rpms
/
kernel
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Linux v4.0-rc1 

- CVE-2015-0275 ext4: fallocate zero range page size > block size BUG (rhbz 1193907 1195178)
- Disable debugging options.

Yay for major version bumps :\.

We grab the full rc1 tarball instead of just the patch to make this way less
messy in the spec.  When 4.0 final is released, we'll need to undo a few
specific hacks.  Namely, we need to redefine:

upstream_sublevel
kversion
Source0

back to the standard definitions.

Thanks to Kyle for figuring this out 3 years ago.
This commit is contained in:
Josh Boyer 2015-02-23 11:30:18 -05:00
parent ea9098159c
commit d7293323e7
20 changed files with 203 additions and 327 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
ASLR-fix-stack-randomization-on-64-bit-systems.patch
View File

@ -1,104 +0,0 @@
From: Hector Marco-Gisbert <hecmargi@upv.es>
Date: Sat, 14 Feb 2015 09:33:50 -0800
Subject: [PATCH] ASLR: fix stack randomization on 64-bit systems
The issue is that the stack for processes is not properly randomized on 64 bit
architectures due to an integer overflow.
The affected function is randomize_stack_top() in file "fs/binfmt_elf.c":
static unsigned long randomize_stack_top(unsigned long stack_top)
{
unsigned int random_variable = 0;
if ((current->flags & PF_RANDOMIZE) &&
!(current->personality & ADDR_NO_RANDOMIZE)) {
random_variable = get_random_int() & STACK_RND_MASK;
random_variable <<= PAGE_SHIFT;
}
return PAGE_ALIGN(stack_top) + random_variable;
return PAGE_ALIGN(stack_top) - random_variable;
}
Note that, it declares the "random_variable" variable as "unsigned int". Since
the result of the shifting operation between STACK_RND_MASK (which is
0x3fffff on x86_64, 22 bits) and PAGE_SHIFT (which is 12 on x86_64):
random_variable <<= PAGE_SHIFT;
then the two leftmost bits are dropped when storing the result in the
"random_variable". This variable shall be at least 34 bits long to hold the
(22+12) result.
These two dropped bits have an impact on the entropy of process stack.
Concretely, the total stack entropy is reduced by four: from 2^28 to 2^30 (One
fourth of expected entropy).
This patch restores back the entropy by correcting the types involved in the
operations in the functions randomize_stack_top() and stack_maxrandom_size().
The successful fix can be tested with:
$ for i in `seq 1 10`; do cat /proc/self/maps | grep stack; done
7ffeda566000-7ffeda587000 rw-p 00000000 00:00 0 [stack]
7fff5a332000-7fff5a353000 rw-p 00000000 00:00 0 [stack]
7ffcdb7a1000-7ffcdb7c2000 rw-p 00000000 00:00 0 [stack]
7ffd5e2c4000-7ffd5e2e5000 rw-p 00000000 00:00 0 [stack]
...
Once corrected, the leading bytes should be between 7ffc and 7fff, rather
than always being 7fff.
CVE-2015-1593
Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
Signed-off-by: Ismael Ripoll <iripoll@upv.es>
[kees: rebase, fix 80 char, clean up commit message, add test example, cve]
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
---
arch/x86/mm/mmap.c | 6 +++---
fs/binfmt_elf.c | 5 +++--
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
index 919b91205cd4..df4552bd239e 100644
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -35,12 +35,12 @@ struct va_alignment __read_mostly va_align = {
.flags = -1,
};
-static unsigned int stack_maxrandom_size(void)
+static unsigned long stack_maxrandom_size(void)
{
- unsigned int max = 0;
+ unsigned long max = 0;
if ((current->flags & PF_RANDOMIZE) &&
!(current->personality & ADDR_NO_RANDOMIZE)) {
- max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT;
+ max = ((-1UL) & STACK_RND_MASK) << PAGE_SHIFT;
}
return max;
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 02b16910f4c9..995986b8e36b 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -645,11 +645,12 @@ out:
static unsigned long randomize_stack_top(unsigned long stack_top)
{
- unsigned int random_variable = 0;
+ unsigned long random_variable = 0;
if ((current->flags & PF_RANDOMIZE) &&
!(current->personality & ADDR_NO_RANDOMIZE)) {
- random_variable = get_random_int() & STACK_RND_MASK;
+ random_variable = (unsigned long) get_random_int();
+ random_variable &= STACK_RND_MASK;
random_variable <<= PAGE_SHIFT;
}
#ifdef CONFIG_STACK_GROWSUP
--
2.1.0

14
Add-option-to-automatically-enforce-module-signature.patch
View File

@ -20,7 +20,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
7 files changed, 69 insertions(+), 1 deletion(-)
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
index 199f453cb4de..ec38acf00b40 100644
index 82fbdbc1e0b0..a811210ad486 100644
--- a/Documentation/x86/zero-page.txt
+++ b/Documentation/x86/zero-page.txt
@@ -30,6 +30,8 @@ Offset Proto Name Meaning
@ -33,10 +33,10 @@ index 199f453cb4de..ec38acf00b40 100644
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
2D0/A00 ALL e820_map E820 memory map table
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index eb1cf898ed3c..a2a0a1636287 100644
index c2fb8a87dccb..0ec6272203e4 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1678,6 +1678,16 @@ config EFI_MIXED
@@ -1694,6 +1694,16 @@ config EFI_MIXED
If unsure, say N.
@ -115,10 +115,10 @@ index ef17683484e9..105e7360d747 100644
setup_efi_pci(boot_params);
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
index 225b0988043a..90dbfb73e11f 100644
index 44e6dd7e36a2..3ddf4150bd9e 100644
--- a/arch/x86/include/uapi/asm/bootparam.h
+++ b/arch/x86/include/uapi/asm/bootparam.h
@@ -133,7 +133,8 @@ struct boot_params {
@@ -134,7 +134,8 @@ struct boot_params {
__u8 eddbuf_entries; /* 0x1e9 */
__u8 edd_mbr_sig_buf_entries; /* 0x1ea */
__u8 kbd_status; /* 0x1eb */
@ -129,10 +129,10 @@ index 225b0988043a..90dbfb73e11f 100644
* The sentinel is set to a nonzero value (0xff) in header.S.
*
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 0a2421cca01f..a3d8174dedf9 100644
index 98dc9317286e..26741d24797e 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1151,6 +1151,12 @@ void __init setup_arch(char **cmdline_p)
@@ -1165,6 +1165,12 @@ void __init setup_arch(char **cmdline_p)
io_delay_init();

6
Add-sysrq-option-to-disable-secure-boot-mode.patch
View File

@ -15,7 +15,7 @@ Upstream-status: Fedora mustard
7 files changed, 65 insertions(+), 10 deletions(-)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 26c5d54124c1..dab298f03a9c 100644
index 64a123acb97f..2964c69e7c8e 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -70,6 +70,11 @@
@ -30,7 +30,7 @@ index 26c5d54124c1..dab298f03a9c 100644
#include <video/edid.h>
#include <asm/mtrr.h>
@@ -1278,6 +1283,37 @@ void __init i386_reserve_resources(void)
@@ -1292,6 +1297,37 @@ void __init i386_reserve_resources(void)
#endif /* CONFIG_X86_32 */
@ -215,7 +215,7 @@ index 387fa7d05c98..4b07e30b3279 100644
int unregister_sysrq_key(int key, struct sysrq_key_op *op);
struct sysrq_key_op *__sysrq_get_key_op(int key);
diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
index 7b40c5f07dce..8a60477b96e1 100644
index 4121345498e0..0ff3cef5df96 100644
--- a/kernel/debug/kdb/kdb_main.c
+++ b/kernel/debug/kdb/kdb_main.c
@@ -1968,7 +1968,7 @@ static int kdb_sr(int argc, const char **argv)

2
Kbuild-Add-an-option-to-enable-GCC-VTA.patch
View File

@ -43,7 +43,7 @@ Signed-off-by: Josh Stone <jistone@redhat.com>
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 19e256ae2679..376e8a456f72 100644
index 9fab639727c7..d67b25152475 100644
--- a/Makefile
+++ b/Makefile
@@ -706,7 +706,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer

2
Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch
View File

@ -28,7 +28,7 @@ index bfcb1a62a7b4..a1d62e9ed29b 100644
virtio_mmio.device=
[VMMIO] Memory mapped virtio (platform) device.
diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
index 88a4f99dd2a7..570920c08a51 100644
index debd30917010..eeb4cf627553 100644
--- a/drivers/acpi/video.c
+++ b/drivers/acpi/video.c
@@ -68,7 +68,7 @@ MODULE_AUTHOR("Bruno Ducrot");

2
arm-highbank-l2-reverts.patch
View File

@ -9,7 +9,7 @@ Will debug upstream separately, but we need F22/21 running there. (#1139762)
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/arch/arm/mach-highbank/highbank.c b/arch/arm/mach-highbank/highbank.c
index 07a09570175d..5db6d14fcd67 100644
index 231fba0d03e5..0de5a6ddd5eb 100644
--- a/arch/arm/mach-highbank/highbank.c
+++ b/arch/arm/mach-highbank/highbank.c
@@ -51,13 +51,11 @@ static void __init highbank_scu_map_io(void)

3
config-arm-generic
View File

@ -196,9 +196,6 @@ CONFIG_IIO_SYSFS_TRIGGER=m
# PHY framework
CONFIG_GENERIC_PHY=y
# MFD
CONFIG_MFD_CORE=m
CONFIG_SMC91X=m
CONFIG_SMC911X=m

2
config-armv7
View File

@ -329,6 +329,8 @@ CONFIG_PINCTRL_MSM8X74=m
CONFIG_PINCTRL_MSM8916=m
CONFIG_PINCTRL_QCOM_SPMI_PMIC=m
CONFIG_COMMON_CLK_QCOM=m
# CONFIG_IPQ_LCC_806X is not set
# CONFIG_MSM_LCC_8960 is not set
CONFIG_MFD_QCOM_RPM=m
CONFIG_MFD_PM8921_CORE=m
CONFIG_REGULATOR_QCOM_RPM=m

3
config-armv7-generic
View File

@ -408,8 +408,6 @@ CONFIG_DRM_PANEL_S6E8AA0=m
CONFIG_DRM_PANEL_SHARP_LQ101R1SX01=m
# regmap
CONFIG_REGMAP=y
CONFIG_REGMAP_I2C=m
CONFIG_REGMAP_SPI=m
CONFIG_REGMAP_SPMI=m
CONFIG_REGMAP_MMIO=m
@ -835,6 +833,7 @@ CONFIG_SND_SOC_TS3A227E=m
# CONFIG_INPUT_AXP20X_PEK is not set
# CONFIG_POWER_RESET_BRCMSTB is not set
# CONFIG_INPUT_TPS65218_PWRBUTTON is not set
# CONFIG_CLK_QORIQ is not set
# Debug options. We need to deal with them at some point like x86
# CONFIG_DEBUG_USER is not set

12
config-generic
View File

@ -201,6 +201,7 @@ CONFIG_BINFMT_MISC=m
#
# CONFIG_COMMON_CLK_SI5351 is not set
# CONFIG_COMMON_CLK_CDCE706 is not set
#
# Generic Driver Options
@ -214,6 +215,9 @@ CONFIG_EXTRA_FIRMWARE=""
# CONFIG_FW_LOADER_USER_HELPER is not set
# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set
CONFIG_REGMAP=y
CONFIG_REGMAP_I2C=m
# CONFIG_CMA is not set
# CONFIG_DMA_CMA is not set
# CONFIG_FENCE_TRACE is not set
@ -1713,13 +1717,13 @@ CONFIG_B43_PCMCIA=y
CONFIG_B43_SDIO=y
CONFIG_B43_BCMA=y
CONFIG_B43_BCMA_PIO=y
CONFIG_B43_DEBUG=y
# CONFIG_B43_DEBUG is not set
CONFIG_B43_PHY_LP=y
CONFIG_B43_PHY_N=y
CONFIG_B43_PHY_HT=y
CONFIG_B43_PHY_G=y
CONFIG_B43LEGACY=m
CONFIG_B43LEGACY_DEBUG=y
# CONFIG_B43LEGACY_DEBUG is not set
CONFIG_B43LEGACY_DMA=y
CONFIG_B43LEGACY_PIO=y
CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y
@ -4056,6 +4060,8 @@ CONFIG_PCF50633_GPIO=m
CONFIG_INPUT_PCF50633_PMU=m
CONFIG_INPUT_GPIO_ROTARY_ENCODER=m
CONFIG_MFD_CORE=m
CONFIG_MFD_VX855=m
CONFIG_MFD_SM501=m
CONFIG_MFD_SM501_GPIO=y
@ -4778,7 +4784,7 @@ CONFIG_PM_DEBUG=y
# CONFIG_DPM_WATCHDOG is not set # revisit this in debug
CONFIG_PM_TRACE=y
CONFIG_PM_TRACE_RTC=y
CONFIG_PM_TEST_SUSPEND=y
# CONFIG_PM_TEST_SUSPEND is not set
CONFIG_PM_RUNTIME=y
# CONFIG_PM_OPP is not set
# CONFIG_PM_AUTOSLEEP is not set

112
config-nodebug
View File

@ -2,100 +2,100 @@ CONFIG_SND_VERBOSE_PRINTK=y
CONFIG_SND_DEBUG=y
CONFIG_SND_PCM_XRUN_DEBUG=y
CONFIG_DEBUG_ATOMIC_SLEEP=y
# CONFIG_DEBUG_ATOMIC_SLEEP is not set
CONFIG_DEBUG_MUTEXES=y
CONFIG_DEBUG_RT_MUTEXES=y
CONFIG_DEBUG_LOCK_ALLOC=y
CONFIG_LOCK_TORTURE_TEST=m
CONFIG_PROVE_LOCKING=y
CONFIG_DEBUG_SPINLOCK=y
CONFIG_PROVE_RCU=y
# CONFIG_DEBUG_MUTEXES is not set
# CONFIG_DEBUG_RT_MUTEXES is not set
# CONFIG_DEBUG_LOCK_ALLOC is not set
# CONFIG_LOCK_TORTURE_TEST is not set
# CONFIG_PROVE_LOCKING is not set
# CONFIG_DEBUG_SPINLOCK is not set
# CONFIG_PROVE_RCU is not set
# CONFIG_PROVE_RCU_REPEATEDLY is not set
CONFIG_DEBUG_PER_CPU_MAPS=y
# CONFIG_DEBUG_PER_CPU_MAPS is not set
CONFIG_CPUMASK_OFFSTACK=y
CONFIG_CPU_NOTIFIER_ERROR_INJECT=m
# CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set
CONFIG_FAULT_INJECTION=y
CONFIG_FAILSLAB=y
CONFIG_FAIL_PAGE_ALLOC=y
CONFIG_FAIL_MAKE_REQUEST=y
CONFIG_FAULT_INJECTION_DEBUG_FS=y
CONFIG_FAULT_INJECTION_STACKTRACE_FILTER=y
CONFIG_FAIL_IO_TIMEOUT=y
CONFIG_FAIL_MMC_REQUEST=y
# CONFIG_FAULT_INJECTION is not set
# CONFIG_FAILSLAB is not set
# CONFIG_FAIL_PAGE_ALLOC is not set
# CONFIG_FAIL_MAKE_REQUEST is not set
# CONFIG_FAULT_INJECTION_DEBUG_FS is not set
# CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is not set
# CONFIG_FAIL_IO_TIMEOUT is not set
# CONFIG_FAIL_MMC_REQUEST is not set
CONFIG_LOCK_STAT=y
# CONFIG_LOCK_STAT is not set
CONFIG_DEBUG_STACK_USAGE=y
# CONFIG_DEBUG_STACK_USAGE is not set
CONFIG_ACPI_DEBUG=y
# CONFIG_ACPI_DEBUG is not set
CONFIG_DEBUG_SG=y
CONFIG_DEBUG_PI_LIST=y
# CONFIG_DEBUG_SG is not set
# CONFIG_DEBUG_PI_LIST is not set
# CONFIG_PAGE_EXTENSION is not set
# CONFIG_PAGE_OWNER is not set
# CONFIG_DEBUG_PAGEALLOC is not set
CONFIG_DEBUG_OBJECTS=y
# CONFIG_DEBUG_OBJECTS is not set
# CONFIG_DEBUG_OBJECTS_SELFTEST is not set
CONFIG_DEBUG_OBJECTS_FREE=y
CONFIG_DEBUG_OBJECTS_TIMERS=y
CONFIG_DEBUG_OBJECTS_RCU_HEAD=y
# CONFIG_DEBUG_OBJECTS_FREE is not set
# CONFIG_DEBUG_OBJECTS_TIMERS is not set
# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set
CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1
CONFIG_X86_PTDUMP=y
CONFIG_ARM64_PTDUMP=y
CONFIG_EFI_PGT_DUMP=y
# CONFIG_ARM64_PTDUMP is not set
# CONFIG_EFI_PGT_DUMP is not set
CONFIG_CAN_DEBUG_DEVICES=y
# CONFIG_CAN_DEBUG_DEVICES is not set
CONFIG_MODULE_FORCE_UNLOAD=y
# CONFIG_MODULE_FORCE_UNLOAD is not set
CONFIG_DEBUG_NOTIFIERS=y
# CONFIG_DEBUG_NOTIFIERS is not set
CONFIG_DMA_API_DEBUG=y
# CONFIG_DMA_API_DEBUG is not set
CONFIG_MMIOTRACE=y
# CONFIG_MMIOTRACE is not set
CONFIG_DEBUG_CREDENTIALS=y
# CONFIG_DEBUG_CREDENTIALS is not set
# off in both production debug and nodebug builds,
# on in rawhide nodebug builds
CONFIG_DEBUG_FORCE_WEAK_PER_CPU=y
# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
CONFIG_EXT4_DEBUG=y
# CONFIG_EXT4_DEBUG is not set
# CONFIG_XFS_WARN is not set
CONFIG_DEBUG_PERF_USE_VMALLOC=y
# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
CONFIG_JBD2_DEBUG=y
# CONFIG_JBD2_DEBUG is not set
CONFIG_NFSD_FAULT_INJECTION=y
# CONFIG_NFSD_FAULT_INJECTION is not set
CONFIG_DEBUG_BLK_CGROUP=y
# CONFIG_DEBUG_BLK_CGROUP is not set
CONFIG_DRBD_FAULT_INJECTION=y
# CONFIG_DRBD_FAULT_INJECTION is not set
CONFIG_ATH_DEBUG=y
CONFIG_CARL9170_DEBUGFS=y
CONFIG_IWLWIFI_DEVICE_TRACING=y
# CONFIG_ATH_DEBUG is not set
# CONFIG_CARL9170_DEBUGFS is not set
# CONFIG_IWLWIFI_DEVICE_TRACING is not set
# CONFIG_RTLWIFI_DEBUG is not set
CONFIG_DEBUG_OBJECTS_WORK=y
# CONFIG_DEBUG_OBJECTS_WORK is not set
CONFIG_DMADEVICES_DEBUG=y
CONFIG_DMADEVICES_VDEBUG=y
# CONFIG_DMADEVICES_DEBUG is not set
# CONFIG_DMADEVICES_VDEBUG is not set
CONFIG_PM_ADVANCED_DEBUG=y
CONFIG_CEPH_LIB_PRETTYDEBUG=y
CONFIG_QUOTA_DEBUG=y
# CONFIG_CEPH_LIB_PRETTYDEBUG is not set
# CONFIG_QUOTA_DEBUG is not set
CONFIG_KGDB_KDB=y
@ -103,18 +103,18 @@ CONFIG_KDB_DEFAULT_ENABLE=0x0
CONFIG_KDB_KEYBOARD=y
CONFIG_KDB_CONTINUE_CATASTROPHIC=0
CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y
# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set
# CONFIG_PERCPU_TEST is not set
CONFIG_TEST_LIST_SORT=y
# CONFIG_TEST_LIST_SORT is not set
# CONFIG_TEST_STRING_HELPERS is not set
CONFIG_DETECT_HUNG_TASK=y
# CONFIG_DETECT_HUNG_TASK is not set
CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y
# CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK is not set
CONFIG_DEBUG_KMEMLEAK=y
# CONFIG_DEBUG_KMEMLEAK is not set
CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=1024
# CONFIG_DEBUG_KMEMLEAK_TEST is not set
CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y
@ -125,7 +125,7 @@ CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y
# CONFIG_SPI_DEBUG is not set
CONFIG_X86_DEBUG_STATIC_CPU_HAS=y
# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set
# CONFIG_SCHEDSTATS is not set
# CONFIG_LATENCYTOP is not set

1
config-x86-32-generic
View File

@ -178,6 +178,7 @@ CONFIG_SERIAL_GRLIB_GAISLER_APBUART=m
# CONFIG_MMC_SDHCI_OF is not set
# CONFIG_X86_INTEL_MID is not set
# CONFIG_X86_INTEL_QUARK is not set
CONFIG_MFD_CS5535=m
# CONFIG_MFD_SYSCON is not set

2
config-x86-generic
View File

@ -348,7 +348,7 @@ CONFIG_SP5100_TCO=m
# CONFIG_MEMTEST is not set
# CONFIG_DEBUG_TLBFLUSH is not set
CONFIG_MAXSMP=y
# CONFIG_MAXSMP is not set
CONFIG_HP_ILO=m

4
efi-Add-EFI_SECURE_BOOT-bit.patch
View File

@ -12,10 +12,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
2 files changed, 3 insertions(+)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index a3d8174dedf9..26c5d54124c1 100644
index 26741d24797e..64a123acb97f 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1153,7 +1153,9 @@ void __init setup_arch(char **cmdline_p)
@@ -1167,7 +1167,9 @@ void __init setup_arch(char **cmdline_p)
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
if (boot_params.secure_boot) {

4
efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
View File

@ -11,10 +11,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index a2a0a1636287..5b5c9e803d19 100644
index 0ec6272203e4..9d8c58783e7d 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1679,7 +1679,8 @@ config EFI_MIXED
@@ -1695,7 +1695,8 @@ config EFI_MIXED
If unsure, say N.
config EFI_SECURE_BOOT_SIG_ENFORCE

78
ext4-Allocate-entire-range-in-zero-range.patch Normal file
View File

@ -0,0 +1,78 @@
From: Lukas Czerner <lczerner@redhat.com>
Date: Wed, 18 Feb 2015 17:49:28 +0100
Subject: [PATCH] ext4: Allocate entire range in zero range
Currently there is a bug in zero range code which causes zero range
calls to only allocate block aligned portion of the range, while
ignoring the rest in some cases.
In some cases, namely if the end of the range is past isize, we do
attempt to preallocate the last nonaligned block. However this might
cause kernel to BUG() in some carefully designed zero range requests on
setups where page size > block size.
Fix this problem by first preallocating the entire range, including the
nonaligned edges and converting the written extents to unwritten in the
next step. This approach will also give us the advantage of having the
range to be as linearly contiguous as possible.
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
---
fs/ext4/extents.c | 31 +++++++++++++++++++------------
1 file changed, 19 insertions(+), 12 deletions(-)
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index bed43081720f..aa522429b751 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -4803,12 +4803,6 @@ static long ext4_zero_range(struct file *file, loff_t offset,
else
max_blocks -= lblk;
- flags = EXT4_GET_BLOCKS_CREATE_UNWRIT_EXT |
- EXT4_GET_BLOCKS_CONVERT_UNWRITTEN |
- EXT4_EX_NOCACHE;
- if (mode & FALLOC_FL_KEEP_SIZE)
- flags |= EXT4_GET_BLOCKS_KEEP_SIZE;
-
mutex_lock(&inode->i_mutex);
/*
@@ -4825,15 +4819,28 @@ static long ext4_zero_range(struct file *file, loff_t offset,
ret = inode_newsize_ok(inode, new_size);
if (ret)
goto out_mutex;
- /*
- * If we have a partial block after EOF we have to allocate
- * the entire block.
- */
- if (partial_end)
- max_blocks += 1;
}
+ flags = EXT4_GET_BLOCKS_CREATE_UNWRIT_EXT;
+ if (mode & FALLOC_FL_KEEP_SIZE)
+ flags |= EXT4_GET_BLOCKS_KEEP_SIZE;
+
+ /* Preallocate the range including the unaligned edges */
+ if (partial_begin || partial_end) {
+ ret = ext4_alloc_file_blocks(file,
+ round_down(offset, 1 << blkbits) >> blkbits,
+ (round_up((offset + len), 1 << blkbits) -
+ round_down(offset, 1 << blkbits)) >> blkbits,
+ new_size, flags, mode);
+ if (ret)
+ goto out_mutex;
+
+ }
+
+ /* Zero range excluding the unaligned edges */
if (max_blocks > 0) {
+ flags |= (EXT4_GET_BLOCKS_CONVERT_UNWRITTEN |
+ EXT4_EX_NOCACHE);
/* Now release the pages and zero block aligned part of pages*/
truncate_pagecache_range(inode, start, end - 1);
--
2.1.0

76
kernel.spec
View File

@ -48,7 +48,7 @@ Summary: The Linux kernel
# base_sublevel is the kernel version we're starting with and patching
# on top of -- for example, 3.1-rc7-git1 starts with a 3.0 base,
# which yields a base_sublevel of 0.
%define base_sublevel 19
%define base_sublevel 0
## If this is a released kernel ##
%if 0%{?released_kernel}
@ -60,18 +60,19 @@ Summary: The Linux kernel
%define stablerev %{stable_update}
%define stable_base %{stable_update}
%endif
%define rpmversion 3.%{base_sublevel}.%{stable_update}
%define rpmversion 4.%{base_sublevel}.%{stable_update}
## The not-released-kernel case ##
%else
# The next upstream release sublevel (base_sublevel+1)
%define upstream_sublevel %(echo $((%{base_sublevel} + 1)))
# define upstream_sublevel %(echo $((%{base_sublevel} + 1)))
%define upstream_sublevel 0
# The rc snapshot level
%define rcrev 0
%define rcrev 1
# The git snapshot level
%define gitrev 10
%define gitrev 0
# Set rpm version accordingly
%define rpmversion 3.%{upstream_sublevel}.0
%define rpmversion 4.%{upstream_sublevel}.0
%endif
# Nb: The above rcrev and gitrev values automagically define Patch00 and Patch01 below.
@ -124,7 +125,7 @@ Summary: The Linux kernel
# Set debugbuildsenabled to 1 for production (build separate debug kernels)
# and 0 for rawhide (all kernels are debug kernels).
# See also 'make debug' and 'make release'.
%define debugbuildsenabled 0
%define debugbuildsenabled 1
# Want to build a vanilla kernel build without any non-upstream patches?
%define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0}
@ -152,7 +153,8 @@ Summary: The Linux kernel
%endif
# The kernel tarball/base version
%define kversion 3.%{base_sublevel}
# define kversion 4.%{base_sublevel}
%define kversion 4.%{base_sublevel}-rc%rcrev
%define make_target bzImage
@ -409,7 +411,8 @@ BuildRequires: binutils-%{_build_arch}-linux-gnu, gcc-%{_build_arch}-linux-gnu
%define cross_opts CROSS_COMPILE=%{_build_arch}-linux-gnu-
%endif
Source0: ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-%{kversion}.tar.xz
#Source0: ftp://ftp.kernel.org/pub/linux/kernel/v4.x/linux-%{kversion}.tar.xz
Source0: ftp://ftp.kernel.org/pub/linux/kernel/v4.x/linux-4.0-rc1.tar.xz
Source10: perf-man-%{kversion}.tar.gz
Source11: x509.genkey
@ -471,7 +474,7 @@ Source2001: cpupower.config
# For a stable release kernel
%if 0%{?stable_update}
%if 0%{?stable_base}
%define stable_patch_00 patch-3.%{base_sublevel}.%{stable_base}.xz
%define stable_patch_00 patch-4.%{base_sublevel}.%{stable_base}.xz
Patch00: %{stable_patch_00}
%endif
@ -480,14 +483,14 @@ Patch00: %{stable_patch_00}
# near the top of this spec file.
%else
%if 0%{?rcrev}
Patch00: patch-3.%{upstream_sublevel}-rc%{rcrev}.xz
Patch00: patch-4.%{upstream_sublevel}-rc%{rcrev}.xz
%if 0%{?gitrev}
Patch01: patch-3.%{upstream_sublevel}-rc%{rcrev}-git%{gitrev}.xz
Patch01: patch-4.%{upstream_sublevel}-rc%{rcrev}-git%{gitrev}.xz
%endif
%else
# pre-{base_sublevel+1}-rc1 case
%if 0%{?gitrev}
Patch00: patch-3.%{base_sublevel}-git%{gitrev}.xz
Patch00: patch-4.%{base_sublevel}-git%{gitrev}.xz
%endif
%endif
%endif
@ -609,19 +612,13 @@ Patch26059: i8042-Add-notimeout-quirk-for-Fujitsu-Lifebook-A544-.patch
#rhbz 1094948
Patch26131: acpi-video-Add-disable_native_backlight-quirk-for-Sa.patch
#rhbz 1188074
Patch26133: ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch
Patch26134: perf-tools-Define-_GNU_SOURCE-on-pthread_attr_setaff.patch
#CVE-2015-1593 rhbz 1192519 1192520
Patch26135: ASLR-fix-stack-randomization-on-64-bit-systems.patch
#CVE-XXXX-XXXX rhbz 1189864 1192079
Patch26136: vhost-scsi-potential-memory-corruption.patch
Patch26137: fifo-nv04-remove-the-loop-from-the-interrupt-handler.patch
#CVE-2015-0275 rhbz 1193907 1195178
Patch26138: ext4-Allocate-entire-range-in-zero-range.patch
# git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel
Patch30000: kernel-arm64.patch
Patch30001: kernel-arm64-fix-psci-when-pg.patch
@ -1024,20 +1021,20 @@ ApplyOptionalPatch()
# Update to latest upstream.
%if 0%{?released_kernel}
%define vanillaversion 3.%{base_sublevel}
%define vanillaversion 4.%{base_sublevel}
# non-released_kernel case
%else
%if 0%{?rcrev}
%define vanillaversion 3.%{upstream_sublevel}-rc%{rcrev}
%define vanillaversion 4.%{upstream_sublevel}-rc%{rcrev}
%if 0%{?gitrev}
%define vanillaversion 3.%{upstream_sublevel}-rc%{rcrev}-git%{gitrev}
%define vanillaversion 4.%{upstream_sublevel}-rc%{rcrev}-git%{gitrev}
%endif
%else
# pre-{base_sublevel+1}-rc1 case
%if 0%{?gitrev}
%define vanillaversion 3.%{base_sublevel}-git%{gitrev}
%define vanillaversion 4.%{base_sublevel}-git%{gitrev}
%else
%define vanillaversion 3.%{base_sublevel}
%define vanillaversion 4.%{base_sublevel}
%endif
%endif
%endif
@ -1050,7 +1047,7 @@ ApplyOptionalPatch()
# Build a list of the other top-level kernel tree directories.
# This will be used to hardlink identical vanilla subdirs.
sharedirs=$(find "$PWD" -maxdepth 1 -type d -name 'kernel-3.*' \
sharedirs=$(find "$PWD" -maxdepth 1 -type d -name 'kernel-4.*' \
| grep -x -v "$PWD"/kernel-%{kversion}%{?dist}) ||:
# Delete all old stale trees.
@ -1121,14 +1118,14 @@ if [ ! -d kernel-%{kversion}%{?dist}/vanilla-%{vanillaversion} ]; then
# Update vanilla to the latest upstream.
# (non-released_kernel case only)
%if 0%{?rcrev}
ApplyPatch patch-3.%{upstream_sublevel}-rc%{rcrev}.xz
ApplyPatch patch-4.%{upstream_sublevel}-rc%{rcrev}.xz
%if 0%{?gitrev}
ApplyPatch patch-3.%{upstream_sublevel}-rc%{rcrev}-git%{gitrev}.xz
ApplyPatch patch-4.%{upstream_sublevel}-rc%{rcrev}-git%{gitrev}.xz
%endif
%else
# pre-{base_sublevel+1}-rc1 case
%if 0%{?gitrev}
ApplyPatch patch-3.%{base_sublevel}-git%{gitrev}.xz
ApplyPatch patch-4.%{base_sublevel}-git%{gitrev}.xz
%endif
%endif
@ -1341,19 +1338,13 @@ ApplyPatch i8042-Add-notimeout-quirk-for-Fujitsu-Lifebook-A544-.patch
#rhbz 1094948
ApplyPatch acpi-video-Add-disable_native_backlight-quirk-for-Sa.patch
#rhbz 1188074
ApplyPatch ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch
ApplyPatch perf-tools-Define-_GNU_SOURCE-on-pthread_attr_setaff.patch
#CVE-2015-1593 rhbz 1192519 1192520
ApplyPatch ASLR-fix-stack-randomization-on-64-bit-systems.patch
#CVE-XXXX-XXXX rhbz 1189864 1192079
ApplyPatch vhost-scsi-potential-memory-corruption.patch
ApplyPatch fifo-nv04-remove-the-loop-from-the-interrupt-handler.patch
#CVE-2015-0275 rhbz 1193907 1195178
ApplyPatch ext4-Allocate-entire-range-in-zero-range.patch
%if 0%{?aarch64patches}
ApplyPatch kernel-arm64.patch
%ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does.
@ -2212,6 +2203,11 @@ fi
#
#
%changelog
* Mon Feb 23 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.0.0-0.rc1.git0.1
- Linux v4.0-rc1
- CVE-2015-0275 ext4: fallocate zero range page size > block size BUG (rhbz 1193907 1195178)
- Disable debugging options.
* Fri Feb 20 2015 Josh Boyer <jwboyer@fedoraproject.org> - 3.20.0-0.rc0.git10.1
- Linux v3.19-8975-g3d883483dc0a
- Add patch to fix intermittent hangs in nouveau driver

45
ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch
View File

@ -1,45 +0,0 @@
From: John Stultz <john.stultz@linaro.org>
Date: Mon, 2 Feb 2015 10:57:56 -0800
Subject: [PATCH] ntp: Fixup adjtimex freq validation on 32bit systems
Additional validation of adjtimex freq values to avoid
potential multiplication overflows were added in commit
5e5aeb4367b (time: adjtimex: Validate the ADJ_FREQUENCY values)
Unfortunately the patch used LONG_MAX/MIN instead of
LLONG_MAX/MIN, which was fine on 64bit systems, but caused
false positives on 32bit systems resulting in most direct
frequency adjustments to fail w/ EINVAL.
ntpd only does driect frequency adjustments at startup,
so the issue was not easily observed there, but other sync
applications like ptpd and chrony were more effected by
the bug.
Cc: Sasha Levin <sasha.levin@oracle.com>
Reported-by: Josh Boyer <jwboyer@fedoraproject.org>
Reported-by: George Joseph <george.joseph@fairview5.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
---
kernel/time/ntp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
index 4b585e0fdd22..a5f4d24c95cc 100644
--- a/kernel/time/ntp.c
+++ b/kernel/time/ntp.c
@@ -634,9 +634,9 @@ int ntp_validate_timex(struct timex *txc)
return -EPERM;
if (txc->modes & ADJ_FREQUENCY) {
- if (LONG_MIN / PPM_SCALE > txc->freq)
+ if (LLONG_MIN / PPM_SCALE > txc->freq)
return -EINVAL;
- if (LONG_MAX / PPM_SCALE < txc->freq)
+ if (LLONG_MAX / PPM_SCALE < txc->freq)
return -EINVAL;
}
--
2.1.0

5
sources
View File

@ -1,3 +1,2 @@
d3fc8316d4d4d04b65cbc2d70799e763 linux-3.19.tar.xz
15d8d2f97ce056488451a5bfb2944603 perf-man-3.19.tar.gz
d7783c6837600b2db12ff9bc603de6c0 patch-3.19-git10.xz
547b340dca94d358b68d2658822080fa linux-4.0-rc1.tar.xz
6fb88c6624ded64bd5981c3c1df0003a perf-man-4.0-rc1.tar.gz

53
vhost-scsi-potential-memory-corruption.patch
View File

@ -1,53 +0,0 @@
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Thu, 5 Feb 2015 10:37:33 +0300
Subject: [PATCH] vhost/scsi: potential memory corruption
This code in vhost_scsi_make_tpg() is confusing because we limit "tpgt"
to UINT_MAX but the data type of "tpg->tport_tpgt" and that is a u16.
I looked at the context and it turns out that in
vhost_scsi_set_endpoint(), "tpg->tport_tpgt" is used as an offset into
the vs_tpg[] array which has VHOST_SCSI_MAX_TARGET (256) elements so
anything higher than 255 then it is invalid. I have made that the limit
now.
In vhost_scsi_send_evt() we mask away values higher than 255, but now
that the limit has changed, we don't need the mask.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
---
drivers/vhost/scsi.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/vhost/scsi.c b/drivers/vhost/scsi.c
index dc78d87e0fc2..d27cfb20776f 100644
--- a/drivers/vhost/scsi.c
+++ b/drivers/vhost/scsi.c
@@ -1253,7 +1253,7 @@ tcm_vhost_send_evt(struct vhost_scsi *vs,
* lun[4-7] need to be zero according to virtio-scsi spec.
*/
evt->event.lun[0] = 0x01;
- evt->event.lun[1] = tpg->tport_tpgt & 0xFF;
+ evt->event.lun[1] = tpg->tport_tpgt;
if (lun->unpacked_lun >= 256)
evt->event.lun[2] = lun->unpacked_lun >> 8 | 0x40 ;
evt->event.lun[3] = lun->unpacked_lun & 0xFF;
@@ -2124,12 +2124,12 @@ tcm_vhost_make_tpg(struct se_wwn *wwn,
struct tcm_vhost_tport, tport_wwn);
struct tcm_vhost_tpg *tpg;
- unsigned long tpgt;
+ u16 tpgt;
int ret;
if (strstr(name, "tpgt_") != name)
return ERR_PTR(-EINVAL);
- if (kstrtoul(name + 5, 10, &tpgt) || tpgt > UINT_MAX)
+ if (kstrtou16(name + 5, 10, &tpgt) || tpgt >= VHOST_SCSI_MAX_TARGET)
return ERR_PTR(-EINVAL);
tpg = kzalloc(sizeof(struct tcm_vhost_tpg), GFP_KERNEL);
--
2.1.0