diff options
author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2020-10-30 12:21:28 -0700 |
---|---|---|
committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2020-10-30 12:21:28 -0700 |
commit | bc9ea84dedd76742f1ac19a60f6f29b559ad7417 (patch) | |
tree | 12cbcee917967b9064e978b9713eb31facc036a1 | |
parent | Updated to 5.9.1 (diff) | |
download | linux-libre-bc9ea84dedd76742f1ac19a60f6f29b559ad7417.tar.xz |
Updated to 5.9.2
4 files changed, 63 insertions, 80 deletions
diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch index d881572..3d9af57 100644 --- a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch +++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch @@ -1,4 +1,4 @@ -From 56c7f1acc778e6e90ea7777c0d3d217ccf3e470e Mon Sep 17 00:00:00 2001 +From 9dda33cd8d3d2feb086a5cb7f7392cda483939ee Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> Date: Mon, 16 Sep 2019 04:53:20 +0200 Subject: ZEN: Add sysctl and CONFIG to disallow unprivileged CLONE_NEWUSER @@ -62,7 +62,7 @@ index d6a0b31b13dc..2420d38cbfb9 100644 bool "PID Namespaces" default y diff --git a/kernel/fork.c b/kernel/fork.c -index da8d360fb032..e1a347df77ac 100644 +index a9ce750578ca..0da8704c3d91 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -96,6 +96,10 @@ @@ -76,7 +76,7 @@ index da8d360fb032..e1a347df77ac 100644 #include <asm/pgalloc.h> #include <linux/uaccess.h> #include <asm/mmu_context.h> -@@ -1841,6 +1845,10 @@ static __latent_entropy struct task_struct *copy_process( +@@ -1860,6 +1864,10 @@ static __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -87,7 +87,7 @@ index da8d360fb032..e1a347df77ac 100644 /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -2900,6 +2908,12 @@ int ksys_unshare(unsigned long unshare_flags) +@@ -2921,6 +2929,12 @@ int ksys_unshare(unsigned long unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; diff --git a/0002-i2c-core-Restore-acpi_walk_dep_device_list-getting-called.patch b/0002-i2c-core-Restore-acpi_walk_dep_device_list-getting-called.patch deleted file mode 100644 index 076844f..0000000 --- a/0002-i2c-core-Restore-acpi_walk_dep_device_list-getting-called.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 94d41d2b670111855a361a35806ebac8d2444042 Mon Sep 17 00:00:00 2001 -From: Hans de Goede <hdegoede@redhat.com> -Date: Wed, 14 Oct 2020 16:41:58 +0200 -Subject: i2c: core: Restore acpi_walk_dep_device_list() getting called after - registering the ACPI i2c devs - -Commit 21653a4181ff ("i2c: core: Call i2c_acpi_install_space_handler() -before i2c_acpi_register_devices()")'s intention was to only move the -acpi_install_address_space_handler() call to the point before where -the ACPI declared i2c-children of the adapter where instantiated by -i2c_acpi_register_devices(). - -But i2c_acpi_install_space_handler() had a call to -acpi_walk_dep_device_list() hidden (that is I missed it) at the end -of it, so as an unwanted side-effect now acpi_walk_dep_device_list() -was also being called before i2c_acpi_register_devices(). - -Move the acpi_walk_dep_device_list() call to the end of -i2c_acpi_register_devices(), so that it is once again called *after* -the i2c_client-s hanging of the adapter have been created. - -This fixes the Microsoft Surface Go 2 hanging at boot. - -Fixes: 21653a4181ff ("i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices()") -Suggested-by: Maximilian Luz <luzmaximilian@gmail.com> -Reported-and-tested-by: Kieran Bingham <kieran.bingham@ideasonboard.com> -Signed-off-by: Hans de Goede <hdegoede@redhat.com> ---- - drivers/i2c/i2c-core-acpi.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c -index e627d7b2790f..37c510d9347a 100644 ---- a/drivers/i2c/i2c-core-acpi.c -+++ b/drivers/i2c/i2c-core-acpi.c -@@ -264,6 +264,7 @@ static acpi_status i2c_acpi_add_device(acpi_handle handle, u32 level, - void i2c_acpi_register_devices(struct i2c_adapter *adap) - { - acpi_status status; -+ acpi_handle handle; - - if (!has_acpi_companion(&adap->dev)) - return; -@@ -274,6 +275,15 @@ void i2c_acpi_register_devices(struct i2c_adapter *adap) - adap, NULL); - if (ACPI_FAILURE(status)) - dev_warn(&adap->dev, "failed to enumerate I2C slaves\n"); -+ -+ if (!adap->dev.parent) -+ return; -+ -+ handle = ACPI_HANDLE(adap->dev.parent); -+ if (!handle) -+ return; -+ -+ acpi_walk_dep_device_list(handle); - } - - static const struct acpi_device_id i2c_acpi_force_400khz_device_ids[] = { -@@ -719,7 +729,6 @@ int i2c_acpi_install_space_handler(struct i2c_adapter *adapter) - return -ENOMEM; - } - -- acpi_walk_dep_device_list(handle); - return 0; - } - --- -cgit v1.2.3-1-gf6bb5 - diff --git a/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch b/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch new file mode 100644 index 0000000..d4c5e1a --- /dev/null +++ b/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch @@ -0,0 +1,53 @@ +From 5fbf98ceb5b2218ec764dd0d187953393732a5ef Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be> +Date: Sat, 17 Oct 2020 23:08:18 +0400 +Subject: mac80211: fix regression where EAPOL frames were sent in plaintext + +I've managed to reproduce the issue, or at least a related issue. Can +you try the draft patch below and see if that fixes it? + +When sending EAPOL frames via NL80211 they are treated as injected +frames in mac80211. Due to commit 1df2bdba528b ("mac80211: never drop +injected frames even if normally not allowed") these injected frames +were not assigned a sta context in the function ieee80211_tx_dequeue, +causing certain wireless network cards to always send EAPOL frames in +plaintext. This may cause compatibility issues with some clients or +APs, which for instance can cause the group key handshake to fail and +in turn would cause the station to get disconnected. + +This commit fixes this regression by assigning a sta context in +ieee80211_tx_dequeue to injected frames as well. + +Note that sending EAPOL frames in plaintext is not a security issue +since they contain their own encryption and authentication protection. + +Fixes: 1df2bdba528b ("mac80211: never drop injected frames even if normally not allowed") +--- + net/mac80211/tx.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c +index dca01d7e6e3e..2a0725b548f6 100644 +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -3613,13 +3613,14 @@ begin: + tx.skb = skb; + tx.sdata = vif_to_sdata(info->control.vif); + +- if (txq->sta && !(info->flags & IEEE80211_TX_CTL_INJECTED)) { ++ if (txq->sta) { + tx.sta = container_of(txq->sta, struct sta_info, sta); + /* + * Drop unicast frames to unauthorised stations unless they are +- * EAPOL frames from the local station. ++ * injected frames or EAPOL frames from the local station. + */ +- if (unlikely(ieee80211_is_data(hdr->frame_control) && ++ if (unlikely(!(info->flags & IEEE80211_TX_CTL_INJECTED) && ++ ieee80211_is_data(hdr->frame_control) && + !ieee80211_vif_is_mesh(&tx.sdata->vif) && + tx.sdata->vif.type != NL80211_IFTYPE_OCB && + !is_multicast_ether_addr(hdr->addr1) && +-- +cgit v1.2.3-1-gf6bb5 + @@ -15,7 +15,7 @@ pkgbase=linux-libre _supver=5 _majver=9 -_minver=1 +_minver=2 _gccpatchver='20200615' _gccpatchger='10.1' _gccpatchker='5.8' @@ -41,7 +41,7 @@ _gnupkgver=${pkgver}-gnu source=( https://linux-libre.fsfla.org/pub/linux-libre/releases/${_gnumajver}/linux-libre-${_gnumajver}.tar.xz{,.sign} 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch - 0002-i2c-core-Restore-acpi_walk_dep_device_list-getting-called.patch + 0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch kernel_gcc_patch-${_gccpatchver}.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/${_gccpatchver}.tar.gz ath9k-regdom-hack.patch raid6-default-algo.patch @@ -56,14 +56,14 @@ validpgpkeys=( ) b2sums=('30280a22cba46ea899ad6dcd8093630f51684a111759e87db1bf857398cb861c37581734a8ac8b2b083ea477429e47e8b47b0d5a1cb648b9a9f17ec4abf91e17' 'SKIP' - '27ba59acd154834db44166a2d4ed5e4edc335a74785bf5e4cffd30ca5f39a995dcbef960f574de48f197d77cf8d9fa2ae57c61712e494852b5c14ee6ed22d956' - '217c14db67cf20073d9aa2f60bb9c30497ff36f6d608d22ccd5e74338bba16858f0c81862bd92bda45384d06133c3540ad8703af7decb5afb0d5feda076af33e' + 'c1e9177debee553e03873dff9293e7a21a53297fc4b3df8b9f54a8839cf1c7d6803945fc7d64676fe8c04cb54ef331b59c4348fbc9915060162177be503d9e96' + '3006fa726027b57c421c959c4e6c2230cfa871df7a234d4b2061ed1db4784d0c296d90785a2c48f5c059f6e15ad58007773376440054ce6e60a00fc448b939b3' 'c8d0697f99fe6105815217b8ec059d8f587415ea8dd2b88a65e1087feedf697341a64cd56810fde9e7aeada79125fc8235faccc7e7b06492c099e27a8abbe99c' 'b6ef77035611139fa9a6d5b8d30570e2781bb4da483bb569884b0bd0129b62e0b82a5a6776fefe43fee801c70d39de1ea4d4c177f7cedd5ac135e3c64f7b895a' 'fde132f3705d908e6f2147c78a2193289916d72304ca5efa2229d79fc3e57a857314ce94e71425caef2f7f7b6cf87f05ef86335dc8bd4be78e7035afe608005a' 'f7e950379c3c9d12466dbe65f60bd68729b3654db48c953dd7e1ab5c46d2841b118f5a87ac65f93cf60bd31e350629666e1216458f0e34b3de73bf63a7c0806b' 'b4e1377d97ad7e8144d6e55b6d43731e3271a5aec65b65ca6d81026a95f15f549b9303fb3c6f492099ca691e3f65f4cf7f0c3aa742df03b396d7f6d81813aa95' - '61d618ab1b342abb0052178f3ee68de74c63d993150871f7f0b002bf6ca440d113a7608cdb62615fbce7627638622e81306e42837771dbf20ada8aef9323590d' + '6ef807fdc82325e26ea94533e066b68bfbec37e20f0fa27fbe679bedd886bb6d3b43558d3f8858a3b881cb91e9215866bf92ee34bc7d43e7a65f42aa6e64b662' 'SKIP') export KBUILD_BUILD_HOST=arc4linux @@ -83,7 +83,7 @@ prepare() { # Hotfixes echo "Applying hotfixes" patch -p1 -i ../0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch - patch -p1 -i ../0002-i2c-core-Restore-acpi_walk_dep_device_list-getting-called.patch + patch -p1 -i ../0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch patch -p1 -i ../sphinx-workaround.patch |