Commit 1f0679f5 authored by Koen Vandeputte's avatar Koen Vandeputte
Browse files

kernel: bump 4.14 to 4.14.176



Refreshed all patches.

Remove upstreamed:
- 0001-net-thunderx-workaround-BGX-TX-Underflow-issue.patch
- 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch

Fixes:
- CVE-2020-8647
- CVE-2020-8648 (potentially)
- CVE-2020-8649

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: default avatarKoen Vandeputte <koen.vandeputte@ncentric.com>
parent 82c8170c
......@@ -3,10 +3,10 @@
LINUX_RELEASE?=1
LINUX_VERSION-4.9 = .219
LINUX_VERSION-4.14 = .172
LINUX_VERSION-4.14 = .176
LINUX_KERNEL_HASH-4.9.219 = 6b17238cced3e1c2753d6d5b4f662bd347d4651f07c35506b849eb10aea7bc44
LINUX_KERNEL_HASH-4.14.172 = 2318a1ab937580a079351ed20557c336a3d95b664f667b14e3ba49e3271b217a
LINUX_KERNEL_HASH-4.14.176 = bcae0956baaeb55dab5bad0401873fbc5baaa7fbe957ea6d27a5ab241cec5ca2
remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))
......
......@@ -44,7 +44,7 @@ Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
#include "xhci.h"
#include "xhci-trace.h"
@@ -268,6 +270,458 @@ static void xhci_pme_acpi_rtd3_enable(st
@@ -269,6 +271,458 @@ static void xhci_pme_acpi_rtd3_enable(st
static void xhci_pme_acpi_rtd3_enable(struct pci_dev *dev) { }
#endif /* CONFIG_ACPI */
......@@ -503,7 +503,7 @@ Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
/* called during probe() after chip reset completes */
static int xhci_pci_setup(struct usb_hcd *hcd)
{
@@ -306,6 +760,22 @@ static int xhci_pci_probe(struct pci_dev
@@ -307,6 +761,22 @@ static int xhci_pci_probe(struct pci_dev
struct hc_driver *driver;
struct usb_hcd *hcd;
......@@ -526,7 +526,7 @@ Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
driver = (struct hc_driver *)id->driver_data;
/* For some HW implementation, a XHCI reset is just not enough... */
@@ -367,6 +837,16 @@ static void xhci_pci_remove(struct pci_d
@@ -368,6 +838,16 @@ static void xhci_pci_remove(struct pci_d
{
struct xhci_hcd *xhci;
......
......@@ -13,7 +13,7 @@ produce a noisy warning.
--- a/drivers/usb/host/xhci-pci.c
+++ b/drivers/usb/host/xhci-pci.c
@@ -221,7 +221,7 @@ static void xhci_pci_quirks(struct devic
@@ -222,7 +222,7 @@ static void xhci_pci_quirks(struct devic
xhci->quirks |= XHCI_TRUST_TX_LENGTH;
if (pdev->vendor == PCI_VENDOR_ID_RENESAS &&
pdev->device == 0x0015)
......
......@@ -55,7 +55,7 @@ Cc: Kir Kolyshkin <kir@openvz.org>
rwlock_t sk_callback_lock;
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -2745,6 +2745,7 @@ void sock_init_data(struct socket *sock,
@@ -2748,6 +2748,7 @@ void sock_init_data(struct socket *sock,
sk->sk_max_pacing_rate = ~0U;
sk->sk_pacing_rate = ~0U;
......
......@@ -30,7 +30,7 @@ Signed-off-by: Johan Hovold <johan@kernel.org>
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -1981,7 +1981,8 @@ static const struct usb_device_id option
@@ -1983,7 +1983,8 @@ static const struct usb_device_id option
{ USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d01, 0xff) }, /* D-Link DWM-156 (variant) */
{ USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d02, 0xff) },
{ USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d03, 0xff) },
......
......@@ -47,7 +47,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
};
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -960,6 +960,9 @@ static unsigned int early_drop_list(stru
@@ -974,6 +974,9 @@ static unsigned int early_drop_list(stru
hlist_nulls_for_each_entry_rcu(h, n, head, hnnode) {
tmp = nf_ct_tuplehash_to_ctrack(h);
......@@ -57,7 +57,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (nf_ct_is_expired(tmp)) {
nf_ct_gc_expired(tmp);
continue;
@@ -1037,6 +1040,18 @@ static bool gc_worker_can_early_drop(con
@@ -1051,6 +1054,18 @@ static bool gc_worker_can_early_drop(con
return false;
}
......@@ -76,7 +76,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
static void gc_worker(struct work_struct *work)
{
unsigned int min_interval = max(HZ / GC_MAX_BUCKETS_DIV, 1u);
@@ -1073,6 +1088,11 @@ static void gc_worker(struct work_struct
@@ -1087,6 +1102,11 @@ static void gc_worker(struct work_struct
tmp = nf_ct_tuplehash_to_ctrack(h);
scanned++;
......
......@@ -21,7 +21,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1040,18 +1040,6 @@ static bool gc_worker_can_early_drop(con
@@ -1054,18 +1054,6 @@ static bool gc_worker_can_early_drop(con
return false;
}
......@@ -40,7 +40,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
static void gc_worker(struct work_struct *work)
{
unsigned int min_interval = max(HZ / GC_MAX_BUCKETS_DIV, 1u);
@@ -1088,10 +1076,8 @@ static void gc_worker(struct work_struct
@@ -1102,10 +1090,8 @@ static void gc_worker(struct work_struct
tmp = nf_ct_tuplehash_to_ctrack(h);
scanned++;
......
From 82afdcd4ec3c8ca6551cbf7c43c09e2fd240487a Mon Sep 17 00:00:00 2001
From: Hangbin Liu <liuhangbin@gmail.com>
Date: Tue, 10 Mar 2020 15:27:37 +0800
Subject: [PATCH] ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Rafał found an issue that for non-Ethernet interface, if we down and up
frequently, the memory will be consumed slowly.
The reason is we add allnodes/allrouters addressed in multicast list in
ipv6_add_dev(). When link down, we call ipv6_mc_down(), store all multicast
addresses via mld_add_delrec(). But when link up, we don't call ipv6_mc_up()
for non-Ethernet interface to remove the addresses. This makes idev->mc_tomb
getting bigger and bigger. The call stack looks like:
addrconf_notify(NETDEV_REGISTER)
ipv6_add_dev
ipv6_dev_mc_inc(ff01::1)
ipv6_dev_mc_inc(ff02::1)
ipv6_dev_mc_inc(ff02::2)
addrconf_notify(NETDEV_UP)
addrconf_dev_config
/* Alas, we support only Ethernet autoconfiguration. */
return;
addrconf_notify(NETDEV_DOWN)
addrconf_ifdown
ipv6_mc_down
igmp6_group_dropped(ff02::2)
mld_add_delrec(ff02::2)
igmp6_group_dropped(ff02::1)
igmp6_group_dropped(ff01::1)
After investigating, I can't found a rule to disable multicast on
non-Ethernet interface. In RFC2460, the link could be Ethernet, PPP, ATM,
tunnels, etc. In IPv4, it doesn't check the dev type when calls ip_mc_up()
in inetdev_event(). Even for IPv6, we don't check the dev type and call
ipv6_add_dev(), ipv6_dev_mc_inc() after register device.
So I think it's OK to fix this memory consumer by calling ipv6_mc_up() for
non-Ethernet interface.
v2: Also check IFF_MULTICAST flag to make sure the interface supports
multicast
Reported-by: Rafał Miłecki <zajec5@gmail.com>
Tested-by: Rafał Miłecki <zajec5@gmail.com>
Fixes: 74235a25c673 ("[IPV6] addrconf: Fix IPv6 on tuntap tunnels")
Fixes: 1666d49e1d41 ("mld: do not remove mld souce list info when set link down")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/ipv6/addrconf.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -3223,6 +3223,10 @@ static void addrconf_dev_config(struct n
(dev->type != ARPHRD_TUNNEL) &&
(dev->type != ARPHRD_NONE)) {
/* Alas, we support only Ethernet autoconfiguration. */
+ idev = __in6_dev_get(dev);
+ if (!IS_ERR_OR_NULL(idev) && dev->flags & IFF_UP &&
+ dev->flags & IFF_MULTICAST)
+ ipv6_mc_up(idev);
return;
}
--- a/include/linux/phy.h
+++ b/include/linux/phy.h
@@ -547,6 +547,12 @@ struct phy_driver {
@@ -549,6 +549,12 @@ struct phy_driver {
/* Determines the negotiated speed and duplex */
int (*read_status)(struct phy_device *phydev);
......@@ -15,7 +15,7 @@
--- a/drivers/net/phy/phy_device.c
+++ b/drivers/net/phy/phy_device.c
@@ -1462,6 +1462,9 @@ int genphy_update_link(struct phy_device
@@ -1466,6 +1466,9 @@ int genphy_update_link(struct phy_device
{
int status;
......
......@@ -96,7 +96,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
u64 res;
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -420,6 +420,7 @@ config INET_XFRM_MODE_BEET
@@ -421,6 +421,7 @@ config INET_XFRM_MODE_BEET
config INET_DIAG
tristate "INET: socket monitoring interface"
......
......@@ -233,7 +233,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
return -ENOMEM;
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -2783,6 +2783,8 @@ static const struct file_operations proc
@@ -2786,6 +2786,8 @@ static const struct file_operations proc
static int __init proc_vmalloc_init(void)
{
......@@ -328,7 +328,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -3384,6 +3384,8 @@ static __net_initdata struct pernet_oper
@@ -3387,6 +3387,8 @@ static __net_initdata struct pernet_oper
static int __init proto_init(void)
{
......@@ -339,7 +339,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -2740,10 +2740,12 @@ static const struct file_operations fib_
@@ -2743,10 +2743,12 @@ static const struct file_operations fib_
int __net_init fib_proc_init(struct net *net)
{
......@@ -354,7 +354,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
&fib_triestat_fops))
goto out2;
@@ -2753,17 +2755,21 @@ int __net_init fib_proc_init(struct net
@@ -2756,17 +2758,21 @@ int __net_init fib_proc_init(struct net
return 0;
out3:
......
......@@ -71,7 +71,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (!net_eq(dev_net(dev), sock_net(sk)))
goto drop;
@@ -2213,12 +2215,12 @@ static int tpacket_rcv(struct sk_buff *s
@@ -2214,12 +2216,12 @@ static int tpacket_rcv(struct sk_buff *s
BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h2)) != 32);
BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h3)) != 48);
......@@ -87,7 +87,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (!net_eq(dev_net(dev), sock_net(sk)))
goto drop;
@@ -3301,6 +3303,7 @@ static int packet_create(struct net *net
@@ -3313,6 +3315,7 @@ static int packet_create(struct net *net
mutex_init(&po->pg_vec_lock);
po->rollover = NULL;
po->prot_hook.func = packet_rcv;
......@@ -95,7 +95,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (sock->type == SOCK_PACKET)
po->prot_hook.func = packet_rcv_spkt;
@@ -3923,6 +3926,16 @@ packet_setsockopt(struct socket *sock, i
@@ -3935,6 +3938,16 @@ packet_setsockopt(struct socket *sock, i
po->xmit = val ? packet_direct_xmit : dev_queue_xmit;
return 0;
}
......@@ -112,7 +112,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
default:
return -ENOPROTOOPT;
}
@@ -3975,6 +3988,13 @@ static int packet_getsockopt(struct sock
@@ -3987,6 +4000,13 @@ static int packet_getsockopt(struct sock
case PACKET_VNET_HDR:
val = po->has_vnet_hdr;
break;
......@@ -128,7 +128,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
break;
--- a/net/packet/internal.h
+++ b/net/packet/internal.h
@@ -132,6 +132,7 @@ struct packet_sock {
@@ -135,6 +135,7 @@ struct packet_sock {
struct net_device __rcu *cached_dev;
int (*xmit)(struct sk_buff *skb);
struct packet_type prot_hook ____cacheline_aligned_in_smp;
......
......@@ -66,7 +66,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
static void rt_fibinfo_free(struct rtable __rcu **rtp)
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -2469,6 +2469,7 @@ static const char *const rtn_type_names[
@@ -2472,6 +2472,7 @@ static const char *const rtn_type_names[
[RTN_THROW] = "THROW",
[RTN_NAT] = "NAT",
[RTN_XRESOLVE] = "XRESOLVE",
......@@ -181,7 +181,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
cfg->fc_flags |= RTF_REJECT;
if (rtm->rtm_type == RTN_LOCAL)
@@ -3514,6 +3548,9 @@ static int rt6_fill_node(struct net *net
@@ -3515,6 +3549,9 @@ static int rt6_fill_node(struct net *net
case -EACCES:
rtm->rtm_type = RTN_PROHIBIT;
break;
......@@ -191,7 +191,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
case -EAGAIN:
rtm->rtm_type = RTN_THROW;
break;
@@ -3832,6 +3869,8 @@ static int ip6_route_dev_notify(struct n
@@ -3833,6 +3870,8 @@ static int ip6_route_dev_notify(struct n
#ifdef CONFIG_IPV6_MULTIPLE_TABLES
net->ipv6.ip6_prohibit_entry->dst.dev = dev;
net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev);
......@@ -200,7 +200,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
net->ipv6.ip6_blk_hole_entry->dst.dev = dev;
net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev);
#endif
@@ -3843,6 +3882,7 @@ static int ip6_route_dev_notify(struct n
@@ -3844,6 +3883,7 @@ static int ip6_route_dev_notify(struct n
in6_dev_put_clear(&net->ipv6.ip6_null_entry->rt6i_idev);
#ifdef CONFIG_IPV6_MULTIPLE_TABLES
in6_dev_put_clear(&net->ipv6.ip6_prohibit_entry->rt6i_idev);
......@@ -208,7 +208,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
in6_dev_put_clear(&net->ipv6.ip6_blk_hole_entry->rt6i_idev);
#endif
}
@@ -4059,6 +4099,17 @@ static int __net_init ip6_route_net_init
@@ -4060,6 +4100,17 @@ static int __net_init ip6_route_net_init
net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops;
dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst,
ip6_template_metrics, true);
......@@ -226,7 +226,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
#endif
net->ipv6.sysctl.flush_delay = 0;
@@ -4077,6 +4128,8 @@ out:
@@ -4078,6 +4129,8 @@ out:
return ret;
#ifdef CONFIG_IPV6_MULTIPLE_TABLES
......@@ -235,7 +235,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
out_ip6_prohibit_entry:
kfree(net->ipv6.ip6_prohibit_entry);
out_ip6_null_entry:
@@ -4094,6 +4147,7 @@ static void __net_exit ip6_route_net_exi
@@ -4095,6 +4148,7 @@ static void __net_exit ip6_route_net_exi
#ifdef CONFIG_IPV6_MULTIPLE_TABLES
kfree(net->ipv6.ip6_prohibit_entry);
kfree(net->ipv6.ip6_blk_hole_entry);
......@@ -243,7 +243,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
#endif
dst_entries_destroy(&net->ipv6.ip6_dst_ops);
}
@@ -4167,6 +4221,9 @@ void __init ip6_route_init_special_entri
@@ -4168,6 +4222,9 @@ void __init ip6_route_init_special_entri
init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev;
init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
......
......@@ -85,7 +85,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
* @phydev: the phy_device struct
--- a/include/linux/phy.h
+++ b/include/linux/phy.h
@@ -909,6 +909,7 @@ void phy_ethtool_ksettings_get(struct ph
@@ -911,6 +911,7 @@ void phy_ethtool_ksettings_get(struct ph
struct ethtool_link_ksettings *cmd);
int phy_ethtool_ksettings_set(struct phy_device *phydev,
const struct ethtool_link_ksettings *cmd);
......
......@@ -11,7 +11,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
--- a/drivers/net/phy/phy_device.c
+++ b/drivers/net/phy/phy_device.c
@@ -1106,6 +1106,9 @@ void phy_detach(struct phy_device *phyde
@@ -1110,6 +1110,9 @@ void phy_detach(struct phy_device *phyde
struct module *ndev_owner = dev->dev.parent->driver->owner;
struct mii_bus *bus;
......@@ -23,7 +23,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
sysfs_remove_link(&phydev->mdio.dev.kobj, "attached_dev");
--- a/include/linux/phy.h
+++ b/include/linux/phy.h
@@ -559,6 +559,12 @@ struct phy_driver {
@@ -561,6 +561,12 @@ struct phy_driver {
*/
int (*did_interrupt)(struct phy_device *phydev);
......
......@@ -10,7 +10,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
--- a/drivers/net/phy/phy_device.c
+++ b/drivers/net/phy/phy_device.c
@@ -1944,7 +1944,7 @@ static struct phy_driver genphy_driver =
@@ -1948,7 +1948,7 @@ static struct phy_driver genphy_driver =
.config_init = genphy_config_init,
.features = PHY_GBIT_FEATURES | SUPPORTED_MII |
SUPPORTED_AUI | SUPPORTED_FIBRE |
......
......@@ -17,7 +17,7 @@ Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
--- a/drivers/rtc/Kconfig
+++ b/drivers/rtc/Kconfig
@@ -1715,6 +1715,16 @@ config RTC_DRV_MT6397
@@ -1716,6 +1716,16 @@ config RTC_DRV_MT6397
If you want to use Mediatek(R) RTC interface, select Y or M here.
......
......@@ -18,7 +18,7 @@ Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
--- a/drivers/rtc/Kconfig
+++ b/drivers/rtc/Kconfig
@@ -1706,14 +1706,14 @@ config RTC_DRV_MOXART
@@ -1707,14 +1707,14 @@ config RTC_DRV_MOXART
will be called rtc-moxart
config RTC_DRV_MT6397
......
......@@ -86,7 +86,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
if (!xhci->shared_hcd) {
--- a/drivers/usb/host/xhci-pci.c
+++ b/drivers/usb/host/xhci-pci.c
@@ -279,6 +279,9 @@ static int xhci_pci_setup(struct usb_hcd
@@ -280,6 +280,9 @@ static int xhci_pci_setup(struct usb_hcd
if (!xhci->sbrn)
pci_read_config_byte(pdev, XHCI_SBRN_OFFSET, &xhci->sbrn);
......
......@@ -9,7 +9,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
--- a/drivers/net/ethernet/marvell/mvneta.c
+++ b/drivers/net/ethernet/marvell/mvneta.c
@@ -3961,6 +3961,15 @@ static int mvneta_ethtool_set_wol(struct
@@ -3960,6 +3960,15 @@ static int mvneta_ethtool_set_wol(struct
return ret;
}
......@@ -25,7 +25,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
static const struct net_device_ops mvneta_netdev_ops = {
.ndo_open = mvneta_open,
.ndo_stop = mvneta_stop,
@@ -3971,6 +3980,7 @@ static const struct net_device_ops mvnet
@@ -3970,6 +3979,7 @@ static const struct net_device_ops mvnet
.ndo_fix_features = mvneta_fix_features,
.ndo_get_stats64 = mvneta_get_stats64,
.ndo_do_ioctl = mvneta_ioctl,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment