diff options
author | Joakim Hernberg | 2017-12-30 00:12:41 +0100 |
---|---|---|
committer | Joakim Hernberg | 2017-12-30 00:12:41 +0100 |
commit | 11f3aa9e1dc78cdbae02b3571e70cb94e2dacbec (patch) | |
tree | b3c89f90f8be28ea3b8e4fa2b433e825fbe7009d | |
parent | 80d0ef919275877bcaf63a851140e112241cb495 (diff) | |
download | aur-11f3aa9e1dc78cdbae02b3571e70cb94e2dacbec.tar.gz |
fixup buildscript, bump to 4.14.8-rt9-3
-rw-r--r-- | .SRCINFO | 20 | ||||
-rw-r--r-- | 0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch | 5 | ||||
-rw-r--r-- | 0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch | 72 | ||||
-rw-r--r-- | 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 15 | ||||
-rw-r--r-- | 0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch | 11 | ||||
-rw-r--r-- | 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch | 11 | ||||
-rw-r--r-- | 0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch | 49 | ||||
-rw-r--r-- | 0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch | 114 | ||||
-rw-r--r-- | PKGBUILD | 32 |
9 files changed, 292 insertions, 37 deletions
@@ -1,8 +1,8 @@ # Generated by makepkg 5.0.2 -# Sat Dec 23 14:06:31 UTC 2017 +# Fri Dec 29 23:02:43 UTC 2017 pkgbase = linux-rt pkgver = 4.14.8_rt9 - pkgrel = 2 + pkgrel = 3 url = https://www.kernel.org/ arch = x86_64 license = GPL2 @@ -25,8 +25,11 @@ pkgbase = linux-rt source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch source = 0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch source = 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch - source = 0001-drm-i915-Avoid-PPS-HW-SW-state-mismatch-due-to-rounding.patch + source = 0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch + source = 0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + source = 0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch source = 0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch + source = 0001-drm-i915-Avoid-PPS-HW-SW-state-mismatch-due-to-rounding.patch source = fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E @@ -43,11 +46,14 @@ pkgbase = linux-rt sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21 sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919 sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65 - sha256sums = 3ef4c7875f0965ac86aa64ce6c2a7e06ca0066d75df51d07db0f11a52160b8dd - sha256sums = ac203ad289f4b0782fe94487450863aaf796cf06e60a09ee097bd8c4338c9572 - sha256sums = 93f08a383189664579b07b1d7da2a54a8b758bcf03926bf4947484bb4bf4fb4c + sha256sums = 37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85 + sha256sums = c6e7db7dfd6a07e1fd0e20c3a5f0f315f9c2a366fe42214918b756f9a1c9bfa3 + sha256sums = 1d69940c6bf1731fa1d1da29b32ec4f594fa360118fe7b128c9810285ebf13e2 + sha256sums = ed3266ab03f836f57de0faf8a10ffd7566c909515c2649de99adaab2fac4aa32 + sha256sums = 64a014f7e1b4588728b3ea9538beee67ec63fb792d890c7be9cc13ddc2121b00 + sha256sums = 3d4c41086c077fbd515d04f5e59c0c258f700433c5da3365d960b696c2e56efb + sha256sums = 95f0d0a94983b0dafd295f660a663f9be5ef2fcb9646098426a5d12b59f50638 sha256sums = b0396825ecd293499907ad86a0eb642cd5e82e534619f95658438ee6ecff10eb - sha256sums = cbf586270595a89835dc02602983028f4cea80c40a43be3d4871dae4fdb46b84 sha256sums = 85f7612edfa129210343d6a4fe4ba2a4ac3542d98b7e28c8896738e7e6541c06 pkgname = linux-rt diff --git a/0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch b/0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch index f661032ab6fa..fe62f65af163 100644 --- a/0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch +++ b/0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch @@ -1,4 +1,5 @@ -From 5a15f289ee87eaf33f13f08a4909ec99d837ec5f Mon Sep 17 00:00:00 2001 +From 16b5ff888e251b8c4dedd3994d2e85ab25ea7fa4 Mon Sep 17 00:00:00 2001 +Message-Id: <16b5ff888e251b8c4dedd3994d2e85ab25ea7fa4.1514245036.git.jan.steffens@gmail.com> From: Takashi Iwai <tiwai@suse.de> Date: Mon, 18 Dec 2017 23:36:57 +0100 Subject: [PATCH] ALSA: usb-audio: Fix the missing ctl name suffix at parsing @@ -31,7 +32,7 @@ Signed-off-by: Takashi Iwai <tiwai@suse.de> 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c -index afc208e1c756..60ebc99ae323 100644 +index 4fde4f8d4444a597..75bce127d768c613 100644 --- a/sound/usb/mixer.c +++ b/sound/usb/mixer.c @@ -2173,20 +2173,25 @@ static int parse_audio_selector_unit(struct mixer_build *state, int unitid, diff --git a/0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch b/0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch new file mode 100644 index 000000000000..b44eb2ab8898 --- /dev/null +++ b/0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch @@ -0,0 +1,72 @@ +From b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4 Mon Sep 17 00:00:00 2001 +Message-Id: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com> +From: Steffen Klassert <steffen.klassert@secunet.com> +Date: Wed, 15 Nov 2017 06:40:57 +0100 +Subject: [PATCH 1/3] Revert "xfrm: Fix stack-out-of-bounds read in + xfrm_state_find." + +This reverts commit c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e. + +This commit breaks transport mode when the policy template +has widlcard addresses configured, so revert it. + +Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> +--- + net/xfrm/xfrm_policy.c | 29 ++++++++++++++++++----------- + 1 file changed, 18 insertions(+), 11 deletions(-) + +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index 6eb228a70131069b..a2e531bf4f976308 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -1361,29 +1361,36 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl, + struct net *net = xp_net(policy); + int nx; + int i, error; ++ xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family); ++ xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family); + xfrm_address_t tmp; + + for (nx = 0, i = 0; i < policy->xfrm_nr; i++) { + struct xfrm_state *x; +- xfrm_address_t *local; +- xfrm_address_t *remote; ++ xfrm_address_t *remote = daddr; ++ xfrm_address_t *local = saddr; + struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i]; + +- remote = &tmpl->id.daddr; +- local = &tmpl->saddr; +- if (xfrm_addr_any(local, tmpl->encap_family)) { +- error = xfrm_get_saddr(net, fl->flowi_oif, +- &tmp, remote, +- tmpl->encap_family, 0); +- if (error) +- goto fail; +- local = &tmp; ++ if (tmpl->mode == XFRM_MODE_TUNNEL || ++ tmpl->mode == XFRM_MODE_BEET) { ++ remote = &tmpl->id.daddr; ++ local = &tmpl->saddr; ++ if (xfrm_addr_any(local, tmpl->encap_family)) { ++ error = xfrm_get_saddr(net, fl->flowi_oif, ++ &tmp, remote, ++ tmpl->encap_family, 0); ++ if (error) ++ goto fail; ++ local = &tmp; ++ } + } + + x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family); + + if (x && x->km.state == XFRM_STATE_VALID) { + xfrm[nx++] = x; ++ daddr = remote; ++ saddr = local; + continue; + } + if (x) { +-- +2.15.1 + diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch index 4885b579d6cf..29582c2bf608 100644 --- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch @@ -18,7 +18,7 @@ index 07cc743698d3668e..4011d68a8ff9305c 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -102,6 +102,11 @@ - + #define CREATE_TRACE_POINTS #include <trace/events/task.h> +#ifdef CONFIG_USER_NS @@ -26,13 +26,13 @@ index 07cc743698d3668e..4011d68a8ff9305c 100644 +#else +#define unprivileged_userns_clone 0 +#endif - + /* * Minimum number of threads to boot the kernel @@ -1555,6 +1560,10 @@ static __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); - + + if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) + if (!capable(CAP_SYS_ADMIN)) + return ERR_PTR(-EPERM); @@ -43,7 +43,7 @@ index 07cc743698d3668e..4011d68a8ff9305c 100644 @@ -2348,6 +2357,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; - + + if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) { + err = -EPERM; + if (!capable(CAP_SYS_ADMIN)) @@ -90,12 +90,13 @@ index c490f1e4313b998a..dd03bd39d7bf194d 100644 @@ -24,6 +24,9 @@ #include <linux/projid.h> #include <linux/fs_struct.h> - + +/* sysctl */ +int unprivileged_userns_clone; + static struct kmem_cache *user_ns_cachep __read_mostly; static DEFINE_MUTEX(userns_state_mutex); - --- + +-- 2.15.1 + diff --git a/0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch b/0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch index 6b4c5f4a6129..7e3ecbde40ff 100644 --- a/0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch +++ b/0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch @@ -41,7 +41,7 @@ index d6d4ed7acf031172..31277d3bb7dc1241 100644 u16 emi_addr, emi_val = 0; bool link; u16 phy_reg; - + /* We only want to go out to the PHY registers to see if Auto-Neg * has completed and/or if our link status has changed. The * get_link_status flag is set upon receiving a Link Status @@ -50,7 +50,7 @@ index d6d4ed7acf031172..31277d3bb7dc1241 100644 if (!mac->get_link_status) - return 0; + return 1; - + /* First we want to see if the MII Status Register reports * link. If so, then we want to get the current speed/duplex @@ -1613,10 +1616,12 @@ static s32 e1000_check_for_copper_link_ich8lan(struct e1000_hw *hw) @@ -62,11 +62,12 @@ index d6d4ed7acf031172..31277d3bb7dc1241 100644 e_dbg("Error configuring flow control\n"); + return ret_val; + } - + - return ret_val; + return 1; } - + static s32 e1000_get_variants_ich8lan(struct e1000_adapter *adapter) --- +-- 2.15.1 + diff --git a/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch b/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch index 1b1d08508fe2..26311bf3bb54 100644 --- a/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch +++ b/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch @@ -28,10 +28,10 @@ index b68168fcc06aa198..9d43c1f4027408f3 100644 + struct dccp_sock *dp = dccp_sk(sk); int err = 0; const int old_state = sk->sk_state; - + if (old_state != DCCP_CLOSED) dccp_set_state(sk, DCCP_CLOSED); - + /* * This corresponds to the ABORT function of RFC793, sec. 3.8 * TCP uses a RST segment, DCCP a Reset packet with Code 2, "Aborted". @@ -43,14 +43,15 @@ index b68168fcc06aa198..9d43c1f4027408f3 100644 sk->sk_err = ECONNRESET; } else if (old_state == DCCP_REQUESTING) sk->sk_err = ECONNRESET; - + dccp_clear_xmit_timers(sk); + ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk); + ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk); + dp->dccps_hc_rx_ccid = NULL; + dp->dccps_hc_tx_ccid = NULL; - + __skb_queue_purge(&sk->sk_receive_queue); __skb_queue_purge(&sk->sk_write_queue); --- +-- 2.15.1 + diff --git a/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch new file mode 100644 index 000000000000..ad4614492736 --- /dev/null +++ b/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch @@ -0,0 +1,49 @@ +From 1c3a5e72b70bcfaf342075a3fa5fcbdf99302a3f Mon Sep 17 00:00:00 2001 +Message-Id: <1c3a5e72b70bcfaf342075a3fa5fcbdf99302a3f.1514245012.git.jan.steffens@gmail.com> +In-Reply-To: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com> +References: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com> +From: Steffen Klassert <steffen.klassert@secunet.com> +Date: Fri, 22 Dec 2017 10:44:57 +0100 +Subject: [PATCH 2/3] xfrm: Fix stack-out-of-bounds read on socket policy + lookup. + +When we do tunnel or beet mode, we pass saddr and daddr from the +template to xfrm_state_find(), this is ok. On transport mode, +we pass the addresses from the flowi, assuming that the IP +addresses (and address family) don't change during transformation. +This assumption is wrong in the IPv4 mapped IPv6 case, packet +is IPv4 and template is IPv6. + +Fix this by catching address family missmatches of the policy +and the flow already before we do the lookup. + +Reported-by: syzbot <syzkaller@googlegroups.com> +Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> +--- + net/xfrm/xfrm_policy.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index a2e531bf4f976308..c79ed3bed5d4dc2f 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -1169,9 +1169,15 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, + again: + pol = rcu_dereference(sk->sk_policy[dir]); + if (pol != NULL) { +- bool match = xfrm_selector_match(&pol->selector, fl, family); ++ bool match; + int err = 0; + ++ if (pol->family != family) { ++ pol = NULL; ++ goto out; ++ } ++ ++ match = xfrm_selector_match(&pol->selector, fl, family); + if (match) { + if ((sk->sk_mark & pol->mark.m) != pol->mark.v) { + pol = NULL; +-- +2.15.1 + diff --git a/0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch b/0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch new file mode 100644 index 000000000000..80a09f9a5469 --- /dev/null +++ b/0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch @@ -0,0 +1,114 @@ +From a3c64fe9d978f3ee8f21fac5b410c63fe7cce725 Mon Sep 17 00:00:00 2001 +Message-Id: <a3c64fe9d978f3ee8f21fac5b410c63fe7cce725.1514245012.git.jan.steffens@gmail.com> +In-Reply-To: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com> +References: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com> +From: Tejun Heo <tj@kernel.org> +Date: Wed, 20 Dec 2017 07:09:19 -0800 +Subject: [PATCH 3/3] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC + +While teaching css_task_iter to handle skipping over tasks which +aren't group leaders, bc2fb7ed089f ("cgroup: add @flags to +css_task_iter_start() and implement CSS_TASK_ITER_PROCS") introduced a +silly bug. + +CSS_TASK_ITER_PROCS is implemented by repeating +css_task_iter_advance() while the advanced cursor is pointing to a +non-leader thread. However, the cursor variable, @l, wasn't updated +when the iteration has to advance to the next css_set and the +following repetition would operate on the terminal @l from the +previous iteration which isn't pointing to a valid task leading to +oopses like the following or infinite looping. + + BUG: unable to handle kernel NULL pointer dereference at 0000000000000254 + IP: __task_pid_nr_ns+0xc7/0xf0 + PGD 0 P4D 0 + Oops: 0000 [#1] SMP + ... + CPU: 2 PID: 1 Comm: systemd Not tainted 4.14.4-200.fc26.x86_64 #1 + Hardware name: System manufacturer System Product Name/PRIME B350M-A, BIOS 3203 11/09/2017 + task: ffff88c4baee8000 task.stack: ffff96d5c3158000 + RIP: 0010:__task_pid_nr_ns+0xc7/0xf0 + RSP: 0018:ffff96d5c315bd50 EFLAGS: 00010206 + RAX: 0000000000000000 RBX: ffff88c4b68c6000 RCX: 0000000000000250 + RDX: ffffffffa5e47960 RSI: 0000000000000000 RDI: ffff88c490f6ab00 + RBP: ffff96d5c315bd50 R08: 0000000000001000 R09: 0000000000000005 + R10: ffff88c4be006b80 R11: ffff88c42f1b8004 R12: ffff96d5c315bf18 + R13: ffff88c42d7dd200 R14: ffff88c490f6a510 R15: ffff88c4b68c6000 + FS: 00007f9446f8ea00(0000) GS:ffff88c4be680000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 0000000000000254 CR3: 00000007f956f000 CR4: 00000000003406e0 + Call Trace: + cgroup_procs_show+0x19/0x30 + cgroup_seqfile_show+0x4c/0xb0 + kernfs_seq_show+0x21/0x30 + seq_read+0x2ec/0x3f0 + kernfs_fop_read+0x134/0x180 + __vfs_read+0x37/0x160 + ? security_file_permission+0x9b/0xc0 + vfs_read+0x8e/0x130 + SyS_read+0x55/0xc0 + entry_SYSCALL_64_fastpath+0x1a/0xa5 + RIP: 0033:0x7f94455f942d + RSP: 002b:00007ffe81ba2d00 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 + RAX: ffffffffffffffda RBX: 00005574e2233f00 RCX: 00007f94455f942d + RDX: 0000000000001000 RSI: 00005574e2321a90 RDI: 000000000000002b + RBP: 0000000000000000 R08: 00005574e2321a90 R09: 00005574e231de60 + R10: 00007f94458c8b38 R11: 0000000000000293 R12: 00007f94458c8ae0 + R13: 00007ffe81ba3800 R14: 0000000000000000 R15: 00005574e2116560 + Code: 04 74 0e 89 f6 48 8d 04 76 48 8d 04 c5 f0 05 00 00 48 8b bf b8 05 00 00 48 01 c7 31 c0 48 8b 0f 48 85 c9 74 18 8b b2 30 08 00 00 <3b> 71 04 77 0d 48 c1 e6 05 48 01 f1 48 3b 51 38 74 09 5d c3 8b + RIP: __task_pid_nr_ns+0xc7/0xf0 RSP: ffff96d5c315bd50 + +Fix it by moving the initialization of the cursor below the repeat +label. While at it, rename it to @next for readability. + +Signed-off-by: Tejun Heo <tj@kernel.org> +Fixes: bc2fb7ed089f ("cgroup: add @flags to css_task_iter_start() and implement CSS_TASK_ITER_PROCS") +Cc: stable@vger.kernel.org # v4.14+ +Reported-by: Laura Abbott <labbott@redhat.com> +Reported-by: Bronek Kozicki <brok@incorrekt.com> +Reported-by: George Amanakis <gamanakis@gmail.com> +Signed-off-by: Tejun Heo <tj@kernel.org> +--- + kernel/cgroup/cgroup.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c +index 44857278eb8aa6a2..030e4286f14c715e 100644 +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -4059,26 +4059,24 @@ static void css_task_iter_advance_css_set(struct css_task_iter *it) + + static void css_task_iter_advance(struct css_task_iter *it) + { +- struct list_head *l = it->task_pos; ++ struct list_head *next; + + lockdep_assert_held(&css_set_lock); +- WARN_ON_ONCE(!l); +- + repeat: + /* + * Advance iterator to find next entry. cset->tasks is consumed + * first and then ->mg_tasks. After ->mg_tasks, we move onto the + * next cset. + */ +- l = l->next; ++ next = it->task_pos->next; + +- if (l == it->tasks_head) +- l = it->mg_tasks_head->next; ++ if (next == it->tasks_head) ++ next = it->mg_tasks_head->next; + +- if (l == it->mg_tasks_head) ++ if (next == it->mg_tasks_head) + css_task_iter_advance_css_set(it); + else +- it->task_pos = l; ++ it->task_pos = next; + + /* if PROCS, skip over tasks which aren't group leaders */ + if ((it->flags & CSS_TASK_ITER_PROCS) && it->task_pos && +-- +2.15.1 + @@ -11,7 +11,7 @@ _srcname=linux-4.14 _pkgver=4.14.8 _rtpatchver=rt9 pkgver=${_pkgver}_${_rtpatchver} -pkgrel=2 +pkgrel=3 arch=('x86_64') url="https://www.kernel.org/" license=('GPL2') @@ -31,8 +31,11 @@ source=( 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch 0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch - 0001-drm-i915-Avoid-PPS-HW-SW-state-mismatch-due-to-rounding.patch + 0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch + 0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + 0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch 0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch + 0001-drm-i915-Avoid-PPS-HW-SW-state-mismatch-due-to-rounding.patch fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch ) validpgpkeys=( @@ -52,11 +55,14 @@ sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' - '3ef4c7875f0965ac86aa64ce6c2a7e06ca0066d75df51d07db0f11a52160b8dd' - 'ac203ad289f4b0782fe94487450863aaf796cf06e60a09ee097bd8c4338c9572' - '93f08a383189664579b07b1d7da2a54a8b758bcf03926bf4947484bb4bf4fb4c' + '37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85' + 'c6e7db7dfd6a07e1fd0e20c3a5f0f315f9c2a366fe42214918b756f9a1c9bfa3' + '1d69940c6bf1731fa1d1da29b32ec4f594fa360118fe7b128c9810285ebf13e2' + 'ed3266ab03f836f57de0faf8a10ffd7566c909515c2649de99adaab2fac4aa32' + '64a014f7e1b4588728b3ea9538beee67ec63fb792d890c7be9cc13ddc2121b00' + '3d4c41086c077fbd515d04f5e59c0c258f700433c5da3365d960b696c2e56efb' + '95f0d0a94983b0dafd295f660a663f9be5ef2fcb9646098426a5d12b59f50638' 'b0396825ecd293499907ad86a0eb642cd5e82e534619f95658438ee6ecff10eb' - 'cbf586270595a89835dc02602983028f4cea80c40a43be3d4871dae4fdb46b84' '85f7612edfa129210343d6a4fe4ba2a4ac3542d98b7e28c8896738e7e6541c06') _kernelname=${pkgbase#linux} @@ -81,14 +87,18 @@ prepare() { # https://nvd.nist.gov/vuln/detail/CVE-2017-8824 patch -Np1 -i ../0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch - # fix a harmless i915 boot up msg - msg "applying 0001-drm-i915-Avoid-PPS-HW-SW-state-mismatch-due-to-rounding.patch" - patch -Np1 -i ../0001-drm-i915-Avoid-PPS-HW-SW-state-mismatch-due-to-rounding.patch + # https://bugs.archlinux.org/task/56605 + patch -Np1 -i ../0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch + patch -Np1 -i ../0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch - # fix a problem with USB audio - msg "0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch" + # https://bugs.archlinux.org/task/56846 + patch -Np1 -i ../0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch + + # https://bugs.archlinux.org/task/56830 patch -Np1 -i ../0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch + patch -Np1 -i ../0001-drm-i915-Avoid-PPS-HW-SW-state-mismatch-due-to-rounding.patch + # add realtime patch msg "applying patch-${_pkgver}-${_rtpatchver}.patch" patch -Np1 -i ../patch-${_pkgver}-${_rtpatchver}.patch |