linux-intel: remove files related to version 4.14

Change-Id: Ib1741c59ad331f68be1353374706c3edbeb420eb
Signed-off-by: Adrian Stratulat <adrian.stratulat@enea.com>

14 files changed, 0 insertions, 726 deletions

diff --git a/recipes-kernel/linux/linux-intel-guest_4.14.bb b/recipes-kernel/linux/linux-intel-guest_4.14.bb
deleted file mode 100644
index 6be0508..0000000
--- a/recipes-kernel/linux/linux-intel-guest_4.14.bb
+++ /dev/null
@@ -1 +0,0 @@
-require linux-intel.inc
diff --git a/recipes-kernel/linux/linux-intel-host_4.14.bb b/recipes-kernel/linux/linux-intel-host_4.14.bb
deleted file mode 100644
index 6be0508..0000000
--- a/recipes-kernel/linux/linux-intel-host_4.14.bb
+++ /dev/null
@@ -1 +0,0 @@
-require linux-intel.inc
diff --git a/recipes-kernel/linux/linux-intel-rt_4.14.bbappend b/recipes-kernel/linux/linux-intel-rt_4.14.bbappend
deleted file mode 100644
index a5108bc..0000000
--- a/recipes-kernel/linux/linux-intel-rt_4.14.bbappend
+++ /dev/null
@@ -1,29 +0,0 @@
-# look for files in the layer first
-FILESEXTRAPATHS_prepend := "${THISDIR}/linux-intel:"
-
-require recipes-kernel/linux/linux-deploy-kconfig.inc
-
-SRCREV_metaenea = "7f34b40b0ba594d85ee8ccdf327d2a06f7ceaad4"
-KENEABRANCH = "intel-4.14"
-SRC_URI_append = " git://git@git.enea.com/linux/enea-kernel-cache.git;protocol=ssh;type=kmeta;name=metaenea;branch=${KENEABRANCH};destsuffix=enea-kernel-meta \
-                   file://CVE-2018-14734.patch \
-                   file://CVE-2018-12233.patch \
-                   file://CVE-2018-13093.patch \
-                   file://CVE-2018-13094.patch \
-                   file://CVE-2018-15572.patch \
-                   file://CVE-2018-9363.patch \
-                   file://CVE-2018-16658.patch \
-                   file://CVE-2018-14609.patch \
-                   file://CVE-2018-14617.patch \
-                 "
-
-KERNEL_FEATURES_append = " features/x2apic/x2apic.scc"
-
-# Debug tools support
-KERNEL_FEATURES_append = " features/debug/debug_kernel_y.scc"
-KERNEL_FEATURES_append = " features/kgdb/kgdb_y.scc"
-KERNEL_FEATURES_append = " features/lttng/lttng_y.scc"
-KERNEL_FEATURES_append = " features/latencytop/latencytop_y.scc"
-KERNEL_FEATURES_append = " features/perf/perf_y.scc"
-KERNEL_FEATURES_append = " features/systemtap/systemtap_y.scc"
-
diff --git a/recipes-kernel/linux/linux-intel.inc b/recipes-kernel/linux/linux-intel.inc
deleted file mode 100644
index 8ef5f1b..0000000
--- a/recipes-kernel/linux/linux-intel.inc
+++ /dev/null
@@ -1,24 +0,0 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/linux-intel:"
-require recipes-kernel/linux/linux-intel_4.14.bb
-require recipes-kernel/linux/linux-deploy-kconfig.inc
-
-SRCREV_metaenea = "7f34b40b0ba594d85ee8ccdf327d2a06f7ceaad4"
-KENEABRANCH = "intel-4.14"
-SRC_URI_append = " git://git@git.enea.com/linux/enea-kernel-cache.git;protocol=ssh;type=kmeta;name=metaenea;branch=${KENEABRANCH};destsuffix=enea-kernel-meta"
-
-KERNEL_FEATURES_append_atom-c3000 = " bsp/atom-c3000/atom-c3000.scc"
-
-KERNEL_FEATURES_append = " features/udev/udev.scc"
-
-# NFS boot support
-KERNEL_FEATURES_append = " features/blkdev/net_blk_dev.scc"
-
-# Intel 10G ports(SoC)
-KERNEL_FEATURES_append_corei7-64-intel-common = " features/ixgbe/ixgbe_y.scc"
-KERNEL_FEATURES_append_corei7-64-intel-common = " features/dca/dca_y.scc"
-
-# NMVe SSD
-KERNEL_FEATURES_append = " features/nvme/nvme.scc"
-
-#IPv4 waiting for carrier on
-KERNEL_FEATURES_append = " patches/ipv4/ipv4wait.scc"
diff --git a/recipes-kernel/linux/linux-intel/CVE-2018-12233.patch b/recipes-kernel/linux/linux-intel/CVE-2018-12233.patch
deleted file mode 100644
index d7b6fb8..0000000
--- a/recipes-kernel/linux/linux-intel/CVE-2018-12233.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 7d29fb53439c8c91874550cc078eda6db8feafe7 Mon Sep 17 00:00:00 2001
-From: Shankara Pailoor <shankarapailoor@gmail.com>
-Date: Tue, 5 Jun 2018 08:33:27 -0500
-Subject: [PATCH] jfs: Fix inconsistency between memory allocation and
- ea_buf->max_size
-
-commit 92d34134193e5b129dc24f8d79cb9196626e8d7a upstream.
-
-The code is assuming the buffer is max_size length, but we weren't
-allocating enough space for it.
-
-CVE: CVE-2018-12233
-Upstream-Status: Backport
-
-Signed-off-by: Shankara Pailoor <shankarapailoor@gmail.com>
-Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
-Cc: Guenter Roeck <linux@roeck-us.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- fs/jfs/xattr.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c
-index c60f3d3..a679798 100644
---- a/fs/jfs/xattr.c
-+++ b/fs/jfs/xattr.c
-@@ -491,15 +491,17 @@ static int ea_get(struct inode *inode, struct ea_buffer *ea_buf, int min_size)
-        if (size > PSIZE) {
-                /*
-                 * To keep the rest of the code simple.  Allocate a
--                * contiguous buffer to work with
-+                * contiguous buffer to work with. Make the buffer large
-+                * enough to make use of the whole extent.
-                 */
--               ea_buf->xattr = kmalloc(size, GFP_KERNEL);
-+               ea_buf->max_size = (size + sb->s_blocksize - 1) &
-+                   ~(sb->s_blocksize - 1);
-+
-+               ea_buf->xattr = kmalloc(ea_buf->max_size, GFP_KERNEL);
-                if (ea_buf->xattr == NULL)
-                        return -ENOMEM;
- 
-                ea_buf->flag = EA_MALLOC;
--               ea_buf->max_size = (size + sb->s_blocksize - 1) &
--                   ~(sb->s_blocksize - 1);
- 
-                if (ea_size == 0)
-                        return 0;
--- 
-1.9.1
-
diff --git a/recipes-kernel/linux/linux-intel/CVE-2018-13093.patch b/recipes-kernel/linux/linux-intel/CVE-2018-13093.patch
deleted file mode 100644
index 87b53c3..0000000
--- a/recipes-kernel/linux/linux-intel/CVE-2018-13093.patch
+++ /dev/null
@@ -1,148 +0,0 @@
-From c2ae72c4e543148cfb4232617815942f3ad1d37a Mon Sep 17 00:00:00 2001
-From: Dave Chinner <dchinner@redhat.com>
-Date: Fri, 23 Mar 2018 10:22:53 -0700
-Subject: [PATCH] xfs: validate cached inodes are free when allocated
-
-commit afca6c5b2595fc44383919fba740c194b0b76aff upstream.
-
-A recent fuzzed filesystem image cached random dcache corruption
-when the reproducer was run. This often showed up as panics in
-lookup_slow() on a null inode->i_ops pointer when doing pathwalks.
-
-BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
-....
-Call Trace:
- lookup_slow+0x44/0x60
- walk_component+0x3dd/0x9f0
- link_path_walk+0x4a7/0x830
- path_lookupat+0xc1/0x470
- filename_lookup+0x129/0x270
- user_path_at_empty+0x36/0x40
- path_listxattr+0x98/0x110
- SyS_listxattr+0x13/0x20
- do_syscall_64+0xf5/0x280
- entry_SYSCALL_64_after_hwframe+0x42/0xb7
-
-but had many different failure modes including deadlocks trying to
-lock the inode that was just allocated or KASAN reports of
-use-after-free violations.
-
-The cause of the problem was a corrupt INOBT on a v4 fs where the
-root inode was marked as free in the inobt record. Hence when we
-allocated an inode, it chose the root inode to allocate, found it in
-the cache and re-initialised it.
-
-We recently fixed a similar inode allocation issue caused by inobt
-record corruption problem in xfs_iget_cache_miss() in commit
-ee457001ed6c ("xfs: catch inode allocation state mismatch
-corruption"). This change adds similar checks to the cache-hit path
-to catch it, and turns the reproducer into a corruption shutdown
-situation.
-
-CVE: CVE-2018-13093
-Upstream-Status: Backport
-
-Reported-by: Wen Xu <wen.xu@gatech.edu>
-Signed-Off-By: Dave Chinner <dchinner@redhat.com>
-Reviewed-by: Christoph Hellwig <hch@lst.de>
-Reviewed-by: Carlos Maiolino <cmaiolino@redhat.com>
-Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
-[darrick: fix typos in comment]
-Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
-Cc: Eduardo Valentin <eduval@amazon.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- fs/xfs/xfs_icache.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++-------
- 1 file changed, 51 insertions(+), 7 deletions(-)
-
-diff --git a/fs/xfs/xfs_icache.c b/fs/xfs/xfs_icache.c
-index 43005fb..544b521 100644
---- a/fs/xfs/xfs_icache.c
-+++ b/fs/xfs/xfs_icache.c
-@@ -306,6 +306,46 @@ struct xfs_inode *
- }
- 
- /*
-+ * If we are allocating a new inode, then check what was returned is
-+ * actually a free, empty inode. If we are not allocating an inode,
-+ * then check we didn't find a free inode.
-+ *
-+ * Returns:
-+ *     0               if the inode free state matches the lookup context
-+ *     -ENOENT         if the inode is free and we are not allocating
-+ *     -EFSCORRUPTED   if there is any state mismatch at all
-+ */
-+static int
-+xfs_iget_check_free_state(
-+       struct xfs_inode        *ip,
-+       int                     flags)
-+{
-+       if (flags & XFS_IGET_CREATE) {
-+               /* should be a free inode */
-+               if (VFS_I(ip)->i_mode != 0) {
-+                       xfs_warn(ip->i_mount,
-+"Corruption detected! Free inode 0x%llx not marked free! (mode 0x%x)",
-+                               ip->i_ino, VFS_I(ip)->i_mode);
-+                       return -EFSCORRUPTED;
-+               }
-+
-+               if (ip->i_d.di_nblocks != 0) {
-+                       xfs_warn(ip->i_mount,
-+"Corruption detected! Free inode 0x%llx has blocks allocated!",
-+                               ip->i_ino);
-+                       return -EFSCORRUPTED;
-+               }
-+               return 0;
-+       }
-+
-+       /* should be an allocated inode */
-+       if (VFS_I(ip)->i_mode == 0)
-+               return -ENOENT;
-+
-+       return 0;
-+}
-+
-+/*
-  * Check the validity of the inode we just found it the cache
-  */
- static int
-@@ -354,12 +394,12 @@ struct xfs_inode *
-        }
- 
-        /*
--        * If lookup is racing with unlink return an error immediately.
-+        * Check the inode free state is valid. This also detects lookup
-+        * racing with unlinks.
-         */
--       if (VFS_I(ip)->i_mode == 0 && !(flags & XFS_IGET_CREATE)) {
--               error = -ENOENT;
-+       error = xfs_iget_check_free_state(ip, flags);
-+       if (error)
-                goto out_error;
--       }
- 
-        /*
-         * If IRECLAIMABLE is set, we've torn down the VFS inode already.
-@@ -475,10 +515,14 @@ struct xfs_inode *
- 
-        trace_xfs_iget_miss(ip);
- 
--       if ((VFS_I(ip)->i_mode == 0) && !(flags & XFS_IGET_CREATE)) {
--               error = -ENOENT;
-+
-+       /*
-+        * Check the inode free state is valid. This also detects lookup
-+        * racing with unlinks.
-+        */
-+       error = xfs_iget_check_free_state(ip, flags);
-+       if (error)
-                goto out_destroy;
--       }
- 
-        /*
-         * Preload the radix tree so we can insert safely under the
--- 
-1.9.1
-
diff --git a/recipes-kernel/linux/linux-intel/CVE-2018-13094.patch b/recipes-kernel/linux/linux-intel/CVE-2018-13094.patch
deleted file mode 100644
index b42ac8f..0000000
--- a/recipes-kernel/linux/linux-intel/CVE-2018-13094.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 59f35b983e8aeb98188c6ef93f8eabc594f8f953 Mon Sep 17 00:00:00 2001
-From: Eric Sandeen <sandeen@sandeen.net>
-Date: Fri, 8 Jun 2018 09:53:49 -0700
-Subject: [PATCH] xfs: don't call xfs_da_shrink_inode with NULL bp
-
-commit bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a upstream.
-
-xfs_attr3_leaf_create may have errored out before instantiating a buffer,
-for example if the blkno is out of range.  In that case there is no work
-to do to remove it, and in fact xfs_da_shrink_inode will lead to an oops
-if we try.
-
-This also seems to fix a flaw where the original error from
-xfs_attr3_leaf_create gets overwritten in the cleanup case, and it
-removes a pointless assignment to bp which isn't used after this.
-
-CVE: CVE-2018-13094
-Upstream-Status: Backport
-
-Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199969
-Reported-by: Xu, Wen <wen.xu@gatech.edu>
-Tested-by: Xu, Wen <wen.xu@gatech.edu>
-Signed-off-by: Eric Sandeen <sandeen@redhat.com>
-Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
-Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
-Cc: Eduardo Valentin <eduval@amazon.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- fs/xfs/libxfs/xfs_attr_leaf.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c
-index 5c16db8..40e53a4 100644
---- a/fs/xfs/libxfs/xfs_attr_leaf.c
-+++ b/fs/xfs/libxfs/xfs_attr_leaf.c
-@@ -785,9 +785,8 @@ STATIC void xfs_attr3_leaf_moveents(struct xfs_da_args *args,
-        ASSERT(blkno == 0);
-        error = xfs_attr3_leaf_create(args, blkno, &bp);
-        if (error) {
--               error = xfs_da_shrink_inode(args, 0, bp);
--               bp = NULL;
--               if (error)
-+               /* xfs_attr3_leaf_create may not have instantiated a block */
-+               if (bp && (xfs_da_shrink_inode(args, 0, bp) != 0))
-                        goto out;
-                xfs_idata_realloc(dp, size, XFS_ATTR_FORK);     /* try to put */
-                memcpy(ifp->if_u1.if_data, tmpbuffer, size);    /* it back */
--- 
-1.9.1
-
diff --git a/recipes-kernel/linux/linux-intel/CVE-2018-14609.patch b/recipes-kernel/linux/linux-intel/CVE-2018-14609.patch
deleted file mode 100644
index 96d8a4e..0000000
--- a/recipes-kernel/linux/linux-intel/CVE-2018-14609.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 0cdbc3faf960de16ebe8a427feb3b0544ad983cc Mon Sep 17 00:00:00 2001
-From: Qu Wenruo <wqu@suse.com>
-Date: Tue, 3 Jul 2018 17:10:07 +0800
-Subject: [PATCH] btrfs: relocation: Only remove reloc rb_trees if reloc
- control has been initialized
-
-[ Upstream commit 389305b2aa68723c754f88d9dbd268a400e10664 ]
-
-Invalid reloc tree can cause kernel NULL pointer dereference when btrfs
-does some cleanup of the reloc roots.
-
-It turns out that fs_info::reloc_ctl can be NULL in
-btrfs_recover_relocation() as we allocate relocation control after all
-reloc roots have been verified.
-So when we hit: note, we haven't called set_reloc_control() thus
-fs_info::reloc_ctl is still NULL.
-
-CVE: CVE-2018-14609
-Upstream-Status: Backport
-
-Link: https://bugzilla.kernel.org/show_bug.cgi?id=199833
-Reported-by: Xu Wen <wen.xu@gatech.edu>
-Signed-off-by: Qu Wenruo <wqu@suse.com>
-Tested-by: Gu Jinxiang <gujx@cn.fujitsu.com>
-Reviewed-by: David Sterba <dsterba@suse.com>
-Signed-off-by: David Sterba <dsterba@suse.com>
-Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- fs/btrfs/relocation.c | 23 ++++++++++++-----------
- 1 file changed, 12 insertions(+), 11 deletions(-)
-
-diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
-index 9841fae..b80b03e 100644
---- a/fs/btrfs/relocation.c
-+++ b/fs/btrfs/relocation.c
-@@ -1334,18 +1334,19 @@ static void __del_reloc_root(struct btrfs_root *root)
-        struct mapping_node *node = NULL;
-        struct reloc_control *rc = fs_info->reloc_ctl;
- 
--       spin_lock(&rc->reloc_root_tree.lock);
--       rb_node = tree_search(&rc->reloc_root_tree.rb_root,
--                             root->node->start);
--       if (rb_node) {
--               node = rb_entry(rb_node, struct mapping_node, rb_node);
--               rb_erase(&node->rb_node, &rc->reloc_root_tree.rb_root);
-+       if (rc) {
-+               spin_lock(&rc->reloc_root_tree.lock);
-+               rb_node = tree_search(&rc->reloc_root_tree.rb_root,
-+                                     root->node->start);
-+               if (rb_node) {
-+                       node = rb_entry(rb_node, struct mapping_node, rb_node);
-+                       rb_erase(&node->rb_node, &rc->reloc_root_tree.rb_root);
-+               }
-+               spin_unlock(&rc->reloc_root_tree.lock);
-+               if (!node)
-+                       return;
-+               BUG_ON((struct btrfs_root *)node->data != root);
-        }
--       spin_unlock(&rc->reloc_root_tree.lock);
--
--       if (!node)
--               return;
--       BUG_ON((struct btrfs_root *)node->data != root);
- 
-        spin_lock(&fs_info->trans_lock);
-        list_del_init(&root->root_list);
--- 
-1.9.1
-
diff --git a/recipes-kernel/linux/linux-intel/CVE-2018-14617.patch b/recipes-kernel/linux/linux-intel/CVE-2018-14617.patch
deleted file mode 100644
index 8801932..0000000
--- a/recipes-kernel/linux/linux-intel/CVE-2018-14617.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 68e787c3c80059c776d1d7afb20f5eb9f20237a5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ernesto=20A=2E=20Fern=C3=A1ndez?=
- <ernesto.mnd.fernandez@gmail.com>
-Date: Thu, 23 Aug 2018 17:00:25 -0700
-Subject: [PATCH] hfsplus: fix NULL dereference in hfsplus_lookup()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-[ Upstream commit a7ec7a4193a2eb3b5341243fc0b621c1ac9e4ec4 ]
-
-An HFS+ filesystem can be mounted read-only without having a metadata
-directory, which is needed to support hardlinks.  But if the catalog
-data is corrupted, a directory lookup may still find dentries claiming
-to be hardlinks.
-
-hfsplus_lookup() does check that ->hidden_dir is not NULL in such a
-situation, but mistakenly does so after dereferencing it for the first
-time.  Reorder this check to prevent a crash.
-
-This happens when looking up corrupted catalog data (dentry) on a
-filesystem with no metadata directory (this could only ever happen on a
-read-only mount).  Wen Xu sent the replication steps in detail to the
-fsdevel list: https://bugzilla.kernel.org/show_bug.cgi?id=200297
-
-CVE: CVE-2018-14617
-Upstream-Status: Backport
-
-Link: http://lkml.kernel.org/r/20180712215344.q44dyrhymm4ajkao@eaf
-Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com>
-Reported-by: Wen Xu <wen.xu@gatech.edu>
-Cc: Viacheslav Dubeyko <slava@dubeyko.com>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- fs/hfsplus/dir.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/fs/hfsplus/dir.c b/fs/hfsplus/dir.c
-index e8120a2..1a44c46 100644
---- a/fs/hfsplus/dir.c
-+++ b/fs/hfsplus/dir.c
-@@ -78,13 +78,13 @@ static struct dentry *hfsplus_lookup(struct inode *dir, struct dentry *dentry,
-                                cpu_to_be32(HFSP_HARDLINK_TYPE) &&
-                                entry.file.user_info.fdCreator ==
-                                cpu_to_be32(HFSP_HFSPLUS_CREATOR) &&
-+                               HFSPLUS_SB(sb)->hidden_dir &&
-                                (entry.file.create_date ==
-                                        HFSPLUS_I(HFSPLUS_SB(sb)->hidden_dir)->
-                                                create_date ||
-                                entry.file.create_date ==
-                                        HFSPLUS_I(d_inode(sb->s_root))->
--                                               create_date) &&
--                               HFSPLUS_SB(sb)->hidden_dir) {
-+                                               create_date)) {
-                        struct qstr str;
-                        char name[32];
- 
--- 
-1.9.1
-
diff --git a/recipes-kernel/linux/linux-intel/CVE-2018-14734.patch b/recipes-kernel/linux/linux-intel/CVE-2018-14734.patch
deleted file mode 100644
index 4d58410..0000000
--- a/recipes-kernel/linux/linux-intel/CVE-2018-14734.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From e27dad1eb1ac7bedb5a033ac2e068543742c807b Mon Sep 17 00:00:00 2001
-From: Cong Wang <xiyou.wangcong@gmail.com>
-Date: Fri, 1 Jun 2018 11:31:44 -0700
-Subject: [PATCH] infiniband: fix a possible use-after-free bug
-
-[ Upstream commit cb2595c1393b4a5211534e6f0a0fbad369e21ad8 ]
-
-ucma_process_join() will free the new allocated "mc" struct,
-if there is any error after that, especially the copy_to_user().
-
-But in parallel, ucma_leave_multicast() could find this "mc"
-through idr_find() before ucma_process_join() frees it, since it
-is already published.
-
-So "mc" could be used in ucma_leave_multicast() after it is been
-allocated and freed in ucma_process_join(), since we don't refcnt
-it.
-
-Fix this by separating "publish" from ID allocation, so that we
-can get an ID first and publish it later after copy_to_user().
-
-CVE: CVE-2018-14734 
-Upstream-Status: Backport
-
-Fixes: c8f6a362bf3e ("RDMA/cma: Add multicast communication support")
-Reported-by: Noam Rathaus <noamr@beyondsecurity.com>
-Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
-Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
-Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- drivers/infiniband/core/ucma.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c
-index e47baf0..a22b992 100644
---- a/drivers/infiniband/core/ucma.c
-+++ b/drivers/infiniband/core/ucma.c
-@@ -218,7 +218,7 @@ static struct ucma_multicast* ucma_alloc_multicast(struct ucma_context *ctx)
-                return NULL;
- 
-        mutex_lock(&mut);
--       mc->id = idr_alloc(&multicast_idr, mc, 0, 0, GFP_KERNEL);
-+       mc->id = idr_alloc(&multicast_idr, NULL, 0, 0, GFP_KERNEL);
-        mutex_unlock(&mut);
-        if (mc->id < 0)
-                goto error;
-@@ -1404,6 +1404,10 @@ static ssize_t ucma_process_join(struct ucma_file *file,
-                goto err3;
-        }
- 
-+       mutex_lock(&mut);
-+       idr_replace(&multicast_idr, mc, mc->id);
-+       mutex_unlock(&mut);
-+
-        mutex_unlock(&file->mut);
-        ucma_put_ctx(ctx);
-        return 0;
--- 
-2.7.4
-
diff --git a/recipes-kernel/linux/linux-intel/CVE-2018-15572.patch b/recipes-kernel/linux/linux-intel/CVE-2018-15572.patch
deleted file mode 100644
index 27722af..0000000
--- a/recipes-kernel/linux/linux-intel/CVE-2018-15572.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From f374b5593e44c01265156b4c4070b618097f401b Mon Sep 17 00:00:00 2001
-From: Jiri Kosina <jkosina@suse.cz>
-Date: Thu, 26 Jul 2018 13:14:55 +0200
-Subject: [PATCH] x86/speculation: Protect against userspace-userspace
- spectreRSB
-
-commit fdf82a7856b32d905c39afc85e34364491e46346 upstream.
-
-The article "Spectre Returns! Speculation Attacks using the Return Stack
-Buffer" [1] describes two new (sub-)variants of spectrev2-like attacks,
-making use solely of the RSB contents even on CPUs that don't fallback to
-BTB on RSB underflow (Skylake+).
-
-Mitigate userspace-userspace attacks by always unconditionally filling RSB on
-context switch when the generic spectrev2 mitigation has been enabled.
-
-[1] https://arxiv.org/pdf/1807.07940.pdf
-
-CVE: CVE-2018-15572
-Upstream-Status: Backport
-
-Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
-Acked-by: Tim Chen <tim.c.chen@linux.intel.com>
-Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-Cc: Borislav Petkov <bp@suse.de>
-Cc: David Woodhouse <dwmw@amazon.co.uk>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: stable@vger.kernel.org
-Link: https://lkml.kernel.org/r/nycvar.YFH.7.76.1807261308190.997@cbobk.fhfr.pm
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- arch/x86/kernel/cpu/bugs.c | 38 +++++++-------------------------------
- 1 file changed, 7 insertions(+), 31 deletions(-)
-
-diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
-index 7416fc2..1d3bbaa 100644
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -311,23 +311,6 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void)
-        return cmd;
- }
- 
--/* Check for Skylake-like CPUs (for RSB handling) */
--static bool __init is_skylake_era(void)
--{
--       if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL &&
--           boot_cpu_data.x86 == 6) {
--               switch (boot_cpu_data.x86_model) {
--               case INTEL_FAM6_SKYLAKE_MOBILE:
--               case INTEL_FAM6_SKYLAKE_DESKTOP:
--               case INTEL_FAM6_SKYLAKE_X:
--               case INTEL_FAM6_KABYLAKE_MOBILE:
--               case INTEL_FAM6_KABYLAKE_DESKTOP:
--                       return true;
--               }
--       }
--       return false;
--}
--
- static void __init spectre_v2_select_mitigation(void)
- {
-        enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline();
-@@ -388,22 +371,15 @@ static void __init spectre_v2_select_mitigation(void)
-        pr_info("%s\n", spectre_v2_strings[mode]);
- 
-        /*
--        * If neither SMEP nor PTI are available, there is a risk of
--        * hitting userspace addresses in the RSB after a context switch
--        * from a shallow call stack to a deeper one. To prevent this fill
--        * the entire RSB, even when using IBRS.
-+        * If spectre v2 protection has been enabled, unconditionally fill
-+        * RSB during a context switch; this protects against two independent
-+        * issues:
-         *
--        * Skylake era CPUs have a separate issue with *underflow* of the
--        * RSB, when they will predict 'ret' targets from the generic BTB.
--        * The proper mitigation for this is IBRS. If IBRS is not supported
--        * or deactivated in favour of retpolines the RSB fill on context
--        * switch is required.
-+        *      - RSB underflow (and switch to BTB) on Skylake+
-+        *      - SpectreRSB variant of spectre v2 on X86_BUG_SPECTRE_V2 CPUs
-         */
--       if ((!boot_cpu_has(X86_FEATURE_PTI) &&
--            !boot_cpu_has(X86_FEATURE_SMEP)) || is_skylake_era()) {
--               setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
--               pr_info("Spectre v2 mitigation: Filling RSB on context switch\n");
--       }
-+       setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
-+       pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n");
- 
-        /* Initialize Indirect Branch Prediction Barrier if supported */
-        if (boot_cpu_has(X86_FEATURE_IBPB)) {
--- 
-1.9.1
-
diff --git a/recipes-kernel/linux/linux-intel/CVE-2018-16658.patch b/recipes-kernel/linux/linux-intel/CVE-2018-16658.patch
deleted file mode 100644
index d6dc109..0000000
--- a/recipes-kernel/linux/linux-intel/CVE-2018-16658.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 73b2e7073b51de0b03ebd15c97dd3ad0c3470810 Mon Sep 17 00:00:00 2001
-From: Scott Bauer <scott.bauer@intel.com>
-Date: Thu, 26 Apr 2018 11:51:08 -0600
-Subject: [PATCH] cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
-
-commit 8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 upstream.
-
-Like d88b6d04: "cdrom: information leak in cdrom_ioctl_media_changed()"
-
-There is another cast from unsigned long to int which causes
-a bounds check to fail with specially crafted input. The value is
-then used as an index in the slot array in cdrom_slot_status().
-
-CVE: CVE-2018-16658
-Upstream-Status: Backport
-
-Signed-off-by: Scott Bauer <scott.bauer@intel.com>
-Signed-off-by: Scott Bauer <sbauer@plzdonthack.me>
-Cc: stable@vger.kernel.org
-Signed-off-by: Jens Axboe <axboe@kernel.dk>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- drivers/cdrom/cdrom.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
-index bfc566d..8cfa10ab 100644
---- a/drivers/cdrom/cdrom.c
-+++ b/drivers/cdrom/cdrom.c
-@@ -2542,7 +2542,7 @@ static int cdrom_ioctl_drive_status(struct cdrom_device_info *cdi,
-        if (!CDROM_CAN(CDC_SELECT_DISC) ||
-            (arg == CDSL_CURRENT || arg == CDSL_NONE))
-                return cdi->ops->drive_status(cdi, CDSL_CURRENT);
--       if (((int)arg >= cdi->capacity))
-+       if (arg >= cdi->capacity)
-                return -EINVAL;
-        return cdrom_slot_status(cdi, arg);
- }
--- 
-1.9.1
-
diff --git a/recipes-kernel/linux/linux-intel/CVE-2018-9363.patch b/recipes-kernel/linux/linux-intel/CVE-2018-9363.patch
deleted file mode 100644
index 45a02d7..0000000
--- a/recipes-kernel/linux/linux-intel/CVE-2018-9363.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 6e2c702e797c25b49dac3a9f663c449f30cf8efc Mon Sep 17 00:00:00 2001
-From: Mark Salyzyn <salyzyn@android.com>
-Date: Tue, 31 Jul 2018 15:02:13 -0700
-Subject: [PATCH] Bluetooth: hidp: buffer overflow in hidp_process_report
-
-commit 7992c18810e568b95c869b227137a2215702a805 upstream.
-
-CVE-2018-9363
-
-The buffer length is unsigned at all layers, but gets cast to int and
-checked in hidp_process_report and can lead to a buffer overflow.
-Switch len parameter to unsigned int to resolve issue.
-
-This affects 3.18 and newer kernels.
-
-CVE: CVE-2018-9363
-Upstream-Status: Backport
-
-Signed-off-by: Mark Salyzyn <salyzyn@android.com>
-Fixes: a4b1b5877b514b276f0f31efe02388a9c2836728 ("HID: Bluetooth: hidp: make sure input buffers are big enough")
-Cc: Marcel Holtmann <marcel@holtmann.org>
-Cc: Johan Hedberg <johan.hedberg@gmail.com>
-Cc: "David S. Miller" <davem@davemloft.net>
-Cc: Kees Cook <keescook@chromium.org>
-Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>
-Cc: linux-bluetooth@vger.kernel.org
-Cc: netdev@vger.kernel.org
-Cc: linux-kernel@vger.kernel.org
-Cc: security@kernel.org
-Cc: kernel-team@android.com
-Acked-by: Kees Cook <keescook@chromium.org>
-Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- net/bluetooth/hidp/core.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
-index 8112893..cef3754 100644
---- a/net/bluetooth/hidp/core.c
-+++ b/net/bluetooth/hidp/core.c
-@@ -431,8 +431,8 @@ static void hidp_del_timer(struct hidp_session *session)
-                del_timer(&session->timer);
- }
- 
--static void hidp_process_report(struct hidp_session *session,
--                               int type, const u8 *data, int len, int intr)
-+static void hidp_process_report(struct hidp_session *session, int type,
-+                               const u8 *data, unsigned int len, int intr)
- {
-        if (len > HID_MAX_BUFFER_SIZE)
-                len = HID_MAX_BUFFER_SIZE;
--- 
-1.9.1
-
diff --git a/recipes-kernel/linux/linux-intel_4.14.bbappend b/recipes-kernel/linux/linux-intel_4.14.bbappend
deleted file mode 100644
index fe1f614..0000000
--- a/recipes-kernel/linux/linux-intel_4.14.bbappend
+++ /dev/null
@@ -1,26 +0,0 @@
-# look for files in the layer first
-FILESEXTRAPATHS_prepend := "${THISDIR}/linux-intel:"
-
-require recipes-kernel/linux/linux-deploy-kconfig.inc
-
-SRCREV_metaenea = "8ea21d43cbf695382a52ddbd7861dee09f8e92ef"
-KENEABRANCH = "intel-4.14"
-SRC_URI_append = " git://git@git.enea.com/linux/enea-kernel-cache.git;protocol=ssh;type=kmeta;name=metaenea;branch=${KENEABRANCH};destsuffix=enea-kernel-meta \
-                   file://CVE-2018-16658.patch \
-                   file://CVE-2018-14609.patch \
-                   file://CVE-2018-14617.patch \
-                 "
-
-KERNEL_FEATURES_append = " features/x2apic/x2apic.scc"
-
-# Debug tools support
-KERNEL_FEATURES_append = " features/debug/debug_kernel_y.scc"
-KERNEL_FEATURES_append = " features/kgdb/kgdb_y.scc"
-KERNEL_FEATURES_append = " features/lttng/lttng_y.scc"
-KERNEL_FEATURES_append = " features/latencytop/latencytop_y.scc"
-KERNEL_FEATURES_append = " features/perf/perf_y.scc"
-KERNEL_FEATURES_append = " features/systemtap/systemtap_y.scc"
-
-# Audio/video support
-KERNEL_FEATURES_append_corei7-64-intel-common = " features/drm/drm_y.scc"
-KERNEL_FEATURES_append_corei7-64-intel-common = " features/sound/sound_y.scc"