kernel 6.1.186.1

4 files changed, 93 insertions, 15 deletions

diff --git a/SOURCES/Patchlist.changelog b/SOURCES/Patchlist.changelog
index 7ffeaa8..b182643 100644
--- a/SOURCES/Patchlist.changelog
+++ b/SOURCES/Patchlist.changelog
@@ -1,3 +1,6 @@
+"https://gitlab.com/cki-project/kernel-ark/-/commit"/53c2ef1942eba453fec395001e7d911650d81979
+ 53c2ef1942eba453fec395001e7d911650d81979 Revert "wifi: cfg80211: Fix use after free for wext"
+
 "https://gitlab.com/cki-project/kernel-ark/-/commit"/d37d701b5ab6bf4cbcd9b301e08d4cbb502fecd1
  d37d701b5ab6bf4cbcd9b301e08d4cbb502fecd1 x86/mm: Randomize per-cpu entry area
 
diff --git a/SOURCES/linux-surface.patch b/SOURCES/linux-surface.patch
index 5b4309d..1073c42 100644
--- a/SOURCES/linux-surface.patch
+++ b/SOURCES/linux-surface.patch
@@ -12815,9 +12815,9 @@ index ceab14b6118f7..888cdb7624dcd 100644
  #include <asm/proto.h>
  
  #include "process.h"
-@@ -214,6 +215,8 @@
+@@ -214,6 +215,8 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
  	/* Load the Intel cache allocation PQR MSR. */
- 	resctrl_sched_in();
+ 	resctrl_sched_in(next_p);
  
 +	reset_hardware_history();
 +
@@ -12836,9 +12836,9 @@ index 7f94dbbc397b7..d0d3c33237475 100644
  #include <asm/unistd.h>
  #include <asm/fsgsbase.h>
  #ifdef CONFIG_IA32_EMULATION
-@@ -658,6 +659,8 @@
+@@ -658,6 +659,8 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
  	/* Load the Intel cache allocation PQR MSR. */
- 	resctrl_sched_in();
+ 	resctrl_sched_in(next_p);
  
 +	reset_hardware_history();
 +
diff --git a/SOURCES/patch-6.1-redhat.patch b/SOURCES/patch-6.1-redhat.patch
index 4dd34fa..e0d0eb0 100644
--- a/SOURCES/patch-6.1-redhat.patch
+++ b/SOURCES/patch-6.1-redhat.patch
@@ -32,16 +32,17 @@
  include/linux/security.h                           |   5 +
  init/Kconfig                                       |   2 +-
  kernel/module/signing.c                            |   9 +-
+ net/wireless/sme.c                                 |  31 +-----
  scripts/pahole-flags.sh                            |   3 +
  scripts/tags.sh                                    |   2 +
  security/integrity/platform_certs/load_uefi.c      |   6 +-
  security/lockdown/Kconfig                          |  13 +++
  security/lockdown/lockdown.c                       |   1 +
  security/security.c                                |   6 +
- 40 files changed, 519 insertions(+), 188 deletions(-)
+ 41 files changed, 524 insertions(+), 214 deletions(-)
 
 diff --git a/Makefile b/Makefile
-index 5ac6895229e9..794967b1de9a 100644
+index a825361f7162..c89b4b4a58d8 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
@@ -1065,7 +1066,7 @@ index 258d5fe3d395..f7298e3dc8f3 100644
  	if (data->f01_container->dev.driver) {
  		/* Driver already bound, so enable ATTN now. */
 diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
-index fd8c8aeb3c50..dd638eb800b9 100644
+index bfb2f163c691..3e02f19e8975 100644
 --- a/drivers/iommu/iommu.c
 +++ b/drivers/iommu/iommu.c
 @@ -8,6 +8,7 @@
@@ -1076,7 +1077,7 @@ index fd8c8aeb3c50..dd638eb800b9 100644
  #include <linux/kernel.h>
  #include <linux/bits.h>
  #include <linux/bug.h>
-@@ -2838,6 +2839,27 @@ u32 iommu_sva_get_pasid(struct iommu_sva *handle)
+@@ -2852,6 +2853,27 @@ u32 iommu_sva_get_pasid(struct iommu_sva *handle)
  }
  EXPORT_SYMBOL_GPL(iommu_sva_get_pasid);
 
@@ -1105,7 +1106,7 @@ index fd8c8aeb3c50..dd638eb800b9 100644
   * Changes the default domain of an iommu group that has *only* one device
   *
 diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
-index 20ac67d59034..1c1eb7feb5d4 100644
+index 494fa46f5767..27bc8dd45ad8 100644
 --- a/drivers/pci/quirks.c
 +++ b/drivers/pci/quirks.c
 @@ -4296,6 +4296,30 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9000,
@@ -1326,6 +1327,76 @@ index a2ff4242e623..f0d2be1ee4f1 100644
  }
 
  int module_sig_check(struct load_info *info, int flags)
+diff --git a/net/wireless/sme.c b/net/wireless/sme.c
+index 89fc5683ed26..11a05fa2261a 100644
+--- a/net/wireless/sme.c
++++ b/net/wireless/sme.c
+@@ -285,15 +285,6 @@ void cfg80211_conn_work(struct work_struct *work)
+ 	wiphy_unlock(&rdev->wiphy);
+ }
+
+-static void cfg80211_step_auth_next(struct cfg80211_conn *conn,
+-				    struct cfg80211_bss *bss)
+-{
+-	memcpy(conn->bssid, bss->bssid, ETH_ALEN);
+-	conn->params.bssid = conn->bssid;
+-	conn->params.channel = bss->channel;
+-	conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
+-}
+-
+ /* Returned bss is reference counted and must be cleaned up appropriately. */
+ static struct cfg80211_bss *cfg80211_get_conn_bss(struct wireless_dev *wdev)
+ {
+@@ -311,7 +302,10 @@ static struct cfg80211_bss *cfg80211_get_conn_bss(struct wireless_dev *wdev)
+ 	if (!bss)
+ 		return NULL;
+
+-	cfg80211_step_auth_next(wdev->conn, bss);
++	memcpy(wdev->conn->bssid, bss->bssid, ETH_ALEN);
++	wdev->conn->params.bssid = wdev->conn->bssid;
++	wdev->conn->params.channel = bss->channel;
++	wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
+ 	schedule_work(&rdev->conn_work);
+
+ 	return bss;
+@@ -603,12 +597,7 @@ static int cfg80211_sme_connect(struct wireless_dev *wdev,
+ 	wdev->conn->params.ssid_len = wdev->u.client.ssid_len;
+
+ 	/* see if we have the bss already */
+-	bss = cfg80211_get_bss(wdev->wiphy, wdev->conn->params.channel,
+-			       wdev->conn->params.bssid,
+-			       wdev->conn->params.ssid,
+-			       wdev->conn->params.ssid_len,
+-			       wdev->conn_bss_type,
+-			       IEEE80211_PRIVACY(wdev->conn->params.privacy));
++	bss = cfg80211_get_conn_bss(wdev);
+
+ 	if (prev_bssid) {
+ 		memcpy(wdev->conn->prev_bssid, prev_bssid, ETH_ALEN);
+@@ -619,7 +608,6 @@ static int cfg80211_sme_connect(struct wireless_dev *wdev,
+ 	if (bss) {
+ 		enum nl80211_timeout_reason treason;
+
+-		cfg80211_step_auth_next(wdev->conn, bss);
+ 		err = cfg80211_conn_do_work(wdev, &treason);
+ 		cfg80211_put_bss(wdev->wiphy, bss);
+ 	} else {
+@@ -1479,15 +1467,6 @@ int cfg80211_connect(struct cfg80211_registered_device *rdev,
+ 	} else {
+ 		if (WARN_ON(connkeys))
+ 			return -EINVAL;
+-
+-		/* connect can point to wdev->wext.connect which
+-		 * can hold key data from a previous connection
+-		 */
+-		connect->key = NULL;
+-		connect->key_len = 0;
+-		connect->key_idx = 0;
+-		connect->crypto.cipher_group = 0;
+-		connect->crypto.n_ciphers_pairwise = 0;
+ 	}
+
+ 	wdev->connect_keys = connkeys;
 diff --git a/scripts/pahole-flags.sh b/scripts/pahole-flags.sh
 index 0d99ef17e4a5..81c8e082ec57 100755
 --- a/scripts/pahole-flags.sh
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index 545f19e..8c18e53 100755
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -124,17 +124,17 @@ Summary: The Linux kernel
 #  the --with-release option overrides this setting.)
 %define debugbuildsenabled 1
 %define buildid .fsync
-%define specversion 6.1.16
+%define specversion 6.1.18
 %define patchversion 6.1
 %define pkgrelease 200
 %define kversion 6
-%define tarfile_release 6.1.16
+%define tarfile_release 6.1.18
 # This is needed to do merge window version magic
 %define patchlevel 1
 # This allows pkg_release to have configurable %%{?dist} tag
 %define specrelease 201%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 6.1.16
+%define kabiversion 6.1.18
 
 # If this variable is set to 1, a bpf selftests build failure will cause a
 # fatal kernel package build error
@@ -1462,7 +1462,7 @@ ApplyOptionalPatch tkg.patch
 ApplyOptionalPatch fsync.patch
 ApplyOptionalPatch OpenRGB.patch
 ApplyOptionalPatch amdgpu-si-cik-default.patch
-ApplyOptionalPatch acso.patch
+#ApplyOptionalPatch acso.patch
 
 # device specific patches
 ApplyOptionalPatch linux-surface.patch
@@ -3218,8 +3218,12 @@ fi
 #
 #
 %changelog
-* Mon Mar 13 2023 Jan Drögehoff <sentrycraft123@gmail.com> - 6.1.16-201.fsync
-- kernel-fsync v6.1.16
+* Mon Mar 13 2023 Jan Drögehoff <sentrycraft123@gmail.com> - 6.1.18-201.fsync
+- kernel-fsync v6.1.18
+
+* Sat Mar 11 2023 Justin M. Forbes <jforbes@fedoraproject.org> [6.1.18-0]
+- Revert "wifi: cfg80211: Fix use after free for wext" (Justin M. Forbes)
+- Linux v6.1.18
 
 * Fri Mar 10 2023 Augusto Caringi <acaringi@redhat.com> [6.1.16-0]
 - Add new config option for 6.2.3 (Justin M. Forbes)