diff options
-rw-r--r-- | .SRCINFO | 15 | ||||
-rw-r--r-- | 0003-bcache-fix-stack-corruption-by-PRECEDING_KEY.patch | 128 | ||||
-rw-r--r-- | PKGBUILD | 5 |
3 files changed, 9 insertions, 139 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-ck - pkgver = 5.1.11 + pkgver = 5.1.12 pkgrel = 1 url = https://wiki.archlinux.org/index.php/Linux-ck arch = x86_64 @@ -9,8 +9,8 @@ pkgbase = linux-ck makedepends = bc makedepends = libelf options = !strip - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.11.tar.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.11.tar.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.12.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.12.tar.sign source = config source = 60-linux.hook source = 90-linux.hook @@ -19,10 +19,9 @@ pkgbase = linux-ck source = http://ck.kolivas.org/patches/5.0/5.1/5.1-ck1/patch-5.1-ck1.xz source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch source = 0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch - source = 0003-bcache-fix-stack-corruption-by-PRECEDING_KEY.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E - sha256sums = 11fd93207290272389ad284b8b042041d088fbee0ed5798e933bf8e91697d219 + sha256sums = 7159819d298a84acefeaedfd155be20477b92fda194a5f51547a2f1abffd79ab sha256sums = SKIP sha256sums = e11dfcd89ff21c31c7f01d567c0629d079f9d86f21a10694a08a4cf8f16a5f60 sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21 @@ -42,12 +41,12 @@ pkgname = linux-ck depends = kmod depends = mkinitcpio optdepends = crda: to set the correct wireless channels of your country - provides = linux-ck=5.1.11 + provides = linux-ck=5.1.12 backup = etc/mkinitcpio.d/linux-ck.preset pkgname = linux-ck-headers pkgdesc = Header files and scripts for building modules for Linux-ck kernel depends = linux-ck - provides = linux-ck-headers=5.1.11 - provides = linux-headers=5.1.11 + provides = linux-ck-headers=5.1.12 + provides = linux-headers=5.1.12 diff --git a/0003-bcache-fix-stack-corruption-by-PRECEDING_KEY.patch b/0003-bcache-fix-stack-corruption-by-PRECEDING_KEY.patch deleted file mode 100644 index 812a5cd7b97e..000000000000 --- a/0003-bcache-fix-stack-corruption-by-PRECEDING_KEY.patch +++ /dev/null @@ -1,128 +0,0 @@ -From 9e50f5f4ef401c4a5cd286ee3218fcc625ef6f77 Mon Sep 17 00:00:00 2001 -From: Coly Li <colyli@suse.de> -Date: Mon, 10 Jun 2019 06:13:34 +0800 -Subject: [PATCH 3/4] bcache: fix stack corruption by PRECEDING_KEY() - -Recently people report bcache code compiled with gcc9 is broken, one of -the buggy behavior I observe is that two adjacent 4KB I/Os should merge -into one but they don't. Finally it turns out to be a stack corruption -caused by macro PRECEDING_KEY(). - -See how PRECEDING_KEY() is defined in bset.h, -437 #define PRECEDING_KEY(_k) \ -438 ({ \ -439 struct bkey *_ret = NULL; \ -440 \ -441 if (KEY_INODE(_k) || KEY_OFFSET(_k)) { \ -442 _ret = &KEY(KEY_INODE(_k), KEY_OFFSET(_k), 0); \ -443 \ -444 if (!_ret->low) \ -445 _ret->high--; \ -446 _ret->low--; \ -447 } \ -448 \ -449 _ret; \ -450 }) - -At line 442, _ret points to address of a on-stack variable combined by -KEY(), the life range of this on-stack variable is in line 442-446, -once _ret is returned to bch_btree_insert_key(), the returned address -points to an invalid stack address and this address is overwritten in -the following called bch_btree_iter_init(). Then argument 'search' of -bch_btree_iter_init() points to some address inside stackframe of -bch_btree_iter_init(), exact address depends on how the compiler -allocates stack space. Now the stack is corrupted. - -Fixes: 0eacac22034c ("bcache: PRECEDING_KEY()") -Signed-off-by: Coly Li <colyli@suse.de> -Reviewed-by: Rolf Fokkens <rolf@rolffokkens.nl> -Reviewed-by: Pierre JUHEN <pierre.juhen@orange.fr> -Tested-by: Shenghui Wang <shhuiw@foxmail.com> -Tested-by: Pierre JUHEN <pierre.juhen@orange.fr> -Cc: Kent Overstreet <kent.overstreet@gmail.com> -Cc: Nix <nix@esperi.org.uk> -Cc: stable@vger.kernel.org -Signed-off-by: Jens Axboe <axboe@kernel.dk> ---- - drivers/md/bcache/bset.c | 16 +++++++++++++--- - drivers/md/bcache/bset.h | 34 ++++++++++++++++++++-------------- - 2 files changed, 33 insertions(+), 17 deletions(-) - -diff --git a/drivers/md/bcache/bset.c b/drivers/md/bcache/bset.c -index 8f07fa6e1739..268f1b685084 100644 ---- a/drivers/md/bcache/bset.c -+++ b/drivers/md/bcache/bset.c -@@ -887,12 +887,22 @@ unsigned int bch_btree_insert_key(struct btree_keys *b, struct bkey *k, - struct bset *i = bset_tree_last(b)->data; - struct bkey *m, *prev = NULL; - struct btree_iter iter; -+ struct bkey preceding_key_on_stack = ZERO_KEY; -+ struct bkey *preceding_key_p = &preceding_key_on_stack; - - BUG_ON(b->ops->is_extents && !KEY_SIZE(k)); - -- m = bch_btree_iter_init(b, &iter, b->ops->is_extents -- ? PRECEDING_KEY(&START_KEY(k)) -- : PRECEDING_KEY(k)); -+ /* -+ * If k has preceding key, preceding_key_p will be set to address -+ * of k's preceding key; otherwise preceding_key_p will be set -+ * to NULL inside preceding_key(). -+ */ -+ if (b->ops->is_extents) -+ preceding_key(&START_KEY(k), &preceding_key_p); -+ else -+ preceding_key(k, &preceding_key_p); -+ -+ m = bch_btree_iter_init(b, &iter, preceding_key_p); - - if (b->ops->insert_fixup(b, k, &iter, replace_key)) - return status; -diff --git a/drivers/md/bcache/bset.h b/drivers/md/bcache/bset.h -index bac76aabca6d..c71365e7c1fa 100644 ---- a/drivers/md/bcache/bset.h -+++ b/drivers/md/bcache/bset.h -@@ -434,20 +434,26 @@ static inline bool bch_cut_back(const struct bkey *where, struct bkey *k) - return __bch_cut_back(where, k); - } - --#define PRECEDING_KEY(_k) \ --({ \ -- struct bkey *_ret = NULL; \ -- \ -- if (KEY_INODE(_k) || KEY_OFFSET(_k)) { \ -- _ret = &KEY(KEY_INODE(_k), KEY_OFFSET(_k), 0); \ -- \ -- if (!_ret->low) \ -- _ret->high--; \ -- _ret->low--; \ -- } \ -- \ -- _ret; \ --}) -+/* -+ * Pointer '*preceding_key_p' points to a memory object to store preceding -+ * key of k. If the preceding key does not exist, set '*preceding_key_p' to -+ * NULL. So the caller of preceding_key() needs to take care of memory -+ * which '*preceding_key_p' pointed to before calling preceding_key(). -+ * Currently the only caller of preceding_key() is bch_btree_insert_key(), -+ * and it points to an on-stack variable, so the memory release is handled -+ * by stackframe itself. -+ */ -+static inline void preceding_key(struct bkey *k, struct bkey **preceding_key_p) -+{ -+ if (KEY_INODE(k) || KEY_OFFSET(k)) { -+ (**preceding_key_p) = KEY(KEY_INODE(k), KEY_OFFSET(k), 0); -+ if (!(*preceding_key_p)->low) -+ (*preceding_key_p)->high--; -+ (*preceding_key_p)->low--; -+ } else { -+ (*preceding_key_p) = NULL; -+ } -+} - - static inline bool bch_ptr_invalid(struct btree_keys *b, const struct bkey *k) - { --- -2.22.0 - @@ -61,7 +61,7 @@ _localmodcfg= ### IMPORTANT: Do no edit below this line unless you know what you're doing pkgbase=linux-ck -_srcver=5.1.11-arch1 +_srcver=5.1.12-arch1 pkgver=${_srcver%-*} pkgrel=1 _ckpatchversion=1 @@ -82,13 +82,12 @@ source=( "http://ck.kolivas.org/patches/5.0/5.1/5.1-ck${_ckpatchversion}/$_ckpatch.xz" 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch 0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch - 0003-bcache-fix-stack-corruption-by-PRECEDING_KEY.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) -sha256sums=('11fd93207290272389ad284b8b042041d088fbee0ed5798e933bf8e91697d219' +sha256sums=('7159819d298a84acefeaedfd155be20477b92fda194a5f51547a2f1abffd79ab' 'SKIP' 'e11dfcd89ff21c31c7f01d567c0629d079f9d86f21a10694a08a4cf8f16a5f60' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' |