[kernel] Revert upstream selinux change causing sync hang (rhbz 1033965)
Josh Boyer
jwboyer at fedoraproject.org
Tue Dec 10 23:28:40 UTC 2013
commit fd75f39f64fbcf928c5b2e454c1ecc80a6538a00
Author: Josh Boyer <jwboyer at redhat.com>
Date: Tue Dec 10 18:27:14 2013 -0500
Revert upstream selinux change causing sync hang (rhbz 1033965)
- Add patch to fix radeon from crashing
...nux-consider-filesystem-subtype-in-polici.patch | 184 ++++++++++++++++++++
0001-drm-radeon-dpm-Fix-hwmon-crash.patch | 44 +++++
kernel.spec | 16 ++-
3 files changed, 243 insertions(+), 1 deletions(-)
---
diff --git a/0001-Revert-selinux-consider-filesystem-subtype-in-polici.patch b/0001-Revert-selinux-consider-filesystem-subtype-in-polici.patch
new file mode 100644
index 0000000..155bddc
--- /dev/null
+++ b/0001-Revert-selinux-consider-filesystem-subtype-in-polici.patch
@@ -0,0 +1,184 @@
+Bugzilla: 1033965
+Upstream-status: 3.13 possible, or alternate fix
+
+From df777e7aa8e3dd330bde63238595266ce1ee2d42 Mon Sep 17 00:00:00 2001
+From: Josh Boyer <jwboyer at fedoraproject.org>
+Date: Tue, 10 Dec 2013 15:06:49 -0500
+Subject: [PATCH] Revert "selinux: consider filesystem subtype in policies"
+
+This reverts commit 102aefdda4d8275ce7d7100bc16c88c74272b260.
+---
+ security/selinux/hooks.c | 40 ++++++++++++++++++----------------------
+ security/selinux/ss/services.c | 42 ++++--------------------------------------
+ 2 files changed, 22 insertions(+), 60 deletions(-)
+
+diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
+index 794c3ca..98b1caa 100644
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -95,10 +95,6 @@
+ #include "audit.h"
+ #include "avc_ss.h"
+
+-#define SB_TYPE_FMT "%s%s%s"
+-#define SB_SUBTYPE(sb) (sb->s_subtype && sb->s_subtype[0])
+-#define SB_TYPE_ARGS(sb) sb->s_type->name, SB_SUBTYPE(sb) ? "." : "", SB_SUBTYPE(sb) ? sb->s_subtype : ""
+-
+ extern struct security_operations *security_ops;
+
+ /* SECMARK reference count */
+@@ -413,8 +409,8 @@ static int sb_finish_set_opts(struct super_block *sb)
+ the first boot of the SELinux kernel before we have
+ assigned xattr values to the filesystem. */
+ if (!root_inode->i_op->getxattr) {
+- printk(KERN_WARNING "SELinux: (dev %s, type "SB_TYPE_FMT") has no "
+- "xattr support\n", sb->s_id, SB_TYPE_ARGS(sb));
++ printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
++ "xattr support\n", sb->s_id, sb->s_type->name);
+ rc = -EOPNOTSUPP;
+ goto out;
+ }
+@@ -422,22 +418,22 @@ static int sb_finish_set_opts(struct super_block *sb)
+ if (rc < 0 && rc != -ENODATA) {
+ if (rc == -EOPNOTSUPP)
+ printk(KERN_WARNING "SELinux: (dev %s, type "
+- SB_TYPE_FMT") has no security xattr handler\n",
+- sb->s_id, SB_TYPE_ARGS(sb));
++ "%s) has no security xattr handler\n",
++ sb->s_id, sb->s_type->name);
+ else
+ printk(KERN_WARNING "SELinux: (dev %s, type "
+- SB_TYPE_FMT") getxattr errno %d\n", sb->s_id,
+- SB_TYPE_ARGS(sb), -rc);
++ "%s) getxattr errno %d\n", sb->s_id,
++ sb->s_type->name, -rc);
+ goto out;
+ }
+ }
+
+ if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
+- printk(KERN_ERR "SELinux: initialized (dev %s, type "SB_TYPE_FMT"), unknown behavior\n",
+- sb->s_id, SB_TYPE_ARGS(sb));
++ printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
++ sb->s_id, sb->s_type->name);
+ else
+- printk(KERN_DEBUG "SELinux: initialized (dev %s, type "SB_TYPE_FMT"), %s\n",
+- sb->s_id, SB_TYPE_ARGS(sb),
++ printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
++ sb->s_id, sb->s_type->name,
+ labeling_behaviors[sbsec->behavior-1]);
+
+ sbsec->flags |= SE_SBINITIALIZED;
+@@ -600,6 +596,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
+ const struct cred *cred = current_cred();
+ int rc = 0, i;
+ struct superblock_security_struct *sbsec = sb->s_security;
++ const char *name = sb->s_type->name;
+ struct inode *inode = sbsec->sb->s_root->d_inode;
+ struct inode_security_struct *root_isec = inode->i_security;
+ u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
+@@ -658,8 +655,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
+ strlen(mount_options[i]), &sid);
+ if (rc) {
+ printk(KERN_WARNING "SELinux: security_context_to_sid"
+- "(%s) failed for (dev %s, type "SB_TYPE_FMT") errno=%d\n",
+- mount_options[i], sb->s_id, SB_TYPE_ARGS(sb), rc);
++ "(%s) failed for (dev %s, type %s) errno=%d\n",
++ mount_options[i], sb->s_id, name, rc);
+ goto out;
+ }
+ switch (flags[i]) {
+@@ -806,8 +803,7 @@ out:
+ out_double_mount:
+ rc = -EINVAL;
+ printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
+- "security settings for (dev %s, type "SB_TYPE_FMT")\n", sb->s_id,
+- SB_TYPE_ARGS(sb));
++ "security settings for (dev %s, type %s)\n", sb->s_id, name);
+ goto out;
+ }
+
+@@ -2480,8 +2476,8 @@ static int selinux_sb_remount(struct super_block *sb, void *data)
+ rc = security_context_to_sid(mount_options[i], len, &sid);
+ if (rc) {
+ printk(KERN_WARNING "SELinux: security_context_to_sid"
+- "(%s) failed for (dev %s, type "SB_TYPE_FMT") errno=%d\n",
+- mount_options[i], sb->s_id, SB_TYPE_ARGS(sb), rc);
++ "(%s) failed for (dev %s, type %s) errno=%d\n",
++ mount_options[i], sb->s_id, sb->s_type->name, rc);
+ goto out_free_opts;
+ }
+ rc = -EINVAL;
+@@ -2519,8 +2515,8 @@ out_free_secdata:
+ return rc;
+ out_bad_option:
+ printk(KERN_WARNING "SELinux: unable to change security options "
+- "during remount (dev %s, type "SB_TYPE_FMT")\n", sb->s_id,
+- SB_TYPE_ARGS(sb));
++ "during remount (dev %s, type=%s)\n", sb->s_id,
++ sb->s_type->name);
+ goto out_free_opts;
+ }
+
+diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
+index ee470a0..d106733 100644
+--- a/security/selinux/ss/services.c
++++ b/security/selinux/ss/services.c
+@@ -2334,50 +2334,16 @@ int security_fs_use(struct super_block *sb)
+ struct ocontext *c;
+ struct superblock_security_struct *sbsec = sb->s_security;
+ const char *fstype = sb->s_type->name;
+- const char *subtype = (sb->s_subtype && sb->s_subtype[0]) ? sb->s_subtype : NULL;
+- struct ocontext *base = NULL;
+
+ read_lock(&policy_rwlock);
+
+- for (c = policydb.ocontexts[OCON_FSUSE]; c; c = c->next) {
+- char *sub;
+- int baselen;
+-
+- baselen = strlen(fstype);
+-
+- /* if base does not match, this is not the one */
+- if (strncmp(fstype, c->u.name, baselen))
+- continue;
+-
+- /* if there is no subtype, this is the one! */
+- if (!subtype)
+- break;
+-
+- /* skip past the base in this entry */
+- sub = c->u.name + baselen;
+-
+- /* entry is only a base. save it. keep looking for subtype */
+- if (sub[0] == '\0') {
+- base = c;
+- continue;
+- }
+-
+- /* entry is not followed by a subtype, so it is not a match */
+- if (sub[0] != '.')
+- continue;
+-
+- /* whew, we found a subtype of this fstype */
+- sub++; /* move past '.' */
+-
+- /* exact match of fstype AND subtype */
+- if (!strcmp(subtype, sub))
++ c = policydb.ocontexts[OCON_FSUSE];
++ while (c) {
++ if (strcmp(fstype, c->u.name) == 0)
+ break;
++ c = c->next;
+ }
+
+- /* in case we had found an fstype match but no subtype match */
+- if (!c)
+- c = base;
+-
+ if (c) {
+ sbsec->behavior = c->v.behavior;
+ if (!c->sid[0]) {
+--
+1.8.3.1
+
diff --git a/0001-drm-radeon-dpm-Fix-hwmon-crash.patch b/0001-drm-radeon-dpm-Fix-hwmon-crash.patch
new file mode 100644
index 0000000..3efe9b2
--- /dev/null
+++ b/0001-drm-radeon-dpm-Fix-hwmon-crash.patch
@@ -0,0 +1,44 @@
+Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=72457
+Upstream-status: should hit 3.13
+
+From 2cbe7f259737e994d5a63c06a104027214e27978 Mon Sep 17 00:00:00 2001
+From: Martin Andersson <g02maran at gmail.com>
+Date: Sat, 7 Dec 2013 23:22:10 +0100
+Subject: [PATCH] drm/radeon/dpm: Fix hwmon crash
+
+Commit ec39f64bba3421c2060fcbd1aeb6eec81fe0a42d (drm/radeon/dpm: Convert
+to use devm_hwmon_register_with_groups) converted one usage of
+dev_get_drvdata, but there were two more.
+
+Signed-off-by: Martin Andersson <g02maran at gmail.com>
+---
+ drivers/gpu/drm/radeon/radeon_pm.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/gpu/drm/radeon/radeon_pm.c b/drivers/gpu/drm/radeon/radeon_pm.c
+index dc75bb6..984097b 100644
+--- a/drivers/gpu/drm/radeon/radeon_pm.c
++++ b/drivers/gpu/drm/radeon/radeon_pm.c
+@@ -552,8 +552,7 @@ static ssize_t radeon_hwmon_show_temp_thresh(struct device *dev,
+ struct device_attribute *attr,
+ char *buf)
+ {
+- struct drm_device *ddev = dev_get_drvdata(dev);
+- struct radeon_device *rdev = ddev->dev_private;
++ struct radeon_device *rdev = dev_get_drvdata(dev);
+ int hyst = to_sensor_dev_attr(attr)->index;
+ int temp;
+
+@@ -580,8 +579,7 @@ static umode_t hwmon_attributes_visible(struct kobject *kobj,
+ struct attribute *attr, int index)
+ {
+ struct device *dev = container_of(kobj, struct device, kobj);
+- struct drm_device *ddev = dev_get_drvdata(dev);
+- struct radeon_device *rdev = ddev->dev_private;
++ struct radeon_device *rdev = dev_get_drvdata(dev);
+
+ /* Skip limit attributes if DPM is not enabled */
+ if (rdev->pm.pm_method != PM_METHOD_DPM &&
+--
+1.8.4.2
+
diff --git a/kernel.spec b/kernel.spec
index 5181e8f..9ffaa71 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -62,7 +62,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
#
-%global baserelease 1
+%global baserelease 2
%global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching
@@ -706,6 +706,11 @@ Patch25129: cpupower-Fix-segfault-due-to-incorrect-getopt_long-a.patch
#CVE-2013-6382 rhbz 1033603 1034670
Patch25157: xfs-underflow-bug-in-xfs_attrlist_by_handle.patch
+#rhbz 1033965
+Patch25169: 0001-Revert-selinux-consider-filesystem-subtype-in-polici.patch
+
+Patch25170: 0001-drm-radeon-dpm-Fix-hwmon-crash.patch
+
# END OF PATCH DEFINITIONS
%endif
@@ -1378,6 +1383,11 @@ ApplyPatch cpupower-Fix-segfault-due-to-incorrect-getopt_long-a.patch
#CVE-2013-6382 rhbz 1033603 1034670
ApplyPatch xfs-underflow-bug-in-xfs_attrlist_by_handle.patch
+#rhbz 1033965
+ApplyPatch 0001-Revert-selinux-consider-filesystem-subtype-in-polici.patch
+
+ApplyPatch 0001-drm-radeon-dpm-Fix-hwmon-crash.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2190,6 +2200,10 @@ fi
# ||----w |
# || ||
%changelog
+* Tue Dec 10 2013 Josh Boyer <jwboyer at fedoraproject.org> - 3.13.0-0.rc3.git1.2
+- Revert upstream selinux change causing sync hang (rhbz 1033965)
+- Add patch to fix radeon from crashing
+
* Tue Dec 10 2013 Josh Boyer <jwboyer at fedoraproject.org> - 3.13.0-0.rc3.git1.1
- Linux v3.13-rc3-157-g17b2112
- Reenable debugging options.
More information about the scm-commits
mailing list