Linux v4.1-rc8

This commit is contained in:
Josh Boyer 2015-06-15 08:49:37 -04:00
parent c68e8929a1
commit 5c0a6a5f01
5 changed files with 60 additions and 7 deletions

View File

@ -43,7 +43,7 @@ Signed-off-by: Josh Stone <jistone@redhat.com>
2 files changed, 21 insertions(+), 1 deletion(-) 2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile diff --git a/Makefile b/Makefile
index 40a8b068ac26..6f53fdb40695 100644 index 3ba504496cb2..43361e22734a 100644
--- a/Makefile --- a/Makefile
+++ b/Makefile +++ b/Makefile
@@ -704,7 +704,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer @@ -704,7 +704,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer

View File

@ -15,10 +15,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
2 files changed, 2 insertions(+), 2 deletions(-) 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 61ab1628a057..8a62b65a7597 100644 index 6726139bd289..a5e55141ae64 100644
--- a/Documentation/kernel-parameters.txt --- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt
@@ -3865,7 +3865,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted. @@ -3871,7 +3871,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
the allocated input device; If set to 0, video driver the allocated input device; If set to 0, video driver
will only send out the event without touching backlight will only send out the event without touching backlight
brightness level. brightness level.

View File

@ -65,9 +65,9 @@ Summary: The Linux kernel
# The next upstream release sublevel (base_sublevel+1) # The next upstream release sublevel (base_sublevel+1)
%define upstream_sublevel %(echo $((%{base_sublevel} + 1))) %define upstream_sublevel %(echo $((%{base_sublevel} + 1)))
# The rc snapshot level # The rc snapshot level
%define rcrev 7 %define rcrev 8
# The git snapshot level # The git snapshot level
%define gitrev 1 %define gitrev 0
# Set rpm version accordingly # Set rpm version accordingly
%define rpmversion 4.%{upstream_sublevel}.0 %define rpmversion 4.%{upstream_sublevel}.0
%endif %endif
@ -618,6 +618,8 @@ Patch26221: drm-i915-turn-off-wc-mmaps.patch
# CVE-2015-XXXX rhbz 1230770 1230774 # CVE-2015-XXXX rhbz 1230770 1230774
Patch26231: kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po.patch Patch26231: kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po.patch
Patch26232: mm-shmem_zero_setup-skip-security-check-and-lockdep-.patch
# END OF PATCH DEFINITIONS # END OF PATCH DEFINITIONS
%endif %endif
@ -1354,6 +1356,8 @@ ApplyPatch drm-i915-turn-off-wc-mmaps.patch
# CVE-2015-XXXX rhbz 1230770 1230774 # CVE-2015-XXXX rhbz 1230770 1230774
ApplyPatch kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po.patch ApplyPatch kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po.patch
ApplyPatch mm-shmem_zero_setup-skip-security-check-and-lockdep-.patch
# END OF PATCH APPLICATIONS # END OF PATCH APPLICATIONS
%endif %endif
@ -2218,6 +2222,9 @@ fi
# #
# #
%changelog %changelog
* Mon Jun 15 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.1.0-0.rc8.git0.1
- Linux v4.1-rc8
* Fri Jun 12 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.1.0-0.rc7.git1.1 * Fri Jun 12 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.1.0-0.rc7.git1.1
- Linux v4.1-rc7-72-gdf5f4158415b - Linux v4.1-rc7-72-gdf5f4158415b

View File

@ -0,0 +1,47 @@
From: Hugh Dickins <hughd@google.com>
Date: Sun, 14 Jun 2015 09:48:09 -0700
Subject: [PATCH] mm: shmem_zero_setup skip security check and lockdep conflict
with XFS
It appears that, at some point last year, XFS made directory handling
changes which bring it into lockdep conflict with shmem_zero_setup():
it is surprising that mmap() can clone an inode while holding mmap_sem,
but that has been so for many years.
Since those few lockdep traces that I've seen all implicated selinux,
I'm hoping that we can use the __shmem_file_setup(,,,S_PRIVATE) which
v3.13's commit c7277090927a ("security: shmem: implement kernel private
shmem inodes") introduced to avoid LSM checks on kernel-internal inodes:
the mmap("/dev/zero") cloned inode is indeed a kernel-internal detail.
This also covers the !CONFIG_SHMEM use of ramfs to support /dev/zero
(and MAP_SHARED|MAP_ANONYMOUS). I thought there were also drivers
which cloned inode in mmap(), but if so, I cannot locate them now.
Reported-and-tested-by: Prarit Bhargava <prarit@redhat.com>
Reported-by: Daniel Wagner <wagi@monom.org>
Reported-by: Morten Stevens <mstevens@fedoraproject.org>
Signed-off-by: Hugh Dickins <hughd@google.com>
---
mm/shmem.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/mm/shmem.c b/mm/shmem.c
index de981370fbc5..47d536e59fc0 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -3401,7 +3401,13 @@ int shmem_zero_setup(struct vm_area_struct *vma)
struct file *file;
loff_t size = vma->vm_end - vma->vm_start;
- file = shmem_file_setup("dev/zero", size, vma->vm_flags);
+ /*
+ * Cloning a new file under mmap_sem leads to a lock ordering conflict
+ * between XFS directory reading and selinux: since this file is only
+ * accessible to the user through its mapping, use S_PRIVATE flag to
+ * bypass file security, in the same way as shmem_kernel_file_setup().
+ */
+ file = __shmem_file_setup("dev/zero", size, vma->vm_flags, S_PRIVATE);
if (IS_ERR(file))
return PTR_ERR(file);

View File

@ -1,4 +1,3 @@
a86916bd12798220da9eb4a1eec3616d linux-4.0.tar.xz a86916bd12798220da9eb4a1eec3616d linux-4.0.tar.xz
d125eecce68ab6fb5f1f23523c2c04b8 perf-man-4.0.tar.gz d125eecce68ab6fb5f1f23523c2c04b8 perf-man-4.0.tar.gz
a831062aea035ee4bae52e59ccf0cf71 patch-4.1-rc7.xz 9bd2e3045ff03759558a5d94a27dfdc4 patch-4.1-rc8.xz
cfa3119ee9aa2f468cf6dc37db9f9354 patch-4.1-rc7-git1.xz