X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=kernel-small_fixes.patch;h=ab67422d8adb7792acda21640f5c9d06fd1b8177;hb=aa808cbc80e075ec8e87fb01d799c0cdcee4502f;hp=5c9ff24b1b0f50dc54988023210ad336a9bb7890;hpb=86d8ac69cca9b0a708b66f420dc15fb18d2e2f0f;p=packages%2Fkernel.git diff --git a/kernel-small_fixes.patch b/kernel-small_fixes.patch index 5c9ff24b..ab67422d 100644 --- a/kernel-small_fixes.patch +++ b/kernel-small_fixes.patch @@ -1,74 +1,172 @@ ---- linux-2.6.33/scripts/mod/modpost.c~ 2010-02-24 19:52:17.000000000 +0100 -+++ linux-2.6.33/scripts/mod/modpost.c 2010-03-07 14:26:47.242168558 +0100 -@@ -15,7 +15,8 @@ - #include - #include - #include "modpost.h" --#include "../../include/generated/autoconf.h" -+// PLD architectures don't use CONFIG_SYMBOL_PREFIX -+//#include "../../include/generated/autoconf.h" - #include "../../include/linux/license.h" - - /* Some toolchains use a `_' prefix for all user symbols. */ +--- linux-5.1/net/sunrpc/Kconfig~ 2019-05-06 02:42:58.000000000 +0200 ++++ linux-5.1/net/sunrpc/Kconfig 2019-05-10 12:54:36.566903892 +0200 +@@ -34,7 +34,7 @@ config RPCSEC_GSS_KRB5 + + If unsure, say Y. + +-config CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES ++config SUNRPC_DISABLE_INSECURE_ENCTYPES + bool "Secure RPC: Disable insecure Kerberos encryption types" + depends on RPCSEC_GSS_KRB5 + default n +Move setting up operation and write hint to xfs_alloc_ioend, and +then just copy over all needed information from the previous bio +in xfs_chain_bio and stop passing various parameters to it. ---- linux-3.0/scripts/kconfig/lxdialog/check-lxdialog.sh~ 2011-07-22 04:17:23.000000000 +0200 -+++ linux-3.0/scripts/kconfig/lxdialog/check-lxdialog.sh 2011-08-25 21:26:04.799150642 +0200 -@@ -9,6 +9,12 @@ - $cc -print-file-name=lib${lib}.${ext} | grep -q / - if [ $? -eq 0 ]; then - echo "-l${lib}" -+ for libt in tinfow tinfo ; do -+ $cc -print-file-name=lib${libt}.${ext} | grep -q / -+ if [ $? -eq 0 ]; then -+ echo "-l${libt}" -+ fi -+ done - exit - fi - done -From 8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7 Mon Sep 17 00:00:00 2001 -From: Jann Horn -Date: Tue, 26 Apr 2016 22:26:26 +0200 -Subject: bpf: fix double-fdput in replace_map_fd_with_map_ptr() +Signed-off-by: Christoph Hellwig +--- + fs/xfs/xfs_aops.c | 35 +++++++++++++++++------------------ + 1 file changed, 17 insertions(+), 18 deletions(-) -When bpf(BPF_PROG_LOAD, ...) was invoked with a BPF program whose bytecode -references a non-map file descriptor as a map file descriptor, the error -handling code called fdput() twice instead of once (in __bpf_map_get() and -in replace_map_fd_with_map_ptr()). If the file descriptor table of the -current task is shared, this causes f_count to be decremented too much, -allowing the struct file to be freed while it is still in use -(use-after-free). This can be exploited to gain root privileges by an -unprivileged user. +diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c +index a6f0f4761a37..9cceb90e77c5 100644 +--- a/fs/xfs/xfs_aops.c ++++ b/fs/xfs/xfs_aops.c +@@ -665,7 +665,6 @@ xfs_submit_ioend( + + ioend->io_bio->bi_private = ioend; + ioend->io_bio->bi_end_io = xfs_end_bio; +- ioend->io_bio->bi_opf = REQ_OP_WRITE | wbc_to_write_flags(wbc); + + /* + * If we are failing the IO now, just mark the ioend with an +@@ -679,7 +678,6 @@ xfs_submit_ioend( + return status; + } + +- ioend->io_bio->bi_write_hint = ioend->io_inode->i_write_hint; + submit_bio(ioend->io_bio); + return 0; + } +@@ -691,7 +689,8 @@ xfs_alloc_ioend( + xfs_exntst_t state, + xfs_off_t offset, + struct block_device *bdev, +- sector_t sector) ++ sector_t sector, ++ struct writeback_control *wbc) + { + struct xfs_ioend *ioend; + struct bio *bio; +@@ -699,6 +698,8 @@ xfs_alloc_ioend( + bio = bio_alloc_bioset(GFP_NOFS, BIO_MAX_PAGES, &xfs_ioend_bioset); + bio_set_dev(bio, bdev); + bio->bi_iter.bi_sector = sector; ++ bio->bi_opf = REQ_OP_WRITE | wbc_to_write_flags(wbc); ++ bio->bi_write_hint = inode->i_write_hint; + + ioend = container_of(bio, struct xfs_ioend, io_inline_bio); + INIT_LIST_HEAD(&ioend->io_list); +@@ -719,24 +720,22 @@ xfs_alloc_ioend( + * so that the bi_private linkage is set up in the right direction for the + * traversal in xfs_destroy_ioend(). + */ +-static void ++static struct bio * + xfs_chain_bio( +- struct xfs_ioend *ioend, +- struct writeback_control *wbc, +- struct block_device *bdev, +- sector_t sector) ++ struct bio *prev) + { + struct bio *new; + + new = bio_alloc(GFP_NOFS, BIO_MAX_PAGES); +- bio_set_dev(new, bdev); +- new->bi_iter.bi_sector = sector; +- bio_chain(ioend->io_bio, new); +- bio_get(ioend->io_bio); /* for xfs_destroy_ioend */ +- ioend->io_bio->bi_opf = REQ_OP_WRITE | wbc_to_write_flags(wbc); +- ioend->io_bio->bi_write_hint = ioend->io_inode->i_write_hint; +- submit_bio(ioend->io_bio); +- ioend->io_bio = new; ++ bio_copy_dev(new, prev); ++ new->bi_iter.bi_sector = bio_end_sector(prev); ++ new->bi_opf = prev->bi_opf; ++ new->bi_write_hint = prev->bi_write_hint; ++ ++ bio_chain(prev, new); ++ bio_get(prev); /* for xfs_destroy_ioend */ ++ submit_bio(prev); ++ return new; + } + + /* +@@ -772,7 +772,7 @@ xfs_add_to_ioend( + if (wpc->ioend) + list_add(&wpc->ioend->io_list, iolist); + wpc->ioend = xfs_alloc_ioend(inode, wpc->fork, +- wpc->imap.br_state, offset, bdev, sector); ++ wpc->imap.br_state, offset, bdev, sector, wbc); + } + + merged = __bio_try_merge_page(wpc->ioend->io_bio, page, len, poff, +@@ -783,7 +783,7 @@ xfs_add_to_ioend( + + if (!merged) { + if (bio_full(wpc->ioend->io_bio, len)) +- xfs_chain_bio(wpc->ioend, wbc, bdev, sector); ++ wpc->ioend->io_bio = xfs_chain_bio(wpc->ioend->io_bio); + bio_add_page(wpc->ioend->io_bio, page, len, poff); + } + +-- +2.20.1 -This bug was introduced in -commit 0246e64d9a5f ("bpf: handle pseudo BPF_LD_IMM64 insn"), but is only -exploitable since -commit 1be7f75d1668 ("bpf: enable non-root eBPF programs") because -previously, CAP_SYS_ADMIN was required to reach the vulnerable code. -(posted publicly according to request by maintainer) +Link every newly allocated writeback bio to cgroup pointed to by the +writeback control structure, and charge every byte written back to it. -Signed-off-by: Jann Horn -Signed-off-by: Linus Torvalds -Acked-by: Alexei Starovoitov -Acked-by: Daniel Borkmann -Signed-off-by: David S. Miller +Tested-by: Stefan Priebe - Profihost AG +Signed-off-by: Christoph Hellwig --- - kernel/bpf/verifier.c | 1 - - 1 file changed, 1 deletion(-) + fs/xfs/xfs_aops.c | 4 +++- + fs/xfs/xfs_super.c | 2 ++ + 2 files changed, 5 insertions(+), 1 deletion(-) -diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c -index 618ef77..db2574e 100644 ---- a/kernel/bpf/verifier.c -+++ b/kernel/bpf/verifier.c -@@ -2030,7 +2030,6 @@ static int replace_map_fd_with_map_ptr(struct verifier_env *env) - if (IS_ERR(map)) { - verbose("fd %d is not pointing to valid bpf_map\n", - insn->imm); -- fdput(f); - return PTR_ERR(map); - } +diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c +index 9cceb90e77c5..73c291aeae17 100644 +--- a/fs/xfs/xfs_aops.c ++++ b/fs/xfs/xfs_aops.c +@@ -700,6 +700,7 @@ xfs_alloc_ioend( + bio->bi_iter.bi_sector = sector; + bio->bi_opf = REQ_OP_WRITE | wbc_to_write_flags(wbc); + bio->bi_write_hint = inode->i_write_hint; ++ wbc_init_bio(wbc, bio); + + ioend = container_of(bio, struct xfs_ioend, io_inline_bio); + INIT_LIST_HEAD(&ioend->io_list); +@@ -727,7 +728,7 @@ xfs_chain_bio( + struct bio *new; + + new = bio_alloc(GFP_NOFS, BIO_MAX_PAGES); +- bio_copy_dev(new, prev); ++ bio_copy_dev(new, prev);/* also copies over blkcg information */ + new->bi_iter.bi_sector = bio_end_sector(prev); + new->bi_opf = prev->bi_opf; + new->bi_write_hint = prev->bi_write_hint; +@@ -782,6 +783,7 @@ xfs_add_to_ioend( + } + + wpc->ioend->io_size += len; ++ wbc_account_io(wbc, page, len); + } + + STATIC void +diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c +index 594c119824cc..ee0df8f611ff 100644 +--- a/fs/xfs/xfs_super.c ++++ b/fs/xfs/xfs_super.c +@@ -1685,6 +1685,8 @@ xfs_fs_fill_super( + sb->s_maxbytes = xfs_max_file_offset(sb->s_blocksize_bits); + sb->s_max_links = XFS_MAXLINK; + sb->s_time_gran = 1; ++ sb->s_iflags |= SB_I_CGROUPWB; ++ + set_posix_acl_flag(sb); + /* version 5 superblocks support inode version counters. */ -- -cgit v0.12 +2.20.1