diff --git a/0001-Revert-selinux-consider-filesystem-subtype-in-polici.patch b/0001-Revert-selinux-consider-filesystem-subtype-in-polici.patch new file mode 100644 index 0000000..155bddc --- /dev/null +++ b/0001-Revert-selinux-consider-filesystem-subtype-in-polici.patch @@ -0,0 +1,184 @@ +Bugzilla: 1033965 +Upstream-status: 3.13 possible, or alternate fix + +From df777e7aa8e3dd330bde63238595266ce1ee2d42 Mon Sep 17 00:00:00 2001 +From: Josh Boyer +Date: Tue, 10 Dec 2013 15:06:49 -0500 +Subject: [PATCH] Revert "selinux: consider filesystem subtype in policies" + +This reverts commit 102aefdda4d8275ce7d7100bc16c88c74272b260. +--- + security/selinux/hooks.c | 40 ++++++++++++++++++---------------------- + security/selinux/ss/services.c | 42 ++++-------------------------------------- + 2 files changed, 22 insertions(+), 60 deletions(-) + +diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c +index 794c3ca..98b1caa 100644 +--- a/security/selinux/hooks.c ++++ b/security/selinux/hooks.c +@@ -95,10 +95,6 @@ + #include "audit.h" + #include "avc_ss.h" + +-#define SB_TYPE_FMT "%s%s%s" +-#define SB_SUBTYPE(sb) (sb->s_subtype && sb->s_subtype[0]) +-#define SB_TYPE_ARGS(sb) sb->s_type->name, SB_SUBTYPE(sb) ? "." : "", SB_SUBTYPE(sb) ? sb->s_subtype : "" +- + extern struct security_operations *security_ops; + + /* SECMARK reference count */ +@@ -413,8 +409,8 @@ static int sb_finish_set_opts(struct super_block *sb) + the first boot of the SELinux kernel before we have + assigned xattr values to the filesystem. */ + if (!root_inode->i_op->getxattr) { +- printk(KERN_WARNING "SELinux: (dev %s, type "SB_TYPE_FMT") has no " +- "xattr support\n", sb->s_id, SB_TYPE_ARGS(sb)); ++ printk(KERN_WARNING "SELinux: (dev %s, type %s) has no " ++ "xattr support\n", sb->s_id, sb->s_type->name); + rc = -EOPNOTSUPP; + goto out; + } +@@ -422,22 +418,22 @@ static int sb_finish_set_opts(struct super_block *sb) + if (rc < 0 && rc != -ENODATA) { + if (rc == -EOPNOTSUPP) + printk(KERN_WARNING "SELinux: (dev %s, type " +- SB_TYPE_FMT") has no security xattr handler\n", +- sb->s_id, SB_TYPE_ARGS(sb)); ++ "%s) has no security xattr handler\n", ++ sb->s_id, sb->s_type->name); + else + printk(KERN_WARNING "SELinux: (dev %s, type " +- SB_TYPE_FMT") getxattr errno %d\n", sb->s_id, +- SB_TYPE_ARGS(sb), -rc); ++ "%s) getxattr errno %d\n", sb->s_id, ++ sb->s_type->name, -rc); + goto out; + } + } + + if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) +- printk(KERN_ERR "SELinux: initialized (dev %s, type "SB_TYPE_FMT"), unknown behavior\n", +- sb->s_id, SB_TYPE_ARGS(sb)); ++ printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n", ++ sb->s_id, sb->s_type->name); + else +- printk(KERN_DEBUG "SELinux: initialized (dev %s, type "SB_TYPE_FMT"), %s\n", +- sb->s_id, SB_TYPE_ARGS(sb), ++ printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n", ++ sb->s_id, sb->s_type->name, + labeling_behaviors[sbsec->behavior-1]); + + sbsec->flags |= SE_SBINITIALIZED; +@@ -600,6 +596,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, + const struct cred *cred = current_cred(); + int rc = 0, i; + struct superblock_security_struct *sbsec = sb->s_security; ++ const char *name = sb->s_type->name; + struct inode *inode = sbsec->sb->s_root->d_inode; + struct inode_security_struct *root_isec = inode->i_security; + u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; +@@ -658,8 +655,8 @@ static int selinux_set_mnt_opts(struct super_block *sb, + strlen(mount_options[i]), &sid); + if (rc) { + printk(KERN_WARNING "SELinux: security_context_to_sid" +- "(%s) failed for (dev %s, type "SB_TYPE_FMT") errno=%d\n", +- mount_options[i], sb->s_id, SB_TYPE_ARGS(sb), rc); ++ "(%s) failed for (dev %s, type %s) errno=%d\n", ++ mount_options[i], sb->s_id, name, rc); + goto out; + } + switch (flags[i]) { +@@ -806,8 +803,7 @@ out: + out_double_mount: + rc = -EINVAL; + printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different " +- "security settings for (dev %s, type "SB_TYPE_FMT")\n", sb->s_id, +- SB_TYPE_ARGS(sb)); ++ "security settings for (dev %s, type %s)\n", sb->s_id, name); + goto out; + } + +@@ -2480,8 +2476,8 @@ static int selinux_sb_remount(struct super_block *sb, void *data) + rc = security_context_to_sid(mount_options[i], len, &sid); + if (rc) { + printk(KERN_WARNING "SELinux: security_context_to_sid" +- "(%s) failed for (dev %s, type "SB_TYPE_FMT") errno=%d\n", +- mount_options[i], sb->s_id, SB_TYPE_ARGS(sb), rc); ++ "(%s) failed for (dev %s, type %s) errno=%d\n", ++ mount_options[i], sb->s_id, sb->s_type->name, rc); + goto out_free_opts; + } + rc = -EINVAL; +@@ -2519,8 +2515,8 @@ out_free_secdata: + return rc; + out_bad_option: + printk(KERN_WARNING "SELinux: unable to change security options " +- "during remount (dev %s, type "SB_TYPE_FMT")\n", sb->s_id, +- SB_TYPE_ARGS(sb)); ++ "during remount (dev %s, type=%s)\n", sb->s_id, ++ sb->s_type->name); + goto out_free_opts; + } + +diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c +index ee470a0..d106733 100644 +--- a/security/selinux/ss/services.c ++++ b/security/selinux/ss/services.c +@@ -2334,50 +2334,16 @@ int security_fs_use(struct super_block *sb) + struct ocontext *c; + struct superblock_security_struct *sbsec = sb->s_security; + const char *fstype = sb->s_type->name; +- const char *subtype = (sb->s_subtype && sb->s_subtype[0]) ? sb->s_subtype : NULL; +- struct ocontext *base = NULL; + + read_lock(&policy_rwlock); + +- for (c = policydb.ocontexts[OCON_FSUSE]; c; c = c->next) { +- char *sub; +- int baselen; +- +- baselen = strlen(fstype); +- +- /* if base does not match, this is not the one */ +- if (strncmp(fstype, c->u.name, baselen)) +- continue; +- +- /* if there is no subtype, this is the one! */ +- if (!subtype) +- break; +- +- /* skip past the base in this entry */ +- sub = c->u.name + baselen; +- +- /* entry is only a base. save it. keep looking for subtype */ +- if (sub[0] == '\0') { +- base = c; +- continue; +- } +- +- /* entry is not followed by a subtype, so it is not a match */ +- if (sub[0] != '.') +- continue; +- +- /* whew, we found a subtype of this fstype */ +- sub++; /* move past '.' */ +- +- /* exact match of fstype AND subtype */ +- if (!strcmp(subtype, sub)) ++ c = policydb.ocontexts[OCON_FSUSE]; ++ while (c) { ++ if (strcmp(fstype, c->u.name) == 0) + break; ++ c = c->next; + } + +- /* in case we had found an fstype match but no subtype match */ +- if (!c) +- c = base; +- + if (c) { + sbsec->behavior = c->v.behavior; + if (!c->sid[0]) { +-- +1.8.3.1 + diff --git a/0001-drm-radeon-dpm-Fix-hwmon-crash.patch b/0001-drm-radeon-dpm-Fix-hwmon-crash.patch new file mode 100644 index 0000000..3efe9b2 --- /dev/null +++ b/0001-drm-radeon-dpm-Fix-hwmon-crash.patch @@ -0,0 +1,44 @@ +Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=72457 +Upstream-status: should hit 3.13 + +From 2cbe7f259737e994d5a63c06a104027214e27978 Mon Sep 17 00:00:00 2001 +From: Martin Andersson +Date: Sat, 7 Dec 2013 23:22:10 +0100 +Subject: [PATCH] drm/radeon/dpm: Fix hwmon crash + +Commit ec39f64bba3421c2060fcbd1aeb6eec81fe0a42d (drm/radeon/dpm: Convert +to use devm_hwmon_register_with_groups) converted one usage of +dev_get_drvdata, but there were two more. + +Signed-off-by: Martin Andersson +--- + drivers/gpu/drm/radeon/radeon_pm.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/drivers/gpu/drm/radeon/radeon_pm.c b/drivers/gpu/drm/radeon/radeon_pm.c +index dc75bb6..984097b 100644 +--- a/drivers/gpu/drm/radeon/radeon_pm.c ++++ b/drivers/gpu/drm/radeon/radeon_pm.c +@@ -552,8 +552,7 @@ static ssize_t radeon_hwmon_show_temp_thresh(struct device *dev, + struct device_attribute *attr, + char *buf) + { +- struct drm_device *ddev = dev_get_drvdata(dev); +- struct radeon_device *rdev = ddev->dev_private; ++ struct radeon_device *rdev = dev_get_drvdata(dev); + int hyst = to_sensor_dev_attr(attr)->index; + int temp; + +@@ -580,8 +579,7 @@ static umode_t hwmon_attributes_visible(struct kobject *kobj, + struct attribute *attr, int index) + { + struct device *dev = container_of(kobj, struct device, kobj); +- struct drm_device *ddev = dev_get_drvdata(dev); +- struct radeon_device *rdev = ddev->dev_private; ++ struct radeon_device *rdev = dev_get_drvdata(dev); + + /* Skip limit attributes if DPM is not enabled */ + if (rdev->pm.pm_method != PM_METHOD_DPM && +-- +1.8.4.2 + diff --git a/kernel.spec b/kernel.spec index 5181e8f..9ffaa71 100644 --- a/kernel.spec +++ b/kernel.spec @@ -62,7 +62,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 1 +%global baserelease 2 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -706,6 +706,11 @@ Patch25129: cpupower-Fix-segfault-due-to-incorrect-getopt_long-a.patch #CVE-2013-6382 rhbz 1033603 1034670 Patch25157: xfs-underflow-bug-in-xfs_attrlist_by_handle.patch +#rhbz 1033965 +Patch25169: 0001-Revert-selinux-consider-filesystem-subtype-in-polici.patch + +Patch25170: 0001-drm-radeon-dpm-Fix-hwmon-crash.patch + # END OF PATCH DEFINITIONS %endif @@ -1378,6 +1383,11 @@ ApplyPatch cpupower-Fix-segfault-due-to-incorrect-getopt_long-a.patch #CVE-2013-6382 rhbz 1033603 1034670 ApplyPatch xfs-underflow-bug-in-xfs_attrlist_by_handle.patch +#rhbz 1033965 +ApplyPatch 0001-Revert-selinux-consider-filesystem-subtype-in-polici.patch + +ApplyPatch 0001-drm-radeon-dpm-Fix-hwmon-crash.patch + # END OF PATCH APPLICATIONS %endif @@ -2190,6 +2200,10 @@ fi # ||----w | # || || %changelog +* Tue Dec 10 2013 Josh Boyer - 3.13.0-0.rc3.git1.2 +- Revert upstream selinux change causing sync hang (rhbz 1033965) +- Add patch to fix radeon from crashing + * Tue Dec 10 2013 Josh Boyer - 3.13.0-0.rc3.git1.1 - Linux v3.13-rc3-157-g17b2112 - Reenable debugging options.