last minute f14 kernel fixes
This commit is contained in:
parent
8311d5168d
commit
cbdb312a9e
|
@ -0,0 +1,78 @@
|
|||
From 799c10559d60f159ab2232203f222f18fa3c4a5f Mon Sep 17 00:00:00 2001
|
||||
From: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Date: Fri, 15 Oct 2010 11:09:28 -0700
|
||||
Subject: [PATCH] De-pessimize rds_page_copy_user
|
||||
|
||||
Don't try to "optimize" rds_page_copy_user() by using kmap_atomic() and
|
||||
the unsafe atomic user mode accessor functions. It's actually slower
|
||||
than the straightforward code on any reasonable modern CPU.
|
||||
|
||||
Back when the code was written (although probably not by the time it was
|
||||
actually merged, though), 32-bit x86 may have been the dominant
|
||||
architecture. And there kmap_atomic() can be a lot faster than kmap()
|
||||
(unless you have very good locality, in which case the virtual address
|
||||
caching by kmap() can overcome all the downsides).
|
||||
|
||||
But these days, x86-64 may not be more populous, but it's getting there
|
||||
(and if you care about performance, it's definitely already there -
|
||||
you'd have upgraded your CPU's already in the last few years). And on
|
||||
x86-64, the non-kmap_atomic() version is faster, simply because the code
|
||||
is simpler and doesn't have the "re-try page fault" case.
|
||||
|
||||
People with old hardware are not likely to care about RDS anyway, and
|
||||
the optimization for the 32-bit case is simply buggy, since it doesn't
|
||||
verify the user addresses properly.
|
||||
|
||||
Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
|
||||
Acked-by: Andrew Morton <akpm@linux-foundation.org>
|
||||
Cc: stable@kernel.org
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
---
|
||||
net/rds/page.c | 27 +++++++--------------------
|
||||
1 files changed, 7 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/net/rds/page.c b/net/rds/page.c
|
||||
index 595a952..1dfbfea 100644
|
||||
--- a/net/rds/page.c
|
||||
+++ b/net/rds/page.c
|
||||
@@ -57,30 +57,17 @@ int rds_page_copy_user(struct page *page, unsigned long offset,
|
||||
unsigned long ret;
|
||||
void *addr;
|
||||
|
||||
- if (to_user)
|
||||
+ addr = kmap(page);
|
||||
+ if (to_user) {
|
||||
rds_stats_add(s_copy_to_user, bytes);
|
||||
- else
|
||||
+ ret = copy_to_user(ptr, addr + offset, bytes);
|
||||
+ } else {
|
||||
rds_stats_add(s_copy_from_user, bytes);
|
||||
-
|
||||
- addr = kmap_atomic(page, KM_USER0);
|
||||
- if (to_user)
|
||||
- ret = __copy_to_user_inatomic(ptr, addr + offset, bytes);
|
||||
- else
|
||||
- ret = __copy_from_user_inatomic(addr + offset, ptr, bytes);
|
||||
- kunmap_atomic(addr, KM_USER0);
|
||||
-
|
||||
- if (ret) {
|
||||
- addr = kmap(page);
|
||||
- if (to_user)
|
||||
- ret = copy_to_user(ptr, addr + offset, bytes);
|
||||
- else
|
||||
- ret = copy_from_user(addr + offset, ptr, bytes);
|
||||
- kunmap(page);
|
||||
- if (ret)
|
||||
- return -EFAULT;
|
||||
+ ret = copy_from_user(addr + offset, ptr, bytes);
|
||||
}
|
||||
+ kunmap(page);
|
||||
|
||||
- return 0;
|
||||
+ return ret ? -EFAULT : 0;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(rds_page_copy_user);
|
||||
|
||||
--
|
||||
1.7.3.2
|
||||
|
14
kernel.spec
14
kernel.spec
|
@ -48,7 +48,7 @@ Summary: The Linux kernel
|
|||
# reset this by hand to 1 (or to 0 and then use rpmdev-bumpspec).
|
||||
# scripts/rebase.sh should be made to do that for you, actually.
|
||||
#
|
||||
%global baserelease 46
|
||||
%global baserelease 47
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
|
@ -769,6 +769,9 @@ Patch13640: sdhci-8-bit-data-transfer-width-support.patch
|
|||
Patch13641: mmc-make-sdhci-work-with-ricoh-mmc-controller.patch
|
||||
Patch13642: mmc-add-ricoh-e822-pci-id.patch
|
||||
|
||||
Patch13645: tpm-autodetect-itpm-devices.patch
|
||||
Patch13646: depessimize-rds_copy_page_user.patch
|
||||
|
||||
%endif
|
||||
|
||||
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
|
||||
|
@ -1436,6 +1439,9 @@ ApplyPatch sdhci-8-bit-data-transfer-width-support.patch
|
|||
ApplyPatch mmc-make-sdhci-work-with-ricoh-mmc-controller.patch
|
||||
ApplyPatch mmc-add-ricoh-e822-pci-id.patch
|
||||
|
||||
ApplyPatch depessimize-rds_copy_page_user.patch
|
||||
ApplyPatch tpm-autodetect-itpm-devices.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
|
@ -2022,6 +2028,12 @@ fi
|
|||
# and build.
|
||||
|
||||
%changelog
|
||||
* Fri Oct 22 2010 Kyle McMartin <kyle@redhat.com> 2.6.35.6-47
|
||||
- tpm-autodetect-itpm-devices.patch: Auto-fix TPM issues on various
|
||||
laptops which prevented suspend/resume.
|
||||
- depessimize-rds_copy_page_user.patch: Fix CVE-2010-3904, local
|
||||
privilege escalation via RDS protocol.
|
||||
|
||||
* Mon Oct 18 2010 Kyle McMartin <kyle@redhat.com> 2.6.35.6-46
|
||||
- Add Ricoh e822 support. (rhbz#596475) Thanks to sgruszka@ for
|
||||
sending the patches in.
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
commit 8cf5102c84dba60b2ea29b7e89f1a65100e20bb9
|
||||
Author: Matthew Garrett <mjg@redhat.com>
|
||||
Date: Thu Oct 21 17:31:56 2010 -0400
|
||||
|
||||
tpm: Autodetect itpm devices
|
||||
|
||||
Some Lenovos have TPMs that require a quirk to function correctly. This can
|
||||
be autodetected by checking whether the device has a _HID of INTC0102. This
|
||||
is an invalid PNPid, and as such is discarded by the pnp layer - however
|
||||
it's still present in the ACPI code, so we can pull it out that way. This
|
||||
means that the quirk won't be automatically applied on non-ACPI systems,
|
||||
but without ACPI we don't have any way to identify the chip anyway so I
|
||||
don't think that's a great concern.
|
||||
|
||||
Signed-off-by: Matthew Garrett <mjg@redhat.com>
|
||||
|
||||
diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
|
||||
index 1030f84..c17a305 100644
|
||||
--- a/drivers/char/tpm/tpm_tis.c
|
||||
+++ b/drivers/char/tpm/tpm_tis.c
|
||||
@@ -25,6 +25,7 @@
|
||||
#include <linux/slab.h>
|
||||
#include <linux/interrupt.h>
|
||||
#include <linux/wait.h>
|
||||
+#include <linux/acpi.h>
|
||||
#include "tpm.h"
|
||||
|
||||
#define TPM_HEADER_SIZE 10
|
||||
@@ -78,6 +79,26 @@ enum tis_defaults {
|
||||
static LIST_HEAD(tis_chips);
|
||||
static DEFINE_SPINLOCK(tis_lock);
|
||||
|
||||
+#ifdef CONFIG_ACPI
|
||||
+static int is_itpm(struct pnp_dev *dev)
|
||||
+{
|
||||
+ struct acpi_device *acpi = pnp_acpi_device(dev);
|
||||
+ struct acpi_hardware_id *id;
|
||||
+
|
||||
+ list_for_each_entry(id, &acpi->pnp.ids, list) {
|
||||
+ if (!strcmp("INTC0102", id->id))
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+#else
|
||||
+static int is_itpm(struct pnp_dev *dev)
|
||||
+{
|
||||
+ return 0;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
static int check_locality(struct tpm_chip *chip, int l)
|
||||
{
|
||||
if ((ioread8(chip->vendor.iobase + TPM_ACCESS(l)) &
|
||||
@@ -472,6 +493,9 @@ static int tpm_tis_init(struct device *dev, resource_size_t start,
|
||||
"1.2 TPM (device-id 0x%X, rev-id %d)\n",
|
||||
vendor >> 16, ioread8(chip->vendor.iobase + TPM_RID(0)));
|
||||
|
||||
+ if (is_itpm(to_pnp_dev(dev)))
|
||||
+ itpm = 1;
|
||||
+
|
||||
if (itpm)
|
||||
dev_info(dev, "Intel iTPM workaround enabled\n");
|
||||
|
Loading…
Reference in New Issue