diff --git a/kernel.spec b/kernel.spec index 1b9495b..c6e9648 100644 --- a/kernel.spec +++ b/kernel.spec @@ -74,7 +74,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 6 +%define stable_update 7 # Is it a -stable RC? %define stable_rc 0 # Set rpm version accordingly @@ -763,9 +763,6 @@ Patch25093: auditsc-audit_krule-mask-accesses-need-bounds-checking.patch #rhbz 1099857 Patch25095: team-fix-mtu-setting.patch -# CVE-2014-3940 rhbz 1104097 1105042 -Patch25096: mm-add-pte_present-check-on-existing-hugetlb_entry-callbacks.patch - # END OF PATCH DEFINITIONS %endif @@ -1472,9 +1469,6 @@ ApplyPatch auditsc-audit_krule-mask-accesses-need-bounds-checking.patch #rhbz 1099857 ApplyPatch team-fix-mtu-setting.patch -# CVE-2014-3940 rhbz 1104097 1105042 -ApplyPatch mm-add-pte_present-check-on-existing-hugetlb_entry-callbacks.patch - # END OF PATCH APPLICATIONS %endif @@ -2287,6 +2281,9 @@ fi # and build. %changelog +* Wed Jun 11 2014 Josh Boyer +- Linux v3.14.7 + * Sat Jun 07 2014 Justin M. Forbes - 3.14.6-100 - Linux v3.14.6 diff --git a/mm-add-pte_present-check-on-existing-hugetlb_entry-callbacks.patch b/mm-add-pte_present-check-on-existing-hugetlb_entry-callbacks.patch deleted file mode 100644 index 0227d27..0000000 --- a/mm-add-pte_present-check-on-existing-hugetlb_entry-callbacks.patch +++ /dev/null @@ -1,71 +0,0 @@ -Bugzilla: 1104097 1105042 -Upstream-status: Queued in linux-next, CC'd to stable - -From ecc894926ef62080c2a4c4286eccce9d2f30f05a Mon Sep 17 00:00:00 2001 -From: Naoya Horiguchi -Date: Fri, 6 Jun 2014 10:00:01 -0400 -Subject: [PATCH] mm: add !pte_present() check on existing hugetlb_entry - callbacks - -Page table walker doesn't check non-present hugetlb entry in common path, -so hugetlb_entry() callbacks must check it. The reason for this behavior -is that some callers want to handle it in its own way. - -However, some callers don't check it now, which causes unpredictable -result, for example when we have a race between migrating hugepage and -reading /proc/pid/numa_maps. This patch fixes it by adding !pte_present -checks on buggy callbacks. - -This bug exists for years and got visible by introducing hugepage migration. - -ChangeLog v2: -- fix if condition (check !pte_present() instead of pte_present()) - -Reported-by: Sasha Levin -Signed-off-by: Naoya Horiguchi -Cc: Rik van Riel -Cc: [3.12+] -Signed-off-by: Andrew Morton - -[ Backported to 3.15. Signed-off-by: Josh Boyer ] ---- - fs/proc/task_mmu.c | 3 +++ - mm/mempolicy.c | 6 +++++- - 2 files changed, 8 insertions(+), 1 deletion(-) - -diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index 442177b1119a..89620cdb57c9 100644 ---- a/fs/proc/task_mmu.c -+++ b/fs/proc/task_mmu.c -@@ -1354,6 +1354,9 @@ static int gather_hugetbl_stats(pte_t *pte, unsigned long hmask, - if (pte_none(*pte)) - return 0; - -+ if (!pte_present(*pte)) -+ return 0; -+ - page = pte_page(*pte); - if (!page) - return 0; -diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 78e1472933ea..30cc47f8ffa0 100644 ---- a/mm/mempolicy.c -+++ b/mm/mempolicy.c -@@ -526,9 +526,13 @@ static void queue_pages_hugetlb_pmd_range(struct vm_area_struct *vma, - int nid; - struct page *page; - spinlock_t *ptl; -+ pte_t entry; - - ptl = huge_pte_lock(hstate_vma(vma), vma->vm_mm, (pte_t *)pmd); -- page = pte_page(huge_ptep_get((pte_t *)pmd)); -+ entry = huge_ptep_get((pte_t *)pmd); -+ if (!pte_present(entry)) -+ goto unlock; -+ page = pte_page(entry); - nid = page_to_nid(page); - if (node_isset(nid, *nodes) == !!(flags & MPOL_MF_INVERT)) - goto unlock; --- -1.9.3 - diff --git a/sources b/sources index 3c85757..862f295 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz -068b814830b45c232340db534bc06e04 patch-3.14.6.xz +3088ac6bc93231bad74bd2ef476b936f patch-3.14.7.xz