From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by yocto-www.yoctoproject.org (Postfix, from userid 118) id 47D17E00DBF; Fri, 17 Jun 2016 00:47:03 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on yocto-www.yoctoproject.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS autolearn=ham version=3.3.1 X-Spam-HAM-Report: * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no * trust * [157.56.111.77 listed in list.dnswl.org] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0077.outbound.protection.outlook.com [157.56.111.77]) by yocto-www.yoctoproject.org (Postfix) with ESMTP id E6E54E00DBC for ; Fri, 17 Jun 2016 00:46:58 -0700 (PDT) Received: from BY2PR03CA073.namprd03.prod.outlook.com (10.141.249.46) by CO2PR03MB2376.namprd03.prod.outlook.com (10.166.93.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.523.12; Fri, 17 Jun 2016 07:46:56 +0000 Received: from BY2FFO11FD053.protection.gbl (2a01:111:f400:7c0c::126) by BY2PR03CA073.outlook.office365.com (2a01:111:e400:2c5d::46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.517.8 via Frontend Transport; Fri, 17 Jun 2016 07:46:55 +0000 Authentication-Results: spf=fail (sender IP is 192.88.168.50) smtp.mailfrom=nxp.com; nxp.com; dkim=none (message not signed) header.d=none; nxp.com; dmarc=none action=none header.from=nxp.com; nxp.com; dkim=none (message not signed) header.d=none; Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not designate 192.88.168.50 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.168.50; helo=tx30smr01.am.freescale.net; Received: from tx30smr01.am.freescale.net (192.88.168.50) by BY2FFO11FD053.mail.protection.outlook.com (10.1.15.190) with Microsoft SMTP Server (TLS) id 15.1.511.7 via Frontend Transport; Fri, 17 Jun 2016 07:46:55 +0000 Received: from mercury.localdomain (mercury.ap.freescale.net [10.192.208.79]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id u5H7kP2b024617; Fri, 17 Jun 2016 00:46:53 -0700 From: To: Date: Fri, 17 Jun 2016 15:45:50 +0800 Message-ID: <1466149565-3293-17-git-send-email-ting.liu@nxp.com> X-Mailer: git-send-email 1.9.2 In-Reply-To: <1466149565-3293-1-git-send-email-ting.liu@nxp.com> References: <1466149565-3293-1-git-send-email-ting.liu@nxp.com> X-EOPAttributedMessage: 0 X-Matching-Connectors: 131106232154907183; (91ab9b29-cfa4-454e-5278-08d120cd25b8); () X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(7916002)(2980300002)(1109001)(1110001)(339900001)(189002)(199003)(81166006)(81156014)(110136002)(8676002)(2950100001)(189998001)(47776003)(50466002)(5003940100001)(77096005)(586003)(4326007)(15975445007)(2876002)(230783001)(356003)(48376002)(104016004)(2906002)(5008740100001)(11100500001)(19580395003)(97736004)(19580405001)(85426001)(87936001)(92566002)(6806005)(229853001)(105606002)(86152002)(8936002)(68736007)(575784001)(86362001)(106466001)(2351001)(50226002)(36756003)(76176999)(33646002)(50986999)(8666005)(7059030)(19627235001); DIR:OUT; SFP:1101; SCL:1; SRVR:CO2PR03MB2376; H:tx30smr01.am.freescale.net; FPR:; SPF:Fail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11FD053; 1:a+Sp8IJd9D4C8xfBTyGPQM4m82t/bG94D/QFMzIwqVrOWW1QOyta1P2sKlKDthHoVqfJqOKg63DK8w8xnTX2Iv6R3tziXSA2rwhs3dMWwaXe6NHjv59PPYnspBBn04rZVJF3KFPI/1/ejGCouqqvkiw7CGOuuPdFAHEjXQLUcI+DPUTUkzBt1xexIXsXEqN1ZrT85q7ZYWQ+aX/fekNlu9OSjvbgg7yS/VEvsmAXT6X4J3NTGfVAj3VqQj2yUN7kAucrIuYiR1xdVZzrKumjpkDGCx8nkRe4Bx1KDF0s1xgkgbP2Q/BdT1ILJ1KkbprnDpNEWu4UxZRRryAf5TZRjZ86U0lk67AR6CJdVmxuKAHEUkgEaDVJ0ZdZl5IJ0xpVc5lOJF+CNCwuXakDB3rNr0fNRBUa38xtF33Q3zQoo/SrcyOmewpEoL/RGgWGJFmn7iN5vi7Uzpm/VHwyQvlevECxNw7FgUosXXkxqMU6sj2vXfwsUAIwDdFFLroXZAtMuK44wqvrMCO29qdNpvsTm7qR5ZK2xRt4wFMuiM+mP/xUWdrKarewR21hVryVQZEfRRMM4lrISGX8BngXMybiqUZXjXhKjOzNVOqrQVg6FCtcEUGZpuJ4DUfV8TfII7GjhulzjIEyZUPODX92k1JdcJm9/OxZqtthOG8NMoNwD/ZCaF7NCeu50cDYvXJ/gmnO MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: cdfb0b43-90cc-4c9b-e22f-08d396838de5 X-Microsoft-Exchange-Diagnostics: 1; CO2PR03MB2376; 2:PDZL6RaZ1fCbaDUCRT7GFkg98+okCbXKOLfkEVGmCWB+LkcYlTqgWXVDkFocj6xIhfPoYKevwciQg0Y/HtU6rkiCfssCWT+//8TB4INSfK6fyHJ85P3tT8uayhTA14RVf5OZXZfIEFMjT21vc/AyWgXfEBnadD9/l4PQ4MFdBjrwGte02mHGFXJE3nho725E; 3:Uf/cQUs2lWc4yGR7Mf5iPg83/zm+MEv8C6ss+u/Kb5Wp+dUZ8INCDEcMANfRxZnkBTTL0LwGAhES3pbnxcaaHkeOdX1fAXH3dgm+fdhQbYgJ/GXTEj4s/h58ubNxCg88KNjeflf5bcHTtnQJlTzD0I3CHB9Sjjl1if4tbNlW8xJgwFwrFACj2BlMDlV5+WWR70CxQ5l48Lh/ajyya7XhChUVX0LroZxAq0MmeiLqJcM=; 25:sGNorxWRC03IjV+HS7Ida/lXuC+RGwHLd/cMVHdbmF8NwTn4ND6Yg/9lY8efIlplSnqkk1i7s+4DOPbYm5ZhLq/RVrlBBNo7QzN7IU/Xq/3nyTRLwH1UV9na1WBao4AkRNCSG/q6f1K6VRgwKx78GCBC83L/JVoqFtHHiuR3Tqc2pd7pOA5w5tdNYxSlUraUCHsz/gjxqiiu4hkNO5GyFhJks15FXDKbJXZ35l/0d2wZgHsbKoaLvsmd23KfqDSOeLc6Q+1tS64nPg6G3X6GQsC/rsd8zoJPEXXFoZtH6b3Ke6UWfJGWlg9YjFOYHlM11he/J155sje+Va1ryLiPSzPFlShODOODkX2W9sa+jB+YIr/MTlRmzyWpyue6G9SN9RUmMukcV/Feh8z2BRHfdoXOwcKI9MoeKjeudCk3TVM= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CO2PR03MB2376; X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(185117386973197)(101931422205132)(84791874153150)(46150409022019); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(13023025)(13018025)(13017025)(13024025)(13015025)(8121501046)(5005006)(10201501046)(3002001)(6055026); SRVR:CO2PR03MB2376; BCL:0; PCL:0; RULEID:(400006); SRVR:CO2PR03MB2376; X-Microsoft-Exchange-Diagnostics: 1; CO2PR03MB2376; 4:BXPjrT30KdSKfDLaa78wwLFSoKTGLz6WflIruaXNvR7ozanZRYoS37mgJx1DOX81g82kEuG+EaTqMt5DF7JZDG4asy69jIJA+KYqjl7a+yTHEdMh6qEvslRavgZBfmYdJ2JaOnuHaCFUpX/Heskxl4ePhErb7JpsCRjyiXvx09Pv86NQtrW2cVukB7vBkCmyeFZxgwS7DNX1XWzy1f8dTCk0xCQrWVQAcdYu+K6Bbnv94IEvur547JCpk/8sb7ASfC7A72c89prxlw3Qxg2j4inhE15FE8w4xh8hiOuDtdjHXGZd30sg1M2hYrb8IzQlr2nYmTwtbhNbduaXwzvy4cAdezo/mPkGAQKUSItgS5QJXxBEPpp6R/+jppf0oLZe5q6PMdHlga9jwRMRLdb5ktA1XNKlkK10iuvnCZh2gmnQJ/Ya5sTBICZ5Rwa/jrd7IiEfkimNl7287r5UIx9VQjumDtf9W4AvSvNUbSFeRVA0NYgvya+P8niztwwXenidwxDIU8GVaUOR9o8Cu0X2pAOrnwc7aegQcPG38h1xu9HnZV3L41HBIPip0wMEGrt/J01oSyksCL/+oStjPzpIkIEWJ5cqrH70r99l92sOS5yTDWnmEX7e06ZLA9d9ebmD X-Forefront-PRVS: 09760A0505 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CO2PR03MB2376; 23:YQd/NZsChXdJWrNL1FRJ8mBK3KiiECSFEqjknddN4?= =?us-ascii?Q?J6hCLifKKUd9+V+37Ds5+xfm9kd61KHsX7VBmJD83DOaPpseS3hG7tR+Q9/X?= =?us-ascii?Q?3nCb7B1ylLMCsRVryd8Ikmiq+YtkodbG5WJROl3BnEP9gvuGkWvov0T8bTm2?= =?us-ascii?Q?GmjSSRsalkfg3rcUTH04ec7TVsIMkTjirz2phGXzAbH39xc521mu9ZA0UxA6?= =?us-ascii?Q?82EhiTgeGYXo4+MbcTInztgXbiZ93OND1OtnUVfrodmhauKRrtSuW1NLKqaE?= =?us-ascii?Q?FdAlp9o4jFscwo15ZQH0QybZ6ZZLjGcqw5b8+fmhieElyedBzu8ARBGiGcy0?= =?us-ascii?Q?BVp6PuD5f1rCnIAJdvZ3DBKFcWgfemVOIM5Jd9rsKQ3WGzhwOSmMbI5Uq/vN?= =?us-ascii?Q?kxbET4of6nyc0mP4NMD9sDFmFhrQYvHZ6cZlE8h5Ez1LhkYALZOR5uV9ZMJs?= =?us-ascii?Q?iP2c9+5oYB6/9l3r7hX5NBsOD44ag63fJ64VIHOqDdOe/Ux0la09MEGGceiu?= =?us-ascii?Q?A0ZpaqytWOwPcqL62xRy9msxdW7Nl8obqSyA8ohCyfzr4O0Qzp4H51f+zUYa?= =?us-ascii?Q?/2EGveO+BPIBv0s9JlZNM0xKQK9HtzxsqOSHIqJf4EnokKDZUjqtfUH3gbqn?= =?us-ascii?Q?6ToKYUjfj/yhwyI2j0ubT15ucT8ns3PZoTVTA3nPOP27Q6kDgdhh9szVvMzX?= =?us-ascii?Q?qGBgPTlOTMFfFJhQCZdGLFlPfWthdXX5yiyToc0MIUc46D7Jbomr/Xg6cA+U?= =?us-ascii?Q?+eg2hmkRJuWvME/kgahPI57qicF+VIFgW4b8f2Dj1AugrOxpWaYfbm0jgTz4?= =?us-ascii?Q?hFi7z8fFUOzs+71oCeXwkv9nMw8Drn/HtA+vZHhy6tdFf4VywQAypaOgYfA0?= =?us-ascii?Q?ksHExiDqdIz2Dg13FbR4HG+xYdrHyRHknB0caPvfWyz6/naW/AG+/CdpQHGZ?= =?us-ascii?Q?XSsBGDG4L3QO9Znpuk50aRwVICxrc4LUCXmeqO58d0YLvGaMFa5PTtlLqd0d?= =?us-ascii?Q?zNMWhTb/zXfVw49acQkN89WqZNCSggCQhsnBEBSI4nzcTpJ5zbeEfHh48B7S?= =?us-ascii?Q?2flE/TlWDzh812LWTLF57SrFYib/83CTuzQhFPReYIWgWV1+aUgDHhCxluhg?= =?us-ascii?Q?fgyCMjx66f8LBUbWFFHai0T0QO3mXCl88u1nyVWCUx6m4K4XiWj8ndCr4edI?= =?us-ascii?Q?TEQPSgB5VqZL6Yrw4fTG5JH/ZQh+ooo5yhf0q9SFsg4HqN5Y2DgbNQUVsAPc?= =?us-ascii?Q?UM4WU1o0xRXmaOAwBm2uUtian3IEN5kGmUMvinG?= X-Microsoft-Exchange-Diagnostics: 1; CO2PR03MB2376; 6:pKM0ov67gc2nE4Tm40z2qSn8Iq/qYhsCe+rffcX7/H9uNml8lFvIxdmma9yabgxstZlxNO2ANg9lSiFcnUjZnBp9hKPPfJLROnwvHmvL2livCSuorpSqK5DAZ0wJoIQ3oljeR7/3g9UUG5GgVMiw2wUv1Q87RgE3HA23Ud7pA8IDpOTh3SvII9Mp9rjdxGjf85+lw14WVUkmtjLlMT9TLSCAWxghrIdvT8BzZb3wxA2jssDlq7N79wg+CtcnnnyqkhFK2YwmcW0XfWG55prseJ+pn1vUtNgV8MKodZQ5j08=; 5:TcSRerf5pDQS3u5HlYO1rAJWJcP6CJgMf2fvYWrUKyFbPxMl3nLvHt9ln15NaXYryDSzkpq2/ItKG6gw5eHyEnEoGDlDGSimtpi1SoTNz/L0gw6EQXh6V2YGFpOm9RR4FtUN5HyCaa1IN35ag8F3oCm/gpe2HMxc3wMBqp0ndpU=; 24:N9v6tk3qI+olhBqL2UmsNvskPouheXGuoKViKSgyRToPJHwiYFQsMpMmIMMcOxmtORbBmr5SJ9R/UnlfhWKd2Xdl7ocVE/AUQRKMQTfFV0A=; 7:BgHvSgLAziOhbasP4pFnV44omAPtiLA+v2klYfgZ0SuHJkOT21z/UDZChBsLKDziOGh0M17DPC+RFjZCd+UpdceV4WR6/wjBrbaTSACO52w0250K6f35yNUAF1nW+66r5W6oJKp8A8sS3W4MbWNvNelCE4EQ6qt7Ak6lv1hczT1n9EFKWe1f/DunUXJUExXoKlbMIHJiVEEjr3o1lte0icc9vQlPt+3BbpBXZnMEcNAsdNJBCpi0UNbUyNc0tYxY SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jun 2016 07:46:55.2879 (UTC) X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO2PR03MB2376 Subject: [meta-fsl-ppc][PATCH 16/31] linux-qoriq: upgrade to 4.1 X-BeenThere: meta-freescale@yoctoproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Usage and development list for the meta-fsl-* layers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jun 2016 07:47:03 -0000 Content-Type: text/plain From: Ting Liu The main features are: * Linux kernel 4.1.8 * ARM A7 (AARCH32), A53 and A57 (AARCH64), Little Endian (default) * Power Architecture e500mc, e5500, e6500 * Multicore SMP support and multithread (e6500) * 32-bit effective kernel addressing [e500mc, e5500, A57] * 64-bit effective addressing [e6500, A53, A57] * Huge Pages (hugetlbfs) * Linux Real-Time (RT) [P4080, B4860, LS1021A] * Kernel-based Virtual Machine (KVM) * Libvirt 1.2.19 * Linux Containers (LXC) 1.1.4 function support Detailed commit log can be found at: http://git.freescale.com/git/cgit.cgi/ppc/sdk/linux.git/log/?h=sdk-v2.0.x Signed-off-by: Ting Liu --- .../0001-powerpc-Align-TOC-to-256-bytes.patch | 37 ------ .../files/module-remove-MODULE_GENERIC_TABLE.patch | 77 ----------- .../linux/files/net-sctp-CVE-2014-0101.patch | 145 --------------------- .../{linux-qoriq_3.12.bb => linux-qoriq_4.1.bb} | 9 +- 4 files changed, 3 insertions(+), 265 deletions(-) delete mode 100644 recipes-kernel/linux/files/0001-powerpc-Align-TOC-to-256-bytes.patch delete mode 100644 recipes-kernel/linux/files/module-remove-MODULE_GENERIC_TABLE.patch delete mode 100644 recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch rename recipes-kernel/linux/{linux-qoriq_3.12.bb => linux-qoriq_4.1.bb} (87%) diff --git a/recipes-kernel/linux/files/0001-powerpc-Align-TOC-to-256-bytes.patch b/recipes-kernel/linux/files/0001-powerpc-Align-TOC-to-256-bytes.patch deleted file mode 100644 index 2131c9d..0000000 --- a/recipes-kernel/linux/files/0001-powerpc-Align-TOC-to-256-bytes.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 7d4d16a6ccdd6d965b84284262a67d5b63426d50 Mon Sep 17 00:00:00 2001 -From: Zhenhua Luo -Date: Mon, 9 Nov 2015 04:36:29 -0600 -Subject: [PATCH] powerpc: Align TOC to 256 bytes - -Recent toolchains(gcc-5.2) force the TOC to be 256 byte aligned. We need -to enforce this alignment in our linker script, otherwise pointers -to our TOC variables (__toc_start, __prom_init_toc_start) could -be incorrect. - -If they are bad, we die a few hundred instructions into boot. - -Upstream-Status: Backport - -Backport from https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e95235 - -Signed-off-by: Zhenhua Luo ---- - arch/powerpc/kernel/vmlinux.lds.S | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S -index f096e72..3266864 100644 ---- a/arch/powerpc/kernel/vmlinux.lds.S -+++ b/arch/powerpc/kernel/vmlinux.lds.S -@@ -213,6 +213,8 @@ SECTIONS - *(.opd) - } - -+ . = ALIGN(256); -+ - .got : AT(ADDR(.got) - LOAD_OFFSET) { - __toc_start = .; - #ifndef CONFIG_RELOCATABLE --- -2.3.3 - diff --git a/recipes-kernel/linux/files/module-remove-MODULE_GENERIC_TABLE.patch b/recipes-kernel/linux/files/module-remove-MODULE_GENERIC_TABLE.patch deleted file mode 100644 index 5a67155..0000000 --- a/recipes-kernel/linux/files/module-remove-MODULE_GENERIC_TABLE.patch +++ /dev/null @@ -1,77 +0,0 @@ -module: remove MODULE_GENERIC_TABLE - -MODULE_DEVICE_TABLE() calles MODULE_GENERIC_TABLE(); make it do the -work directly. This also removes a wart introduced in the last patch, -where the alias is defined to be an unknown struct type "struct -type##__##name##_device_id" instead of "struct type##_device_id" (it's -an extern so GCC doesn't care, but it's wrong). - -The other user of MODULE_GENERIC_TABLE (ISAPNP_CARD_TABLE) is unused, -so delete it. - - - -Signed-off-by: Rusty Russell -Signed-off-by: Zhenhua Luo - -Upstream-Status: Backport ---- - include/linux/isapnp.h | 4 ---- - include/linux/module.h | 19 ++++++++----------- - 2 files changed, 8 insertions(+), 15 deletions(-) - -diff --git a/include/linux/isapnp.h b/include/linux/isapnp.h -index e2d28b0..3c77bf9 100644 ---- a/include/linux/isapnp.h -+++ b/include/linux/isapnp.h -@@ -56,10 +56,6 @@ - #define ISAPNP_DEVICE_ID(_va, _vb, _vc, _function) \ - { .vendor = ISAPNP_VENDOR(_va, _vb, _vc), .function = ISAPNP_FUNCTION(_function) } - --/* export used IDs outside module */ --#define ISAPNP_CARD_TABLE(name) \ -- MODULE_GENERIC_TABLE(isapnp_card, name) -- - struct isapnp_card_id { - unsigned long driver_data; /* data private to the driver */ - unsigned short card_vendor, card_device; -diff --git a/include/linux/module.h b/include/linux/module.h -index 54aef1b..a9f6812 100644 ---- a/include/linux/module.h -+++ b/include/linux/module.h -@@ -83,15 +83,6 @@ void sort_extable(struct exception_table_entry *start, - void sort_main_extable(void); - void trim_init_extable(struct module *m); - --#ifdef MODULE --#define MODULE_GENERIC_TABLE(gtype,name) \ --extern const struct gtype##_id __mod_##gtype##_table \ -- __attribute__ ((unused, alias(__stringify(name)))) -- --#else /* !MODULE */ --#define MODULE_GENERIC_TABLE(gtype,name) --#endif -- - /* Generic info of form tag = "info" */ - #define MODULE_INFO(tag, info) __MODULE_INFO(tag, tag, info) - -@@ -142,8 +133,14 @@ extern const struct gtype##_id __mod_##gtype##_table \ - /* What your module does. */ - #define MODULE_DESCRIPTION(_description) MODULE_INFO(description, _description) - --#define MODULE_DEVICE_TABLE(type,name) \ -- MODULE_GENERIC_TABLE(type##__##name##_device, name) -+#ifdef MODULE -+/* Creates an alias so file2alias.c can find device table. */ -+#define MODULE_DEVICE_TABLE(type, name) \ -+ extern const struct type##_device_id __mod_##type##__##name##_device_table \ -+ __attribute__ ((unused, alias(__stringify(name)))) -+#else /* !MODULE */ -+#define MODULE_DEVICE_TABLE(type, name) -+#endif - - /* Version of form [:][-]. - Or for CVS/RCS ID version, everything but the number is stripped. --- -2.5.0 - diff --git a/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch b/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch deleted file mode 100644 index ddcb6c5..0000000 --- a/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch +++ /dev/null @@ -1,145 +0,0 @@ -From 00c53b02cb01976b35d37670a4b5c5d7a6ad3c62 Mon Sep 17 00:00:00 2001 -From: Daniel Borkmann -Date: Mon, 3 Mar 2014 17:23:04 +0100 -Subject: [PATCH] net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is - AUTH capable - -[ Upstream commit ec0223ec48a90cb605244b45f7c62de856403729 ] - -RFC4895 introduced AUTH chunks for SCTP; during the SCTP -handshake RANDOM; CHUNKS; HMAC-ALGO are negotiated (CHUNKS -being optional though): - - ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ----------> - <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] --------- - -------------------- COOKIE-ECHO --------------------> - <-------------------- COOKIE-ACK --------------------- - -A special case is when an endpoint requires COOKIE-ECHO -chunks to be authenticated: - - ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ----------> - <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] --------- - ------------------ AUTH; COOKIE-ECHO ----------------> - <-------------------- COOKIE-ACK --------------------- - -RFC4895, section 6.3. Receiving Authenticated Chunks says: - - The receiver MUST use the HMAC algorithm indicated in - the HMAC Identifier field. If this algorithm was not - specified by the receiver in the HMAC-ALGO parameter in - the INIT or INIT-ACK chunk during association setup, the - AUTH chunk and all the chunks after it MUST be discarded - and an ERROR chunk SHOULD be sent with the error cause - defined in Section 4.1. [...] If no endpoint pair shared - key has been configured for that Shared Key Identifier, - all authenticated chunks MUST be silently discarded. [...] - - When an endpoint requires COOKIE-ECHO chunks to be - authenticated, some special procedures have to be followed - because the reception of a COOKIE-ECHO chunk might result - in the creation of an SCTP association. If a packet arrives - containing an AUTH chunk as a first chunk, a COOKIE-ECHO - chunk as the second chunk, and possibly more chunks after - them, and the receiver does not have an STCB for that - packet, then authentication is based on the contents of - the COOKIE-ECHO chunk. In this situation, the receiver MUST - authenticate the chunks in the packet by using the RANDOM - parameters, CHUNKS parameters and HMAC_ALGO parameters - obtained from the COOKIE-ECHO chunk, and possibly a local - shared secret as inputs to the authentication procedure - specified in Section 6.3. If authentication fails, then - the packet is discarded. If the authentication is successful, - the COOKIE-ECHO and all the chunks after the COOKIE-ECHO - MUST be processed. If the receiver has an STCB, it MUST - process the AUTH chunk as described above using the STCB - from the existing association to authenticate the - COOKIE-ECHO chunk and all the chunks after it. [...] - -Commit bbd0d59809f9 introduced the possibility to receive -and verification of AUTH chunk, including the edge case for -authenticated COOKIE-ECHO. On reception of COOKIE-ECHO, -the function sctp_sf_do_5_1D_ce() handles processing, -unpacks and creates a new association if it passed sanity -checks and also tests for authentication chunks being -present. After a new association has been processed, it -invokes sctp_process_init() on the new association and -walks through the parameter list it received from the INIT -chunk. It checks SCTP_PARAM_RANDOM, SCTP_PARAM_HMAC_ALGO -and SCTP_PARAM_CHUNKS, and copies them into asoc->peer -meta data (peer_random, peer_hmacs, peer_chunks) in case -sysctl -w net.sctp.auth_enable=1 is set. If in INIT's -SCTP_PARAM_SUPPORTED_EXT parameter SCTP_CID_AUTH is set, -peer_random != NULL and peer_hmacs != NULL the peer is to be -assumed asoc->peer.auth_capable=1, in any other case -asoc->peer.auth_capable=0. - -Now, if in sctp_sf_do_5_1D_ce() chunk->auth_chunk is -available, we set up a fake auth chunk and pass that on to -sctp_sf_authenticate(), which at latest in -sctp_auth_calculate_hmac() reliably dereferences a NULL pointer -at position 0..0008 when setting up the crypto key in -crypto_hash_setkey() by using asoc->asoc_shared_key that is -NULL as condition key_id == asoc->active_key_id is true if -the AUTH chunk was injected correctly from remote. This -happens no matter what net.sctp.auth_enable sysctl says. - -The fix is to check for net->sctp.auth_enable and for -asoc->peer.auth_capable before doing any operations like -sctp_sf_authenticate() as no key is activated in -sctp_auth_asoc_init_active_key() for each case. - -Now as RFC4895 section 6.3 states that if the used HMAC-ALGO -passed from the INIT chunk was not used in the AUTH chunk, we -SHOULD send an error; however in this case it would be better -to just silently discard such a maliciously prepared handshake -as we didn't even receive a parameter at all. Also, as our -endpoint has no shared key configured, section 6.3 says that -MUST silently discard, which we are doing from now onwards. - -Before calling sctp_sf_pdiscard(), we need not only to free -the association, but also the chunk->auth_chunk skb, as -commit bbd0d59809f9 created a skb clone in that case. - -I have tested this locally by using netfilter's nfqueue and -re-injecting packets into the local stack after maliciously -modifying the INIT chunk (removing RANDOM; HMAC-ALGO param) -and the SCTP packet containing the COOKIE_ECHO (injecting -AUTH chunk before COOKIE_ECHO). Fixed with this patch applied. - -This fixes CVE-2014-0101 -Upstream-Status: Backport - -Fixes: bbd0d59809f9 ("[SCTP]: Implement the receive and verification of AUTH chunk") -Signed-off-by: Daniel Borkmann -Cc: Vlad Yasevich -Cc: Neil Horman -Acked-by: Vlad Yasevich -Signed-off-by: David S. Miller -Signed-off-by: Jiri Slaby -Signed-off-by: Sona Sarmadi ---- - net/sctp/sm_statefuns.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c -index dfe3f36..56ebe71 100644 ---- a/net/sctp/sm_statefuns.c -+++ b/net/sctp/sm_statefuns.c -@@ -768,6 +768,13 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(struct net *net, - return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); - } - -+ /* Make sure that we and the peer are AUTH capable */ -+ if (!net->sctp.auth_enable || !new_asoc->peer.auth_capable) { -+ kfree_skb(chunk->auth_chunk); -+ sctp_association_free(new_asoc); -+ return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); -+ } -+ - /* set-up our fake chunk so that we can process it */ - auth.skb = chunk->auth_chunk; - auth.asoc = chunk->asoc; --- -1.9.1 - diff --git a/recipes-kernel/linux/linux-qoriq_3.12.bb b/recipes-kernel/linux/linux-qoriq_4.1.bb similarity index 87% rename from recipes-kernel/linux/linux-qoriq_3.12.bb rename to recipes-kernel/linux/linux-qoriq_4.1.bb index 533225d..87eebbc 100644 --- a/recipes-kernel/linux/linux-qoriq_3.12.bb +++ b/recipes-kernel/linux/linux-qoriq_4.1.bb @@ -6,14 +6,11 @@ SECTION = "kernel" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=d7810fab7487fb0aad327b76f1be7cd7" -SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;branch=sdk-v1.9.x \ +SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;branch=sdk-v2.0.x \ file://modify-defconfig-t1040-nr-cpus.patch \ - file://net-sctp-CVE-2014-0101.patch \ - file://0001-powerpc-Align-TOC-to-256-bytes.patch \ file://fix-the-compile-issue-under-gcc6.patch \ - file://module-remove-MODULE_GENERIC_TABLE.patch \ " -SRCREV = "43cecda943a6c40a833b588801b0929e8bd48813" +SRCREV = "bd51baffc04ecc73f933aee1c3a37c8b44b889a7" KSRC ?= "" S = '${@base_conditional("KSRC", "", "${WORKDIR}/git", "${KSRC}", d)}' @@ -39,7 +36,7 @@ do_configure_prepend() { ${S}/scripts/kconfig/merge_config.sh -m .config ${WORKDIR}/${deltacfg} elif [ -f "${S}/arch/${ARCH}/configs/${deltacfg}" ]; then ${S}/scripts/kconfig/merge_config.sh -m .config \ - ${S}/arch/powerpc/configs/${deltacfg} + ${S}/arch/${ARCH}/configs/${deltacfg} fi done -- 1.9.2