Revert upstream selinux change causing sync hang (rhbz 1033965)
- Add patch to fix radeon from crashing
This commit is contained in:
parent
f78c22dfe9
commit
fd75f39f64
184
0001-Revert-selinux-consider-filesystem-subtype-in-polici.patch
Normal file
184
0001-Revert-selinux-consider-filesystem-subtype-in-polici.patch
Normal file
@ -0,0 +1,184 @@
|
|||||||
|
Bugzilla: 1033965
|
||||||
|
Upstream-status: 3.13 possible, or alternate fix
|
||||||
|
|
||||||
|
From df777e7aa8e3dd330bde63238595266ce1ee2d42 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||||
|
Date: Tue, 10 Dec 2013 15:06:49 -0500
|
||||||
|
Subject: [PATCH] Revert "selinux: consider filesystem subtype in policies"
|
||||||
|
|
||||||
|
This reverts commit 102aefdda4d8275ce7d7100bc16c88c74272b260.
|
||||||
|
---
|
||||||
|
security/selinux/hooks.c | 40 ++++++++++++++++++----------------------
|
||||||
|
security/selinux/ss/services.c | 42 ++++--------------------------------------
|
||||||
|
2 files changed, 22 insertions(+), 60 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
|
||||||
|
index 794c3ca..98b1caa 100644
|
||||||
|
--- a/security/selinux/hooks.c
|
||||||
|
+++ b/security/selinux/hooks.c
|
||||||
|
@@ -95,10 +95,6 @@
|
||||||
|
#include "audit.h"
|
||||||
|
#include "avc_ss.h"
|
||||||
|
|
||||||
|
-#define SB_TYPE_FMT "%s%s%s"
|
||||||
|
-#define SB_SUBTYPE(sb) (sb->s_subtype && sb->s_subtype[0])
|
||||||
|
-#define SB_TYPE_ARGS(sb) sb->s_type->name, SB_SUBTYPE(sb) ? "." : "", SB_SUBTYPE(sb) ? sb->s_subtype : ""
|
||||||
|
-
|
||||||
|
extern struct security_operations *security_ops;
|
||||||
|
|
||||||
|
/* SECMARK reference count */
|
||||||
|
@@ -413,8 +409,8 @@ static int sb_finish_set_opts(struct super_block *sb)
|
||||||
|
the first boot of the SELinux kernel before we have
|
||||||
|
assigned xattr values to the filesystem. */
|
||||||
|
if (!root_inode->i_op->getxattr) {
|
||||||
|
- printk(KERN_WARNING "SELinux: (dev %s, type "SB_TYPE_FMT") has no "
|
||||||
|
- "xattr support\n", sb->s_id, SB_TYPE_ARGS(sb));
|
||||||
|
+ printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
|
||||||
|
+ "xattr support\n", sb->s_id, sb->s_type->name);
|
||||||
|
rc = -EOPNOTSUPP;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
@@ -422,22 +418,22 @@ static int sb_finish_set_opts(struct super_block *sb)
|
||||||
|
if (rc < 0 && rc != -ENODATA) {
|
||||||
|
if (rc == -EOPNOTSUPP)
|
||||||
|
printk(KERN_WARNING "SELinux: (dev %s, type "
|
||||||
|
- SB_TYPE_FMT") has no security xattr handler\n",
|
||||||
|
- sb->s_id, SB_TYPE_ARGS(sb));
|
||||||
|
+ "%s) has no security xattr handler\n",
|
||||||
|
+ sb->s_id, sb->s_type->name);
|
||||||
|
else
|
||||||
|
printk(KERN_WARNING "SELinux: (dev %s, type "
|
||||||
|
- SB_TYPE_FMT") getxattr errno %d\n", sb->s_id,
|
||||||
|
- SB_TYPE_ARGS(sb), -rc);
|
||||||
|
+ "%s) getxattr errno %d\n", sb->s_id,
|
||||||
|
+ sb->s_type->name, -rc);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
|
||||||
|
- printk(KERN_ERR "SELinux: initialized (dev %s, type "SB_TYPE_FMT"), unknown behavior\n",
|
||||||
|
- sb->s_id, SB_TYPE_ARGS(sb));
|
||||||
|
+ printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
|
||||||
|
+ sb->s_id, sb->s_type->name);
|
||||||
|
else
|
||||||
|
- printk(KERN_DEBUG "SELinux: initialized (dev %s, type "SB_TYPE_FMT"), %s\n",
|
||||||
|
- sb->s_id, SB_TYPE_ARGS(sb),
|
||||||
|
+ printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
|
||||||
|
+ sb->s_id, sb->s_type->name,
|
||||||
|
labeling_behaviors[sbsec->behavior-1]);
|
||||||
|
|
||||||
|
sbsec->flags |= SE_SBINITIALIZED;
|
||||||
|
@@ -600,6 +596,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
|
||||||
|
const struct cred *cred = current_cred();
|
||||||
|
int rc = 0, i;
|
||||||
|
struct superblock_security_struct *sbsec = sb->s_security;
|
||||||
|
+ const char *name = sb->s_type->name;
|
||||||
|
struct inode *inode = sbsec->sb->s_root->d_inode;
|
||||||
|
struct inode_security_struct *root_isec = inode->i_security;
|
||||||
|
u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
|
||||||
|
@@ -658,8 +655,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
|
||||||
|
strlen(mount_options[i]), &sid);
|
||||||
|
if (rc) {
|
||||||
|
printk(KERN_WARNING "SELinux: security_context_to_sid"
|
||||||
|
- "(%s) failed for (dev %s, type "SB_TYPE_FMT") errno=%d\n",
|
||||||
|
- mount_options[i], sb->s_id, SB_TYPE_ARGS(sb), rc);
|
||||||
|
+ "(%s) failed for (dev %s, type %s) errno=%d\n",
|
||||||
|
+ mount_options[i], sb->s_id, name, rc);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
switch (flags[i]) {
|
||||||
|
@@ -806,8 +803,7 @@ out:
|
||||||
|
out_double_mount:
|
||||||
|
rc = -EINVAL;
|
||||||
|
printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
|
||||||
|
- "security settings for (dev %s, type "SB_TYPE_FMT")\n", sb->s_id,
|
||||||
|
- SB_TYPE_ARGS(sb));
|
||||||
|
+ "security settings for (dev %s, type %s)\n", sb->s_id, name);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -2480,8 +2476,8 @@ static int selinux_sb_remount(struct super_block *sb, void *data)
|
||||||
|
rc = security_context_to_sid(mount_options[i], len, &sid);
|
||||||
|
if (rc) {
|
||||||
|
printk(KERN_WARNING "SELinux: security_context_to_sid"
|
||||||
|
- "(%s) failed for (dev %s, type "SB_TYPE_FMT") errno=%d\n",
|
||||||
|
- mount_options[i], sb->s_id, SB_TYPE_ARGS(sb), rc);
|
||||||
|
+ "(%s) failed for (dev %s, type %s) errno=%d\n",
|
||||||
|
+ mount_options[i], sb->s_id, sb->s_type->name, rc);
|
||||||
|
goto out_free_opts;
|
||||||
|
}
|
||||||
|
rc = -EINVAL;
|
||||||
|
@@ -2519,8 +2515,8 @@ out_free_secdata:
|
||||||
|
return rc;
|
||||||
|
out_bad_option:
|
||||||
|
printk(KERN_WARNING "SELinux: unable to change security options "
|
||||||
|
- "during remount (dev %s, type "SB_TYPE_FMT")\n", sb->s_id,
|
||||||
|
- SB_TYPE_ARGS(sb));
|
||||||
|
+ "during remount (dev %s, type=%s)\n", sb->s_id,
|
||||||
|
+ sb->s_type->name);
|
||||||
|
goto out_free_opts;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
|
||||||
|
index ee470a0..d106733 100644
|
||||||
|
--- a/security/selinux/ss/services.c
|
||||||
|
+++ b/security/selinux/ss/services.c
|
||||||
|
@@ -2334,50 +2334,16 @@ int security_fs_use(struct super_block *sb)
|
||||||
|
struct ocontext *c;
|
||||||
|
struct superblock_security_struct *sbsec = sb->s_security;
|
||||||
|
const char *fstype = sb->s_type->name;
|
||||||
|
- const char *subtype = (sb->s_subtype && sb->s_subtype[0]) ? sb->s_subtype : NULL;
|
||||||
|
- struct ocontext *base = NULL;
|
||||||
|
|
||||||
|
read_lock(&policy_rwlock);
|
||||||
|
|
||||||
|
- for (c = policydb.ocontexts[OCON_FSUSE]; c; c = c->next) {
|
||||||
|
- char *sub;
|
||||||
|
- int baselen;
|
||||||
|
-
|
||||||
|
- baselen = strlen(fstype);
|
||||||
|
-
|
||||||
|
- /* if base does not match, this is not the one */
|
||||||
|
- if (strncmp(fstype, c->u.name, baselen))
|
||||||
|
- continue;
|
||||||
|
-
|
||||||
|
- /* if there is no subtype, this is the one! */
|
||||||
|
- if (!subtype)
|
||||||
|
- break;
|
||||||
|
-
|
||||||
|
- /* skip past the base in this entry */
|
||||||
|
- sub = c->u.name + baselen;
|
||||||
|
-
|
||||||
|
- /* entry is only a base. save it. keep looking for subtype */
|
||||||
|
- if (sub[0] == '\0') {
|
||||||
|
- base = c;
|
||||||
|
- continue;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- /* entry is not followed by a subtype, so it is not a match */
|
||||||
|
- if (sub[0] != '.')
|
||||||
|
- continue;
|
||||||
|
-
|
||||||
|
- /* whew, we found a subtype of this fstype */
|
||||||
|
- sub++; /* move past '.' */
|
||||||
|
-
|
||||||
|
- /* exact match of fstype AND subtype */
|
||||||
|
- if (!strcmp(subtype, sub))
|
||||||
|
+ c = policydb.ocontexts[OCON_FSUSE];
|
||||||
|
+ while (c) {
|
||||||
|
+ if (strcmp(fstype, c->u.name) == 0)
|
||||||
|
break;
|
||||||
|
+ c = c->next;
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* in case we had found an fstype match but no subtype match */
|
||||||
|
- if (!c)
|
||||||
|
- c = base;
|
||||||
|
-
|
||||||
|
if (c) {
|
||||||
|
sbsec->behavior = c->v.behavior;
|
||||||
|
if (!c->sid[0]) {
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
44
0001-drm-radeon-dpm-Fix-hwmon-crash.patch
Normal file
44
0001-drm-radeon-dpm-Fix-hwmon-crash.patch
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=72457
|
||||||
|
Upstream-status: should hit 3.13
|
||||||
|
|
||||||
|
From 2cbe7f259737e994d5a63c06a104027214e27978 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Martin Andersson <g02maran@gmail.com>
|
||||||
|
Date: Sat, 7 Dec 2013 23:22:10 +0100
|
||||||
|
Subject: [PATCH] drm/radeon/dpm: Fix hwmon crash
|
||||||
|
|
||||||
|
Commit ec39f64bba3421c2060fcbd1aeb6eec81fe0a42d (drm/radeon/dpm: Convert
|
||||||
|
to use devm_hwmon_register_with_groups) converted one usage of
|
||||||
|
dev_get_drvdata, but there were two more.
|
||||||
|
|
||||||
|
Signed-off-by: Martin Andersson <g02maran@gmail.com>
|
||||||
|
---
|
||||||
|
drivers/gpu/drm/radeon/radeon_pm.c | 6 ++----
|
||||||
|
1 file changed, 2 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/drivers/gpu/drm/radeon/radeon_pm.c b/drivers/gpu/drm/radeon/radeon_pm.c
|
||||||
|
index dc75bb6..984097b 100644
|
||||||
|
--- a/drivers/gpu/drm/radeon/radeon_pm.c
|
||||||
|
+++ b/drivers/gpu/drm/radeon/radeon_pm.c
|
||||||
|
@@ -552,8 +552,7 @@ static ssize_t radeon_hwmon_show_temp_thresh(struct device *dev,
|
||||||
|
struct device_attribute *attr,
|
||||||
|
char *buf)
|
||||||
|
{
|
||||||
|
- struct drm_device *ddev = dev_get_drvdata(dev);
|
||||||
|
- struct radeon_device *rdev = ddev->dev_private;
|
||||||
|
+ struct radeon_device *rdev = dev_get_drvdata(dev);
|
||||||
|
int hyst = to_sensor_dev_attr(attr)->index;
|
||||||
|
int temp;
|
||||||
|
|
||||||
|
@@ -580,8 +579,7 @@ static umode_t hwmon_attributes_visible(struct kobject *kobj,
|
||||||
|
struct attribute *attr, int index)
|
||||||
|
{
|
||||||
|
struct device *dev = container_of(kobj, struct device, kobj);
|
||||||
|
- struct drm_device *ddev = dev_get_drvdata(dev);
|
||||||
|
- struct radeon_device *rdev = ddev->dev_private;
|
||||||
|
+ struct radeon_device *rdev = dev_get_drvdata(dev);
|
||||||
|
|
||||||
|
/* Skip limit attributes if DPM is not enabled */
|
||||||
|
if (rdev->pm.pm_method != PM_METHOD_DPM &&
|
||||||
|
--
|
||||||
|
1.8.4.2
|
||||||
|
|
16
kernel.spec
16
kernel.spec
@ -62,7 +62,7 @@ Summary: The Linux kernel
|
|||||||
# For non-released -rc kernels, this will be appended after the rcX and
|
# For non-released -rc kernels, this will be appended after the rcX and
|
||||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||||
#
|
#
|
||||||
%global baserelease 1
|
%global baserelease 2
|
||||||
%global fedora_build %{baserelease}
|
%global fedora_build %{baserelease}
|
||||||
|
|
||||||
# base_sublevel is the kernel version we're starting with and patching
|
# base_sublevel is the kernel version we're starting with and patching
|
||||||
@ -706,6 +706,11 @@ Patch25129: cpupower-Fix-segfault-due-to-incorrect-getopt_long-a.patch
|
|||||||
#CVE-2013-6382 rhbz 1033603 1034670
|
#CVE-2013-6382 rhbz 1033603 1034670
|
||||||
Patch25157: xfs-underflow-bug-in-xfs_attrlist_by_handle.patch
|
Patch25157: xfs-underflow-bug-in-xfs_attrlist_by_handle.patch
|
||||||
|
|
||||||
|
#rhbz 1033965
|
||||||
|
Patch25169: 0001-Revert-selinux-consider-filesystem-subtype-in-polici.patch
|
||||||
|
|
||||||
|
Patch25170: 0001-drm-radeon-dpm-Fix-hwmon-crash.patch
|
||||||
|
|
||||||
# END OF PATCH DEFINITIONS
|
# END OF PATCH DEFINITIONS
|
||||||
|
|
||||||
%endif
|
%endif
|
||||||
@ -1378,6 +1383,11 @@ ApplyPatch cpupower-Fix-segfault-due-to-incorrect-getopt_long-a.patch
|
|||||||
#CVE-2013-6382 rhbz 1033603 1034670
|
#CVE-2013-6382 rhbz 1033603 1034670
|
||||||
ApplyPatch xfs-underflow-bug-in-xfs_attrlist_by_handle.patch
|
ApplyPatch xfs-underflow-bug-in-xfs_attrlist_by_handle.patch
|
||||||
|
|
||||||
|
#rhbz 1033965
|
||||||
|
ApplyPatch 0001-Revert-selinux-consider-filesystem-subtype-in-polici.patch
|
||||||
|
|
||||||
|
ApplyPatch 0001-drm-radeon-dpm-Fix-hwmon-crash.patch
|
||||||
|
|
||||||
# END OF PATCH APPLICATIONS
|
# END OF PATCH APPLICATIONS
|
||||||
|
|
||||||
%endif
|
%endif
|
||||||
@ -2190,6 +2200,10 @@ fi
|
|||||||
# ||----w |
|
# ||----w |
|
||||||
# || ||
|
# || ||
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Dec 10 2013 Josh Boyer <jwboyer@fedoraproject.org> - 3.13.0-0.rc3.git1.2
|
||||||
|
- Revert upstream selinux change causing sync hang (rhbz 1033965)
|
||||||
|
- Add patch to fix radeon from crashing
|
||||||
|
|
||||||
* Tue Dec 10 2013 Josh Boyer <jwboyer@fedoraproject.org> - 3.13.0-0.rc3.git1.1
|
* Tue Dec 10 2013 Josh Boyer <jwboyer@fedoraproject.org> - 3.13.0-0.rc3.git1.1
|
||||||
- Linux v3.13-rc3-157-g17b2112
|
- Linux v3.13-rc3-157-g17b2112
|
||||||
- Reenable debugging options.
|
- Reenable debugging options.
|
||||||
|
Loading…
Reference in New Issue
Block a user