diff options
Diffstat (limited to 'target/linux/generic/patches-4.4')
5 files changed, 96 insertions, 306 deletions
diff --git a/target/linux/generic/patches-4.4/097-mm-remove-gup_flags-FOLL_WRITE-games-from-__get_user.patch b/target/linux/generic/patches-4.4/097-mm-remove-gup_flags-FOLL_WRITE-games-from-__get_user.patch new file mode 100644 index 0000000000..101dbf29ac --- /dev/null +++ b/target/linux/generic/patches-4.4/097-mm-remove-gup_flags-FOLL_WRITE-games-from-__get_user.patch @@ -0,0 +1,96 @@ +From 1294d355881cc5c3421d24fee512f16974addb6c Mon Sep 17 00:00:00 2001 +From: Linus Torvalds <torvalds@linux-foundation.org> +Date: Thu, 13 Oct 2016 13:07:36 -0700 +Subject: mm: remove gup_flags FOLL_WRITE games from __get_user_pages() + +commit 19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619 upstream. + +This is an ancient bug that was actually attempted to be fixed once +(badly) by me eleven years ago in commit 4ceb5db9757a ("Fix +get_user_pages() race for write access") but that was then undone due to +problems on s390 by commit f33ea7f404e5 ("fix get_user_pages bug"). + +In the meantime, the s390 situation has long been fixed, and we can now +fix it by checking the pte_dirty() bit properly (and do it better). The +s390 dirty bit was implemented in abf09bed3cce ("s390/mm: implement +software dirty bits") which made it into v3.9. Earlier kernels will +have to look at the page state itself. + +Also, the VM has become more scalable, and what used a purely +theoretical race back then has become easier to trigger. + +To fix it, we introduce a new internal FOLL_COW flag to mark the "yes, +we already did a COW" rather than play racy games with FOLL_WRITE that +is very fundamental, and then use the pte dirty flag to validate that +the FOLL_COW flag is still valid. + +Reported-and-tested-by: Phil "not Paul" Oester <kernel@linuxace.com> +Acked-by: Hugh Dickins <hughd@google.com> +Reviewed-by: Michal Hocko <mhocko@suse.com> +Cc: Andy Lutomirski <luto@kernel.org> +Cc: Kees Cook <keescook@chromium.org> +Cc: Oleg Nesterov <oleg@redhat.com> +Cc: Willy Tarreau <w@1wt.eu> +Cc: Nick Piggin <npiggin@gmail.com> +Cc: Greg Thelen <gthelen@google.com> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + include/linux/mm.h | 1 + + mm/gup.c | 14 ++++++++++++-- + 2 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/include/linux/mm.h b/include/linux/mm.h +index cfebb74..f0ffa01 100644 +--- a/include/linux/mm.h ++++ b/include/linux/mm.h +@@ -2112,6 +2112,7 @@ static inline struct page *follow_page(struct vm_area_struct *vma, + #define FOLL_MIGRATION 0x400 /* wait for page to replace migration entry */ + #define FOLL_TRIED 0x800 /* a retry, previous pass started an IO */ + #define FOLL_MLOCK 0x1000 /* lock present pages */ ++#define FOLL_COW 0x4000 /* internal GUP flag */ + + typedef int (*pte_fn_t)(pte_t *pte, pgtable_t token, unsigned long addr, + void *data); +diff --git a/mm/gup.c b/mm/gup.c +index deafa2c..4b0b7e7 100644 +--- a/mm/gup.c ++++ b/mm/gup.c +@@ -58,6 +58,16 @@ static int follow_pfn_pte(struct vm_area_struct *vma, unsigned long address, + return -EEXIST; + } + ++/* ++ * FOLL_FORCE can write to even unwritable pte's, but only ++ * after we've gone through a COW cycle and they are dirty. ++ */ ++static inline bool can_follow_write_pte(pte_t pte, unsigned int flags) ++{ ++ return pte_write(pte) || ++ ((flags & FOLL_FORCE) && (flags & FOLL_COW) && pte_dirty(pte)); ++} ++ + static struct page *follow_page_pte(struct vm_area_struct *vma, + unsigned long address, pmd_t *pmd, unsigned int flags) + { +@@ -92,7 +102,7 @@ retry: + } + if ((flags & FOLL_NUMA) && pte_protnone(pte)) + goto no_page; +- if ((flags & FOLL_WRITE) && !pte_write(pte)) { ++ if ((flags & FOLL_WRITE) && !can_follow_write_pte(pte, flags)) { + pte_unmap_unlock(ptep, ptl); + return NULL; + } +@@ -352,7 +362,7 @@ static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma, + * reCOWed by userspace write). + */ + if ((ret & VM_FAULT_WRITE) && !(vma->vm_flags & VM_WRITE)) +- *flags &= ~FOLL_WRITE; ++ *flags |= FOLL_COW; + return 0; + } + +-- +cgit v0.12 + diff --git a/target/linux/generic/patches-4.4/520-squashfs_update_xz_comp_opts.patch b/target/linux/generic/patches-4.4/520-squashfs_update_xz_comp_opts.patch deleted file mode 100644 index ad11b30281..0000000000 --- a/target/linux/generic/patches-4.4/520-squashfs_update_xz_comp_opts.patch +++ /dev/null @@ -1,25 +0,0 @@ -From f31b7c0efa255dd17a5f584022a319387f09b0d8 Mon Sep 17 00:00:00 2001 -From: Jonas Gorski <jonas.gorski@gmail.com> -Date: Tue, 12 Apr 2011 19:55:41 +0200 -Subject: [PATCH] squashfs: update xz compressor options struct. - -Update the xz compressor options struct to match the squashfs userspace -one. ---- - fs/squashfs/xz_wrapper.c | 4 +++- - 1 files changed, 3 insertions(+), 1 deletions(-) - ---- a/fs/squashfs/xz_wrapper.c -+++ b/fs/squashfs/xz_wrapper.c -@@ -40,8 +40,10 @@ struct squashfs_xz { - }; - - struct disk_comp_opts { -- __le32 dictionary_size; - __le32 flags; -+ __le16 bit_opts; -+ __le16 fb; -+ __le32 dictionary_size; - }; - - struct comp_opts { diff --git a/target/linux/generic/patches-4.4/615-netfilter_add_xt_id_match.patch b/target/linux/generic/patches-4.4/615-netfilter_add_xt_id_match.patch deleted file mode 100644 index 8ee29a791b..0000000000 --- a/target/linux/generic/patches-4.4/615-netfilter_add_xt_id_match.patch +++ /dev/null @@ -1,95 +0,0 @@ ---- a/include/uapi/linux/netfilter/Kbuild -+++ b/include/uapi/linux/netfilter/Kbuild -@@ -55,6 +55,7 @@ header-y += xt_ecn.h - header-y += xt_esp.h - header-y += xt_hashlimit.h - header-y += xt_helper.h -+header-y += xt_id.h - header-y += xt_ipcomp.h - header-y += xt_iprange.h - header-y += xt_ipvs.h ---- /dev/null -+++ b/include/uapi/linux/netfilter/xt_id.h -@@ -0,0 +1,8 @@ -+#ifndef _XT_ID_H -+#define _XT_ID_H -+ -+struct xt_id_info { -+ u32 id; -+}; -+ -+#endif /* XT_ID_H */ ---- a/net/netfilter/Kconfig -+++ b/net/netfilter/Kconfig -@@ -1180,6 +1180,13 @@ config NETFILTER_XT_MATCH_IPCOMP - - To compile it as a module, choose M here. If unsure, say N. - -+config NETFILTER_XT_MATCH_ID -+ tristate '"id" match support' -+ depends on NETFILTER_ADVANCED -+ ---help--- -+ This option adds a `id' dummy-match, which allows you to put -+ numeric IDs into your iptables ruleset. -+ - config NETFILTER_XT_MATCH_IPRANGE - tristate '"iprange" address range match support' - depends on NETFILTER_ADVANCED ---- a/net/netfilter/Makefile -+++ b/net/netfilter/Makefile -@@ -144,6 +144,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += - obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o - obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o - obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o -+obj-$(CONFIG_NETFILTER_XT_MATCH_ID) += xt_id.o - obj-$(CONFIG_NETFILTER_XT_MATCH_IPCOMP) += xt_ipcomp.o - obj-$(CONFIG_NETFILTER_XT_MATCH_IPRANGE) += xt_iprange.o - obj-$(CONFIG_NETFILTER_XT_MATCH_IPVS) += xt_ipvs.o ---- /dev/null -+++ b/net/netfilter/xt_id.c -@@ -0,0 +1,45 @@ -+/* -+ * Implements a dummy match to allow attaching IDs to rules -+ * -+ * 2014-08-01 Jo-Philipp Wich <jow@openwrt.org> -+ */ -+ -+#include <linux/module.h> -+#include <linux/skbuff.h> -+#include <linux/netfilter/x_tables.h> -+#include <linux/netfilter/xt_id.h> -+ -+MODULE_AUTHOR("Jo-Philipp Wich <jow@openwrt.org>"); -+MODULE_DESCRIPTION("Xtables: No-op match which can be tagged with a 32bit ID"); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS("ipt_id"); -+MODULE_ALIAS("ip6t_id"); -+ -+static bool -+id_mt(const struct sk_buff *skb, struct xt_action_param *par) -+{ -+ /* We always match */ -+ return true; -+} -+ -+static struct xt_match id_mt_reg __read_mostly = { -+ .name = "id", -+ .revision = 0, -+ .family = NFPROTO_UNSPEC, -+ .match = id_mt, -+ .matchsize = sizeof(struct xt_id_info), -+ .me = THIS_MODULE, -+}; -+ -+static int __init id_mt_init(void) -+{ -+ return xt_register_match(&id_mt_reg); -+} -+ -+static void __exit id_mt_exit(void) -+{ -+ xt_unregister_match(&id_mt_reg); -+} -+ -+module_init(id_mt_init); -+module_exit(id_mt_exit); diff --git a/target/linux/generic/patches-4.4/940-ocf_kbuild_integration.patch b/target/linux/generic/patches-4.4/940-ocf_kbuild_integration.patch deleted file mode 100644 index 8b0cc2b7b0..0000000000 --- a/target/linux/generic/patches-4.4/940-ocf_kbuild_integration.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- a/crypto/Kconfig -+++ b/crypto/Kconfig -@@ -1654,3 +1654,6 @@ source crypto/asymmetric_keys/Kconfig - source certs/Kconfig - - endif # if CRYPTO -+ -+source "crypto/ocf/Kconfig" -+ ---- a/crypto/Makefile -+++ b/crypto/Makefile -@@ -123,6 +123,8 @@ obj-$(CONFIG_CRYPTO_USER_API_SKCIPHER) + - obj-$(CONFIG_CRYPTO_USER_API_RNG) += algif_rng.o - obj-$(CONFIG_CRYPTO_USER_API_AEAD) += algif_aead.o - -+obj-$(CONFIG_OCF_OCF) += ocf/ -+ - # - # generic algorithms and the async_tx api - # diff --git a/target/linux/generic/patches-4.4/941-ocf_20120127.patch b/target/linux/generic/patches-4.4/941-ocf_20120127.patch deleted file mode 100644 index c1ec2752e8..0000000000 --- a/target/linux/generic/patches-4.4/941-ocf_20120127.patch +++ /dev/null @@ -1,166 +0,0 @@ ---- a/drivers/char/random.c -+++ b/drivers/char/random.c -@@ -139,6 +139,9 @@ - * that might otherwise be identical and have very little entropy - * available to them (particularly common in the embedded world). - * -+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+ * int random_input_wait(void); -+ * - * add_input_randomness() uses the input layer interrupt timing, as well as - * the event type information from the hardware. - * -@@ -152,6 +155,13 @@ - * seek times do not make for good sources of entropy, as their seek - * times are usually fairly consistent. - * -+ * random_input_words() just provides a raw block of entropy to the input -+ * pool, such as from a hardware entropy generator. -+ * -+ * random_input_wait() suspends the caller until such time as the -+ * entropy pool falls below the write threshold, and returns a count of how -+ * much entropy (in bits) is needed to sustain the pool. -+ * - * All of these routines try to estimate how many bits of randomness a - * particular randomness source. They do this by keeping track of the - * first and second order deltas of the event timings. -@@ -958,6 +968,63 @@ void add_disk_randomness(struct gendisk - EXPORT_SYMBOL_GPL(add_disk_randomness); - #endif - -+/* -+ * random_input_words - add bulk entropy to pool -+ * -+ * @buf: buffer to add -+ * @wordcount: number of __u32 words to add -+ * @ent_count: total amount of entropy (in bits) to credit -+ * -+ * this provides bulk input of entropy to the input pool -+ * -+ */ -+void random_input_words(__u32 *buf, size_t wordcount, int ent_count) -+{ -+ mix_pool_bytes(&input_pool, buf, wordcount*4); -+ -+ credit_entropy_bits(&input_pool, ent_count); -+ -+ pr_notice("crediting %d bits => %d\n", -+ ent_count, input_pool.entropy_count); -+ /* -+ * Wake up waiting processes if we have enough -+ * entropy. -+ */ -+ if (input_pool.entropy_count >= random_read_wakeup_bits) -+ wake_up_interruptible(&random_read_wait); -+} -+EXPORT_SYMBOL(random_input_words); -+ -+/* -+ * random_input_wait - wait until random needs entropy -+ * -+ * this function sleeps until the /dev/random subsystem actually -+ * needs more entropy, and then return the amount of entropy -+ * that it would be nice to have added to the system. -+ */ -+int random_input_wait(void) -+{ -+ int count; -+ -+ wait_event_interruptible(random_write_wait, -+ input_pool.entropy_count < random_write_wakeup_bits); -+ -+ count = random_write_wakeup_bits - input_pool.entropy_count; -+ -+ /* likely we got woken up due to a signal */ -+ if (count <= 0) count = random_read_wakeup_bits; -+ -+ pr_notice("requesting %d bits from input_wait()er %d<%d\n", -+ count, -+ input_pool.entropy_count, random_write_wakeup_bits); -+ -+ return count; -+} -+EXPORT_SYMBOL(random_input_wait); -+ -+ -+#define EXTRACT_SIZE 10 -+ - /********************************************************************* - * - * Entropy extraction routines ---- a/fs/fcntl.c -+++ b/fs/fcntl.c -@@ -140,6 +140,7 @@ pid_t f_getown(struct file *filp) - read_unlock(&filp->f_owner.lock); - return pid; - } -+EXPORT_SYMBOL(sys_dup); - - static int f_setown_ex(struct file *filp, unsigned long arg) - { ---- a/include/linux/miscdevice.h -+++ b/include/linux/miscdevice.h -@@ -19,6 +19,7 @@ - #define APOLLO_MOUSE_MINOR 7 /* unused */ - #define PC110PAD_MINOR 9 /* unused */ - /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ -+#define CRYPTODEV_MINOR 70 /* /dev/crypto */ - #define WATCHDOG_MINOR 130 /* Watchdog timer */ - #define TEMP_MINOR 131 /* Temperature Sensor */ - #define RTC_MINOR 135 ---- a/include/uapi/linux/random.h -+++ b/include/uapi/linux/random.h -@@ -34,6 +34,30 @@ - /* Clear the entropy pool and associated counters. (Superuser only.) */ - #define RNDCLEARPOOL _IO( 'R', 0x06 ) - -+#ifdef CONFIG_FIPS_RNG -+ -+/* Size of seed value - equal to AES blocksize */ -+#define AES_BLOCK_SIZE_BYTES 16 -+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES -+/* Size of AES key */ -+#define KEY_SIZE_BYTES 16 -+ -+/* ioctl() structure used by FIPS 140-2 Tests */ -+struct rand_fips_test { -+ unsigned char key[KEY_SIZE_BYTES]; /* Input */ -+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */ -+ unsigned char result[SEED_SIZE_BYTES]; /* Output */ -+}; -+ -+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */ -+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test) -+ -+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */ -+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test) -+ -+#endif /* #ifdef CONFIG_FIPS_RNG */ -+ - struct rand_pool_info { - int entropy_count; - int buf_size; ---- a/include/linux/random.h -+++ b/include/linux/random.h -@@ -22,6 +22,10 @@ extern void add_input_randomness(unsigne - unsigned int value); - extern void add_interrupt_randomness(int irq, int irq_flags); - -+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); -+extern int random_input_wait(void); -+#define HAS_RANDOM_INPUT_WAIT 1 -+ - extern void get_random_bytes(void *buf, int nbytes); - extern int add_random_ready_callback(struct random_ready_callback *rdy); - extern void del_random_ready_callback(struct random_ready_callback *rdy); ---- a/kernel/pid.c -+++ b/kernel/pid.c -@@ -431,6 +431,7 @@ void transfer_pid(struct task_struct *ol - new->pids[type].pid = old->pids[type].pid; - hlist_replace_rcu(&old->pids[type].node, &new->pids[type].node); - } -+EXPORT_SYMBOL(find_task_by_vpid); - - struct task_struct *pid_task(struct pid *pid, enum pid_type type) - { |