[linux] 01/01: Update to 4.12.7

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Fri Aug 25 20:03:56 UTC 2017 

This is an automated email from the git hooks/post-receive script.

carnil pushed a commit to branch sid
in repository linux.

commit 8e44fd873cb4353cb67e9e3e58c02487ddd61eaa
Author: Salvatore Bonaccorso <carnil at debian.org>
Date:   Fri Aug 25 21:34:44 2017 +0200

    Update to 4.12.7
---
 debian/changelog                                   | 21 ++++-
 ...et-fix-tp_reserve-race-in-packet_set_ring.patch | 51 ------------
 ...p-consistently-apply-ufo-or-fragmentation.patch | 94 ----------------------
 debian/patches/series                              |  2 -
 4 files changed, 20 insertions(+), 148 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 6388fc4..ce66ccb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,23 @@
-linux (4.12.6-2) UNRELEASED; urgency=medium
+linux (4.12.7-1) UNRELEASED; urgency=medium
+
+  * New upstream stable update:
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.7
+    - ppp: Fix false xmit recursion detect with two ppp devices
+    - ppp: fix xmit recursion detection on ppp channels
+    - tcp: avoid setting cwnd to invalid ssthresh after cwnd reduction states
+    - net: fix keepalive code vs TCP_FASTOPEN_CONNECT
+    - ipv6: set rt6i_protocol properly in the route when it is installed
+    - [s390x] bpf: fix jit branch offset related to ldimm64
+    - net/mlx4_en: don't set CHECKSUM_COMPLETE on SCTP packets
+    - net: sched: set xt_tgchk_param par.net properly in ipt_init_target
+    - net: sched: set xt_tgchk_param par.nft_compat as 0 in ipt_init_target
+    - tcp: fastopen: tcp_connect() must refresh the route
+    - qmi_wwan: fix NULL deref on disconnect
+    - net: avoid skb_warn_bad_offload false positives on UFO
+    - igmp: Fix regression caused by igmp sysctl namespace code.
+    - scsi: sg: only check for dxfer_len greater than 256M
+    - btrfs: Remove false alert when fiemap range is smaller than on-disk
+      extent
 
   * [alpha] udeb: Add i2c-modules (fixes FTBFS)
   * cpupower: Add/update definition of MSRHEADER macro for turbostat and
diff --git a/debian/patches/bugfix/all/packet-fix-tp_reserve-race-in-packet_set_ring.patch b/debian/patches/bugfix/all/packet-fix-tp_reserve-race-in-packet_set_ring.patch
deleted file mode 100644
index d6e14ad..0000000
--- a/debian/patches/bugfix/all/packet-fix-tp_reserve-race-in-packet_set_ring.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From: Willem de Bruijn <willemb at google.com>
-Date: Thu, 10 Aug 2017 12:41:58 -0400
-Subject: packet: fix tp_reserve race in packet_set_ring
-Origin: https://git.kernel.org/linus/c27927e372f0785f3303e8fad94b85945e2c97b7
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-1000111
-
-Updates to tp_reserve can race with reads of the field in
-packet_set_ring. Avoid this by holding the socket lock during
-updates in setsockopt PACKET_RESERVE.
-
-This bug was discovered by syzkaller.
-
-Fixes: 8913336a7e8d ("packet: add PACKET_RESERVE sockopt")
-Reported-by: Andrey Konovalov <andreyknvl at google.com>
-Signed-off-by: Willem de Bruijn <willemb at google.com>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- net/packet/af_packet.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index 0615c2a950fa..008a45ca3112 100644
---- a/net/packet/af_packet.c
-+++ b/net/packet/af_packet.c
-@@ -3700,14 +3700,19 @@ packet_setsockopt(struct socket *sock, int level, int optname, char __user *optv
- 
- 		if (optlen != sizeof(val))
- 			return -EINVAL;
--		if (po->rx_ring.pg_vec || po->tx_ring.pg_vec)
--			return -EBUSY;
- 		if (copy_from_user(&val, optval, sizeof(val)))
- 			return -EFAULT;
- 		if (val > INT_MAX)
- 			return -EINVAL;
--		po->tp_reserve = val;
--		return 0;
-+		lock_sock(sk);
-+		if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) {
-+			ret = -EBUSY;
-+		} else {
-+			po->tp_reserve = val;
-+			ret = 0;
-+		}
-+		release_sock(sk);
-+		return ret;
- 	}
- 	case PACKET_LOSS:
- 	{
--- 
-2.11.0
-
diff --git a/debian/patches/bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch b/debian/patches/bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch
deleted file mode 100644
index 5233c27..0000000
--- a/debian/patches/bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From: Willem de Bruijn <willemb at google.com>
-Date: Thu, 10 Aug 2017 12:29:19 -0400
-Subject: udp: consistently apply ufo or fragmentation
-Origin: https://git.kernel.org/linus/85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-1000112
-
-When iteratively building a UDP datagram with MSG_MORE and that
-datagram exceeds MTU, consistently choose UFO or fragmentation.
-
-Once skb_is_gso, always apply ufo. Conversely, once a datagram is
-split across multiple skbs, do not consider ufo.
-
-Sendpage already maintains the first invariant, only add the second.
-IPv6 does not have a sendpage implementation to modify.
-
-A gso skb must have a partial checksum, do not follow sk_no_check_tx
-in udp_send_skb.
-
-Found by syzkaller.
-
-Fixes: e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach")
-Reported-by: Andrey Konovalov <andreyknvl at google.com>
-Signed-off-by: Willem de Bruijn <willemb at google.com>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- net/ipv4/ip_output.c  | 8 +++++---
- net/ipv4/udp.c        | 2 +-
- net/ipv6/ip6_output.c | 7 ++++---
- 3 files changed, 10 insertions(+), 7 deletions(-)
-
-diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
-index 50c74cd890bc..e153c40c2436 100644
---- a/net/ipv4/ip_output.c
-+++ b/net/ipv4/ip_output.c
-@@ -965,11 +965,12 @@ static int __ip_append_data(struct sock *sk,
- 		csummode = CHECKSUM_PARTIAL;
- 
- 	cork->length += length;
--	if ((((length + (skb ? skb->len : fragheaderlen)) > mtu) ||
--	     (skb && skb_is_gso(skb))) &&
-+	if ((skb && skb_is_gso(skb)) ||
-+	    (((length + (skb ? skb->len : fragheaderlen)) > mtu) &&
-+	    (skb_queue_len(queue) <= 1) &&
- 	    (sk->sk_protocol == IPPROTO_UDP) &&
- 	    (rt->dst.dev->features & NETIF_F_UFO) && !dst_xfrm(&rt->dst) &&
--	    (sk->sk_type == SOCK_DGRAM) && !sk->sk_no_check_tx) {
-+	    (sk->sk_type == SOCK_DGRAM) && !sk->sk_no_check_tx)) {
- 		err = ip_ufo_append_data(sk, queue, getfrag, from, length,
- 					 hh_len, fragheaderlen, transhdrlen,
- 					 maxfraglen, flags);
-@@ -1288,6 +1289,7 @@ ssize_t	ip_append_page(struct sock *sk, struct flowi4 *fl4, struct page *page,
- 		return -EINVAL;
- 
- 	if ((size + skb->len > mtu) &&
-+	    (skb_queue_len(&sk->sk_write_queue) == 1) &&
- 	    (sk->sk_protocol == IPPROTO_UDP) &&
- 	    (rt->dst.dev->features & NETIF_F_UFO)) {
- 		if (skb->ip_summed != CHECKSUM_PARTIAL)
-diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
-index e6276fa3750b..a7c804f73990 100644
---- a/net/ipv4/udp.c
-+++ b/net/ipv4/udp.c
-@@ -802,7 +802,7 @@ static int udp_send_skb(struct sk_buff *skb, struct flowi4 *fl4)
- 	if (is_udplite)  				 /*     UDP-Lite      */
- 		csum = udplite_csum(skb);
- 
--	else if (sk->sk_no_check_tx) {   /* UDP csum disabled */
-+	else if (sk->sk_no_check_tx && !skb_is_gso(skb)) {   /* UDP csum off */
- 
- 		skb->ip_summed = CHECKSUM_NONE;
- 		goto send;
-diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
-index 162efba0d0cd..2dfe50d8d609 100644
---- a/net/ipv6/ip6_output.c
-+++ b/net/ipv6/ip6_output.c
-@@ -1381,11 +1381,12 @@ static int __ip6_append_data(struct sock *sk,
- 	 */
- 
- 	cork->length += length;
--	if ((((length + (skb ? skb->len : headersize)) > mtu) ||
--	     (skb && skb_is_gso(skb))) &&
-+	if ((skb && skb_is_gso(skb)) ||
-+	    (((length + (skb ? skb->len : headersize)) > mtu) &&
-+	    (skb_queue_len(queue) <= 1) &&
- 	    (sk->sk_protocol == IPPROTO_UDP) &&
- 	    (rt->dst.dev->features & NETIF_F_UFO) && !dst_xfrm(&rt->dst) &&
--	    (sk->sk_type == SOCK_DGRAM) && !udp_get_no_check6_tx(sk)) {
-+	    (sk->sk_type == SOCK_DGRAM) && !udp_get_no_check6_tx(sk))) {
- 		err = ip6_ufo_append_data(sk, queue, getfrag, from, length,
- 					  hh_len, fragheaderlen, exthdrlen,
- 					  transhdrlen, mtu, flags, fl6);
--- 
-2.11.0
-
diff --git a/debian/patches/series b/debian/patches/series
index ed0a66b..fad0dda 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -123,8 +123,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
 
 # Security fixes
 debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
-bugfix/all/packet-fix-tp_reserve-race-in-packet_set_ring.patch
-bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch
 bugfix/all/xfrm-policy-check-policy-direction-value.patch
 
 # Fix exported symbol versions

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list