summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Hugh Dickins [Mon, 23 Jun 2014 20:22:06 +0000 (13:22 -0700)]
shmem: fix faulting into a hole while it's punched
Trinity finds that mmap access to a hole while it's punched from shmem
can prevent the madvise(MADV_REMOVE) or fallocate(FALLOC_FL_PUNCH_HOLE)
from completing, until the reader chooses to stop; with the puncher's
hold on i_mutex locking out all other writers until it can complete.
It appears that the tmpfs fault path is too light in comparison with its
hole-punching path, lacking an i_data_sem to obstruct it; but we don't
want to slow down the common case.
Extend shmem_fallocate()'s existing range notification mechanism, so
shmem_fault() can refrain from faulting pages into the hole while it's
punched, waiting instead on i_mutex (when safe to sleep; or repeatedly
faulting when not).
Change-Id: Id13942943b4e95b7d5349dc0e28576a819ff5cd9
[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Hugh Dickins <hughd@google.com>
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Tested-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Dave Jones <davej@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Thomas Gleixner [Tue, 3 Jun 2014 12:27:07 +0000 (12:27 +0000)]
futex: Always cleanup owner tid in unlock_pi
If the owner died bit is set at futex_unlock_pi, we currently do not
cleanup the user space futex. So the owner TID of the current owner
(the unlocker) persists. That's observable inconsistant state,
especially when the ownership of the pi state got transferred.
Clean it up unconditionally.
Change-Id: I58d7961bf7daf477261a73a4f9c3122ed1661e1d
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Kees Cook <keescook@chromium.org>
Cc: Will Drewry <wad@chromium.org>
Cc: Darren Hart <dvhart@linux.intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Thomas Gleixner [Tue, 3 Jun 2014 12:27:06 +0000 (12:27 +0000)]
futex: Validate atomic acquisition in futex_lock_pi_atomic()
We need to protect the atomic acquisition in the kernel against rogue
user space which sets the user space futex to 0, so the kernel side
acquisition succeeds while there is existing state in the kernel
associated to the real owner.
Verify whether the futex has waiters associated with kernel state. If
it has, return -EINVAL. The state is corrupted already, so no point in
cleaning it up. Subsequent calls will fail as well. Not our problem.
[ tglx: Use futex_top_waiter() and explain why we do not need to try
restoring the already corrupted user space state. ]
Change-Id: I5eb84a6483b6e2ddeac70e9b82e69b63af45b189
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Will Drewry <wad@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Thomas Gleixner [Tue, 3 Jun 2014 12:27:06 +0000 (12:27 +0000)]
futex-prevent-requeue-pi-on-same-futex.patch futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1)
If uaddr == uaddr2, then we have broken the rule of only requeueing from
a non-pi futex to a pi futex with this call. If we attempt this, then
dangling pointers may be left for rt_waiter resulting in an exploitable
condition.
This change brings futex_requeue() in line with futex_wait_requeue_pi()
which performs the same check as per commit
6f7b0a2a5c0f ("futex: Forbid
uaddr == uaddr2 in futex_wait_requeue_pi()")
[ tglx: Compare the resulting keys as well, as uaddrs might be
different depending on the mapping ]
Fixes CVE-2014-3153.
Change-Id: Iafff40ab2d0cbe0b02c93a8819a9b7762c9411ab
Reported-by: Pinkie Pie
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Eric W. Biederman [Fri, 5 Dec 2014 23:51:47 +0000 (17:51 -0600)]
userns: Document what the invariant required for safe unprivileged mappings.
The rule is simple. Don't allow anything that wouldn't be allowed
without unprivileged mappings.
It was previously overlooked that establishing gid mappings would
allow dropping groups and potentially gaining permission to files and
directories that had lesser permissions for a specific group than for
all other users.
This is the rule needed to fix CVE-2014-8989 and prevent any other
security issues with new_idmap_permitted.
The reason for this rule is that the unix permission model is old and
there are programs out there somewhere that take advantage of every
little corner of it. So allowing a uid or gid mapping to be
established without privielge that would allow anything that would not
be allowed without that mapping will result in expectations from some
code somewhere being violated. Violated expectations about the
behavior of the OS is a long way to say a security issue.
Change-Id: Ie743d87b8f02dc5911cc125fcdf8210405007543
Cc: stable@vger.kernel.org
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Jan Kara [Mon, 15 Dec 2014 13:22:46 +0000 (14:22 +0100)]
isofs: Fix infinite looping over CE entries
Rock Ridge extensions define so called Continuation Entries (CE) which
define where is further space with Rock Ridge data. Corrupted isofs
image can contain arbitrarily long chain of these, including a one
containing loop and thus causing kernel to end in an infinite loop when
traversing these entries.
Limit the traversal to 32 entries which should be more than enough space
to store all the Rock Ridge data.
Change-Id: Ib9c0ad1281516e6e1704dfbe3b0923023e1b912f
Reported-by: P J P <ppandit@redhat.com>
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Sasha Levin [Mon, 29 Dec 2014 14:39:01 +0000 (09:39 -0500)]
KEYS: close race between key lookup and freeing
When a key is being garbage collected, it's key->user would get put before
the ->destroy() callback is called, where the key is removed from it's
respective tracking structures.
This leaves a key hanging in a semi-invalid state which leaves a window open
for a different task to try an access key->user. An example is
find_keyring_by_name() which would dereference key->user for a key that is
in the process of being garbage collected (where key->user was freed but
->destroy() wasn't called yet - so it's still present in the linked list).
This would cause either a panic, or corrupt memory.
Fixes CVE-2014-9529.
Change-Id: I4c1cc8767e6d9c7d154e5f6fca708c29068fc16d
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
jinhyung.jo [Tue, 24 Feb 2015 09:08:38 +0000 (18:08 +0900)]
build: package version up (2.0.27)
Change-Id: I8ee29457e49dc88a29641288b1688ae422f6dd81
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
Vasiliy Ulyanov [Thu, 29 Jan 2015 10:10:17 +0000 (13:10 +0300)]
VIGS: workaround for qHD (540x960) video mode
Horizontal resolution was rounded up to 544 (GTF algorithm). It was
causing wrong rendering on emulator (black screen).
Change-Id: I71668858cb31f0c87231c876cdb184dc70798326
Signed-off-by: Vasiliy Ulyanov <v.ulyanov@samsung.com>
(cherry picked from commit
799cd07680dab4018a9f2b6f32c9f927e9442b3f)
Jinhyung Choi [Mon, 9 Feb 2015 06:25:57 +0000 (15:25 +0900)]
build: package version up (2.0.26)
Change-Id: Ie8ef3dc0a167ba34bb8de49602206ac2d26b78d2
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Mon, 9 Feb 2015 06:24:48 +0000 (15:24 +0900)]
evdi: WA - support mobile profile (emuld connection)
Change-Id: I2454471e9b70d35fdb2b200fd35b6669a23a7f64
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Fri, 23 Jan 2015 04:57:56 +0000 (13:57 +0900)]
build: package version up (2.0.25)
Change-Id: I71ace9b3e371a521866eacfb57de1083ac5bab0c
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Fri, 23 Jan 2015 04:54:28 +0000 (13:54 +0900)]
Revert "x86: enable smp feature"
This reverts commit
e2a44b7b46b136635064b73d1bf578db5bc891f5.
Change-Id: I31027ce5791df9861a9f368bc3742ad7d9e0aaac
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
jinhyung.jo [Thu, 22 Jan 2015 07:22:06 +0000 (16:22 +0900)]
build: package versio up (2.0.24)
version up to 2.0.24
Change-Id: I84d059b70a22778a6495fb8aadd332291419fd9f
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
jinhyung.jo [Thu, 22 Jan 2015 07:18:40 +0000 (16:18 +0900)]
rotary: changed the name of rotary device
chaneged to tizen_rotary
Change-Id: I8d215aaa1271152e26070ee3414d011a2e05615a
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
Sangho Park [Tue, 13 Jan 2015 09:14:51 +0000 (18:14 +0900)]
Merge "x86: enable smp feature" into wearable_o
Kitae Kim [Thu, 8 Jan 2015 08:37:21 +0000 (17:37 +0900)]
x86: enable smp feature
Change-Id: Ifea2a404bfca15088b5f74bd33a3b4cc080a574a
Signed-off-by: Kitae Kim <kt920.kim@samsung.com>
Jinhyung Choi [Thu, 8 Jan 2015 08:50:31 +0000 (17:50 +0900)]
build: package version up (2.0.23)
Change-Id: Ia9cbeb41523d11e8bfee11eba7dd96607513754c
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Sun, 28 Dec 2014 03:07:51 +0000 (12:07 +0900)]
evdi: added IOCTL for booting done log
Change-Id: I08bc0f9ff1122efc84925c0af60d359c881a8ac1
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
jinhyung.jo [Wed, 7 Jan 2015 08:16:02 +0000 (17:16 +0900)]
build: package version up (2.0.22)
Change-Id: Ib37852dc528dd6484351256a9f4158180ccb23cf
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
jinhyung.jo [Wed, 7 Jan 2015 08:05:15 +0000 (17:05 +0900)]
rotary: changed the name of rotary device
virtio-rotary to sec_rotary
requires a fixed name, 'sec_rotary', in evdev(xinput driver)
Change-Id: I46067d890533103e4c693af6d432c97841386e58
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
jinhyung.jo [Wed, 7 Jan 2015 05:44:39 +0000 (14:44 +0900)]
build: package version up (2.0.21)
Change-Id: Ia1f09dc083203a647584e0e59da7aa0c8c5ee7ab
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
jinhyung.jo [Wed, 7 Jan 2015 05:43:25 +0000 (14:43 +0900)]
Revert "[PATCH] Fix a bidirectional UDS connect check"
This reverts commit
8ae491dbc8264a93a0d3a50d211f16b4750a1e8d.
Change-Id: I538fd055b6578ebcb1f295bf1a5c14909df01502
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
Jinhyung Choi [Tue, 6 Jan 2015 08:11:22 +0000 (17:11 +0900)]
build: package version up (2.0.20)
Change-Id: I78ab097565ac5e3a1570d9735811df34f1c08d5d
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
Jinhyung Choi [Mon, 5 Jan 2015 13:26:03 +0000 (22:26 +0900)]
evdi: removed emuld connection nofication.
- The connection message is sent by emuld.
Change-Id: I3d40c422c44e74bdf79b86e6ffe7c1ebe2e1a653
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
jinhyung.jo [Tue, 30 Dec 2014 10:12:06 +0000 (19:12 +0900)]
build: package version up (2.0.19)
Change-Id: I911fe1cc928608ef4f28ae1076a45ea786709857
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
jinhyung.jo [Tue, 30 Dec 2014 10:09:49 +0000 (19:09 +0900)]
rotary: Added a new device driver
Added a new device driver for the rotary device
Change-Id: I8a388a1b40315a47e60dbf00f17ad0ad69d8414c
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
jinhyung.jo [Tue, 30 Dec 2014 06:55:05 +0000 (15:55 +0900)]
build: package version up (2.0.18)
Change-Id: I255ebb167f789cc6d907ce9ca6aee1e485e07385
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
Zbigniew Jasinski [Tue, 30 Dec 2014 06:37:15 +0000 (15:37 +0900)]
[PATCH] Fix a bidirectional UDS connect check
The
54e70ec5eb090193b03e69d551fa6771a5a217c4 commit introduced a
bidirectional check that should have checked for mutual WRITE access
between two labels. Due to a typo subject's OUT label is checked with
object's OUT. Should be OUT to IN.
Change-Id: I99a51b2ed49404eea77ee0c01364d626933aaf00
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Sangho Park [Thu, 13 Nov 2014 07:54:26 +0000 (16:54 +0900)]
sync: source sync with latest codes
source code copy from rsa tizen_2.3 branch
origin-id is
5624649a71a9e6c392cb930886f2caa4c49b2ef6
Change-Id: I392ad2784cec8c7d47fd3da95d4fb85efb97cdf6
Signed-off-by: Sangho Park <sangho1206.park@samsung.com>
Sehong Na [Sat, 31 May 2014 03:39:21 +0000 (12:39 +0900)]
Initialize Tizen 2.3
projects / sdk / emulator / emulator-kernel.git / log