Skip to content

L
linux
Switch branch/tag
  1. 20 Jun, 2017 8 commits
    • Shrirang Bagul's avatar
      UBUNTU: SAUCE: Redpine: Upgrade to ver. 1.2.RC9 · 0adedf2a
      Shrirang Bagul authored 
      BugLink: https://bugs.launchpad.net/bugs/1690498

Vendor release ver: 1.2.RC9

Changelog:

1.2.RC9 -
    WLAN Bug Fixes:
    ---------------
    1) BT reset added before going to S3/S4/S5 sleep when WoWLAN is enabled.
    2) Station connection check before going to S3/S4/S5 sleep removed.

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) S5 with WoWLAN does not work.
    2) For GTK rekey, wakeup trigger send to host.

    BT Limitations/Features NOT Supported:
    ----------------------------------------
    1) To connect multiple BT slaves, connection should be initiated
       from rsi module.
    2) In coex mode, BT file transfer fails at times with certain mobiles.

1.2.RC8 -
    WLAN Bug Fixes:
    ---------------
    1) Added power leak fixes for S4.
    2) S5 WoLAN issue resolved.
    3) Wakeup short pulse issue resolved.

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) S5 with WoWLAN does not work.
    2) For GTK rekey, wakeup trigger send to host.

    BT Limitations/Features NOT Supported:
    ----------------------------------------
    1) To connect multiple BT slaves, connection should be initiated
       from rsi module.
    2) In coex mode, BT file transfer fails at times with certain mobiles.

1.2.RC7 -
    WLAN Bug Fixes:
    ---------------
    1) Configured host wakeup pin as active low from driver.

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) S5 with WoWLAN does not work.
    2) For GTK rekey, wakeup trigger send to host.

    BT Limitations/Features NOT Supported:
    ----------------------------------------
    1) To connect multiple BT slaves, connection should be initiated
       from rsi module.
    2) In coex mode, BT file transfer fails at times with certain mobiles.

1.2.RC6 -
    WLAN Bug Fixes:
    ---------------
    1) AP data throughput issue resolved.
    2) Scan results issue resolved.

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) S5 with WoWLAN does not work.
    2) For GTK rekey, wakeup trigger send to host.

    BT Limitations/Features NOT Supported:
    ----------------------------------------
    1) To connect multiple BT slaves, connection should be initiated
       from rsi module.
    2) In coex mode, BT file transfer fails at times with certain mobiles.

1.2.RC4 -
    WLAN Bug Fixes:
    ---------------
    1) Buffer status interrupt handling improved.
    2) Scan results update in sta+bt dual mode issue resolved

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) S5 with WoWLAN does not work.
    2) For GTK rekey, wakeup trigger send to host.

    BT Limitations/Features NOT Supported:
    ----------------------------------------
    1) To connect multiple BT slaves, connection should be initiated
       from rsi module.
    2) In coex mode, BT file transfer fails at times with certain mobiles.

1.2.RC3 -
    WLAN Bug Fixes:
    ---------------
    1) WoWLAN multiple cycles issue resolved.
    2) Driver Version is correctly updated.
    3) Default operating mode for Caracalla board is corrected.

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) S5 with WoWLAN does not work.
    2) For GTK rekey, wakeup trigger send to host.

    BT New Features:
    ----------------
    1) Multiple slaves issue in WLAN-BT coex mode resolved.

    BT Limitations/Features NOT Supported:
    --------------------------------------
    1) To connect multiple BT slaves, connection should be initiated
       from rsi module.
    2) In coex mode, BT file transfer fails at times with certain mobiles.

1.2.RC2 -
    WLAN Bug Fixes:
    ---------------
    1) Suspend/resume issues resolved.

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) S5 with WoWLAN does not work.
    2) For GTK rekey, wakeup trigger send to host.
    3) EAP not tested

    BT Limitations/Features NOT Supported:
    --------------------------------------
    1) To connect multiple BT slaves, connection should be initiated
       from rsi module.
    2) In coex mode, BT file transfer fails at times with certain mobiles.

1.2.RC1 -
    WLAN New Features:
    ------------------
    1) Restrict functional modes as per device operating mode
    2) Default operating mode for Caracalla board is 13

    WLAN Bug Fixes:
    ---------------
    1) Driver oops issue if more than 4 clients try to connect in
       operating mode 14 resolved.
    2) Issue with connecting more than max clients and disconnection
       issue resolved.
    3) L2 test stop when wlan interface down issue resolved.
    4) Driver version corrected.

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) S5 with WoWLAN does not work.
    2) For GTK rekey, wakeup trigger send to host.
    3) EAP not tested
    4) For channels 12 and 13 in US region max TX power is coming 0 in
       beacons.

    BT Limitations/Features NOT Supported:
    ----------------------------------------
    1) To connect multiple BT slaves, connection should be initiated
       from rsi module.
    2) In coex mode, BT file transfer fails at times with certain
       mobiles.

1.1 -
    Generic
    -------
    1) Firmware file name is displayed along with version information.
       at the driver load time.
    2) Device operating mode is made available in the below files:
       /sys/module/rsi_sdio/parameters/dev_oper_mode
       /sys/module/rsi_usb/parameters/dev_oper_mode
    3) Wi-Fi BT radio sharing has been improved.

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) S5 with WoWLAN does not work.
    2) For GTK rekey, wakeup trigger send to host.
    3) EAP not tested
    4) For channels 12 and 13 in US region max TX power is coming 0 in beacons.

    BT Limitations/Features NOT Supported:
    --------------------------------------
    1) To connect multiple BT slaves, connection should be initiated from rsi module.
    2) In coex mode, BT file transfer fails at times with certain mobiles.

1.0.RC7 -
    Generic
    -------
    1) Driver version, Firmware version and operating mode information is displayed
       at the driver load time.
    2) Driver version is made available in the below files:
       /sys/module/rsi_91x/version
       /sys/module/rsi_sdio/version
       /sys/module/rsi_usb/version

    WLAN Bug Fixes:
    ---------------
    1) Power save latencies resolved

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) S5 with WoWLAN does not work.
    2) For GTK rekey, wakeup trigger send to host.
    3) EAP not tested

    BT Limitations/Features NOT Supported:
    --------------------------------------
    1) To connect multiple BT slaves, connection should be initiated from rsi module.
    2) In coex mode, BT file transfer fails at times with certain mobiles.

1.0 -
    WLAN New Features:
    ------------------
    1) Station mode
    2) All Security modes (WEP/WPA/WPA2)
    3) Station Power save (legacy and UAPSD)
    4) Bgscan and roaming
    5) External antenna selection
    6) Neighbour report request in RRM
    7) Regulatory (802)11d) support
    8) Management frame protection support (802)11w)
    9) Software RF-kill
    10) AP mode
    11) S3, S4 suspend and resume
    12) WoWLAN
    13) AP Power save
    14) Wi-Fi direct

    WLAN Bug Fixes:
    ---------------
    1) Allowed channels 12 and 13 in FCC region.
    2) For the allowed channels 12 and 13 in any region, power configuration
       updated as per Caracalla regulatory rules.

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) S5 with WoWLAN does not work.
    2) For GTK rekey, wakeup trigger send to host.
    3) EAP not tested

    BT New Features:
    ----------------
    1) BT EDR mode
    2) BT LE mode
    3) BT coex mode (All the coex modes))
    4) Multi-slave mode supported)

    BT Limitations/Features NOT Supported:
    ----------------------------------------
    1) To connect multiple BT slaves, connection should be initiated from rsi module.
    2) In coex mode, BT file transfer fails at times with certain mobiles.

1.0_RC3 -
    Gerenic:
    --------
    1) Device operating mode is changed as module parameter. Please check
       README or TRM on how to configure this while loading the modules.
    2) Max number of stations supported in Wi-Fi AP alone mode is 32, and AP +
       BT coex mode is 4.
    3) AP + BT-EDR + BLE support added.

    WLAN Bug Fixes:
    ---------------
    1) Bgscan probe request issue resolved.
    2) WoWLAN before association issue resolved.

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) S4 with and without WoWLAN works with the work-around implemented by Canonical.
    2) S5 with WoWLAN does not work.
    3) For GTK rekey, wakeup trigger send to host.
    4) EAP not tested
    5) To connect multiple BT slaves, connection should be initiated from rsi module.
    6) In coex mode, BT file transfer fails at times with certain mobiles.

    BT New Features:
    ----------------
    1) Multi-slave mode supported.

    BT Bug Fixes:
    -------------
    1) Radio sharing of coex modes improved.

1.0.RC2 -
    WLAN Bug Fixes:
    ---------------
    1) PVB preparation issue in AP mode resolved.

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) EAP not supported
    2) Issue while Resume in S4 with or without WoWLAN.
    3) S5 with WoWLAN does not work.
    4) For GTK rekey, wakeup trigger send to host.

    BT Bug Fixes:
    -------------
    1) BT dual mode disconnection issue resolved
    2) AP BT dual mode issue resolved

1.0_RC1 -
    WLAN Bug Fixes:
    ---------------
    1) WoWLAN in Co-ex mode issue resolved.
    2) AP beacon DTIM count update issue resolved.
    3) Firmware assertion (0x5d) in bgscan issue is resolved.

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) EAP not supported
    2) Issue while Resume in S4 with or without WoWLAN.
    3) S5 with WoWLAN does not work.
    4) For GTK rekey, wakeup trigger send to host.

0.9.8.5_RC6 -
    WLAN Bug Fixes:
    ---------------
    1) Firmware CRC check fail issue resolved
    2) Compilation fails on 4.10.1 kernel issue resolved
    3) BG scan issues resolved
    4) AP mode regulatory fixes
    5) WoWLAN issues resolved.

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) EAP not supported
    2) Issue while Resume in S4 with or without WoWLAN.
    3) S5 with WoWLAN does not work.
    4) For GTK rekey, wakeup trigger send to host.

0.9.8.5_RC4 -
    WLAN Bug Fixes:
    -------------------
    1) AP mode configuration in channels 12 and 13 for EU region issue resolved.
    2) Data latencies in AP mode issue resolved.
    3) Roaming issues resolved.
    4) AP WEP mode issue resolved.

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) EAP not supported
    2) Issue while Resume in S4 with or without WoWLAN.
    3) S5 with WoWLAN does not work.
    4) For GTK rekey, wakeup trigger send to host.
    5) WoWLAN does not work in WEP mode.

    Others:
    -------
    1) USB binds only to RS9113, let upstream kernel driver handle other RSI chips

0.9.8.5_RC3 -
    WLAN Bug Fixes:
    -------------------
    1) Power save issue in station mode (By default UAPSD is enabled on
    Caracalla board) fixed.
    2) WoWLAN with S3 issue resolved

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) EAP not supported
    2) Not verified removing SDIO interrupt polling
    3) S4/S5 sleep states not supported (with and without WoWLAN)

0.9.8.5_RC2 -
    WLAN Bug Fixes:
    -------------------
    1) Power save issue in station mode (By default UAPSD is enabled on
    Caracalla board) fixed.
    2) Firmware assert 0x71 (while doing bgscan) issue fixed.
    3) Keep alive functionality in station mode issue fixed.
    4) Data traffic stops when connected to multiple stations issue resolved
    5) WoWLAN not working issue is resolved

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) EAP not supported
    2) Not verified removing SDIO interrupt polling
    3) S4/S5 sleep states not supported (with and without WoWLAN)
    4) Wi-Fi direct testing is in progress

0.9.8.5_RC1 -
    WLAN Bug Fixes:
    -------------------
    1) Observed unicast probe requests during bgscan issue fixed
    2) Firmware assert 0x71 (while doing bgscan) issue fixed.
    3) Crash when doing rmmod while data traffic is going on issue resolved.
    4) Beacons stopped after 5 minutes of data traffic issue fixed.
    5) Keep alive functionality in station mode issue fixed
    6) 11n data rates issue in station mode resolved.

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) EAP not supported
    2) Not verified removing SDIO interrupt polling
    3) S4/S5 sleep states not supported (with.without WoWLAN)
    4) power save is not working consistently
    5) WoWLAN is not working consistently

0.9.8.3 -
    WLAN New Features:
    -----------------------------------------
    1) AP Mode
    2) S3, S4 suspend and resume
    3) WoWLAN [Testing in progress]

    WLAN Bug Fixes:
    -------------------
    1) First EAPOL drop issue is resolved
    2) Firmware Assert while roaming issue is resolved
       (Provide driver bgsan should be enabled along with supplicant bgscan)
    3) Roaming takes longer time issue is resolved
    4) Added polling support as a work-around for the SDIO interrupt issue
       on some platforms

    WLAN Limitations/Features NOT Supported:
    ----------------------------------------
    1) Wi-Fi Direct mode not supported
    2) EAP not supported
    3) SDIO interrupts are not being delivered to the 9113 driver
    4) In S4 state 9113 device gets reset but device isn't getting re-enumerated.
Signed-off-by: default avatarShrirang Bagul <shrirang.bagul@canonical.com>
Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
Acked-by: default avatarColin Ian King <colin.king@canonical.com>
Signed-off-by: default avatarThadeu Lima de Souza Cascardo <cascardo@canonical.com>
      0adedf2a
    • Colin Ian King's avatar
      UBUNTU:SAUCE: exec: ensure file system accounting in check_unsafe_exec is correct · d6572202
      Colin Ian King authored 
      BugLink: http://bugs.launchpad.net/bugs/1672819

There are two very race windows that need to be taken into consideration
when check_unsafe_exec  performs the file system accounting comparing the
number of fs->users against the number threads that share the same fs.

The first race can occur when a pthread creates a new pthread and the
the fs->users count is incremented before the new pthread is associated with
the pthread performing the exec. When this occurs, the pthread performing
the exec has flags with bit PF_FORKNOEXEC set.

The second race can occur when a pthread is terminating and the fs->users
count has been decremented by the pthread is still associated with the
pthread that is performing the exec. When this occurs, the pthread
peforming the exec has flags with bit PF_EXITING set.

This fix keeps track of any pthreads that may be in the race window
(when PF_FORKNOEXEC or PF_EXITING) are set and if the fs count does
not match the expected count we retry the count as we may have hit
this small race windows.  Tests on an 8 thread server with the
reproducer (see below) show that this retry occurs rarely, so the
overhead of the retry is very small.

Below is a reproducer of the race condition.

The bug manifests itself because the current check_unsafe_exec
hits this race and indicates it is not a safe exec, and the
exec'd suid program fails to setuid.

$ cat Makefile
ALL=a b
all: $(ALL)

a: LDFLAGS=-pthread

b: b.c
	$(CC) b.c -o b
	sudo chown root:root b
	sudo chmod u+s b

test:
	for I in $$(seq 1000); do echo $I; ./a ; done

clean:
	rm -vf $(ALL)

$ cat a.c

#include <stdio.h>
#include <unistd.h>
#include <pthread.h>
#include <sys/types.h>

void *nothing(void *p)
{
	return NULL;
}

void *target(void *p) {
	for (;;) {
		pthread_t t;
		if (pthread_create(&t, NULL, nothing, NULL) == 0)
			pthread_join(t, NULL);
    	}
	return NULL;
}

int main(void)
{
	struct timespec tv;
	int i;

	for (i = 0; i < 10; i++) {
		pthread_t t;
		pthread_create(&t, NULL, target, NULL);
	}
	tv.tv_sec = 0;
	tv.tv_nsec = 100000;
	nanosleep(&tv, NULL);
	if (execl("./b", "./b", NULL) < 0)
		perror("execl");
	return 0;
}

$ cat b.c

#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>

int main(void)
{
	const uid_t euid = geteuid();
	if (euid != 0) {
		printf("Failed, got euid %d (expecting 0)\n", euid);
        	return 1;
	}
	return 0;
}

$ make
make
cc   -pthread  a.c   -o a
cc b.c -o b
sudo chown root:root b
sudo chmod u+s b
$ for i in $(seq 1000); do ./a; done

Without the fix, one will see 'Failed, got euid 1000 (expecting 0)' messages
Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
Acked-by: default avatarSeth Forshee <seth.forshee@canonical.com>
Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
Signed-off-by: default avatarThadeu Lima de Souza Cascardo <cascardo@canonical.com>
      d6572202
    • Mike Manning's avatar
      vlan: Propagate MAC address to VLANs · a5e12db1
      Mike Manning authored 
      BugLink: http://bugs.launchpad.net/bugs/1682871

The MAC address of the physical interface is only copied to the VLAN
when it is first created, resulting in an inconsistency after MAC
address changes of only newly created VLANs having an up-to-date MAC.

The VLANs should continue inheriting the MAC address of the physical
interface until the VLAN MAC address is explicitly set to any value.
This allows IPv6 EUI64 addresses for the VLAN to reflect any changes
to the MAC of the physical interface and thus for DAD to behave as
expected.
Signed-off-by: default avatarMike Manning <mmanning@brocade.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
(cherry picked from commit 308453aa)
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: default avatarSeth Forshee <seth.forshee@canonical.com>
Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
Acked-by: default avatarColin Ian King <colin.king@canonical.com>
Signed-off-by: default avatarThadeu Lima de Souza Cascardo <cascardo@canonical.com>
      a5e12db1
    • Shrirang Bagul's avatar
      UBUNTU: SAUCE: xr-usb-serial: re-initialise baudrate after resume from S3/S4 · f50a3a99
      Shrirang Bagul authored 
      BugLink: https://bugs.launchpad.net/bugs/1690362

The XR21V1412 ports were using the hardware power-on default of 9600bps
after resume from S3/S4. This patch re-initialises the baud rate and
fixes the re-connection issues after S3/S4.

Changelog:
Version 1B, 11/6/2015
Fixed Bug: The conditional logic to support kernel 3.9 was incorrect(line 396 in xr_usb_serial_common.c).

Version 1A, 1/9/2015
This driver will work with any USB UART function in these Exar devices:
        XR21V1410/1412/1414
        XR21B1411
        XR21B1420/1422/1424
        XR22801/802/804

The source code has been tested on various Linux kernels from 3.6.x to 3.17.x.
This may also work with newer kernels as well.
Signed-off-by: default avatarShrirang Bagul <shrirang.bagul@canonical.com>
Acked-by: default avatarSeth Forshee <seth.forshee@canonical.com>
Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
Signed-off-by: default avatarThadeu Lima de Souza Cascardo <cascardo@canonical.com>
      f50a3a99
    • Shrirang Bagul's avatar
      UBUNTU: SAUCE: (no-up) iio: st_pressure: st_accel: Initialise sensor platform data properly · 4fe0a67f
      Shrirang Bagul authored 
      BugLink: http://bugs.launchpad.net/bugs/1690310

This patch fixes the sensor platform data initialisation for st_pressure
and st_accel device drivers. Without this patch, the driver fails to
register the sensors when the user removes and re-loads the driver.

1. Unload the kernel modules for st_pressure
$ sudo rmmod st_pressure_i2c
$ sudo rmmod st_pressure

2. Re-load the driver
$ sudo insmod st_pressure
$ sudo insmod st_pressure_i2c
Signed-off-by: default avatarJonathan Cameron <jic23@kernel.org>
Acked-by: default avatarLinus Walleij <linus.walleij@linaro.org>
(cherry picked from commit 7383d44b git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio.git)
Signed-off-by: default avatarShrirang Bagul <shrirang.bagul@canonical.com>
Acked-by: default avatarSeth Forshee <seth.forshee@canonical.com>
Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
Signed-off-by: default avatarThadeu Lima de Souza Cascardo <cascardo@canonical.com>
      4fe0a67f
    • Janis Danisevskis's avatar
      procfs: fix pthread cross-thread naming if !PR_DUMPABLE · 94e574b8
      Janis Danisevskis authored 
      BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1690225

The PR_DUMPABLE flag causes the pid related paths of the proc file
system to be owned by ROOT.

The implementation of pthread_set/getname_np however needs access to
/proc/<pid>/task/<tid>/comm.  If PR_DUMPABLE is false this
implementation is locked out.

This patch installs a special permission function for the file "comm"
that grants read and write access to all threads of the same group
regardless of the ownership of the inode.  For all other threads the
function falls back to the generic inode permission check.

[akpm@linux-foundation.org: fix spello in comment]
Signed-off-by: default avatarJanis Danisevskis <jdanis@google.com>
Acked-by: default avatarKees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Colin Ian King <colin.king@canonical.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Minfei Huang <mnfhuang@gmail.com>
Cc: John Stultz <john.stultz@linaro.org>
Cc: Calvin Owens <calvinowens@fb.com>
Cc: Jann Horn <jann@thejh.net>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit 1b3044e3)
Signed-off-by: default avatarBreno Leitao <breno.leitao@gmail.com>
Acked-by: default avatarSeth Forshee <seth.forshee@canonical.com>
Acked-by: default avatarColin Ian King <colin.king@canonical.com>
Signed-off-by: default avatarThadeu Lima de Souza Cascardo <cascardo@canonical.com>
      94e574b8
    • Thadeu Lima de Souza Cascardo's avatar
      UBUNTU: [Packaging] Set do_tools_common in common vars · 1a8f0139
      Thadeu Lima de Souza Cascardo authored 
      BugLink: https://bugs.launchpad.net/bugs/1691814

In order to allow derivatives to really override do_tools_common inside
hooks.mk, it needs to be unconditionally set to true in
0-common-vars.mk, which is included before hooks.mk. Otherwise, hooks.mk
won't be able to override it, and it will be true unless other
conditions apply.

This has caused derivatives to fail to build after commit
13d6fbbe ("UBUNTU: [Packaging] prevent
linux-*-tools-common from being produced from non linux packages").

Fixes: 13d6fbbeSigned-off-by: default avatarThadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: default avatarAndy Whitcroft <andy.whitcroft@canonical.com>
Acked-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
      1a8f0139
    • Kleber Sacilotto de Souza's avatar
      UBUNTU: Start new release · 0e866b5e
      Kleber Sacilotto de Souza authored 
      Ignore: yes
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
      0e866b5e
  3. 08 Jun, 2017 3 commits
    • Stefan Bader's avatar
      UBUNTU: Ubuntu-4.4.0-81.104 · 78ab29f4
      Stefan Bader authored 
      Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
      78ab29f4
    • Michal Hocko's avatar
      mm: do not collapse stack gap into THP · cc9020f7
      Michal Hocko authored 
      Oleg has noticed that khugepaged will happilly collapse stack vma (as
long as it is not an early stack - see is_vma_temporary_stack) and
it might effectively remove the stack gap area as well because a larger
part of the stack vma is usually populated. The same applies to the
page fault handler.

Fix this by checking stack_guard_area when revalidating a VMA
in hugepage_vma_revalidate.  We do not want to hook/replace
is_vma_temporary_stack() check because THP might be still useful for
stack, all we need is excluding the gap from collapsing into a THP.

Also check the to-be-created THP in do_huge_pmd_anonymous_page to
make sure it is completely outside of the gap area because we we could
create THP covering the gap area.

CVE-2017-1000364
Noticed-by: default avatarOleg Nesterov <oleg@redhat.com>
Signed-off-by: default avatarMichal Hocko <mhocko@suse.com>
[move khugepaged.c code into huge_memory.c]
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
      cc9020f7
    • Michal Hocko's avatar
      mm: enlarge stack guard gap · b9f2a4fb
      Michal Hocko authored 
      Stack guard page is a useful feature to reduce a risk of stack smashing
into a different mapping. We have been using a single page gap which
is sufficient to prevent having stack adjacent to a different mapping.
But this seems to be insufficient in the light of the stack usage in
the userspace. E.g. glibc uses as large as 64kB alloca() in many
commonly used functions. This will become especially dangerous for suid
binaries and the default no limit for the stack size limit because those
applications can be tricked to consume a large portion of the stack and
a single glibc call could jump over the guard page. These attacks are
not theoretical, unfortunatelly.

Make those attacks less probable by increasing the stack guard gap
to 1MB (on systems with 4k pages but make it depend on the page size
because systems with larger base pages might cap stack allocations in
the PAGE_SIZE units) which should cover larger alloca() and VLA stack
allocations. It is obviously not a full fix because the problem is
somehow inherent but it should reduce attack space a lot. One could
argue that the gap size should be configurable from the userspace but
that can be done later on top when somebody finds that the new 1MB is
not suitable or even wrong for some special case applications.

Implementation wise, get rid of check_stack_guard_page and move all the
guard page specific code to expandable_stack_area which always tries to
guarantee the gap. do_anonymous_page then just calls expand_stack. Also
get rid of stack_guard_page_{start,end} and replace them with
stack_guard_area to handle stack population and /proc/<pid>/[s]maps.

This should clean up the code which is quite scattered currently
and therefore justify the change.

TODO: ia64 page fault handling calls expand_upwards explicitly for
register store. Do we need a gap there as well?

CVE-2017-1000364
Signed-off-by: default avatarMichal Hocko <mhocko@suse.com>
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
      b9f2a4fb
  5. 31 May, 2017 1 commit
  7. 17 May, 2017 4 commits
  9. 16 May, 2017 1 commit
  11. 12 May, 2017 4 commits
  13. 08 May, 2017 18 commits
  15. 05 May, 2017 1 commit
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7