Linux v3.12.3
This commit is contained in:
parent
39dec789cc
commit
9263f3b4e7
|
@ -1,67 +0,0 @@
|
|||
Bugzilla: N/A
|
||||
Upstream-status: 3.13
|
||||
|
||||
From 92eb77d0ffbaa71b501a0a8dabf09a351bf4267f Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stone <daniel@fooishbar.org>
|
||||
Date: Thu, 31 Oct 2013 07:25:34 +0000
|
||||
Subject: Input: evdev - fall back to vmalloc for client event buffer
|
||||
|
||||
evdev always tries to allocate the event buffer for clients using
|
||||
kzalloc rather than vmalloc, presumably to avoid mapping overhead where
|
||||
possible. However, drivers like bcm5974, which claims support for
|
||||
reporting 16 fingers simultaneously, can have an extraordinarily large
|
||||
buffer. The resultant contiguous order-4 allocation attempt fails due
|
||||
to fragmentation, and the device is thus unusable until reboot.
|
||||
|
||||
Try kzalloc if we can to avoid the mapping overhead, but if that fails,
|
||||
fall back to vzalloc.
|
||||
|
||||
Signed-off-by: Daniel Stone <daniels@collabora.com>
|
||||
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
|
||||
---
|
||||
diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
|
||||
index b6ded17..a06e125 100644
|
||||
--- a/drivers/input/evdev.c
|
||||
+++ b/drivers/input/evdev.c
|
||||
@@ -18,6 +18,8 @@
|
||||
#include <linux/poll.h>
|
||||
#include <linux/sched.h>
|
||||
#include <linux/slab.h>
|
||||
+#include <linux/vmalloc.h>
|
||||
+#include <linux/mm.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/init.h>
|
||||
#include <linux/input/mt.h>
|
||||
@@ -369,7 +371,11 @@ static int evdev_release(struct inode *inode, struct file *file)
|
||||
mutex_unlock(&evdev->mutex);
|
||||
|
||||
evdev_detach_client(evdev, client);
|
||||
- kfree(client);
|
||||
+
|
||||
+ if (is_vmalloc_addr(client))
|
||||
+ vfree(client);
|
||||
+ else
|
||||
+ kfree(client);
|
||||
|
||||
evdev_close_device(evdev);
|
||||
|
||||
@@ -389,12 +395,14 @@ static int evdev_open(struct inode *inode, struct file *file)
|
||||
{
|
||||
struct evdev *evdev = container_of(inode->i_cdev, struct evdev, cdev);
|
||||
unsigned int bufsize = evdev_compute_buffer_size(evdev->handle.dev);
|
||||
+ unsigned int size = sizeof(struct evdev_client) +
|
||||
+ bufsize * sizeof(struct input_event);
|
||||
struct evdev_client *client;
|
||||
int error;
|
||||
|
||||
- client = kzalloc(sizeof(struct evdev_client) +
|
||||
- bufsize * sizeof(struct input_event),
|
||||
- GFP_KERNEL);
|
||||
+ client = kzalloc(size, GFP_KERNEL | __GFP_NOWARN);
|
||||
+ if (!client)
|
||||
+ client = vzalloc(size);
|
||||
if (!client)
|
||||
return -ENOMEM;
|
||||
|
||||
--
|
||||
cgit v0.9.2
|
|
@ -150,19 +150,6 @@ index 7e96f4f..18c599d 100644
|
|||
};
|
||||
|
||||
/* forward declaration for QXL_INFO_IO */
|
||||
diff --git a/drivers/gpu/drm/qxl/qxl_fb.c b/drivers/gpu/drm/qxl/qxl_fb.c
|
||||
index 88722f2..f437b30 100644
|
||||
--- a/drivers/gpu/drm/qxl/qxl_fb.c
|
||||
+++ b/drivers/gpu/drm/qxl/qxl_fb.c
|
||||
@@ -108,7 +108,7 @@ static void qxl_fb_dirty_flush(struct fb_info *info)
|
||||
u32 x1, x2, y1, y2;
|
||||
|
||||
/* TODO: hard coding 32 bpp */
|
||||
- int stride = qfbdev->qfb.base.pitches[0] * 4;
|
||||
+ int stride = qfbdev->qfb.base.pitches[0];
|
||||
|
||||
x1 = qfbdev->dirty.x1;
|
||||
x2 = qfbdev->dirty.x2;
|
||||
diff --git a/drivers/gpu/drm/qxl/qxl_kms.c b/drivers/gpu/drm/qxl/qxl_kms.c
|
||||
index 9e8da9e..e0ddd5b 100644
|
||||
--- a/drivers/gpu/drm/qxl/qxl_kms.c
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
Bugzilla: N/A
|
||||
Upstream-status: 3.13
|
||||
|
||||
From 1b28c3e628315ac0d9ef2d3fac0403f05ae692db Mon Sep 17 00:00:00 2001
|
||||
From: Dave Airlie <airlied@redhat.com>
|
||||
Date: Thu, 28 Nov 2013 05:39:03 +0000
|
||||
Subject: drm/qxl: fix memory leak in release list handling
|
||||
|
||||
wow no idea how I got this far without seeing this,
|
||||
leaking the entries in the list makes kmalloc-64 slab grow.
|
||||
|
||||
References: https://bugzilla.kernel.org/show_bug.cgi?id=65121
|
||||
Cc: stable@vger.kernel.org
|
||||
Reported-by: Matthew Stapleton <matthew4196@gmail.com>
|
||||
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
||||
---
|
||||
diff --git a/drivers/gpu/drm/qxl/qxl_release.c b/drivers/gpu/drm/qxl/qxl_release.c
|
||||
index 0109a96..821ab7b 100644
|
||||
--- a/drivers/gpu/drm/qxl/qxl_release.c
|
||||
+++ b/drivers/gpu/drm/qxl/qxl_release.c
|
||||
@@ -92,6 +92,7 @@ qxl_release_free(struct qxl_device *qdev,
|
||||
- DRM_FILE_OFFSET);
|
||||
qxl_fence_remove_release(&bo->fence, release->id);
|
||||
qxl_bo_unref(&bo);
|
||||
+ kfree(entry);
|
||||
}
|
||||
spin_lock(&qdev->release_idr_lock);
|
||||
idr_remove(&qdev->release_idr, release->id);
|
||||
--
|
||||
cgit v0.9.0.2-2-gbebe
|
19
kernel.spec
19
kernel.spec
|
@ -62,7 +62,7 @@ Summary: The Linux kernel
|
|||
# For non-released -rc kernels, this will be appended after the rcX and
|
||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||
#
|
||||
%global baserelease 3
|
||||
%global baserelease 1
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
|
@ -74,7 +74,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 2
|
||||
%define stable_update 3
|
||||
# Is it a -stable RC?
|
||||
%define stable_rc 0
|
||||
# Set rpm version accordingly
|
||||
|
@ -734,9 +734,6 @@ Patch25128: dm-cache-policy-mq_fix-large-scale-table-allocation-bug.patch
|
|||
Patch25129: cpupower-Fix-segfault-due-to-incorrect-getopt_long-a.patch
|
||||
|
||||
Patch25140: drm-qxl-backport-fixes-for-Fedora.patch
|
||||
Patch25160: drm-qxl-fix-memory-leak-in-release-list-handling.patch
|
||||
|
||||
Patch25141: Input-evdev-fall-back-to-vmalloc-for-client-event-buffer.patch
|
||||
|
||||
#CVE-2013-4563 rhbz 1030015 1030017
|
||||
Patch25145: ipv6-fix-headroom-calculation-in-udp6_ufo_fragment.patch
|
||||
|
@ -769,9 +766,6 @@ Patch25159: usbnet-fix-status-interrupt-urb-handling.patch
|
|||
Patch25161: inet-prevent-leakage-of-uninitialized-memory-to-user.patch
|
||||
Patch25162: inet-fix-addr_len-msg_namelen-assignment-in-recv_error-and-rxpmtu-functions.patch
|
||||
|
||||
#rhbz 1033971
|
||||
Patch25163: md-test-mddev-flags-more-safely-in-md_check_recovery.patch
|
||||
|
||||
#rhbz 958826
|
||||
Patch25164: dell-laptop.patch
|
||||
|
||||
|
@ -1473,9 +1467,6 @@ ApplyPatch dm-cache-policy-mq_fix-large-scale-table-allocation-bug.patch
|
|||
ApplyPatch cpupower-Fix-segfault-due-to-incorrect-getopt_long-a.patch
|
||||
|
||||
ApplyPatch drm-qxl-backport-fixes-for-Fedora.patch
|
||||
ApplyPatch drm-qxl-fix-memory-leak-in-release-list-handling.patch
|
||||
|
||||
ApplyPatch Input-evdev-fall-back-to-vmalloc-for-client-event-buffer.patch
|
||||
|
||||
#CVE-2013-4563 rhbz 1030015 1030017
|
||||
ApplyPatch ipv6-fix-headroom-calculation-in-udp6_ufo_fragment.patch
|
||||
|
@ -1508,9 +1499,6 @@ ApplyPatch usbnet-fix-status-interrupt-urb-handling.patch
|
|||
ApplyPatch inet-prevent-leakage-of-uninitialized-memory-to-user.patch
|
||||
ApplyPatch inet-fix-addr_len-msg_namelen-assignment-in-recv_error-and-rxpmtu-functions.patch
|
||||
|
||||
#rhbz 1033971
|
||||
ApplyPatch md-test-mddev-flags-more-safely-in-md_check_recovery.patch
|
||||
|
||||
#rhbz 958826
|
||||
ApplyPatch dell-laptop.patch
|
||||
|
||||
|
@ -2317,6 +2305,9 @@ fi
|
|||
# ||----w |
|
||||
# || ||
|
||||
%changelog
|
||||
* Wed Dec 04 2013 Justin M. Forbes <jforbes@fedoraproject.org> - 3.12.3-1
|
||||
- Linux v3.12.3
|
||||
|
||||
* Tue Dec 3 2013 Peter Robinson <pbrobinson@fedoraproject.org>
|
||||
- Minor ARM cleanups and remove obsolete options
|
||||
|
||||
|
|
|
@ -852,87 +852,6 @@ index eb368d4..0f55e3b 100644
|
|||
1.8.3.1
|
||||
|
||||
|
||||
From 4d729ace6be1c3b2b5d9b0d0301a4ffd342ec74a Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Tue, 18 Jun 2013 17:40:44 +0100
|
||||
Subject: [PATCH 10/18] X.509: Remove certificate date checks
|
||||
|
||||
Remove the certificate date checks that are performed when a certificate is
|
||||
parsed. There are two checks: a valid from and a valid to. The first check is
|
||||
causing a lot of problems with system clocks that don't keep good time and the
|
||||
second places an implicit expiry date upon the kernel when used for module
|
||||
signing, so do we really need them?
|
||||
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
cc: David Woodhouse <dwmw2@infradead.org>
|
||||
cc: Rusty Russell <rusty@rustcorp.com.au>
|
||||
cc: Josh Boyer <jwboyer@redhat.com>
|
||||
cc: Alexander Holler <holler@ahsoftware.de>
|
||||
cc: stable@vger.kernel.org
|
||||
---
|
||||
crypto/asymmetric_keys/x509_public_key.c | 38 --------------------------------
|
||||
1 file changed, 38 deletions(-)
|
||||
|
||||
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
|
||||
index 0f55e3b..c1540e8 100644
|
||||
--- a/crypto/asymmetric_keys/x509_public_key.c
|
||||
+++ b/crypto/asymmetric_keys/x509_public_key.c
|
||||
@@ -108,7 +108,6 @@ EXPORT_SYMBOL_GPL(x509_check_signature);
|
||||
static int x509_key_preparse(struct key_preparsed_payload *prep)
|
||||
{
|
||||
struct x509_certificate *cert;
|
||||
- struct tm now;
|
||||
size_t srlen, sulen;
|
||||
char *desc = NULL;
|
||||
int ret;
|
||||
@@ -150,43 +149,6 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
|
||||
goto error_free_cert;
|
||||
}
|
||||
|
||||
- time_to_tm(CURRENT_TIME.tv_sec, 0, &now);
|
||||
- pr_devel("Now: %04ld-%02d-%02d %02d:%02d:%02d\n",
|
||||
- now.tm_year + 1900, now.tm_mon + 1, now.tm_mday,
|
||||
- now.tm_hour, now.tm_min, now.tm_sec);
|
||||
- if (now.tm_year < cert->valid_from.tm_year ||
|
||||
- (now.tm_year == cert->valid_from.tm_year &&
|
||||
- (now.tm_mon < cert->valid_from.tm_mon ||
|
||||
- (now.tm_mon == cert->valid_from.tm_mon &&
|
||||
- (now.tm_mday < cert->valid_from.tm_mday ||
|
||||
- (now.tm_mday == cert->valid_from.tm_mday &&
|
||||
- (now.tm_hour < cert->valid_from.tm_hour ||
|
||||
- (now.tm_hour == cert->valid_from.tm_hour &&
|
||||
- (now.tm_min < cert->valid_from.tm_min ||
|
||||
- (now.tm_min == cert->valid_from.tm_min &&
|
||||
- (now.tm_sec < cert->valid_from.tm_sec
|
||||
- ))))))))))) {
|
||||
- pr_warn("Cert %s is not yet valid\n", cert->fingerprint);
|
||||
- ret = -EKEYREJECTED;
|
||||
- goto error_free_cert;
|
||||
- }
|
||||
- if (now.tm_year > cert->valid_to.tm_year ||
|
||||
- (now.tm_year == cert->valid_to.tm_year &&
|
||||
- (now.tm_mon > cert->valid_to.tm_mon ||
|
||||
- (now.tm_mon == cert->valid_to.tm_mon &&
|
||||
- (now.tm_mday > cert->valid_to.tm_mday ||
|
||||
- (now.tm_mday == cert->valid_to.tm_mday &&
|
||||
- (now.tm_hour > cert->valid_to.tm_hour ||
|
||||
- (now.tm_hour == cert->valid_to.tm_hour &&
|
||||
- (now.tm_min > cert->valid_to.tm_min ||
|
||||
- (now.tm_min == cert->valid_to.tm_min &&
|
||||
- (now.tm_sec > cert->valid_to.tm_sec
|
||||
- ))))))))))) {
|
||||
- pr_warn("Cert %s has expired\n", cert->fingerprint);
|
||||
- ret = -EKEYEXPIRED;
|
||||
- goto error_free_cert;
|
||||
- }
|
||||
-
|
||||
cert->pub->algo = pkey_algo[cert->pub->pkey_algo];
|
||||
cert->pub->id_type = PKEY_ID_X509;
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
|
||||
From 33f859fea67ab5307da4049e947fbc23cdd13a27 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Fri, 30 Aug 2013 16:07:13 +0100
|
||||
|
|
|
@ -1,43 +0,0 @@
|
|||
Bugzilla: 1033971
|
||||
Upstream-status: 3.13 (should hit 3.12 stable)
|
||||
|
||||
From 142d44c310819e1965ca70b4d55d7679f5797e25 Mon Sep 17 00:00:00 2001
|
||||
From: NeilBrown <neilb@suse.de>
|
||||
Date: Thu, 28 Nov 2013 10:34:18 +1100
|
||||
Subject: [PATCH] md: test mddev->flags more safely in md_check_recovery.
|
||||
|
||||
commit 7a0a5355cbc71efa md: Don't test all of mddev->flags at once.
|
||||
made most tests on mddev->flags safer, but missed one.
|
||||
|
||||
When
|
||||
commit 260fa034ef7a4ff8b7306 md: avoid deadlock when dirty buffers during md_stop.
|
||||
added MD_STILL_CLOSED, this caused md_check_recovery to misbehave.
|
||||
It can think there is something to do but find nothing. This can
|
||||
lead to the md thread spinning during array shutdown.
|
||||
|
||||
https://bugzilla.kernel.org/show_bug.cgi?id=65721
|
||||
|
||||
Reported-and-tested-by: Richard W.M. Jones <rjones@redhat.com>
|
||||
Fixes: 260fa034ef7a4ff8b7306
|
||||
Cc: stable@vger.kernel.org (3.12)
|
||||
Signed-off-by: NeilBrown <neilb@suse.de>
|
||||
---
|
||||
drivers/md/md.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/md/md.c b/drivers/md/md.c
|
||||
index b6b7a28..e60cebf 100644
|
||||
--- a/drivers/md/md.c
|
||||
+++ b/drivers/md/md.c
|
||||
@@ -7777,7 +7777,7 @@ void md_check_recovery(struct mddev *mddev)
|
||||
if (mddev->ro && !test_bit(MD_RECOVERY_NEEDED, &mddev->recovery))
|
||||
return;
|
||||
if ( ! (
|
||||
- (mddev->flags & ~ (1<<MD_CHANGE_PENDING)) ||
|
||||
+ (mddev->flags & MD_UPDATE_SB_FLAGS & ~ (1<<MD_CHANGE_PENDING)) ||
|
||||
test_bit(MD_RECOVERY_NEEDED, &mddev->recovery) ||
|
||||
test_bit(MD_RECOVERY_DONE, &mddev->recovery) ||
|
||||
(mddev->external == 0 && mddev->safemode == 1) ||
|
||||
--
|
||||
1.8.3.1
|
||||
|
Loading…
Reference in New Issue