diff options
author | Josh Boyer <jwboyer@fedoraproject.org> | 2015-02-23 11:30:18 -0500 |
---|---|---|
committer | Josh Boyer <jwboyer@fedoraproject.org> | 2015-02-23 11:30:23 -0500 |
commit | d7293323e7b09ea8bd2f0bbdb43a9b169562bc4d (patch) | |
tree | fc7e0f0250044ba9fa8595e4f60eb5cf853c5342 | |
parent | ea9098159c5db0c8cee08ee41ee147509c904eb3 (diff) | |
download | kernel-d7293323e7b09ea8bd2f0bbdb43a9b169562bc4d.tar.gz kernel-d7293323e7b09ea8bd2f0bbdb43a9b169562bc4d.tar.xz kernel-d7293323e7b09ea8bd2f0bbdb43a9b169562bc4d.zip |
Linux v4.0-rc1
- CVE-2015-0275 ext4: fallocate zero range page size > block size BUG (rhbz 1193907 1195178)
- Disable debugging options.
Yay for major version bumps :\.
We grab the full rc1 tarball instead of just the patch to make this way less
messy in the spec. When 4.0 final is released, we'll need to undo a few
specific hacks. Namely, we need to redefine:
upstream_sublevel
kversion
Source0
back to the standard definitions.
Thanks to Kyle for figuring this out 3 years ago.
-rw-r--r-- | ASLR-fix-stack-randomization-on-64-bit-systems.patch | 104 | ||||
-rw-r--r-- | Add-option-to-automatically-enforce-module-signature.patch | 14 | ||||
-rw-r--r-- | Add-sysrq-option-to-disable-secure-boot-mode.patch | 6 | ||||
-rw-r--r-- | Kbuild-Add-an-option-to-enable-GCC-VTA.patch | 2 | ||||
-rw-r--r-- | Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch | 2 | ||||
-rw-r--r-- | arm-highbank-l2-reverts.patch | 2 | ||||
-rw-r--r-- | config-arm-generic | 3 | ||||
-rw-r--r-- | config-armv7 | 2 | ||||
-rw-r--r-- | config-armv7-generic | 3 | ||||
-rw-r--r-- | config-generic | 12 | ||||
-rw-r--r-- | config-nodebug | 114 | ||||
-rw-r--r-- | config-x86-32-generic | 1 | ||||
-rw-r--r-- | config-x86-generic | 2 | ||||
-rw-r--r-- | efi-Add-EFI_SECURE_BOOT-bit.patch | 4 | ||||
-rw-r--r-- | efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch | 4 | ||||
-rw-r--r-- | ext4-Allocate-entire-range-in-zero-range.patch | 78 | ||||
-rw-r--r-- | kernel.spec | 76 | ||||
-rw-r--r-- | ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch | 45 | ||||
-rw-r--r-- | sources | 5 | ||||
-rw-r--r-- | vhost-scsi-potential-memory-corruption.patch | 53 |
20 files changed, 204 insertions, 328 deletions
diff --git a/ASLR-fix-stack-randomization-on-64-bit-systems.patch b/ASLR-fix-stack-randomization-on-64-bit-systems.patch deleted file mode 100644 index b382815f8..000000000 --- a/ASLR-fix-stack-randomization-on-64-bit-systems.patch +++ /dev/null @@ -1,104 +0,0 @@ -From: Hector Marco-Gisbert <hecmargi@upv.es> -Date: Sat, 14 Feb 2015 09:33:50 -0800 -Subject: [PATCH] ASLR: fix stack randomization on 64-bit systems - -The issue is that the stack for processes is not properly randomized on 64 bit -architectures due to an integer overflow. - -The affected function is randomize_stack_top() in file "fs/binfmt_elf.c": - -static unsigned long randomize_stack_top(unsigned long stack_top) -{ - unsigned int random_variable = 0; - - if ((current->flags & PF_RANDOMIZE) && - !(current->personality & ADDR_NO_RANDOMIZE)) { - random_variable = get_random_int() & STACK_RND_MASK; - random_variable <<= PAGE_SHIFT; - } - return PAGE_ALIGN(stack_top) + random_variable; - return PAGE_ALIGN(stack_top) - random_variable; -} - -Note that, it declares the "random_variable" variable as "unsigned int". Since -the result of the shifting operation between STACK_RND_MASK (which is -0x3fffff on x86_64, 22 bits) and PAGE_SHIFT (which is 12 on x86_64): - -random_variable <<= PAGE_SHIFT; - -then the two leftmost bits are dropped when storing the result in the -"random_variable". This variable shall be at least 34 bits long to hold the -(22+12) result. - -These two dropped bits have an impact on the entropy of process stack. -Concretely, the total stack entropy is reduced by four: from 2^28 to 2^30 (One -fourth of expected entropy). - -This patch restores back the entropy by correcting the types involved in the -operations in the functions randomize_stack_top() and stack_maxrandom_size(). - -The successful fix can be tested with: -$ for i in `seq 1 10`; do cat /proc/self/maps | grep stack; done -7ffeda566000-7ffeda587000 rw-p 00000000 00:00 0 [stack] -7fff5a332000-7fff5a353000 rw-p 00000000 00:00 0 [stack] -7ffcdb7a1000-7ffcdb7c2000 rw-p 00000000 00:00 0 [stack] -7ffd5e2c4000-7ffd5e2e5000 rw-p 00000000 00:00 0 [stack] -... - -Once corrected, the leading bytes should be between 7ffc and 7fff, rather -than always being 7fff. - -CVE-2015-1593 - -Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> -Signed-off-by: Ismael Ripoll <iripoll@upv.es> -[kees: rebase, fix 80 char, clean up commit message, add test example, cve] -Signed-off-by: Kees Cook <keescook@chromium.org> -Cc: stable@vger.kernel.org ---- - arch/x86/mm/mmap.c | 6 +++--- - fs/binfmt_elf.c | 5 +++-- - 2 files changed, 6 insertions(+), 5 deletions(-) - -diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c -index 919b91205cd4..df4552bd239e 100644 ---- a/arch/x86/mm/mmap.c -+++ b/arch/x86/mm/mmap.c -@@ -35,12 +35,12 @@ struct va_alignment __read_mostly va_align = { - .flags = -1, - }; - --static unsigned int stack_maxrandom_size(void) -+static unsigned long stack_maxrandom_size(void) - { -- unsigned int max = 0; -+ unsigned long max = 0; - if ((current->flags & PF_RANDOMIZE) && - !(current->personality & ADDR_NO_RANDOMIZE)) { -- max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT; -+ max = ((-1UL) & STACK_RND_MASK) << PAGE_SHIFT; - } - - return max; -diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 02b16910f4c9..995986b8e36b 100644 ---- a/fs/binfmt_elf.c -+++ b/fs/binfmt_elf.c -@@ -645,11 +645,12 @@ out: - - static unsigned long randomize_stack_top(unsigned long stack_top) - { -- unsigned int random_variable = 0; -+ unsigned long random_variable = 0; - - if ((current->flags & PF_RANDOMIZE) && - !(current->personality & ADDR_NO_RANDOMIZE)) { -- random_variable = get_random_int() & STACK_RND_MASK; -+ random_variable = (unsigned long) get_random_int(); -+ random_variable &= STACK_RND_MASK; - random_variable <<= PAGE_SHIFT; - } - #ifdef CONFIG_STACK_GROWSUP --- -2.1.0 - diff --git a/Add-option-to-automatically-enforce-module-signature.patch b/Add-option-to-automatically-enforce-module-signature.patch index 4f251711c..8f9122481 100644 --- a/Add-option-to-automatically-enforce-module-signature.patch +++ b/Add-option-to-automatically-enforce-module-signature.patch @@ -20,7 +20,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> 7 files changed, 69 insertions(+), 1 deletion(-) diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt -index 199f453cb4de..ec38acf00b40 100644 +index 82fbdbc1e0b0..a811210ad486 100644 --- a/Documentation/x86/zero-page.txt +++ b/Documentation/x86/zero-page.txt @@ -30,6 +30,8 @@ Offset Proto Name Meaning @@ -33,10 +33,10 @@ index 199f453cb4de..ec38acf00b40 100644 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures 2D0/A00 ALL e820_map E820 memory map table diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index eb1cf898ed3c..a2a0a1636287 100644 +index c2fb8a87dccb..0ec6272203e4 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1678,6 +1678,16 @@ config EFI_MIXED +@@ -1694,6 +1694,16 @@ config EFI_MIXED If unsure, say N. @@ -115,10 +115,10 @@ index ef17683484e9..105e7360d747 100644 setup_efi_pci(boot_params); diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h -index 225b0988043a..90dbfb73e11f 100644 +index 44e6dd7e36a2..3ddf4150bd9e 100644 --- a/arch/x86/include/uapi/asm/bootparam.h +++ b/arch/x86/include/uapi/asm/bootparam.h -@@ -133,7 +133,8 @@ struct boot_params { +@@ -134,7 +134,8 @@ struct boot_params { __u8 eddbuf_entries; /* 0x1e9 */ __u8 edd_mbr_sig_buf_entries; /* 0x1ea */ __u8 kbd_status; /* 0x1eb */ @@ -129,10 +129,10 @@ index 225b0988043a..90dbfb73e11f 100644 * The sentinel is set to a nonzero value (0xff) in header.S. * diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 0a2421cca01f..a3d8174dedf9 100644 +index 98dc9317286e..26741d24797e 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1151,6 +1151,12 @@ void __init setup_arch(char **cmdline_p) +@@ -1165,6 +1165,12 @@ void __init setup_arch(char **cmdline_p) io_delay_init(); diff --git a/Add-sysrq-option-to-disable-secure-boot-mode.patch b/Add-sysrq-option-to-disable-secure-boot-mode.patch index 76b493bb3..a22af8297 100644 --- a/Add-sysrq-option-to-disable-secure-boot-mode.patch +++ b/Add-sysrq-option-to-disable-secure-boot-mode.patch @@ -15,7 +15,7 @@ Upstream-status: Fedora mustard 7 files changed, 65 insertions(+), 10 deletions(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 26c5d54124c1..dab298f03a9c 100644 +index 64a123acb97f..2964c69e7c8e 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -70,6 +70,11 @@ @@ -30,7 +30,7 @@ index 26c5d54124c1..dab298f03a9c 100644 #include <video/edid.h> #include <asm/mtrr.h> -@@ -1278,6 +1283,37 @@ void __init i386_reserve_resources(void) +@@ -1292,6 +1297,37 @@ void __init i386_reserve_resources(void) #endif /* CONFIG_X86_32 */ @@ -215,7 +215,7 @@ index 387fa7d05c98..4b07e30b3279 100644 int unregister_sysrq_key(int key, struct sysrq_key_op *op); struct sysrq_key_op *__sysrq_get_key_op(int key); diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c -index 7b40c5f07dce..8a60477b96e1 100644 +index 4121345498e0..0ff3cef5df96 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c @@ -1968,7 +1968,7 @@ static int kdb_sr(int argc, const char **argv) diff --git a/Kbuild-Add-an-option-to-enable-GCC-VTA.patch b/Kbuild-Add-an-option-to-enable-GCC-VTA.patch index c3f957b76..6eae7b8b1 100644 --- a/Kbuild-Add-an-option-to-enable-GCC-VTA.patch +++ b/Kbuild-Add-an-option-to-enable-GCC-VTA.patch @@ -43,7 +43,7 @@ Signed-off-by: Josh Stone <jistone@redhat.com> 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile -index 19e256ae2679..376e8a456f72 100644 +index 9fab639727c7..d67b25152475 100644 --- a/Makefile +++ b/Makefile @@ -706,7 +706,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer diff --git a/Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch b/Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch index 27f5276eb..d10088ab7 100644 --- a/Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch +++ b/Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch @@ -28,7 +28,7 @@ index bfcb1a62a7b4..a1d62e9ed29b 100644 virtio_mmio.device= [VMMIO] Memory mapped virtio (platform) device. diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c -index 88a4f99dd2a7..570920c08a51 100644 +index debd30917010..eeb4cf627553 100644 --- a/drivers/acpi/video.c +++ b/drivers/acpi/video.c @@ -68,7 +68,7 @@ MODULE_AUTHOR("Bruno Ducrot"); diff --git a/arm-highbank-l2-reverts.patch b/arm-highbank-l2-reverts.patch index b50c20dab..9b886d00d 100644 --- a/arm-highbank-l2-reverts.patch +++ b/arm-highbank-l2-reverts.patch @@ -9,7 +9,7 @@ Will debug upstream separately, but we need F22/21 running there. (#1139762) 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/arch/arm/mach-highbank/highbank.c b/arch/arm/mach-highbank/highbank.c -index 07a09570175d..5db6d14fcd67 100644 +index 231fba0d03e5..0de5a6ddd5eb 100644 --- a/arch/arm/mach-highbank/highbank.c +++ b/arch/arm/mach-highbank/highbank.c @@ -51,13 +51,11 @@ static void __init highbank_scu_map_io(void) diff --git a/config-arm-generic b/config-arm-generic index 47d524fd3..30b043642 100644 --- a/config-arm-generic +++ b/config-arm-generic @@ -196,9 +196,6 @@ CONFIG_IIO_SYSFS_TRIGGER=m # PHY framework CONFIG_GENERIC_PHY=y -# MFD -CONFIG_MFD_CORE=m - CONFIG_SMC91X=m CONFIG_SMC911X=m diff --git a/config-armv7 b/config-armv7 index 81175c22e..7f76e3893 100644 --- a/config-armv7 +++ b/config-armv7 @@ -329,6 +329,8 @@ CONFIG_PINCTRL_MSM8X74=m CONFIG_PINCTRL_MSM8916=m CONFIG_PINCTRL_QCOM_SPMI_PMIC=m CONFIG_COMMON_CLK_QCOM=m +# CONFIG_IPQ_LCC_806X is not set +# CONFIG_MSM_LCC_8960 is not set CONFIG_MFD_QCOM_RPM=m CONFIG_MFD_PM8921_CORE=m CONFIG_REGULATOR_QCOM_RPM=m diff --git a/config-armv7-generic b/config-armv7-generic index 761fd0224..74aa6fd0e 100644 --- a/config-armv7-generic +++ b/config-armv7-generic @@ -408,8 +408,6 @@ CONFIG_DRM_PANEL_S6E8AA0=m CONFIG_DRM_PANEL_SHARP_LQ101R1SX01=m # regmap -CONFIG_REGMAP=y -CONFIG_REGMAP_I2C=m CONFIG_REGMAP_SPI=m CONFIG_REGMAP_SPMI=m CONFIG_REGMAP_MMIO=m @@ -835,6 +833,7 @@ CONFIG_SND_SOC_TS3A227E=m # CONFIG_INPUT_AXP20X_PEK is not set # CONFIG_POWER_RESET_BRCMSTB is not set # CONFIG_INPUT_TPS65218_PWRBUTTON is not set +# CONFIG_CLK_QORIQ is not set # Debug options. We need to deal with them at some point like x86 # CONFIG_DEBUG_USER is not set diff --git a/config-generic b/config-generic index 06b8c5750..7ce786e16 100644 --- a/config-generic +++ b/config-generic @@ -201,6 +201,7 @@ CONFIG_BINFMT_MISC=m # # CONFIG_COMMON_CLK_SI5351 is not set +# CONFIG_COMMON_CLK_CDCE706 is not set # # Generic Driver Options @@ -214,6 +215,9 @@ CONFIG_EXTRA_FIRMWARE="" # CONFIG_FW_LOADER_USER_HELPER is not set # CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set +CONFIG_REGMAP=y +CONFIG_REGMAP_I2C=m + # CONFIG_CMA is not set # CONFIG_DMA_CMA is not set # CONFIG_FENCE_TRACE is not set @@ -1713,13 +1717,13 @@ CONFIG_B43_PCMCIA=y CONFIG_B43_SDIO=y CONFIG_B43_BCMA=y CONFIG_B43_BCMA_PIO=y -CONFIG_B43_DEBUG=y +# CONFIG_B43_DEBUG is not set CONFIG_B43_PHY_LP=y CONFIG_B43_PHY_N=y CONFIG_B43_PHY_HT=y CONFIG_B43_PHY_G=y CONFIG_B43LEGACY=m -CONFIG_B43LEGACY_DEBUG=y +# CONFIG_B43LEGACY_DEBUG is not set CONFIG_B43LEGACY_DMA=y CONFIG_B43LEGACY_PIO=y CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y @@ -4056,6 +4060,8 @@ CONFIG_PCF50633_GPIO=m CONFIG_INPUT_PCF50633_PMU=m CONFIG_INPUT_GPIO_ROTARY_ENCODER=m +CONFIG_MFD_CORE=m + CONFIG_MFD_VX855=m CONFIG_MFD_SM501=m CONFIG_MFD_SM501_GPIO=y @@ -4778,7 +4784,7 @@ CONFIG_PM_DEBUG=y # CONFIG_DPM_WATCHDOG is not set # revisit this in debug CONFIG_PM_TRACE=y CONFIG_PM_TRACE_RTC=y -CONFIG_PM_TEST_SUSPEND=y +# CONFIG_PM_TEST_SUSPEND is not set CONFIG_PM_RUNTIME=y # CONFIG_PM_OPP is not set # CONFIG_PM_AUTOSLEEP is not set diff --git a/config-nodebug b/config-nodebug index 6c098422a..01008d646 100644 --- a/config-nodebug +++ b/config-nodebug @@ -2,100 +2,100 @@ CONFIG_SND_VERBOSE_PRINTK=y CONFIG_SND_DEBUG=y CONFIG_SND_PCM_XRUN_DEBUG=y -CONFIG_DEBUG_ATOMIC_SLEEP=y - -CONFIG_DEBUG_MUTEXES=y -CONFIG_DEBUG_RT_MUTEXES=y -CONFIG_DEBUG_LOCK_ALLOC=y -CONFIG_LOCK_TORTURE_TEST=m -CONFIG_PROVE_LOCKING=y -CONFIG_DEBUG_SPINLOCK=y -CONFIG_PROVE_RCU=y +# CONFIG_DEBUG_ATOMIC_SLEEP is not set + +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_PROVE_LOCKING is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_PROVE_RCU is not set # CONFIG_PROVE_RCU_REPEATEDLY is not set -CONFIG_DEBUG_PER_CPU_MAPS=y +# CONFIG_DEBUG_PER_CPU_MAPS is not set CONFIG_CPUMASK_OFFSTACK=y -CONFIG_CPU_NOTIFIER_ERROR_INJECT=m +# CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set -CONFIG_FAULT_INJECTION=y -CONFIG_FAILSLAB=y -CONFIG_FAIL_PAGE_ALLOC=y -CONFIG_FAIL_MAKE_REQUEST=y -CONFIG_FAULT_INJECTION_DEBUG_FS=y -CONFIG_FAULT_INJECTION_STACKTRACE_FILTER=y -CONFIG_FAIL_IO_TIMEOUT=y -CONFIG_FAIL_MMC_REQUEST=y +# CONFIG_FAULT_INJECTION is not set +# CONFIG_FAILSLAB is not set +# CONFIG_FAIL_PAGE_ALLOC is not set +# CONFIG_FAIL_MAKE_REQUEST is not set +# CONFIG_FAULT_INJECTION_DEBUG_FS is not set +# CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is not set +# CONFIG_FAIL_IO_TIMEOUT is not set +# CONFIG_FAIL_MMC_REQUEST is not set -CONFIG_LOCK_STAT=y +# CONFIG_LOCK_STAT is not set -CONFIG_DEBUG_STACK_USAGE=y +# CONFIG_DEBUG_STACK_USAGE is not set -CONFIG_ACPI_DEBUG=y +# CONFIG_ACPI_DEBUG is not set -CONFIG_DEBUG_SG=y -CONFIG_DEBUG_PI_LIST=y +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_PI_LIST is not set # CONFIG_PAGE_EXTENSION is not set # CONFIG_PAGE_OWNER is not set # CONFIG_DEBUG_PAGEALLOC is not set -CONFIG_DEBUG_OBJECTS=y +# CONFIG_DEBUG_OBJECTS is not set # CONFIG_DEBUG_OBJECTS_SELFTEST is not set -CONFIG_DEBUG_OBJECTS_FREE=y -CONFIG_DEBUG_OBJECTS_TIMERS=y -CONFIG_DEBUG_OBJECTS_RCU_HEAD=y +# CONFIG_DEBUG_OBJECTS_FREE is not set +# CONFIG_DEBUG_OBJECTS_TIMERS is not set +# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1 CONFIG_X86_PTDUMP=y -CONFIG_ARM64_PTDUMP=y -CONFIG_EFI_PGT_DUMP=y +# CONFIG_ARM64_PTDUMP is not set +# CONFIG_EFI_PGT_DUMP is not set -CONFIG_CAN_DEBUG_DEVICES=y +# CONFIG_CAN_DEBUG_DEVICES is not set -CONFIG_MODULE_FORCE_UNLOAD=y +# CONFIG_MODULE_FORCE_UNLOAD is not set -CONFIG_DEBUG_NOTIFIERS=y +# CONFIG_DEBUG_NOTIFIERS is not set -CONFIG_DMA_API_DEBUG=y +# CONFIG_DMA_API_DEBUG is not set -CONFIG_MMIOTRACE=y +# CONFIG_MMIOTRACE is not set -CONFIG_DEBUG_CREDENTIALS=y +# CONFIG_DEBUG_CREDENTIALS is not set # off in both production debug and nodebug builds, # on in rawhide nodebug builds -CONFIG_DEBUG_FORCE_WEAK_PER_CPU=y +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set -CONFIG_EXT4_DEBUG=y +# CONFIG_EXT4_DEBUG is not set # CONFIG_XFS_WARN is not set -CONFIG_DEBUG_PERF_USE_VMALLOC=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set -CONFIG_JBD2_DEBUG=y +# CONFIG_JBD2_DEBUG is not set -CONFIG_NFSD_FAULT_INJECTION=y +# CONFIG_NFSD_FAULT_INJECTION is not set -CONFIG_DEBUG_BLK_CGROUP=y +# CONFIG_DEBUG_BLK_CGROUP is not set -CONFIG_DRBD_FAULT_INJECTION=y +# CONFIG_DRBD_FAULT_INJECTION is not set -CONFIG_ATH_DEBUG=y -CONFIG_CARL9170_DEBUGFS=y -CONFIG_IWLWIFI_DEVICE_TRACING=y +# CONFIG_ATH_DEBUG is not set +# CONFIG_CARL9170_DEBUGFS is not set +# CONFIG_IWLWIFI_DEVICE_TRACING is not set # CONFIG_RTLWIFI_DEBUG is not set -CONFIG_DEBUG_OBJECTS_WORK=y +# CONFIG_DEBUG_OBJECTS_WORK is not set -CONFIG_DMADEVICES_DEBUG=y -CONFIG_DMADEVICES_VDEBUG=y +# CONFIG_DMADEVICES_DEBUG is not set +# CONFIG_DMADEVICES_VDEBUG is not set CONFIG_PM_ADVANCED_DEBUG=y -CONFIG_CEPH_LIB_PRETTYDEBUG=y -CONFIG_QUOTA_DEBUG=y +# CONFIG_CEPH_LIB_PRETTYDEBUG is not set +# CONFIG_QUOTA_DEBUG is not set CONFIG_KGDB_KDB=y @@ -103,18 +103,18 @@ CONFIG_KDB_DEFAULT_ENABLE=0x0 CONFIG_KDB_KEYBOARD=y CONFIG_KDB_CONTINUE_CATASTROPHIC=0 -CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y +# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set # CONFIG_PERCPU_TEST is not set -CONFIG_TEST_LIST_SORT=y +# CONFIG_TEST_LIST_SORT is not set # CONFIG_TEST_STRING_HELPERS is not set -CONFIG_DETECT_HUNG_TASK=y +# CONFIG_DETECT_HUNG_TASK is not set CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 # CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set -CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y +# CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK is not set -CONFIG_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=1024 # CONFIG_DEBUG_KMEMLEAK_TEST is not set CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y @@ -125,7 +125,7 @@ CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y # CONFIG_SPI_DEBUG is not set -CONFIG_X86_DEBUG_STATIC_CPU_HAS=y +# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set # CONFIG_SCHEDSTATS is not set # CONFIG_LATENCYTOP is not set diff --git a/config-x86-32-generic b/config-x86-32-generic index 78814522d..ba25ddb4d 100644 --- a/config-x86-32-generic +++ b/config-x86-32-generic @@ -178,6 +178,7 @@ CONFIG_SERIAL_GRLIB_GAISLER_APBUART=m # CONFIG_MMC_SDHCI_OF is not set # CONFIG_X86_INTEL_MID is not set +# CONFIG_X86_INTEL_QUARK is not set CONFIG_MFD_CS5535=m # CONFIG_MFD_SYSCON is not set diff --git a/config-x86-generic b/config-x86-generic index 1aadc94cc..ed384c358 100644 --- a/config-x86-generic +++ b/config-x86-generic @@ -348,7 +348,7 @@ CONFIG_SP5100_TCO=m # CONFIG_MEMTEST is not set # CONFIG_DEBUG_TLBFLUSH is not set -CONFIG_MAXSMP=y +# CONFIG_MAXSMP is not set CONFIG_HP_ILO=m diff --git a/efi-Add-EFI_SECURE_BOOT-bit.patch b/efi-Add-EFI_SECURE_BOOT-bit.patch index df9a0dfcb..f0110ea86 100644 --- a/efi-Add-EFI_SECURE_BOOT-bit.patch +++ b/efi-Add-EFI_SECURE_BOOT-bit.patch @@ -12,10 +12,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org> 2 files changed, 3 insertions(+) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index a3d8174dedf9..26c5d54124c1 100644 +index 26741d24797e..64a123acb97f 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1153,7 +1153,9 @@ void __init setup_arch(char **cmdline_p) +@@ -1167,7 +1167,9 @@ void __init setup_arch(char **cmdline_p) #ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE if (boot_params.secure_boot) { diff --git a/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch b/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch index 5db62eed9..f4cdd8d35 100644 --- a/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch +++ b/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch @@ -11,10 +11,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org> 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index a2a0a1636287..5b5c9e803d19 100644 +index 0ec6272203e4..9d8c58783e7d 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1679,7 +1679,8 @@ config EFI_MIXED +@@ -1695,7 +1695,8 @@ config EFI_MIXED If unsure, say N. config EFI_SECURE_BOOT_SIG_ENFORCE diff --git a/ext4-Allocate-entire-range-in-zero-range.patch b/ext4-Allocate-entire-range-in-zero-range.patch new file mode 100644 index 000000000..3b35e1a1b --- /dev/null +++ b/ext4-Allocate-entire-range-in-zero-range.patch @@ -0,0 +1,78 @@ +From: Lukas Czerner <lczerner@redhat.com> +Date: Wed, 18 Feb 2015 17:49:28 +0100 +Subject: [PATCH] ext4: Allocate entire range in zero range + +Currently there is a bug in zero range code which causes zero range +calls to only allocate block aligned portion of the range, while +ignoring the rest in some cases. + +In some cases, namely if the end of the range is past isize, we do +attempt to preallocate the last nonaligned block. However this might +cause kernel to BUG() in some carefully designed zero range requests on +setups where page size > block size. + +Fix this problem by first preallocating the entire range, including the +nonaligned edges and converting the written extents to unwritten in the +next step. This approach will also give us the advantage of having the +range to be as linearly contiguous as possible. + +Signed-off-by: Lukas Czerner <lczerner@redhat.com> +--- + fs/ext4/extents.c | 31 +++++++++++++++++++------------ + 1 file changed, 19 insertions(+), 12 deletions(-) + +diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c +index bed43081720f..aa522429b751 100644 +--- a/fs/ext4/extents.c ++++ b/fs/ext4/extents.c +@@ -4803,12 +4803,6 @@ static long ext4_zero_range(struct file *file, loff_t offset, + else + max_blocks -= lblk; + +- flags = EXT4_GET_BLOCKS_CREATE_UNWRIT_EXT | +- EXT4_GET_BLOCKS_CONVERT_UNWRITTEN | +- EXT4_EX_NOCACHE; +- if (mode & FALLOC_FL_KEEP_SIZE) +- flags |= EXT4_GET_BLOCKS_KEEP_SIZE; +- + mutex_lock(&inode->i_mutex); + + /* +@@ -4825,15 +4819,28 @@ static long ext4_zero_range(struct file *file, loff_t offset, + ret = inode_newsize_ok(inode, new_size); + if (ret) + goto out_mutex; +- /* +- * If we have a partial block after EOF we have to allocate +- * the entire block. +- */ +- if (partial_end) +- max_blocks += 1; + } + ++ flags = EXT4_GET_BLOCKS_CREATE_UNWRIT_EXT; ++ if (mode & FALLOC_FL_KEEP_SIZE) ++ flags |= EXT4_GET_BLOCKS_KEEP_SIZE; ++ ++ /* Preallocate the range including the unaligned edges */ ++ if (partial_begin || partial_end) { ++ ret = ext4_alloc_file_blocks(file, ++ round_down(offset, 1 << blkbits) >> blkbits, ++ (round_up((offset + len), 1 << blkbits) - ++ round_down(offset, 1 << blkbits)) >> blkbits, ++ new_size, flags, mode); ++ if (ret) ++ goto out_mutex; ++ ++ } ++ ++ /* Zero range excluding the unaligned edges */ + if (max_blocks > 0) { ++ flags |= (EXT4_GET_BLOCKS_CONVERT_UNWRITTEN | ++ EXT4_EX_NOCACHE); + + /* Now release the pages and zero block aligned part of pages*/ + truncate_pagecache_range(inode, start, end - 1); +-- +2.1.0 + diff --git a/kernel.spec b/kernel.spec index 538064429..0911aaad8 100644 --- a/kernel.spec +++ b/kernel.spec @@ -48,7 +48,7 @@ Summary: The Linux kernel # base_sublevel is the kernel version we're starting with and patching # on top of -- for example, 3.1-rc7-git1 starts with a 3.0 base, # which yields a base_sublevel of 0. -%define base_sublevel 19 +%define base_sublevel 0 ## If this is a released kernel ## %if 0%{?released_kernel} @@ -60,18 +60,19 @@ Summary: The Linux kernel %define stablerev %{stable_update} %define stable_base %{stable_update} %endif -%define rpmversion 3.%{base_sublevel}.%{stable_update} +%define rpmversion 4.%{base_sublevel}.%{stable_update} ## The not-released-kernel case ## %else # The next upstream release sublevel (base_sublevel+1) -%define upstream_sublevel %(echo $((%{base_sublevel} + 1))) +# define upstream_sublevel %(echo $((%{base_sublevel} + 1))) +%define upstream_sublevel 0 # The rc snapshot level -%define rcrev 0 +%define rcrev 1 # The git snapshot level -%define gitrev 10 +%define gitrev 0 # Set rpm version accordingly -%define rpmversion 3.%{upstream_sublevel}.0 +%define rpmversion 4.%{upstream_sublevel}.0 %endif # Nb: The above rcrev and gitrev values automagically define Patch00 and Patch01 below. @@ -124,7 +125,7 @@ Summary: The Linux kernel # Set debugbuildsenabled to 1 for production (build separate debug kernels) # and 0 for rawhide (all kernels are debug kernels). # See also 'make debug' and 'make release'. -%define debugbuildsenabled 0 +%define debugbuildsenabled 1 # Want to build a vanilla kernel build without any non-upstream patches? %define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0} @@ -152,7 +153,8 @@ Summary: The Linux kernel %endif # The kernel tarball/base version -%define kversion 3.%{base_sublevel} +# define kversion 4.%{base_sublevel} +%define kversion 4.%{base_sublevel}-rc%rcrev %define make_target bzImage @@ -409,7 +411,8 @@ BuildRequires: binutils-%{_build_arch}-linux-gnu, gcc-%{_build_arch}-linux-gnu %define cross_opts CROSS_COMPILE=%{_build_arch}-linux-gnu- %endif -Source0: ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-%{kversion}.tar.xz +#Source0: ftp://ftp.kernel.org/pub/linux/kernel/v4.x/linux-%{kversion}.tar.xz +Source0: ftp://ftp.kernel.org/pub/linux/kernel/v4.x/linux-4.0-rc1.tar.xz Source10: perf-man-%{kversion}.tar.gz Source11: x509.genkey @@ -471,7 +474,7 @@ Source2001: cpupower.config # For a stable release kernel %if 0%{?stable_update} %if 0%{?stable_base} -%define stable_patch_00 patch-3.%{base_sublevel}.%{stable_base}.xz +%define stable_patch_00 patch-4.%{base_sublevel}.%{stable_base}.xz Patch00: %{stable_patch_00} %endif @@ -480,14 +483,14 @@ Patch00: %{stable_patch_00} # near the top of this spec file. %else %if 0%{?rcrev} -Patch00: patch-3.%{upstream_sublevel}-rc%{rcrev}.xz +Patch00: patch-4.%{upstream_sublevel}-rc%{rcrev}.xz %if 0%{?gitrev} -Patch01: patch-3.%{upstream_sublevel}-rc%{rcrev}-git%{gitrev}.xz +Patch01: patch-4.%{upstream_sublevel}-rc%{rcrev}-git%{gitrev}.xz %endif %else # pre-{base_sublevel+1}-rc1 case %if 0%{?gitrev} -Patch00: patch-3.%{base_sublevel}-git%{gitrev}.xz +Patch00: patch-4.%{base_sublevel}-git%{gitrev}.xz %endif %endif %endif @@ -609,19 +612,13 @@ Patch26059: i8042-Add-notimeout-quirk-for-Fujitsu-Lifebook-A544-.patch #rhbz 1094948 Patch26131: acpi-video-Add-disable_native_backlight-quirk-for-Sa.patch -#rhbz 1188074 -Patch26133: ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch - Patch26134: perf-tools-Define-_GNU_SOURCE-on-pthread_attr_setaff.patch -#CVE-2015-1593 rhbz 1192519 1192520 -Patch26135: ASLR-fix-stack-randomization-on-64-bit-systems.patch - -#CVE-XXXX-XXXX rhbz 1189864 1192079 -Patch26136: vhost-scsi-potential-memory-corruption.patch - Patch26137: fifo-nv04-remove-the-loop-from-the-interrupt-handler.patch +#CVE-2015-0275 rhbz 1193907 1195178 +Patch26138: ext4-Allocate-entire-range-in-zero-range.patch + # git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel Patch30000: kernel-arm64.patch Patch30001: kernel-arm64-fix-psci-when-pg.patch @@ -1024,20 +1021,20 @@ ApplyOptionalPatch() # Update to latest upstream. %if 0%{?released_kernel} -%define vanillaversion 3.%{base_sublevel} +%define vanillaversion 4.%{base_sublevel} # non-released_kernel case %else %if 0%{?rcrev} -%define vanillaversion 3.%{upstream_sublevel}-rc%{rcrev} +%define vanillaversion 4.%{upstream_sublevel}-rc%{rcrev} %if 0%{?gitrev} -%define vanillaversion 3.%{upstream_sublevel}-rc%{rcrev}-git%{gitrev} +%define vanillaversion 4.%{upstream_sublevel}-rc%{rcrev}-git%{gitrev} %endif %else # pre-{base_sublevel+1}-rc1 case %if 0%{?gitrev} -%define vanillaversion 3.%{base_sublevel}-git%{gitrev} +%define vanillaversion 4.%{base_sublevel}-git%{gitrev} %else -%define vanillaversion 3.%{base_sublevel} +%define vanillaversion 4.%{base_sublevel} %endif %endif %endif @@ -1050,7 +1047,7 @@ ApplyOptionalPatch() # Build a list of the other top-level kernel tree directories. # This will be used to hardlink identical vanilla subdirs. -sharedirs=$(find "$PWD" -maxdepth 1 -type d -name 'kernel-3.*' \ +sharedirs=$(find "$PWD" -maxdepth 1 -type d -name 'kernel-4.*' \ | grep -x -v "$PWD"/kernel-%{kversion}%{?dist}) ||: # Delete all old stale trees. @@ -1121,14 +1118,14 @@ if [ ! -d kernel-%{kversion}%{?dist}/vanilla-%{vanillaversion} ]; then # Update vanilla to the latest upstream. # (non-released_kernel case only) %if 0%{?rcrev} - ApplyPatch patch-3.%{upstream_sublevel}-rc%{rcrev}.xz + ApplyPatch patch-4.%{upstream_sublevel}-rc%{rcrev}.xz %if 0%{?gitrev} - ApplyPatch patch-3.%{upstream_sublevel}-rc%{rcrev}-git%{gitrev}.xz + ApplyPatch patch-4.%{upstream_sublevel}-rc%{rcrev}-git%{gitrev}.xz %endif %else # pre-{base_sublevel+1}-rc1 case %if 0%{?gitrev} - ApplyPatch patch-3.%{base_sublevel}-git%{gitrev}.xz + ApplyPatch patch-4.%{base_sublevel}-git%{gitrev}.xz %endif %endif @@ -1341,19 +1338,13 @@ ApplyPatch i8042-Add-notimeout-quirk-for-Fujitsu-Lifebook-A544-.patch #rhbz 1094948 ApplyPatch acpi-video-Add-disable_native_backlight-quirk-for-Sa.patch -#rhbz 1188074 -ApplyPatch ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch - ApplyPatch perf-tools-Define-_GNU_SOURCE-on-pthread_attr_setaff.patch -#CVE-2015-1593 rhbz 1192519 1192520 -ApplyPatch ASLR-fix-stack-randomization-on-64-bit-systems.patch - -#CVE-XXXX-XXXX rhbz 1189864 1192079 -ApplyPatch vhost-scsi-potential-memory-corruption.patch - ApplyPatch fifo-nv04-remove-the-loop-from-the-interrupt-handler.patch +#CVE-2015-0275 rhbz 1193907 1195178 +ApplyPatch ext4-Allocate-entire-range-in-zero-range.patch + %if 0%{?aarch64patches} ApplyPatch kernel-arm64.patch %ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does. @@ -2212,6 +2203,11 @@ fi # # %changelog +* Mon Feb 23 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.0.0-0.rc1.git0.1 +- Linux v4.0-rc1 +- CVE-2015-0275 ext4: fallocate zero range page size > block size BUG (rhbz 1193907 1195178) +- Disable debugging options. + * Fri Feb 20 2015 Josh Boyer <jwboyer@fedoraproject.org> - 3.20.0-0.rc0.git10.1 - Linux v3.19-8975-g3d883483dc0a - Add patch to fix intermittent hangs in nouveau driver diff --git a/ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch b/ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch deleted file mode 100644 index 841a9d162..000000000 --- a/ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch +++ /dev/null @@ -1,45 +0,0 @@ -From: John Stultz <john.stultz@linaro.org> -Date: Mon, 2 Feb 2015 10:57:56 -0800 -Subject: [PATCH] ntp: Fixup adjtimex freq validation on 32bit systems - -Additional validation of adjtimex freq values to avoid -potential multiplication overflows were added in commit -5e5aeb4367b (time: adjtimex: Validate the ADJ_FREQUENCY values) - -Unfortunately the patch used LONG_MAX/MIN instead of -LLONG_MAX/MIN, which was fine on 64bit systems, but caused -false positives on 32bit systems resulting in most direct -frequency adjustments to fail w/ EINVAL. - -ntpd only does driect frequency adjustments at startup, -so the issue was not easily observed there, but other sync -applications like ptpd and chrony were more effected by -the bug. - -Cc: Sasha Levin <sasha.levin@oracle.com> -Reported-by: Josh Boyer <jwboyer@fedoraproject.org> -Reported-by: George Joseph <george.joseph@fairview5.com> -Signed-off-by: John Stultz <john.stultz@linaro.org> ---- - kernel/time/ntp.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c -index 4b585e0fdd22..a5f4d24c95cc 100644 ---- a/kernel/time/ntp.c -+++ b/kernel/time/ntp.c -@@ -634,9 +634,9 @@ int ntp_validate_timex(struct timex *txc) - return -EPERM; - - if (txc->modes & ADJ_FREQUENCY) { -- if (LONG_MIN / PPM_SCALE > txc->freq) -+ if (LLONG_MIN / PPM_SCALE > txc->freq) - return -EINVAL; -- if (LONG_MAX / PPM_SCALE < txc->freq) -+ if (LLONG_MAX / PPM_SCALE < txc->freq) - return -EINVAL; - } - --- -2.1.0 - @@ -1,3 +1,2 @@ -d3fc8316d4d4d04b65cbc2d70799e763 linux-3.19.tar.xz -15d8d2f97ce056488451a5bfb2944603 perf-man-3.19.tar.gz -d7783c6837600b2db12ff9bc603de6c0 patch-3.19-git10.xz +547b340dca94d358b68d2658822080fa linux-4.0-rc1.tar.xz +6fb88c6624ded64bd5981c3c1df0003a perf-man-4.0-rc1.tar.gz diff --git a/vhost-scsi-potential-memory-corruption.patch b/vhost-scsi-potential-memory-corruption.patch deleted file mode 100644 index 08a75a5ff..000000000 --- a/vhost-scsi-potential-memory-corruption.patch +++ /dev/null @@ -1,53 +0,0 @@ -From: Dan Carpenter <dan.carpenter@oracle.com> -Date: Thu, 5 Feb 2015 10:37:33 +0300 -Subject: [PATCH] vhost/scsi: potential memory corruption - -This code in vhost_scsi_make_tpg() is confusing because we limit "tpgt" -to UINT_MAX but the data type of "tpg->tport_tpgt" and that is a u16. - -I looked at the context and it turns out that in -vhost_scsi_set_endpoint(), "tpg->tport_tpgt" is used as an offset into -the vs_tpg[] array which has VHOST_SCSI_MAX_TARGET (256) elements so -anything higher than 255 then it is invalid. I have made that the limit -now. - -In vhost_scsi_send_evt() we mask away values higher than 255, but now -that the limit has changed, we don't need the mask. - -Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> -Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> ---- - drivers/vhost/scsi.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/drivers/vhost/scsi.c b/drivers/vhost/scsi.c -index dc78d87e0fc2..d27cfb20776f 100644 ---- a/drivers/vhost/scsi.c -+++ b/drivers/vhost/scsi.c -@@ -1253,7 +1253,7 @@ tcm_vhost_send_evt(struct vhost_scsi *vs, - * lun[4-7] need to be zero according to virtio-scsi spec. - */ - evt->event.lun[0] = 0x01; -- evt->event.lun[1] = tpg->tport_tpgt & 0xFF; -+ evt->event.lun[1] = tpg->tport_tpgt; - if (lun->unpacked_lun >= 256) - evt->event.lun[2] = lun->unpacked_lun >> 8 | 0x40 ; - evt->event.lun[3] = lun->unpacked_lun & 0xFF; -@@ -2124,12 +2124,12 @@ tcm_vhost_make_tpg(struct se_wwn *wwn, - struct tcm_vhost_tport, tport_wwn); - - struct tcm_vhost_tpg *tpg; -- unsigned long tpgt; -+ u16 tpgt; - int ret; - - if (strstr(name, "tpgt_") != name) - return ERR_PTR(-EINVAL); -- if (kstrtoul(name + 5, 10, &tpgt) || tpgt > UINT_MAX) -+ if (kstrtou16(name + 5, 10, &tpgt) || tpgt >= VHOST_SCSI_MAX_TARGET) - return ERR_PTR(-EINVAL); - - tpg = kzalloc(sizeof(struct tcm_vhost_tpg), GFP_KERNEL); --- -2.1.0 - |