rpms
/
kernel
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Linux v4.1.4

This commit is contained in:
Josh Boyer 2015-08-03 17:15:20 -04:00
parent deac94c18f
commit 8a55e1d47c
5 changed files with 5 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
KEYS-ensure-we-free-the-assoc-array-edit-if-edit-is-.patch
View File

@ -1,45 +0,0 @@
From 3881b164810a564714dfdc16520b0fe538ae4bf7 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Mon, 27 Jul 2015 15:23:43 +0100
Subject: [PATCH] KEYS: ensure we free the assoc array edit if edit is valid
__key_link_end is not freeing the associated array edit structure
and this leads to a 512 byte memory leak each time an identical
existing key is added with add_key().
The reason the add_key() system call returns okay is that
key_create_or_update() calls __key_link_begin() before checking to see
whether it can update a key directly rather than adding/replacing - which
it turns out it can. Thus __key_link() is not called through
__key_instantiate_and_link() and __key_link_end() must cancel the edit.
CVE-2015-1333
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---
security/keys/keyring.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index e72548b5897e..d33437007ad2 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -1181,9 +1181,11 @@ void __key_link_end(struct key *keyring,
if (index_key->type == &key_type_keyring)
up_write(&keyring_serialise_link_sem);
- if (edit && !edit->dead_leaf) {
- key_payload_reserve(keyring,
- keyring->datalen - KEYQUOTA_LINK_BYTES);
+ if (edit) {
+ if (!edit->dead_leaf) {
+ key_payload_reserve(keyring,
+ keyring->datalen - KEYQUOTA_LINK_BYTES);
+ }
assoc_array_cancel_edit(edit);
}
up_write(&keyring->sem);
--
2.4.3

104
blk-loop-avoid-too-many-pending-per-work-IO.patch
View File

@ -1,104 +0,0 @@
If there are too many pending per work I/O, too many
high priority work thread can be generated so that
system performance can be effected.
This patch limits the max pending per work I/O as 16,
and will fackback to single queue mode when the max
number is reached.
This patch fixes Fedora 22 live booting performance
regression when it is booted from squashfs over dm
based on loop, and looks the following reasons are
related with the problem:
- not like other filesyststems(such as ext4), squashfs
is a bit special, and I observed that increasing I/O jobs
to access file in squashfs only improve I/O performance a
little, but it can make big difference for ext4
- nested loop: both squashfs.img and ext3fs.img are mounted
as loop block, and ext3fs.img is inside the squashfs
- during booting, lots of tasks may run concurrently
Fixes: b5dd2f6047ca108001328aac0e8588edd15f1778
Cc: stable@vger.kernel.org (v4.0)
Reported-by: Justin M. Forbes <jforbes@fedoraproject.org>
Tested-by: Justin M. Forbes <jforbes@fedoraproject.org>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
---
drivers/block/loop.c | 19 +++++++++++++++++--
drivers/block/loop.h | 2 ++
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index ae3fcb4..5a728c6 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -1425,13 +1425,24 @@ static int loop_queue_rq(struct blk_mq_hw_ctx *hctx,
const struct blk_mq_queue_data *bd)
{
struct loop_cmd *cmd = blk_mq_rq_to_pdu(bd->rq);
+ struct loop_device *lo = cmd->rq->q->queuedata;
+ bool single_queue = !!(cmd->rq->cmd_flags & REQ_WRITE);
+
+ /*
+ * Fallback to single queue mode if the pending per work
+ * I/O number reaches 16, otherwise too many high priority
+ * worker thread may effect system performance as reported
+ * in fedora live booting from squashfs over loop.
+ */
+ if (atomic_read(&lo->pending_per_work_io) >= 16)
+ single_queue = true;
blk_mq_start_request(bd->rq);
- if (cmd->rq->cmd_flags & REQ_WRITE) {
- struct loop_device *lo = cmd->rq->q->queuedata;
+ if (single_queue) {
bool need_sched = true;
+ cmd->per_work_io = false;
spin_lock_irq(&lo->lo_lock);
if (lo->write_started)
need_sched = false;
@@ -1443,6 +1454,8 @@ static int loop_queue_rq(struct blk_mq_hw_ctx *hctx,
if (need_sched)
queue_work(loop_wq, &lo->write_work);
} else {
+ atomic_inc(&lo->pending_per_work_io);
+ cmd->per_work_io = true;
queue_work(loop_wq, &cmd->read_work);
}
@@ -1467,6 +1480,8 @@ static void loop_handle_cmd(struct loop_cmd *cmd)
if (ret)
cmd->rq->errors = -EIO;
blk_mq_complete_request(cmd->rq);
+ if (cmd->per_work_io)
+ atomic_dec(&lo->pending_per_work_io);
}
static void loop_queue_write_work(struct work_struct *work)
diff --git a/drivers/block/loop.h b/drivers/block/loop.h
index 301c27f..eb855f5 100644
--- a/drivers/block/loop.h
+++ b/drivers/block/loop.h
@@ -57,6 +57,7 @@ struct loop_device {
struct list_head write_cmd_head;
struct work_struct write_work;
bool write_started;
+ atomic_t pending_per_work_io;
int lo_state;
struct mutex lo_ctl_mutex;
@@ -68,6 +69,7 @@ struct loop_device {
struct loop_cmd {
struct work_struct read_work;
struct request *rq;
+ bool per_work_io;
struct list_head list;
};
--
1.9.1

23
kernel.spec
View File

@ -54,7 +54,7 @@ Summary: The Linux kernel
%if 0%{?released_kernel}
# Do we have a -stable update to apply?
%define stable_update 3
%define stable_update 4
# Set rpm version accordingly
%if 0%{?stable_update}
%define stablerev %{stable_update}
@ -605,12 +605,6 @@ Patch26175: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
#rhbz 1212230
Patch26176: Input-synaptics-pin-3-touches-when-the-firmware-repo.patch
#rhbz 1210857
Patch26192: blk-loop-avoid-too-many-pending-per-work-IO.patch
#rhbz 1220118
Patch26202: media-Fix-regression-in-some-more-dib0700-based-devi.patch
Patch26203: v4l-uvcvideo-Fix-incorrect-bandwidth-with-Chicony-de.patch
#rhbz 1217249
@ -637,9 +631,6 @@ Patch26252: ideapad_laptop-Lenovo-G50-30-fix-rfkill-reports-wire.patch
# rhbz 1180920 1206724
Patch26253: pcmcia-fix-a-boot-time-warning-in-pcmcia-cs-code.patch
#CVE-2015-1333 rhbz 1244171
Patch26254: KEYS-ensure-we-free-the-assoc-array-edit-if-edit-is-.patch
# CVE-2015-3290 CVE-2015-3291 rhbz 1243465 1245927
Patch26255: x86-asm-entry-64-Remove-pointless-jump-to-irq_return.patch
Patch26256: x86-entry-Stop-using-PER_CPU_VAR-kernel_stack.patch
@ -1357,12 +1348,6 @@ ApplyPatch xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
#rhbz 1212230
ApplyPatch Input-synaptics-pin-3-touches-when-the-firmware-repo.patch
#rhbz 1210857
ApplyPatch blk-loop-avoid-too-many-pending-per-work-IO.patch
#rhbz 1220118
ApplyPatch media-Fix-regression-in-some-more-dib0700-based-devi.patch
ApplyPatch v4l-uvcvideo-Fix-incorrect-bandwidth-with-Chicony-de.patch
#rhbz 1217249
@ -1394,9 +1379,6 @@ ApplyPatch ideapad_laptop-Lenovo-G50-30-fix-rfkill-reports-wire.patch
# rhbz 1180920 1206724
ApplyPatch pcmcia-fix-a-boot-time-warning-in-pcmcia-cs-code.patch
#CVE-2015-1333 rhbz 1244171
ApplyPatch KEYS-ensure-we-free-the-assoc-array-edit-if-edit-is-.patch
# CVE-2015-3290 CVE-2015-3291 rhbz 1243465 1245927
ApplyPatch x86-asm-entry-64-Remove-pointless-jump-to-irq_return.patch
ApplyPatch x86-entry-Stop-using-PER_CPU_VAR-kernel_stack.patch
@ -2267,6 +2249,9 @@ fi
# ||----w |
# || ||
%changelog
* Mon Aug 03 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.1.4-100
- Linux v4.1.4
* Wed Jul 29 2015 Laura Abbott <labbott@fedoraproject.org> - 4.1.3-100
- Change tag for build since a previous build never happened

53
media-Fix-regression-in-some-more-dib0700-based-devi.patch
View File

@ -1,53 +0,0 @@
From: Thomas Reitmayr <treitmayr@devbase.at>
Date: Fri, 1 May 2015 20:18:04 -0300
Subject: [PATCH] media: Fix regression in some more dib0700 based devices
Fix an oops during device initialization by correctly setting size_of_priv
instead of leaving it 0.
The regression was introduced by 8abe4a0a3f6d4217b16a ("[media] dib7000:
export just one symbol") and only fixed for one type of dib0700 based
devices in 9e334c75642b6e5bfb95 ("[media] Fix regression in some dib0700
based devices").
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=92301
Fixes: 8abe4a0a3f6d4217b16a ("[media] dib7000: export just one symbol")
Cc: stable@vger.kernel.org # for version 3.17+
Signed-off-by: Thomas Reitmayr <treitmayr@devbase.at>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
---
drivers/media/usb/dvb-usb/dib0700_devices.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/media/usb/dvb-usb/dib0700_devices.c b/drivers/media/usb/dvb-usb/dib0700_devices.c
index e1757b8f5f5d..6aa4e9f4e441 100644
--- a/drivers/media/usb/dvb-usb/dib0700_devices.c
+++ b/drivers/media/usb/dvb-usb/dib0700_devices.c
@@ -3947,6 +3947,8 @@ struct dvb_usb_device_properties dib0700_devices[] = {
DIB0700_DEFAULT_STREAMING_CONFIG(0x02),
}},
+ .size_of_priv = sizeof(struct
+ dib0700_adapter_state),
}, {
.num_frontends = 1,
.fe = {{
@@ -3959,6 +3961,8 @@ struct dvb_usb_device_properties dib0700_devices[] = {
DIB0700_DEFAULT_STREAMING_CONFIG(0x03),
}},
+ .size_of_priv = sizeof(struct
+ dib0700_adapter_state),
}
},
@@ -4012,6 +4016,8 @@ struct dvb_usb_device_properties dib0700_devices[] = {
DIB0700_DEFAULT_STREAMING_CONFIG(0x02),
}},
+ .size_of_priv = sizeof(struct
+ dib0700_adapter_state),
},
},

2
sources
View File

@ -1,3 +1,3 @@
fe9dc0f6729f36400ea81aa41d614c37 linux-4.1.tar.xz
5b4d0e18c713a479a7b4c1aa53a7432b perf-man-4.1.tar.gz
6a388f552b05243ae4165735da839e24 patch-4.1.3.xz
d7e306b17b0b5d49120adeee1a6bf4a8 patch-4.1.4.xz