Update to 5.15.88-1

author: alegru 2023-01-15 21:57:14 +0100
committer: alegru 2023-01-15 21:58:27 +0100
commit: 4ce4fdbbeada7f76d5de00b53b315dc32d82f699 (patch)
tree: dbc681856d1d43cfd5d7f6a066459e8c289e0bee
parent: f6d563a5406f22ef5356a543cdb11e0dca490480 (diff)
download: aur-4ce4fdbbeada7f76d5de00b53b315dc32d82f699.tar.gz
5 files changed, 50 insertions, 247 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 88547b916795..c22a150f3512 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = linux-vfio-lts
 	pkgdesc = LTS Linux VFIO
-	pkgver = 5.15.87
+	pkgver = 5.15.88
 	pkgrel = 1
 	url = https://www.kernel.org/
 	arch = x86_64
@@ -19,26 +19,28 @@ pkgbase = linux-vfio-lts
 	makedepends = imagemagick
 	makedepends = texlive-latexextra
 	options = !strip
-	source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.87.tar.xz
-	source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.87.tar.sign
+	source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.88.tar.xz
+	source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.88.tar.sign
 	source = config
 	source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
 	source = 0002-PCI-Add-more-NVIDIA-controllers-to-the-MSI-masking-q.patch
 	source = 0003-iommu-intel-do-deep-dma-unmapping-to-avoid-kernel-fl.patch
 	source = 0004-Bluetooth-btintel-Fix-bdaddress-comparison-with-garb.patch
 	source = 0005-lg-laptop-Recognize-more-models.patch
+	source = 0006-netfilter-nft_payload-incorrect-arithmetics-when-fetching-vlan-header-bits.patch
 	source = add-acs-overrides.patch
 	source = i915-vga-arbiter.patch
 	validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
 	validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
-	sha256sums = e7359bd2935b54fe8bb821cf748591c36a95bed019e752d3e4d5803d9da1ccb4
+	sha256sums = 417539fdd96a3af97ef9ad2b51ca13967cb922f53970563b60290b935a81a181
 	sha256sums = SKIP
-	sha256sums = 2959597f1c71e44de06ac26c5a2029adbd4e5c6f8c2998e176591566eb0aecb0
+	sha256sums = 63e560fe9eff69f07336334a38f22eef8a798ccf6c7a4a90285ea94c70d5fbb4
 	sha256sums = 7bd64ff894475b3415d792ba8466ba7e8f872af56dbf1aeed0d261fe4008b8b5
 	sha256sums = 39649dc1dfcb06b411ad124e123769e955a78961b4ea17538c0919a930925549
 	sha256sums = 56c12551e859cc67520909e64feecbf1b190cee8addef150c5b9d1bb1d40981e
 	sha256sums = 5c1ee81fdd5818442af6081de987f9c1a9ce3c8d183566b3dfc19a8433aa3dde
 	sha256sums = 067e8995fcd6f6ed25e0253e9374c0e179a000c154da3e59ce62634945ac5be9
+	sha256sums = e1ba639a62ef788cb5653cbf5601b1534379211c50176e48f0b04ae555941c8d
 	sha256sums = b90be7b79652be61f7d50691000f6a8c75a240dc2eee2667b68d984f67583f77
 	sha256sums = 856230cfbdc2bb53a4920dfbcb6fb2d58427b7b184e5f94e21f08011d0a2fcc6
 
diff --git a/0006-Fix-NFSv4-mount-regression.patch b/0006-Fix-NFSv4-mount-regression.patch
deleted file mode 100644
index 470822db1b0f..000000000000
--- a/0006-Fix-NFSv4-mount-regression.patch
+++ /dev/null
@@ -1,238 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org>
-Date: Sat, 6 Aug 2022 22:54:33 +0200
-Subject: [PATCH] Fix NFSv4 mount regression
-
-This reverts commit 6f2836341d8a (NFSv4.1 query for fs_location attr on
-a new file system, 2022-01-12).
-
-For: https://bugs.archlinux.org/task/73838
-For: https://bugs.archlinux.org/task/73860
----
- fs/nfs/client.c         |  7 ----
- fs/nfs/nfs4_fs.h        |  9 +++--
- fs/nfs/nfs4proc.c       | 76 ++++++-----------------------------------
- fs/nfs/nfs4state.c      |  3 +-
- include/linux/nfs_xdr.h |  1 -
- 5 files changed, 15 insertions(+), 81 deletions(-)
-
-diff --git a/fs/nfs/client.c b/fs/nfs/client.c
-index 090b16890e3d..551833862171 100644
---- a/fs/nfs/client.c
-+++ b/fs/nfs/client.c
-@@ -860,13 +860,6 @@ int nfs_probe_fsinfo(struct nfs_server *server, struct nfs_fh *mntfh, struct nfs
- 			server->namelen = pathinfo.max_namelen;
- 	}
- 
--	if (clp->rpc_ops->discover_trunking != NULL &&
--			(server->caps & NFS_CAP_FS_LOCATIONS)) {
--		error = clp->rpc_ops->discover_trunking(server, mntfh);
--		if (error < 0)
--			return error;
--	}
--
- 	return 0;
- }
- EXPORT_SYMBOL_GPL(nfs_probe_fsinfo);
-diff --git a/fs/nfs/nfs4_fs.h b/fs/nfs/nfs4_fs.h
-index f8672a34fd63..36471dd0e82b 100644
---- a/fs/nfs/nfs4_fs.h
-+++ b/fs/nfs/nfs4_fs.h
-@@ -261,8 +261,8 @@ struct nfs4_state_maintenance_ops {
- };
- 
- struct nfs4_mig_recovery_ops {
--	int (*get_locations)(struct nfs_server *, struct nfs_fh *,
--		struct nfs4_fs_locations *, struct page *, const struct cred *);
-+	int (*get_locations)(struct inode *, struct nfs4_fs_locations *,
-+		struct page *, const struct cred *);
- 	int (*fsid_present)(struct inode *, const struct cred *);
- };
- 
-@@ -304,9 +304,8 @@ extern int nfs4_do_close(struct nfs4_state *state, gfp_t gfp_mask, int wait);
- extern int nfs4_server_capabilities(struct nfs_server *server, struct nfs_fh *fhandle);
- extern int nfs4_proc_fs_locations(struct rpc_clnt *, struct inode *, const struct qstr *,
- 				  struct nfs4_fs_locations *, struct page *);
--extern int nfs4_proc_get_locations(struct nfs_server *, struct nfs_fh *,
--				   struct nfs4_fs_locations *,
--				   struct page *page, const struct cred *);
-+extern int nfs4_proc_get_locations(struct inode *, struct nfs4_fs_locations *,
-+		struct page *page, const struct cred *);
- extern int nfs4_proc_fsid_present(struct inode *, const struct cred *);
- extern struct rpc_clnt *nfs4_proc_lookup_mountpoint(struct inode *,
- 						    struct dentry *,
-diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
-index cbb39aff8182..3d4dee10cb11 100644
---- a/fs/nfs/nfs4proc.c
-+++ b/fs/nfs/nfs4proc.c
-@@ -3963,60 +3963,6 @@ int nfs4_server_capabilities(struct nfs_server *server, struct nfs_fh *fhandle)
- 	return err;
- }
- 
--static int _nfs4_discover_trunking(struct nfs_server *server,
--				   struct nfs_fh *fhandle)
--{
--	struct nfs4_fs_locations *locations = NULL;
--	struct page *page;
--	const struct cred *cred;
--	struct nfs_client *clp = server->nfs_client;
--	const struct nfs4_state_maintenance_ops *ops =
--		clp->cl_mvops->state_renewal_ops;
--	int status = -ENOMEM;
--
--	cred = ops->get_state_renewal_cred(clp);
--	if (cred == NULL) {
--		cred = nfs4_get_clid_cred(clp);
--		if (cred == NULL)
--			return -ENOKEY;
--	}
--
--	page = alloc_page(GFP_KERNEL);
--	locations = kmalloc(sizeof(struct nfs4_fs_locations), GFP_KERNEL);
--	if (page == NULL || locations == NULL)
--		goto out;
--
--	status = nfs4_proc_get_locations(server, fhandle, locations, page,
--					 cred);
--	if (status)
--		goto out;
--out:
--	if (page)
--		__free_page(page);
--	kfree(locations);
--	return status;
--}
--
--static int nfs4_discover_trunking(struct nfs_server *server,
--				  struct nfs_fh *fhandle)
--{
--	struct nfs4_exception exception = {
--		.interruptible = true,
--	};
--	struct nfs_client *clp = server->nfs_client;
--	int err = 0;
--
--	if (!nfs4_has_session(clp))
--		goto out;
--	do {
--		err = nfs4_handle_exception(server,
--				_nfs4_discover_trunking(server, fhandle),
--				&exception);
--	} while (exception.retry);
--out:
--	return err;
--}
--
- static int _nfs4_lookup_root(struct nfs_server *server, struct nfs_fh *fhandle,
- 		struct nfs_fsinfo *info)
- {
-@@ -7952,18 +7898,18 @@ int nfs4_proc_fs_locations(struct rpc_clnt *client, struct inode *dir,
-  * appended to this compound to identify the client ID which is
-  * performing recovery.
-  */
--static int _nfs40_proc_get_locations(struct nfs_server *server,
--				     struct nfs_fh *fhandle,
-+static int _nfs40_proc_get_locations(struct inode *inode,
- 				     struct nfs4_fs_locations *locations,
- 				     struct page *page, const struct cred *cred)
- {
-+	struct nfs_server *server = NFS_SERVER(inode);
- 	struct rpc_clnt *clnt = server->client;
- 	u32 bitmask[2] = {
- 		[0] = FATTR4_WORD0_FSID | FATTR4_WORD0_FS_LOCATIONS,
- 	};
- 	struct nfs4_fs_locations_arg args = {
- 		.clientid	= server->nfs_client->cl_clientid,
--		.fh		= fhandle,
-+		.fh		= NFS_FH(inode),
- 		.page		= page,
- 		.bitmask	= bitmask,
- 		.migration	= 1,		/* skip LOOKUP */
-@@ -8009,17 +7955,17 @@ static int _nfs40_proc_get_locations(struct nfs_server *server,
-  * When the client supports GETATTR(fs_locations_info), it can
-  * be plumbed in here.
-  */
--static int _nfs41_proc_get_locations(struct nfs_server *server,
--				     struct nfs_fh *fhandle,
-+static int _nfs41_proc_get_locations(struct inode *inode,
- 				     struct nfs4_fs_locations *locations,
- 				     struct page *page, const struct cred *cred)
- {
-+	struct nfs_server *server = NFS_SERVER(inode);
- 	struct rpc_clnt *clnt = server->client;
- 	u32 bitmask[2] = {
- 		[0] = FATTR4_WORD0_FSID | FATTR4_WORD0_FS_LOCATIONS,
- 	};
- 	struct nfs4_fs_locations_arg args = {
--		.fh		= fhandle,
-+		.fh		= NFS_FH(inode),
- 		.page		= page,
- 		.bitmask	= bitmask,
- 		.migration	= 1,		/* skip LOOKUP */
-@@ -8068,28 +8014,27 @@ static int _nfs41_proc_get_locations(struct nfs_server *server,
-  * -NFS4ERR_LEASE_MOVED is returned if the server still has leases
-  * from this client that require migration recovery.
-  */
--int nfs4_proc_get_locations(struct nfs_server *server,
--			    struct nfs_fh *fhandle,
-+int nfs4_proc_get_locations(struct inode *inode,
- 			    struct nfs4_fs_locations *locations,
- 			    struct page *page, const struct cred *cred)
- {
-+	struct nfs_server *server = NFS_SERVER(inode);
- 	struct nfs_client *clp = server->nfs_client;
- 	const struct nfs4_mig_recovery_ops *ops =
- 					clp->cl_mvops->mig_recovery_ops;
- 	struct nfs4_exception exception = {
- 		.interruptible = true,
- 	};
- 	int status;
- 
- 	dprintk("%s: FSID %llx:%llx on \"%s\"\n", __func__,
- 		(unsigned long long)server->fsid.major,
- 		(unsigned long long)server->fsid.minor,
- 		clp->cl_hostname);
--	nfs_display_fhandle(fhandle, __func__);
-+	nfs_display_fhandle(NFS_FH(inode), __func__);
- 
- 	do {
--		status = ops->get_locations(server, fhandle, locations, page,
--					    cred);
-+		status = ops->get_locations(inode, locations, page, cred);
- 		if (status != -NFS4ERR_DELAY)
- 			break;
- 		nfs4_handle_exception(server, status, &exception);
-@@ -10586,7 +10531,6 @@ const struct nfs_rpc_ops nfs_v4_clientops = {
- 	.free_client	= nfs4_free_client,
- 	.create_server	= nfs4_create_server,
- 	.clone_server	= nfs_clone_server,
--	.discover_trunking = nfs4_discover_trunking,
- };
- 
- static const struct xattr_handler nfs4_xattr_nfs4_acl_handler = {
-diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
-index 83c88b54d712..42707e12d35c 100644
---- a/fs/nfs/nfs4state.c
-+++ b/fs/nfs/nfs4state.c
-@@ -2098,8 +2098,7 @@ static int nfs4_try_migration(struct nfs_server *server, const struct cred *cred
- 	}
- 
- 	inode = d_inode(server->super->s_root);
--	result = nfs4_proc_get_locations(server, NFS_FH(inode), locations,
--					 page, cred);
-+	result = nfs4_proc_get_locations(inode, locations, page, cred);
- 	if (result) {
- 		dprintk("<-- %s: failed to retrieve fs_locations: %d\n",
- 			__func__, result);
-diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h
-index ecd74cc34797..e9698b6278a5 100644
---- a/include/linux/nfs_xdr.h
-+++ b/include/linux/nfs_xdr.h
-@@ -1805,7 +1805,6 @@ struct nfs_rpc_ops {
- 	struct nfs_server *(*create_server)(struct fs_context *);
- 	struct nfs_server *(*clone_server)(struct nfs_server *, struct nfs_fh *,
- 					   struct nfs_fattr *, rpc_authflavor_t);
--	int	(*discover_trunking)(struct nfs_server *, struct nfs_fh *);
- };
- 
- /*
diff --git a/0006-netfilter-nft_payload-incorrect-arithmetics-when-fetching-vlan-header-bits.patch b/0006-netfilter-nft_payload-incorrect-arithmetics-when-fetching-vlan-header-bits.patch
new file mode 100644
index 000000000000..ef401a9f86f0
--- /dev/null
+++ b/0006-netfilter-nft_payload-incorrect-arithmetics-when-fetching-vlan-header-bits.patch
@@ -0,0 +1,37 @@
+From 696e1a48b1a1b01edad542a1ef293665864a4dd0 Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Wed, 11 Jan 2023 17:07:33 +0100
+Subject: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 696e1a48b1a1b01edad542a1ef293665864a4dd0 upstream.
+
+If the offset + length goes over the ethernet + vlan header, then the
+length is adjusted to copy the bytes that are within the boundaries of
+the vlan_ethhdr scratchpad area. The remaining bytes beyond ethernet +
+vlan header are copied directly from the skbuff data area.
+
+Fix incorrect arithmetic operator: subtract, not add, the size of the
+vlan header in case of double-tagged packets to adjust the length
+accordingly to address CVE-2023-0179.
+
+Reported-by: Davide Ornaghi <d.ornaghi97@gmail.com>
+Fixes: f6ae9f120dad ("netfilter: nft_payload: add C-VLAN support")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nft_payload.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/nft_payload.c
++++ b/net/netfilter/nft_payload.c
+@@ -63,7 +63,7 @@ nft_payload_copy_vlan(u32 *d, const stru
+ 			return false;
+ 
+ 		if (offset + len > VLAN_ETH_HLEN + vlan_hlen)
+-			ethlen -= offset + len - VLAN_ETH_HLEN + vlan_hlen;
++			ethlen -= offset + len - VLAN_ETH_HLEN - vlan_hlen;
+ 
+ 		memcpy(dst_u8, vlanh + offset - vlan_hlen, ethlen);
+ 
diff --git a/PKGBUILD b/PKGBUILD
index 021b238adf71..0f2c14a99255 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Andreas Radke <andyrtr@archlinux.org>
 
 pkgbase=linux-vfio-lts
-pkgver=5.15.87
+pkgver=5.15.88
 pkgrel=1
 pkgdesc='LTS Linux VFIO'
 url="https://www.kernel.org/"
@@ -21,6 +21,7 @@ source=(
   0003-iommu-intel-do-deep-dma-unmapping-to-avoid-kernel-fl.patch
   0004-Bluetooth-btintel-Fix-bdaddress-comparison-with-garb.patch
   0005-lg-laptop-Recognize-more-models.patch
+  0006-netfilter-nft_payload-incorrect-arithmetics-when-fetching-vlan-header-bits.patch
   add-acs-overrides.patch
   i915-vga-arbiter.patch
 )
@@ -29,14 +30,15 @@ validpgpkeys=(
   '647F28654894E3BD457199BE38DBBDC86092693E'  # Greg Kroah-Hartman
 )
 # https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-sha256sums=('e7359bd2935b54fe8bb821cf748591c36a95bed019e752d3e4d5803d9da1ccb4'
+sha256sums=('417539fdd96a3af97ef9ad2b51ca13967cb922f53970563b60290b935a81a181'
             'SKIP'
-            '2959597f1c71e44de06ac26c5a2029adbd4e5c6f8c2998e176591566eb0aecb0'
+            '63e560fe9eff69f07336334a38f22eef8a798ccf6c7a4a90285ea94c70d5fbb4'
             '7bd64ff894475b3415d792ba8466ba7e8f872af56dbf1aeed0d261fe4008b8b5'
             '39649dc1dfcb06b411ad124e123769e955a78961b4ea17538c0919a930925549'
             '56c12551e859cc67520909e64feecbf1b190cee8addef150c5b9d1bb1d40981e'
             '5c1ee81fdd5818442af6081de987f9c1a9ce3c8d183566b3dfc19a8433aa3dde'
             '067e8995fcd6f6ed25e0253e9374c0e179a000c154da3e59ce62634945ac5be9'
+            'e1ba639a62ef788cb5653cbf5601b1534379211c50176e48f0b04ae555941c8d'
             'b90be7b79652be61f7d50691000f6a8c75a240dc2eee2667b68d984f67583f77'
             '856230cfbdc2bb53a4920dfbcb6fb2d58427b7b184e5f94e21f08011d0a2fcc6')
 
diff --git a/config b/config
index d5a65b0c9b2a..7c3fc92ebabe 100644
--- a/config
+++ b/config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.15.87 Kernel Configuration
+# Linux/x86 5.15.88 Kernel Configuration
 #
 CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.2.0"
 CONFIG_CC_IS_GCC=y
author	alegru	2023-01-15 21:57:14 +0100
committer	alegru	2023-01-15 21:58:27 +0100
commit	4ce4fdbbeada7f76d5de00b53b315dc32d82f699 (patch)
tree	dbc681856d1d43cfd5d7f6a066459e8c289e0bee
parent	f6d563a5406f22ef5356a543cdb11e0dca490480 (diff)
download	aur-4ce4fdbbeada7f76d5de00b53b315dc32d82f699.tar.gz