This commit is contained in:
Dan Ziemba 2016-02-02 15:18:11 -05:00
parent eb30161282
commit 4e37f9fde2
7 changed files with 148 additions and 98 deletions

View File

@ -1,8 +1,8 @@
# Generated by mksrcinfo v8 # Generated by mksrcinfo v8
# Tue Feb 2 20:10:47 UTC 2016 # Tue Feb 2 20:15:53 UTC 2016
pkgbase = linux-vfio pkgbase = linux-vfio
pkgver = 4.4 pkgver = 4.4.1
pkgrel = 4 pkgrel = 1
url = http://www.kernel.org/ url = http://www.kernel.org/
arch = i686 arch = i686
arch = x86_64 arch = x86_64
@ -15,24 +15,30 @@ pkgbase = linux-vfio
options = !strip options = !strip
source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.4.tar.xz source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.4.tar.xz
source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.4.tar.sign source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.4.tar.sign
source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.4.1.xz
source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.4.1.sign
source = config source = config
source = config.x86_64 source = config.x86_64
source = linux.preset source = linux.preset
source = change-default-console-loglevel.patch source = change-default-console-loglevel.patch
source = 0001-sdhci-revert.patch source = 0001-sdhci-revert.patch
source = tpmdd-devel-v3-base-platform-fix-binding-for-drivers-without-probe-callback.patch source = tpmdd-devel-v3-base-platform-fix-binding-for-drivers-without-probe-callback.patch
source = CVE-2016-0728.patch source = 0001-4.4-revert-btrfs.patch
source = 0001-4.4-revert-xfs.patch
source = override_for_missing_acs_capabilities.patch source = override_for_missing_acs_capabilities.patch
source = i915_317.patch source = i915_317.patch
sha256sums = 401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2 sha256sums = 401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2
sha256sums = SKIP sha256sums = SKIP
sha256sums = d402c67f5a7334ac9e242344055ef4ac63fe43a1d8f1cda82eddd59d7242a63e sha256sums = c0218043e61da3921cd14579ae4a8774a6fdad91667a9fdb851d0a35f62edb48
sha256sums = ddeadf2910deb0803d4d4920c4dc7f07d3fb63bca564073aeb5f6181358f20d7 sha256sums = SKIP
sha256sums = fbbae1d873900e84d1b7ef00593fbb94fc79f078a34b22ee824bab8b0a92be64
sha256sums = 756a168bbc3bb582f0df45b977c32af53658f21d62fe15171c9ac85f52d8852a
sha256sums = f0d90e756f14533ee67afda280500511a62465b4f76adcc5effa95a40045179c sha256sums = f0d90e756f14533ee67afda280500511a62465b4f76adcc5effa95a40045179c
sha256sums = 1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99 sha256sums = 1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99
sha256sums = 5313df7cb5b4d005422bd4cd0dae956b2dadba8f3db904275aaf99ac53894375 sha256sums = 5313df7cb5b4d005422bd4cd0dae956b2dadba8f3db904275aaf99ac53894375
sha256sums = ab57037ecee0a425c612babdff47c831378bca0bff063a1308599989a350226d sha256sums = ab57037ecee0a425c612babdff47c831378bca0bff063a1308599989a350226d
sha256sums = 03bed5b1c6ef34a917e218a46d38cd1347c5ab5693131996113c6cad275dc4e9 sha256sums = 51586b733e9f178bebe577258b6057b035eded516ffe8bf8bbb26cb0b26c4958
sha256sums = ffbfaa192d17bfc7c6293aa9a07efe57f65177051ae3d8033d5e45a7bca2e0ad
sha256sums = 975f79348119bfba8dd972a9fbfe6b38484c45bfd228f2f6d48a0c02426ba149 sha256sums = 975f79348119bfba8dd972a9fbfe6b38484c45bfd228f2f6d48a0c02426ba149
sha256sums = b5a8eebbe75e1801b35d2f5197eba6f57123c224e09e97a7eb526f1fa58ac918 sha256sums = b5a8eebbe75e1801b35d2f5197eba6f57123c224e09e97a7eb526f1fa58ac918

View File

@ -0,0 +1,78 @@
From 80ad623edd2d0ccb47d85357ee31c97e6c684e82 Mon Sep 17 00:00:00 2001
From: David Sterba <dsterba@suse.com>
Date: Mon, 25 Jan 2016 11:02:06 +0100
Subject: Revert "btrfs: clear PF_NOFREEZE in cleaner_kthread()"
This reverts commit 696249132158014d594896df3a81390616069c5c. The
cleaner thread can block freezing when there's a snapshot cleaning in
progress and the other threads get suspended first. From the logs
provided by Martin we're waiting for reading extent pages:
kernel: PM: Syncing filesystems ... done.
kernel: Freezing user space processes ... (elapsed 0.015 seconds) done.
kernel: Freezing remaining freezable tasks ...
kernel: Freezing of tasks failed after 20.003 seconds (1 tasks refusing to freeze, wq_busy=0):
kernel: btrfs-cleaner D ffff88033dd13bc0 0 152 2 0x00000000
kernel: ffff88032ebc2e00 ffff88032e750000 ffff88032e74fa50 7fffffffffffffff
kernel: ffffffff814a58df 0000000000000002 ffffea000934d580 ffffffff814a5451
kernel: 7fffffffffffffff ffffffff814a6e8f 0000000000000000 0000000000000020
kernel: Call Trace:
kernel: [<ffffffff814a58df>] ? bit_wait+0x2c/0x2c
kernel: [<ffffffff814a5451>] ? schedule+0x6f/0x7c
kernel: [<ffffffff814a6e8f>] ? schedule_timeout+0x2f/0xd8
kernel: [<ffffffff81076f94>] ? timekeeping_get_ns+0xa/0x2e
kernel: [<ffffffff81077603>] ? ktime_get+0x36/0x44
kernel: [<ffffffff814a4f6c>] ? io_schedule_timeout+0x94/0xf2
kernel: [<ffffffff814a4f6c>] ? io_schedule_timeout+0x94/0xf2
kernel: [<ffffffff814a590b>] ? bit_wait_io+0x2c/0x30
kernel: [<ffffffff814a5694>] ? __wait_on_bit+0x41/0x73
kernel: [<ffffffff8109eba8>] ? wait_on_page_bit+0x6d/0x72
kernel: [<ffffffff8105d718>] ? autoremove_wake_function+0x2a/0x2a
kernel: [<ffffffff811a02d7>] ? read_extent_buffer_pages+0x1bd/0x203
kernel: [<ffffffff8117d9e9>] ? free_root_pointers+0x4c/0x4c
kernel: [<ffffffff8117e831>] ? btree_read_extent_buffer_pages.constprop.57+0x5a/0xe9
kernel: [<ffffffff8117f4f3>] ? read_tree_block+0x2d/0x45
kernel: [<ffffffff8116782a>] ? read_block_for_search.isra.34+0x22a/0x26b
kernel: [<ffffffff811656c3>] ? btrfs_set_path_blocking+0x1e/0x4a
kernel: [<ffffffff8116919b>] ? btrfs_search_slot+0x648/0x736
kernel: [<ffffffff81170559>] ? btrfs_lookup_extent_info+0xb7/0x2c7
kernel: [<ffffffff81170ee5>] ? walk_down_proc+0x9c/0x1ae
kernel: [<ffffffff81171c9d>] ? walk_down_tree+0x40/0xa4
kernel: [<ffffffff8117375f>] ? btrfs_drop_snapshot+0x2da/0x664
kernel: [<ffffffff8104ff21>] ? finish_task_switch+0x126/0x167
kernel: [<ffffffff811850f8>] ? btrfs_clean_one_deleted_snapshot+0xa6/0xb0
kernel: [<ffffffff8117eaba>] ? cleaner_kthread+0x13e/0x17b
kernel: [<ffffffff8117e97c>] ? btrfs_item_end+0x33/0x33
kernel: [<ffffffff8104d256>] ? kthread+0x95/0x9d
kernel: [<ffffffff8104d1c1>] ? kthread_parkme+0x16/0x16
kernel: [<ffffffff814a7b5f>] ? ret_from_fork+0x3f/0x70
kernel: [<ffffffff8104d1c1>] ? kthread_parkme+0x16/0x16
As this affects a released kernel (4.4) we need a minimal fix for
stable kernels.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=108361
Reported-by: Martin Ziegler <ziegler@uni-freiburg.de>
CC: stable@vger.kernel.org # 4.4
CC: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
---
fs/btrfs/disk-io.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index 26ef141..404e894 100644
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -1787,7 +1787,6 @@ static int cleaner_kthread(void *arg)
int again;
struct btrfs_trans_handle *trans;
- set_freezable();
do {
again = 0;
--
cgit v0.12

39
0001-4.4-revert-xfs.patch Normal file
View File

@ -0,0 +1,39 @@
From 3e85286e75224fa3f08bdad20e78c8327742634e Mon Sep 17 00:00:00 2001
From: Dave Chinner <david@fromorbit.com>
Date: Tue, 19 Jan 2016 08:21:46 +1100
Subject: Revert "xfs: clear PF_NOFREEZE for xfsaild kthread"
This reverts commit 24ba16bb3d499c49974669cd8429c3e4138ab102 as it
prevents machines from suspending. This regression occurs when the
xfsaild is idle on entry to suspend, and so there s no activity to
wake it from it's idle sleep and hence see that it is supposed to
freeze. Hence the freezer times out waiting for it and suspend is
cancelled.
There is no obvious fix for this short of freezing the filesystem
properly, so revert this change for now.
cc: <stable@vger.kernel.org> # 4.4
Signed-off-by: Dave Chinner <david@fromorbit.com>
Acked-by: Jiri Kosina <jkosina@suse.cz>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
---
fs/xfs/xfs_trans_ail.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/fs/xfs/xfs_trans_ail.c b/fs/xfs/xfs_trans_ail.c
index aa67339..4f18fd9 100644
--- a/fs/xfs/xfs_trans_ail.c
+++ b/fs/xfs/xfs_trans_ail.c
@@ -497,7 +497,6 @@ xfsaild(
long tout = 0; /* milliseconds */
current->flags |= PF_MEMALLOC;
- set_freezable();
while (!kthread_should_stop()) {
if (tout && tout <= 20)
--
cgit v0.12

View File

@ -1,78 +0,0 @@
From 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 Mon Sep 17 00:00:00 2001
From: Yevgeny Pats <yevgeny@perception-point.io>
Date: Tue, 19 Jan 2016 22:09:04 +0000
Subject: [PATCH] KEYS: Fix keyring ref leak in join_session_keyring()
This fixes CVE-2016-0728.
If a thread is asked to join as a session keyring the keyring that's already
set as its session, we leak a keyring reference.
This can be tested with the following program:
#include <stddef.h>
#include <stdio.h>
#include <sys/types.h>
#include <keyutils.h>
int main(int argc, const char *argv[])
{
int i = 0;
key_serial_t serial;
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
"leaked-keyring");
if (serial < 0) {
perror("keyctl");
return -1;
}
if (keyctl(KEYCTL_SETPERM, serial,
KEY_POS_ALL | KEY_USR_ALL) < 0) {
perror("keyctl");
return -1;
}
for (i = 0; i < 100; i++) {
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
"leaked-keyring");
if (serial < 0) {
perror("keyctl");
return -1;
}
}
return 0;
}
If, after the program has run, there something like the following line in
/proc/keys:
3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty
with a usage count of 100 * the number of times the program has been run,
then the kernel is malfunctioning. If leaked-keyring has zero usages or
has been garbage collected, then the problem is fixed.
Reported-by: Yevgeny Pats <yevgeny@perception-point.io>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Don Zickus <dzickus@redhat.com>
Acked-by: Prarit Bhargava <prarit@redhat.com>
Acked-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
---
security/keys/process_keys.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index a3f85d2a..e6d50172 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -794,6 +794,7 @@ long join_session_keyring(const char *name)
ret = PTR_ERR(keyring);
goto error2;
} else if (keyring == new->session_keyring) {
+ key_put(keyring);
ret = 0;
goto error2;
}

View File

@ -2,8 +2,8 @@
pkgbase=linux-vfio pkgbase=linux-vfio
_srcname=linux-4.4 _srcname=linux-4.4
pkgver=4.4 pkgver=4.4.1
pkgrel=4 pkgrel=1
arch=('i686' 'x86_64') arch=('i686' 'x86_64')
url="http://www.kernel.org/" url="http://www.kernel.org/"
license=('GPL2') license=('GPL2')
@ -11,8 +11,8 @@ makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc')
options=('!strip') options=('!strip')
source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz" source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz"
"https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.sign" "https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.sign"
#"https://www.kernel.org/pub/linux/kernel/v4.x/patch-${pkgver}.xz" "https://www.kernel.org/pub/linux/kernel/v4.x/patch-${pkgver}.xz"
#"https://www.kernel.org/pub/linux/kernel/v4.x/patch-${pkgver}.sign" "https://www.kernel.org/pub/linux/kernel/v4.x/patch-${pkgver}.sign"
# the main kernel config files # the main kernel config files
'config' 'config.x86_64' 'config' 'config.x86_64'
# standard config files for mkinitcpio ramdisk # standard config files for mkinitcpio ramdisk
@ -20,18 +20,22 @@ source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz"
'change-default-console-loglevel.patch' 'change-default-console-loglevel.patch'
'0001-sdhci-revert.patch' '0001-sdhci-revert.patch'
'tpmdd-devel-v3-base-platform-fix-binding-for-drivers-without-probe-callback.patch' 'tpmdd-devel-v3-base-platform-fix-binding-for-drivers-without-probe-callback.patch'
'CVE-2016-0728.patch' '0001-4.4-revert-btrfs.patch'
'0001-4.4-revert-xfs.patch'
'override_for_missing_acs_capabilities.patch' 'override_for_missing_acs_capabilities.patch'
'i915_317.patch') 'i915_317.patch')
sha256sums=('401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2' sha256sums=('401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2'
'SKIP' 'SKIP'
'd402c67f5a7334ac9e242344055ef4ac63fe43a1d8f1cda82eddd59d7242a63e' 'c0218043e61da3921cd14579ae4a8774a6fdad91667a9fdb851d0a35f62edb48'
'ddeadf2910deb0803d4d4920c4dc7f07d3fb63bca564073aeb5f6181358f20d7' 'SKIP'
'fbbae1d873900e84d1b7ef00593fbb94fc79f078a34b22ee824bab8b0a92be64'
'756a168bbc3bb582f0df45b977c32af53658f21d62fe15171c9ac85f52d8852a'
'f0d90e756f14533ee67afda280500511a62465b4f76adcc5effa95a40045179c' 'f0d90e756f14533ee67afda280500511a62465b4f76adcc5effa95a40045179c'
'1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99' '1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99'
'5313df7cb5b4d005422bd4cd0dae956b2dadba8f3db904275aaf99ac53894375' '5313df7cb5b4d005422bd4cd0dae956b2dadba8f3db904275aaf99ac53894375'
'ab57037ecee0a425c612babdff47c831378bca0bff063a1308599989a350226d' 'ab57037ecee0a425c612babdff47c831378bca0bff063a1308599989a350226d'
'03bed5b1c6ef34a917e218a46d38cd1347c5ab5693131996113c6cad275dc4e9' '51586b733e9f178bebe577258b6057b035eded516ffe8bf8bbb26cb0b26c4958'
'ffbfaa192d17bfc7c6293aa9a07efe57f65177051ae3d8033d5e45a7bca2e0ad'
'975f79348119bfba8dd972a9fbfe6b38484c45bfd228f2f6d48a0c02426ba149' '975f79348119bfba8dd972a9fbfe6b38484c45bfd228f2f6d48a0c02426ba149'
'b5a8eebbe75e1801b35d2f5197eba6f57123c224e09e97a7eb526f1fa58ac918') 'b5a8eebbe75e1801b35d2f5197eba6f57123c224e09e97a7eb526f1fa58ac918')
validpgpkeys=( validpgpkeys=(
@ -45,7 +49,7 @@ prepare() {
cd "${srcdir}/${_srcname}" cd "${srcdir}/${_srcname}"
# add upstream patch # add upstream patch
#patch -p1 -i "${srcdir}/patch-${pkgver}" patch -p1 -i "${srcdir}/patch-${pkgver}"
# add latest fixes from stable queue, if needed # add latest fixes from stable queue, if needed
# http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
@ -59,8 +63,9 @@ prepare() {
# https://bugzilla.kernel.org/show_bug.cgi?id=110751 # https://bugzilla.kernel.org/show_bug.cgi?id=110751
patch -Np1 -i "${srcdir}/tpmdd-devel-v3-base-platform-fix-binding-for-drivers-without-probe-callback.patch" patch -Np1 -i "${srcdir}/tpmdd-devel-v3-base-platform-fix-binding-for-drivers-without-probe-callback.patch"
# fixes #47820 CVE-2016-0728.patch # #47757 fix broken suspend from btrfs and xfs
patch -Np1 -i "${srcdir}/CVE-2016-0728.patch" patch -Np1 -i "${srcdir}/0001-4.4-revert-xfs.patch"
patch -Np1 -i "${srcdir}/0001-4.4-revert-btrfs.patch"
# set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param) # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
# remove this when a Kconfig knob is made available by upstream # remove this when a Kconfig knob is made available by upstream

2
config
View File

@ -7546,7 +7546,7 @@ CONFIG_X86_PTDUMP_CORE=y
# CONFIG_EFI_PGT_DUMP is not set # CONFIG_EFI_PGT_DUMP is not set
CONFIG_DEBUG_RODATA=y CONFIG_DEBUG_RODATA=y
# CONFIG_DEBUG_RODATA_TEST is not set # CONFIG_DEBUG_RODATA_TEST is not set
CONFIG_DEBUG_WX=y # CONFIG_DEBUG_WX is not set
CONFIG_DEBUG_SET_MODULE_RONX=y CONFIG_DEBUG_SET_MODULE_RONX=y
# CONFIG_DEBUG_NX_TEST is not set # CONFIG_DEBUG_NX_TEST is not set
CONFIG_DOUBLEFAULT=y CONFIG_DOUBLEFAULT=y

View File

@ -7286,7 +7286,7 @@ CONFIG_X86_PTDUMP_CORE=y
# CONFIG_EFI_PGT_DUMP is not set # CONFIG_EFI_PGT_DUMP is not set
CONFIG_DEBUG_RODATA=y CONFIG_DEBUG_RODATA=y
# CONFIG_DEBUG_RODATA_TEST is not set # CONFIG_DEBUG_RODATA_TEST is not set
CONFIG_DEBUG_WX=y # CONFIG_DEBUG_WX is not set
CONFIG_DEBUG_SET_MODULE_RONX=y CONFIG_DEBUG_SET_MODULE_RONX=y
# CONFIG_DEBUG_NX_TEST is not set # CONFIG_DEBUG_NX_TEST is not set
CONFIG_DOUBLEFAULT=y CONFIG_DOUBLEFAULT=y