Update to 4.4-rc4
Refresh and drop patches as appropriate. - Rewrite memcg disable patch to operate on cgroup_disable_mask - The ancient Advansys Kconfig bug was fixed (differently) upstream - ft1000 driver is gone, so we no longer need to remove its firmware - One hunk of aufs4-mmap.patch is obsolete
This commit is contained in:
parent
2ba9bb2d09
commit
824b04a59d
|
@ -1,3 +1,9 @@
|
|||
linux (4.4~rc4-1~exp1) UNRELEASED; urgency=medium
|
||||
|
||||
* New upstream release candidate
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Thu, 10 Dec 2015 17:34:39 +0000
|
||||
|
||||
linux (4.3-1~exp2) experimental; urgency=medium
|
||||
|
||||
[ Ben Hutchings ]
|
||||
|
|
|
@ -1,283 +0,0 @@
|
|||
From: Filipe Manana <fdmanana@suse.com>
|
||||
Date: Fri, 16 Oct 2015 12:34:25 +0100
|
||||
Subject: Btrfs: fix truncation of compressed and inlined extents
|
||||
Origin: https://git.kernel.org/linus/0305cd5f7fca85dae392b9ba85b116896eb7c1c7
|
||||
|
||||
When truncating a file to a smaller size which consists of an inline
|
||||
extent that is compressed, we did not discard (or made unusable) the
|
||||
data between the new file size and the old file size, wasting metadata
|
||||
space and allowing for the truncated data to be leaked and the data
|
||||
corruption/loss mentioned below.
|
||||
We were also not correctly decrementing the number of bytes used by the
|
||||
inode, we were setting it to zero, giving a wrong report for callers of
|
||||
the stat(2) syscall. The fsck tool also reported an error about a mismatch
|
||||
between the nbytes of the file versus the real space used by the file.
|
||||
|
||||
Now because we weren't discarding the truncated region of the file, it
|
||||
was possible for a caller of the clone ioctl to actually read the data
|
||||
that was truncated, allowing for a security breach without requiring root
|
||||
access to the system, using only standard filesystem operations. The
|
||||
scenario is the following:
|
||||
|
||||
1) User A creates a file which consists of an inline and compressed
|
||||
extent with a size of 2000 bytes - the file is not accessible to
|
||||
any other users (no read, write or execution permission for anyone
|
||||
else);
|
||||
|
||||
2) The user truncates the file to a size of 1000 bytes;
|
||||
|
||||
3) User A makes the file world readable;
|
||||
|
||||
4) User B creates a file consisting of an inline extent of 2000 bytes;
|
||||
|
||||
5) User B issues a clone operation from user A's file into its own
|
||||
file (using a length argument of 0, clone the whole range);
|
||||
|
||||
6) User B now gets to see the 1000 bytes that user A truncated from
|
||||
its file before it made its file world readbale. User B also lost
|
||||
the bytes in the range [1000, 2000[ bytes from its own file, but
|
||||
that might be ok if his/her intention was reading stale data from
|
||||
user A that was never supposed to be public.
|
||||
|
||||
Note that this contrasts with the case where we truncate a file from 2000
|
||||
bytes to 1000 bytes and then truncate it back from 1000 to 2000 bytes. In
|
||||
this case reading any byte from the range [1000, 2000[ will return a value
|
||||
of 0x00, instead of the original data.
|
||||
|
||||
This problem exists since the clone ioctl was added and happens both with
|
||||
and without my recent data loss and file corruption fixes for the clone
|
||||
ioctl (patch "Btrfs: fix file corruption and data loss after cloning
|
||||
inline extents").
|
||||
|
||||
So fix this by truncating the compressed inline extents as we do for the
|
||||
non-compressed case, which involves decompressing, if the data isn't already
|
||||
in the page cache, compressing the truncated version of the extent, writing
|
||||
the compressed content into the inline extent and then truncate it.
|
||||
|
||||
The following test case for fstests reproduces the problem. In order for
|
||||
the test to pass both this fix and my previous fix for the clone ioctl
|
||||
that forbids cloning a smaller inline extent into a larger one,
|
||||
which is titled "Btrfs: fix file corruption and data loss after cloning
|
||||
inline extents", are needed. Without that other fix the test fails in a
|
||||
different way that does not leak the truncated data, instead part of
|
||||
destination file gets replaced with zeroes (because the destination file
|
||||
has a larger inline extent than the source).
|
||||
|
||||
seq=`basename $0`
|
||||
seqres=$RESULT_DIR/$seq
|
||||
echo "QA output created by $seq"
|
||||
tmp=/tmp/$$
|
||||
status=1 # failure is the default!
|
||||
trap "_cleanup; exit \$status" 0 1 2 3 15
|
||||
|
||||
_cleanup()
|
||||
{
|
||||
rm -f $tmp.*
|
||||
}
|
||||
|
||||
# get standard environment, filters and checks
|
||||
. ./common/rc
|
||||
. ./common/filter
|
||||
|
||||
# real QA test starts here
|
||||
_need_to_be_root
|
||||
_supported_fs btrfs
|
||||
_supported_os Linux
|
||||
_require_scratch
|
||||
_require_cloner
|
||||
|
||||
rm -f $seqres.full
|
||||
|
||||
_scratch_mkfs >>$seqres.full 2>&1
|
||||
_scratch_mount "-o compress"
|
||||
|
||||
# Create our test files. File foo is going to be the source of a clone operation
|
||||
# and consists of a single inline extent with an uncompressed size of 512 bytes,
|
||||
# while file bar consists of a single inline extent with an uncompressed size of
|
||||
# 256 bytes. For our test's purpose, it's important that file bar has an inline
|
||||
# extent with a size smaller than foo's inline extent.
|
||||
$XFS_IO_PROG -f -c "pwrite -S 0xa1 0 128" \
|
||||
-c "pwrite -S 0x2a 128 384" \
|
||||
$SCRATCH_MNT/foo | _filter_xfs_io
|
||||
$XFS_IO_PROG -f -c "pwrite -S 0xbb 0 256" $SCRATCH_MNT/bar | _filter_xfs_io
|
||||
|
||||
# Now durably persist all metadata and data. We do this to make sure that we get
|
||||
# on disk an inline extent with a size of 512 bytes for file foo.
|
||||
sync
|
||||
|
||||
# Now truncate our file foo to a smaller size. Because it consists of a
|
||||
# compressed and inline extent, btrfs did not shrink the inline extent to the
|
||||
# new size (if the extent was not compressed, btrfs would shrink it to 128
|
||||
# bytes), it only updates the inode's i_size to 128 bytes.
|
||||
$XFS_IO_PROG -c "truncate 128" $SCRATCH_MNT/foo
|
||||
|
||||
# Now clone foo's inline extent into bar.
|
||||
# This clone operation should fail with errno EOPNOTSUPP because the source
|
||||
# file consists only of an inline extent and the file's size is smaller than
|
||||
# the inline extent of the destination (128 bytes < 256 bytes). However the
|
||||
# clone ioctl was not prepared to deal with a file that has a size smaller
|
||||
# than the size of its inline extent (something that happens only for compressed
|
||||
# inline extents), resulting in copying the full inline extent from the source
|
||||
# file into the destination file.
|
||||
#
|
||||
# Note that btrfs' clone operation for inline extents consists of removing the
|
||||
# inline extent from the destination inode and copy the inline extent from the
|
||||
# source inode into the destination inode, meaning that if the destination
|
||||
# inode's inline extent is larger (N bytes) than the source inode's inline
|
||||
# extent (M bytes), some bytes (N - M bytes) will be lost from the destination
|
||||
# file. Btrfs could copy the source inline extent's data into the destination's
|
||||
# inline extent so that we would not lose any data, but that's currently not
|
||||
# done due to the complexity that would be needed to deal with such cases
|
||||
# (specially when one or both extents are compressed), returning EOPNOTSUPP, as
|
||||
# it's normally not a very common case to clone very small files (only case
|
||||
# where we get inline extents) and copying inline extents does not save any
|
||||
# space (unlike for normal, non-inlined extents).
|
||||
$CLONER_PROG -s 0 -d 0 -l 0 $SCRATCH_MNT/foo $SCRATCH_MNT/bar
|
||||
|
||||
# Now because the above clone operation used to succeed, and due to foo's inline
|
||||
# extent not being shinked by the truncate operation, our file bar got the whole
|
||||
# inline extent copied from foo, making us lose the last 128 bytes from bar
|
||||
# which got replaced by the bytes in range [128, 256[ from foo before foo was
|
||||
# truncated - in other words, data loss from bar and being able to read old and
|
||||
# stale data from foo that should not be possible to read anymore through normal
|
||||
# filesystem operations. Contrast with the case where we truncate a file from a
|
||||
# size N to a smaller size M, truncate it back to size N and then read the range
|
||||
# [M, N[, we should always get the value 0x00 for all the bytes in that range.
|
||||
|
||||
# We expected the clone operation to fail with errno EOPNOTSUPP and therefore
|
||||
# not modify our file's bar data/metadata. So its content should be 256 bytes
|
||||
# long with all bytes having the value 0xbb.
|
||||
#
|
||||
# Without the btrfs bug fix, the clone operation succeeded and resulted in
|
||||
# leaking truncated data from foo, the bytes that belonged to its range
|
||||
# [128, 256[, and losing data from bar in that same range. So reading the
|
||||
# file gave us the following content:
|
||||
#
|
||||
# 0000000 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1
|
||||
# *
|
||||
# 0000200 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a
|
||||
# *
|
||||
# 0000400
|
||||
echo "File bar's content after the clone operation:"
|
||||
od -t x1 $SCRATCH_MNT/bar
|
||||
|
||||
# Also because the foo's inline extent was not shrunk by the truncate
|
||||
# operation, btrfs' fsck, which is run by the fstests framework everytime a
|
||||
# test completes, failed reporting the following error:
|
||||
#
|
||||
# root 5 inode 257 errors 400, nbytes wrong
|
||||
|
||||
status=0
|
||||
exit
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Filipe Manana <fdmanana@suse.com>
|
||||
---
|
||||
fs/btrfs/inode.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++----------
|
||||
1 file changed, 68 insertions(+), 14 deletions(-)
|
||||
|
||||
--- a/fs/btrfs/inode.c
|
||||
+++ b/fs/btrfs/inode.c
|
||||
@@ -4184,6 +4184,47 @@ static int truncate_space_check(struct b
|
||||
|
||||
}
|
||||
|
||||
+static int truncate_inline_extent(struct inode *inode,
|
||||
+ struct btrfs_path *path,
|
||||
+ struct btrfs_key *found_key,
|
||||
+ const u64 item_end,
|
||||
+ const u64 new_size)
|
||||
+{
|
||||
+ struct extent_buffer *leaf = path->nodes[0];
|
||||
+ int slot = path->slots[0];
|
||||
+ struct btrfs_file_extent_item *fi;
|
||||
+ u32 size = (u32)(new_size - found_key->offset);
|
||||
+ struct btrfs_root *root = BTRFS_I(inode)->root;
|
||||
+
|
||||
+ fi = btrfs_item_ptr(leaf, slot, struct btrfs_file_extent_item);
|
||||
+
|
||||
+ if (btrfs_file_extent_compression(leaf, fi) != BTRFS_COMPRESS_NONE) {
|
||||
+ loff_t offset = new_size;
|
||||
+ loff_t page_end = ALIGN(offset, PAGE_CACHE_SIZE);
|
||||
+
|
||||
+ /*
|
||||
+ * Zero out the remaining of the last page of our inline extent,
|
||||
+ * instead of directly truncating our inline extent here - that
|
||||
+ * would be much more complex (decompressing all the data, then
|
||||
+ * compressing the truncated data, which might be bigger than
|
||||
+ * the size of the inline extent, resize the extent, etc).
|
||||
+ * We release the path because to get the page we might need to
|
||||
+ * read the extent item from disk (data not in the page cache).
|
||||
+ */
|
||||
+ btrfs_release_path(path);
|
||||
+ return btrfs_truncate_page(inode, offset, page_end - offset, 0);
|
||||
+ }
|
||||
+
|
||||
+ btrfs_set_file_extent_ram_bytes(leaf, fi, size);
|
||||
+ size = btrfs_file_extent_calc_inline_size(size);
|
||||
+ btrfs_truncate_item(root, path, size, 1);
|
||||
+
|
||||
+ if (test_bit(BTRFS_ROOT_REF_COWS, &root->state))
|
||||
+ inode_sub_bytes(inode, item_end + 1 - new_size);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* this can truncate away extent items, csum items and directory items.
|
||||
* It starts at a high offset and removes keys until it can't find
|
||||
@@ -4378,27 +4419,40 @@ search_again:
|
||||
* special encodings
|
||||
*/
|
||||
if (!del_item &&
|
||||
- btrfs_file_extent_compression(leaf, fi) == 0 &&
|
||||
btrfs_file_extent_encryption(leaf, fi) == 0 &&
|
||||
btrfs_file_extent_other_encoding(leaf, fi) == 0) {
|
||||
- u32 size = new_size - found_key.offset;
|
||||
-
|
||||
- if (test_bit(BTRFS_ROOT_REF_COWS, &root->state))
|
||||
- inode_sub_bytes(inode, item_end + 1 -
|
||||
- new_size);
|
||||
|
||||
/*
|
||||
- * update the ram bytes to properly reflect
|
||||
- * the new size of our item
|
||||
+ * Need to release path in order to truncate a
|
||||
+ * compressed extent. So delete any accumulated
|
||||
+ * extent items so far.
|
||||
*/
|
||||
- btrfs_set_file_extent_ram_bytes(leaf, fi, size);
|
||||
- size =
|
||||
- btrfs_file_extent_calc_inline_size(size);
|
||||
- btrfs_truncate_item(root, path, size, 1);
|
||||
+ if (btrfs_file_extent_compression(leaf, fi) !=
|
||||
+ BTRFS_COMPRESS_NONE && pending_del_nr) {
|
||||
+ err = btrfs_del_items(trans, root, path,
|
||||
+ pending_del_slot,
|
||||
+ pending_del_nr);
|
||||
+ if (err) {
|
||||
+ btrfs_abort_transaction(trans,
|
||||
+ root,
|
||||
+ err);
|
||||
+ goto error;
|
||||
+ }
|
||||
+ pending_del_nr = 0;
|
||||
+ }
|
||||
+
|
||||
+ err = truncate_inline_extent(inode, path,
|
||||
+ &found_key,
|
||||
+ item_end,
|
||||
+ new_size);
|
||||
+ if (err) {
|
||||
+ btrfs_abort_transaction(trans,
|
||||
+ root, err);
|
||||
+ goto error;
|
||||
+ }
|
||||
} else if (test_bit(BTRFS_ROOT_REF_COWS,
|
||||
&root->state)) {
|
||||
- inode_sub_bytes(inode, item_end + 1 -
|
||||
- found_key.offset);
|
||||
+ inode_sub_bytes(inode, item_end + 1 - new_size);
|
||||
}
|
||||
}
|
||||
delete:
|
|
@ -1,84 +0,0 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Mon, 28 Sep 2015 01:09:52 +0100
|
||||
Subject: DocBook: Use a fixed encoding for output
|
||||
Forwarded: http://mid.gmane.org/1443398992.2517.13.camel@decadent.org.uk
|
||||
|
||||
Currently the encoding of documents generated by DocBook depends on
|
||||
the current locale. Make the output reproducible independently of
|
||||
the locale, by setting the encoding to UTF-8 (LC_CTYPE=C.UTF-8) by
|
||||
preference, or ASCII (LC_CTYPE=C) as a fallback.
|
||||
|
||||
LC_CTYPE can normally be overridden by LC_ALL, but the top-level
|
||||
Makefile unsets that.
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
--- a/Documentation/DocBook/Makefile
|
||||
+++ b/Documentation/DocBook/Makefile
|
||||
@@ -69,6 +69,12 @@ installmandocs: mandocs
|
||||
KERNELDOCXMLREF = $(srctree)/scripts/kernel-doc-xml-ref
|
||||
KERNELDOC = $(srctree)/scripts/kernel-doc
|
||||
DOCPROC = $(objtree)/scripts/docproc
|
||||
+CHECK_LC_CTYPE = $(objtree)/scripts/check-lc_ctype
|
||||
+
|
||||
+# Use a fixed encoding - UTF-8 if the C library has support built-in
|
||||
+# or ASCII if not
|
||||
+LC_CTYPE := $(call try-run, LC_CTYPE=C.UTF-8 $(CHECK_LC_CTYPE),C.UTF-8,C)
|
||||
+export LC_CTYPE
|
||||
|
||||
XMLTOFLAGS = -m $(srctree)/$(src)/stylesheet.xsl
|
||||
XMLTOFLAGS += --skip-validation
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -1353,7 +1353,7 @@ $(help-board-dirs): help-%:
|
||||
# Documentation targets
|
||||
# ---------------------------------------------------------------------------
|
||||
%docs: scripts_basic FORCE
|
||||
- $(Q)$(MAKE) $(build)=scripts build_docproc
|
||||
+ $(Q)$(MAKE) $(build)=scripts build_docproc build_check-lc_ctype
|
||||
$(Q)$(MAKE) $(build)=Documentation/DocBook $@
|
||||
|
||||
else # KBUILD_EXTMOD
|
||||
--- a/scripts/Makefile
|
||||
+++ b/scripts/Makefile
|
||||
@@ -7,6 +7,7 @@
|
||||
# conmakehash: Create chartable
|
||||
# conmakehash: Create arrays for initializing the kernel console tables
|
||||
# docproc: Used in Documentation/DocBook
|
||||
+# check-lc_ctype: Used in Documentation/DocBook
|
||||
|
||||
HOST_EXTRACFLAGS += -I$(srctree)/tools/include
|
||||
|
||||
@@ -27,14 +28,16 @@ HOSTLOADLIBES_extract-cert = -lcrypto
|
||||
always := $(hostprogs-y) $(hostprogs-m)
|
||||
|
||||
# The following hostprogs-y programs are only build on demand
|
||||
-hostprogs-y += unifdef docproc
|
||||
+hostprogs-y += unifdef docproc check-lc_ctype
|
||||
|
||||
# These targets are used internally to avoid "is up to date" messages
|
||||
-PHONY += build_unifdef build_docproc
|
||||
+PHONY += build_unifdef build_docproc build_check-lc_ctype
|
||||
build_unifdef: $(obj)/unifdef
|
||||
@:
|
||||
build_docproc: $(obj)/docproc
|
||||
@:
|
||||
+build_check-lc_ctype: $(obj)/check-lc_ctype
|
||||
+ @:
|
||||
|
||||
subdir-$(CONFIG_MODVERSIONS) += genksyms
|
||||
subdir-y += mod
|
||||
--- /dev/null
|
||||
+++ b/scripts/check-lc_ctype.c
|
||||
@@ -0,0 +1,11 @@
|
||||
+/*
|
||||
+ * Check that a specified locale works as LC_CTYPE. Used by the
|
||||
+ * DocBook build system to probe for C.UTF-8 support.
|
||||
+ */
|
||||
+
|
||||
+#include <locale.h>
|
||||
+
|
||||
+int main(void)
|
||||
+{
|
||||
+ return !setlocale(LC_CTYPE, "");
|
||||
+}
|
|
@ -1,51 +0,0 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Mon, 28 Sep 2015 01:09:02 +0100
|
||||
Subject: Documentation: Avoid creating man pages in source tree
|
||||
Forwarded: http://mid.gmane.org/1443398942.2517.12.camel@decadent.org.uk
|
||||
|
||||
Currently kernel-doc generates a dummy DocBook file when asked to
|
||||
convert a C source file with no structured comments. For an
|
||||
out-of-tree build (objtree != srctree), the title of the output file
|
||||
is the absolute path name of the C source file, which later results
|
||||
in a manual page being created alongside the C source file.
|
||||
|
||||
Change the title to be a relative path.
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
--- a/scripts/kernel-doc
|
||||
+++ b/scripts/kernel-doc
|
||||
@@ -2351,12 +2351,13 @@ sub process_file($) {
|
||||
my $descr;
|
||||
my $in_purpose = 0;
|
||||
my $initial_section_counter = $section_counter;
|
||||
+ my ($orig_file) = @_;
|
||||
|
||||
if (defined($ENV{'SRCTREE'})) {
|
||||
- $file = "$ENV{'SRCTREE'}" . "/" . "@_";
|
||||
+ $file = "$ENV{'SRCTREE'}" . "/" . $orig_file;
|
||||
}
|
||||
else {
|
||||
- $file = "@_";
|
||||
+ $file = $orig_file;
|
||||
}
|
||||
if (defined($source_map{$file})) {
|
||||
$file = $source_map{$file};
|
||||
@@ -2565,7 +2566,7 @@ sub process_file($) {
|
||||
print "<refentry>\n";
|
||||
print " <refnamediv>\n";
|
||||
print " <refname>\n";
|
||||
- print " ${file}\n";
|
||||
+ print " ${orig_file}\n";
|
||||
print " </refname>\n";
|
||||
print " <refpurpose>\n";
|
||||
print " Document generation inconsistency\n";
|
||||
@@ -2579,7 +2580,7 @@ sub process_file($) {
|
||||
print " <para>\n";
|
||||
print " The template for this document tried to insert\n";
|
||||
print " the structured comment from the file\n";
|
||||
- print " <filename>${file}</filename> at this point,\n";
|
||||
+ print " <filename>${orig_file}</filename> at this point,\n";
|
||||
print " but none was found.\n";
|
||||
print " This dummy section is inserted to allow\n";
|
||||
print " generation to continue.\n";
|
|
@ -53,7 +53,7 @@ upstream submission.
|
|||
/* disable MPU */
|
||||
--- a/arch/x86/kernel/cpu/microcode/amd.c
|
||||
+++ b/arch/x86/kernel/cpu/microcode/amd.c
|
||||
@@ -432,10 +432,8 @@ static enum ucode_state request_microcod
|
||||
@@ -907,10 +907,8 @@ static enum ucode_state request_microcod
|
||||
if (c->x86 >= 0x15)
|
||||
snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86);
|
||||
|
||||
|
@ -96,7 +96,7 @@ upstream submission.
|
|||
fw_size = firmware->size / sizeof(u32);
|
||||
--- a/drivers/bluetooth/ath3k.c
|
||||
+++ b/drivers/bluetooth/ath3k.c
|
||||
@@ -404,10 +404,8 @@ static int ath3k_load_patch(struct usb_d
|
||||
@@ -408,10 +408,8 @@ static int ath3k_load_patch(struct usb_d
|
||||
le32_to_cpu(fw_version.rom_version));
|
||||
|
||||
ret = request_firmware(&firmware, filename, &udev->dev);
|
||||
|
@ -108,7 +108,7 @@ upstream submission.
|
|||
|
||||
pt_rom_version = get_unaligned_le32(firmware->data +
|
||||
firmware->size - 8);
|
||||
@@ -467,10 +465,8 @@ static int ath3k_load_syscfg(struct usb_
|
||||
@@ -471,10 +469,8 @@ static int ath3k_load_syscfg(struct usb_
|
||||
le32_to_cpu(fw_version.rom_version), clk_value, ".dfu");
|
||||
|
||||
ret = request_firmware(&firmware, filename, &udev->dev);
|
||||
|
@ -140,7 +140,7 @@ upstream submission.
|
|||
return -EIO;
|
||||
--- a/drivers/bluetooth/bfusb.c
|
||||
+++ b/drivers/bluetooth/bfusb.c
|
||||
@@ -664,10 +664,8 @@ static int bfusb_probe(struct usb_interf
|
||||
@@ -653,10 +653,8 @@ static int bfusb_probe(struct usb_interf
|
||||
skb_queue_head_init(&data->pending_q);
|
||||
skb_queue_head_init(&data->completed_q);
|
||||
|
||||
|
@ -154,7 +154,7 @@ upstream submission.
|
|||
|
||||
--- a/drivers/bluetooth/bt3c_cs.c
|
||||
+++ b/drivers/bluetooth/bt3c_cs.c
|
||||
@@ -567,10 +567,8 @@ static int bt3c_open(struct bt3c_info *i
|
||||
@@ -565,10 +565,8 @@ static int bt3c_open(struct bt3c_info *i
|
||||
|
||||
/* Load firmware */
|
||||
err = request_firmware(&firmware, "BT3CPCC.bin", &info->p_dev->dev);
|
||||
|
@ -168,7 +168,7 @@ upstream submission.
|
|||
|
||||
--- a/drivers/bluetooth/btmrvl_sdio.c
|
||||
+++ b/drivers/bluetooth/btmrvl_sdio.c
|
||||
@@ -355,8 +355,6 @@ static int btmrvl_sdio_download_helper(s
|
||||
@@ -390,8 +390,6 @@ static int btmrvl_sdio_download_helper(s
|
||||
ret = request_firmware(&fw_helper, card->helper,
|
||||
&card->func->dev);
|
||||
if ((ret < 0) || !fw_helper) {
|
||||
|
@ -177,7 +177,7 @@ upstream submission.
|
|||
ret = -ENOENT;
|
||||
goto done;
|
||||
}
|
||||
@@ -455,8 +453,6 @@ static int btmrvl_sdio_download_fw_w_hel
|
||||
@@ -490,8 +488,6 @@ static int btmrvl_sdio_download_fw_w_hel
|
||||
ret = request_firmware(&fw_firmware, card->firmware,
|
||||
&card->func->dev);
|
||||
if ((ret < 0) || !fw_firmware) {
|
||||
|
@ -233,7 +233,7 @@ upstream submission.
|
|||
where = 0;
|
||||
--- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
|
||||
+++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
|
||||
@@ -1643,10 +1643,8 @@ gf100_gr_ctor_fw(struct gf100_gr *gr, co
|
||||
@@ -1646,10 +1646,8 @@ gf100_gr_ctor_fw(struct gf100_gr *gr, co
|
||||
|
||||
snprintf(f, sizeof(f), "nvidia/%s/%s.bin", cname, fwname);
|
||||
ret = request_firmware(&fw, f, device->dev);
|
||||
|
@ -742,7 +742,7 @@ upstream submission.
|
|||
GFP_KERNEL | GFP_DMA);
|
||||
--- a/drivers/media/pci/ttpci/av7110.c
|
||||
+++ b/drivers/media/pci/ttpci/av7110.c
|
||||
@@ -1534,16 +1534,9 @@ static int get_firmware(struct av7110* a
|
||||
@@ -1531,16 +1531,9 @@ static int get_firmware(struct av7110* a
|
||||
/* request the av7110 firmware, this will block until someone uploads it */
|
||||
ret = request_firmware(&fw, "dvb-ttpci-01.fw", &av7110->dev->pci->dev);
|
||||
if (ret) {
|
||||
|
@ -792,7 +792,7 @@ upstream submission.
|
|||
b[0] = 0xaa;
|
||||
--- a/drivers/media/usb/ttusb-dec/ttusb_dec.c
|
||||
+++ b/drivers/media/usb/ttusb-dec/ttusb_dec.c
|
||||
@@ -1292,11 +1292,8 @@ static int ttusb_dec_boot_dsp(struct ttu
|
||||
@@ -1290,11 +1290,8 @@ static int ttusb_dec_boot_dsp(struct ttu
|
||||
dprintk("%s\n", __func__);
|
||||
|
||||
result = request_firmware(&fw_entry, dec->firmware_name, &dec->udev->dev);
|
||||
|
@ -1063,7 +1063,7 @@ upstream submission.
|
|||
|
||||
--- a/drivers/media/usb/s2255/s2255drv.c
|
||||
+++ b/drivers/media/usb/s2255/s2255drv.c
|
||||
@@ -2299,10 +2299,8 @@ static int s2255_probe(struct usb_interf
|
||||
@@ -2302,10 +2302,8 @@ static int s2255_probe(struct usb_interf
|
||||
}
|
||||
/* load the first chunk */
|
||||
if (request_firmware(&dev->fw_data->fw,
|
||||
|
@ -1194,7 +1194,7 @@ upstream submission.
|
|||
|
||||
--- a/drivers/net/ethernet/broadcom/bnx2.c
|
||||
+++ b/drivers/net/ethernet/broadcom/bnx2.c
|
||||
@@ -3702,16 +3702,13 @@ static int bnx2_request_uncached_firmwar
|
||||
@@ -3720,16 +3720,13 @@ static int bnx2_request_uncached_firmwar
|
||||
}
|
||||
|
||||
rc = request_firmware(&bp->mips_firmware, mips_fw_file, &bp->pdev->dev);
|
||||
|
@ -1216,7 +1216,7 @@ upstream submission.
|
|||
if (bp->mips_firmware->size < sizeof(*mips_fw) ||
|
||||
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
|
||||
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
|
||||
@@ -13393,11 +13393,8 @@ static int bnx2x_init_firmware(struct bn
|
||||
@@ -13401,11 +13401,8 @@ static int bnx2x_init_firmware(struct bn
|
||||
BNX2X_DEV_INFO("Loading %s\n", fw_file_name);
|
||||
|
||||
rc = request_firmware(&bp->firmware, fw_file_name, &bp->pdev->dev);
|
||||
|
@ -1424,20 +1424,16 @@ upstream submission.
|
|||
fwh = (struct at76_fw_header *)(fwe->fw->data);
|
||||
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
|
||||
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
|
||||
@@ -1085,12 +1085,8 @@ static void ath9k_hif_usb_firmware_cb(co
|
||||
struct hif_device_usb *hif_dev = context;
|
||||
int ret;
|
||||
@@ -1158,9 +1158,6 @@ static void ath9k_hif_usb_firmware_cb(co
|
||||
if (!ret)
|
||||
return;
|
||||
|
||||
- if (!fw) {
|
||||
- dev_err(&hif_dev->udev->dev,
|
||||
- "ath9k_htc: Failed to get firmware %s\n",
|
||||
- hif_dev->fw_name);
|
||||
+ if (!fw)
|
||||
goto err_fw;
|
||||
- }
|
||||
}
|
||||
|
||||
hif_dev->htc_handle = ath9k_htc_hw_alloc(hif_dev, &hif_usb,
|
||||
&hif_dev->udev->dev);
|
||||
--- a/drivers/net/wireless/ath/carl9170/usb.c
|
||||
+++ b/drivers/net/wireless/ath/carl9170/usb.c
|
||||
@@ -1033,7 +1033,6 @@ static void carl9170_usb_firmware_step2(
|
||||
|
@ -1596,7 +1592,7 @@ upstream submission.
|
|||
}
|
||||
--- a/drivers/net/wireless/mwifiex/main.c
|
||||
+++ b/drivers/net/wireless/mwifiex/main.c
|
||||
@@ -488,11 +488,8 @@ static void mwifiex_fw_dpc(const struct
|
||||
@@ -508,11 +508,8 @@ static void mwifiex_fw_dpc(const struct
|
||||
bool init_failed = false;
|
||||
struct wireless_dev *wdev;
|
||||
|
||||
|
@ -1690,7 +1686,7 @@ upstream submission.
|
|||
|
||||
--- a/drivers/net/wireless/orinoco/orinoco_usb.c
|
||||
+++ b/drivers/net/wireless/orinoco/orinoco_usb.c
|
||||
@@ -1668,7 +1668,6 @@ static int ezusb_probe(struct usb_interf
|
||||
@@ -1669,7 +1669,6 @@ static int ezusb_probe(struct usb_interf
|
||||
if (ezusb_firmware_download(upriv, &firmware) < 0)
|
||||
goto error;
|
||||
} else {
|
||||
|
@ -1763,8 +1759,8 @@ upstream submission.
|
|||
|
||||
if (!fw || !fw->size || !fw->data) {
|
||||
rt2x00_err(rt2x00dev, "Failed to read Firmware\n");
|
||||
--- a/drivers/net/wireless/rtlwifi/core.c
|
||||
+++ b/drivers/net/wireless/rtlwifi/core.c
|
||||
--- a/drivers/net/wireless/realtek/rtlwifi/core.c
|
||||
+++ b/drivers/net/wireless/realtek/rtlwifi/core.c
|
||||
@@ -115,7 +115,6 @@ static void rtl_fw_do_work(const struct
|
||||
if (!err)
|
||||
goto found_alt;
|
||||
|
@ -1773,8 +1769,8 @@ upstream submission.
|
|||
rtlpriv->max_fw_size = 0;
|
||||
return;
|
||||
}
|
||||
--- a/drivers/net/wireless/rtlwifi/rtl8192se/sw.c
|
||||
+++ b/drivers/net/wireless/rtlwifi/rtl8192se/sw.c
|
||||
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c
|
||||
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c
|
||||
@@ -94,7 +94,6 @@ static void rtl92se_fw_cb(const struct f
|
||||
"Firmware callback routine entered!\n");
|
||||
complete(&rtlpriv->firmware_loading_complete);
|
||||
|
@ -1894,7 +1890,7 @@ upstream submission.
|
|||
}
|
||||
--- a/drivers/scsi/aic94xx/aic94xx_init.c
|
||||
+++ b/drivers/scsi/aic94xx/aic94xx_init.c
|
||||
@@ -385,8 +385,6 @@ static ssize_t asd_store_update_bios(str
|
||||
@@ -384,8 +384,6 @@ static ssize_t asd_store_update_bios(str
|
||||
filename_ptr,
|
||||
&asd_ha->pcidev->dev);
|
||||
if (err) {
|
||||
|
@ -1988,7 +1984,7 @@ upstream submission.
|
|||
QLA_FW_URL ".\n");
|
||||
--- a/drivers/scsi/qla2xxx/qla_nx.c
|
||||
+++ b/drivers/scsi/qla2xxx/qla_nx.c
|
||||
@@ -2459,11 +2459,8 @@ try_blob_fw:
|
||||
@@ -2460,11 +2460,8 @@ try_blob_fw:
|
||||
|
||||
/* Load firmware blob. */
|
||||
blob = ha->hablob = qla2x00_request_firmware(vha);
|
||||
|
@ -2003,7 +1999,7 @@ upstream submission.
|
|||
if (qla82xx_validate_firmware_blob(vha,
|
||||
--- a/drivers/scsi/qla2xxx/qla_os.c
|
||||
+++ b/drivers/scsi/qla2xxx/qla_os.c
|
||||
@@ -5365,8 +5365,6 @@ qla2x00_request_firmware(scsi_qla_host_t
|
||||
@@ -5364,8 +5364,6 @@ qla2x00_request_firmware(scsi_qla_host_t
|
||||
goto out;
|
||||
|
||||
if (request_firmware(&blob->fw, blob->name, &ha->pdev->dev)) {
|
||||
|
@ -2027,43 +2023,6 @@ upstream submission.
|
|||
if (fw->size % 2) {
|
||||
printk(KERN_ERR "Bogus length %zu in image \"%s\"\n",
|
||||
fw->size, fwname);
|
||||
--- a/drivers/staging/ft1000/ft1000-pcmcia/ft1000_hw.c
|
||||
+++ b/drivers/staging/ft1000/ft1000-pcmcia/ft1000_hw.c
|
||||
@@ -2034,18 +2034,12 @@ struct net_device *init_ft1000_card(stru
|
||||
info->AsicID = ft1000_read_reg(dev, FT1000_REG_ASIC_ID);
|
||||
if (info->AsicID == ELECTRABUZZ_ID) {
|
||||
pr_debug("ELECTRABUZZ ASIC\n");
|
||||
- if (request_firmware(&fw_entry, "ft1000.img",
|
||||
- &link->dev) != 0) {
|
||||
- pr_info("Could not open ft1000.img\n");
|
||||
+ if (request_firmware(&fw_entry, "ft1000.img", &link->dev) != 0)
|
||||
goto err_unreg;
|
||||
- }
|
||||
} else {
|
||||
pr_debug("MAGNEMITE ASIC\n");
|
||||
- if (request_firmware(&fw_entry, "ft2000.img",
|
||||
- &link->dev) != 0) {
|
||||
- pr_info("Could not open ft2000.img\n");
|
||||
+ if (request_firmware(&fw_entry, "ft2000.img", &link->dev) != 0)
|
||||
goto err_unreg;
|
||||
- }
|
||||
}
|
||||
|
||||
ft1000_enable_interrupts(dev);
|
||||
--- a/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c
|
||||
+++ b/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c
|
||||
@@ -133,10 +133,8 @@ static int ft1000_probe(struct usb_inter
|
||||
ft1000dev->bulk_out_endpointAddr);
|
||||
|
||||
ret = request_firmware(&dsp_fw, "ft3000.img", &dev->dev);
|
||||
- if (ret < 0) {
|
||||
- dev_err(interface->usb_dev, "Error request_firmware()\n");
|
||||
+ if (ret)
|
||||
goto err_fw;
|
||||
- }
|
||||
|
||||
size = max_t(uint, dsp_fw->size, 4096);
|
||||
pFileStart = kmalloc(size, GFP_KERNEL);
|
||||
--- a/drivers/media/usb/go7007/go7007-driver.c
|
||||
+++ b/drivers/media/usb/go7007/go7007-driver.c
|
||||
@@ -92,10 +92,8 @@ static int go7007_load_encoder(struct go
|
||||
|
@ -2161,7 +2120,7 @@ upstream submission.
|
|||
MODULE_FIRMWARE("rtlwifi/rtl8712u.bin");
|
||||
--- a/drivers/staging/slicoss/slicoss.c
|
||||
+++ b/drivers/staging/slicoss/slicoss.c
|
||||
@@ -388,11 +388,8 @@ static int slic_card_download_gbrcv(stru
|
||||
@@ -408,11 +408,8 @@ static int slic_card_download_gbrcv(stru
|
||||
}
|
||||
|
||||
ret = request_firmware(&fw, file, &adapter->pcidev->dev);
|
||||
|
@ -2174,7 +2133,7 @@ upstream submission.
|
|||
|
||||
rcvucodelen = *(u32 *)(fw->data + index);
|
||||
index += 4;
|
||||
@@ -466,11 +463,8 @@ static int slic_card_download(struct ada
|
||||
@@ -486,11 +483,8 @@ static int slic_card_download(struct ada
|
||||
return -ENOENT;
|
||||
}
|
||||
ret = request_firmware(&fw, file, &adapter->pcidev->dev);
|
||||
|
@ -2205,7 +2164,7 @@ upstream submission.
|
|||
if (!buffer)
|
||||
--- a/drivers/tty/cyclades.c
|
||||
+++ b/drivers/tty/cyclades.c
|
||||
@@ -3518,10 +3518,8 @@ static int cyz_load_fw(struct pci_dev *p
|
||||
@@ -3509,10 +3509,8 @@ static int cyz_load_fw(struct pci_dev *p
|
||||
int retval;
|
||||
|
||||
retval = request_firmware(&fw, "cyzfirm.bin", &pdev->dev);
|
||||
|
@ -2431,18 +2390,18 @@ upstream submission.
|
|||
BootMajorVersion = rec->data[0];
|
||||
--- a/drivers/usb/serial/io_ti.c
|
||||
+++ b/drivers/usb/serial/io_ti.c
|
||||
@@ -2483,8 +2483,6 @@ static int edge_startup(struct usb_seria
|
||||
@@ -1014,8 +1014,6 @@ static int download_fw(struct edgeport_s
|
||||
|
||||
status = request_firmware(&fw, fw_name, dev);
|
||||
if (status) {
|
||||
- dev_err(dev, "Failed to load image \"%s\" err %d\n",
|
||||
- fw_name, status);
|
||||
kfree(edge_serial);
|
||||
return status;
|
||||
}
|
||||
|
||||
--- a/drivers/usb/serial/ti_usb_3410_5052.c
|
||||
+++ b/drivers/usb/serial/ti_usb_3410_5052.c
|
||||
@@ -1485,10 +1485,8 @@ static int ti_download_firmware(struct t
|
||||
@@ -1487,10 +1487,8 @@ static int ti_download_firmware(struct t
|
||||
}
|
||||
status = request_firmware(&fw_p, buf, &dev->dev);
|
||||
}
|
||||
|
@ -2601,7 +2560,7 @@ upstream submission.
|
|||
filename, emu->firmware->size);
|
||||
--- a/sound/pci/hda/hda_intel.c
|
||||
+++ b/sound/pci/hda/hda_intel.c
|
||||
@@ -1734,10 +1734,8 @@ static void azx_firmware_cb(const struct
|
||||
@@ -1738,10 +1738,8 @@ static void azx_firmware_cb(const struct
|
||||
struct azx *chip = card->private_data;
|
||||
struct pci_dev *pci = chip->pci;
|
||||
|
||||
|
@ -2615,7 +2574,7 @@ upstream submission.
|
|||
if (!chip->disabled) {
|
||||
--- a/sound/pci/korg1212/korg1212.c
|
||||
+++ b/sound/pci/korg1212/korg1212.c
|
||||
@@ -2330,7 +2330,6 @@ static int snd_korg1212_create(struct sn
|
||||
@@ -2332,7 +2332,6 @@ static int snd_korg1212_create(struct sn
|
||||
err = request_firmware(&dsp_code, "korg/k1212.dsp", &pci->dev);
|
||||
if (err < 0) {
|
||||
release_firmware(dsp_code);
|
||||
|
|
|
@ -1,37 +0,0 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Sun, 1 Nov 2015 16:21:24 +0000
|
||||
Subject: isdn_ppp: Add checks for allocation failure in isdn_ppp_open()
|
||||
Origin: https://git.kernel.org/linus/0baa57d8dc32db78369d8b5176ef56c5e2e18ab3
|
||||
|
||||
Compile-tested only.
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
drivers/isdn/i4l/isdn_ppp.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/drivers/isdn/i4l/isdn_ppp.c b/drivers/isdn/i4l/isdn_ppp.c
|
||||
index c4198fa..86f9abe 100644
|
||||
--- a/drivers/isdn/i4l/isdn_ppp.c
|
||||
+++ b/drivers/isdn/i4l/isdn_ppp.c
|
||||
@@ -301,6 +301,8 @@ isdn_ppp_open(int min, struct file *file)
|
||||
is->compflags = 0;
|
||||
|
||||
is->reset = isdn_ppp_ccp_reset_alloc(is);
|
||||
+ if (!is->reset)
|
||||
+ return -ENOMEM;
|
||||
|
||||
is->lp = NULL;
|
||||
is->mp_seqno = 0; /* MP sequence number */
|
||||
@@ -320,6 +322,10 @@ isdn_ppp_open(int min, struct file *file)
|
||||
* VJ header compression init
|
||||
*/
|
||||
is->slcomp = slhc_init(16, 16); /* not necessary for 2. link in bundle */
|
||||
+ if (!is->slcomp) {
|
||||
+ isdn_ppp_ccp_reset_free(is);
|
||||
+ return -ENOMEM;
|
||||
+ }
|
||||
#endif
|
||||
#ifdef CONFIG_IPPP_FILTER
|
||||
is->pass_filter = NULL;
|
|
@ -1,31 +0,0 @@
|
|||
From: =?UTF-8?q?Salva=20Peir=C3=B3?= <speirofr@gmail.com>
|
||||
Date: Wed, 7 Oct 2015 07:09:26 -0300
|
||||
Subject: [media] media/vivid-osd: fix info leak in ioctl
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Origin: https://git.kernel.org/linus/eda98796aff0d9bf41094b06811f5def3b4c333c
|
||||
|
||||
The vivid_fb_ioctl() code fails to initialize the 16 _reserved bytes of
|
||||
struct fb_vblank after the ->hcount member. Add an explicit
|
||||
memset(0) before filling the structure to avoid the info leak.
|
||||
|
||||
Signed-off-by: Salva Peiró <speirofr@gmail.com>
|
||||
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
|
||||
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
|
||||
---
|
||||
drivers/media/platform/vivid/vivid-osd.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/drivers/media/platform/vivid/vivid-osd.c b/drivers/media/platform/vivid/vivid-osd.c
|
||||
index 084d346..e15eef6 100644
|
||||
--- a/drivers/media/platform/vivid/vivid-osd.c
|
||||
+++ b/drivers/media/platform/vivid/vivid-osd.c
|
||||
@@ -85,6 +85,7 @@ static int vivid_fb_ioctl(struct fb_info *info, unsigned cmd, unsigned long arg)
|
||||
case FBIOGET_VBLANK: {
|
||||
struct fb_vblank vblank;
|
||||
|
||||
+ memset(&vblank, 0, sizeof(vblank));
|
||||
vblank.flags = FB_VBLANK_HAVE_COUNT | FB_VBLANK_HAVE_VCOUNT |
|
||||
FB_VBLANK_HAVE_VSYNC;
|
||||
vblank.count = 0;
|
|
@ -1,66 +0,0 @@
|
|||
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
|
||||
Date: Mon, 27 Jul 2015 11:06:48 -0300
|
||||
Subject: [media] uvcvideo: Disable hardware timestamps by default
|
||||
Origin: http://git.linuxtv.org/cgit.cgi/media_tree.git/commit?id=5d0fd3c806b9e932010931ae67dbb482020e0882
|
||||
Bug-Debian: https://bugs.debian.org/794327
|
||||
|
||||
The hardware timestamping implementation has been reported as not
|
||||
working correctly on at least the Logitech C920. Until this can be
|
||||
fixed, disable it by default.
|
||||
|
||||
Reported-by: Peter Rabbitson <rabbit@rabbit.us>
|
||||
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
|
||||
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
|
||||
---
|
||||
drivers/media/usb/uvc/uvc_driver.c | 3 +++
|
||||
drivers/media/usb/uvc/uvc_video.c | 3 +++
|
||||
drivers/media/usb/uvc/uvcvideo.h | 1 +
|
||||
3 files changed, 7 insertions(+)
|
||||
|
||||
diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c
|
||||
index 4b5b3e8..d11fd6a 100644
|
||||
--- a/drivers/media/usb/uvc/uvc_driver.c
|
||||
+++ b/drivers/media/usb/uvc/uvc_driver.c
|
||||
@@ -32,6 +32,7 @@
|
||||
#define DRIVER_DESC "USB Video Class driver"
|
||||
|
||||
unsigned int uvc_clock_param = CLOCK_MONOTONIC;
|
||||
+unsigned int uvc_hw_timestamps_param;
|
||||
unsigned int uvc_no_drop_param;
|
||||
static unsigned int uvc_quirks_param = -1;
|
||||
unsigned int uvc_trace_param;
|
||||
@@ -2078,6 +2079,8 @@ static int uvc_clock_param_set(const char *val, struct kernel_param *kp)
|
||||
module_param_call(clock, uvc_clock_param_set, uvc_clock_param_get,
|
||||
&uvc_clock_param, S_IRUGO|S_IWUSR);
|
||||
MODULE_PARM_DESC(clock, "Video buffers timestamp clock");
|
||||
+module_param_named(hwtimestamps, uvc_hw_timestamps_param, uint, S_IRUGO|S_IWUSR);
|
||||
+MODULE_PARM_DESC(hwtimestamps, "Use hardware timestamps");
|
||||
module_param_named(nodrop, uvc_no_drop_param, uint, S_IRUGO|S_IWUSR);
|
||||
MODULE_PARM_DESC(nodrop, "Don't drop incomplete frames");
|
||||
module_param_named(quirks, uvc_quirks_param, uint, S_IRUGO|S_IWUSR);
|
||||
diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c
|
||||
index f839654..1c4a117 100644
|
||||
--- a/drivers/media/usb/uvc/uvc_video.c
|
||||
+++ b/drivers/media/usb/uvc/uvc_video.c
|
||||
@@ -623,6 +623,9 @@ void uvc_video_clock_update(struct uvc_streaming *stream,
|
||||
u32 rem;
|
||||
u64 y;
|
||||
|
||||
+ if (!uvc_hw_timestamps_param)
|
||||
+ return;
|
||||
+
|
||||
spin_lock_irqsave(&clock->lock, flags);
|
||||
|
||||
if (clock->count < clock->size)
|
||||
diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h
|
||||
index 816dd1a..1374bd9 100644
|
||||
--- a/drivers/media/usb/uvc/uvcvideo.h
|
||||
+++ b/drivers/media/usb/uvc/uvcvideo.h
|
||||
@@ -593,6 +593,7 @@ extern unsigned int uvc_clock_param;
|
||||
extern unsigned int uvc_no_drop_param;
|
||||
extern unsigned int uvc_trace_param;
|
||||
extern unsigned int uvc_timeout_param;
|
||||
+extern unsigned int uvc_hw_timestamps_param;
|
||||
|
||||
#define uvc_trace(flag, msg...) \
|
||||
do { \
|
|
@ -1,128 +0,0 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Sun, 1 Nov 2015 16:22:53 +0000
|
||||
Subject: ppp, slip: Validate VJ compression slot parameters completely
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Origin: https://git.kernel.org/linus/4ab42d78e37a294ac7bc56901d563c642e03c4ae
|
||||
|
||||
Currently slhc_init() treats out-of-range values of rslots and tslots
|
||||
as equivalent to 0, except that if tslots is too large it will
|
||||
dereference a null pointer (CVE-2015-7799).
|
||||
|
||||
Add a range-check at the top of the function and make it return an
|
||||
ERR_PTR() on error instead of NULL. Change the callers accordingly.
|
||||
|
||||
Compile-tested only.
|
||||
|
||||
Reported-by: 郭永刚 <guoyonggang@360.cn>
|
||||
References: http://article.gmane.org/gmane.comp.security.oss.general/17908
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
drivers/isdn/i4l/isdn_ppp.c | 10 ++++------
|
||||
drivers/net/ppp/ppp_generic.c | 6 ++----
|
||||
drivers/net/slip/slhc.c | 12 ++++++++----
|
||||
drivers/net/slip/slip.c | 2 +-
|
||||
4 files changed, 15 insertions(+), 15 deletions(-)
|
||||
|
||||
--- a/drivers/isdn/i4l/isdn_ppp.c
|
||||
+++ b/drivers/isdn/i4l/isdn_ppp.c
|
||||
@@ -322,9 +322,9 @@ isdn_ppp_open(int min, struct file *file
|
||||
* VJ header compression init
|
||||
*/
|
||||
is->slcomp = slhc_init(16, 16); /* not necessary for 2. link in bundle */
|
||||
- if (!is->slcomp) {
|
||||
+ if (IS_ERR(is->slcomp)) {
|
||||
isdn_ppp_ccp_reset_free(is);
|
||||
- return -ENOMEM;
|
||||
+ return PTR_ERR(is->slcomp);
|
||||
}
|
||||
#endif
|
||||
#ifdef CONFIG_IPPP_FILTER
|
||||
@@ -573,10 +573,8 @@ isdn_ppp_ioctl(int min, struct file *fil
|
||||
is->maxcid = val;
|
||||
#ifdef CONFIG_ISDN_PPP_VJ
|
||||
sltmp = slhc_init(16, val);
|
||||
- if (!sltmp) {
|
||||
- printk(KERN_ERR "ippp, can't realloc slhc struct\n");
|
||||
- return -ENOMEM;
|
||||
- }
|
||||
+ if (IS_ERR(sltmp))
|
||||
+ return PTR_ERR(sltmp);
|
||||
if (is->slcomp)
|
||||
slhc_free(is->slcomp);
|
||||
is->slcomp = sltmp;
|
||||
--- a/drivers/net/ppp/ppp_generic.c
|
||||
+++ b/drivers/net/ppp/ppp_generic.c
|
||||
@@ -719,10 +719,8 @@ static long ppp_ioctl(struct file *file,
|
||||
val &= 0xffff;
|
||||
}
|
||||
vj = slhc_init(val2+1, val+1);
|
||||
- if (!vj) {
|
||||
- netdev_err(ppp->dev,
|
||||
- "PPP: no memory (VJ compressor)\n");
|
||||
- err = -ENOMEM;
|
||||
+ if (IS_ERR(vj)) {
|
||||
+ err = PTR_ERR(vj);
|
||||
break;
|
||||
}
|
||||
ppp_lock(ppp);
|
||||
--- a/drivers/net/slip/slhc.c
|
||||
+++ b/drivers/net/slip/slhc.c
|
||||
@@ -84,8 +84,9 @@ static long decode(unsigned char **cpp);
|
||||
static unsigned char * put16(unsigned char *cp, unsigned short x);
|
||||
static unsigned short pull16(unsigned char **cpp);
|
||||
|
||||
-/* Initialize compression data structure
|
||||
+/* Allocate compression data structure
|
||||
* slots must be in range 0 to 255 (zero meaning no compression)
|
||||
+ * Returns pointer to structure or ERR_PTR() on error.
|
||||
*/
|
||||
struct slcompress *
|
||||
slhc_init(int rslots, int tslots)
|
||||
@@ -94,11 +95,14 @@ slhc_init(int rslots, int tslots)
|
||||
register struct cstate *ts;
|
||||
struct slcompress *comp;
|
||||
|
||||
+ if (rslots < 0 || rslots > 255 || tslots < 0 || tslots > 255)
|
||||
+ return ERR_PTR(-EINVAL);
|
||||
+
|
||||
comp = kzalloc(sizeof(struct slcompress), GFP_KERNEL);
|
||||
if (! comp)
|
||||
goto out_fail;
|
||||
|
||||
- if ( rslots > 0 && rslots < 256 ) {
|
||||
+ if (rslots > 0) {
|
||||
size_t rsize = rslots * sizeof(struct cstate);
|
||||
comp->rstate = kzalloc(rsize, GFP_KERNEL);
|
||||
if (! comp->rstate)
|
||||
@@ -106,7 +110,7 @@ slhc_init(int rslots, int tslots)
|
||||
comp->rslot_limit = rslots - 1;
|
||||
}
|
||||
|
||||
- if ( tslots > 0 && tslots < 256 ) {
|
||||
+ if (tslots > 0) {
|
||||
size_t tsize = tslots * sizeof(struct cstate);
|
||||
comp->tstate = kzalloc(tsize, GFP_KERNEL);
|
||||
if (! comp->tstate)
|
||||
@@ -141,7 +145,7 @@ out_free2:
|
||||
out_free:
|
||||
kfree(comp);
|
||||
out_fail:
|
||||
- return NULL;
|
||||
+ return ERR_PTR(-ENOMEM);
|
||||
}
|
||||
|
||||
|
||||
--- a/drivers/net/slip/slip.c
|
||||
+++ b/drivers/net/slip/slip.c
|
||||
@@ -164,7 +164,7 @@ static int sl_alloc_bufs(struct slip *sl
|
||||
if (cbuff == NULL)
|
||||
goto err_exit;
|
||||
slcomp = slhc_init(16, 16);
|
||||
- if (slcomp == NULL)
|
||||
+ if (IS_ERR(slcomp))
|
||||
goto err_exit;
|
||||
#endif
|
||||
spin_lock_bh(&sl->lock);
|
|
@ -1,69 +0,0 @@
|
|||
From: Quentin Casasnovas <quentin.casasnovas@oracle.com>
|
||||
Subject: RDS: fix race condition when sending a message on unbound socket.
|
||||
Date: Fri, 16 Oct 2015 17:11:42 +0200
|
||||
Origin: https://lkml.org/lkml/2015/10/16/530
|
||||
|
||||
Sasha's found a NULL pointer dereference in the RDS connection code when
|
||||
sending a message to an apparently unbound socket. The problem is caused
|
||||
by the code checking if the socket is bound in rds_sendmsg(), which checks
|
||||
the rs_bound_addr field without taking a lock on the socket. This opens a
|
||||
race where rs_bound_addr is temporarily set but where the transport is not
|
||||
in rds_bind(), leading to a NULL pointer dereference when trying to
|
||||
dereference 'trans' in __rds_conn_create().
|
||||
|
||||
Vegard wrote a reproducer for this issue, so kindly ask him to share if
|
||||
you're interested.
|
||||
|
||||
I cannot reproduce the NULL pointer dereference using Vegard's reproducer
|
||||
with this patch, whereas I could without.
|
||||
|
||||
Complete earlier incomplete fix to CVE-2015-6937:
|
||||
|
||||
74e98eb08588 ("RDS: verify the underlying transport exists before creating a connection")
|
||||
|
||||
Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
|
||||
Reviewed-by: Vegard Nossum <vegard.nossum@oracle.com>
|
||||
Reviewed-by: Sasha Levin <sasha.levin@oracle.com>
|
||||
Cc: Vegard Nossum <vegard.nossum@oracle.com>
|
||||
Cc: Sasha Levin <sasha.levin@oracle.com>
|
||||
Cc: Chien Yen <chien.yen@oracle.com>
|
||||
Cc: Santosh Shilimkar <santosh.shilimkar@oracle.com>
|
||||
Cc: David S. Miller <davem@davemloft.net>
|
||||
Cc: stable@vger.kernel.org
|
||||
---
|
||||
net/rds/connection.c | 6 ------
|
||||
net/rds/send.c | 4 +++-
|
||||
2 files changed, 3 insertions(+), 7 deletions(-)
|
||||
|
||||
--- a/net/rds/connection.c
|
||||
+++ b/net/rds/connection.c
|
||||
@@ -190,12 +190,6 @@ new_conn:
|
||||
}
|
||||
}
|
||||
|
||||
- if (trans == NULL) {
|
||||
- kmem_cache_free(rds_conn_slab, conn);
|
||||
- conn = ERR_PTR(-ENODEV);
|
||||
- goto out;
|
||||
- }
|
||||
-
|
||||
conn->c_trans = trans;
|
||||
|
||||
ret = trans->conn_alloc(conn, gfp);
|
||||
--- a/net/rds/send.c
|
||||
+++ b/net/rds/send.c
|
||||
@@ -1009,11 +1009,13 @@ int rds_sendmsg(struct socket *sock, str
|
||||
release_sock(sk);
|
||||
}
|
||||
|
||||
- /* racing with another thread binding seems ok here */
|
||||
+ lock_sock(sk);
|
||||
if (daddr == 0 || rs->rs_bound_addr == 0) {
|
||||
+ release_sock(sk);
|
||||
ret = -ENOTCONN; /* XXX not a great errno */
|
||||
goto out;
|
||||
}
|
||||
+ release_sock(sk);
|
||||
|
||||
if (payload_len > rds_sk_sndbuf(rs)) {
|
||||
ret = -EMSGSIZE;
|
|
@ -1,67 +0,0 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Fri, 30 Oct 2015 01:18:01 +0000
|
||||
Subject: selftests: Add missing #include directives
|
||||
|
||||
Several C programs fail to include the headers declaring all the
|
||||
functions they call, resulting in warnings or errors.
|
||||
|
||||
After this, memfd_test.c is still missing some function declarations
|
||||
but can't easily get them because of a conflict between
|
||||
<linux/fcntl.h> and <sys/fcntl.h>.
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
tools/testing/selftests/memfd/memfd_test.c | 1 +
|
||||
tools/testing/selftests/mqueue/mq_open_tests.c | 1 +
|
||||
tools/testing/selftests/mqueue/mq_perf_tests.c | 1 +
|
||||
tools/testing/selftests/timers/nanosleep.c | 1 +
|
||||
4 files changed, 4 insertions(+)
|
||||
|
||||
diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c
|
||||
index 0b9eafb..5347ef6 100644
|
||||
--- a/tools/testing/selftests/memfd/memfd_test.c
|
||||
+++ b/tools/testing/selftests/memfd/memfd_test.c
|
||||
@@ -15,6 +15,7 @@
|
||||
#include <sys/mman.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/syscall.h>
|
||||
+#include <sys/wait.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#define MFD_DEF_SIZE 8192
|
||||
diff --git a/tools/testing/selftests/mqueue/mq_open_tests.c b/tools/testing/selftests/mqueue/mq_open_tests.c
|
||||
index 9c1a5d35..e0a74bd 100644
|
||||
--- a/tools/testing/selftests/mqueue/mq_open_tests.c
|
||||
+++ b/tools/testing/selftests/mqueue/mq_open_tests.c
|
||||
@@ -31,6 +31,7 @@
|
||||
#include <sys/resource.h>
|
||||
#include <sys/stat.h>
|
||||
#include <mqueue.h>
|
||||
+#include <error.h>
|
||||
|
||||
static char *usage =
|
||||
"Usage:\n"
|
||||
diff --git a/tools/testing/selftests/mqueue/mq_perf_tests.c b/tools/testing/selftests/mqueue/mq_perf_tests.c
|
||||
index 8519e9e..8188f72 100644
|
||||
--- a/tools/testing/selftests/mqueue/mq_perf_tests.c
|
||||
+++ b/tools/testing/selftests/mqueue/mq_perf_tests.c
|
||||
@@ -37,6 +37,7 @@
|
||||
#include <sys/stat.h>
|
||||
#include <mqueue.h>
|
||||
#include <popt.h>
|
||||
+#include <error.h>
|
||||
|
||||
static char *usage =
|
||||
"Usage:\n"
|
||||
diff --git a/tools/testing/selftests/timers/nanosleep.c b/tools/testing/selftests/timers/nanosleep.c
|
||||
index 8a3c29d..ff942ff 100644
|
||||
--- a/tools/testing/selftests/timers/nanosleep.c
|
||||
+++ b/tools/testing/selftests/timers/nanosleep.c
|
||||
@@ -19,6 +19,7 @@
|
||||
* GNU General Public License for more details.
|
||||
*/
|
||||
|
||||
+#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
|
@ -1,17 +0,0 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Fri, 30 Oct 2015 10:22:55 +0000
|
||||
Subject: selftests: breakpoint: Actually build it
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
--- a/tools/testing/selftests/breakpoints/Makefile
|
||||
+++ b/tools/testing/selftests/breakpoints/Makefile
|
||||
@@ -6,7 +6,7 @@ ifeq ($(ARCH),x86)
|
||||
TEST_PROGS := breakpoint_test
|
||||
endif
|
||||
|
||||
-all:
|
||||
+all: $(TEST_PROGS)
|
||||
|
||||
include ../lib.mk
|
||||
|
|
@ -1,126 +0,0 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Fri, 30 Oct 2015 01:27:28 +0000
|
||||
Subject: selftests: kprobe: Choose an always-defined function to probe
|
||||
|
||||
do_fork() is no longer defined on x86, so probe _do_fork() instead.
|
||||
|
||||
Fixes: 3033f14ab78c ("clone: support passing tls argument via C ...")
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
.../selftests/ftrace/test.d/kprobe/add_and_remove.tc | 2 +-
|
||||
tools/testing/selftests/ftrace/test.d/kprobe/busy_check.tc | 2 +-
|
||||
.../testing/selftests/ftrace/test.d/kprobe/kprobe_args.tc | 2 +-
|
||||
.../selftests/ftrace/test.d/kprobe/kprobe_ftrace.tc | 14 +++++++-------
|
||||
.../selftests/ftrace/test.d/kprobe/kretprobe_args.tc | 2 +-
|
||||
5 files changed, 11 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/add_and_remove.tc b/tools/testing/selftests/ftrace/test.d/kprobe/add_and_remove.tc
|
||||
index a5a4262..c3843ed 100644
|
||||
--- a/tools/testing/selftests/ftrace/test.d/kprobe/add_and_remove.tc
|
||||
+++ b/tools/testing/selftests/ftrace/test.d/kprobe/add_and_remove.tc
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
echo 0 > events/enable
|
||||
echo > kprobe_events
|
||||
-echo p:myevent do_fork > kprobe_events
|
||||
+echo p:myevent _do_fork > kprobe_events
|
||||
grep myevent kprobe_events
|
||||
test -d events/kprobes/myevent
|
||||
echo > kprobe_events
|
||||
diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/busy_check.tc b/tools/testing/selftests/ftrace/test.d/kprobe/busy_check.tc
|
||||
index d8c7bb6..74507db 100644
|
||||
--- a/tools/testing/selftests/ftrace/test.d/kprobe/busy_check.tc
|
||||
+++ b/tools/testing/selftests/ftrace/test.d/kprobe/busy_check.tc
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
echo 0 > events/enable
|
||||
echo > kprobe_events
|
||||
-echo p:myevent do_fork > kprobe_events
|
||||
+echo p:myevent _do_fork > kprobe_events
|
||||
test -d events/kprobes/myevent
|
||||
echo 1 > events/kprobes/myevent/enable
|
||||
echo > kprobe_events && exit 1 # this must fail
|
||||
diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args.tc b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args.tc
|
||||
index c45ee27..64949d4 100644
|
||||
--- a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args.tc
|
||||
+++ b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args.tc
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
echo 0 > events/enable
|
||||
echo > kprobe_events
|
||||
-echo 'p:testprobe do_fork $stack $stack0 +0($stack)' > kprobe_events
|
||||
+echo 'p:testprobe _do_fork $stack $stack0 +0($stack)' > kprobe_events
|
||||
grep testprobe kprobe_events
|
||||
test -d events/kprobes/testprobe
|
||||
echo 1 > events/kprobes/testprobe/enable
|
||||
diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_ftrace.tc b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_ftrace.tc
|
||||
index ab41d2b..d6f2f49 100644
|
||||
--- a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_ftrace.tc
|
||||
+++ b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_ftrace.tc
|
||||
@@ -6,31 +6,31 @@ grep function available_tracers || exit_unsupported # this is configurable
|
||||
|
||||
# prepare
|
||||
echo nop > current_tracer
|
||||
-echo do_fork > set_ftrace_filter
|
||||
+echo _do_fork > set_ftrace_filter
|
||||
echo 0 > events/enable
|
||||
echo > kprobe_events
|
||||
-echo 'p:testprobe do_fork' > kprobe_events
|
||||
+echo 'p:testprobe _do_fork' > kprobe_events
|
||||
|
||||
# kprobe on / ftrace off
|
||||
echo 1 > events/kprobes/testprobe/enable
|
||||
echo > trace
|
||||
( echo "forked")
|
||||
grep testprobe trace
|
||||
-! grep 'do_fork <-' trace
|
||||
+! grep '_do_fork <-' trace
|
||||
|
||||
# kprobe on / ftrace on
|
||||
echo function > current_tracer
|
||||
echo > trace
|
||||
( echo "forked")
|
||||
grep testprobe trace
|
||||
-grep 'do_fork <-' trace
|
||||
+grep '_do_fork <-' trace
|
||||
|
||||
# kprobe off / ftrace on
|
||||
echo 0 > events/kprobes/testprobe/enable
|
||||
echo > trace
|
||||
( echo "forked")
|
||||
! grep testprobe trace
|
||||
-grep 'do_fork <-' trace
|
||||
+grep '_do_fork <-' trace
|
||||
|
||||
# kprobe on / ftrace on
|
||||
echo 1 > events/kprobes/testprobe/enable
|
||||
@@ -38,14 +38,14 @@ echo function > current_tracer
|
||||
echo > trace
|
||||
( echo "forked")
|
||||
grep testprobe trace
|
||||
-grep 'do_fork <-' trace
|
||||
+grep '_do_fork <-' trace
|
||||
|
||||
# kprobe on / ftrace off
|
||||
echo nop > current_tracer
|
||||
echo > trace
|
||||
( echo "forked")
|
||||
grep testprobe trace
|
||||
-! grep 'do_fork <-' trace
|
||||
+! grep '_do_fork <-' trace
|
||||
|
||||
# cleanup
|
||||
echo nop > current_tracer
|
||||
diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/kretprobe_args.tc b/tools/testing/selftests/ftrace/test.d/kprobe/kretprobe_args.tc
|
||||
index 3171798..0d09546 100644
|
||||
--- a/tools/testing/selftests/ftrace/test.d/kprobe/kretprobe_args.tc
|
||||
+++ b/tools/testing/selftests/ftrace/test.d/kprobe/kretprobe_args.tc
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
echo 0 > events/enable
|
||||
echo > kprobe_events
|
||||
-echo 'r:testprobe2 do_fork $retval' > kprobe_events
|
||||
+echo 'r:testprobe2 _do_fork $retval' > kprobe_events
|
||||
grep testprobe2 kprobe_events
|
||||
test -d events/kprobes/testprobe2
|
||||
echo 1 > events/kprobes/testprobe2/enable
|
|
@ -1,20 +0,0 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Fri, 30 Oct 2015 01:30:36 +0000
|
||||
Subject: selftests: Make scripts executable
|
||||
|
||||
Fixes: 87b2d44026e0 ("selftests: add memfd/sealing page-pinning tests")
|
||||
Fixes: 2bf9e0ab08c6 ("locking/static_keys: Provide a selftest")
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
tools/testing/selftests/memfd/run_fuse_test.sh | 0
|
||||
tools/testing/selftests/static_keys/test_static_keys.sh | 0
|
||||
2 files changed, 0 insertions(+), 0 deletions(-)
|
||||
mode change 100644 => 100755 tools/testing/selftests/memfd/run_fuse_test.sh
|
||||
mode change 100644 => 100755 tools/testing/selftests/static_keys/test_static_keys.sh
|
||||
|
||||
diff --git a/tools/testing/selftests/memfd/run_fuse_test.sh b/tools/testing/selftests/memfd/run_fuse_test.sh
|
||||
old mode 100644
|
||||
new mode 100755
|
||||
diff --git a/tools/testing/selftests/static_keys/test_static_keys.sh b/tools/testing/selftests/static_keys/test_static_keys.sh
|
||||
old mode 100644
|
||||
new mode 100755
|
|
@ -1,34 +0,0 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Sat, 31 Oct 2015 18:04:28 +0000
|
||||
Subject: selftests: memfd: Stop unnecessary rebuilds
|
||||
|
||||
Instead of explicitly running the compiler, add dependencies and take
|
||||
advantage of implicit rules to build only as necessary.
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
--- a/tools/testing/selftests/memfd/Makefile
|
||||
+++ b/tools/testing/selftests/memfd/Makefile
|
||||
@@ -4,16 +4,16 @@ CFLAGS += -I../../../../include/uapi/
|
||||
CFLAGS += -I../../../../include/
|
||||
CFLAGS += -I../../../../usr/include/
|
||||
|
||||
-all:
|
||||
- $(CC) $(CFLAGS) memfd_test.c -o memfd_test
|
||||
-
|
||||
TEST_PROGS := memfd_test
|
||||
|
||||
+all: $(TEST_PROGS)
|
||||
+
|
||||
include ../lib.mk
|
||||
|
||||
-build_fuse:
|
||||
- $(CC) $(CFLAGS) fuse_mnt.c `pkg-config fuse --cflags --libs` -o fuse_mnt
|
||||
- $(CC) $(CFLAGS) fuse_test.c -o fuse_test
|
||||
+build_fuse: fuse_mnt fuse_test
|
||||
+
|
||||
+fuse_mnt.o: CFLAGS += $(shell pkg-config fuse --cflags)
|
||||
+fuse_mnt: LDFLAGS += $(shell pkg-config fuse --libs)
|
||||
|
||||
run_fuse: build_fuse
|
||||
@./run_fuse_test.sh || echo "fuse_test: [FAIL]"
|
|
@ -1,40 +0,0 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Sat, 31 Oct 2015 17:56:11 +0000
|
||||
Subject: selftests: vm: Try harder to allocate huge pages
|
||||
|
||||
If we need to increase the number of huge pages, drop caches first
|
||||
to reduce fragmentation and then check that we actually allocated
|
||||
as many as we wanted. Retry once if that doesn't work.
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
--- a/tools/testing/selftests/vm/run_vmtests
|
||||
+++ b/tools/testing/selftests/vm/run_vmtests
|
||||
@@ -20,13 +20,26 @@ done < /proc/meminfo
|
||||
if [ -n "$freepgs" ] && [ -n "$pgsize" ]; then
|
||||
nr_hugepgs=`cat /proc/sys/vm/nr_hugepages`
|
||||
needpgs=`expr $needmem / $pgsize`
|
||||
- if [ $freepgs -lt $needpgs ]; then
|
||||
+ tries=2
|
||||
+ while [ $tries -gt 0 ] && [ $freepgs -lt $needpgs ]; do
|
||||
lackpgs=$(( $needpgs - $freepgs ))
|
||||
+ echo 3 > /proc/sys/vm/drop_caches
|
||||
echo $(( $lackpgs + $nr_hugepgs )) > /proc/sys/vm/nr_hugepages
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Please run this test as root"
|
||||
exit 1
|
||||
fi
|
||||
+ while read name size unit; do
|
||||
+ if [ "$name" = "HugePages_Free:" ]; then
|
||||
+ freepgs=$size
|
||||
+ fi
|
||||
+ done < /proc/meminfo
|
||||
+ tries=$((tries - 1))
|
||||
+ done
|
||||
+ if [ $freepgs -lt $needpgs ]; then
|
||||
+ printf "Not enough huge pages available (%d < %d)\n" \
|
||||
+ $freepgs $needpgs
|
||||
+ exit 1
|
||||
fi
|
||||
else
|
||||
echo "no hugetlbfs support in kernel?"
|
|
@ -1,325 +0,0 @@
|
|||
From: Rainer Weikusat <rweikusat@mobileactivedefense.com>
|
||||
Date: Fri, 20 Nov 2015 22:07:23 +0000
|
||||
Subject: unix: avoid use-after-free in ep_remove_wait_queue
|
||||
Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git//commit?id=7d267278a9ece963d77eefec61630223fce08c6c
|
||||
|
||||
Rainer Weikusat <rweikusat@mobileactivedefense.com> writes:
|
||||
An AF_UNIX datagram socket being the client in an n:1 association with
|
||||
some server socket is only allowed to send messages to the server if the
|
||||
receive queue of this socket contains at most sk_max_ack_backlog
|
||||
datagrams. This implies that prospective writers might be forced to go
|
||||
to sleep despite none of the message presently enqueued on the server
|
||||
receive queue were sent by them. In order to ensure that these will be
|
||||
woken up once space becomes again available, the present unix_dgram_poll
|
||||
routine does a second sock_poll_wait call with the peer_wait wait queue
|
||||
of the server socket as queue argument (unix_dgram_recvmsg does a wake
|
||||
up on this queue after a datagram was received). This is inherently
|
||||
problematic because the server socket is only guaranteed to remain alive
|
||||
for as long as the client still holds a reference to it. In case the
|
||||
connection is dissolved via connect or by the dead peer detection logic
|
||||
in unix_dgram_sendmsg, the server socket may be freed despite "the
|
||||
polling mechanism" (in particular, epoll) still has a pointer to the
|
||||
corresponding peer_wait queue. There's no way to forcibly deregister a
|
||||
wait queue with epoll.
|
||||
|
||||
Based on an idea by Jason Baron, the patch below changes the code such
|
||||
that a wait_queue_t belonging to the client socket is enqueued on the
|
||||
peer_wait queue of the server whenever the peer receive queue full
|
||||
condition is detected by either a sendmsg or a poll. A wake up on the
|
||||
peer queue is then relayed to the ordinary wait queue of the client
|
||||
socket via wake function. The connection to the peer wait queue is again
|
||||
dissolved if either a wake up is about to be relayed or the client
|
||||
socket reconnects or a dead peer is detected or the client socket is
|
||||
itself closed. This enables removing the second sock_poll_wait from
|
||||
unix_dgram_poll, thus avoiding the use-after-free, while still ensuring
|
||||
that no blocked writer sleeps forever.
|
||||
|
||||
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
|
||||
Fixes: ec0d215f9420 ("af_unix: fix 'poll for write'/connected DGRAM sockets")
|
||||
Reviewed-by: Jason Baron <jbaron@akamai.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
[bwh: Backported to 4.2: adjust context]
|
||||
---
|
||||
include/net/af_unix.h | 1 +
|
||||
net/unix/af_unix.c | 183 ++++++++++++++++++++++++++++++++++++++++++++------
|
||||
2 files changed, 165 insertions(+), 19 deletions(-)
|
||||
|
||||
--- a/include/net/af_unix.h
|
||||
+++ b/include/net/af_unix.h
|
||||
@@ -62,6 +62,7 @@ struct unix_sock {
|
||||
#define UNIX_GC_CANDIDATE 0
|
||||
#define UNIX_GC_MAYBE_CYCLE 1
|
||||
struct socket_wq peer_wq;
|
||||
+ wait_queue_t peer_wake;
|
||||
};
|
||||
|
||||
static inline struct unix_sock *unix_sk(const struct sock *sk)
|
||||
--- a/net/unix/af_unix.c
|
||||
+++ b/net/unix/af_unix.c
|
||||
@@ -326,6 +326,118 @@ found:
|
||||
return s;
|
||||
}
|
||||
|
||||
+/* Support code for asymmetrically connected dgram sockets
|
||||
+ *
|
||||
+ * If a datagram socket is connected to a socket not itself connected
|
||||
+ * to the first socket (eg, /dev/log), clients may only enqueue more
|
||||
+ * messages if the present receive queue of the server socket is not
|
||||
+ * "too large". This means there's a second writeability condition
|
||||
+ * poll and sendmsg need to test. The dgram recv code will do a wake
|
||||
+ * up on the peer_wait wait queue of a socket upon reception of a
|
||||
+ * datagram which needs to be propagated to sleeping would-be writers
|
||||
+ * since these might not have sent anything so far. This can't be
|
||||
+ * accomplished via poll_wait because the lifetime of the server
|
||||
+ * socket might be less than that of its clients if these break their
|
||||
+ * association with it or if the server socket is closed while clients
|
||||
+ * are still connected to it and there's no way to inform "a polling
|
||||
+ * implementation" that it should let go of a certain wait queue
|
||||
+ *
|
||||
+ * In order to propagate a wake up, a wait_queue_t of the client
|
||||
+ * socket is enqueued on the peer_wait queue of the server socket
|
||||
+ * whose wake function does a wake_up on the ordinary client socket
|
||||
+ * wait queue. This connection is established whenever a write (or
|
||||
+ * poll for write) hit the flow control condition and broken when the
|
||||
+ * association to the server socket is dissolved or after a wake up
|
||||
+ * was relayed.
|
||||
+ */
|
||||
+
|
||||
+static int unix_dgram_peer_wake_relay(wait_queue_t *q, unsigned mode, int flags,
|
||||
+ void *key)
|
||||
+{
|
||||
+ struct unix_sock *u;
|
||||
+ wait_queue_head_t *u_sleep;
|
||||
+
|
||||
+ u = container_of(q, struct unix_sock, peer_wake);
|
||||
+
|
||||
+ __remove_wait_queue(&unix_sk(u->peer_wake.private)->peer_wait,
|
||||
+ q);
|
||||
+ u->peer_wake.private = NULL;
|
||||
+
|
||||
+ /* relaying can only happen while the wq still exists */
|
||||
+ u_sleep = sk_sleep(&u->sk);
|
||||
+ if (u_sleep)
|
||||
+ wake_up_interruptible_poll(u_sleep, key);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static int unix_dgram_peer_wake_connect(struct sock *sk, struct sock *other)
|
||||
+{
|
||||
+ struct unix_sock *u, *u_other;
|
||||
+ int rc;
|
||||
+
|
||||
+ u = unix_sk(sk);
|
||||
+ u_other = unix_sk(other);
|
||||
+ rc = 0;
|
||||
+ spin_lock(&u_other->peer_wait.lock);
|
||||
+
|
||||
+ if (!u->peer_wake.private) {
|
||||
+ u->peer_wake.private = other;
|
||||
+ __add_wait_queue(&u_other->peer_wait, &u->peer_wake);
|
||||
+
|
||||
+ rc = 1;
|
||||
+ }
|
||||
+
|
||||
+ spin_unlock(&u_other->peer_wait.lock);
|
||||
+ return rc;
|
||||
+}
|
||||
+
|
||||
+static void unix_dgram_peer_wake_disconnect(struct sock *sk,
|
||||
+ struct sock *other)
|
||||
+{
|
||||
+ struct unix_sock *u, *u_other;
|
||||
+
|
||||
+ u = unix_sk(sk);
|
||||
+ u_other = unix_sk(other);
|
||||
+ spin_lock(&u_other->peer_wait.lock);
|
||||
+
|
||||
+ if (u->peer_wake.private == other) {
|
||||
+ __remove_wait_queue(&u_other->peer_wait, &u->peer_wake);
|
||||
+ u->peer_wake.private = NULL;
|
||||
+ }
|
||||
+
|
||||
+ spin_unlock(&u_other->peer_wait.lock);
|
||||
+}
|
||||
+
|
||||
+static void unix_dgram_peer_wake_disconnect_wakeup(struct sock *sk,
|
||||
+ struct sock *other)
|
||||
+{
|
||||
+ unix_dgram_peer_wake_disconnect(sk, other);
|
||||
+ wake_up_interruptible_poll(sk_sleep(sk),
|
||||
+ POLLOUT |
|
||||
+ POLLWRNORM |
|
||||
+ POLLWRBAND);
|
||||
+}
|
||||
+
|
||||
+/* preconditions:
|
||||
+ * - unix_peer(sk) == other
|
||||
+ * - association is stable
|
||||
+ */
|
||||
+static int unix_dgram_peer_wake_me(struct sock *sk, struct sock *other)
|
||||
+{
|
||||
+ int connected;
|
||||
+
|
||||
+ connected = unix_dgram_peer_wake_connect(sk, other);
|
||||
+
|
||||
+ if (unix_recvq_full(other))
|
||||
+ return 1;
|
||||
+
|
||||
+ if (connected)
|
||||
+ unix_dgram_peer_wake_disconnect(sk, other);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static inline int unix_writable(struct sock *sk)
|
||||
{
|
||||
return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
|
||||
@@ -430,6 +542,8 @@ static void unix_release_sock(struct soc
|
||||
skpair->sk_state_change(skpair);
|
||||
sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
|
||||
}
|
||||
+
|
||||
+ unix_dgram_peer_wake_disconnect(sk, skpair);
|
||||
sock_put(skpair); /* It may now die */
|
||||
unix_peer(sk) = NULL;
|
||||
}
|
||||
@@ -664,6 +778,7 @@ static struct sock *unix_create1(struct
|
||||
INIT_LIST_HEAD(&u->link);
|
||||
mutex_init(&u->readlock); /* single task reading lock */
|
||||
init_waitqueue_head(&u->peer_wait);
|
||||
+ init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay);
|
||||
unix_insert_socket(unix_sockets_unbound(sk), sk);
|
||||
out:
|
||||
if (sk == NULL)
|
||||
@@ -1031,6 +1146,8 @@ restart:
|
||||
if (unix_peer(sk)) {
|
||||
struct sock *old_peer = unix_peer(sk);
|
||||
unix_peer(sk) = other;
|
||||
+ unix_dgram_peer_wake_disconnect_wakeup(sk, old_peer);
|
||||
+
|
||||
unix_state_double_unlock(sk, other);
|
||||
|
||||
if (other != old_peer)
|
||||
@@ -1470,6 +1587,7 @@ static int unix_dgram_sendmsg(struct soc
|
||||
struct scm_cookie scm;
|
||||
int max_level;
|
||||
int data_len = 0;
|
||||
+ int sk_locked;
|
||||
|
||||
wait_for_unix_gc();
|
||||
err = scm_send(sock, msg, &scm, false);
|
||||
@@ -1548,12 +1666,14 @@ restart:
|
||||
goto out_free;
|
||||
}
|
||||
|
||||
+ sk_locked = 0;
|
||||
unix_state_lock(other);
|
||||
+restart_locked:
|
||||
err = -EPERM;
|
||||
if (!unix_may_send(sk, other))
|
||||
goto out_unlock;
|
||||
|
||||
- if (sock_flag(other, SOCK_DEAD)) {
|
||||
+ if (unlikely(sock_flag(other, SOCK_DEAD))) {
|
||||
/*
|
||||
* Check with 1003.1g - what should
|
||||
* datagram error
|
||||
@@ -1561,10 +1681,14 @@ restart:
|
||||
unix_state_unlock(other);
|
||||
sock_put(other);
|
||||
|
||||
+ if (!sk_locked)
|
||||
+ unix_state_lock(sk);
|
||||
+
|
||||
err = 0;
|
||||
- unix_state_lock(sk);
|
||||
if (unix_peer(sk) == other) {
|
||||
unix_peer(sk) = NULL;
|
||||
+ unix_dgram_peer_wake_disconnect_wakeup(sk, other);
|
||||
+
|
||||
unix_state_unlock(sk);
|
||||
|
||||
unix_dgram_disconnected(sk, other);
|
||||
@@ -1590,21 +1714,38 @@ restart:
|
||||
goto out_unlock;
|
||||
}
|
||||
|
||||
- if (unix_peer(other) != sk && unix_recvq_full(other)) {
|
||||
- if (!timeo) {
|
||||
- err = -EAGAIN;
|
||||
- goto out_unlock;
|
||||
+ if (unlikely(unix_peer(other) != sk && unix_recvq_full(other))) {
|
||||
+ if (timeo) {
|
||||
+ timeo = unix_wait_for_peer(other, timeo);
|
||||
+
|
||||
+ err = sock_intr_errno(timeo);
|
||||
+ if (signal_pending(current))
|
||||
+ goto out_free;
|
||||
+
|
||||
+ goto restart;
|
||||
}
|
||||
|
||||
- timeo = unix_wait_for_peer(other, timeo);
|
||||
+ if (!sk_locked) {
|
||||
+ unix_state_unlock(other);
|
||||
+ unix_state_double_lock(sk, other);
|
||||
+ }
|
||||
|
||||
- err = sock_intr_errno(timeo);
|
||||
- if (signal_pending(current))
|
||||
- goto out_free;
|
||||
+ if (unix_peer(sk) != other ||
|
||||
+ unix_dgram_peer_wake_me(sk, other)) {
|
||||
+ err = -EAGAIN;
|
||||
+ sk_locked = 1;
|
||||
+ goto out_unlock;
|
||||
+ }
|
||||
|
||||
- goto restart;
|
||||
+ if (!sk_locked) {
|
||||
+ sk_locked = 1;
|
||||
+ goto restart_locked;
|
||||
+ }
|
||||
}
|
||||
|
||||
+ if (unlikely(sk_locked))
|
||||
+ unix_state_unlock(sk);
|
||||
+
|
||||
if (sock_flag(other, SOCK_RCVTSTAMP))
|
||||
__net_timestamp(skb);
|
||||
maybe_add_creds(skb, sock, other);
|
||||
@@ -1618,6 +1759,8 @@ restart:
|
||||
return len;
|
||||
|
||||
out_unlock:
|
||||
+ if (sk_locked)
|
||||
+ unix_state_unlock(sk);
|
||||
unix_state_unlock(other);
|
||||
out_free:
|
||||
kfree_skb(skb);
|
||||
@@ -2453,14 +2596,16 @@ static unsigned int unix_dgram_poll(stru
|
||||
return mask;
|
||||
|
||||
writable = unix_writable(sk);
|
||||
- other = unix_peer_get(sk);
|
||||
- if (other) {
|
||||
- if (unix_peer(other) != sk) {
|
||||
- sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
|
||||
- if (unix_recvq_full(other))
|
||||
- writable = 0;
|
||||
- }
|
||||
- sock_put(other);
|
||||
+ if (writable) {
|
||||
+ unix_state_lock(sk);
|
||||
+
|
||||
+ other = unix_peer(sk);
|
||||
+ if (other && unix_peer(other) != sk &&
|
||||
+ unix_recvq_full(other) &&
|
||||
+ unix_dgram_peer_wake_me(sk, other))
|
||||
+ writable = 0;
|
||||
+
|
||||
+ unix_state_unlock(sk);
|
||||
}
|
||||
|
||||
if (writable)
|
|
@ -1,24 +0,0 @@
|
|||
From: Martin Michlmayr <tbm@cyrius.com>
|
||||
Date: Sat, 19 Jan 2008 18:25:02 +0000
|
||||
Subject: [mips] Disable Advansys
|
||||
Forwarded: http://thread.gmane.org/gmane.linux.scsi/57291
|
||||
|
||||
Florian Lohoff <flo@rfc822.org> reports the following build failure on IP32:
|
||||
|
||||
MODPOST 552 modules
|
||||
ERROR: "free_dma" [drivers/scsi/advansys.ko] undefined!
|
||||
make[5]: *** [__modpost] Error 1
|
||||
|
||||
But report:
|
||||
http://www.mail-archive.com/linux-scsi@vger.kernel.org/msg12773.html
|
||||
|
||||
--- a/drivers/scsi/Kconfig
|
||||
+++ b/drivers/scsi/Kconfig
|
||||
@@ -505,6 +505,7 @@ config SCSI_ADVANSYS
|
||||
tristate "AdvanSys SCSI support"
|
||||
depends on SCSI
|
||||
depends on ISA || EISA || PCI
|
||||
+ depends on !MIPS || BROKEN
|
||||
help
|
||||
This is a driver for all SCSI host adapters manufactured by
|
||||
AdvanSys. It is documented in the kernel source in
|
|
@ -41,16 +41,17 @@ Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=92084
|
|||
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=80896
|
||||
Acked-by: Mika Kuoppala <mika.kuoppala@intel.com>
|
||||
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
|
||||
[bwh: Adjust context]
|
||||
---
|
||||
drivers/gpu/drm/i915/i915_irq.c | 10 +++++++---
|
||||
1 file changed, 7 insertions(+), 3 deletions(-)
|
||||
|
||||
--- a/drivers/gpu/drm/i915/i915_irq.c
|
||||
+++ b/drivers/gpu/drm/i915/i915_irq.c
|
||||
@@ -2168,9 +2168,13 @@ static irqreturn_t gen8_irq_handler(int
|
||||
I915_WRITE(SDEIIR, pch_iir);
|
||||
ret = IRQ_HANDLED;
|
||||
cpt_irq_handler(dev, pch_iir);
|
||||
@@ -2354,9 +2354,13 @@ static irqreturn_t gen8_irq_handler(int
|
||||
spt_irq_handler(dev, pch_iir);
|
||||
else
|
||||
cpt_irq_handler(dev, pch_iir);
|
||||
- } else
|
||||
- DRM_ERROR("The master control interrupt lied (SDE)!\n");
|
||||
-
|
||||
|
|
|
@ -1,75 +0,0 @@
|
|||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Tue, 10 Nov 2015 09:14:39 +0100
|
||||
Subject: KVM: svm: unconditionally intercept #DB
|
||||
Origin: https://git.kernel.org/linus/cbdb967af3d54993f5814f1cee0ed311a055377d
|
||||
|
||||
This is needed to avoid the possibility that the guest triggers
|
||||
an infinite stream of #DB exceptions (CVE-2015-8104).
|
||||
|
||||
VMX is not affected: because it does not save DR6 in the VMCS,
|
||||
it already intercepts #DB unconditionally.
|
||||
|
||||
Reported-by: Jan Beulich <jbeulich@suse.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/svm.c | 14 +++-----------
|
||||
1 file changed, 3 insertions(+), 11 deletions(-)
|
||||
|
||||
--- a/arch/x86/kvm/svm.c
|
||||
+++ b/arch/x86/kvm/svm.c
|
||||
@@ -1107,6 +1107,7 @@ static void init_vmcb(struct vcpu_svm *s
|
||||
set_exception_intercept(svm, UD_VECTOR);
|
||||
set_exception_intercept(svm, MC_VECTOR);
|
||||
set_exception_intercept(svm, AC_VECTOR);
|
||||
+ set_exception_intercept(svm, DB_VECTOR);
|
||||
|
||||
set_intercept(svm, INTERCEPT_INTR);
|
||||
set_intercept(svm, INTERCEPT_NMI);
|
||||
@@ -1642,20 +1643,13 @@ static void svm_set_segment(struct kvm_v
|
||||
mark_dirty(svm->vmcb, VMCB_SEG);
|
||||
}
|
||||
|
||||
-static void update_db_bp_intercept(struct kvm_vcpu *vcpu)
|
||||
+static void update_bp_intercept(struct kvm_vcpu *vcpu)
|
||||
{
|
||||
struct vcpu_svm *svm = to_svm(vcpu);
|
||||
|
||||
- clr_exception_intercept(svm, DB_VECTOR);
|
||||
clr_exception_intercept(svm, BP_VECTOR);
|
||||
|
||||
- if (svm->nmi_singlestep)
|
||||
- set_exception_intercept(svm, DB_VECTOR);
|
||||
-
|
||||
if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
|
||||
- if (vcpu->guest_debug &
|
||||
- (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))
|
||||
- set_exception_intercept(svm, DB_VECTOR);
|
||||
if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
|
||||
set_exception_intercept(svm, BP_VECTOR);
|
||||
} else
|
||||
@@ -1761,7 +1755,6 @@ static int db_interception(struct vcpu_s
|
||||
if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP))
|
||||
svm->vmcb->save.rflags &=
|
||||
~(X86_EFLAGS_TF | X86_EFLAGS_RF);
|
||||
- update_db_bp_intercept(&svm->vcpu);
|
||||
}
|
||||
|
||||
if (svm->vcpu.guest_debug &
|
||||
@@ -3760,7 +3753,6 @@ static void enable_nmi_window(struct kvm
|
||||
*/
|
||||
svm->nmi_singlestep = true;
|
||||
svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
|
||||
- update_db_bp_intercept(vcpu);
|
||||
}
|
||||
|
||||
static int svm_set_tss_addr(struct kvm *kvm, unsigned int addr)
|
||||
@@ -4382,7 +4374,7 @@ static struct kvm_x86_ops svm_x86_ops =
|
||||
.vcpu_load = svm_vcpu_load,
|
||||
.vcpu_put = svm_vcpu_put,
|
||||
|
||||
- .update_db_bp_intercept = update_db_bp_intercept,
|
||||
+ .update_db_bp_intercept = update_bp_intercept,
|
||||
.get_msr = svm_get_msr,
|
||||
.set_msr = svm_set_msr,
|
||||
.get_segment_base = svm_get_segment_base,
|
|
@ -1,60 +0,0 @@
|
|||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Tue, 10 Nov 2015 11:55:36 +0100
|
||||
Subject: KVM: x86: rename update_db_bp_intercept to update_bp_intercept
|
||||
Origin: https://git.kernel.org/linus/a96036b8ef7df9f10cd575c0d78359bd33188e8e
|
||||
|
||||
Because #DB is now intercepted unconditionally, this callback
|
||||
only operates on #BP for both VMX and SVM.
|
||||
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/include/asm/kvm_host.h | 2 +-
|
||||
arch/x86/kvm/svm.c | 2 +-
|
||||
arch/x86/kvm/vmx.c | 2 +-
|
||||
arch/x86/kvm/x86.c | 2 +-
|
||||
4 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
--- a/arch/x86/include/asm/kvm_host.h
|
||||
+++ b/arch/x86/include/asm/kvm_host.h
|
||||
@@ -739,7 +739,7 @@ struct kvm_x86_ops {
|
||||
void (*vcpu_load)(struct kvm_vcpu *vcpu, int cpu);
|
||||
void (*vcpu_put)(struct kvm_vcpu *vcpu);
|
||||
|
||||
- void (*update_db_bp_intercept)(struct kvm_vcpu *vcpu);
|
||||
+ void (*update_bp_intercept)(struct kvm_vcpu *vcpu);
|
||||
int (*get_msr)(struct kvm_vcpu *vcpu, struct msr_data *msr);
|
||||
int (*set_msr)(struct kvm_vcpu *vcpu, struct msr_data *msr);
|
||||
u64 (*get_segment_base)(struct kvm_vcpu *vcpu, int seg);
|
||||
--- a/arch/x86/kvm/svm.c
|
||||
+++ b/arch/x86/kvm/svm.c
|
||||
@@ -4374,7 +4374,7 @@ static struct kvm_x86_ops svm_x86_ops =
|
||||
.vcpu_load = svm_vcpu_load,
|
||||
.vcpu_put = svm_vcpu_put,
|
||||
|
||||
- .update_db_bp_intercept = update_bp_intercept,
|
||||
+ .update_bp_intercept = update_bp_intercept,
|
||||
.get_msr = svm_get_msr,
|
||||
.set_msr = svm_set_msr,
|
||||
.get_segment_base = svm_get_segment_base,
|
||||
--- a/arch/x86/kvm/vmx.c
|
||||
+++ b/arch/x86/kvm/vmx.c
|
||||
@@ -10335,7 +10335,7 @@ static struct kvm_x86_ops vmx_x86_ops =
|
||||
.vcpu_load = vmx_vcpu_load,
|
||||
.vcpu_put = vmx_vcpu_put,
|
||||
|
||||
- .update_db_bp_intercept = update_exception_bitmap,
|
||||
+ .update_bp_intercept = update_exception_bitmap,
|
||||
.get_msr = vmx_get_msr,
|
||||
.set_msr = vmx_set_msr,
|
||||
.get_segment_base = vmx_get_segment_base,
|
||||
--- a/arch/x86/kvm/x86.c
|
||||
+++ b/arch/x86/kvm/x86.c
|
||||
@@ -7184,7 +7184,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(
|
||||
*/
|
||||
kvm_set_rflags(vcpu, rflags);
|
||||
|
||||
- kvm_x86_ops->update_db_bp_intercept(vcpu);
|
||||
+ kvm_x86_ops->update_bp_intercept(vcpu);
|
||||
|
||||
r = 0;
|
||||
|
|
@ -1,38 +0,0 @@
|
|||
Subject: KVM x86 SVM: intercept #AC to avoid guest->host exploit
|
||||
|
||||
---
|
||||
M arch/x86/kvm/svm.c
|
||||
1 file changed, 8 insertions(+), 0 deletions(-)
|
||||
|
||||
|
||||
--- a/arch/x86/kvm/svm.c
|
||||
+++ b/arch/x86/kvm/svm.c
|
||||
@@ -1106,6 +1106,7 @@ static void init_vmcb(struct vcpu_svm *s
|
||||
set_exception_intercept(svm, PF_VECTOR);
|
||||
set_exception_intercept(svm, UD_VECTOR);
|
||||
set_exception_intercept(svm, MC_VECTOR);
|
||||
+ set_exception_intercept(svm, AC_VECTOR);
|
||||
|
||||
set_intercept(svm, INTERCEPT_INTR);
|
||||
set_intercept(svm, INTERCEPT_NMI);
|
||||
@@ -1795,6 +1796,12 @@ static int ud_interception(struct vcpu_s
|
||||
return 1;
|
||||
}
|
||||
|
||||
+static int ac_interception(struct vcpu_svm *svm)
|
||||
+{
|
||||
+ kvm_queue_exception_e(&svm->vcpu, AC_VECTOR, 0);
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
static void svm_fpu_activate(struct kvm_vcpu *vcpu)
|
||||
{
|
||||
struct vcpu_svm *svm = to_svm(vcpu);
|
||||
@@ -3369,6 +3376,7 @@ static int (*const svm_exit_handlers[])(
|
||||
[SVM_EXIT_EXCP_BASE + PF_VECTOR] = pf_interception,
|
||||
[SVM_EXIT_EXCP_BASE + NM_VECTOR] = nm_interception,
|
||||
[SVM_EXIT_EXCP_BASE + MC_VECTOR] = mc_interception,
|
||||
+ [SVM_EXIT_EXCP_BASE + AC_VECTOR] = ac_interception,
|
||||
[SVM_EXIT_INTR] = intr_interception,
|
||||
[SVM_EXIT_NMI] = nmi_interception,
|
||||
[SVM_EXIT_SMI] = nop_on_interception,
|
|
@ -1,34 +0,0 @@
|
|||
From: Eric Northup <digitaleric@google.com>
|
||||
Date: Thu Sep 10 11:36:28 2015 -0700
|
||||
Subject: KVM x86 vmx: avoid guest->host DOS by intercepting #AC
|
||||
|
||||
A pathological (or malicious) guest can hang a host core by
|
||||
mis-configuring its GDT/IDT and enabling alignment checks.
|
||||
|
||||
[bwh: Forward-ported to 4.2: AC_VECTOR is already defined so don't add it]
|
||||
|
||||
--- a/arch/x86/kvm/vmx.c
|
||||
+++ b/arch/x86/kvm/vmx.c
|
||||
@@ -1567,7 +1567,7 @@ static void update_exception_bitmap(stru
|
||||
u32 eb;
|
||||
|
||||
eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) |
|
||||
- (1u << NM_VECTOR) | (1u << DB_VECTOR);
|
||||
+ (1u << NM_VECTOR) | (1u << DB_VECTOR) | (1u << AC_VECTOR);
|
||||
if ((vcpu->guest_debug &
|
||||
(KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) ==
|
||||
(KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP))
|
||||
@@ -5146,6 +5146,13 @@ static int handle_exception(struct kvm_v
|
||||
kvm_run->debug.arch.pc = vmcs_readl(GUEST_CS_BASE) + rip;
|
||||
kvm_run->debug.arch.exception = ex_no;
|
||||
break;
|
||||
+ case AC_VECTOR:
|
||||
+ /*
|
||||
+ * We have already enabled interrupts and pre-emption, so
|
||||
+ * it's OK to loop here if that is what will happen.
|
||||
+ */
|
||||
+ kvm_queue_exception_e(vcpu, AC_VECTOR, error_code);
|
||||
+ return 1;
|
||||
default:
|
||||
kvm_run->exit_reason = KVM_EXIT_EXCEPTION;
|
||||
kvm_run->ex.exception = ex_no;
|
|
@ -15,9 +15,6 @@ rm drivers/net/appletalk/cops.h
|
|||
rm drivers/net/appletalk/cops_ffdrv.h
|
||||
rm drivers/net/appletalk/cops_ltdrv.h
|
||||
|
||||
rm drivers/staging/ft1000/ft1000-pcmcia/boot.h
|
||||
rm drivers/staging/ft1000/ft1000-*/*.img
|
||||
|
||||
# These include apparently obfuscated code
|
||||
rm drivers/video/fbdev/nvidia/
|
||||
rm drivers/video/fbdev/riva/
|
||||
|
|
|
@ -8,24 +8,11 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch
|
|||
|
||||
aufs4.3 mmap patch
|
||||
|
||||
diff --git a/fs/buffer.c b/fs/buffer.c
|
||||
index 82283ab..477e5f3 100644
|
||||
--- a/fs/buffer.c
|
||||
+++ b/fs/buffer.c
|
||||
@@ -2473,7 +2473,7 @@ int block_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf,
|
||||
* Update file times before taking page lock. We may end up failing the
|
||||
* fault so this update may be superfluous but who really cares...
|
||||
*/
|
||||
- file_update_time(vma->vm_file);
|
||||
+ vma_file_update_time(vma);
|
||||
|
||||
ret = __block_page_mkwrite(vma, vmf, get_block);
|
||||
sb_end_pagefault(sb);
|
||||
diff --git a/fs/proc/base.c b/fs/proc/base.c
|
||||
index b25eee4..c83d588 100644
|
||||
[bwh: Forward-ported to 4.4-rc4: drop change in block_page_mkwrite()]
|
||||
|
||||
--- a/fs/proc/base.c
|
||||
+++ b/fs/proc/base.c
|
||||
@@ -1914,7 +1914,7 @@ static int proc_map_files_get_link(struct dentry *dentry, struct path *path)
|
||||
@@ -1921,7 +1921,7 @@ static int proc_map_files_get_link(struc
|
||||
down_read(&mm->mmap_sem);
|
||||
vma = find_exact_vma(mm, vm_start, vm_end);
|
||||
if (vma && vma->vm_file) {
|
||||
|
@ -34,11 +21,9 @@ index b25eee4..c83d588 100644
|
|||
path_get(path);
|
||||
rc = 0;
|
||||
}
|
||||
diff --git a/fs/proc/nommu.c b/fs/proc/nommu.c
|
||||
index f8595e8..cb8eda0 100644
|
||||
--- a/fs/proc/nommu.c
|
||||
+++ b/fs/proc/nommu.c
|
||||
@@ -45,7 +45,10 @@ static int nommu_region_show(struct seq_file *m, struct vm_region *region)
|
||||
@@ -45,7 +45,10 @@ static int nommu_region_show(struct seq_
|
||||
file = region->vm_file;
|
||||
|
||||
if (file) {
|
||||
|
@ -50,11 +35,9 @@ index f8595e8..cb8eda0 100644
|
|||
dev = inode->i_sb->s_dev;
|
||||
ino = inode->i_ino;
|
||||
}
|
||||
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
|
||||
index e2d46ad..5e7e631 100644
|
||||
--- a/fs/proc/task_mmu.c
|
||||
+++ b/fs/proc/task_mmu.c
|
||||
@@ -280,7 +280,10 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
|
||||
@@ -281,7 +281,10 @@ show_map_vma(struct seq_file *m, struct
|
||||
const char *name = NULL;
|
||||
|
||||
if (file) {
|
||||
|
@ -66,7 +49,7 @@ index e2d46ad..5e7e631 100644
|
|||
dev = inode->i_sb->s_dev;
|
||||
ino = inode->i_ino;
|
||||
pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT;
|
||||
@@ -1465,7 +1468,7 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
|
||||
@@ -1505,7 +1508,7 @@ static int show_numa_map(struct seq_file
|
||||
struct proc_maps_private *proc_priv = &numa_priv->proc_maps;
|
||||
struct vm_area_struct *vma = v;
|
||||
struct numa_maps *md = &numa_priv->md;
|
||||
|
@ -75,11 +58,9 @@ index e2d46ad..5e7e631 100644
|
|||
struct mm_struct *mm = vma->vm_mm;
|
||||
struct mm_walk walk = {
|
||||
.hugetlb_entry = gather_hugetlb_stats,
|
||||
diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c
|
||||
index e0d64c9..7aa92db 100644
|
||||
--- a/fs/proc/task_nommu.c
|
||||
+++ b/fs/proc/task_nommu.c
|
||||
@@ -160,7 +160,10 @@ static int nommu_vma_show(struct seq_file *m, struct vm_area_struct *vma,
|
||||
@@ -160,7 +160,10 @@ static int nommu_vma_show(struct seq_fil
|
||||
file = vma->vm_file;
|
||||
|
||||
if (file) {
|
||||
|
@ -91,11 +72,9 @@ index e0d64c9..7aa92db 100644
|
|||
dev = inode->i_sb->s_dev;
|
||||
ino = inode->i_ino;
|
||||
pgoff = (loff_t)vma->vm_pgoff << PAGE_SHIFT;
|
||||
diff --git a/include/linux/mm.h b/include/linux/mm.h
|
||||
index 80001de..9248b97 100644
|
||||
--- a/include/linux/mm.h
|
||||
+++ b/include/linux/mm.h
|
||||
@@ -1211,6 +1211,28 @@ static inline int fixup_user_fault(struct task_struct *tsk,
|
||||
@@ -1183,6 +1183,28 @@ static inline int fixup_user_fault(struc
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -124,11 +103,9 @@ index 80001de..9248b97 100644
|
|||
extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write);
|
||||
extern int access_remote_vm(struct mm_struct *mm, unsigned long addr,
|
||||
void *buf, int len, int write);
|
||||
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
|
||||
index 3d6baa7..750ca95 100644
|
||||
--- a/include/linux/mm_types.h
|
||||
+++ b/include/linux/mm_types.h
|
||||
@@ -250,6 +250,7 @@ struct vm_region {
|
||||
@@ -272,6 +272,7 @@ struct vm_region {
|
||||
unsigned long vm_top; /* region allocated to here */
|
||||
unsigned long vm_pgoff; /* the offset in vm_file corresponding to vm_start */
|
||||
struct file *vm_file; /* the backing file or NULL */
|
||||
|
@ -136,7 +113,7 @@ index 3d6baa7..750ca95 100644
|
|||
|
||||
int vm_usage; /* region usage count (access under nommu_region_sem) */
|
||||
bool vm_icache_flushed : 1; /* true if the icache has been flushed for
|
||||
@@ -324,6 +325,7 @@ struct vm_area_struct {
|
||||
@@ -346,6 +347,7 @@ struct vm_area_struct {
|
||||
unsigned long vm_pgoff; /* Offset (within vm_file) in PAGE_SIZE
|
||||
units, *not* PAGE_CACHE_SIZE */
|
||||
struct file * vm_file; /* File we map to (can be NULL). */
|
||||
|
@ -144,11 +121,9 @@ index 3d6baa7..750ca95 100644
|
|||
void * vm_private_data; /* was vm_pte (shared mem) */
|
||||
|
||||
#ifndef CONFIG_MMU
|
||||
diff --git a/kernel/fork.c b/kernel/fork.c
|
||||
index 2845623..71004bd 100644
|
||||
--- a/kernel/fork.c
|
||||
+++ b/kernel/fork.c
|
||||
@@ -462,7 +462,7 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
|
||||
@@ -464,7 +464,7 @@ static int dup_mmap(struct mm_struct *mm
|
||||
struct inode *inode = file_inode(file);
|
||||
struct address_space *mapping = file->f_mapping;
|
||||
|
||||
|
@ -157,11 +132,9 @@ index 2845623..71004bd 100644
|
|||
if (tmp->vm_flags & VM_DENYWRITE)
|
||||
atomic_dec(&inode->i_writecount);
|
||||
i_mmap_lock_write(mapping);
|
||||
diff --git a/mm/Makefile b/mm/Makefile
|
||||
index 2ed4319..e3a53f5 100644
|
||||
--- a/mm/Makefile
|
||||
+++ b/mm/Makefile
|
||||
@@ -21,7 +21,7 @@ obj-y := filemap.o mempool.o oom_kill.o \
|
||||
@@ -21,7 +21,7 @@ obj-y := filemap.o mempool.o oom_kill.
|
||||
mm_init.o mmu_context.o percpu.o slab_common.o \
|
||||
compaction.o vmacache.o \
|
||||
interval_tree.o list_lru.o workingset.o \
|
||||
|
@ -170,11 +143,9 @@ index 2ed4319..e3a53f5 100644
|
|||
|
||||
obj-y += init-mm.o
|
||||
|
||||
diff --git a/mm/filemap.c b/mm/filemap.c
|
||||
index 327910c..7bbc372 100644
|
||||
--- a/mm/filemap.c
|
||||
+++ b/mm/filemap.c
|
||||
@@ -2089,7 +2089,7 @@ int filemap_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf)
|
||||
@@ -2128,7 +2128,7 @@ int filemap_page_mkwrite(struct vm_area_
|
||||
int ret = VM_FAULT_LOCKED;
|
||||
|
||||
sb_start_pagefault(inode->i_sb);
|
||||
|
@ -183,11 +154,9 @@ index 327910c..7bbc372 100644
|
|||
lock_page(page);
|
||||
if (page->mapping != inode->i_mapping) {
|
||||
unlock_page(page);
|
||||
diff --git a/mm/memory.c b/mm/memory.c
|
||||
index deb679c..df2ce3e 100644
|
||||
--- a/mm/memory.c
|
||||
+++ b/mm/memory.c
|
||||
@@ -2035,7 +2035,7 @@ static inline int wp_page_reuse(struct mm_struct *mm,
|
||||
@@ -2035,7 +2035,7 @@ static inline int wp_page_reuse(struct m
|
||||
}
|
||||
|
||||
if (!page_mkwrite)
|
||||
|
@ -196,11 +165,9 @@ index deb679c..df2ce3e 100644
|
|||
}
|
||||
|
||||
return VM_FAULT_WRITE;
|
||||
diff --git a/mm/mmap.c b/mm/mmap.c
|
||||
index 79bcc9f..da28c8a 100644
|
||||
--- a/mm/mmap.c
|
||||
+++ b/mm/mmap.c
|
||||
@@ -275,7 +275,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
|
||||
@@ -275,7 +275,7 @@ static struct vm_area_struct *remove_vma
|
||||
if (vma->vm_ops && vma->vm_ops->close)
|
||||
vma->vm_ops->close(vma);
|
||||
if (vma->vm_file)
|
||||
|
@ -209,7 +176,7 @@ index 79bcc9f..da28c8a 100644
|
|||
mpol_put(vma_policy(vma));
|
||||
kmem_cache_free(vm_area_cachep, vma);
|
||||
return next;
|
||||
@@ -887,7 +887,7 @@ again: remove_next = 1 + (end > next->vm_end);
|
||||
@@ -887,7 +887,7 @@ again: remove_next = 1 + (end > next->
|
||||
if (remove_next) {
|
||||
if (file) {
|
||||
uprobe_munmap(next, next->vm_start, next->vm_end);
|
||||
|
@ -218,7 +185,7 @@ index 79bcc9f..da28c8a 100644
|
|||
}
|
||||
if (next->anon_vma)
|
||||
anon_vma_merge(vma, next);
|
||||
@@ -1683,8 +1683,8 @@ out:
|
||||
@@ -1681,8 +1681,8 @@ out:
|
||||
return addr;
|
||||
|
||||
unmap_and_free_vma:
|
||||
|
@ -228,7 +195,7 @@ index 79bcc9f..da28c8a 100644
|
|||
|
||||
/* Undo any partial mapping done by a device driver. */
|
||||
unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
|
||||
@@ -2485,7 +2485,7 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
|
||||
@@ -2488,7 +2488,7 @@ static int __split_vma(struct mm_struct
|
||||
goto out_free_mpol;
|
||||
|
||||
if (new->vm_file)
|
||||
|
@ -237,7 +204,7 @@ index 79bcc9f..da28c8a 100644
|
|||
|
||||
if (new->vm_ops && new->vm_ops->open)
|
||||
new->vm_ops->open(new);
|
||||
@@ -2504,7 +2504,7 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
|
||||
@@ -2507,7 +2507,7 @@ static int __split_vma(struct mm_struct
|
||||
if (new->vm_ops && new->vm_ops->close)
|
||||
new->vm_ops->close(new);
|
||||
if (new->vm_file)
|
||||
|
@ -246,7 +213,7 @@ index 79bcc9f..da28c8a 100644
|
|||
unlink_anon_vmas(new);
|
||||
out_free_mpol:
|
||||
mpol_put(vma_policy(new));
|
||||
@@ -2646,7 +2646,6 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
|
||||
@@ -2649,7 +2649,6 @@ SYSCALL_DEFINE5(remap_file_pages, unsign
|
||||
struct vm_area_struct *vma;
|
||||
unsigned long populate = 0;
|
||||
unsigned long ret = -EINVAL;
|
||||
|
@ -254,7 +221,7 @@ index 79bcc9f..da28c8a 100644
|
|||
|
||||
pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. "
|
||||
"See Documentation/vm/remap_file_pages.txt.\n",
|
||||
@@ -2690,10 +2689,10 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
|
||||
@@ -2693,10 +2692,10 @@ SYSCALL_DEFINE5(remap_file_pages, unsign
|
||||
munlock_vma_pages_range(vma, start, start + size);
|
||||
}
|
||||
|
||||
|
@ -267,7 +234,7 @@ index 79bcc9f..da28c8a 100644
|
|||
out:
|
||||
up_write(&mm->mmap_sem);
|
||||
if (populate)
|
||||
@@ -2963,7 +2962,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
|
||||
@@ -2966,7 +2965,7 @@ struct vm_area_struct *copy_vma(struct v
|
||||
if (anon_vma_clone(new_vma, vma))
|
||||
goto out_free_mempol;
|
||||
if (new_vma->vm_file)
|
||||
|
@ -276,11 +243,9 @@ index 79bcc9f..da28c8a 100644
|
|||
if (new_vma->vm_ops && new_vma->vm_ops->open)
|
||||
new_vma->vm_ops->open(new_vma);
|
||||
vma_link(mm, new_vma, prev, rb_link, rb_parent);
|
||||
diff --git a/mm/nommu.c b/mm/nommu.c
|
||||
index ab14a20..fffc566 100644
|
||||
--- a/mm/nommu.c
|
||||
+++ b/mm/nommu.c
|
||||
@@ -671,7 +671,7 @@ static void __put_nommu_region(struct vm_region *region)
|
||||
@@ -671,7 +671,7 @@ static void __put_nommu_region(struct vm
|
||||
up_write(&nommu_region_sem);
|
||||
|
||||
if (region->vm_file)
|
||||
|
@ -289,7 +254,7 @@ index ab14a20..fffc566 100644
|
|||
|
||||
/* IO memory and memory shared directly out of the pagecache
|
||||
* from ramfs/tmpfs mustn't be released here */
|
||||
@@ -829,7 +829,7 @@ static void delete_vma(struct mm_struct *mm, struct vm_area_struct *vma)
|
||||
@@ -829,7 +829,7 @@ static void delete_vma(struct mm_struct
|
||||
if (vma->vm_ops && vma->vm_ops->close)
|
||||
vma->vm_ops->close(vma);
|
||||
if (vma->vm_file)
|
||||
|
@ -320,9 +285,6 @@ index ab14a20..fffc566 100644
|
|||
kmem_cache_free(vm_area_cachep, vma);
|
||||
return ret;
|
||||
|
||||
diff --git a/mm/prfile.c b/mm/prfile.c
|
||||
new file mode 100644
|
||||
index 0000000..b323b8a
|
||||
--- /dev/null
|
||||
+++ b/mm/prfile.c
|
||||
@@ -0,0 +1,86 @@
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Sun, 30 May 2010 22:43:38 +0100
|
||||
Date: Thu, 10 Dec 2015 18:02:48 +0000
|
||||
Subject: cgroups: Allow memory cgroup support to be included but disabled
|
||||
Forwarded: no
|
||||
|
||||
|
@ -11,15 +11,9 @@ parameter 'cgroup_enable' as the opposite to 'cgroup_disable'.
|
|||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
[Bastian Blank: Rename CGROUP_MEM_RES_CTLR_DISABLED to MEMCG_DISABLED]
|
||||
---
|
||||
Documentation/kernel-parameters.txt | 4 ++--
|
||||
init/Kconfig | 8 ++++++++
|
||||
kernel/cgroup.c | 20 ++++++++++++++++----
|
||||
mm/memcontrol.c | 3 +++
|
||||
4 files changed, 29 insertions(+), 6 deletions(-)
|
||||
|
||||
--- a/Documentation/kernel-parameters.txt
|
||||
+++ b/Documentation/kernel-parameters.txt
|
||||
@@ -587,8 +587,8 @@ bytes respectively. Such letter suffixes
|
||||
@@ -588,8 +588,8 @@ bytes respectively. Such letter suffixes
|
||||
ccw_timeout_log [S390]
|
||||
See Documentation/s390/CommonIO for details.
|
||||
|
||||
|
@ -49,7 +43,19 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
depends on MEMCG && SWAP
|
||||
--- a/kernel/cgroup.c
|
||||
+++ b/kernel/cgroup.c
|
||||
@@ -5468,7 +5468,7 @@ out_free:
|
||||
@@ -5216,7 +5216,11 @@ int __init cgroup_init_early(void)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#ifdef CONFIG_MEMCG_DISABLED
|
||||
+static unsigned long cgroup_disable_mask __initdata = 1 << memory_cgrp_id;
|
||||
+#else
|
||||
static unsigned long cgroup_disable_mask __initdata;
|
||||
+#endif
|
||||
|
||||
/**
|
||||
* cgroup_init - cgroup initialization
|
||||
@@ -5691,7 +5695,7 @@ out_free:
|
||||
kfree(pathbuf);
|
||||
}
|
||||
|
||||
|
@ -58,17 +64,15 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
{
|
||||
struct cgroup_subsys *ss;
|
||||
char *token;
|
||||
@@ -5483,16 +5483,27 @@ static int __init cgroup_disable(char *s
|
||||
@@ -5705,13 +5709,27 @@ static int __init cgroup_disable(char *s
|
||||
if (strcmp(token, ss->name) &&
|
||||
strcmp(token, ss->legacy_name))
|
||||
continue;
|
||||
|
||||
- ss->disabled = 1;
|
||||
- printk(KERN_INFO "Disabling %s control group subsystem\n",
|
||||
- ss->name);
|
||||
+ ss->disabled = value;
|
||||
+ printk(KERN_INFO "%sabling %s control group subsystem\n",
|
||||
+ value ? "Dis" : "En", ss->name);
|
||||
break;
|
||||
- cgroup_disable_mask |= 1 << i;
|
||||
+ if (value)
|
||||
+ cgroup_disable_mask |= 1 << i;
|
||||
+ else
|
||||
+ cgroup_disable_mask &= ~(1 << i);
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
|
@ -86,18 +90,6 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
+}
|
||||
+__setup("cgroup_enable=", cgroup_enable);
|
||||
+
|
||||
static int __init cgroup_set_legacy_files_on_dfl(char *str)
|
||||
{
|
||||
printk("cgroup: using legacy files on the default hierarchy\n");
|
||||
--- a/mm/memcontrol.c
|
||||
+++ b/mm/memcontrol.c
|
||||
@@ -5209,6 +5209,9 @@ static struct cftype memory_files[] = {
|
||||
};
|
||||
|
||||
struct cgroup_subsys memory_cgrp_subsys = {
|
||||
+#ifdef CONFIG_MEMCG_DISABLED
|
||||
+ .disabled = 1,
|
||||
+#endif
|
||||
.css_alloc = mem_cgroup_css_alloc,
|
||||
.css_online = mem_cgroup_css_online,
|
||||
.css_offline = mem_cgroup_css_offline,
|
||||
/**
|
||||
* css_tryget_online_from_dir - get corresponding css from a cgroup dentry
|
||||
* @dentry: directory dentry of interest
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Subject: efi: Auto-load efi-pstore
|
||||
Date: Mon, 28 Sep 2015 01:44:16 +0100
|
||||
Forwarded: http://mid.gmane.org/1443401056.2517.27.camel@decadent.org.uk
|
||||
|
||||
efi-pstore should be auto-loaded on EFI systems, same as efivars.
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
--- a/drivers/firmware/efi/efi-pstore.c
|
||||
+++ b/drivers/firmware/efi/efi-pstore.c
|
||||
@@ -400,3 +400,4 @@ module_exit(efivars_pstore_exit);
|
||||
|
||||
MODULE_DESCRIPTION("EFI variable backend for pstore");
|
||||
MODULE_LICENSE("GPL");
|
||||
+MODULE_ALIAS("platform:efivars");
|
|
@ -1,42 +0,0 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Mon, 28 Sep 2015 02:34:40 +0100
|
||||
Subject: deb-pkg: Add automatic support for armhf architecture
|
||||
Forwarded: http://mid.gmane.org/1443404080.2517.30.camel@decadent.org.uk
|
||||
|
||||
The Debian armhf architecture uses the ARM EABI hard-float variant,
|
||||
whereas armel uses the soft-float variant. Although the kernel
|
||||
doesn't use FP itself, CONFIG_VFP must be enabled to support
|
||||
hard-float userland and will probably be disabled when supporting a
|
||||
soft-float userland. So set the architecture to armhf by default when
|
||||
CONFIG_AEABI and CONFIG_VFP are both enabled.
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
Acked-by: Ian Campbell <ijc@hellion.org.uk>
|
||||
Acked-by: Fathi Boudra <fathi.boudra@linaro.org>
|
||||
---
|
||||
v2: rebased
|
||||
v3: rebased
|
||||
|
||||
scripts/package/builddeb | 11 ++++++++++-
|
||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/scripts/package/builddeb
|
||||
+++ b/scripts/package/builddeb
|
||||
@@ -52,7 +52,16 @@ set_debarch() {
|
||||
arm64)
|
||||
debarch=arm64 ;;
|
||||
arm*)
|
||||
- debarch=arm$(grep -q CONFIG_AEABI=y $KCONFIG_CONFIG && echo el || true) ;;
|
||||
+ if grep -q CONFIG_AEABI=y $KCONFIG_CONFIG; then
|
||||
+ if grep -q CONFIG_VFP=y $KCONFIG_CONFIG; then
|
||||
+ debarch=armhf
|
||||
+ else
|
||||
+ debarch=armel
|
||||
+ fi
|
||||
+ else
|
||||
+ debarch=arm
|
||||
+ fi
|
||||
+ ;;
|
||||
*)
|
||||
debarch=$(dpkg --print-architecture)
|
||||
echo "" >&2
|
|
@ -1,65 +0,0 @@
|
|||
From: Mark Langsdorf <mlangsdo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
|
||||
Subject: [PATCH v3 2/2] [usb] dd support for ACPI identification to xhci-platform
|
||||
Date: Tue, 25 Nov 2014 15:19:26 -0600
|
||||
Origin: http://permalink.gmane.org/gmane.linux.usb.general/118784
|
||||
Bug-Debian: https://bugs.debian.org/785707
|
||||
|
||||
Provide the methods to let ACPI identify the need to use
|
||||
xhci-platform. Change the Kconfig files so the
|
||||
xhci-plat.o file is selectable during kernel config.
|
||||
|
||||
This has been tested on an ARM64 machine with platform XHCI, an
|
||||
x86_64 machine with XHCI, and an x86_64 machine without XHCI.
|
||||
There were no regressions or error messages on the machines
|
||||
without platform XHCI.
|
||||
|
||||
Signed-off-by: Mark Langsdorf <mlangsdo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
|
||||
[ ijc -- allow build as a module, otherwise cannot see various core
|
||||
symbols, like xhci_resume or usb_add_hcd which are in modules. xhci-hcd-plat
|
||||
can be built as a module from v3.18. ]
|
||||
[bwh: Drop Kconfig change as a similar change was applied upstream]
|
||||
|
||||
---
|
||||
Changes from v2
|
||||
Replaced tristate with a boolean as the driver doesn't
|
||||
compile as a module
|
||||
Correct --help-- to ---help---
|
||||
Changes from v1
|
||||
Renamed from "add support for APM X-Gene to xhci-platform"
|
||||
Removed changes to arm64/Kconfig
|
||||
Made CONFIG_USB_XHCI_PLATFORM a user selectable config option
|
||||
|
||||
--- a/drivers/usb/host/xhci-plat.c
|
||||
+++ b/drivers/usb/host/xhci-plat.c
|
||||
@@ -19,6 +19,7 @@
|
||||
#include <linux/usb/phy.h>
|
||||
#include <linux/slab.h>
|
||||
#include <linux/usb/xhci_pdriver.h>
|
||||
+#include <linux/acpi.h>
|
||||
|
||||
#include "xhci.h"
|
||||
#include "xhci-mvebu.h"
|
||||
@@ -262,6 +263,15 @@ static const struct of_device_id usb_xhc
|
||||
MODULE_DEVICE_TABLE(of, usb_xhci_of_match);
|
||||
#endif
|
||||
|
||||
+#ifdef CONFIG_ACPI
|
||||
+static const struct acpi_device_id usb_xhci_acpi_match[] = {
|
||||
+ { "PNP0D10", },
|
||||
+ { "PNP0D15", },
|
||||
+ { }
|
||||
+};
|
||||
+MODULE_DEVICE_TABLE(acpi, usb_xhci_acpi_match);
|
||||
+#endif
|
||||
+
|
||||
static struct platform_driver usb_xhci_driver = {
|
||||
.probe = xhci_plat_probe,
|
||||
.remove = xhci_plat_remove,
|
||||
@@ -269,6 +279,7 @@ static struct platform_driver usb_xhci_d
|
||||
.name = "xhci-hcd",
|
||||
.pm = DEV_PM_OPS,
|
||||
.of_match_table = of_match_ptr(usb_xhci_of_match),
|
||||
+ .acpi_match_table = ACPI_PTR(usb_xhci_acpi_match),
|
||||
},
|
||||
};
|
||||
MODULE_ALIAS("platform:xhci-hcd");
|
|
@ -1,48 +0,0 @@
|
|||
From: Mark Langsdorf <mlangsdo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
|
||||
Subject: [PATCH v3 1/2] make xhci platform driver use 64 bit or 32 bit DMA
|
||||
Date: Tue, 25 Nov 2014 15:19:25 -0600
|
||||
Origin: http://permalink.gmane.org/gmane.linux.usb.general/118786
|
||||
Bug-Debian: https://bugs.debian.org/785707
|
||||
|
||||
The xhci platform driver needs to work on systems that either only
|
||||
support 64-bit DMA or only support 32-bit DMA. Attempt to set a
|
||||
coherent dma mask for 64-bit DMA, and attempt again with 32-bit
|
||||
DMA if that fails.
|
||||
|
||||
Signed-off-by: Mark Langsdorf <mlangsdo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
|
||||
Tested-by: Mark Salter <msalter-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
|
||||
---
|
||||
Changes from v2:
|
||||
None
|
||||
Changes from v1:
|
||||
Consolidated to use dma_set_mask_and_coherent
|
||||
Got rid of the check against sizeof(dma_addr_t)
|
||||
|
||||
drivers/usb/host/xhci-plat.c | 16 ++++++++--------
|
||||
1 file changed, 8 insertions(+), 8 deletions(-)
|
||||
|
||||
--- a/drivers/usb/host/xhci-plat.c
|
||||
+++ b/drivers/usb/host/xhci-plat.c
|
||||
@@ -83,14 +83,14 @@ static int xhci_plat_probe(struct platfo
|
||||
if (irq < 0)
|
||||
return -ENODEV;
|
||||
|
||||
- /* Initialize dma_mask and coherent_dma_mask to 32-bits */
|
||||
- ret = dma_set_coherent_mask(&pdev->dev, DMA_BIT_MASK(32));
|
||||
- if (ret)
|
||||
- return ret;
|
||||
- if (!pdev->dev.dma_mask)
|
||||
- pdev->dev.dma_mask = &pdev->dev.coherent_dma_mask;
|
||||
- else
|
||||
- dma_set_mask(&pdev->dev, DMA_BIT_MASK(32));
|
||||
+ /* Try setting the coherent_dma_mask to 64 bits, then try 32 bits */
|
||||
+ ret = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(64));
|
||||
+ if (ret) {
|
||||
+ ret = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(32));
|
||||
+ if (ret)
|
||||
+ return ret;
|
||||
+ }
|
||||
+
|
||||
|
||||
hcd = usb_create_hcd(driver, &pdev->dev, dev_name(&pdev->dev));
|
||||
if (!hcd)
|
|
@ -44,7 +44,6 @@ debian/snd-pcsp-disable-autoload.patch
|
|||
bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch
|
||||
|
||||
# Arch bug fixes
|
||||
bugfix/mips/disable-advansys.patch
|
||||
bugfix/arm64/arm64-add-missing-dts-entry-for-X-Gene-platform.patch
|
||||
bugfix/arm64/arm64-removed-using-of-the-mask-attribute-in-the-dts.patch
|
||||
|
||||
|
@ -54,9 +53,6 @@ features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch
|
|||
features/mips/MIPS-octeon-Add-support-for-the-UBNT-E200-board.patch
|
||||
features/x86/x86-memtest-WARN-if-bad-RAM-found.patch
|
||||
features/x86/x86-make-x32-syscall-support-conditional.patch
|
||||
features/arm/deb-pkg-add-automatic-support-for-armhf-architecture.patch
|
||||
features/arm64/usb-make-xhci-platform-driver-use-64-bit-or-32-bit-dma.patch
|
||||
features/arm64/usb-add-support-for-acpi-identification-to-xhci-platform.patch
|
||||
|
||||
# Miscellaneous bug fixes
|
||||
bugfix/all/misc-bmp085-Enable-building-as-a-module.patch
|
||||
|
@ -64,12 +60,7 @@ bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch
|
|||
bugfix/all/disable-some-marvell-phys.patch
|
||||
bugfix/all/rtsx_usb_ms-use-msleep_interruptible-in-polling-loop.patch
|
||||
|
||||
# Reproducible docs
|
||||
bugfix/all/documentation-avoid-creating-man-pages-in-source-tree.patch
|
||||
bugfix/all/docbook-use-a-fixed-encoding-for-output.patch
|
||||
|
||||
# Miscellaneous features
|
||||
features/all/efi-autoload-efi-pstore.patch
|
||||
|
||||
# Hardening from grsecurity
|
||||
features/all/grsecurity/grsecurity-kconfig.patch
|
||||
|
@ -77,24 +68,6 @@ features/all/grsecurity/grsecurity-kconfig.patch
|
|||
#features/all/grsecurity/grsecurity-kbuild.patch
|
||||
features/all/grsecurity/grkernsec_perf_harden.patch
|
||||
|
||||
bugfix/all/media-uvcvideo-disable-hardware-timestamps-by-defaul.patch
|
||||
|
||||
bugfix/all/selftests-add-missing-include-directives.patch
|
||||
bugfix/all/selftests-memfd-stop-unnecessary-rebuilds.patch
|
||||
bugfix/all/selftests-kprobe-choose-an-always-defined-function-t.patch
|
||||
bugfix/all/selftests-make-scripts-executable.patch
|
||||
bugfix/all/selftests-vm-try-harder-to-allocate-huge-pages.patch
|
||||
bugfix/all/selftests-breakpoints-actually-build-it.patch
|
||||
bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch
|
||||
bugfix/all/media-media-vivid-osd-fix-info-leak-in-ioctl.patch
|
||||
bugfix/x86/kvm-x86-vmx-avoid-guest-host-dos-by-intercepting-ac.patch
|
||||
bugfix/x86/kvm-x86-svm-intercept-ac-to-avoid-guest-host-exploit.patch
|
||||
bugfix/x86/kvm-svm-unconditionally-intercept-DB.patch
|
||||
bugfix/x86/kvm-x86-rename-update_db_bp_intercept-to-update_bp_i.patch
|
||||
bugfix/all/usbvision-fix-overflow-of-interfaces-array.patch
|
||||
bugfix/all/media-usbvision-fix-crash-on-detecting-device-with-i.patch
|
||||
bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch
|
||||
bugfix/all/isdn_ppp-add-checks-for-allocation-failure-in-isdn_p.patch
|
||||
bugfix/all/ppp-slip-validate-vj-compression-slot-parameters-com.patch
|
||||
bugfix/all/btrfs-fix-truncation-of-compressed-and-inlined-exten.patch
|
||||
bugfix/x86/drm-i915-shut-up-gen8-sde-irq-dmesg-noise.patch
|
||||
|
|
Loading…
Reference in New Issue