Linux v3.9-rc1-211-g47b3bc9

- Reenable debugging options.
- CVE-2013-1828 sctp: SCTP_GET_ASSOC_STATS stack buffer overflow (rhbz 919315 919316)
This commit is contained in:
Josh Boyer 2013-03-08 08:43:55 -05:00
parent 4bd0ec95ad
commit 194fd44ead
9 changed files with 72 additions and 662 deletions

View File

@ -1554,13 +1554,13 @@ CONFIG_B43_SDIO=y
CONFIG_B43_BCMA=y CONFIG_B43_BCMA=y
# CONFIG_B43_BCMA_EXTRA is not set # CONFIG_B43_BCMA_EXTRA is not set
CONFIG_B43_BCMA_PIO=y CONFIG_B43_BCMA_PIO=y
# CONFIG_B43_DEBUG is not set CONFIG_B43_DEBUG=y
CONFIG_B43_PHY_LP=y CONFIG_B43_PHY_LP=y
CONFIG_B43_PHY_N=y CONFIG_B43_PHY_N=y
CONFIG_B43_PHY_HT=y CONFIG_B43_PHY_HT=y
# CONFIG_B43_FORCE_PIO is not set # CONFIG_B43_FORCE_PIO is not set
CONFIG_B43LEGACY=m CONFIG_B43LEGACY=m
# CONFIG_B43LEGACY_DEBUG is not set CONFIG_B43LEGACY_DEBUG=y
CONFIG_B43LEGACY_DMA=y CONFIG_B43LEGACY_DMA=y
CONFIG_B43LEGACY_PIO=y CONFIG_B43LEGACY_PIO=y
CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y
@ -3197,7 +3197,7 @@ CONFIG_USB_STORAGE_REALTEK=m
CONFIG_REALTEK_AUTOPM=y CONFIG_REALTEK_AUTOPM=y
CONFIG_USB_STORAGE_ENE_UB6250=m CONFIG_USB_STORAGE_ENE_UB6250=m
# CONFIG_USB_LIBUSUAL is not set # CONFIG_USB_LIBUSUAL is not set
# CONFIG_USB_UAS is not set CONFIG_USB_UAS=m
# #
@ -3363,6 +3363,7 @@ CONFIG_USB_RTL8150=m
CONFIG_USB_USBNET=m CONFIG_USB_USBNET=m
CONFIG_USB_SPEEDTOUCH=m CONFIG_USB_SPEEDTOUCH=m
CONFIG_USB_NET_AX8817X=m CONFIG_USB_NET_AX8817X=m
CONFIG_USB_NET_AX88179_178A=m
CONFIG_USB_NET_DM9601=m CONFIG_USB_NET_DM9601=m
CONFIG_USB_NET_SMSC95XX=m CONFIG_USB_NET_SMSC95XX=m
CONFIG_USB_NET_GL620A=m CONFIG_USB_NET_GL620A=m
@ -3708,6 +3709,7 @@ CONFIG_DEBUG_FS=y
# CONFIG_ADFS_FS is not set # CONFIG_ADFS_FS is not set
CONFIG_AFFS_FS=m CONFIG_AFFS_FS=m
CONFIG_ECRYPT_FS=m CONFIG_ECRYPT_FS=m
# CONFIG_ECRYPT_FS_MESSAGING is not set
CONFIG_HFS_FS=m CONFIG_HFS_FS=m
CONFIG_HFSPLUS_FS=m CONFIG_HFSPLUS_FS=m
CONFIG_BEFS_FS=m CONFIG_BEFS_FS=m
@ -4187,7 +4189,7 @@ CONFIG_IBMASR=m
CONFIG_PM_DEBUG=y CONFIG_PM_DEBUG=y
CONFIG_PM_TRACE=y CONFIG_PM_TRACE=y
CONFIG_PM_TRACE_RTC=y CONFIG_PM_TRACE_RTC=y
# CONFIG_PM_TEST_SUSPEND is not set CONFIG_PM_TEST_SUSPEND=y
CONFIG_PM_RUNTIME=y CONFIG_PM_RUNTIME=y
# CONFIG_PM_OPP is not set # CONFIG_PM_OPP is not set
# CONFIG_PM_AUTOSLEEP is not set # CONFIG_PM_AUTOSLEEP is not set

View File

@ -2,95 +2,95 @@ CONFIG_SND_VERBOSE_PRINTK=y
CONFIG_SND_DEBUG=y CONFIG_SND_DEBUG=y
CONFIG_SND_PCM_XRUN_DEBUG=y CONFIG_SND_PCM_XRUN_DEBUG=y
# CONFIG_DEBUG_ATOMIC_SLEEP is not set CONFIG_DEBUG_ATOMIC_SLEEP=y
# CONFIG_DEBUG_MUTEXES is not set CONFIG_DEBUG_MUTEXES=y
# CONFIG_DEBUG_RT_MUTEXES is not set CONFIG_DEBUG_RT_MUTEXES=y
# CONFIG_DEBUG_LOCK_ALLOC is not set CONFIG_DEBUG_LOCK_ALLOC=y
# CONFIG_PROVE_LOCKING is not set CONFIG_PROVE_LOCKING=y
# CONFIG_DEBUG_SPINLOCK is not set CONFIG_DEBUG_SPINLOCK=y
# CONFIG_PROVE_RCU is not set CONFIG_PROVE_RCU=y
# CONFIG_PROVE_RCU_REPEATEDLY is not set # CONFIG_PROVE_RCU_REPEATEDLY is not set
# CONFIG_DEBUG_PER_CPU_MAPS is not set CONFIG_DEBUG_PER_CPU_MAPS=y
CONFIG_CPUMASK_OFFSTACK=y CONFIG_CPUMASK_OFFSTACK=y
# CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set CONFIG_CPU_NOTIFIER_ERROR_INJECT=m
# CONFIG_FAULT_INJECTION is not set CONFIG_FAULT_INJECTION=y
# CONFIG_FAILSLAB is not set CONFIG_FAILSLAB=y
# CONFIG_FAIL_PAGE_ALLOC is not set CONFIG_FAIL_PAGE_ALLOC=y
# CONFIG_FAIL_MAKE_REQUEST is not set CONFIG_FAIL_MAKE_REQUEST=y
# CONFIG_FAULT_INJECTION_DEBUG_FS is not set CONFIG_FAULT_INJECTION_DEBUG_FS=y
# CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is not set CONFIG_FAULT_INJECTION_STACKTRACE_FILTER=y
# CONFIG_FAIL_IO_TIMEOUT is not set CONFIG_FAIL_IO_TIMEOUT=y
# CONFIG_FAIL_MMC_REQUEST is not set CONFIG_FAIL_MMC_REQUEST=y
# CONFIG_SLUB_DEBUG_ON is not set CONFIG_SLUB_DEBUG_ON=y
# CONFIG_LOCK_STAT is not set CONFIG_LOCK_STAT=y
# CONFIG_DEBUG_STACK_USAGE is not set CONFIG_DEBUG_STACK_USAGE=y
# CONFIG_ACPI_DEBUG is not set CONFIG_ACPI_DEBUG=y
# CONFIG_ACPI_DEBUG_FUNC_TRACE is not set # CONFIG_ACPI_DEBUG_FUNC_TRACE is not set
# CONFIG_DEBUG_SG is not set CONFIG_DEBUG_SG=y
# CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_DEBUG_PAGEALLOC is not set
# CONFIG_DEBUG_WRITECOUNT is not set CONFIG_DEBUG_WRITECOUNT=y
# CONFIG_DEBUG_OBJECTS is not set CONFIG_DEBUG_OBJECTS=y
# CONFIG_DEBUG_OBJECTS_SELFTEST is not set # CONFIG_DEBUG_OBJECTS_SELFTEST is not set
# CONFIG_DEBUG_OBJECTS_FREE is not set CONFIG_DEBUG_OBJECTS_FREE=y
# CONFIG_DEBUG_OBJECTS_TIMERS is not set CONFIG_DEBUG_OBJECTS_TIMERS=y
# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set CONFIG_DEBUG_OBJECTS_RCU_HEAD=y
CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1 CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1
# CONFIG_X86_PTDUMP is not set CONFIG_X86_PTDUMP=y
# CONFIG_CAN_DEBUG_DEVICES is not set CONFIG_CAN_DEBUG_DEVICES=y
# CONFIG_MODULE_FORCE_UNLOAD is not set CONFIG_MODULE_FORCE_UNLOAD=y
# CONFIG_SYSCTL_SYSCALL_CHECK is not set CONFIG_SYSCTL_SYSCALL_CHECK=y
# CONFIG_DEBUG_NOTIFIERS is not set CONFIG_DEBUG_NOTIFIERS=y
# CONFIG_DMA_API_DEBUG is not set CONFIG_DMA_API_DEBUG=y
# CONFIG_MMIOTRACE is not set CONFIG_MMIOTRACE=y
# CONFIG_DEBUG_CREDENTIALS is not set CONFIG_DEBUG_CREDENTIALS=y
# off in both production debug and nodebug builds, # off in both production debug and nodebug builds,
# on in rawhide nodebug builds # on in rawhide nodebug builds
# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set CONFIG_DEBUG_FORCE_WEAK_PER_CPU=y
# CONFIG_EXT4_DEBUG is not set CONFIG_EXT4_DEBUG=y
# CONFIG_DEBUG_PERF_USE_VMALLOC is not set CONFIG_DEBUG_PERF_USE_VMALLOC=y
# CONFIG_JBD2_DEBUG is not set CONFIG_JBD2_DEBUG=y
# CONFIG_NFSD_FAULT_INJECTION is not set CONFIG_NFSD_FAULT_INJECTION=y
# CONFIG_DEBUG_BLK_CGROUP is not set CONFIG_DEBUG_BLK_CGROUP=y
# CONFIG_DRBD_FAULT_INJECTION is not set CONFIG_DRBD_FAULT_INJECTION=y
# CONFIG_ATH_DEBUG is not set CONFIG_ATH_DEBUG=y
# CONFIG_CARL9170_DEBUGFS is not set CONFIG_CARL9170_DEBUGFS=y
# CONFIG_IWLWIFI_DEVICE_TRACING is not set CONFIG_IWLWIFI_DEVICE_TRACING=y
# CONFIG_DEBUG_OBJECTS_WORK is not set CONFIG_DEBUG_OBJECTS_WORK=y
# CONFIG_DMADEVICES_DEBUG is not set CONFIG_DMADEVICES_DEBUG=y
# CONFIG_DMADEVICES_VDEBUG is not set CONFIG_DMADEVICES_VDEBUG=y
CONFIG_PM_ADVANCED_DEBUG=y CONFIG_PM_ADVANCED_DEBUG=y
# CONFIG_CEPH_LIB_PRETTYDEBUG is not set CONFIG_CEPH_LIB_PRETTYDEBUG=y
# CONFIG_QUOTA_DEBUG is not set CONFIG_QUOTA_DEBUG=y
CONFIG_PCI_DEFAULT_USE_CRS=y CONFIG_PCI_DEFAULT_USE_CRS=y
@ -98,16 +98,16 @@ CONFIG_KGDB_KDB=y
CONFIG_KDB_KEYBOARD=y CONFIG_KDB_KEYBOARD=y
CONFIG_KDB_CONTINUE_CATASTROPHIC=0 CONFIG_KDB_CONTINUE_CATASTROPHIC=0
# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y
# CONFIG_TEST_LIST_SORT is not set CONFIG_TEST_LIST_SORT=y
# CONFIG_DETECT_HUNG_TASK is not set CONFIG_DETECT_HUNG_TASK=y
CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set # CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
# CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK is not set CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y
# CONFIG_DEBUG_KMEMLEAK is not set CONFIG_DEBUG_KMEMLEAK=y
CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=1024 CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=1024
# CONFIG_DEBUG_KMEMLEAK_TEST is not set # CONFIG_DEBUG_KMEMLEAK_TEST is not set
CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y

View File

@ -326,7 +326,7 @@ CONFIG_STRICT_DEVMEM=y
# CONFIG_MEMTEST is not set # CONFIG_MEMTEST is not set
# CONFIG_DEBUG_TLBFLUSH is not set # CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_MAXSMP is not set CONFIG_MAXSMP=y
CONFIG_HP_ILO=m CONFIG_HP_ILO=m

View File

@ -1,431 +0,0 @@
From 74d5b500b0184d6ddf4e59328b50a9521c1cd1be Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Sat, 2 Mar 2013 19:40:17 -0500
Subject: [PATCH 1/3] efi: be more paranoid about available space when creating
variables
UEFI variables are typically stored in flash. For various reasons, avaiable
space is typically not reclaimed immediately upon the deletion of a
variable - instead, the system will garbage collect during initialisation
after a reboot.
Some systems appear to handle this garbage collection extremely poorly,
failing if more than 50% of the system flash is in use. This can result in
the machine refusing to boot. The safest thing to do for the moment is to
forbid writes if they'd end up using more than half of the storage space.
We can make this more finegrained later if we come up with a method for
identifying the broken machines.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
---
drivers/firmware/efivars.c | 106 +++++++++++++++++++++++++++++++++------------
1 file changed, 79 insertions(+), 27 deletions(-)
diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c
index 7320bf8..0d50497 100644
--- a/drivers/firmware/efivars.c
+++ b/drivers/firmware/efivars.c
@@ -426,6 +426,44 @@ get_var_data(struct efivars *efivars, struct efi_variable *var)
return status;
}
+static efi_status_t
+check_var_size_locked(struct efivars *efivars, u32 attributes,
+ unsigned long size)
+{
+ u64 storage_size, remaining_size, max_size;
+ efi_status_t status;
+ const struct efivar_operations *fops = efivars->ops;
+
+ if (!efivars->ops->query_variable_info)
+ return EFI_UNSUPPORTED;
+
+ status = fops->query_variable_info(attributes, &storage_size,
+ &remaining_size, &max_size);
+
+ if (status != EFI_SUCCESS)
+ return status;
+
+ if (!storage_size || size > remaining_size || size > max_size ||
+ (remaining_size - size) < (storage_size / 2))
+ return EFI_OUT_OF_RESOURCES;
+
+ return status;
+}
+
+
+static efi_status_t
+check_var_size(struct efivars *efivars, u32 attributes, unsigned long size)
+{
+ efi_status_t status;
+ unsigned long flags;
+
+ spin_lock_irqsave(&efivars->lock, flags);
+ status = check_var_size_locked(efivars, attributes, size);
+ spin_unlock_irqrestore(&efivars->lock, flags);
+
+ return status;
+}
+
static ssize_t
efivar_guid_read(struct efivar_entry *entry, char *buf)
{
@@ -547,11 +585,16 @@ efivar_store_raw(struct efivar_entry *entry, const char *buf, size_t count)
}
spin_lock_irq(&efivars->lock);
- status = efivars->ops->set_variable(new_var->VariableName,
- &new_var->VendorGuid,
- new_var->Attributes,
- new_var->DataSize,
- new_var->Data);
+
+ status = check_var_size_locked(efivars, new_var->Attributes,
+ new_var->DataSize + utf16_strsize(new_var->VariableName, 1024));
+
+ if (status == EFI_SUCCESS || status == EFI_UNSUPPORTED)
+ status = efivars->ops->set_variable(new_var->VariableName,
+ &new_var->VendorGuid,
+ new_var->Attributes,
+ new_var->DataSize,
+ new_var->Data);
spin_unlock_irq(&efivars->lock);
@@ -702,8 +745,7 @@ static ssize_t efivarfs_file_write(struct file *file,
u32 attributes;
struct inode *inode = file->f_mapping->host;
unsigned long datasize = count - sizeof(attributes);
- unsigned long newdatasize;
- u64 storage_size, remaining_size, max_size;
+ unsigned long newdatasize, varsize;
ssize_t bytes = 0;
if (count < sizeof(attributes))
@@ -722,28 +764,18 @@ static ssize_t efivarfs_file_write(struct file *file,
* amounts of memory. Pick a default size of 64K if
* QueryVariableInfo() isn't supported by the firmware.
*/
- spin_lock_irq(&efivars->lock);
- if (!efivars->ops->query_variable_info)
- status = EFI_UNSUPPORTED;
- else {
- const struct efivar_operations *fops = efivars->ops;
- status = fops->query_variable_info(attributes, &storage_size,
- &remaining_size, &max_size);
- }
-
- spin_unlock_irq(&efivars->lock);
+ varsize = datasize + utf16_strsize(var->var.VariableName, 1024);
+ status = check_var_size(efivars, attributes, varsize);
if (status != EFI_SUCCESS) {
if (status != EFI_UNSUPPORTED)
return efi_status_to_err(status);
- remaining_size = 65536;
+ if (datasize > 65536)
+ return -ENOSPC;
}
- if (datasize > remaining_size)
- return -ENOSPC;
-
data = kmalloc(datasize, GFP_KERNEL);
if (!data)
return -ENOMEM;
@@ -765,6 +797,19 @@ static ssize_t efivarfs_file_write(struct file *file,
*/
spin_lock_irq(&efivars->lock);
+ /*
+ * Ensure that the available space hasn't shrunk below the safe level
+ */
+
+ status = check_var_size_locked(efivars, attributes, varsize);
+
+ if (status != EFI_SUCCESS && status != EFI_UNSUPPORTED) {
+ spin_unlock_irq(&efivars->lock);
+ kfree(data);
+
+ return efi_status_to_err(status);
+ }
+
status = efivars->ops->set_variable(var->var.VariableName,
&var->var.VendorGuid,
attributes, datasize,
@@ -1345,7 +1390,6 @@ static int efi_pstore_write(enum pstore_type_id type,
efi_guid_t vendor = LINUX_EFI_CRASH_GUID;
struct efivars *efivars = psi->data;
int i, ret = 0;
- u64 storage_space, remaining_space, max_variable_size;
efi_status_t status = EFI_NOT_FOUND;
unsigned long flags;
@@ -1365,11 +1409,11 @@ static int efi_pstore_write(enum pstore_type_id type,
* size: a size of logging data
* DUMP_NAME_LEN * 2: a maximum size of variable name
*/
- status = efivars->ops->query_variable_info(PSTORE_EFI_ATTRIBUTES,
- &storage_space,
- &remaining_space,
- &max_variable_size);
- if (status || remaining_space < size + DUMP_NAME_LEN * 2) {
+
+ status = check_var_size_locked(efivars, PSTORE_EFI_ATTRIBUTES,
+ size + DUMP_NAME_LEN * 2);
+
+ if (status) {
spin_unlock_irqrestore(&efivars->lock, flags);
*id = part;
return -ENOSPC;
@@ -1544,6 +1588,14 @@ static ssize_t efivar_create(struct file *filp, struct kobject *kobj,
return -EINVAL;
}
+ status = check_var_size_locked(efivars, new_var->Attributes,
+ new_var->DataSize + utf16_strsize(new_var->VariableName, 1024));
+
+ if (status && status != EFI_UNSUPPORTED) {
+ spin_unlock_irq(&efivars->lock);
+ return efi_status_to_err(status);
+ }
+
/* now *really* create the variable via EFI */
status = efivars->ops->set_variable(new_var->VariableName,
&new_var->VendorGuid,
--
1.8.1.2
From 8200cc0633605f417a1f0c229772f9033d57ea0a Mon Sep 17 00:00:00 2001
From: Matt Fleming <matt.fleming@intel.com>
Date: Tue, 5 Mar 2013 07:40:16 +0000
Subject: [PATCH 2/3] efivars: efivarfs_valid_name() should handle pstore
syntax
Stricter validation was introduced with commit da27a24383b2b
("efivarfs: guid part of filenames are case-insensitive") and commit
47f531e8ba3b ("efivarfs: Validate filenames much more aggressively"),
which is necessary for the guid portion of efivarfs filenames, but we
don't need to be so strict with the first part, the variable name. The
UEFI specification doesn't impose any constraints on variable names
other than they be a NULL-terminated string.
The above commits caused a regression that resulted in users seeing
the following message,
$ sudo mount -v /sys/firmware/efi/efivars mount: Cannot allocate memory
whenever pstore EFI variables were present in the variable store,
since their variable names failed to pass the following check,
/* GUID should be right after the first '-' */
if (s - 1 != strchr(str, '-'))
as a typical pstore filename is of the form, dump-type0-10-1-<guid>.
The fix is trivial since the guid portion of the filename is GUID_LEN
bytes, we can use (len - GUID_LEN) to ensure the '-' character is
where we expect it to be.
(The bogus ENOMEM error value will be fixed in a separate patch.)
Reported-by: Joseph Yasi <joe.yasi@gmail.com>
Reported-by: Lingzhu Xiang <lxiang@redhat.com>
Cc: Josh Boyer <jwboyer@redhat.com>
Cc: Jeremy Kerr <jk@ozlabs.org>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
---
drivers/firmware/efivars.c | 4 +-
tools/testing/selftests/efivarfs/efivarfs.sh | 59 ++++++++++++++++++++++++++++
2 files changed, 61 insertions(+), 2 deletions(-)
diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c
index 0d50497..1b9a6e1 100644
--- a/drivers/firmware/efivars.c
+++ b/drivers/firmware/efivars.c
@@ -974,8 +974,8 @@ static bool efivarfs_valid_name(const char *str, int len)
if (len < GUID_LEN + 2)
return false;
- /* GUID should be right after the first '-' */
- if (s - 1 != strchr(str, '-'))
+ /* GUID must be preceded by a '-' */
+ if (*(s - 1) != '-')
return false;
/*
diff --git a/tools/testing/selftests/efivarfs/efivarfs.sh b/tools/testing/selftests/efivarfs/efivarfs.sh
index 880cdd5..77edcdc 100644
--- a/tools/testing/selftests/efivarfs/efivarfs.sh
+++ b/tools/testing/selftests/efivarfs/efivarfs.sh
@@ -125,6 +125,63 @@ test_open_unlink()
./open-unlink $file
}
+# test that we can create a range of filenames
+test_valid_filenames()
+{
+ local attrs='\x07\x00\x00\x00'
+ local ret=0
+
+ local file_list="abc dump-type0-11-1-1362436005 1234 -"
+ for f in $file_list; do
+ local file=$efivarfs_mount/$f-$test_guid
+
+ printf "$attrs\x00" > $file
+
+ if [ ! -e $file ]; then
+ echo "$file could not be created" >&2
+ ret=1
+ else
+ rm $file
+ fi
+ done
+
+ exit $ret
+}
+
+test_invalid_filenames()
+{
+ local attrs='\x07\x00\x00\x00'
+ local ret=0
+
+ local file_list="
+ -1234-1234-1234-123456789abc
+ foo
+ foo-bar
+ -foo-
+ foo-barbazba-foob-foob-foob-foobarbazfoo
+ foo-------------------------------------
+ -12345678-1234-1234-1234-123456789abc
+ a-12345678=1234-1234-1234-123456789abc
+ a-12345678-1234=1234-1234-123456789abc
+ a-12345678-1234-1234=1234-123456789abc
+ a-12345678-1234-1234-1234=123456789abc
+ 1112345678-1234-1234-1234-123456789abc"
+
+ for f in $file_list; do
+ local file=$efivarfs_mount/$f
+
+ printf "$attrs\x00" 2>/dev/null > $file
+
+ if [ -e $file ]; then
+ echo "Creating $file should have failed" >&2
+ rm $file
+ ret=1
+ fi
+ done
+
+ exit $ret
+}
+
check_prereqs
rc=0
@@ -135,5 +192,7 @@ run_test test_create_read
run_test test_delete
run_test test_zero_size_delete
run_test test_open_unlink
+run_test test_valid_filenames
+run_test test_invalid_filenames
exit $rc
--
1.8.1.2
From 396c0285825255c6e2549c9a6eec6c23a35c9f7f Mon Sep 17 00:00:00 2001
From: Matt Fleming <matt.fleming@intel.com>
Date: Tue, 5 Mar 2013 12:46:30 +0000
Subject: [PATCH 3/3] efivarfs: return accurate error code in
efivarfs_fill_super()
Joseph was hitting a failure case when mounting efivarfs which
resulted in an incorrect error message,
$ sudo mount -v /sys/firmware/efi/efivars mount: Cannot allocate memory
triggered when efivarfs_valid_name() returned -EINVAL.
Make sure we pass accurate return values up the stack if
efivarfs_fill_super() fails to build inodes for EFI variables.
Reported-by: Joseph Yasi <joe.yasi@gmail.com>
Reported-by: Lingzhu Xiang <lxiang@redhat.com>
Cc: Josh Boyer <jwboyer@redhat.com>
Cc: Jeremy Kerr <jk@ozlabs.org>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
---
drivers/firmware/efivars.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c
index 1b9a6e1..bea32d1 100644
--- a/drivers/firmware/efivars.c
+++ b/drivers/firmware/efivars.c
@@ -1163,15 +1163,22 @@ static struct dentry_operations efivarfs_d_ops = {
static struct dentry *efivarfs_alloc_dentry(struct dentry *parent, char *name)
{
+ struct dentry *d;
struct qstr q;
+ int err;
q.name = name;
q.len = strlen(name);
- if (efivarfs_d_hash(NULL, NULL, &q))
- return NULL;
+ err = efivarfs_d_hash(NULL, NULL, &q);
+ if (err)
+ return ERR_PTR(err);
+
+ d = d_alloc(parent, &q);
+ if (d)
+ return d;
- return d_alloc(parent, &q);
+ return ERR_PTR(-ENOMEM);
}
static int efivarfs_fill_super(struct super_block *sb, void *data, int silent)
@@ -1181,6 +1188,7 @@ static int efivarfs_fill_super(struct super_block *sb, void *data, int silent)
struct efivar_entry *entry, *n;
struct efivars *efivars = &__efivars;
char *name;
+ int err = -ENOMEM;
efivarfs_sb = sb;
@@ -1231,8 +1239,10 @@ static int efivarfs_fill_super(struct super_block *sb, void *data, int silent)
goto fail_name;
dentry = efivarfs_alloc_dentry(root, name);
- if (!dentry)
+ if (IS_ERR(dentry)) {
+ err = PTR_ERR(dentry);
goto fail_inode;
+ }
/* copied by the above to local storage in the dentry. */
kfree(name);
@@ -1259,7 +1269,7 @@ fail_inode:
fail_name:
kfree(name);
fail:
- return -ENOMEM;
+ return err;
}
static struct dentry *efivarfs_mount(struct file_system_type *fs_type,
--
1.8.1.2

View File

@ -1,58 +0,0 @@
Hi Josh,
Sorry for the slow resopnse you caught me on vacation :-)
I do not have either of these VMs ATM to test against. The patch below
should solve the problem though It looks like the VM is returning zero
for the highest P state (frequency) MSR. The patch will have the driver refuse
to load and the system should fall through to one of the other configured
governors/ scaling drivers.
Is it possible for tyou to test the patch below while I try to get a test setup
put together locally?
Thanks in advance
--Dirk
On 03/01/2013 06:13 AM, Josh Boyer wrote:
> Hi,
>
> We've had a report[1] that the intel_pstate driver will panic on boot
> under certain virtual machine environments. Thus far it seems VMWare
> and Hyper-V both see this. While this may be because of something those
> VMs are doing, the driver probably shouldn't cause a panic if it's
> getting some iffy data.
>
commit db138459876467dd1b4785ce2b35c9db31dab056
Author: Dirk Brandewie <dirk.brandewie@gmail.com>
Date: Mon Mar 4 10:14:42 2013 -0800
cpufreq/intel_pstate: Do not load on VM that do not report max P state.
It seems some VMs support the P state MSRs but return zeros. Fail
gracefully if we are running in this environment.
https://bugzilla.redhat.com/show_bug.cgi?id=916833
Reported-by: jwboyer@redhat.com
Signed-off-by: Dirk Brandewie <dirk.brandewie@gmail.com>
---
drivers/cpufreq/intel_pstate.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
index 096fde0..2bfd083 100644
--- a/drivers/cpufreq/intel_pstate.c
+++ b/drivers/cpufreq/intel_pstate.c
@@ -662,6 +662,9 @@ static int intel_pstate_set_policy(struct cpufreq_policy *policy)
cpu = all_cpu_data[policy->cpu];
+ if (!policy->cpuinfo.max_freq)
+ return -ENODEV;
+
intel_pstate_get_min_max(cpu, &min, &max);
limits.min_perf_pct = (policy->min * 100) / policy->cpuinfo.max_freq;

View File

@ -1,76 +0,0 @@
From: Dirk Brandewie <dirk.brandewie@gmail.com>
If cpufreq_register_driver() fails just free memory that has been
allocated and return. intel_pstate_exit() function is removed sine we
are built-in only now there is no reason for a module exit proceedure.
Reported-by:Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Dirk Brandewie <dirk.j.brandewie@intel.com>
---
drivers/cpufreq/intel_pstate.c | 39 +++++++++++----------------------------
1 files changed, 11 insertions(+), 28 deletions(-)
diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
index 2bfd083..f6dd1e7 100644
--- a/drivers/cpufreq/intel_pstate.c
+++ b/drivers/cpufreq/intel_pstate.c
@@ -750,37 +750,11 @@ static struct cpufreq_driver intel_pstate_driver = {
.owner = THIS_MODULE,
};
-static void intel_pstate_exit(void)
-{
- int cpu;
-
- sysfs_remove_group(intel_pstate_kobject,
- &intel_pstate_attr_group);
- debugfs_remove_recursive(debugfs_parent);
-
- cpufreq_unregister_driver(&intel_pstate_driver);
-
- if (!all_cpu_data)
- return;
-
- get_online_cpus();
- for_each_online_cpu(cpu) {
- if (all_cpu_data[cpu]) {
- del_timer_sync(&all_cpu_data[cpu]->timer);
- kfree(all_cpu_data[cpu]);
- }
- }
-
- put_online_cpus();
- vfree(all_cpu_data);
-}
-module_exit(intel_pstate_exit);
-
static int __initdata no_load;
static int __init intel_pstate_init(void)
{
- int rc = 0;
+ int cpu, rc = 0;
const struct x86_cpu_id *id;
if (no_load)
@@ -805,7 +779,16 @@ static int __init intel_pstate_init(void)
intel_pstate_sysfs_expose_params();
return rc;
out:
- intel_pstate_exit();
+ get_online_cpus();
+ for_each_online_cpu(cpu) {
+ if (all_cpu_data[cpu]) {
+ del_timer_sync(&all_cpu_data[cpu]->timer);
+ kfree(all_cpu_data[cpu]);
+ }
+ }
+
+ put_online_cpus();
+ vfree(all_cpu_data);
return -ENODEV;
}
device_initcall(intel_pstate_init);
--
1.7.7.6

View File

@ -62,7 +62,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and # For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
# #
%global baserelease 5 %global baserelease 1
%global fedora_build %{baserelease} %global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching # base_sublevel is the kernel version we're starting with and patching
@ -95,7 +95,7 @@ Summary: The Linux kernel
# The rc snapshot level # The rc snapshot level
%define rcrev 1 %define rcrev 1
# The git snapshot level # The git snapshot level
%define gitrev 0 %define gitrev 1
# Set rpm version accordingly # Set rpm version accordingly
%define rpmversion 3.%{upstream_sublevel}.0 %define rpmversion 3.%{upstream_sublevel}.0
%endif %endif
@ -157,7 +157,7 @@ Summary: The Linux kernel
# Set debugbuildsenabled to 1 for production (build separate debug kernels) # Set debugbuildsenabled to 1 for production (build separate debug kernels)
# and 0 for rawhide (all kernels are debug kernels). # and 0 for rawhide (all kernels are debug kernels).
# See also 'make debug' and 'make release'. # See also 'make debug' and 'make release'.
%define debugbuildsenabled 1 %define debugbuildsenabled 0
# Want to build a vanilla kernel build without any non-upstream patches? # Want to build a vanilla kernel build without any non-upstream patches?
%define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0} %define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0}
@ -170,7 +170,7 @@ Summary: The Linux kernel
%define doc_build_fail true %define doc_build_fail true
%endif %endif
%define rawhide_skip_docs 0 %define rawhide_skip_docs 1
%if 0%{?rawhide_skip_docs} %if 0%{?rawhide_skip_docs}
%define with_doc 0 %define with_doc 0
%define doc_build_fail true %define doc_build_fail true
@ -732,16 +732,6 @@ Patch21261: 0001-kmsg-Honor-dmesg_restrict-sysctl-on-dev-kmsg.patch
#rhbz 914737 #rhbz 914737
Patch21262: x86-mm-Fix-vmalloc_fault-oops-during-lazy-MMU-updates.patch Patch21262: x86-mm-Fix-vmalloc_fault-oops-during-lazy-MMU-updates.patch
#rhbz 916833
Patch21263: intel-pstate-do-not-load-on-VM-that-do-not-report-max-P-state.patch
Patch21264: intel_pstate-Fix-intel_pstate_init-error-path.patch
#rhbz 917984
Patch21265: efi-fixes.patch
#rhbz 918408
Patch21266: x86-bootparams-dont-clear-efi_info.patch
# CVE-2013-1792 rhbz 916646,919021 # CVE-2013-1792 rhbz 916646,919021
Patch21267: keys-fix-race-with-concurrent-install_user_keyrings.patch Patch21267: keys-fix-race-with-concurrent-install_user_keyrings.patch
@ -1369,9 +1359,6 @@ ApplyPatch crash-driver.patch
# crypto/ # crypto/
#rhbz 918408
ApplyPatch x86-bootparams-dont-clear-efi_info.patch
# secure boot # secure boot
ApplyPatch devel-pekey-secure-boot-20130306.patch ApplyPatch devel-pekey-secure-boot-20130306.patch
@ -1437,13 +1424,6 @@ ApplyPatch 0001-kmsg-Honor-dmesg_restrict-sysctl-on-dev-kmsg.patch
#rhbz 914737 #rhbz 914737
ApplyPatch x86-mm-Fix-vmalloc_fault-oops-during-lazy-MMU-updates.patch ApplyPatch x86-mm-Fix-vmalloc_fault-oops-during-lazy-MMU-updates.patch
#rhbz 916833
ApplyPatch intel-pstate-do-not-load-on-VM-that-do-not-report-max-P-state.patch
ApplyPatch intel_pstate-Fix-intel_pstate_init-error-path.patch
#rhbz 917984
ApplyPatch efi-fixes.patch
# CVE-2013-1792 rhbz 916646,919021 # CVE-2013-1792 rhbz 916646,919021
ApplyPatch keys-fix-race-with-concurrent-install_user_keyrings.patch ApplyPatch keys-fix-race-with-concurrent-install_user_keyrings.patch
@ -2288,6 +2268,11 @@ fi
# ||----w | # ||----w |
# || || # || ||
%changelog %changelog
* Fri Mar 08 2013 Josh Boyer <jwboyer@redhat.com> - 3.9.0-0.rc1.git1.1
- Linux v3.9-rc1-211-g47b3bc9
- Reenable debugging options.
- CVE-2013-1828 sctp: SCTP_GET_ASSOC_STATS stack buffer overflow (rhbz 919315 919316)
* Thu Mar 07 2013 Josh Boyer <jwboyer@redhat.com> * Thu Mar 07 2013 Josh Boyer <jwboyer@redhat.com>
- CVE-2013-1792 keys: race condition in install_user_keyrings (rhbz 916646 919021) - CVE-2013-1792 keys: race condition in install_user_keyrings (rhbz 916646 919021)

View File

@ -1,2 +1,3 @@
1c738edfc54e7c65faeb90c436104e2f linux-3.8.tar.xz 1c738edfc54e7c65faeb90c436104e2f linux-3.8.tar.xz
5c2d0b2d898deff74286daca6c49f565 patch-3.9-rc1.xz 5c2d0b2d898deff74286daca6c49f565 patch-3.9-rc1.xz
09506cd4f47ded15a178bf787a2e3781 patch-3.9-rc1-git1.xz

View File

@ -1,13 +0,0 @@
diff --git a/arch/x86/include/asm/bootparam_utils.h b/arch/x86/include/asm/bootparam_utils.h
index 5b5e9cb..ae93f72 100644
--- a/arch/x86/include/asm/bootparam_utils.h
+++ b/arch/x86/include/asm/bootparam_utils.h
@@ -20,7 +20,7 @@ static void sanitize_boot_params(struct boot_params *boot_params)
if (boot_params->sentinel) {
/*fields in boot_params are not valid, clear them */
memset(&boot_params->olpc_ofw_header, 0,
- (char *)&boot_params->alt_mem_k -
+ (char *)&boot_params->efi_info -
(char *)&boot_params->olpc_ofw_header);
memset(&boot_params->kbd_status, 0,
(char *)&boot_params->hdr -