From: Greg Kroah-Hartman Date: Mon, 14 Oct 2013 20:31:21 +0000 (-0700) Subject: 3.0-stable patches X-Git-Tag: v3.10.17~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4ec079d929eaf0354402a0ae7b399b6ef46bc66e;p=thirdparty%2Fkernel%2Fstable-queue.git 3.0-stable patches added patches: ext4-fix-memory-leak-in-xattr.patch parisc-fix-interruption-handler-to-respect-pagefault_disable.patch random-run-random_int_secret_init-run-after-all-late_initcalls.patch vfs-allow-o_path-file-descriptors-for-fstatfs.patch --- diff --git a/queue-3.0/ext4-fix-memory-leak-in-xattr.patch b/queue-3.0/ext4-fix-memory-leak-in-xattr.patch new file mode 100644 index 00000000000..4aecb6aeeef --- /dev/null +++ b/queue-3.0/ext4-fix-memory-leak-in-xattr.patch @@ -0,0 +1,41 @@ +From 6e4ea8e33b2057b85d75175dd89b93f5e26de3bc Mon Sep 17 00:00:00 2001 +From: Dave Jones +Date: Thu, 10 Oct 2013 20:05:35 -0400 +Subject: ext4: fix memory leak in xattr + +From: Dave Jones + +commit 6e4ea8e33b2057b85d75175dd89b93f5e26de3bc upstream. + +If we take the 2nd retry path in ext4_expand_extra_isize_ea, we +potentionally return from the function without having freed these +allocations. If we don't do the return, we over-write the previous +allocation pointers, so we leak either way. + +Spotted with Coverity. + +[ Fixed by tytso to set is and bs to NULL after freeing these + pointers, in case in the retry loop we later end up triggering an + error causing a jump to cleanup, at which point we could have a double + free bug. -- Ted ] + +Signed-off-by: Dave Jones +Signed-off-by: "Theodore Ts'o" +Reviewed-by: Eric Sandeen +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/xattr.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -1271,6 +1271,8 @@ retry: + s_min_extra_isize) { + tried_min_extra_isize++; + new_extra_isize = s_min_extra_isize; ++ kfree(is); is = NULL; ++ kfree(bs); bs = NULL; + goto retry; + } + error = -1; diff --git a/queue-3.0/parisc-fix-interruption-handler-to-respect-pagefault_disable.patch b/queue-3.0/parisc-fix-interruption-handler-to-respect-pagefault_disable.patch new file mode 100644 index 00000000000..9367148e90b --- /dev/null +++ b/queue-3.0/parisc-fix-interruption-handler-to-respect-pagefault_disable.patch @@ -0,0 +1,55 @@ +From 59b33f148cc08fb33cbe823fca1e34f7f023765e Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Tue, 1 Oct 2013 21:54:46 +0200 +Subject: parisc: fix interruption handler to respect pagefault_disable() + +From: Helge Deller + +commit 59b33f148cc08fb33cbe823fca1e34f7f023765e upstream. + +Running an "echo t > /proc/sysrq-trigger" crashes the parisc kernel. The +problem is, that in print_worker_info() we try to read the workqueue info via +the probe_kernel_read() functions which use pagefault_disable() to avoid +crashes like this: + probe_kernel_read(&pwq, &worker->current_pwq, sizeof(pwq)); + probe_kernel_read(&wq, &pwq->wq, sizeof(wq)); + probe_kernel_read(name, wq->name, sizeof(name) - 1); + +The problem here is, that the first probe_kernel_read(&pwq) might return zero +in pwq and as such the following probe_kernel_reads() try to access contents of +the page zero which is read protected and generate a kernel segfault. + +With this patch we fix the interruption handler to call parisc_terminate() +directly only if pagefault_disable() was not called (in which case +preempt_count()==0). Otherwise we hand over to the pagefault handler which +will try to look up the faulting address in the fixup tables. + +Signed-off-by: Helge Deller +Signed-off-by: John David Anglin +Signed-off-by: Helge Deller +Signed-off-by: Greg Kroah-Hartman + +--- + arch/parisc/kernel/traps.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/arch/parisc/kernel/traps.c ++++ b/arch/parisc/kernel/traps.c +@@ -811,14 +811,14 @@ void notrace handle_interruption(int cod + else { + + /* +- * The kernel should never fault on its own address space. ++ * The kernel should never fault on its own address space, ++ * unless pagefault_disable() was called before. + */ + +- if (fault_space == 0) ++ if (fault_space == 0 && !in_atomic()) + { + pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC); + parisc_terminate("Kernel Fault", regs, code, fault_address); +- + } + } + diff --git a/queue-3.0/random-run-random_int_secret_init-run-after-all-late_initcalls.patch b/queue-3.0/random-run-random_int_secret_init-run-after-all-late_initcalls.patch new file mode 100644 index 00000000000..00e5d1b9238 --- /dev/null +++ b/queue-3.0/random-run-random_int_secret_init-run-after-all-late_initcalls.patch @@ -0,0 +1,67 @@ +From 47d06e532e95b71c0db3839ebdef3fe8812fca2c Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Tue, 10 Sep 2013 10:52:35 -0400 +Subject: random: run random_int_secret_init() run after all late_initcalls + +From: Theodore Ts'o + +commit 47d06e532e95b71c0db3839ebdef3fe8812fca2c upstream. + +The some platforms (e.g., ARM) initializes their clocks as +late_initcalls for some unknown reason. So make sure +random_int_secret_init() is run after all of the late_initcalls are +run. + +Signed-off-by: "Theodore Ts'o" +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/random.c | 3 +-- + include/linux/random.h | 1 + + init/main.c | 2 ++ + 3 files changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -1435,12 +1435,11 @@ ctl_table random_table[] = { + + static u32 random_int_secret[MD5_MESSAGE_BYTES / 4] ____cacheline_aligned; + +-static int __init random_int_secret_init(void) ++int random_int_secret_init(void) + { + get_random_bytes(random_int_secret, sizeof(random_int_secret)); + return 0; + } +-late_initcall(random_int_secret_init); + + /* + * Get a random word for internal kernel use only. Similar to urandom but +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -56,6 +56,7 @@ extern void add_interrupt_randomness(int + extern void get_random_bytes(void *buf, int nbytes); + extern void get_random_bytes_arch(void *buf, int nbytes); + void generate_random_uuid(unsigned char uuid_out[16]); ++extern int random_int_secret_init(void); + + #ifndef MODULE + extern const struct file_operations random_fops, urandom_fops; +--- a/init/main.c ++++ b/init/main.c +@@ -68,6 +68,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -717,6 +718,7 @@ static void __init do_basic_setup(void) + init_irq_proc(); + do_ctors(); + do_initcalls(); ++ random_int_secret_init(); + } + + static void __init do_pre_smp_initcalls(void) diff --git a/queue-3.0/series b/queue-3.0/series new file mode 100644 index 00000000000..d4981fd4eb8 --- /dev/null +++ b/queue-3.0/series @@ -0,0 +1,4 @@ +random-run-random_int_secret_init-run-after-all-late_initcalls.patch +vfs-allow-o_path-file-descriptors-for-fstatfs.patch +ext4-fix-memory-leak-in-xattr.patch +parisc-fix-interruption-handler-to-respect-pagefault_disable.patch diff --git a/queue-3.0/vfs-allow-o_path-file-descriptors-for-fstatfs.patch b/queue-3.0/vfs-allow-o_path-file-descriptors-for-fstatfs.patch new file mode 100644 index 00000000000..575ccbff538 --- /dev/null +++ b/queue-3.0/vfs-allow-o_path-file-descriptors-for-fstatfs.patch @@ -0,0 +1,37 @@ +From 9d05746e7b16d8565dddbe3200faa1e669d23bbf Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Mon, 30 Sep 2013 08:35:10 -0700 +Subject: vfs: allow O_PATH file descriptors for fstatfs() + +From: Linus Torvalds + +commit 9d05746e7b16d8565dddbe3200faa1e669d23bbf upstream. + +Olga reported that file descriptors opened with O_PATH do not work with +fstatfs(), found during further development of ksh93's thread support. + +There is no reason to not allow O_PATH file descriptors here (fstatfs is +very much a path operation), so use "fdget_raw()". See commit +55815f70147d ("vfs: make O_PATH file descriptors usable for 'fstat()'") +for a very similar issue reported for fstat() by the same team. + +Reported-and-tested-by: ольга крыжановская +Acked-by: Al Viro +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/statfs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/statfs.c ++++ b/fs/statfs.c +@@ -86,7 +86,7 @@ int user_statfs(const char __user *pathn + + int fd_statfs(int fd, struct kstatfs *st) + { +- struct file *file = fget(fd); ++ struct file *file = fget_raw(fd); + int error = -EBADF; + if (file) { + error = vfs_statfs(&file->f_path, st);