Update to 4.2-rc5
Refresh/drop patches as needed. svn path=/dists/trunk/linux/; revision=22909
This commit is contained in:
parent
f2378f0aa3
commit
79f636b4bf
|
@ -1,3 +1,9 @@
|
|||
linux (4.2~rc5-1~exp1) UNRELEASED; urgency=medium
|
||||
|
||||
* New upstream release candidate
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Tue, 04 Aug 2015 01:47:47 +0100
|
||||
|
||||
linux (4.1.3-1) unstable; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
|
|
|
@ -96,7 +96,7 @@ upstream submission.
|
|||
fw_size = firmware->size / sizeof(u32);
|
||||
--- a/drivers/bluetooth/ath3k.c
|
||||
+++ b/drivers/bluetooth/ath3k.c
|
||||
@@ -398,10 +398,8 @@ static int ath3k_load_patch(struct usb_d
|
||||
@@ -404,10 +404,8 @@ static int ath3k_load_patch(struct usb_d
|
||||
le32_to_cpu(fw_version.rom_version));
|
||||
|
||||
ret = request_firmware(&firmware, filename, &udev->dev);
|
||||
|
@ -108,7 +108,7 @@ upstream submission.
|
|||
|
||||
pt_rom_version = get_unaligned_le32(firmware->data +
|
||||
firmware->size - 8);
|
||||
@@ -461,10 +459,8 @@ static int ath3k_load_syscfg(struct usb_
|
||||
@@ -467,10 +465,8 @@ static int ath3k_load_syscfg(struct usb_
|
||||
le32_to_cpu(fw_version.rom_version), clk_value, ".dfu");
|
||||
|
||||
ret = request_firmware(&firmware, filename, &udev->dev);
|
||||
|
@ -154,7 +154,7 @@ upstream submission.
|
|||
|
||||
--- a/drivers/bluetooth/bt3c_cs.c
|
||||
+++ b/drivers/bluetooth/bt3c_cs.c
|
||||
@@ -568,10 +568,8 @@ static int bt3c_open(struct bt3c_info *i
|
||||
@@ -567,10 +567,8 @@ static int bt3c_open(struct bt3c_info *i
|
||||
|
||||
/* Load firmware */
|
||||
err = request_firmware(&firmware, "BT3CPCC.bin", &info->p_dev->dev);
|
||||
|
@ -233,7 +233,7 @@ upstream submission.
|
|||
where = 0;
|
||||
--- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
|
||||
+++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
|
||||
@@ -1521,10 +1521,8 @@ gf100_gr_ctor_fw(struct gf100_gr_priv *p
|
||||
@@ -1558,10 +1558,8 @@ gf100_gr_ctor_fw(struct gf100_gr_priv *p
|
||||
if (ret) {
|
||||
snprintf(f, sizeof(f), "nouveau/%s", fwname);
|
||||
ret = request_firmware(&fw, f, nv_device_base(device));
|
||||
|
@ -262,7 +262,7 @@ upstream submission.
|
|||
printk(KERN_ERR
|
||||
--- a/drivers/gpu/drm/radeon/ni.c
|
||||
+++ b/drivers/gpu/drm/radeon/ni.c
|
||||
@@ -812,10 +812,6 @@ int ni_init_microcode(struct radeon_devi
|
||||
@@ -837,10 +837,6 @@ int ni_init_microcode(struct radeon_devi
|
||||
|
||||
out:
|
||||
if (err) {
|
||||
|
@ -289,7 +289,7 @@ upstream submission.
|
|||
rdev->me_fw->size, fw_name);
|
||||
--- a/drivers/gpu/drm/radeon/r600.c
|
||||
+++ b/drivers/gpu/drm/radeon/r600.c
|
||||
@@ -2545,10 +2545,6 @@ int r600_init_microcode(struct radeon_de
|
||||
@@ -2592,10 +2592,6 @@ int r600_init_microcode(struct radeon_de
|
||||
|
||||
out:
|
||||
if (err) {
|
||||
|
@ -457,7 +457,7 @@ upstream submission.
|
|||
if (!buf) {
|
||||
--- a/drivers/media/usb/dvb-usb/opera1.c
|
||||
+++ b/drivers/media/usb/dvb-usb/opera1.c
|
||||
@@ -452,9 +452,6 @@ static int opera1_xilinx_load_firmware(s
|
||||
@@ -453,9 +453,6 @@ static int opera1_xilinx_load_firmware(s
|
||||
info("start downloading fpga firmware %s",filename);
|
||||
|
||||
if ((ret = request_firmware(&fw, filename, &dev->dev)) != 0) {
|
||||
|
@ -469,7 +469,7 @@ upstream submission.
|
|||
p = kmalloc(fw->size, GFP_KERNEL);
|
||||
--- a/drivers/media/dvb-frontends/af9013.c
|
||||
+++ b/drivers/media/dvb-frontends/af9013.c
|
||||
@@ -1372,16 +1372,8 @@ static int af9013_download_firmware(stru
|
||||
@@ -1376,16 +1376,8 @@ static int af9013_download_firmware(stru
|
||||
|
||||
/* request the firmware, this will block and timeout */
|
||||
ret = request_firmware(&fw, fw_file, state->i2c->dev.parent);
|
||||
|
@ -504,7 +504,7 @@ upstream submission.
|
|||
b = fw->data;
|
||||
--- a/drivers/media/dvb-frontends/cx24116.c
|
||||
+++ b/drivers/media/dvb-frontends/cx24116.c
|
||||
@@ -493,13 +493,8 @@ static int cx24116_firmware_ondemand(str
|
||||
@@ -495,13 +495,8 @@ static int cx24116_firmware_ondemand(str
|
||||
__func__, CX24116_DEFAULT_FIRMWARE);
|
||||
ret = request_firmware(&fw, CX24116_DEFAULT_FIRMWARE,
|
||||
state->i2c->dev.parent);
|
||||
|
@ -535,7 +535,7 @@ upstream submission.
|
|||
if (state->microcode == NULL) {
|
||||
--- a/drivers/media/dvb-frontends/drxk_hard.c
|
||||
+++ b/drivers/media/dvb-frontends/drxk_hard.c
|
||||
@@ -6283,10 +6283,6 @@ static void load_firmware_cb(const struc
|
||||
@@ -6284,10 +6284,6 @@ static void load_firmware_cb(const struc
|
||||
|
||||
dprintk(1, ": %s\n", fw ? "firmware loaded" : "firmware not loaded");
|
||||
if (!fw) {
|
||||
|
@ -1216,7 +1216,7 @@ upstream submission.
|
|||
if (bp->mips_firmware->size < sizeof(*mips_fw) ||
|
||||
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
|
||||
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
|
||||
@@ -12981,11 +12981,8 @@ static int bnx2x_init_firmware(struct bn
|
||||
@@ -13003,11 +13003,8 @@ static int bnx2x_init_firmware(struct bn
|
||||
BNX2X_DEV_INFO("Loading %s\n", fw_file_name);
|
||||
|
||||
rc = request_firmware(&bp->firmware, fw_file_name, &bp->pdev->dev);
|
||||
|
@ -1251,7 +1251,7 @@ upstream submission.
|
|||
u32 n;
|
||||
|
||||
- if (request_firmware(&fw, fw_name, &pdev->dev)) {
|
||||
- pr_alert("Can't locate firmware %s\n", fw_name);
|
||||
- dev_alert(&pdev->dev, "can't load firmware %s\n", fw_name);
|
||||
+ if (request_firmware(&fw, fw_name, &pdev->dev))
|
||||
goto error;
|
||||
- }
|
||||
|
@ -1261,13 +1261,13 @@ upstream submission.
|
|||
--- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
|
||||
+++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
|
||||
@@ -1034,12 +1034,8 @@ int t3_get_edc_fw(struct cphy *phy, int
|
||||
snprintf(buf, sizeof(buf), get_edc_fw_name(edc_idx));
|
||||
|
||||
ret = request_firmware(&fw, buf, &adapter->pdev->dev);
|
||||
fw_name = get_edc_fw_name(edc_idx);
|
||||
if (fw_name)
|
||||
ret = request_firmware(&fw, fw_name, &adapter->pdev->dev);
|
||||
- if (ret < 0) {
|
||||
- dev_err(&adapter->pdev->dev,
|
||||
- "could not upgrade firmware: unable to load %s\n",
|
||||
- buf);
|
||||
- fw_name);
|
||||
+ if (ret)
|
||||
return ret;
|
||||
- }
|
||||
|
@ -1440,7 +1440,7 @@ upstream submission.
|
|||
&hif_dev->udev->dev);
|
||||
--- a/drivers/net/wireless/ath/carl9170/usb.c
|
||||
+++ b/drivers/net/wireless/ath/carl9170/usb.c
|
||||
@@ -1032,7 +1032,6 @@ static void carl9170_usb_firmware_step2(
|
||||
@@ -1033,7 +1033,6 @@ static void carl9170_usb_firmware_step2(
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -1504,7 +1504,7 @@ upstream submission.
|
|||
hdr = (struct b43legacy_fw_header *)((*fw)->data);
|
||||
--- a/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c
|
||||
+++ b/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c
|
||||
@@ -379,19 +379,13 @@ static int brcms_request_fw(struct brcms
|
||||
@@ -378,19 +378,13 @@ static int brcms_request_fw(struct brcms
|
||||
sprintf(fw_name, "%s-%d.fw", brcms_firmwares[i],
|
||||
UCODE_LOADER_API_VER);
|
||||
status = request_firmware(&wl->fw.fw_bin[i], fw_name, device);
|
||||
|
@ -1568,7 +1568,7 @@ upstream submission.
|
|||
else
|
||||
--- a/drivers/net/wireless/iwlwifi/iwl-drv.c
|
||||
+++ b/drivers/net/wireless/iwlwifi/iwl-drv.c
|
||||
@@ -1119,13 +1119,8 @@ static void iwl_req_fw_callback(const st
|
||||
@@ -1131,13 +1131,8 @@ static void iwl_req_fw_callback(const st
|
||||
if (!pieces)
|
||||
return;
|
||||
|
||||
|
@ -1586,23 +1586,23 @@ upstream submission.
|
|||
--- a/drivers/net/wireless/libertas_tf/if_usb.c
|
||||
+++ b/drivers/net/wireless/libertas_tf/if_usb.c
|
||||
@@ -824,8 +824,6 @@ static int if_usb_prog_firmware(struct i
|
||||
kparam_block_sysfs_write(fw_name);
|
||||
kernel_param_lock(THIS_MODULE);
|
||||
ret = request_firmware(&cardp->fw, lbtf_fw_name, &cardp->udev->dev);
|
||||
if (ret < 0) {
|
||||
- pr_err("request_firmware() failed with %#x\n", ret);
|
||||
- pr_err("firmware %s not found\n", lbtf_fw_name);
|
||||
kparam_unblock_sysfs_write(fw_name);
|
||||
kernel_param_unlock(THIS_MODULE);
|
||||
goto done;
|
||||
}
|
||||
--- a/drivers/net/wireless/mwifiex/main.c
|
||||
+++ b/drivers/net/wireless/mwifiex/main.c
|
||||
@@ -454,11 +454,8 @@ static void mwifiex_fw_dpc(const struct
|
||||
@@ -459,11 +459,8 @@ static void mwifiex_fw_dpc(const struct
|
||||
bool init_failed = false;
|
||||
struct wireless_dev *wdev;
|
||||
|
||||
- if (!firmware) {
|
||||
- dev_err(adapter->dev,
|
||||
- "Failed to get firmware %s\n", adapter->fw_name);
|
||||
- mwifiex_dbg(adapter, ERROR,
|
||||
- "Failed to get firmware %s\n", adapter->fw_name);
|
||||
+ if (!firmware)
|
||||
goto err_dnld_fw;
|
||||
- }
|
||||
|
@ -1856,7 +1856,7 @@ upstream submission.
|
|||
static inline u16 get_bcdDevice(const struct usb_device *udev)
|
||||
--- a/drivers/scsi/advansys.c
|
||||
+++ b/drivers/scsi/advansys.c
|
||||
@@ -4280,8 +4280,6 @@ static ushort AscInitAsc1000Driver(ASC_D
|
||||
@@ -4107,8 +4107,6 @@ static int AscInitAsc1000Driver(ASC_DVC_
|
||||
|
||||
err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev);
|
||||
if (err) {
|
||||
|
@ -1865,7 +1865,7 @@ upstream submission.
|
|||
asc_dvc->err_code |= ASC_IERR_MCODE_CHKSUM;
|
||||
return err;
|
||||
}
|
||||
@@ -4613,8 +4611,6 @@ static int AdvInitAsc3550Driver(ADV_DVC_
|
||||
@@ -4473,8 +4471,6 @@ static int AdvInitAsc3550Driver(ADV_DVC_
|
||||
|
||||
err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev);
|
||||
if (err) {
|
||||
|
@ -1874,7 +1874,7 @@ upstream submission.
|
|||
asc_dvc->err_code = ASC_IERR_MCODE_CHKSUM;
|
||||
return err;
|
||||
}
|
||||
@@ -5129,8 +5125,6 @@ static int AdvInitAsc38C0800Driver(ADV_D
|
||||
@@ -4973,8 +4969,6 @@ static int AdvInitAsc38C0800Driver(ADV_D
|
||||
|
||||
err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev);
|
||||
if (err) {
|
||||
|
@ -1883,7 +1883,7 @@ upstream submission.
|
|||
asc_dvc->err_code = ASC_IERR_MCODE_CHKSUM;
|
||||
return err;
|
||||
}
|
||||
@@ -5631,8 +5625,6 @@ static int AdvInitAsc38C1600Driver(ADV_D
|
||||
@@ -5461,8 +5455,6 @@ static int AdvInitAsc38C1600Driver(ADV_D
|
||||
|
||||
err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev);
|
||||
if (err) {
|
||||
|
@ -1894,7 +1894,7 @@ upstream submission.
|
|||
}
|
||||
--- a/drivers/scsi/aic94xx/aic94xx_init.c
|
||||
+++ b/drivers/scsi/aic94xx/aic94xx_init.c
|
||||
@@ -390,8 +390,6 @@ static ssize_t asd_store_update_bios(str
|
||||
@@ -389,8 +389,6 @@ static ssize_t asd_store_update_bios(str
|
||||
filename_ptr,
|
||||
&asd_ha->pcidev->dev);
|
||||
if (err) {
|
||||
|
@ -1930,7 +1930,7 @@ upstream submission.
|
|||
}
|
||||
--- a/drivers/scsi/ipr.c
|
||||
+++ b/drivers/scsi/ipr.c
|
||||
@@ -4004,10 +4004,8 @@ static ssize_t ipr_store_update_fw(struc
|
||||
@@ -4010,10 +4010,8 @@ static ssize_t ipr_store_update_fw(struc
|
||||
len = snprintf(fname, 99, "%s", buf);
|
||||
fname[len-1] = '\0';
|
||||
|
||||
|
@ -1968,7 +1968,7 @@ upstream submission.
|
|||
}
|
||||
--- a/drivers/scsi/qla2xxx/qla_init.c
|
||||
+++ b/drivers/scsi/qla2xxx/qla_init.c
|
||||
@@ -5414,8 +5414,6 @@ qla2x00_load_risc(scsi_qla_host_t *vha,
|
||||
@@ -5524,8 +5524,6 @@ qla2x00_load_risc(scsi_qla_host_t *vha,
|
||||
/* Load firmware blob. */
|
||||
blob = qla2x00_request_firmware(vha);
|
||||
if (!blob) {
|
||||
|
@ -1977,7 +1977,7 @@ upstream submission.
|
|||
ql_log(ql_log_info, vha, 0x0084,
|
||||
"Firmware images can be retrieved from: "QLA_FW_URL ".\n");
|
||||
return QLA_FUNCTION_FAILED;
|
||||
@@ -5517,8 +5515,6 @@ qla24xx_load_risc_blob(scsi_qla_host_t *
|
||||
@@ -5627,8 +5625,6 @@ qla24xx_load_risc_blob(scsi_qla_host_t *
|
||||
/* Load firmware blob. */
|
||||
blob = qla2x00_request_firmware(vha);
|
||||
if (!blob) {
|
||||
|
@ -2003,7 +2003,7 @@ upstream submission.
|
|||
if (qla82xx_validate_firmware_blob(vha,
|
||||
--- a/drivers/scsi/qla2xxx/qla_os.c
|
||||
+++ b/drivers/scsi/qla2xxx/qla_os.c
|
||||
@@ -5356,8 +5356,6 @@ qla2x00_request_firmware(scsi_qla_host_t
|
||||
@@ -5369,8 +5369,6 @@ qla2x00_request_firmware(scsi_qla_host_t
|
||||
goto out;
|
||||
|
||||
if (request_firmware(&blob->fw, blob->name, &ha->pdev->dev)) {
|
||||
|
@ -2052,7 +2052,7 @@ upstream submission.
|
|||
ft1000_enable_interrupts(dev);
|
||||
--- a/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c
|
||||
+++ b/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c
|
||||
@@ -135,10 +135,8 @@ static int ft1000_probe(struct usb_inter
|
||||
@@ -133,10 +133,8 @@ static int ft1000_probe(struct usb_inter
|
||||
ft1000dev->bulk_out_endpointAddr);
|
||||
|
||||
ret = request_firmware(&dsp_fw, "ft3000.img", &dev->dev);
|
||||
|
@ -2161,7 +2161,7 @@ upstream submission.
|
|||
MODULE_FIRMWARE("rtlwifi/rtl8712u.bin");
|
||||
--- a/drivers/staging/slicoss/slicoss.c
|
||||
+++ b/drivers/staging/slicoss/slicoss.c
|
||||
@@ -391,11 +391,8 @@ static int slic_card_download_gbrcv(stru
|
||||
@@ -388,11 +388,8 @@ static int slic_card_download_gbrcv(stru
|
||||
}
|
||||
|
||||
ret = request_firmware(&fw, file, &adapter->pcidev->dev);
|
||||
|
@ -2174,7 +2174,7 @@ upstream submission.
|
|||
|
||||
rcvucodelen = *(u32 *)(fw->data + index);
|
||||
index += 4;
|
||||
@@ -469,11 +466,8 @@ static int slic_card_download(struct ada
|
||||
@@ -466,11 +463,8 @@ static int slic_card_download(struct ada
|
||||
return -ENOENT;
|
||||
}
|
||||
ret = request_firmware(&fw, file, &adapter->pcidev->dev);
|
||||
|
@ -2205,7 +2205,7 @@ upstream submission.
|
|||
if (!buffer)
|
||||
--- a/drivers/tty/cyclades.c
|
||||
+++ b/drivers/tty/cyclades.c
|
||||
@@ -3522,10 +3522,8 @@ static int cyz_load_fw(struct pci_dev *p
|
||||
@@ -3518,10 +3518,8 @@ static int cyz_load_fw(struct pci_dev *p
|
||||
int retval;
|
||||
|
||||
retval = request_firmware(&fw, "cyzfirm.bin", &pdev->dev);
|
||||
|
@ -2610,7 +2610,7 @@ upstream submission.
|
|||
filename, emu->firmware->size);
|
||||
--- a/sound/pci/hda/hda_intel.c
|
||||
+++ b/sound/pci/hda/hda_intel.c
|
||||
@@ -1619,10 +1619,8 @@ static void azx_firmware_cb(const struct
|
||||
@@ -1734,10 +1734,8 @@ static void azx_firmware_cb(const struct
|
||||
struct azx *chip = card->private_data;
|
||||
struct pci_dev *pci = chip->pci;
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
---
|
||||
--- a/drivers/base/firmware_class.c
|
||||
+++ b/drivers/base/firmware_class.c
|
||||
@@ -293,7 +293,7 @@ static int fw_read_file_contents(struct
|
||||
@@ -298,7 +298,7 @@ static int fw_read_file_contents(struct
|
||||
int rc;
|
||||
|
||||
if (!S_ISREG(file_inode(file)->i_mode))
|
||||
|
@ -27,7 +27,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
size = i_size_read(file_inode(file));
|
||||
if (size <= 0)
|
||||
return -EINVAL;
|
||||
@@ -302,7 +302,7 @@ static int fw_read_file_contents(struct
|
||||
@@ -307,7 +307,7 @@ static int fw_read_file_contents(struct
|
||||
return -ENOMEM;
|
||||
rc = kernel_read(file, 0, buf, size);
|
||||
if (rc != size) {
|
||||
|
@ -36,8 +36,8 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
rc = -EIO;
|
||||
goto fail;
|
||||
}
|
||||
@@ -334,8 +334,10 @@ static int fw_get_filesystem_firmware(st
|
||||
snprintf(path, PATH_MAX, "%s/%s", fw_path[i], buf->fw_id);
|
||||
@@ -348,8 +348,10 @@ static int fw_get_filesystem_firmware(st
|
||||
}
|
||||
|
||||
file = filp_open(path, O_RDONLY, 0);
|
||||
- if (IS_ERR(file))
|
||||
|
@ -48,7 +48,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
rc = fw_read_file_contents(file, buf);
|
||||
fput(file);
|
||||
if (rc)
|
||||
@@ -974,13 +976,6 @@ static void kill_requests_without_uevent
|
||||
@@ -994,13 +996,6 @@ static void kill_requests_without_uevent
|
||||
#endif
|
||||
|
||||
#else /* CONFIG_FW_LOADER_USER_HELPER */
|
||||
|
@ -62,7 +62,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
|
||||
/* No abort during direct loading */
|
||||
#define is_fw_load_aborted(buf) false
|
||||
@@ -1129,6 +1124,7 @@ _request_firmware(const struct firmware
|
||||
@@ -1152,6 +1147,7 @@ _request_firmware(const struct firmware
|
||||
}
|
||||
|
||||
ret = fw_get_filesystem_firmware(device, fw->priv);
|
||||
|
@ -70,7 +70,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
if (ret) {
|
||||
if (!(opt_flags & FW_OPT_NO_WARN))
|
||||
dev_warn(device,
|
||||
@@ -1140,6 +1136,7 @@ _request_firmware(const struct firmware
|
||||
@@ -1163,6 +1159,7 @@ _request_firmware(const struct firmware
|
||||
opt_flags, timeout);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,39 +0,0 @@
|
|||
From: Colin Ian King <colin.king@canonical.com>
|
||||
Subject: [PATCH] KEYS: ensure we free the assoc array edit if edit is valid
|
||||
Origin: https://marc.info/?l=oss-security&m=143800676725867&w=2
|
||||
|
||||
__key_link_end is not freeing the associated array edit structure
|
||||
and this leads to a 512 byte memory leak each time an identical
|
||||
existing key is added with add_key().
|
||||
|
||||
The reason the add_key() system call returns okay is that
|
||||
key_create_or_update() calls __key_link_begin() before checking to see
|
||||
whether it can update a key directly rather than adding/replacing - which
|
||||
it turns out it can. Thus __key_link() is not called through
|
||||
__key_instantiate_and_link() and __key_link_end() must cancel the edit.
|
||||
|
||||
CVE-2015-1333
|
||||
|
||||
Signed-off-by: Colin Ian King <colin.king@canonical.com>
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
---
|
||||
|
||||
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
|
||||
index e72548b5897e..d33437007ad2 100644
|
||||
--- a/security/keys/keyring.c
|
||||
+++ b/security/keys/keyring.c
|
||||
@@ -1181,9 +1181,11 @@ void __key_link_end(struct key *keyring,
|
||||
if (index_key->type == &key_type_keyring)
|
||||
up_write(&keyring_serialise_link_sem);
|
||||
|
||||
- if (edit && !edit->dead_leaf) {
|
||||
- key_payload_reserve(keyring,
|
||||
- keyring->datalen - KEYQUOTA_LINK_BYTES);
|
||||
+ if (edit) {
|
||||
+ if (!edit->dead_leaf) {
|
||||
+ key_payload_reserve(keyring,
|
||||
+ keyring->datalen - KEYQUOTA_LINK_BYTES);
|
||||
+ }
|
||||
assoc_array_cancel_edit(edit);
|
||||
}
|
||||
up_write(&keyring->sem);
|
|
@ -26,14 +26,13 @@ space memory from user space. This is an information leak.
|
|||
|
||||
Signed-off-by: Benjamin Randazzo <benjamin@randazzo.fr>
|
||||
Signed-off-by: NeilBrown <neilb@suse.com>
|
||||
[bwh: Backported to 4.1: using d_path() instead of file_path()]
|
||||
---
|
||||
drivers/md/md.c | 22 +++++++++++-----------
|
||||
1 file changed, 11 insertions(+), 11 deletions(-)
|
||||
|
||||
--- a/drivers/md/md.c
|
||||
+++ b/drivers/md/md.c
|
||||
@@ -5735,22 +5735,22 @@ static int get_bitmap_file(struct mddev
|
||||
@@ -5759,22 +5759,22 @@ static int get_bitmap_file(struct mddev
|
||||
char *ptr;
|
||||
int err;
|
||||
|
||||
|
@ -47,7 +46,7 @@ Signed-off-by: NeilBrown <neilb@suse.com>
|
|||
- /* bitmap disabled, zero the first byte and copy out */
|
||||
- if (!mddev->bitmap_info.file)
|
||||
- file->pathname[0] = '\0';
|
||||
- else if ((ptr = d_path(&mddev->bitmap_info.file->f_path,
|
||||
- else if ((ptr = file_path(mddev->bitmap_info.file,
|
||||
- file->pathname, sizeof(file->pathname))),
|
||||
- IS_ERR(ptr))
|
||||
- err = PTR_ERR(ptr);
|
||||
|
@ -56,8 +55,8 @@ Signed-off-by: NeilBrown <neilb@suse.com>
|
|||
- sizeof(file->pathname)-(ptr-file->pathname));
|
||||
+ /* bitmap enabled */
|
||||
+ if (mddev->bitmap_info.file) {
|
||||
+ ptr = d_path(&mddev->bitmap_info.file->f_path, file->pathname,
|
||||
+ sizeof(file->pathname));
|
||||
+ ptr = file_path(mddev->bitmap_info.file, file->pathname,
|
||||
+ sizeof(file->pathname));
|
||||
+ if (IS_ERR(ptr))
|
||||
+ err = PTR_ERR(ptr);
|
||||
+ else
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
From: Martin Michlmayr <tbm@cyrius.com>
|
||||
Date: Sat, 19 Jan 2008 18:25:02 +0000
|
||||
Subject: [arm, mips] Disable Advansys
|
||||
Subject: [mips] Disable Advansys
|
||||
Forwarded: http://thread.gmane.org/gmane.linux.scsi/57291
|
||||
|
||||
Florian Lohoff <flo@rfc822.org> reports the following build failure on IP32:
|
||||
|
@ -12,14 +12,11 @@ make[5]: *** [__modpost] Error 1
|
|||
But report:
|
||||
http://www.mail-archive.com/linux-scsi@vger.kernel.org/msg12773.html
|
||||
|
||||
[bwh: Upstream finally accepted this was broken on ARM! But MIPS has
|
||||
the same problem still.]
|
||||
|
||||
--- a/drivers/scsi/Kconfig
|
||||
+++ b/drivers/scsi/Kconfig
|
||||
@@ -495,6 +495,7 @@ config SCSI_ADVANSYS
|
||||
@@ -505,6 +505,7 @@ config SCSI_ADVANSYS
|
||||
tristate "AdvanSys SCSI support"
|
||||
depends on SCSI && VIRT_TO_BUS && !ARM
|
||||
depends on SCSI
|
||||
depends on ISA || EISA || PCI
|
||||
+ depends on !MIPS || BROKEN
|
||||
help
|
||||
|
|
|
@ -1,51 +0,0 @@
|
|||
From: Heiko Carstens <heiko.carstens@de.ibm.com>
|
||||
Date: Mon, 27 Jul 2015 09:53:49 +0200
|
||||
Subject: s390/cachinfo: add missing facility check to init_cache_level()
|
||||
Origin: https://git.kernel.org/cgit/linux/kernel/git/s390/linux.git/commit/?id=0b991f5cdcd6201e5401f83ca3a672343c3bfc49
|
||||
Bug-Debian: https://bugs.debian.org/793929
|
||||
|
||||
Stephen Powell reported the following crash on a z890 machine:
|
||||
|
||||
Kernel BUG at 00000000001219d0 [verbose debug info unavailable]
|
||||
illegal operation: 0001 ilc:3 [#1] SMP
|
||||
Krnl PSW : 0704e00180000000 00000000001219d0 (init_cache_level+0x38/0xe0)
|
||||
R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 EA:3
|
||||
Krnl Code: 00000000001219c2: a7840056 brc 8,121a6e
|
||||
00000000001219c6: a7190000 lghi %r1,0
|
||||
#00000000001219ca: eb101000004c ecag %r1,%r0,0(%r1)
|
||||
>00000000001219d0: a7390000 lghi %r3,0
|
||||
00000000001219d4: e310f0a00024 stg %r1,160(%r15)
|
||||
00000000001219da: a7080000 lhi %r0,0
|
||||
00000000001219de: a7b9f000 lghi %r11,-4096
|
||||
00000000001219e2: c0a0002899d9 larl %r10,634d94
|
||||
Call Trace:
|
||||
[<0000000000478ee2>] detect_cache_attributes+0x2a/0x2b8
|
||||
[<000000000097c9b0>] cacheinfo_sysfs_init+0x60/0xc8
|
||||
[<00000000001001c0>] do_one_initcall+0x98/0x1c8
|
||||
[<000000000094fdc2>] kernel_init_freeable+0x212/0x2d8
|
||||
[<000000000062352e>] kernel_init+0x26/0x118
|
||||
[<000000000062fd2e>] kernel_thread_starter+0x6/0xc
|
||||
|
||||
The illegal operation was executed because of a missing facility check,
|
||||
which should have made sure that the ECAG execution would only be executed
|
||||
on machines which have the general-instructions-extension facility
|
||||
installed.
|
||||
|
||||
Reported-and-tested-by: Stephen Powell <zlinuxman@wowway.com>
|
||||
Cc: stable@vger.kernel.org # v4.0+
|
||||
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
|
||||
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
||||
|
||||
diff --git a/arch/s390/kernel/cache.c b/arch/s390/kernel/cache.c
|
||||
index bff5e3b..8ba3243 100644
|
||||
--- a/arch/s390/kernel/cache.c
|
||||
+++ b/arch/s390/kernel/cache.c
|
||||
@@ -138,6 +138,8 @@ int init_cache_level(unsigned int cpu)
|
||||
union cache_topology ct;
|
||||
enum cache_type ctype;
|
||||
|
||||
+ if (!test_facility(34))
|
||||
+ return -EOPNOTSUPP;
|
||||
if (!this_cpu_ci)
|
||||
return -EINVAL;
|
||||
ct.raw = ecag(EXTRACT_TOPOLOGY, 0, 0);
|
|
@ -1,47 +0,0 @@
|
|||
From: Andy Lutomirski <luto@kernel.org>
|
||||
Date: Thu, 4 Jun 2015 13:24:29 -0700
|
||||
Subject: [3/9] x86/asm/entry/64: Remove pointless jump to irq_return
|
||||
Origin: https://git.kernel.org/linus/5ca6f70f387b4f82903037cc3c5488e2c97dcdbc
|
||||
|
||||
INTERRUPT_RETURN turns into a jmp instruction. There's no need
|
||||
for extra indirection.
|
||||
|
||||
Signed-off-by: Andy Lutomirski <luto@kernel.org>
|
||||
Cc: <linux-kernel@vger.kernel.org>
|
||||
Cc: Andrew Morton <akpm@linux-foundation.org>
|
||||
Cc: Andy Lutomirski <luto@amacapital.net>
|
||||
Cc: Borislav Petkov <bp@alien8.de>
|
||||
Cc: Brian Gerst <brgerst@gmail.com>
|
||||
Cc: Denys Vlasenko <dvlasenk@redhat.com>
|
||||
Cc: H. Peter Anvin <hpa@zytor.com>
|
||||
Cc: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Link: http://lkml.kernel.org/r/2f2318653dbad284a59311f13f08cea71298fd7c.1433449436.git.luto@kernel.org
|
||||
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
||||
[bwh: Backported to 4.1: adjust filename, context]
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
arch/x86/kernel/entry_64.S | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
--- a/arch/x86/kernel/entry_64.S
|
||||
+++ b/arch/x86/kernel/entry_64.S
|
||||
@@ -811,8 +811,6 @@ retint_kernel:
|
||||
restore_c_regs_and_iret:
|
||||
RESTORE_C_REGS
|
||||
REMOVE_PT_GPREGS_FROM_STACK 8
|
||||
-
|
||||
-irq_return:
|
||||
INTERRUPT_RETURN
|
||||
|
||||
ENTRY(native_iret)
|
||||
@@ -1658,7 +1656,7 @@ nmi_restore:
|
||||
|
||||
/* Clear the NMI executing stack variable */
|
||||
movq $0, 5*8(%rsp)
|
||||
- jmp irq_return
|
||||
+ INTERRUPT_RETURN
|
||||
CFI_ENDPROC
|
||||
END(nmi)
|
||||
|
|
@ -1,191 +0,0 @@
|
|||
From: Andy Lutomirski <luto@kernel.org>
|
||||
Date: Wed, 15 Jul 2015 10:29:33 -0700
|
||||
Subject: [4/9] x86/nmi: Enable nested do_nmi() handling for 64-bit kernels
|
||||
Origin: https://git.kernel.org/linus/9d05041679904b12c12421cbcf9cb5f4860a8d7b
|
||||
|
||||
32-bit kernels handle nested NMIs in C. Enable the exact same
|
||||
handling on 64-bit kernels as well. This isn't currently
|
||||
necessary, but it will become necessary once the asm code starts
|
||||
allowing limited nesting.
|
||||
|
||||
Signed-off-by: Andy Lutomirski <luto@kernel.org>
|
||||
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
|
||||
Cc: Borislav Petkov <bp@suse.de>
|
||||
Cc: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
||||
---
|
||||
arch/x86/kernel/nmi.c | 123 +++++++++++++++++++++-----------------------------
|
||||
1 file changed, 52 insertions(+), 71 deletions(-)
|
||||
|
||||
--- a/arch/x86/kernel/nmi.c
|
||||
+++ b/arch/x86/kernel/nmi.c
|
||||
@@ -408,15 +408,15 @@ static void default_do_nmi(struct pt_reg
|
||||
NOKPROBE_SYMBOL(default_do_nmi);
|
||||
|
||||
/*
|
||||
- * NMIs can hit breakpoints which will cause it to lose its
|
||||
- * NMI context with the CPU when the breakpoint does an iret.
|
||||
- */
|
||||
-#ifdef CONFIG_X86_32
|
||||
-/*
|
||||
- * For i386, NMIs use the same stack as the kernel, and we can
|
||||
- * add a workaround to the iret problem in C (preventing nested
|
||||
- * NMIs if an NMI takes a trap). Simply have 3 states the NMI
|
||||
- * can be in:
|
||||
+ * NMIs can hit breakpoints which will cause it to lose its NMI context
|
||||
+ * with the CPU when the breakpoint or page fault does an IRET.
|
||||
+ *
|
||||
+ * As a result, NMIs can nest if NMIs get unmasked due an IRET during
|
||||
+ * NMI processing. On x86_64, the asm glue protects us from nested NMIs
|
||||
+ * if the outer NMI came from kernel mode, but we can still nest if the
|
||||
+ * outer NMI came from user mode.
|
||||
+ *
|
||||
+ * To handle these nested NMIs, we have three states:
|
||||
*
|
||||
* 1) not running
|
||||
* 2) executing
|
||||
@@ -430,15 +430,14 @@ NOKPROBE_SYMBOL(default_do_nmi);
|
||||
* (Note, the latch is binary, thus multiple NMIs triggering,
|
||||
* when one is running, are ignored. Only one NMI is restarted.)
|
||||
*
|
||||
- * If an NMI hits a breakpoint that executes an iret, another
|
||||
- * NMI can preempt it. We do not want to allow this new NMI
|
||||
- * to run, but we want to execute it when the first one finishes.
|
||||
- * We set the state to "latched", and the exit of the first NMI will
|
||||
- * perform a dec_return, if the result is zero (NOT_RUNNING), then
|
||||
- * it will simply exit the NMI handler. If not, the dec_return
|
||||
- * would have set the state to NMI_EXECUTING (what we want it to
|
||||
- * be when we are running). In this case, we simply jump back
|
||||
- * to rerun the NMI handler again, and restart the 'latched' NMI.
|
||||
+ * If an NMI executes an iret, another NMI can preempt it. We do not
|
||||
+ * want to allow this new NMI to run, but we want to execute it when the
|
||||
+ * first one finishes. We set the state to "latched", and the exit of
|
||||
+ * the first NMI will perform a dec_return, if the result is zero
|
||||
+ * (NOT_RUNNING), then it will simply exit the NMI handler. If not, the
|
||||
+ * dec_return would have set the state to NMI_EXECUTING (what we want it
|
||||
+ * to be when we are running). In this case, we simply jump back to
|
||||
+ * rerun the NMI handler again, and restart the 'latched' NMI.
|
||||
*
|
||||
* No trap (breakpoint or page fault) should be hit before nmi_restart,
|
||||
* thus there is no race between the first check of state for NOT_RUNNING
|
||||
@@ -461,49 +460,36 @@ enum nmi_states {
|
||||
static DEFINE_PER_CPU(enum nmi_states, nmi_state);
|
||||
static DEFINE_PER_CPU(unsigned long, nmi_cr2);
|
||||
|
||||
-#define nmi_nesting_preprocess(regs) \
|
||||
- do { \
|
||||
- if (this_cpu_read(nmi_state) != NMI_NOT_RUNNING) { \
|
||||
- this_cpu_write(nmi_state, NMI_LATCHED); \
|
||||
- return; \
|
||||
- } \
|
||||
- this_cpu_write(nmi_state, NMI_EXECUTING); \
|
||||
- this_cpu_write(nmi_cr2, read_cr2()); \
|
||||
- } while (0); \
|
||||
- nmi_restart:
|
||||
-
|
||||
-#define nmi_nesting_postprocess() \
|
||||
- do { \
|
||||
- if (unlikely(this_cpu_read(nmi_cr2) != read_cr2())) \
|
||||
- write_cr2(this_cpu_read(nmi_cr2)); \
|
||||
- if (this_cpu_dec_return(nmi_state)) \
|
||||
- goto nmi_restart; \
|
||||
- } while (0)
|
||||
-#else /* x86_64 */
|
||||
+#ifdef CONFIG_X86_64
|
||||
/*
|
||||
- * In x86_64 things are a bit more difficult. This has the same problem
|
||||
- * where an NMI hitting a breakpoint that calls iret will remove the
|
||||
- * NMI context, allowing a nested NMI to enter. What makes this more
|
||||
- * difficult is that both NMIs and breakpoints have their own stack.
|
||||
- * When a new NMI or breakpoint is executed, the stack is set to a fixed
|
||||
- * point. If an NMI is nested, it will have its stack set at that same
|
||||
- * fixed address that the first NMI had, and will start corrupting the
|
||||
- * stack. This is handled in entry_64.S, but the same problem exists with
|
||||
- * the breakpoint stack.
|
||||
- *
|
||||
- * If a breakpoint is being processed, and the debug stack is being used,
|
||||
- * if an NMI comes in and also hits a breakpoint, the stack pointer
|
||||
- * will be set to the same fixed address as the breakpoint that was
|
||||
- * interrupted, causing that stack to be corrupted. To handle this case,
|
||||
- * check if the stack that was interrupted is the debug stack, and if
|
||||
- * so, change the IDT so that new breakpoints will use the current stack
|
||||
- * and not switch to the fixed address. On return of the NMI, switch back
|
||||
- * to the original IDT.
|
||||
+ * In x86_64, we need to handle breakpoint -> NMI -> breakpoint. Without
|
||||
+ * some care, the inner breakpoint will clobber the outer breakpoint's
|
||||
+ * stack.
|
||||
+ *
|
||||
+ * If a breakpoint is being processed, and the debug stack is being
|
||||
+ * used, if an NMI comes in and also hits a breakpoint, the stack
|
||||
+ * pointer will be set to the same fixed address as the breakpoint that
|
||||
+ * was interrupted, causing that stack to be corrupted. To handle this
|
||||
+ * case, check if the stack that was interrupted is the debug stack, and
|
||||
+ * if so, change the IDT so that new breakpoints will use the current
|
||||
+ * stack and not switch to the fixed address. On return of the NMI,
|
||||
+ * switch back to the original IDT.
|
||||
*/
|
||||
static DEFINE_PER_CPU(int, update_debug_stack);
|
||||
+#endif
|
||||
|
||||
-static inline void nmi_nesting_preprocess(struct pt_regs *regs)
|
||||
+dotraplinkage notrace void
|
||||
+do_nmi(struct pt_regs *regs, long error_code)
|
||||
{
|
||||
+ if (this_cpu_read(nmi_state) != NMI_NOT_RUNNING) {
|
||||
+ this_cpu_write(nmi_state, NMI_LATCHED);
|
||||
+ return;
|
||||
+ }
|
||||
+ this_cpu_write(nmi_state, NMI_EXECUTING);
|
||||
+ this_cpu_write(nmi_cr2, read_cr2());
|
||||
+nmi_restart:
|
||||
+
|
||||
+#ifdef CONFIG_X86_64
|
||||
/*
|
||||
* If we interrupted a breakpoint, it is possible that
|
||||
* the nmi handler will have breakpoints too. We need to
|
||||
@@ -514,22 +500,8 @@ static inline void nmi_nesting_preproces
|
||||
debug_stack_set_zero();
|
||||
this_cpu_write(update_debug_stack, 1);
|
||||
}
|
||||
-}
|
||||
-
|
||||
-static inline void nmi_nesting_postprocess(void)
|
||||
-{
|
||||
- if (unlikely(this_cpu_read(update_debug_stack))) {
|
||||
- debug_stack_reset();
|
||||
- this_cpu_write(update_debug_stack, 0);
|
||||
- }
|
||||
-}
|
||||
#endif
|
||||
|
||||
-dotraplinkage notrace void
|
||||
-do_nmi(struct pt_regs *regs, long error_code)
|
||||
-{
|
||||
- nmi_nesting_preprocess(regs);
|
||||
-
|
||||
nmi_enter();
|
||||
|
||||
inc_irq_stat(__nmi_count);
|
||||
@@ -539,8 +511,17 @@ do_nmi(struct pt_regs *regs, long error_
|
||||
|
||||
nmi_exit();
|
||||
|
||||
- /* On i386, may loop back to preprocess */
|
||||
- nmi_nesting_postprocess();
|
||||
+#ifdef CONFIG_X86_64
|
||||
+ if (unlikely(this_cpu_read(update_debug_stack))) {
|
||||
+ debug_stack_reset();
|
||||
+ this_cpu_write(update_debug_stack, 0);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
+ if (unlikely(this_cpu_read(nmi_cr2) != read_cr2()))
|
||||
+ write_cr2(this_cpu_read(nmi_cr2));
|
||||
+ if (this_cpu_dec_return(nmi_state))
|
||||
+ goto nmi_restart;
|
||||
}
|
||||
NOKPROBE_SYMBOL(do_nmi);
|
||||
|
|
@ -1,53 +0,0 @@
|
|||
From: Andy Lutomirski <luto@kernel.org>
|
||||
Date: Wed, 15 Jul 2015 10:29:34 -0700
|
||||
Subject: [5/9] x86/nmi/64: Remove asm code that saves CR2
|
||||
Origin: https://git.kernel.org/linus/0e181bb58143cb4a2e8f01c281b0816cd0e4798e
|
||||
|
||||
Now that do_nmi saves CR2, we don't need to save it in asm.
|
||||
|
||||
Signed-off-by: Andy Lutomirski <luto@kernel.org>
|
||||
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
|
||||
Acked-by: Borislav Petkov <bp@suse.de>
|
||||
Cc: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
||||
[bwh: Backported to 4.0: adjust filename, context]
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
arch/x86/kernel/entry_64.S | 18 ------------------
|
||||
1 file changed, 18 deletions(-)
|
||||
|
||||
--- a/arch/x86/kernel/entry_64.S
|
||||
+++ b/arch/x86/kernel/entry_64.S
|
||||
@@ -1621,29 +1621,11 @@ end_repeat_nmi:
|
||||
call paranoid_entry
|
||||
DEFAULT_FRAME 0
|
||||
|
||||
- /*
|
||||
- * Save off the CR2 register. If we take a page fault in the NMI then
|
||||
- * it could corrupt the CR2 value. If the NMI preempts a page fault
|
||||
- * handler before it was able to read the CR2 register, and then the
|
||||
- * NMI itself takes a page fault, the page fault that was preempted
|
||||
- * will read the information from the NMI page fault and not the
|
||||
- * origin fault. Save it off and restore it if it changes.
|
||||
- * Use the r12 callee-saved register.
|
||||
- */
|
||||
- movq %cr2, %r12
|
||||
-
|
||||
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
|
||||
movq %rsp,%rdi
|
||||
movq $-1,%rsi
|
||||
call do_nmi
|
||||
|
||||
- /* Did the NMI take a page fault? Restore cr2 if it did */
|
||||
- movq %cr2, %rcx
|
||||
- cmpq %rcx, %r12
|
||||
- je 1f
|
||||
- movq %r12, %cr2
|
||||
-1:
|
||||
-
|
||||
testl %ebx,%ebx /* swapgs needed? */
|
||||
jnz nmi_restore
|
||||
nmi_swapgs:
|
|
@ -1,112 +0,0 @@
|
|||
From: Andy Lutomirski <luto@kernel.org>
|
||||
Date: Wed, 15 Jul 2015 10:29:35 -0700
|
||||
Subject: [6/9] x86/nmi/64: Switch stacks on userspace NMI entry
|
||||
Origin: https://git.kernel.org/linus/9b6e6a8334d56354853f9c255d1395c2ba570e0a
|
||||
|
||||
Returning to userspace is tricky: IRET can fail, and ESPFIX can
|
||||
rearrange the stack prior to IRET.
|
||||
|
||||
The NMI nesting fixup relies on a precise stack layout and
|
||||
atomic IRET. Rather than trying to teach the NMI nesting fixup
|
||||
to handle ESPFIX and failed IRET, punt: run NMIs that came from
|
||||
user mode on the normal kernel stack.
|
||||
|
||||
This will make some nested NMIs visible to C code, but the C
|
||||
code is okay with that.
|
||||
|
||||
As a side effect, this should speed up perf: it eliminates an
|
||||
RDMSR when NMIs come from user mode.
|
||||
|
||||
Signed-off-by: Andy Lutomirski <luto@kernel.org>
|
||||
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
|
||||
Reviewed-by: Borislav Petkov <bp@suse.de>
|
||||
Cc: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
||||
[bwh: Backported to 4.1:
|
||||
- Adjust filename, context
|
||||
- Use kernel_stack instead of cpu_current_top_of_stack]
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
--- a/arch/x86/kernel/entry_64.S
|
||||
+++ b/arch/x86/kernel/entry_64.S
|
||||
@@ -1442,19 +1442,73 @@ ENTRY(nmi)
|
||||
* a nested NMI that updated the copy interrupt stack frame, a
|
||||
* jump will be made to the repeat_nmi code that will handle the second
|
||||
* NMI.
|
||||
+ *
|
||||
+ * However, espfix prevents us from directly returning to userspace
|
||||
+ * with a single IRET instruction. Similarly, IRET to user mode
|
||||
+ * can fault. We therefore handle NMIs from user space like
|
||||
+ * other IST entries.
|
||||
*/
|
||||
|
||||
/* Use %rdx as our temp variable throughout */
|
||||
pushq_cfi %rdx
|
||||
CFI_REL_OFFSET rdx, 0
|
||||
|
||||
+ testb $3, CS-RIP+8(%rsp)
|
||||
+ jz .Lnmi_from_kernel
|
||||
+
|
||||
+ /*
|
||||
+ * NMI from user mode. We need to run on the thread stack, but we
|
||||
+ * can't go through the normal entry paths: NMIs are masked, and
|
||||
+ * we don't want to enable interrupts, because then we'll end
|
||||
+ * up in an awkward situation in which IRQs are on but NMIs
|
||||
+ * are off.
|
||||
+ */
|
||||
+
|
||||
+ SWAPGS
|
||||
+ cld
|
||||
+ movq %rsp, %rdx
|
||||
+ movq PER_CPU_VAR(kernel_stack), %rsp
|
||||
+ pushq 5*8(%rdx) /* pt_regs->ss */
|
||||
+ pushq 4*8(%rdx) /* pt_regs->rsp */
|
||||
+ pushq 3*8(%rdx) /* pt_regs->flags */
|
||||
+ pushq 2*8(%rdx) /* pt_regs->cs */
|
||||
+ pushq 1*8(%rdx) /* pt_regs->rip */
|
||||
+ pushq $-1 /* pt_regs->orig_ax */
|
||||
+ pushq %rdi /* pt_regs->di */
|
||||
+ pushq %rsi /* pt_regs->si */
|
||||
+ pushq (%rdx) /* pt_regs->dx */
|
||||
+ pushq %rcx /* pt_regs->cx */
|
||||
+ pushq %rax /* pt_regs->ax */
|
||||
+ pushq %r8 /* pt_regs->r8 */
|
||||
+ pushq %r9 /* pt_regs->r9 */
|
||||
+ pushq %r10 /* pt_regs->r10 */
|
||||
+ pushq %r11 /* pt_regs->r11 */
|
||||
+ pushq %rbx /* pt_regs->rbx */
|
||||
+ pushq %rbp /* pt_regs->rbp */
|
||||
+ pushq %r12 /* pt_regs->r12 */
|
||||
+ pushq %r13 /* pt_regs->r13 */
|
||||
+ pushq %r14 /* pt_regs->r14 */
|
||||
+ pushq %r15 /* pt_regs->r15 */
|
||||
+
|
||||
+ /*
|
||||
+ * At this point we no longer need to worry about stack damage
|
||||
+ * due to nesting -- we're on the normal thread stack and we're
|
||||
+ * done with the NMI stack.
|
||||
+ */
|
||||
+
|
||||
+ movq %rsp, %rdi
|
||||
+ movq $-1, %rsi
|
||||
+ call do_nmi
|
||||
+
|
||||
/*
|
||||
- * If %cs was not the kernel segment, then the NMI triggered in user
|
||||
- * space, which means it is definitely not nested.
|
||||
+ * Return back to user mode. We must *not* do the normal exit
|
||||
+ * work, because we don't want to enable interrupts. Fortunately,
|
||||
+ * do_nmi doesn't modify pt_regs.
|
||||
*/
|
||||
- cmpl $__KERNEL_CS, 16(%rsp)
|
||||
- jne first_nmi
|
||||
+ SWAPGS
|
||||
+ jmp restore_c_regs_and_iret
|
||||
|
||||
+.Lnmi_from_kernel:
|
||||
/*
|
||||
* Check the special variable on the stack to see if NMIs are
|
||||
* executing.
|
|
@ -1,286 +0,0 @@
|
|||
From: Andy Lutomirski <luto@kernel.org>
|
||||
Date: Wed, 15 Jul 2015 10:29:36 -0700
|
||||
Subject: [7/9] x86/nmi/64: Improve nested NMI comments
|
||||
Origin: https://git.kernel.org/linus/0b22930ebad563ae97ff3f8d7b9f12060b4c6e6b
|
||||
|
||||
I found the nested NMI documentation to be difficult to follow.
|
||||
Improve the comments.
|
||||
|
||||
Signed-off-by: Andy Lutomirski <luto@kernel.org>
|
||||
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
|
||||
Cc: Borislav Petkov <bp@suse.de>
|
||||
Cc: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
||||
[bwh: Backported to 4.1: adjust filename, context]
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
arch/x86/kernel/entry_64.S | 159 ++++++++++++++++++++++++++-------------------
|
||||
arch/x86/kernel/nmi.c | 4 +-
|
||||
2 files changed, 93 insertions(+), 70 deletions(-)
|
||||
|
||||
--- a/arch/x86/kernel/entry_64.S
|
||||
+++ b/arch/x86/kernel/entry_64.S
|
||||
@@ -1429,11 +1429,12 @@ ENTRY(nmi)
|
||||
* If the variable is not set and the stack is not the NMI
|
||||
* stack then:
|
||||
* o Set the special variable on the stack
|
||||
- * o Copy the interrupt frame into a "saved" location on the stack
|
||||
- * o Copy the interrupt frame into a "copy" location on the stack
|
||||
+ * o Copy the interrupt frame into an "outermost" location on the
|
||||
+ * stack
|
||||
+ * o Copy the interrupt frame into an "iret" location on the stack
|
||||
* o Continue processing the NMI
|
||||
* If the variable is set or the previous stack is the NMI stack:
|
||||
- * o Modify the "copy" location to jump to the repeate_nmi
|
||||
+ * o Modify the "iret" location to jump to the repeat_nmi
|
||||
* o return back to the first NMI
|
||||
*
|
||||
* Now on exit of the first NMI, we first clear the stack variable
|
||||
@@ -1510,18 +1511,60 @@ ENTRY(nmi)
|
||||
|
||||
.Lnmi_from_kernel:
|
||||
/*
|
||||
- * Check the special variable on the stack to see if NMIs are
|
||||
- * executing.
|
||||
+ * Here's what our stack frame will look like:
|
||||
+ * +---------------------------------------------------------+
|
||||
+ * | original SS |
|
||||
+ * | original Return RSP |
|
||||
+ * | original RFLAGS |
|
||||
+ * | original CS |
|
||||
+ * | original RIP |
|
||||
+ * +---------------------------------------------------------+
|
||||
+ * | temp storage for rdx |
|
||||
+ * +---------------------------------------------------------+
|
||||
+ * | "NMI executing" variable |
|
||||
+ * +---------------------------------------------------------+
|
||||
+ * | iret SS } Copied from "outermost" frame |
|
||||
+ * | iret Return RSP } on each loop iteration; overwritten |
|
||||
+ * | iret RFLAGS } by a nested NMI to force another |
|
||||
+ * | iret CS } iteration if needed. |
|
||||
+ * | iret RIP } |
|
||||
+ * +---------------------------------------------------------+
|
||||
+ * | outermost SS } initialized in first_nmi; |
|
||||
+ * | outermost Return RSP } will not be changed before |
|
||||
+ * | outermost RFLAGS } NMI processing is done. |
|
||||
+ * | outermost CS } Copied to "iret" frame on each |
|
||||
+ * | outermost RIP } iteration. |
|
||||
+ * +---------------------------------------------------------+
|
||||
+ * | pt_regs |
|
||||
+ * +---------------------------------------------------------+
|
||||
+ *
|
||||
+ * The "original" frame is used by hardware. Before re-enabling
|
||||
+ * NMIs, we need to be done with it, and we need to leave enough
|
||||
+ * space for the asm code here.
|
||||
+ *
|
||||
+ * We return by executing IRET while RSP points to the "iret" frame.
|
||||
+ * That will either return for real or it will loop back into NMI
|
||||
+ * processing.
|
||||
+ *
|
||||
+ * The "outermost" frame is copied to the "iret" frame on each
|
||||
+ * iteration of the loop, so each iteration starts with the "iret"
|
||||
+ * frame pointing to the final return target.
|
||||
+ */
|
||||
+
|
||||
+ /*
|
||||
+ * Determine whether we're a nested NMI.
|
||||
+ *
|
||||
+ * First check "NMI executing". If it's set, then we're nested.
|
||||
+ * This will not detect if we interrupted an outer NMI just
|
||||
+ * before IRET.
|
||||
*/
|
||||
cmpl $1, -8(%rsp)
|
||||
je nested_nmi
|
||||
|
||||
/*
|
||||
- * Now test if the previous stack was an NMI stack.
|
||||
- * We need the double check. We check the NMI stack to satisfy the
|
||||
- * race when the first NMI clears the variable before returning.
|
||||
- * We check the variable because the first NMI could be in a
|
||||
- * breakpoint routine using a breakpoint stack.
|
||||
+ * Now test if the previous stack was an NMI stack. This covers
|
||||
+ * the case where we interrupt an outer NMI after it clears
|
||||
+ * "NMI executing" but before IRET.
|
||||
*/
|
||||
lea 6*8(%rsp), %rdx
|
||||
/* Compare the NMI stack (rdx) with the stack we came from (4*8(%rsp)) */
|
||||
@@ -1538,9 +1581,11 @@ ENTRY(nmi)
|
||||
|
||||
nested_nmi:
|
||||
/*
|
||||
- * Do nothing if we interrupted the fixup in repeat_nmi.
|
||||
- * It's about to repeat the NMI handler, so we are fine
|
||||
- * with ignoring this one.
|
||||
+ * If we interrupted an NMI that is between repeat_nmi and
|
||||
+ * end_repeat_nmi, then we must not modify the "iret" frame
|
||||
+ * because it's being written by the outer NMI. That's okay;
|
||||
+ * the outer NMI handler is about to call do_nmi anyway,
|
||||
+ * so we can just resume the outer NMI.
|
||||
*/
|
||||
movq $repeat_nmi, %rdx
|
||||
cmpq 8(%rsp), %rdx
|
||||
@@ -1550,7 +1595,10 @@ nested_nmi:
|
||||
ja nested_nmi_out
|
||||
|
||||
1:
|
||||
- /* Set up the interrupted NMIs stack to jump to repeat_nmi */
|
||||
+ /*
|
||||
+ * Modify the "iret" frame to point to repeat_nmi, forcing another
|
||||
+ * iteration of NMI handling.
|
||||
+ */
|
||||
leaq -1*8(%rsp), %rdx
|
||||
movq %rdx, %rsp
|
||||
CFI_ADJUST_CFA_OFFSET 1*8
|
||||
@@ -1569,60 +1617,23 @@ nested_nmi_out:
|
||||
popq_cfi %rdx
|
||||
CFI_RESTORE rdx
|
||||
|
||||
- /* No need to check faults here */
|
||||
+ /* We are returning to kernel mode, so this cannot result in a fault. */
|
||||
INTERRUPT_RETURN
|
||||
|
||||
CFI_RESTORE_STATE
|
||||
first_nmi:
|
||||
- /*
|
||||
- * Because nested NMIs will use the pushed location that we
|
||||
- * stored in rdx, we must keep that space available.
|
||||
- * Here's what our stack frame will look like:
|
||||
- * +-------------------------+
|
||||
- * | original SS |
|
||||
- * | original Return RSP |
|
||||
- * | original RFLAGS |
|
||||
- * | original CS |
|
||||
- * | original RIP |
|
||||
- * +-------------------------+
|
||||
- * | temp storage for rdx |
|
||||
- * +-------------------------+
|
||||
- * | NMI executing variable |
|
||||
- * +-------------------------+
|
||||
- * | copied SS |
|
||||
- * | copied Return RSP |
|
||||
- * | copied RFLAGS |
|
||||
- * | copied CS |
|
||||
- * | copied RIP |
|
||||
- * +-------------------------+
|
||||
- * | Saved SS |
|
||||
- * | Saved Return RSP |
|
||||
- * | Saved RFLAGS |
|
||||
- * | Saved CS |
|
||||
- * | Saved RIP |
|
||||
- * +-------------------------+
|
||||
- * | pt_regs |
|
||||
- * +-------------------------+
|
||||
- *
|
||||
- * The saved stack frame is used to fix up the copied stack frame
|
||||
- * that a nested NMI may change to make the interrupted NMI iret jump
|
||||
- * to the repeat_nmi. The original stack frame and the temp storage
|
||||
- * is also used by nested NMIs and can not be trusted on exit.
|
||||
- */
|
||||
- /* Do not pop rdx, nested NMIs will corrupt that part of the stack */
|
||||
+ /* Restore rdx. */
|
||||
movq (%rsp), %rdx
|
||||
CFI_RESTORE rdx
|
||||
|
||||
- /* Set the NMI executing variable on the stack. */
|
||||
+ /* Set "NMI executing" on the stack. */
|
||||
pushq_cfi $1
|
||||
|
||||
- /*
|
||||
- * Leave room for the "copied" frame
|
||||
- */
|
||||
+ /* Leave room for the "iret" frame */
|
||||
subq $(5*8), %rsp
|
||||
CFI_ADJUST_CFA_OFFSET 5*8
|
||||
|
||||
- /* Copy the stack frame to the Saved frame */
|
||||
+ /* Copy the "original" frame to the "outermost" frame */
|
||||
.rept 5
|
||||
pushq_cfi 11*8(%rsp)
|
||||
.endr
|
||||
@@ -1630,6 +1641,7 @@ first_nmi:
|
||||
|
||||
/* Everything up to here is safe from nested NMIs */
|
||||
|
||||
+repeat_nmi:
|
||||
/*
|
||||
* If there was a nested NMI, the first NMI's iret will return
|
||||
* here. But NMIs are still enabled and we can take another
|
||||
@@ -1638,16 +1650,21 @@ first_nmi:
|
||||
* it will just return, as we are about to repeat an NMI anyway.
|
||||
* This makes it safe to copy to the stack frame that a nested
|
||||
* NMI will update.
|
||||
- */
|
||||
-repeat_nmi:
|
||||
- /*
|
||||
- * Update the stack variable to say we are still in NMI (the update
|
||||
- * is benign for the non-repeat case, where 1 was pushed just above
|
||||
- * to this very stack slot).
|
||||
+ *
|
||||
+ * RSP is pointing to "outermost RIP". gsbase is unknown, but, if
|
||||
+ * we're repeating an NMI, gsbase has the same value that it had on
|
||||
+ * the first iteration. paranoid_entry will load the kernel
|
||||
+ * gsbase if needed before we call do_nmi.
|
||||
+ *
|
||||
+ * Set "NMI executing" in case we came back here via IRET.
|
||||
*/
|
||||
movq $1, 10*8(%rsp)
|
||||
|
||||
- /* Make another copy, this one may be modified by nested NMIs */
|
||||
+ /*
|
||||
+ * Copy the "outermost" frame to the "iret" frame. NMIs that nest
|
||||
+ * here must not modify the "iret" frame while we're writing to
|
||||
+ * it or it will end up containing garbage.
|
||||
+ */
|
||||
addq $(10*8), %rsp
|
||||
CFI_ADJUST_CFA_OFFSET -10*8
|
||||
.rept 5
|
||||
@@ -1658,9 +1675,9 @@ repeat_nmi:
|
||||
end_repeat_nmi:
|
||||
|
||||
/*
|
||||
- * Everything below this point can be preempted by a nested
|
||||
- * NMI if the first NMI took an exception and reset our iret stack
|
||||
- * so that we repeat another NMI.
|
||||
+ * Everything below this point can be preempted by a nested NMI.
|
||||
+ * If this happens, then the inner NMI will change the "iret"
|
||||
+ * frame to point back to repeat_nmi.
|
||||
*/
|
||||
pushq_cfi $-1 /* ORIG_RAX: no syscall to restart */
|
||||
ALLOC_PT_GPREGS_ON_STACK
|
||||
@@ -1687,11 +1704,18 @@ nmi_swapgs:
|
||||
nmi_restore:
|
||||
RESTORE_EXTRA_REGS
|
||||
RESTORE_C_REGS
|
||||
- /* Pop the extra iret frame at once */
|
||||
+
|
||||
+ /* Point RSP at the "iret" frame. */
|
||||
REMOVE_PT_GPREGS_FROM_STACK 6*8
|
||||
|
||||
- /* Clear the NMI executing stack variable */
|
||||
+ /* Clear "NMI executing". */
|
||||
movq $0, 5*8(%rsp)
|
||||
+
|
||||
+ /*
|
||||
+ * INTERRUPT_RETURN reads the "iret" frame and exits the NMI
|
||||
+ * stack in a single instruction. We are returning to kernel
|
||||
+ * mode, so this cannot result in a fault.
|
||||
+ */
|
||||
INTERRUPT_RETURN
|
||||
CFI_ENDPROC
|
||||
END(nmi)
|
||||
--- a/arch/x86/kernel/nmi.c
|
||||
+++ b/arch/x86/kernel/nmi.c
|
||||
@@ -408,8 +408,8 @@ static void default_do_nmi(struct pt_reg
|
||||
NOKPROBE_SYMBOL(default_do_nmi);
|
||||
|
||||
/*
|
||||
- * NMIs can hit breakpoints which will cause it to lose its NMI context
|
||||
- * with the CPU when the breakpoint or page fault does an IRET.
|
||||
+ * NMIs can page fault or hit breakpoints which will cause it to lose
|
||||
+ * its NMI context with the CPU when the breakpoint or page fault does an IRET.
|
||||
*
|
||||
* As a result, NMIs can nest if NMIs get unmasked due an IRET during
|
||||
* NMI processing. On x86_64, the asm glue protects us from nested NMIs
|
|
@ -1,91 +0,0 @@
|
|||
From: Andy Lutomirski <luto@kernel.org>
|
||||
Date: Wed, 15 Jul 2015 10:29:37 -0700
|
||||
Subject: [8/9] x86/nmi/64: Reorder nested NMI checks
|
||||
Origin: https://git.kernel.org/linus/a27507ca2d796cfa8d907de31ad730359c8a6d06
|
||||
|
||||
Check the repeat_nmi .. end_repeat_nmi special case first. The
|
||||
next patch will rework the RSP check and, as a side effect, the
|
||||
RSP check will no longer detect repeat_nmi .. end_repeat_nmi, so
|
||||
we'll need this ordering of the checks.
|
||||
|
||||
Note: this is more subtle than it appears. The check for
|
||||
repeat_nmi .. end_repeat_nmi jumps straight out of the NMI code
|
||||
instead of adjusting the "iret" frame to force a repeat. This
|
||||
is necessary, because the code between repeat_nmi and
|
||||
end_repeat_nmi sets "NMI executing" and then writes to the
|
||||
"iret" frame itself. If a nested NMI comes in and modifies the
|
||||
"iret" frame while repeat_nmi is also modifying it, we'll end up
|
||||
with garbage. The old code got this right, as does the new
|
||||
code, but the new code is a bit more explicit.
|
||||
|
||||
If we were to move the check right after the "NMI executing"
|
||||
check, then we'd get it wrong and have random crashes.
|
||||
|
||||
( Because the "NMI executing" check would jump to the code that would
|
||||
modify the "iret" frame without checking if the interrupted NMI was
|
||||
currently modifying it. )
|
||||
|
||||
Signed-off-by: Andy Lutomirski <luto@kernel.org>
|
||||
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
|
||||
Cc: Borislav Petkov <bp@suse.de>
|
||||
Cc: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
||||
[bwh: Backported to 4.1: adjust filename, spacing]
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
arch/x86/kernel/entry_64.S | 34 ++++++++++++++++++----------------
|
||||
1 file changed, 18 insertions(+), 16 deletions(-)
|
||||
|
||||
--- a/arch/x86/kernel/entry_64.S
|
||||
+++ b/arch/x86/kernel/entry_64.S
|
||||
@@ -1554,7 +1554,24 @@ ENTRY(nmi)
|
||||
/*
|
||||
* Determine whether we're a nested NMI.
|
||||
*
|
||||
- * First check "NMI executing". If it's set, then we're nested.
|
||||
+ * If we interrupted kernel code between repeat_nmi and
|
||||
+ * end_repeat_nmi, then we are a nested NMI. We must not
|
||||
+ * modify the "iret" frame because it's being written by
|
||||
+ * the outer NMI. That's okay; the outer NMI handler is
|
||||
+ * about to about to call do_nmi anyway, so we can just
|
||||
+ * resume the outer NMI.
|
||||
+ */
|
||||
+
|
||||
+ movq $repeat_nmi, %rdx
|
||||
+ cmpq 8(%rsp), %rdx
|
||||
+ ja 1f
|
||||
+ movq $end_repeat_nmi, %rdx
|
||||
+ cmpq 8(%rsp), %rdx
|
||||
+ ja nested_nmi_out
|
||||
+1:
|
||||
+
|
||||
+ /*
|
||||
+ * Now check "NMI executing". If it's set, then we're nested.
|
||||
* This will not detect if we interrupted an outer NMI just
|
||||
* before IRET.
|
||||
*/
|
||||
@@ -1581,21 +1598,6 @@ ENTRY(nmi)
|
||||
|
||||
nested_nmi:
|
||||
/*
|
||||
- * If we interrupted an NMI that is between repeat_nmi and
|
||||
- * end_repeat_nmi, then we must not modify the "iret" frame
|
||||
- * because it's being written by the outer NMI. That's okay;
|
||||
- * the outer NMI handler is about to call do_nmi anyway,
|
||||
- * so we can just resume the outer NMI.
|
||||
- */
|
||||
- movq $repeat_nmi, %rdx
|
||||
- cmpq 8(%rsp), %rdx
|
||||
- ja 1f
|
||||
- movq $end_repeat_nmi, %rdx
|
||||
- cmpq 8(%rsp), %rdx
|
||||
- ja nested_nmi_out
|
||||
-
|
||||
-1:
|
||||
- /*
|
||||
* Modify the "iret" frame to point to repeat_nmi, forcing another
|
||||
* iteration of NMI handling.
|
||||
*/
|
|
@ -1,90 +0,0 @@
|
|||
From: Andy Lutomirski <luto@kernel.org>
|
||||
Date: Wed, 15 Jul 2015 10:29:38 -0700
|
||||
Subject: x86/nmi/64: Use DF to avoid userspace RSP confusing nested NMI
|
||||
detection
|
||||
Origin: https://git.kernel.org/linus/810bc075f78ff2c221536eb3008eac6a492dba2d
|
||||
|
||||
We have a tricky bug in the nested NMI code: if we see RSP
|
||||
pointing to the NMI stack on NMI entry from kernel mode, we
|
||||
assume that we are executing a nested NMI.
|
||||
|
||||
This isn't quite true. A malicious userspace program can point
|
||||
RSP at the NMI stack, issue SYSCALL, and arrange for an NMI to
|
||||
happen while RSP is still pointing at the NMI stack.
|
||||
|
||||
Fix it with a sneaky trick. Set DF in the region of code that
|
||||
the RSP check is intended to detect. IRET will clear DF
|
||||
atomically.
|
||||
|
||||
( Note: other than paravirt, there's little need for all this
|
||||
complexity. We could check RIP instead of RSP. )
|
||||
|
||||
Signed-off-by: Andy Lutomirski <luto@kernel.org>
|
||||
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
|
||||
Cc: Borislav Petkov <bp@suse.de>
|
||||
Cc: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
||||
[bwh: Backported to 4.1: adjust filename, context]
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
arch/x86/kernel/entry_64.S | 29 +++++++++++++++++++++++++----
|
||||
1 file changed, 25 insertions(+), 4 deletions(-)
|
||||
|
||||
--- a/arch/x86/kernel/entry_64.S
|
||||
+++ b/arch/x86/kernel/entry_64.S
|
||||
@@ -1581,7 +1581,14 @@ ENTRY(nmi)
|
||||
/*
|
||||
* Now test if the previous stack was an NMI stack. This covers
|
||||
* the case where we interrupt an outer NMI after it clears
|
||||
- * "NMI executing" but before IRET.
|
||||
+ * "NMI executing" but before IRET. We need to be careful, though:
|
||||
+ * there is one case in which RSP could point to the NMI stack
|
||||
+ * despite there being no NMI active: naughty userspace controls
|
||||
+ * RSP at the very beginning of the SYSCALL targets. We can
|
||||
+ * pull a fast one on naughty userspace, though: we program
|
||||
+ * SYSCALL to mask DF, so userspace cannot cause DF to be set
|
||||
+ * if it controls the kernel's RSP. We set DF before we clear
|
||||
+ * "NMI executing".
|
||||
*/
|
||||
lea 6*8(%rsp), %rdx
|
||||
/* Compare the NMI stack (rdx) with the stack we came from (4*8(%rsp)) */
|
||||
@@ -1592,10 +1599,16 @@ ENTRY(nmi)
|
||||
cmpq %rdx, 4*8(%rsp)
|
||||
/* If it is below the NMI stack, it is a normal NMI */
|
||||
jb first_nmi
|
||||
- /* Ah, it is within the NMI stack, treat it as nested */
|
||||
+
|
||||
+ /* Ah, it is within the NMI stack. */
|
||||
+
|
||||
+ testb $(X86_EFLAGS_DF >> 8), (3*8 + 1)(%rsp)
|
||||
+ jz first_nmi /* RSP was user controlled. */
|
||||
|
||||
CFI_REMEMBER_STATE
|
||||
|
||||
+ /* This is a nested NMI. */
|
||||
+
|
||||
nested_nmi:
|
||||
/*
|
||||
* Modify the "iret" frame to point to repeat_nmi, forcing another
|
||||
@@ -1710,8 +1723,16 @@ nmi_restore:
|
||||
/* Point RSP at the "iret" frame. */
|
||||
REMOVE_PT_GPREGS_FROM_STACK 6*8
|
||||
|
||||
- /* Clear "NMI executing". */
|
||||
- movq $0, 5*8(%rsp)
|
||||
+ /*
|
||||
+ * Clear "NMI executing". Set DF first so that we can easily
|
||||
+ * distinguish the remaining code between here and IRET from
|
||||
+ * the SYSCALL entry and exit paths. On a native kernel, we
|
||||
+ * could just inspect RIP, but, on paravirt kernels,
|
||||
+ * INTERRUPT_RETURN can translate into a jump into a
|
||||
+ * hypercall page.
|
||||
+ */
|
||||
+ std
|
||||
+ movq $0, 5*8(%rsp) /* clear "NMI executing" */
|
||||
|
||||
/*
|
||||
* INTERRUPT_RETURN reads the "iret" frame and exits the NMI
|
|
@ -1,24 +0,0 @@
|
|||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Sat, 30 May 2015 14:31:24 +0200
|
||||
Subject: kvm: x86: fix kvm_apic_has_events to check for NULL pointer
|
||||
Origin: https://git.kernel.org/linus/ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009
|
||||
|
||||
Malicious (or egregiously buggy) userspace can trigger it, but it
|
||||
should never happen in normal operation.
|
||||
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/lapic.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/arch/x86/kvm/lapic.h
|
||||
+++ b/arch/x86/kvm/lapic.h
|
||||
@@ -165,7 +165,7 @@ static inline u16 apic_logical_id(struct
|
||||
|
||||
static inline bool kvm_apic_has_events(struct kvm_vcpu *vcpu)
|
||||
{
|
||||
- return vcpu->arch.apic->pending_events;
|
||||
+ return kvm_vcpu_has_lapic(vcpu) && vcpu->arch.apic->pending_events;
|
||||
}
|
||||
|
||||
bool kvm_apic_pending_eoi(struct kvm_vcpu *vcpu, int vector);
|
|
@ -9,8 +9,8 @@ This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415
|
|||
|
||||
--- a/fs/namei.c
|
||||
+++ b/fs/namei.c
|
||||
@@ -651,8 +651,8 @@ static inline void put_link(struct namei
|
||||
path_put(link);
|
||||
@@ -847,8 +847,8 @@ static inline void put_link(struct namei
|
||||
path_put(&last->link);
|
||||
}
|
||||
|
||||
-int sysctl_protected_symlinks __read_mostly = 0;
|
||||
|
|
|
@ -15,12 +15,12 @@ Forwarded: not-needed
|
|||
|
||||
/* describe a ptrace relationship for potential exception */
|
||||
struct ptrace_relation {
|
||||
@@ -425,7 +425,7 @@ static __init int yama_init(void)
|
||||
@@ -407,7 +407,7 @@ static __init int yama_init(void)
|
||||
if (!security_module_enable("yama"))
|
||||
return 0;
|
||||
#endif
|
||||
- pr_info("Yama: becoming mindful.\n");
|
||||
+ pr_info("Yama: disabled by default; enable with sysctl kernel.yama.*\n");
|
||||
|
||||
- printk(KERN_INFO "Yama: becoming mindful.\n");
|
||||
+ printk(KERN_INFO "Yama: disabled by default; enable with sysctl kernel.yama.*\n");
|
||||
|
||||
#ifndef CONFIG_SECURITY_YAMA_STACKED
|
||||
if (register_security(&yama_ops))
|
||||
#ifdef CONFIG_SYSCTL
|
||||
if (!register_sysctl_paths(yama_sysctl_path, yama_sysctl_table))
|
||||
|
|
|
@ -8,11 +8,11 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch
|
|||
|
||||
aufs4.x-rcN mmap patch
|
||||
|
||||
diff --git a/fs/buffer.c b/fs/buffer.c
|
||||
index c7a5602..8c50a22 100644
|
||||
[bwh: Adjusted context for 4.2]
|
||||
|
||||
--- a/fs/buffer.c
|
||||
+++ b/fs/buffer.c
|
||||
@@ -2450,7 +2450,7 @@ int block_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf,
|
||||
@@ -2473,7 +2473,7 @@ int block_page_mkwrite(struct vm_area_st
|
||||
* Update file times before taking page lock. We may end up failing the
|
||||
* fault so this update may be superfluous but who really cares...
|
||||
*/
|
||||
|
@ -21,11 +21,9 @@ index c7a5602..8c50a22 100644
|
|||
|
||||
ret = __block_page_mkwrite(vma, vmf, get_block);
|
||||
sb_end_pagefault(sb);
|
||||
diff --git a/fs/proc/base.c b/fs/proc/base.c
|
||||
index 093ca14..fc1ac03 100644
|
||||
--- a/fs/proc/base.c
|
||||
+++ b/fs/proc/base.c
|
||||
@@ -1744,7 +1744,7 @@ static int proc_map_files_get_link(struct dentry *dentry, struct path *path)
|
||||
@@ -1939,7 +1939,7 @@ static int proc_map_files_get_link(struc
|
||||
down_read(&mm->mmap_sem);
|
||||
vma = find_exact_vma(mm, vm_start, vm_end);
|
||||
if (vma && vma->vm_file) {
|
||||
|
@ -34,11 +32,9 @@ index 093ca14..fc1ac03 100644
|
|||
path_get(path);
|
||||
rc = 0;
|
||||
}
|
||||
diff --git a/fs/proc/nommu.c b/fs/proc/nommu.c
|
||||
index d4a3574..1397181 100644
|
||||
--- a/fs/proc/nommu.c
|
||||
+++ b/fs/proc/nommu.c
|
||||
@@ -45,7 +45,10 @@ static int nommu_region_show(struct seq_file *m, struct vm_region *region)
|
||||
@@ -45,7 +45,10 @@ static int nommu_region_show(struct seq_
|
||||
file = region->vm_file;
|
||||
|
||||
if (file) {
|
||||
|
@ -50,11 +46,9 @@ index d4a3574..1397181 100644
|
|||
dev = inode->i_sb->s_dev;
|
||||
ino = inode->i_ino;
|
||||
}
|
||||
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
|
||||
index 6dee68d..9afa35d 100644
|
||||
--- a/fs/proc/task_mmu.c
|
||||
+++ b/fs/proc/task_mmu.c
|
||||
@@ -279,7 +279,10 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
|
||||
@@ -279,7 +279,10 @@ show_map_vma(struct seq_file *m, struct
|
||||
const char *name = NULL;
|
||||
|
||||
if (file) {
|
||||
|
@ -66,7 +60,7 @@ index 6dee68d..9afa35d 100644
|
|||
dev = inode->i_sb->s_dev;
|
||||
ino = inode->i_ino;
|
||||
pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT;
|
||||
@@ -1479,7 +1482,7 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
|
||||
@@ -1479,7 +1482,7 @@ static int show_numa_map(struct seq_file
|
||||
struct proc_maps_private *proc_priv = &numa_priv->proc_maps;
|
||||
struct vm_area_struct *vma = v;
|
||||
struct numa_maps *md = &numa_priv->md;
|
||||
|
@ -75,11 +69,9 @@ index 6dee68d..9afa35d 100644
|
|||
struct mm_struct *mm = vma->vm_mm;
|
||||
struct mm_walk walk = {
|
||||
.hugetlb_entry = gather_hugetlb_stats,
|
||||
diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c
|
||||
index 599ec2e..de6cd6e 100644
|
||||
--- a/fs/proc/task_nommu.c
|
||||
+++ b/fs/proc/task_nommu.c
|
||||
@@ -160,7 +160,10 @@ static int nommu_vma_show(struct seq_file *m, struct vm_area_struct *vma,
|
||||
@@ -160,7 +160,10 @@ static int nommu_vma_show(struct seq_fil
|
||||
file = vma->vm_file;
|
||||
|
||||
if (file) {
|
||||
|
@ -91,11 +83,9 @@ index 599ec2e..de6cd6e 100644
|
|||
dev = inode->i_sb->s_dev;
|
||||
ino = inode->i_ino;
|
||||
pgoff = (loff_t)vma->vm_pgoff << PAGE_SHIFT;
|
||||
diff --git a/include/linux/mm.h b/include/linux/mm.h
|
||||
index 0755b9f..073d61e 100644
|
||||
--- a/include/linux/mm.h
|
||||
+++ b/include/linux/mm.h
|
||||
@@ -1172,6 +1172,28 @@ static inline int fixup_user_fault(struct task_struct *tsk,
|
||||
@@ -1173,6 +1173,28 @@ static inline int fixup_user_fault(struc
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -124,11 +114,9 @@ index 0755b9f..073d61e 100644
|
|||
extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write);
|
||||
extern int access_remote_vm(struct mm_struct *mm, unsigned long addr,
|
||||
void *buf, int len, int write);
|
||||
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
|
||||
index 8d37e26..ce89d4c 100644
|
||||
--- a/include/linux/mm_types.h
|
||||
+++ b/include/linux/mm_types.h
|
||||
@@ -241,6 +241,7 @@ struct vm_region {
|
||||
@@ -259,6 +259,7 @@ struct vm_region {
|
||||
unsigned long vm_top; /* region allocated to here */
|
||||
unsigned long vm_pgoff; /* the offset in vm_file corresponding to vm_start */
|
||||
struct file *vm_file; /* the backing file or NULL */
|
||||
|
@ -136,7 +124,7 @@ index 8d37e26..ce89d4c 100644
|
|||
|
||||
int vm_usage; /* region usage count (access under nommu_region_sem) */
|
||||
bool vm_icache_flushed : 1; /* true if the icache has been flushed for
|
||||
@@ -305,6 +306,7 @@ struct vm_area_struct {
|
||||
@@ -323,6 +324,7 @@ struct vm_area_struct {
|
||||
unsigned long vm_pgoff; /* Offset (within vm_file) in PAGE_SIZE
|
||||
units, *not* PAGE_CACHE_SIZE */
|
||||
struct file * vm_file; /* File we map to (can be NULL). */
|
||||
|
@ -144,11 +132,9 @@ index 8d37e26..ce89d4c 100644
|
|||
void * vm_private_data; /* was vm_pte (shared mem) */
|
||||
|
||||
#ifndef CONFIG_MMU
|
||||
diff --git a/kernel/fork.c b/kernel/fork.c
|
||||
index 03c1eaa..7e215ba 100644
|
||||
--- a/kernel/fork.c
|
||||
+++ b/kernel/fork.c
|
||||
@@ -456,7 +456,7 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
|
||||
@@ -461,7 +461,7 @@ static int dup_mmap(struct mm_struct *mm
|
||||
struct inode *inode = file_inode(file);
|
||||
struct address_space *mapping = file->f_mapping;
|
||||
|
||||
|
@ -157,11 +143,9 @@ index 03c1eaa..7e215ba 100644
|
|||
if (tmp->vm_flags & VM_DENYWRITE)
|
||||
atomic_dec(&inode->i_writecount);
|
||||
i_mmap_lock_write(mapping);
|
||||
diff --git a/mm/Makefile b/mm/Makefile
|
||||
index 98c4eae..3f0c9b9 100644
|
||||
--- a/mm/Makefile
|
||||
+++ b/mm/Makefile
|
||||
@@ -21,7 +21,7 @@ obj-y := filemap.o mempool.o oom_kill.o \
|
||||
@@ -21,7 +21,7 @@ obj-y := filemap.o mempool.o oom_kill.
|
||||
mm_init.o mmu_context.o percpu.o slab_common.o \
|
||||
compaction.o vmacache.o \
|
||||
interval_tree.o list_lru.o workingset.o \
|
||||
|
@ -170,11 +154,9 @@ index 98c4eae..3f0c9b9 100644
|
|||
|
||||
obj-y += init-mm.o
|
||||
|
||||
diff --git a/mm/filemap.c b/mm/filemap.c
|
||||
index 6bf5e42..a863d0f 100644
|
||||
--- a/mm/filemap.c
|
||||
+++ b/mm/filemap.c
|
||||
@@ -2062,7 +2062,7 @@ int filemap_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf)
|
||||
@@ -2089,7 +2089,7 @@ int filemap_page_mkwrite(struct vm_area_
|
||||
int ret = VM_FAULT_LOCKED;
|
||||
|
||||
sb_start_pagefault(inode->i_sb);
|
||||
|
@ -183,11 +165,9 @@ index 6bf5e42..a863d0f 100644
|
|||
lock_page(page);
|
||||
if (page->mapping != inode->i_mapping) {
|
||||
unlock_page(page);
|
||||
diff --git a/mm/madvise.c b/mm/madvise.c
|
||||
index d551475..1ebf71b 100644
|
||||
--- a/mm/madvise.c
|
||||
+++ b/mm/madvise.c
|
||||
@@ -320,12 +320,12 @@ static long madvise_remove(struct vm_area_struct *vma,
|
||||
@@ -321,12 +321,12 @@ static long madvise_remove(struct vm_are
|
||||
* vma's reference to the file) can go away as soon as we drop
|
||||
* mmap_sem.
|
||||
*/
|
||||
|
@ -202,11 +182,9 @@ index d551475..1ebf71b 100644
|
|||
down_read(¤t->mm->mmap_sem);
|
||||
return error;
|
||||
}
|
||||
diff --git a/mm/memory.c b/mm/memory.c
|
||||
index 22e037e..62096a2 100644
|
||||
--- a/mm/memory.c
|
||||
+++ b/mm/memory.c
|
||||
@@ -2034,7 +2034,7 @@ static inline int wp_page_reuse(struct mm_struct *mm,
|
||||
@@ -2034,7 +2034,7 @@ static inline int wp_page_reuse(struct m
|
||||
}
|
||||
|
||||
if (!page_mkwrite)
|
||||
|
@ -215,11 +193,9 @@ index 22e037e..62096a2 100644
|
|||
}
|
||||
|
||||
return VM_FAULT_WRITE;
|
||||
diff --git a/mm/mmap.c b/mm/mmap.c
|
||||
index bb50cac..1ab5e596 100644
|
||||
--- a/mm/mmap.c
|
||||
+++ b/mm/mmap.c
|
||||
@@ -274,7 +274,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
|
||||
@@ -274,7 +274,7 @@ static struct vm_area_struct *remove_vma
|
||||
if (vma->vm_ops && vma->vm_ops->close)
|
||||
vma->vm_ops->close(vma);
|
||||
if (vma->vm_file)
|
||||
|
@ -228,7 +204,7 @@ index bb50cac..1ab5e596 100644
|
|||
mpol_put(vma_policy(vma));
|
||||
kmem_cache_free(vm_area_cachep, vma);
|
||||
return next;
|
||||
@@ -886,7 +886,7 @@ again: remove_next = 1 + (end > next->vm_end);
|
||||
@@ -886,7 +886,7 @@ again: remove_next = 1 + (end > next->
|
||||
if (remove_next) {
|
||||
if (file) {
|
||||
uprobe_munmap(next, next->vm_start, next->vm_end);
|
||||
|
@ -247,7 +223,7 @@ index bb50cac..1ab5e596 100644
|
|||
|
||||
/* Undo any partial mapping done by a device driver. */
|
||||
unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
|
||||
@@ -2473,7 +2473,7 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
|
||||
@@ -2473,7 +2473,7 @@ static int __split_vma(struct mm_struct
|
||||
goto out_free_mpol;
|
||||
|
||||
if (new->vm_file)
|
||||
|
@ -256,7 +232,7 @@ index bb50cac..1ab5e596 100644
|
|||
|
||||
if (new->vm_ops && new->vm_ops->open)
|
||||
new->vm_ops->open(new);
|
||||
@@ -2492,7 +2492,7 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
|
||||
@@ -2492,7 +2492,7 @@ static int __split_vma(struct mm_struct
|
||||
if (new->vm_ops && new->vm_ops->close)
|
||||
new->vm_ops->close(new);
|
||||
if (new->vm_file)
|
||||
|
@ -265,7 +241,7 @@ index bb50cac..1ab5e596 100644
|
|||
unlink_anon_vmas(new);
|
||||
out_free_mpol:
|
||||
mpol_put(vma_policy(new));
|
||||
@@ -2635,7 +2635,6 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
|
||||
@@ -2635,7 +2635,6 @@ SYSCALL_DEFINE5(remap_file_pages, unsign
|
||||
struct vm_area_struct *vma;
|
||||
unsigned long populate = 0;
|
||||
unsigned long ret = -EINVAL;
|
||||
|
@ -273,7 +249,7 @@ index bb50cac..1ab5e596 100644
|
|||
|
||||
pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. "
|
||||
"See Documentation/vm/remap_file_pages.txt.\n",
|
||||
@@ -2679,10 +2678,10 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
|
||||
@@ -2679,10 +2678,10 @@ SYSCALL_DEFINE5(remap_file_pages, unsign
|
||||
munlock_vma_pages_range(vma, start, start + size);
|
||||
}
|
||||
|
||||
|
@ -286,7 +262,7 @@ index bb50cac..1ab5e596 100644
|
|||
out:
|
||||
up_write(&mm->mmap_sem);
|
||||
if (populate)
|
||||
@@ -2949,7 +2948,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
|
||||
@@ -2949,7 +2948,7 @@ struct vm_area_struct *copy_vma(struct v
|
||||
if (anon_vma_clone(new_vma, vma))
|
||||
goto out_free_mempol;
|
||||
if (new_vma->vm_file)
|
||||
|
@ -295,11 +271,9 @@ index bb50cac..1ab5e596 100644
|
|||
if (new_vma->vm_ops && new_vma->vm_ops->open)
|
||||
new_vma->vm_ops->open(new_vma);
|
||||
vma_link(mm, new_vma, prev, rb_link, rb_parent);
|
||||
diff --git a/mm/msync.c b/mm/msync.c
|
||||
index bb04d53..5c24c54 100644
|
||||
--- a/mm/msync.c
|
||||
+++ b/mm/msync.c
|
||||
@@ -84,10 +84,10 @@ SYSCALL_DEFINE3(msync, unsigned long, start, size_t, len, int, flags)
|
||||
@@ -84,10 +84,10 @@ SYSCALL_DEFINE3(msync, unsigned long, st
|
||||
start = vma->vm_end;
|
||||
if ((flags & MS_SYNC) && file &&
|
||||
(vma->vm_flags & VM_SHARED)) {
|
||||
|
@ -312,11 +286,9 @@ index bb04d53..5c24c54 100644
|
|||
if (error || start >= end)
|
||||
goto out;
|
||||
down_read(&mm->mmap_sem);
|
||||
diff --git a/mm/nommu.c b/mm/nommu.c
|
||||
index e544508..dd6f74a 100644
|
||||
--- a/mm/nommu.c
|
||||
+++ b/mm/nommu.c
|
||||
@@ -693,7 +693,7 @@ static void __put_nommu_region(struct vm_region *region)
|
||||
@@ -671,7 +671,7 @@ static void __put_nommu_region(struct vm
|
||||
up_write(&nommu_region_sem);
|
||||
|
||||
if (region->vm_file)
|
||||
|
@ -325,7 +297,7 @@ index e544508..dd6f74a 100644
|
|||
|
||||
/* IO memory and memory shared directly out of the pagecache
|
||||
* from ramfs/tmpfs mustn't be released here */
|
||||
@@ -858,7 +858,7 @@ static void delete_vma(struct mm_struct *mm, struct vm_area_struct *vma)
|
||||
@@ -829,7 +829,7 @@ static void delete_vma(struct mm_struct
|
||||
if (vma->vm_ops && vma->vm_ops->close)
|
||||
vma->vm_ops->close(vma);
|
||||
if (vma->vm_file)
|
||||
|
@ -334,7 +306,7 @@ index e544508..dd6f74a 100644
|
|||
put_nommu_region(vma->vm_region);
|
||||
kmem_cache_free(vm_area_cachep, vma);
|
||||
}
|
||||
@@ -1398,7 +1398,7 @@ unsigned long do_mmap_pgoff(struct file *file,
|
||||
@@ -1354,7 +1354,7 @@ unsigned long do_mmap_pgoff(struct file
|
||||
goto error_just_free;
|
||||
}
|
||||
}
|
||||
|
@ -343,7 +315,7 @@ index e544508..dd6f74a 100644
|
|||
kmem_cache_free(vm_region_jar, region);
|
||||
region = pregion;
|
||||
result = start;
|
||||
@@ -1474,10 +1474,10 @@ error_just_free:
|
||||
@@ -1429,10 +1429,10 @@ error_just_free:
|
||||
up_write(&nommu_region_sem);
|
||||
error:
|
||||
if (region->vm_file)
|
||||
|
@ -354,11 +326,8 @@ index e544508..dd6f74a 100644
|
|||
- fput(vma->vm_file);
|
||||
+ vma_fput(vma);
|
||||
kmem_cache_free(vm_area_cachep, vma);
|
||||
kleave(" = %d", ret);
|
||||
return ret;
|
||||
diff --git a/mm/prfile.c b/mm/prfile.c
|
||||
new file mode 100644
|
||||
index 0000000..6c145eb
|
||||
|
||||
--- /dev/null
|
||||
+++ b/mm/prfile.c
|
||||
@@ -0,0 +1,86 @@
|
||||
|
|
|
@ -8,11 +8,11 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch
|
|||
|
||||
aufs4.x-rcN standalone patch
|
||||
|
||||
diff --git a/fs/dcache.c b/fs/dcache.c
|
||||
index bc261e2..8d7951d 100644
|
||||
[bwh: Adjusted context for 4.2]
|
||||
|
||||
--- a/fs/dcache.c
|
||||
+++ b/fs/dcache.c
|
||||
@@ -1269,6 +1269,7 @@ rename_retry:
|
||||
@@ -1272,6 +1272,7 @@ rename_retry:
|
||||
seq = 1;
|
||||
goto again;
|
||||
}
|
||||
|
@ -20,11 +20,9 @@ index bc261e2..8d7951d 100644
|
|||
|
||||
/*
|
||||
* Search for at least 1 mount point in the dentry's subdirs.
|
||||
diff --git a/fs/file_table.c b/fs/file_table.c
|
||||
index 294174d..3cea027 100644
|
||||
--- a/fs/file_table.c
|
||||
+++ b/fs/file_table.c
|
||||
@@ -147,6 +147,7 @@ over:
|
||||
@@ -146,6 +146,7 @@ over:
|
||||
}
|
||||
return ERR_PTR(-ENFILE);
|
||||
}
|
||||
|
@ -32,7 +30,7 @@ index 294174d..3cea027 100644
|
|||
|
||||
/**
|
||||
* alloc_file - allocate and initialize a 'struct file'
|
||||
@@ -308,6 +309,7 @@ void put_filp(struct file *file)
|
||||
@@ -307,6 +308,7 @@ void put_filp(struct file *file)
|
||||
file_free(file);
|
||||
}
|
||||
}
|
||||
|
@ -40,11 +38,9 @@ index 294174d..3cea027 100644
|
|||
|
||||
void __init files_init(unsigned long mempages)
|
||||
{
|
||||
diff --git a/fs/inode.c b/fs/inode.c
|
||||
index ea37cd1..58f5f58 100644
|
||||
--- a/fs/inode.c
|
||||
+++ b/fs/inode.c
|
||||
@@ -58,6 +58,7 @@ static struct hlist_head *inode_hashtable __read_mostly;
|
||||
@@ -58,6 +58,7 @@ static struct hlist_head *inode_hashtabl
|
||||
static __cacheline_aligned_in_smp DEFINE_SPINLOCK(inode_hash_lock);
|
||||
|
||||
__cacheline_aligned_in_smp DEFINE_SPINLOCK(inode_sb_list_lock);
|
||||
|
@ -52,11 +48,9 @@ index ea37cd1..58f5f58 100644
|
|||
|
||||
/*
|
||||
* Empty aops. Can be used for the cases where the user does not
|
||||
diff --git a/fs/namespace.c b/fs/namespace.c
|
||||
index 1b9e111..d45b81b 100644
|
||||
--- a/fs/namespace.c
|
||||
+++ b/fs/namespace.c
|
||||
@@ -463,6 +463,7 @@ void __mnt_drop_write(struct vfsmount *mnt)
|
||||
@@ -463,6 +463,7 @@ void __mnt_drop_write(struct vfsmount *m
|
||||
mnt_dec_writers(real_mount(mnt));
|
||||
preempt_enable();
|
||||
}
|
||||
|
@ -64,7 +58,7 @@ index 1b9e111..d45b81b 100644
|
|||
|
||||
/**
|
||||
* mnt_drop_write - give up write access to a mount
|
||||
@@ -1768,6 +1769,7 @@ int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg,
|
||||
@@ -1803,6 +1804,7 @@ int iterate_mounts(int (*f)(struct vfsmo
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
@ -72,8 +66,6 @@ index 1b9e111..d45b81b 100644
|
|||
|
||||
static void cleanup_group_ids(struct mount *mnt, struct mount *end)
|
||||
{
|
||||
diff --git a/fs/notify/group.c b/fs/notify/group.c
|
||||
index d16b62c..06ca6bc 100644
|
||||
--- a/fs/notify/group.c
|
||||
+++ b/fs/notify/group.c
|
||||
@@ -22,6 +22,7 @@
|
||||
|
@ -84,7 +76,7 @@ index d16b62c..06ca6bc 100644
|
|||
|
||||
#include <linux/fsnotify_backend.h>
|
||||
#include "fsnotify.h"
|
||||
@@ -72,6 +73,7 @@ void fsnotify_get_group(struct fsnotify_group *group)
|
||||
@@ -72,6 +73,7 @@ void fsnotify_get_group(struct fsnotify_
|
||||
{
|
||||
atomic_inc(&group->refcnt);
|
||||
}
|
||||
|
@ -92,7 +84,7 @@ index d16b62c..06ca6bc 100644
|
|||
|
||||
/*
|
||||
* Drop a reference to a group. Free it if it's through.
|
||||
@@ -81,6 +83,7 @@ void fsnotify_put_group(struct fsnotify_group *group)
|
||||
@@ -81,6 +83,7 @@ void fsnotify_put_group(struct fsnotify_
|
||||
if (atomic_dec_and_test(&group->refcnt))
|
||||
fsnotify_final_destroy_group(group);
|
||||
}
|
||||
|
@ -100,7 +92,7 @@ index d16b62c..06ca6bc 100644
|
|||
|
||||
/*
|
||||
* Create a new fsnotify_group and hold a reference for the group returned.
|
||||
@@ -109,6 +112,7 @@ struct fsnotify_group *fsnotify_alloc_group(const struct fsnotify_ops *ops)
|
||||
@@ -109,6 +112,7 @@ struct fsnotify_group *fsnotify_alloc_gr
|
||||
|
||||
return group;
|
||||
}
|
||||
|
@ -108,11 +100,9 @@ index d16b62c..06ca6bc 100644
|
|||
|
||||
int fsnotify_fasync(int fd, struct file *file, int on)
|
||||
{
|
||||
diff --git a/fs/notify/mark.c b/fs/notify/mark.c
|
||||
index 92e48c7..d2c4b68 100644
|
||||
--- a/fs/notify/mark.c
|
||||
+++ b/fs/notify/mark.c
|
||||
@@ -109,6 +109,7 @@ void fsnotify_put_mark(struct fsnotify_mark *mark)
|
||||
@@ -109,6 +109,7 @@ void fsnotify_put_mark(struct fsnotify_m
|
||||
mark->free_mark(mark);
|
||||
}
|
||||
}
|
||||
|
@ -120,7 +110,7 @@ index 92e48c7..d2c4b68 100644
|
|||
|
||||
/* Calculate mask of events for a list of marks */
|
||||
u32 fsnotify_recalc_mask(struct hlist_head *head)
|
||||
@@ -202,6 +203,7 @@ void fsnotify_destroy_mark(struct fsnotify_mark *mark,
|
||||
@@ -202,6 +203,7 @@ void fsnotify_destroy_mark(struct fsnoti
|
||||
fsnotify_destroy_mark_locked(mark, group);
|
||||
mutex_unlock(&group->mark_mutex);
|
||||
}
|
||||
|
@ -136,7 +126,7 @@ index 92e48c7..d2c4b68 100644
|
|||
|
||||
int fsnotify_add_mark(struct fsnotify_mark *mark, struct fsnotify_group *group,
|
||||
struct inode *inode, struct vfsmount *mnt, int allow_dups)
|
||||
@@ -455,6 +458,7 @@ void fsnotify_init_mark(struct fsnotify_mark *mark,
|
||||
@@ -455,6 +458,7 @@ void fsnotify_init_mark(struct fsnotify_
|
||||
atomic_set(&mark->refcnt, 1);
|
||||
mark->free_mark = free_mark;
|
||||
}
|
||||
|
@ -144,11 +134,9 @@ index 92e48c7..d2c4b68 100644
|
|||
|
||||
static int fsnotify_mark_destroy(void *ignored)
|
||||
{
|
||||
diff --git a/fs/open.c b/fs/open.c
|
||||
index 98e5a52..a94e2e7 100644
|
||||
--- a/fs/open.c
|
||||
+++ b/fs/open.c
|
||||
@@ -62,6 +62,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
|
||||
@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, l
|
||||
mutex_unlock(&dentry->d_inode->i_mutex);
|
||||
return ret;
|
||||
}
|
||||
|
@ -156,16 +144,14 @@ index 98e5a52..a94e2e7 100644
|
|||
|
||||
long vfs_truncate(struct path *path, loff_t length)
|
||||
{
|
||||
@@ -676,6 +677,7 @@ int open_check_o_direct(struct file *f)
|
||||
@@ -678,6 +679,7 @@ int open_check_o_direct(struct file *f)
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
+EXPORT_SYMBOL_GPL(open_check_o_direct);
|
||||
|
||||
static int do_dentry_open(struct file *f,
|
||||
int (*open)(struct inode *, struct file *),
|
||||
diff --git a/fs/read_write.c b/fs/read_write.c
|
||||
index fd0414e..8ace6ec 100644
|
||||
struct inode *inode,
|
||||
--- a/fs/read_write.c
|
||||
+++ b/fs/read_write.c
|
||||
@@ -504,6 +504,7 @@ vfs_readf_t vfs_readf(struct file *file)
|
||||
|
@ -176,7 +162,7 @@ index fd0414e..8ace6ec 100644
|
|||
|
||||
vfs_writef_t vfs_writef(struct file *file)
|
||||
{
|
||||
@@ -515,6 +516,7 @@ vfs_writef_t vfs_writef(struct file *file)
|
||||
@@ -515,6 +516,7 @@ vfs_writef_t vfs_writef(struct file *fil
|
||||
return new_sync_write;
|
||||
return ERR_PTR(-ENOSYS);
|
||||
}
|
||||
|
@ -184,11 +170,9 @@ index fd0414e..8ace6ec 100644
|
|||
|
||||
ssize_t __kernel_write(struct file *file, const char *buf, size_t count, loff_t *pos)
|
||||
{
|
||||
diff --git a/fs/splice.c b/fs/splice.c
|
||||
index fa5eee5..bfb3324 100644
|
||||
--- a/fs/splice.c
|
||||
+++ b/fs/splice.c
|
||||
@@ -1114,6 +1114,7 @@ long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
|
||||
@@ -1115,6 +1115,7 @@ long do_splice_from(struct pipe_inode_in
|
||||
|
||||
return splice_write(pipe, out, ppos, len, flags);
|
||||
}
|
||||
|
@ -196,7 +180,7 @@ index fa5eee5..bfb3324 100644
|
|||
|
||||
/*
|
||||
* Attempt to initiate a splice from a file to a pipe.
|
||||
@@ -1140,6 +1141,7 @@ long do_splice_to(struct file *in, loff_t *ppos,
|
||||
@@ -1141,6 +1142,7 @@ long do_splice_to(struct file *in, loff_
|
||||
|
||||
return splice_read(in, ppos, pipe, len, flags);
|
||||
}
|
||||
|
@ -204,11 +188,9 @@ index fa5eee5..bfb3324 100644
|
|||
|
||||
/**
|
||||
* splice_direct_to_actor - splices data directly between two non-pipes
|
||||
diff --git a/fs/xattr.c b/fs/xattr.c
|
||||
index 4ef6985..6bb6303 100644
|
||||
--- a/fs/xattr.c
|
||||
+++ b/fs/xattr.c
|
||||
@@ -207,6 +207,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
|
||||
@@ -207,6 +207,7 @@ vfs_getxattr_alloc(struct dentry *dentry
|
||||
*xattr_value = value;
|
||||
return error;
|
||||
}
|
||||
|
@ -216,11 +198,9 @@ index 4ef6985..6bb6303 100644
|
|||
|
||||
/* Compare an extended attribute value with the given value */
|
||||
int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name,
|
||||
diff --git a/security/commoncap.c b/security/commoncap.c
|
||||
index f2875cd..ebf06ec 100644
|
||||
--- a/security/commoncap.c
|
||||
+++ b/security/commoncap.c
|
||||
@@ -975,9 +975,11 @@ int cap_mmap_addr(unsigned long addr)
|
||||
@@ -970,12 +970,14 @@ int cap_mmap_addr(unsigned long addr)
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
@ -232,8 +212,9 @@ index f2875cd..ebf06ec 100644
|
|||
return 0;
|
||||
}
|
||||
+EXPORT_SYMBOL_GPL(cap_mmap_file);
|
||||
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
|
||||
index 188c1d2..426d9af 100644
|
||||
|
||||
#ifdef CONFIG_SECURITY
|
||||
|
||||
--- a/security/device_cgroup.c
|
||||
+++ b/security/device_cgroup.c
|
||||
@@ -7,6 +7,7 @@
|
||||
|
@ -244,7 +225,7 @@ index 188c1d2..426d9af 100644
|
|||
#include <linux/list.h>
|
||||
#include <linux/uaccess.h>
|
||||
#include <linux/seq_file.h>
|
||||
@@ -849,6 +850,7 @@ int __devcgroup_inode_permission(struct inode *inode, int mask)
|
||||
@@ -849,6 +850,7 @@ int __devcgroup_inode_permission(struct
|
||||
return __devcgroup_check_permission(type, imajor(inode), iminor(inode),
|
||||
access);
|
||||
}
|
||||
|
@ -252,75 +233,73 @@ index 188c1d2..426d9af 100644
|
|||
|
||||
int devcgroup_inode_mknod(int mode, dev_t dev)
|
||||
{
|
||||
diff --git a/security/security.c b/security/security.c
|
||||
index 8e9b1f4..c1c7cd1 100644
|
||||
--- a/security/security.c
|
||||
+++ b/security/security.c
|
||||
@@ -430,6 +430,7 @@ int security_path_rmdir(struct path *dir, struct dentry *dentry)
|
||||
@@ -438,6 +438,7 @@ int security_path_rmdir(struct path *dir
|
||||
return 0;
|
||||
return security_ops->path_rmdir(dir, dentry);
|
||||
return call_int_hook(path_rmdir, 0, dir, dentry);
|
||||
}
|
||||
+EXPORT_SYMBOL_GPL(security_path_rmdir);
|
||||
|
||||
int security_path_unlink(struct path *dir, struct dentry *dentry)
|
||||
{
|
||||
@@ -446,6 +447,7 @@ int security_path_symlink(struct path *dir, struct dentry *dentry,
|
||||
@@ -454,6 +455,7 @@ int security_path_symlink(struct path *d
|
||||
return 0;
|
||||
return security_ops->path_symlink(dir, dentry, old_name);
|
||||
return call_int_hook(path_symlink, 0, dir, dentry, old_name);
|
||||
}
|
||||
+EXPORT_SYMBOL_GPL(security_path_symlink);
|
||||
|
||||
int security_path_link(struct dentry *old_dentry, struct path *new_dir,
|
||||
struct dentry *new_dentry)
|
||||
@@ -454,6 +456,7 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
|
||||
@@ -462,6 +464,7 @@ int security_path_link(struct dentry *ol
|
||||
return 0;
|
||||
return security_ops->path_link(old_dentry, new_dir, new_dentry);
|
||||
return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);
|
||||
}
|
||||
+EXPORT_SYMBOL_GPL(security_path_link);
|
||||
|
||||
int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
|
||||
struct path *new_dir, struct dentry *new_dentry,
|
||||
@@ -481,6 +484,7 @@ int security_path_truncate(struct path *path)
|
||||
@@ -489,6 +492,7 @@ int security_path_truncate(struct path *
|
||||
return 0;
|
||||
return security_ops->path_truncate(path);
|
||||
return call_int_hook(path_truncate, 0, path);
|
||||
}
|
||||
+EXPORT_SYMBOL_GPL(security_path_truncate);
|
||||
|
||||
int security_path_chmod(struct path *path, umode_t mode)
|
||||
{
|
||||
@@ -488,6 +492,7 @@ int security_path_chmod(struct path *path, umode_t mode)
|
||||
@@ -496,6 +500,7 @@ int security_path_chmod(struct path *pat
|
||||
return 0;
|
||||
return security_ops->path_chmod(path, mode);
|
||||
return call_int_hook(path_chmod, 0, path, mode);
|
||||
}
|
||||
+EXPORT_SYMBOL_GPL(security_path_chmod);
|
||||
|
||||
int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
|
||||
{
|
||||
@@ -495,6 +500,7 @@ int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
|
||||
@@ -503,6 +508,7 @@ int security_path_chown(struct path *pat
|
||||
return 0;
|
||||
return security_ops->path_chown(path, uid, gid);
|
||||
return call_int_hook(path_chown, 0, path, uid, gid);
|
||||
}
|
||||
+EXPORT_SYMBOL_GPL(security_path_chown);
|
||||
|
||||
int security_path_chroot(struct path *path)
|
||||
{
|
||||
@@ -580,6 +586,7 @@ int security_inode_readlink(struct dentry *dentry)
|
||||
@@ -588,6 +594,7 @@ int security_inode_readlink(struct dentr
|
||||
return 0;
|
||||
return security_ops->inode_readlink(dentry);
|
||||
return call_int_hook(inode_readlink, 0, dentry);
|
||||
}
|
||||
+EXPORT_SYMBOL_GPL(security_inode_readlink);
|
||||
|
||||
int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd)
|
||||
{
|
||||
@@ -594,6 +601,7 @@ int security_inode_permission(struct inode *inode, int mask)
|
||||
int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
|
||||
bool rcu)
|
||||
@@ -603,6 +610,7 @@ int security_inode_permission(struct ino
|
||||
return 0;
|
||||
return security_ops->inode_permission(inode, mask);
|
||||
return call_int_hook(inode_permission, 0, inode, mask);
|
||||
}
|
||||
+EXPORT_SYMBOL_GPL(security_inode_permission);
|
||||
|
||||
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
|
||||
{
|
||||
@@ -716,6 +724,7 @@ int security_file_permission(struct file *file, int mask)
|
||||
@@ -741,6 +749,7 @@ int security_file_permission(struct file
|
||||
|
||||
return fsnotify_perm(file, mask);
|
||||
}
|
||||
|
@ -328,7 +307,7 @@ index 8e9b1f4..c1c7cd1 100644
|
|||
|
||||
int security_file_alloc(struct file *file)
|
||||
{
|
||||
@@ -775,6 +784,7 @@ int security_mmap_file(struct file *file, unsigned long prot,
|
||||
@@ -800,6 +809,7 @@ int security_mmap_file(struct file *file
|
||||
return ret;
|
||||
return ima_file_mmap(file, prot);
|
||||
}
|
||||
|
|
|
@ -7,12 +7,12 @@ Add a Loongson LS3A RS780E 1-way machine definition, which only differs
|
|||
from other Loongson 3 based machines by the UART base clock speed.
|
||||
|
||||
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
||||
[bwh: Forward-ported to 3.19]
|
||||
[bwh: Forward-ported to 4.2]
|
||||
---
|
||||
arch/mips/include/asm/bootinfo.h | 1 +
|
||||
arch/mips/loongson/common/machtype.c | 1 +
|
||||
arch/mips/loongson/common/serial.c | 1 +
|
||||
arch/mips/loongson/common/uart_base.c | 1 +
|
||||
arch/mips/include/asm/bootinfo.h | 1 +
|
||||
arch/mips/loongson64/common/machtype.c | 1 +
|
||||
arch/mips/loongson64/common/serial.c | 1 +
|
||||
arch/mips/loongson64/common/uart_base.c | 1 +
|
||||
4 files changed, 4 insertions(+)
|
||||
|
||||
--- a/arch/mips/include/asm/bootinfo.h
|
||||
|
@ -25,8 +25,8 @@ Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|||
MACH_LOONGSON_END
|
||||
};
|
||||
|
||||
--- a/arch/mips/loongson/common/machtype.c
|
||||
+++ b/arch/mips/loongson/common/machtype.c
|
||||
--- a/arch/mips/loongson64/common/machtype.c
|
||||
+++ b/arch/mips/loongson64/common/machtype.c
|
||||
@@ -28,6 +28,7 @@ static const char *system_types[] = {
|
||||
[MACH_LEMOTE_NAS] = "lemote-nas-2f",
|
||||
[MACH_LEMOTE_LL2F] = "lemote-lynloong-2f",
|
||||
|
@ -35,8 +35,8 @@ Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|||
[MACH_LOONGSON_END] = NULL,
|
||||
};
|
||||
|
||||
--- a/arch/mips/loongson/common/serial.c
|
||||
+++ b/arch/mips/loongson/common/serial.c
|
||||
--- a/arch/mips/loongson64/common/serial.c
|
||||
+++ b/arch/mips/loongson64/common/serial.c
|
||||
@@ -48,6 +48,7 @@ static struct plat_serial8250_port uart8
|
||||
[MACH_LEMOTE_NAS] = {PORT_M(3, 3686400), {} },
|
||||
[MACH_LEMOTE_LL2F] = {PORT(3, 1843200), {} },
|
||||
|
@ -45,8 +45,8 @@ Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|||
[MACH_LOONGSON_END] = {},
|
||||
};
|
||||
|
||||
--- a/arch/mips/loongson/common/uart_base.c
|
||||
+++ b/arch/mips/loongson/common/uart_base.c
|
||||
--- a/arch/mips/loongson64/common/uart_base.c
|
||||
+++ b/arch/mips/loongson64/common/uart_base.c
|
||||
@@ -25,6 +25,7 @@ void prom_init_loongson_uart_base(void)
|
||||
{
|
||||
switch (mips_machtype) {
|
||||
|
|
|
@ -22,13 +22,13 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
Documentation/kernel-parameters.txt | 4 ++++
|
||||
arch/x86/Kconfig | 8 +++++++
|
||||
arch/x86/include/asm/elf.h | 8 ++++++-
|
||||
arch/x86/kernel/entry_64.S | 36 ++++++++++++++++++++++---------
|
||||
arch/x86/kernel/syscall_64.c | 43 +++++++++++++++++++++++++++++++++++++
|
||||
arch/x86/entry/entry_64.S | 36 ++++++++++++++++++++++---------
|
||||
arch/x86/entry/syscall_64.c | 43 +++++++++++++++++++++++++++++++++++++
|
||||
5 files changed, 88 insertions(+), 11 deletions(-)
|
||||
|
||||
--- a/Documentation/kernel-parameters.txt
|
||||
+++ b/Documentation/kernel-parameters.txt
|
||||
@@ -3516,6 +3516,10 @@ bytes respectively. Such letter suffixes
|
||||
@@ -3580,6 +3580,10 @@ bytes respectively. Such letter suffixes
|
||||
|
||||
switches= [HW,M68k]
|
||||
|
||||
|
@ -41,7 +41,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
on older distributions. When this option is enabled
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -2540,6 +2540,14 @@ config X86_X32
|
||||
@@ -2547,6 +2547,14 @@ config X86_X32
|
||||
elf32_x86_64 support enabled to compile a kernel with this
|
||||
option set.
|
||||
|
||||
|
@ -80,57 +80,57 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
|
||||
#if __USER32_DS != __USER_DS
|
||||
# error "The following code assumes __USER32_DS == __USER_DS"
|
||||
--- a/arch/x86/kernel/entry_64.S
|
||||
+++ b/arch/x86/kernel/entry_64.S
|
||||
@@ -252,8 +252,12 @@ system_call_fastpath:
|
||||
--- a/arch/x86/entry/entry_64.S
|
||||
+++ b/arch/x86/entry/entry_64.S
|
||||
@@ -178,8 +178,12 @@ entry_SYSCALL_64_fastpath:
|
||||
#if __SYSCALL_MASK == ~0
|
||||
cmpq $__NR_syscall_max,%rax
|
||||
cmpq $__NR_syscall_max, %rax
|
||||
#else
|
||||
- andl $__SYSCALL_MASK,%eax
|
||||
- cmpl $__NR_syscall_max,%eax
|
||||
+ .globl system_call_fast_compare
|
||||
+ .globl system_call_fast_compare_end
|
||||
- andl $__SYSCALL_MASK, %eax
|
||||
- cmpl $__NR_syscall_max, %eax
|
||||
+.global system_call_fast_compare
|
||||
+.global system_call_fast_compare_end
|
||||
+system_call_fast_compare:
|
||||
+ cmpq $511,%rax /* x32 syscalls start at 512 */
|
||||
+ .byte P6_NOP4
|
||||
+ cmpq $511, %rax /* x32 syscalls start at 512 */
|
||||
+ .byte P6_NOP4
|
||||
+system_call_fast_compare_end:
|
||||
#endif
|
||||
ja 1f /* return -ENOSYS (already in pt_regs->ax) */
|
||||
movq %r10,%rcx
|
||||
@@ -337,8 +341,12 @@ tracesys_phase2:
|
||||
ja 1f /* return -ENOSYS (already in pt_regs->ax) */
|
||||
movq %r10, %rcx
|
||||
@@ -257,8 +261,12 @@ tracesys_phase2:
|
||||
#if __SYSCALL_MASK == ~0
|
||||
cmpq $__NR_syscall_max,%rax
|
||||
cmpq $__NR_syscall_max, %rax
|
||||
#else
|
||||
- andl $__SYSCALL_MASK,%eax
|
||||
- cmpl $__NR_syscall_max,%eax
|
||||
+ .globl system_call_trace_compare
|
||||
+ .globl system_call_trace_compare_end
|
||||
- andl $__SYSCALL_MASK, %eax
|
||||
- cmpl $__NR_syscall_max, %eax
|
||||
+.global system_call_trace_compare
|
||||
+.global system_call_trace_compare_end
|
||||
+system_call_trace_compare:
|
||||
+ cmpq $511,%rax /* x32 syscalls start at 512 */
|
||||
+ .byte P6_NOP4
|
||||
+ cmpq $511, %rax /* x32 syscalls start at 512 */
|
||||
+ .byte P6_NOP4
|
||||
+system_call_trace_compare_end:
|
||||
#endif
|
||||
ja 1f /* return -ENOSYS (already in pt_regs->ax) */
|
||||
movq %r10,%rcx /* fixup for C */
|
||||
@@ -488,6 +496,16 @@ opportunistic_sysret_failed:
|
||||
END(system_call)
|
||||
ja 1f /* return -ENOSYS (already in pt_regs->ax) */
|
||||
movq %r10, %rcx /* fixup for C */
|
||||
@@ -410,6 +418,16 @@ opportunistic_sysret_failed:
|
||||
END(entry_SYSCALL_64)
|
||||
|
||||
|
||||
+#if __SYSCALL_MASK != ~0
|
||||
+ /* This replaces the usual comparisons if syscall.x32 is set */
|
||||
+ .globl system_call_mask_compare
|
||||
+ .globl system_call_mask_compare_end
|
||||
+.global system_call_mask_compare
|
||||
+.global system_call_mask_compare_end
|
||||
+system_call_mask_compare:
|
||||
+ andl $__SYSCALL_MASK,%eax
|
||||
+ cmpl $__NR_syscall_max,%eax
|
||||
+ andl $__SYSCALL_MASK, %eax
|
||||
+ cmpl $__NR_syscall_max, %eax
|
||||
+system_call_mask_compare_end:
|
||||
+#endif
|
||||
+
|
||||
.macro FORK_LIKE func
|
||||
ENTRY(stub_\func)
|
||||
CFI_STARTPROC
|
||||
--- a/arch/x86/kernel/syscall_64.c
|
||||
+++ b/arch/x86/kernel/syscall_64.c
|
||||
SAVE_EXTRA_REGS 8
|
||||
--- a/arch/x86/entry/syscall_64.c
|
||||
+++ b/arch/x86/entry/syscall_64.c
|
||||
@@ -3,8 +3,14 @@
|
||||
#include <linux/linkage.h>
|
||||
#include <linux/sys.h>
|
||||
|
|
|
@ -79,16 +79,6 @@ bugfix/all/kernel-doc-set-man-page-date.patch
|
|||
# Miscellaneous features
|
||||
features/all/efi-autoload-efi-pstore.patch
|
||||
|
||||
bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch
|
||||
bugfix/x86/0003-x86-asm-entry-64-Remove-pointless-jump-to-irq_return.patch
|
||||
bugfix/x86/0004-x86-nmi-Enable-nested-do_nmi-handling-for-64-bit-ker.patch
|
||||
bugfix/x86/0005-x86-nmi-64-Remove-asm-code-that-saves-cr2.patch
|
||||
bugfix/x86/0006-x86-nmi-64-Switch-stacks-on-userspace-NMI-entry.patch
|
||||
bugfix/x86/0007-x86-nmi-64-Improve-nested-NMI-comments.patch
|
||||
bugfix/x86/0008-x86-nmi-64-Reorder-nested-NMI-checks.patch
|
||||
bugfix/x86/0009-x86-nmi-64-Use-DF-to-avoid-userspace-RSP-confusing-n.patch
|
||||
bugfix/all/keys-ensure-we-free-the-assoc-array-edit-if-edit-is-valid.patch
|
||||
bugfix/s390/s390-cachinfo-add-missing-facility-check-to-init_cache_level.patch
|
||||
bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch
|
||||
|
||||
# Hardening from grsecurity
|
||||
|
|
Loading…
Reference in New Issue