diff options
author | graysky | 2019-06-18 21:02:07 -0400 |
---|---|---|
committer | graysky | 2019-06-18 21:02:07 -0400 |
commit | 1e3f17ed5101c04f109351e2977fbd78085eb41c (patch) | |
tree | 617857df39a3a9125626856b80cd05bf52ed5fcb | |
parent | bbbea105adbf1396f472f2086e8c36778c7d466c (diff) | |
download | aur-1e3f17ed5101c04f109351e2977fbd78085eb41c.tar.gz |
Update to 5.1.12rc1-1
-rw-r--r-- | .SRCINFO | 16 | ||||
-rw-r--r-- | 0003-bcache-fix-stack-corruption-by-PRECEDING_KEY.patch | 128 | ||||
-rw-r--r-- | PKGBUILD | 12 |
3 files changed, 144 insertions, 12 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-rc - pkgver = 5.1.10rc1 + pkgver = 5.1.12rc1 pkgrel = 1 url = https://www.kernel.org/ arch = x86_64 @@ -9,21 +9,22 @@ pkgbase = linux-rc makedepends = bc makedepends = libelf options = !strip - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.9.tar.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.9.tar.sign - source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.10-rc1.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.10-rc1.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.11.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.11.tar.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.12-rc1.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.12-rc1.sign source = config source = 60-linux.hook source = 90-linux.hook source = linux.preset source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch source = 0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch + source = 0003-bcache-fix-stack-corruption-by-PRECEDING_KEY.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E - sha256sums = 58c9eca99c3dd2fff5b559302996c985c3f3f2aad0b99b2172a61c4df7122a79 + sha256sums = 11fd93207290272389ad284b8b042041d088fbee0ed5798e933bf8e91697d219 sha256sums = SKIP - sha256sums = 6f7126b58e71375f873fce8c177efb6fe7e99586b401544a0970e8d380e8b6f3 + sha256sums = b8da5ae4d706b9a6144da10abd21e87cc2547a000093c776401027880ce9c302 sha256sums = SKIP sha256sums = 2e555646f47002c3e76e2a8405d33a64fcc8cf060ef5430881a5d144d8e3bc98 sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21 @@ -31,6 +32,7 @@ pkgbase = linux-rc sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65 sha256sums = 4fb1ddb2d03db2f6d9d11ba5b4dbc6abcdf5a9a6dd94c94634aa032690c48629 sha256sums = 1625f1a883c38e64e84ad769714a18991e824d9a271ba5862600df32a5761aec + sha256sums = 0c6fcda6bf2d56358b557c1b8a0de6e1e40cc75df161eb2daf6841652cd431de pkgname = linux-rc pkgdesc = The release candidate kernel and modules diff --git a/0003-bcache-fix-stack-corruption-by-PRECEDING_KEY.patch b/0003-bcache-fix-stack-corruption-by-PRECEDING_KEY.patch new file mode 100644 index 000000000000..812a5cd7b97e --- /dev/null +++ b/0003-bcache-fix-stack-corruption-by-PRECEDING_KEY.patch @@ -0,0 +1,128 @@ +From 9e50f5f4ef401c4a5cd286ee3218fcc625ef6f77 Mon Sep 17 00:00:00 2001 +From: Coly Li <colyli@suse.de> +Date: Mon, 10 Jun 2019 06:13:34 +0800 +Subject: [PATCH 3/4] bcache: fix stack corruption by PRECEDING_KEY() + +Recently people report bcache code compiled with gcc9 is broken, one of +the buggy behavior I observe is that two adjacent 4KB I/Os should merge +into one but they don't. Finally it turns out to be a stack corruption +caused by macro PRECEDING_KEY(). + +See how PRECEDING_KEY() is defined in bset.h, +437 #define PRECEDING_KEY(_k) \ +438 ({ \ +439 struct bkey *_ret = NULL; \ +440 \ +441 if (KEY_INODE(_k) || KEY_OFFSET(_k)) { \ +442 _ret = &KEY(KEY_INODE(_k), KEY_OFFSET(_k), 0); \ +443 \ +444 if (!_ret->low) \ +445 _ret->high--; \ +446 _ret->low--; \ +447 } \ +448 \ +449 _ret; \ +450 }) + +At line 442, _ret points to address of a on-stack variable combined by +KEY(), the life range of this on-stack variable is in line 442-446, +once _ret is returned to bch_btree_insert_key(), the returned address +points to an invalid stack address and this address is overwritten in +the following called bch_btree_iter_init(). Then argument 'search' of +bch_btree_iter_init() points to some address inside stackframe of +bch_btree_iter_init(), exact address depends on how the compiler +allocates stack space. Now the stack is corrupted. + +Fixes: 0eacac22034c ("bcache: PRECEDING_KEY()") +Signed-off-by: Coly Li <colyli@suse.de> +Reviewed-by: Rolf Fokkens <rolf@rolffokkens.nl> +Reviewed-by: Pierre JUHEN <pierre.juhen@orange.fr> +Tested-by: Shenghui Wang <shhuiw@foxmail.com> +Tested-by: Pierre JUHEN <pierre.juhen@orange.fr> +Cc: Kent Overstreet <kent.overstreet@gmail.com> +Cc: Nix <nix@esperi.org.uk> +Cc: stable@vger.kernel.org +Signed-off-by: Jens Axboe <axboe@kernel.dk> +--- + drivers/md/bcache/bset.c | 16 +++++++++++++--- + drivers/md/bcache/bset.h | 34 ++++++++++++++++++++-------------- + 2 files changed, 33 insertions(+), 17 deletions(-) + +diff --git a/drivers/md/bcache/bset.c b/drivers/md/bcache/bset.c +index 8f07fa6e1739..268f1b685084 100644 +--- a/drivers/md/bcache/bset.c ++++ b/drivers/md/bcache/bset.c +@@ -887,12 +887,22 @@ unsigned int bch_btree_insert_key(struct btree_keys *b, struct bkey *k, + struct bset *i = bset_tree_last(b)->data; + struct bkey *m, *prev = NULL; + struct btree_iter iter; ++ struct bkey preceding_key_on_stack = ZERO_KEY; ++ struct bkey *preceding_key_p = &preceding_key_on_stack; + + BUG_ON(b->ops->is_extents && !KEY_SIZE(k)); + +- m = bch_btree_iter_init(b, &iter, b->ops->is_extents +- ? PRECEDING_KEY(&START_KEY(k)) +- : PRECEDING_KEY(k)); ++ /* ++ * If k has preceding key, preceding_key_p will be set to address ++ * of k's preceding key; otherwise preceding_key_p will be set ++ * to NULL inside preceding_key(). ++ */ ++ if (b->ops->is_extents) ++ preceding_key(&START_KEY(k), &preceding_key_p); ++ else ++ preceding_key(k, &preceding_key_p); ++ ++ m = bch_btree_iter_init(b, &iter, preceding_key_p); + + if (b->ops->insert_fixup(b, k, &iter, replace_key)) + return status; +diff --git a/drivers/md/bcache/bset.h b/drivers/md/bcache/bset.h +index bac76aabca6d..c71365e7c1fa 100644 +--- a/drivers/md/bcache/bset.h ++++ b/drivers/md/bcache/bset.h +@@ -434,20 +434,26 @@ static inline bool bch_cut_back(const struct bkey *where, struct bkey *k) + return __bch_cut_back(where, k); + } + +-#define PRECEDING_KEY(_k) \ +-({ \ +- struct bkey *_ret = NULL; \ +- \ +- if (KEY_INODE(_k) || KEY_OFFSET(_k)) { \ +- _ret = &KEY(KEY_INODE(_k), KEY_OFFSET(_k), 0); \ +- \ +- if (!_ret->low) \ +- _ret->high--; \ +- _ret->low--; \ +- } \ +- \ +- _ret; \ +-}) ++/* ++ * Pointer '*preceding_key_p' points to a memory object to store preceding ++ * key of k. If the preceding key does not exist, set '*preceding_key_p' to ++ * NULL. So the caller of preceding_key() needs to take care of memory ++ * which '*preceding_key_p' pointed to before calling preceding_key(). ++ * Currently the only caller of preceding_key() is bch_btree_insert_key(), ++ * and it points to an on-stack variable, so the memory release is handled ++ * by stackframe itself. ++ */ ++static inline void preceding_key(struct bkey *k, struct bkey **preceding_key_p) ++{ ++ if (KEY_INODE(k) || KEY_OFFSET(k)) { ++ (**preceding_key_p) = KEY(KEY_INODE(k), KEY_OFFSET(k), 0); ++ if (!(*preceding_key_p)->low) ++ (*preceding_key_p)->high--; ++ (*preceding_key_p)->low--; ++ } else { ++ (*preceding_key_p) = NULL; ++ } ++} + + static inline bool bch_ptr_invalid(struct btree_keys *b, const struct bkey *k) + { +-- +2.22.0 + @@ -5,8 +5,8 @@ pkgbase=linux-rc pkgrel=1 _srcname=linux-5.1 -_stable=5.1.9 -_patchver=5.1.10 +_stable=5.1.11 +_patchver=5.1.12 _rcver=1 pkgver=${_patchver}rc${_rcver} _rcpatch=patch-${_patchver}-rc${_rcver} @@ -24,22 +24,24 @@ source=( linux.preset # standard config files for mkinitcpio ramdisk 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch 0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch + 0003-bcache-fix-stack-corruption-by-PRECEDING_KEY.patch # Arch-Linux-kernel-vx.xx.x-arch1.patch is not needed for rc1 ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) -sha256sums=('58c9eca99c3dd2fff5b559302996c985c3f3f2aad0b99b2172a61c4df7122a79' +sha256sums=('11fd93207290272389ad284b8b042041d088fbee0ed5798e933bf8e91697d219' 'SKIP' - '6f7126b58e71375f873fce8c177efb6fe7e99586b401544a0970e8d380e8b6f3' + 'b8da5ae4d706b9a6144da10abd21e87cc2547a000093c776401027880ce9c302' 'SKIP' '2e555646f47002c3e76e2a8405d33a64fcc8cf060ef5430881a5d144d8e3bc98' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' 'c043f3033bb781e2688794a59f6d1f7ed49ef9b13eb77ff9a425df33a244a636' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' '4fb1ddb2d03db2f6d9d11ba5b4dbc6abcdf5a9a6dd94c94634aa032690c48629' - '1625f1a883c38e64e84ad769714a18991e824d9a271ba5862600df32a5761aec') + '1625f1a883c38e64e84ad769714a18991e824d9a271ba5862600df32a5761aec' + '0c6fcda6bf2d56358b557c1b8a0de6e1e40cc75df161eb2daf6841652cd431de') _kernelname=${pkgbase#linux} |