diff options
author | Nicolás Reynolds <fauno@endefensadelsl.org> | 2014-03-25 03:59:45 +0000 |
---|---|---|
committer | Nicolás Reynolds <fauno@endefensadelsl.org> | 2014-03-25 03:59:45 +0000 |
commit | ec963aec4666ff7087ae150cb84398533a78f296 (patch) | |
tree | 4da354e279473e5bd24dccdc93e816b2ebbe076f /kernels/linux-libre-grsec | |
parent | f28fb29dd903558bdb2765f573eaf149897e7d1c (diff) |
Tue Mar 25 03:55:20 UTC 2014
Diffstat (limited to 'kernels/linux-libre-grsec')
8 files changed, 0 insertions, 797 deletions
diff --git a/kernels/linux-libre-grsec/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch b/kernels/linux-libre-grsec/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch deleted file mode 100644 index 2d398315e..000000000 --- a/kernels/linux-libre-grsec/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch +++ /dev/null @@ -1,241 +0,0 @@ -From 4b9a445e3eeb8bd9278b1ae51c1b3a651e370cd6 Mon Sep 17 00:00:00 2001 -From: Jeff Layton <jlayton@redhat.com> -Date: Thu, 14 Nov 2013 07:25:17 -0500 -Subject: [PATCH 1/6] sunrpc: create a new dummy pipe for gssd to hold open - -rpc.gssd will naturally hold open any pipe named */clnt*/gssd that shows -up under rpc_pipefs. That behavior gives us a reliable mechanism to tell -whether it's actually running or not. - -Create a new toplevel "gssd" directory in rpc_pipefs when it's mounted. -Under that directory create another directory called "clntXX", and then -within that a pipe called "gssd". - -We'll never send an upcall along that pipe, and any downcall written to -it will just return -EINVAL. - -Signed-off-by: Jeff Layton <jlayton@redhat.com> -Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> ---- - include/linux/sunrpc/rpc_pipe_fs.h | 3 +- - net/sunrpc/netns.h | 1 + - net/sunrpc/rpc_pipe.c | 93 ++++++++++++++++++++++++++++++++++++-- - net/sunrpc/sunrpc_syms.c | 8 +++- - 4 files changed, 100 insertions(+), 5 deletions(-) - -diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h -index a353e03..85f1342 100644 ---- a/include/linux/sunrpc/rpc_pipe_fs.h -+++ b/include/linux/sunrpc/rpc_pipe_fs.h -@@ -84,7 +84,8 @@ enum { - - extern struct dentry *rpc_d_lookup_sb(const struct super_block *sb, - const unsigned char *dir_name); --extern void rpc_pipefs_init_net(struct net *net); -+extern int rpc_pipefs_init_net(struct net *net); -+extern void rpc_pipefs_exit_net(struct net *net); - extern struct super_block *rpc_get_sb_net(const struct net *net); - extern void rpc_put_sb_net(const struct net *net); - -diff --git a/net/sunrpc/netns.h b/net/sunrpc/netns.h -index 779742c..8a8e841 100644 ---- a/net/sunrpc/netns.h -+++ b/net/sunrpc/netns.h -@@ -14,6 +14,7 @@ struct sunrpc_net { - struct cache_detail *rsi_cache; - - struct super_block *pipefs_sb; -+ struct rpc_pipe *gssd_dummy; - struct mutex pipefs_sb_lock; - - struct list_head all_clients; -diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c -index bf04b30..c23458b 100644 ---- a/net/sunrpc/rpc_pipe.c -+++ b/net/sunrpc/rpc_pipe.c -@@ -38,7 +38,7 @@ - #define NET_NAME(net) ((net == &init_net) ? " (init_net)" : "") - - static struct file_system_type rpc_pipe_fs_type; -- -+static const struct rpc_pipe_ops gssd_dummy_pipe_ops; - - static struct kmem_cache *rpc_inode_cachep __read_mostly; - -@@ -1159,6 +1159,7 @@ enum { - RPCAUTH_nfsd4_cb, - RPCAUTH_cache, - RPCAUTH_nfsd, -+ RPCAUTH_gssd, - RPCAUTH_RootEOF - }; - -@@ -1195,6 +1196,10 @@ static const struct rpc_filelist files[] = { - .name = "nfsd", - .mode = S_IFDIR | S_IRUGO | S_IXUGO, - }, -+ [RPCAUTH_gssd] = { -+ .name = "gssd", -+ .mode = S_IFDIR | S_IRUGO | S_IXUGO, -+ }, - }; - - /* -@@ -1208,13 +1213,25 @@ struct dentry *rpc_d_lookup_sb(const struct super_block *sb, - } - EXPORT_SYMBOL_GPL(rpc_d_lookup_sb); - --void rpc_pipefs_init_net(struct net *net) -+int rpc_pipefs_init_net(struct net *net) - { - struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); - -+ sn->gssd_dummy = rpc_mkpipe_data(&gssd_dummy_pipe_ops, 0); -+ if (IS_ERR(sn->gssd_dummy)) -+ return PTR_ERR(sn->gssd_dummy); -+ - mutex_init(&sn->pipefs_sb_lock); - sn->gssd_running = 1; - sn->pipe_version = -1; -+ return 0; -+} -+ -+void rpc_pipefs_exit_net(struct net *net) -+{ -+ struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); -+ -+ rpc_destroy_pipe_data(sn->gssd_dummy); - } - - /* -@@ -1244,11 +1261,73 @@ void rpc_put_sb_net(const struct net *net) - } - EXPORT_SYMBOL_GPL(rpc_put_sb_net); - -+static const struct rpc_filelist gssd_dummy_clnt_dir[] = { -+ [0] = { -+ .name = "clntXX", -+ .mode = S_IFDIR | S_IRUGO | S_IXUGO, -+ }, -+}; -+ -+static ssize_t -+dummy_downcall(struct file *filp, const char __user *src, size_t len) -+{ -+ return -EINVAL; -+} -+ -+static const struct rpc_pipe_ops gssd_dummy_pipe_ops = { -+ .upcall = rpc_pipe_generic_upcall, -+ .downcall = dummy_downcall, -+}; -+ -+/** -+ * rpc_gssd_dummy_populate - create a dummy gssd pipe -+ * @root: root of the rpc_pipefs filesystem -+ * @pipe_data: pipe data created when netns is initialized -+ * -+ * Create a dummy set of directories and a pipe that gssd can hold open to -+ * indicate that it is up and running. -+ */ -+static struct dentry * -+rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data) -+{ -+ int ret = 0; -+ struct dentry *gssd_dentry; -+ struct dentry *clnt_dentry = NULL; -+ struct dentry *pipe_dentry = NULL; -+ struct qstr q = QSTR_INIT(files[RPCAUTH_gssd].name, -+ strlen(files[RPCAUTH_gssd].name)); -+ -+ /* We should never get this far if "gssd" doesn't exist */ -+ gssd_dentry = d_hash_and_lookup(root, &q); -+ if (!gssd_dentry) -+ return ERR_PTR(-ENOENT); -+ -+ ret = rpc_populate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1, NULL); -+ if (ret) { -+ pipe_dentry = ERR_PTR(ret); -+ goto out; -+ } -+ -+ q.name = gssd_dummy_clnt_dir[0].name; -+ q.len = strlen(gssd_dummy_clnt_dir[0].name); -+ clnt_dentry = d_hash_and_lookup(gssd_dentry, &q); -+ if (!clnt_dentry) { -+ pipe_dentry = ERR_PTR(-ENOENT); -+ goto out; -+ } -+ -+ pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data); -+out: -+ dput(clnt_dentry); -+ dput(gssd_dentry); -+ return pipe_dentry; -+} -+ - static int - rpc_fill_super(struct super_block *sb, void *data, int silent) - { - struct inode *inode; -- struct dentry *root; -+ struct dentry *root, *gssd_dentry; - struct net *net = data; - struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); - int err; -@@ -1266,6 +1345,13 @@ rpc_fill_super(struct super_block *sb, void *data, int silent) - return -ENOMEM; - if (rpc_populate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF, NULL)) - return -ENOMEM; -+ -+ gssd_dentry = rpc_gssd_dummy_populate(root, sn->gssd_dummy); -+ if (IS_ERR(gssd_dentry)) { -+ __rpc_depopulate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF); -+ return PTR_ERR(gssd_dentry); -+ } -+ - dprintk("RPC: sending pipefs MOUNT notification for net %p%s\n", - net, NET_NAME(net)); - mutex_lock(&sn->pipefs_sb_lock); -@@ -1280,6 +1366,7 @@ rpc_fill_super(struct super_block *sb, void *data, int silent) - return 0; - - err_depopulate: -+ dput(gssd_dentry); - blocking_notifier_call_chain(&rpc_pipefs_notifier_list, - RPC_PIPEFS_UMOUNT, - sb); -diff --git a/net/sunrpc/sunrpc_syms.c b/net/sunrpc/sunrpc_syms.c -index 3d6498a..cd30120 100644 ---- a/net/sunrpc/sunrpc_syms.c -+++ b/net/sunrpc/sunrpc_syms.c -@@ -44,12 +44,17 @@ static __net_init int sunrpc_init_net(struct net *net) - if (err) - goto err_unixgid; - -- rpc_pipefs_init_net(net); -+ err = rpc_pipefs_init_net(net); -+ if (err) -+ goto err_pipefs; -+ - INIT_LIST_HEAD(&sn->all_clients); - spin_lock_init(&sn->rpc_client_lock); - spin_lock_init(&sn->rpcb_clnt_lock); - return 0; - -+err_pipefs: -+ unix_gid_cache_destroy(net); - err_unixgid: - ip_map_cache_destroy(net); - err_ipmap: -@@ -60,6 +65,7 @@ err_proc: - - static __net_exit void sunrpc_exit_net(struct net *net) - { -+ rpc_pipefs_exit_net(net); - unix_gid_cache_destroy(net); - ip_map_cache_destroy(net); - rpc_proc_exit(net); --- -1.8.5.3 - diff --git a/kernels/linux-libre-grsec/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch b/kernels/linux-libre-grsec/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch deleted file mode 100644 index c4242e0ae..000000000 --- a/kernels/linux-libre-grsec/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 83460ec8dcac14142e7860a01fa59c267ac4657c Mon Sep 17 00:00:00 2001 -From: Andi Kleen <ak@linux.intel.com> -Date: Tue, 12 Nov 2013 15:08:36 -0800 -Subject: [PATCH] syscalls.h: use gcc alias instead of assembler aliases for - syscalls - -Use standard gcc __attribute__((alias(foo))) to define the syscall aliases -instead of custom assembler macros. - -This is far cleaner, and also fixes my LTO kernel build. - -Signed-off-by: Andi Kleen <ak@linux.intel.com> -Cc: Al Viro <viro@ZenIV.linux.org.uk> -Cc: Geert Uytterhoeven <geert@linux-m68k.org> -Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> -Signed-off-by: Andrew Morton <akpm@linux-foundation.org> -Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> ---- - include/linux/compat.h | 4 ++-- - include/linux/syscalls.h | 4 ++-- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/include/linux/compat.h b/include/linux/compat.h -index 345da00..ada34c9 100644 ---- a/include/linux/compat.h -+++ b/include/linux/compat.h -@@ -41,14 +41,14 @@ - COMPAT_SYSCALL_DEFINEx(6, _##name, __VA_ARGS__) - - #define COMPAT_SYSCALL_DEFINEx(x, name, ...) \ -- asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__));\ -+ asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))\ -+ __attribute__((alias(__stringify(compat_SyS##name)))); \ - static inline long C_SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__));\ - asmlinkage long compat_SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__));\ - asmlinkage long compat_SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__))\ - { \ - return C_SYSC##name(__MAP(x,__SC_DELOUSE,__VA_ARGS__)); \ - } \ -- SYSCALL_ALIAS(compat_sys##name, compat_SyS##name); \ - static inline long C_SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)) - - #ifndef compat_user_stack_pointer -diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h -index 7fac04e..c27f846 100644 ---- a/include/linux/syscalls.h -+++ b/include/linux/syscalls.h -@@ -184,7 +184,8 @@ extern struct trace_event_functions exit_syscall_print_funcs; - - #define __PROTECT(...) asmlinkage_protect(__VA_ARGS__) - #define __SYSCALL_DEFINEx(x, name, ...) \ -- asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \ -+ asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) \ -+ __attribute__((alias(__stringify(SyS##name)))); \ - static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \ - asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__)); \ - asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \ -@@ -194,7 +195,6 @@ extern struct trace_event_functions exit_syscall_print_funcs; - __PROTECT(x, ret,__MAP(x,__SC_ARGS,__VA_ARGS__)); \ - return ret; \ - } \ -- SYSCALL_ALIAS(sys##name, SyS##name); \ - static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)) - - asmlinkage long sys_time(time_t __user *tloc); --- -1.8.5.3 - diff --git a/kernels/linux-libre-grsec/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch b/kernels/linux-libre-grsec/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch deleted file mode 100644 index 19e04da5d..000000000 --- a/kernels/linux-libre-grsec/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 89f842435c630f8426f414e6030bc2ffea0d6f81 Mon Sep 17 00:00:00 2001 -From: Jeff Layton <jlayton@redhat.com> -Date: Thu, 14 Nov 2013 07:25:18 -0500 -Subject: [PATCH 2/6] sunrpc: replace sunrpc_net->gssd_running flag with a more - reliable check - -Now that we have a more reliable method to tell if gssd is running, we -can replace the sn->gssd_running flag with a function that will query to -see if it's up and running. - -There's also no need to attempt an upcall that we know will fail, so -just return -EACCES if gssd isn't running. Finally, fix the warn_gss() -message not to claim that that the upcall timed out since we don't -necesarily perform one now when gssd isn't running, and remove the -extraneous newline from the message. - -Signed-off-by: Jeff Layton <jlayton@redhat.com> -Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> ---- - include/linux/sunrpc/rpc_pipe_fs.h | 2 ++ - net/sunrpc/auth_gss/auth_gss.c | 17 +++++++---------- - net/sunrpc/netns.h | 2 -- - net/sunrpc/rpc_pipe.c | 14 ++++++++++---- - 4 files changed, 19 insertions(+), 16 deletions(-) - -diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h -index 85f1342..7f490be 100644 ---- a/include/linux/sunrpc/rpc_pipe_fs.h -+++ b/include/linux/sunrpc/rpc_pipe_fs.h -@@ -131,5 +131,7 @@ extern int rpc_unlink(struct dentry *); - extern int register_rpc_pipefs(void); - extern void unregister_rpc_pipefs(void); - -+extern bool gssd_running(struct net *net); -+ - #endif - #endif -diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c -index 42fdfc6..0a2aee0 100644 ---- a/net/sunrpc/auth_gss/auth_gss.c -+++ b/net/sunrpc/auth_gss/auth_gss.c -@@ -536,8 +536,7 @@ static void warn_gssd(void) - unsigned long now = jiffies; - - if (time_after(now, ratelimit)) { -- printk(KERN_WARNING "RPC: AUTH_GSS upcall timed out.\n" -- "Please check user daemon is running.\n"); -+ pr_warn("RPC: AUTH_GSS upcall failed. Please check user daemon is running.\n"); - ratelimit = now + 15*HZ; - } - } -@@ -600,7 +599,6 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) - struct rpc_pipe *pipe; - struct rpc_cred *cred = &gss_cred->gc_base; - struct gss_upcall_msg *gss_msg; -- unsigned long timeout; - DEFINE_WAIT(wait); - int err; - -@@ -608,17 +606,16 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) - __func__, from_kuid(&init_user_ns, cred->cr_uid)); - retry: - err = 0; -- /* Default timeout is 15s unless we know that gssd is not running */ -- timeout = 15 * HZ; -- if (!sn->gssd_running) -- timeout = HZ >> 2; -+ /* if gssd is down, just skip upcalling altogether */ -+ if (!gssd_running(net)) { -+ warn_gssd(); -+ return -EACCES; -+ } - gss_msg = gss_setup_upcall(gss_auth, cred); - if (PTR_ERR(gss_msg) == -EAGAIN) { - err = wait_event_interruptible_timeout(pipe_version_waitqueue, -- sn->pipe_version >= 0, timeout); -+ sn->pipe_version >= 0, 15 * HZ); - if (sn->pipe_version < 0) { -- if (err == 0) -- sn->gssd_running = 0; - warn_gssd(); - err = -EACCES; - } -diff --git a/net/sunrpc/netns.h b/net/sunrpc/netns.h -index 8a8e841..94e506f 100644 ---- a/net/sunrpc/netns.h -+++ b/net/sunrpc/netns.h -@@ -33,8 +33,6 @@ struct sunrpc_net { - int pipe_version; - atomic_t pipe_users; - struct proc_dir_entry *use_gssp_proc; -- -- unsigned int gssd_running; - }; - - extern int sunrpc_net_id; -diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c -index c23458b..5cd7ad1 100644 ---- a/net/sunrpc/rpc_pipe.c -+++ b/net/sunrpc/rpc_pipe.c -@@ -216,14 +216,11 @@ rpc_destroy_inode(struct inode *inode) - static int - rpc_pipe_open(struct inode *inode, struct file *filp) - { -- struct net *net = inode->i_sb->s_fs_info; -- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); - struct rpc_pipe *pipe; - int first_open; - int res = -ENXIO; - - mutex_lock(&inode->i_mutex); -- sn->gssd_running = 1; - pipe = RPC_I(inode)->pipe; - if (pipe == NULL) - goto out; -@@ -1222,7 +1219,6 @@ int rpc_pipefs_init_net(struct net *net) - return PTR_ERR(sn->gssd_dummy); - - mutex_init(&sn->pipefs_sb_lock); -- sn->gssd_running = 1; - sn->pipe_version = -1; - return 0; - } -@@ -1376,6 +1372,16 @@ err_depopulate: - return err; - } - -+bool -+gssd_running(struct net *net) -+{ -+ struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); -+ struct rpc_pipe *pipe = sn->gssd_dummy; -+ -+ return pipe->nreaders || pipe->nwriters; -+} -+EXPORT_SYMBOL_GPL(gssd_running); -+ - static struct dentry * - rpc_mount(struct file_system_type *fs_type, - int flags, const char *dev_name, void *data) --- -1.8.5.3 - diff --git a/kernels/linux-libre-grsec/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch b/kernels/linux-libre-grsec/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch deleted file mode 100644 index 87b54fc3e..000000000 --- a/kernels/linux-libre-grsec/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 6aa23d76a7b549521a03b63b6d5b7880ea87eab7 Mon Sep 17 00:00:00 2001 -From: Jeff Layton <jlayton@redhat.com> -Date: Thu, 14 Nov 2013 07:25:19 -0500 -Subject: [PATCH 3/6] nfs: check if gssd is running before attempting to use - krb5i auth in SETCLIENTID call - -Currently, the client will attempt to use krb5i in the SETCLIENTID call -even if rpc.gssd isn't running. When that fails, it'll then fall back to -RPC_AUTH_UNIX. This introduced a delay when mounting if rpc.gssd isn't -running, and causes warning messages to pop up in the ring buffer. - -Check to see if rpc.gssd is running before even attempting to use krb5i -auth, and just silently skip trying to do so if it isn't. In the event -that the admin is actually trying to mount with krb5*, it will still -fail at a later stage of the mount attempt. - -Signed-off-by: Jeff Layton <jlayton@redhat.com> -Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> ---- - fs/nfs/nfs4client.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c -index b4a160a..c1b7a80 100644 ---- a/fs/nfs/nfs4client.c -+++ b/fs/nfs/nfs4client.c -@@ -10,6 +10,7 @@ - #include <linux/sunrpc/auth.h> - #include <linux/sunrpc/xprt.h> - #include <linux/sunrpc/bc_xprt.h> -+#include <linux/sunrpc/rpc_pipe_fs.h> - #include "internal.h" - #include "callback.h" - #include "delegation.h" -@@ -370,7 +371,11 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp, - __set_bit(NFS_CS_INFINITE_SLOTS, &clp->cl_flags); - __set_bit(NFS_CS_DISCRTRY, &clp->cl_flags); - __set_bit(NFS_CS_NO_RETRANS_TIMEOUT, &clp->cl_flags); -- error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_GSS_KRB5I); -+ -+ error = -EINVAL; -+ if (gssd_running(clp->cl_net)) -+ error = nfs_create_rpc_client(clp, timeparms, -+ RPC_AUTH_GSS_KRB5I); - if (error == -EINVAL) - error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_UNIX); - if (error < 0) --- -1.8.5.3 - diff --git a/kernels/linux-libre-grsec/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch b/kernels/linux-libre-grsec/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch deleted file mode 100644 index 5f2c3dae8..000000000 --- a/kernels/linux-libre-grsec/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 3396f92f8be606ea485b0a82d4e7749a448b013b Mon Sep 17 00:00:00 2001 -From: Jeff Layton <jlayton@redhat.com> -Date: Thu, 5 Dec 2013 07:33:49 -0500 -Subject: [PATCH 4/6] rpc_pipe: remove the clntXX dir if creating the pipe - fails - -In the event that we create the gssd/clntXX dir, but the pipe creation -subsequently fails, then we should remove the clntXX dir before -returning. - -Signed-off-by: Jeff Layton <jlayton@redhat.com> -Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> ---- - net/sunrpc/rpc_pipe.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c -index 5cd7ad1..0b74c61 100644 ---- a/net/sunrpc/rpc_pipe.c -+++ b/net/sunrpc/rpc_pipe.c -@@ -1313,6 +1313,8 @@ rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data) - } - - pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data); -+ if (IS_ERR(pipe_dentry)) -+ __rpc_depopulate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1); - out: - dput(clnt_dentry); - dput(gssd_dentry); --- -1.8.5.3 - diff --git a/kernels/linux-libre-grsec/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch b/kernels/linux-libre-grsec/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch deleted file mode 100644 index 8ef6fe25c..000000000 --- a/kernels/linux-libre-grsec/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch +++ /dev/null @@ -1,100 +0,0 @@ -From e2f0c83a9de331d9352185ca3642616c13127539 Mon Sep 17 00:00:00 2001 -From: Jeff Layton <jlayton@redhat.com> -Date: Thu, 5 Dec 2013 07:34:44 -0500 -Subject: [PATCH 5/6] sunrpc: add an "info" file for the dummy gssd pipe - -rpc.gssd expects to see an "info" file in each clntXX dir. Since adding -the dummy gssd pipe, users that run rpc.gssd see a lot of these messages -spamming the logs: - - rpc.gssd[508]: ERROR: can't open /var/lib/nfs/rpc_pipefs/gssd/clntXX/info: No such file or directory - rpc.gssd[508]: ERROR: failed to read service info - -Add a dummy gssd/clntXX/info file to help silence these messages. - -Signed-off-by: Jeff Layton <jlayton@redhat.com> -Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> ---- - net/sunrpc/rpc_pipe.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 49 insertions(+), 1 deletion(-) - -diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c -index 0b74c61..5d973b2 100644 ---- a/net/sunrpc/rpc_pipe.c -+++ b/net/sunrpc/rpc_pipe.c -@@ -17,6 +17,7 @@ - #include <linux/fsnotify.h> - #include <linux/kernel.h> - #include <linux/rcupdate.h> -+#include <linux/utsname.h> - - #include <asm/ioctls.h> - #include <linux/poll.h> -@@ -1275,6 +1276,44 @@ static const struct rpc_pipe_ops gssd_dummy_pipe_ops = { - .downcall = dummy_downcall, - }; - -+/* -+ * Here we present a bogus "info" file to keep rpc.gssd happy. We don't expect -+ * that it will ever use this info to handle an upcall, but rpc.gssd expects -+ * that this file will be there and have a certain format. -+ */ -+static int -+rpc_show_dummy_info(struct seq_file *m, void *v) -+{ -+ seq_printf(m, "RPC server: %s\n", utsname()->nodename); -+ seq_printf(m, "service: foo (1) version 0\n"); -+ seq_printf(m, "address: 127.0.0.1\n"); -+ seq_printf(m, "protocol: tcp\n"); -+ seq_printf(m, "port: 0\n"); -+ return 0; -+} -+ -+static int -+rpc_dummy_info_open(struct inode *inode, struct file *file) -+{ -+ return single_open(file, rpc_show_dummy_info, NULL); -+} -+ -+static const struct file_operations rpc_dummy_info_operations = { -+ .owner = THIS_MODULE, -+ .open = rpc_dummy_info_open, -+ .read = seq_read, -+ .llseek = seq_lseek, -+ .release = single_release, -+}; -+ -+static const struct rpc_filelist gssd_dummy_info_file[] = { -+ [0] = { -+ .name = "info", -+ .i_fop = &rpc_dummy_info_operations, -+ .mode = S_IFREG | S_IRUSR, -+ }, -+}; -+ - /** - * rpc_gssd_dummy_populate - create a dummy gssd pipe - * @root: root of the rpc_pipefs filesystem -@@ -1312,9 +1351,18 @@ rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data) - goto out; - } - -+ ret = rpc_populate(clnt_dentry, gssd_dummy_info_file, 0, 1, NULL); -+ if (ret) { -+ __rpc_depopulate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1); -+ pipe_dentry = ERR_PTR(ret); -+ goto out; -+ } -+ - pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data); -- if (IS_ERR(pipe_dentry)) -+ if (IS_ERR(pipe_dentry)) { -+ __rpc_depopulate(clnt_dentry, gssd_dummy_info_file, 0, 1); - __rpc_depopulate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1); -+ } - out: - dput(clnt_dentry); - dput(gssd_dentry); --- -1.8.5.3 - diff --git a/kernels/linux-libre-grsec/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch b/kernels/linux-libre-grsec/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch deleted file mode 100644 index 75505c30d..000000000 --- a/kernels/linux-libre-grsec/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 23e66ba97127ff3b064d4c6c5138aa34eafc492f Mon Sep 17 00:00:00 2001 -From: Jeff Layton <jlayton@redhat.com> -Date: Mon, 9 Dec 2013 09:38:00 -0500 -Subject: [PATCH 6/6] rpc_pipe: fix cleanup of dummy gssd directory when - notification fails - -Currently, it could leak dentry references in some cases. Make sure -we clean up properly. - -Signed-off-by: Jeff Layton <jlayton@redhat.com> -Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> ---- - net/sunrpc/rpc_pipe.c | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c -index 5d973b2..b185548 100644 ---- a/net/sunrpc/rpc_pipe.c -+++ b/net/sunrpc/rpc_pipe.c -@@ -1369,6 +1369,18 @@ out: - return pipe_dentry; - } - -+static void -+rpc_gssd_dummy_depopulate(struct dentry *pipe_dentry) -+{ -+ struct dentry *clnt_dir = pipe_dentry->d_parent; -+ struct dentry *gssd_dir = clnt_dir->d_parent; -+ -+ __rpc_rmpipe(clnt_dir->d_inode, pipe_dentry); -+ __rpc_depopulate(clnt_dir, gssd_dummy_info_file, 0, 1); -+ __rpc_depopulate(gssd_dir, gssd_dummy_clnt_dir, 0, 1); -+ dput(pipe_dentry); -+} -+ - static int - rpc_fill_super(struct super_block *sb, void *data, int silent) - { -@@ -1412,7 +1424,7 @@ rpc_fill_super(struct super_block *sb, void *data, int silent) - return 0; - - err_depopulate: -- dput(gssd_dentry); -+ rpc_gssd_dummy_depopulate(gssd_dentry); - blocking_notifier_call_chain(&rpc_pipefs_notifier_list, - RPC_PIPEFS_UMOUNT, - sb); --- -1.8.5.3 - diff --git a/kernels/linux-libre-grsec/i8042-fix-aliases.patch b/kernels/linux-libre-grsec/i8042-fix-aliases.patch deleted file mode 100644 index 961968c78..000000000 --- a/kernels/linux-libre-grsec/i8042-fix-aliases.patch +++ /dev/null @@ -1,113 +0,0 @@ -commit 5a420e61e39862c7c3356080eddb23dfe4ccadb7
-Author: Tom Gundersen <teg@jklm.no>
-Date: Sun Jan 26 17:00:32 2014 +0100
-
- Input: i8042 - fix PNP modaliases when both aux and kdb are enabled
-
- Commit 78551277e4 exposed the PNP modaliases for the i8042 module. However,
- when both the aux and the kbd drivers are enabled the aux entries would
- override the kdb ones.
-
- Refactor the device_id lists, and unconditionally attempt to load the driver
- if either a kdb or aux devices is present.
-
- Signed-off-by: Tom Gundersen <teg@jklm.no>
-
-diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h
-index 0ec9abb..dbc6958 100644
---- a/drivers/input/serio/i8042-x86ia64io.h
-+++ b/drivers/input/serio/i8042-x86ia64io.h
-@@ -747,25 +747,27 @@ static int i8042_pnp_aux_probe(struct pnp_dev *dev, const struct pnp_device_id *
- return 0;
- }
-
--static struct pnp_device_id pnp_kbd_devids[] = {
-- { .id = "PNP0300", .driver_data = 0 },
-- { .id = "PNP0301", .driver_data = 0 },
-- { .id = "PNP0302", .driver_data = 0 },
-- { .id = "PNP0303", .driver_data = 0 },
-- { .id = "PNP0304", .driver_data = 0 },
-- { .id = "PNP0305", .driver_data = 0 },
-- { .id = "PNP0306", .driver_data = 0 },
-- { .id = "PNP0309", .driver_data = 0 },
-- { .id = "PNP030a", .driver_data = 0 },
-- { .id = "PNP030b", .driver_data = 0 },
-- { .id = "PNP0320", .driver_data = 0 },
-- { .id = "PNP0343", .driver_data = 0 },
-- { .id = "PNP0344", .driver_data = 0 },
-- { .id = "PNP0345", .driver_data = 0 },
-+#define KBD_DEVIDS \
-+ { .id = "PNP0300", .driver_data = 0 }, \
-+ { .id = "PNP0301", .driver_data = 0 }, \
-+ { .id = "PNP0302", .driver_data = 0 }, \
-+ { .id = "PNP0303", .driver_data = 0 }, \
-+ { .id = "PNP0304", .driver_data = 0 }, \
-+ { .id = "PNP0305", .driver_data = 0 }, \
-+ { .id = "PNP0306", .driver_data = 0 }, \
-+ { .id = "PNP0309", .driver_data = 0 }, \
-+ { .id = "PNP030a", .driver_data = 0 }, \
-+ { .id = "PNP030b", .driver_data = 0 }, \
-+ { .id = "PNP0320", .driver_data = 0 }, \
-+ { .id = "PNP0343", .driver_data = 0 }, \
-+ { .id = "PNP0344", .driver_data = 0 }, \
-+ { .id = "PNP0345", .driver_data = 0 }, \
- { .id = "CPQA0D7", .driver_data = 0 },
-+
-+static struct pnp_device_id pnp_kbd_devids[] = {
-+ KBD_DEVIDS
- { .id = "", },
- };
--MODULE_DEVICE_TABLE(pnp, pnp_kbd_devids);
-
- static struct pnp_driver i8042_pnp_kbd_driver = {
- .name = "i8042 kbd",
-@@ -773,21 +775,23 @@ static struct pnp_driver i8042_pnp_kbd_driver = {
- .probe = i8042_pnp_kbd_probe,
- };
-
--static struct pnp_device_id pnp_aux_devids[] = {
-- { .id = "AUI0200", .driver_data = 0 },
-- { .id = "FJC6000", .driver_data = 0 },
-- { .id = "FJC6001", .driver_data = 0 },
-- { .id = "PNP0f03", .driver_data = 0 },
-- { .id = "PNP0f0b", .driver_data = 0 },
-- { .id = "PNP0f0e", .driver_data = 0 },
-- { .id = "PNP0f12", .driver_data = 0 },
-- { .id = "PNP0f13", .driver_data = 0 },
-- { .id = "PNP0f19", .driver_data = 0 },
-- { .id = "PNP0f1c", .driver_data = 0 },
-+#define AUX_DEVIDS \
-+ { .id = "AUI0200", .driver_data = 0 }, \
-+ { .id = "FJC6000", .driver_data = 0 }, \
-+ { .id = "FJC6001", .driver_data = 0 }, \
-+ { .id = "PNP0f03", .driver_data = 0 }, \
-+ { .id = "PNP0f0b", .driver_data = 0 }, \
-+ { .id = "PNP0f0e", .driver_data = 0 }, \
-+ { .id = "PNP0f12", .driver_data = 0 }, \
-+ { .id = "PNP0f13", .driver_data = 0 }, \
-+ { .id = "PNP0f19", .driver_data = 0 }, \
-+ { .id = "PNP0f1c", .driver_data = 0 }, \
- { .id = "SYN0801", .driver_data = 0 },
-+
-+static struct pnp_device_id pnp_aux_devids[] = {
-+ AUX_DEVIDS
- { .id = "", },
- };
--MODULE_DEVICE_TABLE(pnp, pnp_aux_devids);
-
- static struct pnp_driver i8042_pnp_aux_driver = {
- .name = "i8042 aux",
-@@ -795,6 +799,13 @@ static struct pnp_driver i8042_pnp_aux_driver = {
- .probe = i8042_pnp_aux_probe,
- };
-
-+static struct pnp_device_id pnp_kdb_aux_devids[] = {
-+ KBD_DEVIDS
-+ AUX_DEVIDS
-+ { .id = "", },
-+};
-+MODULE_DEVICE_TABLE(pnp, pnp_kdb_aux_devids);
-+
- static void i8042_pnp_exit(void)
- {
- if (i8042_pnp_kbd_registered) {
|