Linux v4.0-rc5-53-gc875f421097a

kernel.spec

@@ -40,7 +40,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 3
+%global baserelease 1
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -68,7 +68,7 @@ Summary: The Linux kernel
 # The rc snapshot level
 %define rcrev 5
 # The git snapshot level
-%define gitrev 1
+%define gitrev 2
 # Set rpm version accordingly
 %define rpmversion 4.%{upstream_sublevel}.0
 %endif
@@ -615,8 +615,6 @@ Patch26139: Bluetooth-ath3k-Add-support-Atheros-AR5B195-combo-Mi.patch
 #rhbz 1196825
 Patch26140: security-yama-Remove-unnecessary-selects-from-Kconfi.patch
 
-Patch26141: mfd-rtsx_usb-prevent-DMA-from-stack.patch
-
 #CVE-2014-8159 rhbz 1181166 1200950
 Patch26167: IB-core-Prevent-integer-overflow-in-ib_umem_get-addr.patch
 
@@ -633,6 +631,8 @@ Patch26173: drm-i915-Don-t-try-to-reference-the-fb-in-get_initia.patch
 #rhbz 1203584
 Patch26174: Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch
 
+#atch26175: intel.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1359,8 +1359,6 @@ ApplyPatch Bluetooth-ath3k-Add-support-Atheros-AR5B195-combo-Mi.patch
 #rhbz 1196825
 ApplyPatch security-yama-Remove-unnecessary-selects-from-Kconfi.patch
 
-ApplyPatch mfd-rtsx_usb-prevent-DMA-from-stack.patch
-
 #CVE-2014-8159 rhbz 1181166 1200950
 ApplyPatch IB-core-Prevent-integer-overflow-in-ib_umem_get-addr.patch
 
@@ -1377,6 +1375,8 @@ ApplyPatch drm-i915-Don-t-try-to-reference-the-fb-in-get_initia.patch
 #rhbz 1203584
 ApplyPatch Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch
 
+#pplyPatch intel.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2227,6 +2227,9 @@ fi
 #
 # 
 %changelog
+* Wed Mar 25 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.0.0-0.rc5.git2.1
+- Linux v4.0-rc5-53-gc875f421097a
+
 * Tue Mar 24 2015 Josh Boyer <jwboyer@fedoraproject.org>
 - Fix ALPS v5 and v7 trackpads (rhbz 1203584)
 

mfd-rtsx_usb-prevent-DMA-from-stack.patch

@@ -1,127 +0,0 @@
-From: Roger Tseng <rogerable@realtek.com>
-Date: Fri, 6 Mar 2015 11:36:06 +0800
-Subject: [PATCH] mfd: rtsx_usb: prevent DMA from stack
-
-Functions rtsx_usb_ep0_read_register() and rtsx_usb_get_card_status()
-both use arbitrary buffer addresses from arguments directly for DMA and
-the buffers could be located in stack. This was caught by DMA-API debug
-check.
-
-Fixes this by using double-buffers via kzalloc in both functions to
-guarantee the validity of DMA buffer.
-
-WARNING: CPU: 1 PID: 25 at lib/dma-debug.c:1166 check_for_stack+0x96/0xe0()
-ehci-pci 0000:00:1a.0: DMA-API: device driver maps memory from stack
-[addr=ffff8801199e3cef]
-Modules linked in: rtsx_usb_ms arc4 memstick intel_rapl iosf_mbi
-rtl8192ce snd_hda_codec_hdmi snd_hda_codec_realtek
-snd_hda_codec_generic snd_hda_intel rtl_pci rtl8192c_common
-snd_hda_controller x86_pkg_temp_thermal snd_hda_codec rtlwifi mac80211
-coretemp kvm_intel kvm iTCO_wdt snd_hwdep snd_seq snd_seq_device
-crct10dif_pclmul iTCO_vendor_support sparse_keymap cfg80211
-crc32_pclmul snd_pcm crc32c_intel ghash_clmulni_intel rfkill i2c_i801
-snd_timer shpchp snd serio_raw mei_me lpc_ich soundcore mei tpm_tis
-tpm wmi nfsd auth_rpcgss nfs_acl lockd grace sunrpc i915
-rtsx_usb_sdmmc mmc_core 8021q uas garp stp i2c_algo_bit llc mrp
-drm_kms_helper usb_storage drm rtsx_usb mfd_core r8169 mii video
-CPU: 1 PID: 25 Comm: kworker/1:2 Not tainted 3.20.0-0.rc0.git7.3.fc22.x86_64 #1
-Hardware name: WB WB-B06211/WB-B0621, BIOS EB062IWB V1.0 12/12/2013
-Workqueue: events rtsx_usb_ms_handle_req [rtsx_usb_ms]
- 0000000000000000 000000003d188e66 ffff8801199e3808 ffffffff8187642b
- 0000000000000000 ffff8801199e3860 ffff8801199e3848 ffffffff810ab39a
- ffff8801199e3864 ffff8801199e3cef ffff880119b57098 ffff880119b37320
-Call Trace:
- [<ffffffff8187642b>] dump_stack+0x4c/0x65
- [<ffffffff810ab39a>] warn_slowpath_common+0x8a/0xc0
- [<ffffffff810ab425>] warn_slowpath_fmt+0x55/0x70
- [<ffffffff8187efe6>] ? _raw_spin_unlock_irqrestore+0x36/0x70
- [<ffffffff81453156>] check_for_stack+0x96/0xe0
- [<ffffffff81453934>] debug_dma_map_page+0x104/0x150
- [<ffffffff81613b86>] usb_hcd_map_urb_for_dma+0x646/0x790
- [<ffffffff81614165>] usb_hcd_submit_urb+0x1d5/0xa90
- [<ffffffff81106f8f>] ? mark_held_locks+0x7f/0xc0
- [<ffffffff81106f8f>] ? mark_held_locks+0x7f/0xc0
- [<ffffffff81103a15>] ? lockdep_init_map+0x65/0x5d0
- [<ffffffff81615d7e>] usb_submit_urb+0x42e/0x5f0
- [<ffffffff81616787>] usb_start_wait_urb+0x77/0x190
- [<ffffffff8124f035>] ? __kmalloc+0x205/0x2d0
- [<ffffffff8161697c>] usb_control_msg+0xdc/0x130
- [<ffffffffa0031669>] rtsx_usb_ep0_read_register+0x59/0x70 [rtsx_usb]
- [<ffffffffa00310c1>] ? rtsx_usb_get_rsp+0x41/0x50 [rtsx_usb]
- [<ffffffffa071da4e>] rtsx_usb_ms_handle_req+0x7ce/0x9c5 [rtsx_usb_ms]
-
-Reported-by: Josh Boyer <jwboyer@fedoraproject.org>
-Signed-off-by: Roger Tseng <rogerable@realtek.com>
----
- drivers/mfd/rtsx_usb.c | 30 ++++++++++++++++++++++++------
- 1 file changed, 24 insertions(+), 6 deletions(-)
-
-diff --git a/drivers/mfd/rtsx_usb.c b/drivers/mfd/rtsx_usb.c
-index ede50244f265..dbd907d7170e 100644
---- a/drivers/mfd/rtsx_usb.c
-+++ b/drivers/mfd/rtsx_usb.c
-@@ -196,18 +196,27 @@ EXPORT_SYMBOL_GPL(rtsx_usb_ep0_write_register);
- int rtsx_usb_ep0_read_register(struct rtsx_ucr *ucr, u16 addr, u8 *data)
- {
- 	u16 value;
-+	u8 *buf;
-+	int ret;
- 
- 	if (!data)
- 		return -EINVAL;
--	*data = 0;
-+
-+	buf = kzalloc(sizeof(u8), GFP_KERNEL);
-+	if (!buf)
-+		return -ENOMEM;
- 
- 	addr |= EP0_READ_REG_CMD << EP0_OP_SHIFT;
- 	value = swab16(addr);
- 
--	return usb_control_msg(ucr->pusb_dev,
-+	ret = usb_control_msg(ucr->pusb_dev,
- 			usb_rcvctrlpipe(ucr->pusb_dev, 0), RTSX_USB_REQ_REG_OP,
- 			USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
--			value, 0, data, 1, 100);
-+			value, 0, buf, 1, 100);
-+	*data = *buf;
-+
-+	kfree(buf);
-+	return ret;
- }
- EXPORT_SYMBOL_GPL(rtsx_usb_ep0_read_register);
- 
-@@ -288,18 +297,27 @@ static int rtsx_usb_get_status_with_bulk(struct rtsx_ucr *ucr, u16 *status)
- int rtsx_usb_get_card_status(struct rtsx_ucr *ucr, u16 *status)
- {
- 	int ret;
-+	u16 *buf;
- 
- 	if (!status)
- 		return -EINVAL;
- 
--	if (polling_pipe == 0)
-+	if (polling_pipe == 0) {
-+		buf = kzalloc(sizeof(u16), GFP_KERNEL);
-+		if (!buf)
-+			return -ENOMEM;
-+
- 		ret = usb_control_msg(ucr->pusb_dev,
- 				usb_rcvctrlpipe(ucr->pusb_dev, 0),
- 				RTSX_USB_REQ_POLL,
- 				USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
--				0, 0, status, 2, 100);
--	else
-+				0, 0, buf, 2, 100);
-+		*status = *buf;
-+
-+		kfree(buf);
-+	} else {
- 		ret = rtsx_usb_get_status_with_bulk(ucr, status);
-+	}
- 
- 	/* usb_control_msg may return positive when success */
- 	if (ret < 0)
--- 
-2.1.0
-

sources

@@ -1,3 +1,3 @@
 b26150c980099ef554b26d07f470e647  linux-4.0-rc5.tar.xz
 7614f559a09f0242827fc7783c7adf3f  perf-man-4.0-rc5.tar.gz
-658fcb5b3fbc9bd1ccbf4f8ce5a9e79c  patch-4.0-rc5-git1.xz
+61c3daa783863786c20ec38d27363b88  patch-4.0-rc5-git2.xz