diff options
author | Thorsten Leemhuis <fedora@leemhuis.info> | 2018-07-17 20:04:13 +0200 |
---|---|---|
committer | Thorsten Leemhuis <fedora@leemhuis.info> | 2018-07-17 20:04:13 +0200 |
commit | 7bd11983886ef4466260c95b2f8cdd766e95683f (patch) | |
tree | 44863f127518f0c96ff0df8c1a226df24957d75a | |
parent | 4c6683d47a625c6bf64783223637facae7404e82 (diff) | |
parent | 39a8ad911dc59d1424b6f88dd73ceb056bd6fe33 (diff) | |
download | kernel-4.17.7-250.vanilla.knurd.1.fc28.tar.gz kernel-4.17.7-250.vanilla.knurd.1.fc28.tar.xz kernel-4.17.7-250.vanilla.knurd.1.fc28.zip |
-rw-r--r-- | CVE-2018-13405.patch | 47 | ||||
-rw-r--r-- | configs/fedora/generic/powerpc/CONFIG_SND_HDA_INTEL | 1 | ||||
-rw-r--r-- | kernel-ppc64-debug.config | 2 | ||||
-rw-r--r-- | kernel-ppc64.config | 2 | ||||
-rw-r--r-- | kernel-ppc64le-debug.config | 2 | ||||
-rw-r--r-- | kernel-ppc64le.config | 2 | ||||
-rw-r--r-- | kernel.spec | 22 | ||||
-rw-r--r-- | mm-don-t-do-zero_resv_unavail-if-memmap-is-not-allocated.patch | 69 | ||||
-rw-r--r-- | sources | 2 | ||||
-rw-r--r-- | xhci-Fix-perceived-dead-host-due-to-runtime-suspend-.patch | 126 |
10 files changed, 219 insertions, 56 deletions
diff --git a/CVE-2018-13405.patch b/CVE-2018-13405.patch deleted file mode 100644 index 489e11f54..000000000 --- a/CVE-2018-13405.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 Mon Sep 17 00:00:00 2001 -From: Linus Torvalds <torvalds@linux-foundation.org> -Date: Tue, 3 Jul 2018 17:10:19 -0700 -Subject: [PATCH] Fix up non-directory creation in SGID directories - -sgid directories have special semantics, making newly created files in -the directory belong to the group of the directory, and newly created -subdirectories will also become sgid. This is historically used for -group-shared directories. - -But group directories writable by non-group members should not imply -that such non-group members can magically join the group, so make sure -to clear the sgid bit on non-directories for non-members (but remember -that sgid without group execute means "mandatory locking", just to -confuse things even more). - -Reported-by: Jann Horn <jannh@google.com> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Al Viro <viro@zeniv.linux.org.uk> -Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> -Signed-off-by: Jeremy Cline <jcline@redhat.com> ---- - fs/inode.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/fs/inode.c b/fs/inode.c -index 2c300e981796..8c86c809ca17 100644 ---- a/fs/inode.c -+++ b/fs/inode.c -@@ -1999,8 +1999,14 @@ void inode_init_owner(struct inode *inode, const struct inode *dir, - inode->i_uid = current_fsuid(); - if (dir && dir->i_mode & S_ISGID) { - inode->i_gid = dir->i_gid; -+ -+ /* Directories are special, and always inherit S_ISGID */ - if (S_ISDIR(mode)) - mode |= S_ISGID; -+ else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) && -+ !in_group_p(inode->i_gid) && -+ !capable_wrt_inode_uidgid(dir, CAP_FSETID)) -+ mode &= ~S_ISGID; - } else - inode->i_gid = current_fsgid(); - inode->i_mode = mode; --- -2.17.1 - diff --git a/configs/fedora/generic/powerpc/CONFIG_SND_HDA_INTEL b/configs/fedora/generic/powerpc/CONFIG_SND_HDA_INTEL deleted file mode 100644 index 6f057ecfe..000000000 --- a/configs/fedora/generic/powerpc/CONFIG_SND_HDA_INTEL +++ /dev/null @@ -1 +0,0 @@ -# CONFIG_SND_HDA_INTEL is not set diff --git a/kernel-ppc64-debug.config b/kernel-ppc64-debug.config index b73c4ed88..04658a16a 100644 --- a/kernel-ppc64-debug.config +++ b/kernel-ppc64-debug.config @@ -4949,7 +4949,7 @@ CONFIG_SND_HDA_HWDEP=y CONFIG_SND_HDA_I915=y CONFIG_SND_HDA_INPUT_BEEP_MODE=0 CONFIG_SND_HDA_INPUT_BEEP=y -# CONFIG_SND_HDA_INTEL is not set +CONFIG_SND_HDA_INTEL=m CONFIG_SND_HDA_PATCH_LOADER=y CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 CONFIG_SND_HDA_POWER_SAVE=y diff --git a/kernel-ppc64.config b/kernel-ppc64.config index 059b21e23..95f6aa221 100644 --- a/kernel-ppc64.config +++ b/kernel-ppc64.config @@ -4923,7 +4923,7 @@ CONFIG_SND_HDA_HWDEP=y CONFIG_SND_HDA_I915=y CONFIG_SND_HDA_INPUT_BEEP_MODE=0 CONFIG_SND_HDA_INPUT_BEEP=y -# CONFIG_SND_HDA_INTEL is not set +CONFIG_SND_HDA_INTEL=m CONFIG_SND_HDA_PATCH_LOADER=y CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 CONFIG_SND_HDA_POWER_SAVE=y diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config index 2d861e5ec..23d856590 100644 --- a/kernel-ppc64le-debug.config +++ b/kernel-ppc64le-debug.config @@ -4878,7 +4878,7 @@ CONFIG_SND_HDA_HWDEP=y CONFIG_SND_HDA_I915=y CONFIG_SND_HDA_INPUT_BEEP_MODE=0 CONFIG_SND_HDA_INPUT_BEEP=y -# CONFIG_SND_HDA_INTEL is not set +CONFIG_SND_HDA_INTEL=m CONFIG_SND_HDA_PATCH_LOADER=y CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 CONFIG_SND_HDA_POWER_SAVE=y diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config index 5d65cb4e6..885bb97fd 100644 --- a/kernel-ppc64le.config +++ b/kernel-ppc64le.config @@ -4852,7 +4852,7 @@ CONFIG_SND_HDA_HWDEP=y CONFIG_SND_HDA_I915=y CONFIG_SND_HDA_INPUT_BEEP_MODE=0 CONFIG_SND_HDA_INPUT_BEEP=y -# CONFIG_SND_HDA_INTEL is not set +CONFIG_SND_HDA_INTEL=m CONFIG_SND_HDA_PATCH_LOADER=y CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 CONFIG_SND_HDA_POWER_SAVE=y diff --git a/kernel.spec b/kernel.spec index 8c8825c6f..899febcc8 100644 --- a/kernel.spec +++ b/kernel.spec @@ -58,7 +58,7 @@ Summary: The Linux kernel %define stable_rc 0 # Do we have a -stable update to apply? -%define stable_update 6 +%define stable_update 7 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -685,8 +685,11 @@ Patch522: 0001-xfs-don-t-call-xfs_da_shrink_inode-with-NULL-bp.patch # CVE-2018-13095 rhbz 1597775 1597777 Patch523: 0001-xfs-More-robust-inode-extent-count-validation.patch -# CVE-2018-13405 rhbz 1599161 1599162 -Patch524: CVE-2018-13405.patch +# rhbz 1597333 +# Patch526: xhci-Fix-perceived-dead-host-due-to-runtime-suspend-.patch + +# i686 patch that will eventually be 4.17.8 +Patch527: mm-don-t-do-zero_resv_unavail-if-memmap-is-not-allocated.patch # END OF PATCH DEFINITIONS @@ -1940,6 +1943,19 @@ fi # # %changelog +* Tue Jul 17 2018 Justin M. Forbes <jforbes@fedoraproject.org> - 4.17.7-200 +- Linux v4.17.7 + +* Thu Jul 12 2018 Jeremy Cline <jeremy@jcline.org> +- Avoid an early WARN_ON in Xen (rhbz 1592976) +- Fix perceived dead xhci host (rhbz 1597333) + +* Thu Jul 12 2018 Dan Horák <dan@danny.cz> +- Enable HDA sound drivers on PPC + +* Wed Jul 11 2018 Jeremy Cline <jcline@redhat.com> - 4.17.6-200 +- Linux v4.17.6 + * Wed Jul 11 2018 Jeremy Cline <jeremy@jcline.org> - Add device ID for RTL8822BE in the Asus ROG GL702ZC (rhbz 1599917) diff --git a/mm-don-t-do-zero_resv_unavail-if-memmap-is-not-allocated.patch b/mm-don-t-do-zero_resv_unavail-if-memmap-is-not-allocated.patch new file mode 100644 index 000000000..f72e111ad --- /dev/null +++ b/mm-don-t-do-zero_resv_unavail-if-memmap-is-not-allocated.patch @@ -0,0 +1,69 @@ +From d1b47a7c9efcf3c3384b70f6e3c8f1423b44d8c7 Mon Sep 17 00:00:00 2001 +From: Pavel Tatashin <pasha.tatashin@oracle.com> +Date: Mon, 16 Jul 2018 11:16:30 -0400 +Subject: mm: don't do zero_resv_unavail if memmap is not allocated + +From: Pavel Tatashin <pasha.tatashin@oracle.com> + +commit d1b47a7c9efcf3c3384b70f6e3c8f1423b44d8c7 upstream. + +Moving zero_resv_unavail before memmap_init_zone(), caused a regression on +x86-32. + +The cause is that we access struct pages before they are allocated when +CONFIG_FLAT_NODE_MEM_MAP is used. + +free_area_init_nodes() + zero_resv_unavail() + mm_zero_struct_page(pfn_to_page(pfn)); <- struct page is not alloced + free_area_init_node() + if CONFIG_FLAT_NODE_MEM_MAP + alloc_node_mem_map() + memblock_virt_alloc_node_nopanic() <- struct page alloced here + +On the other hand memblock_virt_alloc_node_nopanic() zeroes all the memory +that it returns, so we do not need to do zero_resv_unavail() here. + +Fixes: e181ae0c5db9 ("mm: zero unavailable pages before memmap init") +Signed-off-by: Pavel Tatashin <pasha.tatashin@oracle.com> +Tested-by: Matt Hart <matt@mattface.org> +Acked-by: Michal Hocko <mhocko@suse.com> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> + +--- + include/linux/mm.h | 2 +- + mm/page_alloc.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +--- a/include/linux/mm.h ++++ b/include/linux/mm.h +@@ -2081,7 +2081,7 @@ extern int __meminit __early_pfn_to_nid( + struct mminit_pfnnid_cache *state); + #endif + +-#ifdef CONFIG_HAVE_MEMBLOCK ++#if defined(CONFIG_HAVE_MEMBLOCK) && !defined(CONFIG_FLAT_NODE_MEM_MAP) + void zero_resv_unavail(void); + #else + static inline void zero_resv_unavail(void) {} +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -6377,7 +6377,7 @@ void __paginginit free_area_init_node(in + free_area_init_core(pgdat); + } + +-#ifdef CONFIG_HAVE_MEMBLOCK ++#if defined(CONFIG_HAVE_MEMBLOCK) && !defined(CONFIG_FLAT_NODE_MEM_MAP) + /* + * Only struct pages that are backed by physical memory are zeroed and + * initialized by going through __init_single_page(). But, there are some +@@ -6415,7 +6415,7 @@ void __paginginit zero_resv_unavail(void + if (pgcnt) + pr_info("Reserved but unavailable: %lld pages", pgcnt); + } +-#endif /* CONFIG_HAVE_MEMBLOCK */ ++#endif /* CONFIG_HAVE_MEMBLOCK && !CONFIG_FLAT_NODE_MEM_MAP */ + + #ifdef CONFIG_HAVE_MEMBLOCK_NODE_MAP + @@ -1,2 +1,2 @@ SHA512 (linux-4.17.tar.xz) = 4d9de340a26155a89ea8773131c76220cc2057f2b5d031b467b60e8b14c1842518e2d60a863d8c695f0f7640f3f18d43826201984a238dade857b6cef79837db -SHA512 (patch-4.17.6.xz) = 4b791d94db704cbbe3dbf6b340735fe7999957741f116ca14060ced836aece1d4b51d0c3f376af1564e7379fbb9c9132a8e4d021fc74599f3ab037237d718651 +SHA512 (patch-4.17.7.xz) = 955342b78da2977dbd08ff0acb7e681c646b1dfceef71246a08bdd102e0b2ad41f3eb7c353755ed1da2e1a5d9138476adc7bf11fd732a3033b6f8aac457dac75 diff --git a/xhci-Fix-perceived-dead-host-due-to-runtime-suspend-.patch b/xhci-Fix-perceived-dead-host-due-to-runtime-suspend-.patch new file mode 100644 index 000000000..b52d783ae --- /dev/null +++ b/xhci-Fix-perceived-dead-host-due-to-runtime-suspend-.patch @@ -0,0 +1,126 @@ +From 229bc19fd7aca4f37964af06e3583c1c8f36b5d6 Mon Sep 17 00:00:00 2001 +From: Mathias Nyman <mathias.nyman@linux.intel.com> +Date: Thu, 21 Jun 2018 16:19:41 +0300 +Subject: [PATCH] xhci: Fix perceived dead host due to runtime suspend race + with event handler + +Don't rely on event interrupt (EINT) bit alone to detect pending port +change in resume. If no change event is detected the host may be suspended +again, oterwise roothubs are resumed. + +There is a lag in xHC setting EINT. If we don't notice the pending change +in resume, and the controller is runtime suspeded again, it causes the +event handler to assume host is dead as it will fail to read xHC registers +once PCI puts the controller to D3 state. + +[ 268.520969] xhci_hcd: xhci_resume: starting port polling. +[ 268.520985] xhci_hcd: xhci_hub_status_data: stopping port polling. +[ 268.521030] xhci_hcd: xhci_suspend: stopping port polling. +[ 268.521040] xhci_hcd: // Setting command ring address to 0x349bd001 +[ 268.521139] xhci_hcd: Port Status Change Event for port 3 +[ 268.521149] xhci_hcd: resume root hub +[ 268.521163] xhci_hcd: port resume event for port 3 +[ 268.521168] xhci_hcd: xHC is not running. +[ 268.521174] xhci_hcd: handle_port_status: starting port polling. +[ 268.596322] xhci_hcd: xhci_hc_died: xHCI host controller not responding, assume dead + +The EINT lag is described in a additional note in xhci specs 4.19.2: + +"Due to internal xHC scheduling and system delays, there will be a lag +between a change bit being set and the Port Status Change Event that it +generated being written to the Event Ring. If SW reads the PORTSC and +sees a change bit set, there is no guarantee that the corresponding Port +Status Change Event has already been written into the Event Ring." + +Cc: <stable@vger.kernel.org> +Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Signed-off-by: Jeremy Cline <jcline@redhat.com> +--- + drivers/usb/host/xhci.c | 40 +++++++++++++++++++++++++++++++++++++--- + drivers/usb/host/xhci.h | 4 ++++ + 2 files changed, 41 insertions(+), 3 deletions(-) + +diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c +index 8c8da2d657fa..f11ec61bcc7d 100644 +--- a/drivers/usb/host/xhci.c ++++ b/drivers/usb/host/xhci.c +@@ -908,6 +908,41 @@ static void xhci_disable_port_wake_on_bits(struct xhci_hcd *xhci) + spin_unlock_irqrestore(&xhci->lock, flags); + } + ++static bool xhci_pending_portevent(struct xhci_hcd *xhci) ++{ ++ struct xhci_port **ports; ++ int port_index; ++ u32 status; ++ u32 portsc; ++ ++ status = readl(&xhci->op_regs->status); ++ if (status & STS_EINT) ++ return true; ++ /* ++ * Checking STS_EINT is not enough as there is a lag between a change ++ * bit being set and the Port Status Change Event that it generated ++ * being written to the Event Ring. See note in xhci 1.1 section 4.19.2. ++ */ ++ ++ port_index = xhci->usb2_rhub.num_ports; ++ ports = xhci->usb2_rhub.ports; ++ while (port_index--) { ++ portsc = readl(ports[port_index]->addr); ++ if (portsc & PORT_CHANGE_MASK || ++ (portsc & PORT_PLS_MASK) == XDEV_RESUME) ++ return true; ++ } ++ port_index = xhci->usb3_rhub.num_ports; ++ ports = xhci->usb3_rhub.ports; ++ while (port_index--) { ++ portsc = readl(ports[port_index]->addr); ++ if (portsc & PORT_CHANGE_MASK || ++ (portsc & PORT_PLS_MASK) == XDEV_RESUME) ++ return true; ++ } ++ return false; ++} ++ + /* + * Stop HC (not bus-specific) + * +@@ -1009,7 +1044,7 @@ EXPORT_SYMBOL_GPL(xhci_suspend); + */ + int xhci_resume(struct xhci_hcd *xhci, bool hibernated) + { +- u32 command, temp = 0, status; ++ u32 command, temp = 0; + struct usb_hcd *hcd = xhci_to_hcd(xhci); + struct usb_hcd *secondary_hcd; + int retval = 0; +@@ -1134,8 +1169,7 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated) + done: + if (retval == 0) { + /* Resume root hubs only when have pending events. */ +- status = readl(&xhci->op_regs->status); +- if (status & STS_EINT) { ++ if (xhci_pending_portevent(xhci)) { + usb_hcd_resume_root_hub(xhci->shared_hcd); + usb_hcd_resume_root_hub(hcd); + } +diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h +index 939e2f86b595..841e89ffe2e9 100644 +--- a/drivers/usb/host/xhci.h ++++ b/drivers/usb/host/xhci.h +@@ -382,6 +382,10 @@ struct xhci_op_regs { + #define PORT_PLC (1 << 22) + /* port configure error change - port failed to configure its link partner */ + #define PORT_CEC (1 << 23) ++#define PORT_CHANGE_MASK (PORT_CSC | PORT_PEC | PORT_WRC | PORT_OCC | \ ++ PORT_RC | PORT_PLC | PORT_CEC) ++ ++ + /* Cold Attach Status - xHC can set this bit to report device attached during + * Sx state. Warm port reset should be perfomed to clear this bit and move port + * to connected state. +-- +2.17.1 + |