From: Greg Kroah-Hartman Date: Mon, 5 Aug 2013 04:41:08 +0000 (+0800) Subject: 3.4-stable patches X-Git-Tag: v3.0.90~19 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=99fdfcb06620921285bcffaa3379474d692aa79b;p=thirdparty%2Fkernel%2Fstable-queue.git 3.4-stable patches added patches: fanotify-info-leak-in-copy_event_to_user.patch sched-fix-the-broken-sched_rr_get_interval.patch --- diff --git a/queue-3.4/fanotify-info-leak-in-copy_event_to_user.patch b/queue-3.4/fanotify-info-leak-in-copy_event_to_user.patch new file mode 100644 index 00000000000..f593f34f9a2 --- /dev/null +++ b/queue-3.4/fanotify-info-leak-in-copy_event_to_user.patch @@ -0,0 +1,34 @@ +From de1e0c40aceb9d5bff09c3a3b97b2f1b178af53f Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Mon, 8 Jul 2013 15:59:40 -0700 +Subject: fanotify: info leak in copy_event_to_user() + +From: Dan Carpenter + +commit de1e0c40aceb9d5bff09c3a3b97b2f1b178af53f upstream. + +The ->reserved field isn't cleared so we leak one byte of stack +information to userspace. + +Signed-off-by: Dan Carpenter +Cc: Eric Paris +Cc: Al Viro +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Cc: Luis Henriques +Signed-off-by: Greg Kroah-Hartman + +--- + fs/notify/fanotify/fanotify_user.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/notify/fanotify/fanotify_user.c ++++ b/fs/notify/fanotify/fanotify_user.c +@@ -120,6 +120,7 @@ static int fill_event_metadata(struct fs + metadata->event_len = FAN_EVENT_METADATA_LEN; + metadata->metadata_len = FAN_EVENT_METADATA_LEN; + metadata->vers = FANOTIFY_METADATA_VERSION; ++ metadata->reserved = 0; + metadata->mask = event->mask & FAN_ALL_OUTGOING_EVENTS; + metadata->pid = pid_vnr(event->tgid); + if (unlikely(event->mask & FAN_Q_OVERFLOW)) diff --git a/queue-3.4/sched-fix-the-broken-sched_rr_get_interval.patch b/queue-3.4/sched-fix-the-broken-sched_rr_get_interval.patch new file mode 100644 index 00000000000..15fedcc7a40 --- /dev/null +++ b/queue-3.4/sched-fix-the-broken-sched_rr_get_interval.patch @@ -0,0 +1,51 @@ +From a59f4e079d19464eebb9b06513a1d4f55fdae5ba Mon Sep 17 00:00:00 2001 +From: Zhu Yanhai +Date: Tue, 8 Jan 2013 12:56:52 +0800 +Subject: sched: Fix the broken sched_rr_get_interval() + +From: Zhu Yanhai + +commit a59f4e079d19464eebb9b06513a1d4f55fdae5ba upstream. + +The caller of sched_sliced() should pass se.cfs_rq and se as the +arguments, however in sched_rr_get_interval() we gave it +rq.cfs_rq and se, which made the following computation obviously +wrong. + +The change was introduced by commit: + + 77034937dc45 sched: fix crash in sys_sched_rr_get_interval() + +... 5 years ago, while it had been the correct 'cfs_rq_of' before +the commit. The change seems to be irrelevant to the commit +msg, which was to return a 0 timeslice for tasks that are on an +idle runqueue. So I believe that was just a plain typo. + +Signed-off-by: Zhu Yanhai +Cc: Peter Zijlstra +Cc: Paul Turner +Cc: Thomas Gleixner +Cc: Steven Rostedt +Cc: Andrew Morton +Cc: Linus Torvalds +Link: http://lkml.kernel.org/r/1357621012-15039-1-git-send-email-gaoyang.zyh@taobao.com +[ Since this is an ABI and an old bug, we'll test this via a + slow upstream route, to hopefully discover any app breakage. ] +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/sched/fair.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -5511,7 +5511,7 @@ static unsigned int get_rr_interval_fair + * idle runqueue: + */ + if (rq->cfs.load.weight) +- rr_interval = NS_TO_JIFFIES(sched_slice(&rq->cfs, se)); ++ rr_interval = NS_TO_JIFFIES(sched_slice(cfs_rq_of(se), se)); + + return rr_interval; + } diff --git a/queue-3.4/series b/queue-3.4/series index 7e2eda98d8a..21dc75f461b 100644 --- a/queue-3.4/series +++ b/queue-3.4/series @@ -10,3 +10,5 @@ ixgbe-fix-tx-hang-issue-with-lldpad-on-82598eb.patch rt2x00-fix-stop-queue.patch mwifiex-add-missing-endian-conversion.patch acpi-battery-fix-parsing-_bix-return-value.patch +sched-fix-the-broken-sched_rr_get_interval.patch +fanotify-info-leak-in-copy_event_to_user.patch