From 9464be53517a2a376207db285074a37e747b4be2 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Fri, 24 Aug 2018 10:30:36 +0200 Subject: [PATCH] rebase patches on top of Ubuntu-4.15.0-33.36 (generated with debian/scripts/import-upstream-tag) Signed-off-by: Thomas Lamprecht --- ...n-niu-set-correct-packet-size-in-skb.patch | 56 ---------------- ...socket-lookups-with-SO_BINDTODEVICE.patch} | 25 ++----- ...X-Enforce-cpl-0-for-VMX-instructions.patch | 65 ------------------ ...fo-leak-due-to-uninitialized-memory.patch} | 0 ...armor-fix-apparmor-mediating-locking.patch | 33 --------- ...hpsa-disable-device-during-shutdown.patch} | 0 ...rectory-creation-in-SGID-directories.patch | 45 ------------- .../0012-net-udp-fix-SO_BINDTODEVICE.patch | 67 ------------------- 8 files changed, 6 insertions(+), 285 deletions(-) delete mode 100644 patches/kernel/0008-net-ethernet-sun-niu-set-correct-packet-size-in-skb.patch rename patches/kernel/{0013-net-net-tcp-Fix-socket-lookups-with-SO_BINDTODEVICE.patch => 0008-net-tcp-Fix-socket-lookups-with-SO_BINDTODEVICE.patch} (73%) delete mode 100644 patches/kernel/0009-kvm-nVMX-Enforce-cpl-0-for-VMX-instructions.patch rename patches/kernel/{0014-vhost-fix-info-leak-due-to-uninitialized-memory.patch => 0009-vhost-fix-info-leak-due-to-uninitialized-memory.patch} (100%) delete mode 100644 patches/kernel/0010-UBUNTU-SAUCE-apparmor-fix-apparmor-mediating-locking.patch rename patches/kernel/{0015-scsi-hpsa-disable-device-during-shutdown.patch => 0010-scsi-hpsa-disable-device-during-shutdown.patch} (100%) delete mode 100644 patches/kernel/0011-Fix-up-non-directory-creation-in-SGID-directories.patch delete mode 100644 patches/kernel/0012-net-udp-fix-SO_BINDTODEVICE.patch diff --git a/patches/kernel/0008-net-ethernet-sun-niu-set-correct-packet-size-in-skb.patch b/patches/kernel/0008-net-ethernet-sun-niu-set-correct-packet-size-in-skb.patch deleted file mode 100644 index e5a2727..0000000 --- a/patches/kernel/0008-net-ethernet-sun-niu-set-correct-packet-size-in-skb.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Rob Taglang -Date: Thu, 3 May 2018 17:13:06 -0400 -Subject: [PATCH] net: ethernet: sun: niu set correct packet size in skb - -Currently, skb->len and skb->data_len are set to the page size, not -the packet size. This causes the frame check sequence to not be -located at the "end" of the packet resulting in ethernet frame check -errors. The driver does work currently, but stricter kernel facing -networking solutions like OpenVSwitch will drop these packets as -invalid. - -These changes set the packet size correctly so that these errors no -longer occur. The length does not include the frame check sequence, so -that subtraction was removed. - -Tested on Oracle/SUN Multithreaded 10-Gigabit Ethernet Network -Controller [108e:abcd] and validated in wireshark. - -Signed-off-by: Rob Taglang -Signed-off-by: David S. Miller -Signed-off-by: Thomas Lamprecht ---- - drivers/net/ethernet/sun/niu.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/drivers/net/ethernet/sun/niu.c b/drivers/net/ethernet/sun/niu.c -index 06001bacbe0f..64f1b3a3afa8 100644 ---- a/drivers/net/ethernet/sun/niu.c -+++ b/drivers/net/ethernet/sun/niu.c -@@ -3442,7 +3442,7 @@ static int niu_process_rx_pkt(struct napi_struct *napi, struct niu *np, - - len = (val & RCR_ENTRY_L2_LEN) >> - RCR_ENTRY_L2_LEN_SHIFT; -- len -= ETH_FCS_LEN; -+ append_size = len + ETH_HLEN + ETH_FCS_LEN; - - addr = (val & RCR_ENTRY_PKT_BUF_ADDR) << - RCR_ENTRY_PKT_BUF_ADDR_SHIFT; -@@ -3452,7 +3452,6 @@ static int niu_process_rx_pkt(struct napi_struct *napi, struct niu *np, - RCR_ENTRY_PKTBUFSZ_SHIFT]; - - off = addr & ~PAGE_MASK; -- append_size = rcr_size; - if (num_rcr == 1) { - int ptype; - -@@ -3465,7 +3464,7 @@ static int niu_process_rx_pkt(struct napi_struct *napi, struct niu *np, - else - skb_checksum_none_assert(skb); - } else if (!(val & RCR_ENTRY_MULTI)) -- append_size = len - skb->len; -+ append_size = append_size - skb->len; - - niu_rx_skb_append(skb, page, off, append_size, rcr_size); - if ((page->index + rp->rbr_block_size) - rcr_size == addr) { diff --git a/patches/kernel/0013-net-net-tcp-Fix-socket-lookups-with-SO_BINDTODEVICE.patch b/patches/kernel/0008-net-tcp-Fix-socket-lookups-with-SO_BINDTODEVICE.patch similarity index 73% rename from patches/kernel/0013-net-net-tcp-Fix-socket-lookups-with-SO_BINDTODEVICE.patch rename to patches/kernel/0008-net-tcp-Fix-socket-lookups-with-SO_BINDTODEVICE.patch index 5e90e09..b198390 100644 --- a/patches/kernel/0013-net-net-tcp-Fix-socket-lookups-with-SO_BINDTODEVICE.patch +++ b/patches/kernel/0008-net-tcp-Fix-socket-lookups-with-SO_BINDTODEVICE.patch @@ -1,20 +1,7 @@ -From patchwork Mon Jun 18 19:30:37 2018 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -Subject: [net] net/tcp: Fix socket lookups with SO_BINDTODEVICE -X-Patchwork-Submitter: dsahern@kernel.org -X-Patchwork-Id: 931179 -X-Patchwork-Delegate: davem@davemloft.net -Message-Id: <20180618193037.3365-1-dsahern@kernel.org> -To: netdev@vger.kernel.org -Cc: davem@davemloft.net, lberger@labn.net, - renato@opensourcerouting.org, David Ahern -Date: Mon, 18 Jun 2018 12:30:37 -0700 -From: dsahern@kernel.org -List-Id: - +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Ahern +Date: Mon, 18 Jun 2018 12:30:37 -0700 +Subject: [PATCH] net/tcp: Fix socket lookups with SO_BINDTODEVICE Similar to 69678bcd4d2d ("udp: fix SO_BINDTODEVICE"), TCP socket lookups need to fail if dev_match is not true. Currently, a packet to a given port @@ -34,10 +21,10 @@ Signed-off-by: David Ahern 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c -index 31ff46daae97..3647167c8fa3 100644 +index e7d15fb0d94d..24b066c32e06 100644 --- a/net/ipv4/inet_hashtables.c +++ b/net/ipv4/inet_hashtables.c -@@ -243,9 +243,9 @@ static inline int compute_score(struct sock *sk, struct net *net, +@@ -188,9 +188,9 @@ static inline int compute_score(struct sock *sk, struct net *net, bool dev_match = (sk->sk_bound_dev_if == dif || sk->sk_bound_dev_if == sdif); @@ -50,7 +37,7 @@ index 31ff46daae97..3647167c8fa3 100644 } if (sk->sk_incoming_cpu == raw_smp_processor_id()) diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c -index 2febe26de6a1..595ad408dba0 100644 +index b01858f5deb1..6dc93ac28261 100644 --- a/net/ipv6/inet6_hashtables.c +++ b/net/ipv6/inet6_hashtables.c @@ -113,9 +113,9 @@ static inline int compute_score(struct sock *sk, struct net *net, diff --git a/patches/kernel/0009-kvm-nVMX-Enforce-cpl-0-for-VMX-instructions.patch b/patches/kernel/0009-kvm-nVMX-Enforce-cpl-0-for-VMX-instructions.patch deleted file mode 100644 index eb49834..0000000 --- a/patches/kernel/0009-kvm-nVMX-Enforce-cpl-0-for-VMX-instructions.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Felix Wilhelm -Date: Mon, 11 Jun 2018 09:43:44 +0200 -Subject: [PATCH] kvm: nVMX: Enforce cpl=0 for VMX instructions - -VMX instructions executed inside a L1 VM will always trigger a VM exit -even when executed with cpl 3. This means we must perform the -privilege check in software. - -Fixes: 70f3aac964ae("kvm: nVMX: Remove superfluous VMX instruction fault checks") -Cc: stable@vger.kernel.org -Signed-off-by: Felix Wilhelm -Signed-off-by: Paolo Bonzini -Signed-off-by: Thomas Lamprecht ---- - arch/x86/kvm/vmx.c | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) - -diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 1a5617fc8b6a..5c8bd2d61080 100644 ---- a/arch/x86/kvm/vmx.c -+++ b/arch/x86/kvm/vmx.c -@@ -7575,6 +7575,12 @@ static int handle_vmon(struct kvm_vcpu *vcpu) - return 1; - } - -+ /* CPL=0 must be checked manually. */ -+ if (vmx_get_cpl(vcpu)) { -+ kvm_queue_exception(vcpu, UD_VECTOR); -+ return 1; -+ } -+ - if (vmx->nested.vmxon) { - nested_vmx_failValid(vcpu, VMXERR_VMXON_IN_VMX_ROOT_OPERATION); - return kvm_skip_emulated_instruction(vcpu); -@@ -7634,6 +7640,11 @@ static int handle_vmon(struct kvm_vcpu *vcpu) - */ - static int nested_vmx_check_permission(struct kvm_vcpu *vcpu) - { -+ if (vmx_get_cpl(vcpu)) { -+ kvm_queue_exception(vcpu, UD_VECTOR); -+ return 0; -+ } -+ - if (!to_vmx(vcpu)->nested.vmxon) { - kvm_queue_exception(vcpu, UD_VECTOR); - return 0; -@@ -7967,7 +7978,7 @@ static int handle_vmread(struct kvm_vcpu *vcpu) - if (get_vmx_mem_address(vcpu, exit_qualification, - vmx_instruction_info, true, &gva)) - return 1; -- /* _system ok, as hardware has verified cpl=0 */ -+ /* _system ok, nested_vmx_check_permission has verified cpl=0 */ - kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, gva, - &field_value, (is_long_mode(vcpu) ? 8 : 4), NULL); - } -@@ -8110,7 +8121,7 @@ static int handle_vmptrst(struct kvm_vcpu *vcpu) - if (get_vmx_mem_address(vcpu, exit_qualification, - vmx_instruction_info, true, &vmcs_gva)) - return 1; -- /* ok to use *_system, as hardware has verified cpl=0 */ -+ /* *_system ok, nested_vmx_check_permission has verified cpl=0 */ - if (kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, vmcs_gva, - (void *)&to_vmx(vcpu)->nested.current_vmptr, - sizeof(u64), &e)) { diff --git a/patches/kernel/0014-vhost-fix-info-leak-due-to-uninitialized-memory.patch b/patches/kernel/0009-vhost-fix-info-leak-due-to-uninitialized-memory.patch similarity index 100% rename from patches/kernel/0014-vhost-fix-info-leak-due-to-uninitialized-memory.patch rename to patches/kernel/0009-vhost-fix-info-leak-due-to-uninitialized-memory.patch diff --git a/patches/kernel/0010-UBUNTU-SAUCE-apparmor-fix-apparmor-mediating-locking.patch b/patches/kernel/0010-UBUNTU-SAUCE-apparmor-fix-apparmor-mediating-locking.patch deleted file mode 100644 index dc8c5ea..0000000 --- a/patches/kernel/0010-UBUNTU-SAUCE-apparmor-fix-apparmor-mediating-locking.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: John Johansen -Date: Fri, 27 Jul 2018 14:27:05 -0700 -Subject: [PATCH] UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs - unix sockets - -the apparmor policy language current does not allow expressing of the -locking permission for no-fs unix sockets. However the kernel is -enforcing mediation. - -Add the AA_MAY_LOCK perm to the computed perm mask which will grant -permission for all current abi profiles, but still allow specifying -auditing of the operation if needed. - -http://bugs.launchpad.net/bugs/1780227 -Signed-off-by: John Johansen ---- - security/apparmor/lib.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c -index 068a9f471f77..23f3d16d6b85 100644 ---- a/security/apparmor/lib.c -+++ b/security/apparmor/lib.c -@@ -327,7 +327,7 @@ void aa_compute_perms(struct aa_dfa *dfa, unsigned int state, - /* for v5 perm mapping in the policydb, the other set is used - * to extend the general perm set - */ -- perms->allow |= map_other(dfa_other_allow(dfa, state)); -+ perms->allow |= map_other(dfa_other_allow(dfa, state)) | AA_MAY_LOCK; - perms->audit |= map_other(dfa_other_audit(dfa, state)); - perms->quiet |= map_other(dfa_other_quiet(dfa, state)); - // perms->xindex = dfa_user_xindex(dfa, state); diff --git a/patches/kernel/0015-scsi-hpsa-disable-device-during-shutdown.patch b/patches/kernel/0010-scsi-hpsa-disable-device-during-shutdown.patch similarity index 100% rename from patches/kernel/0015-scsi-hpsa-disable-device-during-shutdown.patch rename to patches/kernel/0010-scsi-hpsa-disable-device-during-shutdown.patch diff --git a/patches/kernel/0011-Fix-up-non-directory-creation-in-SGID-directories.patch b/patches/kernel/0011-Fix-up-non-directory-creation-in-SGID-directories.patch deleted file mode 100644 index 2fc71a9..0000000 --- a/patches/kernel/0011-Fix-up-non-directory-creation-in-SGID-directories.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Linus Torvalds -Date: Tue, 3 Jul 2018 17:10:19 -0700 -Subject: [PATCH] Fix up non-directory creation in SGID directories - -sgid directories have special semantics, making newly created files in -the directory belong to the group of the directory, and newly created -subdirectories will also become sgid. This is historically used for -group-shared directories. - -But group directories writable by non-group members should not imply -that such non-group members can magically join the group, so make sure -to clear the sgid bit on non-directories for non-members (but remember -that sgid without group execute means "mandatory locking", just to -confuse things even more). - -Reported-by: Jann Horn -Cc: Andy Lutomirski -Cc: Al Viro -Signed-off-by: Linus Torvalds -(cherry picked from commit 0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7) -Signed-off-by: Stoiko Ivanov ---- - fs/inode.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/fs/inode.c b/fs/inode.c -index 5c1138e9cac0..797b4cb3d20b 100644 ---- a/fs/inode.c -+++ b/fs/inode.c -@@ -2008,8 +2008,14 @@ void inode_init_owner(struct inode *inode, const struct inode *dir, - inode->i_uid = current_fsuid(); - if (dir && dir->i_mode & S_ISGID) { - inode->i_gid = dir->i_gid; -+ -+ /* Directories are special, and always inherit S_ISGID */ - if (S_ISDIR(mode)) - mode |= S_ISGID; -+ else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) && -+ !in_group_p(inode->i_gid) && -+ !capable_wrt_inode_uidgid(dir, CAP_FSETID)) -+ mode &= ~S_ISGID; - } else - inode->i_gid = current_fsgid(); - inode->i_mode = mode; diff --git a/patches/kernel/0012-net-udp-fix-SO_BINDTODEVICE.patch b/patches/kernel/0012-net-udp-fix-SO_BINDTODEVICE.patch deleted file mode 100644 index 144f192..0000000 --- a/patches/kernel/0012-net-udp-fix-SO_BINDTODEVICE.patch +++ /dev/null @@ -1,67 +0,0 @@ -From patchwork Wed May 9 10:42:34 2018 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -Subject: [net] udp: fix SO_BINDTODEVICE -X-Patchwork-Submitter: Paolo Abeni -X-Patchwork-Id: 910747 -X-Patchwork-Delegate: davem@davemloft.net -Message-Id: <9445dd5d149af16463df4d0502b2667ee2b6f4e8.1525862461.git.pabeni@redhat.com> -To: netdev@vger.kernel.org -Cc: Damir Mansurov , David Ahern , - David Miller -Date: Wed, 9 May 2018 12:42:34 +0200 -From: Paolo Abeni -List-Id: - -Damir reported a breakage of SO_BINDTODEVICE for UDP sockets. -In absence of VRF devices, after commit fb74c27735f0 ("net: -ipv4: add second dif to udp socket lookups") the dif mismatch -isn't fatal anymore for UDP socket lookup with non null -sk_bound_dev_if, breaking SO_BINDTODEVICE semantics. - -This changeset addresses the issue making the dif match mandatory -again in the above scenario. - -Reported-by: Damir Mansurov -Fixes: fb74c27735f0 ("net: ipv4: add second dif to udp socket lookups") -Fixes: 1801b570dd2a ("net: ipv6: add second dif to udp socket lookups") -Signed-off-by: Paolo Abeni -Acked-by: David Ahern ---- - net/ipv4/udp.c | 4 ++-- - net/ipv6/udp.c | 4 ++-- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c -index 24b5c59b1c53..c2a292dfd137 100644 ---- a/net/ipv4/udp.c -+++ b/net/ipv4/udp.c -@@ -401,9 +401,9 @@ static int compute_score(struct sock *sk, struct net *net, - bool dev_match = (sk->sk_bound_dev_if == dif || - sk->sk_bound_dev_if == sdif); - -- if (exact_dif && !dev_match) -+ if (!dev_match) - return -1; -- if (sk->sk_bound_dev_if && dev_match) -+ if (sk->sk_bound_dev_if) - score += 4; - } - -diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c -index 4ec76a87aeb8..ea0730028e5d 100644 ---- a/net/ipv6/udp.c -+++ b/net/ipv6/udp.c -@@ -148,9 +148,9 @@ static int compute_score(struct sock *sk, struct net *net, - bool dev_match = (sk->sk_bound_dev_if == dif || - sk->sk_bound_dev_if == sdif); - -- if (exact_dif && !dev_match) -+ if (!dev_match) - return -1; -- if (sk->sk_bound_dev_if && dev_match) -+ if (sk->sk_bound_dev_if) - score++; - } -