diff --git a/blk-mq-Fix-uninitialized-kobject-at-CPU-hotplugging.patch b/blk-mq-Fix-uninitialized-kobject-at-CPU-hotplugging.patch deleted file mode 100644 index af3ba39..0000000 --- a/blk-mq-Fix-uninitialized-kobject-at-CPU-hotplugging.patch +++ /dev/null @@ -1,79 +0,0 @@ -From: Takashi Iwai -Date: Wed, 10 Dec 2014 16:38:30 +0100 -Subject: [PATCH] blk-mq: Fix uninitialized kobject at CPU hotplugging - -When a CPU is hotplugged, the current blk-mq spews a warning like: - - kobject '(null)' (ffffe8ffffc8b5d8): tried to add an uninitialized object, something is seriously wrong. - CPU: 1 PID: 1386 Comm: systemd-udevd Not tainted 3.18.0-rc7-2.g088d59b-default #1 - Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_171129-lamiak 04/01/2014 - 0000000000000000 0000000000000002 ffffffff81605f07 ffffe8ffffc8b5d8 - ffffffff8132c7a0 ffff88023341d370 0000000000000020 ffff8800bb05bd58 - ffff8800bb05bd08 000000000000a0a0 000000003f441940 0000000000000007 - Call Trace: - [] dump_trace+0x86/0x330 - [] show_stack_log_lvl+0x94/0x170 - [] show_stack+0x21/0x50 - [] dump_stack+0x41/0x51 - [] kobject_add+0xa0/0xb0 - [] blk_mq_register_hctx+0x91/0xb0 - [] blk_mq_sysfs_register+0x3e/0x60 - [] blk_mq_queue_reinit_notify+0xf8/0x190 - [] notifier_call_chain+0x4c/0x70 - [] cpu_notify+0x23/0x50 - [] _cpu_up+0x157/0x170 - [] cpu_up+0x89/0xb0 - [] cpu_subsys_online+0x35/0x80 - [] device_online+0x5d/0xa0 - [] online_store+0x75/0x80 - [] kernfs_fop_write+0xda/0x150 - [] vfs_write+0xb2/0x1f0 - [] SyS_write+0x42/0xb0 - [] system_call_fastpath+0x16/0x1b - [<00007f0132fb24e0>] 0x7f0132fb24e0 - -This is indeed because of an uninitialized kobject for blk_mq_ctx. -The blk_mq_ctx kobjects are initialized in blk_mq_sysfs_init(), but it -goes loop over hctx_for_each_ctx(), i.e. it initializes only for -online CPUs. Thus, when a CPU is hotplugged, the ctx for the newly -onlined CPU is registered without initialization. - -This patch fixes the issue by initializing the all ctx kobjects -belonging to each queue. - -Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=908794 -Cc: -Signed-off-by: Takashi Iwai -Signed-off-by: Jens Axboe ---- - block/blk-mq-sysfs.c | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c -index ed5217867555..e0fb3f4a628f 100644 ---- a/block/blk-mq-sysfs.c -+++ b/block/blk-mq-sysfs.c -@@ -390,16 +390,15 @@ static void blk_mq_sysfs_init(struct request_queue *q) - { - struct blk_mq_hw_ctx *hctx; - struct blk_mq_ctx *ctx; -- int i, j; -+ int i; - - kobject_init(&q->mq_kobj, &blk_mq_ktype); - -- queue_for_each_hw_ctx(q, hctx, i) { -+ queue_for_each_hw_ctx(q, hctx, i) - kobject_init(&hctx->kobj, &blk_mq_hw_ktype); - -- hctx_for_each_ctx(hctx, ctx, j) -- kobject_init(&ctx->kobj, &blk_mq_ctx_ktype); -- } -+ queue_for_each_ctx(q, ctx, i) -+ kobject_init(&ctx->kobj, &blk_mq_ctx_ktype); - } - - int blk_mq_register_disk(struct gendisk *disk) --- -2.1.0 - diff --git a/kernel-arm64.patch b/kernel-arm64.patch index 4a125b9..5be6cb9 100644 --- a/kernel-arm64.patch +++ b/kernel-arm64.patch @@ -4539,6 +4539,7 @@ index 2437196..914287d 100644 request_standard_resources(); efi_idmap_init(); + early_ioremap_reset(); - unflatten_device_tree(); - diff --git a/kernel.spec b/kernel.spec index c64a858..9e15f7f 100644 --- a/kernel.spec +++ b/kernel.spec @@ -54,7 +54,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 2 +%define stable_update 3 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -620,9 +620,6 @@ Patch26096: cfg80211-don-t-WARN-about-two-consecutive-Country-IE.patch #rhbz 1173806 Patch26101: powerpc-powernv-force-all-CPUs-to-be-bootable.patch -#rhbz 1175261 -Patch26103: blk-mq-Fix-uninitialized-kobject-at-CPU-hotplugging.patch - Patch26107: uapi-linux-target_core_user.h-fix-headers_install.sh.patch #rhbz 1163927 @@ -634,9 +631,6 @@ Patch26122: batman-adv-Calculate-extra-tail-size-based-on-queued.patch #CVE-2014-9529 rhbz 1179813 1179853 Patch26124: KEYS-close-race-between-key-lookup-and-freeing.patch -#rhbz 1178975 -Patch26125: x86-vdso-Use-asm-volatile-in-__getcpu.patch - #rhbz 1124119 Patch26126: uas-Do-not-blacklist-ASM1153-disk-enclosures.patch Patch26127: uas-Add-US_FL_NO_ATA_1X-for-2-more-Seagate-disk-encl.patch @@ -649,9 +643,6 @@ Patch26130: acpi-video-Add-disable_native_backlight-quirk-for-De.patch #rhbz 1094948 Patch26131: acpi-video-Add-disable_native_backlight-quirk-for-Sa.patch -#CVE-2014-9585 rhbz 1181054 1181056 -Patch26132: x86_64-vdso-Fix-the-vdso-address-randomization-algor.patch - # git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel Patch30000: kernel-arm64.patch @@ -1386,9 +1377,6 @@ ApplyPatch cfg80211-don-t-WARN-about-two-consecutive-Country-IE.patch #rhbz 1173806 ApplyPatch powerpc-powernv-force-all-CPUs-to-be-bootable.patch -#rhbz 1175261 -ApplyPatch blk-mq-Fix-uninitialized-kobject-at-CPU-hotplugging.patch - ApplyPatch uapi-linux-target_core_user.h-fix-headers_install.sh.patch #rhbz 1163927 @@ -1400,9 +1388,6 @@ ApplyPatch batman-adv-Calculate-extra-tail-size-based-on-queued.patch #CVE-2014-9529 rhbz 1179813 1179853 ApplyPatch KEYS-close-race-between-key-lookup-and-freeing.patch -#rhbz 1178975 -ApplyPatch x86-vdso-Use-asm-volatile-in-__getcpu.patch - #rhbz 1124119 ApplyPatch uas-Do-not-blacklist-ASM1153-disk-enclosures.patch ApplyPatch uas-Add-US_FL_NO_ATA_1X-for-2-more-Seagate-disk-encl.patch @@ -1415,9 +1400,6 @@ ApplyPatch acpi-video-Add-disable_native_backlight-quirk-for-De.patch #rhbz 1094948 ApplyPatch acpi-video-Add-disable_native_backlight-quirk-for-Sa.patch -#CVE-2014-9585 rhbz 1181054 1181056 -ApplyPatch x86_64-vdso-Fix-the-vdso-address-randomization-algor.patch - # Fix for big-endian arches, already upstream ApplyPatch mpssd-x86-only.patch @@ -2290,6 +2272,9 @@ fi # |_| |_____|_| (__)\ )\/\ # ||----w | # || || +* Fri Jan 16 2015 Justin M. Forbes - 3.18.3-200 +- Linux v3.18.3 + %changelog * Thu Jan 15 2015 Justin M. Forbes - Build fixes for big-endian arches diff --git a/sources b/sources index 527ed34..bd8da57 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ 9e854df51ca3fef8bfe566dbd7b89241 linux-3.18.tar.xz 813ccb96f0b379d656e57442c2587ca3 perf-man-3.18.tar.gz -f99d6d8f844a3fe1ab7f59dd85aaa050 patch-3.18.2.xz +0d4f5406f6fbe34a53e1c5e1d2037e8b patch-3.18.3.xz diff --git a/x86-vdso-Use-asm-volatile-in-__getcpu.patch b/x86-vdso-Use-asm-volatile-in-__getcpu.patch deleted file mode 100644 index 033b423..0000000 --- a/x86-vdso-Use-asm-volatile-in-__getcpu.patch +++ /dev/null @@ -1,53 +0,0 @@ -From: Andy Lutomirski -Date: Sun, 21 Dec 2014 08:57:46 -0800 -Subject: [PATCH] x86, vdso: Use asm volatile in __getcpu - -In Linux 3.18 and below, GCC hoists the lsl instructions in the -pvclock code all the way to the beginning of __vdso_clock_gettime, -slowing the non-paravirt case significantly. For unknown reasons, -presumably related to the removal of a branch, the performance issue -is gone as of - -e76b027e6408 x86,vdso: Use LSL unconditionally for vgetcpu - -but I don't trust GCC enough to expect the problem to stay fixed. - -There should be no correctness issue, because the __getcpu calls in -__vdso_vlock_gettime were never necessary in the first place. - -Note to stable maintainers: In 3.18 and below, depending on -configuration, gcc 4.9.2 generates code like this: - - 9c3: 44 0f 03 e8 lsl %ax,%r13d - 9c7: 45 89 eb mov %r13d,%r11d - 9ca: 0f 03 d8 lsl %ax,%ebx - -This patch won't apply as is to any released kernel, but I'll send a -trivial backported version if needed. - -Fixes: 51c19b4f5927 x86: vdso: pvclock gettime support -Cc: stable@vger.kernel.org # 3.8+ -Cc: Marcelo Tosatti -Acked-by: Paolo Bonzini -Signed-off-by: Andy Lutomirski -(Backported to 3.17.8 by Josh Boyer ) ---- - arch/x86/include/asm/vsyscall.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/arch/x86/include/asm/vsyscall.h b/arch/x86/include/asm/vsyscall.h -index 2a46ca720afc..3db1fa5fdceb 100644 ---- a/arch/x86/include/asm/vsyscall.h -+++ b/arch/x86/include/asm/vsyscall.h -@@ -34,7 +34,7 @@ static inline unsigned int __getcpu(void) - native_read_tscp(&p); - } else { - /* Load per CPU data from GDT */ -- asm("lsl %1,%0" : "=r" (p) : "r" (__PER_CPU_SEG)); -+ asm volatile("lsl %1,%0" : "=r" (p) : "r" (__PER_CPU_SEG)); - } - - return p; --- -2.1.0 - diff --git a/x86_64-vdso-Fix-the-vdso-address-randomization-algor.patch b/x86_64-vdso-Fix-the-vdso-address-randomization-algor.patch deleted file mode 100644 index 8d7f5f1..0000000 --- a/x86_64-vdso-Fix-the-vdso-address-randomization-algor.patch +++ /dev/null @@ -1,128 +0,0 @@ -From: Andy Lutomirski -Date: Fri, 19 Dec 2014 16:04:11 -0800 -Subject: [PATCH] x86_64, vdso: Fix the vdso address randomization algorithm - -The theory behind vdso randomization is that it's mapped at a random -offset above the top of the stack. To avoid wasting a page of -memory for an extra page table, the vdso isn't supposed to extend -past the lowest PMD into which it can fit. Other than that, the -address should be a uniformly distributed address that meets all of -the alignment requirements. - -The current algorithm is buggy: the vdso has about a 50% probability -of being at the very end of a PMD. The current algorithm also has a -decent chance of failing outright due to incorrect handling of the -case where the top of the stack is near the top of its PMD. - -This fixes the implementation. The paxtest estimate of vdso -"randomisation" improves from 11 bits to 18 bits. (Disclaimer: I -don't know what the paxtest code is actually calculating.) - -It's worth noting that this algorithm is inherently biased: the vdso -is more likely to end up near the end of its PMD than near the -beginning. Ideally we would either nix the PMD sharing requirement -or jointly randomize the vdso and the stack to reduce the bias. - -In the mean time, this is a considerable improvement with basically -no risk of compatibility issues, since the allowed outputs of the -algorithm are unchanged. - -As an easy test, doing this: - -for i in `seq 10000` - do grep -P vdso /proc/self/maps |cut -d- -f1 -done |sort |uniq -d - -used to produce lots of output (1445 lines on my most recent run). -A tiny subset looks like this: - -7fffdfffe000 -7fffe01fe000 -7fffe05fe000 -7fffe07fe000 -7fffe09fe000 -7fffe0bfe000 -7fffe0dfe000 - -Note the suspicious fe000 endings. With the fix, I get a much more -palatable 76 repeated addresses. - -Reviewed-by: Kees Cook -Cc: stable@vger.kernel.org -Signed-off-by: Andy Lutomirski ---- - arch/x86/vdso/vma.c | 45 +++++++++++++++++++++++++++++---------------- - 1 file changed, 29 insertions(+), 16 deletions(-) - -diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c -index 970463b566cf..208c2206df46 100644 ---- a/arch/x86/vdso/vma.c -+++ b/arch/x86/vdso/vma.c -@@ -54,12 +54,17 @@ subsys_initcall(init_vdso); - - struct linux_binprm; - --/* Put the vdso above the (randomized) stack with another randomized offset. -- This way there is no hole in the middle of address space. -- To save memory make sure it is still in the same PTE as the stack top. -- This doesn't give that many random bits. -- -- Only used for the 64-bit and x32 vdsos. */ -+/* -+ * Put the vdso above the (randomized) stack with another randomized -+ * offset. This way there is no hole in the middle of address space. -+ * To save memory make sure it is still in the same PTE as the stack -+ * top. This doesn't give that many random bits. -+ * -+ * Note that this algorithm is imperfect: the distribution of the vdso -+ * start address within a PMD is biased toward the end. -+ * -+ * Only used for the 64-bit and x32 vdsos. -+ */ - static unsigned long vdso_addr(unsigned long start, unsigned len) - { - #ifdef CONFIG_X86_32 -@@ -67,22 +72,30 @@ static unsigned long vdso_addr(unsigned long start, unsigned len) - #else - unsigned long addr, end; - unsigned offset; -- end = (start + PMD_SIZE - 1) & PMD_MASK; -+ -+ /* -+ * Round up the start address. It can start out unaligned as a result -+ * of stack start randomization. -+ */ -+ start = PAGE_ALIGN(start); -+ -+ /* Round the lowest possible end address up to a PMD boundary. */ -+ end = (start + len + PMD_SIZE - 1) & PMD_MASK; - if (end >= TASK_SIZE_MAX) - end = TASK_SIZE_MAX; - end -= len; -- /* This loses some more bits than a modulo, but is cheaper */ -- offset = get_random_int() & (PTRS_PER_PTE - 1); -- addr = start + (offset << PAGE_SHIFT); -- if (addr >= end) -- addr = end; -+ -+ if (end > start) { -+ offset = get_random_int() % (((end - start) >> PAGE_SHIFT) + 1); -+ addr = start + (offset << PAGE_SHIFT); -+ } else { -+ addr = start; -+ } - - /* -- * page-align it here so that get_unmapped_area doesn't -- * align it wrongfully again to the next page. addr can come in 4K -- * unaligned here as a result of stack start randomization. -+ * Forcibly align the final address in case we have a hardware -+ * issue that requires alignment for performance reasons. - */ -- addr = PAGE_ALIGN(addr); - addr = align_vdso_addr(addr); - - return addr; --- -2.1.0 -