[gentoo-commits] proj/linux-patches:5.0 commit in: /
commit: 111b09445ca154f9feee0743aa1a84f9250a2dab
Author: Mike Pagano gentoo org>
AuthorDate: Tue Jun 4 11:10:42 2019 +
Commit: Mike Pagano gentoo org>
CommitDate: Tue Jun 4 11:10:42 2019 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=111b0944
Linux patch 5.0.21
Signed-off-by: Mike Pagano gentoo.org>
_README |4 +
1020_linux-5.0.21.patch | 1443 +++
2 files changed, 1447 insertions(+)
diff --git a/_README b/_README
index cf5191b..1fe5b3d 100644
--- a/_README
+++ b/_README
@@ -123,6 +123,10 @@ Patch: 1019_linux-5.0.20.patch
From: http://www.kernel.org
Desc: Linux 5.0.20
+Patch: 1020_linux-5.0.21.patch
+From: http://www.kernel.org
+Desc: Linux 5.0.21
+
Patch: 1500_XATTR_USER_PREFIX.patch
From: https://bugs.gentoo.org/show_bug.cgi?id=470644
Desc: Support for namespace user.pax.* on tmpfs.
diff --git a/1020_linux-5.0.21.patch b/1020_linux-5.0.21.patch
new file mode 100644
index 000..47e7232
--- /dev/null
+++ b/1020_linux-5.0.21.patch
@@ -0,0 +1,1443 @@
+diff --git a/Makefile b/Makefile
+index 25390977536b..93701ca8f3a6 100644
+--- a/Makefile
b/Makefile
+@@ -1,7 +1,7 @@
+ # SPDX-License-Identifier: GPL-2.0
+ VERSION = 5
+ PATCHLEVEL = 0
+-SUBLEVEL = 20
++SUBLEVEL = 21
+ EXTRAVERSION =
+ NAME = Shy Crocodile
+
+diff --git a/drivers/crypto/vmx/ghash.c b/drivers/crypto/vmx/ghash.c
+index dd8b8716467a..2d1a8cd35509 100644
+--- a/drivers/crypto/vmx/ghash.c
b/drivers/crypto/vmx/ghash.c
+@@ -1,22 +1,14 @@
++// SPDX-License-Identifier: GPL-2.0
+ /**
+ * GHASH routines supporting VMX instructions on the Power 8
+ *
+- * Copyright (C) 2015 International Business Machines Inc.
+- *
+- * This program is free software; you can redistribute it and/or modify
+- * it under the terms of the GNU General Public License as published by
+- * the Free Software Foundation; version 2 only.
+- *
+- * This program is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+- * GNU General Public License for more details.
+- *
+- * You should have received a copy of the GNU General Public License
+- * along with this program; if not, write to the Free Software
+- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
++ * Copyright (C) 2015, 2019 International Business Machines Inc.
+ *
+ * Author: Marcelo Henrique Cerri
++ *
++ * Extended by Daniel Axtens to replace the fallback
++ * mechanism. The new approach is based on arm64 code, which is:
++ * Copyright (C) 2014 - 2018 Linaro Ltd.
+ */
+
+ #include
+@@ -39,71 +31,25 @@ void gcm_ghash_p8(u64 Xi[2], const u128 htable[16],
+ const u8 *in, size_t len);
+
+ struct p8_ghash_ctx {
++ /* key used by vector asm */
+ u128 htable[16];
+- struct crypto_shash *fallback;
++ /* key used by software fallback */
++ be128 key;
+ };
+
+ struct p8_ghash_desc_ctx {
+ u64 shash[2];
+ u8 buffer[GHASH_DIGEST_SIZE];
+ int bytes;
+- struct shash_desc fallback_desc;
+ };
+
+-static int p8_ghash_init_tfm(struct crypto_tfm *tfm)
+-{
+- const char *alg = "ghash-generic";
+- struct crypto_shash *fallback;
+- struct crypto_shash *shash_tfm = __crypto_shash_cast(tfm);
+- struct p8_ghash_ctx *ctx = crypto_tfm_ctx(tfm);
+-
+- fallback = crypto_alloc_shash(alg, 0, CRYPTO_ALG_NEED_FALLBACK);
+- if (IS_ERR(fallback)) {
+- printk(KERN_ERR
+- "Failed to allocate transformation for '%s': %ld\n",
+- alg, PTR_ERR(fallback));
+- return PTR_ERR(fallback);
+- }
+-
+- crypto_shash_set_flags(fallback,
+- crypto_shash_get_flags((struct crypto_shash
+- *) tfm));
+-
+- /* Check if the descsize defined in the algorithm is still enough. */
+- if (shash_tfm->descsize < sizeof(struct p8_ghash_desc_ctx)
+- + crypto_shash_descsize(fallback)) {
+- printk(KERN_ERR
+- "Desc size of the fallback implementation (%s) does not
match the expected value: %lu vs %u\n",
+- alg,
+- shash_tfm->descsize - sizeof(struct p8_ghash_desc_ctx),
+- crypto_shash_descsize(fallback));
+- return -EINVAL;
+- }
+- ctx->fallback = fallback;
+-
+- return 0;
+-}
+-
+-static void p8_ghash_exit_tfm(struct crypto_tfm *tfm)
+-{
+- struct p8_ghash_ctx *ctx = crypto_tfm_ctx(tfm);
+-
+- if (ctx->fallback) {
+- crypto_free_shash(ctx->fallback);
+- ctx->fallback = NULL;
+- }
+-}
+-
+ static int p8_ghash_init(struct shash_desc *desc)
+ {
+- struct p8_ghash_ctx *ctx = crypto_tfm_ctx(crypto_shash_tfm(desc->tfm));
+ struct p8_
[gentoo-commits] proj/linux-patches:5.0 commit in: /
commit: eb28ace601eb7634e8c99180cfe2640f3a09027f Author: Mike Pagano gentoo org> AuthorDate: Tue May 14 21:01:27 2019 + Commit: Mike Pagano gentoo org> CommitDate: Tue May 14 21:01:27 2019 + URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=eb28ace6 Linux patch 5.0.16 Signed-off-by: Mike Pagano gentoo.org> _README |4 + 1015_linux-5.0.16.patch | 2955 +++ 2 files changed, 2959 insertions(+) diff --git a/_README b/_README index 0d6cdbe..b19b388 100644 --- a/_README +++ b/_README @@ -103,6 +103,10 @@ Patch: 1014_linux-5.0.15.patch From: http://www.kernel.org Desc: Linux 5.0.15 +Patch: 1015_linux-5.0.16.patch +From: http://www.kernel.org +Desc: Linux 5.0.16 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1015_linux-5.0.16.patch b/1015_linux-5.0.16.patch new file mode 100644 index 000..342f6cf --- /dev/null +++ b/1015_linux-5.0.16.patch @@ -0,0 +1,2955 @@ +diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu +index 9605dbd4b5b5..141a7bb58b80 100644 +--- a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu +@@ -484,6 +484,7 @@ What: /sys/devices/system/cpu/vulnerabilities + /sys/devices/system/cpu/vulnerabilities/spectre_v2 + /sys/devices/system/cpu/vulnerabilities/spec_store_bypass + /sys/devices/system/cpu/vulnerabilities/l1tf ++ /sys/devices/system/cpu/vulnerabilities/mds + Date: January 2018 + Contact: Linux kernel mailing list + Description: Information about CPU vulnerabilities +@@ -496,8 +497,7 @@ Description: Information about CPU vulnerabilities + "Vulnerable" CPU is affected and no mitigation in effect + "Mitigation: $M" CPU is affected and mitigation $M is in effect + +- Details about the l1tf file can be found in +- Documentation/admin-guide/l1tf.rst ++ See also: Documentation/admin-guide/hw-vuln/index.rst + + What: /sys/devices/system/cpu/smt + /sys/devices/system/cpu/smt/active +diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst +new file mode 100644 +index ..ffc064c1ec68 +--- /dev/null b/Documentation/admin-guide/hw-vuln/index.rst +@@ -0,0 +1,13 @@ ++ ++Hardware vulnerabilities ++ ++ ++This section describes CPU vulnerabilities and provides an overview of the ++possible mitigations along with guidance for selecting mitigations if they ++are configurable at compile, boot or run time. ++ ++.. toctree:: ++ :maxdepth: 1 ++ ++ l1tf ++ mds +diff --git a/Documentation/admin-guide/hw-vuln/l1tf.rst b/Documentation/admin-guide/hw-vuln/l1tf.rst +new file mode 100644 +index ..31653a9f0e1b +--- /dev/null b/Documentation/admin-guide/hw-vuln/l1tf.rst +@@ -0,0 +1,615 @@ ++L1TF - L1 Terminal Fault ++ ++ ++L1 Terminal Fault is a hardware vulnerability which allows unprivileged ++speculative access to data which is available in the Level 1 Data Cache ++when the page table entry controlling the virtual address, which is used ++for the access, has the Present bit cleared or other reserved bits set. ++ ++Affected processors ++--- ++ ++This vulnerability affects a wide range of Intel processors. The ++vulnerability is not present on: ++ ++ - Processors from AMD, Centaur and other non Intel vendors ++ ++ - Older processor models, where the CPU family is < 6 ++ ++ - A range of Intel ATOM processors (Cedarview, Cloverview, Lincroft, ++ Penwell, Pineview, Silvermont, Airmont, Merrifield) ++ ++ - The Intel XEON PHI family ++ ++ - Intel processors which have the ARCH_CAP_RDCL_NO bit set in the ++ IA32_ARCH_CAPABILITIES MSR. If the bit is set the CPU is not affected ++ by the Meltdown vulnerability either. These CPUs should become ++ available by end of 2018. ++ ++Whether a processor is affected or not can be read out from the L1TF ++vulnerability file in sysfs. See :ref:`l1tf_sys_info`. ++ ++Related CVEs ++ ++ ++The following CVE entries are related to the L1TF vulnerability: ++ ++ = = == ++ CVE-2018-3615 L1 Terminal Fault SGX related aspects ++ CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects ++ CVE-2018-3646 L1 Terminal Fault Virtualization related aspects ++ = = == ++ ++Problem ++--- ++ ++If an instruction accesses a virtual address for which the relevant page ++table entry (PTE) has the Present bit clea
[gentoo-commits] proj/linux-patches:5.0 commit in: /
commit: 814f9c6ca03101663202cf37153c745054de331e Author: Mike Pagano gentoo org> AuthorDate: Sun May 5 13:40:40 2019 + Commit: Mike Pagano gentoo org> CommitDate: Sun May 5 13:40:40 2019 + URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=814f9c6c update readme Signed-off-by: Mike Pagano gentoo.org> _README | 4 1 file changed, 4 insertions(+) diff --git a/_README b/_README index 3b63726..dcd9694 100644 --- a/_README +++ b/_README @@ -91,6 +91,10 @@ Patch: 1011_linux-5.0.12.patch From: http://www.kernel.org Desc: Linux 5.0.12 +Patch: 1012_linux-5.0.13.patch +From: http://www.kernel.org +Desc: Linux 5.0.13 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs.
[gentoo-commits] proj/linux-patches:5.0 commit in: /
commit: b721073a475fe58039da5c0daf37b3ec3cdbd942
Author: Mike Pagano gentoo org>
AuthorDate: Sun May 5 13:38:57 2019 +
Commit: Mike Pagano gentoo org>
CommitDate: Sun May 5 13:38:57 2019 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=b721073a
Linux patch 5.0.13
Signed-off-by: Mike Pagano gentoo.org>
1012_linux-5.0.13.patch | 1280 +++
1 file changed, 1280 insertions(+)
diff --git a/1012_linux-5.0.13.patch b/1012_linux-5.0.13.patch
new file mode 100644
index 000..b3581f4
--- /dev/null
+++ b/1012_linux-5.0.13.patch
@@ -0,0 +1,1280 @@
+diff --git a/Makefile b/Makefile
+index fd044f594bbf..51a819544505 100644
+--- a/Makefile
b/Makefile
+@@ -1,7 +1,7 @@
+ # SPDX-License-Identifier: GPL-2.0
+ VERSION = 5
+ PATCHLEVEL = 0
+-SUBLEVEL = 12
++SUBLEVEL = 13
+ EXTRAVERSION =
+ NAME = Shy Crocodile
+
+diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
+index dabfcf7c3941..7a0e64ccd6ff 100644
+--- a/arch/x86/include/uapi/asm/kvm.h
b/arch/x86/include/uapi/asm/kvm.h
+@@ -381,6 +381,7 @@ struct kvm_sync_regs {
+ #define KVM_X86_QUIRK_LINT0_REENABLED (1 << 0)
+ #define KVM_X86_QUIRK_CD_NW_CLEARED (1 << 1)
+ #define KVM_X86_QUIRK_LAPIC_MMIO_HOLE (1 << 2)
++#define KVM_X86_QUIRK_OUT_7E_INC_RIP (1 << 3)
+
+ #define KVM_STATE_NESTED_GUEST_MODE 0x0001
+ #define KVM_STATE_NESTED_RUN_PENDING 0x0002
+diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
+index f90b3a948291..a4bcac94392c 100644
+--- a/arch/x86/kvm/vmx/nested.c
b/arch/x86/kvm/vmx/nested.c
+@@ -5407,7 +5407,7 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcpu,
+ return ret;
+
+ /* Empty 'VMXON' state is permitted */
+- if (kvm_state->size < sizeof(kvm_state) + sizeof(*vmcs12))
++ if (kvm_state->size < sizeof(*kvm_state) + sizeof(*vmcs12))
+ return 0;
+
+ if (kvm_state->vmx.vmcs_pa != -1ull) {
+@@ -5451,7 +5451,7 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcpu,
+ vmcs12->vmcs_link_pointer != -1ull) {
+ struct vmcs12 *shadow_vmcs12 = get_shadow_vmcs12(vcpu);
+
+- if (kvm_state->size < sizeof(kvm_state) + 2 * sizeof(*vmcs12))
++ if (kvm_state->size < sizeof(*kvm_state) + 2 * sizeof(*vmcs12))
+ return -EINVAL;
+
+ if (copy_from_user(shadow_vmcs12,
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
+index 8c9fb6453b2f..7e413ea19a9a 100644
+--- a/arch/x86/kvm/x86.c
b/arch/x86/kvm/x86.c
+@@ -6536,6 +6536,12 @@ int kvm_emulate_instruction_from_buffer(struct kvm_vcpu
*vcpu,
+ }
+ EXPORT_SYMBOL_GPL(kvm_emulate_instruction_from_buffer);
+
++static int complete_fast_pio_out_port_0x7e(struct kvm_vcpu *vcpu)
++{
++ vcpu->arch.pio.count = 0;
++ return 1;
++}
++
+ static int complete_fast_pio_out(struct kvm_vcpu *vcpu)
+ {
+ vcpu->arch.pio.count = 0;
+@@ -6552,12 +6558,23 @@ static int kvm_fast_pio_out(struct kvm_vcpu *vcpu, int
size,
+ unsigned long val = kvm_register_read(vcpu, VCPU_REGS_RAX);
+ int ret = emulator_pio_out_emulated(&vcpu->arch.emulate_ctxt,
+ size, port, &val, 1);
++ if (ret)
++ return ret;
+
+- if (!ret) {
++ /*
++ * Workaround userspace that relies on old KVM behavior of %rip being
++ * incremented prior to exiting to userspace to handle "OUT 0x7e".
++ */
++ if (port == 0x7e &&
++ kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_OUT_7E_INC_RIP)) {
++ vcpu->arch.complete_userspace_io =
++ complete_fast_pio_out_port_0x7e;
++ kvm_skip_emulated_instruction(vcpu);
++ } else {
+ vcpu->arch.pio.linear_rip = kvm_get_linear_rip(vcpu);
+ vcpu->arch.complete_userspace_io = complete_fast_pio_out;
+ }
+- return ret;
++ return 0;
+ }
+
+ static int complete_fast_pio_in(struct kvm_vcpu *vcpu)
+diff --git a/drivers/net/dsa/bcm_sf2_cfp.c b/drivers/net/dsa/bcm_sf2_cfp.c
+index e14663ab6dbc..8dd74700a2ef 100644
+--- a/drivers/net/dsa/bcm_sf2_cfp.c
b/drivers/net/dsa/bcm_sf2_cfp.c
+@@ -854,6 +854,9 @@ static int bcm_sf2_cfp_rule_set(struct dsa_switch *ds, int
port,
+fs->m_ext.data[1]))
+ return -EINVAL;
+
++ if (fs->location != RX_CLS_LOC_ANY && fs->location >= CFP_NUM_RULES)
++ return -EINVAL;
++
+ if (fs->location != RX_CLS_LOC_ANY &&
+ test_bit(fs->location, priv->cfp.used))
+ return -EBUSY;
+@@ -942,6 +945,9 @@ static int bcm_sf2_cfp_rule_del(struct bcm_sf2_priv *priv,
int port, u32 loc)
+ struct cfp_rule *rule;
+ int ret;
+
++ if (loc >= CFP_NUM_RULES)
++ return -EINVAL;
++
+ /* Refuse deleting unused rules, and those that are not unique since
+* that could leave IPv6 rules with one of the chained
[gentoo-commits] proj/linux-patches:5.0 commit in: /
commit: dc81aa26ea1bd832413eabc76bcff4c1421e0b2c
Author: Mike Pagano gentoo org>
AuthorDate: Sat May 4 18:29:38 2019 +
Commit: Mike Pagano gentoo org>
CommitDate: Sat May 4 18:29:38 2019 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=dc81aa26
Linux patch 5.0.12
Signed-off-by: Mike Pagano gentoo.org>
_README |4 +
1011_linux-5.0.12.patch | 3398 +++
2 files changed, 3402 insertions(+)
diff --git a/_README b/_README
index 4dfa486..3b63726 100644
--- a/_README
+++ b/_README
@@ -87,6 +87,10 @@ Patch: 1010_linux-5.0.11.patch
From: http://www.kernel.org
Desc: Linux 5.0.11
+Patch: 1011_linux-5.0.12.patch
+From: http://www.kernel.org
+Desc: Linux 5.0.12
+
Patch: 1500_XATTR_USER_PREFIX.patch
From: https://bugs.gentoo.org/show_bug.cgi?id=470644
Desc: Support for namespace user.pax.* on tmpfs.
diff --git a/1011_linux-5.0.12.patch b/1011_linux-5.0.12.patch
new file mode 100644
index 000..f1fc8ab
--- /dev/null
+++ b/1011_linux-5.0.12.patch
@@ -0,0 +1,3398 @@
+diff --git a/Documentation/i2c/busses/i2c-i801
b/Documentation/i2c/busses/i2c-i801
+index d1ee484a787d..ee9984f35868 100644
+--- a/Documentation/i2c/busses/i2c-i801
b/Documentation/i2c/busses/i2c-i801
+@@ -36,6 +36,7 @@ Supported adapters:
+ * Intel Cannon Lake (PCH)
+ * Intel Cedar Fork (PCH)
+ * Intel Ice Lake (PCH)
++ * Intel Comet Lake (PCH)
+Datasheets: Publicly available at the Intel website
+
+ On Intel Patsburg and later chipsets, both the normal host SMBus controller
+diff --git a/Makefile b/Makefile
+index c3daaefa979c..fd044f594bbf 100644
+--- a/Makefile
b/Makefile
+@@ -1,7 +1,7 @@
+ # SPDX-License-Identifier: GPL-2.0
+ VERSION = 5
+ PATCHLEVEL = 0
+-SUBLEVEL = 11
++SUBLEVEL = 12
+ EXTRAVERSION =
+ NAME = Shy Crocodile
+
+@@ -31,7 +31,7 @@ _all:
+ # descending is started. They are now explicitly listed as the
+ # prepare rule.
+
+-ifneq ($(sub-make-done),1)
++ifneq ($(sub_make_done),1)
+
+ # Do not use make's built-in rules and variables
+ # (this increases performance and avoids hard-to-debug behaviour)
+@@ -159,6 +159,8 @@ need-sub-make := 1
+ $(lastword $(MAKEFILE_LIST)): ;
+ endif
+
++export sub_make_done := 1
++
+ ifeq ($(need-sub-make),1)
+
+ PHONY += $(MAKECMDGOALS) sub-make
+@@ -168,12 +170,12 @@ $(filter-out _all sub-make $(CURDIR)/Makefile,
$(MAKECMDGOALS)) _all: sub-make
+
+ # Invoke a second make in the output directory, passing relevant variables
+ sub-make:
+- $(Q)$(MAKE) sub-make-done=1 \
++ $(Q)$(MAKE) \
+ $(if $(KBUILD_OUTPUT),-C $(KBUILD_OUTPUT) KBUILD_SRC=$(CURDIR)) \
+ -f $(CURDIR)/Makefile $(filter-out _all sub-make,$(MAKECMDGOALS))
+
+ endif # need-sub-make
+-endif # sub-make-done
++endif # sub_make_done
+
+ # We process the rest of the Makefile if this is the final invocation of make
+ ifeq ($(need-sub-make),)
+diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
+index 26524b75970a..e5d56d9b712c 100644
+--- a/arch/arm/Kconfig
b/arch/arm/Kconfig
+@@ -593,6 +593,7 @@ config ARCH_DAVINCI
+ select HAVE_IDE
+ select PM_GENERIC_DOMAINS if PM
+ select PM_GENERIC_DOMAINS_OF if PM && OF
++ select REGMAP_MMIO
+ select RESET_CONTROLLER
+ select USE_OF
+ select ZONE_DMA
+diff --git a/arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts
b/arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts
+index 5641d162dfdb..28e7513ce617 100644
+--- a/arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts
b/arch/arm/boot/dts/bcm2835-rpi-b-rev2.dts
+@@ -93,7 +93,7 @@
+ };
+
+ &hdmi {
+- hpd-gpios = <&gpio 46 GPIO_ACTIVE_LOW>;
++ hpd-gpios = <&gpio 46 GPIO_ACTIVE_HIGH>;
+ };
+
+ &pwm {
+diff --git a/arch/arm/boot/dts/imx6qdl-icore-rqs.dtsi
b/arch/arm/boot/dts/imx6qdl-icore-rqs.dtsi
+index 1d1b4bd0670f..a4217f564a53 100644
+--- a/arch/arm/boot/dts/imx6qdl-icore-rqs.dtsi
b/arch/arm/boot/dts/imx6qdl-icore-rqs.dtsi
+@@ -264,7 +264,7 @@
+ pinctrl-2 = <&pinctrl_usdhc3_200mhz>;
+ vmcc-supply = <®_sd3_vmmc>;
+ cd-gpios = <&gpio1 1 GPIO_ACTIVE_LOW>;
+- bus-witdh = <4>;
++ bus-width = <4>;
+ no-1-8-v;
+ status = "okay";
+ };
+@@ -275,7 +275,7 @@
+ pinctrl-1 = <&pinctrl_usdhc4_100mhz>;
+ pinctrl-2 = <&pinctrl_usdhc4_200mhz>;
+ vmcc-supply = <®_sd4_vmmc>;
+- bus-witdh = <8>;
++ bus-width = <8>;
+ no-1-8-v;
+ non-removable;
+ status = "okay";
+diff --git a/arch/arm/boot/dts/imx6qdl-phytec-pfla02.dtsi
b/arch/arm/boot/dts/imx6qdl-phytec-pfla02.dtsi
+index 1b50b01e9bac..65d03c5d409b 100644
+--- a/arch/arm/boot/dts/imx6qdl-phytec-pfla02.dtsi
b/arch/arm/boot/dts/imx6qdl-phytec-pfla02.dtsi
+@@ -90,6 +90,7 @@
+ pinctrl-names = "default";
+ pinctrl-0 = <&pinctrl_enet>;
+ phy-mode = "rgmii";
++ phy-reset-duration = <10>; /* in msecs */
+ phy-reset-gpios = <&gpio3 23 GPIO_ACTIVE_LOW>;
+ phy-supply = <&vdd_eth_io_
[gentoo-commits] proj/linux-patches:5.0 commit in: /
commit: 665ebba14c8b3d369b4d6e59828e8e33697c4879 Author: Mike Pagano gentoo org> AuthorDate: Thu May 2 10:12:30 2019 + Commit: Mike Pagano gentoo org> CommitDate: Thu May 2 10:12:30 2019 + URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=665ebba1 Linux patch 5.0.11 Signed-off-by: Mike Pagano gentoo.org> _README |4 + 1010_linux-5.0.11.patch | 3504 +++ 2 files changed, 3508 insertions(+) diff --git a/_README b/_README index 49a76eb..4dfa486 100644 --- a/_README +++ b/_README @@ -83,6 +83,10 @@ Patch: 1009_linux-5.0.10.patch From: http://www.kernel.org Desc: Linux 5.0.10 +Patch: 1010_linux-5.0.11.patch +From: http://www.kernel.org +Desc: Linux 5.0.11 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1010_linux-5.0.11.patch b/1010_linux-5.0.11.patch new file mode 100644 index 000..a5f9df8 --- /dev/null +++ b/1010_linux-5.0.11.patch @@ -0,0 +1,3504 @@ +diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt +index acdfb5d2bcaa..e2142fe40cda 100644 +--- a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt +@@ -422,6 +422,7 @@ tcp_min_rtt_wlen - INTEGER + minimum RTT when it is moved to a longer path (e.g., due to traffic + engineering). A longer window makes the filter more resistant to RTT + inflations such as transient congestion. The unit is seconds. ++ Possible values: 0 - 86400 (1 day) + Default: 300 + + tcp_moderate_rcvbuf - BOOLEAN +diff --git a/Documentation/sysctl/vm.txt b/Documentation/sysctl/vm.txt +index 187ce4f599a2..e4dfaf0d6e87 100644 +--- a/Documentation/sysctl/vm.txt b/Documentation/sysctl/vm.txt +@@ -866,14 +866,14 @@ The intent is that compaction has less work to do in the future and to + increase the success rate of future high-order allocations such as SLUB + allocations, THP and hugetlbfs pages. + +-To make it sensible with respect to the watermark_scale_factor parameter, +-the unit is in fractions of 10,000. The default value of 15,000 means +-that up to 150% of the high watermark will be reclaimed in the event of +-a pageblock being mixed due to fragmentation. The level of reclaim is +-determined by the number of fragmentation events that occurred in the +-recent past. If this value is smaller than a pageblock then a pageblocks +-worth of pages will be reclaimed (e.g. 2MB on 64-bit x86). A boost factor +-of 0 will disable the feature. ++To make it sensible with respect to the watermark_scale_factor ++parameter, the unit is in fractions of 10,000. The default value of ++15,000 on !DISCONTIGMEM configurations means that up to 150% of the high ++watermark will be reclaimed in the event of a pageblock being mixed due ++to fragmentation. The level of reclaim is determined by the number of ++fragmentation events that occurred in the recent past. If this value is ++smaller than a pageblock then a pageblocks worth of pages will be reclaimed ++(e.g. 2MB on 64-bit x86). A boost factor of 0 will disable the feature. + + = + +diff --git a/Makefile b/Makefile +index b282c4143b21..c3daaefa979c 100644 +--- a/Makefile b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 5 + PATCHLEVEL = 0 +-SUBLEVEL = 10 ++SUBLEVEL = 11 + EXTRAVERSION = + NAME = Shy Crocodile + +diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S +index 6c7ccb428c07..7135820f76d4 100644 +--- a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S +@@ -1438,7 +1438,21 @@ ENTRY(efi_stub_entry) + + @ Preserve return value of efi_entry() in r4 + mov r4, r0 +- bl cache_clean_flush ++ ++ @ our cache maintenance code relies on CP15 barrier instructions ++ @ but since we arrived here with the MMU and caches configured ++ @ by UEFI, we must check that the CP15BEN bit is set in SCTLR. ++ @ Note that this bit is RAO/WI on v6 and earlier, so the ISB in ++ @ the enable path will be executed on v7+ only. ++ mrc p15, 0, r1, c1, c0, 0 @ read SCTLR ++ tst r1, #(1 << 5) @ CP15BEN bit set? ++ bne 0f ++ orr r1, r1, #(1 << 5) @ CP15 barrier instructions ++ mcr p15, 0, r1, c1, c0, 0 @ write SCTLR ++ ARM( .inst 0xf57ff06f @ v7+ isb ) ++ THUMB( isb ) ++ ++0:bl cache_clean_flush + bl cache_off + + @ Set parameters for booting zImage according to boot protocol +diff --git a/arch/arm64/mm/init.c b/arch/arm64
[gentoo-commits] proj/linux-patches:5.0 commit in: /
commit: 34d9261639ae90116c1b17c082767e44530b9116
Author: Mike Pagano gentoo org>
AuthorDate: Sat Apr 27 17:38:27 2019 +
Commit: Mike Pagano gentoo org>
CommitDate: Sat Apr 27 17:38:27 2019 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=34d92616
Linux paycj 5.0.10
Signed-off-by: Mike Pagano gentoo.org>
_README |4 +
1009_linux-5.0.10.patch | 4117 +++
2 files changed, 4121 insertions(+)
diff --git a/_README b/_README
index dda69ae..49a76eb 100644
--- a/_README
+++ b/_README
@@ -79,6 +79,10 @@ Patch: 1008_linux-5.0.9.patch
From: http://www.kernel.org
Desc: Linux 5.0.9
+Patch: 1009_linux-5.0.10.patch
+From: http://www.kernel.org
+Desc: Linux 5.0.10
+
Patch: 1500_XATTR_USER_PREFIX.patch
From: https://bugs.gentoo.org/show_bug.cgi?id=470644
Desc: Support for namespace user.pax.* on tmpfs.
diff --git a/1009_linux-5.0.10.patch b/1009_linux-5.0.10.patch
new file mode 100644
index 000..0659014
--- /dev/null
+++ b/1009_linux-5.0.10.patch
@@ -0,0 +1,4117 @@
+diff --git a/Makefile b/Makefile
+index ef192ca04330..b282c4143b21 100644
+--- a/Makefile
b/Makefile
+@@ -1,7 +1,7 @@
+ # SPDX-License-Identifier: GPL-2.0
+ VERSION = 5
+ PATCHLEVEL = 0
+-SUBLEVEL = 9
++SUBLEVEL = 10
+ EXTRAVERSION =
+ NAME = Shy Crocodile
+
+@@ -678,8 +678,7 @@ KBUILD_CFLAGS += $(call cc-disable-warning,
format-overflow)
+ KBUILD_CFLAGS += $(call cc-disable-warning, int-in-bool-context)
+
+ ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE
+-KBUILD_CFLAGS += $(call cc-option,-Oz,-Os)
+-KBUILD_CFLAGS += $(call cc-disable-warning,maybe-uninitialized,)
++KBUILD_CFLAGS += -Os $(call cc-disable-warning,maybe-uninitialized,)
+ else
+ ifdef CONFIG_PROFILE_ALL_BRANCHES
+ KBUILD_CFLAGS += -O2 $(call cc-disable-warning,maybe-uninitialized,)
+diff --git a/arch/arm64/include/asm/futex.h b/arch/arm64/include/asm/futex.h
+index e1d95f08f8e1..c7e1a7837706 100644
+--- a/arch/arm64/include/asm/futex.h
b/arch/arm64/include/asm/futex.h
+@@ -50,7 +50,7 @@ do {
\
+ static inline int
+ arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *_uaddr)
+ {
+- int oldval, ret, tmp;
++ int oldval = 0, ret, tmp;
+ u32 __user *uaddr = __uaccess_mask_ptr(_uaddr);
+
+ pagefault_disable();
+diff --git a/arch/s390/boot/mem_detect.c b/arch/s390/boot/mem_detect.c
+index 4cb771ba13fa..5d316fe40480 100644
+--- a/arch/s390/boot/mem_detect.c
b/arch/s390/boot/mem_detect.c
+@@ -25,7 +25,7 @@ static void *mem_detect_alloc_extended(void)
+ {
+ unsigned long offset = ALIGN(mem_safe_offset(), sizeof(u64));
+
+- if (IS_ENABLED(BLK_DEV_INITRD) && INITRD_START && INITRD_SIZE &&
++ if (IS_ENABLED(CONFIG_BLK_DEV_INITRD) && INITRD_START && INITRD_SIZE &&
+ INITRD_START < offset + ENTRIES_EXTENDED_MAX)
+ offset = ALIGN(INITRD_START + INITRD_SIZE, sizeof(u64));
+
+diff --git a/arch/x86/crypto/poly1305-avx2-x86_64.S
b/arch/x86/crypto/poly1305-avx2-x86_64.S
+index 3b6e70d085da..8457cdd47f75 100644
+--- a/arch/x86/crypto/poly1305-avx2-x86_64.S
b/arch/x86/crypto/poly1305-avx2-x86_64.S
+@@ -323,6 +323,12 @@ ENTRY(poly1305_4block_avx2)
+ vpaddq t2,t1,t1
+ vmovq t1x,d4
+
++ # Now do a partial reduction mod (2^130)-5, carrying h0 -> h1 -> h2 ->
++ # h3 -> h4 -> h0 -> h1 to get h0,h2,h3,h4 < 2^26 and h1 < 2^26 + a small
++ # amount. Careful: we must not assume the carry bits 'd0 >> 26',
++ # 'd1 >> 26', 'd2 >> 26', 'd3 >> 26', and '(d4 >> 26) * 5' fit in 32-bit
++ # integers. It's true in a single-block implementation, but not here.
++
+ # d1 += d0 >> 26
+ mov d0,%rax
+ shr $26,%rax
+@@ -361,16 +367,16 @@ ENTRY(poly1305_4block_avx2)
+ # h0 += (d4 >> 26) * 5
+ mov d4,%rax
+ shr $26,%rax
+- lea (%eax,%eax,4),%eax
+- add %eax,%ebx
++ lea (%rax,%rax,4),%rax
++ add %rax,%rbx
+ # h4 = d4 & 0x3ff
+ mov d4,%rax
+ and $0x3ff,%eax
+ mov %eax,h4
+
+ # h1 += h0 >> 26
+- mov %ebx,%eax
+- shr $26,%eax
++ mov %rbx,%rax
++ shr $26,%rax
+ add %eax,h1
+ # h0 = h0 & 0x3ff
+ andl$0x3ff,%ebx
+diff --git a/arch/x86/crypto/poly1305-sse2-x86_64.S
b/arch/x86/crypto/poly1305-sse2-x86_64.S
+index c88c670cb5fc..5851c7418fb7 100644
+--- a/arch/x86/crypto/poly1305-sse2-x86_64.S
b/arch/x86/crypto/poly1305-sse2-x86_64.S
+@@ -253,16 +253,16 @@ ENTRY(poly1305_block_sse2)
+ # h0 += (d4 >> 26) * 5
+ mov d4,%rax
+ shr $26,%rax
+- lea (%eax,%eax,4),%eax
+- add
[gentoo-commits] proj/linux-patches:5.0 commit in: /
commit: 3fc69f4634e06b7a81d27e097aeaf5bd6c79fdf5
Author: Mike Pagano gentoo org>
AuthorDate: Sat Apr 20 11:12:01 2019 +
Commit: Mike Pagano gentoo org>
CommitDate: Sat Apr 20 11:12:01 2019 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=3fc69f46
Linux patch 5.0.9
Signed-off-by: Mike Pagano gentoo.org>
_README|4 +
1008_linux-5.0.9.patch | 3652
2 files changed, 3656 insertions(+)
diff --git a/_README b/_README
index 2dd07a5..dda69ae 100644
--- a/_README
+++ b/_README
@@ -75,6 +75,10 @@ Patch: 1007_linux-5.0.8.patch
From: http://www.kernel.org
Desc: Linux 5.0.8
+Patch: 1008_linux-5.0.9.patch
+From: http://www.kernel.org
+Desc: Linux 5.0.9
+
Patch: 1500_XATTR_USER_PREFIX.patch
From: https://bugs.gentoo.org/show_bug.cgi?id=470644
Desc: Support for namespace user.pax.* on tmpfs.
diff --git a/1008_linux-5.0.9.patch b/1008_linux-5.0.9.patch
new file mode 100644
index 000..ca29395
--- /dev/null
+++ b/1008_linux-5.0.9.patch
@@ -0,0 +1,3652 @@
+diff --git a/Makefile b/Makefile
+index f7666051de66..ef192ca04330 100644
+--- a/Makefile
b/Makefile
+@@ -1,7 +1,7 @@
+ # SPDX-License-Identifier: GPL-2.0
+ VERSION = 5
+ PATCHLEVEL = 0
+-SUBLEVEL = 8
++SUBLEVEL = 9
+ EXTRAVERSION =
+ NAME = Shy Crocodile
+
+diff --git a/arch/arc/configs/hsdk_defconfig b/arch/arc/configs/hsdk_defconfig
+index 87b23b7fb781..aefcf7a4e17a 100644
+--- a/arch/arc/configs/hsdk_defconfig
b/arch/arc/configs/hsdk_defconfig
+@@ -8,6 +8,7 @@ CONFIG_NAMESPACES=y
+ # CONFIG_UTS_NS is not set
+ # CONFIG_PID_NS is not set
+ CONFIG_BLK_DEV_INITRD=y
++CONFIG_BLK_DEV_RAM=y
+ CONFIG_EMBEDDED=y
+ CONFIG_PERF_EVENTS=y
+ # CONFIG_VM_EVENT_COUNTERS is not set
+diff --git a/arch/arc/kernel/head.S b/arch/arc/kernel/head.S
+index 30e090625916..a72bbda2f7aa 100644
+--- a/arch/arc/kernel/head.S
b/arch/arc/kernel/head.S
+@@ -106,6 +106,7 @@ ENTRY(stext)
+ ;r2 = pointer to uboot provided cmdline or external DTB in mem
+ ; These are handled later in handle_uboot_args()
+ st r0, [@uboot_tag]
++ st r1, [@uboot_magic]
+ st r2, [@uboot_arg]
+
+ ; setup "current" tsk and optionally cache it in dedicated r25
+diff --git a/arch/arc/kernel/setup.c b/arch/arc/kernel/setup.c
+index 7b2340996cf8..7b3a7b3b380c 100644
+--- a/arch/arc/kernel/setup.c
b/arch/arc/kernel/setup.c
+@@ -36,6 +36,7 @@ unsigned int intr_to_DE_cnt;
+
+ /* Part of U-boot ABI: see head.S */
+ int __initdata uboot_tag;
++int __initdata uboot_magic;
+ char __initdata *uboot_arg;
+
+ const struct machine_desc *machine_desc;
+@@ -497,6 +498,8 @@ static inline bool uboot_arg_invalid(unsigned long addr)
+ #define UBOOT_TAG_NONE0
+ #define UBOOT_TAG_CMDLINE 1
+ #define UBOOT_TAG_DTB 2
++/* We always pass 0 as magic from U-boot */
++#define UBOOT_MAGIC_VALUE 0
+
+ void __init handle_uboot_args(void)
+ {
+@@ -511,6 +514,11 @@ void __init handle_uboot_args(void)
+ goto ignore_uboot_args;
+ }
+
++ if (uboot_magic != UBOOT_MAGIC_VALUE) {
++ pr_warn(IGNORE_ARGS "non zero uboot magic\n");
++ goto ignore_uboot_args;
++ }
++
+ if (uboot_tag != UBOOT_TAG_NONE &&
+ uboot_arg_invalid((unsigned long)uboot_arg)) {
+ pr_warn(IGNORE_ARGS "invalid uboot arg: '%px'\n", uboot_arg);
+diff --git a/arch/arm/kernel/patch.c b/arch/arm/kernel/patch.c
+index a50dc00d79a2..d0a05a3bdb96 100644
+--- a/arch/arm/kernel/patch.c
b/arch/arm/kernel/patch.c
+@@ -16,7 +16,7 @@ struct patch {
+ unsigned int insn;
+ };
+
+-static DEFINE_SPINLOCK(patch_lock);
++static DEFINE_RAW_SPINLOCK(patch_lock);
+
+ static void __kprobes *patch_map(void *addr, int fixmap, unsigned long *flags)
+ __acquires(&patch_lock)
+@@ -33,7 +33,7 @@ static void __kprobes *patch_map(void *addr, int fixmap,
unsigned long *flags)
+ return addr;
+
+ if (flags)
+- spin_lock_irqsave(&patch_lock, *flags);
++ raw_spin_lock_irqsave(&patch_lock, *flags);
+ else
+ __acquire(&patch_lock);
+
+@@ -48,7 +48,7 @@ static void __kprobes patch_unmap(int fixmap, unsigned long
*flags)
+ clear_fixmap(fixmap);
+
+ if (flags)
+- spin_unlock_irqrestore(&patch_lock, *flags);
++ raw_spin_unlock_irqrestore(&patch_lock, *flags);
+ else
+ __release(&patch_lock);
+ }
+diff --git a/arch/mips/bcm47xx/workarounds.c b/arch/mips/bcm47xx/workarounds.c
+index 46eddbec8d9f..0ab95dd431b3 100644
+--- a/arch/mips/bcm47xx/workarounds.c
b/arch/mips/bcm47xx/workarounds.c
+@@ -24,6 +24,7 @@ void __init bcm47xx_workarounds(void)
+ case BCM47XX_BOARD_NETGEAR_WNR3500L:
+ bcm47xx_workarounds_enable_usb_power(12);
+ break;
++ case BCM47XX_BOARD_NETGEAR_WNDR3400V2:
+ case BCM47XX
[gentoo-commits] proj/linux-patches:5.0 commit in: /
commit: eb3023590694db5d00b2c90aef55a1aa33682713
Author: Mike Pagano gentoo org>
AuthorDate: Wed Apr 3 11:08:46 2019 +
Commit: Mike Pagano gentoo org>
CommitDate: Wed Apr 3 11:08:46 2019 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=eb302359
Removal of redundant netfilter patch
Removal:
2900_netfilter-patch-nf_tables-fix-set-
double-free-in-abort-path.patch
Signed-off-by: Mike Pagano gentoo.org>
_README| 4 -
..._tables-fix-set-double-free-in-abort-path.patch | 127 -
2 files changed, 131 deletions(-)
diff --git a/_README b/_README
index 8c66a94..d25ad88 100644
--- a/_README
+++ b/_README
@@ -83,10 +83,6 @@ Patch: 2600_enable-key-swapping-for-apple-mac.patch
From: https://github.com/free5lot/hid-apple-patched
Desc: This hid-apple patch enables swapping of the FN and left Control keys
and some additional on some apple keyboards. See bug #622902
-Patch: 2900_netfilter-patch-nf_tables-fix-set-double-free-in-abort-path.patch
-From: https://www.spinics.net/lists/netfilter-devel/msg58466.html
-Desc: netfilter: nf_tables: fix set double-free in abort path
-
Patch: 4567_distro-Gentoo-Kconfig.patch
From: Tom Wijsman
Desc: Add Gentoo Linux support config settings and defaults.
diff --git
a/2900_netfilter-patch-nf_tables-fix-set-double-free-in-abort-path.patch
b/2900_netfilter-patch-nf_tables-fix-set-double-free-in-abort-path.patch
deleted file mode 100644
index 3cc4aef..000
--- a/2900_netfilter-patch-nf_tables-fix-set-double-free-in-abort-path.patch
+++ /dev/null
@@ -1,127 +0,0 @@
-commit 40ba1d9b4d19796afc9b7ece872f5f3e8f5e2c13 upstream.
-
-The abort path can cause a double-free of an anonymous set.
-Added-and-to-be-aborted rule looks like this:
-
-udp dport { 137, 138 } drop
-
-The to-be-aborted transaction list looks like this:
-
-newset
-newsetelem
-newsetelem
-rule
-
-This gets walked in reverse order, so first pass disables the rule, the
-set elements, then the set.
-
-After synchronize_rcu(), we then destroy those in same order: rule, set
-element, set element, newset.
-
-Problem is that the anonymous set has already been bound to the rule, so
-the rule (lookup expression destructor) already frees the set, when then
-cause use-after-free when trying to delete the elements from this set,
-then try to free the set again when handling the newset expression.
-
-Rule releases the bound set in first place from the abort path, this
-causes the use-after-free on set element removal when undoing the new
-element transactions. To handle this, skip new element transaction if
-set is bound from the abort path.
-
-This is still causes the use-after-free on set element removal. To
-handle this, remove transaction from the list when the set is already
-bound.
-
-Fixes: f6ac85858976 ("netfilter: nf_tables: unbind set in rule from commit
path")
-Bugzilla: https://bugzilla.netfilter.org/show_bug.cgi?id=1325
-Signed-off-by: Pablo Neira Ayuso
-Florian, I'm taking your original patch subject and part of the description,
-sending this as v2. Please ack if this looks good to you. Thanks.
-
- include/net/netfilter/nf_tables.h | 6 ++
- net/netfilter/nf_tables_api.c | 17 +++--
- 2 files changed, 13 insertions(+), 10 deletions(-)
-
-diff --git a/include/net/netfilter/nf_tables.h
b/include/net/netfilter/nf_tables.h
-index b4984bbbe157..3d58acf94dd2 100644
a/include/net/netfilter/nf_tables.h
-+++ b/include/net/netfilter/nf_tables.h
-@@ -416,7 +416,8 @@ struct nft_set {
- unsigned char *udata;
- /* runtime data below here */
- const struct nft_set_ops*ops cacheline_aligned;
-- u16 flags:14,
-+ u16 flags:13,
-+ bound:1,
- genmask:2;
- u8 klen;
- u8 dlen;
-@@ -1329,15 +1330,12 @@ struct nft_trans_rule {
- struct nft_trans_set {
- struct nft_set *set;
- u32 set_id;
-- boolbound;
- };
-
- #define nft_trans_set(trans) \
- (((struct nft_trans_set *)trans->data)->set)
- #define nft_trans_set_id(trans) \
- (((struct nft_trans_set *)trans->data)->set_id)
--#define nft_trans_set_bound(trans)\
-- (((struct nft_trans_set *)trans->data)->bound)
-
- struct nft_trans_chain {
- boolupdate;
-diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
-index 4893f248dfdc..e1724f9d8b9d 100644
a/net/netfilter/nf_tables_api.c
-+++ b/net/netfilter/nf_tables_api.c
-@@ -127,7 +127,7 @@ static void nft_set_trans_bind(const struct nft_ctx *ctx,
struct nft_set *set)
- list_for_each_entry_reverse(trans, &net->nft.commit_list, lis
[gentoo-commits] proj/linux-patches:5.0 commit in: /
commit: 49c65cd5536daa462058ae4d2fef3d167b10719c
Author: Mike Pagano gentoo org>
AuthorDate: Wed Mar 27 12:19:55 2019 +
Commit: Mike Pagano gentoo org>
CommitDate: Wed Mar 27 12:19:55 2019 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=49c65cd5
Update of netfilter patch thanks to kerfamil
Updated patch:
netfilter: nf_tables: fix set double-free in abort path
Signed-off-by: Mike Pagano gentoo.org>
..._tables-fix-set-double-free-in-abort-path.patch | 189 +++--
1 file changed, 103 insertions(+), 86 deletions(-)
diff --git
a/2900_netfilter-patch-nf_tables-fix-set-double-free-in-abort-path.patch
b/2900_netfilter-patch-nf_tables-fix-set-double-free-in-abort-path.patch
index 8a126bf..3cc4aef 100644
--- a/2900_netfilter-patch-nf_tables-fix-set-double-free-in-abort-path.patch
+++ b/2900_netfilter-patch-nf_tables-fix-set-double-free-in-abort-path.patch
@@ -1,110 +1,127 @@
-From: Florian Westphal
-To:
-Cc: k...@plushkava.net, Florian Westphal
-Subject: [PATCH nf] netfilter: nf_tables: fix set double-free in abort path
-Date: Thu, 7 Mar 2019 20:30:41 +0100
-X-Mailer: git-send-email 2.19.2
-
-The abort path can cause a double-free of an (anon) set.
+commit 40ba1d9b4d19796afc9b7ece872f5f3e8f5e2c13 upstream.
+The abort path can cause a double-free of an anonymous set.
Added-and-to-be-aborted rule looks like this:
udp dport { 137, 138 } drop
The to-be-aborted transaction list looks like this:
+
newset
newsetelem
newsetelem
rule
-This gets walked in reverse order, so first pass disables
-the rule, the set elements, then the set.
-
-After synchronize_rcu(), we then destroy those in same order:
-rule, set element, set element, newset.
+This gets walked in reverse order, so first pass disables the rule, the
+set elements, then the set.
-Problem is that the (anon) set has already been bound to the rule,
-so the rule (lookup expression destructor) already frees the set,
-when then cause use-after-free when trying to delete the elements
-from this set, then try to free the set again when handling the
-newset expression.
+After synchronize_rcu(), we then destroy those in same order: rule, set
+element, set element, newset.
-To resolve this, check in first phase if the newset is bound already.
-If so, remove the newset transaction from the list, rule destructor
-will handle cleanup.
+Problem is that the anonymous set has already been bound to the rule, so
+the rule (lookup expression destructor) already frees the set, when then
+cause use-after-free when trying to delete the elements from this set,
+then try to free the set again when handling the newset expression.
-This is still causes the use-after-free on set element removal.
-To handle this, move all affected set elements to a extra list
-and process it first.
+Rule releases the bound set in first place from the abort path, this
+causes the use-after-free on set element removal when undoing the new
+element transactions. To handle this, skip new element transaction if
+set is bound from the abort path.
-This forces strict 'destroy elements, then set' ordering.
+This is still causes the use-after-free on set element removal. To
+handle this, remove transaction from the list when the set is already
+bound.
-Fixes: f6ac8585897684 ("netfilter: nf_tables: unbind set in rule from commit
path")
+Fixes: f6ac85858976 ("netfilter: nf_tables: unbind set in rule from commit
path")
Bugzilla: https://bugzilla.netfilter.org/show_bug.cgi?id=1325
-Signed-off-by: Florian Westphal
+Signed-off-by: Pablo Neira Ayuso
+---
+Florian, I'm taking your original patch subject and part of the description,
+sending this as v2. Please ack if this looks good to you. Thanks.
a/net/netfilter/nf_tables_api.c2019-03-07 21:49:45.776492810 -
-+++ b/net/netfilter/nf_tables_api.c2019-03-07 21:49:57.067493081 -
-@@ -6634,10 +6634,39 @@ static void nf_tables_abort_release(stru
- kfree(trans);
- }
+ include/net/netfilter/nf_tables.h | 6 ++
+ net/netfilter/nf_tables_api.c | 17 +++--
+ 2 files changed, 13 insertions(+), 10 deletions(-)
+
+diff --git a/include/net/netfilter/nf_tables.h
b/include/net/netfilter/nf_tables.h
+index b4984bbbe157..3d58acf94dd2 100644
+--- a/include/net/netfilter/nf_tables.h
b/include/net/netfilter/nf_tables.h
+@@ -416,7 +416,8 @@ struct nft_set {
+ unsigned char *udata;
+ /* runtime data below here */
+ const struct nft_set_ops*ops cacheline_aligned;
+- u16 flags:14,
++ u16 flags:13,
++ bound:1,
+ genmask:2;
+ u8 klen;
+ u8 dlen;
+@@ -1329,15 +1330,12 @@ struct nft_trans_rule {
+ struct nft_trans_set {
+ struct nft_set *set;
+ u32
[gentoo-commits] proj/linux-patches:5.0 commit in: /
commit: 24cf9478a62681cd1a01f2b4b4954ad318dad479
Author: Mike Pagano gentoo org>
AuthorDate: Wed Mar 27 10:23:20 2019 +
Commit: Mike Pagano gentoo org>
CommitDate: Wed Mar 27 10:23:20 2019 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=24cf9478
Linux patch 5.0.5
Signed-off-by: Mike Pagano gentoo.org>
_README|4 +
1004_linux-5.0.5.patch | 2012
2 files changed, 2016 insertions(+)
diff --git a/_README b/_README
index 1974ef5..f452eee 100644
--- a/_README
+++ b/_README
@@ -59,6 +59,10 @@ Patch: 1003_linux-5.0.4.patch
From: http://www.kernel.org
Desc: Linux 5.0.4
+Patch: 1004_linux-5.0.5.patch
+From: http://www.kernel.org
+Desc: Linux 5.0.5
+
Patch: 1500_XATTR_USER_PREFIX.patch
From: https://bugs.gentoo.org/show_bug.cgi?id=470644
Desc: Support for namespace user.pax.* on tmpfs.
diff --git a/1004_linux-5.0.5.patch b/1004_linux-5.0.5.patch
new file mode 100644
index 000..37a532b
--- /dev/null
+++ b/1004_linux-5.0.5.patch
@@ -0,0 +1,2012 @@
+diff --git a/Makefile b/Makefile
+index 06fda21614bc..63152c5ca136 100644
+--- a/Makefile
b/Makefile
+@@ -1,7 +1,7 @@
+ # SPDX-License-Identifier: GPL-2.0
+ VERSION = 5
+ PATCHLEVEL = 0
+-SUBLEVEL = 4
++SUBLEVEL = 5
+ EXTRAVERSION =
+ NAME = Shy Crocodile
+
+diff --git a/arch/mips/include/asm/jump_label.h
b/arch/mips/include/asm/jump_label.h
+index e77672539e8e..e4456e450f94 100644
+--- a/arch/mips/include/asm/jump_label.h
b/arch/mips/include/asm/jump_label.h
+@@ -21,15 +21,15 @@
+ #endif
+
+ #ifdef CONFIG_CPU_MICROMIPS
+-#define NOP_INSN "nop32"
++#define B_INSN "b32"
+ #else
+-#define NOP_INSN "nop"
++#define B_INSN "b"
+ #endif
+
+ static __always_inline bool arch_static_branch(struct static_key *key, bool
branch)
+ {
+- asm_volatile_goto("1:\t" NOP_INSN "\n\t"
+- "nop\n\t"
++ asm_volatile_goto("1:\t" B_INSN " 2f\n\t"
++ "2:\tnop\n\t"
+ ".pushsection __jump_table, \"aw\"\n\t"
+ WORD_INSN " 1b, %l[l_yes], %0\n\t"
+ ".popsection\n\t"
+diff --git a/arch/mips/kernel/vmlinux.lds.S b/arch/mips/kernel/vmlinux.lds.S
+index cb7e9ed7a453..33ee0d18fb0a 100644
+--- a/arch/mips/kernel/vmlinux.lds.S
b/arch/mips/kernel/vmlinux.lds.S
+@@ -140,6 +140,13 @@ SECTIONS
+ PERCPU_SECTION(1 << CONFIG_MIPS_L1_CACHE_SHIFT)
+ #endif
+
++#ifdef CONFIG_MIPS_ELF_APPENDED_DTB
++ .appended_dtb : AT(ADDR(.appended_dtb) - LOAD_OFFSET) {
++ *(.appended_dtb)
++ KEEP(*(.appended_dtb))
++ }
++#endif
++
+ #ifdef CONFIG_RELOCATABLE
+ . = ALIGN(4);
+
+@@ -164,11 +171,6 @@ SECTIONS
+ __appended_dtb = .;
+ /* leave space for appended DTB */
+ . += 0x10;
+-#elif defined(CONFIG_MIPS_ELF_APPENDED_DTB)
+- .appended_dtb : AT(ADDR(.appended_dtb) - LOAD_OFFSET) {
+- *(.appended_dtb)
+- KEEP(*(.appended_dtb))
+- }
+ #endif
+ /*
+* Align to 64K in attempt to eliminate holes before the
+diff --git a/arch/mips/loongson64/lemote-2f/irq.c
b/arch/mips/loongson64/lemote-2f/irq.c
+index 9e33e45aa17c..b213cecb8e3a 100644
+--- a/arch/mips/loongson64/lemote-2f/irq.c
b/arch/mips/loongson64/lemote-2f/irq.c
+@@ -103,7 +103,7 @@ static struct irqaction ip6_irqaction = {
+ static struct irqaction cascade_irqaction = {
+ .handler = no_action,
+ .name = "cascade",
+- .flags = IRQF_NO_THREAD,
++ .flags = IRQF_NO_THREAD | IRQF_NO_SUSPEND,
+ };
+
+ void __init mach_init_irq(void)
+diff --git a/arch/powerpc/include/asm/vdso_datapage.h
b/arch/powerpc/include/asm/vdso_datapage.h
+index 1afe90ade595..bbc06bd72b1f 100644
+--- a/arch/powerpc/include/asm/vdso_datapage.h
b/arch/powerpc/include/asm/vdso_datapage.h
+@@ -82,10 +82,10 @@ struct vdso_data {
+ __u32 icache_block_size;/* L1 i-cache block size */
+ __u32 dcache_log_block_size;/* L1 d-cache log block size */
+ __u32 icache_log_block_size;/* L1 i-cache log block size */
+- __s32 wtom_clock_sec; /* Wall to monotonic clock */
+- __s32 wtom_clock_nsec;
+- struct timespec stamp_xtime;/* xtime as at tb_orig_stamp */
+- __u32 stamp_sec_fraction; /* fractional seconds of stamp_xtime */
++ __u32 stamp_sec_fraction; /* fractional seconds of
stamp_xtime */
++ __s32 wtom_clock_nsec; /* Wall to monotonic clock nsec
*/
++ __s64 wtom_clock_sec; /* Wall to monotonic clock sec
*/
++ struct timespec stamp_xtime;/* xtime as at tb_orig_stamp */
+ __u32 syscall_map_64[SYSCALL_MAP_SIZE]; /* map of syscalls */
+ __u32 syscall_map_32[SYSCALL_MAP_SIZE]; /* map of syscalls */
+ };
+diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
+index 9b8631533e02..b33bafb8fcea 100644
+
[gentoo-commits] proj/linux-patches:5.0 commit in: /
commit: 9e73079481bd1f7384d57cde9b6d67984fe872cc
Author: Mike Pagano gentoo org>
AuthorDate: Tue Mar 19 17:00:45 2019 +
Commit: Mike Pagano gentoo org>
CommitDate: Tue Mar 19 17:00:45 2019 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=9e730794
proj/linux-patches: Linux patch 5.0.3
Signed-off-by: Mike Pagano gentoo.org>
_README|4 +
1002_linux-5.0.3.patch | 1487
2 files changed, 1491 insertions(+)
diff --git a/_README b/_README
index 04daf20..4989a60 100644
--- a/_README
+++ b/_README
@@ -51,6 +51,10 @@ Patch: 1001_linux-5.0.2.patch
From: http://www.kernel.org
Desc: Linux 5.0.2
+Patch: 1002_linux-5.0.3.patch
+From: http://www.kernel.org
+Desc: Linux 5.0.3
+
Patch: 1500_XATTR_USER_PREFIX.patch
From: https://bugs.gentoo.org/show_bug.cgi?id=470644
Desc: Support for namespace user.pax.* on tmpfs.
diff --git a/1002_linux-5.0.3.patch b/1002_linux-5.0.3.patch
new file mode 100644
index 000..9019944
--- /dev/null
+++ b/1002_linux-5.0.3.patch
@@ -0,0 +1,1487 @@
+diff --git a/Makefile b/Makefile
+index bb2f7664594a..fb888787e7d1 100644
+--- a/Makefile
b/Makefile
+@@ -1,7 +1,7 @@
+ # SPDX-License-Identifier: GPL-2.0
+ VERSION = 5
+ PATCHLEVEL = 0
+-SUBLEVEL = 2
++SUBLEVEL = 3
+ EXTRAVERSION =
+ NAME = Shy Crocodile
+
+diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
+index dadb8f7e5a0d..2480feb07df3 100644
+--- a/arch/x86/events/intel/core.c
b/arch/x86/events/intel/core.c
+@@ -3398,7 +3398,7 @@ tfa_get_event_constraints(struct cpu_hw_events *cpuc,
int idx,
+ /*
+* Without TFA we must not use PMC3.
+*/
+- if (!allow_tsx_force_abort && test_bit(3, c->idxmsk)) {
++ if (!allow_tsx_force_abort && test_bit(3, c->idxmsk) && idx >= 0) {
+ c = dyn_constraint(cpuc, c, idx);
+ c->idxmsk64 &= ~(1ULL << 3);
+ c->weight--;
+@@ -4142,7 +4142,7 @@ static struct attribute *intel_pmu_caps_attrs[] = {
+NULL
+ };
+
+-DEVICE_BOOL_ATTR(allow_tsx_force_abort, 0644, allow_tsx_force_abort);
++static DEVICE_BOOL_ATTR(allow_tsx_force_abort, 0644, allow_tsx_force_abort);
+
+ static struct attribute *intel_pmu_attrs[] = {
+ &dev_attr_freeze_on_smi.attr,
+diff --git a/arch/x86/events/perf_event.h b/arch/x86/events/perf_event.h
+index a345d079f876..acd72e669c04 100644
+--- a/arch/x86/events/perf_event.h
b/arch/x86/events/perf_event.h
+@@ -1032,12 +1032,12 @@ static inline int intel_pmu_init(void)
+ return 0;
+ }
+
+-static inline int intel_cpuc_prepare(struct cpu_hw_event *cpuc, int cpu)
++static inline int intel_cpuc_prepare(struct cpu_hw_events *cpuc, int cpu)
+ {
+ return 0;
+ }
+
+-static inline void intel_cpuc_finish(struct cpu_hw_event *cpuc)
++static inline void intel_cpuc_finish(struct cpu_hw_events *cpuc)
+ {
+ }
+
+diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
+index ed5e42461094..ad48fd52cb53 100644
+--- a/drivers/connector/cn_proc.c
b/drivers/connector/cn_proc.c
+@@ -250,6 +250,7 @@ void proc_coredump_connector(struct task_struct *task)
+ {
+ struct cn_msg *msg;
+ struct proc_event *ev;
++ struct task_struct *parent;
+ __u8 buffer[CN_PROC_MSG_SIZE] __aligned(8);
+
+ if (atomic_read(&proc_event_num_listeners) < 1)
+@@ -262,8 +263,14 @@ void proc_coredump_connector(struct task_struct *task)
+ ev->what = PROC_EVENT_COREDUMP;
+ ev->event_data.coredump.process_pid = task->pid;
+ ev->event_data.coredump.process_tgid = task->tgid;
+- ev->event_data.coredump.parent_pid = task->real_parent->pid;
+- ev->event_data.coredump.parent_tgid = task->real_parent->tgid;
++
++ rcu_read_lock();
++ if (pid_alive(task)) {
++ parent = rcu_dereference(task->real_parent);
++ ev->event_data.coredump.parent_pid = parent->pid;
++ ev->event_data.coredump.parent_tgid = parent->tgid;
++ }
++ rcu_read_unlock();
+
+ memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
+ msg->ack = 0; /* not used */
+@@ -276,6 +283,7 @@ void proc_exit_connector(struct task_struct *task)
+ {
+ struct cn_msg *msg;
+ struct proc_event *ev;
++ struct task_struct *parent;
+ __u8 buffer[CN_PROC_MSG_SIZE] __aligned(8);
+
+ if (atomic_read(&proc_event_num_listeners) < 1)
+@@ -290,8 +298,14 @@ void proc_exit_connector(struct task_struct *task)
+ ev->event_data.exit.process_tgid = task->tgid;
+ ev->event_data.exit.exit_code = task->exit_code;
+ ev->event_data.exit.exit_signal = task->exit_signal;
+- ev->event_data.exit.parent_pid = task->real_parent->pid;
+- ev->event_data.exit.parent_tgid = task->real_parent->tgid;
++
++ rcu_read_lock();
++ if (pid_alive(task)) {
++ parent = rcu_dereference(task->real_parent);
++ ev->event_data.exit.pa
[gentoo-commits] proj/linux-patches:5.0 commit in: /
commit: e6ea672694ccf0bad305b4ffeb7b8dac3e3f804e
Author: Mike Pagano gentoo org>
AuthorDate: Wed Mar 13 22:10:33 2019 +
Commit: Mike Pagano gentoo org>
CommitDate: Wed Mar 13 22:10:33 2019 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=e6ea6726
proj/linux-patches: Linux patch 5.0.2
Signed-off-by: Mike Pagano gentoo.org>
_README|4 +
1001_linux-5.0.2.patch | 1235
2 files changed, 1239 insertions(+)
diff --git a/_README b/_README
index 99e0bb6..04daf20 100644
--- a/_README
+++ b/_README
@@ -47,6 +47,10 @@ Patch: 1000_linux-5.0.1.patch
From: http://www.kernel.org
Desc: Linux 5.0.1
+Patch: 1001_linux-5.0.2.patch
+From: http://www.kernel.org
+Desc: Linux 5.0.2
+
Patch: 1500_XATTR_USER_PREFIX.patch
From: https://bugs.gentoo.org/show_bug.cgi?id=470644
Desc: Support for namespace user.pax.* on tmpfs.
diff --git a/1001_linux-5.0.2.patch b/1001_linux-5.0.2.patch
new file mode 100644
index 000..4fcf3cb
--- /dev/null
+++ b/1001_linux-5.0.2.patch
@@ -0,0 +1,1235 @@
+diff --git a/Makefile b/Makefile
+index 3cd7163fe164..bb2f7664594a 100644
+--- a/Makefile
b/Makefile
+@@ -1,7 +1,7 @@
+ # SPDX-License-Identifier: GPL-2.0
+ VERSION = 5
+ PATCHLEVEL = 0
+-SUBLEVEL = 1
++SUBLEVEL = 2
+ EXTRAVERSION =
+ NAME = Shy Crocodile
+
+diff --git a/arch/arm/boot/dts/exynos3250.dtsi
b/arch/arm/boot/dts/exynos3250.dtsi
+index 608d17454179..5892a9f7622f 100644
+--- a/arch/arm/boot/dts/exynos3250.dtsi
b/arch/arm/boot/dts/exynos3250.dtsi
+@@ -168,6 +168,9 @@
+ interrupt-controller;
+ #interrupt-cells = <3>;
+ interrupt-parent = <&gic>;
++ clock-names = "clkout8";
++ clocks = <&cmu CLK_FIN_PLL>;
++ #clock-cells = <1>;
+ };
+
+ mipi_phy: video-phy {
+diff --git a/arch/arm/boot/dts/exynos4412-odroid-common.dtsi
b/arch/arm/boot/dts/exynos4412-odroid-common.dtsi
+index 3a9eb1e91c45..8a64c4e8c474 100644
+--- a/arch/arm/boot/dts/exynos4412-odroid-common.dtsi
b/arch/arm/boot/dts/exynos4412-odroid-common.dtsi
+@@ -49,7 +49,7 @@
+ };
+
+ emmc_pwrseq: pwrseq {
+- pinctrl-0 = <&sd1_cd>;
++ pinctrl-0 = <&emmc_rstn>;
+ pinctrl-names = "default";
+ compatible = "mmc-pwrseq-emmc";
+ reset-gpios = <&gpk1 2 GPIO_ACTIVE_LOW>;
+@@ -165,12 +165,6 @@
+ cpu0-supply = <&buck2_reg>;
+ };
+
+-/* RSTN signal for eMMC */
+-&sd1_cd {
+- samsung,pin-pud = ;
+- samsung,pin-drv = ;
+-};
+-
+ &pinctrl_1 {
+ gpio_power_key: power_key {
+ samsung,pins = "gpx1-3";
+@@ -188,6 +182,11 @@
+ samsung,pins = "gpx3-7";
+ samsung,pin-pud = ;
+ };
++
++ emmc_rstn: emmc-rstn {
++ samsung,pins = "gpk1-2";
++ samsung,pin-pud = ;
++ };
+ };
+
+ &ehci {
+diff --git a/arch/arm/boot/dts/exynos5422-odroid-core.dtsi
b/arch/arm/boot/dts/exynos5422-odroid-core.dtsi
+index bf09eab90f8a..6bf3661293ee 100644
+--- a/arch/arm/boot/dts/exynos5422-odroid-core.dtsi
b/arch/arm/boot/dts/exynos5422-odroid-core.dtsi
+@@ -468,7 +468,7 @@
+ buck8_reg: BUCK8 {
+ regulator-name = "vdd_1.8v_ldo";
+ regulator-min-microvolt = <80>;
+- regulator-max-microvolt = <150>;
++ regulator-max-microvolt = <200>;
+ regulator-always-on;
+ regulator-boot-on;
+ };
+diff --git a/arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts
b/arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts
+index 610235028cc7..c14205cd6bf5 100644
+--- a/arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts
b/arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts
+@@ -118,6 +118,7 @@
+ reset-gpios = <&gpio0 5 GPIO_ACTIVE_LOW>;
+ clocks = <&pmic>;
+ clock-names = "ext_clock";
++ post-power-on-delay-ms = <10>;
+ power-off-delay-us = <10>;
+ };
+
+@@ -300,7 +301,6 @@
+
+ dwmmc_0: dwmmc0@f723d000 {
+ cap-mmc-highspeed;
+- mmc-hs200-1_8v;
+ non-removable;
+ bus-width = <0x8>;
+ vmmc-supply = <&ldo19>;
+diff --git a/arch/arm64/boot/dts/xilinx/zynqmp-zcu100-revC.dts
b/arch/arm64/boot/dts/xilinx/zynqmp-zcu100-revC.dts
+index 13a0a028df98..e5699d0d91e4 100644
+--- a/arch/arm64/boot/dts/xilinx/zynqmp-zcu100-revC.dts
b/arch/arm64/boot/dts/xilinx/zynqmp-zcu100-revC.dts
+@@ -101,6 +101,7 @@
+ sdio_pwrseq: sdio-pwrseq {
+ compatible = "mmc-pwrseq-simple";
+ reset-gpios = <&gpio 7 GPIO_ACTI
[gentoo-commits] proj/linux-patches:5.0 commit in: /
commit: 2abc69ce98210c0192dfce305815bdbd671e2d7c
Author: Mike Pagano gentoo org>
AuthorDate: Sun Mar 10 14:12:03 2019 +
Commit: Mike Pagano gentoo org>
CommitDate: Sun Mar 10 14:12:03 2019 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=2abc69ce
proj/linux-patches: Linux patch 5.0.1
Signed-off-by: Mike Pagano gentoo.org>
_README|4 +
1000_linux-5.0.1.patch | 2134
2 files changed, 2138 insertions(+)
diff --git a/_README b/_README
index 225fb97..99e0bb6 100644
--- a/_README
+++ b/_README
@@ -43,6 +43,10 @@ EXPERIMENTAL
Individual Patch Descriptions:
--
+Patch: 1000_linux-5.0.1.patch
+From: http://www.kernel.org
+Desc: Linux 5.0.1
+
Patch: 1500_XATTR_USER_PREFIX.patch
From: https://bugs.gentoo.org/show_bug.cgi?id=470644
Desc: Support for namespace user.pax.* on tmpfs.
diff --git a/1000_linux-5.0.1.patch b/1000_linux-5.0.1.patch
new file mode 100644
index 000..1a45071
--- /dev/null
+++ b/1000_linux-5.0.1.patch
@@ -0,0 +1,2134 @@
+diff --git a/Makefile b/Makefile
+index d5713e7b1e506..3cd7163fe1646 100644
+--- a/Makefile
b/Makefile
+@@ -1,7 +1,7 @@
+ # SPDX-License-Identifier: GPL-2.0
+ VERSION = 5
+ PATCHLEVEL = 0
+-SUBLEVEL = 0
++SUBLEVEL = 1
+ EXTRAVERSION =
+ NAME = Shy Crocodile
+
+diff --git a/arch/alpha/kernel/syscalls/syscall.tbl
b/arch/alpha/kernel/syscalls/syscall.tbl
+index 7b56a53be5e30..e09558edae73a 100644
+--- a/arch/alpha/kernel/syscalls/syscall.tbl
b/arch/alpha/kernel/syscalls/syscall.tbl
+@@ -451,3 +451,4 @@
+ 520 common preadv2 sys_preadv2
+ 521 common pwritev2sys_pwritev2
+ 522 common statx sys_statx
++523 common io_pgetevents sys_io_pgetevents
+diff --git a/arch/mips/kernel/irq.c b/arch/mips/kernel/irq.c
+index ba150c755fcce..85b6c60f285d2 100644
+--- a/arch/mips/kernel/irq.c
b/arch/mips/kernel/irq.c
+@@ -52,6 +52,7 @@ asmlinkage void spurious_interrupt(void)
+ void __init init_IRQ(void)
+ {
+ int i;
++ unsigned int order = get_order(IRQ_STACK_SIZE);
+
+ for (i = 0; i < NR_IRQS; i++)
+ irq_set_noprobe(i);
+@@ -62,8 +63,7 @@ void __init init_IRQ(void)
+ arch_init_irq();
+
+ for_each_possible_cpu(i) {
+- int irq_pages = IRQ_STACK_SIZE / PAGE_SIZE;
+- void *s = (void *)__get_free_pages(GFP_KERNEL, irq_pages);
++ void *s = (void *)__get_free_pages(GFP_KERNEL, order);
+
+ irq_stack[i] = s;
+ pr_debug("CPU%d IRQ stack at 0x%p - 0x%p\n", i,
+diff --git a/arch/x86/boot/compressed/pgtable_64.c
b/arch/x86/boot/compressed/pgtable_64.c
+index 9e21573714910..f8debf7aeb4c1 100644
+--- a/arch/x86/boot/compressed/pgtable_64.c
b/arch/x86/boot/compressed/pgtable_64.c
+@@ -1,5 +1,7 @@
++#include
+ #include
+ #include
++#include
+ #include "pgtable.h"
+ #include "../string.h"
+
+@@ -37,9 +39,10 @@ int cmdline_find_option_bool(const char *option);
+
+ static unsigned long find_trampoline_placement(void)
+ {
+- unsigned long bios_start, ebda_start;
++ unsigned long bios_start = 0, ebda_start = 0;
+ unsigned long trampoline_start;
+ struct boot_e820_entry *entry;
++ char *signature;
+ int i;
+
+ /*
+@@ -47,8 +50,18 @@ static unsigned long find_trampoline_placement(void)
+* This code is based on reserve_bios_regions().
+*/
+
+- ebda_start = *(unsigned short *)0x40e << 4;
+- bios_start = *(unsigned short *)0x413 << 10;
++ /*
++ * EFI systems may not provide legacy ROM. The memory may not be mapped
++ * at all.
++ *
++ * Only look for values in the legacy ROM for non-EFI system.
++ */
++ signature = (char *)&boot_params->efi_info.efi_loader_signature;
++ if (strncmp(signature, EFI32_LOADER_SIGNATURE, 4) &&
++ strncmp(signature, EFI64_LOADER_SIGNATURE, 4)) {
++ ebda_start = *(unsigned short *)0x40e << 4;
++ bios_start = *(unsigned short *)0x413 << 10;
++ }
+
+ if (bios_start < BIOS_START_MIN || bios_start > BIOS_START_MAX)
+ bios_start = BIOS_START_MAX;
+diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
+index 69f6bbb41be0b..01004bfb1a1bc 100644
+--- a/arch/x86/kernel/cpu/amd.c
b/arch/x86/kernel/cpu/amd.c
+@@ -819,11 +819,9 @@ static void init_amd_bd(struct cpuinfo_x86 *c)
+ static void init_amd_zn(struct cpuinfo_x86 *c)
+ {
+ set_cpu_cap(c, X86_FEATURE_ZEN);
+- /*
+- * Fix erratum 1076: CPB feature bit not being set in CPUID. It affects
+- * all up to and including B1.
+- */
+- if (c->x86_model <= 1 && c->x86_stepping <= 1)
++
++ /* Fix erratum 1076: CPB feature bit not being set in CPUID. */
++ if (!cpu_has(
[gentoo-commits] proj/linux-patches:5.0 commit in: /
commit: 64ef0319a05b7c75548b7394bf827605777a684a
Author: Mike Pagano gentoo org>
AuthorDate: Fri Mar 8 14:36:09 2019 +
Commit: Mike Pagano gentoo org>
CommitDate: Fri Mar 8 14:36:09 2019 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=64ef0319
proj/linux-kernel: netfilter: nf_tables: fix set double-free in abort path
Signed-off-by: Mike Pagano gentoo.org>
_README| 4 +
..._tables-fix-set-double-free-in-abort-path.patch | 110 +
2 files changed, 114 insertions(+)
diff --git a/_README b/_README
index cfba4e3..225fb97 100644
--- a/_README
+++ b/_README
@@ -59,6 +59,10 @@ Patch: 2600_enable-key-swapping-for-apple-mac.patch
From: https://github.com/free5lot/hid-apple-patched
Desc: This hid-apple patch enables swapping of the FN and left Control keys
and some additional on some apple keyboards. See bug #622902
+Patch: 2900_netfilter-patch-nf_tables-fix-set-double-free-in-abort-path.patch
+From: https://www.spinics.net/lists/netfilter-devel/msg58466.html
+Desc: netfilter: nf_tables: fix set double-free in abort path
+
Patch: 4567_distro-Gentoo-Kconfig.patch
From: Tom Wijsman
Desc: Add Gentoo Linux support config settings and defaults.
diff --git
a/2900_netfilter-patch-nf_tables-fix-set-double-free-in-abort-path.patch
b/2900_netfilter-patch-nf_tables-fix-set-double-free-in-abort-path.patch
new file mode 100644
index 000..8a126bf
--- /dev/null
+++ b/2900_netfilter-patch-nf_tables-fix-set-double-free-in-abort-path.patch
@@ -0,0 +1,110 @@
+From: Florian Westphal
+To:
+Cc: k...@plushkava.net, Florian Westphal
+Subject: [PATCH nf] netfilter: nf_tables: fix set double-free in abort path
+Date: Thu, 7 Mar 2019 20:30:41 +0100
+X-Mailer: git-send-email 2.19.2
+
+The abort path can cause a double-free of an (anon) set.
+
+Added-and-to-be-aborted rule looks like this:
+
+udp dport { 137, 138 } drop
+
+The to-be-aborted transaction list looks like this:
+newset
+newsetelem
+newsetelem
+rule
+
+This gets walked in reverse order, so first pass disables
+the rule, the set elements, then the set.
+
+After synchronize_rcu(), we then destroy those in same order:
+rule, set element, set element, newset.
+
+Problem is that the (anon) set has already been bound to the rule,
+so the rule (lookup expression destructor) already frees the set,
+when then cause use-after-free when trying to delete the elements
+from this set, then try to free the set again when handling the
+newset expression.
+
+To resolve this, check in first phase if the newset is bound already.
+If so, remove the newset transaction from the list, rule destructor
+will handle cleanup.
+
+This is still causes the use-after-free on set element removal.
+To handle this, move all affected set elements to a extra list
+and process it first.
+
+This forces strict 'destroy elements, then set' ordering.
+
+Fixes: f6ac8585897684 ("netfilter: nf_tables: unbind set in rule from commit
path")
+Bugzilla: https://bugzilla.netfilter.org/show_bug.cgi?id=1325
+Signed-off-by: Florian Westphal
+
+--- a/net/netfilter/nf_tables_api.c2019-03-07 21:49:45.776492810 -
b/net/netfilter/nf_tables_api.c2019-03-07 21:49:57.067493081 -
+@@ -6634,10 +6634,39 @@ static void nf_tables_abort_release(stru
+ kfree(trans);
+ }
+
++static void __nf_tables_newset_abort(struct net *net,
++ struct nft_trans *set_trans,
++ struct list_head *set_elements)
++{
++ const struct nft_set *set = nft_trans_set(set_trans);
++ struct nft_trans *trans, *next;
++
++ if (!nft_trans_set_bound(set_trans))
++ return;
++
++ /* When abort is in progress, NFT_MSG_NEWRULE will remove the
++ * set if its bound, so we need to remove the NEWSET transaction,
++ * else the set is released twice. NEWSETELEM need to be moved
++ * to special list to ensure 'free elements, then set' ordering.
++ */
++ list_for_each_entry_safe_reverse(trans, next,
++ &net->nft.commit_list, list) {
++ if (trans == set_trans)
++ break;
++
++ if (trans->msg_type == NFT_MSG_NEWSETELEM &&
++ nft_trans_set(trans) == set)
++ list_move(&trans->list, set_elements);
++ }
++
++ nft_trans_destroy(set_trans);
++}
++
+ static int __nf_tables_abort(struct net *net)
+ {
+ struct nft_trans *trans, *next;
+ struct nft_trans_elem *te;
++ LIST_HEAD(set_elements);
+
+ list_for_each_entry_safe_reverse(trans, next, &net->nft.commit_list,
+list) {
+@@ -6693,6 +6722,8 @@ static int __nf_tables_abort(struct net
+ trans->ctx.table->use--;
+ if (!nft_trans_set_bound(trans))
+ list_del_rcu(&
[gentoo-commits] proj/linux-patches:5.0 commit in: /
commit: d16eb045481cbdffea00353726477d5e2b5d901e Author: Mike Pagano gentoo org> AuthorDate: Mon Mar 4 13:15:41 2019 + Commit: Mike Pagano gentoo org> CommitDate: Mon Mar 4 13:15:41 2019 + URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=d16eb045 proj/linux-patches: CPU Opt patch for gcc >= v8 Kernel patch for >= gccv8 enables kernel >= v4.13 optimizations for additional CPUs. Signed-off-by: Mike Pagano gentoo.org> _README | 4 + 5011_enable-cpu-optimizations-for-gcc8.patch | 569 +++ 2 files changed, 573 insertions(+) diff --git a/_README b/_README index 44c405c..cfba4e3 100644 --- a/_README +++ b/_README @@ -66,3 +66,7 @@ Desc: Add Gentoo Linux support config settings and defaults. Patch: 5010_enable-additional-cpu-optimizations-for-gcc-4.9.patch From: https://github.com/graysky2/kernel_gcc_patch/ Desc: Kernel patch enables gcc >= v4.13 optimizations for additional CPUs. + +Patch: 5011_enable-cpu-optimizations-for-gcc8.patch +From: https://github.com/graysky2/kernel_gcc_patch/ +Desc: Kernel patch for >= gccv8 enables kernel >= v4.13 optimizations for additional CPUs. diff --git a/5011_enable-cpu-optimizations-for-gcc8.patch b/5011_enable-cpu-optimizations-for-gcc8.patch new file mode 100644 index 000..bfd2065 --- /dev/null +++ b/5011_enable-cpu-optimizations-for-gcc8.patch @@ -0,0 +1,569 @@ +WARNING +This patch works with gcc versions 8.1+ and with kernel version 4.13+ and should +NOT be applied when compiling on older versions of gcc due to key name changes +of the march flags introduced with the version 4.9 release of gcc.[1] + +Use the older version of this patch hosted on the same github for older +versions of gcc. + +FEATURES +This patch adds additional CPU options to the Linux kernel accessible under: + Processor type and features ---> + Processor family ---> + +The expanded microarchitectures include: +* AMD Improved K8-family +* AMD K10-family +* AMD Family 10h (Barcelona) +* AMD Family 14h (Bobcat) +* AMD Family 16h (Jaguar) +* AMD Family 15h (Bulldozer) +* AMD Family 15h (Piledriver) +* AMD Family 15h (Steamroller) +* AMD Family 15h (Excavator) +* AMD Family 17h (Zen) +* Intel Silvermont low-power processors +* Intel 1st Gen Core i3/i5/i7 (Nehalem) +* Intel 1.5 Gen Core i3/i5/i7 (Westmere) +* Intel 2nd Gen Core i3/i5/i7 (Sandybridge) +* Intel 3rd Gen Core i3/i5/i7 (Ivybridge) +* Intel 4th Gen Core i3/i5/i7 (Haswell) +* Intel 5th Gen Core i3/i5/i7 (Broadwell) +* Intel 6th Gen Core i3/i5/i7 (Skylake) +* Intel 6th Gen Core i7/i9 (Skylake X) +* Intel 8th Gen Core i3/i5/i7 (Cannon Lake) +* Intel 8th Gen Core i7/i9 (Ice Lake) + +It also offers to compile passing the 'native' option which, "selects the CPU +to generate code for at compilation time by determining the processor type of +the compiling machine. Using -march=native enables all instruction subsets +supported by the local machine and will produce code optimized for the local +machine under the constraints of the selected instruction set."[3] + +MINOR NOTES +This patch also changes 'atom' to 'bonnell' in accordance with the gcc v4.9 +changes. Note that upstream is using the deprecated 'match=atom' flags when I +believe it should use the newer 'march=bonnell' flag for atom processors.[2] + +It is not recommended to compile on Atom-CPUs with the 'native' option.[4] The +recommendation is to use the 'atom' option instead. + +BENEFITS +Small but real speed increases are measurable using a make endpoint comparing +a generic kernel to one built with one of the respective microarchs. + +See the following experimental evidence supporting this statement: +https://github.com/graysky2/kernel_gcc_patch + +REQUIREMENTS +linux version >=4.20 +gcc version >=8.1 + +ACKNOWLEDGMENTS +This patch builds on the seminal work by Jeroen.[5] + +REFERENCES +1. https://gcc.gnu.org/gcc-4.9/changes.html +2. https://bugzilla.kernel.org/show_bug.cgi?id=77461 +3. https://gcc.gnu.org/onlinedocs/gcc/x86-Options.html +4. https://github.com/graysky2/kernel_gcc_patch/issues/15 +5. http://www.linuxforge.net/docs/linux/linux-gcc.php + +--- a/arch/x86/Makefile_32.cpu 2019-02-22 09:22:03.426937735 -0500 b/arch/x86/Makefile_32.cpu 2019-02-22 09:37:58.680968580 -0500 +@@ -23,7 +23,18 @@ cflags-$(CONFIG_MK6)+= -march=k6 + # Please note, that patches that add -march=athlon-xp and friends are pointless. + # They make zero difference whatsosever to performance at this time. + cflags-$(CONFIG_MK7) += -march=athlon ++cflags-$(CONFIG_MNATIVE) += $(call cc-option,-march=native) + cflags-$(CONFIG_MK8) += $(call cc-option,-march=k8,-march=athlon) ++cflags-$(CONFIG_MK8SSE3) += $(call cc-option,-march=k8-sse3,-march=athlon) ++cflags-$(CONFIG_MK10) += $(call cc-option,-march=amdfam10,-march=athlon) ++cflags-$(CONFIG_MBARCELONA) += $(call cc-option,-march=barcelona,-march=athlon) ++cfl
[gentoo-commits] proj/linux-patches:5.0 commit in: /
commit: 216fdd655adbbeeff9a96eb6dd5c9fee223c9add Author: Mike Pagano gentoo org> AuthorDate: Mon Mar 4 13:10:52 2019 + Commit: Mike Pagano gentoo org> CommitDate: Mon Mar 4 13:10:52 2019 + URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=216fdd65 proj/linux-patches: Rename cpu opt patch for gcc > v8 Signed-off-by: Mike Pagano gentoo.org> _README | 2 +- patch => 5010_enable-additional-cpu-optimizations-for-gcc-4.9.patch | 0 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/_README b/_README index b37d2a4..44c405c 100644 --- a/_README +++ b/_README @@ -63,6 +63,6 @@ Patch: 4567_distro-Gentoo-Kconfig.patch From: Tom Wijsman Desc: Add Gentoo Linux support config settings and defaults. -Patch: 5010_enable-additional-cpu-optimizations-for-gcc.patch +Patch: 5010_enable-additional-cpu-optimizations-for-gcc-4.9.patch From: https://github.com/graysky2/kernel_gcc_patch/ Desc: Kernel patch enables gcc >= v4.13 optimizations for additional CPUs. diff --git a/5010_enable-additional-cpu-optimizations-for-gcc.patch b/5010_enable-additional-cpu-optimizations-for-gcc-4.9.patch similarity index 100% rename from 5010_enable-additional-cpu-optimizations-for-gcc.patch rename to 5010_enable-additional-cpu-optimizations-for-gcc-4.9.patch
