--- /dev/null
+From 99f3c90d0d85708e7401a81ce3314e50bf7f2819 Mon Sep 17 00:00:00 2001
+From: Mike Snitzer <snitzer@redhat.com>
+Date: Fri, 29 Jul 2016 13:19:55 -0400
+Subject: dm flakey: error READ bios during the down_interval
+
+From: Mike Snitzer <snitzer@redhat.com>
+
+commit 99f3c90d0d85708e7401a81ce3314e50bf7f2819 upstream.
+
+When the corrupt_bio_byte feature was introduced it caused READ bios to
+no longer be errored with -EIO during the down_interval. This had to do
+with the complexity of needing to submit READs if the corrupt_bio_byte
+feature was used.
+
+Fix it so READ bios are properly errored with -EIO; doing so early in
+flakey_map() as long as there isn't a match for the corrupt_bio_byte
+feature.
+
+Fixes: a3998799fb4df ("dm flakey: add corrupt_bio_byte feature")
+Reported-by: Akira Hayakawa <ruby.wktk@gmail.com>
+Signed-off-by: Mike Snitzer <snitzer@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/md/dm-flakey.c | 23 +++++++++++++++--------
+ 1 file changed, 15 insertions(+), 8 deletions(-)
+
+--- a/drivers/md/dm-flakey.c
++++ b/drivers/md/dm-flakey.c
+@@ -287,10 +287,16 @@ static int flakey_map(struct dm_target *
+ pb->bio_submitted = true;
+
+ /*
+- * Map reads as normal.
++ * Map reads as normal only if corrupt_bio_byte set.
+ */
+- if (bio_data_dir(bio) == READ)
+- goto map_bio;
++ if (bio_data_dir(bio) == READ) {
++ /* If flags were specified, only corrupt those that match. */
++ if (fc->corrupt_bio_byte && (fc->corrupt_bio_rw == READ) &&
++ all_corrupt_bio_flags_match(bio, fc))
++ goto map_bio;
++ else
++ return -EIO;
++ }
+
+ /*
+ * Drop writes?
+@@ -328,12 +334,13 @@ static int flakey_end_io(struct dm_targe
+
+ /*
+ * Corrupt successful READs while in down state.
+- * If flags were specified, only corrupt those that match.
+ */
+- if (fc->corrupt_bio_byte && !error && pb->bio_submitted &&
+- (bio_data_dir(bio) == READ) && (fc->corrupt_bio_rw == READ) &&
+- all_corrupt_bio_flags_match(bio, fc))
+- corrupt_bio_data(bio, fc);
++ if (!error && pb->bio_submitted && (bio_data_dir(bio) == READ)) {
++ if (fc->corrupt_bio_byte)
++ corrupt_bio_data(bio, fc);
++ else
++ return -EIO;
++ }
+
+ return error;
+ }
--- /dev/null
+From b8612e517c3c9809e1200b72c474dbfd969e5a83 Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Thu, 28 Apr 2016 09:24:05 +0930
+Subject: Documentation/module-signing.txt: Note need for version info if reusing a key
+
+From: Ben Hutchings <ben@decadent.org.uk>
+
+commit b8612e517c3c9809e1200b72c474dbfd969e5a83 upstream.
+
+Signing a module should only make it trusted by the specific kernel it
+was built for, not anything else. If a module signing key is used for
+multiple ABI-incompatible kernels, the modules need to include enough
+version information to distinguish them.
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ Documentation/module-signing.txt | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/Documentation/module-signing.txt
++++ b/Documentation/module-signing.txt
+@@ -238,3 +238,9 @@ Since the private key is used to sign mo
+ the private key to sign modules and compromise the operating system. The
+ private key must be either destroyed or moved to a secure location and not kept
+ in the root node of the kernel source tree.
++
++If you use the same private key to sign modules for multiple kernel
++configurations, you must ensure that the module version information is
++sufficient to prevent loading a module into a different kernel. Either
++set CONFIG_MODVERSIONS=y or ensure that each configuration has a different
++kernel release string by changing EXTRAVERSION or CONFIG_LOCALVERSION.
--- /dev/null
+From bca014caaa6130e57f69b5bf527967aa8ee70fdd Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Thu, 28 Apr 2016 09:24:01 +0930
+Subject: module: Invalidate signatures on force-loaded modules
+
+From: Ben Hutchings <ben@decadent.org.uk>
+
+commit bca014caaa6130e57f69b5bf527967aa8ee70fdd upstream.
+
+Signing a module should only make it trusted by the specific kernel it
+was built for, not anything else. Loading a signed module meant for a
+kernel with a different ABI could have interesting effects.
+Therefore, treat all signatures as invalid when a module is
+force-loaded.
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/module.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+--- a/kernel/module.c
++++ b/kernel/module.c
+@@ -2449,13 +2449,18 @@ static inline void kmemleak_load_module(
+ #endif
+
+ #ifdef CONFIG_MODULE_SIG
+-static int module_sig_check(struct load_info *info)
++static int module_sig_check(struct load_info *info, int flags)
+ {
+ int err = -ENOKEY;
+ const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
+ const void *mod = info->hdr;
+
+- if (info->len > markerlen &&
++ /*
++ * Require flags == 0, as a module with version information
++ * removed is no longer the module that was signed
++ */
++ if (flags == 0 &&
++ info->len > markerlen &&
+ memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
+ /* We truncate the module to discard the signature */
+ info->len -= markerlen;
+@@ -2477,7 +2482,7 @@ static int module_sig_check(struct load_
+ return err;
+ }
+ #else /* !CONFIG_MODULE_SIG */
+-static int module_sig_check(struct load_info *info)
++static int module_sig_check(struct load_info *info, int flags)
+ {
+ return 0;
+ }
+@@ -3210,7 +3215,7 @@ static int load_module(struct load_info
+ struct module *mod;
+ long err;
+
+- err = module_sig_check(info);
++ err = module_sig_check(info, flags);
+ if (err)
+ goto free_copy;
+
target-fix-max_unmap_lba_count-calc-overflow.patch
input-i8042-break-load-dependency-between-atkbd-psmouse-and-i8042.patch
pci-mark-atheros-ar9485-and-qca9882-to-avoid-bus-reset.patch
+dm-flakey-error-read-bios-during-the-down_interval.patch
+module-invalidate-signatures-on-force-loaded-modules.patch
+documentation-module-signing.txt-note-need-for-version-info-if-reusing-a-key.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
