Merge branch 'f24' of ssh://pkgs.fedoraproject.org/kernel into f24-pf
- Pull Fedora updates to kernel 4.7.3. - Update pf patch to v4.7-pf3 (https://pf.natalenko.name/news/?p=193)
This commit is contained in:
commit
7c2765afb6
|
@ -1,46 +0,0 @@
|
|||
From bdc54d8e3cb4a41dddcabfd86d9eb3aa5f622b75 Mon Sep 17 00:00:00 2001
|
||||
From: Trond Myklebust <trond.myklebust@primarydata.com>
|
||||
Date: Sat, 16 Jul 2016 11:47:00 -0400
|
||||
Subject: [PATCH] SUNRPC: Fix infinite looping in
|
||||
rpc_clnt_iterate_for_each_xprt
|
||||
|
||||
If there were less than 2 entries in the multipath list, then
|
||||
xprt_iter_next_entry_multiple() would never advance beyond the
|
||||
first entry, which is correct for round robin behaviour, but not
|
||||
for the list iteration.
|
||||
|
||||
The end result would be infinite looping in rpc_clnt_iterate_for_each_xprt()
|
||||
as we would never see the xprt == NULL condition fulfilled.
|
||||
|
||||
Reported-by: Oleg Drokin <green@linuxhacker.ru>
|
||||
Fixes: 80b14d5e61ca ("SUNRPC: Add a structure to track multiple transports")
|
||||
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
|
||||
---
|
||||
net/sunrpc/xprtmultipath.c | 8 +++-----
|
||||
1 file changed, 3 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/net/sunrpc/xprtmultipath.c b/net/sunrpc/xprtmultipath.c
|
||||
index e7fd769..66c9d63 100644
|
||||
--- a/net/sunrpc/xprtmultipath.c
|
||||
+++ b/net/sunrpc/xprtmultipath.c
|
||||
@@ -271,14 +271,12 @@ struct rpc_xprt *xprt_iter_next_entry_multiple(struct rpc_xprt_iter *xpi,
|
||||
xprt_switch_find_xprt_t find_next)
|
||||
{
|
||||
struct rpc_xprt_switch *xps = rcu_dereference(xpi->xpi_xpswitch);
|
||||
- struct list_head *head;
|
||||
|
||||
if (xps == NULL)
|
||||
return NULL;
|
||||
- head = &xps->xps_xprt_list;
|
||||
- if (xps->xps_nxprts < 2)
|
||||
- return xprt_switch_find_first_entry(head);
|
||||
- return xprt_switch_set_next_cursor(head, &xpi->xpi_cursor, find_next);
|
||||
+ return xprt_switch_set_next_cursor(&xps->xps_xprt_list,
|
||||
+ &xpi->xpi_cursor,
|
||||
+ find_next);
|
||||
}
|
||||
|
||||
static
|
||||
--
|
||||
2.7.4
|
||||
|
|
@ -1,65 +0,0 @@
|
|||
From fa00c437eef8dc2e7b25f8cd868cfa405fcc2bb3 Mon Sep 17 00:00:00 2001
|
||||
From: Dave Carroll <david.carroll@microsemi.com>
|
||||
Date: Fri, 5 Aug 2016 13:44:10 -0600
|
||||
Subject: [PATCH] aacraid: Check size values after double-fetch from user
|
||||
|
||||
In aacraid's ioctl_send_fib() we do two fetches from userspace, one the
|
||||
get the fib header's size and one for the fib itself. Later we use the
|
||||
size field from the second fetch to further process the fib. If for some
|
||||
reason the size from the second fetch is different than from the first
|
||||
fix, we may encounter an out-of- bounds access in aac_fib_send(). We
|
||||
also check the sender size to insure it is not out of bounds. This was
|
||||
reported in https://bugzilla.kernel.org/show_bug.cgi?id=116751 and was
|
||||
assigned CVE-2016-6480.
|
||||
|
||||
Reported-by: Pengfei Wang <wpengfeinudt@gmail.com>
|
||||
Fixes: 7c00ffa31 '[SCSI] 2.6 aacraid: Variable FIB size (updated patch)'
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Dave Carroll <david.carroll@microsemi.com>
|
||||
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
|
||||
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
||||
---
|
||||
drivers/scsi/aacraid/commctrl.c | 13 +++++++++++--
|
||||
1 file changed, 11 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
|
||||
index b381b37..5648b71 100644
|
||||
--- a/drivers/scsi/aacraid/commctrl.c
|
||||
+++ b/drivers/scsi/aacraid/commctrl.c
|
||||
@@ -63,7 +63,7 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg)
|
||||
struct fib *fibptr;
|
||||
struct hw_fib * hw_fib = (struct hw_fib *)0;
|
||||
dma_addr_t hw_fib_pa = (dma_addr_t)0LL;
|
||||
- unsigned size;
|
||||
+ unsigned int size, osize;
|
||||
int retval;
|
||||
|
||||
if (dev->in_reset) {
|
||||
@@ -87,7 +87,8 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg)
|
||||
* will not overrun the buffer when we copy the memory. Return
|
||||
* an error if we would.
|
||||
*/
|
||||
- size = le16_to_cpu(kfib->header.Size) + sizeof(struct aac_fibhdr);
|
||||
+ osize = size = le16_to_cpu(kfib->header.Size) +
|
||||
+ sizeof(struct aac_fibhdr);
|
||||
if (size < le16_to_cpu(kfib->header.SenderSize))
|
||||
size = le16_to_cpu(kfib->header.SenderSize);
|
||||
if (size > dev->max_fib_size) {
|
||||
@@ -118,6 +119,14 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
+ /* Sanity check the second copy */
|
||||
+ if ((osize != le16_to_cpu(kfib->header.Size) +
|
||||
+ sizeof(struct aac_fibhdr))
|
||||
+ || (size < le16_to_cpu(kfib->header.SenderSize))) {
|
||||
+ retval = -EINVAL;
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
if (kfib->header.Command == cpu_to_le16(TakeABreakPt)) {
|
||||
aac_adapter_interrupt(dev);
|
||||
/*
|
||||
--
|
||||
2.7.4
|
||||
|
|
@ -1,64 +0,0 @@
|
|||
From 74f829a6e44fe217b6161f8935524fc807be0648 Mon Sep 17 00:00:00 2001
|
||||
From: Chris Wilson <chris@chris-wilson.co.uk>
|
||||
Date: Sat, 9 Jul 2016 11:01:20 +0100
|
||||
Subject: [PATCH] drm/i915: Acquire audio powerwell for HD-Audio registers
|
||||
|
||||
On Haswell/Broadwell, the HD-Audio block is inside the HDMI/display
|
||||
power well and so the sna-hda audio codec acquires the display power
|
||||
well while it is operational. However, Skylake separates the powerwells
|
||||
again, but yet we still need the audio powerwell to setup the registers.
|
||||
(But then the hardware uses those registers even while powered off???)
|
||||
|
||||
v2: Grab both rpm wakelock and audio wakelock
|
||||
|
||||
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=96214
|
||||
Fixes: 03b135cebc47 "ALSA: hda - remove dependency on i915 power well for SKL")
|
||||
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
|
||||
Cc: Libin Yang <libin.yang@intel.com>
|
||||
Cc: Takashi Iwai <tiwai@suse.de>
|
||||
Cc: Marius Vlad <marius.c.vlad@intel.com>
|
||||
---
|
||||
drivers/gpu/drm/i915/intel_audio.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/drivers/gpu/drm/i915/intel_audio.c b/drivers/gpu/drm/i915/intel_audio.c
|
||||
index 5d5f6bc10e85..948a7a52e3f8 100644
|
||||
--- a/drivers/gpu/drm/i915/intel_audio.c
|
||||
+++ b/drivers/gpu/drm/i915/intel_audio.c
|
||||
@@ -600,6 +600,8 @@ static void i915_audio_component_codec_wake_override(struct device *dev,
|
||||
if (!IS_SKYLAKE(dev_priv) && !IS_KABYLAKE(dev_priv))
|
||||
return;
|
||||
|
||||
+ i915_audio_component_get_power(dev);
|
||||
+
|
||||
/*
|
||||
* Enable/disable generating the codec wake signal, overriding the
|
||||
* internal logic to generate the codec wake to controller.
|
||||
@@ -615,6 +617,8 @@ static void i915_audio_component_codec_wake_override(struct device *dev,
|
||||
I915_WRITE(HSW_AUD_CHICKENBIT, tmp);
|
||||
usleep_range(1000, 1500);
|
||||
}
|
||||
+
|
||||
+ i915_audio_component_put_power(dev);
|
||||
}
|
||||
|
||||
/* Get CDCLK in kHz */
|
||||
@@ -648,6 +652,7 @@ static int i915_audio_component_sync_audio_rate(struct device *dev,
|
||||
!IS_HASWELL(dev_priv))
|
||||
return 0;
|
||||
|
||||
+ i915_audio_component_get_power(dev);
|
||||
mutex_lock(&dev_priv->av_mutex);
|
||||
/* 1. get the pipe */
|
||||
intel_encoder = dev_priv->dig_port_map[port];
|
||||
@@ -698,6 +703,7 @@ static int i915_audio_component_sync_audio_rate(struct device *dev,
|
||||
|
||||
unlock:
|
||||
mutex_unlock(&dev_priv->av_mutex);
|
||||
+ i915_audio_component_put_power(dev);
|
||||
return err;
|
||||
}
|
||||
|
||||
--
|
||||
2.8.1
|
||||
|
32
kernel.spec
32
kernel.spec
|
@ -42,7 +42,7 @@ Summary: The Linux kernel
|
|||
# For non-released -rc kernels, this will be appended after the rcX and
|
||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||
#
|
||||
%global baserelease 201
|
||||
%global baserelease 200
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
|
@ -54,8 +54,8 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
#+Hu Pf against 4.7.2 v4.7-pf2: https://pf.natalenko.name/news/?p=190
|
||||
%define stable_update 2
|
||||
#+Hu Pf against 4.7.3 v4.7-pf3: https://pf.natalenko.name/news/?p=193
|
||||
%define stable_update 3
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
@ -472,7 +472,7 @@ Source2001: cpupower.config
|
|||
%if 0%{?stable_update}
|
||||
%if 0%{?stable_base}
|
||||
# %%define stable_patch_00 patch-4.%%{base_sublevel}.%%{stable_base}.xz
|
||||
%global stable_patch_00 https://pf.natalenko.name/sources/4.7/patch-4.7-pf2.xz
|
||||
%global stable_patch_00 https://pf.natalenko.name/sources/4.7/patch-4.7-pf3.xz
|
||||
Source5000: %{stable_patch_00}
|
||||
%endif
|
||||
|
||||
|
@ -624,15 +624,9 @@ Patch815: 0015-drm-i915-gen9-Calculate-watermarks-during-atomic-che.patch
|
|||
Patch816: 0016-drm-i915-gen9-Reject-display-updates-that-exceed-wm-.patch
|
||||
Patch817: 0017-drm-i915-Remove-wm_config-from-dev_priv-intel_atomic.patch
|
||||
|
||||
# https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org/message/A4YCP7OGMX6JLFT5V44H57GOMAQLC3M4/
|
||||
Patch838: drm-i915-Acquire-audio-powerwell-for-HD-Audio-regist.patch
|
||||
|
||||
#rhbz 1353558
|
||||
Patch844: 0001-selinux-Only-apply-bounds-checking-to-source-types.patch
|
||||
|
||||
#CVE-2016-6480 rhbz 1362466 1362467
|
||||
Patch855: aacraid-Check-size-values-after-double-fetch-from-us.patch
|
||||
|
||||
#rhbz 1365940
|
||||
Patch856: 0001-udp-fix-poll-issue-with-zero-sized-packets.patch
|
||||
|
||||
|
@ -645,12 +639,12 @@ Patch858: 0001-OOM-detection-regressions-since-4.7.patch
|
|||
#rhbz 1360688
|
||||
Patch859: rc-core-fix-repeat-events.patch
|
||||
|
||||
#rhbz 1371237
|
||||
Patch860: 0001-SUNRPC-Fix-infinite-looping-in-rpc_clnt_iterate_for_.patch
|
||||
|
||||
# https://lkml.org/lkml/2016/8/30/566
|
||||
Patch861: 0001-cgroup-reduce-read-locked-section-of-cgroup_threadgr.patch
|
||||
|
||||
#rhbz 1350174
|
||||
Patch862: tip-x86-boot-x86-KASLR-x86-power-Remove-x86-hibernation-restrictions.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
@ -1001,10 +995,10 @@ on kernel bugs, as some of these options impact performance noticably.
|
|||
# And finally the main -core package
|
||||
|
||||
%define variant_summary The Linux kernel
|
||||
%kernel_variant_package
|
||||
%kernel_variant_package
|
||||
%description core
|
||||
The kernel package contains the Linux kernel (vmlinuz), the core of any
|
||||
Linux operating system. The kernel handles the basic functions
|
||||
Linux operating system. The kernel handles the basic functions
|
||||
of the operating system: memory allocation, process allocation, device
|
||||
input and output, etc.
|
||||
|
||||
|
@ -2184,6 +2178,14 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Tue Sep 13 2016 Pavel Alexeev <Pahan@Hubbitus.info> - 4.7.3-200.hu.1.pf3
|
||||
- Pull Fedora updates to kernel 4.7.3.
|
||||
- Update pf patch to v4.7-pf3 (https://pf.natalenko.name/news/?p=193)
|
||||
|
||||
* Wed Sep 07 2016 <labbott@fedoraproject.org> - 4.7.3-200
|
||||
- Linux v4.7.3
|
||||
- Silence KASLR warning (rhbz 1350174)
|
||||
|
||||
* Mon Sep 05 2016 Pavel Alexeev <Pahan@Hubbitus.info> - 4.7.2-201.hu.1.pf2
|
||||
- Step to build kernels for Fedora 24.
|
||||
- Update patch to 4.7-pf2 - https://pf.natalenko.name/news/?p=190
|
||||
|
|
BIN
patch-4.7-pf2.xz
BIN
patch-4.7-pf2.xz
Binary file not shown.
Binary file not shown.
2
sources
2
sources
|
@ -1,3 +1,3 @@
|
|||
5276563eb1f39a048e4a8a887408c031 linux-4.7.tar.xz
|
||||
fe259c02c75eec61d1aa4b1211f3c853 perf-man-4.7.tar.gz
|
||||
64e8a8969536c5d700c9e6a591d28dad patch-4.7.2.xz
|
||||
803bdedd9b9cd4ef43d9d5d41801f234 patch-4.7.3.xz
|
||||
|
|
|
@ -0,0 +1,131 @@
|
|||
From patchwork Sun Jun 26 11:01:18 2016
|
||||
Content-Type: text/plain; charset="utf-8"
|
||||
MIME-Version: 1.0
|
||||
Content-Transfer-Encoding: 7bit
|
||||
Subject: [tip:x86/boot] x86/KASLR,
|
||||
x86/power: Remove x86 hibernation restrictions
|
||||
From: tip-bot for Jacob Shin <tipbot@zytor.com>
|
||||
X-Patchwork-Id: 9199367
|
||||
Message-Id: <tip-65fe935dd2387a4faf15314c73f5e6d31ef0217e@git.kernel.org>
|
||||
To: linux-tip-commits@vger.kernel.org
|
||||
Cc: pavel@ucw.cz, linux-pm@vger.kernel.org, yinghai@kernel.org,
|
||||
mingo@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de,
|
||||
corbet@lwn.net, dvlasenk@redhat.com, sds@tycho.nsa.gov,
|
||||
peterz@infradead.org, logang@deltatee.com, bhe@redhat.com,
|
||||
torvalds@linux-foundation.org, bp@alien8.de, luto@kernel.org,
|
||||
keescook@chromium.org, hpa@zytor.com, brgerst@gmail.com,
|
||||
len.brown@intel.com
|
||||
Date: Sun, 26 Jun 2016 04:01:18 -0700
|
||||
|
||||
Commit-ID: 65fe935dd2387a4faf15314c73f5e6d31ef0217e
|
||||
Gitweb: http://git.kernel.org/tip/65fe935dd2387a4faf15314c73f5e6d31ef0217e
|
||||
Author: Kees Cook <keescook@chromium.org>
|
||||
AuthorDate: Mon, 13 Jun 2016 15:10:02 -0700
|
||||
Committer: Ingo Molnar <mingo@kernel.org>
|
||||
CommitDate: Sun, 26 Jun 2016 12:32:03 +0200
|
||||
|
||||
x86/KASLR, x86/power: Remove x86 hibernation restrictions
|
||||
|
||||
With the following fix:
|
||||
|
||||
70595b479ce1 ("x86/power/64: Fix crash whan the hibernation code passes control to the image kernel")
|
||||
|
||||
... there is no longer a problem with hibernation resuming a
|
||||
KASLR-booted kernel image, so remove the restriction.
|
||||
|
||||
Signed-off-by: Kees Cook <keescook@chromium.org>
|
||||
Cc: Andy Lutomirski <luto@kernel.org>
|
||||
Cc: Baoquan He <bhe@redhat.com>
|
||||
Cc: Borislav Petkov <bp@alien8.de>
|
||||
Cc: Brian Gerst <brgerst@gmail.com>
|
||||
Cc: Denys Vlasenko <dvlasenk@redhat.com>
|
||||
Cc: H. Peter Anvin <hpa@zytor.com>
|
||||
Cc: Jonathan Corbet <corbet@lwn.net>
|
||||
Cc: Len Brown <len.brown@intel.com>
|
||||
Cc: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Cc: Linux PM list <linux-pm@vger.kernel.org>
|
||||
Cc: Logan Gunthorpe <logang@deltatee.com>
|
||||
Cc: Pavel Machek <pavel@ucw.cz>
|
||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
||||
Cc: Stephen Smalley <sds@tycho.nsa.gov>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: Yinghai Lu <yinghai@kernel.org>
|
||||
Cc: linux-doc@vger.kernel.org
|
||||
Link: http://lkml.kernel.org/r/20160613221002.GA29719@www.outflux.net
|
||||
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
||||
---
|
||||
Documentation/kernel-parameters.txt | 10 ++++------
|
||||
arch/x86/boot/compressed/kaslr.c | 7 -------
|
||||
kernel/power/hibernate.c | 6 ------
|
||||
3 files changed, 4 insertions(+), 19 deletions(-)
|
||||
|
||||
--
|
||||
To unsubscribe from this list: send the line "unsubscribe linux-pm" in
|
||||
the body of a message to majordomo@vger.kernel.org
|
||||
More majordomo info at http://vger.kernel.org/majordomo-info.html
|
||||
|
||||
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
|
||||
index 82b42c9..fa8c6d4 100644
|
||||
--- a/Documentation/kernel-parameters.txt
|
||||
+++ b/Documentation/kernel-parameters.txt
|
||||
@@ -1803,12 +1803,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
|
||||
js= [HW,JOY] Analog joystick
|
||||
See Documentation/input/joystick.txt.
|
||||
|
||||
- kaslr/nokaslr [X86]
|
||||
- Enable/disable kernel and module base offset ASLR
|
||||
- (Address Space Layout Randomization) if built into
|
||||
- the kernel. When CONFIG_HIBERNATION is selected,
|
||||
- kASLR is disabled by default. When kASLR is enabled,
|
||||
- hibernation will be disabled.
|
||||
+ nokaslr [KNL]
|
||||
+ When CONFIG_RANDOMIZE_BASE is set, this disables
|
||||
+ kernel and module base offset ASLR (Address Space
|
||||
+ Layout Randomization).
|
||||
|
||||
keepinitrd [HW,ARM]
|
||||
|
||||
diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
|
||||
index cfeb025..dff4217 100644
|
||||
--- a/arch/x86/boot/compressed/kaslr.c
|
||||
+++ b/arch/x86/boot/compressed/kaslr.c
|
||||
@@ -471,17 +471,10 @@ unsigned char *choose_random_location(unsigned long input,
|
||||
unsigned long choice = output;
|
||||
unsigned long random_addr;
|
||||
|
||||
-#ifdef CONFIG_HIBERNATION
|
||||
- if (!cmdline_find_option_bool("kaslr")) {
|
||||
- warn("KASLR disabled: 'kaslr' not on cmdline (hibernation selected).");
|
||||
- goto out;
|
||||
- }
|
||||
-#else
|
||||
if (cmdline_find_option_bool("nokaslr")) {
|
||||
warn("KASLR disabled: 'nokaslr' on cmdline.");
|
||||
goto out;
|
||||
}
|
||||
-#endif
|
||||
|
||||
boot_params->hdr.loadflags |= KASLR_FLAG;
|
||||
|
||||
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
|
||||
index fca9254..9021387 100644
|
||||
--- a/kernel/power/hibernate.c
|
||||
+++ b/kernel/power/hibernate.c
|
||||
@@ -1154,11 +1154,6 @@ static int __init nohibernate_setup(char *str)
|
||||
return 1;
|
||||
}
|
||||
|
||||
-static int __init kaslr_nohibernate_setup(char *str)
|
||||
-{
|
||||
- return nohibernate_setup(str);
|
||||
-}
|
||||
-
|
||||
static int __init page_poison_nohibernate_setup(char *str)
|
||||
{
|
||||
#ifdef CONFIG_PAGE_POISONING_ZERO
|
||||
@@ -1182,5 +1177,4 @@ __setup("hibernate=", hibernate_setup);
|
||||
__setup("resumewait", resumewait_setup);
|
||||
__setup("resumedelay=", resumedelay_setup);
|
||||
__setup("nohibernate", nohibernate_setup);
|
||||
-__setup("kaslr", kaslr_nohibernate_setup);
|
||||
__setup("page_poison=", page_poison_nohibernate_setup);
|
Loading…
Reference in New Issue