diff options
author | Jan200101 <sentrycraft123@gmail.com> | 2020-09-11 07:45:45 +0200 |
---|---|---|
committer | Jan200101 <sentrycraft123@gmail.com> | 2020-12-05 19:40:07 +0100 |
commit | 642b329aaa486964ef4f89696f3f8cea98f034ee (patch) | |
tree | a98b8307d7d8e213775c85e58ca833486eb55da0 | |
parent | 4e69b4be811569655df75f9d0511dc2a139a1667 (diff) | |
download | kernel-fsync-642b329aaa486964ef4f89696f3f8cea98f034ee.tar.gz kernel-fsync-642b329aaa486964ef4f89696f3f8cea98f034ee.zip |
kernel 5.8.7
-rw-r--r-- | SOURCES/memory-tegra-Remove-GPU-from-DRM-IOMMU-group.patch | 113 | ||||
-rw-r--r-- | SOURCES/net-packet-fix-overflow-in-tpacket_rcv.patch | 59 | ||||
-rw-r--r-- | SPECS/kernel.spec | 17 |
3 files changed, 185 insertions, 4 deletions
diff --git a/SOURCES/memory-tegra-Remove-GPU-from-DRM-IOMMU-group.patch b/SOURCES/memory-tegra-Remove-GPU-from-DRM-IOMMU-group.patch new file mode 100644 index 0000000..7b30b78 --- /dev/null +++ b/SOURCES/memory-tegra-Remove-GPU-from-DRM-IOMMU-group.patch @@ -0,0 +1,113 @@ +From patchwork Tue Sep 1 15:32:48 2020 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +X-Patchwork-Submitter: Thierry Reding <thierry.reding@gmail.com> +X-Patchwork-Id: 1355200 +Return-Path: <linux-tegra-owner@vger.kernel.org> +X-Original-To: incoming@patchwork.ozlabs.org +Delivered-To: patchwork-incoming@bilbo.ozlabs.org +Authentication-Results: ozlabs.org; + spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org + (client-ip=23.128.96.18; helo=vger.kernel.org; + envelope-from=linux-tegra-owner@vger.kernel.org; receiver=<UNKNOWN>) +Authentication-Results: ozlabs.org; + dmarc=pass (p=none dis=none) header.from=gmail.com +Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; + unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 + header.s=20161025 header.b=InCwqcJT; dkim-atps=neutral +Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) + by ozlabs.org (Postfix) with ESMTP id 4BgrgN1Rpfz9sWM + for <incoming@patchwork.ozlabs.org>; Wed, 2 Sep 2020 01:33:04 +1000 (AEST) +Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand + id S1729968AbgIAPdC (ORCPT <rfc822;incoming@patchwork.ozlabs.org>); + Tue, 1 Sep 2020 11:33:02 -0400 +Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54580 "EHLO + lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org + with ESMTP id S1729209AbgIAPc4 (ORCPT + <rfc822;linux-tegra@vger.kernel.org>); Tue, 1 Sep 2020 11:32:56 -0400 +Received: from mail-ej1-x642.google.com (mail-ej1-x642.google.com + [IPv6:2a00:1450:4864:20::642]) + by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D7BF6C061244; + Tue, 1 Sep 2020 08:32:54 -0700 (PDT) +Received: by mail-ej1-x642.google.com with SMTP id d11so2241288ejt.13; + Tue, 01 Sep 2020 08:32:54 -0700 (PDT) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; + h=from:to:cc:subject:date:message-id:mime-version + :content-transfer-encoding; + bh=zEPKP0AU97R+PVYnTVD02jf9E8X+9qMRm9ouiwdoWWA=; + b=InCwqcJTR/4A4+EuZFsM5xaKx0nFq9NH/7wDwaCpNHNzYmfW1s67o66afdrgjeT+42 + 3/IBsOzuQmvbcTIMqzeilMo8jynJopsDvJ04YORoFPrNoteMPeOR9CGnYRn5sTCTx/F8 + MExLqETfRiiBnfdt5p4S8Fw+UhsQjMtDLGVO+SktivIJKL0jgOtiulaSQfPNJxhuvalA + YnMxjXkFrVLYsf7Q9rHbGANzrB4pQCOFOXTTolGhIm/OgJ1H1t2modzQdKwRXUsADB8L + Wr95PT8IW7Kyqe+GrX2iD2azK1Ul6M6Ln7WgHWIYOkYGFRrhvMpSiRjMe9w0F1HwAjjO + 5qzQ== +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20161025; + h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version + :content-transfer-encoding; + bh=zEPKP0AU97R+PVYnTVD02jf9E8X+9qMRm9ouiwdoWWA=; + b=kZZAjUtuN3hiPdfltUcr+jhnrz7c9rru5yMEq/CkI9aBm/ETez84EH3hV1B78K5P7L + hNmGrJSHJ5IWuxDnUZQfaEPySWbcOwFUhahKgCeHLV/pbdTdosT0dhbnN1YfuCqO0dzc + iPOvOI7WM/A19xKHKPCspaPpluPkBiUabwFLCWWVb06ZBUUNgVhy/7Dx7Ju8GP3kNUaA + Pt0XvSw/Mp/rm2gKvnuDO9QKteP66lw5hvCUTUEIh76d8jMRMY8378JiysKz2wdaz8Fd + BYHMvMGbdRy6TAA/Uez3CT9nV1OyhEST03ttXC1lJTpyHbNiA34oKyeRtqCxxOXza5yA + k22g== +X-Gm-Message-State: AOAM5312YM/x/KVL6Su0HEVLMkmVlAUpCOSazQK4PIdtRtPsaThSHihn + RPsOkzFPKcz36DsW5eZOFaE= +X-Google-Smtp-Source: ABdhPJx8pgbFxwX4+nQIkeKINcUC4+itTbYvBBHcPVcN6ZtaYmSEFVcT5J21t8xvkFqrlVQX3t3VOg== +X-Received: by 2002:a17:907:9c3:: with SMTP id + bx3mr2005039ejc.164.1598974373583; + Tue, 01 Sep 2020 08:32:53 -0700 (PDT) +Received: from localhost ([62.96.65.119]) by smtp.gmail.com with ESMTPSA id + r23sm1371455edt.57.2020.09.01.08.32.52 + (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); + Tue, 01 Sep 2020 08:32:52 -0700 (PDT) +From: Thierry Reding <thierry.reding@gmail.com> +To: Krzysztof Kozlowski <krzk@kernel.org>, + Thierry Reding <thierry.reding@gmail.com> +Cc: Jonathan Hunter <jonathanh@nvidia.com>, Dmitry Osipenko <digetx@gmail.com>, + linux-tegra@vger.kernel.org, linux-kernel@vger.kernel.org, + Matias Zuniga <matias.nicolas.zc@gmail.com> +Subject: [PATCH] memory: tegra: Remove GPU from DRM IOMMU group +Date: Tue, 1 Sep 2020 17:32:48 +0200 +Message-Id: <20200901153248.1831263-1-thierry.reding@gmail.com> +X-Mailer: git-send-email 2.28.0 +MIME-Version: 1.0 +Sender: linux-tegra-owner@vger.kernel.org +Precedence: bulk +List-ID: <linux-tegra.vger.kernel.org> +X-Mailing-List: linux-tegra@vger.kernel.org + +From: Thierry Reding <treding@nvidia.com> + +Commit 63a613fdb16c ("memory: tegra: Add gr2d and gr3d to DRM IOMMU +group") added the GPU to the DRM IOMMU group, which doesn't make any +sense. This causes problems when Nouveau tries to attach to the SMMU +and causes it to fall back to using the DMA API. + +Remove the GPU from the DRM groups to restore the old behaviour. The +GPU should always have its own IOMMU domain to make sure it can map +buffers into contiguous chunks (for big page support) without getting +in the way of mappings from the DRM group. + +Fixes: 63a613fdb16c ("memory: tegra: Add gr2d and gr3d to DRM IOMMU group") +Reported-by: Matias Zuniga <matias.nicolas.zc@gmail.com> +Signed-off-by: Thierry Reding <treding@nvidia.com> +Reviewed-by: Dmitry Osipenko <digetx@gmail.com> +--- + drivers/memory/tegra/tegra124.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/drivers/memory/tegra/tegra124.c b/drivers/memory/tegra/tegra124.c +index 493b5dc3a4b3..0cede24479bf 100644 +--- a/drivers/memory/tegra/tegra124.c ++++ b/drivers/memory/tegra/tegra124.c +@@ -957,7 +957,6 @@ static const struct tegra_smmu_swgroup tegra124_swgroups[] = { + static const unsigned int tegra124_group_drm[] = { + TEGRA_SWGROUP_DC, + TEGRA_SWGROUP_DCB, +- TEGRA_SWGROUP_GPU, + TEGRA_SWGROUP_VIC, + }; + diff --git a/SOURCES/net-packet-fix-overflow-in-tpacket_rcv.patch b/SOURCES/net-packet-fix-overflow-in-tpacket_rcv.patch new file mode 100644 index 0000000..6c6868f --- /dev/null +++ b/SOURCES/net-packet-fix-overflow-in-tpacket_rcv.patch @@ -0,0 +1,59 @@ +From 00c393ea14d12a4ef490a6aedf0fa6bfc2bfe8c3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin <sashal@kernel.org> +Date: Thu, 3 Sep 2020 21:05:28 -0700 +Subject: net/packet: fix overflow in tpacket_rcv + +From: Or Cohen <orcohen@paloaltonetworks.com> + +[ Upstream commit acf69c946233259ab4d64f8869d4037a198c7f06 ] + +Using tp_reserve to calculate netoff can overflow as +tp_reserve is unsigned int and netoff is unsigned short. + +This may lead to macoff receving a smaller value then +sizeof(struct virtio_net_hdr), and if po->has_vnet_hdr +is set, an out-of-bounds write will occur when +calling virtio_net_hdr_from_skb. + +The bug is fixed by converting netoff to unsigned int +and checking if it exceeds USHRT_MAX. + +This addresses CVE-2020-14386 + +Fixes: 8913336a7e8d ("packet: add PACKET_RESERVE sockopt") +Signed-off-by: Or Cohen <orcohen@paloaltonetworks.com> +Signed-off-by: Eric Dumazet <edumazet@google.com> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +Signed-off-by: Sasha Levin <sashal@kernel.org> +--- + net/packet/af_packet.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index 301f41d4929bd..82f7802983797 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -2170,7 +2170,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, + int skb_len = skb->len; + unsigned int snaplen, res; + unsigned long status = TP_STATUS_USER; +- unsigned short macoff, netoff, hdrlen; ++ unsigned short macoff, hdrlen; ++ unsigned int netoff; + struct sk_buff *copy_skb = NULL; + struct timespec64 ts; + __u32 ts_status; +@@ -2239,6 +2240,10 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, + } + macoff = netoff - maclen; + } ++ if (netoff > USHRT_MAX) { ++ atomic_inc(&po->tp_drops); ++ goto drop_n_restore; ++ } + if (po->tp_version <= TPACKET_V2) { + if (macoff + snaplen > po->rx_ring.frame_size) { + if (po->copy_thresh && +-- +2.25.1 + diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 4cfc5bd..0dcd82d 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -80,7 +80,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 202 +%global baserelease 201 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -92,7 +92,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 6 +%define stable_update 7 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -870,6 +870,11 @@ Patch107: 0001-drivers-perf-xgene_pmu-Fix-uninitialized-resource-st.patch # CVE-2020-14385 rhbz 1874800 1874811 Patch108: 0001-xfs-fix-boundary-test-in-xfs_attr_shortform_verify.patch +# CVE-2020-14386 rhbz 1875699 1876349 +Patch109: net-packet-fix-overflow-in-tpacket_rcv.patch + +Patch110: memory-tegra-Remove-GPU-from-DRM-IOMMU-group.patch + # Linux-tkg patches - https://github.com/Frogging-Family/linux-tkg/blob/master/linux57-tkg Patch200: 0007-v5.8-fsync.patch @@ -2977,8 +2982,12 @@ fi # # %changelog -* Tue Sep 08 2020 Jan Drögehoff <sentrycraft123@gmail.com> - 5.8.6-202.fsync -- Linux v5.8.6 fsync +* Fri Sep 11 2020 Jan Drögehoff <sentrycraft123@gmail.com> - 5.8.7-201.fsync +- Linux v5.8.7 fsync + +* Mon Sep 07 2020 Justin M. Forbes <jforbes@fedoraproject.org> - 5.8.7-200 +- Linux v5.8.7 +- Fix CVE-2020-14386 (rhbz 1875699 1876349) * Thu Sep 03 2020 Justin M. Forbes <jforbes@fedoraproject.org> - 5.8.6-201 - Linux v5.8.6 |