diff options
-rw-r--r-- | Kbuild-Add-an-option-to-enable-GCC-VTA.patch | 2 | ||||
-rw-r--r-- | Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch | 4 | ||||
-rw-r--r-- | kernel.spec | 11 | ||||
-rw-r--r-- | mm-shmem_zero_setup-skip-security-check-and-lockdep-.patch | 47 | ||||
-rw-r--r-- | sources | 3 |
5 files changed, 60 insertions, 7 deletions
diff --git a/Kbuild-Add-an-option-to-enable-GCC-VTA.patch b/Kbuild-Add-an-option-to-enable-GCC-VTA.patch index 9452c52eb..4d538035d 100644 --- a/Kbuild-Add-an-option-to-enable-GCC-VTA.patch +++ b/Kbuild-Add-an-option-to-enable-GCC-VTA.patch @@ -43,7 +43,7 @@ Signed-off-by: Josh Stone <jistone@redhat.com> 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile -index 40a8b068ac26..6f53fdb40695 100644 +index 3ba504496cb2..43361e22734a 100644 --- a/Makefile +++ b/Makefile @@ -704,7 +704,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer diff --git a/Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch b/Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch index f8e7a8fd8..5d1f378bc 100644 --- a/Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch +++ b/Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch @@ -15,10 +15,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org> 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 61ab1628a057..8a62b65a7597 100644 +index 6726139bd289..a5e55141ae64 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -3865,7 +3865,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -3871,7 +3871,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the allocated input device; If set to 0, video driver will only send out the event without touching backlight brightness level. diff --git a/kernel.spec b/kernel.spec index 0712a5129..056fadf53 100644 --- a/kernel.spec +++ b/kernel.spec @@ -65,9 +65,9 @@ Summary: The Linux kernel # The next upstream release sublevel (base_sublevel+1) %define upstream_sublevel %(echo $((%{base_sublevel} + 1))) # The rc snapshot level -%define rcrev 7 +%define rcrev 8 # The git snapshot level -%define gitrev 1 +%define gitrev 0 # Set rpm version accordingly %define rpmversion 4.%{upstream_sublevel}.0 %endif @@ -618,6 +618,8 @@ Patch26221: drm-i915-turn-off-wc-mmaps.patch # CVE-2015-XXXX rhbz 1230770 1230774 Patch26231: kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po.patch +Patch26232: mm-shmem_zero_setup-skip-security-check-and-lockdep-.patch + # END OF PATCH DEFINITIONS %endif @@ -1354,6 +1356,8 @@ ApplyPatch drm-i915-turn-off-wc-mmaps.patch # CVE-2015-XXXX rhbz 1230770 1230774 ApplyPatch kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po.patch +ApplyPatch mm-shmem_zero_setup-skip-security-check-and-lockdep-.patch + # END OF PATCH APPLICATIONS %endif @@ -2218,6 +2222,9 @@ fi # # %changelog +* Mon Jun 15 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.1.0-0.rc8.git0.1 +- Linux v4.1-rc8 + * Fri Jun 12 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.1.0-0.rc7.git1.1 - Linux v4.1-rc7-72-gdf5f4158415b diff --git a/mm-shmem_zero_setup-skip-security-check-and-lockdep-.patch b/mm-shmem_zero_setup-skip-security-check-and-lockdep-.patch new file mode 100644 index 000000000..5fba81415 --- /dev/null +++ b/mm-shmem_zero_setup-skip-security-check-and-lockdep-.patch @@ -0,0 +1,47 @@ +From: Hugh Dickins <hughd@google.com> +Date: Sun, 14 Jun 2015 09:48:09 -0700 +Subject: [PATCH] mm: shmem_zero_setup skip security check and lockdep conflict + with XFS + +It appears that, at some point last year, XFS made directory handling +changes which bring it into lockdep conflict with shmem_zero_setup(): +it is surprising that mmap() can clone an inode while holding mmap_sem, +but that has been so for many years. + +Since those few lockdep traces that I've seen all implicated selinux, +I'm hoping that we can use the __shmem_file_setup(,,,S_PRIVATE) which +v3.13's commit c7277090927a ("security: shmem: implement kernel private +shmem inodes") introduced to avoid LSM checks on kernel-internal inodes: +the mmap("/dev/zero") cloned inode is indeed a kernel-internal detail. + +This also covers the !CONFIG_SHMEM use of ramfs to support /dev/zero +(and MAP_SHARED|MAP_ANONYMOUS). I thought there were also drivers +which cloned inode in mmap(), but if so, I cannot locate them now. + +Reported-and-tested-by: Prarit Bhargava <prarit@redhat.com> +Reported-by: Daniel Wagner <wagi@monom.org> +Reported-by: Morten Stevens <mstevens@fedoraproject.org> +Signed-off-by: Hugh Dickins <hughd@google.com> +--- + mm/shmem.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/mm/shmem.c b/mm/shmem.c +index de981370fbc5..47d536e59fc0 100644 +--- a/mm/shmem.c ++++ b/mm/shmem.c +@@ -3401,7 +3401,13 @@ int shmem_zero_setup(struct vm_area_struct *vma) + struct file *file; + loff_t size = vma->vm_end - vma->vm_start; + +- file = shmem_file_setup("dev/zero", size, vma->vm_flags); ++ /* ++ * Cloning a new file under mmap_sem leads to a lock ordering conflict ++ * between XFS directory reading and selinux: since this file is only ++ * accessible to the user through its mapping, use S_PRIVATE flag to ++ * bypass file security, in the same way as shmem_kernel_file_setup(). ++ */ ++ file = __shmem_file_setup("dev/zero", size, vma->vm_flags, S_PRIVATE); + if (IS_ERR(file)) + return PTR_ERR(file); + @@ -1,4 +1,3 @@ a86916bd12798220da9eb4a1eec3616d linux-4.0.tar.xz d125eecce68ab6fb5f1f23523c2c04b8 perf-man-4.0.tar.gz -a831062aea035ee4bae52e59ccf0cf71 patch-4.1-rc7.xz -cfa3119ee9aa2f468cf6dc37db9f9354 patch-4.1-rc7-git1.xz +9bd2e3045ff03759558a5d94a27dfdc4 patch-4.1-rc8.xz |