Update kernel-std patches for kernel upgrade to version 1062.1.2

This upgrade fixes the CVEs listed below. We refresh the patches
against the new kernel source.
The patch 15 is now included in new version, so I drop it
in the new patch.

CVE bug: CVE-2019-11810:kernel: a NULL pointer dereference in
drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS
CVE bug: CVE-2019-11811: kernel: use-after-free in IPMI Edit
CVE bug: CVE-2019-14835: kernel: vhost-net: guest to host kernel
escape during migration

Closes-Bug: 1849206
Closes-Bug: 1849209
Closes-Bug: 1847817

Change-Id: I217cf8684e31dacea627c33462e5e4b6e089c38f
Depends-On: https://review.opendev.org/#/c/695355/
Signed-off-by: Robin Lu <bin1.lu@intel.com>
This commit is contained in:
Robin Lu 2019-11-21 15:04:40 +08:00 committed by Lin Shuicheng
parent 5be0a50d3b
commit 38c184f1b4
12 changed files with 110 additions and 71 deletions

View File

@ -7,7 +7,7 @@ grub2-2.02-0.76.el7.centos.src.rpm
grubby-8.28-25.el7.src.rpm grubby-8.28-25.el7.src.rpm
haproxy-1.5.18-8.el7.src.rpm haproxy-1.5.18-8.el7.src.rpm
initscripts-9.49.46-1.el7.src.rpm initscripts-9.49.46-1.el7.src.rpm
kernel-3.10.0-957.21.3.el7.src.rpm kernel-3.10.0-1062.1.2.el7.src.rpm
libevent-2.0.21-4.el7.src.rpm libevent-2.0.21-4.el7.src.rpm
# libibverbs-41mlnx1-OFED.4.5.0.1.0.45101.src.rpm # libibverbs-41mlnx1-OFED.4.5.0.1.0.45101.src.rpm
lighttpd-1.4.54-1.el7.src.rpm lighttpd-1.4.54-1.el7.src.rpm

View File

@ -1,4 +1,4 @@
COPY_LIST="files/*" COPY_LIST="files/*"
TIS_PATCH_VER=2 TIS_PATCH_VER=1
BUILD_IS_BIG=11 BUILD_IS_BIG=11
BUILD_IS_SLOW=12 BUILD_IS_SLOW=12

View File

@ -5,8 +5,9 @@ Subject: [PATCH] Build logic and sources for TiC
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com> Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Signed-off-by: zhao.shuai <zhaos@neusoft.com> Signed-off-by: zhao.shuai <zhaos@neusoft.com>
Signed-off-by: Robin Lu <bin1.lu@intel.com>
--- ---
SPECS/kernel.spec | 73 +++++++++++++++++++++++++++++++++++++++++++++---------- SPECS/kernel.spec | 73 ++++++++++++++++++++++++++++++++++++++---------
1 file changed, 60 insertions(+), 13 deletions(-) 1 file changed, 60 insertions(+), 13 deletions(-)
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
@ -24,23 +25,23 @@ index 852fd10..e42177e 100644
# For a kernel released for public testing, released_kernel should be 1. # For a kernel released for public testing, released_kernel should be 1.
# For internal testing builds during development, it should be 0. # For internal testing builds during development, it should be 0.
@@ -14,12 +15,14 @@ Summary: The Linux kernel @@ -14,12 +15,14 @@ Summary: The Linux kernel
%global distro_build 957 %global distro_build 1062
%define rpmversion 3.10.0 %define rpmversion 3.10.0
-%define pkgrelease 957.21.3.el7 -%define pkgrelease 1062.1.2.el7
+%define _pkgrelease 957.21.3 +%define _pkgrelease 1062.1.2
+%define pkgrelease %{_pkgrelease}.el7 +%define pkgrelease %{_pkgrelease}.el7
+ +
# allow pkg_release to have configurable %%{?dist} tag # allow pkg_release to have configurable %%{?dist} tag
%define specrelease 957.21.3%{?dist} %define specrelease 1062.1.2%{?dist}
-%define pkg_release %{specrelease}%{?buildid} -%define pkg_release %{specrelease}%{?buildid}
+%define pkg_release %{specrelease}%{buildid} +%define pkg_release %{specrelease}%{buildid}
# The kernel tarball/base version # The kernel tarball/base version
%define rheltarball %{rpmversion}-%{pkgrelease} %define rheltarball %{rpmversion}-%{pkgrelease}
@@ -68,7 +71,7 @@ Summary: The Linux kernel @@ -69,7 +72,7 @@ Summary: The Linux kernel
%define with_dbgonly %{?_with_dbgonly: 1} %{?!_with_dbgonly: 0} %define with_dbgonly %{?_with_dbgonly: 1} %{?!_with_dbgonly: 0}
# Control whether we perform a compat. check against published ABI. # Control whether we perform a compat. check against published ABI.
@ -48,8 +49,8 @@ index 852fd10..e42177e 100644
+%define with_kabichk 0 +%define with_kabichk 0
# Control whether we perform a compat. check against DUP ABI. # Control whether we perform a compat. check against DUP ABI.
%define with_kabidupchk 1 %define with_kabidupchk %{?_with_kabidupchk: 1} %{?!_with_kabidupchk: 0}
@@ -91,7 +94,7 @@ Summary: The Linux kernel @@ -92,7 +95,7 @@ Summary: The Linux kernel
# Set debugbuildsenabled to 1 for production (build separate debug kernels) # Set debugbuildsenabled to 1 for production (build separate debug kernels)
# and 0 for rawhide (all kernels are debug kernels). # and 0 for rawhide (all kernels are debug kernels).
# See also 'make debug' and 'make release'. RHEL only ever does 1. # See also 'make debug' and 'make release'. RHEL only ever does 1.
@ -58,7 +59,7 @@ index 852fd10..e42177e 100644
%define with_gcov %{?_with_gcov: 1} %{?!_with_gcov: 0} %define with_gcov %{?_with_gcov: 1} %{?!_with_gcov: 0}
@@ -385,6 +388,7 @@ BuildRequires: bison flex @@ -386,6 +389,7 @@ BuildRequires: bison flex
# required for zfcpdump # required for zfcpdump
BuildRequires: glibc-static BuildRequires: glibc-static
%endif %endif
@ -66,7 +67,7 @@ index 852fd10..e42177e 100644
Source0: linux-%{rpmversion}-%{pkgrelease}.tar.xz Source0: linux-%{rpmversion}-%{pkgrelease}.tar.xz
@@ -450,6 +454,12 @@ Patch1000: debrand-single-cpu.patch @@ -453,6 +457,12 @@ Patch1000: debrand-single-cpu.patch
Patch1001: debrand-rh_taint.patch Patch1001: debrand-rh_taint.patch
Patch1002: debrand-rh-i686-cpu.patch Patch1002: debrand-rh-i686-cpu.patch
@ -79,7 +80,7 @@ index 852fd10..e42177e 100644
BuildRoot: %{_tmppath}/kernel-%{KVRA}-root BuildRoot: %{_tmppath}/kernel-%{KVRA}-root
%description %description
@@ -612,6 +622,13 @@ manipulation of eBPF programs and maps. @@ -626,6 +636,13 @@ This package provides debug information for the bpftool package.
%endif # with_bpftool %endif # with_bpftool
@ -93,7 +94,7 @@ index 852fd10..e42177e 100644
%if %{with_gcov} %if %{with_gcov}
%package gcov %package gcov
Summary: gcov graph and source files for coverage data collection. Summary: gcov graph and source files for coverage data collection.
@@ -777,6 +794,9 @@ cd linux-%{KVRA} @@ -791,6 +808,9 @@ cd linux-%{KVRA}
# Drop some necessary files from the source dir into the buildroot # Drop some necessary files from the source dir into the buildroot
cp $RPM_SOURCE_DIR/kernel-%{version}-*.config . cp $RPM_SOURCE_DIR/kernel-%{version}-*.config .
@ -103,7 +104,7 @@ index 852fd10..e42177e 100644
ApplyOptionalPatch linux-kernel-test.patch ApplyOptionalPatch linux-kernel-test.patch
ApplyOptionalPatch debrand-single-cpu.patch ApplyOptionalPatch debrand-single-cpu.patch
ApplyOptionalPatch debrand-rh_taint.patch ApplyOptionalPatch debrand-rh_taint.patch
@@ -821,6 +841,15 @@ for i in *.config @@ -835,6 +855,15 @@ for i in *.config
do do
mv $i .config mv $i .config
Arch=`head -1 .config | cut -b 3-` Arch=`head -1 .config | cut -b 3-`
@ -119,7 +120,7 @@ index 852fd10..e42177e 100644
make %{?cross_opts} ARCH=$Arch listnewconfig | grep -E '^CONFIG_' >.newoptions || true make %{?cross_opts} ARCH=$Arch listnewconfig | grep -E '^CONFIG_' >.newoptions || true
%if %{listnewconfig_fail} %if %{listnewconfig_fail}
if [ -s .newoptions ]; then if [ -s .newoptions ]; then
@@ -894,12 +923,13 @@ BuildKernel() { @@ -908,12 +937,13 @@ BuildKernel() {
# and now to start the build process # and now to start the build process
@ -134,7 +135,7 @@ index 852fd10..e42177e 100644
cp configs/$Config .config cp configs/$Config .config
@@ -914,8 +944,8 @@ BuildKernel() { @@ -928,8 +958,8 @@ BuildKernel() {
fi fi
%endif %endif
@ -145,7 +146,7 @@ index 852fd10..e42177e 100644
if [ "$Flavour" != "kdump" ]; then if [ "$Flavour" != "kdump" ]; then
make -s %{?cross_opts} ARCH=$Arch V=1 %{?_smp_mflags} KCFLAGS="%{?kcflags}" WITH_GCOV="%{?with_gcov}" modules %{?sparse_mflags} || exit 1 make -s %{?cross_opts} ARCH=$Arch V=1 %{?_smp_mflags} KCFLAGS="%{?kcflags}" WITH_GCOV="%{?with_gcov}" modules %{?sparse_mflags} || exit 1
@@ -939,6 +969,8 @@ BuildKernel() { @@ -953,6 +983,8 @@ BuildKernel() {
fi fi
# EFI SecureBoot signing, x86_64-only # EFI SecureBoot signing, x86_64-only
%ifarch x86_64 %ifarch x86_64
@ -154,7 +155,7 @@ index 852fd10..e42177e 100644
%pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{SOURCE14} -n %{pesign_name} %pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{SOURCE14} -n %{pesign_name}
mv $KernelImage.signed $KernelImage mv $KernelImage.signed $KernelImage
%endif %endif
@@ -955,7 +987,7 @@ BuildKernel() { @@ -969,7 +1001,7 @@ BuildKernel() {
if [ "$Flavour" != "kdump" ]; then if [ "$Flavour" != "kdump" ]; then
# Override $(mod-fw) because we don't want it to install any firmware # Override $(mod-fw) because we don't want it to install any firmware
# we'll get it from the linux-firmware package and we don't want conflicts # we'll get it from the linux-firmware package and we don't want conflicts
@ -163,7 +164,7 @@ index 852fd10..e42177e 100644
%if %{with_gcov} %if %{with_gcov}
# install gcov-needed files to $BUILDROOT/$BUILD/...: # install gcov-needed files to $BUILDROOT/$BUILD/...:
# gcov_info->filename is absolute path # gcov_info->filename is absolute path
@@ -965,7 +997,7 @@ BuildKernel() { @@ -979,7 +1011,7 @@ BuildKernel() {
%endif %endif
fi fi
%ifarch %{vdso_arches} %ifarch %{vdso_arches}
@ -172,7 +173,7 @@ index 852fd10..e42177e 100644
if [ ! -s ldconfig-kernel.conf ]; then if [ ! -s ldconfig-kernel.conf ]; then
echo > ldconfig-kernel.conf "\ echo > ldconfig-kernel.conf "\
# Placeholder file, no vDSO hwcap entries used in this kernel." # Placeholder file, no vDSO hwcap entries used in this kernel."
@@ -1174,6 +1206,12 @@ BuildKernel() { @@ -1188,6 +1220,12 @@ BuildKernel() {
cp signing_key.priv signing_key.priv.sign${Flavour:+.${Flavour}} cp signing_key.priv signing_key.priv.sign${Flavour:+.${Flavour}}
cp signing_key.x509 signing_key.x509.sign${Flavour:+.${Flavour}} cp signing_key.x509 signing_key.x509.sign${Flavour:+.${Flavour}}
@ -185,7 +186,7 @@ index 852fd10..e42177e 100644
# remove files that will be auto generated by depmod at rpm -i time # remove files that will be auto generated by depmod at rpm -i time
for i in alias alias.bin builtin.bin ccwmap dep dep.bin ieee1394map inputmap isapnpmap ofmap pcimap seriomap symbols symbols.bin usbmap softdep devname for i in alias alias.bin builtin.bin ccwmap dep dep.bin ieee1394map inputmap isapnpmap ofmap pcimap seriomap symbols symbols.bin usbmap softdep devname
do do
@@ -1234,15 +1272,15 @@ make %{?cross_opts} %{?_smp_mflags} -C tools/power/cpupower CPUFREQ_BENCH=false @@ -1248,15 +1286,15 @@ make %{?cross_opts} %{?_smp_mflags} -C tools/power/cpupower CPUFREQ_BENCH=false
%endif %endif
%ifarch x86_64 %ifarch x86_64
pushd tools/power/x86/x86_energy_perf_policy/ pushd tools/power/x86/x86_energy_perf_policy/
@ -204,7 +205,7 @@ index 852fd10..e42177e 100644
popd popd
%endif %endif
@@ -1536,6 +1574,10 @@ fi}\ @@ -1550,6 +1588,10 @@ fi}\
%{expand:\ %{expand:\
%{_sbindir}/new-kernel-pkg --package kernel%{?-v:-%{-v*}} --install %{KVRA}%{?-v:.%{-v*}} || exit $?\ %{_sbindir}/new-kernel-pkg --package kernel%{?-v:-%{-v*}} --install %{KVRA}%{?-v:.%{-v*}} || exit $?\
}\ }\
@ -215,7 +216,7 @@ index 852fd10..e42177e 100644
%{nil} %{nil}
# #
@@ -1756,6 +1798,11 @@ fi @@ -1775,6 +1817,11 @@ fi
%kernel_variant_files %{with_debug} debug %kernel_variant_files %{with_debug} debug
%kernel_variant_files %{with_kdump} kdump %kernel_variant_files %{with_kdump} kdump
@ -225,7 +226,7 @@ index 852fd10..e42177e 100644
+%endif +%endif
+ +
%changelog %changelog
* Mon Jun 17 2019 CentOS Sources <bugs@centos.org> - 3.10.0-957.21.3.el7 * Fri Sep 20 2019 CentOS Sources <bugs@centos.org> - 3.10.0-1062.1.2.el7
- Apply debranding changes - Apply debranding changes
-- --
1.8.3.1 1.8.3.1

View File

@ -16,7 +16,7 @@ diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index d5df4a4..1d765ed 100644 index d5df4a4..1d765ed 100644
--- a/SPECS/kernel.spec --- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec +++ b/SPECS/kernel.spec
@@ -495,6 +495,12 @@ Patch40027: epoll-fix-use-after-free-in-eventpoll_release_file.patch @@ -497,6 +497,12 @@ Patch40027: epoll-fix-use-after-free-in-eventpoll_release_file.patch
Patch40028: ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch Patch40028: ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch
Patch40029: rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch Patch40029: rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch
Patch40030: rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch Patch40030: rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch
@ -29,7 +29,7 @@ index d5df4a4..1d765ed 100644
BuildRoot: %{_tmppath}/kernel-%{KVRA}-root BuildRoot: %{_tmppath}/kernel-%{KVRA}-root
@@ -869,6 +875,9 @@ ApplyOptionalPatch epoll-fix-use-after-free-in-eventpoll_release_file.patch @@ -881,6 +887,9 @@ ApplyOptionalPatch epoll-fix-use-after-free-in-eventpoll_release_file.patch
ApplyOptionalPatch ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch ApplyOptionalPatch ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch
ApplyOptionalPatch rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch ApplyOptionalPatch rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch
ApplyOptionalPatch rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch ApplyOptionalPatch rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch

View File

@ -6,15 +6,16 @@ Subject: [PATCH 1/2] Kernel-source-patches-for-TiC
Signed-off-by: zhao.shuai <zhaos@neusoft.com> Signed-off-by: zhao.shuai <zhaos@neusoft.com>
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com> Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Signed-off-by: Robin Lu <bin1.lu@intel.com>
--- ---
SPECS/kernel.spec | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ SPECS/kernel.spec | 66 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 68 insertions(+) 1 file changed, 66 insertions(+)
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index e42177e..d5df4a4 100644 index e42177e..d5df4a4 100644
--- a/SPECS/kernel.spec --- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec +++ b/SPECS/kernel.spec
@@ -460,6 +460,42 @@ Patch1002: debrand-rh-i686-cpu.patch @@ -463,6 +463,41 @@ Patch1002: debrand-rh-i686-cpu.patch
Source30000: kernel-3.10.0-x86_64.config.tis_extra Source30000: kernel-3.10.0-x86_64.config.tis_extra
Source30001: ima_signing_key.pub Source30001: ima_signing_key.pub
@ -33,7 +34,6 @@ index e42177e..d5df4a4 100644
+Patch40012: Enable-building-mpt2sas-and-mpt3sas-as-builtin-for-C.patch +Patch40012: Enable-building-mpt2sas-and-mpt3sas-as-builtin-for-C.patch
+Patch40013: Enable-building-kernel-with-CONFIG_BLK_DEV_NBD.patch +Patch40013: Enable-building-kernel-with-CONFIG_BLK_DEV_NBD.patch
+Patch40014: x86-make-dma_alloc_coherent-return-zeroed-memory-if-.patch +Patch40014: x86-make-dma_alloc_coherent-return-zeroed-memory-if-.patch
+Patch40015: rcu-Don-t-wake-rcuc-X-kthreads-on-NOCB-CPUs.patch
+Patch40016: Porting-Cacheinfo-from-Kernel-4.10.17.patch +Patch40016: Porting-Cacheinfo-from-Kernel-4.10.17.patch
+Patch40017: Fix-cacheinfo-compilation-issues-for-3.10.patch +Patch40017: Fix-cacheinfo-compilation-issues-for-3.10.patch
+Patch40018: cpuidle-menu-stop-seeking-deeper-idle-if-current-sta.patch +Patch40018: cpuidle-menu-stop-seeking-deeper-idle-if-current-sta.patch
@ -57,7 +57,7 @@ index e42177e..d5df4a4 100644
BuildRoot: %{_tmppath}/kernel-%{KVRA}-root BuildRoot: %{_tmppath}/kernel-%{KVRA}-root
%description %description
@@ -802,6 +838,38 @@ ApplyOptionalPatch debrand-single-cpu.patch @@ -816,6 +851,37 @@ ApplyOptionalPatch debrand-single-cpu.patch
ApplyOptionalPatch debrand-rh_taint.patch ApplyOptionalPatch debrand-rh_taint.patch
ApplyOptionalPatch debrand-rh-i686-cpu.patch ApplyOptionalPatch debrand-rh-i686-cpu.patch
@ -76,7 +76,6 @@ index e42177e..d5df4a4 100644
+ApplyOptionalPatch Enable-building-mpt2sas-and-mpt3sas-as-builtin-for-C.patch +ApplyOptionalPatch Enable-building-mpt2sas-and-mpt3sas-as-builtin-for-C.patch
+ApplyOptionalPatch Enable-building-kernel-with-CONFIG_BLK_DEV_NBD.patch +ApplyOptionalPatch Enable-building-kernel-with-CONFIG_BLK_DEV_NBD.patch
+ApplyOptionalPatch x86-make-dma_alloc_coherent-return-zeroed-memory-if-.patch +ApplyOptionalPatch x86-make-dma_alloc_coherent-return-zeroed-memory-if-.patch
+ApplyOptionalPatch rcu-Don-t-wake-rcuc-X-kthreads-on-NOCB-CPUs.patch
+ApplyOptionalPatch Porting-Cacheinfo-from-Kernel-4.10.17.patch +ApplyOptionalPatch Porting-Cacheinfo-from-Kernel-4.10.17.patch
+ApplyOptionalPatch Fix-cacheinfo-compilation-issues-for-3.10.patch +ApplyOptionalPatch Fix-cacheinfo-compilation-issues-for-3.10.patch
+ApplyOptionalPatch cpuidle-menu-stop-seeking-deeper-idle-if-current-sta.patch +ApplyOptionalPatch cpuidle-menu-stop-seeking-deeper-idle-if-current-sta.patch

View File

@ -5,15 +5,54 @@ Date: Thu, 15 Dec 2016 14:27:48 -0500
Subject: [PATCH 01/26] Fix compile issue when transparent hugepages are off Subject: [PATCH 01/26] Fix compile issue when transparent hugepages are off
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com> Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Signed-off-by: Robin Lu <bin1.lu@intel.com>
--- ---
drivers/gpu/drm/i915/i915_gemfs.c | 4 ++--
fs/proc/task_mmu.c | 2 ++
mm/swap.c | 2 ++ mm/swap.c | 2 ++
1 file changed, 2 insertions(+) 3 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_gemfs.c b/drivers/gpu/drm/i915/i915_gemfs.c
index 888b7d3f..efe915c7 100644
--- a/drivers/gpu/drm/i915/i915_gemfs.c
+++ b/drivers/gpu/drm/i915/i915_gemfs.c
@@ -49,7 +49,7 @@ int i915_gemfs_init(struct drm_i915_private *i915)
* memory pressure shmem should split any huge-pages which can be
* shrunk.
*/
-
+#ifdef CONFIG_TRANSPARENT_HUGEPAGE
if (has_transparent_hugepage()) {
struct super_block *sb = gemfs->mnt_sb;
/* FIXME: Disabled until we get W/A for read BW issue. */
@@ -63,7 +63,7 @@ int i915_gemfs_init(struct drm_i915_private *i915)
return err;
}
}
-
+#endif
i915->mm.gemfs = gemfs;
return 0;
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index e27a1d42..e8a8ba9d 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -1116,7 +1116,9 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end,
{
struct vm_area_struct *vma;
struct pagemapread *pm = walk->private;
+#ifdef CONFIG_TRANSPARENT_HUGEPAGE
spinlock_t *ptl;
+#endif
pte_t *pte;
int err = 0;
diff --git a/mm/swap.c b/mm/swap.c diff --git a/mm/swap.c b/mm/swap.c
index 0982a35..6dcf38c 100644 index 0982a35..6dcf38c 100644
--- a/mm/swap.c --- a/mm/swap.c
+++ b/mm/swap.c +++ b/mm/swap.c
@@ -1040,8 +1040,10 @@ void release_pages(struct page **pages, int nr, bool cold) @@ -1043,8 +1043,10 @@ void release_pages(struct page **pages, int nr, bool cold)
if (!put_page_testzero(page)) if (!put_page_testzero(page))
continue; continue;

View File

@ -1258,8 +1258,8 @@ index 53c3fe1..527d291 100644
driver.o class.o platform.o \ driver.o class.o platform.o \
cpu.o firmware.o init.o map.o devres.o \ cpu.o firmware.o init.o map.o devres.o \
attribute_container.o transport_class.o \ attribute_container.o transport_class.o \
- topology.o container.o property.o - topology.o container.o property.o devcon.o
+ topology.o container.o property.o cacheinfo.o + topology.o container.o property.o devcon.o cacheinfo.o
obj-$(CONFIG_DEVTMPFS) += devtmpfs.o obj-$(CONFIG_DEVTMPFS) += devtmpfs.o
obj-$(CONFIG_DMA_CMA) += dma-contiguous.o obj-$(CONFIG_DMA_CMA) += dma-contiguous.o
obj-y += power/ obj-y += power/

View File

@ -17,21 +17,22 @@ definitions on module deinit
- modification to ima_file_check to pass in file OPEN status - modification to ima_file_check to pass in file OPEN status
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com> Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Signed-off-by: Robin Lu <bin1.lu@intel.com>
--- ---
fs/namei.c | 2 +- fs/namei.c | 2 +-
fs/nfsd/vfs.c | 2 +- fs/nfsd/vfs.c | 2 +-
fs/xattr.c | 1 + fs/xattr.c | 1 +
include/linux/fs.h | 15 +------ include/linux/fs.h | 15 +-----
include/linux/ima.h | 77 +++++++------------------------- include/linux/ima.h | 77 ++++++--------------------
include/linux/integrity.h | 22 ++++----- include/linux/integrity.h | 22 +++-----
security/security.c | 111 +++++++++++++++++++++++++++++++++++++++++++++- security/security.c | 111 +++++++++++++++++++++++++++++++++++++-
7 files changed, 140 insertions(+), 90 deletions(-) 7 files changed, 140 insertions(+), 90 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c diff --git a/fs/namei.c b/fs/namei.c
index 9f90b63..bf91ea0 100644 index 9f90b63..bf91ea0 100644
--- a/fs/namei.c --- a/fs/namei.c
+++ b/fs/namei.c +++ b/fs/namei.c
@@ -3225,7 +3225,7 @@ opened: @@ -3243,7 +3243,7 @@ opened:
error = open_check_o_direct(file); error = open_check_o_direct(file);
if (error) if (error)
goto exit_fput; goto exit_fput;
@ -57,7 +58,7 @@ diff --git a/fs/xattr.c b/fs/xattr.c
index e540aca..cc307ec 100644 index e540aca..cc307ec 100644
--- a/fs/xattr.c --- a/fs/xattr.c
+++ b/fs/xattr.c +++ b/fs/xattr.c
@@ -207,6 +207,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, @@ -208,6 +208,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
*xattr_value = value; *xattr_value = value;
return error; return error;
} }
@ -69,18 +70,18 @@ diff --git a/include/linux/fs.h b/include/linux/fs.h
index eb6f994..2dbaf80 100644 index eb6f994..2dbaf80 100644
--- a/include/linux/fs.h --- a/include/linux/fs.h
+++ b/include/linux/fs.h +++ b/include/linux/fs.h
@@ -677,9 +677,8 @@ struct inode { @@ -681,9 +681,8 @@ struct inode {
struct fsnotify_mark_connector __rcu *i_fsnotify_marks) struct fsnotify_mark_connector __rcu *i_fsnotify_marks)
#endif #endif
-#ifdef CONFIG_IMA -#if defined(CONFIG_IMA) && defined(CONFIG_X86_64)
atomic_t i_readcount; /* struct files open RO */ atomic_t i_readcount; /* struct files open RO */
-#endif -#endif
+ +
void *i_private; /* fs or device private pointer */ void *i_private; /* fs or device private pointer */
}; };
@@ -2830,7 +2829,6 @@ static inline bool inode_is_open_for_write(const struct inode *inode) @@ -2852,7 +2851,6 @@ static inline bool inode_is_open_for_write(const struct inode *inode)
return atomic_read(&inode->i_writecount) > 0; return atomic_read(&inode->i_writecount) > 0;
} }
@ -88,7 +89,7 @@ index eb6f994..2dbaf80 100644
static inline void i_readcount_dec(struct inode *inode) static inline void i_readcount_dec(struct inode *inode)
{ {
BUG_ON(!atomic_read(&inode->i_readcount)); BUG_ON(!atomic_read(&inode->i_readcount));
@@ -2840,16 +2838,7 @@ static inline void i_readcount_inc(struct inode *inode) @@ -2862,16 +2860,7 @@ static inline void i_readcount_inc(struct inode *inode)
{ {
atomic_inc(&inode->i_readcount); atomic_inc(&inode->i_readcount);
} }
@ -340,7 +341,7 @@ index f069482..646a0e3 100644
int security_ptrace_access_check(struct task_struct *child, unsigned int mode) int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
{ {
#ifdef CONFIG_SECURITY_YAMA_STACKED #ifdef CONFIG_SECURITY_YAMA_STACKED
@@ -720,8 +824,11 @@ EXPORT_SYMBOL(security_inode_listsecurity); @@ -718,8 +822,11 @@ EXPORT_SYMBOL(security_inode_listsecurity);
void security_inode_getsecid(struct inode *inode, u32 *secid) void security_inode_getsecid(struct inode *inode, u32 *secid)
{ {
@ -353,7 +354,7 @@ index f069482..646a0e3 100644
int security_inode_copy_up(struct dentry *src, struct cred **new) int security_inode_copy_up(struct dentry *src, struct cred **new)
{ {
@@ -1530,6 +1637,7 @@ int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) @@ -1528,6 +1635,7 @@ int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
{ {
return security_ops->audit_rule_init(field, op, rulestr, lsmrule); return security_ops->audit_rule_init(field, op, rulestr, lsmrule);
} }
@ -361,7 +362,7 @@ index f069482..646a0e3 100644
int security_audit_rule_known(struct audit_krule *krule) int security_audit_rule_known(struct audit_krule *krule)
{ {
@@ -1546,6 +1654,7 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, @@ -1544,6 +1652,7 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
{ {
return security_ops->audit_rule_match(secid, field, op, lsmrule, actx); return security_ops->audit_rule_match(secid, field, op, lsmrule, actx);
} }

View File

@ -12,17 +12,17 @@ diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 175fef9..e475427 100644 index 175fef9..e475427 100644
--- a/mm/memcontrol.c --- a/mm/memcontrol.c
+++ b/mm/memcontrol.c +++ b/mm/memcontrol.c
@@ -3007,6 +3007,8 @@ static void __mem_cgroup_commit_charge(struct mem_cgroup *memcg, @@ -2995,6 +2995,8 @@ static void __mem_cgroup_commit_charge(struct mem_cgroup *memcg,
memcg_check_events(memcg, page); memcg_check_events(memcg, page);
} }
+static DEFINE_MUTEX(memcg_limit_mutex); +static DEFINE_MUTEX(memcg_limit_mutex);
+ +
#ifdef CONFIG_MEMCG_KMEM #ifdef CONFIG_MEMCG_KMEM
static inline bool memcg_can_account_kmem(struct mem_cgroup *memcg) /*
{ * The memcg_slab_mutex is held whenever a per memcg kmem cache is created or
@@ -3507,8 +3509,6 @@ out: @@ -3375,8 +3377,6 @@ static inline void memcg_resume_kmem_account(void)
return new_cachep; current->memcg_kmem_skip_account--;
} }
-static DEFINE_MUTEX(memcg_limit_mutex); -static DEFINE_MUTEX(memcg_limit_mutex);

View File

@ -14,8 +14,8 @@ defined
Signed-off-by: Martin, Chen <haochuan.z.chen@intel.com> Signed-off-by: Martin, Chen <haochuan.z.chen@intel.com>
--- ---
drivers/block/drbd/drbd_req.c | 8 ++++---- drivers/block/drbd/drbd_req.c | 8 ++++----
include/linux/filter.h | 4 ++++ include/linux/filter.h | 3 +++
2 files changed, 8 insertions(+), 4 deletions(-) 2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/drivers/block/drbd/drbd_req.c b/drivers/block/drbd/drbd_req.c diff --git a/drivers/block/drbd/drbd_req.c b/drivers/block/drbd/drbd_req.c
index a6f13f7..cbd0a49 100644 index a6f13f7..cbd0a49 100644
@ -51,17 +51,16 @@ diff --git a/include/linux/filter.h b/include/linux/filter.h
index cddbb31..15ce55f 100644 index cddbb31..15ce55f 100644
--- a/include/linux/filter.h --- a/include/linux/filter.h
+++ b/include/linux/filter.h +++ b/include/linux/filter.h
@@ -665,6 +665,10 @@ static inline bool bpf_jit_blinding_enabled(struct bpf_prog *prog) @@ -763,6 +763,9 @@ void bpf_prog_kallsyms_add(struct bpf_prog *fp);
return true; void bpf_prog_kallsyms_del(struct bpf_prog *fp);
}
#else #else /* CONFIG_BPF_JIT */
+struct bpf_prog * __weak trace_bpf_int_jit_compile(struct bpf_prog *prog); +struct bpf_prog * __weak trace_bpf_int_jit_compile(struct bpf_prog *prog);
+void __weak trace_bpf_jit_compile(struct bpf_prog *prog); +void __weak trace_bpf_jit_compile(struct bpf_prog *prog);
+void __weak trace_bpf_jit_free(struct bpf_prog *fp); +void __weak trace_bpf_jit_free(struct bpf_prog *fp);
+
static inline bool ebpf_jit_enabled(void) static inline bool bpf_prog_ebpf_jited(const struct bpf_prog *fp)
{ {
return false;
-- --
1.8.3.1 1.8.3.1

View File

@ -16,12 +16,12 @@ diff --git a/arch/x86/mm/kaiser.c b/arch/x86/mm/kaiser.c
index e233c88..5564c8d 100644 index e233c88..5564c8d 100644
--- a/arch/x86/mm/kaiser.c --- a/arch/x86/mm/kaiser.c
+++ b/arch/x86/mm/kaiser.c +++ b/arch/x86/mm/kaiser.c
@@ -620,7 +620,7 @@ static const struct file_operations fops_kaiser_enabled = { @@ -621,7 +621,7 @@ static const struct file_operations fops_kaiser_enabled = {
static int __init create_kpti_enabled(void) static int __init create_kpti_enabled(void)
{ {
- if (!xen_pv_domain()) - if (!xen_pv_domain() && !sme_active())
+ if (!is_xen_pv_domain()) + if (!is_xen_pv_domain() && !sme_active())
debugfs_create_file("pti_enabled", S_IRUSR | S_IWUSR, debugfs_create_file("pti_enabled", S_IRUSR | S_IWUSR,
arch_debugfs_dir, NULL, &fops_kaiser_enabled); arch_debugfs_dir, NULL, &fops_kaiser_enabled);
return 0; return 0;
@ -29,7 +29,7 @@ diff --git a/drivers/base/dma-contiguous.c b/drivers/base/dma-contiguous.c
index a7d5bda..403101d 100644 index a7d5bda..403101d 100644
--- a/drivers/base/dma-contiguous.c --- a/drivers/base/dma-contiguous.c
+++ b/drivers/base/dma-contiguous.c +++ b/drivers/base/dma-contiguous.c
@@ -309,7 +309,7 @@ struct page *dma_alloc_from_contiguous(struct device *dev, size_t count, @@ -287,7 +287,7 @@ struct page *dma_alloc_from_contiguous(struct device *dev, size_t count,
if (align > CONFIG_CMA_ALIGNMENT) if (align > CONFIG_CMA_ALIGNMENT)
align = CONFIG_CMA_ALIGNMENT; align = CONFIG_CMA_ALIGNMENT;
@ -82,7 +82,7 @@ diff --git a/include/linux/huge_mm.h b/include/linux/huge_mm.h
index 26ec982..45af11b 100644 index 26ec982..45af11b 100644
--- a/include/linux/huge_mm.h --- a/include/linux/huge_mm.h
+++ b/include/linux/huge_mm.h +++ b/include/linux/huge_mm.h
@@ -365,7 +365,7 @@ static inline int pud_trans_huge_lock(pud_t *pud, struct vm_area_struct *vma, @@ -362,7 +362,7 @@ static inline int pud_trans_huge_lock(pud_t *pud, struct vm_area_struct *vma,
return 0; return 0;
} }

View File

@ -1,2 +1,2 @@
mirror:Source/kernel-3.10.0-957.21.3.el7.src.rpm mirror:Source/kernel-3.10.0-1062.1.2.el7.src.rpm