diff options
author | Ting Liu <ting.liu@nxp.com> | 2016-06-16 17:07:46 +0800 |
---|---|---|
committer | Zhenhua Luo <zhenhua.luo@nxp.com> | 2016-06-23 10:41:54 +0800 |
commit | b1fcfb28a4d1b7ddf9b393b697d76256cc52f760 (patch) | |
tree | 63a39e93a66fe2521549378e6c0568b08cbc99c2 | |
parent | ad53934bfb7602362eff7fc27878ca0e6b42882a (diff) | |
download | meta-fsl-ppc-b1fcfb28a4d1b7ddf9b393b697d76256cc52f760.tar.gz |
linux-qoriq: upgrade to 4.1
The main features are:
* Linux kernel 4.1.8
* ARM A7 (AARCH32), A53 and A57 (AARCH64), Little Endian (default)
* Power Architecture e500mc, e5500, e6500
* Multicore SMP support and multithread (e6500)
* 32-bit effective kernel addressing [e500mc, e5500, A57]
* 64-bit effective addressing [e6500, A53, A57]
* Huge Pages (hugetlbfs)
* Linux Real-Time (RT) [P4080, B4860, LS1021A]
* Kernel-based Virtual Machine (KVM)
* Libvirt 1.2.19
* Linux Containers (LXC) 1.1.4 function support
Detailed commit log can be found at:
http://git.freescale.com/git/cgit.cgi/ppc/sdk/linux.git/log/?h=sdk-v2.0.x
Signed-off-by: Ting Liu <ting.liu@nxp.com>
-rw-r--r-- | recipes-kernel/linux/files/0001-powerpc-Align-TOC-to-256-bytes.patch | 37 | ||||
-rw-r--r-- | recipes-kernel/linux/files/module-remove-MODULE_GENERIC_TABLE.patch | 77 | ||||
-rw-r--r-- | recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch | 145 | ||||
-rw-r--r-- | recipes-kernel/linux/linux-qoriq_4.1.bb (renamed from recipes-kernel/linux/linux-qoriq_3.12.bb) | 9 |
4 files changed, 3 insertions, 265 deletions
diff --git a/recipes-kernel/linux/files/0001-powerpc-Align-TOC-to-256-bytes.patch b/recipes-kernel/linux/files/0001-powerpc-Align-TOC-to-256-bytes.patch deleted file mode 100644 index 2131c9d..0000000 --- a/recipes-kernel/linux/files/0001-powerpc-Align-TOC-to-256-bytes.patch +++ /dev/null | |||
@@ -1,37 +0,0 @@ | |||
1 | From 7d4d16a6ccdd6d965b84284262a67d5b63426d50 Mon Sep 17 00:00:00 2001 | ||
2 | From: Zhenhua Luo <zhenhua.luo@freescale.com> | ||
3 | Date: Mon, 9 Nov 2015 04:36:29 -0600 | ||
4 | Subject: [PATCH] powerpc: Align TOC to 256 bytes | ||
5 | |||
6 | Recent toolchains(gcc-5.2) force the TOC to be 256 byte aligned. We need | ||
7 | to enforce this alignment in our linker script, otherwise pointers | ||
8 | to our TOC variables (__toc_start, __prom_init_toc_start) could | ||
9 | be incorrect. | ||
10 | |||
11 | If they are bad, we die a few hundred instructions into boot. | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | |||
15 | Backport from https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e95235 | ||
16 | |||
17 | Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com> | ||
18 | --- | ||
19 | arch/powerpc/kernel/vmlinux.lds.S | 2 ++ | ||
20 | 1 file changed, 2 insertions(+) | ||
21 | |||
22 | diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S | ||
23 | index f096e72..3266864 100644 | ||
24 | --- a/arch/powerpc/kernel/vmlinux.lds.S | ||
25 | +++ b/arch/powerpc/kernel/vmlinux.lds.S | ||
26 | @@ -213,6 +213,8 @@ SECTIONS | ||
27 | *(.opd) | ||
28 | } | ||
29 | |||
30 | + . = ALIGN(256); | ||
31 | + | ||
32 | .got : AT(ADDR(.got) - LOAD_OFFSET) { | ||
33 | __toc_start = .; | ||
34 | #ifndef CONFIG_RELOCATABLE | ||
35 | -- | ||
36 | 2.3.3 | ||
37 | |||
diff --git a/recipes-kernel/linux/files/module-remove-MODULE_GENERIC_TABLE.patch b/recipes-kernel/linux/files/module-remove-MODULE_GENERIC_TABLE.patch deleted file mode 100644 index 5a67155..0000000 --- a/recipes-kernel/linux/files/module-remove-MODULE_GENERIC_TABLE.patch +++ /dev/null | |||
@@ -1,77 +0,0 @@ | |||
1 | module: remove MODULE_GENERIC_TABLE | ||
2 | |||
3 | MODULE_DEVICE_TABLE() calles MODULE_GENERIC_TABLE(); make it do the | ||
4 | work directly. This also removes a wart introduced in the last patch, | ||
5 | where the alias is defined to be an unknown struct type "struct | ||
6 | type##__##name##_device_id" instead of "struct type##_device_id" (it's | ||
7 | an extern so GCC doesn't care, but it's wrong). | ||
8 | |||
9 | The other user of MODULE_GENERIC_TABLE (ISAPNP_CARD_TABLE) is unused, | ||
10 | so delete it. | ||
11 | |||
12 | <Backport from cff26a51da5d206d3baf871e75778da44710219d> | ||
13 | |||
14 | Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> | ||
15 | Signed-off-by: Zhenhua Luo <zhenhua.luo@nxp.com> | ||
16 | |||
17 | Upstream-Status: Backport | ||
18 | --- | ||
19 | include/linux/isapnp.h | 4 ---- | ||
20 | include/linux/module.h | 19 ++++++++----------- | ||
21 | 2 files changed, 8 insertions(+), 15 deletions(-) | ||
22 | |||
23 | diff --git a/include/linux/isapnp.h b/include/linux/isapnp.h | ||
24 | index e2d28b0..3c77bf9 100644 | ||
25 | --- a/include/linux/isapnp.h | ||
26 | +++ b/include/linux/isapnp.h | ||
27 | @@ -56,10 +56,6 @@ | ||
28 | #define ISAPNP_DEVICE_ID(_va, _vb, _vc, _function) \ | ||
29 | { .vendor = ISAPNP_VENDOR(_va, _vb, _vc), .function = ISAPNP_FUNCTION(_function) } | ||
30 | |||
31 | -/* export used IDs outside module */ | ||
32 | -#define ISAPNP_CARD_TABLE(name) \ | ||
33 | - MODULE_GENERIC_TABLE(isapnp_card, name) | ||
34 | - | ||
35 | struct isapnp_card_id { | ||
36 | unsigned long driver_data; /* data private to the driver */ | ||
37 | unsigned short card_vendor, card_device; | ||
38 | diff --git a/include/linux/module.h b/include/linux/module.h | ||
39 | index 54aef1b..a9f6812 100644 | ||
40 | --- a/include/linux/module.h | ||
41 | +++ b/include/linux/module.h | ||
42 | @@ -83,15 +83,6 @@ void sort_extable(struct exception_table_entry *start, | ||
43 | void sort_main_extable(void); | ||
44 | void trim_init_extable(struct module *m); | ||
45 | |||
46 | -#ifdef MODULE | ||
47 | -#define MODULE_GENERIC_TABLE(gtype,name) \ | ||
48 | -extern const struct gtype##_id __mod_##gtype##_table \ | ||
49 | - __attribute__ ((unused, alias(__stringify(name)))) | ||
50 | - | ||
51 | -#else /* !MODULE */ | ||
52 | -#define MODULE_GENERIC_TABLE(gtype,name) | ||
53 | -#endif | ||
54 | - | ||
55 | /* Generic info of form tag = "info" */ | ||
56 | #define MODULE_INFO(tag, info) __MODULE_INFO(tag, tag, info) | ||
57 | |||
58 | @@ -142,8 +133,14 @@ extern const struct gtype##_id __mod_##gtype##_table \ | ||
59 | /* What your module does. */ | ||
60 | #define MODULE_DESCRIPTION(_description) MODULE_INFO(description, _description) | ||
61 | |||
62 | -#define MODULE_DEVICE_TABLE(type,name) \ | ||
63 | - MODULE_GENERIC_TABLE(type##__##name##_device, name) | ||
64 | +#ifdef MODULE | ||
65 | +/* Creates an alias so file2alias.c can find device table. */ | ||
66 | +#define MODULE_DEVICE_TABLE(type, name) \ | ||
67 | + extern const struct type##_device_id __mod_##type##__##name##_device_table \ | ||
68 | + __attribute__ ((unused, alias(__stringify(name)))) | ||
69 | +#else /* !MODULE */ | ||
70 | +#define MODULE_DEVICE_TABLE(type, name) | ||
71 | +#endif | ||
72 | |||
73 | /* Version of form [<epoch>:]<version>[-<extra-version>]. | ||
74 | Or for CVS/RCS ID version, everything but the number is stripped. | ||
75 | -- | ||
76 | 2.5.0 | ||
77 | |||
diff --git a/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch b/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch deleted file mode 100644 index ddcb6c5..0000000 --- a/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch +++ /dev/null | |||
@@ -1,145 +0,0 @@ | |||
1 | From 00c53b02cb01976b35d37670a4b5c5d7a6ad3c62 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Borkmann <dborkman@redhat.com> | ||
3 | Date: Mon, 3 Mar 2014 17:23:04 +0100 | ||
4 | Subject: [PATCH] net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is | ||
5 | AUTH capable | ||
6 | |||
7 | [ Upstream commit ec0223ec48a90cb605244b45f7c62de856403729 ] | ||
8 | |||
9 | RFC4895 introduced AUTH chunks for SCTP; during the SCTP | ||
10 | handshake RANDOM; CHUNKS; HMAC-ALGO are negotiated (CHUNKS | ||
11 | being optional though): | ||
12 | |||
13 | ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ----------> | ||
14 | <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] --------- | ||
15 | -------------------- COOKIE-ECHO --------------------> | ||
16 | <-------------------- COOKIE-ACK --------------------- | ||
17 | |||
18 | A special case is when an endpoint requires COOKIE-ECHO | ||
19 | chunks to be authenticated: | ||
20 | |||
21 | ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ----------> | ||
22 | <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] --------- | ||
23 | ------------------ AUTH; COOKIE-ECHO ----------------> | ||
24 | <-------------------- COOKIE-ACK --------------------- | ||
25 | |||
26 | RFC4895, section 6.3. Receiving Authenticated Chunks says: | ||
27 | |||
28 | The receiver MUST use the HMAC algorithm indicated in | ||
29 | the HMAC Identifier field. If this algorithm was not | ||
30 | specified by the receiver in the HMAC-ALGO parameter in | ||
31 | the INIT or INIT-ACK chunk during association setup, the | ||
32 | AUTH chunk and all the chunks after it MUST be discarded | ||
33 | and an ERROR chunk SHOULD be sent with the error cause | ||
34 | defined in Section 4.1. [...] If no endpoint pair shared | ||
35 | key has been configured for that Shared Key Identifier, | ||
36 | all authenticated chunks MUST be silently discarded. [...] | ||
37 | |||
38 | When an endpoint requires COOKIE-ECHO chunks to be | ||
39 | authenticated, some special procedures have to be followed | ||
40 | because the reception of a COOKIE-ECHO chunk might result | ||
41 | in the creation of an SCTP association. If a packet arrives | ||
42 | containing an AUTH chunk as a first chunk, a COOKIE-ECHO | ||
43 | chunk as the second chunk, and possibly more chunks after | ||
44 | them, and the receiver does not have an STCB for that | ||
45 | packet, then authentication is based on the contents of | ||
46 | the COOKIE-ECHO chunk. In this situation, the receiver MUST | ||
47 | authenticate the chunks in the packet by using the RANDOM | ||
48 | parameters, CHUNKS parameters and HMAC_ALGO parameters | ||
49 | obtained from the COOKIE-ECHO chunk, and possibly a local | ||
50 | shared secret as inputs to the authentication procedure | ||
51 | specified in Section 6.3. If authentication fails, then | ||
52 | the packet is discarded. If the authentication is successful, | ||
53 | the COOKIE-ECHO and all the chunks after the COOKIE-ECHO | ||
54 | MUST be processed. If the receiver has an STCB, it MUST | ||
55 | process the AUTH chunk as described above using the STCB | ||
56 | from the existing association to authenticate the | ||
57 | COOKIE-ECHO chunk and all the chunks after it. [...] | ||
58 | |||
59 | Commit bbd0d59809f9 introduced the possibility to receive | ||
60 | and verification of AUTH chunk, including the edge case for | ||
61 | authenticated COOKIE-ECHO. On reception of COOKIE-ECHO, | ||
62 | the function sctp_sf_do_5_1D_ce() handles processing, | ||
63 | unpacks and creates a new association if it passed sanity | ||
64 | checks and also tests for authentication chunks being | ||
65 | present. After a new association has been processed, it | ||
66 | invokes sctp_process_init() on the new association and | ||
67 | walks through the parameter list it received from the INIT | ||
68 | chunk. It checks SCTP_PARAM_RANDOM, SCTP_PARAM_HMAC_ALGO | ||
69 | and SCTP_PARAM_CHUNKS, and copies them into asoc->peer | ||
70 | meta data (peer_random, peer_hmacs, peer_chunks) in case | ||
71 | sysctl -w net.sctp.auth_enable=1 is set. If in INIT's | ||
72 | SCTP_PARAM_SUPPORTED_EXT parameter SCTP_CID_AUTH is set, | ||
73 | peer_random != NULL and peer_hmacs != NULL the peer is to be | ||
74 | assumed asoc->peer.auth_capable=1, in any other case | ||
75 | asoc->peer.auth_capable=0. | ||
76 | |||
77 | Now, if in sctp_sf_do_5_1D_ce() chunk->auth_chunk is | ||
78 | available, we set up a fake auth chunk and pass that on to | ||
79 | sctp_sf_authenticate(), which at latest in | ||
80 | sctp_auth_calculate_hmac() reliably dereferences a NULL pointer | ||
81 | at position 0..0008 when setting up the crypto key in | ||
82 | crypto_hash_setkey() by using asoc->asoc_shared_key that is | ||
83 | NULL as condition key_id == asoc->active_key_id is true if | ||
84 | the AUTH chunk was injected correctly from remote. This | ||
85 | happens no matter what net.sctp.auth_enable sysctl says. | ||
86 | |||
87 | The fix is to check for net->sctp.auth_enable and for | ||
88 | asoc->peer.auth_capable before doing any operations like | ||
89 | sctp_sf_authenticate() as no key is activated in | ||
90 | sctp_auth_asoc_init_active_key() for each case. | ||
91 | |||
92 | Now as RFC4895 section 6.3 states that if the used HMAC-ALGO | ||
93 | passed from the INIT chunk was not used in the AUTH chunk, we | ||
94 | SHOULD send an error; however in this case it would be better | ||
95 | to just silently discard such a maliciously prepared handshake | ||
96 | as we didn't even receive a parameter at all. Also, as our | ||
97 | endpoint has no shared key configured, section 6.3 says that | ||
98 | MUST silently discard, which we are doing from now onwards. | ||
99 | |||
100 | Before calling sctp_sf_pdiscard(), we need not only to free | ||
101 | the association, but also the chunk->auth_chunk skb, as | ||
102 | commit bbd0d59809f9 created a skb clone in that case. | ||
103 | |||
104 | I have tested this locally by using netfilter's nfqueue and | ||
105 | re-injecting packets into the local stack after maliciously | ||
106 | modifying the INIT chunk (removing RANDOM; HMAC-ALGO param) | ||
107 | and the SCTP packet containing the COOKIE_ECHO (injecting | ||
108 | AUTH chunk before COOKIE_ECHO). Fixed with this patch applied. | ||
109 | |||
110 | This fixes CVE-2014-0101 | ||
111 | Upstream-Status: Backport | ||
112 | |||
113 | Fixes: bbd0d59809f9 ("[SCTP]: Implement the receive and verification of AUTH chunk") | ||
114 | Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | ||
115 | Cc: Vlad Yasevich <yasevich@gmail.com> | ||
116 | Cc: Neil Horman <nhorman@tuxdriver.com> | ||
117 | Acked-by: Vlad Yasevich <vyasevich@gmail.com> | ||
118 | Signed-off-by: David S. Miller <davem@davemloft.net> | ||
119 | Signed-off-by: Jiri Slaby <jslaby@suse.cz> | ||
120 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
121 | --- | ||
122 | net/sctp/sm_statefuns.c | 7 +++++++ | ||
123 | 1 file changed, 7 insertions(+) | ||
124 | |||
125 | diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c | ||
126 | index dfe3f36..56ebe71 100644 | ||
127 | --- a/net/sctp/sm_statefuns.c | ||
128 | +++ b/net/sctp/sm_statefuns.c | ||
129 | @@ -768,6 +768,13 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(struct net *net, | ||
130 | return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); | ||
131 | } | ||
132 | |||
133 | + /* Make sure that we and the peer are AUTH capable */ | ||
134 | + if (!net->sctp.auth_enable || !new_asoc->peer.auth_capable) { | ||
135 | + kfree_skb(chunk->auth_chunk); | ||
136 | + sctp_association_free(new_asoc); | ||
137 | + return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); | ||
138 | + } | ||
139 | + | ||
140 | /* set-up our fake chunk so that we can process it */ | ||
141 | auth.skb = chunk->auth_chunk; | ||
142 | auth.asoc = chunk->asoc; | ||
143 | -- | ||
144 | 1.9.1 | ||
145 | |||
diff --git a/recipes-kernel/linux/linux-qoriq_3.12.bb b/recipes-kernel/linux/linux-qoriq_4.1.bb index 533225d..87eebbc 100644 --- a/recipes-kernel/linux/linux-qoriq_3.12.bb +++ b/recipes-kernel/linux/linux-qoriq_4.1.bb | |||
@@ -6,14 +6,11 @@ SECTION = "kernel" | |||
6 | LICENSE = "GPLv2" | 6 | LICENSE = "GPLv2" |
7 | LIC_FILES_CHKSUM = "file://COPYING;md5=d7810fab7487fb0aad327b76f1be7cd7" | 7 | LIC_FILES_CHKSUM = "file://COPYING;md5=d7810fab7487fb0aad327b76f1be7cd7" |
8 | 8 | ||
9 | SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;branch=sdk-v1.9.x \ | 9 | SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;branch=sdk-v2.0.x \ |
10 | file://modify-defconfig-t1040-nr-cpus.patch \ | 10 | file://modify-defconfig-t1040-nr-cpus.patch \ |
11 | file://net-sctp-CVE-2014-0101.patch \ | ||
12 | file://0001-powerpc-Align-TOC-to-256-bytes.patch \ | ||
13 | file://fix-the-compile-issue-under-gcc6.patch \ | 11 | file://fix-the-compile-issue-under-gcc6.patch \ |
14 | file://module-remove-MODULE_GENERIC_TABLE.patch \ | ||
15 | " | 12 | " |
16 | SRCREV = "43cecda943a6c40a833b588801b0929e8bd48813" | 13 | SRCREV = "bd51baffc04ecc73f933aee1c3a37c8b44b889a7" |
17 | 14 | ||
18 | KSRC ?= "" | 15 | KSRC ?= "" |
19 | S = '${@base_conditional("KSRC", "", "${WORKDIR}/git", "${KSRC}", d)}' | 16 | S = '${@base_conditional("KSRC", "", "${WORKDIR}/git", "${KSRC}", d)}' |
@@ -39,7 +36,7 @@ do_configure_prepend() { | |||
39 | ${S}/scripts/kconfig/merge_config.sh -m .config ${WORKDIR}/${deltacfg} | 36 | ${S}/scripts/kconfig/merge_config.sh -m .config ${WORKDIR}/${deltacfg} |
40 | elif [ -f "${S}/arch/${ARCH}/configs/${deltacfg}" ]; then | 37 | elif [ -f "${S}/arch/${ARCH}/configs/${deltacfg}" ]; then |
41 | ${S}/scripts/kconfig/merge_config.sh -m .config \ | 38 | ${S}/scripts/kconfig/merge_config.sh -m .config \ |
42 | ${S}/arch/powerpc/configs/${deltacfg} | 39 | ${S}/arch/${ARCH}/configs/${deltacfg} |
43 | fi | 40 | fi |
44 | done | 41 | done |
45 | 42 | ||