From bce73f3d6b6cdc01d4d800ed1c3457a6b97414b5 Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Thu, 2 May 2019 06:45:10 -0700 Subject: Linux v5.0.11 --- ...i915-fbdev-Actually-configure-untiled-dis.patch | 60 ---------- kernel.spec | 14 +-- ...s-blocked-on-file_lock-before-deleting-it.patch | 108 ----------------- sources | 2 +- vfio-type1-limit-dma-mappings-per-container.patch | 130 --------------------- 5 files changed, 5 insertions(+), 309 deletions(-) delete mode 100644 0001-Revert-drm-i915-fbdev-Actually-configure-untiled-dis.patch delete mode 100644 nfsd-wake-waiters-blocked-on-file_lock-before-deleting-it.patch delete mode 100644 vfio-type1-limit-dma-mappings-per-container.patch diff --git a/0001-Revert-drm-i915-fbdev-Actually-configure-untiled-dis.patch b/0001-Revert-drm-i915-fbdev-Actually-configure-untiled-dis.patch deleted file mode 100644 index b6fa0783c..000000000 --- a/0001-Revert-drm-i915-fbdev-Actually-configure-untiled-dis.patch +++ /dev/null @@ -1,60 +0,0 @@ -From e90ac616e4b1d49ec9092086b0e10108df12157d Mon Sep 17 00:00:00 2001 -From: Fedora Kernel Team -Date: Tue, 5 Mar 2019 12:56:35 -0600 -Subject: [PATCH] Revert drm/i915/fbdev: Actually configure untiled displays - ---- - drivers/gpu/drm/i915/intel_fbdev.c | 12 +++++------- - 1 file changed, 5 insertions(+), 7 deletions(-) - -diff --git a/drivers/gpu/drm/i915/intel_fbdev.c b/drivers/gpu/drm/i915/intel_fbdev.c -index e0c02a9..9e2e998 100644 ---- a/drivers/gpu/drm/i915/intel_fbdev.c -+++ b/drivers/gpu/drm/i915/intel_fbdev.c -@@ -336,8 +336,8 @@ static bool intel_fb_initial_config(struct drm_fb_helper *fb_helper, - bool *enabled, int width, int height) - { - struct drm_i915_private *dev_priv = to_i915(fb_helper->dev); -+ unsigned long conn_configured, conn_seq, mask; - unsigned int count = min(fb_helper->connector_count, BITS_PER_LONG); -- unsigned long conn_configured, conn_seq; - int i, j; - bool *save_enabled; - bool fallback = true, ret = true; -@@ -355,9 +355,10 @@ static bool intel_fb_initial_config(struct drm_fb_helper *fb_helper, - drm_modeset_backoff(&ctx); - - memcpy(save_enabled, enabled, count); -- conn_seq = GENMASK(count - 1, 0); -+ mask = GENMASK(count - 1, 0); - conn_configured = 0; - retry: -+ conn_seq = conn_configured; - for (i = 0; i < count; i++) { - struct drm_fb_helper_connector *fb_conn; - struct drm_connector *connector; -@@ -370,8 +371,7 @@ static bool intel_fb_initial_config(struct drm_fb_helper *fb_helper, - if (conn_configured & BIT(i)) - continue; - -- /* First pass, only consider tiled connectors */ -- if (conn_seq == GENMASK(count - 1, 0) && !connector->has_tile) -+ if (conn_seq == 0 && !connector->has_tile) - continue; - - if (connector->status == connector_status_connected) -@@ -475,10 +475,8 @@ static bool intel_fb_initial_config(struct drm_fb_helper *fb_helper, - conn_configured |= BIT(i); - } - -- if (conn_configured != conn_seq) { /* repeat until no more are found */ -- conn_seq = conn_configured; -+ if ((conn_configured & mask) != mask && conn_configured != conn_seq) - goto retry; -- } - - /* - * If the BIOS didn't enable everything it could, fall back to have the --- -2.20.1 - diff --git a/kernel.spec b/kernel.spec index a20455add..39ea4da33 100644 --- a/kernel.spec +++ b/kernel.spec @@ -54,7 +54,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 10 +%define stable_update 11 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -608,24 +608,15 @@ Patch501: input-rmi4-remove-the-need-for-artifical-IRQ.patch # https://patchwork.kernel.org/patch/10752253/ Patch504: efi-use-32-bit-alignment-for-efi_guid_t.patch -# https://bugs.freedesktop.org/show_bug.cgi?id=109806 -Patch512: 0001-Revert-drm-i915-fbdev-Actually-configure-untiled-dis.patch - # rhbz 1689750, patch submitted upstream Patch513: 0001-virt-vbox-Implement-passing-requestor-info-to-the-ho.patch # rhbz 1683382 Patch515: nfsv4.1-avoid-false-retries.patch -# CVE-2019-3882 rhbz 1689426 1695571 -Patch517: vfio-type1-limit-dma-mappings-per-container.patch - # CVE-2019-9500 rhbz 1701224 1701226 Patch518: 0001-brcmfmac-assure-SSID-length-from-firmware-is-limited.patch -# rhbz 1701077 -Patch519: nfsd-wake-waiters-blocked-on-file_lock-before-deleting-it.patch - # CVE-2019-9503 rhbz 1701842 1701843 Patch520: 0001-brcmfmac-add-subtype-check-for-event-handling-in-dat.patch @@ -1928,6 +1919,9 @@ fi # # %changelog +* Thu May 02 2019 Laura Abbott - 5.0.11-100 +- Linux v5.0.11 + * Tue Apr 30 2019 Hans de Goede - Fix wifi on various ideapad models not working (rhbz#1703338) diff --git a/nfsd-wake-waiters-blocked-on-file_lock-before-deleting-it.patch b/nfsd-wake-waiters-blocked-on-file_lock-before-deleting-it.patch deleted file mode 100644 index 0b4cfbe16..000000000 --- a/nfsd-wake-waiters-blocked-on-file_lock-before-deleting-it.patch +++ /dev/null @@ -1,108 +0,0 @@ -From patchwork Sat Apr 20 10:15:48 2019 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -X-Patchwork-Submitter: Jeff Layton -X-Patchwork-Id: 10910147 -Return-Path: -Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org - [172.30.200.125]) - by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0C1AE14DB - for ; - Sat, 20 Apr 2019 10:15:53 +0000 (UTC) -Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) - by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E858821FAC - for ; - Sat, 20 Apr 2019 10:15:52 +0000 (UTC) -Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) - id D5EA228818; Sat, 20 Apr 2019 10:15:52 +0000 (UTC) -X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on - pdx-wl-mail.web.codeaurora.org -X-Spam-Level: -X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, - DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham - version=3.3.1 -Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) - by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BF69021FAC - for ; - Sat, 20 Apr 2019 10:15:51 +0000 (UTC) -Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand - id S1726082AbfDTKPu (ORCPT - ); - Sat, 20 Apr 2019 06:15:50 -0400 -Received: from mail.kernel.org ([198.145.29.99]:36092 "EHLO mail.kernel.org" - rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP - id S1725920AbfDTKPu (ORCPT ); - Sat, 20 Apr 2019 06:15:50 -0400 -Received: from tleilax.poochiereds.net (cpe-71-70-156-158.nc.res.rr.com - [71.70.156.158]) - (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) - (No client certificate requested) - by mail.kernel.org (Postfix) with ESMTPSA id 649D32087B; - Sat, 20 Apr 2019 10:15:49 +0000 (UTC) -DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; - s=default; t=1555755349; - bh=Sqynm2vSbQ1pAh/3FcXrwFTMrJUwFTkrxoodJHFBfA0=; - h=From:To:Cc:Subject:Date:From; - b=TFlYii+F3H67zOX8b/mENa/XRCx1SjMI2/gLtscPnA5l6T0dG8aC/E+FJLvMeNLHo - pu2zlPSdszk+MBMfWQrfUpKGCP7CPqfyk7F1rXRIr6kNYp2tE2gKYyIWvCkVPE45iX - LngnHXERmf/R52j7gg2ENj+yjuOh07AifhxH1J00= -From: Jeff Layton -To: bfields@fieldses.org -Cc: slawek1211@gmail.com, neilb@suse.com, linux-nfs@vger.kernel.org -Subject: [PATCH] nfsd: wake waiters blocked on file_lock before deleting it -Date: Sat, 20 Apr 2019 06:15:48 -0400 -Message-Id: <20190420101548.8552-1-jlayton@kernel.org> -X-Mailer: git-send-email 2.20.1 -MIME-Version: 1.0 -Sender: linux-nfs-owner@vger.kernel.org -Precedence: bulk -List-ID: -X-Mailing-List: linux-nfs@vger.kernel.org -X-Virus-Scanned: ClamAV using ClamSMTP - -After a blocked nfsd file_lock request is deleted, knfsd will send a -callback to the client and then free the request. Commit 16306a61d3b7 -("fs/locks: always delete_block after waiting.") changed it such that -locks_delete_block is always called on a request after it is awoken, -but that patch missed fixing up blocked nfsd request handling. - -Call locks_delete_block on the block to wake up any locks still blocked -on the nfsd lock request before sending the callback. - -URL: https://bugzilla.kernel.org/show_bug.cgi?id=203363 -Fixes: 16306a61d3b7 ("fs/locks: always delete_block after waiting.") -Reported-by: Slawomir Pryczek -Cc: Neil Brown -Signed-off-by: Jeff Layton ---- - fs/nfsd/nfs4state.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c -index 6a45fb00c5fc..1960e8fd9ad1 100644 ---- a/fs/nfsd/nfs4state.c -+++ b/fs/nfsd/nfs4state.c -@@ -298,6 +298,14 @@ remove_blocked_locks(struct nfs4_lockowner *lo) - } - } - -+static void -+nfsd4_cb_notify_lock_prepare(struct nfsd4_callback *cb) -+{ -+ struct nfsd4_blocked_lock *nbl = container_of(cb, -+ struct nfsd4_blocked_lock, nbl_cb); -+ locks_delete_block(&nbl->nbl_lock); -+} -+ - static int - nfsd4_cb_notify_lock_done(struct nfsd4_callback *cb, struct rpc_task *task) - { -@@ -325,6 +333,7 @@ nfsd4_cb_notify_lock_release(struct nfsd4_callback *cb) - } - - static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops = { -+ .prepare = nfsd4_cb_notify_lock_prepare, - .done = nfsd4_cb_notify_lock_done, - .release = nfsd4_cb_notify_lock_release, - }; diff --git a/sources b/sources index a3219f3dc..0f8112680 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (linux-5.0.tar.xz) = 3fbab70c7b03b1a10e9fa14d1e2e1f550faba4f5792b7699ca006951da74ab86e7d7f19c6a67849ab99343186e7d6f2752cd910d76222213b93c1eab90abf1b0 -SHA512 (patch-5.0.10.xz) = 3e8d1a71b710a58436f7e437850c28d22e9df5de8a73d830e23261953dc563caf847695348589a061654ac18d60b5ccabe58afaf72fe5b018ed25fcaa63efd83 +SHA512 (patch-5.0.11.xz) = 6b23d9aef3d2f703bf17ab2ef3b2fa172a48a7620e0b7247fc78ed8b84dbe1dd769d4740dd0257377b6c47db48c9763a22ba0f716e5df2469c1e70d7921fcedb diff --git a/vfio-type1-limit-dma-mappings-per-container.patch b/vfio-type1-limit-dma-mappings-per-container.patch deleted file mode 100644 index da814fa0e..000000000 --- a/vfio-type1-limit-dma-mappings-per-container.patch +++ /dev/null @@ -1,130 +0,0 @@ -From mboxrd@z Thu Jan 1 00:00:00 1970 -Return-Path: -X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on - aws-us-west-2-korg-lkml-1.web.codeaurora.org -X-Spam-Level: -X-Spam-Status: No, score=-7.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, - INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS autolearn=ham - autolearn_force=no version=3.4.0 -Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) - by smtp.lore.kernel.org (Postfix) with ESMTP id 5BCBAC43381 - for ; Mon, 1 Apr 2019 20:16:59 +0000 (UTC) -Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) - by mail.kernel.org (Postfix) with ESMTP id 31C4F20896 - for ; Mon, 1 Apr 2019 20:16:59 +0000 (UTC) -Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand - id S1726867AbfDAUQ5 (ORCPT - ); - Mon, 1 Apr 2019 16:16:57 -0400 -Received: from mx1.redhat.com ([209.132.183.28]:52924 "EHLO mx1.redhat.com" - rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP - id S1726284AbfDAUQ5 (ORCPT ); - Mon, 1 Apr 2019 16:16:57 -0400 -Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) - (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) - (No client certificate requested) - by mx1.redhat.com (Postfix) with ESMTPS id 6BC20307D933; - Mon, 1 Apr 2019 20:16:57 +0000 (UTC) -Received: from gimli.home (ovpn-116-99.phx2.redhat.com [10.3.116.99]) - by smtp.corp.redhat.com (Postfix) with ESMTP id AF2DC104C53F; - Mon, 1 Apr 2019 20:16:52 +0000 (UTC) -Subject: [PATCH] vfio/type1: Limit DMA mappings per container -From: Alex Williamson -To: alex.williamson@redhat.com -Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, - eric.auger@redhat.com, cohuck@redhat.com -Date: Mon, 01 Apr 2019 14:16:52 -0600 -Message-ID: <155414977872.12780.13728555131525362206.stgit@gimli.home> -User-Agent: StGit/0.19-dirty -MIME-Version: 1.0 -Content-Type: text/plain; charset="utf-8" -Content-Transfer-Encoding: 7bit -X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 -X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Mon, 01 Apr 2019 20:16:57 +0000 (UTC) -Sender: linux-kernel-owner@vger.kernel.org -Precedence: bulk -List-ID: -X-Mailing-List: linux-kernel@vger.kernel.org -Archived-At: -List-Archive: -List-Post: - -Memory backed DMA mappings are accounted against a user's locked -memory limit, including multiple mappings of the same memory. This -accounting bounds the number of such mappings that a user can create. -However, DMA mappings that are not backed by memory, such as DMA -mappings of device MMIO via mmaps, do not make use of page pinning -and therefore do not count against the user's locked memory limit. -These mappings still consume memory, but the memory is not well -associated to the process for the purpose of oom killing a task. - -To add bounding on this use case, we introduce a limit to the total -number of concurrent DMA mappings that a user is allowed to create. -This limit is exposed as a tunable module option where the default -value of 64K is expected to be well in excess of any reasonable use -case (a large virtual machine configuration would typically only make -use of tens of concurrent mappings). - -This fixes CVE-2019-3882. - -Signed-off-by: Alex Williamson ---- - drivers/vfio/vfio_iommu_type1.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c -index 73652e21efec..7fc8fd7d4dc7 100644 ---- a/drivers/vfio/vfio_iommu_type1.c -+++ b/drivers/vfio/vfio_iommu_type1.c -@@ -58,12 +58,18 @@ module_param_named(disable_hugepages, - MODULE_PARM_DESC(disable_hugepages, - "Disable VFIO IOMMU support for IOMMU hugepages."); - -+static int dma_entry_limit __read_mostly = U16_MAX; -+module_param_named(dma_entry_limit, dma_entry_limit, int, 0644); -+MODULE_PARM_DESC(dma_entry_limit, -+ "Maximum number of user DMA mappings per container (65535)."); -+ - struct vfio_iommu { - struct list_head domain_list; - struct vfio_domain *external_domain; /* domain for external user */ - struct mutex lock; - struct rb_root dma_list; - struct blocking_notifier_head notifier; -+ atomic_t dma_avail; - bool v2; - bool nesting; - }; -@@ -836,6 +842,7 @@ static void vfio_remove_dma(struct vfio_iommu *iommu, struct vfio_dma *dma) - vfio_unlink_dma(iommu, dma); - put_task_struct(dma->task); - kfree(dma); -+ atomic_inc(&iommu->dma_avail); - } - - static unsigned long vfio_pgsize_bitmap(struct vfio_iommu *iommu) -@@ -1081,8 +1088,14 @@ static int vfio_dma_do_map(struct vfio_iommu *iommu, - goto out_unlock; - } - -+ if (!atomic_add_unless(&iommu->dma_avail, -1, 0)) { -+ ret = -ENOSPC; -+ goto out_unlock; -+ } -+ - dma = kzalloc(sizeof(*dma), GFP_KERNEL); - if (!dma) { -+ atomic_inc(&iommu->dma_avail); - ret = -ENOMEM; - goto out_unlock; - } -@@ -1583,6 +1596,7 @@ static void *vfio_iommu_type1_open(unsigned long arg) - - INIT_LIST_HEAD(&iommu->domain_list); - iommu->dma_list = RB_ROOT; -+ atomic_set(&iommu->dma_avail, dma_entry_limit); - mutex_init(&iommu->lock); - BLOCKING_INIT_NOTIFIER_HEAD(&iommu->notifier); - - - -- cgit