From: Greg Kroah-Hartman Date: Thu, 18 Aug 2016 13:23:37 +0000 (+0200) Subject: 3.14-stable patches X-Git-Tag: v3.14.77~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b4926aa238b60c28a222db39e7124401c35b6597;p=thirdparty%2Fkernel%2Fstable-queue.git 3.14-stable patches added patches: dm-flakey-error-read-bios-during-the-down_interval.patch documentation-module-signing.txt-note-need-for-version-info-if-reusing-a-key.patch module-invalidate-signatures-on-force-loaded-modules.patch --- diff --git a/queue-3.14/dm-flakey-error-read-bios-during-the-down_interval.patch b/queue-3.14/dm-flakey-error-read-bios-during-the-down_interval.patch new file mode 100644 index 00000000000..16dafe980e7 --- /dev/null +++ b/queue-3.14/dm-flakey-error-read-bios-during-the-down_interval.patch @@ -0,0 +1,68 @@ +From 99f3c90d0d85708e7401a81ce3314e50bf7f2819 Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Fri, 29 Jul 2016 13:19:55 -0400 +Subject: dm flakey: error READ bios during the down_interval + +From: Mike Snitzer + +commit 99f3c90d0d85708e7401a81ce3314e50bf7f2819 upstream. + +When the corrupt_bio_byte feature was introduced it caused READ bios to +no longer be errored with -EIO during the down_interval. This had to do +with the complexity of needing to submit READs if the corrupt_bio_byte +feature was used. + +Fix it so READ bios are properly errored with -EIO; doing so early in +flakey_map() as long as there isn't a match for the corrupt_bio_byte +feature. + +Fixes: a3998799fb4df ("dm flakey: add corrupt_bio_byte feature") +Reported-by: Akira Hayakawa +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm-flakey.c | 23 +++++++++++++++-------- + 1 file changed, 15 insertions(+), 8 deletions(-) + +--- a/drivers/md/dm-flakey.c ++++ b/drivers/md/dm-flakey.c +@@ -287,10 +287,16 @@ static int flakey_map(struct dm_target * + pb->bio_submitted = true; + + /* +- * Map reads as normal. ++ * Map reads as normal only if corrupt_bio_byte set. + */ +- if (bio_data_dir(bio) == READ) +- goto map_bio; ++ if (bio_data_dir(bio) == READ) { ++ /* If flags were specified, only corrupt those that match. */ ++ if (fc->corrupt_bio_byte && (fc->corrupt_bio_rw == READ) && ++ all_corrupt_bio_flags_match(bio, fc)) ++ goto map_bio; ++ else ++ return -EIO; ++ } + + /* + * Drop writes? +@@ -328,12 +334,13 @@ static int flakey_end_io(struct dm_targe + + /* + * Corrupt successful READs while in down state. +- * If flags were specified, only corrupt those that match. + */ +- if (fc->corrupt_bio_byte && !error && pb->bio_submitted && +- (bio_data_dir(bio) == READ) && (fc->corrupt_bio_rw == READ) && +- all_corrupt_bio_flags_match(bio, fc)) +- corrupt_bio_data(bio, fc); ++ if (!error && pb->bio_submitted && (bio_data_dir(bio) == READ)) { ++ if (fc->corrupt_bio_byte) ++ corrupt_bio_data(bio, fc); ++ else ++ return -EIO; ++ } + + return error; + } diff --git a/queue-3.14/documentation-module-signing.txt-note-need-for-version-info-if-reusing-a-key.patch b/queue-3.14/documentation-module-signing.txt-note-need-for-version-info-if-reusing-a-key.patch new file mode 100644 index 00000000000..45e05212a3f --- /dev/null +++ b/queue-3.14/documentation-module-signing.txt-note-need-for-version-info-if-reusing-a-key.patch @@ -0,0 +1,34 @@ +From b8612e517c3c9809e1200b72c474dbfd969e5a83 Mon Sep 17 00:00:00 2001 +From: Ben Hutchings +Date: Thu, 28 Apr 2016 09:24:05 +0930 +Subject: Documentation/module-signing.txt: Note need for version info if reusing a key + +From: Ben Hutchings + +commit b8612e517c3c9809e1200b72c474dbfd969e5a83 upstream. + +Signing a module should only make it trusted by the specific kernel it +was built for, not anything else. If a module signing key is used for +multiple ABI-incompatible kernels, the modules need to include enough +version information to distinguish them. + +Signed-off-by: Ben Hutchings +Signed-off-by: Rusty Russell +Signed-off-by: Greg Kroah-Hartman + +--- + Documentation/module-signing.txt | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/Documentation/module-signing.txt ++++ b/Documentation/module-signing.txt +@@ -238,3 +238,9 @@ Since the private key is used to sign mo + the private key to sign modules and compromise the operating system. The + private key must be either destroyed or moved to a secure location and not kept + in the root node of the kernel source tree. ++ ++If you use the same private key to sign modules for multiple kernel ++configurations, you must ensure that the module version information is ++sufficient to prevent loading a module into a different kernel. Either ++set CONFIG_MODVERSIONS=y or ensure that each configuration has a different ++kernel release string by changing EXTRAVERSION or CONFIG_LOCALVERSION. diff --git a/queue-3.14/module-invalidate-signatures-on-force-loaded-modules.patch b/queue-3.14/module-invalidate-signatures-on-force-loaded-modules.patch new file mode 100644 index 00000000000..7098be52316 --- /dev/null +++ b/queue-3.14/module-invalidate-signatures-on-force-loaded-modules.patch @@ -0,0 +1,64 @@ +From bca014caaa6130e57f69b5bf527967aa8ee70fdd Mon Sep 17 00:00:00 2001 +From: Ben Hutchings +Date: Thu, 28 Apr 2016 09:24:01 +0930 +Subject: module: Invalidate signatures on force-loaded modules + +From: Ben Hutchings + +commit bca014caaa6130e57f69b5bf527967aa8ee70fdd upstream. + +Signing a module should only make it trusted by the specific kernel it +was built for, not anything else. Loading a signed module meant for a +kernel with a different ABI could have interesting effects. +Therefore, treat all signatures as invalid when a module is +force-loaded. + +Signed-off-by: Ben Hutchings +Signed-off-by: Rusty Russell +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/module.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -2449,13 +2449,18 @@ static inline void kmemleak_load_module( + #endif + + #ifdef CONFIG_MODULE_SIG +-static int module_sig_check(struct load_info *info) ++static int module_sig_check(struct load_info *info, int flags) + { + int err = -ENOKEY; + const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1; + const void *mod = info->hdr; + +- if (info->len > markerlen && ++ /* ++ * Require flags == 0, as a module with version information ++ * removed is no longer the module that was signed ++ */ ++ if (flags == 0 && ++ info->len > markerlen && + memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) { + /* We truncate the module to discard the signature */ + info->len -= markerlen; +@@ -2477,7 +2482,7 @@ static int module_sig_check(struct load_ + return err; + } + #else /* !CONFIG_MODULE_SIG */ +-static int module_sig_check(struct load_info *info) ++static int module_sig_check(struct load_info *info, int flags) + { + return 0; + } +@@ -3210,7 +3215,7 @@ static int load_module(struct load_info + struct module *mod; + long err; + +- err = module_sig_check(info); ++ err = module_sig_check(info, flags); + if (err) + goto free_copy; + diff --git a/queue-3.14/series b/queue-3.14/series index ff57805b8a5..3e98c847045 100644 --- a/queue-3.14/series +++ b/queue-3.14/series @@ -41,3 +41,6 @@ target-fix-race-between-iscsi-target-connection-shutdown-abort_task.patch target-fix-max_unmap_lba_count-calc-overflow.patch input-i8042-break-load-dependency-between-atkbd-psmouse-and-i8042.patch pci-mark-atheros-ar9485-and-qca9882-to-avoid-bus-reset.patch +dm-flakey-error-read-bios-during-the-down_interval.patch +module-invalidate-signatures-on-force-loaded-modules.patch +documentation-module-signing.txt-note-need-for-version-info-if-reusing-a-key.patch