a30370bbf1
Refresh patches. Remove upstreamed patches: target/linux/generic/patches-4.4/030-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch target/linux/generic/patches-4.4/030-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch target/linux/generic/patches-4.4/030-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch target/linux/generic/patches-4.4/030-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch CVEs completely or partially addressed: CVE-2017-5715 CVE-2017-5753 CVE-2017-17741 CVE-2017-1000410 Compile-tested: ar71xx Archer C7 v2 Run-tested: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
385 lines
11 KiB
Diff
385 lines
11 KiB
Diff
--- a/fs/locks.c
|
|
+++ b/fs/locks.c
|
|
@@ -2716,6 +2716,8 @@ static const struct file_operations proc
|
|
|
|
static int __init proc_locks_init(void)
|
|
{
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ return 0;
|
|
proc_create("locks", 0, NULL, &proc_locks_operations);
|
|
return 0;
|
|
}
|
|
--- a/fs/proc/Kconfig
|
|
+++ b/fs/proc/Kconfig
|
|
@@ -81,3 +81,8 @@ config PROC_CHILDREN
|
|
|
|
Say Y if you are running any user-space software which takes benefit from
|
|
this interface. For example, rkt is such a piece of software.
|
|
+
|
|
+config PROC_STRIPPED
|
|
+ default n
|
|
+ depends on EXPERT
|
|
+ bool "Strip non-essential /proc functionality to reduce code size"
|
|
--- a/fs/proc/consoles.c
|
|
+++ b/fs/proc/consoles.c
|
|
@@ -106,6 +106,9 @@ static const struct file_operations proc
|
|
|
|
static int __init proc_consoles_init(void)
|
|
{
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ return 0;
|
|
+
|
|
proc_create("consoles", 0, NULL, &proc_consoles_operations);
|
|
return 0;
|
|
}
|
|
--- a/fs/proc/proc_tty.c
|
|
+++ b/fs/proc/proc_tty.c
|
|
@@ -144,7 +144,10 @@ static const struct file_operations proc
|
|
void proc_tty_register_driver(struct tty_driver *driver)
|
|
{
|
|
struct proc_dir_entry *ent;
|
|
-
|
|
+
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ return;
|
|
+
|
|
if (!driver->driver_name || driver->proc_entry ||
|
|
!driver->ops->proc_fops)
|
|
return;
|
|
@@ -161,6 +164,9 @@ void proc_tty_unregister_driver(struct t
|
|
{
|
|
struct proc_dir_entry *ent;
|
|
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ return;
|
|
+
|
|
ent = driver->proc_entry;
|
|
if (!ent)
|
|
return;
|
|
@@ -175,6 +181,9 @@ void proc_tty_unregister_driver(struct t
|
|
*/
|
|
void __init proc_tty_init(void)
|
|
{
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ return;
|
|
+
|
|
if (!proc_mkdir("tty", NULL))
|
|
return;
|
|
proc_mkdir("tty/ldisc", NULL); /* Preserved: it's userspace visible */
|
|
--- a/kernel/exec_domain.c
|
|
+++ b/kernel/exec_domain.c
|
|
@@ -41,6 +41,8 @@ static const struct file_operations exec
|
|
|
|
static int __init proc_execdomains_init(void)
|
|
{
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ return 0;
|
|
proc_create("execdomains", 0, NULL, &execdomains_proc_fops);
|
|
return 0;
|
|
}
|
|
--- a/kernel/irq/proc.c
|
|
+++ b/kernel/irq/proc.c
|
|
@@ -327,6 +327,9 @@ void register_irq_proc(unsigned int irq,
|
|
static DEFINE_MUTEX(register_lock);
|
|
char name [MAX_NAMELEN];
|
|
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED) && !IS_ENABLED(CONFIG_SMP))
|
|
+ return;
|
|
+
|
|
if (!root_irq_dir || (desc->irq_data.chip == &no_irq_chip))
|
|
return;
|
|
|
|
@@ -376,6 +379,9 @@ void unregister_irq_proc(unsigned int ir
|
|
{
|
|
char name [MAX_NAMELEN];
|
|
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED) && !IS_ENABLED(CONFIG_SMP))
|
|
+ return;
|
|
+
|
|
if (!root_irq_dir || !desc->dir)
|
|
return;
|
|
#ifdef CONFIG_SMP
|
|
@@ -411,6 +417,9 @@ void init_irq_proc(void)
|
|
unsigned int irq;
|
|
struct irq_desc *desc;
|
|
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED) && !IS_ENABLED(CONFIG_SMP))
|
|
+ return;
|
|
+
|
|
/* create /proc/irq */
|
|
root_irq_dir = proc_mkdir("irq", NULL);
|
|
if (!root_irq_dir)
|
|
--- a/kernel/time/timer_list.c
|
|
+++ b/kernel/time/timer_list.c
|
|
@@ -393,6 +393,8 @@ static int __init init_timer_list_procfs
|
|
{
|
|
struct proc_dir_entry *pe;
|
|
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ return 0;
|
|
pe = proc_create("timer_list", 0444, NULL, &timer_list_fops);
|
|
if (!pe)
|
|
return -ENOMEM;
|
|
--- a/mm/vmalloc.c
|
|
+++ b/mm/vmalloc.c
|
|
@@ -2684,6 +2684,8 @@ static const struct file_operations proc
|
|
|
|
static int __init proc_vmalloc_init(void)
|
|
{
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ return 0;
|
|
proc_create("vmallocinfo", S_IRUSR, NULL, &proc_vmalloc_operations);
|
|
return 0;
|
|
}
|
|
--- a/mm/vmstat.c
|
|
+++ b/mm/vmstat.c
|
|
@@ -1558,10 +1558,12 @@ static int __init setup_vmstat(void)
|
|
cpu_notifier_register_done();
|
|
#endif
|
|
#ifdef CONFIG_PROC_FS
|
|
- proc_create("buddyinfo", S_IRUGO, NULL, &fragmentation_file_operations);
|
|
- proc_create("pagetypeinfo", S_IRUGO, NULL, &pagetypeinfo_file_ops);
|
|
+ if (!IS_ENABLED(CONFIG_PROC_STRIPPED)) {
|
|
+ proc_create("buddyinfo", S_IRUGO, NULL, &fragmentation_file_operations);
|
|
+ proc_create("pagetypeinfo", S_IRUGO, NULL, &pagetypeinfo_file_ops);
|
|
+ proc_create("zoneinfo", S_IRUGO, NULL, &proc_zoneinfo_file_operations);
|
|
+ }
|
|
proc_create("vmstat", S_IRUGO, NULL, &proc_vmstat_file_operations);
|
|
- proc_create("zoneinfo", S_IRUGO, NULL, &proc_zoneinfo_file_operations);
|
|
#endif
|
|
return 0;
|
|
}
|
|
--- a/net/8021q/vlanproc.c
|
|
+++ b/net/8021q/vlanproc.c
|
|
@@ -127,6 +127,9 @@ void vlan_proc_cleanup(struct net *net)
|
|
{
|
|
struct vlan_net *vn = net_generic(net, vlan_net_id);
|
|
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ return;
|
|
+
|
|
if (vn->proc_vlan_conf)
|
|
remove_proc_entry(name_conf, vn->proc_vlan_dir);
|
|
|
|
@@ -146,6 +149,9 @@ int __net_init vlan_proc_init(struct net
|
|
{
|
|
struct vlan_net *vn = net_generic(net, vlan_net_id);
|
|
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ return 0;
|
|
+
|
|
vn->proc_vlan_dir = proc_net_mkdir(net, name_root, net->proc_net);
|
|
if (!vn->proc_vlan_dir)
|
|
goto err;
|
|
--- a/net/core/sock.c
|
|
+++ b/net/core/sock.c
|
|
@@ -3044,6 +3044,8 @@ static __net_initdata struct pernet_oper
|
|
|
|
static int __init proto_init(void)
|
|
{
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ return 0;
|
|
return register_pernet_subsys(&proto_net_ops);
|
|
}
|
|
|
|
--- a/net/ipv4/fib_trie.c
|
|
+++ b/net/ipv4/fib_trie.c
|
|
@@ -2641,10 +2641,12 @@ static const struct file_operations fib_
|
|
|
|
int __net_init fib_proc_init(struct net *net)
|
|
{
|
|
- if (!proc_create("fib_trie", S_IRUGO, net->proc_net, &fib_trie_fops))
|
|
+ if (!IS_ENABLED(CONFIG_PROC_STRIPPED) &&
|
|
+ !proc_create("fib_trie", S_IRUGO, net->proc_net, &fib_trie_fops))
|
|
goto out1;
|
|
|
|
- if (!proc_create("fib_triestat", S_IRUGO, net->proc_net,
|
|
+ if (!IS_ENABLED(CONFIG_PROC_STRIPPED) &&
|
|
+ !proc_create("fib_triestat", S_IRUGO, net->proc_net,
|
|
&fib_triestat_fops))
|
|
goto out2;
|
|
|
|
@@ -2654,17 +2656,21 @@ int __net_init fib_proc_init(struct net
|
|
return 0;
|
|
|
|
out3:
|
|
- remove_proc_entry("fib_triestat", net->proc_net);
|
|
+ if (!IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ remove_proc_entry("fib_triestat", net->proc_net);
|
|
out2:
|
|
- remove_proc_entry("fib_trie", net->proc_net);
|
|
+ if (!IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ remove_proc_entry("fib_trie", net->proc_net);
|
|
out1:
|
|
return -ENOMEM;
|
|
}
|
|
|
|
void __net_exit fib_proc_exit(struct net *net)
|
|
{
|
|
- remove_proc_entry("fib_trie", net->proc_net);
|
|
- remove_proc_entry("fib_triestat", net->proc_net);
|
|
+ if (!IS_ENABLED(CONFIG_PROC_STRIPPED)) {
|
|
+ remove_proc_entry("fib_trie", net->proc_net);
|
|
+ remove_proc_entry("fib_triestat", net->proc_net);
|
|
+ }
|
|
remove_proc_entry("route", net->proc_net);
|
|
}
|
|
|
|
--- a/net/ipv4/proc.c
|
|
+++ b/net/ipv4/proc.c
|
|
@@ -539,6 +539,9 @@ static __net_initdata struct pernet_oper
|
|
|
|
int __init ip_misc_proc_init(void)
|
|
{
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ return 0;
|
|
+
|
|
return register_pernet_subsys(&ip_proc_ops);
|
|
}
|
|
|
|
--- a/net/ipv4/route.c
|
|
+++ b/net/ipv4/route.c
|
|
@@ -420,6 +420,9 @@ static struct pernet_operations ip_rt_pr
|
|
|
|
static int __init ip_rt_proc_init(void)
|
|
{
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ return 0;
|
|
+
|
|
return register_pernet_subsys(&ip_rt_proc_ops);
|
|
}
|
|
|
|
--- a/ipc/msg.c
|
|
+++ b/ipc/msg.c
|
|
@@ -1068,6 +1068,9 @@ void __init msg_init(void)
|
|
{
|
|
msg_init_ns(&init_ipc_ns);
|
|
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ return;
|
|
+
|
|
ipc_init_proc_interface("sysvipc/msg",
|
|
" key msqid perms cbytes qnum lspid lrpid uid gid cuid cgid stime rtime ctime\n",
|
|
IPC_MSG_IDS, sysvipc_msg_proc_show);
|
|
--- a/ipc/sem.c
|
|
+++ b/ipc/sem.c
|
|
@@ -198,6 +198,8 @@ void sem_exit_ns(struct ipc_namespace *n
|
|
void __init sem_init(void)
|
|
{
|
|
sem_init_ns(&init_ipc_ns);
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ return;
|
|
ipc_init_proc_interface("sysvipc/sem",
|
|
" key semid perms nsems uid gid cuid cgid otime ctime\n",
|
|
IPC_SEM_IDS, sysvipc_sem_proc_show);
|
|
--- a/ipc/shm.c
|
|
+++ b/ipc/shm.c
|
|
@@ -118,6 +118,8 @@ pure_initcall(ipc_ns_init);
|
|
|
|
void __init shm_init(void)
|
|
{
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ return;
|
|
ipc_init_proc_interface("sysvipc/shm",
|
|
#if BITS_PER_LONG <= 32
|
|
" key shmid perms size cpid lpid nattch uid gid cuid cgid atime dtime ctime rss swap\n",
|
|
--- a/ipc/util.c
|
|
+++ b/ipc/util.c
|
|
@@ -121,6 +121,9 @@ void __init ipc_init_proc_interface(cons
|
|
struct proc_dir_entry *pde;
|
|
struct ipc_proc_iface *iface;
|
|
|
|
+ if (IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ return;
|
|
+
|
|
iface = kmalloc(sizeof(*iface), GFP_KERNEL);
|
|
if (!iface)
|
|
return;
|
|
--- a/net/core/net-procfs.c
|
|
+++ b/net/core/net-procfs.c
|
|
@@ -318,10 +318,12 @@ static int __net_init dev_proc_net_init(
|
|
|
|
if (!proc_create("dev", S_IRUGO, net->proc_net, &dev_seq_fops))
|
|
goto out;
|
|
- if (!proc_create("softnet_stat", S_IRUGO, net->proc_net,
|
|
+ if (!IS_ENABLED(CONFIG_PROC_STRIPPED) &&
|
|
+ !proc_create("softnet_stat", S_IRUGO, net->proc_net,
|
|
&softnet_seq_fops))
|
|
goto out_dev;
|
|
- if (!proc_create("ptype", S_IRUGO, net->proc_net, &ptype_seq_fops))
|
|
+ if (!IS_ENABLED(CONFIG_PROC_STRIPPED) &&
|
|
+ !proc_create("ptype", S_IRUGO, net->proc_net, &ptype_seq_fops))
|
|
goto out_softnet;
|
|
|
|
if (wext_proc_init(net))
|
|
@@ -330,9 +332,11 @@ static int __net_init dev_proc_net_init(
|
|
out:
|
|
return rc;
|
|
out_ptype:
|
|
- remove_proc_entry("ptype", net->proc_net);
|
|
+ if (!IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ remove_proc_entry("ptype", net->proc_net);
|
|
out_softnet:
|
|
- remove_proc_entry("softnet_stat", net->proc_net);
|
|
+ if (!IS_ENABLED(CONFIG_PROC_STRIPPED))
|
|
+ remove_proc_entry("softnet_stat", net->proc_net);
|
|
out_dev:
|
|
remove_proc_entry("dev", net->proc_net);
|
|
goto out;
|
|
@@ -342,8 +346,10 @@ static void __net_exit dev_proc_net_exit
|
|
{
|
|
wext_proc_exit(net);
|
|
|
|
- remove_proc_entry("ptype", net->proc_net);
|
|
- remove_proc_entry("softnet_stat", net->proc_net);
|
|
+ if (!IS_ENABLED(CONFIG_PROC_STRIPPED)) {
|
|
+ remove_proc_entry("ptype", net->proc_net);
|
|
+ remove_proc_entry("softnet_stat", net->proc_net);
|
|
+ }
|
|
remove_proc_entry("dev", net->proc_net);
|
|
}
|
|
|
|
--- a/include/net/snmp.h
|
|
+++ b/include/net/snmp.h
|
|
@@ -123,6 +123,30 @@ struct linux_xfrm_mib {
|
|
#define DECLARE_SNMP_STAT(type, name) \
|
|
extern __typeof__(type) __percpu *name
|
|
|
|
+#ifdef CONFIG_PROC_STRIPPED
|
|
+#define SNMP_INC_STATS_BH(mib, field) \
|
|
+ do { (void) mib->mibs[0]; } while(0)
|
|
+#define SNMP_INC_STATS_USER(mib, field) \
|
|
+ do { (void) mib->mibs[0]; } while(0)
|
|
+#define SNMP_INC_STATS_ATOMIC_LONG(mib, field) \
|
|
+ do { (void) mib->mibs[0]; } while(0)
|
|
+#define SNMP_INC_STATS(mib, field) \
|
|
+ do { (void) mib->mibs[0]; } while(0)
|
|
+#define SNMP_DEC_STATS(mib, field) \
|
|
+ do { (void) mib->mibs[0]; } while(0)
|
|
+#define SNMP_ADD_STATS_BH(mib, field, addend) \
|
|
+ do { (void) mib->mibs[0]; } while(0)
|
|
+#define SNMP_ADD_STATS_USER(mib, field, addend) \
|
|
+ do { (void) mib->mibs[0]; } while(0)
|
|
+#define SNMP_ADD_STATS(mib, field, addend) \
|
|
+ do { (void) mib->mibs[0]; } while(0)
|
|
+#define SNMP_UPD_PO_STATS(mib, basefield, addend) \
|
|
+ do { (void) mib->mibs[0]; } while(0)
|
|
+#define SNMP_UPD_PO_STATS_BH(mib, basefield, addend) \
|
|
+ do { (void) mib->mibs[0]; } while(0)
|
|
+
|
|
+#else
|
|
+
|
|
#define SNMP_INC_STATS_BH(mib, field) \
|
|
__this_cpu_inc(mib->mibs[field])
|
|
|
|
@@ -159,8 +183,9 @@ struct linux_xfrm_mib {
|
|
__this_cpu_add(ptr[basefield##OCTETS], addend); \
|
|
} while (0)
|
|
|
|
+#endif
|
|
|
|
-#if BITS_PER_LONG==32
|
|
+#if (BITS_PER_LONG==32) && !defined(CONFIG_PROC_STRIPPED)
|
|
|
|
#define SNMP_ADD_STATS64_BH(mib, field, addend) \
|
|
do { \
|