Update linux-macbook

4 files changed, 9 insertions, 131 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 18c5e634586e..0422d60bc4f2 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = linux-macbook
-	pkgver = 4.9.11
-	pkgrel = 2
+	pkgver = 4.9.14
+	pkgrel = 1
 	url = https://www.kernel.org/
 	arch = i686
 	arch = x86_64
@@ -14,8 +14,8 @@ pkgbase = linux-macbook
 	options = !strip
 	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.9.tar.xz
 	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.9.tar.sign
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.9.11.xz
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.9.11.sign
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.9.14.xz
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.9.14.sign
 	source = config
 	source = config.x86_64
 	source = 99-linux-macbook.hook
@@ -26,12 +26,11 @@ pkgbase = linux-macbook
 	source = poweroff-quirk-workaround.patch
 	source = intel-pstate-backport.patch
 	source = change-default-console-loglevel.patch
-	source = 0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch
 	validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
 	validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
 	sha256sums = 029098dcffab74875e086ae970e3828456838da6e0ba22ce3f64ef764f3d7f1a
 	sha256sums = SKIP
-	sha256sums = 23e773a670f3cac11a92c4e442405dea6d2c28fea0f914ea2ba4bea313c26541
+	sha256sums = 056282412144bdb8bb1d33a5b22a5605ed836a8061dfd65926e25ba71119d518
 	sha256sums = SKIP
 	sha256sums = 49ec194851a7f96fbeedddb6125bf51d0e73e949f28026dca0d9ff36fc4ce5ff
 	sha256sums = 36fa6355b46655570838351a6f4b2a4904d4e1c550ce0b7a21aa5ebe1bad2d2d
@@ -43,7 +42,6 @@ pkgbase = linux-macbook
 	sha256sums = 24f914e16f5efd13608e835ded81b4da731798737a88228fb8684f6db80f7d2c
 	sha256sums = c0a25b413bc542472868c63318213dfe788beeece750d15f7ff1568aca8968ec
 	sha256sums = 1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99
-	sha256sums = 85954ac18da9dc1bec5df28e2f097d13016e39fa9631074f85b6364af340fcd9
 
 pkgname = linux-macbook
 	pkgdesc = The Linux-macbook kernel and modules
diff --git a/0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch b/0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch
deleted file mode 100644
index 9adaf0b305f2..000000000000
--- a/0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 Mon Sep 17 00:00:00 2001
-From: Andrey Konovalov <andreyknvl@google.com>
-Date: Thu, 16 Feb 2017 17:22:46 +0100
-Subject: [PATCH] dccp: fix freeing skb too early for IPV6_RECVPKTINFO
-
-In the current DCCP implementation an skb for a DCCP_PKT_REQUEST packet
-is forcibly freed via __kfree_skb in dccp_rcv_state_process if
-dccp_v6_conn_request successfully returns.
-
-However, if IPV6_RECVPKTINFO is set on a socket, the address of the skb
-is saved to ireq->pktopts and the ref count for skb is incremented in
-dccp_v6_conn_request, so skb is still in use. Nevertheless, it gets freed
-in dccp_rcv_state_process.
-
-Fix by calling consume_skb instead of doing goto discard and therefore
-calling __kfree_skb.
-
-Similar fixes for TCP:
-
-fb7e2399ec17f1004c0e0ccfd17439f8759ede01 [TCP]: skb is unexpectedly freed.
-0aea76d35c9651d55bbaf746e7914e5f9ae5a25d tcp: SYN packets are now
-simply consumed
-
-Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
-Acked-by: Eric Dumazet <edumazet@google.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- net/dccp/input.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/net/dccp/input.c b/net/dccp/input.c
-index ba347184bda9b3fe..8fedc2d497709b3d 100644
---- a/net/dccp/input.c
-+++ b/net/dccp/input.c
-@@ -606,7 +606,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
- 			if (inet_csk(sk)->icsk_af_ops->conn_request(sk,
- 								    skb) < 0)
- 				return 1;
--			goto discard;
-+			consume_skb(skb);
-+			return 0;
- 		}
- 		if (dh->dccph_type == DCCP_PKT_RESET)
- 			goto discard;
--- 
-2.11.1
-
diff --git a/PKGBUILD b/PKGBUILD
index 472e982da719..1c3dc88c0dea 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -5,8 +5,8 @@
 
 pkgbase=linux-macbook
 _srcname=linux-4.9
-pkgver=4.9.11
-pkgrel=2
+pkgver=4.9.14
+pkgrel=1
 arch=('i686' 'x86_64')
 url="https://www.kernel.org/"
 license=('GPL2')
@@ -30,12 +30,11 @@ source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz"
         'poweroff-quirk-workaround.patch'
         'intel-pstate-backport.patch'
         'change-default-console-loglevel.patch'
-        '0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch'
         )
 
 sha256sums=('029098dcffab74875e086ae970e3828456838da6e0ba22ce3f64ef764f3d7f1a'
             'SKIP'
-            '23e773a670f3cac11a92c4e442405dea6d2c28fea0f914ea2ba4bea313c26541'
+            '056282412144bdb8bb1d33a5b22a5605ed836a8061dfd65926e25ba71119d518'
             'SKIP'
             '49ec194851a7f96fbeedddb6125bf51d0e73e949f28026dca0d9ff36fc4ce5ff'
             '36fa6355b46655570838351a6f4b2a4904d4e1c550ce0b7a21aa5ebe1bad2d2d'
@@ -46,8 +45,7 @@ sha256sums=('029098dcffab74875e086ae970e3828456838da6e0ba22ce3f64ef764f3d7f1a'
             '896455ba219148e10c1fd19ec98f9871b384f9d0018598c1bb36ad7f3c8607c1'
             '24f914e16f5efd13608e835ded81b4da731798737a88228fb8684f6db80f7d2c'
             'c0a25b413bc542472868c63318213dfe788beeece750d15f7ff1568aca8968ec'
-            '1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99'
-            '85954ac18da9dc1bec5df28e2f097d13016e39fa9631074f85b6364af340fcd9')
+            '1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99')
 validpgpkeys=(
               'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
               '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
@@ -61,9 +59,6 @@ prepare() {
   # add upstream patch
   patch -p1 -i "${srcdir}/patch-${pkgver}"
 
-  # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074
-  patch -p1 -i "${srcdir}/0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch"
-
   # add latest fixes from stable queue, if needed
   # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
 
diff --git a/net_handle_no_dst_on_skb_in_icmp6_send.patch b/net_handle_no_dst_on_skb_in_icmp6_send.patch
deleted file mode 100644
index 06448a90affe..000000000000
--- a/net_handle_no_dst_on_skb_in_icmp6_send.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 Mon Sep 17 00:00:00 2001
-From: David Ahern <dsa@cumulusnetworks.com>
-Date: Sun, 27 Nov 2016 18:52:53 -0800
-Subject: [PATCH] net: handle no dst on skb in icmp6_send
-
-Andrey reported the following while fuzzing the kernel with syzkaller:
-
-kasan: CONFIG_KASAN_INLINE enabled
-kasan: GPF could be caused by NULL-ptr deref or user memory access
-general protection fault: 0000 [#1] SMP KASAN
-Modules linked in:
-CPU: 0 PID: 3859 Comm: a.out Not tainted 4.9.0-rc6+ #429
-Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
-task: ffff8800666d4200 task.stack: ffff880067348000
-RIP: 0010:[<ffffffff833617ec>]  [<ffffffff833617ec>]
-icmp6_send+0x5fc/0x1e30 net/ipv6/icmp.c:451
-RSP: 0018:ffff88006734f2c0  EFLAGS: 00010206
-RAX: ffff8800666d4200 RBX: 0000000000000000 RCX: 0000000000000000
-RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000018
-RBP: ffff88006734f630 R08: ffff880064138418 R09: 0000000000000003
-R10: dffffc0000000000 R11: 0000000000000005 R12: 0000000000000000
-R13: ffffffff84e7e200 R14: ffff880064138484 R15: ffff8800641383c0
-FS:  00007fb3887a07c0(0000) GS:ffff88006cc00000(0000) knlGS:0000000000000000
-CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-CR2: 0000000020000000 CR3: 000000006b040000 CR4: 00000000000006f0
-Stack:
- ffff8800666d4200 ffff8800666d49f8 ffff8800666d4200 ffffffff84c02460
- ffff8800666d4a1a 1ffff1000ccdaa2f ffff88006734f498 0000000000000046
- ffff88006734f440 ffffffff832f4269 ffff880064ba7456 0000000000000000
-Call Trace:
- [<ffffffff83364ddc>] icmpv6_param_prob+0x2c/0x40 net/ipv6/icmp.c:557
- [<     inline     >] ip6_tlvopt_unknown net/ipv6/exthdrs.c:88
- [<ffffffff83394405>] ip6_parse_tlv+0x555/0x670 net/ipv6/exthdrs.c:157
- [<ffffffff8339a759>] ipv6_parse_hopopts+0x199/0x460 net/ipv6/exthdrs.c:663
- [<ffffffff832ee773>] ipv6_rcv+0xfa3/0x1dc0 net/ipv6/ip6_input.c:191
- ...
-
-icmp6_send / icmpv6_send is invoked for both rx and tx paths. In both
-cases the dst->dev should be preferred for determining the L3 domain
-if the dst has been set on the skb. Fallback to the skb->dev if it has
-not. This covers the case reported here where icmp6_send is invoked on
-Rx before the route lookup.
-
-Fixes: 5d41ce29e ("net: icmp6_send should use dst dev to determine L3 domain")
-Reported-by: Andrey Konovalov <andreyknvl@google.com>
-Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- net/ipv6/icmp.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
-index 7370ad2..2772004 100644
---- a/net/ipv6/icmp.c
-+++ b/net/ipv6/icmp.c
-@@ -447,8 +447,10 @@ static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
- 
- 	if (__ipv6_addr_needs_scope_id(addr_type))
- 		iif = skb->dev->ifindex;
--	else
--		iif = l3mdev_master_ifindex(skb_dst(skb)->dev);
-+	else {
-+		dst = skb_dst(skb);
-+		iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev);
-+	}
- 
- 	/*
- 	 *	Must not send error if the source does not uniquely