they were administrators (CVE-2016-2860).
- Fix an information leak of uninitialized memory over the network.
- Fix a crash when the AFS root volume is not found.
+ * debian/patches/Linux-4.4-key_payload-has-no-member-value.patch,
+ debian/patches/Linux-4.4-Use-locks_lock_file_wait.patch,
+ debian/patches/Linux-4.4-Do-not-use-splice.patch:
+ Add upstream patches for current Linux kernel support. (Closes: #815521)
-- Anders Kaseorg <andersk@mit.edu> Wed, 16 Mar 2016 13:39:06 -0400
--- /dev/null
+From 84e7f8cc5ecd687c16ab17452957f76e028e4415 Mon Sep 17 00:00:00 2001
+From: Stephan Wiesand <stephan.wiesand@desy.de>
+Date: Tue, 8 Mar 2016 14:15:17 +0100
+Subject: Linux 4.4: Do not use splice()
+
+splice() may return -ERESTARTSYS if there are pending signals, and
+it's not even clear how this should be dealt with. This potential
+problem has been present for a long time, but as of Linux 4.4
+(commit c725bfce7968009756ed2836a8cd7ba4dc163011) seems much more
+likely to happen.
+
+Until resources are available to fix the code to handle such errors,
+avoid the riskier uses of splice().
+
+If there is a default implementation of file_splice_{write,read},
+use that; on somewhat older kernels where it is not available,
+use the generic version instead.
+
+[kaduk@mit.edu: add test for default_file_splice_write]
+
+Change-Id: Ib4477cdfb2cd0f49f516da75edc3cb9d1a8817dc
+---
+ acinclude.m4 | 3 +++
+ src/afs/LINUX/osi_fetchstore.c | 6 ++++--
+ src/afs/LINUX/osi_vnodeops.c | 2 +-
+ src/afs/afs_fetchstore.c | 2 +-
+ 4 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/acinclude.m4 b/acinclude.m4
+index d8d7835..f50099a 100644
+--- a/acinclude.m4
++++ b/acinclude.m4
+@@ -1076,6 +1076,9 @@ case $AFS_SYSNAME in *_linux* | *_umlinux*)
+ AC_CHECK_LINUX_FUNC([splice_direct_to_actor],
+ [#include <linux/splice.h>],
+ [splice_direct_to_actor(NULL,NULL,NULL);])
++ AC_CHECK_LINUX_FUNC([default_file_splice_read],
++ [#include <linux/fs.h>],
++ [default_file_splice_read(NULL,NULL,NULL, 0, 0);])
+ AC_CHECK_LINUX_FUNC([svc_addr_in],
+ [#include <linux/sunrpc/svc.h>],
+ [svc_addr_in(NULL);])
+diff --git a/src/afs/LINUX/osi_fetchstore.c b/src/afs/LINUX/osi_fetchstore.c
+index 4089bbb..997c1aa 100644
+--- a/src/afs/LINUX/osi_fetchstore.c
++++ b/src/afs/LINUX/osi_fetchstore.c
+@@ -38,7 +38,7 @@
+ #include "afs/param.h"
+
+ #include <linux/fs.h>
+-#if defined(HAVE_LINUX_SPLICE_DIRECT_TO_ACTOR)
++#if 0 && defined(HAVE_LINUX_SPLICE_DIRECT_TO_ACTOR)
+ # include <linux/splice.h>
+ #else
+ # include <linux/pipe_fs_i.h>
+@@ -47,7 +47,7 @@
+ #include "afs/sysincludes.h"
+ #include "afsincludes.h"
+
+-#if defined(HAVE_LINUX_SPLICE_DIRECT_TO_ACTOR)
++#if 0 && defined(HAVE_LINUX_SPLICE_DIRECT_TO_ACTOR)
+ static int
+ afs_linux_splice_actor(struct pipe_inode_info *pipe,
+ struct pipe_buffer *buf,
+@@ -151,6 +151,7 @@ afs_linux_read_actor(read_descriptor_t *desc, struct page *page,
+ return size;
+ }
+
++#if 0
+ afs_int32
+ afs_linux_storeproc(struct storeOps *ops, void *rock, struct dcache *tdc,
+ int *shouldwake, afs_size_t *bytesXferred)
+@@ -184,5 +185,6 @@ afs_linux_storeproc(struct storeOps *ops, void *rock, struct dcache *tdc,
+
+ return code;
+ }
++#endif
+
+ #endif
+diff --git a/src/afs/LINUX/osi_vnodeops.c b/src/afs/LINUX/osi_vnodeops.c
+index 6c3a811..89b9520 100644
+--- a/src/afs/LINUX/osi_vnodeops.c
++++ b/src/afs/LINUX/osi_vnodeops.c
+@@ -846,7 +846,7 @@ struct file_operations afs_file_fops = {
+ #if defined(STRUCT_FILE_OPERATIONS_HAS_SENDFILE)
+ .sendfile = generic_file_sendfile,
+ #endif
+-#if defined(STRUCT_FILE_OPERATIONS_HAS_SPLICE)
++#if defined(STRUCT_FILE_OPERATIONS_HAS_SPLICE) && !defined(HAVE_LINUX_DEFAULT_FILE_SPLICE_READ)
+ # if defined(HAVE_LINUX_ITER_FILE_SPLICE_WRITE)
+ .splice_write = iter_file_splice_write,
+ # else
+diff --git a/src/afs/afs_fetchstore.c b/src/afs/afs_fetchstore.c
+index f65f40c..c75da94 100644
+--- a/src/afs/afs_fetchstore.c
++++ b/src/afs/afs_fetchstore.c
+@@ -326,7 +326,7 @@ struct storeOps rxfs_storeUfsOps = {
+ .padd = rxfs_storePadd,
+ .close = rxfs_storeClose,
+ .destroy = rxfs_storeDestroy,
+-#ifdef AFS_LINUX26_ENV
++#if 0 && defined(AFS_LINUX26_ENV)
+ .storeproc = afs_linux_storeproc
+ #else
+ .storeproc = afs_GenericStoreProc
+--
+2.8.0.rc2
+
--- /dev/null
+From 6736e52c00fda9e278d4f4ee3f130197ac814190 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20La=C3=9F?= <lass@mail.uni-paderborn.de>
+Date: Mon, 18 Jan 2016 19:58:00 +0100
+Subject: Linux 4.4: Use locks_lock_file_wait
+
+The locks API was changed in Linux 4.4, introducing locks_lock_file_wait
+(e55c34a66f87e78fb1fc6b623b78c5ad74b475af) and removing
+flock_lock_file_wait (616fb38fa7a9599293e05ae1fa9acfaf73922434).
+
+locks_lock_file_wait can be used as a drop-in replacement so define
+flock_lock_file_wait as an alias for it.
+
+Change-Id: Iba89a43c651737c86cbf519a933289d97c25a467
+---
+ acinclude.m4 | 3 +++
+ src/afs/LINUX/osi_compat.h | 4 ++++
+ 2 files changed, 7 insertions(+)
+
+diff --git a/acinclude.m4 b/acinclude.m4
+index 9b4d94e..d8d7835 100644
+--- a/acinclude.m4
++++ b/acinclude.m4
+@@ -1042,6 +1042,9 @@ case $AFS_SYSNAME in *_linux* | *_umlinux*)
+ AC_CHECK_LINUX_FUNC([kernel_setsockopt],
+ [#include <linux/net.h>],
+ [kernel_setsockopt(NULL, 0, 0, NULL, 0);])
++ AC_CHECK_LINUX_FUNC([locks_lock_file_wait],
++ [#include <linux/fs.h>],
++ [locks_lock_file_wait(NULL, NULL);])
+ AC_CHECK_LINUX_FUNC([page_follow_link],
+ [#include <linux/fs.h>],
+ [page_follow_link(0,0);])
+diff --git a/src/afs/LINUX/osi_compat.h b/src/afs/LINUX/osi_compat.h
+index e9f6ca1..5b3f12b 100644
+--- a/src/afs/LINUX/osi_compat.h
++++ b/src/afs/LINUX/osi_compat.h
+@@ -47,6 +47,10 @@ typedef struct path afs_linux_path_t;
+ # endif
+ #endif
+
++#if defined(HAVE_LINUX_LOCKS_LOCK_FILE_WAIT)
++# define flock_lock_file_wait locks_lock_file_wait
++#endif
++
+ #if !defined(HAVE_LINUX_DO_SYNC_READ) && !defined(STRUCT_FILE_OPERATIONS_HAS_READ_ITER)
+ static inline int
+ do_sync_read(struct file *fp, char *buf, size_t count, loff_t *offp) {
+--
+2.8.0.rc2
+
--- /dev/null
+From c5e7e69c34952724e7f0e062f3903527091ecc0b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20La=C3=9F?= <lass@mail.uni-paderborn.de>
+Date: Mon, 18 Jan 2016 18:29:00 +0100
+Subject: Linux 4.4: key_payload has no member 'value'
+
+In Linux 4.4 (146aa8b1453bd8f1ff2304ffb71b4ee0eb9acdcc) type-specific and
+payload data have been merged. The payload is now accessed directly and has
+no 'value' member anymore.
+
+FIXES 132677
+
+Change-Id: Id26c40c80314a0087ecc0735029412787058ef07
+---
+ acinclude.m4 | 1 +
+ src/afs/LINUX/osi_groups.c | 16 +++++++++++++++-
+ 2 files changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/acinclude.m4 b/acinclude.m4
+index f8a0e23..9b4d94e 100644
+--- a/acinclude.m4
++++ b/acinclude.m4
+@@ -948,6 +948,7 @@ case $AFS_SYSNAME in *_linux* | *_umlinux*)
+ AC_CHECK_LINUX_STRUCT([file_operations], [sendfile], [fs.h])
+ AC_CHECK_LINUX_STRUCT([file_system_type], [mount], [fs.h])
+ AC_CHECK_LINUX_STRUCT([inode_operations], [truncate], [fs.h])
++ AC_CHECK_LINUX_STRUCT([key], [payload.value], [key.h])
+ AC_CHECK_LINUX_STRUCT([key_type], [instantiate_prep], [key-type.h])
+ AC_CHECK_LINUX_STRUCT([key_type], [match_preparse], [key-type.h])
+ AC_CHECK_LINUX_STRUCT([key_type], [preparse], [key-type.h])
+diff --git a/src/afs/LINUX/osi_groups.c b/src/afs/LINUX/osi_groups.c
+index 3b068e5..a83bcb9 100644
+--- a/src/afs/LINUX/osi_groups.c
++++ b/src/afs/LINUX/osi_groups.c
+@@ -489,7 +489,11 @@ static int afs_pag_instantiate(struct key *key, const void *data, size_t datalen
+ if (*userpag != pag)
+ goto error;
+
++#if defined(STRUCT_KEY_HAS_PAYLOAD_VALUE)
+ key->payload.value = (unsigned long) *userpag;
++#else
++ memcpy(&key->payload, userpag, sizeof(afs_uint32));
++#endif
+ key->datalen = sizeof(afs_uint32);
+ code = 0;
+
+@@ -513,9 +517,15 @@ static int afs_pag_match(const struct key *key, const void *description)
+
+ static void afs_pag_destroy(struct key *key)
+ {
+- afs_uint32 pag = key->payload.value;
++ afs_uint32 pag;
+ int locked = ISAFS_GLOCK();
+
++#if defined(STRUCT_KEY_HAS_PAYLOAD_VALUE)
++ pag = key->payload.value;
++#else
++ memcpy(&pag, &key->payload, sizeof(afs_uint32));
++#endif
++
+ if (!locked)
+ AFS_GLOCK();
+
+@@ -609,7 +619,11 @@ osi_get_keyring_pag(afs_ucred_t *cred)
+
+ if (!IS_ERR(key)) {
+ if (key_validate(key) == 0 && uid_eq(key->uid, GLOBAL_ROOT_UID)) { /* also verify in the session keyring? */
++#if defined(STRUCT_KEY_HAS_PAYLOAD_VALUE)
+ keyring_pag = key->payload.value;
++#else
++ memcpy(&keyring_pag, &key->payload, sizeof(afs_int32));
++#endif
+ /* Only set PAG in groups if needed,
+ * and the creds are from the current process */
+ if (afs_linux_cred_is_current(cred) &&
+--
+2.8.0.rc2
+
0003-Add-dummy-exit-command-for-afsd-to-do-nothing.patch
+Linux-4.4-key_payload-has-no-member-value.patch
+Linux-4.4-Use-locks_lock_file_wait.patch
+Linux-4.4-Do-not-use-splice.patch
projects / packages / o / openafs.git / commitdiff