From c9125fc259d4557bcc9652ed03d0df5edbc6440c Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sun, 9 Sep 2018 11:28:16 +0200 Subject: [PATCH] 3.18 fixes --- ...h-memory-ranges-array-index-overflow.patch | 28 ++++++++++------ ...ns-move-user-access-out-of-the-mutex.patch | 32 +++++++++++++++---- 2 files changed, 43 insertions(+), 17 deletions(-) diff --git a/queue-3.18/powerpc-fadump-handle-crash-memory-ranges-array-index-overflow.patch b/queue-3.18/powerpc-fadump-handle-crash-memory-ranges-array-index-overflow.patch index 6e0c02cfc40..df4c6fc819d 100644 --- a/queue-3.18/powerpc-fadump-handle-crash-memory-ranges-array-index-overflow.patch +++ b/queue-3.18/powerpc-fadump-handle-crash-memory-ranges-array-index-overflow.patch @@ -59,8 +59,8 @@ Signed-off-by: Greg Kroah-Hartman --- arch/powerpc/include/asm/fadump.h | 3 - - arch/powerpc/kernel/fadump.c | 91 ++++++++++++++++++++++++++++++++------ - 2 files changed, 77 insertions(+), 17 deletions(-) + arch/powerpc/kernel/fadump.c | 92 ++++++++++++++++++++++++++++++++------ + 2 files changed, 78 insertions(+), 17 deletions(-) --- a/arch/powerpc/include/asm/fadump.h +++ b/arch/powerpc/include/asm/fadump.h @@ -76,7 +76,15 @@ Signed-off-by: Greg Kroah-Hartman unsigned long long size; --- a/arch/powerpc/kernel/fadump.c +++ b/arch/powerpc/kernel/fadump.c -@@ -48,8 +48,10 @@ static struct fadump_mem_struct fdm; +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -48,8 +49,10 @@ static struct fadump_mem_struct fdm; static const struct fadump_mem_struct *fdm_active; static DEFINE_MUTEX(fadump_mutex); @@ -88,7 +96,7 @@ Signed-off-by: Greg Kroah-Hartman /* Scan the Firmware Assisted dump configuration details. */ int __init early_init_dt_scan_fw_dump(unsigned long node, -@@ -726,38 +728,88 @@ static int __init process_fadump(const s +@@ -726,38 +729,88 @@ static int __init process_fadump(const s return 0; } @@ -186,7 +194,7 @@ Signed-off-by: Greg Kroah-Hartman } static int fadump_init_elfcore_header(char *bufp) -@@ -793,10 +845,11 @@ static int fadump_init_elfcore_header(ch +@@ -793,10 +846,11 @@ static int fadump_init_elfcore_header(ch * Traverse through memblock structure and setup crash memory ranges. These * ranges will be used create PT_LOAD program headers in elfcore header. */ @@ -199,7 +207,7 @@ Signed-off-by: Greg Kroah-Hartman pr_debug("Setup crash memory ranges.\n"); crash_mem_ranges = 0; -@@ -807,7 +860,9 @@ static void fadump_setup_crash_memory_ra +@@ -807,7 +861,9 @@ static void fadump_setup_crash_memory_ra * specified during fadump registration. We need to create a separate * program header for this chunk with the correct offset. */ @@ -210,7 +218,7 @@ Signed-off-by: Greg Kroah-Hartman for_each_memblock(memory, reg) { start = (unsigned long long)reg->base; -@@ -816,8 +871,12 @@ static void fadump_setup_crash_memory_ra +@@ -816,8 +872,12 @@ static void fadump_setup_crash_memory_ra start = fw_dump.boot_memory_size; /* add this range excluding the reserved dump area. */ @@ -224,7 +232,7 @@ Signed-off-by: Greg Kroah-Hartman } /* -@@ -941,6 +1000,7 @@ static void register_fadump(void) +@@ -941,6 +1001,7 @@ static void register_fadump(void) { unsigned long addr; void *vaddr; @@ -232,7 +240,7 @@ Signed-off-by: Greg Kroah-Hartman /* * If no memory is reserved then we can not register for firmware- -@@ -949,7 +1009,9 @@ static void register_fadump(void) +@@ -949,7 +1010,9 @@ static void register_fadump(void) if (!fw_dump.reserve_dump_area_size) return; @@ -243,7 +251,7 @@ Signed-off-by: Greg Kroah-Hartman addr = be64_to_cpu(fdm.rmr_region.destination_address) + be64_to_cpu(fdm.rmr_region.source_len); /* Initialize fadump crash info header. */ -@@ -1028,6 +1090,7 @@ void fadump_cleanup(void) +@@ -1028,6 +1091,7 @@ void fadump_cleanup(void) } else if (fw_dump.dump_registered) { /* Un-register Firmware-assisted dump if it was registered. */ fadump_unregister_dump(&fdm); diff --git a/queue-3.18/userns-move-user-access-out-of-the-mutex.patch b/queue-3.18/userns-move-user-access-out-of-the-mutex.patch index 4184547a965..7bc95439e25 100644 --- a/queue-3.18/userns-move-user-access-out-of-the-mutex.patch +++ b/queue-3.18/userns-move-user-access-out-of-the-mutex.patch @@ -23,14 +23,17 @@ Signed-off-by: Eric W. Biederman Signed-off-by: Greg Kroah-Hartman --- - kernel/user_namespace.c | 22 ++++++++++------------ - 1 file changed, 10 insertions(+), 12 deletions(-) + kernel/user_namespace.c | 39 +++++++++++++++++++-------------------- + 1 file changed, 19 insertions(+), 20 deletions(-) --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c -@@ -602,7 +602,16 @@ static ssize_t map_write(struct file *fi +@@ -600,9 +600,26 @@ static ssize_t map_write(struct file *fi + struct uid_gid_map new_map; + unsigned idx; struct uid_gid_extent *extent = NULL; - unsigned long page = 0; +- unsigned long page = 0; ++ unsigned long page; char *kbuf, *pos, *next_line; - ssize_t ret = -EINVAL; + ssize_t ret; @@ -39,17 +42,32 @@ Signed-off-by: Greg Kroah-Hartman + if ((*ppos != 0) || (count >= PAGE_SIZE)) + return -EINVAL; + ++ /* Get a buffer */ ++ page = __get_free_page(GFP_TEMPORARY); ++ kbuf = (char *) page; ++ if (!page) ++ return -ENOMEM; ++ + /* Slurp in the user data */ -+ if (copy_from_user(kbuf, buf, count)) ++ if (copy_from_user(kbuf, buf, count)) { ++ free_page(page); + return -EFAULT; ++ } + kbuf[count] = '\0'; /* * The userns_state_mutex serializes all writes to any given map. -@@ -643,17 +652,6 @@ static ssize_t map_write(struct file *fi - if (!page) +@@ -636,24 +653,6 @@ static ssize_t map_write(struct file *fi + if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN)) goto out; +- /* Get a buffer */ +- ret = -ENOMEM; +- page = __get_free_page(GFP_TEMPORARY); +- kbuf = (char *) page; +- if (!page) +- goto out; +- - /* Only allow < page size writes at the beginning of the file */ - ret = -EINVAL; - if ((*ppos != 0) || (count >= PAGE_SIZE)) -- 2.47.2