Linux v4.4-10454-g3e1e21c

2016-01-22 13:23:22 -06:00 · 2016-01-22 13:23:22 -06:00 · f94470562d
parent 8a0bfe0000
commit f94470562d
10 changed files with 68 additions and 114 deletions
--- a/2
+++ b/2
@ -139,6 +139,7 @@ CONFIG_PWM_TIECAP=m
 CONFIG_PWM_TIEHRPWM=m
 CONFIG_PWM_TWL=m
 CONFIG_PWM_TWL_LED=m
+CONFIG_PWM_OMAP_DMTIMER=m

 CONFIG_CRYPTO_DEV_OMAP_SHAM=m
 CONFIG_CRYPTO_DEV_OMAP_AES=m
@ -351,6 +352,7 @@ CONFIG_QCOM_QFPROM=m
 CONFIG_QCOM_WCNSS_CTRL=m
 CONFIG_QCOM_SMSM=y
 CONFIG_QCOM_SMP2P=m
+CONFIG_PCIE_QCOM=y

 # i.MX
 # CONFIG_MXC_DEBUG_BOARD is not set
--- a/5
+++ b/5
@ -386,6 +386,7 @@ CONFIG_BLK_DEV_LOOP_MIN_COUNT=0
 # CONFIG_BLK_DEV_CRYPTOLOOP is not set
 CONFIG_BLK_DEV_NBD=m
 CONFIG_BLK_DEV_NVME=m
+# CONFIG_BLK_DEV_NVME_SCSI is not set
 CONFIG_BLK_DEV_SKD=m # 64-bit only but easier to put here
 CONFIG_BLK_DEV_OSD=m
 CONFIG_BLK_DEV_RAM=m
@ -4844,6 +4845,10 @@ CONFIG_KGDB_LOW_LEVEL_TRAP=y
 # CONFIG_KGDB_TESTS_ON_BOOT is not set
 # CONFIG_GDB_SCRIPTS is not set

+# CONFIG_UBSAN is not set
+# CONFIG_UBSAN_ALIGNMENT is not set
+# CONFIG_UBSAN_SANITIZE_ALL is not set
+

 #
 # Security options
--- a/1
+++ b/1
@ -40,6 +40,7 @@ CONFIG_HIGHMEM4G=y
 # CONFIG_HIGHMEM64G is not set
 CONFIG_HIGHMEM=y
 CONFIG_HIGHPTE=y
+CONFIG_ZONE_DMA=y

 # CONFIG_MATH_EMULATION is not set

--- a/1
+++ b/1
@ -147,6 +147,7 @@ CONFIG_GENERIC_ISA_DMA=y

 CONFIG_PCI_MMCONFIG=y
 CONFIG_PCI_BIOS=y
+CONFIG_VMD=m

 CONFIG_HOTPLUG_PCI_COMPAQ=m
 # CONFIG_HOTPLUG_PCI_COMPAQ_NVRAM is not set
--- a/8
+++ b/8
@ -113,7 +113,7 @@ CONFIG_SPARSEMEM_VMEMMAP=y
 # CONFIG_MOVABLE_NODE is not set
 CONFIG_MEMORY_HOTPLUG=y
 # CONFIG_ARCH_MEMORY_PROBE is not set
-# CONFIG_MEMORY_HOTREMOVE is not set
+CONFIG_MEMORY_HOTREMOVE=y
 # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set 

 # CONFIG_BLK_DEV_CMD640 is not set
@ -212,3 +212,9 @@ CONFIG_CMA=y
 # CONFIG_CMA_DEBUG is not set
 # CONFIG_CMA_DEBUGFS is not set
 CONFIG_CMA_AREAS=7
+
+# Changes for persistent memory devices
+# CONFIG_ZONE_DMA is not set
+CONFIG_ZONE_DEVICE=y
+CONFIG_NVDIMM_PFN=y
+CONFIG_ND_PFN=m
--- a/disable-CONFIG_EXPERT-for-ZONE_DMA.patch
+++ b/disable-CONFIG_EXPERT-for-ZONE_DMA.patch
@ -0,0 +1,43 @@
+From 888ba9b2a02e8d144c3a9ae5e01a1a94280cd2bf Mon Sep 17 00:00:00 2001
+From: Fedora Kernel Team <kernel-team@fedoraproject.org>
+Date: Fri, 22 Jan 2016 13:03:36 -0600
+Subject: [PATCH] Make ZONE_DMA not depend on CONFIG_EXPERT
+
+Disable the requirement on CONFIG_EXPERT for ZONE_DMA and ZONE_DEVICE so
+that we can enable NVDIMM_PFN and ND_PFN
+
+Signed-off-by: Justin Forbes <jforbes@fedoraproject.org>
+---
+ arch/x86/Kconfig | 2 +-
+ mm/Kconfig       | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
+index a02c842..ea2eaeb 100644
+--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
+@@ -315,7 +315,7 @@ source "kernel/Kconfig.freezer"
+ menu "Processor type and features"
+
+ config ZONE_DMA
+-	bool "DMA memory allocation support" if EXPERT
+	bool "DMA memory allocation support"
+ 	default y
+ 	help
+ 	  DMA memory allocation support allows devices with less than 32-bit
+diff --git a/mm/Kconfig b/mm/Kconfig
+index 97a4e06..26bbbe0 100644
+--- a/mm/Kconfig
+++ b/mm/Kconfig
+@@ -650,7 +650,7 @@ config IDLE_PAGE_TRACKING
+ 	  See Documentation/vm/idle_page_tracking.txt for more details.
+
+ config ZONE_DEVICE
+-	bool "Device memory (pmem, etc...) hotplug support" if EXPERT
+	bool "Device memory (pmem, etc...) hotplug support"
+ 	default !ZONE_DMA
+ 	depends on !ZONE_DMA
+ 	depends on MEMORY_HOTPLUG
+-- 
+2.5.0
+
--- a/2
+++ b/2
@ -1 +1 @@
-30f05309bde49295e02e45c7e615f73aa4e0ccc2
+3e1e21c7bfcfa9bf06c07f48a13faca2f62b3339
--- a/kernel.spec
+++ b/kernel.spec
@ -67,7 +67,7 @@ Summary: The Linux kernel
 # The rc snapshot level
 %define rcrev 0
 # The git snapshot level
-%define gitrev 8
+%define gitrev 9
 # Set rpm version accordingly
 %define rpmversion 4.%{upstream_sublevel}.0
 %endif
@ -587,9 +587,6 @@ Patch508: kexec-uefi-copy-secure_boot-flag-in-boot-params.patch
 #rhbz 1286293
 Patch571: ideapad-laptop-Add-Lenovo-ideapad-Y700-17ISK-to-no_h.patch

-#CVE-2015-8709 rhbz 1295287 1295288
-Patch603: ptrace-being-capable-wrt-a-process-requires-mapped-u.patch
-
 #rhbz 1295646
 Patch621: drm-udl-Use-unlocked-gem-unreferencing.patch

@ -605,6 +602,9 @@ Patch638: rtlwifi-rtl8821ae-Fix-5G-failure-when-EEPROM-is-inco.patch
 #rhbz 1300955
 Patch640: PNP-Add-Haswell-ULT-to-Intel-MCH-size-workaround.patch

+#Required for some persistent memory options
+Patch641: disable-CONFIG_EXPERT-for-ZONE_DMA.patch
+
 # END OF PATCH DEFINITIONS

 %endif
@ -2050,6 +2050,9 @@ fi
 #
 # 
 %changelog
+* Fri Jan 22 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.5.0-0.rc0.git9.1
+- Linux v4.4-10454-g3e1e21c
+
 * Fri Jan 22 2016 Josh Boyer <jwboyer@fedoraproject.org>
 - Fix backtrace from PNP conflict on Haswell-ULT (rhbz 1300955)

--- a/ptrace-being-capable-wrt-a-process-requires-mapped-u.patch
+++ b/ptrace-being-capable-wrt-a-process-requires-mapped-u.patch
@ -1,108 +0,0 @@
-From 64a37c8197f4e1c2637cd80326f4649282176369 Mon Sep 17 00:00:00 2001
-From: Jann Horn <jann@thejh.net>
-Date: Sat, 26 Dec 2015 03:52:31 +0100
-Subject: [PATCH] ptrace: being capable wrt a process requires mapped uids/gids
-
-ptrace_has_cap() checks whether the current process should be
-treated as having a certain capability for ptrace checks
-against another process. Until now, this was equivalent to
-has_ns_capability(current, target_ns, CAP_SYS_PTRACE).
-
-However, if a root-owned process wants to enter a user
-namespace for some reason without knowing who owns it and
-therefore can't change to the namespace owner's uid and gid
-before entering, as soon as it has entered the namespace,
-the namespace owner can attach to it via ptrace and thereby
-gain access to its uid and gid.
-
-While it is possible for the entering process to switch to
-the uid of a claimed namespace owner before entering,
-causing the attempt to enter to fail if the claimed uid is
-wrong, this doesn't solve the problem of determining an
-appropriate gid.
-
-With this change, the entering process can first enter the
-namespace and then safely inspect the namespace's
-properties, e.g. through /proc/self/{uid_map,gid_map},
-assuming that the namespace owner doesn't have access to
-uid 0.
-
-Changed in v2: The caller needs to be capable in the
-namespace into which tcred's uids/gids can be mapped.
-
-Signed-off-by: Jann Horn <jann@thejh.net>
---
- kernel/ptrace.c | 33 ++++++++++++++++++++++++++++-----
- 1 file changed, 28 insertions(+), 5 deletions(-)
-
-diff --git a/kernel/ptrace.c b/kernel/ptrace.c
-index 787320de68e0..407c382b45c8 100644
--- a/kernel/ptrace.c
-+++ b/kernel/ptrace.c
-@@ -20,6 +20,7 @@
- #include <linux/uio.h>
- #include <linux/audit.h>
- #include <linux/pid_namespace.h>
-+#include <linux/user_namespace.h>
- #include <linux/syscalls.h>
- #include <linux/uaccess.h>
- #include <linux/regset.h>
-@@ -207,12 +208,34 @@ static int ptrace_check_attach(struct task_struct *child, bool ignore_state)
- 	return ret;
- }
- 
-static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode)
-+static bool ptrace_has_cap(const struct cred *tcred, unsigned int mode)
- {
-+	struct user_namespace *tns = tcred->user_ns;
-+
-+	/* When a root-owned process enters a user namespace created by a
-+	 * malicious user, the user shouldn't be able to execute code under
-+	 * uid 0 by attaching to the root-owned process via ptrace.
-+	 * Therefore, similar to the capable_wrt_inode_uidgid() check,
-+	 * verify that all the uids and gids of the target process are
-+	 * mapped into a namespace below the current one in which the caller
-+	 * is capable.
-+	 * No fsuid/fsgid check because __ptrace_may_access doesn't do it
-+	 * either.
-+	 */
-+	while (
-+	    !kuid_has_mapping(tns, tcred->euid) ||
-+	    !kuid_has_mapping(tns, tcred->suid) ||
-+	    !kuid_has_mapping(tns, tcred->uid)  ||
-+	    !kgid_has_mapping(tns, tcred->egid) ||
-+	    !kgid_has_mapping(tns, tcred->sgid) ||
-+	    !kgid_has_mapping(tns, tcred->gid)) {
-+		tns = tns->parent;
-+	}
-+
- 	if (mode & PTRACE_MODE_NOAUDIT)
-		return has_ns_capability_noaudit(current, ns, CAP_SYS_PTRACE);
-+		return has_ns_capability_noaudit(current, tns, CAP_SYS_PTRACE);
- 	else
-		return has_ns_capability(current, ns, CAP_SYS_PTRACE);
-+		return has_ns_capability(current, tns, CAP_SYS_PTRACE);
- }
- 
- /* Returns 0 on success, -errno on denial. */
-@@ -241,7 +264,7 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
- 	    gid_eq(cred->gid, tcred->sgid) &&
- 	    gid_eq(cred->gid, tcred->gid))
- 		goto ok;
-	if (ptrace_has_cap(tcred->user_ns, mode))
-+	if (ptrace_has_cap(tcred, mode))
- 		goto ok;
- 	rcu_read_unlock();
- 	return -EPERM;
-@@ -252,7 +275,7 @@ ok:
- 		dumpable = get_dumpable(task->mm);
- 	rcu_read_lock();
- 	if (dumpable != SUID_DUMP_USER &&
-	    !ptrace_has_cap(__task_cred(task)->user_ns, mode)) {
-+	    !ptrace_has_cap(__task_cred(task), mode)) {
- 		rcu_read_unlock();
- 		return -EPERM;
- 	}
-- 
-2.5.0
-
--- a/rebase-notes.txt
+++ b/rebase-notes.txt
@ -1,6 +1,7 @@
 Linux 4.5 rebase notes:

 - Check on status of drm-i915-turn-off-wc-mmaps.patch
+- Check on status of disabled ZONE_DMA

 Linux 4.4 rebase notes: