Linux v3.19-rc3-69-g11c8f01b423b

KEYS-close-race-between-key-lookup-and-freeing.patch

@@ -1,43 +0,0 @@
-From: Sasha Levin <sasha.levin () oracle ! com>
-Date: Mon, 29 Dec 2014 14:39:01 -0500
-Subject: [PATCH] KEYS: close race between key lookup and freeing
-
-When a key is being garbage collected, it's key->user would get put before
-the ->destroy() callback is called, where the key is removed from it's
-respective tracking structures.
-
-This leaves a key hanging in a semi-invalid state which leaves a window open
-for a different task to try an access key->user. An example is
-find_keyring_by_name() which would dereference key->user for a key that is
-in the process of being garbage collected (where key->user was freed but
-->destroy() wasn't called yet - so it's still present in the linked list).
-
-This would cause either a panic, or corrupt memory.
-
-Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
----
- security/keys/gc.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/security/keys/gc.c b/security/keys/gc.c
-index 9609a7f0faea..c7952375ac53 100644
---- a/security/keys/gc.c
-+++ b/security/keys/gc.c
-@@ -148,12 +148,12 @@ static noinline void key_gc_unused_keys(struct list_head *keys)
- 		if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
- 			atomic_dec(&key->user->nikeys);
- 
--		key_user_put(key->user);
--
- 		/* now throw away the key memory */
- 		if (key->type->destroy)
- 			key->type->destroy(key);
- 
-+		key_user_put(key->user);
-+
- 		kfree(key->description);
- 
- #ifdef KEY_DEBUGGING
--- 
-2.1.0
-

Kbuild-Add-an-option-to-enable-GCC-VTA.patch

@@ -43,10 +43,10 @@ Signed-off-by: Josh Stone <jistone@redhat.com>
  2 files changed, 21 insertions(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index eb4eca56843a..beb01250c825 100644
+index 87f0c052b0ac..cd4645237d1c 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -705,7 +705,11 @@ KBUILD_CFLAGS	+= -fomit-frame-pointer
+@@ -706,7 +706,11 @@ KBUILD_CFLAGS	+= -fomit-frame-pointer
  endif
  endif
  

Revert-Revert-ACPI-video-change-acpi-video-brightnes.patch

@@ -28,7 +28,7 @@ index 4df73da11adc..25ba093a98f1 100644
  	virtio_mmio.device=
  			[VMMIO] Memory mapped virtio (platform) device.
 diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
-index c72e79d2c5ad..d621997f2ed6 100644
+index 032db459370f..5b9c0bae4503 100644
 --- a/drivers/acpi/video.c
 +++ b/drivers/acpi/video.c
 @@ -68,7 +68,7 @@ MODULE_AUTHOR("Bruno Ducrot");

kernel-arm64.patch

@@ -2811,20 +2811,20 @@ index 342942f..734c029 100644
  	unsigned long madt_end, entry;
 @@ -99,6 +131,9 @@ static int map_madt_entry(int type, u32 acpi_id)
  		} else if (header->type == ACPI_MADT_TYPE_LOCAL_SAPIC) {
- 			if (!map_lsapic_id(header, type, acpi_id, &apic_id))
+ 			if (!map_lsapic_id(header, type, acpi_id, &phys_id))
  				break;
 +		} else if (header->type == ACPI_MADT_TYPE_GENERIC_INTERRUPT) {
-+			if (!map_gicc_mpidr(header, type, acpi_id, &apic_id))
++			if (!map_gicc_mpidr(header, type, acpi_id, &phys_id))
 +				break;
  		}
  		entry += header->length;
  	}
 @@ -131,6 +166,8 @@ static int map_mat_entry(acpi_handle handle, int type, u32 acpi_id)
- 		map_lsapic_id(header, type, acpi_id, &apic_id);
+ 		map_lsapic_id(header, type, acpi_id, &phys_id);
  	else if (header->type == ACPI_MADT_TYPE_LOCAL_X2APIC)
- 		map_x2apic_id(header, type, acpi_id, &apic_id);
+ 		map_x2apic_id(header, type, acpi_id, &phys_id);
 +	else if (header->type == ACPI_MADT_TYPE_GENERIC_INTERRUPT)
-+		map_gicc_mpidr(header, type, acpi_id, &apic_id);
++		map_gicc_mpidr(header, type, acpi_id, &phys_id);
  
  exit:
  	kfree(buffer.pointer);

kernel.spec

@@ -42,7 +42,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 2
+%global baserelease 1
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -69,7 +69,7 @@ Summary: The Linux kernel
 # The rc snapshot level
 %define rcrev 3
 # The git snapshot level
-%define gitrev 1
+%define gitrev 2
 # Set rpm version accordingly
 %define rpmversion 3.%{upstream_sublevel}.0
 %endif
@@ -614,9 +614,6 @@ Patch26092: xhci-Add-broken-streams-quirk-for-Fresco-Logic-FL100.patch
 Patch26093: uas-Add-US_FL_NO_ATA_1X-for-Seagate-devices-with-usb.patch
 Patch26094: uas-Add-US_FL_NO_REPORT_OPCODES-for-JMicron-JMS566-w.patch
 
-#CVE-2014-9529 rhbz 1179813 1179853
-Patch26124: KEYS-close-race-between-key-lookup-and-freeing.patch
-
 # git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel
 Patch30000: kernel-arm64.patch
 
@@ -1339,9 +1336,6 @@ ApplyPatch xhci-Add-broken-streams-quirk-for-Fresco-Logic-FL100.patch
 ApplyPatch uas-Add-US_FL_NO_ATA_1X-for-Seagate-devices-with-usb.patch
 ApplyPatch uas-Add-US_FL_NO_REPORT_OPCODES-for-JMicron-JMS566-w.patch
 
-#CVE-2014-9529 rhbz 1179813 1179853
-ApplyPatch KEYS-close-race-between-key-lookup-and-freeing.patch
-
 %if 0%{?aarch64patches}
 ApplyPatch kernel-arm64.patch
 %ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does.
@@ -2208,6 +2202,9 @@ fi
 #                                    ||----w |
 #                                    ||     ||
 %changelog
+* Fri Jan 09 2015 Josh Boyer <jwboyer@fedoraproject.org> - 3.19.0-0.rc3.git2.1
+- Linux v3.19-rc3-69-g11c8f01b423b
+
 * Wed Jan 07 2015 Kyle McMartin <kyle@fedoraproject.org> - 3.19.0-0.rc3.git1.2
 - kernel-arm64.patch: fix up build... no idea if it works.
 

sources

@@ -1,4 +1,4 @@
 9e854df51ca3fef8bfe566dbd7b89241  linux-3.18.tar.xz
 813ccb96f0b379d656e57442c2587ca3  perf-man-3.18.tar.gz
 63cb0c21a591edafb1032bdc689c9193  patch-3.19-rc3.xz
-66161d089fff1e0071fc2b09a54c18b0  patch-3.19-rc3-git1.xz
+907f66df3a9e06bc914da2596ee3950a  patch-3.19-rc3-git2.xz