---- linux-2.6.33/scripts/mod/modpost.c~ 2010-02-24 19:52:17.000000000 +0100
-+++ linux-2.6.33/scripts/mod/modpost.c 2010-03-07 14:26:47.242168558 +0100
-@@ -15,7 +15,8 @@
- #include <stdio.h>
- #include <ctype.h>
- #include "modpost.h"
--#include "../../include/generated/autoconf.h"
-+// PLD architectures don't use CONFIG_SYMBOL_PREFIX
-+//#include "../../include/generated/autoconf.h"
- #include "../../include/linux/license.h"
-
- /* Some toolchains use a `_' prefix for all user symbols. */
+--- linux-5.1/net/sunrpc/Kconfig~ 2019-05-06 02:42:58.000000000 +0200
++++ linux-5.1/net/sunrpc/Kconfig 2019-05-10 12:54:36.566903892 +0200
+@@ -34,7 +34,7 @@ config RPCSEC_GSS_KRB5
+
+ If unsure, say Y.
+
+-config CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES
++config SUNRPC_DISABLE_INSECURE_ENCTYPES
+ bool "Secure RPC: Disable insecure Kerberos encryption types"
+ depends on RPCSEC_GSS_KRB5
+ default n
+Move setting up operation and write hint to xfs_alloc_ioend, and
+then just copy over all needed information from the previous bio
+in xfs_chain_bio and stop passing various parameters to it.
---- linux-3.0/scripts/kconfig/lxdialog/check-lxdialog.sh~ 2011-07-22 04:17:23.000000000 +0200
-+++ linux-3.0/scripts/kconfig/lxdialog/check-lxdialog.sh 2011-08-25 21:26:04.799150642 +0200
-@@ -9,6 +9,12 @@
- $cc -print-file-name=lib${lib}.${ext} | grep -q /
- if [ $? -eq 0 ]; then
- echo "-l${lib}"
-+ for libt in tinfow tinfo ; do
-+ $cc -print-file-name=lib${libt}.${ext} | grep -q /
-+ if [ $? -eq 0 ]; then
-+ echo "-l${libt}"
-+ fi
-+ done
- exit
- fi
- done
-From 8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7 Mon Sep 17 00:00:00 2001
-From: Jann Horn <jannh@google.com>
-Date: Tue, 26 Apr 2016 22:26:26 +0200
-Subject: bpf: fix double-fdput in replace_map_fd_with_map_ptr()
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+---
+ fs/xfs/xfs_aops.c | 35 +++++++++++++++++------------------
+ 1 file changed, 17 insertions(+), 18 deletions(-)
-When bpf(BPF_PROG_LOAD, ...) was invoked with a BPF program whose bytecode
-references a non-map file descriptor as a map file descriptor, the error
-handling code called fdput() twice instead of once (in __bpf_map_get() and
-in replace_map_fd_with_map_ptr()). If the file descriptor table of the
-current task is shared, this causes f_count to be decremented too much,
-allowing the struct file to be freed while it is still in use
-(use-after-free). This can be exploited to gain root privileges by an
-unprivileged user.
+diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c
+index a6f0f4761a37..9cceb90e77c5 100644
+--- a/fs/xfs/xfs_aops.c
++++ b/fs/xfs/xfs_aops.c
+@@ -665,7 +665,6 @@ xfs_submit_ioend(
+
+ ioend->io_bio->bi_private = ioend;
+ ioend->io_bio->bi_end_io = xfs_end_bio;
+- ioend->io_bio->bi_opf = REQ_OP_WRITE | wbc_to_write_flags(wbc);
+
+ /*
+ * If we are failing the IO now, just mark the ioend with an
+@@ -679,7 +678,6 @@ xfs_submit_ioend(
+ return status;
+ }
+
+- ioend->io_bio->bi_write_hint = ioend->io_inode->i_write_hint;
+ submit_bio(ioend->io_bio);
+ return 0;
+ }
+@@ -691,7 +689,8 @@ xfs_alloc_ioend(
+ xfs_exntst_t state,
+ xfs_off_t offset,
+ struct block_device *bdev,
+- sector_t sector)
++ sector_t sector,
++ struct writeback_control *wbc)
+ {
+ struct xfs_ioend *ioend;
+ struct bio *bio;
+@@ -699,6 +698,8 @@ xfs_alloc_ioend(
+ bio = bio_alloc_bioset(GFP_NOFS, BIO_MAX_PAGES, &xfs_ioend_bioset);
+ bio_set_dev(bio, bdev);
+ bio->bi_iter.bi_sector = sector;
++ bio->bi_opf = REQ_OP_WRITE | wbc_to_write_flags(wbc);
++ bio->bi_write_hint = inode->i_write_hint;
+
+ ioend = container_of(bio, struct xfs_ioend, io_inline_bio);
+ INIT_LIST_HEAD(&ioend->io_list);
+@@ -719,24 +720,22 @@ xfs_alloc_ioend(
+ * so that the bi_private linkage is set up in the right direction for the
+ * traversal in xfs_destroy_ioend().
+ */
+-static void
++static struct bio *
+ xfs_chain_bio(
+- struct xfs_ioend *ioend,
+- struct writeback_control *wbc,
+- struct block_device *bdev,
+- sector_t sector)
++ struct bio *prev)
+ {
+ struct bio *new;
+
+ new = bio_alloc(GFP_NOFS, BIO_MAX_PAGES);
+- bio_set_dev(new, bdev);
+- new->bi_iter.bi_sector = sector;
+- bio_chain(ioend->io_bio, new);
+- bio_get(ioend->io_bio); /* for xfs_destroy_ioend */
+- ioend->io_bio->bi_opf = REQ_OP_WRITE | wbc_to_write_flags(wbc);
+- ioend->io_bio->bi_write_hint = ioend->io_inode->i_write_hint;
+- submit_bio(ioend->io_bio);
+- ioend->io_bio = new;
++ bio_copy_dev(new, prev);
++ new->bi_iter.bi_sector = bio_end_sector(prev);
++ new->bi_opf = prev->bi_opf;
++ new->bi_write_hint = prev->bi_write_hint;
++
++ bio_chain(prev, new);
++ bio_get(prev); /* for xfs_destroy_ioend */
++ submit_bio(prev);
++ return new;
+ }
+
+ /*
+@@ -772,7 +772,7 @@ xfs_add_to_ioend(
+ if (wpc->ioend)
+ list_add(&wpc->ioend->io_list, iolist);
+ wpc->ioend = xfs_alloc_ioend(inode, wpc->fork,
+- wpc->imap.br_state, offset, bdev, sector);
++ wpc->imap.br_state, offset, bdev, sector, wbc);
+ }
+
+ merged = __bio_try_merge_page(wpc->ioend->io_bio, page, len, poff,
+@@ -783,7 +783,7 @@ xfs_add_to_ioend(
+
+ if (!merged) {
+ if (bio_full(wpc->ioend->io_bio, len))
+- xfs_chain_bio(wpc->ioend, wbc, bdev, sector);
++ wpc->ioend->io_bio = xfs_chain_bio(wpc->ioend->io_bio);
+ bio_add_page(wpc->ioend->io_bio, page, len, poff);
+ }
+
+--
+2.20.1
-This bug was introduced in
-commit 0246e64d9a5f ("bpf: handle pseudo BPF_LD_IMM64 insn"), but is only
-exploitable since
-commit 1be7f75d1668 ("bpf: enable non-root eBPF programs") because
-previously, CAP_SYS_ADMIN was required to reach the vulnerable code.
-(posted publicly according to request by maintainer)
+Link every newly allocated writeback bio to cgroup pointed to by the
+writeback control structure, and charge every byte written back to it.
-Signed-off-by: Jann Horn <jannh@google.com>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Acked-by: Alexei Starovoitov <ast@kernel.org>
-Acked-by: Daniel Borkmann <daniel@iogearbox.net>
-Signed-off-by: David S. Miller <davem@davemloft.net>
+Tested-by: Stefan Priebe - Profihost AG <s.priebe@profihost.ag>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
---
- kernel/bpf/verifier.c | 1 -
- 1 file changed, 1 deletion(-)
+ fs/xfs/xfs_aops.c | 4 +++-
+ fs/xfs/xfs_super.c | 2 ++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
-diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
-index 618ef77..db2574e 100644
---- a/kernel/bpf/verifier.c
-+++ b/kernel/bpf/verifier.c
-@@ -2030,7 +2030,6 @@ static int replace_map_fd_with_map_ptr(struct verifier_env *env)
- if (IS_ERR(map)) {
- verbose("fd %d is not pointing to valid bpf_map\n",
- insn->imm);
-- fdput(f);
- return PTR_ERR(map);
- }
+diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c
+index 9cceb90e77c5..73c291aeae17 100644
+--- a/fs/xfs/xfs_aops.c
++++ b/fs/xfs/xfs_aops.c
+@@ -700,6 +700,7 @@ xfs_alloc_ioend(
+ bio->bi_iter.bi_sector = sector;
+ bio->bi_opf = REQ_OP_WRITE | wbc_to_write_flags(wbc);
+ bio->bi_write_hint = inode->i_write_hint;
++ wbc_init_bio(wbc, bio);
+
+ ioend = container_of(bio, struct xfs_ioend, io_inline_bio);
+ INIT_LIST_HEAD(&ioend->io_list);
+@@ -727,7 +728,7 @@ xfs_chain_bio(
+ struct bio *new;
+
+ new = bio_alloc(GFP_NOFS, BIO_MAX_PAGES);
+- bio_copy_dev(new, prev);
++ bio_copy_dev(new, prev);/* also copies over blkcg information */
+ new->bi_iter.bi_sector = bio_end_sector(prev);
+ new->bi_opf = prev->bi_opf;
+ new->bi_write_hint = prev->bi_write_hint;
+@@ -782,6 +783,7 @@ xfs_add_to_ioend(
+ }
+
+ wpc->ioend->io_size += len;
++ wbc_account_io(wbc, page, len);
+ }
+
+ STATIC void
+diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c
+index 594c119824cc..ee0df8f611ff 100644
+--- a/fs/xfs/xfs_super.c
++++ b/fs/xfs/xfs_super.c
+@@ -1685,6 +1685,8 @@ xfs_fs_fill_super(
+ sb->s_maxbytes = xfs_max_file_offset(sb->s_blocksize_bits);
+ sb->s_max_links = XFS_MAXLINK;
+ sb->s_time_gran = 1;
++ sb->s_iflags |= SB_I_CGROUPWB;
++
+ set_posix_acl_flag(sb);
+ /* version 5 superblocks support inode version counters. */
--
-cgit v0.12
+2.20.1
projects / packages / kernel.git / blobdiff