3.18 fixes

diff --git a/queue-3.18/powerpc-fadump-handle-crash-memory-ranges-array-index-overflow.patch b/queue-3.18/powerpc-fadump-handle-crash-memory-ranges-array-index-overflow.patch
index 6e0c02cfc40fcd2d9dac1237e1e0982f2e849ea7..df4c6fc819d534bf6bbc90ac79b616e290c29040 100644 (file)
--- a/queue-3.18/powerpc-fadump-handle-crash-memory-ranges-array-index-overflow.patch
+++ b/queue-3.18/powerpc-fadump-handle-crash-memory-ranges-array-index-overflow.patch
@@ -59,8 +59,8 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 
 ---
  arch/powerpc/include/asm/fadump.h |    3 -
- arch/powerpc/kernel/fadump.c      |   91 ++++++++++++++++++++++++++++++++------
- 2 files changed, 77 insertions(+), 17 deletions(-)
+ arch/powerpc/kernel/fadump.c      |   92 ++++++++++++++++++++++++++++++++------
+ 2 files changed, 78 insertions(+), 17 deletions(-)
 
 --- a/arch/powerpc/include/asm/fadump.h
 +++ b/arch/powerpc/include/asm/fadump.h
@@ -76,7 +76,15 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
        unsigned long long      size;
 --- a/arch/powerpc/kernel/fadump.c
 +++ b/arch/powerpc/kernel/fadump.c
-@@ -48,8 +48,10 @@ static struct fadump_mem_struct fdm;
+@@ -35,6 +35,7 @@
+ #include <linux/crash_dump.h>
+ #include <linux/kobject.h>
+ #include <linux/sysfs.h>
++#include <linux/slab.h>
+ 
+ #include <asm/page.h>
+ #include <asm/prom.h>
+@@ -48,8 +49,10 @@ static struct fadump_mem_struct fdm;
  static const struct fadump_mem_struct *fdm_active;
  
  static DEFINE_MUTEX(fadump_mutex);
@@ -88,7 +96,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  
  /* Scan the Firmware Assisted dump configuration details. */
  int __init early_init_dt_scan_fw_dump(unsigned long node,
-@@ -726,38 +728,88 @@ static int __init process_fadump(const s
+@@ -726,38 +729,88 @@ static int __init process_fadump(const s
        return 0;
  }
  
@@ -186,7 +194,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  }
  
  static int fadump_init_elfcore_header(char *bufp)
-@@ -793,10 +845,11 @@ static int fadump_init_elfcore_header(ch
+@@ -793,10 +846,11 @@ static int fadump_init_elfcore_header(ch
   * Traverse through memblock structure and setup crash memory ranges. These
   * ranges will be used create PT_LOAD program headers in elfcore header.
   */
@@ -199,7 +207,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  
        pr_debug("Setup crash memory ranges.\n");
        crash_mem_ranges = 0;
-@@ -807,7 +860,9 @@ static void fadump_setup_crash_memory_ra
+@@ -807,7 +861,9 @@ static void fadump_setup_crash_memory_ra
         * specified during fadump registration. We need to create a separate
         * program header for this chunk with the correct offset.
         */
@@ -210,7 +218,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  
        for_each_memblock(memory, reg) {
                start = (unsigned long long)reg->base;
-@@ -816,8 +871,12 @@ static void fadump_setup_crash_memory_ra
+@@ -816,8 +872,12 @@ static void fadump_setup_crash_memory_ra
                        start = fw_dump.boot_memory_size;
  
                /* add this range excluding the reserved dump area. */
@@ -224,7 +232,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  }
  
  /*
-@@ -941,6 +1000,7 @@ static void register_fadump(void)
+@@ -941,6 +1001,7 @@ static void register_fadump(void)
  {
        unsigned long addr;
        void *vaddr;
@@ -232,7 +240,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  
        /*
         * If no memory is reserved then we can not register for firmware-
-@@ -949,7 +1009,9 @@ static void register_fadump(void)
+@@ -949,7 +1010,9 @@ static void register_fadump(void)
        if (!fw_dump.reserve_dump_area_size)
                return;
  
@@ -243,7 +251,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  
        addr = be64_to_cpu(fdm.rmr_region.destination_address) + be64_to_cpu(fdm.rmr_region.source_len);
        /* Initialize fadump crash info header. */
-@@ -1028,6 +1090,7 @@ void fadump_cleanup(void)
+@@ -1028,6 +1091,7 @@ void fadump_cleanup(void)
        } else if (fw_dump.dump_registered) {
                /* Un-register Firmware-assisted dump if it was registered. */
                fadump_unregister_dump(&fdm);

diff --git a/queue-3.18/userns-move-user-access-out-of-the-mutex.patch b/queue-3.18/userns-move-user-access-out-of-the-mutex.patch
index 4184547a9650e16d7f8f079388f2b5097b49d974..7bc95439e25e5bffd76ae00aa4a0d7b6230eda24 100644 (file)
--- a/queue-3.18/userns-move-user-access-out-of-the-mutex.patch
+++ b/queue-3.18/userns-move-user-access-out-of-the-mutex.patch
@@ -23,14 +23,17 @@ Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 
 ---
- kernel/user_namespace.c |   22 ++++++++++------------
- 1 file changed, 10 insertions(+), 12 deletions(-)
+ kernel/user_namespace.c |   39 +++++++++++++++++++--------------------
+ 1 file changed, 19 insertions(+), 20 deletions(-)
 
 --- a/kernel/user_namespace.c
 +++ b/kernel/user_namespace.c
-@@ -602,7 +602,16 @@ static ssize_t map_write(struct file *fi
+@@ -600,9 +600,26 @@ static ssize_t map_write(struct file *fi
+       struct uid_gid_map new_map;
+       unsigned idx;
        struct uid_gid_extent *extent = NULL;
-       unsigned long page = 0;
+-      unsigned long page = 0;
++      unsigned long page;
        char *kbuf, *pos, *next_line;
 -      ssize_t ret = -EINVAL;
 +      ssize_t ret;
@@ -39,17 +42,32 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 +      if ((*ppos != 0) || (count >= PAGE_SIZE))
 +              return -EINVAL;
 +
++      /* Get a buffer */
++      page = __get_free_page(GFP_TEMPORARY);
++      kbuf = (char *) page;
++      if (!page)
++              return -ENOMEM;
++
 +      /* Slurp in the user data */
-+      if (copy_from_user(kbuf, buf, count))
++      if (copy_from_user(kbuf, buf, count)) {
++              free_page(page);
 +              return -EFAULT;
++      }
 +      kbuf[count] = '\0';
  
        /*
         * The userns_state_mutex serializes all writes to any given map.
-@@ -643,17 +652,6 @@ static ssize_t map_write(struct file *fi
-       if (!page)
+@@ -636,24 +653,6 @@ static ssize_t map_write(struct file *fi
+       if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN))
                goto out;
  
+-      /* Get a buffer */
+-      ret = -ENOMEM;
+-      page = __get_free_page(GFP_TEMPORARY);
+-      kbuf = (char *) page;
+-      if (!page)
+-              goto out;
+-
 -      /* Only allow < page size writes at the beginning of the file */
 -      ret = -EINVAL;
 -      if ((*ppos != 0) || (count >= PAGE_SIZE))