1 |
Author: mpagano |
2 |
Date: 2013-07-29 00:59:57 +0000 (Mon, 29 Jul 2013) |
3 |
New Revision: 2458 |
4 |
|
5 |
Removed: |
6 |
genpatches-2.6/trunk/3.10/1600_CVE-2013-4125-ipv6-fix-fib6_add_rt2node-BUG.patch |
7 |
genpatches-2.6/trunk/3.10/1600_CVE-2013-4127-fix-use-after-free-in-vhost_net_flush.patch |
8 |
Modified: |
9 |
genpatches-2.6/trunk/3.10/0000_README |
10 |
Log: |
11 |
Removal of redundant patches |
12 |
|
13 |
Modified: genpatches-2.6/trunk/3.10/0000_README |
14 |
=================================================================== |
15 |
--- genpatches-2.6/trunk/3.10/0000_README 2013-07-29 00:45:13 UTC (rev 2457) |
16 |
+++ genpatches-2.6/trunk/3.10/0000_README 2013-07-29 00:59:57 UTC (rev 2458) |
17 |
@@ -59,14 +59,6 @@ |
18 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
19 |
Desc: Support for namespace user.pax.* on tmpfs. |
20 |
|
21 |
-Patch: 1600_CVE-2013-4125-ipv6-fix-fib6_add_rt2node-BUG.patch |
22 |
-From: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=307f2fb95e9b96b3577916e73d92e104f8f26494 |
23 |
-Desc: ipv6: only static routes qualify for equal cost multipathing |
24 |
- |
25 |
-Patch: 1600_CVE-2013-4127-fix-use-after-free-in-vhost_net_flush.patch |
26 |
-From: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd7633ecd553a5e304d349aa6f8eb8a0417098c5 |
27 |
-Desc: vhost-net: fix use-after-free in vhost_net_flush |
28 |
- |
29 |
Patch: 1700_enable-thinkpad-micled.patch |
30 |
From: https://bugs.gentoo.org/show_bug.cgi?id=449248 |
31 |
Desc: Enable mic mute led in thinkpads |
32 |
|
33 |
Deleted: genpatches-2.6/trunk/3.10/1600_CVE-2013-4125-ipv6-fix-fib6_add_rt2node-BUG.patch |
34 |
=================================================================== |
35 |
--- genpatches-2.6/trunk/3.10/1600_CVE-2013-4125-ipv6-fix-fib6_add_rt2node-BUG.patch 2013-07-29 00:45:13 UTC (rev 2457) |
36 |
+++ genpatches-2.6/trunk/3.10/1600_CVE-2013-4125-ipv6-fix-fib6_add_rt2node-BUG.patch 2013-07-29 00:59:57 UTC (rev 2458) |
37 |
@@ -1,79 +0,0 @@ |
38 |
-From 307f2fb95e9b96b3577916e73d92e104f8f26494 Mon Sep 17 00:00:00 2001 |
39 |
-From: Hannes Frederic Sowa <hannes@×××××××××××××××.org> |
40 |
-Date: Fri, 12 Jul 2013 21:46:33 +0000 |
41 |
-Subject: ipv6: only static routes qualify for equal cost multipathing |
42 |
- |
43 |
-Static routes in this case are non-expiring routes which did not get |
44 |
-configured by autoconf or by icmpv6 redirects. |
45 |
- |
46 |
-To make sure we actually get an ecmp route while searching for the first |
47 |
-one in this fib6_node's leafs, also make sure it matches the ecmp route |
48 |
-assumptions. |
49 |
- |
50 |
-v2: |
51 |
-a) Removed RTF_EXPIRE check in dst.from chain. The check of RTF_ADDRCONF |
52 |
- already ensures that this route, even if added again without |
53 |
- RTF_EXPIRES (in case of a RA announcement with infinite timeout), |
54 |
- does not cause the rt6i_nsiblings logic to go wrong if a later RA |
55 |
- updates the expiration time later. |
56 |
- |
57 |
-v3: |
58 |
-a) Allow RTF_EXPIRES routes to enter the ecmp route set. We have to do so, |
59 |
- because an pmtu event could update the RTF_EXPIRES flag and we would |
60 |
- not count this route, if another route joins this set. We now filter |
61 |
- only for RTF_GATEWAY|RTF_ADDRCONF|RTF_DYNAMIC, which are flags that |
62 |
- don't get changed after rt6_info construction. |
63 |
- |
64 |
-Cc: Nicolas Dichtel <nicolas.dichtel@×××××.com> |
65 |
-Signed-off-by: Hannes Frederic Sowa <hannes@×××××××××××××××.org> |
66 |
-Signed-off-by: David S. Miller <davem@×××××××××.net> |
67 |
---- |
68 |
-diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c |
69 |
-index 192dd1a..5fc9c7a 100644 |
70 |
---- a/net/ipv6/ip6_fib.c |
71 |
-+++ b/net/ipv6/ip6_fib.c |
72 |
-@@ -632,6 +632,12 @@ insert_above: |
73 |
- return ln; |
74 |
- } |
75 |
- |
76 |
-+static inline bool rt6_qualify_for_ecmp(struct rt6_info *rt) |
77 |
-+{ |
78 |
-+ return (rt->rt6i_flags & (RTF_GATEWAY|RTF_ADDRCONF|RTF_DYNAMIC)) == |
79 |
-+ RTF_GATEWAY; |
80 |
-+} |
81 |
-+ |
82 |
- /* |
83 |
- * Insert routing information in a node. |
84 |
- */ |
85 |
-@@ -646,6 +652,7 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt, |
86 |
- int add = (!info->nlh || |
87 |
- (info->nlh->nlmsg_flags & NLM_F_CREATE)); |
88 |
- int found = 0; |
89 |
-+ bool rt_can_ecmp = rt6_qualify_for_ecmp(rt); |
90 |
- |
91 |
- ins = &fn->leaf; |
92 |
- |
93 |
-@@ -691,9 +698,8 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt, |
94 |
- * To avoid long list, we only had siblings if the |
95 |
- * route have a gateway. |
96 |
- */ |
97 |
-- if (rt->rt6i_flags & RTF_GATEWAY && |
98 |
-- !(rt->rt6i_flags & RTF_EXPIRES) && |
99 |
-- !(iter->rt6i_flags & RTF_EXPIRES)) |
100 |
-+ if (rt_can_ecmp && |
101 |
-+ rt6_qualify_for_ecmp(iter)) |
102 |
- rt->rt6i_nsiblings++; |
103 |
- } |
104 |
- |
105 |
-@@ -715,7 +721,8 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt, |
106 |
- /* Find the first route that have the same metric */ |
107 |
- sibling = fn->leaf; |
108 |
- while (sibling) { |
109 |
-- if (sibling->rt6i_metric == rt->rt6i_metric) { |
110 |
-+ if (sibling->rt6i_metric == rt->rt6i_metric && |
111 |
-+ rt6_qualify_for_ecmp(sibling)) { |
112 |
- list_add_tail(&rt->rt6i_siblings, |
113 |
- &sibling->rt6i_siblings); |
114 |
- break; |
115 |
--- |
116 |
-cgit v0.9.2 |
117 |
|
118 |
Deleted: genpatches-2.6/trunk/3.10/1600_CVE-2013-4127-fix-use-after-free-in-vhost_net_flush.patch |
119 |
=================================================================== |
120 |
--- genpatches-2.6/trunk/3.10/1600_CVE-2013-4127-fix-use-after-free-in-vhost_net_flush.patch 2013-07-29 00:45:13 UTC (rev 2457) |
121 |
+++ genpatches-2.6/trunk/3.10/1600_CVE-2013-4127-fix-use-after-free-in-vhost_net_flush.patch 2013-07-29 00:59:57 UTC (rev 2458) |
122 |
@@ -1,56 +0,0 @@ |
123 |
-From dd7633ecd553a5e304d349aa6f8eb8a0417098c5 Mon Sep 17 00:00:00 2001 |
124 |
-From: Michael S. Tsirkin <mst@××××××.com> |
125 |
-Date: Sun, 07 Jul 2013 11:26:53 +0000 |
126 |
-Subject: vhost-net: fix use-after-free in vhost_net_flush |
127 |
- |
128 |
-vhost_net_ubuf_put_and_wait has a confusing name: |
129 |
-it will actually also free it's argument. |
130 |
-Thus since commit 1280c27f8e29acf4af2da914e80ec27c3dbd5c01 |
131 |
- "vhost-net: flush outstanding DMAs on memory change" |
132 |
-vhost_net_flush tries to use the argument after passing it |
133 |
-to vhost_net_ubuf_put_and_wait, this results |
134 |
-in use after free. |
135 |
-To fix, don't free the argument in vhost_net_ubuf_put_and_wait, |
136 |
-add an new API for callers that want to free ubufs. |
137 |
- |
138 |
-Acked-by: Asias He <asias@××××××.com> |
139 |
-Acked-by: Jason Wang <jasowang@××××××.com> |
140 |
-Signed-off-by: Michael S. Tsirkin <mst@××××××.com> |
141 |
-Signed-off-by: David S. Miller <davem@×××××××××.net> |
142 |
---- |
143 |
-diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c |
144 |
-index f80d3dd..8ca5ac7 100644 |
145 |
---- a/drivers/vhost/net.c |
146 |
-+++ b/drivers/vhost/net.c |
147 |
-@@ -150,6 +150,11 @@ static void vhost_net_ubuf_put_and_wait(struct vhost_net_ubuf_ref *ubufs) |
148 |
- { |
149 |
- kref_put(&ubufs->kref, vhost_net_zerocopy_done_signal); |
150 |
- wait_event(ubufs->wait, !atomic_read(&ubufs->kref.refcount)); |
151 |
-+} |
152 |
-+ |
153 |
-+static void vhost_net_ubuf_put_wait_and_free(struct vhost_net_ubuf_ref *ubufs) |
154 |
-+{ |
155 |
-+ vhost_net_ubuf_put_and_wait(ubufs); |
156 |
- kfree(ubufs); |
157 |
- } |
158 |
- |
159 |
-@@ -948,7 +953,7 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd) |
160 |
- mutex_unlock(&vq->mutex); |
161 |
- |
162 |
- if (oldubufs) { |
163 |
-- vhost_net_ubuf_put_and_wait(oldubufs); |
164 |
-+ vhost_net_ubuf_put_wait_and_free(oldubufs); |
165 |
- mutex_lock(&vq->mutex); |
166 |
- vhost_zerocopy_signal_used(n, vq); |
167 |
- mutex_unlock(&vq->mutex); |
168 |
-@@ -966,7 +971,7 @@ err_used: |
169 |
- rcu_assign_pointer(vq->private_data, oldsock); |
170 |
- vhost_net_enable_vq(n, vq); |
171 |
- if (ubufs) |
172 |
-- vhost_net_ubuf_put_and_wait(ubufs); |
173 |
-+ vhost_net_ubuf_put_wait_and_free(ubufs); |
174 |
- err_ubufs: |
175 |
- fput(sock->file); |
176 |
- err_vq: |
177 |
--- |
178 |
-cgit v0.9.2 |