[meta-freescale] [meta-fsl-ppc][PATCH 16/31] linux-qoriq: upgrade to 4.1
ting.liu at nxp.com
ting.liu at nxp.com
Fri Jun 17 00:45:50 PDT 2016
From: Ting Liu <ting.liu at nxp.com>
The main features are:
* Linux kernel 4.1.8
* ARM A7 (AARCH32), A53 and A57 (AARCH64), Little Endian (default)
* Power Architecture e500mc, e5500, e6500
* Multicore SMP support and multithread (e6500)
* 32-bit effective kernel addressing [e500mc, e5500, A57]
* 64-bit effective addressing [e6500, A53, A57]
* Huge Pages (hugetlbfs)
* Linux Real-Time (RT) [P4080, B4860, LS1021A]
* Kernel-based Virtual Machine (KVM)
* Libvirt 1.2.19
* Linux Containers (LXC) 1.1.4 function support
Detailed commit log can be found at:
http://git.freescale.com/git/cgit.cgi/ppc/sdk/linux.git/log/?h=sdk-v2.0.x
Signed-off-by: Ting Liu <ting.liu at nxp.com>
---
.../0001-powerpc-Align-TOC-to-256-bytes.patch | 37 ------
.../files/module-remove-MODULE_GENERIC_TABLE.patch | 77 -----------
.../linux/files/net-sctp-CVE-2014-0101.patch | 145 ---------------------
.../{linux-qoriq_3.12.bb => linux-qoriq_4.1.bb} | 9 +-
4 files changed, 3 insertions(+), 265 deletions(-)
delete mode 100644 recipes-kernel/linux/files/0001-powerpc-Align-TOC-to-256-bytes.patch
delete mode 100644 recipes-kernel/linux/files/module-remove-MODULE_GENERIC_TABLE.patch
delete mode 100644 recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch
rename recipes-kernel/linux/{linux-qoriq_3.12.bb => linux-qoriq_4.1.bb} (87%)
diff --git a/recipes-kernel/linux/files/0001-powerpc-Align-TOC-to-256-bytes.patch b/recipes-kernel/linux/files/0001-powerpc-Align-TOC-to-256-bytes.patch
deleted file mode 100644
index 2131c9d..0000000
--- a/recipes-kernel/linux/files/0001-powerpc-Align-TOC-to-256-bytes.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 7d4d16a6ccdd6d965b84284262a67d5b63426d50 Mon Sep 17 00:00:00 2001
-From: Zhenhua Luo <zhenhua.luo at freescale.com>
-Date: Mon, 9 Nov 2015 04:36:29 -0600
-Subject: [PATCH] powerpc: Align TOC to 256 bytes
-
-Recent toolchains(gcc-5.2) force the TOC to be 256 byte aligned. We need
-to enforce this alignment in our linker script, otherwise pointers
-to our TOC variables (__toc_start, __prom_init_toc_start) could
-be incorrect.
-
-If they are bad, we die a few hundred instructions into boot.
-
-Upstream-Status: Backport
-
-Backport from https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e95235
-
-Signed-off-by: Zhenhua Luo <zhenhua.luo at freescale.com>
----
- arch/powerpc/kernel/vmlinux.lds.S | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S
-index f096e72..3266864 100644
---- a/arch/powerpc/kernel/vmlinux.lds.S
-+++ b/arch/powerpc/kernel/vmlinux.lds.S
-@@ -213,6 +213,8 @@ SECTIONS
- *(.opd)
- }
-
-+ . = ALIGN(256);
-+
- .got : AT(ADDR(.got) - LOAD_OFFSET) {
- __toc_start = .;
- #ifndef CONFIG_RELOCATABLE
---
-2.3.3
-
diff --git a/recipes-kernel/linux/files/module-remove-MODULE_GENERIC_TABLE.patch b/recipes-kernel/linux/files/module-remove-MODULE_GENERIC_TABLE.patch
deleted file mode 100644
index 5a67155..0000000
--- a/recipes-kernel/linux/files/module-remove-MODULE_GENERIC_TABLE.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-module: remove MODULE_GENERIC_TABLE
-
-MODULE_DEVICE_TABLE() calles MODULE_GENERIC_TABLE(); make it do the
-work directly. This also removes a wart introduced in the last patch,
-where the alias is defined to be an unknown struct type "struct
-type##__##name##_device_id" instead of "struct type##_device_id" (it's
-an extern so GCC doesn't care, but it's wrong).
-
-The other user of MODULE_GENERIC_TABLE (ISAPNP_CARD_TABLE) is unused,
-so delete it.
-
-<Backport from cff26a51da5d206d3baf871e75778da44710219d>
-
-Signed-off-by: Rusty Russell <rusty at rustcorp.com.au>
-Signed-off-by: Zhenhua Luo <zhenhua.luo at nxp.com>
-
-Upstream-Status: Backport
----
- include/linux/isapnp.h | 4 ----
- include/linux/module.h | 19 ++++++++-----------
- 2 files changed, 8 insertions(+), 15 deletions(-)
-
-diff --git a/include/linux/isapnp.h b/include/linux/isapnp.h
-index e2d28b0..3c77bf9 100644
---- a/include/linux/isapnp.h
-+++ b/include/linux/isapnp.h
-@@ -56,10 +56,6 @@
- #define ISAPNP_DEVICE_ID(_va, _vb, _vc, _function) \
- { .vendor = ISAPNP_VENDOR(_va, _vb, _vc), .function = ISAPNP_FUNCTION(_function) }
-
--/* export used IDs outside module */
--#define ISAPNP_CARD_TABLE(name) \
-- MODULE_GENERIC_TABLE(isapnp_card, name)
--
- struct isapnp_card_id {
- unsigned long driver_data; /* data private to the driver */
- unsigned short card_vendor, card_device;
-diff --git a/include/linux/module.h b/include/linux/module.h
-index 54aef1b..a9f6812 100644
---- a/include/linux/module.h
-+++ b/include/linux/module.h
-@@ -83,15 +83,6 @@ void sort_extable(struct exception_table_entry *start,
- void sort_main_extable(void);
- void trim_init_extable(struct module *m);
-
--#ifdef MODULE
--#define MODULE_GENERIC_TABLE(gtype,name) \
--extern const struct gtype##_id __mod_##gtype##_table \
-- __attribute__ ((unused, alias(__stringify(name))))
--
--#else /* !MODULE */
--#define MODULE_GENERIC_TABLE(gtype,name)
--#endif
--
- /* Generic info of form tag = "info" */
- #define MODULE_INFO(tag, info) __MODULE_INFO(tag, tag, info)
-
-@@ -142,8 +133,14 @@ extern const struct gtype##_id __mod_##gtype##_table \
- /* What your module does. */
- #define MODULE_DESCRIPTION(_description) MODULE_INFO(description, _description)
-
--#define MODULE_DEVICE_TABLE(type,name) \
-- MODULE_GENERIC_TABLE(type##__##name##_device, name)
-+#ifdef MODULE
-+/* Creates an alias so file2alias.c can find device table. */
-+#define MODULE_DEVICE_TABLE(type, name) \
-+ extern const struct type##_device_id __mod_##type##__##name##_device_table \
-+ __attribute__ ((unused, alias(__stringify(name))))
-+#else /* !MODULE */
-+#define MODULE_DEVICE_TABLE(type, name)
-+#endif
-
- /* Version of form [<epoch>:]<version>[-<extra-version>].
- Or for CVS/RCS ID version, everything but the number is stripped.
---
-2.5.0
-
diff --git a/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch b/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch
deleted file mode 100644
index ddcb6c5..0000000
--- a/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-From 00c53b02cb01976b35d37670a4b5c5d7a6ad3c62 Mon Sep 17 00:00:00 2001
-From: Daniel Borkmann <dborkman at redhat.com>
-Date: Mon, 3 Mar 2014 17:23:04 +0100
-Subject: [PATCH] net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is
- AUTH capable
-
-[ Upstream commit ec0223ec48a90cb605244b45f7c62de856403729 ]
-
-RFC4895 introduced AUTH chunks for SCTP; during the SCTP
-handshake RANDOM; CHUNKS; HMAC-ALGO are negotiated (CHUNKS
-being optional though):
-
- ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
- <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
- -------------------- COOKIE-ECHO -------------------->
- <-------------------- COOKIE-ACK ---------------------
-
-A special case is when an endpoint requires COOKIE-ECHO
-chunks to be authenticated:
-
- ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
- <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
- ------------------ AUTH; COOKIE-ECHO ---------------->
- <-------------------- COOKIE-ACK ---------------------
-
-RFC4895, section 6.3. Receiving Authenticated Chunks says:
-
- The receiver MUST use the HMAC algorithm indicated in
- the HMAC Identifier field. If this algorithm was not
- specified by the receiver in the HMAC-ALGO parameter in
- the INIT or INIT-ACK chunk during association setup, the
- AUTH chunk and all the chunks after it MUST be discarded
- and an ERROR chunk SHOULD be sent with the error cause
- defined in Section 4.1. [...] If no endpoint pair shared
- key has been configured for that Shared Key Identifier,
- all authenticated chunks MUST be silently discarded. [...]
-
- When an endpoint requires COOKIE-ECHO chunks to be
- authenticated, some special procedures have to be followed
- because the reception of a COOKIE-ECHO chunk might result
- in the creation of an SCTP association. If a packet arrives
- containing an AUTH chunk as a first chunk, a COOKIE-ECHO
- chunk as the second chunk, and possibly more chunks after
- them, and the receiver does not have an STCB for that
- packet, then authentication is based on the contents of
- the COOKIE-ECHO chunk. In this situation, the receiver MUST
- authenticate the chunks in the packet by using the RANDOM
- parameters, CHUNKS parameters and HMAC_ALGO parameters
- obtained from the COOKIE-ECHO chunk, and possibly a local
- shared secret as inputs to the authentication procedure
- specified in Section 6.3. If authentication fails, then
- the packet is discarded. If the authentication is successful,
- the COOKIE-ECHO and all the chunks after the COOKIE-ECHO
- MUST be processed. If the receiver has an STCB, it MUST
- process the AUTH chunk as described above using the STCB
- from the existing association to authenticate the
- COOKIE-ECHO chunk and all the chunks after it. [...]
-
-Commit bbd0d59809f9 introduced the possibility to receive
-and verification of AUTH chunk, including the edge case for
-authenticated COOKIE-ECHO. On reception of COOKIE-ECHO,
-the function sctp_sf_do_5_1D_ce() handles processing,
-unpacks and creates a new association if it passed sanity
-checks and also tests for authentication chunks being
-present. After a new association has been processed, it
-invokes sctp_process_init() on the new association and
-walks through the parameter list it received from the INIT
-chunk. It checks SCTP_PARAM_RANDOM, SCTP_PARAM_HMAC_ALGO
-and SCTP_PARAM_CHUNKS, and copies them into asoc->peer
-meta data (peer_random, peer_hmacs, peer_chunks) in case
-sysctl -w net.sctp.auth_enable=1 is set. If in INIT's
-SCTP_PARAM_SUPPORTED_EXT parameter SCTP_CID_AUTH is set,
-peer_random != NULL and peer_hmacs != NULL the peer is to be
-assumed asoc->peer.auth_capable=1, in any other case
-asoc->peer.auth_capable=0.
-
-Now, if in sctp_sf_do_5_1D_ce() chunk->auth_chunk is
-available, we set up a fake auth chunk and pass that on to
-sctp_sf_authenticate(), which at latest in
-sctp_auth_calculate_hmac() reliably dereferences a NULL pointer
-at position 0..0008 when setting up the crypto key in
-crypto_hash_setkey() by using asoc->asoc_shared_key that is
-NULL as condition key_id == asoc->active_key_id is true if
-the AUTH chunk was injected correctly from remote. This
-happens no matter what net.sctp.auth_enable sysctl says.
-
-The fix is to check for net->sctp.auth_enable and for
-asoc->peer.auth_capable before doing any operations like
-sctp_sf_authenticate() as no key is activated in
-sctp_auth_asoc_init_active_key() for each case.
-
-Now as RFC4895 section 6.3 states that if the used HMAC-ALGO
-passed from the INIT chunk was not used in the AUTH chunk, we
-SHOULD send an error; however in this case it would be better
-to just silently discard such a maliciously prepared handshake
-as we didn't even receive a parameter at all. Also, as our
-endpoint has no shared key configured, section 6.3 says that
-MUST silently discard, which we are doing from now onwards.
-
-Before calling sctp_sf_pdiscard(), we need not only to free
-the association, but also the chunk->auth_chunk skb, as
-commit bbd0d59809f9 created a skb clone in that case.
-
-I have tested this locally by using netfilter's nfqueue and
-re-injecting packets into the local stack after maliciously
-modifying the INIT chunk (removing RANDOM; HMAC-ALGO param)
-and the SCTP packet containing the COOKIE_ECHO (injecting
-AUTH chunk before COOKIE_ECHO). Fixed with this patch applied.
-
-This fixes CVE-2014-0101
-Upstream-Status: Backport
-
-Fixes: bbd0d59809f9 ("[SCTP]: Implement the receive and verification of AUTH chunk")
-Signed-off-by: Daniel Borkmann <dborkman at redhat.com>
-Cc: Vlad Yasevich <yasevich at gmail.com>
-Cc: Neil Horman <nhorman at tuxdriver.com>
-Acked-by: Vlad Yasevich <vyasevich at gmail.com>
-Signed-off-by: David S. Miller <davem at davemloft.net>
-Signed-off-by: Jiri Slaby <jslaby at suse.cz>
-Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
----
- net/sctp/sm_statefuns.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
-index dfe3f36..56ebe71 100644
---- a/net/sctp/sm_statefuns.c
-+++ b/net/sctp/sm_statefuns.c
-@@ -768,6 +768,13 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(struct net *net,
- return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
- }
-
-+ /* Make sure that we and the peer are AUTH capable */
-+ if (!net->sctp.auth_enable || !new_asoc->peer.auth_capable) {
-+ kfree_skb(chunk->auth_chunk);
-+ sctp_association_free(new_asoc);
-+ return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
-+ }
-+
- /* set-up our fake chunk so that we can process it */
- auth.skb = chunk->auth_chunk;
- auth.asoc = chunk->asoc;
---
-1.9.1
-
diff --git a/recipes-kernel/linux/linux-qoriq_3.12.bb b/recipes-kernel/linux/linux-qoriq_4.1.bb
similarity index 87%
rename from recipes-kernel/linux/linux-qoriq_3.12.bb
rename to recipes-kernel/linux/linux-qoriq_4.1.bb
index 533225d..87eebbc 100644
--- a/recipes-kernel/linux/linux-qoriq_3.12.bb
+++ b/recipes-kernel/linux/linux-qoriq_4.1.bb
@@ -6,14 +6,11 @@ SECTION = "kernel"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=d7810fab7487fb0aad327b76f1be7cd7"
-SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;branch=sdk-v1.9.x \
+SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;branch=sdk-v2.0.x \
file://modify-defconfig-t1040-nr-cpus.patch \
- file://net-sctp-CVE-2014-0101.patch \
- file://0001-powerpc-Align-TOC-to-256-bytes.patch \
file://fix-the-compile-issue-under-gcc6.patch \
- file://module-remove-MODULE_GENERIC_TABLE.patch \
"
-SRCREV = "43cecda943a6c40a833b588801b0929e8bd48813"
+SRCREV = "bd51baffc04ecc73f933aee1c3a37c8b44b889a7"
KSRC ?= ""
S = '${@base_conditional("KSRC", "", "${WORKDIR}/git", "${KSRC}", d)}'
@@ -39,7 +36,7 @@ do_configure_prepend() {
${S}/scripts/kconfig/merge_config.sh -m .config ${WORKDIR}/${deltacfg}
elif [ -f "${S}/arch/${ARCH}/configs/${deltacfg}" ]; then
${S}/scripts/kconfig/merge_config.sh -m .config \
- ${S}/arch/powerpc/configs/${deltacfg}
+ ${S}/arch/${ARCH}/configs/${deltacfg}
fi
done
--
1.9.2
More information about the meta-freescale
mailing list