diff options
| -rw-r--r-- | Input-evdev-fall-back-to-vmalloc-for-client-event-buffer.patch | 67 | ||||
| -rw-r--r-- | drm-qxl-backport-fixes-for-Fedora.patch | 13 | ||||
| -rw-r--r-- | drm-qxl-fix-memory-leak-in-release-list-handling.patch | 30 | ||||
| -rw-r--r-- | kernel.spec | 19 | ||||
| -rw-r--r-- | keys-x509-improv.patch | 81 | ||||
| -rw-r--r-- | md-test-mddev-flags-more-safely-in-md_check_recovery.patch | 43 | ||||
| -rw-r--r-- | sources | 2 |
7 files changed, 6 insertions, 249 deletions
diff --git a/Input-evdev-fall-back-to-vmalloc-for-client-event-buffer.patch b/Input-evdev-fall-back-to-vmalloc-for-client-event-buffer.patch deleted file mode 100644 index 1ac378a65..000000000 --- a/Input-evdev-fall-back-to-vmalloc-for-client-event-buffer.patch +++ /dev/null @@ -1,67 +0,0 @@ -Bugzilla: N/A -Upstream-status: 3.13 - -From 92eb77d0ffbaa71b501a0a8dabf09a351bf4267f Mon Sep 17 00:00:00 2001 -From: Daniel Stone <daniel@fooishbar.org> -Date: Thu, 31 Oct 2013 07:25:34 +0000 -Subject: Input: evdev - fall back to vmalloc for client event buffer - -evdev always tries to allocate the event buffer for clients using -kzalloc rather than vmalloc, presumably to avoid mapping overhead where -possible. However, drivers like bcm5974, which claims support for -reporting 16 fingers simultaneously, can have an extraordinarily large -buffer. The resultant contiguous order-4 allocation attempt fails due -to fragmentation, and the device is thus unusable until reboot. - -Try kzalloc if we can to avoid the mapping overhead, but if that fails, -fall back to vzalloc. - -Signed-off-by: Daniel Stone <daniels@collabora.com> -Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> ---- -diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c -index b6ded17..a06e125 100644 ---- a/drivers/input/evdev.c -+++ b/drivers/input/evdev.c -@@ -18,6 +18,8 @@ - #include <linux/poll.h> - #include <linux/sched.h> - #include <linux/slab.h> -+#include <linux/vmalloc.h> -+#include <linux/mm.h> - #include <linux/module.h> - #include <linux/init.h> - #include <linux/input/mt.h> -@@ -369,7 +371,11 @@ static int evdev_release(struct inode *inode, struct file *file) - mutex_unlock(&evdev->mutex); - - evdev_detach_client(evdev, client); -- kfree(client); -+ -+ if (is_vmalloc_addr(client)) -+ vfree(client); -+ else -+ kfree(client); - - evdev_close_device(evdev); - -@@ -389,12 +395,14 @@ static int evdev_open(struct inode *inode, struct file *file) - { - struct evdev *evdev = container_of(inode->i_cdev, struct evdev, cdev); - unsigned int bufsize = evdev_compute_buffer_size(evdev->handle.dev); -+ unsigned int size = sizeof(struct evdev_client) + -+ bufsize * sizeof(struct input_event); - struct evdev_client *client; - int error; - -- client = kzalloc(sizeof(struct evdev_client) + -- bufsize * sizeof(struct input_event), -- GFP_KERNEL); -+ client = kzalloc(size, GFP_KERNEL | __GFP_NOWARN); -+ if (!client) -+ client = vzalloc(size); - if (!client) - return -ENOMEM; - --- -cgit v0.9.2 diff --git a/drm-qxl-backport-fixes-for-Fedora.patch b/drm-qxl-backport-fixes-for-Fedora.patch index c46060d64..04848b529 100644 --- a/drm-qxl-backport-fixes-for-Fedora.patch +++ b/drm-qxl-backport-fixes-for-Fedora.patch @@ -150,19 +150,6 @@ index 7e96f4f..18c599d 100644 }; /* forward declaration for QXL_INFO_IO */ -diff --git a/drivers/gpu/drm/qxl/qxl_fb.c b/drivers/gpu/drm/qxl/qxl_fb.c -index 88722f2..f437b30 100644 ---- a/drivers/gpu/drm/qxl/qxl_fb.c -+++ b/drivers/gpu/drm/qxl/qxl_fb.c -@@ -108,7 +108,7 @@ static void qxl_fb_dirty_flush(struct fb_info *info) - u32 x1, x2, y1, y2; - - /* TODO: hard coding 32 bpp */ -- int stride = qfbdev->qfb.base.pitches[0] * 4; -+ int stride = qfbdev->qfb.base.pitches[0]; - - x1 = qfbdev->dirty.x1; - x2 = qfbdev->dirty.x2; diff --git a/drivers/gpu/drm/qxl/qxl_kms.c b/drivers/gpu/drm/qxl/qxl_kms.c index 9e8da9e..e0ddd5b 100644 --- a/drivers/gpu/drm/qxl/qxl_kms.c diff --git a/drm-qxl-fix-memory-leak-in-release-list-handling.patch b/drm-qxl-fix-memory-leak-in-release-list-handling.patch deleted file mode 100644 index 8ed4819f2..000000000 --- a/drm-qxl-fix-memory-leak-in-release-list-handling.patch +++ /dev/null @@ -1,30 +0,0 @@ -Bugzilla: N/A -Upstream-status: 3.13 - -From 1b28c3e628315ac0d9ef2d3fac0403f05ae692db Mon Sep 17 00:00:00 2001 -From: Dave Airlie <airlied@redhat.com> -Date: Thu, 28 Nov 2013 05:39:03 +0000 -Subject: drm/qxl: fix memory leak in release list handling - -wow no idea how I got this far without seeing this, -leaking the entries in the list makes kmalloc-64 slab grow. - -References: https://bugzilla.kernel.org/show_bug.cgi?id=65121 -Cc: stable@vger.kernel.org -Reported-by: Matthew Stapleton <matthew4196@gmail.com> -Signed-off-by: Dave Airlie <airlied@redhat.com> ---- -diff --git a/drivers/gpu/drm/qxl/qxl_release.c b/drivers/gpu/drm/qxl/qxl_release.c -index 0109a96..821ab7b 100644 ---- a/drivers/gpu/drm/qxl/qxl_release.c -+++ b/drivers/gpu/drm/qxl/qxl_release.c -@@ -92,6 +92,7 @@ qxl_release_free(struct qxl_device *qdev, - - DRM_FILE_OFFSET); - qxl_fence_remove_release(&bo->fence, release->id); - qxl_bo_unref(&bo); -+ kfree(entry); - } - spin_lock(&qdev->release_idr_lock); - idr_remove(&qdev->release_idr, release->id); --- -cgit v0.9.0.2-2-gbebe diff --git a/kernel.spec b/kernel.spec index 53d11b961..5d08f557a 100644 --- a/kernel.spec +++ b/kernel.spec @@ -62,7 +62,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 3 +%global baserelease 1 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -74,7 +74,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 2 +%define stable_update 3 # Is it a -stable RC? %define stable_rc 0 # Set rpm version accordingly @@ -734,9 +734,6 @@ Patch25128: dm-cache-policy-mq_fix-large-scale-table-allocation-bug.patch Patch25129: cpupower-Fix-segfault-due-to-incorrect-getopt_long-a.patch Patch25140: drm-qxl-backport-fixes-for-Fedora.patch -Patch25160: drm-qxl-fix-memory-leak-in-release-list-handling.patch - -Patch25141: Input-evdev-fall-back-to-vmalloc-for-client-event-buffer.patch #CVE-2013-4563 rhbz 1030015 1030017 Patch25145: ipv6-fix-headroom-calculation-in-udp6_ufo_fragment.patch @@ -769,9 +766,6 @@ Patch25159: usbnet-fix-status-interrupt-urb-handling.patch Patch25161: inet-prevent-leakage-of-uninitialized-memory-to-user.patch Patch25162: inet-fix-addr_len-msg_namelen-assignment-in-recv_error-and-rxpmtu-functions.patch -#rhbz 1033971 -Patch25163: md-test-mddev-flags-more-safely-in-md_check_recovery.patch - #rhbz 958826 Patch25164: dell-laptop.patch @@ -1473,9 +1467,6 @@ ApplyPatch dm-cache-policy-mq_fix-large-scale-table-allocation-bug.patch ApplyPatch cpupower-Fix-segfault-due-to-incorrect-getopt_long-a.patch ApplyPatch drm-qxl-backport-fixes-for-Fedora.patch -ApplyPatch drm-qxl-fix-memory-leak-in-release-list-handling.patch - -ApplyPatch Input-evdev-fall-back-to-vmalloc-for-client-event-buffer.patch #CVE-2013-4563 rhbz 1030015 1030017 ApplyPatch ipv6-fix-headroom-calculation-in-udp6_ufo_fragment.patch @@ -1508,9 +1499,6 @@ ApplyPatch usbnet-fix-status-interrupt-urb-handling.patch ApplyPatch inet-prevent-leakage-of-uninitialized-memory-to-user.patch ApplyPatch inet-fix-addr_len-msg_namelen-assignment-in-recv_error-and-rxpmtu-functions.patch -#rhbz 1033971 -ApplyPatch md-test-mddev-flags-more-safely-in-md_check_recovery.patch - #rhbz 958826 ApplyPatch dell-laptop.patch @@ -2317,6 +2305,9 @@ fi # ||----w | # || || %changelog +* Wed Dec 04 2013 Justin M. Forbes <jforbes@fedoraproject.org> - 3.12.3-1 +- Linux v3.12.3 + * Tue Dec 3 2013 Peter Robinson <pbrobinson@fedoraproject.org> - Minor ARM cleanups and remove obsolete options diff --git a/keys-x509-improv.patch b/keys-x509-improv.patch index 7176cc5d3..db07ea348 100644 --- a/keys-x509-improv.patch +++ b/keys-x509-improv.patch @@ -852,87 +852,6 @@ index eb368d4..0f55e3b 100644 1.8.3.1 -From 4d729ace6be1c3b2b5d9b0d0301a4ffd342ec74a Mon Sep 17 00:00:00 2001 -From: David Howells <dhowells@redhat.com> -Date: Tue, 18 Jun 2013 17:40:44 +0100 -Subject: [PATCH 10/18] X.509: Remove certificate date checks - -Remove the certificate date checks that are performed when a certificate is -parsed. There are two checks: a valid from and a valid to. The first check is -causing a lot of problems with system clocks that don't keep good time and the -second places an implicit expiry date upon the kernel when used for module -signing, so do we really need them? - -Signed-off-by: David Howells <dhowells@redhat.com> -cc: David Woodhouse <dwmw2@infradead.org> -cc: Rusty Russell <rusty@rustcorp.com.au> -cc: Josh Boyer <jwboyer@redhat.com> -cc: Alexander Holler <holler@ahsoftware.de> -cc: stable@vger.kernel.org ---- - crypto/asymmetric_keys/x509_public_key.c | 38 -------------------------------- - 1 file changed, 38 deletions(-) - -diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c -index 0f55e3b..c1540e8 100644 ---- a/crypto/asymmetric_keys/x509_public_key.c -+++ b/crypto/asymmetric_keys/x509_public_key.c -@@ -108,7 +108,6 @@ EXPORT_SYMBOL_GPL(x509_check_signature); - static int x509_key_preparse(struct key_preparsed_payload *prep) - { - struct x509_certificate *cert; -- struct tm now; - size_t srlen, sulen; - char *desc = NULL; - int ret; -@@ -150,43 +149,6 @@ static int x509_key_preparse(struct key_preparsed_payload *prep) - goto error_free_cert; - } - -- time_to_tm(CURRENT_TIME.tv_sec, 0, &now); -- pr_devel("Now: %04ld-%02d-%02d %02d:%02d:%02d\n", -- now.tm_year + 1900, now.tm_mon + 1, now.tm_mday, -- now.tm_hour, now.tm_min, now.tm_sec); -- if (now.tm_year < cert->valid_from.tm_year || -- (now.tm_year == cert->valid_from.tm_year && -- (now.tm_mon < cert->valid_from.tm_mon || -- (now.tm_mon == cert->valid_from.tm_mon && -- (now.tm_mday < cert->valid_from.tm_mday || -- (now.tm_mday == cert->valid_from.tm_mday && -- (now.tm_hour < cert->valid_from.tm_hour || -- (now.tm_hour == cert->valid_from.tm_hour && -- (now.tm_min < cert->valid_from.tm_min || -- (now.tm_min == cert->valid_from.tm_min && -- (now.tm_sec < cert->valid_from.tm_sec -- ))))))))))) { -- pr_warn("Cert %s is not yet valid\n", cert->fingerprint); -- ret = -EKEYREJECTED; -- goto error_free_cert; -- } -- if (now.tm_year > cert->valid_to.tm_year || -- (now.tm_year == cert->valid_to.tm_year && -- (now.tm_mon > cert->valid_to.tm_mon || -- (now.tm_mon == cert->valid_to.tm_mon && -- (now.tm_mday > cert->valid_to.tm_mday || -- (now.tm_mday == cert->valid_to.tm_mday && -- (now.tm_hour > cert->valid_to.tm_hour || -- (now.tm_hour == cert->valid_to.tm_hour && -- (now.tm_min > cert->valid_to.tm_min || -- (now.tm_min == cert->valid_to.tm_min && -- (now.tm_sec > cert->valid_to.tm_sec -- ))))))))))) { -- pr_warn("Cert %s has expired\n", cert->fingerprint); -- ret = -EKEYEXPIRED; -- goto error_free_cert; -- } -- - cert->pub->algo = pkey_algo[cert->pub->pkey_algo]; - cert->pub->id_type = PKEY_ID_X509; - --- -1.8.3.1 - - From 33f859fea67ab5307da4049e947fbc23cdd13a27 Mon Sep 17 00:00:00 2001 From: David Howells <dhowells@redhat.com> Date: Fri, 30 Aug 2013 16:07:13 +0100 diff --git a/md-test-mddev-flags-more-safely-in-md_check_recovery.patch b/md-test-mddev-flags-more-safely-in-md_check_recovery.patch deleted file mode 100644 index 509c4dc01..000000000 --- a/md-test-mddev-flags-more-safely-in-md_check_recovery.patch +++ /dev/null @@ -1,43 +0,0 @@ -Bugzilla: 1033971 -Upstream-status: 3.13 (should hit 3.12 stable) - -From 142d44c310819e1965ca70b4d55d7679f5797e25 Mon Sep 17 00:00:00 2001 -From: NeilBrown <neilb@suse.de> -Date: Thu, 28 Nov 2013 10:34:18 +1100 -Subject: [PATCH] md: test mddev->flags more safely in md_check_recovery. - -commit 7a0a5355cbc71efa md: Don't test all of mddev->flags at once. -made most tests on mddev->flags safer, but missed one. - -When -commit 260fa034ef7a4ff8b7306 md: avoid deadlock when dirty buffers during md_stop. -added MD_STILL_CLOSED, this caused md_check_recovery to misbehave. -It can think there is something to do but find nothing. This can -lead to the md thread spinning during array shutdown. - -https://bugzilla.kernel.org/show_bug.cgi?id=65721 - -Reported-and-tested-by: Richard W.M. Jones <rjones@redhat.com> -Fixes: 260fa034ef7a4ff8b7306 -Cc: stable@vger.kernel.org (3.12) -Signed-off-by: NeilBrown <neilb@suse.de> ---- - drivers/md/md.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/md/md.c b/drivers/md/md.c -index b6b7a28..e60cebf 100644 ---- a/drivers/md/md.c -+++ b/drivers/md/md.c -@@ -7777,7 +7777,7 @@ void md_check_recovery(struct mddev *mddev) - if (mddev->ro && !test_bit(MD_RECOVERY_NEEDED, &mddev->recovery)) - return; - if ( ! ( -- (mddev->flags & ~ (1<<MD_CHANGE_PENDING)) || -+ (mddev->flags & MD_UPDATE_SB_FLAGS & ~ (1<<MD_CHANGE_PENDING)) || - test_bit(MD_RECOVERY_NEEDED, &mddev->recovery) || - test_bit(MD_RECOVERY_DONE, &mddev->recovery) || - (mddev->external == 0 && mddev->safemode == 1) || --- -1.8.3.1 - @@ -1,2 +1,2 @@ cc6ee608854e0da4b64f6c1ff8b6398c linux-3.12.tar.xz -97453b56d6a999b5a4b0899b4e28fabe patch-3.12.2.xz +b7a603bf67e69936cf049fc6b37d9085 patch-3.12.3.xz |