rpms
/
kernel
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge 4.3.3 from stabilization branch

This commit is contained in:
Josh Boyer 2016-01-05 14:56:17 -05:00
parent 44ce1614d8
commit 48f65f65ce
74 changed files with 1755 additions and 911 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
0001-KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch
View File

@ -1,76 +0,0 @@
From d856e14fb043b742f94170db36b812770a2591d0 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Thu, 15 Oct 2015 17:21:37 +0100
Subject: [PATCH 1/2] KEYS: Fix crash when attempt to garbage collect an
uninstantiated keyring
The following sequence of commands:
i=`keyctl add user a a @s`
keyctl request2 keyring foo bar @t
keyctl unlink $i @s
tries to invoke an upcall to instantiate a keyring if one doesn't already
exist by that name within the user's keyring set. However, if the upcall
fails, the code sets keyring->type_data.reject_error to -ENOKEY or some
other error code. When the key is garbage collected, the key destroy
function is called unconditionally and keyring_destroy() uses list_empty()
on keyring->type_data.link - which is in a union with reject_error.
Subsequently, the kernel tries to unlink the keyring from the keyring names
list - which oopses like this:
BUG: unable to handle kernel paging request at 00000000ffffff8a
IP: [<ffffffff8126e051>] keyring_destroy+0x3d/0x88
...
Workqueue: events key_garbage_collector
...
RIP: 0010:[<ffffffff8126e051>] keyring_destroy+0x3d/0x88
RSP: 0018:ffff88003e2f3d30 EFLAGS: 00010203
RAX: 00000000ffffff82 RBX: ffff88003bf1a900 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 000000003bfc6901 RDI: ffffffff81a73a40
RBP: ffff88003e2f3d38 R08: 0000000000000152 R09: 0000000000000000
R10: ffff88003e2f3c18 R11: 000000000000865b R12: ffff88003bf1a900
R13: 0000000000000000 R14: ffff88003bf1a908 R15: ffff88003e2f4000
...
CR2: 00000000ffffff8a CR3: 000000003e3ec000 CR4: 00000000000006f0
...
Call Trace:
[<ffffffff8126c756>] key_gc_unused_keys.constprop.1+0x5d/0x10f
[<ffffffff8126ca71>] key_garbage_collector+0x1fa/0x351
[<ffffffff8105ec9b>] process_one_work+0x28e/0x547
[<ffffffff8105fd17>] worker_thread+0x26e/0x361
[<ffffffff8105faa9>] ? rescuer_thread+0x2a8/0x2a8
[<ffffffff810648ad>] kthread+0xf3/0xfb
[<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2
[<ffffffff815f2ccf>] ret_from_fork+0x3f/0x70
[<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2
Note the value in RAX. This is a 32-bit representation of -ENOKEY.
The solution is to only call ->destroy() if the key was successfully
instantiated.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---
security/keys/gc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/security/keys/gc.c b/security/keys/gc.c
index c7952375ac53..11c36627adbf 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -149,7 +149,9 @@ static noinline void key_gc_unused_keys(struct list_head *keys)
atomic_dec(&key->user->nikeys);
/* now throw away the key memory */
- if (key->type->destroy)
+ if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags) &&
+ !test_bit(KEY_FLAG_NEGATIVE, &key->flags) &&
+ key->type->destroy)
key->type->destroy(key);
key_user_put(key->user);
--
2.4.3

169
0001-KVM-x86-build-kvm_userspace_memory_region-in-x86_set.patch
View File

@ -1,169 +0,0 @@
From 1d8007bdee074fdffcf3539492d8a151a1fb3436 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 12 Oct 2015 13:38:32 +0200
Subject: [PATCH] KVM: x86: build kvm_userspace_memory_region in
x86_set_memory_region
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The next patch will make x86_set_memory_region fill the
userspace_addr. Since the struct is not used untouched
anymore, it makes sense to build it in x86_set_memory_region
directly; it also simplifies the callers.
Reported-by: Alexandre DERUMIER <aderumier@odiso.com>
Cc: stable@vger.kernel.org
Fixes: 9da0e4d5ac969909f6b435ce28ea28135a9cbd69
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/include/asm/kvm_host.h | 6 ++----
arch/x86/kvm/vmx.c | 26 ++++++--------------------
arch/x86/kvm/x86.c | 31 +++++++++++++------------------
3 files changed, 21 insertions(+), 42 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 49ec903..4e7ad7e 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1199,9 +1199,7 @@ void kvm_complete_insn_gp(struct kvm_vcpu *vcpu, int err);
int kvm_is_in_guest(void);
-int __x86_set_memory_region(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem);
-int x86_set_memory_region(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem);
+int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size);
+int x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size);
#endif /* _ASM_X86_KVM_HOST_H */
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 18c30b4..8461e0c 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -4105,17 +4105,13 @@ static void seg_setup(int seg)
static int alloc_apic_access_page(struct kvm *kvm)
{
struct page *page;
- struct kvm_userspace_memory_region kvm_userspace_mem;
int r = 0;
mutex_lock(&kvm->slots_lock);
if (kvm->arch.apic_access_page_done)
goto out;
- kvm_userspace_mem.slot = APIC_ACCESS_PAGE_PRIVATE_MEMSLOT;
- kvm_userspace_mem.flags = 0;
- kvm_userspace_mem.guest_phys_addr = APIC_DEFAULT_PHYS_BASE;
- kvm_userspace_mem.memory_size = PAGE_SIZE;
- r = __x86_set_memory_region(kvm, &kvm_userspace_mem);
+ r = __x86_set_memory_region(kvm, APIC_ACCESS_PAGE_PRIVATE_MEMSLOT,
+ APIC_DEFAULT_PHYS_BASE, PAGE_SIZE);
if (r)
goto out;
@@ -4140,17 +4136,12 @@ static int alloc_identity_pagetable(struct kvm *kvm)
{
/* Called with kvm->slots_lock held. */
- struct kvm_userspace_memory_region kvm_userspace_mem;
int r = 0;
BUG_ON(kvm->arch.ept_identity_pagetable_done);
- kvm_userspace_mem.slot = IDENTITY_PAGETABLE_PRIVATE_MEMSLOT;
- kvm_userspace_mem.flags = 0;
- kvm_userspace_mem.guest_phys_addr =
- kvm->arch.ept_identity_map_addr;
- kvm_userspace_mem.memory_size = PAGE_SIZE;
- r = __x86_set_memory_region(kvm, &kvm_userspace_mem);
+ r = __x86_set_memory_region(kvm, IDENTITY_PAGETABLE_PRIVATE_MEMSLOT,
+ kvm->arch.ept_identity_map_addr, PAGE_SIZE);
return r;
}
@@ -4949,14 +4940,9 @@ static int vmx_interrupt_allowed(struct kvm_vcpu *vcpu)
static int vmx_set_tss_addr(struct kvm *kvm, unsigned int addr)
{
int ret;
- struct kvm_userspace_memory_region tss_mem = {
- .slot = TSS_PRIVATE_MEMSLOT,
- .guest_phys_addr = addr,
- .memory_size = PAGE_SIZE * 3,
- .flags = 0,
- };
- ret = x86_set_memory_region(kvm, &tss_mem);
+ ret = x86_set_memory_region(kvm, TSS_PRIVATE_MEMSLOT, addr,
+ PAGE_SIZE * 3);
if (ret)
return ret;
kvm->arch.tss_addr = addr;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 373328b..b12665b 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -7721,18 +7721,21 @@ void kvm_arch_sync_events(struct kvm *kvm)
kvm_free_pit(kvm);
}
-int __x86_set_memory_region(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem)
+int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
{
int i, r;
/* Called with kvm->slots_lock held. */
- BUG_ON(mem->slot >= KVM_MEM_SLOTS_NUM);
+ if (WARN_ON(id >= KVM_MEM_SLOTS_NUM))
+ return -EINVAL;
for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) {
- struct kvm_userspace_memory_region m = *mem;
+ struct kvm_userspace_memory_region m;
- m.slot |= i << 16;
+ m.slot = id | (i << 16);
+ m.flags = 0;
+ m.guest_phys_addr = gpa;
+ m.memory_size = size;
r = __kvm_set_memory_region(kvm, &m);
if (r < 0)
return r;
@@ -7742,13 +7745,12 @@ int __x86_set_memory_region(struct kvm *kvm,
}
EXPORT_SYMBOL_GPL(__x86_set_memory_region);
-int x86_set_memory_region(struct kvm *kvm,
- const struct kvm_userspace_memory_region *mem)
+int x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
{
int r;
mutex_lock(&kvm->slots_lock);
- r = __x86_set_memory_region(kvm, mem);
+ r = __x86_set_memory_region(kvm, id, gpa, size);
mutex_unlock(&kvm->slots_lock);
return r;
@@ -7763,16 +7765,9 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
* unless the the memory map has changed due to process exit
* or fd copying.
*/
- struct kvm_userspace_memory_region mem;
- memset(&mem, 0, sizeof(mem));
- mem.slot = APIC_ACCESS_PAGE_PRIVATE_MEMSLOT;
- x86_set_memory_region(kvm, &mem);
-
- mem.slot = IDENTITY_PAGETABLE_PRIVATE_MEMSLOT;
- x86_set_memory_region(kvm, &mem);
-
- mem.slot = TSS_PRIVATE_MEMSLOT;
- x86_set_memory_region(kvm, &mem);
+ x86_set_memory_region(kvm, APIC_ACCESS_PAGE_PRIVATE_MEMSLOT, 0, 0);
+ x86_set_memory_region(kvm, IDENTITY_PAGETABLE_PRIVATE_MEMSLOT, 0, 0);
+ x86_set_memory_region(kvm, TSS_PRIVATE_MEMSLOT, 0, 0);
}
kvm_iommu_unmap_guest(kvm);
kfree(kvm->arch.vpic);

91
0001-ipv6-Avoid-creating-RTF_CACHE-from-a-rt-that-is-not-.patch Normal file
View File

@ -0,0 +1,91 @@
From 0d3f6d297bfb7af24d0508460fdb3d1ec4903fa3 Mon Sep 17 00:00:00 2001
From: Martin KaFai Lau <kafai@fb.com>
Date: Wed, 11 Nov 2015 11:51:06 -0800
Subject: [PATCH] ipv6: Avoid creating RTF_CACHE from a rt that is not managed
by fib6 tree
The original bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1272571
The setup has a IPv4 GRE tunnel running in a IPSec. The bug
happens when ndisc starts sending router solicitation at the gre
interface. The simplified oops stack is like:
__lock_acquire+0x1b2/0x1c30
lock_acquire+0xb9/0x140
_raw_write_lock_bh+0x3f/0x50
__ip6_ins_rt+0x2e/0x60
ip6_ins_rt+0x49/0x50
~~~~~~~~
__ip6_rt_update_pmtu.part.54+0x145/0x250
ip6_rt_update_pmtu+0x2e/0x40
~~~~~~~~
ip_tunnel_xmit+0x1f1/0xf40
__gre_xmit+0x7a/0x90
ipgre_xmit+0x15a/0x220
dev_hard_start_xmit+0x2bd/0x480
__dev_queue_xmit+0x696/0x730
dev_queue_xmit+0x10/0x20
neigh_direct_output+0x11/0x20
ip6_finish_output2+0x21f/0x770
ip6_finish_output+0xa7/0x1d0
ip6_output+0x56/0x190
~~~~~~~~
ndisc_send_skb+0x1d9/0x400
ndisc_send_rs+0x88/0xc0
~~~~~~~~
The rt passed to ip6_rt_update_pmtu() is created by
icmp6_dst_alloc() and it is not managed by the fib6 tree,
so its rt6i_table == NULL. When __ip6_rt_update_pmtu() creates
a RTF_CACHE clone, the newly created clone also has rt6i_table == NULL
and it causes the ip6_ins_rt() oops.
During pmtu update, we only want to create a RTF_CACHE clone
from a rt which is currently managed (or owned) by the
fib6 tree. It means either rt->rt6i_node != NULL or
rt is a RTF_PCPU clone.
It is worth to note that rt6i_table may not be NULL even it is
not (yet) managed by the fib6 tree (e.g. addrconf_dst_alloc()).
Hence, rt6i_node is a better check instead of rt6i_table.
Fixes: 45e4fd26683c ("ipv6: Only create RTF_CACHE routes after encountering pmtu")
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Reported-by: Chris Siebenmann <cks-rhbugzilla@cs.toronto.edu>
Cc: Chris Siebenmann <cks-rhbugzilla@cs.toronto.edu>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/ipv6/route.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index c8bc9b4..74907c5 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1322,6 +1322,12 @@ static void rt6_do_update_pmtu(struct rt6_info *rt, u32 mtu)
rt6_update_expires(rt, net->ipv6.sysctl.ip6_rt_mtu_expires);
}
+static bool rt6_cache_allowed_for_pmtu(const struct rt6_info *rt)
+{
+ return !(rt->rt6i_flags & RTF_CACHE) &&
+ (rt->rt6i_flags & RTF_PCPU || rt->rt6i_node);
+}
+
static void __ip6_rt_update_pmtu(struct dst_entry *dst, const struct sock *sk,
const struct ipv6hdr *iph, u32 mtu)
{
@@ -1335,7 +1341,7 @@ static void __ip6_rt_update_pmtu(struct dst_entry *dst, const struct sock *sk,
if (mtu >= dst_mtu(dst))
return;
- if (rt6->rt6i_flags & RTF_CACHE) {
+ if (!rt6_cache_allowed_for_pmtu(rt6)) {
rt6_do_update_pmtu(rt6, mtu);
} else {
const struct in6_addr *daddr, *saddr;
--
2.5.0

63
0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch Normal file
View File

@ -0,0 +1,63 @@
From 721ebb3cf4788107424f92ac2da6cfce20c67297 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Sun, 1 Nov 2015 23:54:08 +0000
Subject: [PATCH] watchdog: omap_wdt: fix null pointer dereference
Fix issue from two patches overlapping causing a kernel oops
[ 3569.297449] Unable to handle kernel NULL pointer dereference at virtual address 00000088
[ 3569.306272] pgd = dc894000
[ 3569.309287] [00000088] *pgd=00000000
[ 3569.313104] Internal error: Oops: 5 [#1] SMP ARM
[ 3569.317986] Modules linked in: ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_filter ebtable_nat ebtable_broute bridge stp llc ebtables ip6table_security ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_filter ip6_tables iptable_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle musb_dsps cppi41 musb_hdrc phy_am335x udc_core phy_generic phy_am335x_control omap_sham omap_aes omap_rng omap_hwspinlock omap_mailbox hwspinlock_core musb_am335x omap_wdt at24 8250_omap leds_gpio cpufreq_dt smsc davinci_mdio mmc_block ti_cpsw cpsw_common ptp pps_core cpsw_ale davinci_cpdma omap_hsmmc omap_dma mmc_core i2c_dev
[ 3569.386293] CPU: 0 PID: 1429 Comm: wdctl Not tainted 4.3.0-0.rc7.git0.1.fc24.armv7hl #1
[ 3569.394740] Hardware name: Generic AM33XX (Flattened Device Tree)
[ 3569.401179] task: dbd11a00 ti: dbaac000 task.ti: dbaac000
[ 3569.406917] PC is at omap_wdt_get_timeleft+0xc/0x20 [omap_wdt]
[ 3569.413106] LR is at watchdog_ioctl+0x3cc/0x42c
[ 3569.417902] pc : [<bf0ab138>] lr : [<c0739c54>] psr: 600f0013
[ 3569.417902] sp : dbaadf18 ip : 00000003 fp : 7f5d3bbe
[ 3569.430014] r10: 00000000 r9 : 00000003 r8 : bef21ab8
[ 3569.435535] r7 : dbbc0f7c r6 : dbbc0f18 r5 : bef21ab8 r4 : 00000000
[ 3569.442427] r3 : 00000000 r2 : 00000000 r1 : 8004570a r0 : dbbc0f18
[ 3569.449323] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 3569.456858] Control: 10c5387d Table: 9c894019 DAC: 00000051
[ 3569.462927] Process wdctl (pid: 1429, stack limit = 0xdbaac220)
[ 3569.469179] Stack: (0xdbaadf18 to 0xdbaae000)
[ 3569.473790] df00: bef21ab8 dbf60e38
[ 3569.482441] df20: dc91b840 8004570a bef21ab8 c03988a4 dbaadf48 dc854000 00000000 dd313850
[ 3569.491092] df40: ddf033b8 0000570a dc91b80b dbaadf3c dbf60e38 00000020 c0df9250 c0df6c48
[ 3569.499741] df60: dc91b840 8004570a 00000000 dc91b840 dc91b840 8004570a bef21ab8 00000003
[ 3569.508389] df80: 00000000 c03989d4 bef21b74 7f5d3bad 00000003 00000036 c020fcc4 dbaac000
[ 3569.517037] dfa0: 00000000 c020fb00 bef21b74 7f5d3bad 00000003 8004570a bef21ab8 00000001
[ 3569.525685] dfc0: bef21b74 7f5d3bad 00000003 00000036 00000001 00000000 7f5e4eb0 7f5d3bbe
[ 3569.534334] dfe0: 7f5e4f10 bef21a3c 7f5d0a54 b6e97e0c a00f0010 00000003 00000000 00000000
[ 3569.543038] [<bf0ab138>] (omap_wdt_get_timeleft [omap_wdt]) from [<c0739c54>] (watchdog_ioctl+0x3cc/0x42c)
[ 3569.553266] [<c0739c54>] (watchdog_ioctl) from [<c03988a4>] (do_vfs_ioctl+0x5bc/0x698)
[ 3569.561648] [<c03988a4>] (do_vfs_ioctl) from [<c03989d4>] (SyS_ioctl+0x54/0x7c)
[ 3569.569400] [<c03989d4>] (SyS_ioctl) from [<c020fb00>] (ret_fast_syscall+0x0/0x3c)
[ 3569.577413] Code: e12fff1e e52de004 e8bd4000 e5903060 (e5933088)
[ 3569.584089] ---[ end trace cec3039bd3ae610a ]---
Cc: <stable@vger.kernel.org> # v4.2+
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
---
drivers/watchdog/omap_wdt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/watchdog/omap_wdt.c b/drivers/watchdog/omap_wdt.c
index d96bee0..6f17c93 100644
--- a/drivers/watchdog/omap_wdt.c
+++ b/drivers/watchdog/omap_wdt.c
@@ -205,7 +205,7 @@ static int omap_wdt_set_timeout(struct watchdog_device *wdog,
static unsigned int omap_wdt_get_timeleft(struct watchdog_device *wdog)
{
- struct omap_wdt_dev *wdev = watchdog_get_drvdata(wdog);
+ struct omap_wdt_dev *wdev = to_omap_wdt_dev(wdog);
void __iomem *base = wdev->base;
u32 value;
--
2.5.0

86
0001-x86-cpu-cacheinfo-Fix-teardown-path.patch Normal file
View File

@ -0,0 +1,86 @@
From 680ac028240f8747f31c03986fbcf18b2b521e93 Mon Sep 17 00:00:00 2001
From: Borislav Petkov <bp@suse.de>
Date: Mon, 27 Jul 2015 09:58:05 +0200
Subject: [PATCH] x86/cpu/cacheinfo: Fix teardown path
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Philip Müller reported a hang when booting 32-bit 4.1 kernel on
an AMD box. A fragment of the splat was enough to pinpoint the
issue:
task: f58e0000 ti: f58e8000 task.ti: f58e800
EIP: 0060:[<c135a903>] EFLAGS: 00010206 CPU: 0
EIP is at free_cache_attributes+0x83/0xd0
EAX: 00000001 EBX: f589d46c ECX: 00000090 EDX: 360c2000
ESI: 00000000 EDI: c1724a80 EBP: f58e9ec0 ESP: f58e9ea0
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
CR0: 8005003b CR2: 000000ac CR3: 01731000 CR4: 000006d0
cache_shared_cpu_map_setup() did check sibling CPUs cacheinfo
descriptor while the respective teardown path
cache_shared_cpu_map_remove() didn't. Fix that.
From tglx's version: to be on the safe side, move the cacheinfo
descriptor check to free_cache_attributes(), thus cleaning up
the hotplug path a little and making this even more robust.
Reported-by: Philip Müller <philm@manjaro.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: <stable@vger.kernel.org> # v4.1+
Cc: Andre Przywara <andre.przywara@arm.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sudeep Holla <sudeep.holla@arm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Cc: manjaro-dev@manjaro.org
Link: http://lkml.kernel.org/r/20150727075805.GA20416@nazgul.tnic
Link: https://lkml.kernel.org/r/55B47BB8.6080202@manjaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
drivers/base/cacheinfo.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/base/cacheinfo.c b/drivers/base/cacheinfo.c
index 764280a91776..e9fd32e91668 100644
--- a/drivers/base/cacheinfo.c
+++ b/drivers/base/cacheinfo.c
@@ -148,7 +148,11 @@ static void cache_shared_cpu_map_remove(unsigned int cpu)
if (sibling == cpu) /* skip itself */
continue;
+
sib_cpu_ci = get_cpu_cacheinfo(sibling);
+ if (!sib_cpu_ci->info_list)
+ continue;
+
sib_leaf = sib_cpu_ci->info_list + index;
cpumask_clear_cpu(cpu, &sib_leaf->shared_cpu_map);
cpumask_clear_cpu(sibling, &this_leaf->shared_cpu_map);
@@ -159,6 +163,9 @@ static void cache_shared_cpu_map_remove(unsigned int cpu)
static void free_cache_attributes(unsigned int cpu)
{
+ if (!per_cpu_cacheinfo(cpu))
+ return;
+
cache_shared_cpu_map_remove(cpu);
kfree(per_cpu_cacheinfo(cpu));
@@ -514,8 +521,7 @@ static int cacheinfo_cpu_callback(struct notifier_block *nfb,
break;
case CPU_DEAD:
cache_remove_dev(cpu);
- if (per_cpu_cacheinfo(cpu))
- free_cache_attributes(cpu);
+ free_cache_attributes(cpu);
break;
}
return notifier_from_errno(rc);
--
2.4.3

34
0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch
View File

@ -1,34 +0,0 @@
From 93f27344ac019135dd5ff31a518f1ef2d9e4e4a1 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Mon, 19 Oct 2015 11:33:38 +0100
Subject: [PATCH 2/2] KEYS: Don't permit request_key() to construct a new
keyring
If request_key() is used to find a keyring, only do the search part - don't
do the construction part if the keyring was not found by the search. We
don't really want keyrings in the negative instantiated state since the
rejected/negative instantiation error value in the payload is unioned with
keyring metadata.
Signed-off-by: David Howells <dhowells@redhat.com>
---
security/keys/request_key.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 486ef6fa393b..0d6253124278 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -440,6 +440,9 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx,
kenter("");
+ if (ctx->index_key.type == &key_type_keyring)
+ return ERR_PTR(-EPERM);
+
user = key_user_lookup(current_fsuid());
if (!user)
return ERR_PTR(-ENOMEM);
--
2.4.3

134
0002-KVM-x86-map-unmap-private-slots-in-__x86_set_memory_.patch
View File

@ -1,134 +0,0 @@
From f0d648bdf0a5bbc91da6099d5282f77996558ea4 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 12 Oct 2015 13:56:27 +0200
Subject: [PATCH] KVM: x86: map/unmap private slots in __x86_set_memory_region
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Otherwise, two copies (one of them never populated and thus bogus)
are allocated for the regular and SMM address spaces. This breaks
SMM with EPT but without unrestricted guest support, because the
SMM copy of the identity page map is all zeros.
By moving the allocation to the caller we also remove the last
vestiges of kernel-allocated memory regions (not accessible anymore
in userspace since commit b74a07beed0e, "KVM: Remove kernel-allocated
memory regions", 2010-06-21); that is a nice bonus.
Reported-by: Alexandre DERUMIER <aderumier@odiso.com>
Cc: stable@vger.kernel.org
Fixes: 9da0e4d5ac969909f6b435ce28ea28135a9cbd69
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/x86.c | 62 ++++++++++++++++++++++++++----------------------------
1 file changed, 30 insertions(+), 32 deletions(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 7bf8096..3ac33f8 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -7477,23 +7477,53 @@ void kvm_arch_sync_events(struct kvm *kvm)
int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
{
int i, r;
+ u64 hva;
+ struct kvm_memslots *slots = kvm_memslots(kvm);
+ struct kvm_memory_slot *slot, old;
/* Called with kvm->slots_lock held. */
if (WARN_ON(id >= KVM_MEM_SLOTS_NUM))
return -EINVAL;
+ slot = id_to_memslot(slots, id);
+ if (size) {
+ if (WARN_ON(slot->npages))
+ return -EEXIST;
+
+ /*
+ * MAP_SHARED to prevent internal slot pages from being moved
+ * by fork()/COW.
+ */
+ hva = vm_mmap(NULL, 0, size, PROT_READ | PROT_WRITE,
+ MAP_SHARED | MAP_ANONYMOUS, 0);
+ if (IS_ERR((void *)hva))
+ return PTR_ERR((void *)hva);
+ } else {
+ if (!slot->npages)
+ return 0;
+
+ hva = 0;
+ }
+
+ old = *slot;
for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) {
struct kvm_userspace_memory_region m;
m.slot = id | (i << 16);
m.flags = 0;
m.guest_phys_addr = gpa;
+ m.userspace_addr = hva;
m.memory_size = size;
r = __kvm_set_memory_region(kvm, &m);
if (r < 0)
return r;
}
+ if (!size) {
+ r = vm_munmap(old.userspace_addr, old.npages * PAGE_SIZE);
+ WARN_ON(r < 0);
+ }
+
return 0;
}
EXPORT_SYMBOL_GPL(__x86_set_memory_region);
@@ -7623,27 +7653,6 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
const struct kvm_userspace_memory_region *mem,
enum kvm_mr_change change)
{
- /*
- * Only private memory slots need to be mapped here since
- * KVM_SET_MEMORY_REGION ioctl is no longer supported.
- */
- if ((memslot->id >= KVM_USER_MEM_SLOTS) && (change == KVM_MR_CREATE)) {
- unsigned long userspace_addr;
-
- /*
- * MAP_SHARED to prevent internal slot pages from being moved
- * by fork()/COW.
- */
- userspace_addr = vm_mmap(NULL, 0, memslot->npages * PAGE_SIZE,
- PROT_READ | PROT_WRITE,
- MAP_SHARED | MAP_ANONYMOUS, 0);
-
- if (IS_ERR((void *)userspace_addr))
- return PTR_ERR((void *)userspace_addr);
-
- memslot->userspace_addr = userspace_addr;
- }
-
return 0;
}
@@ -7705,17 +7714,6 @@ void kvm_arch_commit_memory_region(struct kvm *kvm,
{
int nr_mmu_pages = 0;
- if (change == KVM_MR_DELETE && old->id >= KVM_USER_MEM_SLOTS) {
- int ret;
-
- ret = vm_munmap(old->userspace_addr,
- old->npages * PAGE_SIZE);
- if (ret < 0)
- printk(KERN_WARNING
- "kvm_vm_ioctl_set_memory_region: "
- "failed to munmap memory\n");
- }
-
if (!kvm->arch.n_requested_mmu_pages)
nr_mmu_pages = kvm_mmu_calculate_mmu_pages(kvm);
--
2.5.0

30
0003-KVM-x86-fix-previous-commit-for-32-bit.patch
View File

@ -1,30 +0,0 @@
From 25188b9986cf6b0cadcf1bc1d1693a2e9c50ed47 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Wed, 14 Oct 2015 15:51:08 +0200
Subject: [PATCH] KVM: x86: fix previous commit for 32-bit
Unfortunately I only noticed this after pushing.
Fixes: f0d648bdf0a5bbc91da6099d5282f77996558ea4
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/x86.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 6e03546..9a9a198 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -7482,7 +7482,7 @@ void kvm_arch_sync_events(struct kvm *kvm)
int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
{
int i, r;
- u64 hva;
+ unsigned long hva;
struct kvm_memslots *slots = kvm_memslots(kvm);
struct kvm_memory_slot *slot, old;
--
2.5.0

6
ACPI-Limit-access-to-custom_method.patch
View File

@ -1,6 +1,7 @@
From 4b85149b764cd024e3dd2aff9eb22a9e1aadd1fa Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 08:39:37 -0500
Subject: [PATCH] ACPI: Limit access to custom_method
Subject: [PATCH 04/20] ACPI: Limit access to custom_method
custom_method effectively allows arbitrary access to system memory, making
it possible for an attacker to circumvent restrictions on module loading.
@ -25,3 +26,6 @@ index c68e72414a67..4277938af700 100644
if (!(*ppos)) {
/* parse the table header to get the table length */
if (count <= sizeof(struct acpi_table_header))
--
2.4.3

6
Add-EFI-signature-data-types.patch
View File

@ -1,6 +1,7 @@
From 34e3e23e08fdccbf4637deab0cf03070d4f2226d Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:30:54 -0400
Subject: [PATCH] Add EFI signature data types
Subject: [PATCH 15/20] Add EFI signature data types
Add the data types that are used for containing hashes, keys and certificates
for cryptographic verification.
@ -51,3 +52,6 @@ index de3e45088d4a..fac43c611614 100644
/*
* All runtime access to EFI goes through this structure:
*/
--
2.4.3

8
Add-an-EFI-signature-blob-parser-and-key-loader.patch
View File

@ -1,6 +1,7 @@
From c279ba86f93cf6a75d078e2d0e3f59d4ba8a2dd0 Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:36:28 -0400
Subject: [PATCH] Add an EFI signature blob parser and key loader.
Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader.
X.509 certificates are loaded into the specified keyring as asymmetric type
keys.
@ -32,7 +33,7 @@ index 4870f28403f5..4a1b50d73b80 100644
+
endif # ASYMMETRIC_KEY_TYPE
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index e47fcd9ac5e8..6512f6596785 100644
index cd1406f9b14a..d9db380bbe53 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
@ -173,3 +174,6 @@ index fac43c611614..414c3c3d988d 100644
/**
* efi_range_is_wc - check the WC bit on an address range
* @start: starting kvirt address
--
2.4.3

32
Add-option-to-automatically-enforce-module-signature.patch
View File

@ -1,7 +1,8 @@
From 37431394b3eeb1ef6d38d0e6b2693210606c2c2c Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 18:36:30 -0400
Subject: [PATCH] Add option to automatically enforce module signatures when in
Secure Boot mode
Subject: [PATCH 10/20] Add option to automatically enforce module signatures
when in Secure Boot mode
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
only load signed bootloaders and kernels. Certain use cases may also
@ -20,10 +21,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
7 files changed, 69 insertions(+), 1 deletion(-)
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
index 82fbdbc1e0b0..a811210ad486 100644
index 95a4d34af3fd..b8527c6b7646 100644
--- a/Documentation/x86/zero-page.txt
+++ b/Documentation/x86/zero-page.txt
@@ -30,6 +30,8 @@ Offset Proto Name Meaning
@@ -31,6 +31,8 @@ Offset Proto Name Meaning
1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below)
1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer
(below)
@ -33,10 +34,10 @@ index 82fbdbc1e0b0..a811210ad486 100644
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
2D0/A00 ALL e820_map E820 memory map table
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 3dbb7e7909ca..4da6644b1fd0 100644
index cc0d73eac047..14db458f4774 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1703,6 +1703,16 @@ config EFI_MIXED
@@ -1734,6 +1734,16 @@ config EFI_MIXED
If unsure, say N.
@ -54,7 +55,7 @@ index 3dbb7e7909ca..4da6644b1fd0 100644
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index 2c82bd150d43..1ef8ea7f8ed9 100644
index ee1b6d346b98..b4de3faa3f29 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -12,6 +12,7 @@
@ -115,7 +116,7 @@ index 2c82bd150d43..1ef8ea7f8ed9 100644
setup_efi_pci(boot_params);
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
index ab456dc233b5..74ba4083e7ce 100644
index 329254373479..b61f8533c0fd 100644
--- a/arch/x86/include/uapi/asm/bootparam.h
+++ b/arch/x86/include/uapi/asm/bootparam.h
@@ -134,7 +134,8 @@ struct boot_params {
@ -129,10 +130,10 @@ index ab456dc233b5..74ba4083e7ce 100644
* The sentinel is set to a nonzero value (0xff) in header.S.
*
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 80f874bf999e..c2e4f52cad30 100644
index baadbf90a7c5..1ac118146e90 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1160,6 +1160,12 @@ void __init setup_arch(char **cmdline_p)
@@ -1135,6 +1135,12 @@ void __init setup_arch(char **cmdline_p)
io_delay_init();
@ -146,10 +147,10 @@ index 80f874bf999e..c2e4f52cad30 100644
* Parse the ACPI tables for possible boot-time SMP configuration.
*/
diff --git a/include/linux/module.h b/include/linux/module.h
index 57474384b66b..b69d657c3700 100644
index db386349cd01..4b8df91f03cd 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -189,6 +189,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
@@ -273,6 +273,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
struct notifier_block;
@ -163,10 +164,10 @@ index 57474384b66b..b69d657c3700 100644
extern int modules_disabled; /* for sysctl */
diff --git a/kernel/module.c b/kernel/module.c
index e9869c497175..87fa14fedc88 100644
index 7f045246e123..2b403ab0ef29 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4084,6 +4084,13 @@ void module_layout(struct module *mod,
@@ -4088,6 +4088,13 @@ void module_layout(struct module *mod,
EXPORT_SYMBOL(module_layout);
#endif
@ -180,3 +181,6 @@ index e9869c497175..87fa14fedc88 100644
bool secure_modules(void)
{
#ifdef CONFIG_MODULE_SIG
--
2.4.3

16
Add-secure_modules-call.patch
View File

@ -1,6 +1,7 @@
From a1aaf20cffb1a949c5d6b1198690c7c30cfda4d5 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 17:58:15 -0400
Subject: [PATCH] Add secure_modules() call
Subject: [PATCH 01/20] Add secure_modules() call
Provide a single call to allow kernel code to determine whether the system
has been configured to either disable module loading entirely or to load
@ -16,10 +17,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
2 files changed, 16 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index d67b1932cc59..57474384b66b 100644
index 3a19c79918e0..db386349cd01 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -551,6 +551,8 @@ static inline bool module_requested_async_probing(struct module *module)
@@ -635,6 +635,8 @@ static inline bool module_requested_async_probing(struct module *module)
return module && module->async_probe_requested;
}
@ -28,7 +29,7 @@ index d67b1932cc59..57474384b66b 100644
#else /* !CONFIG_MODULES... */
/* Given an address, look for it in the exception tables. */
@@ -667,6 +669,10 @@ static inline bool module_requested_async_probing(struct module *module)
@@ -751,6 +753,10 @@ static inline bool module_requested_async_probing(struct module *module)
return false;
}
@ -40,10 +41,10 @@ index d67b1932cc59..57474384b66b 100644
#ifdef CONFIG_SYSFS
diff --git a/kernel/module.c b/kernel/module.c
index 4d2b82e610e2..e9869c497175 100644
index b86b7bf1be38..7f045246e123 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4083,3 +4083,13 @@ void module_layout(struct module *mod,
@@ -4087,3 +4087,13 @@ void module_layout(struct module *mod,
}
EXPORT_SYMBOL(module_layout);
#endif
@ -57,3 +58,6 @@ index 4d2b82e610e2..e9869c497175 100644
+#endif
+}
+EXPORT_SYMBOL(secure_modules);
--
2.4.3

32
Add-sysrq-option-to-disable-secure-boot-mode.patch
View File

@ -1,6 +1,7 @@
From 16d2ba5d5bc46e67e6aa7a3d113fbcc18c217388 Mon Sep 17 00:00:00 2001
From: Kyle McMartin <kyle@redhat.com>
Date: Fri, 30 Aug 2013 09:28:51 -0400
Subject: [PATCH] Add sysrq option to disable secure boot mode
Subject: [PATCH 20/20] Add sysrq option to disable secure boot mode
Bugzilla: N/A
Upstream-status: Fedora mustard
@ -15,7 +16,7 @@ Upstream-status: Fedora mustard
7 files changed, 64 insertions(+), 9 deletions(-)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 5def6b4143fa..1eac9d22cb0b 100644
index f93826b8522c..41679b1aca83 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -70,6 +70,11 @@
@ -30,7 +31,7 @@ index 5def6b4143fa..1eac9d22cb0b 100644
#include <video/edid.h>
#include <asm/mtrr.h>
@@ -1286,6 +1291,37 @@ void __init i386_reserve_resources(void)
@@ -1261,6 +1266,37 @@ void __init i386_reserve_resources(void)
#endif /* CONFIG_X86_32 */
@ -69,10 +70,10 @@ index 5def6b4143fa..1eac9d22cb0b 100644
.notifier_call = dump_kernel_offset
};
diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
index 421e29e4cd81..61c1eb97806c 100644
index 345df9b03aed..dea6a6c4a39b 100644
--- a/drivers/input/misc/uinput.c
+++ b/drivers/input/misc/uinput.c
@@ -366,6 +366,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
@@ -364,6 +364,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
if (!udev->dev)
return -ENOMEM;
@ -81,10 +82,10 @@ index 421e29e4cd81..61c1eb97806c 100644
input_set_drvdata(udev->dev, udev);
diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
index b5b427888b24..289c7898a3b0 100644
index 95b330a9ea98..dfa3e154a719 100644
--- a/drivers/tty/sysrq.c
+++ b/drivers/tty/sysrq.c
@@ -465,6 +465,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
@@ -472,6 +472,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
/* x: May be registered on mips for TLB dump */
/* x: May be registered on ppc/powerpc for xmon */
/* x: May be registered on sparc64 for global PMU dump */
@ -92,7 +93,7 @@ index b5b427888b24..289c7898a3b0 100644
NULL, /* x */
/* y: May be registered on sparc64 for global register dump */
NULL, /* y */
@@ -508,7 +509,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
@@ -515,7 +516,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
sysrq_key_table[i] = op_p;
}
@ -101,7 +102,7 @@ index b5b427888b24..289c7898a3b0 100644
{
struct sysrq_key_op *op_p;
int orig_log_level;
@@ -528,11 +529,15 @@ void __handle_sysrq(int key, bool check_mask)
@@ -535,11 +536,15 @@ void __handle_sysrq(int key, bool check_mask)
op_p = __sysrq_get_key_op(key);
if (op_p) {
@ -118,7 +119,7 @@ index b5b427888b24..289c7898a3b0 100644
pr_cont("%s\n", op_p->action_msg);
console_loglevel = orig_log_level;
op_p->handler(key);
@@ -564,7 +569,7 @@ void __handle_sysrq(int key, bool check_mask)
@@ -571,7 +576,7 @@ void __handle_sysrq(int key, bool check_mask)
void handle_sysrq(int key)
{
if (sysrq_on())
@ -127,7 +128,7 @@ index b5b427888b24..289c7898a3b0 100644
}
EXPORT_SYMBOL(handle_sysrq);
@@ -645,7 +650,7 @@ static void sysrq_do_reset(unsigned long _state)
@@ -652,7 +657,7 @@ static void sysrq_do_reset(unsigned long _state)
static void sysrq_handle_reset_request(struct sysrq_state *state)
{
if (state->reset_requested)
@ -136,7 +137,7 @@ index b5b427888b24..289c7898a3b0 100644
if (sysrq_reset_downtime_ms)
mod_timer(&state->keyreset_timer,
@@ -796,8 +801,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
@@ -803,8 +808,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
default:
if (sysrq->active && value && value != 2) {
@ -148,7 +149,7 @@ index b5b427888b24..289c7898a3b0 100644
}
break;
}
@@ -1077,7 +1084,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
@@ -1084,7 +1091,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
if (get_user(c, buf))
return -EFAULT;
@ -228,7 +229,7 @@ index 4121345498e0..0ff3cef5df96 100644
return 0;
diff --git a/kernel/module.c b/kernel/module.c
index 87fa14fedc88..61385e686d49 100644
index 2b403ab0ef29..7818c110e95c 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -292,7 +292,7 @@ static void module_assert_mutex_or_preempt(void)
@ -240,3 +241,6 @@ index 87fa14fedc88..61385e686d49 100644
#ifndef CONFIG_MODULE_SIG_FORCE
module_param(sig_enforce, bool_enable_only, 0644);
#endif /* !CONFIG_MODULE_SIG_FORCE */
--
2.4.3

53
HID-hid-input-Fix-accessing-freed-memory-during-devi.patch Normal file
View File

@ -0,0 +1,53 @@
From 0621809e37936e7c2b3eac9165cf2aad7f9189eb Mon Sep 17 00:00:00 2001
From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Date: Mon, 3 Aug 2015 14:57:30 +0900
Subject: [PATCH] HID: hid-input: Fix accessing freed memory during device
disconnect
During unbinding the driver was dereferencing a pointer to memory
already freed by power_supply_unregister().
Driver was freeing its internal description of battery through pointers
stored in power_supply structure. However, because the core owns the
power supply instance, after calling power_supply_unregister() this
memory is freed and the driver cannot access these members.
Fix this by storing the pointer to internal description of battery in a
local variable before calling power_supply_unregister(), so the pointer
remains valid.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Reported-by: H.J. Lu <hjl.tools@gmail.com>
Fixes: 297d716f6260 ("power_supply: Change ownership from driver to core")
Cc: <stable@vger.kernel.org>
Reviewed-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.com>
---
drivers/hid/hid-input.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
index 3511bbab..e3c6364 100644
--- a/drivers/hid/hid-input.c
+++ b/drivers/hid/hid-input.c
@@ -462,12 +462,15 @@ out:
static void hidinput_cleanup_battery(struct hid_device *dev)
{
+ const struct power_supply_desc *psy_desc;
+
if (!dev->battery)
return;
+ psy_desc = dev->battery->desc;
power_supply_unregister(dev->battery);
- kfree(dev->battery->desc->name);
- kfree(dev->battery->desc);
+ kfree(psy_desc->name);
+ kfree(psy_desc);
dev->battery = NULL;
}
#else /* !CONFIG_HID_BATTERY_STRENGTH */
--
2.4.3

117
Initialize-msg-shm-IPC-objects-before-doing-ipc_addi.patch Normal file
View File

@ -0,0 +1,117 @@
From b9a532277938798b53178d5a66af6e2915cb27cf Mon Sep 17 00:00:00 2001
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Wed, 30 Sep 2015 12:48:40 -0400
Subject: [PATCH] Initialize msg/shm IPC objects before doing ipc_addid()
As reported by Dmitry Vyukov, we really shouldn't do ipc_addid() before
having initialized the IPC object state. Yes, we initialize the IPC
object in a locked state, but with all the lockless RCU lookup work,
that IPC object lock no longer means that the state cannot be seen.
We already did this for the IPC semaphore code (see commit e8577d1f0329:
"ipc/sem.c: fully initialize sem_array before making it visible") but we
clearly forgot about msg and shm.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Davidlohr Bueso <dbueso@suse.de>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
ipc/msg.c | 14 +++++++-------
ipc/shm.c | 13 +++++++------
ipc/util.c | 8 ++++----
3 files changed, 18 insertions(+), 17 deletions(-)
diff --git a/ipc/msg.c b/ipc/msg.c
index 66c4f567eb73..1471db9a7e61 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -137,13 +137,6 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
return retval;
}
- /* ipc_addid() locks msq upon success. */
- id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni);
- if (id < 0) {
- ipc_rcu_putref(msq, msg_rcu_free);
- return id;
- }
-
msq->q_stime = msq->q_rtime = 0;
msq->q_ctime = get_seconds();
msq->q_cbytes = msq->q_qnum = 0;
@@ -153,6 +146,13 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
INIT_LIST_HEAD(&msq->q_receivers);
INIT_LIST_HEAD(&msq->q_senders);
+ /* ipc_addid() locks msq upon success. */
+ id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni);
+ if (id < 0) {
+ ipc_rcu_putref(msq, msg_rcu_free);
+ return id;
+ }
+
ipc_unlock_object(&msq->q_perm);
rcu_read_unlock();
diff --git a/ipc/shm.c b/ipc/shm.c
index 222131e8e38f..41787276e141 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -551,12 +551,6 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
if (IS_ERR(file))
goto no_file;
- id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
- if (id < 0) {
- error = id;
- goto no_id;
- }
-
shp->shm_cprid = task_tgid_vnr(current);
shp->shm_lprid = 0;
shp->shm_atim = shp->shm_dtim = 0;
@@ -565,6 +559,13 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
shp->shm_nattch = 0;
shp->shm_file = file;
shp->shm_creator = current;
+
+ id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
+ if (id < 0) {
+ error = id;
+ goto no_id;
+ }
+
list_add(&shp->shm_clist, &current->sysvshm.shm_clist);
/*
diff --git a/ipc/util.c b/ipc/util.c
index be4230020a1f..0f401d94b7c6 100644
--- a/ipc/util.c
+++ b/ipc/util.c
@@ -237,6 +237,10 @@ int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int size)
rcu_read_lock();
spin_lock(&new->lock);
+ current_euid_egid(&euid, &egid);
+ new->cuid = new->uid = euid;
+ new->gid = new->cgid = egid;
+
id = idr_alloc(&ids->ipcs_idr, new,
(next_id < 0) ? 0 : ipcid_to_idx(next_id), 0,
GFP_NOWAIT);
@@ -249,10 +253,6 @@ int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int size)
ids->in_use++;
- current_euid_egid(&euid, &egid);
- new->cuid = new->uid = euid;
- new->gid = new->cgid = egid;
-
if (next_id < 0) {
new->seq = ids->seq++;
if (ids->seq > IPCID_SEQ_MAX)
--
2.4.3

127
KEYS-Add-a-system-blacklist-keyring.patch
View File

@ -1,6 +1,7 @@
From f630ce576114bfede02d8a0bafa97e4d6f978a74 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:36:24 -0400
Subject: [PATCH] KEYS: Add a system blacklist keyring
Subject: [PATCH 17/20] KEYS: Add a system blacklist keyring
This adds an additional keyring that is used to store certificates that
are blacklisted. This keyring is searched first when loading signed modules
@ -9,72 +10,15 @@ useful in cases where third party certificates are used for module signing.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
certs/system_keyring.c | 27 +++++++++++++++++++++++++++
include/keys/system_keyring.h | 4 ++++
init/Kconfig | 9 +++++++++
kernel/module_signing.c | 12 ++++++++++++
kernel/system_keyring.c | 17 +++++++++++++++++
4 files changed, 42 insertions(+)
3 files changed, 40 insertions(+)
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 72665eb80692..2c7b80d31366 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -28,4 +28,8 @@ static inline struct key *get_system_trusted_keyring(void)
}
#endif
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+extern struct key *system_blacklist_keyring;
+#endif
+
#endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/init/Kconfig b/init/Kconfig
index af09b4fb43d2..62f6fd191e4f 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1752,6 +1752,15 @@ config SYSTEM_TRUSTED_KEYRING
Keys in this keyring are used by module signature checking.
+config SYSTEM_BLACKLIST_KEYRING
+ bool "Provide system-wide ring of blacklisted keys"
+ depends on KEYS
+ help
+ Provide a system keyring to which blacklisted keys can be added.
+ Keys in the keyring are considered entirely untrusted. Keys in this
+ keyring are used by the module signature checking to reject loading
+ of modules signed with a blacklisted key.
+
config PROFILING
bool "Profiling support"
help
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index be5b8fac4bd0..fed815fcdaf2 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
pr_debug("Look up: \"%s\"\n", id);
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ key = keyring_search(make_key_ref(system_blacklist_keyring, 1),
+ &key_type_asymmetric, id);
+ if (!IS_ERR(key)) {
+ /* module is signed with a cert in the blacklist. reject */
+ pr_err("Module key '%s' is in blacklist\n", id);
+ key_ref_put(key);
+ kfree(id);
+ return ERR_PTR(-EKEYREJECTED);
+ }
+#endif
+
key = keyring_search(make_key_ref(system_trusted_keyring, 1),
&key_type_asymmetric, id);
if (IS_ERR(key))
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
index 875f64e8935b..c15e93f5a418 100644
--- a/kernel/system_keyring.c
+++ b/kernel/system_keyring.c
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 2570598b784d..53733822993f 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -20,6 +20,9 @@
struct key *system_trusted_keyring;
@ -90,7 +34,7 @@ index 875f64e8935b..c15e93f5a418 100644
set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
+
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
+ KUIDT_INIT(0), KGIDT_INIT(0),
+ current_cred(),
@ -106,3 +50,56 @@ index 875f64e8935b..c15e93f5a418 100644
return 0;
}
@@ -138,6 +155,16 @@ int system_verify_data(const void *data, unsigned long len,
if (ret < 0)
goto error;
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+ ret = pkcs7_validate_trust(pkcs7, system_blacklist_keyring, &trusted);
+ if (!ret) {
+ /* module is signed with a cert in the blacklist. reject */
+ pr_err("Module key is in the blacklist\n");
+ ret = -EKEYREJECTED;
+ goto error;
+ }
+#endif
+
ret = pkcs7_validate_trust(pkcs7, system_trusted_keyring, &trusted);
if (ret < 0)
goto error;
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index b20cd885c1fd..51d8ddc60e0f 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -35,4 +35,8 @@ extern int system_verify_data(const void *data, unsigned long len,
enum key_being_used_for usage);
#endif
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
+extern struct key *system_blacklist_keyring;
+#endif
+
#endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/init/Kconfig b/init/Kconfig
index 02da9f1fd9df..782d26f02885 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1783,6 +1783,15 @@ config SYSTEM_DATA_VERIFICATION
module verification, kexec image verification and firmware blob
verification.
+config SYSTEM_BLACKLIST_KEYRING
+ bool "Provide system-wide ring of blacklisted keys"
+ depends on KEYS
+ help
+ Provide a system keyring to which blacklisted keys can be added.
+ Keys in the keyring are considered entirely untrusted. Keys in this
+ keyring are used by the module signature checking to reject loading
+ of modules signed with a blacklisted key.
+
config PROFILING
bool "Profiling support"
help
--
2.4.3

92
KVM-x86-work-around-infinite-loop-in-microcode-when-.patch
View File

@ -1,92 +0,0 @@
From adceca1789584fe567828afb7246bd35a8549e94 Mon Sep 17 00:00:00 2001
From: Eric Northup <digitaleric@google.com>
Date: Tue, 10 Nov 2015 13:22:52 +0100
Subject: [PATCH 1/2] KVM: x86: work around infinite loop in microcode when #AC
is delivered
It was found that a guest can DoS a host by triggering an infinite
stream of "alignment check" (#AC) exceptions. This causes the
microcode to enter an infinite loop where the core never receives
another interrupt. The host kernel panics pretty quickly due to the
effects (CVE-2015-5307).
Signed-off-by: Eric Northup <digitaleric@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/include/uapi/asm/svm.h | 1 +
arch/x86/kvm/svm.c | 8 ++++++++
arch/x86/kvm/vmx.c | 5 ++++-
3 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h
index b5d7640abc5d..8a4add8e4639 100644
--- a/arch/x86/include/uapi/asm/svm.h
+++ b/arch/x86/include/uapi/asm/svm.h
@@ -100,6 +100,7 @@
{ SVM_EXIT_EXCP_BASE + UD_VECTOR, "UD excp" }, \
{ SVM_EXIT_EXCP_BASE + PF_VECTOR, "PF excp" }, \
{ SVM_EXIT_EXCP_BASE + NM_VECTOR, "NM excp" }, \
+ { SVM_EXIT_EXCP_BASE + AC_VECTOR, "AC excp" }, \
{ SVM_EXIT_EXCP_BASE + MC_VECTOR, "MC excp" }, \
{ SVM_EXIT_INTR, "interrupt" }, \
{ SVM_EXIT_NMI, "nmi" }, \
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index f2c8e4917688..7203b3cc71b5 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1110,6 +1110,7 @@ static void init_vmcb(struct vcpu_svm *svm)
set_exception_intercept(svm, PF_VECTOR);
set_exception_intercept(svm, UD_VECTOR);
set_exception_intercept(svm, MC_VECTOR);
+ set_exception_intercept(svm, AC_VECTOR);
set_intercept(svm, INTERCEPT_INTR);
set_intercept(svm, INTERCEPT_NMI);
@@ -1798,6 +1799,12 @@ static int ud_interception(struct vcpu_svm *svm)
return 1;
}
+static int ac_interception(struct vcpu_svm *svm)
+{
+ kvm_queue_exception_e(&svm->vcpu, AC_VECTOR, 0);
+ return 1;
+}
+
static void svm_fpu_activate(struct kvm_vcpu *vcpu)
{
struct vcpu_svm *svm = to_svm(vcpu);
@@ -3362,6 +3369,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = {
[SVM_EXIT_EXCP_BASE + PF_VECTOR] = pf_interception,
[SVM_EXIT_EXCP_BASE + NM_VECTOR] = nm_interception,
[SVM_EXIT_EXCP_BASE + MC_VECTOR] = mc_interception,
+ [SVM_EXIT_EXCP_BASE + AC_VECTOR] = ac_interception,
[SVM_EXIT_INTR] = intr_interception,
[SVM_EXIT_NMI] = nmi_interception,
[SVM_EXIT_SMI] = nop_on_interception,
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 5eb56ed77c1f..106aa940d3c0 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1631,7 +1631,7 @@ static void update_exception_bitmap(struct kvm_vcpu *vcpu)
u32 eb;
eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) |
- (1u << NM_VECTOR) | (1u << DB_VECTOR);
+ (1u << NM_VECTOR) | (1u << DB_VECTOR) | (1u << AC_VECTOR);
if ((vcpu->guest_debug &
(KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) ==
(KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP))
@@ -5266,6 +5266,9 @@ static int handle_exception(struct kvm_vcpu *vcpu)
return handle_rmode_exception(vcpu, ex_no, error_code);
switch (ex_no) {
+ case AC_VECTOR:
+ kvm_queue_exception_e(vcpu, AC_VECTOR, error_code);
+ return 1;
case DB_VECTOR:
dr6 = vmcs_readl(EXIT_QUALIFICATION);
if (!(vcpu->guest_debug &
--
2.4.3

34
MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
View File

@ -1,3 +1,4 @@
From 2246a781c8dbb1207a0b0abbfae201f998c3954b Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:42:16 -0400
Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot
@ -25,12 +26,12 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
create mode 100644 kernel/modsign_uefi.c
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 414c3c3d988d..d920a6be6c8b 100644
index 85ef051ac6fb..a042b2ece788 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -601,6 +601,12 @@ void efi_native_runtime_setup(void);
#define EFI_CERT_X509_GUID \
EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
@@ -600,6 +600,12 @@ typedef struct {
u64 table;
} efi_config_table_64_t;
+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
+ EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
@ -40,12 +41,12 @@ index 414c3c3d988d..d920a6be6c8b 100644
+
typedef struct {
efi_guid_t guid;
u64 table;
u32 table;
diff --git a/init/Kconfig b/init/Kconfig
index 62f6fd191e4f..648bb79d6b73 100644
index 02da9f1fd9df..90c73a0564b1 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1906,6 +1906,15 @@ config MODULE_SIG_ALL
@@ -1924,6 +1924,15 @@ config MODULE_SIG_ALL
comment "Do not forget to sign required modules with scripts/sign-file"
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
@ -62,26 +63,26 @@ index 62f6fd191e4f..648bb79d6b73 100644
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG
diff --git a/kernel/Makefile b/kernel/Makefile
index 43c4c920f30a..3193574387ac 100644
index d4988410b410..55e886239e7e 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -48,6 +48,7 @@ obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
@@ -47,6 +47,7 @@ endif
obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_MODULES) += module.o
obj-$(CONFIG_MODULE_SIG) += module_signing.o
+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
obj-$(CONFIG_KALLSYMS) += kallsyms.o
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
obj-$(CONFIG_KEXEC) += kexec.o
@@ -101,6 +102,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
obj-$(CONFIG_KEXEC_CORE) += kexec_core.o
@@ -103,6 +104,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
$(obj)/configs.o: $(obj)/config_data.h
obj-$(CONFIG_HAS_IOMEM) += memremap.o
+$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
+
$(obj)/configs.o: $(obj)/config_data.h
# config_data.h contains the same information as ikconfig.h but gzipped.
# Info from config_data can be extracted from /proc/config*
targets += config_data.gz
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
new file mode 100644
index 000000000000..94b0eb38a284
@ -180,3 +181,6 @@ index 000000000000..94b0eb38a284
+ return rc;
+}
+late_initcall(load_uefi_certs);
--
2.4.3

6
MODSIGN-Support-not-importing-certs-from-db.patch
View File

@ -1,6 +1,7 @@
From d7c9efa4ab647d6ccb617f2504e79a398d56f7d4 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Thu, 3 Oct 2013 10:14:23 -0400
Subject: [PATCH] MODSIGN: Support not importing certs from db
Subject: [PATCH 19/20] MODSIGN: Support not importing certs from db
If a user tells shim to not use the certs/hashes in the UEFI db variable
for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
@ -78,3 +79,6 @@ index 94b0eb38a284..ae28b974d49a 100644
}
mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
--
2.4.3

7
PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
View File

@ -1,6 +1,8 @@
From 655fbf360e1481db4f06001f893d388c15ac307f Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Thu, 8 Mar 2012 10:10:38 -0500
Subject: [PATCH] PCI: Lock down BAR access when module security is enabled
Subject: [PATCH 02/20] PCI: Lock down BAR access when module security is
enabled
Any hardware that can potentially generate DMA has to be locked down from
userspace in order to avoid it being possible for an attacker to modify
@ -111,3 +113,6 @@ index b91c4da68365..98f5637304d1 100644
return -EPERM;
dev = pci_get_bus_and_slot(bus, dfn);
--
2.4.3

79
RDS-verify-the-underlying-transport-exists-before-cr.patch Normal file
View File

@ -0,0 +1,79 @@
From 74e98eb085889b0d2d4908f59f6e00026063014f Mon Sep 17 00:00:00 2001
From: Sasha Levin <sasha.levin@oracle.com>
Date: Tue, 8 Sep 2015 10:53:40 -0400
Subject: [PATCH] RDS: verify the underlying transport exists before creating a
connection
There was no verification that an underlying transport exists when creating
a connection, this would cause dereferencing a NULL ptr.
It might happen on sockets that weren't properly bound before attempting to
send a message, which will cause a NULL ptr deref:
[135546.047719] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN
[135546.051270] Modules linked in:
[135546.051781] CPU: 4 PID: 15650 Comm: trinity-c4 Not tainted 4.2.0-next-20150902-sasha-00041-gbaa1222-dirty #2527
[135546.053217] task: ffff8800835bc000 ti: ffff8800bc708000 task.ti: ffff8800bc708000
[135546.054291] RIP: __rds_conn_create (net/rds/connection.c:194)
[135546.055666] RSP: 0018:ffff8800bc70fab0 EFLAGS: 00010202
[135546.056457] RAX: dffffc0000000000 RBX: 0000000000000f2c RCX: ffff8800835bc000
[135546.057494] RDX: 0000000000000007 RSI: ffff8800835bccd8 RDI: 0000000000000038
[135546.058530] RBP: ffff8800bc70fb18 R08: 0000000000000001 R09: 0000000000000000
[135546.059556] R10: ffffed014d7a3a23 R11: ffffed014d7a3a21 R12: 0000000000000000
[135546.060614] R13: 0000000000000001 R14: ffff8801ec3d0000 R15: 0000000000000000
[135546.061668] FS: 00007faad4ffb700(0000) GS:ffff880252000000(0000) knlGS:0000000000000000
[135546.062836] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[135546.063682] CR2: 000000000000846a CR3: 000000009d137000 CR4: 00000000000006a0
[135546.064723] Stack:
[135546.065048] ffffffffafe2055c ffffffffafe23fc1 ffffed00493097bf ffff8801ec3d0008
[135546.066247] 0000000000000000 00000000000000d0 0000000000000000 ac194a24c0586342
[135546.067438] 1ffff100178e1f78 ffff880320581b00 ffff8800bc70fdd0 ffff880320581b00
[135546.068629] Call Trace:
[135546.069028] ? __rds_conn_create (include/linux/rcupdate.h:856 net/rds/connection.c:134)
[135546.069989] ? rds_message_copy_from_user (net/rds/message.c:298)
[135546.071021] rds_conn_create_outgoing (net/rds/connection.c:278)
[135546.071981] rds_sendmsg (net/rds/send.c:1058)
[135546.072858] ? perf_trace_lock (include/trace/events/lock.h:38)
[135546.073744] ? lockdep_init (kernel/locking/lockdep.c:3298)
[135546.074577] ? rds_send_drop_to (net/rds/send.c:976)
[135546.075508] ? __might_fault (./arch/x86/include/asm/current.h:14 mm/memory.c:3795)
[135546.076349] ? __might_fault (mm/memory.c:3795)
[135546.077179] ? rds_send_drop_to (net/rds/send.c:976)
[135546.078114] sock_sendmsg (net/socket.c:611 net/socket.c:620)
[135546.078856] SYSC_sendto (net/socket.c:1657)
[135546.079596] ? SYSC_connect (net/socket.c:1628)
[135546.080510] ? trace_dump_stack (kernel/trace/trace.c:1926)
[135546.081397] ? ring_buffer_unlock_commit (kernel/trace/ring_buffer.c:2479 kernel/trace/ring_buffer.c:2558 kernel/trace/ring_buffer.c:2674)
[135546.082390] ? trace_buffer_unlock_commit (kernel/trace/trace.c:1749)
[135546.083410] ? trace_event_raw_event_sys_enter (include/trace/events/syscalls.h:16)
[135546.084481] ? do_audit_syscall_entry (include/trace/events/syscalls.h:16)
[135546.085438] ? trace_buffer_unlock_commit (kernel/trace/trace.c:1749)
[135546.085515] rds_ib_laddr_check(): addr 36.74.25.172 ret -99 node type -1
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/rds/connection.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/rds/connection.c b/net/rds/connection.c
index 9b2de5e67d79..49adeef8090c 100644
--- a/net/rds/connection.c
+++ b/net/rds/connection.c
@@ -190,6 +190,12 @@ new_conn:
}
}
+ if (trans == NULL) {
+ kmem_cache_free(rds_conn_slab, conn);
+ conn = ERR_PTR(-ENODEV);
+ goto out;
+ }
+
conn->c_trans = trans;
ret = trans->conn_alloc(conn, gfp);
--
2.4.3

6
Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
View File

@ -1,6 +1,7 @@
From d4ae417828427de74e9f857f9caa49580aecf1fe Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 09:28:15 -0500
Subject: [PATCH] Restrict /dev/mem and /dev/kmem when module loading is
Subject: [PATCH 06/20] Restrict /dev/mem and /dev/kmem when module loading is
restricted
Allowing users to write to address space makes it possible for the kernel
@ -36,3 +37,6 @@ index 53fe675f9bd7..b52c88860532 100644
if (p < (unsigned long) high_memory) {
unsigned long to_write = min_t(unsigned long, count,
(unsigned long)high_memory - p);
--
2.4.3

81
USB-whiteheat-fix-potential-null-deref-at-probe.patch Normal file
View File

@ -0,0 +1,81 @@
From 10d98bced414c6fc1d09db123e7f762d91b5ebea Mon Sep 17 00:00:00 2001
From: Johan Hovold <johan@kernel.org>
Date: Wed, 23 Sep 2015 11:41:42 -0700
Subject: [PATCH] USB: whiteheat: fix potential null-deref at probe
Fix potential null-pointer dereference at probe by making sure that the
required endpoints are present.
The whiteheat driver assumes there are at least five pairs of bulk
endpoints, of which the final pair is used for the "command port". An
attempt to bind to an interface with fewer bulk endpoints would
currently lead to an oops.
Fixes CVE-2015-5257.
Reported-by: Moein Ghasemzadeh <moein@istuary.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
---
drivers/usb/serial/whiteheat.c | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/drivers/usb/serial/whiteheat.c b/drivers/usb/serial/whiteheat.c
index 6c3734d2b45a..d3ea90bef84d 100644
--- a/drivers/usb/serial/whiteheat.c
+++ b/drivers/usb/serial/whiteheat.c
@@ -80,6 +80,8 @@ static int whiteheat_firmware_download(struct usb_serial *serial,
static int whiteheat_firmware_attach(struct usb_serial *serial);
/* function prototypes for the Connect Tech WhiteHEAT serial converter */
+static int whiteheat_probe(struct usb_serial *serial,
+ const struct usb_device_id *id);
static int whiteheat_attach(struct usb_serial *serial);
static void whiteheat_release(struct usb_serial *serial);
static int whiteheat_port_probe(struct usb_serial_port *port);
@@ -116,6 +118,7 @@ static struct usb_serial_driver whiteheat_device = {
.description = "Connect Tech - WhiteHEAT",
.id_table = id_table_std,
.num_ports = 4,
+ .probe = whiteheat_probe,
.attach = whiteheat_attach,
.release = whiteheat_release,
.port_probe = whiteheat_port_probe,
@@ -217,6 +220,34 @@ static int whiteheat_firmware_attach(struct usb_serial *serial)
/*****************************************************************************
* Connect Tech's White Heat serial driver functions
*****************************************************************************/
+
+static int whiteheat_probe(struct usb_serial *serial,
+ const struct usb_device_id *id)
+{
+ struct usb_host_interface *iface_desc;
+ struct usb_endpoint_descriptor *endpoint;
+ size_t num_bulk_in = 0;
+ size_t num_bulk_out = 0;
+ size_t min_num_bulk;
+ unsigned int i;
+
+ iface_desc = serial->interface->cur_altsetting;
+
+ for (i = 0; i < iface_desc->desc.bNumEndpoints; i++) {
+ endpoint = &iface_desc->endpoint[i].desc;
+ if (usb_endpoint_is_bulk_in(endpoint))
+ ++num_bulk_in;
+ if (usb_endpoint_is_bulk_out(endpoint))
+ ++num_bulk_out;
+ }
+
+ min_num_bulk = COMMAND_PORT + 1;
+ if (num_bulk_in < min_num_bulk || num_bulk_out < min_num_bulk)
+ return -ENODEV;
+
+ return 0;
+}
+
static int whiteheat_attach(struct usb_serial *serial)
{
struct usb_serial_port *command_port;
--
2.4.3

14
acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
View File

@ -1,7 +1,8 @@
From 32d3dc2147823a32c8a7771d8fe0f2d1ef057c6a Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Mon, 25 Jun 2012 19:57:30 -0400
Subject: [PATCH] acpi: Ignore acpi_rsdp kernel parameter when module loading
is restricted
Subject: [PATCH 07/20] acpi: Ignore acpi_rsdp kernel parameter when module
loading is restricted
This option allows userspace to pass the RSDP address to the kernel, which
makes it possible for a user to circumvent any restrictions imposed on
@ -13,10 +14,10 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
index 3b8963f21b36..a5ae6a7fef5e 100644
index 739a4a6b3b9b..9ef2a020a7a9 100644
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -44,6 +44,7 @@
@@ -40,6 +40,7 @@
#include <linux/list.h>
#include <linux/jiffies.h>
#include <linux/semaphore.h>
@ -24,7 +25,7 @@ index 3b8963f21b36..a5ae6a7fef5e 100644
#include <asm/io.h>
#include <asm/uaccess.h>
@@ -255,7 +256,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
@@ -253,7 +254,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
acpi_physical_address __init acpi_os_get_root_pointer(void)
{
#ifdef CONFIG_KEXEC
@ -33,3 +34,6 @@ index 3b8963f21b36..a5ae6a7fef5e 100644
return acpi_rsdp;
#endif
--
2.4.3

81
acpi-video-Add-force-native-backlight-quirk-for-Leno.patch Normal file
View File

@ -0,0 +1,81 @@
From: Hans de Goede <hdegoede@redhat.com>
Date: Tue, 3 Mar 2015 08:31:24 +0100
Subject: [PATCH] acpi: video: Add force native backlight quirk for Lenovo
Ideapad Z570
The Lenovo Ideapad Z570 (which is an Acer in disguise like some other Ideapads)
has a broken acpi_video interface, this was fixed in commmit a11d342fb8
("ACPI / video: force vendor backlight on Lenovo Ideapad Z570").
Which stops acpi_video from registering a backlight interface, but this is
only a partial fix, because for people who have the ideapad-laptop module
installed that module will now register a backlight interface, which also
does not work, so we need to use the native intel_backlight interface.
The Lenovo Ideapad 570 is a pre-win8 laptop / too old for the acpi-video code
to automatically prefer the native backlight interface, so add a quirk for it.
This commit also removes the previous incomplete fix.
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1187004
Cc: Stepan Bujnak <stepanbujnak@fastmail.fm>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/acpi/video.c | 17 +++++++++++++++++
drivers/acpi/video_detect.c | 8 --------
2 files changed, 17 insertions(+), 8 deletions(-)
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
index 70ea37bea84f..d9bf8ba7d848 100644
--- a/drivers/acpi/video.c
+++ b/drivers/acpi/video.c
@@ -425,6 +425,12 @@ static int __init video_disable_native_backlight(const struct dmi_system_id *d)
return 0;
}
+static int __init video_enable_native_backlight(const struct dmi_system_id *d)
+{
+ use_native_backlight_dmi = NATIVE_BACKLIGHT_ON;
+ return 0;
+}
+
static struct dmi_system_id video_dmi_table[] __initdata = {
/*
* Broken _BQC workaround http://bugzilla.kernel.org/show_bug.cgi?id=13121
@@ -566,6 +572,17 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
DMI_MATCH(DMI_PRODUCT_NAME, "XPS L521X"),
},
},
+
+ /* Non win8 machines which need native backlight nevertheless */
+ {
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1187004 */
+ .callback = video_enable_native_backlight,
+ .ident = "Lenovo Ideapad Z570",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "102434U"),
+ },
+ },
{}
};
diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c
index 27c43499977a..c42feb2bacd0 100644
--- a/drivers/acpi/video_detect.c
+++ b/drivers/acpi/video_detect.c
@@ -174,14 +174,6 @@ static struct dmi_system_id video_detect_dmi_table[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 5737"),
},
},
- {
- .callback = video_detect_force_vendor,
- .ident = "Lenovo IdeaPad Z570",
- .matches = {
- DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
- DMI_MATCH(DMI_PRODUCT_VERSION, "Ideapad Z570"),
- },
- },
{ },
};

73
acpi-video-Allow-forcing-native-backlight-on-non-win.patch Normal file
View File

@ -0,0 +1,73 @@
From: Aaron Lu <aaron.lu@intel.com>
Date: Wed, 11 Mar 2015 14:14:56 +0800
Subject: [PATCH] acpi: video: Allow forcing native backlight on non win8
machines
The native backlight behavior (so not registering both the acpi-video
and the vendor backlight driver) can be useful on some non win8 machines
too, so change the behavior of the video.use_native_backlight=1 or 0
kernel cmdline option to be: if user has set video.use_native_backlight=1
or 0, use that no matter if it is a win8 system or not. Also, we will
put some known systems into the DMI table to make them either use native
backlight interface or not, and the use_native_backlight_dmi is used to
reflect that.
Original-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Aaron Lu <aaron.lu@intel.com>
Acked-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/acpi/video.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
index db70d550f526..70ea37bea84f 100644
--- a/drivers/acpi/video.c
+++ b/drivers/acpi/video.c
@@ -82,9 +82,15 @@ module_param(allow_duplicates, bool, 0644);
* For Windows 8 systems: used to decide if video module
* should skip registering backlight interface of its own.
*/
-static int use_native_backlight_param = -1;
+enum {
+ NATIVE_BACKLIGHT_NOT_SET = -1,
+ NATIVE_BACKLIGHT_OFF,
+ NATIVE_BACKLIGHT_ON,
+};
+
+static int use_native_backlight_param = NATIVE_BACKLIGHT_NOT_SET;
module_param_named(use_native_backlight, use_native_backlight_param, int, 0444);
-static bool use_native_backlight_dmi = true;
+static int use_native_backlight_dmi = NATIVE_BACKLIGHT_NOT_SET;
static int register_count;
static struct mutex video_list_lock;
@@ -237,15 +243,16 @@ static void acpi_video_switch_brightness(struct work_struct *work);
static bool acpi_video_use_native_backlight(void)
{
- if (use_native_backlight_param != -1)
+ if (use_native_backlight_param != NATIVE_BACKLIGHT_NOT_SET)
return use_native_backlight_param;
- else
+ else if (use_native_backlight_dmi != NATIVE_BACKLIGHT_NOT_SET)
return use_native_backlight_dmi;
+ return acpi_osi_is_win8();
}
bool acpi_video_verify_backlight_support(void)
{
- if (acpi_osi_is_win8() && acpi_video_use_native_backlight() &&
+ if (acpi_video_use_native_backlight() &&
backlight_device_registered(BACKLIGHT_RAW))
return false;
return acpi_video_backlight_support();
@@ -414,7 +421,7 @@ static int __init video_set_bqc_offset(const struct dmi_system_id *d)
static int __init video_disable_native_backlight(const struct dmi_system_id *d)
{
- use_native_backlight_dmi = false;
+ use_native_backlight_dmi = NATIVE_BACKLIGHT_OFF;
return 0;
}

41
alua_fix.patch Normal file
View File

@ -0,0 +1,41 @@
From 221255aee67ec1c752001080aafec0c4e9390d95 Mon Sep 17 00:00:00 2001
From: Hannes Reinecke <hare@suse.de>
Date: Tue, 1 Dec 2015 10:16:42 +0100
Subject: scsi: ignore errors from scsi_dh_add_device()
device handler initialisation might fail due to a number of
reasons. But as device_handlers are optional this shouldn't
cause us to disable the device entirely.
So just ignore errors from scsi_dh_add_device().
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
---
drivers/scsi/scsi_sysfs.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
index fc3cd26..d015374 100644
--- a/drivers/scsi/scsi_sysfs.c
+++ b/drivers/scsi/scsi_sysfs.c
@@ -1120,11 +1120,12 @@ int scsi_sysfs_add_sdev(struct scsi_device *sdev)
}
error = scsi_dh_add_device(sdev);
- if (error) {
+ if (error)
+ /*
+ * device_handler is optional, so any error can be ignored
+ */
sdev_printk(KERN_INFO, sdev,
"failed to add device handler: %d\n", error);
- return error;
- }
device_enable_async_suspend(&sdev->sdev_dev);
error = device_add(&sdev->sdev_dev);
--
cgit v0.11.2

8
asus-wmi-Restrict-debugfs-interface-when-module-load.patch
View File

@ -1,7 +1,8 @@
From 32f701d40657cc3c982b8cba4bf73452ccdd6697 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 08:46:50 -0500
Subject: [PATCH] asus-wmi: Restrict debugfs interface when module loading is
restricted
Subject: [PATCH 05/20] asus-wmi: Restrict debugfs interface when module
loading is restricted
We have no way of validating what all of the Asus WMI methods do on a
given machine, and there's a risk that some will allow hardware state to
@ -48,3 +49,6 @@ index efbc3f0c592b..071171be4b7f 100644
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
1, asus->debug.method_id,
&input, &output);
--
2.4.3

64
block-blkg_destroy_all-should-clear-q-root_blkg-and-.patch Normal file
View File

@ -0,0 +1,64 @@
From a08748fb2221ef03d54071e5ddfcc1b0cee6961c Mon Sep 17 00:00:00 2001
From: Tejun Heo <tj@kernel.org>
Date: Sat, 5 Sep 2015 15:47:36 -0400
Subject: [PATCH] block: blkg_destroy_all() should clear q->root_blkg and
->root_rl.blkg
While making the root blkg unconditional, ec13b1d6f0a0 ("blkcg: always
create the blkcg_gq for the root blkcg") removed the part which clears
q->root_blkg and ->root_rl.blkg during q exit. This leaves the two
pointers dangling after blkg_destroy_all(). blk-throttle exit path
performs blkg traversals and dereferences ->root_blkg and can lead to
the following oops.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000558
IP: [<ffffffff81389746>] __blkg_lookup+0x26/0x70
...
task: ffff88001b4e2580 ti: ffff88001ac0c000 task.ti: ffff88001ac0c000
RIP: 0010:[<ffffffff81389746>] [<ffffffff81389746>] __blkg_lookup+0x26/0x70
...
Call Trace:
[<ffffffff8138d14a>] blk_throtl_drain+0x5a/0x110
[<ffffffff8138a108>] blkcg_drain_queue+0x18/0x20
[<ffffffff81369a70>] __blk_drain_queue+0xc0/0x170
[<ffffffff8136a101>] blk_queue_bypass_start+0x61/0x80
[<ffffffff81388c59>] blkcg_deactivate_policy+0x39/0x100
[<ffffffff8138d328>] blk_throtl_exit+0x38/0x50
[<ffffffff8138a14e>] blkcg_exit_queue+0x3e/0x50
[<ffffffff8137016e>] blk_release_queue+0x1e/0xc0
...
While the bug is a straigh-forward use-after-free bug, it is tricky to
reproduce because blkg release is RCU protected and the rest of exit
path usually finishes before RCU grace period.
This patch fixes the bug by updating blkg_destro_all() to clear
q->root_blkg and ->root_rl.blkg.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: "Richard W.M. Jones" <rjones@redhat.com>
Reported-by: Josh Boyer <jwboyer@fedoraproject.org>
Link: http://lkml.kernel.org/g/CA+5PVA5rzQ0s4723n5rHBcxQa9t0cW8BPPBekr_9aMRoWt2aYg@mail.gmail.com
Fixes: ec13b1d6f0a0 ("blkcg: always create the blkcg_gq for the root blkcg")
Cc: stable@vger.kernel.org # v4.2+
---
block/blk-cgroup.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c
index d6283b3f5db5..9cc48d1d7abb 100644
--- a/block/blk-cgroup.c
+++ b/block/blk-cgroup.c
@@ -387,6 +387,9 @@ static void blkg_destroy_all(struct request_queue *q)
blkg_destroy(blkg);
spin_unlock(&blkcg->lock);
}
+
+ q->root_blkg = NULL;
+ q->root_rl.blkg = NULL;
}
/*
--
2.4.3

29
config-arm-generic
View File

@ -40,6 +40,8 @@ CONFIG_FB_SIMPLE=y
CONFIG_HAVE_PERF_REGS=y
CONFIG_HAVE_PERF_USER_STACK_DUMP=y
CONFIG_ARM_PMU=y
# ARM AMBA generic HW
CONFIG_ARM_AMBA=y
CONFIG_KERNEL_MODE_NEON=y
@ -64,6 +66,17 @@ CONFIG_RTC_DRV_PL031=y
CONFIG_PL330_DMA=m
CONFIG_GPIO_PL061=y
CONFIG_USB_ISP1760=m
CONFIG_ARM_PL172_MPMC=m
# HW crypto and rng
CONFIG_ARM_CRYPTO=y
CONFIG_CRYPTO_AES_ARM=y
CONFIG_CRYPTO_AES_ARM_BS=y
CONFIG_CRYPTO_SHA1_ARM=y
CONFIG_CRYPTO_SHA256_ARM=y
CONFIG_CRYPTO_SHA1_ARM_NEON=y
CONFIG_CRYPTO_SHA512_ARM_NEON=y
CONFIG_CRYPTO_SHA512_ARM=y
# ARM VExpress
CONFIG_ARCH_VEXPRESS=y
@ -106,6 +119,8 @@ CONFIG_OF_NET=y
CONFIG_OF_OVERLAY=y
CONFIG_OF_PCI_IRQ=m
CONFIG_OF_PCI=m
# CONFIG_PCI_HOST_GENERIC is not set
# CONFIG_PCIE_IPROC is not set
CONFIG_OF_RESERVED_MEM=y
CONFIG_OF_RESOLVE=y
CONFIG_PM_GENERIC_DOMAINS_OF=y
@ -122,15 +137,6 @@ CONFIG_MAILBOX=y
CONFIG_ARM_MHU=m
# CONFIG_PL320_MBOX is not set
# HW crypto and rng
CONFIG_ARM_CRYPTO=y
CONFIG_CRYPTO_AES_ARM=m
# CONFIG_CRYPTO_AES_ARM_BS is not set
CONFIG_CRYPTO_SHA1_ARM=m
CONFIG_CRYPTO_SHA256_ARM=m
CONFIG_CRYPTO_SHA1_ARM_NEON=m
CONFIG_CRYPTO_SHA512_ARM_NEON=m
CONFIG_CRYPTO_SHA512_ARM=m
# USB
CONFIG_USB_OHCI_HCD_PLATFORM=m
CONFIG_USB_EHCI_HCD_PLATFORM=m
@ -213,6 +219,7 @@ CONFIG_I2C_MUX_GPIO=m
CONFIG_I2C_MUX_PINCTRL=m
CONFIG_I2C_MUX_PCA9541=m
CONFIG_I2C_MUX_PCA954x=m
CONFIG_I2C_MUX_REG=m
# spi
CONFIG_SPI_PL022=m
@ -280,6 +287,7 @@ CONFIG_VFIO_AMBA=m
# CONFIG_KEYBOARD_OMAP4 is not set
# CONFIG_KEYBOARD_BCM is not set
# CONFIG_PHY_SAMSUNG_USB2 is not set
# CONFIG_OMAP_GPMC_DEBUG is not set
### turn off things which make no sense on embedded SoC
@ -349,3 +357,6 @@ CONFIG_VFIO_AMBA=m
# CONFIG_BMP085_SPI is not set
# CONFIG_TI_DAC7512 is not set
# CONFIG_SPI_ROCKCHIP is not set
# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
CONFIG_CHECKPOINT_RESTORE=y

26
config-arm64
View File

@ -18,6 +18,10 @@ CONFIG_ARCH_XGENE=y
# CONFIG_ARCH_QCOM is not set
# CONFIG_ARCH_SPRD is not set
# CONFIG_ARCH_ZYNQMP is not set
# CONFIG_ARCH_BCM_IPROC is not set
# CONFIG_ARCH_BERLIN is not set
# CONFIG_ARCH_ROCKCHIP is not set
# Erratum
CONFIG_ARM64_ERRATUM_826319=y
@ -36,7 +40,10 @@ CONFIG_ARM_SMMU_V3=y
CONFIG_ARCH_HAS_HOLES_MEMORYMODEL=y
CONFIG_ARCH_REQUIRE_GPIOLIB=y
CONFIG_ARM64_64K_PAGES=y
# CONFIG_COMPAT is not set
CONFIG_ARM64_HW_AFDBM=y
CONFIG_ARM64_PAN=y
CONFIG_ARM64_LSE_ATOMICS=y
CONFIG_BCMA_POSSIBLE=y
CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0
@ -83,13 +90,13 @@ CONFIG_ACPI_NFIT=m
CONFIG_PCC=y
CONFIG_ARM64_CRYPTO=y
CONFIG_CRYPTO_SHA1_ARM64_CE=m
CONFIG_CRYPTO_SHA2_ARM64_CE=m
CONFIG_CRYPTO_SHA1_ARM64_CE=y
CONFIG_CRYPTO_SHA2_ARM64_CE=y
CONFIG_CRYPTO_GHASH_ARM64_CE=m
CONFIG_CRYPTO_AES_ARM64_CE=m
CONFIG_CRYPTO_AES_ARM64_CE_CCM=m
CONFIG_CRYPTO_AES_ARM64_CE_BLK=m
CONFIG_CRYPTO_AES_ARM64_NEON_BLK=m
CONFIG_CRYPTO_AES_ARM64_CE=y
CONFIG_CRYPTO_AES_ARM64_CE_CCM=y
CONFIG_CRYPTO_AES_ARM64_CE_BLK=y
CONFIG_CRYPTO_AES_ARM64_NEON_BLK=y
CONFIG_CRYPTO_CRC32_ARM64=m
CONFIG_CRYPTO_DEV_CCP=y
CONFIG_CRYPTO_DEV_CCP_DD=m
@ -138,6 +145,10 @@ CONFIG_AMD_XGBE_PHY=m
# HiSilicon
CONFIG_POWER_RESET_HISI=y
CONFIG_HISI_THERMAL=m
CONFIG_STUB_CLK_HI6220=y
# ThunderX
# CONFIG_MDIO_OCTEON is not set
CONFIG_NET_VENDOR_MELLANOX=y
CONFIG_MLX4_EN=m
@ -165,3 +176,4 @@ CONFIG_ND_BLK=m
CONFIG_DEBUG_SECTION_MISMATCH=y
# CONFIG_FSL_MC_BUS is not set
# CONFIG_FUJITSU_ES is not set

16
config-armv7
View File

@ -25,8 +25,6 @@ CONFIG_SOC_OMAP3430=y
CONFIG_SOC_TI81XX=y
# CONFIG_MACH_NOKIA_RX51 is not set
# CONFIG_MACH_OMAP_LDP is not set
# CONFIG_MACH_OMAP3530_LV_SOM is not set
# CONFIG_MACH_OMAP3_TORPEDO is not set
# CONFIG_MACH_OMAP3517EVM is not set
# CONFIG_MACH_OMAP3_PANDORA is not set
@ -284,6 +282,7 @@ CONFIG_PINCTRL_MSM8960=m
CONFIG_PINCTRL_MSM8X74=m
CONFIG_PINCTRL_MSM8916=m
CONFIG_PINCTRL_QCOM_SPMI_PMIC=m
CONFIG_PINCTRL_QCOM_SSBI_PMIC=m
CONFIG_COMMON_CLK_QCOM=m
# CONFIG_MSM_GCC_8916 is not set
# CONFIG_IPQ_LCC_806X is not set
@ -339,6 +338,13 @@ CONFIG_SND_SOC_LPASS_PLATFORM=m
CONFIG_SND_SOC_STORM=m
CONFIG_PHY_QCOM_UFS=m
CONFIG_HWSPINLOCK_QCOM=m
CONFIG_QCOM_COINCELL=m
CONFIG_USB_QCOM_8X16_PHY=m
CONFIG_QCOM_SMD=m
CONFIG_QCOM_SMD_RPM=m
CONFIG_QCOM_SMEM=m
CONFIG_REGULATOR_QCOM_SMD_RPM=m
# CONFIG_QCOM_SMEM is not set
# i.MX
# CONFIG_MXC_DEBUG_BOARD is not set
@ -348,6 +354,7 @@ CONFIG_SOC_IMX53=y
CONFIG_SOC_IMX6Q=y
CONFIG_SOC_IMX6SL=y
CONFIG_SOC_IMX6SX=y
CONFIG_SOC_IMX6UL=y
CONFIG_SOC_IMX7D=y
# CONFIG_SOC_LS1021A is not set
# CONFIG_SOC_VF610 is not set
@ -371,6 +378,7 @@ CONFIG_NET_VENDOR_FREESCALE=y
CONFIG_FEC=m
# CONFIG_FSL_PQ_MDIO is not set
# CONFIG_FSL_XGMAC_MDIO is not set
CONFIG_KEYBOARD_SNVS_PWRKEY=m
CONFIG_KEYBOARD_IMX=m
CONFIG_KEYBOARD_STMPE=m
CONFIG_TOUCHSCREEN_STMPE=m
@ -404,6 +412,7 @@ CONFIG_RTC_DRV_SNVS=m
CONFIG_FB_MXS=m
# CONFIG_FB_MX3 is not set
# CONFIG_FB_IMX is not set
CONFIG_TOUCHSCREEN_IMX6UL_TSC=m
CONFIG_SND_IMX_SOC=m
CONFIG_SND_SOC_FSL_ASOC_CARD=m
@ -493,8 +502,6 @@ CONFIG_ARCH_EXYNOS4=y
CONFIG_SOC_EXYNOS4212=y
CONFIG_SOC_EXYNOS4412=y
CONFIG_SOC_EXYNOS4415=y
CONFIG_ARM_EXYNOS4210_CPUFREQ=y
CONFIG_ARM_EXYNOS4X12_CPUFREQ=y
CONFIG_AK8975=m
CONFIG_CM36651=m
CONFIG_KEYBOARD_SAMSUNG=m
@ -620,6 +627,7 @@ CONFIG_CADENCE_WATCHDOG=m
CONFIG_REGULATOR_ISL9305=m
CONFIG_EDAC_SYNOPSYS=m
CONFIG_PINCTRL_ZYNQ=y
CONFIG_AXI_DMAC=m
# Multi function devices
CONFIG_MFD_88PM800=m

19
config-armv7-generic
View File

@ -33,6 +33,7 @@ CONFIG_XZ_DEC_ARMTHUMB=y
CONFIG_ARCH_HAS_TICK_BROADCAST=y
CONFIG_IRQ_CROSSBAR=y
CONFIG_IOMMU_IO_PGTABLE_LPAE=y
CONFIG_CPU_SW_DOMAIN_PAN=y
# CONFIG_MCPM is not set
# CONFIG_OABI_COMPAT is not set
@ -141,7 +142,6 @@ CONFIG_XZ_DEC_ARM=y
CONFIG_PCI_HOST_GENERIC=y
# CONFIG_PCI_LAYERSCAPE is not set
# CONFIG_PCIE_IPROC is not set
# Do NOT enable this, it breaks stuff and makes things go slow
# CONFIG_UACCESS_WITH_MEMCPY is not set
@ -183,6 +183,7 @@ CONFIG_MACH_SUN7I=y
CONFIG_MACH_SUN8I=y
# CONFIG_MACH_SUN9I is not set
CONFIG_SUNXI_SRAM=y
CONFIG_DMA_SUN4I=m
CONFIG_DMA_SUN6I=m
CONFIG_SUNXI_WATCHDOG=m
CONFIG_NET_VENDOR_ALLWINNER=y
@ -215,6 +216,8 @@ CONFIG_MTD_NAND_SUNXI=m
CONFIG_SERIO_SUN4I_PS2=m
CONFIG_KEYBOARD_SUN4I_LRADC=m
CONFIG_PWM_SUN4I=m
CONFIG_USB_MUSB_SUNXI=m
CONFIG_CRYPTO_DEV_SUN4I_SS=m
# Exynos
CONFIG_ARCH_EXYNOS3=y
@ -229,8 +232,6 @@ CONFIG_SOC_EXYNOS5410=y
CONFIG_SOC_EXYNOS5800=y
CONFIG_SERIAL_SAMSUNG=y
CONFIG_SERIAL_SAMSUNG_CONSOLE=y
CONFIG_ARM_EXYNOS_CPUFREQ=m
CONFIG_ARM_EXYNOS5250_CPUFREQ=y
CONFIG_ARM_EXYNOS5440_CPUFREQ=m
CONFIG_ARM_EXYNOS_CPU_FREQ_BOOST_SW=y
# CONFIG_ARM_EXYNOS_CPUIDLE is not set
@ -352,6 +353,9 @@ CONFIG_DRM_ROCKCHIP=m
CONFIG_ROCKCHIP_DW_HDMI=m
CONFIG_PHY_ROCKCHIP_USB=m
CONFIG_DWMAC_ROCKCHIP=m
CONFIG_SND_SOC_ROCKCHIP_MAX98090=m
CONFIG_SND_SOC_ROCKCHIP_RT5645=m
CONFIG_REGULATOR_ACT8865=m
# Tegra
CONFIG_ARCH_TEGRA_114_SOC=y
@ -393,6 +397,8 @@ CONFIG_TEGRA_SOCTHERM=m
CONFIG_TEGRA_MC=y
CONFIG_TEGRA124_EMC=y
CONFIG_ARM_TEGRA_DEVFREQ=m
# CONFIG_ARM_TEGRA20_CPUFREQ is not set
CONFIG_ARM_TEGRA124_CPUFREQ=m
# Jetson TK1
CONFIG_PINCTRL_AS3722=y
@ -457,6 +463,7 @@ CONFIG_COMMON_CLK_SI5351=m
CONFIG_RTC_DRV_ARMADA38X=m
# CONFIG_CACHE_FEROCEON_L2 is not set
# CONFIG_CACHE_FEROCEON_L2_WRITETHROUGH is not set
CONFIG_LEDS_NS2=m
# DRM panels
CONFIG_DRM_PANEL=y
@ -464,6 +471,9 @@ CONFIG_DRM_PANEL_SIMPLE=m
CONFIG_DRM_PANEL_LD9040=m
CONFIG_DRM_PANEL_S6E8AA0=m
CONFIG_DRM_PANEL_SHARP_LQ101R1SX01=m
CONFIG_DRM_PANEL_LG_LG4573=m
CONFIG_DRM_PANEL_SAMSUNG_LD9040=m
CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0=m
CONFIG_DRM_DW_HDMI=m
# regmap
@ -718,6 +728,7 @@ CONFIG_REGULATOR_DA9211=m
CONFIG_REGULATOR_ISL9305=m
CONFIG_REGULATOR_MAX77802=m
CONFIG_REGULATOR_PWM=m
# CONFIG_REGULATOR_MT6311 is not set
CONFIG_SENSORS_LTC2978_REGULATOR=y
CONFIG_POWER_AVS=y
@ -748,6 +759,7 @@ CONFIG_SENSORS_ISL29028=m
CONFIG_SENSORS_LIS3_SPI=m
CONFIG_SENSORS_LM70=m
CONFIG_SENSORS_MAX1111=m
CONFIG_MPL3115=m
CONFIG_SI7005=m
CONFIG_SI7020=m
@ -856,6 +868,7 @@ CONFIG_R8188EU=m
# CONFIG_DRM_TILCDC is not set
# CONFIG_DRM_IMX is not set
# CONFIG_DRM_STI is not set
# CONFIG_DRM_FSL_DCU is not set
# CONFIG_AHCI_IMX is not set
# CONFIG_IMX_THERMAL is not set
# CONFIG_TI_DAC7512 is not set

1
config-armv7-lpae
View File

@ -12,6 +12,7 @@ CONFIG_ARCH_KEYSTONE=y
# CONFIG_ARCH_AXXIA is not set
CONFIG_ARM_LPAE=y
# CONFIG_CPU_SW_DOMAIN_PAN is not set
CONFIG_SYS_SUPPORTS_HUGETLBFS=y
CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
CONFIG_ARM_VIRT_EXT=y

2
config-debug
View File

@ -90,7 +90,7 @@ CONFIG_RTLWIFI_DEBUG=y
CONFIG_DEBUG_OBJECTS_WORK=y
CONFIG_DMADEVICES_DEBUG=y
CONFIG_DMADEVICES_VDEBUG=y
# CONFIG_DMADEVICES_VDEBUG is not set
CONFIG_PM_ADVANCED_DEBUG=y

82
config-generic
View File

@ -51,8 +51,10 @@ CONFIG_LOG_CPU_MAX_BUF_SHIFT=12
CONFIG_KALLSYMS=y
CONFIG_KALLSYMS_ALL=y
CONFIG_FUTEX=y
# CONFIG_FAIL_FUTEX is not set
CONFIG_EPOLL=y
CONFIG_BPF_SYSCALL=y
CONFIG_USERFAULTFD=y
CONFIG_IOSCHED_NOOP=y
CONFIG_IOSCHED_DEADLINE=y
CONFIG_IOSCHED_CFQ=y
@ -67,6 +69,7 @@ CONFIG_NET_NS=y
CONFIG_USER_NS=y
CONFIG_POSIX_MQUEUE=y
CONFIG_KDBUS=m
# CONFIG_PREEMPT_NONE is not set
CONFIG_PREEMPT_VOLUNTARY=y
# CONFIG_PREEMPT is not set
@ -143,6 +146,8 @@ CONFIG_MMC_TIFM_SD=m
CONFIG_MMC_WBSD=m
CONFIG_MMC_VIA_SDMMC=m
CONFIG_MMC_SDHCI_PLTFM=m
# CONFIG_MMC_SDHCI_OF is not set
# CONFIG_MMC_SDHCI_OF_AT91 is not set
CONFIG_MMC_CB710=m
CONFIG_MMC_RICOH_MMC=y
CONFIG_MMC_USHC=m
@ -172,10 +177,12 @@ CONFIG_INFINIBAND_SRPT=m
CONFIG_INFINIBAND_USER_MAD=m
CONFIG_INFINIBAND_USER_ACCESS=m
CONFIG_INFINIBAND_ON_DEMAND_PAGING=y
CONFIG_INFINIBAND_IPATH=m
# Deprecated and moved to staging
# CONFIG_INFINIBAND_IPATH is not set
CONFIG_INFINIBAND_ISER=m
CONFIG_INFINIBAND_ISERT=m
CONFIG_INFINIBAND_AMSO1100=m
# Deprecated and moved to staging
# CONFIG_INFINIBAND_AMSO1100 is not set
# CONFIG_INFINIBAND_AMSO1100_DEBUG is not set
CONFIG_INFINIBAND_CXGB3=m
CONFIG_INFINIBAND_CXGB4=m
@ -320,6 +327,8 @@ CONFIG_MTD_CFI_I2=y
# CONFIG_MTD_NAND_ECC_BCH is not set
# CONFIG_MTD_NAND_DISKONCHIP is not set
# CONFIG_MTD_NAND_HISI504 is not set
# CONFIG_MTD_NAND_DENALI_PCI is not set
# CONFIG_MTD_NAND_DENALI_DT is not set
# CONFIG_MTD_LPDDR is not set
CONFIG_MTD_UBI=m
CONFIG_MTD_UBI_WL_THRESHOLD=4096
@ -349,6 +358,7 @@ CONFIG_HOTPLUG_PCI_ACPI_IBM=m
# CONFIG_ND_BLK is not set
# CONFIG_BTT is not set
# CONFIG_NVMEM is not set
#
# Block devices
@ -382,6 +392,7 @@ CONFIG_BLK_DEV_RAM_SIZE=16384
CONFIG_BLK_DEV_PMEM=m
CONFIG_BLK_DEV_INITRD=y
CONFIG_BLK_DEV_IO_TRACE=y
CONFIG_BLK_DEV_RAM_DAX=y
CONFIG_BLK_DEV_BSG=y
CONFIG_BLK_DEV_BSGLIB=y
@ -818,6 +829,7 @@ CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_PROTO_SCTP=y
CONFIG_IP_VS_FO=m
CONFIG_IP_VS_OVF=m
CONFIG_IP_VS_IPV6=y
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
@ -846,6 +858,7 @@ CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
CONFIG_IPV6_MIP6=y
CONFIG_IPV6_ILA=m
CONFIG_IPV6_VTI=m
CONFIG_IPV6_SIT=m
CONFIG_IPV6_SIT_6RD=y
@ -1073,8 +1086,12 @@ CONFIG_NFT_REJECT=m
CONFIG_NFT_COMPAT=m
CONFIG_NF_TABLES_IPV4=m
CONFIG_NF_DUP_IPV4=m
CONFIG_NF_DUP_IPV6=m
CONFIG_NF_REJECT_IPV6=m
CONFIG_NFT_REJECT_IPV4=m
CONFIG_NFT_DUP_IPV4=m
CONFIG_NFT_DUP_IPV6=m
CONFIG_NFT_CHAIN_ROUTE_IPV4=m
CONFIG_NFT_CHAIN_NAT_IPV4=m
CONFIG_NF_TABLES_ARP=m
@ -1262,6 +1279,7 @@ CONFIG_BATMAN_ADV_MCAST=y
# CONFIG_BATMAN_ADV_DEBUG is not set
CONFIG_OPENVSWITCH=m
CONFIG_OPENVSWITCH_CONNTRACK=y
CONFIG_OPENVSWITCH_GRE=y
CONFIG_OPENVSWITCH_VXLAN=y
CONFIG_OPENVSWITCH_GENEVE=y
@ -1300,6 +1318,7 @@ CONFIG_TUN=m
# CONFIG_TUN_VNET_CROSS_LE is not set
CONFIG_VETH=m
CONFIG_NLMON=m
CONFIG_NET_VRF=m
#
# ATM
@ -1353,6 +1372,8 @@ CONFIG_L2TP_ETH=m
# CONFIG_CAIF is not set
CONFIG_LWTUNNEL=y
CONFIG_RFKILL=m
CONFIG_RFKILL_GPIO=m
CONFIG_RFKILL_INPUT=y
@ -1574,6 +1595,9 @@ CONFIG_SUNGEM=m
CONFIG_CASSINI=m
CONFIG_NIU=m
# CONFIG_NET_VENDOR_SYNOPSYS is not set
# CONFIG_SYNOPSYS_DWC_ETH_QOS is not set
CONFIG_NET_VENDOR_TEHUTI=y
CONFIG_TEHUTI=m
@ -1600,6 +1624,7 @@ CONFIG_BCM87XX_PHY=m
CONFIG_CICADA_PHY=m
CONFIG_DAVICOM_PHY=m
CONFIG_DP83640_PHY=m
CONFIG_MICROCHIP_PHY=m
CONFIG_FIXED_PHY=y
CONFIG_MDIO_BITBANG=m
CONFIG_MDIO_BCM_UNIMAC=m
@ -1617,7 +1642,10 @@ CONFIG_STE10XP=m
CONFIG_VITESSE_PHY=m
CONFIG_MICREL_PHY=m
CONFIG_DP83867_PHY=m
CONFIG_DP83848_PHY=m
# CONFIG_MICREL_KS8995MA is not set
CONFIG_AQUANTIA_PHY=m
CONFIG_TERANETICS_PHY=m
CONFIG_MII=m
CONFIG_NET_CORE=y
@ -1632,6 +1660,7 @@ CONFIG_BCMGENET=m
CONFIG_BNX2=m
CONFIG_BNX2X=m
CONFIG_BNX2X_SRIOV=y
CONFIG_BNX2X_VXLAN=y
CONFIG_CNIC=m
CONFIG_FEALNX=m
CONFIG_ETHOC=m
@ -1649,6 +1678,7 @@ CONFIG_JME=m
# CONFIG_MLX4_EN is not set
# CONFIG_MLX4_EN_VXLAN is not set
# CONFIG_MLX5_CORE is not set
# CONFIG_MLXSW_CORE is not set
# CONFIG_SFC is not set
# CONFIG_FDDI is not set
@ -1861,6 +1891,7 @@ CONFIG_USB_NET_RNDIS_WLAN=m
CONFIG_USB_NET_KALMIA=m
CONFIG_USB_NET_QMI_WWAN=m
CONFIG_USB_NET_SMSC75XX=m
CONFIG_USB_NET_CH9200=m
# CONFIG_WL_TI is not set
CONFIG_ZD1211RW=m
# CONFIG_ZD1211RW_DEBUG is not set
@ -1893,14 +1924,15 @@ CONFIG_IEEE802154_SOCKET=m
CONFIG_IEEE802154_6LOWPAN=m
CONFIG_IEEE802154_DRIVERS=m
CONFIG_IEEE802154_FAKELB=m
CONFIG_IEEE802154_ATUSB=m
CONFIG_IEEE802154_CC2520=m
# CONFIG_IEEE802154_AT86RF230 is not set
# CONFIG_IEEE802154_MRF24J40 is not set
CONFIG_IEEE802154_ATUSB=m
CONFIG_MAC802154=m
CONFIG_NET_MPLS_GSO=m
CONFIG_MPLS_ROUTING=m
CONFIG_MPLS_IPTUNNEL=m
CONFIG_NET_SWITCHDEV=y
@ -2017,6 +2049,7 @@ CONFIG_NFC_ST21NFCA_I2C=m
# CONFIG_NFC_NCI_SPI is not set
# CONFIG_NFC_NCI_UART is not set
# CONFIG_NFC_ST_NCI is not set
# CONFIG_NFC_S3FWRN5_I2C is not set
#
@ -2062,6 +2095,7 @@ CONFIG_WINBOND_FIR=m
#
CONFIG_BT=m
CONFIG_BT_BREDR=y
CONFIG_BT_HS=y
CONFIG_BT_LE=y
CONFIG_BT_6LOWPAN=m
# CONFIG_BT_SELFTEST is not set
@ -2090,6 +2124,7 @@ CONFIG_BT_HCIUART_ATH3K=y
CONFIG_BT_HCIUART_3WIRE=y
CONFIG_BT_HCIUART_INTEL=y
CONFIG_BT_HCIUART_BCM=y
CONFIG_BT_HCIUART_QCA=y
CONFIG_BT_HCIDTL1=m
CONFIG_BT_HCIBT3C=m
CONFIG_BT_HCIBLUECARD=m
@ -2103,6 +2138,7 @@ CONFIG_BT_HCIUART_LL=y
CONFIG_BT_MRVL=m
CONFIG_BT_MRVL_SDIO=m
CONFIG_BT_ATH3K=m
CONFIG_BT_QCA=m
CONFIG_BT_WILINK=m
#
@ -2420,6 +2456,7 @@ CONFIG_TOUCHSCREEN_ZFORCE=m
# CONFIG_TOUCHSCREEN_CHIPONE_ICN8318 is not set
# CONFIG_TOUCHSCREEN_SX8654 is not set
# CONFIG_TOUCHSCREEN_WDT87XX_I2C is not set
# CONFIG_TOUCHSCREEN_IMX6UL_TSC is not set
CONFIG_INPUT_MISC=y
CONFIG_INPUT_E3X0_BUTTON=m
@ -2503,6 +2540,7 @@ CONFIG_SERIAL_JSM=m
# CONFIG_SERIAL_ALTERA_JTAGUART is not set
# CONFIG_SERIAL_ALTERA_UART is not set
# CONFIG_SERIAL_UARTLITE is not set
#
# Non-8250 serial port support
@ -2542,6 +2580,7 @@ CONFIG_I2C_CHARDEV=m
# CONFIG_I2C_MUX_GPIO is not set
# CONFIG_I2C_MUX_PCA9541 is not set
# CONFIG_I2C_MUX_PINCTRL is not set
# CONFIG_I2C_MUX_REG is not set
#
#
@ -2570,6 +2609,7 @@ CONFIG_I2C_ALGOPCA=m
# CONFIG_I2C_NFORCE2_S4985 is not set
# CONFIG_I2C_EG20T is not set
# CONFIG_I2C_CBUS_GPIO is not set
# CONFIG_I2C_EMEV2 is not set
CONFIG_I2C_VIPERBOARD=m
CONFIG_EEPROM_AT24=m
@ -2761,6 +2801,7 @@ CONFIG_SENSORS_AD7314=m
CONFIG_PMBUS=m
CONFIG_SENSORS_PMBUS=m
CONFIG_SENSORS_MAX16064=m
CONFIG_SENSORS_MAX20751=m
CONFIG_SENSORS_LM25066=m
CONFIG_SENSORS_LTC2978=m
CONFIG_SENSORS_MAX34440=m
@ -2788,7 +2829,7 @@ CONFIG_HID_SENSOR_IIO_TRIGGER=m
# CONFIG_AD5380 is not set
# CONFIG_AD5064 is not set
# CONFIG_BMA180 is not set
# CONFIG_BMC150_ACCEL is not set
CONFIG_BMC150_ACCEL=m
# CONFIG_MAX1363 is not set
# CONFIG_MAX517 is not set
# CONFIG_MAX5821 is not set
@ -2882,6 +2923,9 @@ CONFIG_ACPI_ALS=m
CONFIG_KXCJK1013=m
# CONFIG_ISL29125 is not set
# CONFIG_JSA1212 is not set
CONFIG_RPR0521=m
CONFIG_OPT3001=m
CONFIG_PA12203001=m
# CONFIG_TCS3414 is not set
# CONFIG_AK09911 is not set
# CONFIG_T5403 is not set
@ -3106,6 +3150,7 @@ CONFIG_RTC_DRV_PCF85063=m
# CONFIG_RTC_DRV_ISL12057 is not set
# CONFIG_RTC_DRV_XGENE is not set
# CONFIG_RTC_DRV_ABB5ZES3 is not set
# CONFIG_RTC_DRV_ZYNQMP is not set
CONFIG_R3964=m
# CONFIG_APPLICOM is not set
@ -3131,6 +3176,7 @@ CONFIG_VGA_ARB_MAX_GPUS=16
CONFIG_DRM=m
CONFIG_DRM_FBDEV_EMULATION=y
CONFIG_DRM_LOAD_EDID_FIRMWARE=y
CONFIG_DRM_AST=m # do not enable on f17 or older
CONFIG_DRM_CIRRUS_QEMU=m # do not enable on f17 or older
@ -3159,6 +3205,8 @@ CONFIG_DRM_NOUVEAU_BACKLIGHT=y
CONFIG_DRM_I2C_ADV7511=m
CONFIG_DRM_I2C_CH7006=m
CONFIG_DRM_I2C_SIL164=m
# CONFIG_DRM_NXP_PTN3460 is not set
# CONFIG_DRM_PARADE_PS8622 is not set
CONFIG_DRM_I2C_NXP_TDA998X=m
CONFIG_DRM_UDL=m
CONFIG_DRM_VMWGFX=m
@ -3171,6 +3219,7 @@ CONFIG_DRM_PS8622=m
# CONFIG_DRM_PANEL is not set
# CONFIG_DRM_PANEL_SIMPLE is not set
# CONFIG_DRM_PANEL_S6E8AA0 is not set
# CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0 is not set
CONFIG_DRM_VGEM=m
#
@ -3342,6 +3391,7 @@ CONFIG_DVB_FIREDTV=m
CONFIG_DVB_NGENE=m
CONFIG_DVB_DDBRIDGE=m
CONFIG_DVB_SMIPCIE=m
CONFIG_DVB_NETUP_UNIDVB=m
CONFIG_DVB_USB_TECHNISAT_USB2=m
CONFIG_DVB_USB_V2=m
@ -3443,6 +3493,7 @@ CONFIG_V4L_MEM2MEM_DRIVERS=y
# CONFIG_VIDEO_SH_VEU is not set
# CONFIG_VIDEO_RENESAS_VSP1 is not set
# CONFIG_V4L_TEST_DRIVERS is not set
# CONFIG_DVB_PLATFORM_DRIVERS is not set
#
# Broadcom Crystal HD video decoder driver
@ -3525,6 +3576,7 @@ CONFIG_FB_EFI=y
# CONFIG_FB_UDL is not set
# CONFIG_FB_GOLDFISH is not set
# CONFIG_FB_OPENCORES is not set
# CONFIG_FB_SM712 is not set
# CONFIG_FIRMWARE_EDID is not set
@ -3765,6 +3817,7 @@ CONFIG_USB_SL811_HCD_ISO=y
# CONFIG_USB_SL811_CS is not set
# CONFIG_USB_R8A66597_HCD is not set
CONFIG_USB_XHCI_HCD=y
# CONFIG_USB_XHCI_PLATFORM is not set
# CONFIG_USB_MAX3421_HCD is not set
#
@ -3873,6 +3926,7 @@ CONFIG_HID_EMS_FF=m
CONFIG_HID_ELECOM=m
CONFIG_HID_ELO=m
CONFIG_HID_EZKEY=m
CONFIG_HID_GEMBIRD=m
CONFIG_HID_UCLOGIC=m
CONFIG_HID_WALTOP=m
CONFIG_HID_ACRUX=m
@ -3976,6 +4030,7 @@ CONFIG_USB_KAWETH=m
CONFIG_USB_PEGASUS=m
CONFIG_USB_RTL8150=m
CONFIG_USB_RTL8152=m
CONFIG_USB_LAN78XX=m
CONFIG_USB_USBNET=m
CONFIG_USB_SPEEDTOUCH=m
CONFIG_USB_NET_AX8817X=m
@ -4260,6 +4315,7 @@ CONFIG_MFD_VIPERBOARD=m
# CONFIG_MFD_RT5033 is not set
# CONFIG_MFD_SKY81452 is not set
# CONFIG_MFD_MAX77843 is not set
# CONFIG_MFD_DA9062 is not set
# CONFIG_EZX_PCAP is not set
# CONFIG_INTEL_SOC_PMIC is not set
@ -4273,7 +4329,7 @@ CONFIG_MISC_FILESYSTEMS=y
# CONFIG_EXT2_FS is not set
# CONFIG_EXT3_FS is not set
CONFIG_EXT4_FS=y
CONFIG_EXT4_USE_FOR_EXT23=y
CONFIG_EXT4_USE_FOR_EXT2=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_EXT4_FS_SECURITY=y
# CONFIG_EXT4_ENCRYPTION is not set
@ -4310,7 +4366,7 @@ CONFIG_AUTOFS4_FS=y
# CONFIG_EXOFS_FS is not set
# CONFIG_EXOFS_DEBUG is not set
CONFIG_NILFS2_FS=m
# CONFIG_FS_DAX is not set
CONFIG_FS_DAX=y
# CONFIG_LOGFS is not set
CONFIG_CEPH_FS=m
CONFIG_CEPH_FSCACHE=y
@ -4609,6 +4665,7 @@ CONFIG_HEADERS_CHECK=y
# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
# CONFIG_DEBUG_LOCKDEP is not set
# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
# CONFIG_STATIC_KEYS_SELFTEST is not set
# DEBUG options that don't get enabled/disabled with 'make debug/release'
@ -4846,6 +4903,7 @@ CONFIG_BACKLIGHT_LP855X=m
# CONFIG_BACKLIGHT_GPIO is not set
# CONFIG_BACKLIGHT_LV5207LP is not set
# CONFIG_BACKLIGHT_BD6107 is not set
# CONFIG_BACKLIGHT_PM8941_WLED is not set
CONFIG_LCD_CLASS_DEVICE=m
CONFIG_LCD_PLATFORM=m
@ -4879,6 +4937,7 @@ CONFIG_CGROUPS=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_SCHED=y
CONFIG_MEMCG=y
CONFIG_MEMCG_SWAP=y
@ -5065,6 +5124,10 @@ CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
# CONFIG_SND_SOC_TS3A227E is not set
# CONFIG_SND_SOC_XTFPGA_I2S is not set
# CONFIG_SND_SOC_STA32X is not set
# CONFIG_SND_SOC_CS4349 is not set
# CONFIG_SND_SOC_GTM601 is not set
# CONFIG_SND_SOC_STI_SAS is not set
#
CONFIG_BALLOON_COMPACTION=y
CONFIG_COMPACTION=y
@ -5128,6 +5191,7 @@ CONFIG_DMA_ENGINE=y
CONFIG_DW_DMAC_CORE=m
CONFIG_DW_DMAC=m
CONFIG_DW_DMAC_PCI=m
# CONFIG_IDMA64 is not set
# CONFIG_DW_DMAC_BIG_ENDIAN_IO is not set
# CONFIG_TIMB_DMA is not set
# CONFIG_DMATEST is not set
@ -5353,6 +5417,7 @@ CONFIG_STAGING_MEDIA=y
# CONFIG_I2C_BCM2048 is not set
# CONFIG_DT3155 is not set
# CONFIG_PRISM2_USB is not set
# CONFIG_MOST is not set
CONFIG_USB_ATMEL=m
# CONFIG_COMEDI is not set
# CONFIG_PANEL is not set
@ -5404,6 +5469,7 @@ CONFIG_USBIP_HOST=m
# CONFIG_FB_SM7XX is not set
# CONFIG_FB_TFT is not set
# CONFIG_FB_SM750 is not set
# CONFIG_STAGING_RDMA is not set
# END OF STAGING
#
@ -5481,6 +5547,8 @@ CONFIG_ZSMALLOC=y
# CONFIG_ZSMALLOC_STAT is not set
# CONFIG_PGTABLE_MAPPING is not set
# CONFIG_IDLE_PAGE_TRACKING is not set
# CONFIG_MDIO_GPIO is not set
# CONFIG_KEYBOARD_GPIO is not set
# CONFIG_KEYBOARD_GPIO_POLLED is not set
@ -5528,6 +5596,7 @@ CONFIG_GPIO_VIPERBOARD=m
# CONFIG_GPIO_MCP23S08 is not set
# CONFIG_GPIO_XILINX is not set
# CONFIG_GPIO_ALTERA is not set
# CONFIG_GPIO_ZX is not set
# FIXME: Why?
@ -5568,6 +5637,7 @@ CONFIG_PSTORE_RAM=m
# CONFIG_MEMTEST is not set
# CONFIG_TEST_HEXDUMP is not set
# CONFIG_TEST_RHASHTABLE is not set
# CONFIG_TEST_STATIC_KEYS is not set
# CONFIG_AVERAGE is not set
# CONFIG_VMXNET3 is not set

5
config-powerpc64-generic
View File

@ -14,6 +14,7 @@ CONFIG_PPC_PSERIES=y
# CONFIG_PPC_PMAC is not set
# CONFIG_PPC_PMAC64 is not set
# CONFIG_PPC_PS3 is not set
CONFIG_HIBERNATION=n
CONFIG_EXTRA_TARGETS=""
@ -127,6 +128,7 @@ CONFIG_MTD_POWERNV_FLASH=m
CONFIG_PPC_TRANSACTIONAL_MEM=y
CONFIG_BLK_DEV_RSXX=m
CONFIG_CXL=m
CONFIG_CXLFLASH=m
CONFIG_IBMEBUS=y
CONFIG_EHEA=m
CONFIG_INFINIBAND_EHCA=m
@ -209,6 +211,7 @@ CONFIG_CAPI_EICON=y
CONFIG_LEDS_TRIGGER_TIMER=m
CONFIG_LEDS_TRIGGER_HEARTBEAT=m
CONFIG_LEDS_TRIGGER_GPIO=m
CONFIG_LEDS_POWERNV=m
CONFIG_USB_EHCI_HCD_PPC_OF=y
CONFIG_USB_OHCI_HCD_PCI=y
@ -358,6 +361,8 @@ CONFIG_I2C_MPC=m
# CONFIG_NET_VENDOR_PASEMI is not set
# CONFIG_NET_VENDOR_TOSHIBA is not set
CONFIG_MDIO_OCTEON=m
# CONFIG_OF_UNITTEST is not set
# CONFIG_OF_OVERLAY is not set
# CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set

3
config-powerpc64le
View File

@ -1,3 +1,6 @@
CONFIG_CPU_LITTLE_ENDIAN=y
CONFIG_POWER7_CPU=y
# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
CONFIG_CHECKPOINT_RESTORE=y

2
config-s390x
View File

@ -201,6 +201,7 @@ CONFIG_VMCP=y
CONFIG_SCHED_MC=y
CONFIG_SCHED_BOOK=y
CONFIG_SCHED_TOPOLOGY=y
# CONFIG_NUMA is not set
# CONFIG_WARN_DYNAMIC_STACK is not set
@ -290,6 +291,7 @@ CONFIG_HOTPLUG_PCI_S390=y
# CONFIG_SH_ETH is not set
# CONFIG_NET_VENDOR_VIA is not set
# CONFIG_IEEE802154_DRIVERS is not set
# CONFIG_MDIO_OCTEON is not set
# CONFIG_FMC is not set

22
config-x86-generic
View File

@ -4,6 +4,8 @@ CONFIG_X86_EXTENDED_PLATFORM=y
CONFIG_X86_GENERIC=y
# CONFIG_X86_LEGACY_VM86 is not set
CONFIG_HPET=y
CONFIG_HPET_TIMER=y
# CONFIG_HPET_MMAP is not set
@ -34,9 +36,7 @@ CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
CONFIG_X86_PAT=y
CONFIG_X86_PM_TIMER=y
# This requires changes to binutils and the compiler. Plus you can't actually
# buy hardware with MPX yet. So... leave it off until all of that seems set.
# CONFIG_X86_INTEL_MPX is not set
CONFIG_X86_INTEL_MPX=y
CONFIG_EFI=y
CONFIG_EFI_STUB=y
@ -111,6 +111,7 @@ CONFIG_XPOWER_PMIC_OPREGION=y
CONFIG_GPIO_CRYSTAL_COVE=y
CONFIG_AXP288_ADC=y
CONFIG_AXP288_FUEL_GAUGE=y
# CONFIG_PWM_CRC is not set
CONFIG_X86_INTEL_PSTATE=y
@ -133,6 +134,7 @@ CONFIG_CRYPTO_DEV_CCP=y
CONFIG_CRYPTO_DEV_CCP_DD=m
CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
CONFIG_CRYPTO_DEV_QAT_DH895xCC=m
CONFIG_CRYPTO_DEV_QAT_DH895xCCVF=m
CONFIG_GENERIC_ISA_DMA=y
@ -310,6 +312,9 @@ CONFIG_XEN_PCIDEV_BACKEND=m
CONFIG_XEN_ACPI_PROCESSOR=m
# CONFIG_XEN_SCSI_FRONTEND is not set
# CONFIG_XEN_SCSI_BACKEND is not set
CONFIG_XEN_SYMS=y
CONFIG_SPI_PXA2XX=m
CONFIG_MTD_ESB2ROM=m
CONFIG_MTD_CK804XROM=m
@ -457,6 +462,8 @@ CONFIG_CRYPTO_CRC32_PCLMUL=m
CONFIG_HP_ACCEL=m
CONFIG_SURFACE_PRO3_BUTTON=m
# CONFIG_RAPIDIO is not set
CONFIG_SCHED_SMT=y
@ -498,10 +505,14 @@ CONFIG_NFC_MICROREAD_MEI=m
# CONFIG_X86_GOLDFISH is not set
CONFIG_X86_INTEL_LPSS=y
CONFIG_IDMA64=m
# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set
CONFIG_MFD_INTEL_LPSS_ACPI=m
CONFIG_MFD_INTEL_LPSS_PCI=m
CONFIG_IOSF_MBI=m
# CONFIG_IOSF_MBI_DEBUG is not set
CONFIG_PWM_LPSS=m
@ -536,6 +547,7 @@ CONFIG_X86_PKG_TEMP_THERMAL=m
CONFIG_INTEL_SOC_DTS_THERMAL=m
CONFIG_INT340X_THERMAL=m
CONFIG_INTEL_RAPL=m
CONFIG_INTEL_PCH_THERMAL=m
CONFIG_VMWARE_VMCI=m
CONFIG_VMWARE_VMCI_VSOCKETS=m
@ -554,6 +566,8 @@ CONFIG_MODULE_SIG_ALL=y
# CONFIG_MODULE_SIG_SHA1 is not set
CONFIG_MODULE_SIG_SHA256=y
# CONFIG_MODULE_SIG_FORCE is not set
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
CONFIG_SYSTEM_TRUSTED_KEYS=""
CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
CONFIG_EFI_SIGNATURE_LIST_PARSER=y
@ -563,9 +577,11 @@ CONFIG_EFI_SIGNATURE_LIST_PARSER=y
CONFIG_MODULE_SIG_UEFI=y
CONFIG_VMXNET3=m
CONFIG_FUJITSU_ES=m
CONFIG_VFIO_PCI_VGA=y
CONFIG_PCH_CAN=m
# CONFIG_X86_DEBUG_FPU is not set
# CONFIG_PUNIT_ATOM_DEBUG is not set
# CONFIG_AMD_MCE_INJ is not set

5
config-x86_64-generic
View File

@ -86,6 +86,8 @@ CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
CONFIG_CRYPTO_DES3_EDE_X86_64=m
CONFIG_CRYPTO_POLY1305_X86_64=m
CONFIG_CRYPTO_CHACHA20_X86_64=m
# staging crypto
# CONFIG_CRYPTO_SKEIN is not set
@ -134,6 +136,7 @@ CONFIG_XEN_SYS_HYPERVISOR=y
# CONFIG_XEN_MCE_LOG is not set
# CONFIG_XEN_STUB is not set
# CONFIG_XEN_PVH is not set
CONFIG_XEN_512GB=y
CONFIG_PROVIDE_OHCI1394_DMA_INIT=y
@ -199,6 +202,8 @@ CONFIG_BTT=y
CONFIG_ND_BTT=m
CONFIG_ND_BLK=m
CONFIG_MDIO_OCTEON=m
CONFIG_NO_HZ_FULL=y
# CONFIG_NO_HZ_IDLE is not set
# CONFIG_NO_HZ_FULL_ALL is not set

65
dcache-Handle-escaped-paths-in-prepend_path.patch Normal file
View File

@ -0,0 +1,65 @@
From c0ea161a6e7158281f64bc6d41126da43cb08f14 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Sat, 15 Aug 2015 13:36:12 -0500
Subject: [PATCH 1/2] dcache: Handle escaped paths in prepend_path
commit cde93be45a8a90d8c264c776fab63487b5038a65 upstream.
A rename can result in a dentry that by walking up d_parent
will never reach it's mnt_root. For lack of a better term
I call this an escaped path.
prepend_path is called by four different functions __d_path,
d_absolute_path, d_path, and getcwd.
__d_path only wants to see paths are connected to the root it passes
in. So __d_path needs prepend_path to return an error.
d_absolute_path similarly wants to see paths that are connected to
some root. Escaped paths are not connected to any mnt_root so
d_absolute_path needs prepend_path to return an error greater
than 1. So escaped paths will be treated like paths on lazily
unmounted mounts.
getcwd needs to prepend "(unreachable)" so getcwd also needs
prepend_path to return an error.
d_path is the interesting hold out. d_path just wants to print
something, and does not care about the weird cases. Which raises
the question what should be printed?
Given that <escaped_path>/<anything> should result in -ENOENT I
believe it is desirable for escaped paths to be printed as empty
paths. As there are not really any meaninful path components when
considered from the perspective of a mount tree.
So tweak prepend_path to return an empty path with an new error
code of 3 when it encounters an escaped path.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
fs/dcache.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/fs/dcache.c b/fs/dcache.c
index 9b5fe503f6cb..e3b44ca75a1b 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2926,6 +2926,13 @@ restart:
if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
struct mount *parent = ACCESS_ONCE(mnt->mnt_parent);
+ /* Escaped? */
+ if (dentry != vfsmnt->mnt_root) {
+ bptr = *buffer;
+ blen = *buflen;
+ error = 3;
+ break;
+ }
/* Global root? */
if (mnt != parent) {
dentry = ACCESS_ONCE(mnt->mnt_mountpoint);
--
2.4.3

12
disable-i8042-check-on-apple-mac.patch
View File

@ -1,3 +1,4 @@
From 31e64826785b5bafef7a6361516c060be2bca253 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Thu, 20 May 2010 10:30:31 -0400
Subject: [PATCH] disable i8042 check on apple mac
@ -17,11 +18,11 @@ Signed-off-by: Bastien Nocera <hadess@hadess.net>
1 file changed, 22 insertions(+)
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
index 4022b75eaad7..1aaf06aa7b0f 100644
index c9c98f0ab284..5137185e14a9 100644
--- a/drivers/input/serio/i8042.c
+++ b/drivers/input/serio/i8042.c
@@ -1506,6 +1506,22 @@ static struct platform_driver i8042_driver = {
.shutdown = i8042_shutdown,
@@ -1540,6 +1540,22 @@ static struct notifier_block i8042_kbd_bind_notifier_block = {
.notifier_call = i8042_kbd_bind_notifier,
};
+#ifdef CONFIG_DMI
@ -43,7 +44,7 @@ index 4022b75eaad7..1aaf06aa7b0f 100644
static int __init i8042_init(void)
{
struct platform_device *pdev;
@@ -1513,6 +1529,12 @@ static int __init i8042_init(void)
@@ -1547,6 +1563,12 @@ static int __init i8042_init(void)
dbg_init();
@ -56,3 +57,6 @@ index 4022b75eaad7..1aaf06aa7b0f 100644
err = i8042_platform_init();
if (err)
return err;
--
2.4.3

18
drm-i915-hush-check-crtc-state.patch
View File

@ -1,3 +1,4 @@
From 02f47b49ab1cdbe62ceb71b658e2c469799ae368 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Wed, 13 Nov 2013 10:17:24 -0500
Subject: [PATCH] drm/i915: hush check crtc state
@ -14,15 +15,18 @@ Upstream-status: http://lists.freedesktop.org/archives/intel-gfx/2013-November/0
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index 647b1404c441..e102a06f26e0 100644
index ca9278be49f7..308ac0539a87 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -12322,7 +12322,7 @@ check_crtc_state(struct drm_device *dev)
if (active &&
!intel_pipe_config_compare(dev, crtc->config, &pipe_config)) {
@@ -12688,7 +12688,7 @@ check_crtc_state(struct drm_device *dev, struct drm_atomic_state *old_state)
sw_config = to_intel_crtc_state(crtc->state);
if (!intel_pipe_config_compare(dev, sw_config,
pipe_config, false)) {
- I915_STATE_WARN(1, "pipe state doesn't match!\n");
+ DRM_DEBUG_KMS("pipe state doesn't match!\n");
intel_dump_pipe_config(crtc, &pipe_config,
intel_dump_pipe_config(intel_crtc, pipe_config,
"[hw state]");
intel_dump_pipe_config(crtc, crtc->config,
intel_dump_pipe_config(intel_crtc, sw_config,
--
2.4.3

10
efi-Add-EFI_SECURE_BOOT-bit.patch
View File

@ -1,6 +1,7 @@
From b4467813ec088c13bd8c9f1eafb7c29d889d7c8f Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:33:03 -0400
Subject: [PATCH] efi: Add EFI_SECURE_BOOT bit
Subject: [PATCH 13/20] efi: Add EFI_SECURE_BOOT bit
UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
for use with efi_enabled.
@ -12,10 +13,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
2 files changed, 3 insertions(+)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index c2e4f52cad30..5def6b4143fa 100644
index 1ac118146e90..f93826b8522c 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1162,7 +1162,9 @@ void __init setup_arch(char **cmdline_p)
@@ -1137,7 +1137,9 @@ void __init setup_arch(char **cmdline_p)
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
if (boot_params.secure_boot) {
@ -37,3 +38,6 @@ index 85ef051ac6fb..de3e45088d4a 100644
#ifdef CONFIG_EFI
/*
--
2.4.3

8
efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
View File

@ -1,6 +1,7 @@
From 9ef94251448aa463c5937ee8e8e27d6fd9529509 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 5 Feb 2013 19:25:05 -0500
Subject: [PATCH] efi: Disable secure boot if shim is in insecure mode
Subject: [PATCH 11/20] efi: Disable secure boot if shim is in insecure mode
A user can manually tell the shim boot loader to disable validation of
images it loads. When a user does this, it creates a UEFI variable called
@ -14,7 +15,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index 1ef8ea7f8ed9..d82dc9c1c19e 100644
index b4de3faa3f29..5cc2ef570390 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -830,8 +830,9 @@ out:
@ -52,3 +53,6 @@ index 1ef8ea7f8ed9..d82dc9c1c19e 100644
return 1;
}
--
2.4.3

10
efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
View File

@ -1,6 +1,7 @@
From 0081083434db41c15b72eced975da0bd9b80566b Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:28:43 -0400
Subject: [PATCH] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
Subject: [PATCH 12/20] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
The functionality of the config option is dependent upon the platform being
UEFI based. Reflect this in the config deps.
@ -11,10 +12,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 4da6644b1fd0..341a1457f7c7 100644
index 14db458f4774..f6ff0a86d841 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1704,7 +1704,8 @@ config EFI_MIXED
@@ -1735,7 +1735,8 @@ config EFI_MIXED
If unsure, say N.
config EFI_SECURE_BOOT_SIG_ENFORCE
@ -24,3 +25,6 @@ index 4da6644b1fd0..341a1457f7c7 100644
prompt "Force module signing when UEFI Secure Boot is enabled"
---help---
UEFI Secure Boot provides a mechanism for ensuring that the
--
2.4.3

0
filter-aarch64.sh Normal file → Executable file
View File

0
filter-armv7hl.sh Normal file → Executable file
View File

0
filter-i686.sh Normal file → Executable file
View File

0
filter-ppc64.sh Normal file → Executable file
View File

0
filter-ppc64le.sh Normal file → Executable file
View File

0
filter-ppc64p7.sh Normal file → Executable file
View File

0
filter-s390x.sh Normal file → Executable file
View File

0
filter-x86_64.sh Normal file → Executable file
View File

6
hibernate-Disable-in-a-signed-modules-environment.patch
View File

@ -1,6 +1,7 @@
From 51abecb00c48941cc3db19701cc73e65082924bb Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 20 Jun 2014 08:53:24 -0400
Subject: [PATCH] hibernate: Disable in a signed modules environment
Subject: [PATCH 14/20] hibernate: Disable in a signed modules environment
There is currently no way to verify the resume image when returning
from hibernate. This might compromise the signed modules trust model,
@ -33,3 +34,6 @@ index 690f78f210f2..037303a1cba9 100644
}
/**
--
2.4.3

40
ideapad-laptop-Add-Lenovo-Yoga-3-14-to-no_hw_rfkill-.patch
View File

@ -1,40 +0,0 @@
From 72695420d48c264b3ca0dacccda1a4789a52c2f6 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Fri, 24 Jul 2015 11:45:28 +0200
Subject: [PATCH] ideapad-laptop: Add Lenovo Yoga 3 14 to no_hw_rfkill dmi list
Like some of the other Yoga models the Lenovo Yoga 3 14 does not have a
hw rfkill switch, and trying to read the hw rfkill switch through the
ideapad module causes it to always reported blocking breaking wifi.
This commit adds the Lenovo Yoga 3 14 to the no_hw_rfkill dmi list, fixing
the wifi breakage.
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1239050
Cc: stable@vger.kernel.org
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/platform/x86/ideapad-laptop.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
index 76b57388d01b..81c3e582309a 100644
--- a/drivers/platform/x86/ideapad-laptop.c
+++ b/drivers/platform/x86/ideapad-laptop.c
@@ -853,6 +853,13 @@ static const struct dmi_system_id no_hw_rfkill_list[] = {
},
},
{
+ .ident = "Lenovo Yoga 3 14",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Yoga 3 14"),
+ },
+ },
+ {
.ident = "Lenovo Yoga 3 Pro 1370",
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
--
2.4.3

8
input-silence-i8042-noise.patch
View File

@ -16,10 +16,10 @@ Upstream-status: Fedora mustard
3 files changed, 2 insertions(+), 9 deletions(-)
diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c
index 30b7bbfdc558..95863902627f 100644
index 9717d5f20139..a3101d2fd936 100644
--- a/drivers/base/power/main.c
+++ b/drivers/base/power/main.c
@@ -123,8 +123,6 @@ void device_pm_unlock(void)
@@ -122,8 +122,6 @@ void device_pm_unlock(void)
*/
void device_pm_add(struct device *dev)
{
@ -29,7 +29,7 @@ index 30b7bbfdc558..95863902627f 100644
if (dev->parent && dev->parent->power.is_prepared)
dev_warn(dev, "parent %s should not be sleeping\n",
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
index cb5ece77fd7d..4022b75eaad7 100644
index 986a71c614b0..bfb0b2280df0 100644
--- a/drivers/input/serio/i8042.c
+++ b/drivers/input/serio/i8042.c
@@ -871,7 +871,6 @@ static int __init i8042_check_aux(void)
@ -41,7 +41,7 @@ index cb5ece77fd7d..4022b75eaad7 100644
}
diff --git a/net/can/af_can.c b/net/can/af_can.c
index 7933e62a7318..96a911003af7 100644
index 32d710eaf1fc..af4a20b86ee7 100644
--- a/net/can/af_can.c
+++ b/net/can/af_can.c
@@ -155,13 +155,9 @@ static int can_create(struct net *net, struct socket *sock, int protocol,

12
kbuild-AFTER_LINK.patch
View File

@ -1,3 +1,4 @@
From 7877d76b409181af38d307b98d8fed1024f3c9c2 Mon Sep 17 00:00:00 2001
From: Roland McGrath <roland@redhat.com>
Date: Mon, 6 Oct 2008 23:03:03 -0700
Subject: [PATCH] kbuild: AFTER_LINK
@ -62,7 +63,7 @@ index effca9404b17..713891a92d23 100644
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
diff --git a/arch/s390/kernel/vdso32/Makefile b/arch/s390/kernel/vdso32/Makefile
index 8ad2b34ad151..e153572ab351 100644
index ee8a18e50a25..63e33fa049f8 100644
--- a/arch/s390/kernel/vdso32/Makefile
+++ b/arch/s390/kernel/vdso32/Makefile
@@ -43,7 +43,8 @@ $(obj-vdso32): %.o: %.S
@ -76,7 +77,7 @@ index 8ad2b34ad151..e153572ab351 100644
cmd_vdso32as = $(CC) $(a_flags) -c -o $@ $<
diff --git a/arch/s390/kernel/vdso64/Makefile b/arch/s390/kernel/vdso64/Makefile
index 2a8ddfd12a5b..452ca53561fe 100644
index c4b03f9ed228..550450fc2f95 100644
--- a/arch/s390/kernel/vdso64/Makefile
+++ b/arch/s390/kernel/vdso64/Makefile
@@ -43,7 +43,8 @@ $(obj-vdso64): %.o: %.S
@ -90,7 +91,7 @@ index 2a8ddfd12a5b..452ca53561fe 100644
cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
index e97032069f88..9ea82f444dea 100644
index a3d0767a6b29..078c9be1db8f 100644
--- a/arch/x86/entry/vdso/Makefile
+++ b/arch/x86/entry/vdso/Makefile
@@ -172,8 +172,9 @@ $(vdso32-images:%=$(obj)/%.dbg): $(obj)/vdso32-%.so.dbg: FORCE \
@ -103,7 +104,7 @@ index e97032069f88..9ea82f444dea 100644
+ $(if $(AFTER_LINK),; $(AFTER_LINK)) && \
+ sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv) \
VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=both) \
$(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS)
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
index 1a10d8ac8162..092d0c0cf72c 100755
@ -120,3 +121,6 @@ index 1a10d8ac8162..092d0c0cf72c 100755
}
--
2.4.3

93
kernel.spec
View File

@ -46,13 +46,13 @@ Summary: The Linux kernel
# base_sublevel is the kernel version we're starting with and patching
# on top of -- for example, 3.1-rc7-git1 starts with a 3.0 base,
# which yields a base_sublevel of 0.
%define base_sublevel 2
%define base_sublevel 3
## If this is a released kernel ##
%if 0%{?released_kernel}
# Do we have a -stable update to apply?
%define stable_update 8
%define stable_update 3
# Set rpm version accordingly
%if 0%{?stable_update}
%define stablerev %{stable_update}
@ -388,8 +388,12 @@ BuildRequires: rpm-build, elfutils
%define debuginfo_args --strict-build-id -r
%endif
%ifarch %{ix86} x86_64
# MODULE_SIG is enabled in config-x86-generic and needs these:
BuildRequires: openssl openssl-devel
%endif
%if %{signmodules}
BuildRequires: openssl
BuildRequires: pesign >= 0.10-4
%endif
@ -502,15 +506,13 @@ Patch455: usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
Patch456: arm64-acpi-drop-expert-patch.patch
Patch457: showmem-cma-correct-reserved-memory-calculation.patch
Patch457: ARM-tegra-usb-no-reset.patch
Patch458: ARM-tegra-usb-no-reset.patch
Patch458: ARM-dts-Add-am335x-bonegreen.patch
Patch459: regulator-axp20x-module-alias.patch
Patch459: 0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch
Patch460: regulator-anatop-module-alias.patch
Patch461: ARM-dts-Add-am335x-bonegreen.patch
Patch460: mfd-wm8994-Ensure-that-the-whole-MFD-is-built-into-a.patch
Patch463: arm-i.MX6-Utilite-device-dtb.patch
@ -520,8 +522,6 @@ Patch467: die-floppy-die.patch
Patch468: no-pcspkr-modalias.patch
Patch469: input-silence-i8042-noise.patch
Patch470: silence-fbcon-logo.patch
Patch471: Kbuild-Add-an-option-to-enable-GCC-VTA.patch
@ -590,31 +590,11 @@ Patch502: firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch
Patch503: drm-i915-turn-off-wc-mmaps.patch
#rhbz 1244511
Patch507: HID-chicony-Add-support-for-Acer-Aspire-Switch-12.patch
Patch508: kexec-uefi-copy-secure_boot-flag-in-boot-params.patch
#rhbz 1239050
Patch509: ideapad-laptop-Add-Lenovo-Yoga-3-14-to-no_hw_rfkill-.patch
#rhbz 1253789
Patch510: iSCSI-let-session-recovery_tmo-sysfs-writes-persist.patch
#rhbz 1257534
Patch513: nv46-Change-mc-subdev-oclass-from-nv44-to-nv4c.patch
#rhbz 1257500
Patch517: vmwgfx-Rework-device-initialization.patch
Patch518: drm-vmwgfx-Allow-dropped-masters-render-node-like-ac.patch
#rhbz 1272172
Patch540: 0001-KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch
Patch541: 0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch
#CVE-2015-7799 rhbz 1271134 1271135
Patch543: isdn_ppp-Add-checks-for-allocation-failure-in-isdn_p.patch
Patch544: ppp-slip-Validate-VJ-compression-slot-parameters-com.patch
Patch512: isdn_ppp-Add-checks-for-allocation-failure-in-isdn_p.patch
Patch513: ppp-slip-Validate-VJ-compression-slot-parameters-com.patch
#CVE-2015-8104 rhbz 1278496 1279691
Patch551: KVM-svm-unconditionally-intercept-DB.patch
@ -630,11 +610,6 @@ Patch556: netfilter-ipset-Fix-extension-alignment.patch
Patch557: netfilter-ipset-Fix-hash-type-expiration.patch
Patch558: netfilter-ipset-Fix-hash-type-expire-release-empty-h.patch
#rhbz 1278688
Patch560: 0001-KVM-x86-build-kvm_userspace_memory_region-in-x86_set.patch
Patch561: 0002-KVM-x86-map-unmap-private-slots-in-__x86_set_memory_.patch
Patch562: 0003-KVM-x86-fix-previous-commit-for-32-bit.patch
#rhbz 1284059
Patch566: KEYS-Fix-handling-of-stored-error-in-a-negatively-in.patch
@ -650,6 +625,9 @@ Patch570: HID-multitouch-enable-palm-rejection-if-device-imple.patch
#rhbz 1286293
Patch571: ideapad-laptop-Add-Lenovo-ideapad-Y700-17ISK-to-no_h.patch
#rhbz 1288687
Patch572: alua_fix.patch
#CVE-XXXX-XXXX rhbz 1291329 1291332
Patch574: ovl-fix-permission-checking-for-setattr.patch
@ -662,8 +640,10 @@ Patch576: net-add-validation-for-the-socket-syscall-protocol-a.patch
#CVE-2015-8569 rhbz 1292045 1292047
Patch600: pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
Patch601: vrf-fix-memory-leak-on-registration.patch
#CVE-2015-8575 rhbz 1292840 1292841
Patch601: bluetooth-Validate-socket-address-length-in-sco_sock.patch
Patch602: bluetooth-Validate-socket-address-length-in-sco_sock.patch
# END OF PATCH DEFINITIONS
@ -1368,11 +1348,9 @@ BuildKernel() {
cp configs/$Config .config
%if %{signmodules}
cp %{SOURCE11} .
cp %{SOURCE11} certs/.
%endif
chmod +x scripts/sign-file
Arch=`head -1 .config | cut -b 3-`
echo USING ARCH=$Arch
@ -1614,8 +1592,8 @@ BuildKernel() {
%if %{signmodules}
# Save the signing keys so we can sign the modules in __modsign_install_post
cp signing_key.priv signing_key.priv.sign${Flav}
cp signing_key.x509 signing_key.x509.sign${Flav}
cp certs/signing_key.pem certs/signing_key.pem.sign${Flav}
cp certs/signing_key.x509 certs/signing_key.x509.sign${Flav}
%endif
# Move the devel headers out of the root file system
@ -1710,16 +1688,16 @@ popd
%define __modsign_install_post \
if [ "%{signmodules}" -eq "1" ]; then \
if [ "%{with_pae}" -ne "0" ]; then \
%{modsign_cmd} signing_key.priv.sign+%{pae} signing_key.x509.sign+%{pae} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}/ \
%{modsign_cmd} certs/signing_key.pem.sign+%{pae} certs/signing_key.x509.sign+%{pae} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}/ \
fi \
if [ "%{with_debug}" -ne "0" ]; then \
%{modsign_cmd} signing_key.priv.sign+debug signing_key.x509.sign+debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+debug/ \
%{modsign_cmd} certs/signing_key.pem.sign+debug certs/signing_key.x509.sign+debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+debug/ \
fi \
if [ "%{with_pae_debug}" -ne "0" ]; then \
%{modsign_cmd} signing_key.priv.sign+%{pae}debug signing_key.x509.sign+%{pae}debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}debug/ \
%{modsign_cmd} certs/signing_key.pem.sign+%{pae}debug certs/signing_key.x509.sign+%{pae}debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}debug/ \
fi \
if [ "%{with_up}" -ne "0" ]; then \
%{modsign_cmd} signing_key.priv.sign signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
%{modsign_cmd} certs/signing_key.pem.sign certs/signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
fi \
fi \
if [ "%{zipmodules}" -eq "1" ]; then \
@ -1980,6 +1958,7 @@ fi
%{_libdir}/traceevent/plugins/*
%dir %{_libexecdir}/perf-core
%{_libexecdir}/perf-core/*
%{_datadir}/perf-core/*
%{_mandir}/man[1-8]/perf*
%{_sysconfdir}/bash_completion.d/perf
%doc linux-%{KVERREL}/tools/perf/Documentation/examples.txt
@ -2109,9 +2088,15 @@ fi
#
#
%changelog
* Tue Jan 05 2016 Josh Boyer <jwboyer@fedoraproject.org>
- Merge 4.3.3 from stabilization branch
* Fri Dec 18 2015 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2015-8575 information leak in sco_sock_bind (rhbz 1292840 1292841)
* Thu Dec 17 2015 Justin M. Forbes <jforbes@fedoraproject.org>
- Fix for memory leak in vrf
* Thu Dec 17 2015 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2015-8569 info leak from getsockname (rhbz 1292045 1292047)
@ -2128,6 +2113,9 @@ fi
* Fri Dec 11 2015 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2013-7446 unix sockects use after free (rhbz 1282688 1282712)
* Thu Dec 10 2015 Laura Abbott <labbott@redhat.com>
- Ignore errors from scsi_dh_add_device (rhbz 1288687)
* Thu Dec 10 2015 Josh Boyer <jwboyer@fedoraproject.org>
- Fix rfkill issues on ideapad Y700-17ISK (rhbz 1286293)
@ -2138,6 +2126,9 @@ fi
- Add patch to fix palm rejection on certain touchpads (rhbz 1287819)
- Add new PCI ids for wireless, including Lenovo Yoga (rhbz 1275490)
* Tue Dec 01 2015 Laura Abbott <labbott@redhat.com>
- Enable CONFIG_X86_INTEL_MPX (rhbz 1287279)
* Tue Dec 01 2015 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2015-7515 aiptek: crash on invalid device descriptors (rhbz 1285326 1285331)
- CVE-2015-7833 usbvision: crash on invalid device descriptors (rhbz 1270158 1270160)
@ -2146,6 +2137,9 @@ fi
- Fix crash in add_key (rhbz 1284059)
- CVE-2015-8374 btrfs: info leak when truncating compressed/inlined extents (rhbz 1286261 1286262)
* Sun Nov 22 2015 Peter Robinson <pbrobinson@fedoraproject.org>
- Fix sound issue on some ARM devices (tested on Arndale)
* Fri Nov 20 2015 Justin M. Forbes <jmforbes@fedoraproject.org> - 4.2.6-301
- Fix for GRE tunnel running in IPSec (rhbz 1272571)
- Fix KVM on specific hardware (rhbz 1278688)
@ -2153,6 +2147,9 @@ fi
* Mon Nov 16 2015 Josh Boyer <jwboyer@fedoraproject.org>
- Fix ipset netfilter issues (rhbz 1279189)
* Thu Nov 12 2015 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2015-5327 x509 time validation
* Tue Nov 10 2015 Josh Boyer <jwboyer@fedoraproject.org>
- Fix Yoga 900 rfkill switch issues (rhbz 1275490)

22
kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
View File

@ -1,3 +1,4 @@
From 6306cad6e5663424c08e5ebdfdcfd799c5537bfe Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 03:33:56 -0400
Subject: [PATCH] kexec: Disable at runtime if the kernel enforces module
@ -13,18 +14,18 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
1 file changed, 8 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index a785c1015e25..81d6b404f33c 100644
index 4c5edc357923..db431971dbd4 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -36,6 +36,7 @@
#include <linux/syscore_ops.h>
#include <linux/compiler.h>
#include <linux/hugetlb.h>
@@ -10,6 +10,7 @@
#include <linux/mm.h>
#include <linux/file.h>
#include <linux/kexec.h>
+#include <linux/module.h>
#include <asm/page.h>
#include <asm/uaccess.h>
@@ -1258,6 +1259,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
#include <linux/mutex.h>
#include <linux/list.h>
#include <linux/syscalls.h>
@@ -133,6 +134,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
return -EPERM;
/*
@ -38,3 +39,6 @@ index a785c1015e25..81d6b404f33c 100644
* Verify we have a legal set of flags
* This leaves us room for future extensions.
*/
--
2.4.3

28
mfd-wm8994-Ensure-that-the-whole-MFD-is-built-into-a.patch Normal file
View File

@ -0,0 +1,28 @@
From 567a18f57213647e2c31bbdc7f6b8f9991d22fad Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Fri, 13 Nov 2015 19:03:29 +0000
Subject: [PATCH] mfd: wm8994: Ensure that the whole MFD is built into a single
module
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
---
drivers/mfd/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/mfd/Makefile b/drivers/mfd/Makefile
index a59e3fc..4a767ef 100644
--- a/drivers/mfd/Makefile
+++ b/drivers/mfd/Makefile
@@ -61,7 +61,8 @@ wm8350-objs := wm8350-core.o wm8350-regmap.o wm8350-gpio.o
wm8350-objs += wm8350-irq.o
obj-$(CONFIG_MFD_WM8350) += wm8350.o
obj-$(CONFIG_MFD_WM8350_I2C) += wm8350-i2c.o
-obj-$(CONFIG_MFD_WM8994) += wm8994-core.o wm8994-irq.o wm8994-regmap.o
+wm8994-objs := wm8994-core.o wm8994-irq.o wm8994-regmap.o
+obj-$(CONFIG_MFD_WM8994) += wm8994.o
obj-$(CONFIG_TPS6105X) += tps6105x.o
obj-$(CONFIG_TPS65010) += tps65010.o
--
2.5.0

76
net-inet-fix-race-in-reqsk_queue_unlink.patch Normal file
View File

@ -0,0 +1,76 @@
From patchwork Thu Oct 1 12:39:26 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [net] inet: fix race in reqsk_queue_unlink()
From: Eric Dumazet <eric.dumazet@gmail.com>
X-Patchwork-Id: 524966
Message-Id: <1443703166.32531.47.camel@edumazet-glaptop2.roam.corp.google.com>
To: David Miller <davem@davemloft.net>
Cc: netdev <netdev@vger.kernel.org>, Yuchung Cheng <ycheng@google.com>
Date: Thu, 01 Oct 2015 05:39:26 -0700
From: Eric Dumazet <edumazet@google.com>
reqsk_timer_handler() tests if icsk_accept_queue.listen_opt
is NULL at its beginning.
By the time it calls inet_csk_reqsk_queue_drop() and
reqsk_queue_unlink(), listener might have been closed and
inet_csk_listen_stop() had called reqsk_queue_yank_acceptq()
which sets icsk_accept_queue.listen_opt to NULL
We therefore need to correctly check listen_opt being NULL
after holding syn_wait_lock for proper synchronization.
Fixes: fa76ce7328b2 ("inet: get rid of central tcp/dccp listener timer")
Fixes: b357a364c57c ("inet: fix possible panic in reqsk_queue_unlink()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
---
net/ipv4/inet_connection_sock.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index 7bb9c39e0a4d..61b45a17fc73 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -577,21 +577,22 @@ EXPORT_SYMBOL(inet_rtx_syn_ack);
static bool reqsk_queue_unlink(struct request_sock_queue *queue,
struct request_sock *req)
{
- struct listen_sock *lopt = queue->listen_opt;
struct request_sock **prev;
+ struct listen_sock *lopt;
bool found = false;
spin_lock(&queue->syn_wait_lock);
-
- for (prev = &lopt->syn_table[req->rsk_hash]; *prev != NULL;
- prev = &(*prev)->dl_next) {
- if (*prev == req) {
- *prev = req->dl_next;
- found = true;
- break;
+ lopt = queue->listen_opt;
+ if (lopt) {
+ for (prev = &lopt->syn_table[req->rsk_hash]; *prev != NULL;
+ prev = &(*prev)->dl_next) {
+ if (*prev == req) {
+ *prev = req->dl_next;
+ found = true;
+ break;
+ }
}
}
-
spin_unlock(&queue->syn_wait_lock);
if (timer_pending(&req->rsk_timer) && del_timer_sync(&req->rsk_timer))
reqsk_put(req);

34
pinctrl-pinctrl-single-must-be-initialized-early.patch Normal file
View File

@ -0,0 +1,34 @@
From: Pantelis Antoniou <panto@antoniou-consulting.com>
Date: Sat, 15 Sep 2012 12:00:41 +0300
Subject: [PATCH] pinctrl: pinctrl-single must be initialized early.
When using pinctrl-single to handle i2c initialization, it has
to be done early. Whether this is the best way to do so, is an
exercise left to the reader.
---
drivers/pinctrl/pinctrl-single.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c
index 69e84427f913..f21cf4291476 100644
--- a/drivers/pinctrl/pinctrl-single.c
+++ b/drivers/pinctrl/pinctrl-single.c
@@ -2025,7 +2025,17 @@ static struct platform_driver pcs_driver = {
#endif
};
-module_platform_driver(pcs_driver);
+static int __init pcs_init(void)
+{
+ return platform_driver_register(&pcs_driver);
+}
+postcore_initcall(pcs_init);
+
+static void __exit pcs_exit(void)
+{
+ platform_driver_unregister(&pcs_driver);
+}
+module_exit(pcs_exit);
MODULE_AUTHOR("Tony Lindgren <tony@atomide.com>");
MODULE_DESCRIPTION("One-register-per-pin type device tree based pinctrl driver");

24
regulator-anatop-module-alias.patch
View File

@ -1,24 +0,0 @@
From d702ffd4d1df73b9c620af1654af42ff5b8d5c09 Fri Sep 18 19:09:07 2015
From: Luis de Bethencourt <luis@debethencourt.com>
Date: Fri Sep 18 19:09:07 2015 +0200
regulator: anatop: Fix module autoload for OF platform driver
This platform driver has a OF device ID table but the OF module
alias information is not created so module autoloading won't work.
Signed-off-by: Luis de Bethencourt <luisbg@osg.samsung.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
diff --git a/drivers/regulator/anatop-regulator.c b/drivers/regulator/anatop-regulator.c
index 738adfa..52ea605 100644
--- a/drivers/regulator/anatop-regulator.c
+++ b/drivers/regulator/anatop-regulator.c
@@ -318,6 +318,7 @@ static const struct of_device_id of_anatop_regulator_match_tbl[] = {
{ .compatible = "fsl,anatop-regulator", },
{ /* end */ }
};
+MODULE_DEVICE_TABLE(of, of_anatop_regulator_match_tbl);
static struct platform_driver anatop_regulator_driver = {
.driver = {

61
showmem-cma-correct-reserved-memory-calculation.patch
View File

@ -1,61 +0,0 @@
From 3a83eda52f34b97168b70098ef0e34dbcaeaaf8f Mon Sep 17 00:00:00 2001
From: Vishnu Pratap Singh <vishnu.ps@samsung.com>
Date: Tue, 25 Aug 2015 00:04:44 +0000
Subject: lib/show_mem.c: correct reserved memory calculation
CMA reserved memory is not part of total reserved memory.
Currently when we print the total reserve memory it considers
cma as part of reserve memory and do minus of totalcma_pages
from reserved, which is wrong. In cases where total reserved
is less than cma reserved we will get negative values & while
printing we print as unsigned and we will get a very large value.
Below is the show mem output on X86 ubuntu based system where
CMA reserved is 100MB (25600 pages) & total reserved is ~40MB(10316 pages).
And reserve memory shows a large value because of this bug.
Before:
[ 127.066430] 898908 pages RAM
[ 127.066432] 671682 pages HighMem/MovableOnly
[ 127.066434] 4294952012 pages reserved
[ 127.066436] 25600 pages cma reserved
After:
[ 44.663129] 898908 pages RAM
[ 44.663130] 671682 pages HighMem/MovableOnly
[ 44.663130] 10316 pages reserved
[ 44.663131] 25600 pages cma reserved
Signed-off-by: Vishnu Pratap Singh <vishnu.ps@samsung.com>
Cc: Michal Nazarewicz <mina86@mina86.com>
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Danesh Petigara <dpetigara@broadcom.com>
Cc: Laura Abbott <lauraa@codeaurora.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
lib/show_mem.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/lib/show_mem.c b/lib/show_mem.c
index adc98e18..1feed6a 100644
--- a/lib/show_mem.c
+++ b/lib/show_mem.c
@@ -38,11 +38,9 @@ void show_mem(unsigned int filter)
printk("%lu pages RAM\n", total);
printk("%lu pages HighMem/MovableOnly\n", highmem);
+ printk("%lu pages reserved\n", reserved);
#ifdef CONFIG_CMA
- printk("%lu pages reserved\n", (reserved - totalcma_pages));
printk("%lu pages cma reserved\n", totalcma_pages);
-#else
- printk("%lu pages reserved\n", reserved);
#endif
#ifdef CONFIG_QUICKLIST
printk("%lu pages in pagetable cache\n",
--
cgit v0.11.2

39
si2157-Bounds-check-firmware.patch Normal file
View File

@ -0,0 +1,39 @@
From 526fbce5b0e44c67a97c57656b3be9911f0a9b9b Mon Sep 17 00:00:00 2001
From: Laura Abbott <labbott@fedoraproject.org>
Date: Tue, 29 Sep 2015 16:59:20 -0700
Subject: [PATCH 2/2] si2157: Bounds check firmware
To: Antti Palosaari <crope@iki.fi>
To: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Cc: Olli Salonen <olli.salonen@iki.fi>
Cc: linux-media@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
When reading the firmware and sending commands, the length
must be bounds checked to avoid overrunning the size of the command
buffer and smashing the stack if the firmware is not in the
expected format. Add the proper check.
Cc: stable@kernel.org
Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
---
drivers/media/tuners/si2157.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/media/tuners/si2157.c b/drivers/media/tuners/si2157.c
index 5073821..ce157ed 100644
--- a/drivers/media/tuners/si2157.c
+++ b/drivers/media/tuners/si2157.c
@@ -166,6 +166,10 @@ static int si2157_init(struct dvb_frontend *fe)
for (remaining = fw->size; remaining > 0; remaining -= 17) {
len = fw->data[fw->size - remaining];
+ if (len > SI2157_ARGLEN) {
+ dev_err(&client->dev, "Bad firmware length\n");
+ goto err_release_firmware;
+ }
memcpy(cmd.args, &fw->data[(fw->size - remaining) + 1], len);
cmd.wlen = len;
cmd.rlen = 1;
--
2.4.3

50
si2168-Bounds-check-firmware.patch Normal file
View File

@ -0,0 +1,50 @@
From 43018528944fa4965a4048fee91d76b47dcaf60e Mon Sep 17 00:00:00 2001
From: Laura Abbott <labbott@fedoraproject.org>
Date: Mon, 28 Sep 2015 14:10:34 -0700
Subject: [PATCH 1/2] si2168: Bounds check firmware
To: Antti Palosaari <crope@iki.fi>
To: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Cc: Olli Salonen <olli.salonen@iki.fi>
Cc: linux-media@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: Stuart Auchterlonie <sauchter@redhat.com>
When reading the firmware and sending commands, the length must
be bounds checked to avoid overrunning the size of the command
buffer and smashing the stack if the firmware is not in the expected
format:
si2168 11-0064: found a 'Silicon Labs Si2168-B40'
si2168 11-0064: downloading firmware from file 'dvb-demod-si2168-b40-01.fw'
si2168 11-0064: firmware download failed -95
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffffa085708f
Add the proper check.
Cc: stable@kernel.org
Reported-by: Stuart Auchterlonie <sauchter@redhat.com>
Reviewed-by: Antti Palosaari <crope@iki.fi>
Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
---
drivers/media/dvb-frontends/si2168.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/media/dvb-frontends/si2168.c b/drivers/media/dvb-frontends/si2168.c
index 81788c5..821a8f4 100644
--- a/drivers/media/dvb-frontends/si2168.c
+++ b/drivers/media/dvb-frontends/si2168.c
@@ -502,6 +502,10 @@ static int si2168_init(struct dvb_frontend *fe)
/* firmware is in the new format */
for (remaining = fw->size; remaining > 0; remaining -= 17) {
len = fw->data[fw->size - remaining];
+ if (len > SI2168_ARGLEN) {
+ ret = -EINVAL;
+ break;
+ }
memcpy(cmd.args, &fw->data[(fw->size - remaining) + 1], len);
cmd.wlen = len;
cmd.rlen = 1;
--
2.4.3

6
sources
View File

@ -1,3 +1,3 @@
3d5ea06d767e2f35c999eeadafc76523 linux-4.2.tar.xz
4c964bfba54d65b5b54cc898baddecad perf-man-4.2.tar.gz
c000fd7de765fc8cd60942aa52a996ed patch-4.2.8.xz
58b35794eee3b6d52ce7be39357801e7 linux-4.3.tar.xz
7c516c9528b9f9aac0136944b0200b7e perf-man-4.3.tar.gz
d3235b3640ae6ac1ab579171943fda4b patch-4.3.3.xz

110
vfs-Test-for-and-handle-paths-that-are-unreachable-f.patch Normal file
View File

@ -0,0 +1,110 @@
From 14588dfe2e411056df5ba85ef88ad51730a2fa0a Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Sat, 15 Aug 2015 20:27:13 -0500
Subject: [PATCH 2/2] vfs: Test for and handle paths that are unreachable from
their mnt_root
commit 397d425dc26da728396e66d392d5dcb8dac30c37 upstream.
In rare cases a directory can be renamed out from under a bind mount.
In those cases without special handling it becomes possible to walk up
the directory tree to the root dentry of the filesystem and down
from the root dentry to every other file or directory on the filesystem.
Like division by zero .. from an unconnected path can not be given
a useful semantic as there is no predicting at which path component
the code will realize it is unconnected. We certainly can not match
the current behavior as the current behavior is a security hole.
Therefore when encounting .. when following an unconnected path
return -ENOENT.
- Add a function path_connected to verify path->dentry is reachable
from path->mnt.mnt_root. AKA to validate that rename did not do
something nasty to the bind mount.
To avoid races path_connected must be called after following a path
component to it's next path component.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
fs/namei.c | 27 +++++++++++++++++++++++++--
1 file changed, 25 insertions(+), 2 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 1c2105ed20c5..29b927938b8c 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -560,6 +560,24 @@ static int __nd_alloc_stack(struct nameidata *nd)
return 0;
}
+/**
+ * path_connected - Verify that a path->dentry is below path->mnt.mnt_root
+ * @path: nameidate to verify
+ *
+ * Rename can sometimes move a file or directory outside of a bind
+ * mount, path_connected allows those cases to be detected.
+ */
+static bool path_connected(const struct path *path)
+{
+ struct vfsmount *mnt = path->mnt;
+
+ /* Only bind mounts can have disconnected paths */
+ if (mnt->mnt_root == mnt->mnt_sb->s_root)
+ return true;
+
+ return is_subdir(path->dentry, mnt->mnt_root);
+}
+
static inline int nd_alloc_stack(struct nameidata *nd)
{
if (likely(nd->depth != EMBEDDED_LEVELS))
@@ -1296,6 +1314,8 @@ static int follow_dotdot_rcu(struct nameidata *nd)
return -ECHILD;
nd->path.dentry = parent;
nd->seq = seq;
+ if (unlikely(!path_connected(&nd->path)))
+ return -ENOENT;
break;
} else {
struct mount *mnt = real_mount(nd->path.mnt);
@@ -1396,7 +1416,7 @@ static void follow_mount(struct path *path)
}
}
-static void follow_dotdot(struct nameidata *nd)
+static int follow_dotdot(struct nameidata *nd)
{
if (!nd->root.mnt)
set_root(nd);
@@ -1412,6 +1432,8 @@ static void follow_dotdot(struct nameidata *nd)
/* rare case of legitimate dget_parent()... */
nd->path.dentry = dget_parent(nd->path.dentry);
dput(old);
+ if (unlikely(!path_connected(&nd->path)))
+ return -ENOENT;
break;
}
if (!follow_up(&nd->path))
@@ -1419,6 +1441,7 @@ static void follow_dotdot(struct nameidata *nd)
}
follow_mount(&nd->path);
nd->inode = nd->path.dentry->d_inode;
+ return 0;
}
/*
@@ -1634,7 +1657,7 @@ static inline int handle_dots(struct nameidata *nd, int type)
if (nd->flags & LOOKUP_RCU) {
return follow_dotdot_rcu(nd);
} else
- follow_dotdot(nd);
+ return follow_dotdot(nd);
}
return 0;
}
--
2.4.3

42
vrf-fix-memory-leak-on-registration.patch Normal file
View File

@ -0,0 +1,42 @@
From 5780068e17af44a98d432d31448bb18a99ce64dc Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Tue, 15 Dec 2015 15:12:43 +0000
Subject: [PATCH] vrf: Fix memory leak on registration failure in vrf_newlink()
The backported version of commit 7f109f7cc371 ("vrf: fix double free
and memory corruption on register_netdevice failure") incorrectly
removed a kfree() from the failure path as well as the free_netdev().
Add that back.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
drivers/net/vrf.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
index c9e309c..6c25fd0 100644
--- a/drivers/net/vrf.c
+++ b/drivers/net/vrf.c
@@ -581,6 +581,7 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev,
{
struct net_vrf *vrf = netdev_priv(dev);
struct net_vrf_dev *vrf_ptr;
+ int err;
if (!data || !data[IFLA_VRF_TABLE])
return -EINVAL;
@@ -598,7 +599,10 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev,
rcu_assign_pointer(dev->vrf_ptr, vrf_ptr);
- return register_netdev(dev);
+ err = register_netdev(dev);
+ if (err)
+ kfree(vrf_ptr);
+ return err;
}
static size_t vrf_nl_getsize(const struct net_device *dev)
--
2.5.0

7
x86-Lock-down-IO-port-access-when-module-security-is.patch
View File

@ -1,6 +1,8 @@
From 7a3cdd26e6d38031338a6cb591ec2f3faaa9234b Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Thu, 8 Mar 2012 10:35:59 -0500
Subject: [PATCH] x86: Lock down IO port access when module security is enabled
Subject: [PATCH 03/20] x86: Lock down IO port access when module security is
enabled
IO port access would permit users to gain access to PCI configuration
registers, which in turn (on a lot of hardware) give access to MMIO register
@ -65,3 +67,6 @@ index 6b1721f978c2..53fe675f9bd7 100644
if (!access_ok(VERIFY_READ, buf, count))
return -EFAULT;
while (count-- > 0 && i < 65536) {
--
2.4.3

7
x86-Restrict-MSR-access-when-module-loading-is-restr.patch
View File

@ -1,6 +1,8 @@
From c076ed5eed97cba612d7efec41359815c5547f4c Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 8 Feb 2013 11:12:13 -0800
Subject: [PATCH] x86: Restrict MSR access when module loading is restricted
Subject: [PATCH 09/20] x86: Restrict MSR access when module loading is
restricted
Writing to MSRs should not be allowed if module loading is restricted,
since it could lead to execution of arbitrary code in kernel mode. Based
@ -37,3 +39,6 @@ index 113e70784854..26c2f83fc470 100644
if (copy_from_user(&regs, uregs, sizeof regs)) {
err = -EFAULT;
break;
--
2.4.3