Linux v3.12.3
This commit is contained in:
parent
39dec789cc
commit
9263f3b4e7
|
@ -1,67 +0,0 @@
|
||||||
Bugzilla: N/A
|
|
||||||
Upstream-status: 3.13
|
|
||||||
|
|
||||||
From 92eb77d0ffbaa71b501a0a8dabf09a351bf4267f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daniel Stone <daniel@fooishbar.org>
|
|
||||||
Date: Thu, 31 Oct 2013 07:25:34 +0000
|
|
||||||
Subject: Input: evdev - fall back to vmalloc for client event buffer
|
|
||||||
|
|
||||||
evdev always tries to allocate the event buffer for clients using
|
|
||||||
kzalloc rather than vmalloc, presumably to avoid mapping overhead where
|
|
||||||
possible. However, drivers like bcm5974, which claims support for
|
|
||||||
reporting 16 fingers simultaneously, can have an extraordinarily large
|
|
||||||
buffer. The resultant contiguous order-4 allocation attempt fails due
|
|
||||||
to fragmentation, and the device is thus unusable until reboot.
|
|
||||||
|
|
||||||
Try kzalloc if we can to avoid the mapping overhead, but if that fails,
|
|
||||||
fall back to vzalloc.
|
|
||||||
|
|
||||||
Signed-off-by: Daniel Stone <daniels@collabora.com>
|
|
||||||
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
|
|
||||||
---
|
|
||||||
diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
|
|
||||||
index b6ded17..a06e125 100644
|
|
||||||
--- a/drivers/input/evdev.c
|
|
||||||
+++ b/drivers/input/evdev.c
|
|
||||||
@@ -18,6 +18,8 @@
|
|
||||||
#include <linux/poll.h>
|
|
||||||
#include <linux/sched.h>
|
|
||||||
#include <linux/slab.h>
|
|
||||||
+#include <linux/vmalloc.h>
|
|
||||||
+#include <linux/mm.h>
|
|
||||||
#include <linux/module.h>
|
|
||||||
#include <linux/init.h>
|
|
||||||
#include <linux/input/mt.h>
|
|
||||||
@@ -369,7 +371,11 @@ static int evdev_release(struct inode *inode, struct file *file)
|
|
||||||
mutex_unlock(&evdev->mutex);
|
|
||||||
|
|
||||||
evdev_detach_client(evdev, client);
|
|
||||||
- kfree(client);
|
|
||||||
+
|
|
||||||
+ if (is_vmalloc_addr(client))
|
|
||||||
+ vfree(client);
|
|
||||||
+ else
|
|
||||||
+ kfree(client);
|
|
||||||
|
|
||||||
evdev_close_device(evdev);
|
|
||||||
|
|
||||||
@@ -389,12 +395,14 @@ static int evdev_open(struct inode *inode, struct file *file)
|
|
||||||
{
|
|
||||||
struct evdev *evdev = container_of(inode->i_cdev, struct evdev, cdev);
|
|
||||||
unsigned int bufsize = evdev_compute_buffer_size(evdev->handle.dev);
|
|
||||||
+ unsigned int size = sizeof(struct evdev_client) +
|
|
||||||
+ bufsize * sizeof(struct input_event);
|
|
||||||
struct evdev_client *client;
|
|
||||||
int error;
|
|
||||||
|
|
||||||
- client = kzalloc(sizeof(struct evdev_client) +
|
|
||||||
- bufsize * sizeof(struct input_event),
|
|
||||||
- GFP_KERNEL);
|
|
||||||
+ client = kzalloc(size, GFP_KERNEL | __GFP_NOWARN);
|
|
||||||
+ if (!client)
|
|
||||||
+ client = vzalloc(size);
|
|
||||||
if (!client)
|
|
||||||
return -ENOMEM;
|
|
||||||
|
|
||||||
--
|
|
||||||
cgit v0.9.2
|
|
|
@ -150,19 +150,6 @@ index 7e96f4f..18c599d 100644
|
||||||
};
|
};
|
||||||
|
|
||||||
/* forward declaration for QXL_INFO_IO */
|
/* forward declaration for QXL_INFO_IO */
|
||||||
diff --git a/drivers/gpu/drm/qxl/qxl_fb.c b/drivers/gpu/drm/qxl/qxl_fb.c
|
|
||||||
index 88722f2..f437b30 100644
|
|
||||||
--- a/drivers/gpu/drm/qxl/qxl_fb.c
|
|
||||||
+++ b/drivers/gpu/drm/qxl/qxl_fb.c
|
|
||||||
@@ -108,7 +108,7 @@ static void qxl_fb_dirty_flush(struct fb_info *info)
|
|
||||||
u32 x1, x2, y1, y2;
|
|
||||||
|
|
||||||
/* TODO: hard coding 32 bpp */
|
|
||||||
- int stride = qfbdev->qfb.base.pitches[0] * 4;
|
|
||||||
+ int stride = qfbdev->qfb.base.pitches[0];
|
|
||||||
|
|
||||||
x1 = qfbdev->dirty.x1;
|
|
||||||
x2 = qfbdev->dirty.x2;
|
|
||||||
diff --git a/drivers/gpu/drm/qxl/qxl_kms.c b/drivers/gpu/drm/qxl/qxl_kms.c
|
diff --git a/drivers/gpu/drm/qxl/qxl_kms.c b/drivers/gpu/drm/qxl/qxl_kms.c
|
||||||
index 9e8da9e..e0ddd5b 100644
|
index 9e8da9e..e0ddd5b 100644
|
||||||
--- a/drivers/gpu/drm/qxl/qxl_kms.c
|
--- a/drivers/gpu/drm/qxl/qxl_kms.c
|
||||||
|
|
|
@ -1,30 +0,0 @@
|
||||||
Bugzilla: N/A
|
|
||||||
Upstream-status: 3.13
|
|
||||||
|
|
||||||
From 1b28c3e628315ac0d9ef2d3fac0403f05ae692db Mon Sep 17 00:00:00 2001
|
|
||||||
From: Dave Airlie <airlied@redhat.com>
|
|
||||||
Date: Thu, 28 Nov 2013 05:39:03 +0000
|
|
||||||
Subject: drm/qxl: fix memory leak in release list handling
|
|
||||||
|
|
||||||
wow no idea how I got this far without seeing this,
|
|
||||||
leaking the entries in the list makes kmalloc-64 slab grow.
|
|
||||||
|
|
||||||
References: https://bugzilla.kernel.org/show_bug.cgi?id=65121
|
|
||||||
Cc: stable@vger.kernel.org
|
|
||||||
Reported-by: Matthew Stapleton <matthew4196@gmail.com>
|
|
||||||
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
||||||
---
|
|
||||||
diff --git a/drivers/gpu/drm/qxl/qxl_release.c b/drivers/gpu/drm/qxl/qxl_release.c
|
|
||||||
index 0109a96..821ab7b 100644
|
|
||||||
--- a/drivers/gpu/drm/qxl/qxl_release.c
|
|
||||||
+++ b/drivers/gpu/drm/qxl/qxl_release.c
|
|
||||||
@@ -92,6 +92,7 @@ qxl_release_free(struct qxl_device *qdev,
|
|
||||||
- DRM_FILE_OFFSET);
|
|
||||||
qxl_fence_remove_release(&bo->fence, release->id);
|
|
||||||
qxl_bo_unref(&bo);
|
|
||||||
+ kfree(entry);
|
|
||||||
}
|
|
||||||
spin_lock(&qdev->release_idr_lock);
|
|
||||||
idr_remove(&qdev->release_idr, release->id);
|
|
||||||
--
|
|
||||||
cgit v0.9.0.2-2-gbebe
|
|
19
kernel.spec
19
kernel.spec
|
@ -62,7 +62,7 @@ Summary: The Linux kernel
|
||||||
# For non-released -rc kernels, this will be appended after the rcX and
|
# For non-released -rc kernels, this will be appended after the rcX and
|
||||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||||
#
|
#
|
||||||
%global baserelease 3
|
%global baserelease 1
|
||||||
%global fedora_build %{baserelease}
|
%global fedora_build %{baserelease}
|
||||||
|
|
||||||
# base_sublevel is the kernel version we're starting with and patching
|
# base_sublevel is the kernel version we're starting with and patching
|
||||||
|
@ -74,7 +74,7 @@ Summary: The Linux kernel
|
||||||
%if 0%{?released_kernel}
|
%if 0%{?released_kernel}
|
||||||
|
|
||||||
# Do we have a -stable update to apply?
|
# Do we have a -stable update to apply?
|
||||||
%define stable_update 2
|
%define stable_update 3
|
||||||
# Is it a -stable RC?
|
# Is it a -stable RC?
|
||||||
%define stable_rc 0
|
%define stable_rc 0
|
||||||
# Set rpm version accordingly
|
# Set rpm version accordingly
|
||||||
|
@ -734,9 +734,6 @@ Patch25128: dm-cache-policy-mq_fix-large-scale-table-allocation-bug.patch
|
||||||
Patch25129: cpupower-Fix-segfault-due-to-incorrect-getopt_long-a.patch
|
Patch25129: cpupower-Fix-segfault-due-to-incorrect-getopt_long-a.patch
|
||||||
|
|
||||||
Patch25140: drm-qxl-backport-fixes-for-Fedora.patch
|
Patch25140: drm-qxl-backport-fixes-for-Fedora.patch
|
||||||
Patch25160: drm-qxl-fix-memory-leak-in-release-list-handling.patch
|
|
||||||
|
|
||||||
Patch25141: Input-evdev-fall-back-to-vmalloc-for-client-event-buffer.patch
|
|
||||||
|
|
||||||
#CVE-2013-4563 rhbz 1030015 1030017
|
#CVE-2013-4563 rhbz 1030015 1030017
|
||||||
Patch25145: ipv6-fix-headroom-calculation-in-udp6_ufo_fragment.patch
|
Patch25145: ipv6-fix-headroom-calculation-in-udp6_ufo_fragment.patch
|
||||||
|
@ -769,9 +766,6 @@ Patch25159: usbnet-fix-status-interrupt-urb-handling.patch
|
||||||
Patch25161: inet-prevent-leakage-of-uninitialized-memory-to-user.patch
|
Patch25161: inet-prevent-leakage-of-uninitialized-memory-to-user.patch
|
||||||
Patch25162: inet-fix-addr_len-msg_namelen-assignment-in-recv_error-and-rxpmtu-functions.patch
|
Patch25162: inet-fix-addr_len-msg_namelen-assignment-in-recv_error-and-rxpmtu-functions.patch
|
||||||
|
|
||||||
#rhbz 1033971
|
|
||||||
Patch25163: md-test-mddev-flags-more-safely-in-md_check_recovery.patch
|
|
||||||
|
|
||||||
#rhbz 958826
|
#rhbz 958826
|
||||||
Patch25164: dell-laptop.patch
|
Patch25164: dell-laptop.patch
|
||||||
|
|
||||||
|
@ -1473,9 +1467,6 @@ ApplyPatch dm-cache-policy-mq_fix-large-scale-table-allocation-bug.patch
|
||||||
ApplyPatch cpupower-Fix-segfault-due-to-incorrect-getopt_long-a.patch
|
ApplyPatch cpupower-Fix-segfault-due-to-incorrect-getopt_long-a.patch
|
||||||
|
|
||||||
ApplyPatch drm-qxl-backport-fixes-for-Fedora.patch
|
ApplyPatch drm-qxl-backport-fixes-for-Fedora.patch
|
||||||
ApplyPatch drm-qxl-fix-memory-leak-in-release-list-handling.patch
|
|
||||||
|
|
||||||
ApplyPatch Input-evdev-fall-back-to-vmalloc-for-client-event-buffer.patch
|
|
||||||
|
|
||||||
#CVE-2013-4563 rhbz 1030015 1030017
|
#CVE-2013-4563 rhbz 1030015 1030017
|
||||||
ApplyPatch ipv6-fix-headroom-calculation-in-udp6_ufo_fragment.patch
|
ApplyPatch ipv6-fix-headroom-calculation-in-udp6_ufo_fragment.patch
|
||||||
|
@ -1508,9 +1499,6 @@ ApplyPatch usbnet-fix-status-interrupt-urb-handling.patch
|
||||||
ApplyPatch inet-prevent-leakage-of-uninitialized-memory-to-user.patch
|
ApplyPatch inet-prevent-leakage-of-uninitialized-memory-to-user.patch
|
||||||
ApplyPatch inet-fix-addr_len-msg_namelen-assignment-in-recv_error-and-rxpmtu-functions.patch
|
ApplyPatch inet-fix-addr_len-msg_namelen-assignment-in-recv_error-and-rxpmtu-functions.patch
|
||||||
|
|
||||||
#rhbz 1033971
|
|
||||||
ApplyPatch md-test-mddev-flags-more-safely-in-md_check_recovery.patch
|
|
||||||
|
|
||||||
#rhbz 958826
|
#rhbz 958826
|
||||||
ApplyPatch dell-laptop.patch
|
ApplyPatch dell-laptop.patch
|
||||||
|
|
||||||
|
@ -2317,6 +2305,9 @@ fi
|
||||||
# ||----w |
|
# ||----w |
|
||||||
# || ||
|
# || ||
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Dec 04 2013 Justin M. Forbes <jforbes@fedoraproject.org> - 3.12.3-1
|
||||||
|
- Linux v3.12.3
|
||||||
|
|
||||||
* Tue Dec 3 2013 Peter Robinson <pbrobinson@fedoraproject.org>
|
* Tue Dec 3 2013 Peter Robinson <pbrobinson@fedoraproject.org>
|
||||||
- Minor ARM cleanups and remove obsolete options
|
- Minor ARM cleanups and remove obsolete options
|
||||||
|
|
||||||
|
|
|
@ -852,87 +852,6 @@ index eb368d4..0f55e3b 100644
|
||||||
1.8.3.1
|
1.8.3.1
|
||||||
|
|
||||||
|
|
||||||
From 4d729ace6be1c3b2b5d9b0d0301a4ffd342ec74a Mon Sep 17 00:00:00 2001
|
|
||||||
From: David Howells <dhowells@redhat.com>
|
|
||||||
Date: Tue, 18 Jun 2013 17:40:44 +0100
|
|
||||||
Subject: [PATCH 10/18] X.509: Remove certificate date checks
|
|
||||||
|
|
||||||
Remove the certificate date checks that are performed when a certificate is
|
|
||||||
parsed. There are two checks: a valid from and a valid to. The first check is
|
|
||||||
causing a lot of problems with system clocks that don't keep good time and the
|
|
||||||
second places an implicit expiry date upon the kernel when used for module
|
|
||||||
signing, so do we really need them?
|
|
||||||
|
|
||||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
||||||
cc: David Woodhouse <dwmw2@infradead.org>
|
|
||||||
cc: Rusty Russell <rusty@rustcorp.com.au>
|
|
||||||
cc: Josh Boyer <jwboyer@redhat.com>
|
|
||||||
cc: Alexander Holler <holler@ahsoftware.de>
|
|
||||||
cc: stable@vger.kernel.org
|
|
||||||
---
|
|
||||||
crypto/asymmetric_keys/x509_public_key.c | 38 --------------------------------
|
|
||||||
1 file changed, 38 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
|
|
||||||
index 0f55e3b..c1540e8 100644
|
|
||||||
--- a/crypto/asymmetric_keys/x509_public_key.c
|
|
||||||
+++ b/crypto/asymmetric_keys/x509_public_key.c
|
|
||||||
@@ -108,7 +108,6 @@ EXPORT_SYMBOL_GPL(x509_check_signature);
|
|
||||||
static int x509_key_preparse(struct key_preparsed_payload *prep)
|
|
||||||
{
|
|
||||||
struct x509_certificate *cert;
|
|
||||||
- struct tm now;
|
|
||||||
size_t srlen, sulen;
|
|
||||||
char *desc = NULL;
|
|
||||||
int ret;
|
|
||||||
@@ -150,43 +149,6 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
|
|
||||||
goto error_free_cert;
|
|
||||||
}
|
|
||||||
|
|
||||||
- time_to_tm(CURRENT_TIME.tv_sec, 0, &now);
|
|
||||||
- pr_devel("Now: %04ld-%02d-%02d %02d:%02d:%02d\n",
|
|
||||||
- now.tm_year + 1900, now.tm_mon + 1, now.tm_mday,
|
|
||||||
- now.tm_hour, now.tm_min, now.tm_sec);
|
|
||||||
- if (now.tm_year < cert->valid_from.tm_year ||
|
|
||||||
- (now.tm_year == cert->valid_from.tm_year &&
|
|
||||||
- (now.tm_mon < cert->valid_from.tm_mon ||
|
|
||||||
- (now.tm_mon == cert->valid_from.tm_mon &&
|
|
||||||
- (now.tm_mday < cert->valid_from.tm_mday ||
|
|
||||||
- (now.tm_mday == cert->valid_from.tm_mday &&
|
|
||||||
- (now.tm_hour < cert->valid_from.tm_hour ||
|
|
||||||
- (now.tm_hour == cert->valid_from.tm_hour &&
|
|
||||||
- (now.tm_min < cert->valid_from.tm_min ||
|
|
||||||
- (now.tm_min == cert->valid_from.tm_min &&
|
|
||||||
- (now.tm_sec < cert->valid_from.tm_sec
|
|
||||||
- ))))))))))) {
|
|
||||||
- pr_warn("Cert %s is not yet valid\n", cert->fingerprint);
|
|
||||||
- ret = -EKEYREJECTED;
|
|
||||||
- goto error_free_cert;
|
|
||||||
- }
|
|
||||||
- if (now.tm_year > cert->valid_to.tm_year ||
|
|
||||||
- (now.tm_year == cert->valid_to.tm_year &&
|
|
||||||
- (now.tm_mon > cert->valid_to.tm_mon ||
|
|
||||||
- (now.tm_mon == cert->valid_to.tm_mon &&
|
|
||||||
- (now.tm_mday > cert->valid_to.tm_mday ||
|
|
||||||
- (now.tm_mday == cert->valid_to.tm_mday &&
|
|
||||||
- (now.tm_hour > cert->valid_to.tm_hour ||
|
|
||||||
- (now.tm_hour == cert->valid_to.tm_hour &&
|
|
||||||
- (now.tm_min > cert->valid_to.tm_min ||
|
|
||||||
- (now.tm_min == cert->valid_to.tm_min &&
|
|
||||||
- (now.tm_sec > cert->valid_to.tm_sec
|
|
||||||
- ))))))))))) {
|
|
||||||
- pr_warn("Cert %s has expired\n", cert->fingerprint);
|
|
||||||
- ret = -EKEYEXPIRED;
|
|
||||||
- goto error_free_cert;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
cert->pub->algo = pkey_algo[cert->pub->pkey_algo];
|
|
||||||
cert->pub->id_type = PKEY_ID_X509;
|
|
||||||
|
|
||||||
--
|
|
||||||
1.8.3.1
|
|
||||||
|
|
||||||
|
|
||||||
From 33f859fea67ab5307da4049e947fbc23cdd13a27 Mon Sep 17 00:00:00 2001
|
From 33f859fea67ab5307da4049e947fbc23cdd13a27 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Fri, 30 Aug 2013 16:07:13 +0100
|
Date: Fri, 30 Aug 2013 16:07:13 +0100
|
||||||
|
|
|
@ -1,43 +0,0 @@
|
||||||
Bugzilla: 1033971
|
|
||||||
Upstream-status: 3.13 (should hit 3.12 stable)
|
|
||||||
|
|
||||||
From 142d44c310819e1965ca70b4d55d7679f5797e25 Mon Sep 17 00:00:00 2001
|
|
||||||
From: NeilBrown <neilb@suse.de>
|
|
||||||
Date: Thu, 28 Nov 2013 10:34:18 +1100
|
|
||||||
Subject: [PATCH] md: test mddev->flags more safely in md_check_recovery.
|
|
||||||
|
|
||||||
commit 7a0a5355cbc71efa md: Don't test all of mddev->flags at once.
|
|
||||||
made most tests on mddev->flags safer, but missed one.
|
|
||||||
|
|
||||||
When
|
|
||||||
commit 260fa034ef7a4ff8b7306 md: avoid deadlock when dirty buffers during md_stop.
|
|
||||||
added MD_STILL_CLOSED, this caused md_check_recovery to misbehave.
|
|
||||||
It can think there is something to do but find nothing. This can
|
|
||||||
lead to the md thread spinning during array shutdown.
|
|
||||||
|
|
||||||
https://bugzilla.kernel.org/show_bug.cgi?id=65721
|
|
||||||
|
|
||||||
Reported-and-tested-by: Richard W.M. Jones <rjones@redhat.com>
|
|
||||||
Fixes: 260fa034ef7a4ff8b7306
|
|
||||||
Cc: stable@vger.kernel.org (3.12)
|
|
||||||
Signed-off-by: NeilBrown <neilb@suse.de>
|
|
||||||
---
|
|
||||||
drivers/md/md.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/drivers/md/md.c b/drivers/md/md.c
|
|
||||||
index b6b7a28..e60cebf 100644
|
|
||||||
--- a/drivers/md/md.c
|
|
||||||
+++ b/drivers/md/md.c
|
|
||||||
@@ -7777,7 +7777,7 @@ void md_check_recovery(struct mddev *mddev)
|
|
||||||
if (mddev->ro && !test_bit(MD_RECOVERY_NEEDED, &mddev->recovery))
|
|
||||||
return;
|
|
||||||
if ( ! (
|
|
||||||
- (mddev->flags & ~ (1<<MD_CHANGE_PENDING)) ||
|
|
||||||
+ (mddev->flags & MD_UPDATE_SB_FLAGS & ~ (1<<MD_CHANGE_PENDING)) ||
|
|
||||||
test_bit(MD_RECOVERY_NEEDED, &mddev->recovery) ||
|
|
||||||
test_bit(MD_RECOVERY_DONE, &mddev->recovery) ||
|
|
||||||
(mddev->external == 0 && mddev->safemode == 1) ||
|
|
||||||
--
|
|
||||||
1.8.3.1
|
|
||||||
|
|
Loading…
Reference in New Issue