From: Greg Kroah-Hartman Date: Mon, 5 Aug 2013 04:37:22 +0000 (+0800) Subject: 3.0-stable patches X-Git-Tag: v3.0.90~20 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=17be36269922c8e29705f9b0e513cc9bf1e048f5;p=thirdparty%2Fkernel%2Fstable-queue.git 3.0-stable patches added patches: fanotify-info-leak-in-copy_event_to_user.patch maintainers-fix-up-stable_kernel_rules.txt-location.patch sched-fix-the-broken-sched_rr_get_interval.patch --- diff --git a/queue-3.0/fanotify-info-leak-in-copy_event_to_user.patch b/queue-3.0/fanotify-info-leak-in-copy_event_to_user.patch new file mode 100644 index 00000000000..8465527adeb --- /dev/null +++ b/queue-3.0/fanotify-info-leak-in-copy_event_to_user.patch @@ -0,0 +1,34 @@ +From de1e0c40aceb9d5bff09c3a3b97b2f1b178af53f Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Mon, 8 Jul 2013 15:59:40 -0700 +Subject: fanotify: info leak in copy_event_to_user() + +From: Dan Carpenter + +commit de1e0c40aceb9d5bff09c3a3b97b2f1b178af53f upstream. + +The ->reserved field isn't cleared so we leak one byte of stack +information to userspace. + +Signed-off-by: Dan Carpenter +Cc: Eric Paris +Cc: Al Viro +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Cc: Luis Henriques +Signed-off-by: Greg Kroah-Hartman + +--- + fs/notify/fanotify/fanotify_user.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/notify/fanotify/fanotify_user.c ++++ b/fs/notify/fanotify/fanotify_user.c +@@ -118,6 +118,7 @@ static int fill_event_metadata(struct fs + metadata->event_len = FAN_EVENT_METADATA_LEN; + metadata->metadata_len = FAN_EVENT_METADATA_LEN; + metadata->vers = FANOTIFY_METADATA_VERSION; ++ metadata->reserved = 0; + metadata->mask = event->mask & FAN_ALL_OUTGOING_EVENTS; + metadata->pid = pid_vnr(event->tgid); + if (unlikely(event->mask & FAN_Q_OVERFLOW)) diff --git a/queue-3.0/maintainers-fix-up-stable_kernel_rules.txt-location.patch b/queue-3.0/maintainers-fix-up-stable_kernel_rules.txt-location.patch new file mode 100644 index 00000000000..81cdc17d25d --- /dev/null +++ b/queue-3.0/maintainers-fix-up-stable_kernel_rules.txt-location.patch @@ -0,0 +1,38 @@ +From foo@baz Mon Aug 5 12:30:29 CST 2013 +Date: Mon, 05 Aug 2013 12:30:29 +0800 +To: Greg KH +From: Greg Kroah-Hartman +Subject: MAINTAINERS: fix up stable_kernel_rules.txt location + +There was a mismerge of 7b175c46720f8e6b92801bb634c93d1016f80c62 for the +3.0 kernel, so this fixes it up. + +Also mark the stable stuff "Supported", as it is. + +Reported-by: Ben Hutchings +Signed-off-by: Greg Kroah-Hartman + +--- + MAINTAINERS | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -5725,7 +5725,6 @@ P: Vincent Sanders + M: Simtec Linux Team + W: http://www.simtec.co.uk/products/EB110ATX/ + S: Supported +-F: Documentation/stable_kernel_rules.txt + + SIMTEC EB2410ITX (BAST) + P: Ben Dooks +@@ -6041,7 +6040,8 @@ F: arch/alpha/kernel/srm_env.c + STABLE BRANCH + M: Greg Kroah-Hartman + L: stable@vger.kernel.org +-S: Maintained ++S: Supported ++F: Documentation/stable_kernel_rules.txt + + STAGING SUBSYSTEM + M: Greg Kroah-Hartman diff --git a/queue-3.0/sched-fix-the-broken-sched_rr_get_interval.patch b/queue-3.0/sched-fix-the-broken-sched_rr_get_interval.patch new file mode 100644 index 00000000000..79ef0ed7ea0 --- /dev/null +++ b/queue-3.0/sched-fix-the-broken-sched_rr_get_interval.patch @@ -0,0 +1,51 @@ +From a59f4e079d19464eebb9b06513a1d4f55fdae5ba Mon Sep 17 00:00:00 2001 +From: Zhu Yanhai +Date: Tue, 8 Jan 2013 12:56:52 +0800 +Subject: sched: Fix the broken sched_rr_get_interval() + +From: Zhu Yanhai + +commit a59f4e079d19464eebb9b06513a1d4f55fdae5ba upstream. + +The caller of sched_sliced() should pass se.cfs_rq and se as the +arguments, however in sched_rr_get_interval() we gave it +rq.cfs_rq and se, which made the following computation obviously +wrong. + +The change was introduced by commit: + + 77034937dc45 sched: fix crash in sys_sched_rr_get_interval() + +... 5 years ago, while it had been the correct 'cfs_rq_of' before +the commit. The change seems to be irrelevant to the commit +msg, which was to return a 0 timeslice for tasks that are on an +idle runqueue. So I believe that was just a plain typo. + +Signed-off-by: Zhu Yanhai +Cc: Peter Zijlstra +Cc: Paul Turner +Cc: Thomas Gleixner +Cc: Steven Rostedt +Cc: Andrew Morton +Cc: Linus Torvalds +Link: http://lkml.kernel.org/r/1357621012-15039-1-git-send-email-gaoyang.zyh@taobao.com +[ Since this is an ABI and an old bug, we'll test this via a + slow upstream route, to hopefully discover any app breakage. ] +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/sched_fair.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/sched_fair.c ++++ b/kernel/sched_fair.c +@@ -4277,7 +4277,7 @@ static unsigned int get_rr_interval_fair + * idle runqueue: + */ + if (rq->cfs.load.weight) +- rr_interval = NS_TO_JIFFIES(sched_slice(&rq->cfs, se)); ++ rr_interval = NS_TO_JIFFIES(sched_slice(cfs_rq_of(se), se)); + + return rr_interval; + } diff --git a/queue-3.0/series b/queue-3.0/series index d1989905b1e..7d65b5a6668 100644 --- a/queue-3.0/series +++ b/queue-3.0/series @@ -6,3 +6,6 @@ mac80211-fix-duplicate-retransmission-detection.patch rt2x00-fix-stop-queue.patch mwifiex-add-missing-endian-conversion.patch acpi-battery-fix-parsing-_bix-return-value.patch +sched-fix-the-broken-sched_rr_get_interval.patch +fanotify-info-leak-in-copy_event_to_user.patch +maintainers-fix-up-stable_kernel_rules.txt-location.patch