From 194fd44ead98035b72a40599458a505db29d9fab Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Fri, 8 Mar 2013 08:43:55 -0500 Subject: [PATCH] Linux v3.9-rc1-211-g47b3bc9 - Reenable debugging options. - CVE-2013-1828 sctp: SCTP_GET_ASSOC_STATS stack buffer overflow (rhbz 919315 919316) --- config-generic | 10 +- config-nodebug | 110 ++--- config-x86-generic | 2 +- efi-fixes.patch | 431 ------------------ ...on-VM-that-do-not-report-max-P-state.patch | 58 --- ...ate-Fix-intel_pstate_init-error-path.patch | 76 --- kernel.spec | 33 +- sources | 1 + x86-bootparams-dont-clear-efi_info.patch | 13 - 9 files changed, 72 insertions(+), 662 deletions(-) delete mode 100644 efi-fixes.patch delete mode 100644 intel-pstate-do-not-load-on-VM-that-do-not-report-max-P-state.patch delete mode 100644 intel_pstate-Fix-intel_pstate_init-error-path.patch delete mode 100644 x86-bootparams-dont-clear-efi_info.patch diff --git a/config-generic b/config-generic index 33d389002..599ffa376 100644 --- a/config-generic +++ b/config-generic @@ -1554,13 +1554,13 @@ CONFIG_B43_SDIO=y CONFIG_B43_BCMA=y # CONFIG_B43_BCMA_EXTRA is not set CONFIG_B43_BCMA_PIO=y -# CONFIG_B43_DEBUG is not set +CONFIG_B43_DEBUG=y CONFIG_B43_PHY_LP=y CONFIG_B43_PHY_N=y CONFIG_B43_PHY_HT=y # CONFIG_B43_FORCE_PIO is not set CONFIG_B43LEGACY=m -# CONFIG_B43LEGACY_DEBUG is not set +CONFIG_B43LEGACY_DEBUG=y CONFIG_B43LEGACY_DMA=y CONFIG_B43LEGACY_PIO=y CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y @@ -3197,7 +3197,7 @@ CONFIG_USB_STORAGE_REALTEK=m CONFIG_REALTEK_AUTOPM=y CONFIG_USB_STORAGE_ENE_UB6250=m # CONFIG_USB_LIBUSUAL is not set -# CONFIG_USB_UAS is not set +CONFIG_USB_UAS=m # @@ -3363,6 +3363,7 @@ CONFIG_USB_RTL8150=m CONFIG_USB_USBNET=m CONFIG_USB_SPEEDTOUCH=m CONFIG_USB_NET_AX8817X=m +CONFIG_USB_NET_AX88179_178A=m CONFIG_USB_NET_DM9601=m CONFIG_USB_NET_SMSC95XX=m CONFIG_USB_NET_GL620A=m @@ -3708,6 +3709,7 @@ CONFIG_DEBUG_FS=y # CONFIG_ADFS_FS is not set CONFIG_AFFS_FS=m CONFIG_ECRYPT_FS=m +# CONFIG_ECRYPT_FS_MESSAGING is not set CONFIG_HFS_FS=m CONFIG_HFSPLUS_FS=m CONFIG_BEFS_FS=m @@ -4187,7 +4189,7 @@ CONFIG_IBMASR=m CONFIG_PM_DEBUG=y CONFIG_PM_TRACE=y CONFIG_PM_TRACE_RTC=y -# CONFIG_PM_TEST_SUSPEND is not set +CONFIG_PM_TEST_SUSPEND=y CONFIG_PM_RUNTIME=y # CONFIG_PM_OPP is not set # CONFIG_PM_AUTOSLEEP is not set diff --git a/config-nodebug b/config-nodebug index aa7568c82..cfabd29c7 100644 --- a/config-nodebug +++ b/config-nodebug @@ -2,95 +2,95 @@ CONFIG_SND_VERBOSE_PRINTK=y CONFIG_SND_DEBUG=y CONFIG_SND_PCM_XRUN_DEBUG=y -# CONFIG_DEBUG_ATOMIC_SLEEP is not set +CONFIG_DEBUG_ATOMIC_SLEEP=y -# CONFIG_DEBUG_MUTEXES is not set -# CONFIG_DEBUG_RT_MUTEXES is not set -# CONFIG_DEBUG_LOCK_ALLOC is not set -# CONFIG_PROVE_LOCKING is not set -# CONFIG_DEBUG_SPINLOCK is not set -# CONFIG_PROVE_RCU is not set +CONFIG_DEBUG_MUTEXES=y +CONFIG_DEBUG_RT_MUTEXES=y +CONFIG_DEBUG_LOCK_ALLOC=y +CONFIG_PROVE_LOCKING=y +CONFIG_DEBUG_SPINLOCK=y +CONFIG_PROVE_RCU=y # CONFIG_PROVE_RCU_REPEATEDLY is not set -# CONFIG_DEBUG_PER_CPU_MAPS is not set +CONFIG_DEBUG_PER_CPU_MAPS=y CONFIG_CPUMASK_OFFSTACK=y -# CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set +CONFIG_CPU_NOTIFIER_ERROR_INJECT=m -# CONFIG_FAULT_INJECTION is not set -# CONFIG_FAILSLAB is not set -# CONFIG_FAIL_PAGE_ALLOC is not set -# CONFIG_FAIL_MAKE_REQUEST is not set -# CONFIG_FAULT_INJECTION_DEBUG_FS is not set -# CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is not set -# CONFIG_FAIL_IO_TIMEOUT is not set -# CONFIG_FAIL_MMC_REQUEST is not set +CONFIG_FAULT_INJECTION=y +CONFIG_FAILSLAB=y +CONFIG_FAIL_PAGE_ALLOC=y +CONFIG_FAIL_MAKE_REQUEST=y +CONFIG_FAULT_INJECTION_DEBUG_FS=y +CONFIG_FAULT_INJECTION_STACKTRACE_FILTER=y +CONFIG_FAIL_IO_TIMEOUT=y +CONFIG_FAIL_MMC_REQUEST=y -# CONFIG_SLUB_DEBUG_ON is not set +CONFIG_SLUB_DEBUG_ON=y -# CONFIG_LOCK_STAT is not set +CONFIG_LOCK_STAT=y -# CONFIG_DEBUG_STACK_USAGE is not set +CONFIG_DEBUG_STACK_USAGE=y -# CONFIG_ACPI_DEBUG is not set +CONFIG_ACPI_DEBUG=y # CONFIG_ACPI_DEBUG_FUNC_TRACE is not set -# CONFIG_DEBUG_SG is not set +CONFIG_DEBUG_SG=y # CONFIG_DEBUG_PAGEALLOC is not set -# CONFIG_DEBUG_WRITECOUNT is not set -# CONFIG_DEBUG_OBJECTS is not set +CONFIG_DEBUG_WRITECOUNT=y +CONFIG_DEBUG_OBJECTS=y # CONFIG_DEBUG_OBJECTS_SELFTEST is not set -# CONFIG_DEBUG_OBJECTS_FREE is not set -# CONFIG_DEBUG_OBJECTS_TIMERS is not set -# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set +CONFIG_DEBUG_OBJECTS_FREE=y +CONFIG_DEBUG_OBJECTS_TIMERS=y +CONFIG_DEBUG_OBJECTS_RCU_HEAD=y CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1 -# CONFIG_X86_PTDUMP is not set +CONFIG_X86_PTDUMP=y -# CONFIG_CAN_DEBUG_DEVICES is not set +CONFIG_CAN_DEBUG_DEVICES=y -# CONFIG_MODULE_FORCE_UNLOAD is not set +CONFIG_MODULE_FORCE_UNLOAD=y -# CONFIG_SYSCTL_SYSCALL_CHECK is not set +CONFIG_SYSCTL_SYSCALL_CHECK=y -# CONFIG_DEBUG_NOTIFIERS is not set +CONFIG_DEBUG_NOTIFIERS=y -# CONFIG_DMA_API_DEBUG is not set +CONFIG_DMA_API_DEBUG=y -# CONFIG_MMIOTRACE is not set +CONFIG_MMIOTRACE=y -# CONFIG_DEBUG_CREDENTIALS is not set +CONFIG_DEBUG_CREDENTIALS=y # off in both production debug and nodebug builds, # on in rawhide nodebug builds -# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +CONFIG_DEBUG_FORCE_WEAK_PER_CPU=y -# CONFIG_EXT4_DEBUG is not set +CONFIG_EXT4_DEBUG=y -# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +CONFIG_DEBUG_PERF_USE_VMALLOC=y -# CONFIG_JBD2_DEBUG is not set +CONFIG_JBD2_DEBUG=y -# CONFIG_NFSD_FAULT_INJECTION is not set +CONFIG_NFSD_FAULT_INJECTION=y -# CONFIG_DEBUG_BLK_CGROUP is not set +CONFIG_DEBUG_BLK_CGROUP=y -# CONFIG_DRBD_FAULT_INJECTION is not set +CONFIG_DRBD_FAULT_INJECTION=y -# CONFIG_ATH_DEBUG is not set -# CONFIG_CARL9170_DEBUGFS is not set -# CONFIG_IWLWIFI_DEVICE_TRACING is not set +CONFIG_ATH_DEBUG=y +CONFIG_CARL9170_DEBUGFS=y +CONFIG_IWLWIFI_DEVICE_TRACING=y -# CONFIG_DEBUG_OBJECTS_WORK is not set +CONFIG_DEBUG_OBJECTS_WORK=y -# CONFIG_DMADEVICES_DEBUG is not set -# CONFIG_DMADEVICES_VDEBUG is not set +CONFIG_DMADEVICES_DEBUG=y +CONFIG_DMADEVICES_VDEBUG=y CONFIG_PM_ADVANCED_DEBUG=y -# CONFIG_CEPH_LIB_PRETTYDEBUG is not set -# CONFIG_QUOTA_DEBUG is not set +CONFIG_CEPH_LIB_PRETTYDEBUG=y +CONFIG_QUOTA_DEBUG=y CONFIG_PCI_DEFAULT_USE_CRS=y @@ -98,16 +98,16 @@ CONFIG_KGDB_KDB=y CONFIG_KDB_KEYBOARD=y CONFIG_KDB_CONTINUE_CATASTROPHIC=0 -# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set -# CONFIG_TEST_LIST_SORT is not set +CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y +CONFIG_TEST_LIST_SORT=y -# CONFIG_DETECT_HUNG_TASK is not set +CONFIG_DETECT_HUNG_TASK=y CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 # CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set -# CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK is not set +CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y -# CONFIG_DEBUG_KMEMLEAK is not set +CONFIG_DEBUG_KMEMLEAK=y CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=1024 # CONFIG_DEBUG_KMEMLEAK_TEST is not set CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y diff --git a/config-x86-generic b/config-x86-generic index 226859b4e..cac1a3157 100644 --- a/config-x86-generic +++ b/config-x86-generic @@ -326,7 +326,7 @@ CONFIG_STRICT_DEVMEM=y # CONFIG_MEMTEST is not set # CONFIG_DEBUG_TLBFLUSH is not set -# CONFIG_MAXSMP is not set +CONFIG_MAXSMP=y CONFIG_HP_ILO=m diff --git a/efi-fixes.patch b/efi-fixes.patch deleted file mode 100644 index 6e1e8c176..000000000 --- a/efi-fixes.patch +++ /dev/null @@ -1,431 +0,0 @@ -From 74d5b500b0184d6ddf4e59328b50a9521c1cd1be Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Sat, 2 Mar 2013 19:40:17 -0500 -Subject: [PATCH 1/3] efi: be more paranoid about available space when creating - variables - -UEFI variables are typically stored in flash. For various reasons, avaiable -space is typically not reclaimed immediately upon the deletion of a -variable - instead, the system will garbage collect during initialisation -after a reboot. - -Some systems appear to handle this garbage collection extremely poorly, -failing if more than 50% of the system flash is in use. This can result in -the machine refusing to boot. The safest thing to do for the moment is to -forbid writes if they'd end up using more than half of the storage space. -We can make this more finegrained later if we come up with a method for -identifying the broken machines. - -Signed-off-by: Matthew Garrett -Cc: -Signed-off-by: Matt Fleming ---- - drivers/firmware/efivars.c | 106 +++++++++++++++++++++++++++++++++------------ - 1 file changed, 79 insertions(+), 27 deletions(-) - -diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c -index 7320bf8..0d50497 100644 ---- a/drivers/firmware/efivars.c -+++ b/drivers/firmware/efivars.c -@@ -426,6 +426,44 @@ get_var_data(struct efivars *efivars, struct efi_variable *var) - return status; - } - -+static efi_status_t -+check_var_size_locked(struct efivars *efivars, u32 attributes, -+ unsigned long size) -+{ -+ u64 storage_size, remaining_size, max_size; -+ efi_status_t status; -+ const struct efivar_operations *fops = efivars->ops; -+ -+ if (!efivars->ops->query_variable_info) -+ return EFI_UNSUPPORTED; -+ -+ status = fops->query_variable_info(attributes, &storage_size, -+ &remaining_size, &max_size); -+ -+ if (status != EFI_SUCCESS) -+ return status; -+ -+ if (!storage_size || size > remaining_size || size > max_size || -+ (remaining_size - size) < (storage_size / 2)) -+ return EFI_OUT_OF_RESOURCES; -+ -+ return status; -+} -+ -+ -+static efi_status_t -+check_var_size(struct efivars *efivars, u32 attributes, unsigned long size) -+{ -+ efi_status_t status; -+ unsigned long flags; -+ -+ spin_lock_irqsave(&efivars->lock, flags); -+ status = check_var_size_locked(efivars, attributes, size); -+ spin_unlock_irqrestore(&efivars->lock, flags); -+ -+ return status; -+} -+ - static ssize_t - efivar_guid_read(struct efivar_entry *entry, char *buf) - { -@@ -547,11 +585,16 @@ efivar_store_raw(struct efivar_entry *entry, const char *buf, size_t count) - } - - spin_lock_irq(&efivars->lock); -- status = efivars->ops->set_variable(new_var->VariableName, -- &new_var->VendorGuid, -- new_var->Attributes, -- new_var->DataSize, -- new_var->Data); -+ -+ status = check_var_size_locked(efivars, new_var->Attributes, -+ new_var->DataSize + utf16_strsize(new_var->VariableName, 1024)); -+ -+ if (status == EFI_SUCCESS || status == EFI_UNSUPPORTED) -+ status = efivars->ops->set_variable(new_var->VariableName, -+ &new_var->VendorGuid, -+ new_var->Attributes, -+ new_var->DataSize, -+ new_var->Data); - - spin_unlock_irq(&efivars->lock); - -@@ -702,8 +745,7 @@ static ssize_t efivarfs_file_write(struct file *file, - u32 attributes; - struct inode *inode = file->f_mapping->host; - unsigned long datasize = count - sizeof(attributes); -- unsigned long newdatasize; -- u64 storage_size, remaining_size, max_size; -+ unsigned long newdatasize, varsize; - ssize_t bytes = 0; - - if (count < sizeof(attributes)) -@@ -722,28 +764,18 @@ static ssize_t efivarfs_file_write(struct file *file, - * amounts of memory. Pick a default size of 64K if - * QueryVariableInfo() isn't supported by the firmware. - */ -- spin_lock_irq(&efivars->lock); - -- if (!efivars->ops->query_variable_info) -- status = EFI_UNSUPPORTED; -- else { -- const struct efivar_operations *fops = efivars->ops; -- status = fops->query_variable_info(attributes, &storage_size, -- &remaining_size, &max_size); -- } -- -- spin_unlock_irq(&efivars->lock); -+ varsize = datasize + utf16_strsize(var->var.VariableName, 1024); -+ status = check_var_size(efivars, attributes, varsize); - - if (status != EFI_SUCCESS) { - if (status != EFI_UNSUPPORTED) - return efi_status_to_err(status); - -- remaining_size = 65536; -+ if (datasize > 65536) -+ return -ENOSPC; - } - -- if (datasize > remaining_size) -- return -ENOSPC; -- - data = kmalloc(datasize, GFP_KERNEL); - if (!data) - return -ENOMEM; -@@ -765,6 +797,19 @@ static ssize_t efivarfs_file_write(struct file *file, - */ - spin_lock_irq(&efivars->lock); - -+ /* -+ * Ensure that the available space hasn't shrunk below the safe level -+ */ -+ -+ status = check_var_size_locked(efivars, attributes, varsize); -+ -+ if (status != EFI_SUCCESS && status != EFI_UNSUPPORTED) { -+ spin_unlock_irq(&efivars->lock); -+ kfree(data); -+ -+ return efi_status_to_err(status); -+ } -+ - status = efivars->ops->set_variable(var->var.VariableName, - &var->var.VendorGuid, - attributes, datasize, -@@ -1345,7 +1390,6 @@ static int efi_pstore_write(enum pstore_type_id type, - efi_guid_t vendor = LINUX_EFI_CRASH_GUID; - struct efivars *efivars = psi->data; - int i, ret = 0; -- u64 storage_space, remaining_space, max_variable_size; - efi_status_t status = EFI_NOT_FOUND; - unsigned long flags; - -@@ -1365,11 +1409,11 @@ static int efi_pstore_write(enum pstore_type_id type, - * size: a size of logging data - * DUMP_NAME_LEN * 2: a maximum size of variable name - */ -- status = efivars->ops->query_variable_info(PSTORE_EFI_ATTRIBUTES, -- &storage_space, -- &remaining_space, -- &max_variable_size); -- if (status || remaining_space < size + DUMP_NAME_LEN * 2) { -+ -+ status = check_var_size_locked(efivars, PSTORE_EFI_ATTRIBUTES, -+ size + DUMP_NAME_LEN * 2); -+ -+ if (status) { - spin_unlock_irqrestore(&efivars->lock, flags); - *id = part; - return -ENOSPC; -@@ -1544,6 +1588,14 @@ static ssize_t efivar_create(struct file *filp, struct kobject *kobj, - return -EINVAL; - } - -+ status = check_var_size_locked(efivars, new_var->Attributes, -+ new_var->DataSize + utf16_strsize(new_var->VariableName, 1024)); -+ -+ if (status && status != EFI_UNSUPPORTED) { -+ spin_unlock_irq(&efivars->lock); -+ return efi_status_to_err(status); -+ } -+ - /* now *really* create the variable via EFI */ - status = efivars->ops->set_variable(new_var->VariableName, - &new_var->VendorGuid, --- -1.8.1.2 - - -From 8200cc0633605f417a1f0c229772f9033d57ea0a Mon Sep 17 00:00:00 2001 -From: Matt Fleming -Date: Tue, 5 Mar 2013 07:40:16 +0000 -Subject: [PATCH 2/3] efivars: efivarfs_valid_name() should handle pstore - syntax - -Stricter validation was introduced with commit da27a24383b2b -("efivarfs: guid part of filenames are case-insensitive") and commit -47f531e8ba3b ("efivarfs: Validate filenames much more aggressively"), -which is necessary for the guid portion of efivarfs filenames, but we -don't need to be so strict with the first part, the variable name. The -UEFI specification doesn't impose any constraints on variable names -other than they be a NULL-terminated string. - -The above commits caused a regression that resulted in users seeing -the following message, - - $ sudo mount -v /sys/firmware/efi/efivars mount: Cannot allocate memory - -whenever pstore EFI variables were present in the variable store, -since their variable names failed to pass the following check, - - /* GUID should be right after the first '-' */ - if (s - 1 != strchr(str, '-')) - -as a typical pstore filename is of the form, dump-type0-10-1-. -The fix is trivial since the guid portion of the filename is GUID_LEN -bytes, we can use (len - GUID_LEN) to ensure the '-' character is -where we expect it to be. - -(The bogus ENOMEM error value will be fixed in a separate patch.) - -Reported-by: Joseph Yasi -Reported-by: Lingzhu Xiang -Cc: Josh Boyer -Cc: Jeremy Kerr -Cc: Matthew Garrett -Cc: -Signed-off-by: Matt Fleming ---- - drivers/firmware/efivars.c | 4 +- - tools/testing/selftests/efivarfs/efivarfs.sh | 59 ++++++++++++++++++++++++++++ - 2 files changed, 61 insertions(+), 2 deletions(-) - -diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c -index 0d50497..1b9a6e1 100644 ---- a/drivers/firmware/efivars.c -+++ b/drivers/firmware/efivars.c -@@ -974,8 +974,8 @@ static bool efivarfs_valid_name(const char *str, int len) - if (len < GUID_LEN + 2) - return false; - -- /* GUID should be right after the first '-' */ -- if (s - 1 != strchr(str, '-')) -+ /* GUID must be preceded by a '-' */ -+ if (*(s - 1) != '-') - return false; - - /* -diff --git a/tools/testing/selftests/efivarfs/efivarfs.sh b/tools/testing/selftests/efivarfs/efivarfs.sh -index 880cdd5..77edcdc 100644 ---- a/tools/testing/selftests/efivarfs/efivarfs.sh -+++ b/tools/testing/selftests/efivarfs/efivarfs.sh -@@ -125,6 +125,63 @@ test_open_unlink() - ./open-unlink $file - } - -+# test that we can create a range of filenames -+test_valid_filenames() -+{ -+ local attrs='\x07\x00\x00\x00' -+ local ret=0 -+ -+ local file_list="abc dump-type0-11-1-1362436005 1234 -" -+ for f in $file_list; do -+ local file=$efivarfs_mount/$f-$test_guid -+ -+ printf "$attrs\x00" > $file -+ -+ if [ ! -e $file ]; then -+ echo "$file could not be created" >&2 -+ ret=1 -+ else -+ rm $file -+ fi -+ done -+ -+ exit $ret -+} -+ -+test_invalid_filenames() -+{ -+ local attrs='\x07\x00\x00\x00' -+ local ret=0 -+ -+ local file_list=" -+ -1234-1234-1234-123456789abc -+ foo -+ foo-bar -+ -foo- -+ foo-barbazba-foob-foob-foob-foobarbazfoo -+ foo------------------------------------- -+ -12345678-1234-1234-1234-123456789abc -+ a-12345678=1234-1234-1234-123456789abc -+ a-12345678-1234=1234-1234-123456789abc -+ a-12345678-1234-1234=1234-123456789abc -+ a-12345678-1234-1234-1234=123456789abc -+ 1112345678-1234-1234-1234-123456789abc" -+ -+ for f in $file_list; do -+ local file=$efivarfs_mount/$f -+ -+ printf "$attrs\x00" 2>/dev/null > $file -+ -+ if [ -e $file ]; then -+ echo "Creating $file should have failed" >&2 -+ rm $file -+ ret=1 -+ fi -+ done -+ -+ exit $ret -+} -+ - check_prereqs - - rc=0 -@@ -135,5 +192,7 @@ run_test test_create_read - run_test test_delete - run_test test_zero_size_delete - run_test test_open_unlink -+run_test test_valid_filenames -+run_test test_invalid_filenames - - exit $rc --- -1.8.1.2 - - -From 396c0285825255c6e2549c9a6eec6c23a35c9f7f Mon Sep 17 00:00:00 2001 -From: Matt Fleming -Date: Tue, 5 Mar 2013 12:46:30 +0000 -Subject: [PATCH 3/3] efivarfs: return accurate error code in - efivarfs_fill_super() - -Joseph was hitting a failure case when mounting efivarfs which -resulted in an incorrect error message, - - $ sudo mount -v /sys/firmware/efi/efivars mount: Cannot allocate memory - -triggered when efivarfs_valid_name() returned -EINVAL. - -Make sure we pass accurate return values up the stack if -efivarfs_fill_super() fails to build inodes for EFI variables. - -Reported-by: Joseph Yasi -Reported-by: Lingzhu Xiang -Cc: Josh Boyer -Cc: Jeremy Kerr -Cc: Matthew Garrett -Cc: -Signed-off-by: Matt Fleming ---- - drivers/firmware/efivars.c | 20 +++++++++++++++----- - 1 file changed, 15 insertions(+), 5 deletions(-) - -diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c -index 1b9a6e1..bea32d1 100644 ---- a/drivers/firmware/efivars.c -+++ b/drivers/firmware/efivars.c -@@ -1163,15 +1163,22 @@ static struct dentry_operations efivarfs_d_ops = { - - static struct dentry *efivarfs_alloc_dentry(struct dentry *parent, char *name) - { -+ struct dentry *d; - struct qstr q; -+ int err; - - q.name = name; - q.len = strlen(name); - -- if (efivarfs_d_hash(NULL, NULL, &q)) -- return NULL; -+ err = efivarfs_d_hash(NULL, NULL, &q); -+ if (err) -+ return ERR_PTR(err); -+ -+ d = d_alloc(parent, &q); -+ if (d) -+ return d; - -- return d_alloc(parent, &q); -+ return ERR_PTR(-ENOMEM); - } - - static int efivarfs_fill_super(struct super_block *sb, void *data, int silent) -@@ -1181,6 +1188,7 @@ static int efivarfs_fill_super(struct super_block *sb, void *data, int silent) - struct efivar_entry *entry, *n; - struct efivars *efivars = &__efivars; - char *name; -+ int err = -ENOMEM; - - efivarfs_sb = sb; - -@@ -1231,8 +1239,10 @@ static int efivarfs_fill_super(struct super_block *sb, void *data, int silent) - goto fail_name; - - dentry = efivarfs_alloc_dentry(root, name); -- if (!dentry) -+ if (IS_ERR(dentry)) { -+ err = PTR_ERR(dentry); - goto fail_inode; -+ } - - /* copied by the above to local storage in the dentry. */ - kfree(name); -@@ -1259,7 +1269,7 @@ fail_inode: - fail_name: - kfree(name); - fail: -- return -ENOMEM; -+ return err; - } - - static struct dentry *efivarfs_mount(struct file_system_type *fs_type, --- -1.8.1.2 - diff --git a/intel-pstate-do-not-load-on-VM-that-do-not-report-max-P-state.patch b/intel-pstate-do-not-load-on-VM-that-do-not-report-max-P-state.patch deleted file mode 100644 index 814631704..000000000 --- a/intel-pstate-do-not-load-on-VM-that-do-not-report-max-P-state.patch +++ /dev/null @@ -1,58 +0,0 @@ -Hi Josh, - -Sorry for the slow resopnse you caught me on vacation :-) - -I do not have either of these VMs ATM to test against. The patch below -should solve the problem though It looks like the VM is returning zero -for the highest P state (frequency) MSR. The patch will have the driver refuse -to load and the system should fall through to one of the other configured -governors/ scaling drivers. - -Is it possible for tyou to test the patch below while I try to get a test setup -put together locally? - -Thanks in advance ---Dirk - -On 03/01/2013 06:13 AM, Josh Boyer wrote: -> Hi, -> -> We've had a report[1] that the intel_pstate driver will panic on boot -> under certain virtual machine environments. Thus far it seems VMWare -> and Hyper-V both see this. While this may be because of something those -> VMs are doing, the driver probably shouldn't cause a panic if it's -> getting some iffy data. -> -commit db138459876467dd1b4785ce2b35c9db31dab056 -Author: Dirk Brandewie -Date: Mon Mar 4 10:14:42 2013 -0800 - - cpufreq/intel_pstate: Do not load on VM that do not report max P state. - - It seems some VMs support the P state MSRs but return zeros. Fail - gracefully if we are running in this environment. - - https://bugzilla.redhat.com/show_bug.cgi?id=916833 - - Reported-by: jwboyer@redhat.com - - Signed-off-by: Dirk Brandewie ---- - drivers/cpufreq/intel_pstate.c | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) - - -diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c -index 096fde0..2bfd083 100644 ---- a/drivers/cpufreq/intel_pstate.c -+++ b/drivers/cpufreq/intel_pstate.c -@@ -662,6 +662,9 @@ static int intel_pstate_set_policy(struct cpufreq_policy *policy) - - cpu = all_cpu_data[policy->cpu]; - -+ if (!policy->cpuinfo.max_freq) -+ return -ENODEV; -+ - intel_pstate_get_min_max(cpu, &min, &max); - - limits.min_perf_pct = (policy->min * 100) / policy->cpuinfo.max_freq; diff --git a/intel_pstate-Fix-intel_pstate_init-error-path.patch b/intel_pstate-Fix-intel_pstate_init-error-path.patch deleted file mode 100644 index 21c759a9f..000000000 --- a/intel_pstate-Fix-intel_pstate_init-error-path.patch +++ /dev/null @@ -1,76 +0,0 @@ -From: Dirk Brandewie - -If cpufreq_register_driver() fails just free memory that has been -allocated and return. intel_pstate_exit() function is removed sine we -are built-in only now there is no reason for a module exit proceedure. - -Reported-by:Konrad Rzeszutek Wilk -Signed-off-by: Dirk Brandewie ---- - drivers/cpufreq/intel_pstate.c | 39 +++++++++++---------------------------- - 1 files changed, 11 insertions(+), 28 deletions(-) - -diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c -index 2bfd083..f6dd1e7 100644 ---- a/drivers/cpufreq/intel_pstate.c -+++ b/drivers/cpufreq/intel_pstate.c -@@ -750,37 +750,11 @@ static struct cpufreq_driver intel_pstate_driver = { - .owner = THIS_MODULE, - }; - --static void intel_pstate_exit(void) --{ -- int cpu; -- -- sysfs_remove_group(intel_pstate_kobject, -- &intel_pstate_attr_group); -- debugfs_remove_recursive(debugfs_parent); -- -- cpufreq_unregister_driver(&intel_pstate_driver); -- -- if (!all_cpu_data) -- return; -- -- get_online_cpus(); -- for_each_online_cpu(cpu) { -- if (all_cpu_data[cpu]) { -- del_timer_sync(&all_cpu_data[cpu]->timer); -- kfree(all_cpu_data[cpu]); -- } -- } -- -- put_online_cpus(); -- vfree(all_cpu_data); --} --module_exit(intel_pstate_exit); -- - static int __initdata no_load; - - static int __init intel_pstate_init(void) - { -- int rc = 0; -+ int cpu, rc = 0; - const struct x86_cpu_id *id; - - if (no_load) -@@ -805,7 +779,16 @@ static int __init intel_pstate_init(void) - intel_pstate_sysfs_expose_params(); - return rc; - out: -- intel_pstate_exit(); -+ get_online_cpus(); -+ for_each_online_cpu(cpu) { -+ if (all_cpu_data[cpu]) { -+ del_timer_sync(&all_cpu_data[cpu]->timer); -+ kfree(all_cpu_data[cpu]); -+ } -+ } -+ -+ put_online_cpus(); -+ vfree(all_cpu_data); - return -ENODEV; - } - device_initcall(intel_pstate_init); --- -1.7.7.6 - diff --git a/kernel.spec b/kernel.spec index 73c38437a..f790d97b5 100644 --- a/kernel.spec +++ b/kernel.spec @@ -62,7 +62,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 5 +%global baserelease 1 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -95,7 +95,7 @@ Summary: The Linux kernel # The rc snapshot level %define rcrev 1 # The git snapshot level -%define gitrev 0 +%define gitrev 1 # Set rpm version accordingly %define rpmversion 3.%{upstream_sublevel}.0 %endif @@ -157,7 +157,7 @@ Summary: The Linux kernel # Set debugbuildsenabled to 1 for production (build separate debug kernels) # and 0 for rawhide (all kernels are debug kernels). # See also 'make debug' and 'make release'. -%define debugbuildsenabled 1 +%define debugbuildsenabled 0 # Want to build a vanilla kernel build without any non-upstream patches? %define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0} @@ -170,7 +170,7 @@ Summary: The Linux kernel %define doc_build_fail true %endif -%define rawhide_skip_docs 0 +%define rawhide_skip_docs 1 %if 0%{?rawhide_skip_docs} %define with_doc 0 %define doc_build_fail true @@ -732,16 +732,6 @@ Patch21261: 0001-kmsg-Honor-dmesg_restrict-sysctl-on-dev-kmsg.patch #rhbz 914737 Patch21262: x86-mm-Fix-vmalloc_fault-oops-during-lazy-MMU-updates.patch -#rhbz 916833 -Patch21263: intel-pstate-do-not-load-on-VM-that-do-not-report-max-P-state.patch -Patch21264: intel_pstate-Fix-intel_pstate_init-error-path.patch - -#rhbz 917984 -Patch21265: efi-fixes.patch - -#rhbz 918408 -Patch21266: x86-bootparams-dont-clear-efi_info.patch - # CVE-2013-1792 rhbz 916646,919021 Patch21267: keys-fix-race-with-concurrent-install_user_keyrings.patch @@ -1369,9 +1359,6 @@ ApplyPatch crash-driver.patch # crypto/ -#rhbz 918408 -ApplyPatch x86-bootparams-dont-clear-efi_info.patch - # secure boot ApplyPatch devel-pekey-secure-boot-20130306.patch @@ -1437,13 +1424,6 @@ ApplyPatch 0001-kmsg-Honor-dmesg_restrict-sysctl-on-dev-kmsg.patch #rhbz 914737 ApplyPatch x86-mm-Fix-vmalloc_fault-oops-during-lazy-MMU-updates.patch -#rhbz 916833 -ApplyPatch intel-pstate-do-not-load-on-VM-that-do-not-report-max-P-state.patch -ApplyPatch intel_pstate-Fix-intel_pstate_init-error-path.patch - -#rhbz 917984 -ApplyPatch efi-fixes.patch - # CVE-2013-1792 rhbz 916646,919021 ApplyPatch keys-fix-race-with-concurrent-install_user_keyrings.patch @@ -2288,6 +2268,11 @@ fi # ||----w | # || || %changelog +* Fri Mar 08 2013 Josh Boyer - 3.9.0-0.rc1.git1.1 +- Linux v3.9-rc1-211-g47b3bc9 +- Reenable debugging options. +- CVE-2013-1828 sctp: SCTP_GET_ASSOC_STATS stack buffer overflow (rhbz 919315 919316) + * Thu Mar 07 2013 Josh Boyer - CVE-2013-1792 keys: race condition in install_user_keyrings (rhbz 916646 919021) diff --git a/sources b/sources index 6c47e55e6..741085e4c 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ 1c738edfc54e7c65faeb90c436104e2f linux-3.8.tar.xz 5c2d0b2d898deff74286daca6c49f565 patch-3.9-rc1.xz +09506cd4f47ded15a178bf787a2e3781 patch-3.9-rc1-git1.xz diff --git a/x86-bootparams-dont-clear-efi_info.patch b/x86-bootparams-dont-clear-efi_info.patch deleted file mode 100644 index 143931c5d..000000000 --- a/x86-bootparams-dont-clear-efi_info.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/arch/x86/include/asm/bootparam_utils.h b/arch/x86/include/asm/bootparam_utils.h -index 5b5e9cb..ae93f72 100644 ---- a/arch/x86/include/asm/bootparam_utils.h -+++ b/arch/x86/include/asm/bootparam_utils.h -@@ -20,7 +20,7 @@ static void sanitize_boot_params(struct boot_params *boot_params) - if (boot_params->sentinel) { - /*fields in boot_params are not valid, clear them */ - memset(&boot_params->olpc_ofw_header, 0, -- (char *)&boot_params->alt_mem_k - -+ (char *)&boot_params->efi_info - - (char *)&boot_params->olpc_ofw_header); - memset(&boot_params->kbd_status, 0, - (char *)&boot_params->hdr -