[PATCH 4.6 75/81] netfilter: x_tables: assert minimum target size

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit a08e4e190b866579896c09af59b3bdca821da2cd upstream. The target size includes the size of the xt_entry_target struct. Signed-off-by: Florian Westphal Signed-off-by:

[PATCH 4.6 77/81] netfilter: x_tables: check standard target size too

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 7ed2abddd20cf8f6bd27f65bd218f26fa5bf7f44 upstream. We have targets and standard targets -- the latter carries a verdict. The ip/ip6tables validation functions will

[PATCH 4.6 73/81] netfilter: x_tables: add and use xt_check_entry_offsets

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 7d35812c3214afa5b37a675113555259cfd67b98 upstream. Currently arp/ip and ip6tables each implement a short helper to check that the target offset is large

[PATCH 4.6 80/81] netfilter: x_tables: dont reject valid target size on some architectures

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 7b7eba0f3515fca3296b8881d583f7c1042f5226 upstream. Quoting John Stultz: In updating a 32bit arm device from 4.6 to Linus' current HEAD, I noticed I

[PATCH 4.6 73/81] netfilter: x_tables: add and use xt_check_entry_offsets

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 7d35812c3214afa5b37a675113555259cfd67b98 upstream. Currently arp/ip and ip6tables each implement a short helper to check that the target offset is large enough to hold

[PATCH 4.6 80/81] netfilter: x_tables: dont reject valid target size on some architectures

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 7b7eba0f3515fca3296b8881d583f7c1042f5226 upstream. Quoting John Stultz: In updating a 32bit arm device from 4.6 to Linus' current HEAD, I noticed I was having some

[PATCH 4.6 72/81] netfilter: x_tables: validate targets of jumps

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 36472341017529e2b12573093cc0f68719300997 upstream. When we see a jump also check that the offset gets us to beginning of a rule (an ipt_entry). The

[PATCH 4.6 79/81] netfilter: x_tables: validate all offsets and sizes in a rule

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 13631bfc604161a9d69cd68991dff8603edd66f9 upstream. Validate that all matches (if any) add up to the beginning of the target and that each match covers

[PATCH 4.6 72/81] netfilter: x_tables: validate targets of jumps

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 36472341017529e2b12573093cc0f68719300997 upstream. When we see a jump also check that the offset gets us to beginning of a rule (an ipt_entry). The extra overhead is

[PATCH 4.6 79/81] netfilter: x_tables: validate all offsets and sizes in a rule

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 13631bfc604161a9d69cd68991dff8603edd66f9 upstream. Validate that all matches (if any) add up to the beginning of the target and that each match covers at least the base

[PATCH 4.6 36/81] ALSA: hda/realtek: Add T560 docking unit fixup

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Torsten Hilbrich commit dab38e43b298501a4e8807b56117c029e2e98383 upstream. Tested with Lenovo Ultradock. Fixes the non-working headphone jack on the docking unit.

[PATCH 4.6 36/81] ALSA: hda/realtek: Add T560 docking unit fixup

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Torsten Hilbrich commit dab38e43b298501a4e8807b56117c029e2e98383 upstream. Tested with Lenovo Ultradock. Fixes the non-working headphone jack on the docking unit. Signed-off-by: Torsten

Re: [PATCH] ACPI: don't show an error when we're not in charge of PCIe hotplug.

On Wed, Jun 22, 2016 at 10:53 PM, Andy Lutomirski wrote: > On Wed, Jun 22, 2016 at 12:43 PM, wrote: >>> -Original Message- >>> From: rjwyso...@gmail.com [mailto:rjwyso...@gmail.com] On Behalf Of [cut] >> I think changing that would help

[PATCH 4.6 49/81] powerpc/pseries/eeh: Handle RTAS delay requests in configure_bridge

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Russell Currey commit 871e178e0f2c4fa788f694721a10b4758d494ce1 upstream. In the "ibm,configure-pe" and "ibm,configure-bridge" RTAS calls, the spec states that values of

Re: [PATCH] ACPI: don't show an error when we're not in charge of PCIe hotplug.

On Wed, Jun 22, 2016 at 10:53 PM, Andy Lutomirski wrote: > On Wed, Jun 22, 2016 at 12:43 PM, wrote: >>> -Original Message- >>> From: rjwyso...@gmail.com [mailto:rjwyso...@gmail.com] On Behalf Of [cut] >> I think changing that would help communicate what's going on here and at >> least

[PATCH 4.6 49/81] powerpc/pseries/eeh: Handle RTAS delay requests in configure_bridge

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Russell Currey commit 871e178e0f2c4fa788f694721a10b4758d494ce1 upstream. In the "ibm,configure-pe" and "ibm,configure-bridge" RTAS calls, the spec states that values of 9900-9905 can be

[PATCH 4.6 03/81] tipc: check nl sock before parsing nested attributes

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Richard Alpe [ Upstream commit 45e093ae2830cd1264677d47ff9a95a71f5d9f9c ] Make sure the socket for which the user is listing publication exists before parsing the

[PATCH 4.6 03/81] tipc: check nl sock before parsing nested attributes

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Richard Alpe [ Upstream commit 45e093ae2830cd1264677d47ff9a95a71f5d9f9c ] Make sure the socket for which the user is listing publication exists before parsing the socket netlink attributes.

[PATCH 4.6 52/81] powerpc/pseries: Add POWER8NVL support to ibm,client-architecture-support call

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Huth commit 7cc851039d643a2ee7df4d18177150f2c3a484f5 upstream. If we do not provide the PVR for POWER8NVL, a guest on this system currently ends up in PowerISA 2.06

[PATCH 4.6 52/81] powerpc/pseries: Add POWER8NVL support to ibm,client-architecture-support call

4.6-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Huth commit 7cc851039d643a2ee7df4d18177150f2c3a484f5 upstream. If we do not provide the PVR for POWER8NVL, a guest on this system currently ends up in PowerISA 2.06 compatibility mode

[PATCH 4.4 43/75] parisc: Fix pagefault crash in unaligned __get_user() call

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Helge Deller commit 8b78f260887df532da529f225c49195d18fef36b upstream. One of the debian buildd servers had this crash in the syslog without any other information: Unaligned

[PATCH 4.4 43/75] parisc: Fix pagefault crash in unaligned __get_user() call

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Helge Deller commit 8b78f260887df532da529f225c49195d18fef36b upstream. One of the debian buildd servers had this crash in the syslog without any other information: Unaligned handler failed,

[PATCH 4.4 36/75] arm64: Provide "model name" in /proc/cpuinfo for PER_LINUX32 tasks

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Catalin Marinas commit e47b020a323d1b2a7b1e9aac86e99eae19463630 upstream. This patch brings the PER_LINUX32 /proc/cpuinfo format more in line with the 32-bit ARM one

[PATCH 4.4 36/75] arm64: Provide "model name" in /proc/cpuinfo for PER_LINUX32 tasks

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Catalin Marinas commit e47b020a323d1b2a7b1e9aac86e99eae19463630 upstream. This patch brings the PER_LINUX32 /proc/cpuinfo format more in line with the 32-bit ARM one by providing an additional

[PATCH 4.4 68/75] netfilter: x_tables: add and use xt_check_entry_offsets

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 7d35812c3214afa5b37a675113555259cfd67b98 upstream. Currently arp/ip and ip6tables each implement a short helper to check that the target offset is large

[PATCH 4.4 69/75] netfilter: x_tables: kill check_entry helper

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit aa412ba225dd3bc36d404c28cdc3d674850d80d0 upstream. Once we add more sanity testing to xt_check_entry_offsets it becomes relvant if we're expecting a

[PATCH 4.4 68/75] netfilter: x_tables: add and use xt_check_entry_offsets

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 7d35812c3214afa5b37a675113555259cfd67b98 upstream. Currently arp/ip and ip6tables each implement a short helper to check that the target offset is large enough to hold

[PATCH 4.4 69/75] netfilter: x_tables: kill check_entry helper

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit aa412ba225dd3bc36d404c28cdc3d674850d80d0 upstream. Once we add more sanity testing to xt_check_entry_offsets it becomes relvant if we're expecting a 32bit

[PATCH 4.4 71/75] netfilter: x_tables: add compat version of xt_check_entry_offsets

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit fc1221b3a163d1386d1052184202d5dc50d302d1 upstream. 32bit rulesets have different layout and alignment requirements, so once more integrity checks get

[PATCH 4.4 45/75] ecryptfs: forbid opening files without mmap handler

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit 2f36db71009304b3f0b95afacd8eba1f9f046b87 upstream. This prevents users from triggering a stack overflow through a recursive invocation of pagefault handling

[PATCH 4.4 71/75] netfilter: x_tables: add compat version of xt_check_entry_offsets

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit fc1221b3a163d1386d1052184202d5dc50d302d1 upstream. 32bit rulesets have different layout and alignment requirements, so once more integrity checks get added to

[PATCH 4.4 45/75] ecryptfs: forbid opening files without mmap handler

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit 2f36db71009304b3f0b95afacd8eba1f9f046b87 upstream. This prevents users from triggering a stack overflow through a recursive invocation of pagefault handling that involves

Re: Documenting ptrace access mode checking

On Wed, Jun 22, 2016 at 09:21:29PM +0200, Michael Kerrisk (man-pages) wrote: > On 06/21/2016 10:55 PM, Jann Horn wrote: > >On Tue, Jun 21, 2016 at 11:41:16AM +0200, Michael Kerrisk (man-pages) wrote: > >>Here's the new ptrace(2) text. Any comments, technical or terminological > >>fixes, other

Re: Documenting ptrace access mode checking

On Wed, Jun 22, 2016 at 09:21:29PM +0200, Michael Kerrisk (man-pages) wrote: > On 06/21/2016 10:55 PM, Jann Horn wrote: > >On Tue, Jun 21, 2016 at 11:41:16AM +0200, Michael Kerrisk (man-pages) wrote: > >>Here's the new ptrace(2) text. Any comments, technical or terminological > >>fixes, other

[PATCH 4.4 67/75] netfilter: x_tables: validate targets of jumps

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 36472341017529e2b12573093cc0f68719300997 upstream. When we see a jump also check that the offset gets us to beginning of a rule (an ipt_entry). The

[PATCH 4.4 67/75] netfilter: x_tables: validate targets of jumps

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 36472341017529e2b12573093cc0f68719300997 upstream. When we see a jump also check that the offset gets us to beginning of a rule (an ipt_entry). The extra overhead is

[PATCH 4.4 66/75] netfilter: x_tables: dont move to non-existent next rule

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit f24e230d257af1ad7476c6e81a8dc3127a74204e upstream. Ben Hawkes says: In the mark_source_chains function (net/ipv4/netfilter/ip_tables.c) it is

[PATCH 4.4 66/75] netfilter: x_tables: dont move to non-existent next rule

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit f24e230d257af1ad7476c6e81a8dc3127a74204e upstream. Ben Hawkes says: In the mark_source_chains function (net/ipv4/netfilter/ip_tables.c) it is possible for a

[PATCH 4.4 70/75] netfilter: x_tables: assert minimum target size

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit a08e4e190b866579896c09af59b3bdca821da2cd upstream. The target size includes the size of the xt_entry_target struct. Signed-off-by: Florian Westphal

[PATCH 4.4 52/75] sparc64: Fix bootup regressions on some Kconfig combinations.

4.4-stable review patch. If anyone has any objections, please let me know. -- From: "David S. Miller" [ Upstream commit 49fa5230462f9f2c4e97c81356473a6bdf06c422 ] The system call tracing bug fix mentioned in the Fixes tag below increased the amount of

[PATCH 4.4 70/75] netfilter: x_tables: assert minimum target size

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit a08e4e190b866579896c09af59b3bdca821da2cd upstream. The target size includes the size of the xt_entry_target struct. Signed-off-by: Florian Westphal Signed-off-by:

[PATCH 4.4 52/75] sparc64: Fix bootup regressions on some Kconfig combinations.

4.4-stable review patch. If anyone has any objections, please let me know. -- From: "David S. Miller" [ Upstream commit 49fa5230462f9f2c4e97c81356473a6bdf06c422 ] The system call tracing bug fix mentioned in the Fixes tag below increased the amount of assembler code in the

[PATCH 4.4 74/75] netfilter: x_tables: validate all offsets and sizes in a rule

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 13631bfc604161a9d69cd68991dff8603edd66f9 upstream. Validate that all matches (if any) add up to the beginning of the target and that each match covers

Re: [patch] mm, compaction: abort free scanner if split fails

On Wed, 22 Jun 2016 15:06:29 -0700 (PDT) David Rientjes wrote: > On Wed, 22 Jun 2016, Andrew Morton wrote: > > > On Tue, 21 Jun 2016 18:22:49 -0700 (PDT) David Rientjes > > wrote: > > > > > If the memory compaction free scanner cannot successfully

[PATCH 4.4 74/75] netfilter: x_tables: validate all offsets and sizes in a rule

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 13631bfc604161a9d69cd68991dff8603edd66f9 upstream. Validate that all matches (if any) add up to the beginning of the target and that each match covers at least the base

Re: [patch] mm, compaction: abort free scanner if split fails

On Wed, 22 Jun 2016 15:06:29 -0700 (PDT) David Rientjes wrote: > On Wed, 22 Jun 2016, Andrew Morton wrote: > > > On Tue, 21 Jun 2016 18:22:49 -0700 (PDT) David Rientjes > > wrote: > > > > > If the memory compaction free scanner cannot successfully split a free > > > page (only possible due

[PATCH 4.4 75/75] netfilter: x_tables: dont reject valid target size on some architectures

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 7b7eba0f3515fca3296b8881d583f7c1042f5226 upstream. Quoting John Stultz: In updating a 32bit arm device from 4.6 to Linus' current HEAD, I noticed I

[PATCH 4.4 75/75] netfilter: x_tables: dont reject valid target size on some architectures

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 7b7eba0f3515fca3296b8881d583f7c1042f5226 upstream. Quoting John Stultz: In updating a 32bit arm device from 4.6 to Linus' current HEAD, I noticed I was having some

Re: Stable -rc git trees and email headers

On Wed, Jun 22, 2016 at 10:12:14AM -0700, Kevin Hilman wrote: > On Wed, Jun 22, 2016 at 8:14 AM, Willy Tarreau wrote: > > On Wed, Jun 22, 2016 at 08:11:41AM -0700, Greg KH wrote: > >> On Wed, Jun 22, 2016 at 08:02:14AM -0700, Kevin Hilman wrote: > >> > Hi Greg, > >> > > >> > On Fri,

[PATCH 4.4 72/75] netfilter: x_tables: check standard target size too

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 7ed2abddd20cf8f6bd27f65bd218f26fa5bf7f44 upstream. We have targets and standard targets -- the latter carries a verdict. The ip/ip6tables validation

[PATCH 4.4 48/75] proc: prevent stacking filesystems on top

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit e54ad7f1ee263ffa5a2de9c609d58dfa27b21cd9 upstream. This prevents stacking filesystems (ecryptfs and overlayfs) from using procfs as lower filesystem. There

Re: Stable -rc git trees and email headers

On Wed, Jun 22, 2016 at 10:12:14AM -0700, Kevin Hilman wrote: > On Wed, Jun 22, 2016 at 8:14 AM, Willy Tarreau wrote: > > On Wed, Jun 22, 2016 at 08:11:41AM -0700, Greg KH wrote: > >> On Wed, Jun 22, 2016 at 08:02:14AM -0700, Kevin Hilman wrote: > >> > Hi Greg, > >> > > >> > On Fri, Jun 17, 2016

[PATCH 4.4 72/75] netfilter: x_tables: check standard target size too

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 7ed2abddd20cf8f6bd27f65bd218f26fa5bf7f44 upstream. We have targets and standard targets -- the latter carries a verdict. The ip/ip6tables validation functions will

[PATCH 4.4 48/75] proc: prevent stacking filesystems on top

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit e54ad7f1ee263ffa5a2de9c609d58dfa27b21cd9 upstream. This prevents stacking filesystems (ecryptfs and overlayfs) from using procfs as lower filesystem. There is too much magic

[PATCH 4.4 73/75] netfilter: x_tables: check for bogus target offset

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit ce683e5f9d045e5d67d1312a42b359cb2ab2a13c upstream. We're currently asserting that targetoff + targetsize <= nextoff. Extend it to also check that

[PATCH 4.4 73/75] netfilter: x_tables: check for bogus target offset

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit ce683e5f9d045e5d67d1312a42b359cb2ab2a13c upstream. We're currently asserting that targetoff + targetsize <= nextoff. Extend it to also check that targetoff is >=

[PATCH 4.4 09/75] udp: prevent skbs lingering in tunnel socket queues

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Hannes Frederic Sowa [ Upstream commit e5aed006be918af163eb397e45aa5ea6cefd5e01 ] In case we find a socket with encapsulation enabled we should call the encap_recv

[PATCH 4.4 09/75] udp: prevent skbs lingering in tunnel socket queues

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Hannes Frederic Sowa [ Upstream commit e5aed006be918af163eb397e45aa5ea6cefd5e01 ] In case we find a socket with encapsulation enabled we should call the encap_recv function even if just a udp

[PATCH 4.4 50/75] fix d_walk()/non-delayed __d_free() race

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 3d56c25e3bb0726a5c5e16fc2d9e38f8ed763085 upstream. Ascend-to-parent logics in d_walk() depends on all encountered child dentries not getting freed

[PATCH 4.4 50/75] fix d_walk()/non-delayed __d_free() race

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 3d56c25e3bb0726a5c5e16fc2d9e38f8ed763085 upstream. Ascend-to-parent logics in d_walk() depends on all encountered child dentries not getting freed without an RCU delay.

[PATCH 3.14 17/29] netfilter: x_tables: fix unconditional helper

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 54d83fc74aa9ec72794373cb47432c5f7fb1a309 upstream. Ben Hawkes says: In the mark_source_chains function (net/ipv4/netfilter/ip_tables.c) it is

[PATCH 3.14 17/29] netfilter: x_tables: fix unconditional helper

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 54d83fc74aa9ec72794373cb47432c5f7fb1a309 upstream. Ben Hawkes says: In the mark_source_chains function (net/ipv4/netfilter/ip_tables.c) it is possible for a

[PATCH 3.14 18/29] xfs: fix up backport error in fs/xfs/xfs_inode.c

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Greg Kroah-Hartman Commit c66edeaf79bb6f0ca688ffec9ca50a61b7569984, which was a backport of commit b1438f477934f5a4d5a44df26f3079a7575d5946 upstream, needed to have

[PATCH 3.14 24/29] netfilter: x_tables: assert minimum target size

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit a08e4e190b866579896c09af59b3bdca821da2cd upstream. The target size includes the size of the xt_entry_target struct. Signed-off-by: Florian Westphal

[PATCH 3.14 29/29] netfilter: x_tables: dont reject valid target size on some architectures

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 7b7eba0f3515fca3296b8881d583f7c1042f5226 upstream. Quoting John Stultz: In updating a 32bit arm device from 4.6 to Linus' current HEAD, I noticed I

[PATCH 3.14 18/29] xfs: fix up backport error in fs/xfs/xfs_inode.c

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Greg Kroah-Hartman Commit c66edeaf79bb6f0ca688ffec9ca50a61b7569984, which was a backport of commit b1438f477934f5a4d5a44df26f3079a7575d5946 upstream, needed to have the error value be

[PATCH 3.14 24/29] netfilter: x_tables: assert minimum target size

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit a08e4e190b866579896c09af59b3bdca821da2cd upstream. The target size includes the size of the xt_entry_target struct. Signed-off-by: Florian Westphal Signed-off-by:

[PATCH 3.14 29/29] netfilter: x_tables: dont reject valid target size on some architectures

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 7b7eba0f3515fca3296b8881d583f7c1042f5226 upstream. Quoting John Stultz: In updating a 32bit arm device from 4.6 to Linus' current HEAD, I noticed I was having some

[PATCH 2/3 v2] KEYS: Insert incompressible bytes to vmlinux to reserve space in bzImage

Call insert-sys-cert script with null file to ensure that random bytes are inserted to the space reserved with CONFIG_SYSTEM_EXTRA_CERTIFICATE, before compressing the vmlinux. This results in an uncompressed reserved area inside the bzImage as well, so that it can be replaced with an actual

[PATCH 3.14 28/29] netfilter: x_tables: validate all offsets and sizes in a rule

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 13631bfc604161a9d69cd68991dff8603edd66f9 upstream. Validate that all matches (if any) add up to the beginning of the target and that each match covers

[PATCH 3.14 25/29] netfilter: x_tables: add compat version of xt_check_entry_offsets

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit fc1221b3a163d1386d1052184202d5dc50d302d1 upstream. 32bit rulesets have different layout and alignment requirements, so once more integrity checks get

[PATCH 3/3 v2] KEYS: Print insert-sys-cert information to stdout instead of stderr

Detailed INFO output should go to stdout instead of stderr. This removes the clutter from the output of build, which discards stdout. Fixes: c4c361059585 ("KEYS: Reserve an extra certificate symbol for inserting without recompiling") Signed-off-by: Mehmet Kayaalp

[PATCH 2/3 v2] KEYS: Insert incompressible bytes to vmlinux to reserve space in bzImage

Call insert-sys-cert script with null file to ensure that random bytes are inserted to the space reserved with CONFIG_SYSTEM_EXTRA_CERTIFICATE, before compressing the vmlinux. This results in an uncompressed reserved area inside the bzImage as well, so that it can be replaced with an actual

[PATCH 3.14 28/29] netfilter: x_tables: validate all offsets and sizes in a rule

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 13631bfc604161a9d69cd68991dff8603edd66f9 upstream. Validate that all matches (if any) add up to the beginning of the target and that each match covers at least the

[PATCH 3.14 25/29] netfilter: x_tables: add compat version of xt_check_entry_offsets

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit fc1221b3a163d1386d1052184202d5dc50d302d1 upstream. 32bit rulesets have different layout and alignment requirements, so once more integrity checks get added to

[PATCH 3/3 v2] KEYS: Print insert-sys-cert information to stdout instead of stderr

Detailed INFO output should go to stdout instead of stderr. This removes the clutter from the output of build, which discards stdout. Fixes: c4c361059585 ("KEYS: Reserve an extra certificate symbol for inserting without recompiling") Signed-off-by: Mehmet Kayaalp Tested-by: Stefan Berger

[PATCH 3.14 26/29] netfilter: x_tables: check standard target size too

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 7ed2abddd20cf8f6bd27f65bd218f26fa5bf7f44 upstream. We have targets and standard targets -- the latter carries a verdict. The ip/ip6tables validation

[PATCH 3.14 26/29] netfilter: x_tables: check standard target size too

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 7ed2abddd20cf8f6bd27f65bd218f26fa5bf7f44 upstream. We have targets and standard targets -- the latter carries a verdict. The ip/ip6tables validation functions will

[PATCH 1/3 v2] KEYS: Support for inserting a certificate into x86 bzImage

The config option SYSTEM_EXTRA_CERTIFICATE (introduced in c4c361059585) reserves space in vmlinux file, which is compressed to create the self-extracting bzImage. This patch adds the capability of extracting the vmlinux, inserting the certificate, and repackaging the result into a bzImage. It

[PATCH 3.14 22/29] netfilter: x_tables: add and use xt_check_entry_offsets

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 7d35812c3214afa5b37a675113555259cfd67b98 upstream. Currently arp/ip and ip6tables each implement a short helper to check that the target offset is

[PATCH 1/3 v2] KEYS: Support for inserting a certificate into x86 bzImage

The config option SYSTEM_EXTRA_CERTIFICATE (introduced in c4c361059585) reserves space in vmlinux file, which is compressed to create the self-extracting bzImage. This patch adds the capability of extracting the vmlinux, inserting the certificate, and repackaging the result into a bzImage. It

[PATCH 3.14 22/29] netfilter: x_tables: add and use xt_check_entry_offsets

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 7d35812c3214afa5b37a675113555259cfd67b98 upstream. Currently arp/ip and ip6tables each implement a short helper to check that the target offset is large enough to hold

Re: [PATCH 0/6] Support DAX for device-mapper dm-linear devices

On Wed, Jun 22 2016 at 4:16P -0400, Kani, Toshimitsu wrote: > On Wed, 2016-06-22 at 12:15 -0700, Dan Williams wrote: > > On Wed, Jun 22, 2016 at 10:44 AM, Kani, Toshimitsu > > wrote: > > > On Tue, 2016-06-21 at 14:17 -0400, Mike Snitzer wrote: > > > > >

Re: [PATCH 0/6] Support DAX for device-mapper dm-linear devices

On Wed, Jun 22 2016 at 4:16P -0400, Kani, Toshimitsu wrote: > On Wed, 2016-06-22 at 12:15 -0700, Dan Williams wrote: > > On Wed, Jun 22, 2016 at 10:44 AM, Kani, Toshimitsu > > wrote: > > > On Tue, 2016-06-21 at 14:17 -0400, Mike Snitzer wrote: > > > > > > > > On Tue, Jun 21 2016 at 11:44am

[PATCH 3.14 20/29] netfilter: x_tables: dont move to non-existent next rule

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit f24e230d257af1ad7476c6e81a8dc3127a74204e upstream. Ben Hawkes says: In the mark_source_chains function (net/ipv4/netfilter/ip_tables.c) it is

[PATCH 3.14 27/29] netfilter: x_tables: check for bogus target offset

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit ce683e5f9d045e5d67d1312a42b359cb2ab2a13c upstream. We're currently asserting that targetoff + targetsize <= nextoff. Extend it to also check that

[PATCH 3.14 20/29] netfilter: x_tables: dont move to non-existent next rule

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit f24e230d257af1ad7476c6e81a8dc3127a74204e upstream. Ben Hawkes says: In the mark_source_chains function (net/ipv4/netfilter/ip_tables.c) it is possible for a

[PATCH 3.14 27/29] netfilter: x_tables: check for bogus target offset

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit ce683e5f9d045e5d67d1312a42b359cb2ab2a13c upstream. We're currently asserting that targetoff + targetsize <= nextoff. Extend it to also check that targetoff is >=

[PATCH 3.14 23/29] netfilter: x_tables: kill check_entry helper

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit aa412ba225dd3bc36d404c28cdc3d674850d80d0 upstream. Once we add more sanity testing to xt_check_entry_offsets it becomes relvant if we're expecting a

[PATCH 3.14 23/29] netfilter: x_tables: kill check_entry helper

3.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit aa412ba225dd3bc36d404c28cdc3d674850d80d0 upstream. Once we add more sanity testing to xt_check_entry_offsets it becomes relvant if we're expecting a 32bit

Re: [PATCH] Fix bss mapping for the interpreter in binfmt_elf

On Wed, May 11, 2016 at 3:37 AM, Hector Marco-Gisbert wrote: > While working on a new ASLR for userspace we detected an error in the > interpret loader. > > The size of the bss section for some interpreters is not correctly > calculated resulting in unnecessary calls to vm_brk()

Re: [PATCH] Fix bss mapping for the interpreter in binfmt_elf

On Wed, May 11, 2016 at 3:37 AM, Hector Marco-Gisbert wrote: > While working on a new ASLR for userspace we detected an error in the > interpret loader. > > The size of the bss section for some interpreters is not correctly > calculated resulting in unnecessary calls to vm_brk() with enormous

Re: [PATCH 1/3] mm: Don't blindly assign fallback_migrate_page()

Am 17.06.2016 um 01:11 schrieb Andrew Morton: > On Thu, 16 Jun 2016 23:26:13 +0200 Richard Weinberger wrote: > >> While block oriented filesystems use buffer_migrate_page() >> as page migration function other filesystems which don't >> implement ->migratepage() will automatically

Re: [PATCH 1/3] mm: Don't blindly assign fallback_migrate_page()

Am 17.06.2016 um 01:11 schrieb Andrew Morton: > On Thu, 16 Jun 2016 23:26:13 +0200 Richard Weinberger wrote: > >> While block oriented filesystems use buffer_migrate_page() >> as page migration function other filesystems which don't >> implement ->migratepage() will automatically get

Re: [PATCH] mellanox: mlx5: Use logging functions to reduce text ~10k/5%

On Wed, 2016-06-22 at 14:40 -0600, Jason Gunthorpe wrote: > On Wed, Jun 22, 2016 at 11:23:59AM -0700, Joe Perches wrote: > > The output changes now do not include line #, but do include the > > function offset. > I've been using a technique like this in some code with good results: > > struct

Re: [PATCH] mellanox: mlx5: Use logging functions to reduce text ~10k/5%

On Wed, 2016-06-22 at 14:40 -0600, Jason Gunthorpe wrote: > On Wed, Jun 22, 2016 at 11:23:59AM -0700, Joe Perches wrote: > > The output changes now do not include line #, but do include the > > function offset. > I've been using a technique like this in some code with good results: > > struct

[PATCH 08/11] staging: fsl-mc: dprc: add missing irq free

add missing free of the Linux irq when tearing down interrupts Signed-off-by: Stuart Yoder --- drivers/staging/fsl-mc/bus/dprc-driver.c | 5 + 1 file changed, 5 insertions(+) diff --git a/drivers/staging/fsl-mc/bus/dprc-driver.c

[PATCH 11/11] staging: fsl-mc: convert mc command build/parse to use C structs

From: Ioana Radulescu The layer abstracting the building of commands and extracting responses is currently based on macros that shift and mask the command fields and requires exposing offset/size values as macro parameters and makes the code harder to read. For

[PATCH 08/11] staging: fsl-mc: dprc: add missing irq free

add missing free of the Linux irq when tearing down interrupts Signed-off-by: Stuart Yoder --- drivers/staging/fsl-mc/bus/dprc-driver.c | 5 + 1 file changed, 5 insertions(+) diff --git a/drivers/staging/fsl-mc/bus/dprc-driver.c b/drivers/staging/fsl-mc/bus/dprc-driver.c index

[PATCH 11/11] staging: fsl-mc: convert mc command build/parse to use C structs

From: Ioana Radulescu The layer abstracting the building of commands and extracting responses is currently based on macros that shift and mask the command fields and requires exposing offset/size values as macro parameters and makes the code harder to read. For clarity and maintainability,

<    2   3   4   5   6   7   8   9   10   11   >