->tail) -- return gnet_stats_copy(d, type, NULL, 0, padattr); -+ if (d->tail) { -+ int ret = gnet_stats_copy(d, type, NULL, 0, padattr); -+ -+ /* The initial attribute added in gnet_stats_copy() may be -+ * preceded by a padding attribute, in which case d->tail will -+ * end up pointing at the padding instead of the real attribute. -+ * Fix this so gnet_stats_finish_copy() adjusts the length of -+ * the right attribute. -+ */ -+ if (ret == 0 && d->tail->nla_type == padattr) -+ d->tail = (struct nlattr *)((char *)d->tail + -+ NLA_ALIGN(d->tail->nla_len)); -+ return ret; -+ } - - return 0; - } -- cgit v1.2.3