Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--0000_README4
-rw-r--r--1265_linux-4.14.266.patch134
2 files changed, 138 insertions, 0 deletions
diff --git a/0000_README b/0000_README
index 702acb91..83b45cf5 100644
--- a/0000_README
+++ b/0000_README
@@ -1107,6 +1107,10 @@ Patch: 1264_linux-4.14.265.patch
From: https://www.kernel.org
Desc: Linux 4.14.265
+Patch: 1265_linux-4.14.266.patch
+From: https://www.kernel.org
+Desc: Linux 4.14.266
+
Patch: 1500_XATTR_USER_PREFIX.patch
From: https://bugs.gentoo.org/show_bug.cgi?id=470644
Desc: Support for namespace user.pax.* on tmpfs.
diff --git a/1265_linux-4.14.266.patch b/1265_linux-4.14.266.patch
new file mode 100644
index 00000000..7722be6a
--- /dev/null
+++ b/1265_linux-4.14.266.patch
@@ -0,0 +1,134 @@
+diff --git a/Makefile b/Makefile
+index bc98aa57a6faf..1fe02d57d6a70 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,7 +1,7 @@
+ # SPDX-License-Identifier: GPL-2.0
+ VERSION = 4
+ PATCHLEVEL = 14
+-SUBLEVEL = 265
++SUBLEVEL = 266
+ EXTRAVERSION =
+ NAME = Petit Gorille
+
+diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
+index 95c09db1bba21..d8399a6891655 100644
+--- a/arch/x86/kernel/cpu/mcheck/mce.c
++++ b/arch/x86/kernel/cpu/mcheck/mce.c
+@@ -589,7 +589,7 @@ static int srao_decode_notifier(struct notifier_block *nb, unsigned long val,
+
+ if (mce_usable_address(mce) && (mce->severity == MCE_AO_SEVERITY)) {
+ pfn = mce->addr >> PAGE_SHIFT;
+- if (memory_failure(pfn, MCE_VECTOR, 0))
++ if (!memory_failure(pfn, MCE_VECTOR, 0))
+ mce_unmap_kpfn(pfn);
+ }
+
+diff --git a/drivers/mmc/host/moxart-mmc.c b/drivers/mmc/host/moxart-mmc.c
+index 5553a5643f405..5c81dc7371db7 100644
+--- a/drivers/mmc/host/moxart-mmc.c
++++ b/drivers/mmc/host/moxart-mmc.c
+@@ -696,12 +696,12 @@ static int moxart_remove(struct platform_device *pdev)
+ if (!IS_ERR(host->dma_chan_rx))
+ dma_release_channel(host->dma_chan_rx);
+ mmc_remove_host(mmc);
+- mmc_free_host(mmc);
+
+ writel(0, host->base + REG_INTERRUPT_MASK);
+ writel(0, host->base + REG_POWER_CONTROL);
+ writel(readl(host->base + REG_CLOCK_CONTROL) | CLK_OFF,
+ host->base + REG_CLOCK_CONTROL);
++ mmc_free_host(mmc);
+ }
+ return 0;
+ }
+diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c
+index 5602bd81caa90..105f5b2f59783 100644
+--- a/kernel/cgroup/cgroup-v1.c
++++ b/kernel/cgroup/cgroup-v1.c
+@@ -577,6 +577,14 @@ static ssize_t cgroup_release_agent_write(struct kernfs_open_file *of,
+
+ BUILD_BUG_ON(sizeof(cgrp->root->release_agent_path) < PATH_MAX);
+
++ /*
++ * Release agent gets called with all capabilities,
++ * require capabilities to set release agent.
++ */
++ if ((of->file->f_cred->user_ns != &init_user_ns) ||
++ !capable(CAP_SYS_ADMIN))
++ return -EPERM;
++
+ cgrp = cgroup_kn_lock_live(of->kn, false);
+ if (!cgrp)
+ return -ENODEV;
+@@ -1060,6 +1068,7 @@ static int cgroup1_remount(struct kernfs_root *kf_root, int *flags, char *data)
+ {
+ int ret = 0;
+ struct cgroup_root *root = cgroup_root_from_kf(kf_root);
++ struct cgroup_namespace *ns = current->nsproxy->cgroup_ns;
+ struct cgroup_sb_opts opts;
+ u16 added_mask, removed_mask;
+
+@@ -1073,6 +1082,12 @@ static int cgroup1_remount(struct kernfs_root *kf_root, int *flags, char *data)
+ if (opts.subsys_mask != root->subsys_mask || opts.release_agent)
+ pr_warn("option changes via remount are deprecated (pid=%d comm=%s)\n",
+ task_tgid_nr(current), current->comm);
++ /* See cgroup1_mount release_agent handling */
++ if (opts.release_agent &&
++ ((ns->user_ns != &init_user_ns) || !capable(CAP_SYS_ADMIN))) {
++ ret = -EINVAL;
++ goto out_unlock;
++ }
+
+ added_mask = opts.subsys_mask & ~root->subsys_mask;
+ removed_mask = root->subsys_mask & ~opts.subsys_mask;
+@@ -1236,6 +1251,15 @@ struct dentry *cgroup1_mount(struct file_system_type *fs_type, int flags,
+ ret = -EPERM;
+ goto out_unlock;
+ }
++ /*
++ * Release agent gets called with all capabilities,
++ * require capabilities to set release agent.
++ */
++ if (opts.release_agent &&
++ ((ns->user_ns != &init_user_ns) || !capable(CAP_SYS_ADMIN))) {
++ ret = -EINVAL;
++ goto out_unlock;
++ }
+
+ root = kzalloc(sizeof(*root), GFP_KERNEL);
+ if (!root) {
+diff --git a/net/tipc/link.c b/net/tipc/link.c
+index 0b44427e29ec5..d3017811b67a6 100644
+--- a/net/tipc/link.c
++++ b/net/tipc/link.c
+@@ -1462,12 +1462,15 @@ static int tipc_link_proto_rcv(struct tipc_link *l, struct sk_buff *skb,
+ u16 peers_tol = msg_link_tolerance(hdr);
+ u16 peers_prio = msg_linkprio(hdr);
+ u16 rcv_nxt = l->rcv_nxt;
+- u16 dlen = msg_data_sz(hdr);
++ u32 dlen = msg_data_sz(hdr);
+ int mtyp = msg_type(hdr);
+ void *data;
+ char *if_name;
+ int rc = 0;
+
++ if (dlen > U16_MAX)
++ goto exit;
++
+ if (tipc_link_is_blocked(l) || !xmitq)
+ goto exit;
+
+diff --git a/net/tipc/monitor.c b/net/tipc/monitor.c
+index 254ddc2c39146..c6496da9392d7 100644
+--- a/net/tipc/monitor.c
++++ b/net/tipc/monitor.c
+@@ -457,6 +457,8 @@ void tipc_mon_rcv(struct net *net, void *data, u16 dlen, u32 addr,
+ state->probing = false;
+
+ /* Sanity check received domain record */
++ if (new_member_cnt > MAX_MON_DOMAIN)
++ return;
+ if (dlen < dom_rec_len(arrv_dom, 0))
+ return;
+ if (dlen != dom_rec_len(arrv_dom, new_member_cnt))