From a08a9da15b0dbf212c824455f435c2fd127390b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Fabian=20Silva=20Delgado?= Date: Tue, 13 Dec 2016 06:57:50 -0300 Subject: linux-libre-4.8.14_gnu-1: updating version --- ...RM-atags-add-support-for-Marvell-s-u-boot.patch | 2 +- ...Fix-invalid-FPU-ptrace-state-after-execve.patch | 65 +++++++++++++++++++++ ...dt-retrieve-MAC-addresses-from-Marvell-bo.patch | 2 +- .../0003-SMILE-Plug-device-tree-file.patch | 2 +- .../linux-libre/0004-fix-mvsdio-eMMC-timing.patch | 2 +- ...x-Allow-mac-address-to-be-set-as-a-parame.patch | 2 +- ...IC23-SoC-Audio-Codec-Fix-errors-reported-.patch | 2 +- .../0007-set-default-cubietruck-led-triggers.patch | 2 +- libre/linux-libre/0008-USB-armory-support.patch | 2 +- ...M-dts-imx6ul-pico-hobbit-Add-Wifi-support.patch | 2 +- ...odroid-set-higher-minimum-buck2-regulator.patch | 2 +- ...sb-Call-pm_runtime-from-musb_gadget_queue.patch | 2 +- ...30-usb-better-handle-musb_mailbox-failure.patch | 2 +- ...drm-omapdrm-dss-of-add-missing-of_node_pu.patch | 2 +- libre/linux-libre/PKGBUILD | 48 ++++++++------- .../net_handle_no_dst_on_skb_in_icmp6_send.patch | 68 ++++++++++++++++++++++ 16 files changed, 173 insertions(+), 34 deletions(-) create mode 100644 libre/linux-libre/0001-x86-fpu-Fix-invalid-FPU-ptrace-state-after-execve.patch create mode 100644 libre/linux-libre/net_handle_no_dst_on_skb_in_icmp6_send.patch diff --git a/libre/linux-libre/0001-ARM-atags-add-support-for-Marvell-s-u-boot.patch b/libre/linux-libre/0001-ARM-atags-add-support-for-Marvell-s-u-boot.patch index be5d01500..c4e315141 100644 --- a/libre/linux-libre/0001-ARM-atags-add-support-for-Marvell-s-u-boot.patch +++ b/libre/linux-libre/0001-ARM-atags-add-support-for-Marvell-s-u-boot.patch @@ -1,4 +1,4 @@ -From 8537ea66c09bebc2be88c7e319b27e763842d89f Mon Sep 17 00:00:00 2001 +From 3a71f920fb71aaf3c8a74a73d5bba925752e8390 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Sun, 2 Dec 2012 19:59:28 +0100 Subject: [PATCH 01/13] ARM: atags: add support for Marvell's u-boot diff --git a/libre/linux-libre/0001-x86-fpu-Fix-invalid-FPU-ptrace-state-after-execve.patch b/libre/linux-libre/0001-x86-fpu-Fix-invalid-FPU-ptrace-state-after-execve.patch new file mode 100644 index 000000000..8cef84635 --- /dev/null +++ b/libre/linux-libre/0001-x86-fpu-Fix-invalid-FPU-ptrace-state-after-execve.patch @@ -0,0 +1,65 @@ +From 885bad1e5f32bbf30787ead9578f8174047e6904 Mon Sep 17 00:00:00 2001 +From: Yu-cheng Yu +Date: Thu, 17 Nov 2016 09:11:35 -0800 +Subject: [PATCH] x86/fpu: Fix invalid FPU ptrace state after execve() + +commit b22cbe404a9cc3c7949e380fa1861e31934c8978 upstream. + +Robert O'Callahan reported that after an execve PTRACE_GETREGSET +NT_X86_XSTATE continues to return the pre-exec register values +until the exec'ed task modifies FPU state. + +The test code is at: + + https://bugzilla.redhat.com/attachment.cgi?id=1164286. + +What is happening is fpu__clear() does not properly clear fpstate. +Fix it by doing just that. + +Reported-by: Robert O'Callahan +Signed-off-by: Yu-cheng Yu +Cc: Andy Lutomirski +Cc: Borislav Petkov +Cc: David Hansen +Cc: Fenghua Yu +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Ravi V. Shankar +Cc: Thomas Gleixner +Link: http://lkml.kernel.org/r/1479402695-6553-1-git-send-email-yu-cheng.yu@intel.com +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/fpu/core.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c +index 3fc03a09a93b1710..c289e2f4a6e5b464 100644 +--- a/arch/x86/kernel/fpu/core.c ++++ b/arch/x86/kernel/fpu/core.c +@@ -517,14 +517,14 @@ void fpu__clear(struct fpu *fpu) + { + WARN_ON_FPU(fpu != ¤t->thread.fpu); /* Almost certainly an anomaly */ + +- if (!use_eager_fpu() || !static_cpu_has(X86_FEATURE_FPU)) { +- /* FPU state will be reallocated lazily at the first use. */ +- fpu__drop(fpu); +- } else { +- if (!fpu->fpstate_active) { +- fpu__activate_curr(fpu); +- user_fpu_begin(); +- } ++ fpu__drop(fpu); ++ ++ /* ++ * Make sure fpstate is cleared and initialized. ++ */ ++ if (static_cpu_has(X86_FEATURE_FPU)) { ++ fpu__activate_curr(fpu); ++ user_fpu_begin(); + copy_init_fpstate_to_fpregs(); + } + } +-- +2.10.2 + diff --git a/libre/linux-libre/0002-ARM-atags-fdt-retrieve-MAC-addresses-from-Marvell-bo.patch b/libre/linux-libre/0002-ARM-atags-fdt-retrieve-MAC-addresses-from-Marvell-bo.patch index 242b4cad4..79d0dfb7e 100644 --- a/libre/linux-libre/0002-ARM-atags-fdt-retrieve-MAC-addresses-from-Marvell-bo.patch +++ b/libre/linux-libre/0002-ARM-atags-fdt-retrieve-MAC-addresses-from-Marvell-bo.patch @@ -1,4 +1,4 @@ -From 139fe01610d1c78c6ea9e402b9548f90e95a99bb Mon Sep 17 00:00:00 2001 +From f414d34637b5ffb6cf3e3b9849cd5cc584ef8f19 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Sun, 2 Dec 2012 19:56:58 +0100 Subject: [PATCH 02/13] ARM: atags/fdt: retrieve MAC addresses from Marvell diff --git a/libre/linux-libre/0003-SMILE-Plug-device-tree-file.patch b/libre/linux-libre/0003-SMILE-Plug-device-tree-file.patch index bf8f012eb..b52ebad33 100644 --- a/libre/linux-libre/0003-SMILE-Plug-device-tree-file.patch +++ b/libre/linux-libre/0003-SMILE-Plug-device-tree-file.patch @@ -1,4 +1,4 @@ -From 9d676096d4aa4d2cdd03c242dcb59862e6476562 Mon Sep 17 00:00:00 2001 +From 922440581e2bf77e75230b926ad5fe746327209a Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Fri, 5 Sep 2014 15:41:19 -0600 Subject: [PATCH 03/13] SMILE Plug device tree file diff --git a/libre/linux-libre/0004-fix-mvsdio-eMMC-timing.patch b/libre/linux-libre/0004-fix-mvsdio-eMMC-timing.patch index 70288fa71..13910397d 100644 --- a/libre/linux-libre/0004-fix-mvsdio-eMMC-timing.patch +++ b/libre/linux-libre/0004-fix-mvsdio-eMMC-timing.patch @@ -1,4 +1,4 @@ -From d6bde52e9ae175a59da46054f13e392481b9ca20 Mon Sep 17 00:00:00 2001 +From edb8d8e73417db6941473734b9cfb673c7089f72 Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Fri, 5 Sep 2014 15:43:56 -0600 Subject: [PATCH 04/13] fix mvsdio eMMC timing diff --git a/libre/linux-libre/0005-net-smsc95xx-Allow-mac-address-to-be-set-as-a-parame.patch b/libre/linux-libre/0005-net-smsc95xx-Allow-mac-address-to-be-set-as-a-parame.patch index 291b9c0b4..e89e6388e 100644 --- a/libre/linux-libre/0005-net-smsc95xx-Allow-mac-address-to-be-set-as-a-parame.patch +++ b/libre/linux-libre/0005-net-smsc95xx-Allow-mac-address-to-be-set-as-a-parame.patch @@ -1,4 +1,4 @@ -From 82c2da591ba6285523566a5323962f5fb95b3869 Mon Sep 17 00:00:00 2001 +From a6b9bd0029d9453d4f59bc367f9a33e1a3285709 Mon Sep 17 00:00:00 2001 From: popcornmix Date: Tue, 18 Feb 2014 01:43:50 -0300 Subject: [PATCH 05/13] net/smsc95xx: Allow mac address to be set as a diff --git a/libre/linux-libre/0006-ARM-TLV320AIC23-SoC-Audio-Codec-Fix-errors-reported-.patch b/libre/linux-libre/0006-ARM-TLV320AIC23-SoC-Audio-Codec-Fix-errors-reported-.patch index 9c678243c..b310bdfc8 100644 --- a/libre/linux-libre/0006-ARM-TLV320AIC23-SoC-Audio-Codec-Fix-errors-reported-.patch +++ b/libre/linux-libre/0006-ARM-TLV320AIC23-SoC-Audio-Codec-Fix-errors-reported-.patch @@ -1,4 +1,4 @@ -From e888e5f96c57ea0d8e75084d4bc9e7c6c8812786 Mon Sep 17 00:00:00 2001 +From 927b66f6154db0cf7eb5a6d016a1e53d742a8098 Mon Sep 17 00:00:00 2001 From: dobatog Date: Thu, 26 Feb 2015 12:32:27 +0100 Subject: [PATCH 06/13] ARM: TLV320AIC23 SoC Audio Codec: Fix errors reported diff --git a/libre/linux-libre/0007-set-default-cubietruck-led-triggers.patch b/libre/linux-libre/0007-set-default-cubietruck-led-triggers.patch index a24f5f9ee..fcad9ed0a 100644 --- a/libre/linux-libre/0007-set-default-cubietruck-led-triggers.patch +++ b/libre/linux-libre/0007-set-default-cubietruck-led-triggers.patch @@ -1,4 +1,4 @@ -From 9332f8007064d41fe06611671ba7cecffe18cb0b Mon Sep 17 00:00:00 2001 +From 42885038fd78080edabbce377800994337fbc644 Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Sat, 14 Feb 2015 12:32:27 +0100 Subject: [PATCH 07/13] set default cubietruck led triggers diff --git a/libre/linux-libre/0008-USB-armory-support.patch b/libre/linux-libre/0008-USB-armory-support.patch index 41fac31b4..6b99d160c 100644 --- a/libre/linux-libre/0008-USB-armory-support.patch +++ b/libre/linux-libre/0008-USB-armory-support.patch @@ -1,4 +1,4 @@ -From 8289d8d3cdc80e9093d65d36b73eacfc75c67569 Mon Sep 17 00:00:00 2001 +From e603d79db1ce38be15a8b7d1514301a67d88f920 Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Sat, 7 Feb 2015 12:32:27 +0100 Subject: [PATCH 08/13] USB armory support diff --git a/libre/linux-libre/0009-ARM-dts-imx6ul-pico-hobbit-Add-Wifi-support.patch b/libre/linux-libre/0009-ARM-dts-imx6ul-pico-hobbit-Add-Wifi-support.patch index 167dae8c6..653269f69 100644 --- a/libre/linux-libre/0009-ARM-dts-imx6ul-pico-hobbit-Add-Wifi-support.patch +++ b/libre/linux-libre/0009-ARM-dts-imx6ul-pico-hobbit-Add-Wifi-support.patch @@ -1,4 +1,4 @@ -From 8b1c799d72b295a039618b61f5934008b62a15bb Mon Sep 17 00:00:00 2001 +From aff9e86fd148f61a7c70333cf02b70189790df26 Mon Sep 17 00:00:00 2001 From: Vanessa Maegima Date: Mon, 1 Aug 2016 09:54:14 -0300 Subject: [PATCH 09/13] ARM: dts: imx6ul-pico-hobbit: Add Wifi support diff --git a/libre/linux-libre/0010-exynos4412-odroid-set-higher-minimum-buck2-regulator.patch b/libre/linux-libre/0010-exynos4412-odroid-set-higher-minimum-buck2-regulator.patch index dce300629..9892d2dfc 100644 --- a/libre/linux-libre/0010-exynos4412-odroid-set-higher-minimum-buck2-regulator.patch +++ b/libre/linux-libre/0010-exynos4412-odroid-set-higher-minimum-buck2-regulator.patch @@ -1,4 +1,4 @@ -From cf306f4ec83a1f645d01e01d1d18c555e6b766e5 Mon Sep 17 00:00:00 2001 +From bbaf3b78f27ea3557ce35e4267398e215091b68a Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Thu, 11 Aug 2016 00:42:37 -0600 Subject: [PATCH 10/13] exynos4412-odroid: set higher minimum buck2 regulator diff --git a/libre/linux-libre/0011-usb-musb-Call-pm_runtime-from-musb_gadget_queue.patch b/libre/linux-libre/0011-usb-musb-Call-pm_runtime-from-musb_gadget_queue.patch index 88d30a42a..3d39037f2 100644 --- a/libre/linux-libre/0011-usb-musb-Call-pm_runtime-from-musb_gadget_queue.patch +++ b/libre/linux-libre/0011-usb-musb-Call-pm_runtime-from-musb_gadget_queue.patch @@ -1,4 +1,4 @@ -From 17998b802d18651bd4bfd6ee32e10c166f484e76 Mon Sep 17 00:00:00 2001 +From 7b64f74c06cacdba5eab9275f57df212540cad2e Mon Sep 17 00:00:00 2001 From: Tony Lindgren Date: Fri, 30 Sep 2016 11:10:10 -0700 Subject: [PATCH 11/13] usb: musb: Call pm_runtime from musb_gadget_queue diff --git a/libre/linux-libre/0012-phy-twl4030-usb-better-handle-musb_mailbox-failure.patch b/libre/linux-libre/0012-phy-twl4030-usb-better-handle-musb_mailbox-failure.patch index 2229f46c9..47581e739 100644 --- a/libre/linux-libre/0012-phy-twl4030-usb-better-handle-musb_mailbox-failure.patch +++ b/libre/linux-libre/0012-phy-twl4030-usb-better-handle-musb_mailbox-failure.patch @@ -1,4 +1,4 @@ -From d2c0d2c702b3847a0b1bf06996998c142254952e Mon Sep 17 00:00:00 2001 +From 842bdf96a2e7a63ece87458ad7ecf1ded6a40a12 Mon Sep 17 00:00:00 2001 From: Andreas Kemnade Date: Mon, 22 Aug 2016 21:24:22 +0200 Subject: [PATCH 12/13] phy-twl4030-usb: better handle musb_mailbox() failure diff --git a/libre/linux-libre/0013-Revert-gpu-drm-omapdrm-dss-of-add-missing-of_node_pu.patch b/libre/linux-libre/0013-Revert-gpu-drm-omapdrm-dss-of-add-missing-of_node_pu.patch index b69fc6709..4a99756a4 100644 --- a/libre/linux-libre/0013-Revert-gpu-drm-omapdrm-dss-of-add-missing-of_node_pu.patch +++ b/libre/linux-libre/0013-Revert-gpu-drm-omapdrm-dss-of-add-missing-of_node_pu.patch @@ -1,4 +1,4 @@ -From cff4d7ad9abccf3693bc4e7bf01009a5254e3175 Mon Sep 17 00:00:00 2001 +From edbf64b26ba15e05cd15ea75bca263a5e748049f Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Tue, 4 Oct 2016 22:15:41 -0600 Subject: [PATCH 13/13] Revert "gpu: drm: omapdrm: dss-of: add missing diff --git a/libre/linux-libre/PKGBUILD b/libre/linux-libre/PKGBUILD index 1ffb398a7..44c4a17e8 100644 --- a/libre/linux-libre/PKGBUILD +++ b/libre/linux-libre/PKGBUILD @@ -11,7 +11,7 @@ pkgbase=linux-libre # Build stock kernel #pkgbase=linux-libre-custom # Build kernel with a different name _pkgbasever=4.8-gnu -_pkgver=4.8.12-gnu +_pkgver=4.8.14-gnu _replacesarchkernel=('linux%') # '%' gets replaced with _kernelname _replacesoldkernels=() # '%' gets replaced with _kernelname @@ -20,7 +20,7 @@ _replacesoldmodules=() # '%' gets replaced with _kernelname _srcname=linux-${_pkgbasever%-*} _archpkgver=${_pkgver%-*} pkgver=${_pkgver//-/_} -pkgrel=2 +pkgrel=1 rcnrel=armv7-x4 arch=('i686' 'x86_64' 'armv7h') url="https://linux-libre.fsfla.org/" @@ -45,7 +45,8 @@ source=("https://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgbasever}/l # standard config files for mkinitcpio ramdisk 'linux.preset' 'change-default-console-loglevel.patch' - 'fix_race_condition_in_packet_set_ring.diff' + 'net_handle_no_dst_on_skb_in_icmp6_send.patch' + '0001-x86-fpu-Fix-invalid-FPU-ptrace-state-after-execve.patch' '0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch' '0002-fix-Atmel-maXTouch-touchscreen-support.patch' # armv7h patches @@ -66,7 +67,7 @@ source=("https://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgbasever}/l '0013-Revert-gpu-drm-omapdrm-dss-of-add-missing-of_node_pu.patch') sha256sums=('d54e0f8a27e24f3666c19b395c19dba194635db26929c89e78ffa4b2b0e8ca3a' 'SKIP' - '2305f73842bf41755c082900694d2f756787a9d5f7c37fd6a8ec387405e944ae' + '8f0b878ba934bd11e2297653fe6b7a38058d6a8d5ae223713070744822851b0c' 'SKIP' 'bfd4a7f61febe63c880534dcb7c31c5b932dde6acf991810b41a939a93535494' 'SKIP' @@ -80,24 +81,25 @@ sha256sums=('d54e0f8a27e24f3666c19b395c19dba194635db26929c89e78ffa4b2b0e8ca3a' '834bd254b56ab71d73f59b3221f056c72f559553c04718e350ab2a3e2991afe0' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' '1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99' - 'ad1ee95f906f88d31fcdb9273cd08e02e8eda177449f0c98dc1bff8cbf1483c2' + 'b595a1588bafb3d732841cd1b73633970706914f57f2d215c9f1494212d13989' + '3e955e0f1aae96bb6c1507236adc952640c9bd0a134b9995ab92106a33dc02d9' '0376bd5efa31d4e2a9d52558777cebd9f0941df8e1adab916c868bf0c05f2fc3' '351fd96be8cd5ebd0435c0a8a978673fc023e3b1026085e67f86d815b2285e25' 'f1e9e280b9ed8c5e12c8a6fd6dcfd638137ef6555d0dd5e28dbd8ad93ff81fe0' 'SKIP' - '858eac5f4aadb7a4157a36b31d101d75d841a9c58199e580201d8305356044e3' - 'eee25f5fa6e6b0fb3d5ab913521af67adf788b8613cad1b6d38711261f70646f' - 'ece5581c6b19073ccb191a6c49d50cd17ff61916ab53c7eb3039e5ecbcf2d0e3' - '0b7f588d1bccef7ac116f4d64e8877aefdf9099f16177a75ffc0c1bcd5d2fff9' - '9b504e544345119660fc50875decc1b9ee59ca9783bc5b466461410b307974f2' - '1b2eb7f52cf0f5481bdaca484cbd3175b2e472e63e46887cc0ed003e39e57ff3' - 'c7bba5a22db69e50ea8c7c7abc6bb8d133a30b27b2e7d77fc1f7e435f328366a' - 'f485923217433862978af1029d6d0573b39d6779796fb8f85ab4d588466ec0d2' - '5b21335a3a23345f8296e9258c20f7d70d9668a771019f4ea52eda3e916915b5' - '616970b049d597e994930d323c5a5efdd3e1344275c53792840a1898a52bb5dd' - '9b0afd186edf6dae0fe0c89ca1c83e5cfa207640859d5c560defead6897478b2' - 'e565ff56ec6b4dcb43a45cb4d79060d5311e6363f6f0dcfe209cb0efb49df65c' - '10055949d09efc74b1586df4d74531910b551a8a8e047ab3800942881e97c974') + '7afa5fee84694004ef486f674142dc2e457241b28be6088e59458ad9d1f14d2d' + '0c87fd84f364b4cd597c5bd1154bac65fe4870ab9ef2a4044858a4fc78845026' + '61a95b91b8accbe8a2ad189cecf2ede0dd811e62d8d8fd24bbe17295f3c77895' + '6017d33afa7bd661f9d4af6f828c9c84b0be12a189df9b1d67ec1bb96d2e3230' + '08d93085f05bcc91a24492533f6fbc6b34f0574512d8e7751e41af99aa900a6a' + '2240cb4b63dd4432cc7bc21b1aad9d2ac4bde14763e8f1e06b139d61bfddeac8' + 'c229fb5d02d3083e627576a46dfc67b29489d578df17e61552b4d428bec8f491' + '42c3506b13665da5c7e817fe3fd68659e96b2639edb665a6a8d753143f2297c2' + 'd585e6173b6d9155ff1a7d5c9d34ffb5e3cf591efb50e0e7d525365eba7c4208' + 'faf659377105cb80de9c8f7e3e60e354ab0aa934b8df36ca575fe42b5bea73a1' + '1d077e7c1512b2bde305c9fd9df1476f52e3528c7339b2b8e6481855f51c00f7' + '12c6f37b6d33153f8bf75600321aacc6a36f6121af7bf849add68613314980ec' + '85be324fcf08e627a0b9b86d1e3d91ab670b8b57342a3b34ad1c730ce4cddffd') validpgpkeys=( '474402C8C582DAFBE389C427BCB7CF877E7D47A7' # Alexandre Oliva 'C92BAA713B8D53D3CAE63FC9E6974752F9704456' # AndrĂ© Silva @@ -149,9 +151,13 @@ prepare() { install -m644 -t drivers/video/logo \ "${srcdir}/logo_linux_"{clut224.ppm,vga16.ppm,mono.pbm} - # fix a race condition that allows to gain root - # https://marc.info/?l=linux-netdev&m=148054660230570&w=2 - patch -p1 -i "${srcdir}/fix_race_condition_in_packet_set_ring.diff" + # https://bugzilla.kernel.org/show_bug.cgi?id=189851 + patch -p1 -i "${srcdir}/net_handle_no_dst_on_skb_in_icmp6_send.patch" + + # Revert a commit that causes memory corruption in i686 chroots + # ("valgrind bash" immediately crashes) + # https://bugzilla.kernel.org/show_bug.cgi?id=190061 + patch -Rp1 -i "${srcdir}/0001-x86-fpu-Fix-invalid-FPU-ptrace-state-after-execve.patch" # add latest fixes from stable queue, if needed # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git diff --git a/libre/linux-libre/net_handle_no_dst_on_skb_in_icmp6_send.patch b/libre/linux-libre/net_handle_no_dst_on_skb_in_icmp6_send.patch new file mode 100644 index 000000000..06448a90a --- /dev/null +++ b/libre/linux-libre/net_handle_no_dst_on_skb_in_icmp6_send.patch @@ -0,0 +1,68 @@ +From 79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 Mon Sep 17 00:00:00 2001 +From: David Ahern +Date: Sun, 27 Nov 2016 18:52:53 -0800 +Subject: [PATCH] net: handle no dst on skb in icmp6_send + +Andrey reported the following while fuzzing the kernel with syzkaller: + +kasan: CONFIG_KASAN_INLINE enabled +kasan: GPF could be caused by NULL-ptr deref or user memory access +general protection fault: 0000 [#1] SMP KASAN +Modules linked in: +CPU: 0 PID: 3859 Comm: a.out Not tainted 4.9.0-rc6+ #429 +Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 +task: ffff8800666d4200 task.stack: ffff880067348000 +RIP: 0010:[] [] +icmp6_send+0x5fc/0x1e30 net/ipv6/icmp.c:451 +RSP: 0018:ffff88006734f2c0 EFLAGS: 00010206 +RAX: ffff8800666d4200 RBX: 0000000000000000 RCX: 0000000000000000 +RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000018 +RBP: ffff88006734f630 R08: ffff880064138418 R09: 0000000000000003 +R10: dffffc0000000000 R11: 0000000000000005 R12: 0000000000000000 +R13: ffffffff84e7e200 R14: ffff880064138484 R15: ffff8800641383c0 +FS: 00007fb3887a07c0(0000) GS:ffff88006cc00000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 0000000020000000 CR3: 000000006b040000 CR4: 00000000000006f0 +Stack: + ffff8800666d4200 ffff8800666d49f8 ffff8800666d4200 ffffffff84c02460 + ffff8800666d4a1a 1ffff1000ccdaa2f ffff88006734f498 0000000000000046 + ffff88006734f440 ffffffff832f4269 ffff880064ba7456 0000000000000000 +Call Trace: + [] icmpv6_param_prob+0x2c/0x40 net/ipv6/icmp.c:557 + [< inline >] ip6_tlvopt_unknown net/ipv6/exthdrs.c:88 + [] ip6_parse_tlv+0x555/0x670 net/ipv6/exthdrs.c:157 + [] ipv6_parse_hopopts+0x199/0x460 net/ipv6/exthdrs.c:663 + [] ipv6_rcv+0xfa3/0x1dc0 net/ipv6/ip6_input.c:191 + ... + +icmp6_send / icmpv6_send is invoked for both rx and tx paths. In both +cases the dst->dev should be preferred for determining the L3 domain +if the dst has been set on the skb. Fallback to the skb->dev if it has +not. This covers the case reported here where icmp6_send is invoked on +Rx before the route lookup. + +Fixes: 5d41ce29e ("net: icmp6_send should use dst dev to determine L3 domain") +Reported-by: Andrey Konovalov +Signed-off-by: David Ahern +Signed-off-by: David S. Miller +--- + net/ipv6/icmp.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c +index 7370ad2..2772004 100644 +--- a/net/ipv6/icmp.c ++++ b/net/ipv6/icmp.c +@@ -447,8 +447,10 @@ static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, + + if (__ipv6_addr_needs_scope_id(addr_type)) + iif = skb->dev->ifindex; +- else +- iif = l3mdev_master_ifindex(skb_dst(skb)->dev); ++ else { ++ dst = skb_dst(skb); ++ iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev); ++ } + + /* + * Must not send error if the source does not uniquely -- cgit v1.2.3-2-g168b