Linux v4.1.7
This commit is contained in:
Laura Abbott
parent
b0b7c2cf08
commit
4fc8f5dba9
|
|
@ -1,53 +0,0 @@
|
|||
From 0621809e37936e7c2b3eac9165cf2aad7f9189eb Mon Sep 17 00:00:00 2001
|
||||
From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
|
||||
Date: Mon, 3 Aug 2015 14:57:30 +0900
|
||||
Subject: [PATCH] HID: hid-input: Fix accessing freed memory during device
|
||||
disconnect
|
||||
|
||||
During unbinding the driver was dereferencing a pointer to memory
|
||||
already freed by power_supply_unregister().
|
||||
|
||||
Driver was freeing its internal description of battery through pointers
|
||||
stored in power_supply structure. However, because the core owns the
|
||||
power supply instance, after calling power_supply_unregister() this
|
||||
memory is freed and the driver cannot access these members.
|
||||
|
||||
Fix this by storing the pointer to internal description of battery in a
|
||||
local variable before calling power_supply_unregister(), so the pointer
|
||||
remains valid.
|
||||
|
||||
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
|
||||
Reported-by: H.J. Lu <hjl.tools@gmail.com>
|
||||
Fixes: 297d716f6260 ("power_supply: Change ownership from driver to core")
|
||||
Cc: <stable@vger.kernel.org>
|
||||
Reviewed-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
|
||||
Signed-off-by: Jiri Kosina <jkosina@suse.com>
|
||||
---
|
||||
drivers/hid/hid-input.c | 7 +++++--
|
||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
|
||||
index 3511bbab..e3c6364 100644
|
||||
--- a/drivers/hid/hid-input.c
|
||||
+++ b/drivers/hid/hid-input.c
|
||||
@@ -462,12 +462,15 @@ out:
|
||||
|
||||
static void hidinput_cleanup_battery(struct hid_device *dev)
|
||||
{
|
||||
+ const struct power_supply_desc *psy_desc;
|
||||
+
|
||||
if (!dev->battery)
|
||||
return;
|
||||
|
||||
+ psy_desc = dev->battery->desc;
|
||||
power_supply_unregister(dev->battery);
|
||||
- kfree(dev->battery->desc->name);
|
||||
- kfree(dev->battery->desc);
|
||||
+ kfree(psy_desc->name);
|
||||
+ kfree(psy_desc);
|
||||
dev->battery = NULL;
|
||||
}
|
||||
#else /* !CONFIG_HID_BATTERY_STRENGTH */
|
||||
--
|
||||
2.4.3
|
||||
|
||||
18
kernel.spec
18
kernel.spec
|
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 6
|
||||
%define stable_update 7
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
|
@ -631,10 +631,6 @@ Patch26253: pcmcia-fix-a-boot-time-warning-in-pcmcia-cs-code.patch
|
|||
#rhbz 1244511
|
||||
Patch507: HID-chicony-Add-support-for-Acer-Aspire-Switch-12.patch
|
||||
|
||||
#rhbz 1251877 1251880 1250279 1248741
|
||||
# and probably more since ugh use after free bugs
|
||||
Patch26265: HID-hid-input-Fix-accessing-freed-memory-during-devi.patch
|
||||
|
||||
#rhbz 1239050
|
||||
Patch509: ideapad-laptop-Add-Lenovo-Yoga-3-14-to-no_hw_rfkill-.patch
|
||||
|
||||
|
|
@ -650,9 +646,6 @@ Patch513: Revert-sched-x86_64-Don-t-save-flags-on-context-swit.patch
|
|||
#rhbz 1256281
|
||||
Patch26266: mmc-sdhci-fix-dma-memory-leak-in-sdhci_pre_req.patch
|
||||
|
||||
#rhbz 1224764
|
||||
Patch26267: x86-apic-Fix-fallout-from-x2apic-cleanup.patch
|
||||
|
||||
#rhbz 1257534
|
||||
Patch515: nv46-Change-mc-subdev-oclass-from-nv44-to-nv4c.patch
|
||||
|
||||
|
|
@ -1400,9 +1393,6 @@ ApplyPatch pcmcia-fix-a-boot-time-warning-in-pcmcia-cs-code.patch
|
|||
#rhbz 1244511
|
||||
ApplyPatch HID-chicony-Add-support-for-Acer-Aspire-Switch-12.patch
|
||||
|
||||
#rhbz 1251877 1251880 1250279 1248741
|
||||
ApplyPatch HID-hid-input-Fix-accessing-freed-memory-during-devi.patch
|
||||
|
||||
#rhbz 1239050
|
||||
ApplyPatch ideapad-laptop-Add-Lenovo-Yoga-3-14-to-no_hw_rfkill-.patch
|
||||
|
||||
|
|
@ -1418,9 +1408,6 @@ ApplyPatch Revert-sched-x86_64-Don-t-save-flags-on-context-swit.patch
|
|||
#rhbz 1256281
|
||||
ApplyPatch mmc-sdhci-fix-dma-memory-leak-in-sdhci_pre_req.patch
|
||||
|
||||
#rhbz 1224764
|
||||
ApplyPatch x86-apic-Fix-fallout-from-x2apic-cleanup.patch
|
||||
|
||||
#rhbz 1257534
|
||||
ApplyPatch nv46-Change-mc-subdev-oclass-from-nv44-to-nv4c.patch
|
||||
|
||||
|
|
@ -2290,6 +2277,9 @@ fi
|
|||
# ||----w |
|
||||
# || ||
|
||||
%changelog
|
||||
* Mon Sep 14 2015 Laura Abbott <labbott@fedoraprojct.org> - 4.1.7-100
|
||||
- Linux v4.1.7
|
||||
|
||||
* Thu Aug 27 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Fix vmware driver issues from Thomas Hellström (rhbz 1227193)
|
||||
- Add patch from Hans de Goede to fix nv46 based cards (rhbz 1257534)
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1,3 +1,3 @@
|
|||
fe9dc0f6729f36400ea81aa41d614c37 linux-4.1.tar.xz
|
||||
5b4d0e18c713a479a7b4c1aa53a7432b perf-man-4.1.tar.gz
|
||||
7dea69f02c906206f88df48085069eb6 patch-4.1.6.xz
|
||||
ea969fd314e5d04d7ec46c3fb0b89696 patch-4.1.7.xz
|
||||
|
|
|
|||
|
|
@ -1,81 +0,0 @@
|
|||
From a57e456a7b28431b55e407e5ab78ebd5b378d19e Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Gleixner <tglx@linutronix.de>
|
||||
Date: Sat, 22 Aug 2015 16:41:17 +0200
|
||||
Subject: [PATCH] x86/apic: Fix fallout from x2apic cleanup
|
||||
|
||||
In the recent x2apic cleanup I got two things really wrong:
|
||||
1) The safety check in __disable_x2apic which allows the function to
|
||||
be called unconditionally is backwards. The check is there to
|
||||
prevent access to the apic MSR in case that the machine has no
|
||||
apic. Though right now it returns if the machine has an apic and
|
||||
therefor the disabling of x2apic is never invoked.
|
||||
|
||||
2) x2apic_disable() sets x2apic_mode to 0 after registering the local
|
||||
apic. That's wrong, because register_lapic_address() checks x2apic
|
||||
mode and therefor takes the wrong code path.
|
||||
|
||||
This results in boot failures on machines with x2apic preenabled by
|
||||
BIOS and can also lead to an fatal MSR access on machines without
|
||||
apic.
|
||||
|
||||
The solutions are simple:
|
||||
1) Correct the sanity check for apic availability
|
||||
2) Clear x2apic_mode _before_ calling register_lapic_address()
|
||||
|
||||
Fixes: 659006bf3ae3 'x86/x2apic: Split enable and setup function'
|
||||
Reported-and-tested-by: Javier Monteagudo <javiermon@gmail.com>
|
||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1224764
|
||||
Cc: stable@vger.kernel.org # 4.0+
|
||||
Cc: Laura Abbott <labbott@redhat.com>
|
||||
Cc: Jiang Liu <jiang.liu@linux.intel.com>
|
||||
Cc: Joerg Roedel <joro@8bytes.org>
|
||||
Cc: Tony Luck <tony.luck@intel.com>
|
||||
Cc: Borislav Petkov <bp@alien8.de>
|
||||
---
|
||||
arch/x86/kernel/apic/apic.c | 14 +++++++-------
|
||||
1 file changed, 7 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
|
||||
index dcb5285..cde732c 100644
|
||||
--- a/arch/x86/kernel/apic/apic.c
|
||||
+++ b/arch/x86/kernel/apic/apic.c
|
||||
@@ -1424,7 +1424,7 @@ static inline void __x2apic_disable(void)
|
||||
{
|
||||
u64 msr;
|
||||
|
||||
- if (cpu_has_apic)
|
||||
+ if (!cpu_has_apic)
|
||||
return;
|
||||
|
||||
rdmsrl(MSR_IA32_APICBASE, msr);
|
||||
@@ -1483,10 +1483,13 @@ void x2apic_setup(void)
|
||||
|
||||
static __init void x2apic_disable(void)
|
||||
{
|
||||
- u32 x2apic_id;
|
||||
+ u32 x2apic_id, state = x2apic_state;
|
||||
|
||||
- if (x2apic_state != X2APIC_ON)
|
||||
- goto out;
|
||||
+ x2apic_mode = 0;
|
||||
+ x2apic_state = X2APIC_DISABLED;
|
||||
+
|
||||
+ if (state != X2APIC_ON)
|
||||
+ return;
|
||||
|
||||
x2apic_id = read_apic_id();
|
||||
if (x2apic_id >= 255)
|
||||
@@ -1494,9 +1497,6 @@ static __init void x2apic_disable(void)
|
||||
|
||||
__x2apic_disable();
|
||||
register_lapic_address(mp_lapic_addr);
|
||||
-out:
|
||||
- x2apic_state = X2APIC_DISABLED;
|
||||
- x2apic_mode = 0;
|
||||
}
|
||||
|
||||
static __init void x2apic_enable(void)
|
||||
--
|
||||
2.4.3
|
||||
|
||||
Loading…
Reference in New Issue