[arch-commits] Commit in linux-lts/trunk (2 files)

2020-12-02 Thread Jan Steffens via arch-commits 
Date: Wednesday, December 2, 2020 @ 17:23:57
  Author: heftig
Revision: 402808

5.4.81-1

Modified:
  linux-lts/trunk/PKGBUILD
Deleted:
  linux-lts/trunk/0003-efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch

---+
 0003-efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch |   55 --
 PKGBUILD  |8 -
 2 files changed, 3 insertions(+), 60 deletions(-)

Deleted: 0003-efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch
===
--- 0003-efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch   
2020-12-02 17:23:51 UTC (rev 402807)
+++ 0003-efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch   
2020-12-02 17:23:57 UTC (rev 402808)
@@ -1,55 +0,0 @@
-From a163474e9b86c2c25f20733385d8b1d6de492a7f Mon Sep 17 00:00:00 2001
-From: Ard Biesheuvel 
-Date: Wed, 25 Nov 2020 08:45:55 +0100
-Subject: efivarfs: revert "fix memory leak in efivarfs_create()"
-
-The memory leak addressed by commit fe5186cf12e3 is a false positive:
-all allocations are recorded in a linked list, and freed when the
-filesystem is unmounted. This leads to double frees, and as reported
-by David, leads to crashes if SLUB is configured to self destruct when
-double frees occur.
-
-So drop the redundant kfree() again, and instead, mark the offending
-pointer variable so the allocation is ignored by kmemleak.
-
-Cc: Vamshi K Sthambamkadi 
-Fixes: fe5186cf12e3 ("efivarfs: fix memory leak in efivarfs_create()")
-Reported-by: David Laight 
-Signed-off-by: Ard Biesheuvel 

- fs/efivarfs/inode.c | 2 ++
- fs/efivarfs/super.c | 1 -
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/fs/efivarfs/inode.c b/fs/efivarfs/inode.c
-index 96c0c86f3fff..0297ad95eb5c 100644
 a/fs/efivarfs/inode.c
-+++ b/fs/efivarfs/inode.c
-@@ -7,6 +7,7 @@
- #include 
- #include 
- #include 
-+#include 
- #include 
- #include 
- 
-@@ -103,6 +104,7 @@ static int efivarfs_create(struct inode *dir, struct 
dentry *dentry,
-   var->var.VariableName[i] = '\0';
- 
-   inode->i_private = var;
-+  kmemleak_ignore(var);
- 
-   err = efivar_entry_add(var, _list);
-   if (err)
-diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
-index f943fd0b0699..15880a68faad 100644
 a/fs/efivarfs/super.c
-+++ b/fs/efivarfs/super.c
-@@ -21,7 +21,6 @@ LIST_HEAD(efivarfs_list);
- static void efivarfs_evict_inode(struct inode *inode)
- {
-   clear_inode(inode);
--  kfree(inode->i_private);
- }
- 
- static const struct super_operations efivarfs_ops = {

Modified: PKGBUILD
===
--- PKGBUILD2020-12-02 17:23:51 UTC (rev 402807)
+++ PKGBUILD2020-12-02 17:23:57 UTC (rev 402808)
@@ -1,8 +1,8 @@
 # Maintainer: Andreas Radke 
 
 pkgbase=linux-lts
-pkgver=5.4.80
-pkgrel=2
+pkgver=5.4.81
+pkgrel=1
 pkgdesc='LTS Linux'
 url="https://www.kernel.org/;
 arch=(x86_64)
@@ -18,7 +18,6 @@
   config # the main kernel config file
   0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
   0002-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch
-  0003-efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch
   sphinx-workaround.patch
 )
 validpgpkeys=(
@@ -26,12 +25,11 @@
   '647F28654894E3BD457199BE38DBBDC86092693E'  # Greg Kroah-Hartman
 )
 # https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-sha256sums=('49da425c1f3c530fd3ff31d85a0461f6b6dc6e459f7faf3eee23e49a98ce64c7'
+sha256sums=('9470bde475726996202d845a5fc3bc8bd3bb546bbc6816fb663fa73df25d8427'
 'SKIP'
 '760ec068a7a1d8e6d4af17c2a77bd0bcec6198ba31e003f6304313d43e3632a0'
 'b439f57b84bc98730c0265695abb92385ee4dcd35a5c00d4cb3d3155c75fb491'
 '4fd74bb2a7101d700fba91806141339d8c9e46a14f8fc1fe276cfb68f1eec0f5'
-'bc9e2f7e843a8fa87da0b1b40c7257cd92311f070fb255120c405ad257cff3ed'
 'b7c814c8183e4645947a6dcc3cbf80431de8a8fd4e895b780f9a5fd92f82cb8e')
 
 export KBUILD_BUILD_HOST=archlinux

[arch-commits] Commit in linux-lts/trunk (2 files)

2020-11-28 Thread Christian Hesse via arch-commits 
Date: Saturday, November 28, 2020 @ 15:29:13
  Author: eworm
Revision: 402361

upgpkg: linux-lts 5.4.80-2: fix oops on shutdown

Added:
  linux-lts/trunk/0003-efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch
Modified:
  linux-lts/trunk/PKGBUILD

---+
 0003-efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch |   55 ++
 PKGBUILD  |4 
 2 files changed, 58 insertions(+), 1 deletion(-)

Added: 0003-efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch
===
--- 0003-efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch   
(rev 0)
+++ 0003-efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch   
2020-11-28 15:29:13 UTC (rev 402361)
@@ -0,0 +1,55 @@
+From a163474e9b86c2c25f20733385d8b1d6de492a7f Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel 
+Date: Wed, 25 Nov 2020 08:45:55 +0100
+Subject: efivarfs: revert "fix memory leak in efivarfs_create()"
+
+The memory leak addressed by commit fe5186cf12e3 is a false positive:
+all allocations are recorded in a linked list, and freed when the
+filesystem is unmounted. This leads to double frees, and as reported
+by David, leads to crashes if SLUB is configured to self destruct when
+double frees occur.
+
+So drop the redundant kfree() again, and instead, mark the offending
+pointer variable so the allocation is ignored by kmemleak.
+
+Cc: Vamshi K Sthambamkadi 
+Fixes: fe5186cf12e3 ("efivarfs: fix memory leak in efivarfs_create()")
+Reported-by: David Laight 
+Signed-off-by: Ard Biesheuvel 
+---
+ fs/efivarfs/inode.c | 2 ++
+ fs/efivarfs/super.c | 1 -
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/fs/efivarfs/inode.c b/fs/efivarfs/inode.c
+index 96c0c86f3fff..0297ad95eb5c 100644
+--- a/fs/efivarfs/inode.c
 b/fs/efivarfs/inode.c
+@@ -7,6 +7,7 @@
+ #include 
+ #include 
+ #include 
++#include 
+ #include 
+ #include 
+ 
+@@ -103,6 +104,7 @@ static int efivarfs_create(struct inode *dir, struct 
dentry *dentry,
+   var->var.VariableName[i] = '\0';
+ 
+   inode->i_private = var;
++  kmemleak_ignore(var);
+ 
+   err = efivar_entry_add(var, _list);
+   if (err)
+diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
+index f943fd0b0699..15880a68faad 100644
+--- a/fs/efivarfs/super.c
 b/fs/efivarfs/super.c
+@@ -21,7 +21,6 @@ LIST_HEAD(efivarfs_list);
+ static void efivarfs_evict_inode(struct inode *inode)
+ {
+   clear_inode(inode);
+-  kfree(inode->i_private);
+ }
+ 
+ static const struct super_operations efivarfs_ops = {

Modified: PKGBUILD
===
--- PKGBUILD2020-11-28 14:29:07 UTC (rev 402360)
+++ PKGBUILD2020-11-28 15:29:13 UTC (rev 402361)
@@ -2,7 +2,7 @@
 
 pkgbase=linux-lts
 pkgver=5.4.80
-pkgrel=1
+pkgrel=2
 pkgdesc='LTS Linux'
 url="https://www.kernel.org/;
 arch=(x86_64)
@@ -18,6 +18,7 @@
   config # the main kernel config file
   0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
   0002-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch
+  0003-efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch
   sphinx-workaround.patch
 )
 validpgpkeys=(
@@ -30,6 +31,7 @@
 '760ec068a7a1d8e6d4af17c2a77bd0bcec6198ba31e003f6304313d43e3632a0'
 'b439f57b84bc98730c0265695abb92385ee4dcd35a5c00d4cb3d3155c75fb491'
 '4fd74bb2a7101d700fba91806141339d8c9e46a14f8fc1fe276cfb68f1eec0f5'
+'bc9e2f7e843a8fa87da0b1b40c7257cd92311f070fb255120c405ad257cff3ed'
 'b7c814c8183e4645947a6dcc3cbf80431de8a8fd4e895b780f9a5fd92f82cb8e')
 
 export KBUILD_BUILD_HOST=archlinux

[arch-commits] Commit in linux-lts/trunk (2 files)

2020-11-10 Thread Jan Steffens via arch-commits 
Date: Tuesday, November 10, 2020 @ 15:16:54
  Author: heftig
Revision: 400070

5.4.76-1

Modified:
  
linux-lts/trunk/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
  linux-lts/trunk/PKGBUILD

-+
 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch |2 +-
 PKGBUILD|6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

Modified: 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
===
--- 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch 
2020-11-10 15:14:54 UTC (rev 400069)
+++ 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch 
2020-11-10 15:16:54 UTC (rev 400070)
@@ -40,7 +40,7 @@
bool "PID Namespaces"
default y
 diff --git a/kernel/fork.c b/kernel/fork.c
-index e3d5963d8c6f..26bca4170e37 100644
+index 419fff8eb9e5..70da21e5c06a 100644
 --- a/kernel/fork.c
 +++ b/kernel/fork.c
 @@ -106,6 +106,11 @@

Modified: PKGBUILD
===
--- PKGBUILD2020-11-10 15:14:54 UTC (rev 400069)
+++ PKGBUILD2020-11-10 15:16:54 UTC (rev 400070)
@@ -1,7 +1,7 @@
 # Maintainer: Andreas Radke 
 
 pkgbase=linux-lts
-pkgver=5.4.75
+pkgver=5.4.76
 pkgrel=1
 pkgdesc='LTS Linux'
 url="https://www.kernel.org/;
@@ -25,10 +25,10 @@
   '647F28654894E3BD457199BE38DBBDC86092693E'  # Greg Kroah-Hartman
 )
 # https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-sha256sums=('d2466fd6eb5433e7bf287b617b11b2640c65a7ea93a57eb7a80d7f537cbc1470'
+sha256sums=('6f565fd31af5e1df7520c88d36d61db0f14b8fd7cc77aeb6c9b7b2ac25bef7d2'
 'SKIP'
 '760ec068a7a1d8e6d4af17c2a77bd0bcec6198ba31e003f6304313d43e3632a0'
-'0160432bb1a8e695aac2b389852fb2fa0967b4e56633d3af21232d62292195c2'
+'b439f57b84bc98730c0265695abb92385ee4dcd35a5c00d4cb3d3155c75fb491'
 '4fd74bb2a7101d700fba91806141339d8c9e46a14f8fc1fe276cfb68f1eec0f5'
 'b7c814c8183e4645947a6dcc3cbf80431de8a8fd4e895b780f9a5fd92f82cb8e')

[arch-commits] Commit in linux-lts/trunk (2 files)

2020-10-17 Thread Jan Steffens via arch-commits 
Date: Saturday, October 17, 2020 @ 14:41:35
  Author: heftig
Revision: 398503

5.4.72-1

Added:
  
linux-lts/trunk/0003-i2c-core-Restore-acpi_walk_dep_device_list-getting-c.patch
Modified:
  linux-lts/trunk/PKGBUILD

-+
 0003-i2c-core-Restore-acpi_walk_dep_device_list-getting-c.patch |   70 
++
 PKGBUILD|6 
 2 files changed, 74 insertions(+), 2 deletions(-)

Added: 0003-i2c-core-Restore-acpi_walk_dep_device_list-getting-c.patch
===
--- 0003-i2c-core-Restore-acpi_walk_dep_device_list-getting-c.patch 
(rev 0)
+++ 0003-i2c-core-Restore-acpi_walk_dep_device_list-getting-c.patch 
2020-10-17 14:41:35 UTC (rev 398503)
@@ -0,0 +1,70 @@
+From  Mon Sep 17 00:00:00 2001
+From: Hans de Goede 
+Date: Wed, 14 Oct 2020 16:41:58 +0200
+Subject: [PATCH] i2c: core: Restore acpi_walk_dep_device_list() getting called
+ after registering the ACPI i2c devs
+
+Commit 21653a4181ff ("i2c: core: Call i2c_acpi_install_space_handler()
+before i2c_acpi_register_devices()")'s intention was to only move the
+acpi_install_address_space_handler() call to the point before where
+the ACPI declared i2c-children of the adapter where instantiated by
+i2c_acpi_register_devices().
+
+But i2c_acpi_install_space_handler() had a call to
+acpi_walk_dep_device_list() hidden (that is I missed it) at the end
+of it, so as an unwanted side-effect now acpi_walk_dep_device_list()
+was also being called before i2c_acpi_register_devices().
+
+Move the acpi_walk_dep_device_list() call to the end of
+i2c_acpi_register_devices(), so that it is once again called *after*
+the i2c_client-s hanging of the adapter have been created.
+
+This fixes the Microsoft Surface Go 2 hanging at boot.
+
+Fixes: 21653a4181ff ("i2c: core: Call i2c_acpi_install_space_handler() before 
i2c_acpi_register_devices()")
+Suggested-by: Maximilian Luz 
+Reported-and-tested-by: Kieran Bingham 
+Signed-off-by: Hans de Goede 
+---
+ drivers/i2c/i2c-core-acpi.c | 11 ++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c
+index ce70b5288472..c70983780ae7 100644
+--- a/drivers/i2c/i2c-core-acpi.c
 b/drivers/i2c/i2c-core-acpi.c
+@@ -264,16 +264,26 @@ static acpi_status i2c_acpi_add_device(acpi_handle 
handle, u32 level,
+ void i2c_acpi_register_devices(struct i2c_adapter *adap)
+ {
+   acpi_status status;
++  acpi_handle handle;
+ 
+   if (!has_acpi_companion(>dev))
+   return;
+ 
+   status = acpi_walk_namespace(ACPI_TYPE_DEVICE, ACPI_ROOT_OBJECT,
+I2C_ACPI_MAX_SCAN_DEPTH,
+i2c_acpi_add_device, NULL,
+adap, NULL);
+   if (ACPI_FAILURE(status))
+   dev_warn(>dev, "failed to enumerate I2C slaves\n");
++
++  if (!adap->dev.parent)
++  return;
++
++  handle = ACPI_HANDLE(adap->dev.parent);
++  if (!handle)
++  return;
++
++  acpi_walk_dep_device_list(handle);
+ }
+ 
+ const struct acpi_device_id *
+@@ -737,7 +747,6 @@ int i2c_acpi_install_space_handler(struct i2c_adapter 
*adapter)
+   return -ENOMEM;
+   }
+ 
+-  acpi_walk_dep_device_list(handle);
+   return 0;
+ }
+ 

Modified: PKGBUILD
===
--- PKGBUILD2020-10-17 13:36:18 UTC (rev 398502)
+++ PKGBUILD2020-10-17 14:41:35 UTC (rev 398503)
@@ -1,7 +1,7 @@
 # Maintainer: Andreas Radke 
 
 pkgbase=linux-lts
-pkgver=5.4.71
+pkgver=5.4.72
 pkgrel=1
 pkgdesc='LTS Linux'
 url="https://www.kernel.org/;
@@ -18,6 +18,7 @@
   config # the main kernel config file
   0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
   0002-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch
+  0003-i2c-core-Restore-acpi_walk_dep_device_list-getting-c.patch
   sphinx-workaround.patch
 )
 validpgpkeys=(
@@ -25,11 +26,12 @@
   '647F28654894E3BD457199BE38DBBDC86092693E'  # Greg Kroah-Hartman
 )
 # https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-sha256sums=('737049ef3cf38d46ee3b377354336cdbc1c4dd95b4e54975a70716f96c8d6cc7'
+sha256sums=('0e24645bd56fe5b55a7a662895f5562c103d71b54d097281f0c9c71ff22c1172'
 'SKIP'
 '6a2ee8f822810f594921aa85087e4cf0a17c68518d395586fd9c56b6c7e63dad'
 '0279e6c1a7f233110393995eccca1371edf11680fa5d6b8916dcb9ce098fb7fb'
 '4fd74bb2a7101d700fba91806141339d8c9e46a14f8fc1fe276cfb68f1eec0f5'
+'f1e849d9e0cd07d527f60fed5aebbb76d7dd0c77a504786f4d0d09c20445f8f1'
 'b7c814c8183e4645947a6dcc3cbf80431de8a8fd4e895b780f9a5fd92f82cb8e')
 
 export KBUILD_BUILD_HOST=archlinux

[arch-commits] Commit in linux-lts/trunk (2 files)

2020-10-01 Thread Jan Steffens via arch-commits 
Date: Thursday, October 1, 2020 @ 21:58:20
  Author: heftig
Revision: 397059

5.4.69-1

Modified:
  
linux-lts/trunk/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
  linux-lts/trunk/PKGBUILD

-+
 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch |6 +++---
 PKGBUILD|6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

Modified: 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
===
--- 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch 
2020-10-01 21:50:35 UTC (rev 397058)
+++ 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch 
2020-10-01 21:58:20 UTC (rev 397059)
@@ -40,7 +40,7 @@
bool "PID Namespaces"
default y
 diff --git a/kernel/fork.c b/kernel/fork.c
-index 9180f4416dba..a02f83b1d9b4 100644
+index 594272569a80..96a55931654c 100644
 --- a/kernel/fork.c
 +++ b/kernel/fork.c
 @@ -106,6 +106,11 @@
@@ -55,7 +55,7 @@
  
  /*
   * Minimum number of threads to boot the kernel
-@@ -1779,6 +1784,10 @@ static __latent_entropy struct task_struct 
*copy_process(
+@@ -1780,6 +1785,10 @@ static __latent_entropy struct task_struct 
*copy_process(
if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == 
(CLONE_NEWUSER|CLONE_FS))
return ERR_PTR(-EINVAL);
  
@@ -66,7 +66,7 @@
/*
 * Thread groups must share signals as well, and detached threads
 * can only be started up within the thread group.
-@@ -2837,6 +2846,12 @@ int ksys_unshare(unsigned long unshare_flags)
+@@ -2838,6 +2847,12 @@ int ksys_unshare(unsigned long unshare_flags)
if (unshare_flags & CLONE_NEWNS)
unshare_flags |= CLONE_FS;
  

Modified: PKGBUILD
===
--- PKGBUILD2020-10-01 21:50:35 UTC (rev 397058)
+++ PKGBUILD2020-10-01 21:58:20 UTC (rev 397059)
@@ -1,7 +1,7 @@
 # Maintainer: Andreas Radke 
 
 pkgbase=linux-lts
-pkgver=5.4.68
+pkgver=5.4.69
 pkgrel=1
 pkgdesc='LTS Linux'
 url="https://www.kernel.org/;
@@ -25,10 +25,10 @@
   '647F28654894E3BD457199BE38DBBDC86092693E'  # Greg Kroah-Hartman
 )
 # https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-sha256sums=('0e93876c5ae8dc0c55cbe631971a46ab02b90cf7461fed3085703a5e4e3cd6dd'
+sha256sums=('a8b31d716b397303a183e42ad525ff2871024a43e3ea530d0fdf73b7f9d27da7'
 'SKIP'
 '6a2ee8f822810f594921aa85087e4cf0a17c68518d395586fd9c56b6c7e63dad'
-'b3f2777462517abd75039fc56a63dfa3f5eb6b3865e02fe9e0c3512381eed54b'
+'0279e6c1a7f233110393995eccca1371edf11680fa5d6b8916dcb9ce098fb7fb'
 '4fd74bb2a7101d700fba91806141339d8c9e46a14f8fc1fe276cfb68f1eec0f5'
 'b7c814c8183e4645947a6dcc3cbf80431de8a8fd4e895b780f9a5fd92f82cb8e')

[arch-commits] Commit in linux-lts/trunk (2 files)

2020-07-22 Thread Jan Steffens via arch-commits 
Date: Wednesday, July 22, 2020 @ 20:52:28
  Author: heftig
Revision: 392391

5.4.53-1

Modified:
  
linux-lts/trunk/0002-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch
  linux-lts/trunk/PKGBUILD

-+
 0002-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch |  116 
+-
 PKGBUILD|6 
 2 files changed, 15 insertions(+), 107 deletions(-)

Modified: 0002-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch
===
--- 0002-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch 
2020-07-22 20:52:26 UTC (rev 392390)
+++ 0002-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch 
2020-07-22 20:52:28 UTC (rev 392391)
@@ -135,18 +135,16 @@
 Reviewed-by: Arnd Bergmann 
 Signed-off-by: Hans de Goede 
 ---
- drivers/virt/vboxguest/vboxguest_core.c  | 272 +++
- drivers/virt/vboxguest/vboxguest_core.h  |  38 +++-
- drivers/virt/vboxguest/vboxguest_linux.c |   3 +-
+ drivers/virt/vboxguest/vboxguest_core.c  | 266 +++
+ drivers/virt/vboxguest/vboxguest_core.h  |  23 +-
  drivers/virt/vboxguest/vboxguest_utils.c |   1 +
- drivers/virt/vboxguest/vmmdev.h  |   2 +
  include/linux/vbox_utils.h   |   1 +
  include/uapi/linux/vbox_vmmdev_types.h   |   3 +
- include/uapi/linux/vboxguest.h   |  28 ++-
- 8 files changed, 294 insertions(+), 54 deletions(-)
+ include/uapi/linux/vboxguest.h   |  24 ++
+ 6 files changed, 269 insertions(+), 49 deletions(-)
 
 diff --git a/drivers/virt/vboxguest/vboxguest_core.c 
b/drivers/virt/vboxguest/vboxguest_core.c
-index 2307b0329aec..f449fc366cf3 100644
+index 95bfdb8ac8a2..f449fc366cf3 100644
 --- a/drivers/virt/vboxguest/vboxguest_core.c
 +++ b/drivers/virt/vboxguest/vboxguest_core.c
 @@ -558,7 +558,7 @@ static int vbg_reset_host_event_filter(struct vbg_dev 
*gdev,
@@ -516,8 +514,7 @@
or_mask = caps->u.in.or_mask;
not_mask = caps->u.in.not_mask;
  
--  if ((or_mask | not_mask) & ~VMMDEV_EVENT_VALID_EVENT_MASK)
-+  if ((or_mask | not_mask) & ~VMMDEV_GUEST_CAPABILITIES_MASK)
+   if ((or_mask | not_mask) & ~VMMDEV_GUEST_CAPABILITIES_MASK)
return -EINVAL;
  
ret = vbg_set_session_capabilities(gdev, session, or_mask, not_mask,
@@ -530,29 +527,7 @@
caps->u.out.global_caps = gdev->guest_caps_host;
  
return 0;
-@@ -1519,48 +1693,52 @@ int vbg_core_ioctl(struct vbg_session *session, 
unsigned int req, void *data)
- 
-   /* For VMMDEV_REQUEST hdr->type != VBG_IOCTL_HDR_TYPE_DEFAULT */
-   if (req_no_size == VBG_IOCTL_VMMDEV_REQUEST(0) ||
--  req == VBG_IOCTL_VMMDEV_REQUEST_BIG)
-+  req == VBG_IOCTL_VMMDEV_REQUEST_BIG ||
-+  req == VBG_IOCTL_VMMDEV_REQUEST_BIG_ALT)
-   return vbg_ioctl_vmmrequest(gdev, session, data);
- 
-   if (hdr->type != VBG_IOCTL_HDR_TYPE_DEFAULT)
-   return -EINVAL;
- 
-   /* Fixed size requests. */
-   switch (req) {
-   case VBG_IOCTL_DRIVER_VERSION_INFO:
-   return vbg_ioctl_driver_version_info(data);
-   case VBG_IOCTL_HGCM_CONNECT:
-   return vbg_ioctl_hgcm_connect(gdev, session, data);
-   case VBG_IOCTL_HGCM_DISCONNECT:
-   return vbg_ioctl_hgcm_disconnect(gdev, session, data);
-   case VBG_IOCTL_WAIT_FOR_EVENTS:
-   return vbg_ioctl_wait_for_events(gdev, session, data);
-   case VBG_IOCTL_INTERRUPT_ALL_WAIT_FOR_EVENTS:
+@@ -1540,29 +1714,31 @@ int vbg_core_ioctl(struct vbg_session *session, 
unsigned int req, void *data)
return vbg_ioctl_interrupt_all_wait_events(gdev, session, data);
case VBG_IOCTL_CHANGE_FILTER_MASK:
return vbg_ioctl_change_filter_mask(gdev, session, data);
@@ -576,7 +551,7 @@
case VBG_IOCTL_HGCM_CALL(0):
return vbg_ioctl_hgcm_call(gdev, session, f32bit, data);
case VBG_IOCTL_LOG(0):
-+  case VBG_IOCTL_LOG_ALT(0):
+   case VBG_IOCTL_LOG_ALT(0):
return vbg_ioctl_log(data);
}
  
@@ -586,32 +561,10 @@
  }
  
 diff --git a/drivers/virt/vboxguest/vboxguest_core.h 
b/drivers/virt/vboxguest/vboxguest_core.h
-index 4188c12b839f..ab4bf64e2cec 100644
+index 77c3a9c8255d..ab4bf64e2cec 100644
 --- a/drivers/virt/vboxguest/vboxguest_core.h
 +++ b/drivers/virt/vboxguest/vboxguest_core.h
-@@ -15,6 +15,21 @@
- #include 
- #include "vmmdev.h"
- 
-+/*
-+ * The mainline kernel version (this version) of the vboxguest module
-+ * contained a bug where it defined VBGL_IOCTL_VMMDEV_REQUEST_BIG and
-+ * VBGL_IOCTL_LOG using _IOC(_IOC_READ | _IOC_WRITE, 'V', ...) instead
-+ * of _IO(V, ...) as the out of tree VirtualBox upstream version does.
-+ *
-+ * These _ALT definitions keep compatibility with the wrong defines the
-+ * mainline kernel version used for a

[arch-commits] Commit in linux-lts/trunk (2 files)

2020-05-08 Thread Jan Steffens via arch-commits 
Date: Friday, May 8, 2020 @ 21:32:08
  Author: heftig
Revision: 382812

5.4.39-2: GCC 10

Added:
  linux-lts/trunk/0001-gcc-common.h-Update-for-GCC-10.patch
Modified:
  linux-lts/trunk/PKGBUILD

---+
 0001-gcc-common.h-Update-for-GCC-10.patch |   92 
 PKGBUILD  |4 -
 2 files changed, 95 insertions(+), 1 deletion(-)

Added: 0001-gcc-common.h-Update-for-GCC-10.patch
===
--- 0001-gcc-common.h-Update-for-GCC-10.patch   (rev 0)
+++ 0001-gcc-common.h-Update-for-GCC-10.patch   2020-05-08 21:32:08 UTC (rev 
382812)
@@ -0,0 +1,92 @@
+From 1a84040203e73d1bccfdb99aed98042efe3ecd16 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?=
+ 
+Date: Tue, 7 Apr 2020 13:32:59 +0200
+Subject: [PATCH] gcc-common.h: Update for GCC 10
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Remove "params.h" include, which has been dropped in GCC 10.
+
+Remove is_a_helper() macro, which is now defined in gimple.h, as seen
+when running './scripts/gcc-plugin.sh g++ g++ gcc':
+
+In file included from :1:
+./gcc-plugins/gcc-common.h:852:13: error: redefinition of ‘static bool 
is_a_helper::test(U*) [with U = const gimple; T = const ggoto*]’
+  852 | inline bool is_a_helper::test(const_gimple gs)
+  | ^~
+In file included from ./gcc-plugins/gcc-common.h:125,
+ from :1:
+/usr/lib/gcc/x86_64-redhat-linux/10/plugin/include/gimple.h:1037:1: note: 
‘static bool is_a_helper::test(U*) [with U = const gimple; T = const 
ggoto*]’ previously declared here
+ 1037 | is_a_helper ::test (const gimple *gs)
+  | ^~~
+
+Add -Wno-format-diag to scripts/gcc-plugins/Makefile to avoid
+meaningless warnings from error() formats used by plugins:
+
+scripts/gcc-plugins/structleak_plugin.c: In function ‘int 
plugin_init(plugin_name_args*, plugin_gcc_version*)’:
+scripts/gcc-plugins/structleak_plugin.c:253:12: warning: unquoted sequence of 
2 consecutive punctuation characters ‘'-’ in format [-Wformat-diag]
+  253 |   error(G_("unknown option '-fplugin-arg-%s-%s'"), plugin_name, 
argv[i].key);
+  |^
+
+Signed-off-by: Frédéric Pierret (fepitre) 
+Link: 
https://lore.kernel.org/r/20200407113259.270172-1-frederic.pier...@qubes-os.org
+[kees: include -Wno-format-diag for plugin builds]
+Signed-off-by: Kees Cook 
+---
+ scripts/gcc-plugins/Makefile | 1 +
+ scripts/gcc-plugins/gcc-common.h | 4 
+ 2 files changed, 5 insertions(+)
+
+diff --git a/scripts/gcc-plugins/Makefile b/scripts/gcc-plugins/Makefile
+index aa0d0ec6936d..9e95862f2788 100644
+--- a/scripts/gcc-plugins/Makefile
 b/scripts/gcc-plugins/Makefile
+@@ -11,6 +11,7 @@ else
+   HOST_EXTRACXXFLAGS += -I$(GCC_PLUGINS_DIR)/include -I$(src) -std=gnu++98 
-fno-rtti
+   HOST_EXTRACXXFLAGS += -fno-exceptions -fasynchronous-unwind-tables -ggdb
+   HOST_EXTRACXXFLAGS += -Wno-narrowing -Wno-unused-variable
++  HOST_EXTRACXXFLAGS += -Wno-format-diag
+   export HOST_EXTRACXXFLAGS
+ endif
+ 
+diff --git a/scripts/gcc-plugins/gcc-common.h 
b/scripts/gcc-plugins/gcc-common.h
+index 17f06079a712..9ad76b7f3f10 100644
+--- a/scripts/gcc-plugins/gcc-common.h
 b/scripts/gcc-plugins/gcc-common.h
+@@ -35,7 +35,9 @@
+ #include "ggc.h"
+ #include "timevar.h"
+ 
++#if BUILDING_GCC_VERSION < 1
+ #include "params.h"
++#endif
+ 
+ #if BUILDING_GCC_VERSION <= 4009
+ #include "pointer-set.h"
+@@ -847,19 +849,21 @@ static inline gimple gimple_build_assign_with_ops(enum 
tree_code subcode, tree l
+   return gimple_build_assign(lhs, subcode, op1, op2 PASS_MEM_STAT);
+ }
+ 
++#if BUILDING_GCC_VERSION < 1
+ template <>
+ template <>
+ inline bool is_a_helper::test(const_gimple gs)
+ {
+   return gs->code == GIMPLE_GOTO;
+ }
+ 
+ template <>
+ template <>
+ inline bool is_a_helper::test(const_gimple gs)
+ {
+   return gs->code == GIMPLE_RETURN;
+ }
++#endif
+ 
+ static inline gasm *as_a_gasm(gimple stmt)
+ {
+-- 
+2.26.2
+

Modified: PKGBUILD
===
--- PKGBUILD2020-05-08 21:20:02 UTC (rev 382811)
+++ PKGBUILD2020-05-08 21:32:08 UTC (rev 382812)
@@ -2,7 +2,7 @@
 
 pkgbase=linux-lts
 pkgver=5.4.39
-pkgrel=1
+pkgrel=2
 pkgdesc='LTS Linux'
 url="https://www.kernel.org/;
 arch=(x86_64)
@@ -17,6 +17,7 @@
   
https://www.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/${_srcname}.tar.{xz,sign}
   config # the main kernel config file
   0001-add-sysctl-and-CONFIG-for-unprivileged_userns_clone.patch
+  0001-gcc-common.h-Update-for-GCC-10.patch
   sphinx-workaround.patch
 )
 validpgpkeys=(
@@ -28,6 +29,7 @@
 'SKIP'
 '8b202067f6f0adbe2f8d4290624005f4fa1fff32aaa42f979c9ab03f6b74b62f'

[arch-commits] Commit in linux-lts/trunk (2 files)

2020-04-19 Thread Jan Steffens via arch-commits 
Date: Sunday, April 19, 2020 @ 13:52:10
  Author: heftig
Revision: 380548

5.4.33-3

Added:
  
linux-lts/trunk/drm-amdgpu-fix-the-hw-hang-during-perform-system-reboot-and-reset.patch
Modified:
  linux-lts/trunk/PKGBUILD

-+
 PKGBUILD|8 
+-
 drm-amdgpu-fix-the-hw-hang-during-perform-system-reboot-and-reset.patch |   37 
++
 2 files changed, 43 insertions(+), 2 deletions(-)

Modified: PKGBUILD
===
--- PKGBUILD2020-04-19 13:52:04 UTC (rev 380547)
+++ PKGBUILD2020-04-19 13:52:10 UTC (rev 380548)
@@ -2,7 +2,7 @@
 
 pkgbase=linux-lts
 pkgver=5.4.33
-pkgrel=2
+pkgrel=3
 pkgdesc='LTS Linux'
 url="https://www.kernel.org/;
 arch=(x86_64)
@@ -18,7 +18,10 @@
   config # the main kernel config file
   0001-add-sysctl-and-CONFIG-for-unprivileged_userns_clone.patch
   sphinx-workaround.patch
+
+  # From stable-queue
   revert-acpi-ec-do-not-clear-boot_ec_is_ecdt-in-acpi_ec_add.patch
+  drm-amdgpu-fix-the-hw-hang-during-perform-system-reboot-and-reset.patch
 )
 validpgpkeys=(
   'ABAF11C65A2970B130ABE3C479BE3E4300411886'  # Linus Torvalds
@@ -30,7 +33,8 @@
 '8b202067f6f0adbe2f8d4290624005f4fa1fff32aaa42f979c9ab03f6b74b62f'
 'a13581d3c6dc595206e4fe7fcf6b542e7a1bdbe96101f0f010fc5be49f99baf2'
 'b7c814c8183e4645947a6dcc3cbf80431de8a8fd4e895b780f9a5fd92f82cb8e'
-'9fd93b899e03accd31ab357a70e538220c424ce8769e63a8b961fa627ab27c0a')
+'9fd93b899e03accd31ab357a70e538220c424ce8769e63a8b961fa627ab27c0a'
+'3015cbbcd0527bef418c45febed7b18a97e1783901ecf9b3693024a9ee867138')
 
 export KBUILD_BUILD_HOST=archlinux
 export KBUILD_BUILD_USER=$pkgbase

Added: drm-amdgpu-fix-the-hw-hang-during-perform-system-reboot-and-reset.patch
===
--- drm-amdgpu-fix-the-hw-hang-during-perform-system-reboot-and-reset.patch 
(rev 0)
+++ drm-amdgpu-fix-the-hw-hang-during-perform-system-reboot-and-reset.patch 
2020-04-19 13:52:10 UTC (rev 380548)
@@ -0,0 +1,37 @@
+From b2a7e9735ab2864330be9d00d7f38c961c28de5d Mon Sep 17 00:00:00 2001
+From: Prike Liang 
+Date: Mon, 13 Apr 2020 21:41:14 +0800
+Subject: drm/amdgpu: fix the hw hang during perform system reboot and reset
+
+From: Prike Liang 
+
+commit b2a7e9735ab2864330be9d00d7f38c961c28de5d upstream.
+
+The system reboot failed as some IP blocks enter power gate before perform
+hw resource destory. Meanwhile use unify interface to set device CGPG to ungate
+state can simplify the amdgpu poweroff or reset ungate guard.
+
+Fixes: 487eca11a321ef ("drm/amdgpu: fix gfx hang during suspend with video 
playback (v2)")
+Signed-off-by: Prike Liang 
+Tested-by: Mengbing Wang 
+Tested-by: Paul Menzel 
+Acked-by: Alex Deucher 
+Signed-off-by: Alex Deucher 
+Cc: sta...@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman 
+
+---
+ drivers/gpu/drm/amd/amdgpu/amdgpu_device.c |2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
 b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
+@@ -2176,6 +2176,8 @@ static int amdgpu_device_ip_suspend_phas
+ {
+   int i, r;
+ 
++  amdgpu_device_set_pg_state(adev, AMD_PG_STATE_UNGATE);
++  amdgpu_device_set_cg_state(adev, AMD_CG_STATE_UNGATE);
+ 
+   for (i = adev->num_ip_blocks - 1; i >= 0; i--) {
+   if (!adev->ip_blocks[i].status.valid)

[arch-commits] Commit in linux-lts/trunk (2 files)

2020-04-02 Thread Andreas Radke via arch-commits 
Date: Thursday, April 2, 2020 @ 14:59:04
  Author: andyrtr
Revision: 379137

upgpkg: linux-lts 5.4.30-1: upstream update 5.4.30

Modified:
  linux-lts/trunk/PKGBUILD
Deleted:
  
linux-lts/trunk/0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch

-+
 0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch |   68 
--
 PKGBUILD|   10 -
 2 files changed, 4 insertions(+), 74 deletions(-)

Deleted: 0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch
===
--- 0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch 
2020-04-02 11:30:23 UTC (rev 379136)
+++ 0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch 
2020-04-02 14:59:04 UTC (rev 379137)
@@ -1,68 +0,0 @@
-From 6f2896ad2981c70be7caf0e44e0adc25f76d9937 Mon Sep 17 00:00:00 2001
-From: Levente Polyak 
-Date: Mon, 30 Mar 2020 20:42:07 +0200
-Subject: [PATCH] CVE-2020-8835: Revert "bpf: Provide better register bounds
- after jmp32 instructions"
-
-This reverts commit b4de258dede528f88f401259aab3147fb6da1ddf which is a
-backport of 581738a681b6.
-
-Manfred Paul, as part of the ZDI pwn2own competition, demonstrated
-that a flaw existed in the bpf verifier for 32bit operations. This
-was introduced in commit:
-
-  581738a681b6 ("bpf: Provide better register bounds after jmp32 instructions")
-
-The result is that register bounds were improperly calculated,
-allowing out-of-bounds reads and writes to occur.

- kernel/bpf/verifier.c | 19 ---
- 1 file changed, 19 deletions(-)
-
-diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
-index b2817d0929b3..a0b76b360d6f 100644
 a/kernel/bpf/verifier.c
-+++ b/kernel/bpf/verifier.c
-@@ -979,17 +979,6 @@ static void __reg_bound_offset(struct bpf_reg_state *reg)
-reg->umax_value));
- }
- 
--static void __reg_bound_offset32(struct bpf_reg_state *reg)
--{
--  u64 mask = 0x;
--  struct tnum range = tnum_range(reg->umin_value & mask,
-- reg->umax_value & mask);
--  struct tnum lo32 = tnum_cast(reg->var_off, 4);
--  struct tnum hi32 = tnum_lshift(tnum_rshift(reg->var_off, 32), 32);
--
--  reg->var_off = tnum_or(hi32, tnum_intersect(lo32, range));
--}
--
- /* Reset the min/max bounds of a register */
- static void __mark_reg_unbounded(struct bpf_reg_state *reg)
- {
-@@ -5452,10 +5441,6 @@ static void reg_set_min_max(struct bpf_reg_state 
*true_reg,
-   /* We might have learned some bits from the bounds. */
-   __reg_bound_offset(false_reg);
-   __reg_bound_offset(true_reg);
--  if (is_jmp32) {
--  __reg_bound_offset32(false_reg);
--  __reg_bound_offset32(true_reg);
--  }
-   /* Intersecting with the old var_off might have improved our bounds
-* slightly.  e.g. if umax was 0x7f...f and var_off was (0; 0xf...fc),
-* then new var_off is (0; 0x7f...fc) which improves our umax.
-@@ -5565,10 +5550,6 @@ static void reg_set_min_max_inv(struct bpf_reg_state 
*true_reg,
-   /* We might have learned some bits from the bounds. */
-   __reg_bound_offset(false_reg);
-   __reg_bound_offset(true_reg);
--  if (is_jmp32) {
--  __reg_bound_offset32(false_reg);
--  __reg_bound_offset32(true_reg);
--  }
-   /* Intersecting with the old var_off might have improved our bounds
-* slightly.  e.g. if umax was 0x7f...f and var_off was (0; 0xf...fc),
-* then new var_off is (0; 0x7f...fc) which improves our umax.
--- 
-2.26.0
-

Modified: PKGBUILD
===
--- PKGBUILD2020-04-02 11:30:23 UTC (rev 379136)
+++ PKGBUILD2020-04-02 14:59:04 UTC (rev 379137)
@@ -1,8 +1,8 @@
 # Maintainer: Andreas Radke 
 
 pkgbase=linux-lts
-pkgver=5.4.28
-pkgrel=2
+pkgver=5.4.30
+pkgrel=1
 pkgdesc='LTS Linux'
 url="https://www.kernel.org/;
 arch=(x86_64)
@@ -17,7 +17,6 @@
   
https://www.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/${_srcname}.tar.{xz,sign}
   config # the main kernel config file
   0001-add-sysctl-and-CONFIG-for-unprivileged_userns_clone.patch
-  0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch
 )
 validpgpkeys=(
   'ABAF11C65A2970B130ABE3C479BE3E4300411886'  # Linus Torvalds
@@ -24,11 +23,10 @@
   '647F28654894E3BD457199BE38DBBDC86092693E'  # Greg Kroah-Hartman
 )
 # https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-sha256sums=('c863cc1346348f9a40083b4bc0d34375117b1c401af920994d42e855653ef7a4'
+sha256sums=('11dd78f701bce619d90d3b2ee597601716c48087e159c890c1decd7b90349def'
 'SKIP'
 '7a58467b4cf628306a0048993f43508e5da39d8495801602b25b035372651697'
-'a13581d3c6dc595206e4fe7fcf6b542e7a1bdbe96101f0f010fc5be49f99baf2'
-

[arch-commits] Commit in linux-lts/trunk (2 files)

2020-03-30 Thread Levente Polyak via arch-commits 
Date: Monday, March 30, 2020 @ 20:37:19
  Author: anthraxx
Revision: 378766

upgpkg: linux-lts 5.4.28-2: CVE-2020-8835

Added:
  
linux-lts/trunk/0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch
Modified:
  linux-lts/trunk/PKGBUILD

-+
 0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch |   68 
++
 PKGBUILD|6 
 2 files changed, 72 insertions(+), 2 deletions(-)

Added: 0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch
===
--- 0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch 
(rev 0)
+++ 0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch 
2020-03-30 20:37:19 UTC (rev 378766)
@@ -0,0 +1,68 @@
+From 6f2896ad2981c70be7caf0e44e0adc25f76d9937 Mon Sep 17 00:00:00 2001
+From: Levente Polyak 
+Date: Mon, 30 Mar 2020 20:42:07 +0200
+Subject: [PATCH] CVE-2020-8835: Revert "bpf: Provide better register bounds
+ after jmp32 instructions"
+
+This reverts commit b4de258dede528f88f401259aab3147fb6da1ddf which is a
+backport of 581738a681b6.
+
+Manfred Paul, as part of the ZDI pwn2own competition, demonstrated
+that a flaw existed in the bpf verifier for 32bit operations. This
+was introduced in commit:
+
+  581738a681b6 ("bpf: Provide better register bounds after jmp32 instructions")
+
+The result is that register bounds were improperly calculated,
+allowing out-of-bounds reads and writes to occur.
+---
+ kernel/bpf/verifier.c | 19 ---
+ 1 file changed, 19 deletions(-)
+
+diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
+index b2817d0929b3..a0b76b360d6f 100644
+--- a/kernel/bpf/verifier.c
 b/kernel/bpf/verifier.c
+@@ -979,17 +979,6 @@ static void __reg_bound_offset(struct bpf_reg_state *reg)
+reg->umax_value));
+ }
+ 
+-static void __reg_bound_offset32(struct bpf_reg_state *reg)
+-{
+-  u64 mask = 0x;
+-  struct tnum range = tnum_range(reg->umin_value & mask,
+- reg->umax_value & mask);
+-  struct tnum lo32 = tnum_cast(reg->var_off, 4);
+-  struct tnum hi32 = tnum_lshift(tnum_rshift(reg->var_off, 32), 32);
+-
+-  reg->var_off = tnum_or(hi32, tnum_intersect(lo32, range));
+-}
+-
+ /* Reset the min/max bounds of a register */
+ static void __mark_reg_unbounded(struct bpf_reg_state *reg)
+ {
+@@ -5452,10 +5441,6 @@ static void reg_set_min_max(struct bpf_reg_state 
*true_reg,
+   /* We might have learned some bits from the bounds. */
+   __reg_bound_offset(false_reg);
+   __reg_bound_offset(true_reg);
+-  if (is_jmp32) {
+-  __reg_bound_offset32(false_reg);
+-  __reg_bound_offset32(true_reg);
+-  }
+   /* Intersecting with the old var_off might have improved our bounds
+* slightly.  e.g. if umax was 0x7f...f and var_off was (0; 0xf...fc),
+* then new var_off is (0; 0x7f...fc) which improves our umax.
+@@ -5565,10 +5550,6 @@ static void reg_set_min_max_inv(struct bpf_reg_state 
*true_reg,
+   /* We might have learned some bits from the bounds. */
+   __reg_bound_offset(false_reg);
+   __reg_bound_offset(true_reg);
+-  if (is_jmp32) {
+-  __reg_bound_offset32(false_reg);
+-  __reg_bound_offset32(true_reg);
+-  }
+   /* Intersecting with the old var_off might have improved our bounds
+* slightly.  e.g. if umax was 0x7f...f and var_off was (0; 0xf...fc),
+* then new var_off is (0; 0x7f...fc) which improves our umax.
+-- 
+2.26.0
+

Modified: PKGBUILD
===
--- PKGBUILD2020-03-30 19:22:34 UTC (rev 378765)
+++ PKGBUILD2020-03-30 20:37:19 UTC (rev 378766)
@@ -2,7 +2,7 @@
 
 pkgbase=linux-lts
 pkgver=5.4.28
-pkgrel=1
+pkgrel=2
 pkgdesc='LTS Linux'
 url="https://www.kernel.org/;
 arch=(x86_64)
@@ -17,6 +17,7 @@
   
https://www.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/${_srcname}.tar.{xz,sign}
   config # the main kernel config file
   0001-add-sysctl-and-CONFIG-for-unprivileged_userns_clone.patch
+  0001-CVE-2020-8835-Revert-bpf-Provide-better-register-bou.patch
 )
 validpgpkeys=(
   'ABAF11C65A2970B130ABE3C479BE3E4300411886'  # Linus Torvalds
@@ -26,7 +27,8 @@
 sha256sums=('c863cc1346348f9a40083b4bc0d34375117b1c401af920994d42e855653ef7a4'
 'SKIP'
 '7a58467b4cf628306a0048993f43508e5da39d8495801602b25b035372651697'
-'a13581d3c6dc595206e4fe7fcf6b542e7a1bdbe96101f0f010fc5be49f99baf2')
+'a13581d3c6dc595206e4fe7fcf6b542e7a1bdbe96101f0f010fc5be49f99baf2'
+'c6d203cb728fbe70f8bd60c9448f0cbcb36d8b535fc1cdd59bda4a26ead303bf')
 
 export KBUILD_BUILD_HOST=archlinux
 export KBUILD_BUILD_USER=$pkgbase

[arch-commits] Commit in linux-lts/trunk (2 files)

2017-10-12 Thread Andreas Radke 
Date: Thursday, October 12, 2017 @ 21:17:38
  Author: andyrtr
Revision: 307803

upgpkg: linux-lts 4.9.56-1

upstream update 4.9.56

Modified:
  linux-lts/trunk/PKGBUILD
Deleted:
  linux-lts/trunk/socket_bpf_fix_possible_use_after_free.diff

-+
 PKGBUILD|   14 +---
 socket_bpf_fix_possible_use_after_free.diff |   91 --
 2 files changed, 4 insertions(+), 101 deletions(-)

Modified: PKGBUILD
===
--- PKGBUILD2017-10-12 21:10:32 UTC (rev 307802)
+++ PKGBUILD2017-10-12 21:17:38 UTC (rev 307803)
@@ -4,7 +4,7 @@
 pkgbase=linux-lts
 #pkgbase=linux-lts-custom
 _srcname=linux-4.9
-pkgver=4.9.55
+pkgver=4.9.56
 pkgrel=1
 arch=('i686' 'x86_64')
 url="https://www.kernel.org/;
@@ -19,19 +19,17 @@
 '90-linux.hook'
 # standard config files for mkinitcpio ramdisk
 linux-lts.preset
-change-default-console-loglevel.patch
-socket_bpf_fix_possible_use_after_free.diff)
+change-default-console-loglevel.patch)
 # https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
 sha256sums=('029098dcffab74875e086ae970e3828456838da6e0ba22ce3f64ef764f3d7f1a'
 'SKIP'
-'358191624dd7004bfc7a8658b6354d9da4d49eb8ef84af41d2dc63dd1a8c4d1a'
+'a63aacf1f75a2f02a1313658b7f86be922b7a0e4bab41dc377449dfc0b7c529f'
 'SKIP'
 '6ee48ebd5cf5a6f1a8ab3bb8b00956345b2b2bab3b1238a90d0de09745c502ec'
 '1bec2ba1cd21b26234caf33cca737259797430d4fe5fade16e60480a9442a6e0'
 '834bd254b56ab71d73f59b3221f056c72f559553c04718e350ab2a3e2991afe0'
 '1f036f7464da54ae510630f0edb69faa115287f86d9f17641197ffda8cfd49e0'
-'1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99'
-'f6a5db4ef1580922ffd0e2d080a8a6ba9b97e270f8373f09c4675241447d6af6')
+'1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99')
 validpgpkeys=('ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds 

   '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman 
(Linux kernel stable release signing key) 
  )
@@ -47,10 +45,6 @@
   # add latest fixes from stable queue, if needed
   # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
 
-  # fix broken network reverting upstream commit
-  # 
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.9.y=02f7e4101092b88e57c73171174976c8a72a3eba
-  patch -Rp1 -i ../socket_bpf_fix_possible_use_after_free.diff
-
   # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
   # remove this when a Kconfig knob is made available by upstream
   # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)

Deleted: socket_bpf_fix_possible_use_after_free.diff
===
--- socket_bpf_fix_possible_use_after_free.diff 2017-10-12 21:10:32 UTC (rev 
307802)
+++ socket_bpf_fix_possible_use_after_free.diff 2017-10-12 21:17:38 UTC (rev 
307803)
@@ -1,91 +0,0 @@
-From 02f7e4101092b88e57c73171174976c8a72a3eba Mon Sep 17 00:00:00 2001
-From: Eric Dumazet 
-Date: Mon, 2 Oct 2017 12:20:51 -0700
-Subject: socket, bpf: fix possible use after free
-
-[ Upstream commit eefca20eb20c66b06cf5ed09b49b1a7caaa27b7b ]
-
-Starting from linux-4.4, 3WHS no longer takes the listener lock.
-
-Since this time, we might hit a use-after-free in sk_filter_charge(),
-if the filter we got in the memcpy() of the listener content
-just happened to be replaced by a thread changing listener BPF filter.
-
-To fix this, we need to make sure the filter refcount is not already
-zero before incrementing it again.
-
-Fixes: e994b2f0fb92 ("tcp: do not lock listener to process SYN packets")
-Signed-off-by: Eric Dumazet 
-Acked-by: Alexei Starovoitov 
-Acked-by: Daniel Borkmann 
-Signed-off-by: David S. Miller 
-Signed-off-by: Greg Kroah-Hartman 

- net/core/filter.c | 15 +--
- net/core/sock.c   |  5 -
- 2 files changed, 17 insertions(+), 3 deletions(-)
-
-diff --git a/net/core/filter.c b/net/core/filter.c
-index 4eb4ce0..bfeedbb 100644
 a/net/core/filter.c
-+++ b/net/core/filter.c
-@@ -937,20 +937,31 @@ void sk_filter_uncharge(struct sock *sk, struct 
sk_filter *fp)
- /* try to charge the socket memory if there is space available
-  * return true on success
-  */
--bool sk_filter_charge(struct sock *sk, struct sk_filter *fp)
-+static bool __sk_filter_charge(struct sock *sk, struct sk_filter *fp)
- {
-   u32 filter_size = bpf_prog_size(fp->prog->len);
- 
-   /* same check as in sock_kmalloc() */
-   if (filter_size <= sysctl_optmem_max &&
-

[arch-commits] Commit in linux-lts/trunk (2 files)

2017-10-12 Thread Andreas Radke 
Date: Thursday, October 12, 2017 @ 19:09:07
  Author: andyrtr
Revision: 307785

upgpkg: linux-lts 4.9.55-1

upstream update 4.8.55 - revert one commit that breaks network (dhcp)

Added:
  linux-lts/trunk/socket_bpf_fix_possible_use_after_free.diff
Modified:
  linux-lts/trunk/PKGBUILD

-+
 PKGBUILD|   12 ++-
 socket_bpf_fix_possible_use_after_free.diff |   91 ++
 2 files changed, 100 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===
--- PKGBUILD2017-10-12 18:50:22 UTC (rev 307784)
+++ PKGBUILD2017-10-12 19:09:07 UTC (rev 307785)
@@ -9,7 +9,7 @@
 arch=('i686' 'x86_64')
 url="https://www.kernel.org/;
 license=('GPL2')
-makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc' 'libelf')
+makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc' 'libelf' 'git')
 options=('!strip')
 source=(https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.{xz,sign}
 https://www.kernel.org/pub/linux/kernel/v4.x/patch-${pkgver}.{xz,sign}
@@ -19,7 +19,8 @@
 '90-linux.hook'
 # standard config files for mkinitcpio ramdisk
 linux-lts.preset
-change-default-console-loglevel.patch)
+change-default-console-loglevel.patch
+socket_bpf_fix_possible_use_after_free.diff)
 # https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
 sha256sums=('029098dcffab74875e086ae970e3828456838da6e0ba22ce3f64ef764f3d7f1a'
 'SKIP'
@@ -29,7 +30,8 @@
 '1bec2ba1cd21b26234caf33cca737259797430d4fe5fade16e60480a9442a6e0'
 '834bd254b56ab71d73f59b3221f056c72f559553c04718e350ab2a3e2991afe0'
 '1f036f7464da54ae510630f0edb69faa115287f86d9f17641197ffda8cfd49e0'
-'1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99')
+'1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99'
+'f6a5db4ef1580922ffd0e2d080a8a6ba9b97e270f8373f09c4675241447d6af6')
 validpgpkeys=('ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds 

   '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman 
(Linux kernel stable release signing key) 
  )
@@ -45,6 +47,10 @@
   # add latest fixes from stable queue, if needed
   # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
 
+  # fix broken network reverting upstream commit
+  # 
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.9.y=02f7e4101092b88e57c73171174976c8a72a3eba
+  patch -Rp1 -i ../socket_bpf_fix_possible_use_after_free.diff
+
   # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
   # remove this when a Kconfig knob is made available by upstream
   # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)

Added: socket_bpf_fix_possible_use_after_free.diff
===
--- socket_bpf_fix_possible_use_after_free.diff (rev 0)
+++ socket_bpf_fix_possible_use_after_free.diff 2017-10-12 19:09:07 UTC (rev 
307785)
@@ -0,0 +1,91 @@
+From 02f7e4101092b88e57c73171174976c8a72a3eba Mon Sep 17 00:00:00 2001
+From: Eric Dumazet 
+Date: Mon, 2 Oct 2017 12:20:51 -0700
+Subject: socket, bpf: fix possible use after free
+
+[ Upstream commit eefca20eb20c66b06cf5ed09b49b1a7caaa27b7b ]
+
+Starting from linux-4.4, 3WHS no longer takes the listener lock.
+
+Since this time, we might hit a use-after-free in sk_filter_charge(),
+if the filter we got in the memcpy() of the listener content
+just happened to be replaced by a thread changing listener BPF filter.
+
+To fix this, we need to make sure the filter refcount is not already
+zero before incrementing it again.
+
+Fixes: e994b2f0fb92 ("tcp: do not lock listener to process SYN packets")
+Signed-off-by: Eric Dumazet 
+Acked-by: Alexei Starovoitov 
+Acked-by: Daniel Borkmann 
+Signed-off-by: David S. Miller 
+Signed-off-by: Greg Kroah-Hartman 
+---
+ net/core/filter.c | 15 +--
+ net/core/sock.c   |  5 -
+ 2 files changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/net/core/filter.c b/net/core/filter.c
+index 4eb4ce0..bfeedbb 100644
+--- a/net/core/filter.c
 b/net/core/filter.c
+@@ -937,20 +937,31 @@ void sk_filter_uncharge(struct sock *sk, struct 
sk_filter *fp)
+ /* try to charge the socket memory if there is space available
+  * return true on success
+  */
+-bool sk_filter_charge(struct sock *sk, struct sk_filter *fp)
++static bool __sk_filter_charge(struct sock *sk, struct sk_filter *fp)
+ {
+   u32 filter_size = bpf_prog_size(fp->prog->len);
+ 
+   /* same check as in sock_kmalloc() */
+   if (filter_size <= sysctl_optmem_max &&
+

[arch-commits] Commit in linux-lts/trunk (2 files)

2017-03-15 Thread Andreas Radke 
Date: Wednesday, March 15, 2017 @ 15:03:01
  Author: andyrtr
Revision: 290878

upgpkg: linux-lts 4.9.15-1

upstream update 4.9.15

Modified:
  linux-lts/trunk/PKGBUILD
Deleted:
  linux-lts/trunk/0001-tty-n_hdlc-get-rid-of-racy-n_hdlc_tbuf.patch

---+
 0001-tty-n_hdlc-get-rid-of-racy-n_hdlc_tbuf.patch |  311 
 PKGBUILD  |   13 
 2 files changed, 4 insertions(+), 320 deletions(-)

Deleted: 0001-tty-n_hdlc-get-rid-of-racy-n_hdlc_tbuf.patch
===
--- 0001-tty-n_hdlc-get-rid-of-racy-n_hdlc_tbuf.patch   2017-03-15 14:23:40 UTC 
(rev 290877)
+++ 0001-tty-n_hdlc-get-rid-of-racy-n_hdlc_tbuf.patch   2017-03-15 15:03:01 UTC 
(rev 290878)
@@ -1,311 +0,0 @@
->From 1dea7a8061ad9212f4464464a80d0dcd477eceab Mon Sep 17 00:00:00 2001
-From: Alexander Popov 
-Date: Tue, 28 Feb 2017 19:28:54 +0300
-Subject: [PATCH 1/1] tty: n_hdlc: get rid of racy n_hdlc.tbuf
-
-Currently N_HDLC line discipline uses a self-made singly linked list for
-data buffers and has n_hdlc.tbuf pointer for buffer retransmitting after
-an error.
-
-The commit be10eb7589337e5defbe214dae038a53dd21add8
-("tty: n_hdlc add buffer flushing") introduced racy access to n_hdlc.tbuf.
-After tx error concurrent flush_tx_queue() and n_hdlc_send_frames() can put
-one data buffer to tx_free_buf_list twice. That causes double free in
-n_hdlc_release().
-
-Let's use standard kernel linked list and get rid of n_hdlc.tbuf:
-in case of tx error put current data buffer after the head of tx_buf_list.
-
-Signed-off-by: Alexander Popov 

- drivers/tty/n_hdlc.c | 132 +++
- 1 file changed, 69 insertions(+), 63 deletions(-)
-
-diff --git a/drivers/tty/n_hdlc.c b/drivers/tty/n_hdlc.c
-index eb27883..728c824 100644
 a/drivers/tty/n_hdlc.c
-+++ b/drivers/tty/n_hdlc.c
-@@ -114,7 +114,7 @@
- #define DEFAULT_TX_BUF_COUNT 3
- 
- struct n_hdlc_buf {
--  struct n_hdlc_buf *link;
-+  struct list_head  list_item;
-   int   count;
-   char  buf[1];
- };
-@@ -122,8 +122,7 @@ struct n_hdlc_buf {
- #define   N_HDLC_BUF_SIZE (sizeof(struct n_hdlc_buf) + maxframe)
- 
- struct n_hdlc_buf_list {
--  struct n_hdlc_buf *head;
--  struct n_hdlc_buf *tail;
-+  struct list_head  list;
-   int   count;
-   spinlock_tspinlock;
- };
-@@ -136,7 +135,6 @@ struct n_hdlc_buf_list {
-  * @backup_tty - TTY to use if tty gets closed
-  * @tbusy - reentrancy flag for tx wakeup code
-  * @woke_up - FIXME: describe this field
-- * @tbuf - currently transmitting tx buffer
-  * @tx_buf_list - list of pending transmit frame buffers
-  * @rx_buf_list - list of received frame buffers
-  * @tx_free_buf_list - list unused transmit frame buffers
-@@ -149,7 +147,6 @@ struct n_hdlc {
-   struct tty_struct   *backup_tty;
-   int tbusy;
-   int woke_up;
--  struct n_hdlc_buf   *tbuf;
-   struct n_hdlc_buf_list  tx_buf_list;
-   struct n_hdlc_buf_list  rx_buf_list;
-   struct n_hdlc_buf_list  tx_free_buf_list;
-@@ -159,6 +156,8 @@ struct n_hdlc {
- /*
-  * HDLC buffer list manipulation functions
-  */
-+static void n_hdlc_buf_return(struct n_hdlc_buf_list *buf_list,
-+  struct n_hdlc_buf *buf);
- static void n_hdlc_buf_put(struct n_hdlc_buf_list *list,
-  struct n_hdlc_buf *buf);
- static struct n_hdlc_buf *n_hdlc_buf_get(struct n_hdlc_buf_list *list);
-@@ -208,16 +207,9 @@ static void flush_tx_queue(struct tty_struct *tty)
- {
-   struct n_hdlc *n_hdlc = tty2n_hdlc(tty);
-   struct n_hdlc_buf *buf;
--  unsigned long flags;
- 
-   while ((buf = n_hdlc_buf_get(_hdlc->tx_buf_list)))
-   n_hdlc_buf_put(_hdlc->tx_free_buf_list, buf);
--  spin_lock_irqsave(_hdlc->tx_buf_list.spinlock, flags);
--  if (n_hdlc->tbuf) {
--  n_hdlc_buf_put(_hdlc->tx_free_buf_list, n_hdlc->tbuf);
--  n_hdlc->tbuf = NULL;
--  }
--  spin_unlock_irqrestore(_hdlc->tx_buf_list.spinlock, flags);
- }
- 
- static struct tty_ldisc_ops n_hdlc_ldisc = {
-@@ -283,7 +275,6 @@ static void n_hdlc_release(struct n_hdlc *n_hdlc)
-   } else
-   break;
-   }
--  kfree(n_hdlc->tbuf);
-   kfree(n_hdlc);
-   
- } /* end of n_hdlc_release() */
-@@ -402,13 +393,7 @@ static void n_hdlc_send_frames(struct n_hdlc *n_hdlc, 
struct tty_struct *tty)
-   n_hdlc->woke_up = 0;
-   spin_unlock_irqrestore(_hdlc->tx_buf_list.spinlock, flags);
- 
--  /* get current transmit buffer or get new transmit */
--  /* buffer from list of pending transmit buffers */
--  
--  tbuf = n_hdlc->tbuf;
--  if (!tbuf)
--  tbuf = n_hdlc_buf_get(_hdlc->tx_buf_list);
--  
-+  tbuf

[arch-commits] Commit in linux-lts/trunk (2 files)

2017-03-12 Thread Andreas Radke 
Date: Sunday, March 12, 2017 @ 13:15:19
  Author: andyrtr
Revision: 290674

upgpkg: linux-lts 4.9.14-1

upstream update 4.9.14; apply fix for CVE-2017-2636

Added:
  linux-lts/trunk/0001-tty-n_hdlc-get-rid-of-racy-n_hdlc_tbuf.patch
Modified:
  linux-lts/trunk/PKGBUILD

---+
 0001-tty-n_hdlc-get-rid-of-racy-n_hdlc_tbuf.patch |  311 
 PKGBUILD  |   13 
 2 files changed, 320 insertions(+), 4 deletions(-)

Added: 0001-tty-n_hdlc-get-rid-of-racy-n_hdlc_tbuf.patch
===
--- 0001-tty-n_hdlc-get-rid-of-racy-n_hdlc_tbuf.patch   
(rev 0)
+++ 0001-tty-n_hdlc-get-rid-of-racy-n_hdlc_tbuf.patch   2017-03-12 13:15:19 UTC 
(rev 290674)
@@ -0,0 +1,311 @@
+>From 1dea7a8061ad9212f4464464a80d0dcd477eceab Mon Sep 17 00:00:00 2001
+From: Alexander Popov 
+Date: Tue, 28 Feb 2017 19:28:54 +0300
+Subject: [PATCH 1/1] tty: n_hdlc: get rid of racy n_hdlc.tbuf
+
+Currently N_HDLC line discipline uses a self-made singly linked list for
+data buffers and has n_hdlc.tbuf pointer for buffer retransmitting after
+an error.
+
+The commit be10eb7589337e5defbe214dae038a53dd21add8
+("tty: n_hdlc add buffer flushing") introduced racy access to n_hdlc.tbuf.
+After tx error concurrent flush_tx_queue() and n_hdlc_send_frames() can put
+one data buffer to tx_free_buf_list twice. That causes double free in
+n_hdlc_release().
+
+Let's use standard kernel linked list and get rid of n_hdlc.tbuf:
+in case of tx error put current data buffer after the head of tx_buf_list.
+
+Signed-off-by: Alexander Popov 
+---
+ drivers/tty/n_hdlc.c | 132 +++
+ 1 file changed, 69 insertions(+), 63 deletions(-)
+
+diff --git a/drivers/tty/n_hdlc.c b/drivers/tty/n_hdlc.c
+index eb27883..728c824 100644
+--- a/drivers/tty/n_hdlc.c
 b/drivers/tty/n_hdlc.c
+@@ -114,7 +114,7 @@
+ #define DEFAULT_TX_BUF_COUNT 3
+ 
+ struct n_hdlc_buf {
+-  struct n_hdlc_buf *link;
++  struct list_head  list_item;
+   int   count;
+   char  buf[1];
+ };
+@@ -122,8 +122,7 @@ struct n_hdlc_buf {
+ #define   N_HDLC_BUF_SIZE (sizeof(struct n_hdlc_buf) + maxframe)
+ 
+ struct n_hdlc_buf_list {
+-  struct n_hdlc_buf *head;
+-  struct n_hdlc_buf *tail;
++  struct list_head  list;
+   int   count;
+   spinlock_tspinlock;
+ };
+@@ -136,7 +135,6 @@ struct n_hdlc_buf_list {
+  * @backup_tty - TTY to use if tty gets closed
+  * @tbusy - reentrancy flag for tx wakeup code
+  * @woke_up - FIXME: describe this field
+- * @tbuf - currently transmitting tx buffer
+  * @tx_buf_list - list of pending transmit frame buffers
+  * @rx_buf_list - list of received frame buffers
+  * @tx_free_buf_list - list unused transmit frame buffers
+@@ -149,7 +147,6 @@ struct n_hdlc {
+   struct tty_struct   *backup_tty;
+   int tbusy;
+   int woke_up;
+-  struct n_hdlc_buf   *tbuf;
+   struct n_hdlc_buf_list  tx_buf_list;
+   struct n_hdlc_buf_list  rx_buf_list;
+   struct n_hdlc_buf_list  tx_free_buf_list;
+@@ -159,6 +156,8 @@ struct n_hdlc {
+ /*
+  * HDLC buffer list manipulation functions
+  */
++static void n_hdlc_buf_return(struct n_hdlc_buf_list *buf_list,
++  struct n_hdlc_buf *buf);
+ static void n_hdlc_buf_put(struct n_hdlc_buf_list *list,
+  struct n_hdlc_buf *buf);
+ static struct n_hdlc_buf *n_hdlc_buf_get(struct n_hdlc_buf_list *list);
+@@ -208,16 +207,9 @@ static void flush_tx_queue(struct tty_struct *tty)
+ {
+   struct n_hdlc *n_hdlc = tty2n_hdlc(tty);
+   struct n_hdlc_buf *buf;
+-  unsigned long flags;
+ 
+   while ((buf = n_hdlc_buf_get(_hdlc->tx_buf_list)))
+   n_hdlc_buf_put(_hdlc->tx_free_buf_list, buf);
+-  spin_lock_irqsave(_hdlc->tx_buf_list.spinlock, flags);
+-  if (n_hdlc->tbuf) {
+-  n_hdlc_buf_put(_hdlc->tx_free_buf_list, n_hdlc->tbuf);
+-  n_hdlc->tbuf = NULL;
+-  }
+-  spin_unlock_irqrestore(_hdlc->tx_buf_list.spinlock, flags);
+ }
+ 
+ static struct tty_ldisc_ops n_hdlc_ldisc = {
+@@ -283,7 +275,6 @@ static void n_hdlc_release(struct n_hdlc *n_hdlc)
+   } else
+   break;
+   }
+-  kfree(n_hdlc->tbuf);
+   kfree(n_hdlc);
+   
+ } /* end of n_hdlc_release() */
+@@ -402,13 +393,7 @@ static void n_hdlc_send_frames(struct n_hdlc *n_hdlc, 
struct tty_struct *tty)
+   n_hdlc->woke_up = 0;
+   spin_unlock_irqrestore(_hdlc->tx_buf_list.spinlock, flags);
+ 
+-  /* get current transmit buffer or get new transmit */
+-  /* buffer from list of pending transmit buffers */
+-  
+-  tbuf = n_hdlc->tbuf;
+-  if (!tbuf)
+-  tbuf = n_hdlc_buf_get(_hdlc->tx_buf_list);
+-

[arch-commits] Commit in linux-lts/trunk (2 files)

2017-02-26 Thread Andreas Radke 
Date: Sunday, February 26, 2017 @ 21:24:48
  Author: andyrtr
Revision: 289571

upgpkg: linux-lts 4.4.52-1

upstream update 4.4.52

Modified:
  linux-lts/trunk/PKGBUILD
Deleted:
  linux-lts/trunk/0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch

+
 0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch |   47 
--
 PKGBUILD   |   13 --
 2 files changed, 4 insertions(+), 56 deletions(-)

Deleted: 0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch
===
--- 0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch  
2017-02-26 21:10:33 UTC (rev 289570)
+++ 0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch  
2017-02-26 21:24:48 UTC (rev 289571)
@@ -1,47 +0,0 @@
-From 5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 Mon Sep 17 00:00:00 2001
-From: Andrey Konovalov 
-Date: Thu, 16 Feb 2017 17:22:46 +0100
-Subject: [PATCH] dccp: fix freeing skb too early for IPV6_RECVPKTINFO
-
-In the current DCCP implementation an skb for a DCCP_PKT_REQUEST packet
-is forcibly freed via __kfree_skb in dccp_rcv_state_process if
-dccp_v6_conn_request successfully returns.
-
-However, if IPV6_RECVPKTINFO is set on a socket, the address of the skb
-is saved to ireq->pktopts and the ref count for skb is incremented in
-dccp_v6_conn_request, so skb is still in use. Nevertheless, it gets freed
-in dccp_rcv_state_process.
-
-Fix by calling consume_skb instead of doing goto discard and therefore
-calling __kfree_skb.
-
-Similar fixes for TCP:
-
-fb7e2399ec17f1004c0e0ccfd17439f8759ede01 [TCP]: skb is unexpectedly freed.
-0aea76d35c9651d55bbaf746e7914e5f9ae5a25d tcp: SYN packets are now
-simply consumed
-
-Signed-off-by: Andrey Konovalov 
-Acked-by: Eric Dumazet 
-Signed-off-by: David S. Miller 

- net/dccp/input.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/net/dccp/input.c b/net/dccp/input.c
-index ba347184bda9b3fe..8fedc2d497709b3d 100644
 a/net/dccp/input.c
-+++ b/net/dccp/input.c
-@@ -606,7 +606,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff 
*skb,
-   if (inet_csk(sk)->icsk_af_ops->conn_request(sk,
-   skb) < 0)
-   return 1;
--  goto discard;
-+  consume_skb(skb);
-+  return 0;
-   }
-   if (dh->dccph_type == DCCP_PKT_RESET)
-   goto discard;
--- 
-2.11.1
-

Modified: PKGBUILD
===
--- PKGBUILD2017-02-26 21:10:33 UTC (rev 289570)
+++ PKGBUILD2017-02-26 21:24:48 UTC (rev 289571)
@@ -4,7 +4,7 @@
 pkgbase=linux-lts
 #pkgbase=linux-lts-custom
 _srcname=linux-4.4
-pkgver=4.4.51
+pkgver=4.4.52
 pkgrel=1
 arch=('i686' 'x86_64')
 url="https://www.kernel.org/;
@@ -20,12 +20,11 @@
 # standard config files for mkinitcpio ramdisk
 linux-lts.preset
 change-default-console-loglevel.patch
-0001-sdhci-revert.patch
-0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch)
+0001-sdhci-revert.patch)
 # https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
 sha256sums=('401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2'
 'SKIP'
-'dded5f71d8533a38e8aafad224e0fe5f7d3a4eed1cfc1a79c321581e148821e8'
+'96dfdcb3144509275bba3b3f8ad925b18f31a22dcab5abfd5a4b816977a4e8c3'
 'SKIP'
 'b11702727b1503e5a613946790978481d34d8ecc6870337fadd3ce1ef084a8e2'
 '68c7296ff2f5f55d69e83aa4d20f925df740b1eb1e6bdb0f13e8a170360ed09f'
@@ -32,8 +31,7 @@
 '834bd254b56ab71d73f59b3221f056c72f559553c04718e350ab2a3e2991afe0'
 '1f036f7464da54ae510630f0edb69faa115287f86d9f17641197ffda8cfd49e0'
 '1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99'
-'5313df7cb5b4d005422bd4cd0dae956b2dadba8f3db904275aaf99ac53894375'
-'85954ac18da9dc1bec5df28e2f097d13016e39fa9631074f85b6364af340fcd9')
+'5313df7cb5b4d005422bd4cd0dae956b2dadba8f3db904275aaf99ac53894375')
 validpgpkeys=('ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds 

   '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman 
(Linux kernel stable release signing key) 
  )
@@ -45,9 +43,6 @@
   # add upstream patch
   patch -p1 -i "${srcdir}/patch-${pkgver}"
 
-  # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074
-  patch -p1 -i 
"${srcdir}/0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch"
-
   # add latest fixes from stable queue, if needed
   #

[arch-commits] Commit in linux-lts/trunk (2 files)

2017-02-23 Thread Andreas Radke 
Date: Thursday, February 23, 2017 @ 17:22:40
  Author: andyrtr
Revision: 289441

upgpkg: linux-lts 4.4.50-2

apply fix for CVE-2017-6074

Added:
  linux-lts/trunk/0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch
Modified:
  linux-lts/trunk/PKGBUILD

+
 0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch |   47 
++
 PKGBUILD   |   11 +-
 2 files changed, 55 insertions(+), 3 deletions(-)

Added: 0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch
===
--- 0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch  
(rev 0)
+++ 0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch  
2017-02-23 17:22:40 UTC (rev 289441)
@@ -0,0 +1,47 @@
+From 5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 Mon Sep 17 00:00:00 2001
+From: Andrey Konovalov 
+Date: Thu, 16 Feb 2017 17:22:46 +0100
+Subject: [PATCH] dccp: fix freeing skb too early for IPV6_RECVPKTINFO
+
+In the current DCCP implementation an skb for a DCCP_PKT_REQUEST packet
+is forcibly freed via __kfree_skb in dccp_rcv_state_process if
+dccp_v6_conn_request successfully returns.
+
+However, if IPV6_RECVPKTINFO is set on a socket, the address of the skb
+is saved to ireq->pktopts and the ref count for skb is incremented in
+dccp_v6_conn_request, so skb is still in use. Nevertheless, it gets freed
+in dccp_rcv_state_process.
+
+Fix by calling consume_skb instead of doing goto discard and therefore
+calling __kfree_skb.
+
+Similar fixes for TCP:
+
+fb7e2399ec17f1004c0e0ccfd17439f8759ede01 [TCP]: skb is unexpectedly freed.
+0aea76d35c9651d55bbaf746e7914e5f9ae5a25d tcp: SYN packets are now
+simply consumed
+
+Signed-off-by: Andrey Konovalov 
+Acked-by: Eric Dumazet 
+Signed-off-by: David S. Miller 
+---
+ net/dccp/input.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/net/dccp/input.c b/net/dccp/input.c
+index ba347184bda9b3fe..8fedc2d497709b3d 100644
+--- a/net/dccp/input.c
 b/net/dccp/input.c
+@@ -606,7 +606,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff 
*skb,
+   if (inet_csk(sk)->icsk_af_ops->conn_request(sk,
+   skb) < 0)
+   return 1;
+-  goto discard;
++  consume_skb(skb);
++  return 0;
+   }
+   if (dh->dccph_type == DCCP_PKT_RESET)
+   goto discard;
+-- 
+2.11.1
+

Modified: PKGBUILD
===
--- PKGBUILD2017-02-23 16:50:03 UTC (rev 289440)
+++ PKGBUILD2017-02-23 17:22:40 UTC (rev 289441)
@@ -5,7 +5,7 @@
 #pkgbase=linux-lts-custom
 _srcname=linux-4.4
 pkgver=4.4.50
-pkgrel=1
+pkgrel=2
 arch=('i686' 'x86_64')
 url="https://www.kernel.org/;
 license=('GPL2')
@@ -20,7 +20,8 @@
 # standard config files for mkinitcpio ramdisk
 linux-lts.preset
 change-default-console-loglevel.patch
-0001-sdhci-revert.patch)
+0001-sdhci-revert.patch
+0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch)
 # https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
 sha256sums=('401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2'
 'SKIP'
@@ -31,7 +32,8 @@
 '834bd254b56ab71d73f59b3221f056c72f559553c04718e350ab2a3e2991afe0'
 '1f036f7464da54ae510630f0edb69faa115287f86d9f17641197ffda8cfd49e0'
 '1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99'
-'5313df7cb5b4d005422bd4cd0dae956b2dadba8f3db904275aaf99ac53894375')
+'5313df7cb5b4d005422bd4cd0dae956b2dadba8f3db904275aaf99ac53894375'
+'85954ac18da9dc1bec5df28e2f097d13016e39fa9631074f85b6364af340fcd9')
 validpgpkeys=('ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds 

   '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman 
(Linux kernel stable release signing key) 
  )
@@ -43,6 +45,9 @@
   # add upstream patch
   patch -p1 -i "${srcdir}/patch-${pkgver}"
 
+  # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074
+  patch -p1 -i 
"${srcdir}/0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch"
+
   # add latest fixes from stable queue, if needed
   # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git

[arch-commits] Commit in linux-lts/trunk (2 files)

2016-12-10 Thread Andreas Radke 
Date: Saturday, December 10, 2016 @ 20:11:59
  Author: andyrtr
Revision: 283020

upgpkg: linux-lts 4.4.38-1

upstream update 4.4.38

Modified:
  linux-lts/trunk/PKGBUILD
Deleted:
  linux-lts/trunk/fix_race_condition_in_packet_set_ring.diff

+
 PKGBUILD   |   14 +---
 fix_race_condition_in_packet_set_ring.diff |   84 ---
 2 files changed, 4 insertions(+), 94 deletions(-)

Modified: PKGBUILD
===
--- PKGBUILD2016-12-10 19:46:55 UTC (rev 283019)
+++ PKGBUILD2016-12-10 20:11:59 UTC (rev 283020)
@@ -4,7 +4,7 @@
 pkgbase=linux-lts
 #pkgbase=linux-lts-custom
 _srcname=linux-4.4
-pkgver=4.4.37
+pkgver=4.4.38
 pkgrel=1
 arch=('i686' 'x86_64')
 url="https://www.kernel.org/;
@@ -20,12 +20,11 @@
 # standard config files for mkinitcpio ramdisk
 linux-lts.preset
 change-default-console-loglevel.patch
-0001-sdhci-revert.patch
-fix_race_condition_in_packet_set_ring.diff)
+0001-sdhci-revert.patch)
 # https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
 sha256sums=('401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2'
 'SKIP'
-'1dfa256765585bf85a17b7129d717761e12338c654a3a3a803f1d967ccfa54f3'
+'48ec169c7adda820973b3cb9c4c91c72bb69c86f530d149065491a20ef0c4057'
 'SKIP'
 'b11702727b1503e5a613946790978481d34d8ecc6870337fadd3ce1ef084a8e2'
 '68c7296ff2f5f55d69e83aa4d20f925df740b1eb1e6bdb0f13e8a170360ed09f'
@@ -32,8 +31,7 @@
 '834bd254b56ab71d73f59b3221f056c72f559553c04718e350ab2a3e2991afe0'
 '1f036f7464da54ae510630f0edb69faa115287f86d9f17641197ffda8cfd49e0'
 '1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99'
-'5313df7cb5b4d005422bd4cd0dae956b2dadba8f3db904275aaf99ac53894375'
-'ad1ee95f906f88d31fcdb9273cd08e02e8eda177449f0c98dc1bff8cbf1483c2')
+'5313df7cb5b4d005422bd4cd0dae956b2dadba8f3db904275aaf99ac53894375')
 validpgpkeys=('ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds 

   '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman 
(Linux kernel stable release signing key) 
  )
@@ -45,10 +43,6 @@
   # add upstream patch
   patch -p1 -i "${srcdir}/patch-${pkgver}"
 
-  # fix a race condition that allows to gain root
-  # https://marc.info/?l=linux-netdev=148054660230570=2
-  patch -p1 -i "${srcdir}/fix_race_condition_in_packet_set_ring.diff"
-
   # add latest fixes from stable queue, if needed
   # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
 

Deleted: fix_race_condition_in_packet_set_ring.diff
===
--- fix_race_condition_in_packet_set_ring.diff  2016-12-10 19:46:55 UTC (rev 
283019)
+++ fix_race_condition_in_packet_set_ring.diff  2016-12-10 20:11:59 UTC (rev 
283020)
@@ -1,84 +0,0 @@
-From: Philip Pettersson 
-
-When packet_set_ring creates a ring buffer it will initialize a
-struct timer_list if the packet version is TPACKET_V3. This value
-can then be raced by a different thread calling setsockopt to
-set the version to TPACKET_V1 before packet_set_ring has finished.
-
-This leads to a use-after-free on a function pointer in the
-struct timer_list when the socket is closed as the previously
-initialized timer will not be deleted.
-
-The bug is fixed by taking lock_sock(sk) in packet_setsockopt when
-changing the packet version while also taking the lock at the start
-of packet_set_ring.
-
-Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.")
-Signed-off-by: Philip Pettersson 
-Signed-off-by: Eric Dumazet 

- net/packet/af_packet.c | 18 --
- 1 file changed, 12 insertions(+), 6 deletions(-)
-
-diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index 
d2238b204691b8e4f2e3acb9bc167b553ba32d50..dd2332390c45bbff7c3fc5d259453f2e1ca352bf
 100644
 a/net/packet/af_packet.c
-+++ b/net/packet/af_packet.c
-@@ -3648,19 +3648,25 @@ packet_setsockopt(struct socket *sock, int level, int 
optname, char __user *optv
- 
-   if (optlen != sizeof(val))
-   return -EINVAL;
--  if (po->rx_ring.pg_vec || po->tx_ring.pg_vec)
--  return -EBUSY;
-   if (copy_from_user(, optval, sizeof(val)))
-   return -EFAULT;
-   switch (val) {
-   case TPACKET_V1:
-   case TPACKET_V2:
-   case TPACKET_V3:
--  po->tp_version = val;
--  return 0;
-+  break;
-   default:
-   return -EINVAL;
-   }
-+

[arch-commits] Commit in linux-lts/trunk (2 files)

2016-12-06 Thread Andreas Radke 
Date: Tuesday, December 6, 2016 @ 12:06:47
  Author: andyrtr
Revision: 282873

upgpkg: linux-lts 4.4.36-1

upstream update 4.4.36; CVE-2016-8655

Added:
  linux-lts/trunk/fix_race_condition_in_packet_set_ring.diff
Modified:
  linux-lts/trunk/PKGBUILD

+
 PKGBUILD   |   16 +++--
 fix_race_condition_in_packet_set_ring.diff |   84 +++
 2 files changed, 95 insertions(+), 5 deletions(-)

Modified: PKGBUILD
===
--- PKGBUILD2016-12-06 11:08:10 UTC (rev 282872)
+++ PKGBUILD2016-12-06 12:06:47 UTC (rev 282873)
@@ -4,10 +4,10 @@
 pkgbase=linux-lts
 #pkgbase=linux-lts-custom
 _srcname=linux-4.4
-pkgver=4.4.35
+pkgver=4.4.36
 pkgrel=1
 arch=('i686' 'x86_64')
-url="http://www.kernel.org/;
+url="https://www.kernel.org/;
 license=('GPL2')
 makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc')
 options=('!strip')
@@ -18,17 +18,19 @@
 # standard config files for mkinitcpio ramdisk
 linux-lts.preset
 change-default-console-loglevel.patch
-0001-sdhci-revert.patch)
+0001-sdhci-revert.patch
+fix_race_condition_in_packet_set_ring.diff)
 # https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
 sha256sums=('401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2'
 'SKIP'
-'5d0cc352645127191767e1c33f78c48dfdee7022fe425639a4c95a901d5e5c77'
+'468ddfe3f29c314b40e32410c796fda9277620d50bc47b50fafc8a5a4c375e61'
 'SKIP'
 'b11702727b1503e5a613946790978481d34d8ecc6870337fadd3ce1ef084a8e2'
 '68c7296ff2f5f55d69e83aa4d20f925df740b1eb1e6bdb0f13e8a170360ed09f'
 '1f036f7464da54ae510630f0edb69faa115287f86d9f17641197ffda8cfd49e0'
 '1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99'
-'5313df7cb5b4d005422bd4cd0dae956b2dadba8f3db904275aaf99ac53894375')
+'5313df7cb5b4d005422bd4cd0dae956b2dadba8f3db904275aaf99ac53894375'
+'ad1ee95f906f88d31fcdb9273cd08e02e8eda177449f0c98dc1bff8cbf1483c2')
 validpgpkeys=('ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds 

   '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman 
(Linux kernel stable release signing key) 
  )
@@ -40,6 +42,10 @@
   # add upstream patch
   patch -p1 -i "${srcdir}/patch-${pkgver}"
 
+  # fix a race condition that allows to gain root
+  # https://marc.info/?l=linux-netdev=148054660230570=2
+  patch -p1 -i "${srcdir}/fix_race_condition_in_packet_set_ring.diff"
+
   # add latest fixes from stable queue, if needed
   # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
 

Added: fix_race_condition_in_packet_set_ring.diff
===
--- fix_race_condition_in_packet_set_ring.diff  (rev 0)
+++ fix_race_condition_in_packet_set_ring.diff  2016-12-06 12:06:47 UTC (rev 
282873)
@@ -0,0 +1,84 @@
+From: Philip Pettersson 
+
+When packet_set_ring creates a ring buffer it will initialize a
+struct timer_list if the packet version is TPACKET_V3. This value
+can then be raced by a different thread calling setsockopt to
+set the version to TPACKET_V1 before packet_set_ring has finished.
+
+This leads to a use-after-free on a function pointer in the
+struct timer_list when the socket is closed as the previously
+initialized timer will not be deleted.
+
+The bug is fixed by taking lock_sock(sk) in packet_setsockopt when
+changing the packet version while also taking the lock at the start
+of packet_set_ring.
+
+Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.")
+Signed-off-by: Philip Pettersson 
+Signed-off-by: Eric Dumazet 
+---
+ net/packet/af_packet.c | 18 --
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
+index 
d2238b204691b8e4f2e3acb9bc167b553ba32d50..dd2332390c45bbff7c3fc5d259453f2e1ca352bf
 100644
+--- a/net/packet/af_packet.c
 b/net/packet/af_packet.c
+@@ -3648,19 +3648,25 @@ packet_setsockopt(struct socket *sock, int level, int 
optname, char __user *optv
+ 
+   if (optlen != sizeof(val))
+   return -EINVAL;
+-  if (po->rx_ring.pg_vec || po->tx_ring.pg_vec)
+-  return -EBUSY;
+   if (copy_from_user(, optval, sizeof(val)))
+   return -EFAULT;
+   switch (val) {
+   case TPACKET_V1:
+   case TPACKET_V2:
+   case TPACKET_V3:
+-  po->tp_version = val;
+-  return 0;
++  break;
+   default:
+   return -EINVAL;
+

[arch-commits] Commit in linux-lts/trunk (2 files)

2015-10-23 Thread Andreas Radke 
Date: Friday, October 23, 2015 @ 21:07:32
  Author: andyrtr
Revision: 249690

upgpkg: linux-lts 4.1.11-1

rebuild for 4.1.11

Modified:
  linux-lts/trunk/PKGBUILD
Deleted:
  linux-lts/trunk/0001_inet_fix_potential_deadlock_in_reqsk_queue_unlink.diff

-+
 0001_inet_fix_potential_deadlock_in_reqsk_queue_unlink.diff |   37 --
 PKGBUILD|   15 +---
 2 files changed, 5 insertions(+), 47 deletions(-)

Deleted: 0001_inet_fix_potential_deadlock_in_reqsk_queue_unlink.diff
===
--- 0001_inet_fix_potential_deadlock_in_reqsk_queue_unlink.diff 2015-10-23 
17:26:10 UTC (rev 249689)
+++ 0001_inet_fix_potential_deadlock_in_reqsk_queue_unlink.diff 2015-10-23 
19:07:32 UTC (rev 249690)
@@ -1,37 +0,0 @@
-From 83fccfc3940c4a2db90fd7e7079f5b465cd8c6af Mon Sep 17 00:00:00 2001
-From: Eric Dumazet 
-Date: Thu, 13 Aug 2015 15:44:51 -0700
-Subject: inet: fix potential deadlock in reqsk_queue_unlink()
-
-When replacing del_timer() with del_timer_sync(), I introduced
-a deadlock condition :
-
-reqsk_queue_unlink() is called from inet_csk_reqsk_queue_drop()
-
-inet_csk_reqsk_queue_drop() can be called from many contexts,
-one being the timer handler itself (reqsk_timer_handler()).
-
-In this case, del_timer_sync() loops forever.
-
-Simple fix is to test if timer is pending.
-
-Fixes: 2235f2ac75fd ("inet: fix races with reqsk timers")
-Signed-off-by: Eric Dumazet 
-Signed-off-by: David S. Miller 
-
-diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
-index 05e3145..1349571 100644
 a/net/ipv4/inet_connection_sock.c
-+++ b/net/ipv4/inet_connection_sock.c
-@@ -593,7 +593,7 @@ static bool reqsk_queue_unlink(struct request_sock_queue 
*queue,
-   }
- 
-   spin_unlock(>syn_wait_lock);
--  if (del_timer_sync(>rsk_timer))
-+  if (timer_pending(>rsk_timer) && del_timer_sync(>rsk_timer))
-   reqsk_put(req);
-   return found;
- }
--- 
-cgit v0.10.2
-

Modified: PKGBUILD
===
--- PKGBUILD2015-10-23 17:26:10 UTC (rev 249689)
+++ PKGBUILD2015-10-23 19:07:32 UTC (rev 249690)
@@ -4,8 +4,8 @@
 
 pkgbase=linux-lts
 _srcname=linux-4.1
-pkgver=4.1.10
-pkgrel=2
+pkgver=4.1.11
+pkgrel=1
 arch=('i686' 'x86_64')
 url="http://www.kernel.org/;
 license=('GPL2')
@@ -17,18 +17,16 @@
 'config' 'config.x86_64'
 # standard config files for mkinitcpio ramdisk
 "$pkgbase.preset"
-change-default-console-loglevel.patch
-0001_inet_fix_potential_deadlock_in_reqsk_queue_unlink.diff)
+change-default-console-loglevel.patch)
 # https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
 sha256sums=('caf51f085aac1e1cea4d00dbbf3093ead07b551fc07b31b2a989c05f8ea72d9f'
 'SKIP'
-'929e210fe6dbd5dd26812c146630be14e979aae6c960a2feb39544babb8e73cb'
+'f98156dd7ceac2849de16b38cdb7a530cd3c74833ab613e0822b7bc4583cccb1'
 'SKIP'
 'a3a17dec60161aa885c372a5edaa047f5e43044a66a5088e19392986eb8ea1a8'
 '70842d2c2bc56f4520bc021786e386634cb1b7adbfbdf704d048aefa65d59aa2'
 '1f036f7464da54ae510630f0edb69faa115287f86d9f17641197ffda8cfd49e0'
-'1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99'
-'fd5dcb1847fc22f36892673066c801e818dce42d1f709dafa9f12bf8337024f3')
+'1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99')
 validpgpkeys=('ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds 

   '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman 
(Linux kernel stable release signing key) 
  )
@@ -42,9 +40,6 @@
 
   # add latest fixes from stable queue, if needed
   # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
-  
-  # fix network deadlocks; FS#46570
-  patch -p1 -i 
${srcdir}/0001_inet_fix_potential_deadlock_in_reqsk_queue_unlink.diff
 
   # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
   # remove this when a Kconfig knob is made available by upstream

[arch-commits] Commit in linux-lts/trunk (2 files)

2015-10-07 Thread Andreas Radke 
Date: Wednesday, October 7, 2015 @ 22:26:33
  Author: andyrtr
Revision: 248471

upgpkg: linux-lts 4.1.10-2

fix inet deadlock - FS#46570

Added:
  linux-lts/trunk/0001_inet_fix_potential_deadlock_in_reqsk_queue_unlink.diff
Modified:
  linux-lts/trunk/PKGBUILD

-+
 0001_inet_fix_potential_deadlock_in_reqsk_queue_unlink.diff |   37 ++
 PKGBUILD|   11 ++
 2 files changed, 45 insertions(+), 3 deletions(-)

Added: 0001_inet_fix_potential_deadlock_in_reqsk_queue_unlink.diff
===
--- 0001_inet_fix_potential_deadlock_in_reqsk_queue_unlink.diff 
(rev 0)
+++ 0001_inet_fix_potential_deadlock_in_reqsk_queue_unlink.diff 2015-10-07 
20:26:33 UTC (rev 248471)
@@ -0,0 +1,37 @@
+From 83fccfc3940c4a2db90fd7e7079f5b465cd8c6af Mon Sep 17 00:00:00 2001
+From: Eric Dumazet 
+Date: Thu, 13 Aug 2015 15:44:51 -0700
+Subject: inet: fix potential deadlock in reqsk_queue_unlink()
+
+When replacing del_timer() with del_timer_sync(), I introduced
+a deadlock condition :
+
+reqsk_queue_unlink() is called from inet_csk_reqsk_queue_drop()
+
+inet_csk_reqsk_queue_drop() can be called from many contexts,
+one being the timer handler itself (reqsk_timer_handler()).
+
+In this case, del_timer_sync() loops forever.
+
+Simple fix is to test if timer is pending.
+
+Fixes: 2235f2ac75fd ("inet: fix races with reqsk timers")
+Signed-off-by: Eric Dumazet 
+Signed-off-by: David S. Miller 
+
+diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
+index 05e3145..1349571 100644
+--- a/net/ipv4/inet_connection_sock.c
 b/net/ipv4/inet_connection_sock.c
+@@ -593,7 +593,7 @@ static bool reqsk_queue_unlink(struct request_sock_queue 
*queue,
+   }
+ 
+   spin_unlock(>syn_wait_lock);
+-  if (del_timer_sync(>rsk_timer))
++  if (timer_pending(>rsk_timer) && del_timer_sync(>rsk_timer))
+   reqsk_put(req);
+   return found;
+ }
+-- 
+cgit v0.10.2
+

Modified: PKGBUILD
===
--- PKGBUILD2015-10-07 19:22:32 UTC (rev 248470)
+++ PKGBUILD2015-10-07 20:26:33 UTC (rev 248471)
@@ -5,7 +5,7 @@
 pkgbase=linux-lts
 _srcname=linux-4.1
 pkgver=4.1.10
-pkgrel=1
+pkgrel=2
 arch=('i686' 'x86_64')
 url="http://www.kernel.org/;
 license=('GPL2')
@@ -17,7 +17,8 @@
 'config' 'config.x86_64'
 # standard config files for mkinitcpio ramdisk
 "$pkgbase.preset"
-'change-default-console-loglevel.patch')
+change-default-console-loglevel.patch
+0001_inet_fix_potential_deadlock_in_reqsk_queue_unlink.diff)
 # https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
 sha256sums=('caf51f085aac1e1cea4d00dbbf3093ead07b551fc07b31b2a989c05f8ea72d9f'
 'SKIP'
@@ -26,7 +27,8 @@
 'a3a17dec60161aa885c372a5edaa047f5e43044a66a5088e19392986eb8ea1a8'
 '70842d2c2bc56f4520bc021786e386634cb1b7adbfbdf704d048aefa65d59aa2'
 '1f036f7464da54ae510630f0edb69faa115287f86d9f17641197ffda8cfd49e0'
-'1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99')
+'1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99'
+'fd5dcb1847fc22f36892673066c801e818dce42d1f709dafa9f12bf8337024f3')
 validpgpkeys=('ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds 

   '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman 
(Linux kernel stable release signing key) 
  )
@@ -40,6 +42,9 @@
 
   # add latest fixes from stable queue, if needed
   # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
+  
+  # fix network deadlocks; FS#46570
+  patch -p1 -i 
${srcdir}/0001_inet_fix_potential_deadlock_in_reqsk_queue_unlink.diff
 
   # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
   # remove this when a Kconfig knob is made available by upstream

[arch-commits] Commit in linux-lts/trunk (2 files)

2015-05-21 Thread Evangelos Foutras 
Date: Friday, May 22, 2015 @ 06:03:18
  Author: foutrelis
Revision: 239654

upgpkg: linux-lts 3.14.43-2

Add proposed fix for data loss on md raid0 when discard is used (FS#45040).

Added:
  linux-lts/trunk/md-raid0-fix-restore-to-sector-variable-in-raid0_mak.patch
Modified:
  linux-lts/trunk/PKGBUILD

+
 PKGBUILD   |7 +
 md-raid0-fix-restore-to-sector-variable-in-raid0_mak.patch |   50 +++
 2 files changed, 56 insertions(+), 1 deletion(-)

Modified: PKGBUILD
===
--- PKGBUILD2015-05-22 04:03:07 UTC (rev 239653)
+++ PKGBUILD2015-05-22 04:03:18 UTC (rev 239654)
@@ -5,7 +5,7 @@
 pkgbase=linux-lts
 _srcname=linux-3.14
 pkgver=3.14.43
-pkgrel=1
+pkgrel=2
 arch=('i686' 'x86_64')
 url=http://www.kernel.org/;
 license=('GPL2')
@@ -22,6 +22,7 @@
 '0002-module-allow-multiple-calls-to-MODULE_DEVICE_TABLE-p.patch'
 '0003-module-remove-MODULE_GENERIC_TABLE.patch'
 '0006-genksyms-fix-typeof-handling.patch'
+'md-raid0-fix-restore-to-sector-variable-in-raid0_mak.patch'
 'gcc5_buildfixes.diff'
 )
 # https://www.kernel.org/pub/linux/kernel/v3.x/sha256sums.asc
@@ -37,6 +38,7 @@
 '52dec83a8805a8642d74d764494acda863e0aa23e3d249e80d4b457e20a3fd29'
 '65d58f63215ee3c5f9c4fc6bce36fc5311a6c7dbdbe1ad29de40647b47ff9c0d'
 'cf2e7a2d00787f754028e7459688c2755a406e632ce48b60952fa4ff7ed6f4b7'
+'bc83293e64653d60793708a0e277741f57c018f5ea3551a8aff3a220df917ceb'
 '470d6d019d288dce02b4a9758a34ea71d41715663a19a164749212a470a131e7')
 validpgpkeys=('ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds 
torva...@linux-foundation.org
   '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman 
(Linux kernel stable release signing key) g...@kroah.com
@@ -56,6 +58,9 @@
   # add upstream patch
   patch -p1 -i ${srcdir}/patch-${pkgver}
 
+  # https://bugzilla.kernel.org/show_bug.cgi?id=98501
+  patch -Np1 -i 
${srcdir}/md-raid0-fix-restore-to-sector-variable-in-raid0_mak.patch
+
   # buildfixes for gcc5
   # 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/drivers/scsi/qla2xxx/qla_nx2.c?id=9493c2422cae272d6f1f567cbb424195defe4176
   # https://lkml.org/lkml/2014/11/9/27

Added: md-raid0-fix-restore-to-sector-variable-in-raid0_mak.patch
===
--- md-raid0-fix-restore-to-sector-variable-in-raid0_mak.patch  
(rev 0)
+++ md-raid0-fix-restore-to-sector-variable-in-raid0_mak.patch  2015-05-22 
04:03:18 UTC (rev 239654)
@@ -0,0 +1,50 @@
+From a81157768a00e8cf8a7b43b5ea5cac931262374f Mon Sep 17 00:00:00 2001
+From: Eric Work work.e...@gmail.com
+Date: Mon, 18 May 2015 23:26:23 -0700
+Subject: [PATCH] md/raid0: fix restore to sector variable in
+ raid0_make_request
+
+The variable sector in raid0_make_request() was improperly updated
+by a call to sector_div() which modifies its first argument in place.
+Commit 47d68979cc968535cb87f3e5f2e6a3533ea48fbd restored this variable
+after the call for later re-use.  Unfortunetly the restore was done after
+the referenced variable bio was advanced.  This lead to the original
+value and the restored value being different.  Here we move this line to
+the proper place.
+
+One observed side effect of this bug was discarding a file though
+unlinking would cause an unrelated file's contents to be discarded.
+
+Signed-off-by: NeilBrown ne...@suse.de
+Fixes: 47d68979cc96 (md/raid0: fix bug with chunksize not a power of 2.)
+Cc: sta...@vger.kernel.org (any that received above backport)
+URL: https://bugzilla.kernel.org/show_bug.cgi?id=98501
+---
+ drivers/md/raid0.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c
+index 6a68ef5..efb654e 100644
+--- a/drivers/md/raid0.c
 b/drivers/md/raid0.c
+@@ -524,6 +524,9 @@ static void raid0_make_request(struct mddev *mddev, struct 
bio *bio)
+? (sector  (chunk_sects-1))
+: sector_div(sector, chunk_sects));
+ 
++  /* Restore due to sector_div */
++  sector = bio-bi_iter.bi_sector;
++
+   if (sectors  bio_sectors(bio)) {
+   split = bio_split(bio, sectors, GFP_NOIO, fs_bio_set);
+   bio_chain(split, bio);
+@@ -531,7 +534,6 @@ static void raid0_make_request(struct mddev *mddev, struct 
bio *bio)
+   split = bio;
+   }
+ 
+-  sector = bio-bi_iter.bi_sector;
+   zone = find_zone(mddev-private, sector);
+   tmp_dev = map_sector(mddev, zone, sector, sector);
+   split-bi_bdev = tmp_dev-bdev;
+-- 
+2.4.1
+

[arch-commits] Commit in linux-lts/trunk (2 files)

2015-04-19 Thread Andreas Radke 
Date: Sunday, April 19, 2015 @ 13:33:49
  Author: andyrtr
Revision: 237454

upgpkg: linux-lts 3.14.39-1

upstream update 3.14.39

Modified:
  linux-lts/trunk/PKGBUILD
Deleted:
  linux-lts/trunk/0001-fix-btrfs-mount-deadlock.patch

-+
 0001-fix-btrfs-mount-deadlock.patch |   43 --
 PKGBUILD|   12 ++---
 2 files changed, 3 insertions(+), 52 deletions(-)

Deleted: 0001-fix-btrfs-mount-deadlock.patch
===
--- 0001-fix-btrfs-mount-deadlock.patch 2015-04-19 11:26:33 UTC (rev 237453)
+++ 0001-fix-btrfs-mount-deadlock.patch 2015-04-19 11:33:49 UTC (rev 237454)
@@ -1,43 +0,0 @@
-From 9c4f61f01d269815bb7c37be3ede59c5587747c6 Mon Sep 17 00:00:00 2001
-From: David Sterba dste...@suse.cz
-Date: Fri, 2 Jan 2015 19:12:57 +0100
-Subject: btrfs: simplify insert_orphan_item
-
-We can search and add the orphan item in one go,
-btrfs_insert_orphan_item will find out if the item already exists.
-
-Signed-off-by: David Sterba dste...@suse.cz
-
-diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
-index 5be45c1..25a1c36 100644
 a/fs/btrfs/tree-log.c
-+++ b/fs/btrfs/tree-log.c
-@@ -1254,21 +1254,13 @@ out:
- }
- 
- static int insert_orphan_item(struct btrfs_trans_handle *trans,
--struct btrfs_root *root, u64 offset)
-+struct btrfs_root *root, u64 ino)
- {
-   int ret;
--  struct btrfs_path *path;
--
--  path = btrfs_alloc_path();
--  if (!path)
--  return -ENOMEM;
- 
--  ret = btrfs_find_item(root, path, BTRFS_ORPHAN_OBJECTID,
--  offset, BTRFS_ORPHAN_ITEM_KEY, NULL);
--  if (ret  0)
--  ret = btrfs_insert_orphan_item(trans, root, offset);
--
--  btrfs_free_path(path);
-+  ret = btrfs_insert_orphan_item(trans, root, ino);
-+  if (ret == -EEXIST)
-+  ret = 0;
- 
-   return ret;
- }
--- 
-cgit v0.10.2
-

Modified: PKGBUILD
===
--- PKGBUILD2015-04-19 11:26:33 UTC (rev 237453)
+++ PKGBUILD2015-04-19 11:33:49 UTC (rev 237454)
@@ -4,7 +4,7 @@
 
 pkgbase=linux-lts
 _srcname=linux-3.14
-pkgver=3.14.38
+pkgver=3.14.39
 pkgrel=1
 arch=('i686' 'x86_64')
 url=http://www.kernel.org/;
@@ -22,12 +22,11 @@
 '0002-module-allow-multiple-calls-to-MODULE_DEVICE_TABLE-p.patch'
 '0003-module-remove-MODULE_GENERIC_TABLE.patch'
 '0006-genksyms-fix-typeof-handling.patch'
-'0001-fix-btrfs-mount-deadlock.patch'
 )
 # https://www.kernel.org/pub/linux/kernel/v3.x/sha256sums.asc
 sha256sums=('61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa'
 'SKIP'
-'f03ac0a2656bb4c7d8532af67b74057f1a0cce1f7d43f5019b18c6edf3a7933a'
+'9c50ad5aacfbb8c6f8c3666e305a23d50c922ea0a13dbf44a8e15a9637f1d880'
 'SKIP'
 '999486d20e07e489bb42356b529b739c65ad65de9191282f0ddbbc0eb9b1718e'
 '140098de1ba714c5916ea76578b8bf549ce801c4aa0c786b7c90289b85ecdb77'
@@ -36,8 +35,7 @@
 '6d72e14552df59e6310f16c176806c408355951724cd5b48a47bf01591b8be02'
 '52dec83a8805a8642d74d764494acda863e0aa23e3d249e80d4b457e20a3fd29'
 '65d58f63215ee3c5f9c4fc6bce36fc5311a6c7dbdbe1ad29de40647b47ff9c0d'
-'cf2e7a2d00787f754028e7459688c2755a406e632ce48b60952fa4ff7ed6f4b7'
-'5967cf53cb9db9f070e8f346c3d7045748e4823a7fe2ee330acd18c9d02bbb77')
+'cf2e7a2d00787f754028e7459688c2755a406e632ce48b60952fa4ff7ed6f4b7')
 validpgpkeys=('ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds 
torva...@linux-foundation.org
   '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman 
(Linux kernel stable release signing key) g...@kroah.com
  )
@@ -68,10 +66,6 @@
   # 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dc53324060f324e8af6867f57bf4891c13c6ef18
   patch -p1 -i ${srcdir}/0006-genksyms-fix-typeof-handling.patch
 
-  # fix #44495 and #44385 deadlock on btrfs mount
-  # https://btrfs.wiki.kernel.org/index.php/Gotchas
-  patch -Np1 -i ${srcdir}/0001-fix-btrfs-mount-deadlock.patch
-
   if [ ${CARCH} = x86_64 ]; then
 cat ${srcdir}/config.x86_64  ./.config
   else

[arch-commits] Commit in linux-lts/trunk (2 files)

2015-04-12 Thread Andreas Radke 
Date: Sunday, April 12, 2015 @ 19:49:03
  Author: andyrtr
Revision: 236310

upgpkg: linux-lts 3.14.37-2

fix btrfs deadlock on mount

Added:
  linux-lts/trunk/0001-fix-btrfs-mount-deadlock.patch
Modified:
  linux-lts/trunk/PKGBUILD

-+
 0001-fix-btrfs-mount-deadlock.patch |   43 ++
 PKGBUILD|   10 ++-
 2 files changed, 51 insertions(+), 2 deletions(-)

Added: 0001-fix-btrfs-mount-deadlock.patch
===
--- 0001-fix-btrfs-mount-deadlock.patch (rev 0)
+++ 0001-fix-btrfs-mount-deadlock.patch 2015-04-12 17:49:03 UTC (rev 236310)
@@ -0,0 +1,43 @@
+From 9c4f61f01d269815bb7c37be3ede59c5587747c6 Mon Sep 17 00:00:00 2001
+From: David Sterba dste...@suse.cz
+Date: Fri, 2 Jan 2015 19:12:57 +0100
+Subject: btrfs: simplify insert_orphan_item
+
+We can search and add the orphan item in one go,
+btrfs_insert_orphan_item will find out if the item already exists.
+
+Signed-off-by: David Sterba dste...@suse.cz
+
+diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
+index 5be45c1..25a1c36 100644
+--- a/fs/btrfs/tree-log.c
 b/fs/btrfs/tree-log.c
+@@ -1254,21 +1254,13 @@ out:
+ }
+ 
+ static int insert_orphan_item(struct btrfs_trans_handle *trans,
+-struct btrfs_root *root, u64 offset)
++struct btrfs_root *root, u64 ino)
+ {
+   int ret;
+-  struct btrfs_path *path;
+-
+-  path = btrfs_alloc_path();
+-  if (!path)
+-  return -ENOMEM;
+ 
+-  ret = btrfs_find_item(root, path, BTRFS_ORPHAN_OBJECTID,
+-  offset, BTRFS_ORPHAN_ITEM_KEY, NULL);
+-  if (ret  0)
+-  ret = btrfs_insert_orphan_item(trans, root, offset);
+-
+-  btrfs_free_path(path);
++  ret = btrfs_insert_orphan_item(trans, root, ino);
++  if (ret == -EEXIST)
++  ret = 0;
+ 
+   return ret;
+ }
+-- 
+cgit v0.10.2
+

Modified: PKGBUILD
===
--- PKGBUILD2015-04-12 16:11:33 UTC (rev 236309)
+++ PKGBUILD2015-04-12 17:49:03 UTC (rev 236310)
@@ -5,7 +5,7 @@
 pkgbase=linux-lts
 _srcname=linux-3.14
 pkgver=3.14.37
-pkgrel=1
+pkgrel=2
 arch=('i686' 'x86_64')
 url=http://www.kernel.org/;
 license=('GPL2')
@@ -22,6 +22,7 @@
 '0002-module-allow-multiple-calls-to-MODULE_DEVICE_TABLE-p.patch'
 '0003-module-remove-MODULE_GENERIC_TABLE.patch'
 '0006-genksyms-fix-typeof-handling.patch'
+'0001-fix-btrfs-mount-deadlock.patch'
 )
 # https://www.kernel.org/pub/linux/kernel/v3.x/sha256sums.asc
 sha256sums=('61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa'
@@ -35,7 +36,8 @@
 '6d72e14552df59e6310f16c176806c408355951724cd5b48a47bf01591b8be02'
 '52dec83a8805a8642d74d764494acda863e0aa23e3d249e80d4b457e20a3fd29'
 '65d58f63215ee3c5f9c4fc6bce36fc5311a6c7dbdbe1ad29de40647b47ff9c0d'
-'cf2e7a2d00787f754028e7459688c2755a406e632ce48b60952fa4ff7ed6f4b7')
+'cf2e7a2d00787f754028e7459688c2755a406e632ce48b60952fa4ff7ed6f4b7'
+'5967cf53cb9db9f070e8f346c3d7045748e4823a7fe2ee330acd18c9d02bbb77')
 validpgpkeys=('ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds 
torva...@linux-foundation.org
   '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman 
(Linux kernel stable release signing key) g...@kroah.com
  )
@@ -66,6 +68,10 @@
   # 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dc53324060f324e8af6867f57bf4891c13c6ef18
   patch -p1 -i ${srcdir}/0006-genksyms-fix-typeof-handling.patch
 
+  # fix #44495 and #44385 deadlock on btrfs mount
+  # https://btrfs.wiki.kernel.org/index.php/Gotchas
+  patch -Np1 -i ${srcdir}/0001-fix-btrfs-mount-deadlock.patch
+
   if [ ${CARCH} = x86_64 ]; then
 cat ${srcdir}/config.x86_64  ./.config
   else

[arch-commits] Commit in linux-lts/trunk (2 files)

2014-08-14 Thread Bartłomiej Piotrowski 
Date: Thursday, August 14, 2014 @ 08:14:31
  Author: bpiotrowski
Revision: 219733

upgpkg: linux-lts 3.14.17-1

new upstream release

Modified:
  linux-lts/trunk/PKGBUILD
Deleted:
  linux-lts/trunk/net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch

---+
 PKGBUILD  |   13 +++---
 net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch |   12 -
 2 files changed, 4 insertions(+), 21 deletions(-)

Modified: PKGBUILD
===
--- PKGBUILD2014-08-14 06:02:18 UTC (rev 219732)
+++ PKGBUILD2014-08-14 06:14:31 UTC (rev 219733)
@@ -4,8 +4,8 @@
 
 pkgbase=linux-lts
 _srcname=linux-3.14
-pkgver=3.14.16
-pkgrel=2
+pkgver=3.14.17
+pkgrel=1
 arch=('i686' 'x86_64')
 url=http://www.kernel.org/;
 license=('GPL2')
@@ -22,11 +22,10 @@
 '0002-module-allow-multiple-calls-to-MODULE_DEVICE_TABLE-p.patch'
 '0003-module-remove-MODULE_GENERIC_TABLE.patch'
 '0006-genksyms-fix-typeof-handling.patch'
-'net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch'
 )
 # https://www.kernel.org/pub/linux/kernel/v3.x/sha256sums.asc
 sha256sums=('61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa'
-'3d3e79fd9795812f293aa38799c056aaea0f14da8294b31067f7768e9f38db2d'
+'50b0e2a6812597b401a417bd1269b5388fdd980b6009d564fff09605100f0df8'
 '4c05b88384ee809120da06e6a3d0bbafb7cdfe6208b2e62237aaeaa25dfb29b7'
 'a5b318c7fd21c1be2ac262d1b919d50bacedd0c841e9a82e7bca53d5b25b217b'
 '1f036f7464da54ae510630f0edb69faa115287f86d9f17641197ffda8cfd49e0'
@@ -34,8 +33,7 @@
 '6d72e14552df59e6310f16c176806c408355951724cd5b48a47bf01591b8be02'
 '52dec83a8805a8642d74d764494acda863e0aa23e3d249e80d4b457e20a3fd29'
 '65d58f63215ee3c5f9c4fc6bce36fc5311a6c7dbdbe1ad29de40647b47ff9c0d'
-'cf2e7a2d00787f754028e7459688c2755a406e632ce48b60952fa4ff7ed6f4b7'
-'7e5cd2df597ea9235c41957d019d6afd769213a068a4bfa38796b18abe048d25')
+'cf2e7a2d00787f754028e7459688c2755a406e632ce48b60952fa4ff7ed6f4b7')
 
 _kernelname=${pkgbase#linux}
 
@@ -64,9 +62,6 @@
   # 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dc53324060f324e8af6867f57bf4891c13c6ef18
   patch -p1 -i ${srcdir}/0006-genksyms-fix-typeof-handling.patch
 
-  # fixes NULL pointer dereference in net/sctp
-  patch -p1 -i 
${srcdir}/net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch
-
   if [ ${CARCH} = x86_64 ]; then
 cat ${srcdir}/config.x86_64  ./.config
   else

Deleted: net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch
===
--- net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch   
2014-08-14 06:02:18 UTC (rev 219732)
+++ net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch   
2014-08-14 06:14:31 UTC (rev 219733)
@@ -1,12 +0,0 @@
-diff --git a/net/sctp/associola.c b/net/sctp/associola.c
-index 9de23a2..06a9ee6 100644
 a/net/sctp/associola.c
-+++ b/net/sctp/associola.c
-@@ -1097,6 +1097,7 @@ void sctp_assoc_update(struct sctp_association *asoc,
-   asoc-c = new-c;
-   asoc-peer.rwnd = new-peer.rwnd;
-   asoc-peer.sack_needed = new-peer.sack_needed;
-+  asoc-peer.auth_capable = new-peer.auth_capable;
-   asoc-peer.i = new-peer.i;
-   sctp_tsnmap_init(asoc-peer.tsn_map, SCTP_TSN_MAP_INITIAL,
-asoc-peer.i.initial_tsn, GFP_ATOMIC);

[arch-commits] Commit in linux-lts/trunk (2 files)

2014-08-13 Thread Bartłomiej Piotrowski 
Date: Wednesday, August 13, 2014 @ 10:43:33
  Author: bpiotrowski
Revision: 219659

upgpkg: linux-lts 3.14.16-2

fix NULL pointer dereference in net/sctp (FS#41329)

Added:
  linux-lts/trunk/net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch
Modified:
  linux-lts/trunk/PKGBUILD

---+
 PKGBUILD  |9 +--
 net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch |   12 ++
 2 files changed, 19 insertions(+), 2 deletions(-)

Modified: PKGBUILD
===
--- PKGBUILD2014-08-13 08:13:59 UTC (rev 219658)
+++ PKGBUILD2014-08-13 08:43:33 UTC (rev 219659)
@@ -5,7 +5,7 @@
 pkgbase=linux-lts
 _srcname=linux-3.14
 pkgver=3.14.16
-pkgrel=1
+pkgrel=2
 arch=('i686' 'x86_64')
 url=http://www.kernel.org/;
 license=('GPL2')
@@ -22,6 +22,7 @@
 '0002-module-allow-multiple-calls-to-MODULE_DEVICE_TABLE-p.patch'
 '0003-module-remove-MODULE_GENERIC_TABLE.patch'
 '0006-genksyms-fix-typeof-handling.patch'
+'net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch'
 )
 # https://www.kernel.org/pub/linux/kernel/v3.x/sha256sums.asc
 sha256sums=('61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa'
@@ -33,7 +34,8 @@
 '6d72e14552df59e6310f16c176806c408355951724cd5b48a47bf01591b8be02'
 '52dec83a8805a8642d74d764494acda863e0aa23e3d249e80d4b457e20a3fd29'
 '65d58f63215ee3c5f9c4fc6bce36fc5311a6c7dbdbe1ad29de40647b47ff9c0d'
-'cf2e7a2d00787f754028e7459688c2755a406e632ce48b60952fa4ff7ed6f4b7')
+'cf2e7a2d00787f754028e7459688c2755a406e632ce48b60952fa4ff7ed6f4b7'
+'7e5cd2df597ea9235c41957d019d6afd769213a068a4bfa38796b18abe048d25')
 
 _kernelname=${pkgbase#linux}
 
@@ -62,6 +64,9 @@
   # 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dc53324060f324e8af6867f57bf4891c13c6ef18
   patch -p1 -i ${srcdir}/0006-genksyms-fix-typeof-handling.patch
 
+  # fixes NULL pointer dereference in net/sctp
+  patch -p1 -i 
${srcdir}/net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch
+
   if [ ${CARCH} = x86_64 ]; then
 cat ${srcdir}/config.x86_64  ./.config
   else

Added: net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch
===
--- net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch   
(rev 0)
+++ net-v2-net-sctp-inherit-auth_capable-on-INIT-collisions.patch   
2014-08-13 08:43:33 UTC (rev 219659)
@@ -0,0 +1,12 @@
+diff --git a/net/sctp/associola.c b/net/sctp/associola.c
+index 9de23a2..06a9ee6 100644
+--- a/net/sctp/associola.c
 b/net/sctp/associola.c
+@@ -1097,6 +1097,7 @@ void sctp_assoc_update(struct sctp_association *asoc,
+   asoc-c = new-c;
+   asoc-peer.rwnd = new-peer.rwnd;
+   asoc-peer.sack_needed = new-peer.sack_needed;
++  asoc-peer.auth_capable = new-peer.auth_capable;
+   asoc-peer.i = new-peer.i;
+   sctp_tsnmap_init(asoc-peer.tsn_map, SCTP_TSN_MAP_INITIAL,
+asoc-peer.i.initial_tsn, GFP_ATOMIC);

[arch-commits] Commit in linux-lts/trunk (2 files)

2014-05-13 Thread Bartłomiej Piotrowski 
Date: Tuesday, May 13, 2014 @ 10:23:48
  Author: bpiotrowski
Revision: 212332

upgpkg: linux-lts 3.10.39-2

fix CVE-2014-0196

Added:
  
linux-lts/trunk/0001-n_tty-Fix-n_tty_write-crash-when-echoing-in-raw-mode.patch
Modified:
  linux-lts/trunk/PKGBUILD

-+
 0001-n_tty-Fix-n_tty_write-crash-when-echoing-in-raw-mode.patch |   83 
++
 PKGBUILD|   11 -
 2 files changed, 91 insertions(+), 3 deletions(-)

Added: 0001-n_tty-Fix-n_tty_write-crash-when-echoing-in-raw-mode.patch
===
--- 0001-n_tty-Fix-n_tty_write-crash-when-echoing-in-raw-mode.patch 
(rev 0)
+++ 0001-n_tty-Fix-n_tty_write-crash-when-echoing-in-raw-mode.patch 
2014-05-13 08:23:48 UTC (rev 212332)
@@ -0,0 +1,83 @@
+From 4291086b1f081b869c6d79e5b7441633dc3ace00 Mon Sep 17 00:00:00 2001
+From: Peter Hurley pe...@hurleysoftware.com
+Date: Sat, 3 May 2014 14:04:59 +0200
+Subject: [PATCH] n_tty: Fix n_tty_write crash when echoing in raw mode
+
+The tty atomic_write_lock does not provide an exclusion guarantee for
+the tty driver if the termios settings are LECHO  !OPOST.  And since
+it is unexpected and not allowed to call TTY buffer helpers like
+tty_insert_flip_string concurrently, this may lead to crashes when
+concurrect writers call pty_write. In that case the following two
+writers:
+* the ECHOing from a workqueue and
+* pty_write from the process
+race and can overflow the corresponding TTY buffer like follows.
+
+If we look into tty_insert_flip_string_fixed_flag, there is:
+  int space = __tty_buffer_request_room(port, goal, flags);
+  struct tty_buffer *tb = port-buf.tail;
+  ...
+  memcpy(char_buf_ptr(tb, tb-used), chars, space);
+  ...
+  tb-used += space;
+
+so the race of the two can result in something like this:
+  AB
+__tty_buffer_request_room
+  __tty_buffer_request_room
+memcpy(buf(tb-used), ...)
+tb-used += space;
+  memcpy(buf(tb-used), ...) -BOOM
+
+B's memcpy is past the tty_buffer due to the previous A's tb-used
+increment.
+
+Since the N_TTY line discipline input processing can output
+concurrently with a tty write, obtain the N_TTY ldisc output_lock to
+serialize echo output with normal tty writes.  This ensures the tty
+buffer helper tty_insert_flip_string is not called concurrently and
+everything is fine.
+
+Note that this is nicely reproducible by an ordinary user using
+forkpty and some setup around that (raw termios + ECHO). And it is
+present in kernels at least after commit
+d945cb9cce20ac7143c2de8d88b187f62db99bdc (pty: Rework the pty layer to
+use the normal buffering logic) in 2.6.31-rc3.
+
+js: add more info to the commit log
+js: switch to bool
+js: lock unconditionally
+js: lock only the tty-ops-write call
+
+References: CVE-2014-0196
+Reported-and-tested-by: Jiri Slaby jsl...@suse.cz
+Signed-off-by: Peter Hurley pe...@hurleysoftware.com
+Signed-off-by: Jiri Slaby jsl...@suse.cz
+Cc: Linus Torvalds torva...@linux-foundation.org
+Cc: Alan Cox a...@lxorguk.ukuu.org.uk
+Cc: sta...@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman gre...@linuxfoundation.org
+---
+ drivers/tty/n_tty.c | 4 
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
+index 41fe8a0..fe9d129 100644
+--- a/drivers/tty/n_tty.c
 b/drivers/tty/n_tty.c
+@@ -2353,8 +2353,12 @@ static ssize_t n_tty_write(struct tty_struct *tty, 
struct file *file,
+   if (tty-ops-flush_chars)
+   tty-ops-flush_chars(tty);
+   } else {
++  struct n_tty_data *ldata = tty-disc_data;
++
+   while (nr  0) {
++  mutex_lock(ldata-output_lock);
+   c = tty-ops-write(tty, b, nr);
++  mutex_unlock(ldata-output_lock);
+   if (c  0) {
+   retval = c;
+   goto break_out;
+-- 
+1.9.2
+

Modified: PKGBUILD
===
--- PKGBUILD2014-05-13 06:14:37 UTC (rev 212331)
+++ PKGBUILD2014-05-13 08:23:48 UTC (rev 212332)
@@ -6,7 +6,7 @@
 #pkgbase=linux-custom   # Build kernel with a different name
 _srcname=linux-3.10
 pkgver=3.10.39
-pkgrel=1
+pkgrel=2
 arch=('i686' 'x86_64')
 url=http://www.kernel.org/;
 license=('GPL2')
@@ -19,7 +19,8 @@
 # standard config files for mkinitcpio ramdisk
 'linux-lts.preset'
 'change-default-console-loglevel.patch'
-'criu-no-expert.patch')
+'criu-no-expert.patch'
+'0001-n_tty-Fix-n_tty_write-crash-when-echoing-in-raw-mode.patch')
 md5sums=('4f25cd5bec5f8d5a7d935b3f2ccb8481'

[arch-commits] Commit in linux-lts/trunk (2 files)

2014-05-13 Thread Bartłomiej Piotrowski 
Date: Tuesday, May 13, 2014 @ 15:51:20
  Author: bpiotrowski
Revision: 212335

upgpkg: linux-lts 3.10.40-1

new upstream release

Modified:
  linux-lts/trunk/PKGBUILD
Deleted:
  
linux-lts/trunk/0001-n_tty-Fix-n_tty_write-crash-when-echoing-in-raw-mode.patch

-+
 0001-n_tty-Fix-n_tty_write-crash-when-echoing-in-raw-mode.patch |   83 
--
 PKGBUILD|   15 -
 2 files changed, 5 insertions(+), 93 deletions(-)

Deleted: 0001-n_tty-Fix-n_tty_write-crash-when-echoing-in-raw-mode.patch
===
--- 0001-n_tty-Fix-n_tty_write-crash-when-echoing-in-raw-mode.patch 
2014-05-13 10:35:01 UTC (rev 212334)
+++ 0001-n_tty-Fix-n_tty_write-crash-when-echoing-in-raw-mode.patch 
2014-05-13 13:51:20 UTC (rev 212335)
@@ -1,83 +0,0 @@
-From 4291086b1f081b869c6d79e5b7441633dc3ace00 Mon Sep 17 00:00:00 2001
-From: Peter Hurley pe...@hurleysoftware.com
-Date: Sat, 3 May 2014 14:04:59 +0200
-Subject: [PATCH] n_tty: Fix n_tty_write crash when echoing in raw mode
-
-The tty atomic_write_lock does not provide an exclusion guarantee for
-the tty driver if the termios settings are LECHO  !OPOST.  And since
-it is unexpected and not allowed to call TTY buffer helpers like
-tty_insert_flip_string concurrently, this may lead to crashes when
-concurrect writers call pty_write. In that case the following two
-writers:
-* the ECHOing from a workqueue and
-* pty_write from the process
-race and can overflow the corresponding TTY buffer like follows.
-
-If we look into tty_insert_flip_string_fixed_flag, there is:
-  int space = __tty_buffer_request_room(port, goal, flags);
-  struct tty_buffer *tb = port-buf.tail;
-  ...
-  memcpy(char_buf_ptr(tb, tb-used), chars, space);
-  ...
-  tb-used += space;
-
-so the race of the two can result in something like this:
-  AB
-__tty_buffer_request_room
-  __tty_buffer_request_room
-memcpy(buf(tb-used), ...)
-tb-used += space;
-  memcpy(buf(tb-used), ...) -BOOM
-
-B's memcpy is past the tty_buffer due to the previous A's tb-used
-increment.
-
-Since the N_TTY line discipline input processing can output
-concurrently with a tty write, obtain the N_TTY ldisc output_lock to
-serialize echo output with normal tty writes.  This ensures the tty
-buffer helper tty_insert_flip_string is not called concurrently and
-everything is fine.
-
-Note that this is nicely reproducible by an ordinary user using
-forkpty and some setup around that (raw termios + ECHO). And it is
-present in kernels at least after commit
-d945cb9cce20ac7143c2de8d88b187f62db99bdc (pty: Rework the pty layer to
-use the normal buffering logic) in 2.6.31-rc3.
-
-js: add more info to the commit log
-js: switch to bool
-js: lock unconditionally
-js: lock only the tty-ops-write call
-
-References: CVE-2014-0196
-Reported-and-tested-by: Jiri Slaby jsl...@suse.cz
-Signed-off-by: Peter Hurley pe...@hurleysoftware.com
-Signed-off-by: Jiri Slaby jsl...@suse.cz
-Cc: Linus Torvalds torva...@linux-foundation.org
-Cc: Alan Cox a...@lxorguk.ukuu.org.uk
-Cc: sta...@vger.kernel.org
-Signed-off-by: Greg Kroah-Hartman gre...@linuxfoundation.org

- drivers/tty/n_tty.c | 4 
- 1 file changed, 4 insertions(+)
-
-diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index 41fe8a0..fe9d129 100644
 a/drivers/tty/n_tty.c
-+++ b/drivers/tty/n_tty.c
-@@ -2353,8 +2353,12 @@ static ssize_t n_tty_write(struct tty_struct *tty, 
struct file *file,
-   if (tty-ops-flush_chars)
-   tty-ops-flush_chars(tty);
-   } else {
-+  struct n_tty_data *ldata = tty-disc_data;
-+
-   while (nr  0) {
-+  mutex_lock(ldata-output_lock);
-   c = tty-ops-write(tty, b, nr);
-+  mutex_unlock(ldata-output_lock);
-   if (c  0) {
-   retval = c;
-   goto break_out;
--- 
-1.9.2
-

Modified: PKGBUILD
===
--- PKGBUILD2014-05-13 10:35:01 UTC (rev 212334)
+++ PKGBUILD2014-05-13 13:51:20 UTC (rev 212335)
@@ -5,8 +5,8 @@
 pkgbase=linux-lts   # Build stock -lts kernel
 #pkgbase=linux-custom   # Build kernel with a different name
 _srcname=linux-3.10
-pkgver=3.10.39
-pkgrel=2
+pkgver=3.10.40
+pkgrel=1
 arch=('i686' 'x86_64')
 url=http://www.kernel.org/;
 license=('GPL2')
@@ -19,16 +19,14 @@
 # standard config files for mkinitcpio ramdisk
 'linux-lts.preset'
 'change-default-console-loglevel.patch'
-'criu-no-expert.patch'
-'0001-n_tty-Fix-n_tty_write-crash-when-echoing-in-raw-mode.patch')
+

[arch-commits] Commit in linux-lts/trunk (2 files)

2014-02-06 Thread Bartłomiej Piotrowski 
Date: Thursday, February 6, 2014 @ 23:42:03
  Author: bpiotrowski
Revision: 205544

upgpkg: linux-lts 3.10.29-1

new upstream release

Modified:
  linux-lts/trunk/PKGBUILD
Deleted:
  
linux-lts/trunk/0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch

-+
 0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch |   80 
--
 PKGBUILD|   15 -
 2 files changed, 5 insertions(+), 90 deletions(-)

Deleted: 0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch
===
--- 0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch 
2014-02-06 20:55:32 UTC (rev 205543)
+++ 0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch 
2014-02-06 22:42:03 UTC (rev 205544)
@@ -1,80 +0,0 @@
-From 2def2ef2ae5f3990aabdbe8a755911902707d268 Mon Sep 17 00:00:00 2001
-From: PaX Team pagee...@freemail.hu
-Date: Thu, 30 Jan 2014 16:59:25 -0800
-Subject: [PATCH] x86, x32: Correct invalid use of user timespec in the kernel
-
-The x32 case for the recvmsg() timout handling is broken:
-
-  asmlinkage long compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user 
*mmsg,
-  unsigned int vlen, unsigned int flags,
-  struct compat_timespec __user *timeout)
-  {
-  int datagrams;
-  struct timespec ktspec;
-
-  if (flags  MSG_CMSG_COMPAT)
-  return -EINVAL;
-
-  if (COMPAT_USE_64BIT_TIME)
-  return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, 
vlen,
-flags | MSG_CMSG_COMPAT,
-(struct timespec *) timeout);
-  ...
-
-The timeout pointer parameter is provided by userland (hence the __user
-annotation) but for x32 syscalls it's simply cast to a kernel pointer
-and is passed to __sys_recvmmsg which will eventually directly
-dereference it for both reading and writing.  Other callers to
-__sys_recvmmsg properly copy from userland to the kernel first.
-
-The bug was introduced by commit ee4fa23c4bfc (compat: Use
-COMPAT_USE_64BIT_TIME in net/compat.c) and should affect all kernels
-since 3.4 (and perhaps vendor kernels if they backported x32 support
-along with this code).
-
-Note that CONFIG_X86_X32_ABI gets enabled at build time and only if
-CONFIG_X86_X32 is enabled and ld can build x32 executables.
-
-Other uses of COMPAT_USE_64BIT_TIME seem fine.
-
-This addresses CVE-2014-0038.
-
-Signed-off-by: PaX Team pagee...@freemail.hu
-Signed-off-by: H. Peter Anvin h...@linux.intel.com
-Cc: sta...@vger.kernel.org # v3.4+
-Signed-off-by: Linus Torvalds torva...@linux-foundation.org

- net/compat.c | 9 ++---
- 1 file changed, 2 insertions(+), 7 deletions(-)
-
-diff --git a/net/compat.c b/net/compat.c
-index dd32e34..f50161f 100644
 a/net/compat.c
-+++ b/net/compat.c
-@@ -780,21 +780,16 @@ asmlinkage long compat_sys_recvmmsg(int fd, struct 
compat_mmsghdr __user *mmsg,
-   if (flags  MSG_CMSG_COMPAT)
-   return -EINVAL;
- 
--  if (COMPAT_USE_64BIT_TIME)
--  return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
--flags | MSG_CMSG_COMPAT,
--(struct timespec *) timeout);
--
-   if (timeout == NULL)
-   return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
- flags | MSG_CMSG_COMPAT, NULL);
- 
--  if (get_compat_timespec(ktspec, timeout))
-+  if (compat_get_timespec(ktspec, timeout))
-   return -EFAULT;
- 
-   datagrams = __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
-  flags | MSG_CMSG_COMPAT, ktspec);
--  if (datagrams  0  put_compat_timespec(ktspec, timeout))
-+  if (datagrams  0  compat_put_timespec(ktspec, timeout))
-   datagrams = -EFAULT;
- 
-   return datagrams;
--- 
-1.8.5.3
-

Modified: PKGBUILD
===
--- PKGBUILD2014-02-06 20:55:32 UTC (rev 205543)
+++ PKGBUILD2014-02-06 22:42:03 UTC (rev 205544)
@@ -5,8 +5,8 @@
 pkgbase=linux-lts   # Build stock -lts kernel
 #pkgbase=linux-custom   # Build kernel with a different name
 _srcname=linux-3.10
-pkgver=3.10.28
-pkgrel=1.1
+pkgver=3.10.29
+pkgrel=1
 arch=('i686' 'x86_64')
 url=http://www.kernel.org/;
 license=('GPL2')
@@ -19,16 +19,14 @@
 # standard config files for mkinitcpio ramdisk
 'linux-lts.preset'
 'change-default-console-loglevel.patch'
-'criu-no-expert.patch'
-'0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch')
+'criu-no-expert.patch')
 md5sums=('4f25cd5bec5f8d5a7d935b3f2ccb8481'
-

[arch-commits] Commit in linux-lts/trunk (2 files)

2014-01-31 Thread Bartłomiej Piotrowski 
Date: Friday, January 31, 2014 @ 17:13:52
  Author: bpiotrowski
Revision: 204934

upgpkg: linux-lts 3.10.28-1.1

fix CVE-2014-0038

Added:
  
linux-lts/trunk/0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch
Modified:
  linux-lts/trunk/PKGBUILD

-+
 0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch |   80 
++
 PKGBUILD|   13 +
 2 files changed, 89 insertions(+), 4 deletions(-)

Added: 0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch
===
--- 0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch 
(rev 0)
+++ 0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch 
2014-01-31 16:13:52 UTC (rev 204934)
@@ -0,0 +1,80 @@
+From 2def2ef2ae5f3990aabdbe8a755911902707d268 Mon Sep 17 00:00:00 2001
+From: PaX Team pagee...@freemail.hu
+Date: Thu, 30 Jan 2014 16:59:25 -0800
+Subject: [PATCH] x86, x32: Correct invalid use of user timespec in the kernel
+
+The x32 case for the recvmsg() timout handling is broken:
+
+  asmlinkage long compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user 
*mmsg,
+  unsigned int vlen, unsigned int flags,
+  struct compat_timespec __user *timeout)
+  {
+  int datagrams;
+  struct timespec ktspec;
+
+  if (flags  MSG_CMSG_COMPAT)
+  return -EINVAL;
+
+  if (COMPAT_USE_64BIT_TIME)
+  return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, 
vlen,
+flags | MSG_CMSG_COMPAT,
+(struct timespec *) timeout);
+  ...
+
+The timeout pointer parameter is provided by userland (hence the __user
+annotation) but for x32 syscalls it's simply cast to a kernel pointer
+and is passed to __sys_recvmmsg which will eventually directly
+dereference it for both reading and writing.  Other callers to
+__sys_recvmmsg properly copy from userland to the kernel first.
+
+The bug was introduced by commit ee4fa23c4bfc (compat: Use
+COMPAT_USE_64BIT_TIME in net/compat.c) and should affect all kernels
+since 3.4 (and perhaps vendor kernels if they backported x32 support
+along with this code).
+
+Note that CONFIG_X86_X32_ABI gets enabled at build time and only if
+CONFIG_X86_X32 is enabled and ld can build x32 executables.
+
+Other uses of COMPAT_USE_64BIT_TIME seem fine.
+
+This addresses CVE-2014-0038.
+
+Signed-off-by: PaX Team pagee...@freemail.hu
+Signed-off-by: H. Peter Anvin h...@linux.intel.com
+Cc: sta...@vger.kernel.org # v3.4+
+Signed-off-by: Linus Torvalds torva...@linux-foundation.org
+---
+ net/compat.c | 9 ++---
+ 1 file changed, 2 insertions(+), 7 deletions(-)
+
+diff --git a/net/compat.c b/net/compat.c
+index dd32e34..f50161f 100644
+--- a/net/compat.c
 b/net/compat.c
+@@ -780,21 +780,16 @@ asmlinkage long compat_sys_recvmmsg(int fd, struct 
compat_mmsghdr __user *mmsg,
+   if (flags  MSG_CMSG_COMPAT)
+   return -EINVAL;
+ 
+-  if (COMPAT_USE_64BIT_TIME)
+-  return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
+-flags | MSG_CMSG_COMPAT,
+-(struct timespec *) timeout);
+-
+   if (timeout == NULL)
+   return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
+ flags | MSG_CMSG_COMPAT, NULL);
+ 
+-  if (get_compat_timespec(ktspec, timeout))
++  if (compat_get_timespec(ktspec, timeout))
+   return -EFAULT;
+ 
+   datagrams = __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
+  flags | MSG_CMSG_COMPAT, ktspec);
+-  if (datagrams  0  put_compat_timespec(ktspec, timeout))
++  if (datagrams  0  compat_put_timespec(ktspec, timeout))
+   datagrams = -EFAULT;
+ 
+   return datagrams;
+-- 
+1.8.5.3
+

Modified: PKGBUILD
===
--- PKGBUILD2014-01-31 15:44:02 UTC (rev 204933)
+++ PKGBUILD2014-01-31 16:13:52 UTC (rev 204934)
@@ -6,7 +6,7 @@
 #pkgbase=linux-custom   # Build kernel with a different name
 _srcname=linux-3.10
 pkgver=3.10.28
-pkgrel=1
+pkgrel=1.1
 arch=('i686' 'x86_64')
 url=http://www.kernel.org/;
 license=('GPL2')
@@ -19,7 +19,8 @@
 # standard config files for mkinitcpio ramdisk
 'linux-lts.preset'
 'change-default-console-loglevel.patch'
-'criu-no-expert.patch')
+'criu-no-expert.patch'
+'0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch')
 md5sums=('4f25cd5bec5f8d5a7d935b3f2ccb8481'
  '34514ae21798afcf2a8dc3c77f2714a6'
  '45368ef5c1d03d375c31dcecabc5f0dd'
@@ -26,7 +27,8 @@