From e9258fd1063b2ac26b5117be599bda6751eb1407 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Mon, 23 Jul 2018 09:36:13 -0400 Subject: Fix iwlwifi load failure on some hardware (rbhz 1607092) --- ...u-intel-iommu-Enable-CONFIG_DMA_DIRECT_OP.patch | 125 +++++++++++++++++++++ kernel.spec | 6 + 2 files changed, 131 insertions(+) create mode 100644 Revert-iommu-intel-iommu-Enable-CONFIG_DMA_DIRECT_OP.patch diff --git a/Revert-iommu-intel-iommu-Enable-CONFIG_DMA_DIRECT_OP.patch b/Revert-iommu-intel-iommu-Enable-CONFIG_DMA_DIRECT_OP.patch new file mode 100644 index 000000000..46212341f --- /dev/null +++ b/Revert-iommu-intel-iommu-Enable-CONFIG_DMA_DIRECT_OP.patch @@ -0,0 +1,125 @@ +From 3c16e0cc4ace8bd838bf234caead5a766b07fe9d Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Thu, 5 Jul 2018 13:29:55 -0600 +Subject: [PATCH] Revert "iommu/intel-iommu: Enable CONFIG_DMA_DIRECT_OPS=y and + clean up intel_{alloc,free}_coherent()" + +This commit may cause a less than required dma mask to be used for +some allocations, which apparently leads to module load failures for +iwlwifi sometimes. + +This reverts commit d657c5c73ca987214a6f9436e435b34fc60f332a. + +Signed-off-by: Christoph Hellwig +Reported-by: Fabio Coatti +Tested-by: Fabio Coatti +Signed-off-by: Jeremy Cline +--- + drivers/iommu/Kconfig | 1 - + drivers/iommu/intel-iommu.c | 62 +++++++++++++++++++++++++++---------- + 2 files changed, 46 insertions(+), 17 deletions(-) + +diff --git a/drivers/iommu/Kconfig b/drivers/iommu/Kconfig +index b38798cc5288..f3a21343e636 100644 +--- a/drivers/iommu/Kconfig ++++ b/drivers/iommu/Kconfig +@@ -142,7 +142,6 @@ config DMAR_TABLE + config INTEL_IOMMU + bool "Support for Intel IOMMU using DMA Remapping Devices" + depends on PCI_MSI && ACPI && (X86 || IA64_GENERIC) +- select DMA_DIRECT_OPS + select IOMMU_API + select IOMMU_IOVA + select DMAR_TABLE +diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c +index 749d8f235346..6392a4964fc5 100644 +--- a/drivers/iommu/intel-iommu.c ++++ b/drivers/iommu/intel-iommu.c +@@ -31,7 +31,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -3709,30 +3708,61 @@ static void *intel_alloc_coherent(struct device *dev, size_t size, + dma_addr_t *dma_handle, gfp_t flags, + unsigned long attrs) + { +- void *vaddr; ++ struct page *page = NULL; ++ int order; + +- vaddr = dma_direct_alloc(dev, size, dma_handle, flags, attrs); +- if (iommu_no_mapping(dev) || !vaddr) +- return vaddr; ++ size = PAGE_ALIGN(size); ++ order = get_order(size); + +- *dma_handle = __intel_map_single(dev, virt_to_phys(vaddr), +- PAGE_ALIGN(size), DMA_BIDIRECTIONAL, +- dev->coherent_dma_mask); +- if (!*dma_handle) +- goto out_free_pages; +- return vaddr; ++ if (!iommu_no_mapping(dev)) ++ flags &= ~(GFP_DMA | GFP_DMA32); ++ else if (dev->coherent_dma_mask < dma_get_required_mask(dev)) { ++ if (dev->coherent_dma_mask < DMA_BIT_MASK(32)) ++ flags |= GFP_DMA; ++ else ++ flags |= GFP_DMA32; ++ } ++ ++ if (gfpflags_allow_blocking(flags)) { ++ unsigned int count = size >> PAGE_SHIFT; ++ ++ page = dma_alloc_from_contiguous(dev, count, order, flags); ++ if (page && iommu_no_mapping(dev) && ++ page_to_phys(page) + size > dev->coherent_dma_mask) { ++ dma_release_from_contiguous(dev, page, count); ++ page = NULL; ++ } ++ } ++ ++ if (!page) ++ page = alloc_pages(flags, order); ++ if (!page) ++ return NULL; ++ memset(page_address(page), 0, size); ++ ++ *dma_handle = __intel_map_single(dev, page_to_phys(page), size, ++ DMA_BIDIRECTIONAL, ++ dev->coherent_dma_mask); ++ if (*dma_handle) ++ return page_address(page); ++ if (!dma_release_from_contiguous(dev, page, size >> PAGE_SHIFT)) ++ __free_pages(page, order); + +-out_free_pages: +- dma_direct_free(dev, size, vaddr, *dma_handle, attrs); + return NULL; + } + + static void intel_free_coherent(struct device *dev, size_t size, void *vaddr, + dma_addr_t dma_handle, unsigned long attrs) + { +- if (!iommu_no_mapping(dev)) +- intel_unmap(dev, dma_handle, PAGE_ALIGN(size)); +- dma_direct_free(dev, size, vaddr, dma_handle, attrs); ++ int order; ++ struct page *page = virt_to_page(vaddr); ++ ++ size = PAGE_ALIGN(size); ++ order = get_order(size); ++ ++ intel_unmap(dev, dma_handle, size); ++ if (!dma_release_from_contiguous(dev, page, size >> PAGE_SHIFT)) ++ __free_pages(page, order); + } + + static void intel_unmap_sg(struct device *dev, struct scatterlist *sglist, +-- +2.17.1 + diff --git a/kernel.spec b/kernel.spec index 21c72529d..e3bc31ff6 100644 --- a/kernel.spec +++ b/kernel.spec @@ -674,6 +674,9 @@ Patch523: 0001-xfs-More-robust-inode-extent-count-validation.patch # i686 patch that will eventually be 4.17.8 Patch527: mm-don-t-do-zero_resv_unavail-if-memmap-is-not-allocated.patch +# rbhz 1607092 +Patch528: Revert-iommu-intel-iommu-Enable-CONFIG_DMA_DIRECT_OP.patch + # END OF PATCH DEFINITIONS %endif @@ -1923,6 +1926,9 @@ fi # # %changelog +* Mon Jul 23 2018 Jeremy Cline +- Fix iwlwifi module load failure (rhbz 1607092) + * Tue Jul 17 2018 Justin M. Forbes - 4.17.7-100 - Linux v4.17.7 -- cgit From 2a8ca2867bb02252d74b54d0c461a43d074e4373 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Mon, 23 Jul 2018 14:39:27 -0500 Subject: Linux v4.17.9 --- 1-2-xen-netfront-Fix-mismatched-rtnl_unlock.patch | 46 --------------- ...-Update-features-after-registering-netdev.patch | 58 ------------------ ext4-fix-false-negative-and-false-positives.patch | 56 ++++++++++++++++++ kernel.spec | 15 ++--- ...o_resv_unavail-if-memmap-is-not-allocated.patch | 69 ---------------------- sources | 2 +- 6 files changed, 65 insertions(+), 181 deletions(-) delete mode 100644 1-2-xen-netfront-Fix-mismatched-rtnl_unlock.patch delete mode 100644 2-2-xen-netfront-Update-features-after-registering-netdev.patch create mode 100644 ext4-fix-false-negative-and-false-positives.patch delete mode 100644 mm-don-t-do-zero_resv_unavail-if-memmap-is-not-allocated.patch diff --git a/1-2-xen-netfront-Fix-mismatched-rtnl_unlock.patch b/1-2-xen-netfront-Fix-mismatched-rtnl_unlock.patch deleted file mode 100644 index ed73771aa..000000000 --- a/1-2-xen-netfront-Fix-mismatched-rtnl_unlock.patch +++ /dev/null @@ -1,46 +0,0 @@ -From patchwork Thu Jun 21 13:00:20 2018 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -Subject: [1/2] xen-netfront: Fix mismatched rtnl_unlock -X-Patchwork-Submitter: Ross Lagerwall -X-Patchwork-Id: 932721 -Message-Id: <20180621130021.27029-2-ross.lagerwall@citrix.com> -To: -Cc: Ross Lagerwall , - Boris Ostrovsky , - Juergen Gross , "David S. Miller" , - , -Date: Thu, 21 Jun 2018 14:00:20 +0100 -From: Ross Lagerwall -List-Id: - -Fixes: f599c64fdf7d ("xen-netfront: Fix race between device setup and open") -Reported-by: Ben Hutchings -Signed-off-by: Ross Lagerwall -Reviewed-by: Juergen Gross ---- - drivers/net/xen-netfront.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c -index 922ce0a..ee4cb6c 100644 ---- a/drivers/net/xen-netfront.c -+++ b/drivers/net/xen-netfront.c -@@ -1810,7 +1810,7 @@ static int talk_to_netback(struct xenbus_device *dev, - err = xen_net_read_mac(dev, info->netdev->dev_addr); - if (err) { - xenbus_dev_fatal(dev, err, "parsing %s/mac", dev->nodename); -- goto out; -+ goto out_unlocked; - } - - rtnl_lock(); -@@ -1925,6 +1925,7 @@ static int talk_to_netback(struct xenbus_device *dev, - xennet_destroy_queues(info); - out: - rtnl_unlock(); -+out_unlocked: - device_unregister(&dev->dev); - return err; - } diff --git a/2-2-xen-netfront-Update-features-after-registering-netdev.patch b/2-2-xen-netfront-Update-features-after-registering-netdev.patch deleted file mode 100644 index b23d6bfaa..000000000 --- a/2-2-xen-netfront-Update-features-after-registering-netdev.patch +++ /dev/null @@ -1,58 +0,0 @@ -From patchwork Thu Jun 21 13:00:21 2018 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -Subject: [2/2] xen-netfront: Update features after registering netdev -X-Patchwork-Submitter: Ross Lagerwall -X-Patchwork-Id: 932720 -Message-Id: <20180621130021.27029-3-ross.lagerwall@citrix.com> -To: -Cc: Ross Lagerwall , - Boris Ostrovsky , - Juergen Gross , "David S. Miller" , - , , - Liam Shepherd -Date: Thu, 21 Jun 2018 14:00:21 +0100 -From: Ross Lagerwall -List-Id: - -Update the features after calling register_netdev() otherwise the -device features are not set up correctly and it not possible to change -the MTU of the device. After this change, the features reported by -ethtool match the device's features before the commit which introduced -the issue and it is possible to change the device's MTU. - -Fixes: f599c64fdf7d ("xen-netfront: Fix race between device setup and open") -Reported-by: Liam Shepherd -Signed-off-by: Ross Lagerwall -Reviewed-by: Juergen Gross ---- - drivers/net/xen-netfront.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c -index ee4cb6c..a57daec 100644 ---- a/drivers/net/xen-netfront.c -+++ b/drivers/net/xen-netfront.c -@@ -1951,10 +1951,6 @@ static int xennet_connect(struct net_device *dev) - /* talk_to_netback() sets the correct number of queues */ - num_queues = dev->real_num_tx_queues; - -- rtnl_lock(); -- netdev_update_features(dev); -- rtnl_unlock(); -- - if (dev->reg_state == NETREG_UNINITIALIZED) { - err = register_netdev(dev); - if (err) { -@@ -1964,6 +1960,10 @@ static int xennet_connect(struct net_device *dev) - } - } - -+ rtnl_lock(); -+ netdev_update_features(dev); -+ rtnl_unlock(); -+ - /* - * All public and private state should now be sane. Get - * ready to start sending and receiving packets and give the driver diff --git a/ext4-fix-false-negative-and-false-positives.patch b/ext4-fix-false-negative-and-false-positives.patch new file mode 100644 index 000000000..2beba4f94 --- /dev/null +++ b/ext4-fix-false-negative-and-false-positives.patch @@ -0,0 +1,56 @@ +From 44de022c4382541cebdd6de4465d1f4f465ff1dd Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Sun, 8 Jul 2018 19:35:02 -0400 +Subject: ext4: fix false negatives *and* false positives in + ext4_check_descriptors() + +Ext4_check_descriptors() was getting called before s_gdb_count was +initialized. So for file systems w/o the meta_bg feature, allocation +bitmaps could overlap the block group descriptors and ext4 wouldn't +notice. + +For file systems with the meta_bg feature enabled, there was a +fencepost error which would cause the ext4_check_descriptors() to +incorrectly believe that the block allocation bitmap overlaps with the +block group descriptor blocks, and it would reject the mount. + +Fix both of these problems. + +Signed-off-by: Theodore Ts'o +Cc: stable@vger.kernel.org +--- + fs/ext4/super.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/fs/ext4/super.c b/fs/ext4/super.c +index ba2396a7bd04..eff5c983e067 100644 +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -2342,7 +2342,7 @@ static int ext4_check_descriptors(struct super_block *sb, + struct ext4_sb_info *sbi = EXT4_SB(sb); + ext4_fsblk_t first_block = le32_to_cpu(sbi->s_es->s_first_data_block); + ext4_fsblk_t last_block; +- ext4_fsblk_t last_bg_block = sb_block + ext4_bg_num_gdb(sb, 0) + 1; ++ ext4_fsblk_t last_bg_block = sb_block + ext4_bg_num_gdb(sb, 0); + ext4_fsblk_t block_bitmap; + ext4_fsblk_t inode_bitmap; + ext4_fsblk_t inode_table; +@@ -4085,14 +4085,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) + goto failed_mount2; + } + } ++ sbi->s_gdb_count = db_count; + if (!ext4_check_descriptors(sb, logical_sb_block, &first_not_zeroed)) { + ext4_msg(sb, KERN_ERR, "group descriptors corrupted!"); + ret = -EFSCORRUPTED; + goto failed_mount2; + } + +- sbi->s_gdb_count = db_count; +- + timer_setup(&sbi->s_err_report, print_daily_error_info, 0); + + /* Register extent status tree shrinker */ +-- +cgit 1.2-0.3.lf.el7 + diff --git a/kernel.spec b/kernel.spec index e3bc31ff6..e9d6904fb 100644 --- a/kernel.spec +++ b/kernel.spec @@ -639,10 +639,6 @@ Patch508: ath10k-Update-the-phymode-along-with-bandwidth-change.patch # In 4.18 Patch509: rtc-nvmem-don-t-return-an-error-when-not-enabled.patch -# rhbz 1584216 -Patch510: 1-2-xen-netfront-Fix-mismatched-rtnl_unlock.patch -Patch511: 2-2-xen-netfront-Update-features-after-registering-netdev.patch - # rhbz 1591516 Patch515: 0001-signal-Stop-special-casing-TRAP_FIXME-and-FPE_FIXME-.patch @@ -671,12 +667,13 @@ Patch523: 0001-xfs-More-robust-inode-extent-count-validation.patch # rhbz 1597333 # Patch526: xhci-Fix-perceived-dead-host-due-to-runtime-suspend-.patch -# i686 patch that will eventually be 4.17.8 -Patch527: mm-don-t-do-zero_resv_unavail-if-memmap-is-not-allocated.patch - # rbhz 1607092 Patch528: Revert-iommu-intel-iommu-Enable-CONFIG_DMA_DIRECT_OP.patch +# rhbz 1602971 +Patch529: ext4-fix-false-negative-and-false-positives.patch + + # END OF PATCH DEFINITIONS %endif @@ -1926,6 +1923,10 @@ fi # # %changelog +* Mon Jul 23 2018 Justin M. Forbes - 4.17.9-200 +- Linux v4.17.9 +- Fix emergency shell with ext4 rootfs (rhbz 1602971) + * Mon Jul 23 2018 Jeremy Cline - Fix iwlwifi module load failure (rhbz 1607092) diff --git a/mm-don-t-do-zero_resv_unavail-if-memmap-is-not-allocated.patch b/mm-don-t-do-zero_resv_unavail-if-memmap-is-not-allocated.patch deleted file mode 100644 index f72e111ad..000000000 --- a/mm-don-t-do-zero_resv_unavail-if-memmap-is-not-allocated.patch +++ /dev/null @@ -1,69 +0,0 @@ -From d1b47a7c9efcf3c3384b70f6e3c8f1423b44d8c7 Mon Sep 17 00:00:00 2001 -From: Pavel Tatashin -Date: Mon, 16 Jul 2018 11:16:30 -0400 -Subject: mm: don't do zero_resv_unavail if memmap is not allocated - -From: Pavel Tatashin - -commit d1b47a7c9efcf3c3384b70f6e3c8f1423b44d8c7 upstream. - -Moving zero_resv_unavail before memmap_init_zone(), caused a regression on -x86-32. - -The cause is that we access struct pages before they are allocated when -CONFIG_FLAT_NODE_MEM_MAP is used. - -free_area_init_nodes() - zero_resv_unavail() - mm_zero_struct_page(pfn_to_page(pfn)); <- struct page is not alloced - free_area_init_node() - if CONFIG_FLAT_NODE_MEM_MAP - alloc_node_mem_map() - memblock_virt_alloc_node_nopanic() <- struct page alloced here - -On the other hand memblock_virt_alloc_node_nopanic() zeroes all the memory -that it returns, so we do not need to do zero_resv_unavail() here. - -Fixes: e181ae0c5db9 ("mm: zero unavailable pages before memmap init") -Signed-off-by: Pavel Tatashin -Tested-by: Matt Hart -Acked-by: Michal Hocko -Signed-off-by: Linus Torvalds -Signed-off-by: Greg Kroah-Hartman - ---- - include/linux/mm.h | 2 +- - mm/page_alloc.c | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - ---- a/include/linux/mm.h -+++ b/include/linux/mm.h -@@ -2081,7 +2081,7 @@ extern int __meminit __early_pfn_to_nid( - struct mminit_pfnnid_cache *state); - #endif - --#ifdef CONFIG_HAVE_MEMBLOCK -+#if defined(CONFIG_HAVE_MEMBLOCK) && !defined(CONFIG_FLAT_NODE_MEM_MAP) - void zero_resv_unavail(void); - #else - static inline void zero_resv_unavail(void) {} ---- a/mm/page_alloc.c -+++ b/mm/page_alloc.c -@@ -6377,7 +6377,7 @@ void __paginginit free_area_init_node(in - free_area_init_core(pgdat); - } - --#ifdef CONFIG_HAVE_MEMBLOCK -+#if defined(CONFIG_HAVE_MEMBLOCK) && !defined(CONFIG_FLAT_NODE_MEM_MAP) - /* - * Only struct pages that are backed by physical memory are zeroed and - * initialized by going through __init_single_page(). But, there are some -@@ -6415,7 +6415,7 @@ void __paginginit zero_resv_unavail(void - if (pgcnt) - pr_info("Reserved but unavailable: %lld pages", pgcnt); - } --#endif /* CONFIG_HAVE_MEMBLOCK */ -+#endif /* CONFIG_HAVE_MEMBLOCK && !CONFIG_FLAT_NODE_MEM_MAP */ - - #ifdef CONFIG_HAVE_MEMBLOCK_NODE_MAP - diff --git a/sources b/sources index c3220eb6d..dd6f2497c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (linux-4.17.tar.xz) = 4d9de340a26155a89ea8773131c76220cc2057f2b5d031b467b60e8b14c1842518e2d60a863d8c695f0f7640f3f18d43826201984a238dade857b6cef79837db -SHA512 (patch-4.17.7.xz) = 955342b78da2977dbd08ff0acb7e681c646b1dfceef71246a08bdd102e0b2ad41f3eb7c353755ed1da2e1a5d9138476adc7bf11fd732a3033b6f8aac457dac75 +SHA512 (patch-4.17.9.xz) = 4fce83a490b9127a37e50b783bad590cd01c5a3442fa1913a0d581e8083b1a3729bb54286a16321c003995af2ce3e62874423f62cdd10673a5b0bf444616c666 -- cgit From f4e8bb21197e65572d089b9297caee8984211d3e Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Mon, 23 Jul 2018 17:12:20 -0500 Subject: Forgot to bunp the stable version on f27 --- kernel.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel.spec b/kernel.spec index e9d6904fb..ff3268430 100644 --- a/kernel.spec +++ b/kernel.spec @@ -54,7 +54,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 7 +%define stable_update 9 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} -- cgit From fa0faf21f887edf64b1c111a762c71ab48f56080 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Wed, 25 Jul 2018 09:12:58 -0500 Subject: Linux v4.17.10 --- kernel.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/kernel.spec b/kernel.spec index ff3268430..c3d0ef38b 100644 --- a/kernel.spec +++ b/kernel.spec @@ -54,7 +54,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 9 +%define stable_update 10 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -1923,6 +1923,9 @@ fi # # %changelog +* Wed Jul 25 2018 Justin M. Forbes - 4.17.10-100 +- Linux v4.17.10 + * Mon Jul 23 2018 Justin M. Forbes - 4.17.9-200 - Linux v4.17.9 - Fix emergency shell with ext4 rootfs (rhbz 1602971) diff --git a/sources b/sources index dd6f2497c..99f6c7c2c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (linux-4.17.tar.xz) = 4d9de340a26155a89ea8773131c76220cc2057f2b5d031b467b60e8b14c1842518e2d60a863d8c695f0f7640f3f18d43826201984a238dade857b6cef79837db -SHA512 (patch-4.17.9.xz) = 4fce83a490b9127a37e50b783bad590cd01c5a3442fa1913a0d581e8083b1a3729bb54286a16321c003995af2ce3e62874423f62cdd10673a5b0bf444616c666 +SHA512 (patch-4.17.10.xz) = 4ed5a6d47de7b4153805d937c44cb5eb03628a590d597c38be299afe67047611a6b37b1c13d0a8503de296779fc4ad6337dd4209f06b375c0111400b454b59c7 -- cgit From c77aa80fb31e835bd7c82b4740543d60ceb8347a Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Fri, 27 Jul 2018 13:37:17 -0500 Subject: Add headers tarball creation script --- scripts/create_headers_tarball.sh | 85 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100755 scripts/create_headers_tarball.sh diff --git a/scripts/create_headers_tarball.sh b/scripts/create_headers_tarball.sh new file mode 100755 index 000000000..fee658579 --- /dev/null +++ b/scripts/create_headers_tarball.sh @@ -0,0 +1,85 @@ +#!/bin/bash +# +# This script is aimed at generating the headers from the kernel sources. +# Please do a git checkout of the kernel sources, or run until %prep step of +# kernel rpm build. Then go into the directory with the sources, and run this +# script +# +# Author: Herton R. Krzesinski + +# ARCH_LIST below has the default list of supported architectures +# (the architectures names may be different from rpm, you list here the +# names of arch/ directories in the kernel sources) +ARCH_LIST="arm arm64 powerpc s390 x86" + +# If the kernel Makefile doesn't contain enough information for the tarball +# release, you can specify the release of the package so it'll be included +# in the name of the created tarball +TB_RELEASE="1" + +# If kernel Makefile has the package release number, you can specify the name of +# Makefile variable here. +MAKE_RELEASE="" + +# Extra string (usually dist tag) that goes into the tarball name +EXTRA="" + +while [ ! -z "$1" ]; do + opt="$1" + case $opt in + --arch-list|-a) + ARCH_LIST="$2" + shift + ;; + --extra|-e) + EXTRA="$2" + shift + ;; + --make-release|-m) + MAKE_RELEASE=$2 + shift + ;; + --release|-r) + TB_RELEASE=$2 + shift + ;; + *) + echo "Unknown option ($1) to $0" + exit + ;; + esac + shift +done + +KVERSION=$(cat Makefile | sed -ne '/^VERSION\ =\ /{s///;p;q}') +KPATCHLEVEL=$(cat Makefile | sed -ne '/^PATCHLEVEL\ =\ /{s///;p;q}') +KSUBLEVEL=$(cat Makefile | sed -ne '/^SUBLEVEL\ =\ /{s///;p;q}') +TB_VERSION=$KVERSION.$KPATCHLEVEL.$KSUBLEVEL +if [ -z "$TB_RELEASE" ]; then + KEXTRAVERSION=$(cat Makefile | sed -ne '/^EXTRAVERSION\ =\ /{s///;p;q}') + DISTRO_RELEASE="" + if [ -n "$MAKE_RELEASE" ]; then + DISTRO_RELEASE=.$(cat Makefile | sed -ne "/^$MAKE_RELEASE\ =\ /{s///;p;q}") + fi + if [ -n "$KEXTRAVERSION" ]; then + KEXTRAVERSION=$(echo $KEXTRAVERSION | sed -e s/-/./) + TB_RELEASE=0$KEXTRAVERSION$DISTRO_RELEASE$EXTRA + else + TB_RELEASE=$DISTRO_RELEASE$EXTRA + fi +fi + +headers_dir=$(mktemp -d) +trap 'rm -rf "$headers_dir"' SIGHUP SIGINT SIGTERM EXIT + +make HDR_ARCH_LIST="$ARCH_LIST" INSTALL_HDR_PATH=$headers_dir headers_install_all +find $headers_dir \ + \( -name .install -o -name .check -o \ + -name ..install.cmd -o -name ..check.cmd \) | xargs rm -f + +TARBALL=$PWD/kernel-headers-$TB_VERSION-$TB_RELEASE.tar.xz +pushd $headers_dir + tar -Jcf $TARBALL * +popd + +echo wrote $TARBALL -- cgit From 32987359b56bea1c24d90787479ee72d798162ea Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Mon, 30 Jul 2018 08:43:30 -0500 Subject: Linux v4.17.11 --- ...u-intel-iommu-Enable-CONFIG_DMA_DIRECT_OP.patch | 125 --------------------- kernel.spec | 13 ++- sources | 2 +- 3 files changed, 10 insertions(+), 130 deletions(-) delete mode 100644 Revert-iommu-intel-iommu-Enable-CONFIG_DMA_DIRECT_OP.patch diff --git a/Revert-iommu-intel-iommu-Enable-CONFIG_DMA_DIRECT_OP.patch b/Revert-iommu-intel-iommu-Enable-CONFIG_DMA_DIRECT_OP.patch deleted file mode 100644 index 46212341f..000000000 --- a/Revert-iommu-intel-iommu-Enable-CONFIG_DMA_DIRECT_OP.patch +++ /dev/null @@ -1,125 +0,0 @@ -From 3c16e0cc4ace8bd838bf234caead5a766b07fe9d Mon Sep 17 00:00:00 2001 -From: Christoph Hellwig -Date: Thu, 5 Jul 2018 13:29:55 -0600 -Subject: [PATCH] Revert "iommu/intel-iommu: Enable CONFIG_DMA_DIRECT_OPS=y and - clean up intel_{alloc,free}_coherent()" - -This commit may cause a less than required dma mask to be used for -some allocations, which apparently leads to module load failures for -iwlwifi sometimes. - -This reverts commit d657c5c73ca987214a6f9436e435b34fc60f332a. - -Signed-off-by: Christoph Hellwig -Reported-by: Fabio Coatti -Tested-by: Fabio Coatti -Signed-off-by: Jeremy Cline ---- - drivers/iommu/Kconfig | 1 - - drivers/iommu/intel-iommu.c | 62 +++++++++++++++++++++++++++---------- - 2 files changed, 46 insertions(+), 17 deletions(-) - -diff --git a/drivers/iommu/Kconfig b/drivers/iommu/Kconfig -index b38798cc5288..f3a21343e636 100644 ---- a/drivers/iommu/Kconfig -+++ b/drivers/iommu/Kconfig -@@ -142,7 +142,6 @@ config DMAR_TABLE - config INTEL_IOMMU - bool "Support for Intel IOMMU using DMA Remapping Devices" - depends on PCI_MSI && ACPI && (X86 || IA64_GENERIC) -- select DMA_DIRECT_OPS - select IOMMU_API - select IOMMU_IOVA - select DMAR_TABLE -diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c -index 749d8f235346..6392a4964fc5 100644 ---- a/drivers/iommu/intel-iommu.c -+++ b/drivers/iommu/intel-iommu.c -@@ -31,7 +31,6 @@ - #include - #include - #include --#include - #include - #include - #include -@@ -3709,30 +3708,61 @@ static void *intel_alloc_coherent(struct device *dev, size_t size, - dma_addr_t *dma_handle, gfp_t flags, - unsigned long attrs) - { -- void *vaddr; -+ struct page *page = NULL; -+ int order; - -- vaddr = dma_direct_alloc(dev, size, dma_handle, flags, attrs); -- if (iommu_no_mapping(dev) || !vaddr) -- return vaddr; -+ size = PAGE_ALIGN(size); -+ order = get_order(size); - -- *dma_handle = __intel_map_single(dev, virt_to_phys(vaddr), -- PAGE_ALIGN(size), DMA_BIDIRECTIONAL, -- dev->coherent_dma_mask); -- if (!*dma_handle) -- goto out_free_pages; -- return vaddr; -+ if (!iommu_no_mapping(dev)) -+ flags &= ~(GFP_DMA | GFP_DMA32); -+ else if (dev->coherent_dma_mask < dma_get_required_mask(dev)) { -+ if (dev->coherent_dma_mask < DMA_BIT_MASK(32)) -+ flags |= GFP_DMA; -+ else -+ flags |= GFP_DMA32; -+ } -+ -+ if (gfpflags_allow_blocking(flags)) { -+ unsigned int count = size >> PAGE_SHIFT; -+ -+ page = dma_alloc_from_contiguous(dev, count, order, flags); -+ if (page && iommu_no_mapping(dev) && -+ page_to_phys(page) + size > dev->coherent_dma_mask) { -+ dma_release_from_contiguous(dev, page, count); -+ page = NULL; -+ } -+ } -+ -+ if (!page) -+ page = alloc_pages(flags, order); -+ if (!page) -+ return NULL; -+ memset(page_address(page), 0, size); -+ -+ *dma_handle = __intel_map_single(dev, page_to_phys(page), size, -+ DMA_BIDIRECTIONAL, -+ dev->coherent_dma_mask); -+ if (*dma_handle) -+ return page_address(page); -+ if (!dma_release_from_contiguous(dev, page, size >> PAGE_SHIFT)) -+ __free_pages(page, order); - --out_free_pages: -- dma_direct_free(dev, size, vaddr, *dma_handle, attrs); - return NULL; - } - - static void intel_free_coherent(struct device *dev, size_t size, void *vaddr, - dma_addr_t dma_handle, unsigned long attrs) - { -- if (!iommu_no_mapping(dev)) -- intel_unmap(dev, dma_handle, PAGE_ALIGN(size)); -- dma_direct_free(dev, size, vaddr, dma_handle, attrs); -+ int order; -+ struct page *page = virt_to_page(vaddr); -+ -+ size = PAGE_ALIGN(size); -+ order = get_order(size); -+ -+ intel_unmap(dev, dma_handle, size); -+ if (!dma_release_from_contiguous(dev, page, size >> PAGE_SHIFT)) -+ __free_pages(page, order); - } - - static void intel_unmap_sg(struct device *dev, struct scatterlist *sglist, --- -2.17.1 - diff --git a/kernel.spec b/kernel.spec index c3d0ef38b..63717ceaa 100644 --- a/kernel.spec +++ b/kernel.spec @@ -54,7 +54,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 10 +%define stable_update 11 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -126,6 +126,10 @@ Summary: The Linux kernel # See also 'make debug' and 'make release'. %define debugbuildsenabled 1 +# Kernel headers are being split out into a separate package +%define with_headers 0 +%define with_cross_headers 0 + %if %{with_verbose} %define make_opts V=1 %else @@ -667,9 +671,6 @@ Patch523: 0001-xfs-More-robust-inode-extent-count-validation.patch # rhbz 1597333 # Patch526: xhci-Fix-perceived-dead-host-due-to-runtime-suspend-.patch -# rbhz 1607092 -Patch528: Revert-iommu-intel-iommu-Enable-CONFIG_DMA_DIRECT_OP.patch - # rhbz 1602971 Patch529: ext4-fix-false-negative-and-false-positives.patch @@ -1923,6 +1924,10 @@ fi # # %changelog +* Mon Jul 30 2018 Justin M. Forbes - 4.17.11-100 +- Linux v4.17.11 +- Turn off kernel-headers for the split + * Wed Jul 25 2018 Justin M. Forbes - 4.17.10-100 - Linux v4.17.10 diff --git a/sources b/sources index 99f6c7c2c..101c9f35a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (linux-4.17.tar.xz) = 4d9de340a26155a89ea8773131c76220cc2057f2b5d031b467b60e8b14c1842518e2d60a863d8c695f0f7640f3f18d43826201984a238dade857b6cef79837db -SHA512 (patch-4.17.10.xz) = 4ed5a6d47de7b4153805d937c44cb5eb03628a590d597c38be299afe67047611a6b37b1c13d0a8503de296779fc4ad6337dd4209f06b375c0111400b454b59c7 +SHA512 (patch-4.17.11.xz) = 6cab8f1aecceb0491dca25afa088f9601178c8dfec51551afd34e219600bba54f65f929d9a10948cdb5595e339e096473127b55b1142e6dbe9a818149bec307d -- cgit From 020145bd7b3ce8ed2e2fddf47b35a10c1b46741d Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Mon, 30 Jul 2018 09:13:37 -0500 Subject: Fix CVE-2018-14678 (rhbz 1608559 1608560) --- kernel.spec | 3 ++ xsa274-linux-4_17.patch | 127 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 130 insertions(+) create mode 100644 xsa274-linux-4_17.patch diff --git a/kernel.spec b/kernel.spec index 63717ceaa..62f8a1e25 100644 --- a/kernel.spec +++ b/kernel.spec @@ -674,6 +674,8 @@ Patch523: 0001-xfs-More-robust-inode-extent-count-validation.patch # rhbz 1602971 Patch529: ext4-fix-false-negative-and-false-positives.patch +# CVE-2018-14678 rhbz 1608559 1608560 +Patch530: xsa274-linux-4_17.patch # END OF PATCH DEFINITIONS @@ -1927,6 +1929,7 @@ fi * Mon Jul 30 2018 Justin M. Forbes - 4.17.11-100 - Linux v4.17.11 - Turn off kernel-headers for the split +- Fix CVE-2018-14678 (rhbz 1608559 1608560) * Wed Jul 25 2018 Justin M. Forbes - 4.17.10-100 - Linux v4.17.10 diff --git a/xsa274-linux-4_17.patch b/xsa274-linux-4_17.patch new file mode 100644 index 000000000..7a9bbf768 --- /dev/null +++ b/xsa274-linux-4_17.patch @@ -0,0 +1,127 @@ +From 8df635007e0737887522eebee886155602b8809b Mon Sep 17 00:00:00 2001 +From: Andy Lutomirski +Date: Sun, 22 Jul 2018 11:05:09 -0700 +Subject: [PATCH] x86/entry/64: Remove %ebx handling from error_entry/exit + +error_entry and error_exit communicate the user vs kernel status of +the frame using %ebx. This is unnecessary -- the information is in +regs->cs. Just use regs->cs. + +This makes error_entry simpler and makes error_exit more robust. + +It also fixes a nasty bug. Before all the Spectre nonsense, The +xen_failsafe_callback entry point returned like this: + + ALLOC_PT_GPREGS_ON_STACK + SAVE_C_REGS + SAVE_EXTRA_REGS + ENCODE_FRAME_POINTER + jmp error_exit + +And it did not go through error_entry. This was bogus: RBX +contained garbage, and error_exit expected a flag in RBX. +Fortunately, it generally contained *nonzero* garbage, so the +correct code path was used. As part of the Spectre fixes, code was +added to clear RBX to mitigate certain speculation attacks. Now, +depending on kernel configuration, RBX got zeroed and, when running +some Wine workloads, the kernel crashes. This was introduced by: + + commit 3ac6d8c787b8 ("x86/entry/64: Clear registers for + exceptions/interrupts, to reduce speculation attack surface") + +With this patch applied, RBX is no longer needed as a flag, and the +problem goes away. + +I suspect that malicious userspace could use this bug to crash the +kernel even without the offending patch applied, though. + +[Historical note: I wrote this patch as a cleanup before I was aware + of the bug it fixed.] + +[Note to stable maintainers: this should probably get applied to all + kernels. If you're nervous about that, a more conservative fix to + add xorl %ebx,%ebx; incl %ebx before the jump to error_exit should + also fix the problem.] + +Cc: Brian Gerst +Cc: Borislav Petkov +Cc: Dominik Brodowski +Cc: Ingo Molnar +Cc: "H. Peter Anvin" +Cc: Thomas Gleixner +Cc: Boris Ostrovsky +Cc: Juergen Gross +Cc: xen-devel@lists.xenproject.org +Cc: x86@kernel.org +Cc: stable@vger.kernel.org +Fixes: 3ac6d8c787b8 ("x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface") +Reported-and-tested-by: "M. Vefa Bicakci" +Signed-off-by: Andy Lutomirski +--- + arch/x86/entry/entry_64.S | 18 ++++-------------- + 1 file changed, 4 insertions(+), 14 deletions(-) + +diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S +index 73a522d53b53..8ae7ffda8f98 100644 +--- a/arch/x86/entry/entry_64.S ++++ b/arch/x86/entry/entry_64.S +@@ -981,7 +981,7 @@ ENTRY(\sym) + + call \do_sym + +- jmp error_exit /* %ebx: no swapgs flag */ ++ jmp error_exit + .endif + END(\sym) + .endm +@@ -1222,7 +1222,6 @@ END(paranoid_exit) + + /* + * Save all registers in pt_regs, and switch GS if needed. +- * Return: EBX=0: came from user mode; EBX=1: otherwise + */ + ENTRY(error_entry) + UNWIND_HINT_FUNC +@@ -1269,7 +1268,6 @@ ENTRY(error_entry) + * for these here too. + */ + .Lerror_kernelspace: +- incl %ebx + leaq native_irq_return_iret(%rip), %rcx + cmpq %rcx, RIP+8(%rsp) + je .Lerror_bad_iret +@@ -1303,28 +1301,20 @@ ENTRY(error_entry) + + /* + * Pretend that the exception came from user mode: set up pt_regs +- * as if we faulted immediately after IRET and clear EBX so that +- * error_exit knows that we will be returning to user mode. ++ * as if we faulted immediately after IRET. + */ + mov %rsp, %rdi + call fixup_bad_iret + mov %rax, %rsp +- decl %ebx + jmp .Lerror_entry_from_usermode_after_swapgs + END(error_entry) + +- +-/* +- * On entry, EBX is a "return to kernel mode" flag: +- * 1: already in kernel mode, don't need SWAPGS +- * 0: user gsbase is loaded, we need SWAPGS and standard preparation for return to usermode +- */ + ENTRY(error_exit) + UNWIND_HINT_REGS + DISABLE_INTERRUPTS(CLBR_ANY) + TRACE_IRQS_OFF +- testl %ebx, %ebx +- jnz retint_kernel ++ testb $3, CS(%rsp) ++ jz retint_kernel + jmp retint_user + END(error_exit) + +-- +2.18.0 + -- cgit