From 8082d43a35875d5ece40a7fe7d3a10048a011bdb Mon Sep 17 00:00:00 2001 From: Kevin Mihelich <kevin@archlinuxarm.org> Date: Fri, 9 Dec 2016 03:02:38 +0000 Subject: [PATCH] core/linux-odroid-xu3 to 3.10.104-3 --- ...> 0001-exynos-ss-GCC6-compatibility.patch} | 25 +++-- ...ix-race-condition-in-packet_set_ring.patch | 92 +++++++++++++++++++ core/linux-odroid-xu3/PKGBUILD | 17 ++-- 3 files changed, 119 insertions(+), 15 deletions(-) rename core/linux-odroid-xu3/{exynos-gcc6.patch => 0001-exynos-ss-GCC6-compatibility.patch} (50%) create mode 100644 core/linux-odroid-xu3/0002-packet-fix-race-condition-in-packet_set_ring.patch diff --git a/core/linux-odroid-xu3/exynos-gcc6.patch b/core/linux-odroid-xu3/0001-exynos-ss-GCC6-compatibility.patch similarity index 50% rename from core/linux-odroid-xu3/exynos-gcc6.patch rename to core/linux-odroid-xu3/0001-exynos-ss-GCC6-compatibility.patch index c9527982e..870b1611f 100644 --- a/core/linux-odroid-xu3/exynos-gcc6.patch +++ b/core/linux-odroid-xu3/0001-exynos-ss-GCC6-compatibility.patch @@ -1,10 +1,17 @@ -diff -aur linux-ae5b5f99f06f936382edda30522787bdde1248bd-pristine/arch/arm/mach-exynos/exynos-ss.c -linux-ae5b5f99f06f936382edda30522787bdde1248bd-new/arch/arm/mach-exynos/exynos-ss.c ---- linux-ae5b5f99f06f936382edda30522787bdde1248bd-pristine/arch/arm/mach-exynos/exynos-ss.c 2016-06-15 -21:48:59.000000000 +0000 -+++ linux-ae5b5f99f06f936382edda30522787bdde1248bd-new/arch/arm/mach-exynos/exynos-ss.c 2016-08-17 -16:01:16.095003127 +0000 -@@ -238,6 +238,13 @@ +From 4e2d23b7c5160e772b3a787bb164fe1bca0cc0c7 Mon Sep 17 00:00:00 2001 +From: Kevin Mihelich <kevin@archlinuxarm.org> +Date: Thu, 8 Dec 2016 19:58:12 -0700 +Subject: [PATCH 1/2] exynos-ss GCC6 compatibility + +--- + arch/arm/mach-exynos/exynos-ss.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/arch/arm/mach-exynos/exynos-ss.c b/arch/arm/mach-exynos/exynos-ss.c +index 9ede727..e8c7836 100644 +--- a/arch/arm/mach-exynos/exynos-ss.c ++++ b/arch/arm/mach-exynos/exynos-ss.c +@@ -238,6 +238,13 @@ struct exynos_ss_interface { struct exynos_ss_hook info_hook; }; @@ -18,7 +25,7 @@ linux-ae5b5f99f06f936382edda30522787bdde1248bd-new/arch/arm/mach-exynos/exynos-s extern void (*arm_pm_restart)(char str, const char *cmd); #if LINUX_VERSION_CODE <= KERNEL_VERSION(3,5,00) extern void register_hook_logbuf(void (*)(const char)); -@@ -493,13 +500,6 @@ +@@ -493,13 +500,6 @@ static inline void exynos_ss_hook_logbuf(const char *buf, u64 ts_nsec, size_t si } #endif @@ -32,4 +39,6 @@ linux-ae5b5f99f06f936382edda30522787bdde1248bd-new/arch/arm/mach-exynos/exynos-s static void exynos_ss_scratch_reg(unsigned int val) { __raw_writel(val, S5P_VA_SS_SCRATCH); +-- +2.10.2 diff --git a/core/linux-odroid-xu3/0002-packet-fix-race-condition-in-packet_set_ring.patch b/core/linux-odroid-xu3/0002-packet-fix-race-condition-in-packet_set_ring.patch new file mode 100644 index 000000000..3dbc840a1 --- /dev/null +++ b/core/linux-odroid-xu3/0002-packet-fix-race-condition-in-packet_set_ring.patch @@ -0,0 +1,92 @@ +From 047e14034745086df20f281dc4b16305bf8a2b8d Mon Sep 17 00:00:00 2001 +From: Philip Pettersson <philip.pettersson@gmail.com> +Date: Wed, 30 Nov 2016 14:55:36 -0800 +Subject: [PATCH 2/2] packet: fix race condition in packet_set_ring + +When packet_set_ring creates a ring buffer it will initialize a +struct timer_list if the packet version is TPACKET_V3. This value +can then be raced by a different thread calling setsockopt to +set the version to TPACKET_V1 before packet_set_ring has finished. + +This leads to a use-after-free on a function pointer in the +struct timer_list when the socket is closed as the previously +initialized timer will not be deleted. + +The bug is fixed by taking lock_sock(sk) in packet_setsockopt when +changing the packet version while also taking the lock at the start +of packet_set_ring. + +Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.") +Signed-off-by: Philip Pettersson <philip.pettersson@gmail.com> +Signed-off-by: Eric Dumazet <edumazet@google.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/packet/af_packet.c | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index 2d454a2..c200b1d 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -3135,19 +3135,25 @@ packet_setsockopt(struct socket *sock, int level, int optname, char __user *optv + + if (optlen != sizeof(val)) + return -EINVAL; +- if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) +- return -EBUSY; + if (copy_from_user(&val, optval, sizeof(val))) + return -EFAULT; + switch (val) { + case TPACKET_V1: + case TPACKET_V2: + case TPACKET_V3: +- po->tp_version = val; +- return 0; ++ break; + default: + return -EINVAL; + } ++ lock_sock(sk); ++ if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) { ++ ret = -EBUSY; ++ } else { ++ po->tp_version = val; ++ ret = 0; ++ } ++ release_sock(sk); ++ return ret; + } + case PACKET_RESERVE: + { +@@ -3602,6 +3608,7 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, + /* Added to avoid minimal code churn */ + struct tpacket_req *req = &req_u->req; + ++ lock_sock(sk); + /* Opening a Tx-ring is NOT supported in TPACKET_V3 */ + if (!closing && tx_ring && (po->tp_version > TPACKET_V2)) { + WARN(1, "Tx-ring is not supported.\n"); +@@ -3683,7 +3690,6 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, + goto out; + } + +- lock_sock(sk); + + /* Detach socket from network */ + spin_lock(&po->bind_lock); +@@ -3732,11 +3738,11 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, + if (!tx_ring) + prb_shutdown_retire_blk_timer(po, tx_ring, rb_queue); + } +- release_sock(sk); + + if (pg_vec) + free_pg_vec(pg_vec, order, req->tp_block_nr); + out: ++ release_sock(sk); + return err; + } + +-- +2.10.2 + diff --git a/core/linux-odroid-xu3/PKGBUILD b/core/linux-odroid-xu3/PKGBUILD index d29325dfa..a4a0f14df 100644 --- a/core/linux-odroid-xu3/PKGBUILD +++ b/core/linux-odroid-xu3/PKGBUILD @@ -9,7 +9,7 @@ _srcname=linux-${_commit} _kernelname=${pkgbase#linux} _desc="ODROID-XU3" pkgver=3.10.104 -pkgrel=2 +pkgrel=3 bfqver=v7r8 arch=('armv7h') url="https://github.com/hardkernel/linux" @@ -17,23 +17,26 @@ license=('GPL2') makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc' 'git') options=('!strip') source=("https://github.com/hardkernel/linux/archive/${_commit}.tar.gz" - 'config' + '0001-exynos-ss-GCC6-compatibility.patch' + '0002-packet-fix-race-condition-in-packet_set_ring.patch' "ftp://teambelgium.net/bfq/patches/${pkgver:0:4}.8+-${bfqver}/0001-block-cgroups-kconfig-build-bits-for-BFQ-${bfqver}-${pkgver:0:4}.8.patch" "ftp://teambelgium.net/bfq/patches/${pkgver:0:4}.8+-${bfqver}/0002-block-introduce-the-BFQ-${bfqver}-I-O-sched-for-${pkgver:0:4}.8.patch" "ftp://teambelgium.net/bfq/patches/${pkgver:0:4}.8+-${bfqver}/0003-block-bfq-add-Early-Queue-Merge-EQM-to-BFQ-${bfqver}-for-${pkgver:0:4}.8+.patch" - 'exynos-gcc6.patch') + 'config') md5sums=('a3ba8ae98922ed7768e1d80db0085f8a' - '3fadb4550c405046b7f695152681b1d4' + '29bc7bd1a4cb2fbfb25a63c6dd993ffb' + 'bda0fddf55f95c0e9a54b2522d8399eb' '003f1554be6b672100d2f2401a574d92' '12ffe57584b4f2adcc3e184dc6948772' '9e78f9f5364f8ebb981aeb235dcb7415' - 'd4c327797fb7124076541859ac3d4e90') + '3fadb4550c405046b7f695152681b1d4') prepare() { cd "${srcdir}/${_srcname}" - # Patch for GCC 6 compatibility - patch -sNp1 -i ${srcdir}/exynos-gcc6.patch + # ALARM patches + git apply ../0001-exynos-ss-GCC6-compatibility.patch + git apply ../0002-packet-fix-race-condition-in-packet_set_ring.patch # Add BFQ patches patch -sNp1 -i "${srcdir}/0001-block-cgroups-kconfig-build-bits-for-BFQ-${bfqver}-${pkgver:0:4}.8.patch"