diff options
| author |   Changhyeok Bae <changhyeok.bae@gmail.com> | 2017-05-31 02:39:38 +0000 |
|---|---|---|
| committer |   Jan-Simon Moeller <jsmoeller@linuxfoundation.org> | 2017-09-08 16:19:01 +0000 |
| commit | cb0b5d9dc435fe4d4eb89629a9a93311bed841bd (patch) | |
| tree | e4bb44e4588e876988820abb538cdc83dc4f0eea /meta-agl-bsp | |
| parent | 3d32b328ebece6019b118c83f56150b5c6947cd5 (diff) | |
Upgrade to pyro
u-boot: v2017.01
dlt-daemon: Remove gzipnative inheritance
- gzipnative.bbclass is removed in pyro branch.
- See ab0f46400c113c0d893be872727a67739d5e794d in poky.
gpm: Remove bbappend file
- upstream(meta-openembedded) is using git(v1.99.7) and this is not
required anymore.
gnutls: Remove bbappend file
- The patch is already applied in upstream.
agl-image-minimal: Remove ROOTFS_PKGMANAGE_BOOTSTRAP
- ROOTFS_PKGMANAGE_BOOTSTRAP is removed in upstream.
- Please see 529244ee212fe14019e35a5f163fab705ddbf141 in poky.
freetype: Change hash value for v2.7.1 binary
shadow: Remove shadow_%.bbappend
- It's already applied upstream poky.
Remove nativesdk-packagegroup-sdk-host.bbappend
- It's already applied in upstream poky.
faac: Remove bbappend file
- It's already applied meta-openembedded upstream.
pulseaudio: Change bbappend naming
- Upstream yocto provides pulseaudio v10.0.
weston: re-create patch to apply new version (v2.0.0)
- Remove 0001-compositor-drm.c-Launch-without-input-devices.patch
because it's already applied in new version.
mesa: Remove 12.0.3 recipe and fix build error for qemux86-64
- Yocto upstream supports 17.0.2 and v12.0.3 is not required anymore in
raspberrypi
- Error:
| configure: error: --enable-gallium-llvm selected but llvm-config is
not found
wayland-ivi-extension: Upgrade to latest master version
- Due to weston upgrade, wayland-ivi-extension should be upgraded.
packagegroup-ivi-common-core-multimedia: Remove alsa-lib
- alsa-lib has empty package and it's not required anymore.
Add agl-driver and agl-passenger in group and passwd
- Parsing Error:
agl-users: groupname agl-passenger does not have a static ID defined.
poky-agl.conf: Change gstreamer default version to v1.10.x
- Yocto upstream moves gstreamer to v1.10.4.
af-main: Fix build error
- Error:
file /usr/local conflicts between attempted installs of
af-main-1.0-r0.corei7_64 and base-files-3.0.14-r89.qemux86_64
intel-corei7-64: Change gstreamer-vaapi-1.0 name
- gstreamer-vaapi-1.0 is moved to oe-core and its name is changed to
gstreamer1.0-vaapi.
linux-raspberrypi: Drop 4.4 bbappend
- The upstream meta-raspberrypi doesn't support v4.4 anymore.
- CVE patches are not required anymore.
glibc: Remove bbappend
- The bug-20116 is already applied in 2.25
cynara,security-manager: Fix build error
- cynara: Replace bb.data to d
- security-manager: Temporarily use 'no' in APPLY variable
u-boot-ota: Add SRC_URI
- In pyro, SRC_URI and S is moved from .inc to .bb
linux-yocto: Remove 4.8 and 4.4 bbappend
- Yocto 2.3 (Pyro) doesn't support v4.8 kernel anymore.
- CVE patches in meta-agl-bsp are already applied in Yocto 2.3.
tcf-agent: Remove bbappend file
- This change is merged to upstream poky (pyro)
bluez5: Remove recipe and add .bbappend
- Yocto 2.3 (Pyro) already has same version.
- bluetooth.conf file is added in .bbappend
python-pycrypto: Remove recipe
- meta-openembedded (Pyro) already has same version.
meta-agl-bsp/classes/image.bbclass: Arrange for pyro
- image.bbclass is taken from poky/meta/classes/image.bbclass and only
changed IMAGE_TYPE_vm variable.
libsoup: Fix native build error temporarily
v2 (jsmoeller):
meta-agl-bsp/meta-ti:
- workaround patches in meta-ti/recipes-arago/gstreamer/gstreamer1.0-plugins-bad_%.bbappend
- fix old python code in meta-ti/recipes-arago/ipumm-fw/ipumm-fw_3.00.13.00.bb
- workaround patches in meta-ti/recipes-arago/weston/weston_%.bbappend
- make specific to dra7xx-evm:
-- meta-ti/recipes-bsp/alsa-state/alsa-state.bbappend
-- meta-ti/recipes-bsp/u-boot/u-boot-ti-staging_%.bbappend
-- rename meta-ti/recipes-multimedia/pulseaudio/pulseaudio/dra7xx-evm-set-default-sink-source.patch
-- rename meta-ti/recipes-multimedia/pulseaudio/pulseaudio_%.bbappend
TODO/FIXME's in:
- meta-agl-bsp/meta-ti/recipes-arago/gstreamer/gstreamer1.0-plugins-bad_%.bbappend
- meta-agl-bsp/meta-ti/recipes-arago/weston/weston_%.bbappend
- meta-agl-bsp/meta-ti/recipes-multimedia/pulseaudio/pulseaudio_%.bbappend
- meta-ti/recipes-bsp/u-boot/u-boot-ti-staging_%.bbappend
Bug-AGL: SPEC-646
Change-Id: I4162ae887d3334e9102575e3724483aa25f4bd9c
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/10457
Diffstat (limited to 'meta-agl-bsp')
39 files changed, 151 insertions, 3559 deletions
diff --git a/meta-agl-bsp/classes/image.bbclass b/meta-agl-bsp/classes/image.bbclass index 1002431ef..a832fa671 100644 --- a/meta-agl-bsp/classes/image.bbclass +++ b/meta-agl-bsp/classes/image.bbclass @@ -1,19 +1,17 @@ inherit rootfs_${IMAGE_PKGTYPE} -# Only Linux SDKs support populate_sdk_ext, fall back to populate_sdk +# Only Linux SDKs support populate_sdk_ext, fall back to populate_sdk_base # in the non-Linux SDK_OS case, such as mingw32 -SDKEXTCLASS ?= "${@['populate_sdk', 'populate_sdk_ext']['linux' in d.getVar("SDK_OS", True)]}" +SDKEXTCLASS ?= "${@['populate_sdk_base', 'populate_sdk_ext']['linux' in d.getVar("SDK_OS")]}" inherit ${SDKEXTCLASS} TOOLCHAIN_TARGET_TASK += "${PACKAGE_INSTALL}" TOOLCHAIN_TARGET_TASK_ATTEMPTONLY += "${PACKAGE_INSTALL_ATTEMPTONLY}" POPULATE_SDK_POST_TARGET_COMMAND += "rootfs_sysroot_relativelinks; " -inherit gzipnative - LICENSE = "MIT" PACKAGES = "" -DEPENDS += "${MLPREFIX}qemuwrapper-cross ${MLPREFIX}depmodwrapper-cross" +DEPENDS += "${MLPREFIX}qemuwrapper-cross depmodwrapper-cross" RDEPENDS += "${PACKAGE_INSTALL} ${LINGUAS_INSTALL}" RRECOMMENDS += "${PACKAGE_INSTALL_ATTEMPTONLY}" @@ -31,7 +29,7 @@ IMAGE_FEATURES[validitems] += "debug-tweaks read-only-rootfs empty-root-password IMAGE_GEN_DEBUGFS ?= "0" # rootfs bootstrap install -ROOTFS_BOOTSTRAP_INSTALL = "${@bb.utils.contains("IMAGE_FEATURES", "package-management", "", "${ROOTFS_PKGMANAGE_BOOTSTRAP}",d)}" +ROOTFS_BOOTSTRAP_INSTALL = "run-postinsts" # These packages will be removed from a read-only rootfs after all other # packages have been installed @@ -51,7 +49,7 @@ FEATURE_PACKAGES_splash = "${SPLASH}" IMAGE_INSTALL_COMPLEMENTARY = '${@complementary_globs("IMAGE_FEATURES", d)}' def check_image_features(d): - valid_features = (d.getVarFlag('IMAGE_FEATURES', 'validitems', True) or "").split() + valid_features = (d.getVarFlag('IMAGE_FEATURES', 'validitems') or "").split() valid_features += d.getVarFlags('COMPLEMENTARY_GLOB').keys() for var in d: if var.startswith("PACKAGE_GROUP_"): @@ -133,7 +131,7 @@ def build_live(d): if bb.utils.contains("IMAGE_FSTYPES", "live", "live", "0", d) == "0": # live is not set but hob might set iso or hddimg d.setVar('NOISO', bb.utils.contains('IMAGE_FSTYPES', "iso", "0", "1", d)) d.setVar('NOHDD', bb.utils.contains('IMAGE_FSTYPES', "hddimg", "0", "1", d)) - if d.getVar('NOISO', True) == "0" or d.getVar('NOHDD', True) == "0": + if d.getVar('NOISO') == "0" or d.getVar('NOHDD') == "0": return "image-live" return "" return "image-live" @@ -142,38 +140,54 @@ IMAGE_TYPE_live = "${@build_live(d)}" inherit ${IMAGE_TYPE_live} IMAGE_TYPE_vm = '${@bb.utils.contains_any("IMAGE_FSTYPES", ["vmdk", "vmdk.xz", "vdi", "qcow2", "hdddirect"], "image-vm", "", d)}' + inherit ${IMAGE_TYPE_vm} +IMAGE_TYPE_container = '${@bb.utils.contains("IMAGE_FSTYPES", "container", "image-container", "", d)}' +inherit ${IMAGE_TYPE_container} + +def build_uboot(d): + if 'u-boot' in (d.getVar('IMAGE_FSTYPES') or ''): + return "image_types_uboot" + else: + return "" + +IMAGE_TYPE_uboot = "${@build_uboot(d)}" +inherit ${IMAGE_TYPE_uboot} + +IMAGE_TYPE_wic = "image_types_wic" +inherit ${IMAGE_TYPE_wic} + python () { deps = " " + imagetypes_getdepends(d) d.appendVarFlag('do_rootfs', 'depends', deps) deps = "" - for dep in (d.getVar('EXTRA_IMAGEDEPENDS', True) or "").split(): + for dep in (d.getVar('EXTRA_IMAGEDEPENDS') or "").split(): deps += " %s:do_populate_sysroot" % dep - d.appendVarFlag('do_build', 'depends', deps) + d.appendVarFlag('do_image_complete', 'depends', deps) #process IMAGE_FEATURES, we must do this before runtime_mapping_rename #Check for replaces image features features = set(oe.data.typed_value('IMAGE_FEATURES', d)) remain_features = features.copy() for feature in features: - replaces = set((d.getVar("IMAGE_FEATURES_REPLACES_%s" % feature, True) or "").split()) + replaces = set((d.getVar("IMAGE_FEATURES_REPLACES_%s" % feature) or "").split()) remain_features -= replaces #Check for conflict image features for feature in remain_features: - conflicts = set((d.getVar("IMAGE_FEATURES_CONFLICTS_%s" % feature, True) or "").split()) + conflicts = set((d.getVar("IMAGE_FEATURES_CONFLICTS_%s" % feature) or "").split()) temp = conflicts & remain_features if temp: - bb.fatal("%s contains conflicting IMAGE_FEATURES %s %s" % (d.getVar('PN', True), feature, ' '.join(list(temp)))) + bb.fatal("%s contains conflicting IMAGE_FEATURES %s %s" % (d.getVar('PN'), feature, ' '.join(list(temp)))) d.setVar('IMAGE_FEATURES', ' '.join(sorted(list(remain_features)))) check_image_features(d) - initramfs_image = d.getVar('INITRAMFS_IMAGE', True) or "" + initramfs_image = d.getVar('INITRAMFS_IMAGE') or "" if initramfs_image != "": - d.appendVarFlag('do_build', 'depends', " %s:do_bundle_initramfs" % d.getVar('PN', True)) + d.appendVarFlag('do_build', 'depends', " %s:do_bundle_initramfs" % d.getVar('PN')) d.appendVarFlag('do_bundle_initramfs', 'depends', " %s:do_image_complete" % initramfs_image) } @@ -185,7 +199,7 @@ IMAGE_POSTPROCESS_COMMAND ?= "" # some default locales IMAGE_LINGUAS ?= "de-de fr-fr en-gb" -LINGUAS_INSTALL ?= "${@" ".join(map(lambda s: "locale-base-%s" % s, d.getVar('IMAGE_LINGUAS', True).split()))}" +LINGUAS_INSTALL ?= "${@" ".join(map(lambda s: "locale-base-%s" % s, d.getVar('IMAGE_LINGUAS').split()))}" # Prefer image, but use the fallback files for lookups if the image ones # aren't yet available. @@ -199,6 +213,14 @@ PACKAGE_EXCLUDE[type] = "list" fakeroot python do_rootfs () { from oe.rootfs import create_rootfs from oe.manifest import create_manifest + import logging + + logger = d.getVar('BB_TASK_LOGGER', False) + if logger: + logcatcher = bb.utils.LogCatcher() + logger.addHandler(logcatcher) + else: + logcatcher = None # NOTE: if you add, remove or significantly refactor the stages of this # process then you should recalculate the weightings here. This is quite @@ -212,20 +234,20 @@ fakeroot python do_rootfs () { progress_reporter.next_stage() # Handle package exclusions - excl_pkgs = d.getVar("PACKAGE_EXCLUDE", True).split() - inst_pkgs = d.getVar("PACKAGE_INSTALL", True).split() - inst_attempt_pkgs = d.getVar("PACKAGE_INSTALL_ATTEMPTONLY", True).split() + excl_pkgs = d.getVar("PACKAGE_EXCLUDE").split() + inst_pkgs = d.getVar("PACKAGE_INSTALL").split() + inst_attempt_pkgs = d.getVar("PACKAGE_INSTALL_ATTEMPTONLY").split() d.setVar('PACKAGE_INSTALL_ORIG', ' '.join(inst_pkgs)) d.setVar('PACKAGE_INSTALL_ATTEMPTONLY', ' '.join(inst_attempt_pkgs)) for pkg in excl_pkgs: if pkg in inst_pkgs: - bb.warn("Package %s, set to be excluded, is in %s PACKAGE_INSTALL (%s). It will be removed from the list." % (pkg, d.getVar('PN', True), inst_pkgs)) + bb.warn("Package %s, set to be excluded, is in %s PACKAGE_INSTALL (%s). It will be removed from the list." % (pkg, d.getVar('PN'), inst_pkgs)) inst_pkgs.remove(pkg) if pkg in inst_attempt_pkgs: - bb.warn("Package %s, set to be excluded, is in %s PACKAGE_INSTALL_ATTEMPTONLY (%s). It will be removed from the list." % (pkg, d.getVar('PN', True), inst_pkgs)) + bb.warn("Package %s, set to be excluded, is in %s PACKAGE_INSTALL_ATTEMPTONLY (%s). It will be removed from the list." % (pkg, d.getVar('PN'), inst_pkgs)) inst_attempt_pkgs.remove(pkg) d.setVar("PACKAGE_INSTALL", ' '.join(inst_pkgs)) @@ -235,7 +257,7 @@ fakeroot python do_rootfs () { # We have to delay the runtime_mapping_rename until just before rootfs runs # otherwise, the multilib renaming could step in and squash any fixups that # may have occurred. - pn = d.getVar('PN', True) + pn = d.getVar('PN') runtime_mapping_rename("PACKAGE_INSTALL", pn, d) runtime_mapping_rename("PACKAGE_INSTALL_ATTEMPTONLY", pn, d) runtime_mapping_rename("BAD_RECOMMENDATIONS", pn, d) @@ -246,19 +268,19 @@ fakeroot python do_rootfs () { progress_reporter.next_stage() # generate rootfs - create_rootfs(d, progress_reporter=progress_reporter) + create_rootfs(d, progress_reporter=progress_reporter, logcatcher=logcatcher) progress_reporter.finish() } do_rootfs[dirs] = "${TOPDIR}" do_rootfs[cleandirs] += "${S} ${IMGDEPLOYDIR}" do_rootfs[umask] = "022" -addtask rootfs before do_build +addtask rootfs before do_build after do_prepare_recipe_sysroot fakeroot python do_image () { from oe.utils import execute_pre_post_process - pre_process_cmds = d.getVar("IMAGE_PREPROCESS_COMMAND", True) + pre_process_cmds = d.getVar("IMAGE_PREPROCESS_COMMAND") execute_pre_post_process(d, pre_process_cmds) } @@ -269,7 +291,7 @@ addtask do_image after do_rootfs before do_build fakeroot python do_image_complete () { from oe.utils import execute_pre_post_process - post_process_cmds = d.getVar("IMAGE_POSTPROCESS_COMMAND", True) + post_process_cmds = d.getVar("IMAGE_POSTPROCESS_COMMAND") execute_pre_post_process(d, post_process_cmds) } @@ -292,7 +314,7 @@ addtask do_image_complete after do_image before do_build fakeroot python do_image_qa () { from oe.utils import ImageQAFailed - qa_cmds = (d.getVar('IMAGE_QA_COMMANDS', True) or '').split() + qa_cmds = (d.getVar('IMAGE_QA_COMMANDS') or '').split() qamsg = "" for cmd in qa_cmds: @@ -307,40 +329,17 @@ fakeroot python do_image_qa () { qamsg = qamsg + '\n' if qamsg: - imgname = d.getVar('IMAGE_NAME', True) + imgname = d.getVar('IMAGE_NAME') bb.fatal("QA errors found whilst validating image: %s\n%s" % (imgname, qamsg)) } addtask do_image_qa after do_image_complete before do_build -# -# Write environment variables used by wic -# to tmp/sysroots/<machine>/imgdata/<image>.env -# -python do_rootfs_wicenv () { - wicvars = d.getVar('WICVARS', True) - if not wicvars: - return - - stdir = d.getVar('STAGING_DIR_TARGET', True) - outdir = os.path.join(stdir, 'imgdata') - bb.utils.mkdirhier(outdir) - basename = d.getVar('IMAGE_BASENAME', True) - with open(os.path.join(outdir, basename) + '.env', 'w') as envf: - for var in wicvars.split(): - value = d.getVar(var, True) - if value: - envf.write('%s="%s"\n' % (var, value.strip())) -} -addtask do_rootfs_wicenv after do_image before do_image_wic -do_rootfs_wicenv[vardeps] += "${WICVARS}" -do_rootfs_wicenv[prefuncs] = 'set_image_size' - def setup_debugfs_variables(d): d.appendVar('IMAGE_ROOTFS', '-dbg') d.appendVar('IMAGE_LINK_NAME', '-dbg') d.appendVar('IMAGE_NAME','-dbg') d.setVar('IMAGE_BUILDING_DEBUGFS', 'true') - debugfs_image_fstypes = d.getVar('IMAGE_FSTYPES_DEBUGFS', True) + debugfs_image_fstypes = d.getVar('IMAGE_FSTYPES_DEBUGFS') if debugfs_image_fstypes: d.setVar('IMAGE_FSTYPES', debugfs_image_fstypes) @@ -358,7 +357,7 @@ python () { # # Without de-duplication, gen_conversion_cmds() below # would create the same compression command multiple times. - ctypes = set(d.getVar('CONVERSIONTYPES', True).split()) + ctypes = set(d.getVar('CONVERSIONTYPES').split()) old_overrides = d.getVar('OVERRIDES', False) def _image_base_type(type): @@ -375,11 +374,11 @@ python () { return basetype basetypes = {} - alltypes = d.getVar('IMAGE_FSTYPES', True).split() + alltypes = d.getVar('IMAGE_FSTYPES').split() typedeps = {} - if d.getVar('IMAGE_GEN_DEBUGFS', True) == "1": - debugfs_fstypes = d.getVar('IMAGE_FSTYPES_DEBUGFS', True).split() + if d.getVar('IMAGE_GEN_DEBUGFS') == "1": + debugfs_fstypes = d.getVar('IMAGE_FSTYPES_DEBUGFS').split() for t in debugfs_fstypes: alltypes.append("debugfs_" + t) @@ -394,7 +393,7 @@ python () { if t.startswith("debugfs_"): t = t[8:] debug = "debugfs_" - deps = (d.getVar('IMAGE_TYPEDEP_' + t, True) or "").split() + deps = (d.getVar('IMAGE_TYPEDEP_' + t) or "").split() vardeps.add('IMAGE_TYPEDEP_' + t) if baset not in typedeps: typedeps[baset] = set() @@ -414,7 +413,7 @@ python () { d.appendVarFlag('do_image', 'vardeps', ' '.join(vardeps)) - maskedtypes = (d.getVar('IMAGE_TYPES_MASKED', True) or "").split() + maskedtypes = (d.getVar('IMAGE_TYPES_MASKED') or "").split() maskedtypes = [dbg + t for t in maskedtypes for dbg in ("", "debugfs_")] for t in basetypes: @@ -433,7 +432,6 @@ python () { debug = "setup_debugfs " realt = t[8:] localdata.setVar('OVERRIDES', '%s:%s' % (realt, old_overrides)) - bb.data.update_data(localdata) localdata.setVar('type', realt) # Delete DATETIME so we don't expand any references to it now # This means the task's hash can be stable rather than having hardcoded @@ -442,7 +440,7 @@ python () { localdata.delVar('DATETIME') localdata.delVar('TMPDIR') - image_cmd = localdata.getVar("IMAGE_CMD", True) + image_cmd = localdata.getVar("IMAGE_CMD") vardeps.add('IMAGE_CMD_' + realt) if image_cmd: cmds.append("\t" + image_cmd) @@ -464,7 +462,7 @@ python () { # Create input image first. gen_conversion_cmds(type) localdata.setVar('type', type) - cmd = "\t" + (localdata.getVar("CONVERSION_CMD_" + ctype, True) or localdata.getVar("COMPRESS_CMD_" + ctype, True)) + cmd = "\t" + (localdata.getVar("CONVERSION_CMD_" + ctype) or localdata.getVar("COMPRESS_CMD_" + ctype)) if cmd not in cmds: cmds.append(cmd) vardeps.add('CONVERSION_CMD_' + ctype) @@ -515,17 +513,17 @@ python () { def get_rootfs_size(d): import subprocess - rootfs_alignment = int(d.getVar('IMAGE_ROOTFS_ALIGNMENT', True)) - overhead_factor = float(d.getVar('IMAGE_OVERHEAD_FACTOR', True)) - rootfs_req_size = int(d.getVar('IMAGE_ROOTFS_SIZE', True)) - rootfs_extra_space = eval(d.getVar('IMAGE_ROOTFS_EXTRA_SPACE', True)) - rootfs_maxsize = d.getVar('IMAGE_ROOTFS_MAXSIZE', True) - image_fstypes = d.getVar('IMAGE_FSTYPES', True) or '' - initramfs_fstypes = d.getVar('INITRAMFS_FSTYPES', True) or '' - initramfs_maxsize = d.getVar('INITRAMFS_MAXSIZE', True) + rootfs_alignment = int(d.getVar('IMAGE_ROOTFS_ALIGNMENT')) + overhead_factor = float(d.getVar('IMAGE_OVERHEAD_FACTOR')) + rootfs_req_size = int(d.getVar('IMAGE_ROOTFS_SIZE')) + rootfs_extra_space = eval(d.getVar('IMAGE_ROOTFS_EXTRA_SPACE')) + rootfs_maxsize = d.getVar('IMAGE_ROOTFS_MAXSIZE') + image_fstypes = d.getVar('IMAGE_FSTYPES') or '' + initramfs_fstypes = d.getVar('INITRAMFS_FSTYPES') or '' + initramfs_maxsize = d.getVar('INITRAMFS_MAXSIZE') output = subprocess.check_output(['du', '-ks', - d.getVar('IMAGE_ROOTFS', True)]) + d.getVar('IMAGE_ROOTFS')]) size_kb = int(output.split()[0]) base_size = size_kb * overhead_factor base_size = max(base_size, rootfs_req_size) + rootfs_extra_space @@ -541,7 +539,7 @@ def get_rootfs_size(d): # Do not check image size of the debugfs image. This is not supposed # to be deployed, etc. so it doesn't make sense to limit the size # of the debug. - if (d.getVar('IMAGE_BUILDING_DEBUGFS', True) or "") == "true": + if (d.getVar('IMAGE_BUILDING_DEBUGFS') or "") == "true": return base_size # Check the rootfs size against IMAGE_ROOTFS_MAXSIZE (if set) @@ -572,13 +570,13 @@ python set_image_size () { # python create_symlinks() { - deploy_dir = d.getVar('IMGDEPLOYDIR', True) - img_name = d.getVar('IMAGE_NAME', True) - link_name = d.getVar('IMAGE_LINK_NAME', True) - manifest_name = d.getVar('IMAGE_MANIFEST', True) - taskname = d.getVar("BB_CURRENTTASK", True) + deploy_dir = d.getVar('IMGDEPLOYDIR') + img_name = d.getVar('IMAGE_NAME') + link_name = d.getVar('IMAGE_LINK_NAME') + manifest_name = d.getVar('IMAGE_MANIFEST') + taskname = d.getVar("BB_CURRENTTASK") subimages = (d.getVarFlag("do_" + taskname, 'subimages', False) or "").split() - imgsuffix = d.getVarFlag("do_" + taskname, 'imgsuffix', True) or d.expand("${IMAGE_NAME_SUFFIX}.") + imgsuffix = d.getVarFlag("do_" + taskname, 'imgsuffix') or d.expand("${IMAGE_NAME_SUFFIX}.") if not link_name: return @@ -604,9 +602,9 @@ do_patch[noexec] = "1" do_configure[noexec] = "1" do_compile[noexec] = "1" do_install[noexec] = "1" -do_populate_sysroot[noexec] = "1" +deltask do_populate_sysroot do_package[noexec] = "1" -do_package_qa[noexec] = "1" +deltask do_package_qa do_packagedata[noexec] = "1" do_package_write_ipk[noexec] = "1" do_package_write_deb[noexec] = "1" diff --git a/meta-agl-bsp/conf/include/agl_intel-corei7-64.inc b/meta-agl-bsp/conf/include/agl_intel-corei7-64.inc index 299568fcb..d970fecab 100644 --- a/meta-agl-bsp/conf/include/agl_intel-corei7-64.inc +++ b/meta-agl-bsp/conf/include/agl_intel-corei7-64.inc @@ -22,7 +22,7 @@ APPEND += "console=ttyS0,115200n8 reboot=efi" IMAGE_INSTALL_append = " \ libva \ va-intel \ - gstreamer-vaapi-1.0 " + gstreamer1.0-vaapi" AGL_DEFAULT_IMAGE_FSTYPES := "wic hddimg" INITRD_LIVE = "${DEPLOY_DIR_IMAGE}/${INITRD_IMAGE_LIVE}-${MACHINE}.ext4.gz" diff --git a/meta-agl-bsp/conf/include/agl_joule.inc b/meta-agl-bsp/conf/include/agl_joule.inc index 246e47f9d..a13bdd9dd 100644 --- a/meta-agl-bsp/conf/include/agl_joule.inc +++ b/meta-agl-bsp/conf/include/agl_joule.inc @@ -7,7 +7,7 @@ IMAGE_INSTALL_append = " linux-firmware-iwlwifi-8000c linux-firmware-ibt-11-5" IMAGE_INSTALL_append = " \ libva \ va-intel \ - gstreamer-vaapi-1.0 " + gstreamer1.0-vaapi" OSTREE_BOOTLOADER ?= "u-boot" AGL_DEFAULT_IMAGE_FSTYPES := "wic hddimg" diff --git a/meta-agl-bsp/conf/include/agl_raspberrypi2.inc b/meta-agl-bsp/conf/include/agl_raspberrypi2.inc index 0b531b11d..111893b32 100644 --- a/meta-agl-bsp/conf/include/agl_raspberrypi2.inc +++ b/meta-agl-bsp/conf/include/agl_raspberrypi2.inc @@ -11,7 +11,6 @@ MULTI_PROVIDER_WHITELIST += "virtual/libgl virtual/egl virtual/libgles1 virtual/ KERNEL_IMAGETYPE = "uImage" KERNEL_DEVICETREE_append = " overlays/vc4-kms-v3d-overlay.dtb" -PREFERRED_VERSION_linux-raspberrypi = "4.4.%" PREFERRED_VERSION_mesa = "12.%" PREFERRED_PROVIDER_virtual/egl = "mesa" diff --git a/meta-agl-bsp/conf/include/agl_raspberrypi3-64.inc b/meta-agl-bsp/conf/include/agl_raspberrypi3-64.inc index 6f42c3602..f6801352c 100644 --- a/meta-agl-bsp/conf/include/agl_raspberrypi3-64.inc +++ b/meta-agl-bsp/conf/include/agl_raspberrypi3-64.inc @@ -5,20 +5,8 @@ ENABLE_CMA = "1" CMA_LWM = "16" CMA_HWM = "32" -CORE_IMAGE_EXTRA_INSTALL += "wayland weston" - -MULTI_PROVIDER_WHITELIST += "virtual/libgl virtual/egl virtual/libgles1 virtual/libgles2" - KERNEL_IMAGETYPE = "Image" KERNEL_DEVICETREE_append = " overlays/vc4-kms-v3d-overlay.dtb" -PREFERRED_VERSION_linux-raspberrypi = "4.9.%" -PREFERRED_VERSION_mesa = "12.%" - -PREFERRED_PROVIDER_virtual/egl = "mesa" -PREFERRED_PROVIDER_virtual/libgles2 = "mesa" -PREFERRED_PROVIDER_virtual/libgl = "mesa" -PREFERRED_PROVIDER_virtual/mesa = "mesa" -PREFERRED_PROVIDER_jpeg = "jpeg" MACHINE_FEATURES += "vc4graphics" diff --git a/meta-agl-bsp/conf/include/agl_raspberrypi3.inc b/meta-agl-bsp/conf/include/agl_raspberrypi3.inc index 1dd5f2989..54ccdd573 100644 --- a/meta-agl-bsp/conf/include/agl_raspberrypi3.inc +++ b/meta-agl-bsp/conf/include/agl_raspberrypi3.inc @@ -5,23 +5,12 @@ ENABLE_CMA = "1" CMA_LWM = "16" CMA_HWM = "32" -CORE_IMAGE_EXTRA_INSTALL += "wayland weston" - MULTI_PROVIDER_WHITELIST += "virtual/libgl virtual/egl virtual/libgles1 virtual/libgles2" # The correct config for a Raspberry Pi 3 in 32bit mode UBOOT_MACHINE = "rpi_3_32b_config" KERNEL_IMAGETYPE = "uImage" -KERNEL_DEVICETREE_append = " overlays/vc4-kms-v3d-overlay.dtb" -PREFERRED_VERSION_linux-raspberrypi = "4.4.%" -PREFERRED_VERSION_mesa = "12.%" - -PREFERRED_PROVIDER_virtual/egl = "mesa" -PREFERRED_PROVIDER_virtual/libgles2 = "mesa" -PREFERRED_PROVIDER_virtual/libgl = "mesa" -PREFERRED_PROVIDER_virtual/mesa = "mesa" -PREFERRED_PROVIDER_jpeg = "jpeg" MACHINE_FEATURES += "vc4graphics" diff --git a/meta-agl-bsp/meta-core/recipes-support/gnutls/files/check_SYS_getrandom.patch b/meta-agl-bsp/meta-core/recipes-support/gnutls/files/check_SYS_getrandom.patch deleted file mode 100644 index 535c22af1..000000000 --- a/meta-agl-bsp/meta-core/recipes-support/gnutls/files/check_SYS_getrandom.patch +++ /dev/null @@ -1,35 +0,0 @@ -From f26c3979ab0325edb2e410d287bc501cf00e0ac0 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: Mon, 22 Aug 2016 16:32:34 +0200 -Subject: [PATCH] rnd-linux: added check for SYS_getrandom being defined - -This allows to compile the getrandom() code in old Linux systems -which do not have the system call defined. ---- - -Upstream-Status: Backport -Signed-off-by: Khem Raj <raj.khem@gmail.com> - - lib/nettle/rnd-linux.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/lib/nettle/rnd-linux.c b/lib/nettle/rnd-linux.c -index d7f07a6..7a24d05 100644 ---- a/lib/nettle/rnd-linux.c -+++ b/lib/nettle/rnd-linux.c -@@ -56,7 +56,11 @@ static dev_t _gnutls_urandom_fd_rdev = 0; - # else - # include <sys/syscall.h> - # undef getrandom --# define getrandom(dst,s,flags) syscall(SYS_getrandom, (void*)dst, (size_t)s, (unsigned int)flags) -+# if defined(SYS_getrandom) -+# define getrandom(dst,s,flags) syscall(SYS_getrandom, (void*)dst, (size_t)s, (unsigned int)flags) -+# else -+# define getrandom(dst,s,flags) -1 -+# endif - # endif - - static unsigned have_getrandom(void) --- -libgit2 0.24.0 - diff --git a/meta-agl-bsp/meta-core/recipes-support/gnutls/gnutls_3.5.3.bbappend b/meta-agl-bsp/meta-core/recipes-support/gnutls/gnutls_3.5.3.bbappend deleted file mode 100644 index dc67743fc..000000000 --- a/meta-agl-bsp/meta-core/recipes-support/gnutls/gnutls_3.5.3.bbappend +++ /dev/null @@ -1,8 +0,0 @@ -FILESEXTRAPATHS_append := ":${THISDIR}/files" - -SRC_URI_append = "\ - file://check_SYS_getrandom.patch \ - " - - -# backport from https://patchwork.openembedded.org/patch/133002/ diff --git a/meta-agl-bsp/meta-intel/recipes-kernel/linux/linux-yocto_4.8%.bbappend b/meta-agl-bsp/meta-intel/recipes-kernel/linux/linux-yocto_4.9%.bbappend index 65484da51..65484da51 100644 --- a/meta-agl-bsp/meta-intel/recipes-kernel/linux/linux-yocto_4.8%.bbappend +++ b/meta-agl-bsp/meta-intel/recipes-kernel/linux/linux-yocto_4.9%.bbappend diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-graphics/mesa/files/disable-asm-on-non-gcc.patch b/meta-agl-bsp/meta-raspberrypi/recipes-graphics/mesa/files/disable-asm-on-non-gcc.patch deleted file mode 100644 index d2d67558b..000000000 --- a/meta-agl-bsp/meta-raspberrypi/recipes-graphics/mesa/files/disable-asm-on-non-gcc.patch +++ /dev/null @@ -1,29 +0,0 @@ -Configure checks for compiler to be gcc and then it enables asm_offsets -generation. see - -https://cgit.freedesktop.org/mesa/mesa/commit/?id=73c9b4b0e05fc66629ba250846948dc55c0e7a0d - -However, we missed the check when enabling this on cross compilation -when architecture for both host and target is x86 - -Fixes errors like -./gen_matypes > matypes.h -/bin/bash: ./gen_matypes: No such file or directory - --Khem - -Upstream-Status: Submitted - -Index: mesa-12.0.1/configure.ac -=================================================================== ---- mesa-12.0.1.orig/configure.ac -+++ mesa-12.0.1/configure.ac -@@ -732,7 +732,7 @@ test "x$enable_asm" = xno && AC_MSG_RESU - if test "x$enable_asm" = xyes -a "x$cross_compiling" = xyes; then - case "$host_cpu" in - i?86 | x86_64 | amd64) -- if test "x$host_cpu" != "x$target_cpu"; then -+ if test "x$host_cpu" != "x$target_cpu" -o "x$acv_mesa_CLANG" = xyes; then - enable_asm=no - AC_MSG_RESULT([no, cross compiling]) - fi diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-graphics/mesa/files/replace_glibc_check_with_linux.patch b/meta-agl-bsp/meta-raspberrypi/recipes-graphics/mesa/files/replace_glibc_check_with_linux.patch deleted file mode 100644 index e4461ef17..000000000 --- a/meta-agl-bsp/meta-raspberrypi/recipes-graphics/mesa/files/replace_glibc_check_with_linux.patch +++ /dev/null @@ -1,17 +0,0 @@ -endianness check is OS wide and not specific to libc - -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Upstream-Status: Pending -Index: mesa-11.1.1/src/gallium/include/pipe/p_config.h -=================================================================== ---- mesa-11.1.1.orig/src/gallium/include/pipe/p_config.h -+++ mesa-11.1.1/src/gallium/include/pipe/p_config.h -@@ -130,7 +130,7 @@ - * Endian detection. - */ - --#ifdef __GLIBC__ -+#if defined(__linux__) - #include <endian.h> - - #if __BYTE_ORDER == __LITTLE_ENDIAN diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-graphics/mesa/mesa-gl_12.0.3.bb b/meta-agl-bsp/meta-raspberrypi/recipes-graphics/mesa/mesa-gl_12.0.3.bb deleted file mode 100644 index f06a3e9b5..000000000 --- a/meta-agl-bsp/meta-raspberrypi/recipes-graphics/mesa/mesa-gl_12.0.3.bb +++ /dev/null @@ -1,13 +0,0 @@ -require mesa_${PV}.bb - -SUMMARY += " (OpenGL only, no EGL/GLES)" - -FILESEXTRAPATHS =. "${FILE_DIRNAME}/mesa:" - -PROVIDES = "virtual/libgl virtual/mesa" - -S = "${WORKDIR}/mesa-${PV}" - -PACKAGECONFIG ??= "dri ${MESA_CRYPTO} ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', '', d)}" - -EXCLUDE_FROM_WORLD = "1" diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-graphics/mesa/mesa.inc b/meta-agl-bsp/meta-raspberrypi/recipes-graphics/mesa/mesa.inc deleted file mode 100644 index e4880ffed..000000000 --- a/meta-agl-bsp/meta-raspberrypi/recipes-graphics/mesa/mesa.inc +++ /dev/null @@ -1,191 +0,0 @@ -SUMMARY = "A free implementation of the OpenGL API" -DESCRIPTION = "Mesa is an open-source implementation of the OpenGL specification - \ -a system for rendering interactive 3D graphics. \ -A variety of device drivers allows Mesa to be used in many different environments \ -ranging from software emulation to complete hardware acceleration for modern GPUs. \ -Mesa is used as part of the overall Direct Rendering Infrastructure and X.org \ -environment." - -HOMEPAGE = "http://mesa3d.org" -BUGTRACKER = "https://bugs.freedesktop.org" -SECTION = "x11" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://docs/license.html;md5=899fbe7e42d494c7c8c159c7001693d5" - -PE = "2" - -DEPENDS = "expat makedepend-native flex-native bison-native libxml2-native udev" - -PROVIDES = "virtual/libgl virtual/libgles1 virtual/libgles2 virtual/egl virtual/mesa" - -inherit autotools pkgconfig pythonnative gettext distro_features_check - -REQUIRED_DISTRO_FEATURES = "opengl" - -EXTRA_OECONF = "--enable-shared-glapi" - -PACKAGECONFIG ??= "gbm egl gles dri ${MESA_CRYPTO} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', '', d)}\ - ${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'wayland', '', d)}\ - " - -PACKAGECONFIG[gbm] = "--enable-gbm,--disable-gbm" - -X11_DEPS = "xf86driproto glproto virtual/libx11 libxext libxxf86vm libxdamage libxfixes" -PACKAGECONFIG[x11] = "--enable-glx-tls,--disable-glx,${X11_DEPS}" -PACKAGECONFIG[xvmc] = "--enable-xvmc,--disable-xvmc,libxvmc" -PACKAGECONFIG[wayland] = ",,wayland-native wayland" - -DRIDRIVERS = "swrast" -DRIDRIVERS_append_x86 = ",radeon,r200,nouveau,i965,i915" -DRIDRIVERS_append_x86-64 = ",radeon,r200,nouveau,i965,i915" -PACKAGECONFIG[dri] = "--enable-dri --with-dri-drivers=${DRIDRIVERS}, --disable-dri, dri2proto libdrm" -PACKAGECONFIG[dri3] = "--enable-dri3, --disable-dri3, dri3proto presentproto libxshmfence" - -PACKAGECONFIG[gles] = "--enable-gles1 --enable-gles2, --disable-gles1 --disable-gles2" - -EGL_PLATFORMS = "drm" -EGL_PLATFORMS .="${@bb.utils.contains('PACKAGECONFIG', 'x11', ',x11', '', d)}" -EGL_PLATFORMS .="${@bb.utils.contains('PACKAGECONFIG', 'wayland', ',wayland', '', d)}" -PACKAGECONFIG[egl] = "--enable-egl --with-egl-platforms=${EGL_PLATFORMS}, --disable-egl" - -GALLIUMDRIVERS = "swrast" -GALLIUMDRIVERS_LLVM33 = "${@bb.utils.contains('PACKAGECONFIG', 'r600', 'radeonsi,r600', '', d)}" -PACKAGECONFIG[r600] = "" -GALLIUMDRIVERS_LLVM33_ENABLED = "${@base_version_less_or_equal('MESA_LLVM_RELEASE', '3.2', False, len('${GALLIUMDRIVERS_LLVM33}') > 0, d)}" -GALLIUMDRIVERS_LLVM = "r300,svga,nouveau${@',${GALLIUMDRIVERS_LLVM33}' if ${GALLIUMDRIVERS_LLVM33_ENABLED} else ''}" -GALLIUMDRIVERS_append_x86 = "${@bb.utils.contains('PACKAGECONFIG', 'gallium-llvm', ',${GALLIUMDRIVERS_LLVM}', '', d)}" -GALLIUMDRIVERS_append_x86-64 = "${@bb.utils.contains('PACKAGECONFIG', 'gallium-llvm', ',${GALLIUMDRIVERS_LLVM}', '', d)}" -# keep --with-gallium-drivers separate, because when only one of gallium versions is enabled, other 2 were adding --without-gallium-drivers -PACKAGECONFIG[gallium] = "--with-gallium-drivers=${GALLIUMDRIVERS}, --without-gallium-drivers" -MESA_LLVM_RELEASE ?= "3.3" -PACKAGECONFIG[gallium-llvm] = "--enable-gallium-llvm --enable-llvm-shared-libs, --disable-gallium-llvm, llvm${MESA_LLVM_RELEASE} \ - ${@'elfutils' if ${GALLIUMDRIVERS_LLVM33_ENABLED} else ''}" -export WANT_LLVM_RELEASE = "${MESA_LLVM_RELEASE}" -PACKAGECONFIG[xa] = "--enable-xa, --disable-xa" - -# Mesa requires one of the following crypto implementation, pick one of them -MESA_CRYPTO ??= "openssl" -PACKAGECONFIG[openssl] = "--with-sha1=libcrypto,,openssl" -PACKAGECONFIG[nettle] = "--with-sha1=libnettle,,nettle" -PACKAGECONFIG[gcrypt] = "--with-sha1=libgcrypt,,libgcrypt" - -# llvmpipe is slow if compiled with -fomit-frame-pointer (e.g. -O2) -FULL_OPTIMIZATION_append = " -fno-omit-frame-pointer" - -# Multiple virtual/gl providers being built breaks staging -EXCLUDE_FROM_WORLD = "1" - -# Remove the mesa dependency on mesa-dev, as mesa is empty -RDEPENDS_${PN}-dev = "" - -PACKAGES =+ "libegl-mesa libegl-mesa-dev \ - libosmesa libosmesa-dev \ - libgl-mesa libgl-mesa-dev \ - libglapi libglapi-dev \ - libgbm libgbm-dev \ - libgles1-mesa libgles1-mesa-dev \ - libgles2-mesa libgles2-mesa-dev \ - libgles3-mesa libgles3-mesa-dev \ - libwayland-egl libwayland-egl-dev \ - libxvmcsoftpipe libxvmcsoftpipe-dev \ - libxatracker libxatracker-dev \ - mesa-megadriver \ - " - -do_install_append () { - # Drivers never need libtool .la files - rm -f ${D}${libdir}/dri/*.la - rm -f ${D}${libdir}/egl/*.la - rm -f ${D}${libdir}/gallium-pipe/*.la - rm -f ${D}${libdir}/gbm/*.la - - # it was packaged in libdricore9.1.3-1 and preventing upgrades when debian.bbclass was used - rm -f ${D}${sysconfdir}/drirc -} - -# For the packages that make up the OpenGL interfaces, inject variables so that -# they don't get Debian-renamed (which would remove the -mesa suffix), and -# RPROVIDEs/RCONFLICTs on the generic libgl name. -python __anonymous() { - pkgconfig = (d.getVar('PACKAGECONFIG', True) or "").split() - for p in (("egl", "libegl", "libegl1"), - ("dri", "libgl", "libgl1"), - ("gles", "libgles1", "libglesv1-cm1"), - ("gles", "libgles2", "libglesv2-2"), - ("gles", "libgles3",)): - if not p[0] in pkgconfig: - continue - fullp = p[1] + "-mesa" - pkgs = " ".join(p[1:]) - d.setVar("DEBIAN_NOAUTONAME_" + fullp, "1") - d.appendVar("RREPLACES_" + fullp, pkgs) - d.appendVar("RPROVIDES_" + fullp, pkgs) - d.appendVar("RCONFLICTS_" + fullp, pkgs) - - d.appendVar("RRECOMMENDS_" + fullp, " mesa-megadriver") - - # For -dev, the first element is both the Debian and original name - fullp += "-dev" - pkgs = p[1] + "-dev" - d.setVar("DEBIAN_NOAUTONAME_" + fullp, "1") - d.appendVar("RREPLACES_" + fullp, pkgs) - d.appendVar("RPROVIDES_" + fullp, pkgs) - d.appendVar("RCONFLICTS_" + fullp, pkgs) -} - -python mesa_populate_packages() { - pkgs = ['mesa', 'mesa-dev', 'mesa-dbg'] - for pkg in pkgs: - d.setVar("RPROVIDES_%s" % pkg, pkg.replace("mesa", "mesa-dri", 1)) - d.setVar("RCONFLICTS_%s" % pkg, pkg.replace("mesa", "mesa-dri", 1)) - d.setVar("RREPLACES_%s" % pkg, pkg.replace("mesa", "mesa-dri", 1)) - - import re - dri_drivers_root = oe.path.join(d.getVar('PKGD', True), d.getVar('libdir', True), "dri") - if os.path.isdir(dri_drivers_root): - dri_pkgs = os.listdir(dri_drivers_root) - lib_name = d.expand("${MLPREFIX}mesa-megadriver") - for p in dri_pkgs: - m = re.match('^(.*)_dri\.so$', p) - if m: - pkg_name = " ${MLPREFIX}mesa-driver-%s" % legitimize_package_name(m.group(1)) - d.appendVar("RPROVIDES_%s" % lib_name, pkg_name) - d.appendVar("RCONFLICTS_%s" % lib_name, pkg_name) - d.appendVar("RREPLACES_%s" % lib_name, pkg_name) - - pipe_drivers_root = os.path.join(d.getVar('libdir', True), "gallium-pipe") - do_split_packages(d, pipe_drivers_root, '^pipe_(.*)\.so$', 'mesa-driver-pipe-%s', 'Mesa %s pipe driver', extra_depends='') -} - -PACKAGESPLITFUNCS_prepend = "mesa_populate_packages " - -PACKAGES_DYNAMIC += "^mesa-driver-.*" - -FILES_${PN} += "${sysconfdir}/drirc" -FILES_mesa-megadriver = "${libdir}/dri/*" -FILES_libegl-mesa = "${libdir}/libEGL.so.*" -FILES_libgbm = "${libdir}/libgbm.so.*" -FILES_libgles1-mesa = "${libdir}/libGLESv1*.so.*" -FILES_libgles2-mesa = "${libdir}/libGLESv2.so.*" -FILES_libgl-mesa = "${libdir}/libGL.so.*" -FILES_libglapi = "${libdir}/libglapi.so.*" -FILES_libosmesa = "${libdir}/libOSMesa.so.*" -FILES_libwayland-egl = "${libdir}/libwayland-egl.so.*" -FILES_libxvmcsoftpipe = "${libdir}/libXvMCsoftpipe.so.*" -FILES_libxatracker = "${libdir}/libxatracker.so.*" - -FILES_${PN}-dev = "${libdir}/pkgconfig/dri.pc" -FILES_libegl-mesa-dev = "${libdir}/libEGL.* ${includedir}/EGL ${includedir}/KHR ${libdir}/pkgconfig/egl.pc" -FILES_libgbm-dev = "${libdir}/libgbm.* ${libdir}/pkgconfig/gbm.pc ${includedir}/gbm.h" -FILES_libgl-mesa-dev = "${libdir}/libGL.* ${includedir}/GL ${libdir}/pkgconfig/gl.pc" -FILES_libglapi-dev = "${libdir}/libglapi.*" -FILES_libgles1-mesa-dev = "${libdir}/libGLESv1*.* ${includedir}/GLES ${libdir}/pkgconfig/glesv1*.pc" -FILES_libgles2-mesa-dev = "${libdir}/libGLESv2.* ${includedir}/GLES2 ${libdir}/pkgconfig/glesv2.pc" -FILES_libgles3-mesa-dev = "${includedir}/GLES3" -FILES_libosmesa-dev = "${libdir}/libOSMesa.* ${includedir}/osmesa.h ${libdir}/pkgconfig/osmesa.pc" -FILES_libwayland-egl-dev = "${libdir}/pkgconfig/wayland-egl.pc ${libdir}/libwayland-egl.*" -FILES_libxvmcsoftpipe-dev = "${libdir}/libXvMCsoftpipe.so ${libdir}/libXvMCsoftpipe.la" -FILES_libxatracker-dev = "${libdir}/libxatracker.so ${libdir}/libxatracker.la \ - ${includedir}/xa_tracker.h ${includedir}/xa_composite.h ${includedir}/xa_context.h \ - ${libdir}/pkgconfig/xatracker.pc" diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-graphics/mesa/mesa_12.0.3.bb b/meta-agl-bsp/meta-raspberrypi/recipes-graphics/mesa/mesa_12.0.3.bb deleted file mode 100644 index acc8353dd..000000000 --- a/meta-agl-bsp/meta-raspberrypi/recipes-graphics/mesa/mesa_12.0.3.bb +++ /dev/null @@ -1,17 +0,0 @@ -require ${BPN}.inc - -SRC_URI = "ftp://ftp.freedesktop.org/pub/mesa/${PV}/mesa-${PV}.tar.xz \ - file://replace_glibc_check_with_linux.patch \ - file://disable-asm-on-non-gcc.patch \ -" - -SRC_URI[md5sum] = "1113699c714042d8c4df4766be8c57d8" -SRC_URI[sha256sum] = "1dc86dd9b51272eee1fad3df65e18cda2e556ef1bc0b6e07cd750b9757f493b1" - -#because we cannot rely on the fact that all apps will use pkgconfig, -#make eglplatform.h independent of MESA_EGL_NO_X11_HEADER -do_install_append() { - if ${@bb.utils.contains('PACKAGECONFIG', 'egl', 'true', 'false', d)}; then - sed -i -e 's/^#if defined(MESA_EGL_NO_X11_HEADERS)$/#if defined(MESA_EGL_NO_X11_HEADERS) || ${@bb.utils.contains('PACKAGECONFIG', 'x11', '0', '1', d)}/' ${D}${includedir}/EGL/eglplatform.h - fi -} diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.4/0001-mm-larger-stack-guard-gap-between-vmas.patch b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.4/0001-mm-larger-stack-guard-gap-between-vmas.patch deleted file mode 100644 index e9fafad74..000000000 --- a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.4/0001-mm-larger-stack-guard-gap-between-vmas.patch +++ /dev/null @@ -1,900 +0,0 @@ -From 3982d0807e02909957990f194c5ed2ffb6ab6c35 Mon Sep 17 00:00:00 2001 -From: Hugh Dickins <hughd@google.com> -Date: Mon, 19 Jun 2017 04:03:24 -0700 -Subject: [PATCH 1/3] mm: larger stack guard gap, between vmas - -commit 1be7107fbe18eed3e319a6c3e83c78254b693acb upstream. - -Stack guard page is a useful feature to reduce a risk of stack smashing -into a different mapping. We have been using a single page gap which -is sufficient to prevent having stack adjacent to a different mapping. -But this seems to be insufficient in the light of the stack usage in -userspace. E.g. glibc uses as large as 64kB alloca() in many commonly -used functions. Others use constructs liks gid_t buffer[NGROUPS_MAX] -which is 256kB or stack strings with MAX_ARG_STRLEN. - -This will become especially dangerous for suid binaries and the default -no limit for the stack size limit because those applications can be -tricked to consume a large portion of the stack and a single glibc call -could jump over the guard page. These attacks are not theoretical, -unfortunatelly. - -Make those attacks less probable by increasing the stack guard gap -to 1MB (on systems with 4k pages; but make it depend on the page size -because systems with larger base pages might cap stack allocations in -the PAGE_SIZE units) which should cover larger alloca() and VLA stack -allocations. It is obviously not a full fix because the problem is -somehow inherent, but it should reduce attack space a lot. - -One could argue that the gap size should be configurable from userspace, -but that can be done later when somebody finds that the new 1MB is wrong -for some special case applications. For now, add a kernel command line -option (stack_guard_gap) to specify the stack gap size (in page units). - -Implementation wise, first delete all the old code for stack guard page: -because although we could get away with accounting one extra page in a -stack vma, accounting a larger gap can break userspace - case in point, -a program run with "ulimit -S -v 20000" failed when the 1MB gap was -counted for RLIMIT_AS; similar problems could come with RLIMIT_MLOCK -and strict non-overcommit mode. - -Instead of keeping gap inside the stack vma, maintain the stack guard -gap as a gap between vmas: using vm_start_gap() in place of vm_start -(or vm_end_gap() in place of vm_end if VM_GROWSUP) in just those few -places which need to respect the gap - mainly arch_get_unmapped_area(), -and and the vma tree's subtree_gap support for that. - -Original-patch-by: Oleg Nesterov <oleg@redhat.com> -Original-patch-by: Michal Hocko <mhocko@suse.com> -Signed-off-by: Hugh Dickins <hughd@google.com> -Acked-by: Michal Hocko <mhocko@suse.com> -Tested-by: Helge Deller <deller@gmx.de> # parisc -Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> -[wt: backport to 4.11: adjust context] -[wt: backport to 4.9: adjust context ; kernel doc was not in admin-guide] -[wt: backport to 4.4: adjust context ; drop ppc hugetlb_radix changes] -Signed-off-by: Willy Tarreau <w@1wt.eu> -[gkh: minor build fixes for 4.4] -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - Documentation/kernel-parameters.txt | 7 ++ - arch/arc/mm/mmap.c | 2 +- - arch/arm/mm/mmap.c | 4 +- - arch/frv/mm/elf-fdpic.c | 2 +- - arch/mips/mm/mmap.c | 2 +- - arch/parisc/kernel/sys_parisc.c | 15 ++-- - arch/powerpc/mm/slice.c | 2 +- - arch/s390/mm/mmap.c | 4 +- - arch/sh/mm/mmap.c | 4 +- - arch/sparc/kernel/sys_sparc_64.c | 4 +- - arch/sparc/mm/hugetlbpage.c | 2 +- - arch/tile/mm/hugetlbpage.c | 2 +- - arch/x86/kernel/sys_x86_64.c | 4 +- - arch/x86/mm/hugetlbpage.c | 2 +- - arch/xtensa/kernel/syscall.c | 2 +- - fs/hugetlbfs/inode.c | 2 +- - fs/proc/task_mmu.c | 4 - - include/linux/mm.h | 53 ++++++------- - mm/gup.c | 5 -- - mm/memory.c | 38 --------- - mm/mmap.c | 149 +++++++++++++++++++++--------------- - 21 files changed, 149 insertions(+), 160 deletions(-) - -diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index c360f80..9738c8b 100644 ---- a/Documentation/kernel-parameters.txt -+++ b/Documentation/kernel-parameters.txt -@@ -3576,6 +3576,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. - spia_pedr= - spia_peddr= - -+ stack_guard_gap= [MM] -+ override the default stack gap protection. The value -+ is in page units and it defines how many pages prior -+ to (for stacks growing down) resp. after (for stacks -+ growing up) the main stack are reserved for no other -+ mapping. Default value is 256 pages. -+ - stacktrace [FTRACE] - Enabled the stack tracer on boot up. - -diff --git a/arch/arc/mm/mmap.c b/arch/arc/mm/mmap.c -index 2e06d56..cf4ae69 100644 ---- a/arch/arc/mm/mmap.c -+++ b/arch/arc/mm/mmap.c -@@ -64,7 +64,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c -index 407dc78..c469c06 100644 ---- a/arch/arm/mm/mmap.c -+++ b/arch/arm/mm/mmap.c -@@ -89,7 +89,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -@@ -140,7 +140,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/frv/mm/elf-fdpic.c b/arch/frv/mm/elf-fdpic.c -index 836f147..efa59f1 100644 ---- a/arch/frv/mm/elf-fdpic.c -+++ b/arch/frv/mm/elf-fdpic.c -@@ -74,7 +74,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi - addr = PAGE_ALIGN(addr); - vma = find_vma(current->mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - goto success; - } - -diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c -index 5c81fdd..025cb31 100644 ---- a/arch/mips/mm/mmap.c -+++ b/arch/mips/mm/mmap.c -@@ -92,7 +92,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, - - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c -index 5aba01a..4dda73c 100644 ---- a/arch/parisc/kernel/sys_parisc.c -+++ b/arch/parisc/kernel/sys_parisc.c -@@ -88,7 +88,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, - unsigned long len, unsigned long pgoff, unsigned long flags) - { - struct mm_struct *mm = current->mm; -- struct vm_area_struct *vma; -+ struct vm_area_struct *vma, *prev; - unsigned long task_size = TASK_SIZE; - int do_color_align, last_mmap; - struct vm_unmapped_area_info info; -@@ -115,9 +115,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, - else - addr = PAGE_ALIGN(addr); - -- vma = find_vma(mm, addr); -+ vma = find_vma_prev(mm, addr, &prev); - if (task_size - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma)) && -+ (!prev || addr >= vm_end_gap(prev))) - goto found_addr; - } - -@@ -141,7 +142,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - const unsigned long len, const unsigned long pgoff, - const unsigned long flags) - { -- struct vm_area_struct *vma; -+ struct vm_area_struct *vma, *prev; - struct mm_struct *mm = current->mm; - unsigned long addr = addr0; - int do_color_align, last_mmap; -@@ -175,9 +176,11 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - addr = COLOR_ALIGN(addr, last_mmap, pgoff); - else - addr = PAGE_ALIGN(addr); -- vma = find_vma(mm, addr); -+ -+ vma = find_vma_prev(mm, addr, &prev); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma)) && -+ (!prev || addr >= vm_end_gap(prev))) - goto found_addr; - } - -diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c -index 0f432a7..6ad12b2 100644 ---- a/arch/powerpc/mm/slice.c -+++ b/arch/powerpc/mm/slice.c -@@ -105,7 +105,7 @@ static int slice_area_is_free(struct mm_struct *mm, unsigned long addr, - if ((mm->task_size - len) < addr) - return 0; - vma = find_vma(mm, addr); -- return (!vma || (addr + len) <= vma->vm_start); -+ return (!vma || (addr + len) <= vm_start_gap(vma)); - } - - static int slice_low_has_vma(struct mm_struct *mm, unsigned long slice) -diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c -index f2b6b1d..126c4a9 100644 ---- a/arch/s390/mm/mmap.c -+++ b/arch/s390/mm/mmap.c -@@ -97,7 +97,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -@@ -135,7 +135,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/sh/mm/mmap.c b/arch/sh/mm/mmap.c -index 6777177..7df7d59 100644 ---- a/arch/sh/mm/mmap.c -+++ b/arch/sh/mm/mmap.c -@@ -63,7 +63,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, - - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -@@ -113,7 +113,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c -index c690c8e..7f0f7c01 100644 ---- a/arch/sparc/kernel/sys_sparc_64.c -+++ b/arch/sparc/kernel/sys_sparc_64.c -@@ -118,7 +118,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi - - vma = find_vma(mm, addr); - if (task_size - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -@@ -181,7 +181,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - - vma = find_vma(mm, addr); - if (task_size - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c -index da11424..ffa842b 100644 ---- a/arch/sparc/mm/hugetlbpage.c -+++ b/arch/sparc/mm/hugetlbpage.c -@@ -115,7 +115,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, - addr = ALIGN(addr, HPAGE_SIZE); - vma = find_vma(mm, addr); - if (task_size - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - if (mm->get_unmapped_area == arch_get_unmapped_area) -diff --git a/arch/tile/mm/hugetlbpage.c b/arch/tile/mm/hugetlbpage.c -index c034dc3..c97ee6c 100644 ---- a/arch/tile/mm/hugetlbpage.c -+++ b/arch/tile/mm/hugetlbpage.c -@@ -232,7 +232,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, - addr = ALIGN(addr, huge_page_size(h)); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - if (current->mm->get_unmapped_area == arch_get_unmapped_area) -diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c -index 10e0272..136ad7c 100644 ---- a/arch/x86/kernel/sys_x86_64.c -+++ b/arch/x86/kernel/sys_x86_64.c -@@ -143,7 +143,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (end - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -@@ -186,7 +186,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index 42982b2..39bdaf3 100644 ---- a/arch/x86/mm/hugetlbpage.c -+++ b/arch/x86/mm/hugetlbpage.c -@@ -144,7 +144,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, - addr = ALIGN(addr, huge_page_size(h)); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - if (mm->get_unmapped_area == arch_get_unmapped_area) -diff --git a/arch/xtensa/kernel/syscall.c b/arch/xtensa/kernel/syscall.c -index 83cf496..3aaaae1 100644 ---- a/arch/xtensa/kernel/syscall.c -+++ b/arch/xtensa/kernel/syscall.c -@@ -87,7 +87,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, - /* At this point: (!vmm || addr < vmm->vm_end). */ - if (TASK_SIZE - len < addr) - return -ENOMEM; -- if (!vmm || addr + len <= vmm->vm_start) -+ if (!vmm || addr + len <= vm_start_gap(vmm)) - return addr; - addr = vmm->vm_end; - if (flags & MAP_SHARED) -diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c -index 595ebdb..a17da8b5 100644 ---- a/fs/hugetlbfs/inode.c -+++ b/fs/hugetlbfs/inode.c -@@ -191,7 +191,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, - addr = ALIGN(addr, huge_page_size(h)); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index d598b9c..cb7020c 100644 ---- a/fs/proc/task_mmu.c -+++ b/fs/proc/task_mmu.c -@@ -295,11 +295,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) - - /* We don't show the stack guard page in /proc/maps */ - start = vma->vm_start; -- if (stack_guard_page_start(vma, start)) -- start += PAGE_SIZE; - end = vma->vm_end; -- if (stack_guard_page_end(vma, end)) -- end -= PAGE_SIZE; - - seq_setwidth(m, 25 + sizeof(void *) * 6 - 1); - seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu ", -diff --git a/include/linux/mm.h b/include/linux/mm.h -index f0ffa01..55f950a 100644 ---- a/include/linux/mm.h -+++ b/include/linux/mm.h -@@ -1278,39 +1278,11 @@ int clear_page_dirty_for_io(struct page *page); - - int get_cmdline(struct task_struct *task, char *buffer, int buflen); - --/* Is the vma a continuation of the stack vma above it? */ --static inline int vma_growsdown(struct vm_area_struct *vma, unsigned long addr) --{ -- return vma && (vma->vm_end == addr) && (vma->vm_flags & VM_GROWSDOWN); --} -- - static inline bool vma_is_anonymous(struct vm_area_struct *vma) - { - return !vma->vm_ops; - } - --static inline int stack_guard_page_start(struct vm_area_struct *vma, -- unsigned long addr) --{ -- return (vma->vm_flags & VM_GROWSDOWN) && -- (vma->vm_start == addr) && -- !vma_growsdown(vma->vm_prev, addr); --} -- --/* Is the vma a continuation of the stack vma below it? */ --static inline int vma_growsup(struct vm_area_struct *vma, unsigned long addr) --{ -- return vma && (vma->vm_start == addr) && (vma->vm_flags & VM_GROWSUP); --} -- --static inline int stack_guard_page_end(struct vm_area_struct *vma, -- unsigned long addr) --{ -- return (vma->vm_flags & VM_GROWSUP) && -- (vma->vm_end == addr) && -- !vma_growsup(vma->vm_next, addr); --} -- - int vma_is_stack_for_task(struct vm_area_struct *vma, struct task_struct *t); - - extern unsigned long move_page_tables(struct vm_area_struct *vma, -@@ -2012,6 +1984,7 @@ void page_cache_async_readahead(struct address_space *mapping, - pgoff_t offset, - unsigned long size); - -+extern unsigned long stack_guard_gap; - /* Generic expand stack which grows the stack according to GROWS{UP,DOWN} */ - extern int expand_stack(struct vm_area_struct *vma, unsigned long address); - -@@ -2040,6 +2013,30 @@ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * m - return vma; - } - -+static inline unsigned long vm_start_gap(struct vm_area_struct *vma) -+{ -+ unsigned long vm_start = vma->vm_start; -+ -+ if (vma->vm_flags & VM_GROWSDOWN) { -+ vm_start -= stack_guard_gap; -+ if (vm_start > vma->vm_start) -+ vm_start = 0; -+ } -+ return vm_start; -+} -+ -+static inline unsigned long vm_end_gap(struct vm_area_struct *vma) -+{ -+ unsigned long vm_end = vma->vm_end; -+ -+ if (vma->vm_flags & VM_GROWSUP) { -+ vm_end += stack_guard_gap; -+ if (vm_end < vma->vm_end) -+ vm_end = -PAGE_SIZE; -+ } -+ return vm_end; -+} -+ - static inline unsigned long vma_pages(struct vm_area_struct *vma) - { - return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT; -diff --git a/mm/gup.c b/mm/gup.c -index 4b0b7e7..b599526 100644 ---- a/mm/gup.c -+++ b/mm/gup.c -@@ -312,11 +312,6 @@ static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma, - /* mlock all present pages, but do not fault in new pages */ - if ((*flags & (FOLL_POPULATE | FOLL_MLOCK)) == FOLL_MLOCK) - return -ENOENT; -- /* For mm_populate(), just skip the stack guard page. */ -- if ((*flags & FOLL_POPULATE) && -- (stack_guard_page_start(vma, address) || -- stack_guard_page_end(vma, address + PAGE_SIZE))) -- return -ENOENT; - if (*flags & FOLL_WRITE) - fault_flags |= FAULT_FLAG_WRITE; - if (nonblocking) -diff --git a/mm/memory.c b/mm/memory.c -index 76dcee3..e6fa134 100644 ---- a/mm/memory.c -+++ b/mm/memory.c -@@ -2662,40 +2662,6 @@ out_release: - } - - /* -- * This is like a special single-page "expand_{down|up}wards()", -- * except we must first make sure that 'address{-|+}PAGE_SIZE' -- * doesn't hit another vma. -- */ --static inline int check_stack_guard_page(struct vm_area_struct *vma, unsigned long address) --{ -- address &= PAGE_MASK; -- if ((vma->vm_flags & VM_GROWSDOWN) && address == vma->vm_start) { -- struct vm_area_struct *prev = vma->vm_prev; -- -- /* -- * Is there a mapping abutting this one below? -- * -- * That's only ok if it's the same stack mapping -- * that has gotten split.. -- */ -- if (prev && prev->vm_end == address) -- return prev->vm_flags & VM_GROWSDOWN ? 0 : -ENOMEM; -- -- return expand_downwards(vma, address - PAGE_SIZE); -- } -- if ((vma->vm_flags & VM_GROWSUP) && address + PAGE_SIZE == vma->vm_end) { -- struct vm_area_struct *next = vma->vm_next; -- -- /* As VM_GROWSDOWN but s/below/above/ */ -- if (next && next->vm_start == address + PAGE_SIZE) -- return next->vm_flags & VM_GROWSUP ? 0 : -ENOMEM; -- -- return expand_upwards(vma, address + PAGE_SIZE); -- } -- return 0; --} -- --/* - * We enter with non-exclusive mmap_sem (to exclude vma changes, - * but allow concurrent faults), and pte mapped but not yet locked. - * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -2715,10 +2681,6 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, - if (vma->vm_flags & VM_SHARED) - return VM_FAULT_SIGBUS; - -- /* Check if we need to add a guard page to the stack */ -- if (check_stack_guard_page(vma, address) < 0) -- return VM_FAULT_SIGSEGV; -- - /* Use the zero-page for reads */ - if (!(flags & FAULT_FLAG_WRITE) && !mm_forbids_zeropage(mm)) { - entry = pte_mkspecial(pfn_pte(my_zero_pfn(address), -diff --git a/mm/mmap.c b/mm/mmap.c -index 455772a..5e043dd 100644 ---- a/mm/mmap.c -+++ b/mm/mmap.c -@@ -288,6 +288,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) - unsigned long retval; - unsigned long newbrk, oldbrk; - struct mm_struct *mm = current->mm; -+ struct vm_area_struct *next; - unsigned long min_brk; - bool populate; - -@@ -332,7 +333,8 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) - } - - /* Check against existing mmap mappings. */ -- if (find_vma_intersection(mm, oldbrk, newbrk+PAGE_SIZE)) -+ next = find_vma(mm, oldbrk); -+ if (next && newbrk + PAGE_SIZE > vm_start_gap(next)) - goto out; - - /* Ok, looks good - let it rip. */ -@@ -355,10 +357,22 @@ out: - - static long vma_compute_subtree_gap(struct vm_area_struct *vma) - { -- unsigned long max, subtree_gap; -- max = vma->vm_start; -- if (vma->vm_prev) -- max -= vma->vm_prev->vm_end; -+ unsigned long max, prev_end, subtree_gap; -+ -+ /* -+ * Note: in the rare case of a VM_GROWSDOWN above a VM_GROWSUP, we -+ * allow two stack_guard_gaps between them here, and when choosing -+ * an unmapped area; whereas when expanding we only require one. -+ * That's a little inconsistent, but keeps the code here simpler. -+ */ -+ max = vm_start_gap(vma); -+ if (vma->vm_prev) { -+ prev_end = vm_end_gap(vma->vm_prev); -+ if (max > prev_end) -+ max -= prev_end; -+ else -+ max = 0; -+ } - if (vma->vm_rb.rb_left) { - subtree_gap = rb_entry(vma->vm_rb.rb_left, - struct vm_area_struct, vm_rb)->rb_subtree_gap; -@@ -451,7 +465,7 @@ static void validate_mm(struct mm_struct *mm) - anon_vma_unlock_read(anon_vma); - } - -- highest_address = vma->vm_end; -+ highest_address = vm_end_gap(vma); - vma = vma->vm_next; - i++; - } -@@ -620,7 +634,7 @@ void __vma_link_rb(struct mm_struct *mm, struct vm_area_struct *vma, - if (vma->vm_next) - vma_gap_update(vma->vm_next); - else -- mm->highest_vm_end = vma->vm_end; -+ mm->highest_vm_end = vm_end_gap(vma); - - /* - * vma->vm_prev wasn't known when we followed the rbtree to find the -@@ -866,7 +880,7 @@ again: remove_next = 1 + (end > next->vm_end); - vma_gap_update(vma); - if (end_changed) { - if (!next) -- mm->highest_vm_end = end; -+ mm->highest_vm_end = vm_end_gap(vma); - else if (!adjust_next) - vma_gap_update(next); - } -@@ -909,7 +923,7 @@ again: remove_next = 1 + (end > next->vm_end); - else if (next) - vma_gap_update(next); - else -- mm->highest_vm_end = end; -+ VM_WARN_ON(mm->highest_vm_end != vm_end_gap(vma)); - } - if (insert && file) - uprobe_mmap(insert); -@@ -1741,7 +1755,7 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) - - while (true) { - /* Visit left subtree if it looks promising */ -- gap_end = vma->vm_start; -+ gap_end = vm_start_gap(vma); - if (gap_end >= low_limit && vma->vm_rb.rb_left) { - struct vm_area_struct *left = - rb_entry(vma->vm_rb.rb_left, -@@ -1752,7 +1766,7 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) - } - } - -- gap_start = vma->vm_prev ? vma->vm_prev->vm_end : 0; -+ gap_start = vma->vm_prev ? vm_end_gap(vma->vm_prev) : 0; - check_current: - /* Check if current node has a suitable gap */ - if (gap_start > high_limit) -@@ -1779,8 +1793,8 @@ check_current: - vma = rb_entry(rb_parent(prev), - struct vm_area_struct, vm_rb); - if (prev == vma->vm_rb.rb_left) { -- gap_start = vma->vm_prev->vm_end; -- gap_end = vma->vm_start; -+ gap_start = vm_end_gap(vma->vm_prev); -+ gap_end = vm_start_gap(vma); - goto check_current; - } - } -@@ -1844,7 +1858,7 @@ unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) - - while (true) { - /* Visit right subtree if it looks promising */ -- gap_start = vma->vm_prev ? vma->vm_prev->vm_end : 0; -+ gap_start = vma->vm_prev ? vm_end_gap(vma->vm_prev) : 0; - if (gap_start <= high_limit && vma->vm_rb.rb_right) { - struct vm_area_struct *right = - rb_entry(vma->vm_rb.rb_right, -@@ -1857,7 +1871,7 @@ unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) - - check_current: - /* Check if current node has a suitable gap */ -- gap_end = vma->vm_start; -+ gap_end = vm_start_gap(vma); - if (gap_end < low_limit) - return -ENOMEM; - if (gap_start <= high_limit && gap_end - gap_start >= length) -@@ -1883,7 +1897,7 @@ check_current: - struct vm_area_struct, vm_rb); - if (prev == vma->vm_rb.rb_right) { - gap_start = vma->vm_prev ? -- vma->vm_prev->vm_end : 0; -+ vm_end_gap(vma->vm_prev) : 0; - goto check_current; - } - } -@@ -1921,7 +1935,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - unsigned long len, unsigned long pgoff, unsigned long flags) - { - struct mm_struct *mm = current->mm; -- struct vm_area_struct *vma; -+ struct vm_area_struct *vma, *prev; - struct vm_unmapped_area_info info; - - if (len > TASK_SIZE - mmap_min_addr) -@@ -1932,9 +1946,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - - if (addr) { - addr = PAGE_ALIGN(addr); -- vma = find_vma(mm, addr); -+ vma = find_vma_prev(mm, addr, &prev); - if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma)) && -+ (!prev || addr >= vm_end_gap(prev))) - return addr; - } - -@@ -1957,7 +1972,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - const unsigned long len, const unsigned long pgoff, - const unsigned long flags) - { -- struct vm_area_struct *vma; -+ struct vm_area_struct *vma, *prev; - struct mm_struct *mm = current->mm; - unsigned long addr = addr0; - struct vm_unmapped_area_info info; -@@ -1972,9 +1987,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - /* requesting a specific address */ - if (addr) { - addr = PAGE_ALIGN(addr); -- vma = find_vma(mm, addr); -+ vma = find_vma_prev(mm, addr, &prev); - if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma)) && -+ (!prev || addr >= vm_end_gap(prev))) - return addr; - } - -@@ -2099,21 +2115,19 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, - * update accounting. This is shared with both the - * grow-up and grow-down cases. - */ --static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, unsigned long grow) -+static int acct_stack_growth(struct vm_area_struct *vma, -+ unsigned long size, unsigned long grow) - { - struct mm_struct *mm = vma->vm_mm; - struct rlimit *rlim = current->signal->rlim; -- unsigned long new_start, actual_size; -+ unsigned long new_start; - - /* address space limit tests */ - if (!may_expand_vm(mm, grow)) - return -ENOMEM; - - /* Stack limit test */ -- actual_size = size; -- if (size && (vma->vm_flags & (VM_GROWSUP | VM_GROWSDOWN))) -- actual_size -= PAGE_SIZE; -- if (actual_size > READ_ONCE(rlim[RLIMIT_STACK].rlim_cur)) -+ if (size > READ_ONCE(rlim[RLIMIT_STACK].rlim_cur)) - return -ENOMEM; - - /* mlock limit tests */ -@@ -2151,17 +2165,30 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns - int expand_upwards(struct vm_area_struct *vma, unsigned long address) - { - struct mm_struct *mm = vma->vm_mm; -+ struct vm_area_struct *next; -+ unsigned long gap_addr; - int error = 0; - - if (!(vma->vm_flags & VM_GROWSUP)) - return -EFAULT; - - /* Guard against wrapping around to address 0. */ -- if (address < PAGE_ALIGN(address+4)) -- address = PAGE_ALIGN(address+4); -- else -+ address &= PAGE_MASK; -+ address += PAGE_SIZE; -+ if (!address) - return -ENOMEM; - -+ /* Enforce stack_guard_gap */ -+ gap_addr = address + stack_guard_gap; -+ if (gap_addr < address) -+ return -ENOMEM; -+ next = vma->vm_next; -+ if (next && next->vm_start < gap_addr) { -+ if (!(next->vm_flags & VM_GROWSUP)) -+ return -ENOMEM; -+ /* Check that both stack segments have the same anon_vma? */ -+ } -+ - /* We must make sure the anon_vma is allocated. */ - if (unlikely(anon_vma_prepare(vma))) - return -ENOMEM; -@@ -2206,7 +2233,7 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) - if (vma->vm_next) - vma_gap_update(vma->vm_next); - else -- mm->highest_vm_end = address; -+ mm->highest_vm_end = vm_end_gap(vma); - spin_unlock(&mm->page_table_lock); - - perf_event_mmap(vma); -@@ -2227,6 +2254,8 @@ int expand_downwards(struct vm_area_struct *vma, - unsigned long address) - { - struct mm_struct *mm = vma->vm_mm; -+ struct vm_area_struct *prev; -+ unsigned long gap_addr; - int error; - - address &= PAGE_MASK; -@@ -2234,6 +2263,17 @@ int expand_downwards(struct vm_area_struct *vma, - if (error) - return error; - -+ /* Enforce stack_guard_gap */ -+ gap_addr = address - stack_guard_gap; -+ if (gap_addr > address) -+ return -ENOMEM; -+ prev = vma->vm_prev; -+ if (prev && prev->vm_end > gap_addr) { -+ if (!(prev->vm_flags & VM_GROWSDOWN)) -+ return -ENOMEM; -+ /* Check that both stack segments have the same anon_vma? */ -+ } -+ - /* We must make sure the anon_vma is allocated. */ - if (unlikely(anon_vma_prepare(vma))) - return -ENOMEM; -@@ -2289,28 +2329,25 @@ int expand_downwards(struct vm_area_struct *vma, - return error; - } - --/* -- * Note how expand_stack() refuses to expand the stack all the way to -- * abut the next virtual mapping, *unless* that mapping itself is also -- * a stack mapping. We want to leave room for a guard page, after all -- * (the guard page itself is not added here, that is done by the -- * actual page faulting logic) -- * -- * This matches the behavior of the guard page logic (see mm/memory.c: -- * check_stack_guard_page()), which only allows the guard page to be -- * removed under these circumstances. -- */ -+/* enforced gap between the expanding stack and other mappings. */ -+unsigned long stack_guard_gap = 256UL<<PAGE_SHIFT; -+ -+static int __init cmdline_parse_stack_guard_gap(char *p) -+{ -+ unsigned long val; -+ char *endptr; -+ -+ val = simple_strtoul(p, &endptr, 10); -+ if (!*endptr) -+ stack_guard_gap = val << PAGE_SHIFT; -+ -+ return 0; -+} -+__setup("stack_guard_gap=", cmdline_parse_stack_guard_gap); -+ - #ifdef CONFIG_STACK_GROWSUP - int expand_stack(struct vm_area_struct *vma, unsigned long address) - { -- struct vm_area_struct *next; -- -- address &= PAGE_MASK; -- next = vma->vm_next; -- if (next && next->vm_start == address + PAGE_SIZE) { -- if (!(next->vm_flags & VM_GROWSUP)) -- return -ENOMEM; -- } - return expand_upwards(vma, address); - } - -@@ -2332,14 +2369,6 @@ find_extend_vma(struct mm_struct *mm, unsigned long addr) - #else - int expand_stack(struct vm_area_struct *vma, unsigned long address) - { -- struct vm_area_struct *prev; -- -- address &= PAGE_MASK; -- prev = vma->vm_prev; -- if (prev && prev->vm_end == address) { -- if (!(prev->vm_flags & VM_GROWSDOWN)) -- return -ENOMEM; -- } - return expand_downwards(vma, address); - } - -@@ -2437,7 +2466,7 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, - vma->vm_prev = prev; - vma_gap_update(vma); - } else -- mm->highest_vm_end = prev ? prev->vm_end : 0; -+ mm->highest_vm_end = prev ? vm_end_gap(prev) : 0; - tail_vma->vm_next = NULL; - - /* Kill the cache */ --- -2.1.4 - diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.4/0002-Allow-stack-to-grow-up-to-address-space-limit.patch b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.4/0002-Allow-stack-to-grow-up-to-address-space-limit.patch deleted file mode 100644 index d0c94cef2..000000000 --- a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.4/0002-Allow-stack-to-grow-up-to-address-space-limit.patch +++ /dev/null @@ -1,51 +0,0 @@ -From cd20f002742028366c33b38b3ca613eaee4582c9 Mon Sep 17 00:00:00 2001 -From: Helge Deller <deller@gmx.de> -Date: Mon, 19 Jun 2017 17:34:05 +0200 -Subject: [PATCH 2/3] Allow stack to grow up to address space limit - -commit bd726c90b6b8ce87602208701b208a208e6d5600 upstream. - -Fix expand_upwards() on architectures with an upward-growing stack (parisc, -metag and partly IA-64) to allow the stack to reliably grow exactly up to -the address space limit given by TASK_SIZE. - -Signed-off-by: Helge Deller <deller@gmx.de> -Acked-by: Hugh Dickins <hughd@google.com> -Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - mm/mmap.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/mm/mmap.c b/mm/mmap.c -index 5e043dd..fcf4c88 100644 ---- a/mm/mmap.c -+++ b/mm/mmap.c -@@ -2172,16 +2172,19 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) - if (!(vma->vm_flags & VM_GROWSUP)) - return -EFAULT; - -- /* Guard against wrapping around to address 0. */ -+ /* Guard against exceeding limits of the address space. */ - address &= PAGE_MASK; -- address += PAGE_SIZE; -- if (!address) -+ if (address >= TASK_SIZE) - return -ENOMEM; -+ address += PAGE_SIZE; - - /* Enforce stack_guard_gap */ - gap_addr = address + stack_guard_gap; -- if (gap_addr < address) -- return -ENOMEM; -+ -+ /* Guard against overflow */ -+ if (gap_addr < address || gap_addr > TASK_SIZE) -+ gap_addr = TASK_SIZE; -+ - next = vma->vm_next; - if (next && next->vm_start < gap_addr) { - if (!(next->vm_flags & VM_GROWSUP)) --- -2.1.4 - diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.4/0003-mm-fix-new-crash-in-unmapped_area_topdown.patch b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.4/0003-mm-fix-new-crash-in-unmapped_area_topdown.patch deleted file mode 100644 index 3f0acfa29..000000000 --- a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.4/0003-mm-fix-new-crash-in-unmapped_area_topdown.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 1c182004bcb1cd619b58ba6631b9d88052d18e02 Mon Sep 17 00:00:00 2001 -From: Hugh Dickins <hughd@google.com> -Date: Tue, 20 Jun 2017 02:10:44 -0700 -Subject: [PATCH 3/3] mm: fix new crash in unmapped_area_topdown() - -commit f4cb767d76cf7ee72f97dd76f6cfa6c76a5edc89 upstream. - -Trinity gets kernel BUG at mm/mmap.c:1963! in about 3 minutes of -mmap testing. That's the VM_BUG_ON(gap_end < gap_start) at the -end of unmapped_area_topdown(). Linus points out how MAP_FIXED -(which does not have to respect our stack guard gap intentions) -could result in gap_end below gap_start there. Fix that, and -the similar case in its alternative, unmapped_area(). - -Fixes: 1be7107fbe18 ("mm: larger stack guard gap, between vmas") -Reported-by: Dave Jones <davej@codemonkey.org.uk> -Debugged-by: Linus Torvalds <torvalds@linux-foundation.org> -Signed-off-by: Hugh Dickins <hughd@google.com> -Acked-by: Michal Hocko <mhocko@suse.com> -Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - mm/mmap.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/mm/mmap.c b/mm/mmap.c -index fcf4c88..0990f8b 100644 ---- a/mm/mmap.c -+++ b/mm/mmap.c -@@ -1771,7 +1771,8 @@ check_current: - /* Check if current node has a suitable gap */ - if (gap_start > high_limit) - return -ENOMEM; -- if (gap_end >= low_limit && gap_end - gap_start >= length) -+ if (gap_end >= low_limit && -+ gap_end > gap_start && gap_end - gap_start >= length) - goto found; - - /* Visit right subtree if it looks promising */ -@@ -1874,7 +1875,8 @@ check_current: - gap_end = vm_start_gap(vma); - if (gap_end < low_limit) - return -ENOMEM; -- if (gap_start <= high_limit && gap_end - gap_start >= length) -+ if (gap_start <= high_limit && -+ gap_end > gap_start && gap_end - gap_start >= length) - goto found; - - /* Visit left subtree if it looks promising */ --- -2.1.4 - diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.9/0001-mm-larger-stack-guard-gap-between-vmas.patch b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.9/0001-mm-larger-stack-guard-gap-between-vmas.patch deleted file mode 100644 index 06fed097b..000000000 --- a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.9/0001-mm-larger-stack-guard-gap-between-vmas.patch +++ /dev/null @@ -1,935 +0,0 @@ -From d2fe80af1664f169498f6e624a8ea01e4e28efe2 Mon Sep 17 00:00:00 2001 -From: Hugh Dickins <hughd@google.com> -Date: Mon, 19 Jun 2017 04:03:24 -0700 -Subject: [PATCH 1/3] mm: larger stack guard gap, between vmas - -commit 1be7107fbe18eed3e319a6c3e83c78254b693acb upstream. - -Stack guard page is a useful feature to reduce a risk of stack smashing -into a different mapping. We have been using a single page gap which -is sufficient to prevent having stack adjacent to a different mapping. -But this seems to be insufficient in the light of the stack usage in -userspace. E.g. glibc uses as large as 64kB alloca() in many commonly -used functions. Others use constructs liks gid_t buffer[NGROUPS_MAX] -which is 256kB or stack strings with MAX_ARG_STRLEN. - -This will become especially dangerous for suid binaries and the default -no limit for the stack size limit because those applications can be -tricked to consume a large portion of the stack and a single glibc call -could jump over the guard page. These attacks are not theoretical, -unfortunatelly. - -Make those attacks less probable by increasing the stack guard gap -to 1MB (on systems with 4k pages; but make it depend on the page size -because systems with larger base pages might cap stack allocations in -the PAGE_SIZE units) which should cover larger alloca() and VLA stack -allocations. It is obviously not a full fix because the problem is -somehow inherent, but it should reduce attack space a lot. - -One could argue that the gap size should be configurable from userspace, -but that can be done later when somebody finds that the new 1MB is wrong -for some special case applications. For now, add a kernel command line -option (stack_guard_gap) to specify the stack gap size (in page units). - -Implementation wise, first delete all the old code for stack guard page: -because although we could get away with accounting one extra page in a -stack vma, accounting a larger gap can break userspace - case in point, -a program run with "ulimit -S -v 20000" failed when the 1MB gap was -counted for RLIMIT_AS; similar problems could come with RLIMIT_MLOCK -and strict non-overcommit mode. - -Instead of keeping gap inside the stack vma, maintain the stack guard -gap as a gap between vmas: using vm_start_gap() in place of vm_start -(or vm_end_gap() in place of vm_end if VM_GROWSUP) in just those few -places which need to respect the gap - mainly arch_get_unmapped_area(), -and and the vma tree's subtree_gap support for that. - -Original-patch-by: Oleg Nesterov <oleg@redhat.com> -Original-patch-by: Michal Hocko <mhocko@suse.com> -Signed-off-by: Hugh Dickins <hughd@google.com> -Acked-by: Michal Hocko <mhocko@suse.com> -Tested-by: Helge Deller <deller@gmx.de> # parisc -Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> -[wt: backport to 4.11: adjust context] -[wt: backport to 4.9: adjust context ; kernel doc was not in admin-guide] -Signed-off-by: Willy Tarreau <w@1wt.eu> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - Documentation/kernel-parameters.txt | 7 ++ - arch/arc/mm/mmap.c | 2 +- - arch/arm/mm/mmap.c | 4 +- - arch/frv/mm/elf-fdpic.c | 2 +- - arch/mips/mm/mmap.c | 2 +- - arch/parisc/kernel/sys_parisc.c | 15 ++-- - arch/powerpc/mm/hugetlbpage-radix.c | 2 +- - arch/powerpc/mm/mmap.c | 4 +- - arch/powerpc/mm/slice.c | 2 +- - arch/s390/mm/mmap.c | 4 +- - arch/sh/mm/mmap.c | 4 +- - arch/sparc/kernel/sys_sparc_64.c | 4 +- - arch/sparc/mm/hugetlbpage.c | 2 +- - arch/tile/mm/hugetlbpage.c | 2 +- - arch/x86/kernel/sys_x86_64.c | 4 +- - arch/x86/mm/hugetlbpage.c | 2 +- - arch/xtensa/kernel/syscall.c | 2 +- - fs/hugetlbfs/inode.c | 2 +- - fs/proc/task_mmu.c | 4 - - include/linux/mm.h | 53 ++++++------- - mm/gup.c | 5 -- - mm/memory.c | 38 --------- - mm/mmap.c | 149 +++++++++++++++++++++--------------- - 23 files changed, 152 insertions(+), 163 deletions(-) - -diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 65b05ba..29de8cf 100644 ---- a/Documentation/kernel-parameters.txt -+++ b/Documentation/kernel-parameters.txt -@@ -3922,6 +3922,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. - spia_pedr= - spia_peddr= - -+ stack_guard_gap= [MM] -+ override the default stack gap protection. The value -+ is in page units and it defines how many pages prior -+ to (for stacks growing down) resp. after (for stacks -+ growing up) the main stack are reserved for no other -+ mapping. Default value is 256 pages. -+ - stacktrace [FTRACE] - Enabled the stack tracer on boot up. - -diff --git a/arch/arc/mm/mmap.c b/arch/arc/mm/mmap.c -index 2e06d56..cf4ae69 100644 ---- a/arch/arc/mm/mmap.c -+++ b/arch/arc/mm/mmap.c -@@ -64,7 +64,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c -index 66353ca..641334e 100644 ---- a/arch/arm/mm/mmap.c -+++ b/arch/arm/mm/mmap.c -@@ -89,7 +89,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -@@ -140,7 +140,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/frv/mm/elf-fdpic.c b/arch/frv/mm/elf-fdpic.c -index 836f147..efa59f1 100644 ---- a/arch/frv/mm/elf-fdpic.c -+++ b/arch/frv/mm/elf-fdpic.c -@@ -74,7 +74,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi - addr = PAGE_ALIGN(addr); - vma = find_vma(current->mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - goto success; - } - -diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c -index d08ea3f..a44052c 100644 ---- a/arch/mips/mm/mmap.c -+++ b/arch/mips/mm/mmap.c -@@ -92,7 +92,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, - - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c -index 0a393a0..1d7691f 100644 ---- a/arch/parisc/kernel/sys_parisc.c -+++ b/arch/parisc/kernel/sys_parisc.c -@@ -88,7 +88,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, - unsigned long len, unsigned long pgoff, unsigned long flags) - { - struct mm_struct *mm = current->mm; -- struct vm_area_struct *vma; -+ struct vm_area_struct *vma, *prev; - unsigned long task_size = TASK_SIZE; - int do_color_align, last_mmap; - struct vm_unmapped_area_info info; -@@ -115,9 +115,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, - else - addr = PAGE_ALIGN(addr); - -- vma = find_vma(mm, addr); -+ vma = find_vma_prev(mm, addr, &prev); - if (task_size - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma)) && -+ (!prev || addr >= vm_end_gap(prev))) - goto found_addr; - } - -@@ -141,7 +142,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - const unsigned long len, const unsigned long pgoff, - const unsigned long flags) - { -- struct vm_area_struct *vma; -+ struct vm_area_struct *vma, *prev; - struct mm_struct *mm = current->mm; - unsigned long addr = addr0; - int do_color_align, last_mmap; -@@ -175,9 +176,11 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - addr = COLOR_ALIGN(addr, last_mmap, pgoff); - else - addr = PAGE_ALIGN(addr); -- vma = find_vma(mm, addr); -+ -+ vma = find_vma_prev(mm, addr, &prev); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma)) && -+ (!prev || addr >= vm_end_gap(prev))) - goto found_addr; - } - -diff --git a/arch/powerpc/mm/hugetlbpage-radix.c b/arch/powerpc/mm/hugetlbpage-radix.c -index 35254a6..a2b2d97 100644 ---- a/arch/powerpc/mm/hugetlbpage-radix.c -+++ b/arch/powerpc/mm/hugetlbpage-radix.c -@@ -65,7 +65,7 @@ radix__hugetlb_get_unmapped_area(struct file *file, unsigned long addr, - addr = ALIGN(addr, huge_page_size(h)); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - /* -diff --git a/arch/powerpc/mm/mmap.c b/arch/powerpc/mm/mmap.c -index 2f1e443..5bc2845 100644 ---- a/arch/powerpc/mm/mmap.c -+++ b/arch/powerpc/mm/mmap.c -@@ -106,7 +106,7 @@ radix__arch_get_unmapped_area(struct file *filp, unsigned long addr, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -@@ -142,7 +142,7 @@ radix__arch_get_unmapped_area_topdown(struct file *filp, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c -index 2b27458..c4d5c9c 100644 ---- a/arch/powerpc/mm/slice.c -+++ b/arch/powerpc/mm/slice.c -@@ -105,7 +105,7 @@ static int slice_area_is_free(struct mm_struct *mm, unsigned long addr, - if ((mm->task_size - len) < addr) - return 0; - vma = find_vma(mm, addr); -- return (!vma || (addr + len) <= vma->vm_start); -+ return (!vma || (addr + len) <= vm_start_gap(vma)); - } - - static int slice_low_has_vma(struct mm_struct *mm, unsigned long slice) -diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c -index eb9df28..812368f 100644 ---- a/arch/s390/mm/mmap.c -+++ b/arch/s390/mm/mmap.c -@@ -98,7 +98,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -@@ -136,7 +136,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/sh/mm/mmap.c b/arch/sh/mm/mmap.c -index 6777177..7df7d59 100644 ---- a/arch/sh/mm/mmap.c -+++ b/arch/sh/mm/mmap.c -@@ -63,7 +63,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, - - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -@@ -113,7 +113,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c -index fe8b8ee..02e05e2 100644 ---- a/arch/sparc/kernel/sys_sparc_64.c -+++ b/arch/sparc/kernel/sys_sparc_64.c -@@ -118,7 +118,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi - - vma = find_vma(mm, addr); - if (task_size - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -@@ -181,7 +181,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - - vma = find_vma(mm, addr); - if (task_size - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c -index 988acc8b..58cde8d 100644 ---- a/arch/sparc/mm/hugetlbpage.c -+++ b/arch/sparc/mm/hugetlbpage.c -@@ -116,7 +116,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, - addr = ALIGN(addr, HPAGE_SIZE); - vma = find_vma(mm, addr); - if (task_size - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - if (mm->get_unmapped_area == arch_get_unmapped_area) -diff --git a/arch/tile/mm/hugetlbpage.c b/arch/tile/mm/hugetlbpage.c -index 77ceaa3..67508b2 100644 ---- a/arch/tile/mm/hugetlbpage.c -+++ b/arch/tile/mm/hugetlbpage.c -@@ -232,7 +232,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, - addr = ALIGN(addr, huge_page_size(h)); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - if (current->mm->get_unmapped_area == arch_get_unmapped_area) -diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c -index a55ed63..1119414 100644 ---- a/arch/x86/kernel/sys_x86_64.c -+++ b/arch/x86/kernel/sys_x86_64.c -@@ -140,7 +140,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (end - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -@@ -183,7 +183,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index 2ae8584..fe342e8 100644 ---- a/arch/x86/mm/hugetlbpage.c -+++ b/arch/x86/mm/hugetlbpage.c -@@ -144,7 +144,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, - addr = ALIGN(addr, huge_page_size(h)); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - if (mm->get_unmapped_area == arch_get_unmapped_area) -diff --git a/arch/xtensa/kernel/syscall.c b/arch/xtensa/kernel/syscall.c -index 83cf496..3aaaae1 100644 ---- a/arch/xtensa/kernel/syscall.c -+++ b/arch/xtensa/kernel/syscall.c -@@ -87,7 +87,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, - /* At this point: (!vmm || addr < vmm->vm_end). */ - if (TASK_SIZE - len < addr) - return -ENOMEM; -- if (!vmm || addr + len <= vmm->vm_start) -+ if (!vmm || addr + len <= vm_start_gap(vmm)) - return addr; - addr = vmm->vm_end; - if (flags & MAP_SHARED) -diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c -index 4fb7b10..704fa0b 100644 ---- a/fs/hugetlbfs/inode.c -+++ b/fs/hugetlbfs/inode.c -@@ -191,7 +191,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, - addr = ALIGN(addr, huge_page_size(h)); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index 35b92d8..c5f2136 100644 ---- a/fs/proc/task_mmu.c -+++ b/fs/proc/task_mmu.c -@@ -299,11 +299,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) - - /* We don't show the stack guard page in /proc/maps */ - start = vma->vm_start; -- if (stack_guard_page_start(vma, start)) -- start += PAGE_SIZE; - end = vma->vm_end; -- if (stack_guard_page_end(vma, end)) -- end -= PAGE_SIZE; - - seq_setwidth(m, 25 + sizeof(void *) * 6 - 1); - seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu ", -diff --git a/include/linux/mm.h b/include/linux/mm.h -index 0b5b2e4..6c9e1ad 100644 ---- a/include/linux/mm.h -+++ b/include/linux/mm.h -@@ -1356,39 +1356,11 @@ int clear_page_dirty_for_io(struct page *page); - - int get_cmdline(struct task_struct *task, char *buffer, int buflen); - --/* Is the vma a continuation of the stack vma above it? */ --static inline int vma_growsdown(struct vm_area_struct *vma, unsigned long addr) --{ -- return vma && (vma->vm_end == addr) && (vma->vm_flags & VM_GROWSDOWN); --} -- - static inline bool vma_is_anonymous(struct vm_area_struct *vma) - { - return !vma->vm_ops; - } - --static inline int stack_guard_page_start(struct vm_area_struct *vma, -- unsigned long addr) --{ -- return (vma->vm_flags & VM_GROWSDOWN) && -- (vma->vm_start == addr) && -- !vma_growsdown(vma->vm_prev, addr); --} -- --/* Is the vma a continuation of the stack vma below it? */ --static inline int vma_growsup(struct vm_area_struct *vma, unsigned long addr) --{ -- return vma && (vma->vm_start == addr) && (vma->vm_flags & VM_GROWSUP); --} -- --static inline int stack_guard_page_end(struct vm_area_struct *vma, -- unsigned long addr) --{ -- return (vma->vm_flags & VM_GROWSUP) && -- (vma->vm_end == addr) && -- !vma_growsup(vma->vm_next, addr); --} -- - int vma_is_stack_for_current(struct vm_area_struct *vma); - - extern unsigned long move_page_tables(struct vm_area_struct *vma, -@@ -2127,6 +2099,7 @@ void page_cache_async_readahead(struct address_space *mapping, - pgoff_t offset, - unsigned long size); - -+extern unsigned long stack_guard_gap; - /* Generic expand stack which grows the stack according to GROWS{UP,DOWN} */ - extern int expand_stack(struct vm_area_struct *vma, unsigned long address); - -@@ -2155,6 +2128,30 @@ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * m - return vma; - } - -+static inline unsigned long vm_start_gap(struct vm_area_struct *vma) -+{ -+ unsigned long vm_start = vma->vm_start; -+ -+ if (vma->vm_flags & VM_GROWSDOWN) { -+ vm_start -= stack_guard_gap; -+ if (vm_start > vma->vm_start) -+ vm_start = 0; -+ } -+ return vm_start; -+} -+ -+static inline unsigned long vm_end_gap(struct vm_area_struct *vma) -+{ -+ unsigned long vm_end = vma->vm_end; -+ -+ if (vma->vm_flags & VM_GROWSUP) { -+ vm_end += stack_guard_gap; -+ if (vm_end < vma->vm_end) -+ vm_end = -PAGE_SIZE; -+ } -+ return vm_end; -+} -+ - static inline unsigned long vma_pages(struct vm_area_struct *vma) - { - return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT; -diff --git a/mm/gup.c b/mm/gup.c -index ec4f827..c63a034 100644 ---- a/mm/gup.c -+++ b/mm/gup.c -@@ -370,11 +370,6 @@ static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma, - /* mlock all present pages, but do not fault in new pages */ - if ((*flags & (FOLL_POPULATE | FOLL_MLOCK)) == FOLL_MLOCK) - return -ENOENT; -- /* For mm_populate(), just skip the stack guard page. */ -- if ((*flags & FOLL_POPULATE) && -- (stack_guard_page_start(vma, address) || -- stack_guard_page_end(vma, address + PAGE_SIZE))) -- return -ENOENT; - if (*flags & FOLL_WRITE) - fault_flags |= FAULT_FLAG_WRITE; - if (*flags & FOLL_REMOTE) -diff --git a/mm/memory.c b/mm/memory.c -index cbb1e5e..e6a5a1f 100644 ---- a/mm/memory.c -+++ b/mm/memory.c -@@ -2699,40 +2699,6 @@ int do_swap_page(struct fault_env *fe, pte_t orig_pte) - } - - /* -- * This is like a special single-page "expand_{down|up}wards()", -- * except we must first make sure that 'address{-|+}PAGE_SIZE' -- * doesn't hit another vma. -- */ --static inline int check_stack_guard_page(struct vm_area_struct *vma, unsigned long address) --{ -- address &= PAGE_MASK; -- if ((vma->vm_flags & VM_GROWSDOWN) && address == vma->vm_start) { -- struct vm_area_struct *prev = vma->vm_prev; -- -- /* -- * Is there a mapping abutting this one below? -- * -- * That's only ok if it's the same stack mapping -- * that has gotten split.. -- */ -- if (prev && prev->vm_end == address) -- return prev->vm_flags & VM_GROWSDOWN ? 0 : -ENOMEM; -- -- return expand_downwards(vma, address - PAGE_SIZE); -- } -- if ((vma->vm_flags & VM_GROWSUP) && address + PAGE_SIZE == vma->vm_end) { -- struct vm_area_struct *next = vma->vm_next; -- -- /* As VM_GROWSDOWN but s/below/above/ */ -- if (next && next->vm_start == address + PAGE_SIZE) -- return next->vm_flags & VM_GROWSUP ? 0 : -ENOMEM; -- -- return expand_upwards(vma, address + PAGE_SIZE); -- } -- return 0; --} -- --/* - * We enter with non-exclusive mmap_sem (to exclude vma changes, - * but allow concurrent faults), and pte mapped but not yet locked. - * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -2748,10 +2714,6 @@ static int do_anonymous_page(struct fault_env *fe) - if (vma->vm_flags & VM_SHARED) - return VM_FAULT_SIGBUS; - -- /* Check if we need to add a guard page to the stack */ -- if (check_stack_guard_page(vma, fe->address) < 0) -- return VM_FAULT_SIGSEGV; -- - /* - * Use pte_alloc() instead of pte_alloc_map(). We can't run - * pte_offset_map() on pmds where a huge pmd might be created -diff --git a/mm/mmap.c b/mm/mmap.c -index 1af87c1..26542b3 100644 ---- a/mm/mmap.c -+++ b/mm/mmap.c -@@ -183,6 +183,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) - unsigned long retval; - unsigned long newbrk, oldbrk; - struct mm_struct *mm = current->mm; -+ struct vm_area_struct *next; - unsigned long min_brk; - bool populate; - -@@ -228,7 +229,8 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) - } - - /* Check against existing mmap mappings. */ -- if (find_vma_intersection(mm, oldbrk, newbrk+PAGE_SIZE)) -+ next = find_vma(mm, oldbrk); -+ if (next && newbrk + PAGE_SIZE > vm_start_gap(next)) - goto out; - - /* Ok, looks good - let it rip. */ -@@ -251,10 +253,22 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) - - static long vma_compute_subtree_gap(struct vm_area_struct *vma) - { -- unsigned long max, subtree_gap; -- max = vma->vm_start; -- if (vma->vm_prev) -- max -= vma->vm_prev->vm_end; -+ unsigned long max, prev_end, subtree_gap; -+ -+ /* -+ * Note: in the rare case of a VM_GROWSDOWN above a VM_GROWSUP, we -+ * allow two stack_guard_gaps between them here, and when choosing -+ * an unmapped area; whereas when expanding we only require one. -+ * That's a little inconsistent, but keeps the code here simpler. -+ */ -+ max = vm_start_gap(vma); -+ if (vma->vm_prev) { -+ prev_end = vm_end_gap(vma->vm_prev); -+ if (max > prev_end) -+ max -= prev_end; -+ else -+ max = 0; -+ } - if (vma->vm_rb.rb_left) { - subtree_gap = rb_entry(vma->vm_rb.rb_left, - struct vm_area_struct, vm_rb)->rb_subtree_gap; -@@ -350,7 +364,7 @@ static void validate_mm(struct mm_struct *mm) - anon_vma_unlock_read(anon_vma); - } - -- highest_address = vma->vm_end; -+ highest_address = vm_end_gap(vma); - vma = vma->vm_next; - i++; - } -@@ -539,7 +553,7 @@ void __vma_link_rb(struct mm_struct *mm, struct vm_area_struct *vma, - if (vma->vm_next) - vma_gap_update(vma->vm_next); - else -- mm->highest_vm_end = vma->vm_end; -+ mm->highest_vm_end = vm_end_gap(vma); - - /* - * vma->vm_prev wasn't known when we followed the rbtree to find the -@@ -854,7 +868,7 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start, - vma_gap_update(vma); - if (end_changed) { - if (!next) -- mm->highest_vm_end = end; -+ mm->highest_vm_end = vm_end_gap(vma); - else if (!adjust_next) - vma_gap_update(next); - } -@@ -939,7 +953,7 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start, - * mm->highest_vm_end doesn't need any update - * in remove_next == 1 case. - */ -- VM_WARN_ON(mm->highest_vm_end != end); -+ VM_WARN_ON(mm->highest_vm_end != vm_end_gap(vma)); - } - } - if (insert && file) -@@ -1783,7 +1797,7 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) - - while (true) { - /* Visit left subtree if it looks promising */ -- gap_end = vma->vm_start; -+ gap_end = vm_start_gap(vma); - if (gap_end >= low_limit && vma->vm_rb.rb_left) { - struct vm_area_struct *left = - rb_entry(vma->vm_rb.rb_left, -@@ -1794,7 +1808,7 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) - } - } - -- gap_start = vma->vm_prev ? vma->vm_prev->vm_end : 0; -+ gap_start = vma->vm_prev ? vm_end_gap(vma->vm_prev) : 0; - check_current: - /* Check if current node has a suitable gap */ - if (gap_start > high_limit) -@@ -1821,8 +1835,8 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) - vma = rb_entry(rb_parent(prev), - struct vm_area_struct, vm_rb); - if (prev == vma->vm_rb.rb_left) { -- gap_start = vma->vm_prev->vm_end; -- gap_end = vma->vm_start; -+ gap_start = vm_end_gap(vma->vm_prev); -+ gap_end = vm_start_gap(vma); - goto check_current; - } - } -@@ -1886,7 +1900,7 @@ unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) - - while (true) { - /* Visit right subtree if it looks promising */ -- gap_start = vma->vm_prev ? vma->vm_prev->vm_end : 0; -+ gap_start = vma->vm_prev ? vm_end_gap(vma->vm_prev) : 0; - if (gap_start <= high_limit && vma->vm_rb.rb_right) { - struct vm_area_struct *right = - rb_entry(vma->vm_rb.rb_right, -@@ -1899,7 +1913,7 @@ unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) - - check_current: - /* Check if current node has a suitable gap */ -- gap_end = vma->vm_start; -+ gap_end = vm_start_gap(vma); - if (gap_end < low_limit) - return -ENOMEM; - if (gap_start <= high_limit && gap_end - gap_start >= length) -@@ -1925,7 +1939,7 @@ unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) - struct vm_area_struct, vm_rb); - if (prev == vma->vm_rb.rb_right) { - gap_start = vma->vm_prev ? -- vma->vm_prev->vm_end : 0; -+ vm_end_gap(vma->vm_prev) : 0; - goto check_current; - } - } -@@ -1963,7 +1977,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - unsigned long len, unsigned long pgoff, unsigned long flags) - { - struct mm_struct *mm = current->mm; -- struct vm_area_struct *vma; -+ struct vm_area_struct *vma, *prev; - struct vm_unmapped_area_info info; - - if (len > TASK_SIZE - mmap_min_addr) -@@ -1974,9 +1988,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - - if (addr) { - addr = PAGE_ALIGN(addr); -- vma = find_vma(mm, addr); -+ vma = find_vma_prev(mm, addr, &prev); - if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma)) && -+ (!prev || addr >= vm_end_gap(prev))) - return addr; - } - -@@ -1999,7 +2014,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - const unsigned long len, const unsigned long pgoff, - const unsigned long flags) - { -- struct vm_area_struct *vma; -+ struct vm_area_struct *vma, *prev; - struct mm_struct *mm = current->mm; - unsigned long addr = addr0; - struct vm_unmapped_area_info info; -@@ -2014,9 +2029,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - /* requesting a specific address */ - if (addr) { - addr = PAGE_ALIGN(addr); -- vma = find_vma(mm, addr); -+ vma = find_vma_prev(mm, addr, &prev); - if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma)) && -+ (!prev || addr >= vm_end_gap(prev))) - return addr; - } - -@@ -2151,21 +2167,19 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, - * update accounting. This is shared with both the - * grow-up and grow-down cases. - */ --static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, unsigned long grow) -+static int acct_stack_growth(struct vm_area_struct *vma, -+ unsigned long size, unsigned long grow) - { - struct mm_struct *mm = vma->vm_mm; - struct rlimit *rlim = current->signal->rlim; -- unsigned long new_start, actual_size; -+ unsigned long new_start; - - /* address space limit tests */ - if (!may_expand_vm(mm, vma->vm_flags, grow)) - return -ENOMEM; - - /* Stack limit test */ -- actual_size = size; -- if (size && (vma->vm_flags & (VM_GROWSUP | VM_GROWSDOWN))) -- actual_size -= PAGE_SIZE; -- if (actual_size > READ_ONCE(rlim[RLIMIT_STACK].rlim_cur)) -+ if (size > READ_ONCE(rlim[RLIMIT_STACK].rlim_cur)) - return -ENOMEM; - - /* mlock limit tests */ -@@ -2203,17 +2217,30 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns - int expand_upwards(struct vm_area_struct *vma, unsigned long address) - { - struct mm_struct *mm = vma->vm_mm; -+ struct vm_area_struct *next; -+ unsigned long gap_addr; - int error = 0; - - if (!(vma->vm_flags & VM_GROWSUP)) - return -EFAULT; - - /* Guard against wrapping around to address 0. */ -- if (address < PAGE_ALIGN(address+4)) -- address = PAGE_ALIGN(address+4); -- else -+ address &= PAGE_MASK; -+ address += PAGE_SIZE; -+ if (!address) - return -ENOMEM; - -+ /* Enforce stack_guard_gap */ -+ gap_addr = address + stack_guard_gap; -+ if (gap_addr < address) -+ return -ENOMEM; -+ next = vma->vm_next; -+ if (next && next->vm_start < gap_addr) { -+ if (!(next->vm_flags & VM_GROWSUP)) -+ return -ENOMEM; -+ /* Check that both stack segments have the same anon_vma? */ -+ } -+ - /* We must make sure the anon_vma is allocated. */ - if (unlikely(anon_vma_prepare(vma))) - return -ENOMEM; -@@ -2257,7 +2284,7 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) - if (vma->vm_next) - vma_gap_update(vma->vm_next); - else -- mm->highest_vm_end = address; -+ mm->highest_vm_end = vm_end_gap(vma); - spin_unlock(&mm->page_table_lock); - - perf_event_mmap(vma); -@@ -2278,6 +2305,8 @@ int expand_downwards(struct vm_area_struct *vma, - unsigned long address) - { - struct mm_struct *mm = vma->vm_mm; -+ struct vm_area_struct *prev; -+ unsigned long gap_addr; - int error; - - address &= PAGE_MASK; -@@ -2285,6 +2314,17 @@ int expand_downwards(struct vm_area_struct *vma, - if (error) - return error; - -+ /* Enforce stack_guard_gap */ -+ gap_addr = address - stack_guard_gap; -+ if (gap_addr > address) -+ return -ENOMEM; -+ prev = vma->vm_prev; -+ if (prev && prev->vm_end > gap_addr) { -+ if (!(prev->vm_flags & VM_GROWSDOWN)) -+ return -ENOMEM; -+ /* Check that both stack segments have the same anon_vma? */ -+ } -+ - /* We must make sure the anon_vma is allocated. */ - if (unlikely(anon_vma_prepare(vma))) - return -ENOMEM; -@@ -2339,28 +2379,25 @@ int expand_downwards(struct vm_area_struct *vma, - return error; - } - --/* -- * Note how expand_stack() refuses to expand the stack all the way to -- * abut the next virtual mapping, *unless* that mapping itself is also -- * a stack mapping. We want to leave room for a guard page, after all -- * (the guard page itself is not added here, that is done by the -- * actual page faulting logic) -- * -- * This matches the behavior of the guard page logic (see mm/memory.c: -- * check_stack_guard_page()), which only allows the guard page to be -- * removed under these circumstances. -- */ -+/* enforced gap between the expanding stack and other mappings. */ -+unsigned long stack_guard_gap = 256UL<<PAGE_SHIFT; -+ -+static int __init cmdline_parse_stack_guard_gap(char *p) -+{ -+ unsigned long val; -+ char *endptr; -+ -+ val = simple_strtoul(p, &endptr, 10); -+ if (!*endptr) -+ stack_guard_gap = val << PAGE_SHIFT; -+ -+ return 0; -+} -+__setup("stack_guard_gap=", cmdline_parse_stack_guard_gap); -+ - #ifdef CONFIG_STACK_GROWSUP - int expand_stack(struct vm_area_struct *vma, unsigned long address) - { -- struct vm_area_struct *next; -- -- address &= PAGE_MASK; -- next = vma->vm_next; -- if (next && next->vm_start == address + PAGE_SIZE) { -- if (!(next->vm_flags & VM_GROWSUP)) -- return -ENOMEM; -- } - return expand_upwards(vma, address); - } - -@@ -2382,14 +2419,6 @@ find_extend_vma(struct mm_struct *mm, unsigned long addr) - #else - int expand_stack(struct vm_area_struct *vma, unsigned long address) - { -- struct vm_area_struct *prev; -- -- address &= PAGE_MASK; -- prev = vma->vm_prev; -- if (prev && prev->vm_end == address) { -- if (!(prev->vm_flags & VM_GROWSDOWN)) -- return -ENOMEM; -- } - return expand_downwards(vma, address); - } - -@@ -2487,7 +2516,7 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, - vma->vm_prev = prev; - vma_gap_update(vma); - } else -- mm->highest_vm_end = prev ? prev->vm_end : 0; -+ mm->highest_vm_end = prev ? vm_end_gap(prev) : 0; - tail_vma->vm_next = NULL; - - /* Kill the cache */ --- -2.1.4 - diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.9/0002-Allow-stack-to-grow-up-to-address-space-limit.patch b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.9/0002-Allow-stack-to-grow-up-to-address-space-limit.patch deleted file mode 100644 index 2a20abb57..000000000 --- a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.9/0002-Allow-stack-to-grow-up-to-address-space-limit.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 88aa347d26911cffd84ac3dd2a8341f1ba7e3444 Mon Sep 17 00:00:00 2001 -From: Helge Deller <deller@gmx.de> -Date: Mon, 19 Jun 2017 17:34:05 +0200 -Subject: [PATCH 2/3] Allow stack to grow up to address space limit - -commit bd726c90b6b8ce87602208701b208a208e6d5600 upstream. - -Fix expand_upwards() on architectures with an upward-growing stack (parisc, -metag and partly IA-64) to allow the stack to reliably grow exactly up to -the address space limit given by TASK_SIZE. - -Signed-off-by: Helge Deller <deller@gmx.de> -Acked-by: Hugh Dickins <hughd@google.com> -Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - mm/mmap.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/mm/mmap.c b/mm/mmap.c -index 26542b3..d71a61e 100644 ---- a/mm/mmap.c -+++ b/mm/mmap.c -@@ -2224,16 +2224,19 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) - if (!(vma->vm_flags & VM_GROWSUP)) - return -EFAULT; - -- /* Guard against wrapping around to address 0. */ -+ /* Guard against exceeding limits of the address space. */ - address &= PAGE_MASK; -- address += PAGE_SIZE; -- if (!address) -+ if (address >= TASK_SIZE) - return -ENOMEM; -+ address += PAGE_SIZE; - - /* Enforce stack_guard_gap */ - gap_addr = address + stack_guard_gap; -- if (gap_addr < address) -- return -ENOMEM; -+ -+ /* Guard against overflow */ -+ if (gap_addr < address || gap_addr > TASK_SIZE) -+ gap_addr = TASK_SIZE; -+ - next = vma->vm_next; - if (next && next->vm_start < gap_addr) { - if (!(next->vm_flags & VM_GROWSUP)) --- -2.1.4 - diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.9/0003-mm-fix-new-crash-in-unmapped_area_topdown.patch b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.9/0003-mm-fix-new-crash-in-unmapped_area_topdown.patch deleted file mode 100644 index 7dc79192b..000000000 --- a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-4.9/0003-mm-fix-new-crash-in-unmapped_area_topdown.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 00d15368d611f12f3c4980dce63b68b08ea89a09 Mon Sep 17 00:00:00 2001 -From: Hugh Dickins <hughd@google.com> -Date: Tue, 20 Jun 2017 02:10:44 -0700 -Subject: [PATCH 3/3] mm: fix new crash in unmapped_area_topdown() - -commit f4cb767d76cf7ee72f97dd76f6cfa6c76a5edc89 upstream. - -Trinity gets kernel BUG at mm/mmap.c:1963! in about 3 minutes of -mmap testing. That's the VM_BUG_ON(gap_end < gap_start) at the -end of unmapped_area_topdown(). Linus points out how MAP_FIXED -(which does not have to respect our stack guard gap intentions) -could result in gap_end below gap_start there. Fix that, and -the similar case in its alternative, unmapped_area(). - -Fixes: 1be7107fbe18 ("mm: larger stack guard gap, between vmas") -Reported-by: Dave Jones <davej@codemonkey.org.uk> -Debugged-by: Linus Torvalds <torvalds@linux-foundation.org> -Signed-off-by: Hugh Dickins <hughd@google.com> -Acked-by: Michal Hocko <mhocko@suse.com> -Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - mm/mmap.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/mm/mmap.c b/mm/mmap.c -index d71a61e..145d3d5 100644 ---- a/mm/mmap.c -+++ b/mm/mmap.c -@@ -1813,7 +1813,8 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) - /* Check if current node has a suitable gap */ - if (gap_start > high_limit) - return -ENOMEM; -- if (gap_end >= low_limit && gap_end - gap_start >= length) -+ if (gap_end >= low_limit && -+ gap_end > gap_start && gap_end - gap_start >= length) - goto found; - - /* Visit right subtree if it looks promising */ -@@ -1916,7 +1917,8 @@ unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) - gap_end = vm_start_gap(vma); - if (gap_end < low_limit) - return -ENOMEM; -- if (gap_start <= high_limit && gap_end - gap_start >= length) -+ if (gap_start <= high_limit && -+ gap_end > gap_start && gap_end - gap_start >= length) - goto found; - - /* Visit left subtree if it looks promising */ --- -2.1.4 - diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0001-Smack-File-receive-for-sockets.patch b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0001-Smack-File-receive-for-sockets.patch deleted file mode 100644 index 4021e5d38..000000000 --- a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0001-Smack-File-receive-for-sockets.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 2b206c36b16e72cfe41cd22448d8527359ffd962 Mon Sep 17 00:00:00 2001 -From: Casey Schaufler <casey@schaufler-ca.com> -Date: Mon, 7 Dec 2015 14:34:32 -0800 -Subject: [PATCH 1/4] Smack: File receive for sockets - -The existing file receive hook checks for access on -the file inode even for UDS. This is not right, as -the inode is not used by Smack to make access checks -for sockets. This change checks for an appropriate -access relationship between the receiving (current) -process and the socket. If the process can't write -to the socket's send label or the socket's receive -label can't write to the process fail. - -This will allow the legitimate cases, where the -socket sender and socket receiver can freely communicate. -Only strangly set socket labels should cause a problem. - -Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> ---- - security/smack/smack_lsm.c | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index ff81026..b20ef06 100644 ---- a/security/smack/smack_lsm.c -+++ b/security/smack/smack_lsm.c -@@ -1860,12 +1860,34 @@ static int smack_file_receive(struct file *file) - int may = 0; - struct smk_audit_info ad; - struct inode *inode = file_inode(file); -+ struct socket *sock; -+ struct task_smack *tsp; -+ struct socket_smack *ssp; - - if (unlikely(IS_PRIVATE(inode))) - return 0; - - smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); - smk_ad_setfield_u_fs_path(&ad, file->f_path); -+ -+ if (S_ISSOCK(inode->i_mode)) { -+ sock = SOCKET_I(inode); -+ ssp = sock->sk->sk_security; -+ tsp = current_security(); -+ /* -+ * If the receiving process can't write to the -+ * passed socket or if the passed socket can't -+ * write to the receiving process don't accept -+ * the passed socket. -+ */ -+ rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); -+ rc = smk_bu_file(file, may, rc); -+ if (rc < 0) -+ return rc; -+ rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); -+ rc = smk_bu_file(file, may, rc); -+ return rc; -+ } - /* - * This code relies on bitmasks. - */ --- -2.7.4 - diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0002-smack-fix-cache-of-access-labels.patch b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0002-smack-fix-cache-of-access-labels.patch deleted file mode 100644 index c516f3aa5..000000000 --- a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0002-smack-fix-cache-of-access-labels.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 99267706991ab84bd44ceaea9a7ec886bbdd58e0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jobol@nonadev.net> -Date: Tue, 12 Jan 2016 21:23:40 +0100 -Subject: [PATCH 2/4] smack: fix cache of access labels -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Before this commit, removing the access property of -a file, aka, the extended attribute security.SMACK64 -was not effictive until the cache had been cleaned. - -This patch fixes that problem. - -Signed-off-by: José Bollo <jobol@nonadev.net> -Acked-by: Casey Schaufler <casey@schaufler-ca.com> ---- - security/smack/smack_lsm.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index b20ef06..b2bcb14 100644 ---- a/security/smack/smack_lsm.c -+++ b/security/smack/smack_lsm.c -@@ -1444,9 +1444,13 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) - * Don't do anything special for these. - * XATTR_NAME_SMACKIPIN - * XATTR_NAME_SMACKIPOUT -- * XATTR_NAME_SMACKEXEC - */ -- if (strcmp(name, XATTR_NAME_SMACK) == 0) -+ if (strcmp(name, XATTR_NAME_SMACK) == 0) { -+ struct super_block *sbp = d_backing_inode(dentry)->i_sb; -+ struct superblock_smack *sbsp = sbp->s_security; -+ -+ isp->smk_inode = sbsp->smk_default; -+ } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) - isp->smk_task = NULL; - else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) - isp->smk_mmap = NULL; --- -2.7.4 - diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0003-Smack-ignore-null-signal-in-smack_task_kill.patch b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0003-Smack-ignore-null-signal-in-smack_task_kill.patch deleted file mode 100644 index c9180bb9f..000000000 --- a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0003-Smack-ignore-null-signal-in-smack_task_kill.patch +++ /dev/null @@ -1,39 +0,0 @@ -From ec4eb03af07b0fbc330aecca6ac4ebd6accd8825 Mon Sep 17 00:00:00 2001 -From: Rafal Krypa <r.krypa@samsung.com> -Date: Mon, 4 Apr 2016 11:14:53 +0200 -Subject: [PATCH 3/4] Smack: ignore null signal in smack_task_kill - -Kill with signal number 0 is commonly used for checking PID existence. -Smack treated such cases like any other kills, although no signal is -actually delivered when sig == 0. - -Checking permissions when sig == 0 didn't prevent an unprivileged caller -from learning whether PID exists or not. When it existed, kernel returned -EPERM, when it didn't - ESRCH. The only effect of policy check in such -case is noise in audit logs. - -This change lets Smack silently ignore kill() invocations with sig == 0. - -Signed-off-by: Rafal Krypa <r.krypa@samsung.com> -Acked-by: Casey Schaufler <casey@schaufler-ca.com> ---- - security/smack/smack_lsm.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index b2bcb14..cf8a93f 100644 ---- a/security/smack/smack_lsm.c -+++ b/security/smack/smack_lsm.c -@@ -2239,6 +2239,9 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, - struct smack_known *tkp = smk_of_task_struct(p); - int rc; - -+ if (!sig) -+ return 0; /* null signal; existence test */ -+ - smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); - smk_ad_setfield_u_tsk(&ad, p); - /* --- -2.7.4 - diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_%.bbappend b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_%.bbappend index 6557ce03c..ead116b09 100644 --- a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_%.bbappend +++ b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_%.bbappend @@ -1,17 +1,9 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" SRC_URI_append = "\ - ${@base_conditional('USE_FAYTECH_MONITOR', '1', 'file://0002-faytech-fix-rpi.patch', '', d)} \ + ${@base_conditional('USE_FAYTECH_MONITOR', '1', 'file://0002-faytech-fix-rpi.patch', '', d)} \ " -# Fix CVE-2017-1000364 -SRC_URI_append = "\ - file://0001-mm-larger-stack-guard-gap-between-vmas.patch \ - file://0002-Allow-stack-to-grow-up-to-address-space-limit.patch \ - file://0003-mm-fix-new-crash-in-unmapped_area_topdown.patch \ -" - - do_configure_append_smack() { # SMACK and Co kernel_configure_variable IP_NF_SECURITY m diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_4.4.bbappend b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_4.4.bbappend deleted file mode 100644 index c96635ecd..000000000 --- a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_4.4.bbappend +++ /dev/null @@ -1,11 +0,0 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}-4.4:" - -#------------------------------------------------------------------------- -# smack patches for handling bluetooth - -SRC_URI_append_smack = "\ - file://0001-Smack-File-receive-for-sockets.patch \ - file://0002-smack-fix-cache-of-access-labels.patch \ - file://0003-Smack-ignore-null-signal-in-smack_task_kill.patch \ - file://0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch \ -" diff --git a/meta-agl-bsp/meta-ti/recipes-arago/gstreamer/gstreamer1.0-plugins-bad_%.bbappend b/meta-agl-bsp/meta-ti/recipes-arago/gstreamer/gstreamer1.0-plugins-bad_%.bbappend index 53cd834aa..f1fd52d35 100644 --- a/meta-agl-bsp/meta-ti/recipes-arago/gstreamer/gstreamer1.0-plugins-bad_%.bbappend +++ b/meta-agl-bsp/meta-ti/recipes-arago/gstreamer/gstreamer1.0-plugins-bad_%.bbappend @@ -19,8 +19,12 @@ DEPENDS_append_ti33x = " \ libdrm \ " -SRC_URI_append_ti43x = " \ +############## F I X M E ##################### +# FIXME pyro +SRC_URI_append = " \ file://0001-gstdrmallocator-Add-DRM-allocator-support.patch \ +" +DISABLED_SRC_URI_append_ti43x = " \ file://0002-parsers-Pick-previos-bug-fixes-on-different-parsers.patch \ file://0003-gstkmssink-Add-support-for-KMS-based-sink.patch \ file://0004-gstwaylandsink-Add-DRM-support-on-waylandsink.patch \ @@ -29,11 +33,13 @@ SRC_URI_append_ti43x = " \ file://0001-gstwaylandsink-add-input-format-I420-support.patch \ " -SRC_URI_append_ti33x = " \ +# FIXME pyro +DISABLED_SRC_URI_append_ti33x = " \ file://0001-gstwaylandsink-Add-mouse-drag-and-drop-support.patch \ " -SRC_URI_append_omap-a15 = " \ +# FIXME pyro +DISABLED_SRC_URI_append_omap-a15 = " \ file://0001-gstdrmallocator-Add-DRM-allocator-support.patch \ file://0002-parsers-Pick-previos-bug-fixes-on-different-parsers.patch \ file://0003-gstkmssink-Add-support-for-KMS-based-sink.patch \ @@ -43,6 +49,7 @@ SRC_URI_append_omap-a15 = " \ file://0001-gstwaylandsink-add-input-format-I420-support.patch \ file://0005-gstwaylandsink-Implement-callbacks-for-version-5-of-.patch \ " +################ F I X M E #################### PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/meta-agl-bsp/meta-ti/recipes-arago/ipumm-fw/ipumm-fw_3.00.13.00.bb b/meta-agl-bsp/meta-ti/recipes-arago/ipumm-fw/ipumm-fw_3.00.13.00.bb index 4fdfd7ddb..a9653f4d3 100644 --- a/meta-agl-bsp/meta-ti/recipes-arago/ipumm-fw/ipumm-fw_3.00.13.00.bb +++ b/meta-agl-bsp/meta-ti/recipes-arago/ipumm-fw/ipumm-fw_3.00.13.00.bb @@ -1,5 +1,5 @@ python __anonymous() { - features = bb.data.getVar("MACHINE_FEATURES", d, 1) + features = d.getVar("MACHINE_FEATURES", 1) if not features: return if "mmip" not in features: diff --git a/meta-agl-bsp/meta-ti/recipes-arago/weston/weston_%.bbappend b/meta-agl-bsp/meta-ti/recipes-arago/weston/weston_%.bbappend index ed20c7420..8704908f2 100644 --- a/meta-agl-bsp/meta-ti/recipes-arago/weston/weston_%.bbappend +++ b/meta-agl-bsp/meta-ti/recipes-arago/weston/weston_%.bbappend @@ -8,8 +8,9 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" RDEPENDS_${PN} += "weston-conf" - -SRC_URI += " \ +####################### F I X M E ########################## +# FIXME pyro +DISABLED_SRC_URI += " \ file://0001-udev-seat-restrict-udev-enumeration-to-card0.patch \ file://0001-Add-soc-performance-monitor-utilites.patch \ file://0002-Weston-Allow-visual_id-to-be-0.patch \ @@ -18,5 +19,7 @@ SRC_URI += " \ file://0001-compositor-drm-fix-hotplug-weston-termination-proble.patch \ file://0001-compositor-drm-support-RGB565-with-pixman-renderer.patch \ " +####################### F I X M E ########################## + RDEPENDS_${PN}_remove = "weston-conf" diff --git a/meta-agl-bsp/meta-ti/recipes-bsp/alsa-state/alsa-state.bbappend b/meta-agl-bsp/meta-ti/recipes-bsp/alsa-state/alsa-state.bbappend index 72d991c7e..3b2b8beb8 100644 --- a/meta-agl-bsp/meta-ti/recipes-bsp/alsa-state/alsa-state.bbappend +++ b/meta-agl-bsp/meta-ti/recipes-bsp/alsa-state/alsa-state.bbappend @@ -1 +1 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +FILESEXTRAPATHS_prepend_dra7xx-evm := "${THISDIR}/${PN}:" diff --git a/meta-agl-bsp/meta-ti/recipes-multimedia/pulseaudio/pulseaudio-9.0/dra7xx-evm-set-default-sink-source.patch b/meta-agl-bsp/meta-ti/recipes-multimedia/pulseaudio/pulseaudio/dra7xx-evm-set-default-sink-source.patch index d45c5ef50..d45c5ef50 100644 --- a/meta-agl-bsp/meta-ti/recipes-multimedia/pulseaudio/pulseaudio-9.0/dra7xx-evm-set-default-sink-source.patch +++ b/meta-agl-bsp/meta-ti/recipes-multimedia/pulseaudio/pulseaudio/dra7xx-evm-set-default-sink-source.patch diff --git a/meta-agl-bsp/meta-ti/recipes-multimedia/pulseaudio/pulseaudio_%.bbappend b/meta-agl-bsp/meta-ti/recipes-multimedia/pulseaudio/pulseaudio_%.bbappend new file mode 100644 index 000000000..37c4179e5 --- /dev/null +++ b/meta-agl-bsp/meta-ti/recipes-multimedia/pulseaudio/pulseaudio_%.bbappend @@ -0,0 +1,7 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/pulseaudio:" + +################### F I X M E #################### +# FIXME pyro +DISABLED_SRC_URI += " \ + file://dra7xx-evm-set-default-sink-source.patch \ +" diff --git a/meta-agl-bsp/meta-ti/recipes-multimedia/pulseaudio/pulseaudio_9.0.bbappend b/meta-agl-bsp/meta-ti/recipes-multimedia/pulseaudio/pulseaudio_9.0.bbappend deleted file mode 100644 index dfddffcfd..000000000 --- a/meta-agl-bsp/meta-ti/recipes-multimedia/pulseaudio/pulseaudio_9.0.bbappend +++ /dev/null @@ -1,5 +0,0 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/pulseaudio-9.0:" - -SRC_URI += " \ - file://dra7xx-evm-set-default-sink-source.patch \ -" diff --git a/meta-agl-bsp/recipes-bsp/u-boot/u-boot-ota_2015.07.bb b/meta-agl-bsp/recipes-bsp/u-boot/u-boot-ota_2015.07.bb index dfa0631a0..37abc5a50 100644 --- a/meta-agl-bsp/recipes-bsp/u-boot/u-boot-ota_2015.07.bb +++ b/meta-agl-bsp/recipes-bsp/u-boot/u-boot-ota_2015.07.bb @@ -9,10 +9,13 @@ LIC_FILES_CHKSUM = "file://Licenses/README;md5=0507cd7da8e7ad6d6701926ec9b84c95" # repo during parse SRCREV = "baba2f57e8f4ed3fa67fe213d22da0de5e00f204" -SRC_URI += "file://0001-Set-up-environment-for-OSTree-integration.patch \ - file://0002-Replace-wraps-with-built-in-code-to-remove-dependenc.patch \ - file://0001-fixup-build-with-gcc6.patch \ - " +SRC_URI = "\ + git://git.denx.de/u-boot.git;branch=master \ + file://0001-Set-up-environment-for-OSTree-integration.patch \ + file://0002-Replace-wraps-with-built-in-code-to-remove-dependenc.patch \ + file://0001-fixup-build-with-gcc6.patch \ +" +S = "${WORKDIR}/git" PV = "v2015.07+git${SRCPV}" diff --git a/meta-agl-bsp/recipes-bsp/u-boot/u-boot_2016.11.bb b/meta-agl-bsp/recipes-bsp/u-boot/u-boot_2016.11.bb deleted file mode 100644 index 2c7cc4bb9..000000000 --- a/meta-agl-bsp/recipes-bsp/u-boot/u-boot_2016.11.bb +++ /dev/null @@ -1,13 +0,0 @@ -require recipes-bsp/u-boot/u-boot.inc - -DEPENDS += "dtc-native" - -SRCREV = "5ea3e51fc481613a8dee8c02848d1b42c81ad892" - -PV = "v2016.11+git${SRCPV}" - -#This patch is not complacente with u-boot 2016.11 -#Version of u-boot from yocto 2.2 Morty is 2016.03 from: -# meta/recipes-bsp/u-boot/u-boot_2016.03.bb -SRC_URI_remove_raspberrypi3 = "file://0003-Include-lowlevel_init.o-for-rpi2.patch" -SRC_URI_remove_raspberrypi2 = "file://0003-Include-lowlevel_init.o-for-rpi2.patch" diff --git a/meta-agl-bsp/recipes-graphics/mesa/mesa/0001-Use-llvm_prefix-variable-directly.patch b/meta-agl-bsp/recipes-graphics/mesa/mesa/0001-Use-llvm_prefix-variable-directly.patch new file mode 100644 index 000000000..4f1905492 --- /dev/null +++ b/meta-agl-bsp/recipes-graphics/mesa/mesa/0001-Use-llvm_prefix-variable-directly.patch @@ -0,0 +1,25 @@ +From 0b316ee830765eb1d68cdece5fd4c991e9fba96c Mon Sep 17 00:00:00 2001 +From: Changhyeok Bae <changhyeok.bae@gmail.com> +Date: Sat, 8 Jul 2017 15:22:09 +0900 +Subject: [PATCH] Use $llvm_prefix variable directly + +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index ac110e8..d094ca6 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -896,7 +896,7 @@ fi + + if test -z "$LLVM_CONFIG"; then + if test -n "$llvm_prefix"; then +- AC_PATH_TOOL([LLVM_CONFIG], [llvm-config], [no], ["$llvm_prefix/bin"]) ++ AC_PATH_TOOL([LLVM_CONFIG], [llvm-config], [no], ["$llvm_prefix"]) + else + AC_PATH_TOOL([LLVM_CONFIG], [llvm-config], [no]) + fi +-- +1.9.1 + diff --git a/meta-agl-bsp/recipes-graphics/mesa/mesa_12.%.bbappend b/meta-agl-bsp/recipes-graphics/mesa/mesa_%.bbappend index 49e527707..13273792b 100644 --- a/meta-agl-bsp/recipes-graphics/mesa/mesa_12.%.bbappend +++ b/meta-agl-bsp/recipes-graphics/mesa/mesa_%.bbappend @@ -1,3 +1,7 @@ +FILESEXTRAPATHS_prepend_qemux86-64 := "${THISDIR}/${BPN}:" +SRC_URI_append_qemux86-64 = " file://0001-Use-llvm_prefix-variable-directly.patch" +EXTRA_OECONF_qemux86-64 = "--enable-shared-glapi --with-llvm-prefix=${STAGING_BINDIR_CROSS}" + # The gallium-llvm is recommended as software 3D graphics renderer GALLIUM_LLVM = "gallium-llvm" PACKAGECONFIG_append_qemux86 = " gallium ${GALLIUM_LLVM}" diff --git a/meta-agl-bsp/recipes-kernel/linux/linux-yocto/4.8-0001-SEC-Backport-Fix-CVE-2017-1000364-through-backport.patch b/meta-agl-bsp/recipes-kernel/linux/linux-yocto/4.8-0001-SEC-Backport-Fix-CVE-2017-1000364-through-backport.patch deleted file mode 100644 index f68a3747b..000000000 --- a/meta-agl-bsp/recipes-kernel/linux/linux-yocto/4.8-0001-SEC-Backport-Fix-CVE-2017-1000364-through-backport.patch +++ /dev/null @@ -1,899 +0,0 @@ -From 75349cc7326dd2aa645bf21fe65a40c68b386c29 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jan-Simon=20M=C3=B6ller?= <jsmoeller@linuxfoundation.org> -Date: Wed, 28 Jun 2017 00:35:18 +0200 -Subject: [PATCH] [SEC][Backport] Fix CVE-2017-1000364 through backport -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Fix CVE-2017-1000364 through backport of upstream patches (from 4.9 branch): -- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.9.y&id=cfc0eb403816c5c4f9667d959de5e22789b5421e -- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.9.y&id=5d10ad6297260e9b85e7645ee544a6115bb229e4 -- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.9.y&id=ce7fe8595902c3f03ef528c2dc1928b3f4b67fcf - -Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org> ---- - Documentation/kernel-parameters.txt | 7 ++ - arch/arc/mm/mmap.c | 2 +- - arch/arm/mm/mmap.c | 4 +- - arch/frv/mm/elf-fdpic.c | 2 +- - arch/mips/mm/mmap.c | 2 +- - arch/parisc/kernel/sys_parisc.c | 15 ++-- - arch/powerpc/mm/hugetlbpage-radix.c | 2 +- - arch/powerpc/mm/mmap.c | 4 +- - arch/powerpc/mm/slice.c | 2 +- - arch/s390/mm/mmap.c | 4 +- - arch/sh/mm/mmap.c | 4 +- - arch/sparc/kernel/sys_sparc_64.c | 4 +- - arch/sparc/mm/hugetlbpage.c | 2 +- - arch/tile/mm/hugetlbpage.c | 2 +- - arch/x86/kernel/sys_x86_64.c | 4 +- - arch/x86/mm/hugetlbpage.c | 2 +- - arch/xtensa/kernel/syscall.c | 2 +- - fs/hugetlbfs/inode.c | 2 +- - fs/proc/task_mmu.c | 4 - - include/linux/mm.h | 53 ++++++------ - mm/gup.c | 5 -- - mm/memory.c | 38 --------- - mm/mmap.c | 158 ++++++++++++++++++++++-------------- - 23 files changed, 159 insertions(+), 165 deletions(-) - -diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 46726d4899fe..c1980b5c6a15 100644 ---- a/Documentation/kernel-parameters.txt -+++ b/Documentation/kernel-parameters.txt -@@ -3852,6 +3852,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. - spia_pedr= - spia_peddr= - -+ stack_guard_gap= [MM] -+ override the default stack gap protection. The value -+ is in page units and it defines how many pages prior -+ to (for stacks growing down) resp. after (for stacks -+ growing up) the main stack are reserved for no other -+ mapping. Default value is 256 pages. -+ - stacktrace [FTRACE] - Enabled the stack tracer on boot up. - -diff --git a/arch/arc/mm/mmap.c b/arch/arc/mm/mmap.c -index 2e06d56e987b..cf4ae6958240 100644 ---- a/arch/arc/mm/mmap.c -+++ b/arch/arc/mm/mmap.c -@@ -64,7 +64,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c -index 66353caa35b9..641334ebf46d 100644 ---- a/arch/arm/mm/mmap.c -+++ b/arch/arm/mm/mmap.c -@@ -89,7 +89,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -@@ -140,7 +140,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/frv/mm/elf-fdpic.c b/arch/frv/mm/elf-fdpic.c -index 836f14707a62..efa59f1f8022 100644 ---- a/arch/frv/mm/elf-fdpic.c -+++ b/arch/frv/mm/elf-fdpic.c -@@ -74,7 +74,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi - addr = PAGE_ALIGN(addr); - vma = find_vma(current->mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - goto success; - } - -diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c -index 353037699512..c5fdea5debe5 100644 ---- a/arch/mips/mm/mmap.c -+++ b/arch/mips/mm/mmap.c -@@ -92,7 +92,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, - - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c -index 0a393a04e891..1d7691fa8ab2 100644 ---- a/arch/parisc/kernel/sys_parisc.c -+++ b/arch/parisc/kernel/sys_parisc.c -@@ -88,7 +88,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, - unsigned long len, unsigned long pgoff, unsigned long flags) - { - struct mm_struct *mm = current->mm; -- struct vm_area_struct *vma; -+ struct vm_area_struct *vma, *prev; - unsigned long task_size = TASK_SIZE; - int do_color_align, last_mmap; - struct vm_unmapped_area_info info; -@@ -115,9 +115,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, - else - addr = PAGE_ALIGN(addr); - -- vma = find_vma(mm, addr); -+ vma = find_vma_prev(mm, addr, &prev); - if (task_size - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma)) && -+ (!prev || addr >= vm_end_gap(prev))) - goto found_addr; - } - -@@ -141,7 +142,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - const unsigned long len, const unsigned long pgoff, - const unsigned long flags) - { -- struct vm_area_struct *vma; -+ struct vm_area_struct *vma, *prev; - struct mm_struct *mm = current->mm; - unsigned long addr = addr0; - int do_color_align, last_mmap; -@@ -175,9 +176,11 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - addr = COLOR_ALIGN(addr, last_mmap, pgoff); - else - addr = PAGE_ALIGN(addr); -- vma = find_vma(mm, addr); -+ -+ vma = find_vma_prev(mm, addr, &prev); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma)) && -+ (!prev || addr >= vm_end_gap(prev))) - goto found_addr; - } - -diff --git a/arch/powerpc/mm/hugetlbpage-radix.c b/arch/powerpc/mm/hugetlbpage-radix.c -index 35254a678456..a2b2d97f7eda 100644 ---- a/arch/powerpc/mm/hugetlbpage-radix.c -+++ b/arch/powerpc/mm/hugetlbpage-radix.c -@@ -65,7 +65,7 @@ radix__hugetlb_get_unmapped_area(struct file *file, unsigned long addr, - addr = ALIGN(addr, huge_page_size(h)); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - /* -diff --git a/arch/powerpc/mm/mmap.c b/arch/powerpc/mm/mmap.c -index 2f1e44362198..5bc2845cddf4 100644 ---- a/arch/powerpc/mm/mmap.c -+++ b/arch/powerpc/mm/mmap.c -@@ -106,7 +106,7 @@ radix__arch_get_unmapped_area(struct file *filp, unsigned long addr, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -@@ -142,7 +142,7 @@ radix__arch_get_unmapped_area_topdown(struct file *filp, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c -index 2b27458902ee..c4d5c9c61e0f 100644 ---- a/arch/powerpc/mm/slice.c -+++ b/arch/powerpc/mm/slice.c -@@ -105,7 +105,7 @@ static int slice_area_is_free(struct mm_struct *mm, unsigned long addr, - if ((mm->task_size - len) < addr) - return 0; - vma = find_vma(mm, addr); -- return (!vma || (addr + len) <= vma->vm_start); -+ return (!vma || (addr + len) <= vm_start_gap(vma)); - } - - static int slice_low_has_vma(struct mm_struct *mm, unsigned long slice) -diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c -index eb9df2822da1..812368f274c9 100644 ---- a/arch/s390/mm/mmap.c -+++ b/arch/s390/mm/mmap.c -@@ -98,7 +98,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -@@ -136,7 +136,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/sh/mm/mmap.c b/arch/sh/mm/mmap.c -index 6777177807c2..7df7d5944188 100644 ---- a/arch/sh/mm/mmap.c -+++ b/arch/sh/mm/mmap.c -@@ -63,7 +63,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, - - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -@@ -113,7 +113,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c -index fe8b8ee8e660..02e05e221b94 100644 ---- a/arch/sparc/kernel/sys_sparc_64.c -+++ b/arch/sparc/kernel/sys_sparc_64.c -@@ -118,7 +118,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi - - vma = find_vma(mm, addr); - if (task_size - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -@@ -181,7 +181,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - - vma = find_vma(mm, addr); - if (task_size - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c -index 988acc8b1b80..58cde8d9be8a 100644 ---- a/arch/sparc/mm/hugetlbpage.c -+++ b/arch/sparc/mm/hugetlbpage.c -@@ -116,7 +116,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, - addr = ALIGN(addr, HPAGE_SIZE); - vma = find_vma(mm, addr); - if (task_size - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - if (mm->get_unmapped_area == arch_get_unmapped_area) -diff --git a/arch/tile/mm/hugetlbpage.c b/arch/tile/mm/hugetlbpage.c -index 77ceaa343fce..67508b249ede 100644 ---- a/arch/tile/mm/hugetlbpage.c -+++ b/arch/tile/mm/hugetlbpage.c -@@ -232,7 +232,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, - addr = ALIGN(addr, huge_page_size(h)); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - if (current->mm->get_unmapped_area == arch_get_unmapped_area) -diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c -index 10e0272d789a..136ad7c1ce7b 100644 ---- a/arch/x86/kernel/sys_x86_64.c -+++ b/arch/x86/kernel/sys_x86_64.c -@@ -143,7 +143,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (end - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -@@ -186,7 +186,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - addr = PAGE_ALIGN(addr); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index 2ae8584b44c7..fe342e8ed529 100644 ---- a/arch/x86/mm/hugetlbpage.c -+++ b/arch/x86/mm/hugetlbpage.c -@@ -144,7 +144,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, - addr = ALIGN(addr, huge_page_size(h)); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - if (mm->get_unmapped_area == arch_get_unmapped_area) -diff --git a/arch/xtensa/kernel/syscall.c b/arch/xtensa/kernel/syscall.c -index 83cf49685373..3aaaae18417c 100644 ---- a/arch/xtensa/kernel/syscall.c -+++ b/arch/xtensa/kernel/syscall.c -@@ -87,7 +87,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, - /* At this point: (!vmm || addr < vmm->vm_end). */ - if (TASK_SIZE - len < addr) - return -ENOMEM; -- if (!vmm || addr + len <= vmm->vm_start) -+ if (!vmm || addr + len <= vm_start_gap(vmm)) - return addr; - addr = vmm->vm_end; - if (flags & MAP_SHARED) -diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c -index 4ea71eba40a5..aac9114728c3 100644 ---- a/fs/hugetlbfs/inode.c -+++ b/fs/hugetlbfs/inode.c -@@ -191,7 +191,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, - addr = ALIGN(addr, huge_page_size(h)); - vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma))) - return addr; - } - -diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index 2750949397eb..5feada822930 100644 ---- a/fs/proc/task_mmu.c -+++ b/fs/proc/task_mmu.c -@@ -309,11 +309,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) - - /* We don't show the stack guard page in /proc/maps */ - start = vma->vm_start; -- if (stack_guard_page_start(vma, start)) -- start += PAGE_SIZE; - end = vma->vm_end; -- if (stack_guard_page_end(vma, end)) -- end -= PAGE_SIZE; - - seq_setwidth(m, 25 + sizeof(void *) * 6 - 1); - seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu ", -diff --git a/include/linux/mm.h b/include/linux/mm.h -index 582d30baaa86..31206cc2e99c 100644 ---- a/include/linux/mm.h -+++ b/include/linux/mm.h -@@ -1392,39 +1392,11 @@ int clear_page_dirty_for_io(struct page *page); - - int get_cmdline(struct task_struct *task, char *buffer, int buflen); - --/* Is the vma a continuation of the stack vma above it? */ --static inline int vma_growsdown(struct vm_area_struct *vma, unsigned long addr) --{ -- return vma && (vma->vm_end == addr) && (vma->vm_flags & VM_GROWSDOWN); --} -- - static inline bool vma_is_anonymous(struct vm_area_struct *vma) - { - return !vma->vm_ops; - } - --static inline int stack_guard_page_start(struct vm_area_struct *vma, -- unsigned long addr) --{ -- return (vma->vm_flags & VM_GROWSDOWN) && -- (vma->vm_start == addr) && -- !vma_growsdown(vma->vm_prev, addr); --} -- --/* Is the vma a continuation of the stack vma below it? */ --static inline int vma_growsup(struct vm_area_struct *vma, unsigned long addr) --{ -- return vma && (vma->vm_start == addr) && (vma->vm_flags & VM_GROWSUP); --} -- --static inline int stack_guard_page_end(struct vm_area_struct *vma, -- unsigned long addr) --{ -- return (vma->vm_flags & VM_GROWSUP) && -- (vma->vm_end == addr) && -- !vma_growsup(vma->vm_next, addr); --} -- - int vma_is_stack_for_task(struct vm_area_struct *vma, struct task_struct *t); - - extern unsigned long move_page_tables(struct vm_area_struct *vma, -@@ -2153,6 +2125,7 @@ void page_cache_async_readahead(struct address_space *mapping, - pgoff_t offset, - unsigned long size); - -+extern unsigned long stack_guard_gap; - /* Generic expand stack which grows the stack according to GROWS{UP,DOWN} */ - extern int expand_stack(struct vm_area_struct *vma, unsigned long address); - -@@ -2181,6 +2154,30 @@ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * m - return vma; - } - -+static inline unsigned long vm_start_gap(struct vm_area_struct *vma) -+{ -+ unsigned long vm_start = vma->vm_start; -+ -+ if (vma->vm_flags & VM_GROWSDOWN) { -+ vm_start -= stack_guard_gap; -+ if (vm_start > vma->vm_start) -+ vm_start = 0; -+ } -+ return vm_start; -+} -+ -+static inline unsigned long vm_end_gap(struct vm_area_struct *vma) -+{ -+ unsigned long vm_end = vma->vm_end; -+ -+ if (vma->vm_flags & VM_GROWSUP) { -+ vm_end += stack_guard_gap; -+ if (vm_end < vma->vm_end) -+ vm_end = -PAGE_SIZE; -+ } -+ return vm_end; -+} -+ - static inline unsigned long vma_pages(struct vm_area_struct *vma) - { - return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT; -diff --git a/mm/gup.c b/mm/gup.c -index 22cc22e7432f..4b3723734623 100644 ---- a/mm/gup.c -+++ b/mm/gup.c -@@ -370,11 +370,6 @@ static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma, - /* mlock all present pages, but do not fault in new pages */ - if ((*flags & (FOLL_POPULATE | FOLL_MLOCK)) == FOLL_MLOCK) - return -ENOENT; -- /* For mm_populate(), just skip the stack guard page. */ -- if ((*flags & FOLL_POPULATE) && -- (stack_guard_page_start(vma, address) || -- stack_guard_page_end(vma, address + PAGE_SIZE))) -- return -ENOENT; - if (*flags & FOLL_WRITE) - fault_flags |= FAULT_FLAG_WRITE; - if (*flags & FOLL_REMOTE) -diff --git a/mm/memory.c b/mm/memory.c -index 45f39f391cc2..527ef7841146 100644 ---- a/mm/memory.c -+++ b/mm/memory.c -@@ -2695,40 +2695,6 @@ out_release: - } - - /* -- * This is like a special single-page "expand_{down|up}wards()", -- * except we must first make sure that 'address{-|+}PAGE_SIZE' -- * doesn't hit another vma. -- */ --static inline int check_stack_guard_page(struct vm_area_struct *vma, unsigned long address) --{ -- address &= PAGE_MASK; -- if ((vma->vm_flags & VM_GROWSDOWN) && address == vma->vm_start) { -- struct vm_area_struct *prev = vma->vm_prev; -- -- /* -- * Is there a mapping abutting this one below? -- * -- * That's only ok if it's the same stack mapping -- * that has gotten split.. -- */ -- if (prev && prev->vm_end == address) -- return prev->vm_flags & VM_GROWSDOWN ? 0 : -ENOMEM; -- -- return expand_downwards(vma, address - PAGE_SIZE); -- } -- if ((vma->vm_flags & VM_GROWSUP) && address + PAGE_SIZE == vma->vm_end) { -- struct vm_area_struct *next = vma->vm_next; -- -- /* As VM_GROWSDOWN but s/below/above/ */ -- if (next && next->vm_start == address + PAGE_SIZE) -- return next->vm_flags & VM_GROWSUP ? 0 : -ENOMEM; -- -- return expand_upwards(vma, address + PAGE_SIZE); -- } -- return 0; --} -- --/* - * We enter with non-exclusive mmap_sem (to exclude vma changes, - * but allow concurrent faults), and pte mapped but not yet locked. - * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -2744,10 +2710,6 @@ static int do_anonymous_page(struct fault_env *fe) - if (vma->vm_flags & VM_SHARED) - return VM_FAULT_SIGBUS; - -- /* Check if we need to add a guard page to the stack */ -- if (check_stack_guard_page(vma, fe->address) < 0) -- return VM_FAULT_SIGSEGV; -- - /* - * Use pte_alloc() instead of pte_alloc_map(). We can't run - * pte_offset_map() on pmds where a huge pmd might be created -diff --git a/mm/mmap.c b/mm/mmap.c -index f3ebc5a54367..e1c1eb4b3942 100644 ---- a/mm/mmap.c -+++ b/mm/mmap.c -@@ -176,6 +176,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) - unsigned long retval; - unsigned long newbrk, oldbrk; - struct mm_struct *mm = current->mm; -+ struct vm_area_struct *next; - unsigned long min_brk; - bool populate; - -@@ -221,7 +222,8 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) - } - - /* Check against existing mmap mappings. */ -- if (find_vma_intersection(mm, oldbrk, newbrk+PAGE_SIZE)) -+ next = find_vma(mm, oldbrk); -+ if (next && newbrk + PAGE_SIZE > vm_start_gap(next)) - goto out; - - /* Ok, looks good - let it rip. */ -@@ -244,10 +246,22 @@ out: - - static long vma_compute_subtree_gap(struct vm_area_struct *vma) - { -- unsigned long max, subtree_gap; -- max = vma->vm_start; -- if (vma->vm_prev) -- max -= vma->vm_prev->vm_end; -+ unsigned long max, prev_end, subtree_gap; -+ -+ /* -+ * Note: in the rare case of a VM_GROWSDOWN above a VM_GROWSUP, we -+ * allow two stack_guard_gaps between them here, and when choosing -+ * an unmapped area; whereas when expanding we only require one. -+ * That's a little inconsistent, but keeps the code here simpler. -+ */ -+ max = vm_start_gap(vma); -+ if (vma->vm_prev) { -+ prev_end = vm_end_gap(vma->vm_prev); -+ if (max > prev_end) -+ max -= prev_end; -+ else -+ max = 0; -+ } - if (vma->vm_rb.rb_left) { - subtree_gap = rb_entry(vma->vm_rb.rb_left, - struct vm_area_struct, vm_rb)->rb_subtree_gap; -@@ -343,7 +357,7 @@ static void validate_mm(struct mm_struct *mm) - anon_vma_unlock_read(anon_vma); - } - -- highest_address = vma->vm_end; -+ highest_address = vm_end_gap(vma); - vma = vma->vm_next; - i++; - } -@@ -512,7 +526,7 @@ void __vma_link_rb(struct mm_struct *mm, struct vm_area_struct *vma, - if (vma->vm_next) - vma_gap_update(vma->vm_next); - else -- mm->highest_vm_end = vma->vm_end; -+ mm->highest_vm_end = vm_end_gap(vma); - - /* - * vma->vm_prev wasn't known when we followed the rbtree to find the -@@ -765,7 +779,7 @@ again: - vma_gap_update(vma); - if (end_changed) { - if (!next) -- mm->highest_vm_end = end; -+ mm->highest_vm_end = vm_end_gap(vma); - else if (!adjust_next) - vma_gap_update(next); - } -@@ -1630,7 +1644,7 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) - - while (true) { - /* Visit left subtree if it looks promising */ -- gap_end = vma->vm_start; -+ gap_end = vm_start_gap(vma); - if (gap_end >= low_limit && vma->vm_rb.rb_left) { - struct vm_area_struct *left = - rb_entry(vma->vm_rb.rb_left, -@@ -1641,12 +1655,13 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) - } - } - -- gap_start = vma->vm_prev ? vma->vm_prev->vm_end : 0; -+ gap_start = vma->vm_prev ? vm_end_gap(vma->vm_prev) : 0; - check_current: - /* Check if current node has a suitable gap */ - if (gap_start > high_limit) - return -ENOMEM; -- if (gap_end >= low_limit && gap_end - gap_start >= length) -+ if (gap_end >= low_limit && -+ gap_end > gap_start && gap_end - gap_start >= length) - goto found; - - /* Visit right subtree if it looks promising */ -@@ -1668,8 +1683,8 @@ check_current: - vma = rb_entry(rb_parent(prev), - struct vm_area_struct, vm_rb); - if (prev == vma->vm_rb.rb_left) { -- gap_start = vma->vm_prev->vm_end; -- gap_end = vma->vm_start; -+ gap_start = vm_end_gap(vma->vm_prev); -+ gap_end = vm_start_gap(vma); - goto check_current; - } - } -@@ -1733,7 +1748,7 @@ unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) - - while (true) { - /* Visit right subtree if it looks promising */ -- gap_start = vma->vm_prev ? vma->vm_prev->vm_end : 0; -+ gap_start = vma->vm_prev ? vm_end_gap(vma->vm_prev) : 0; - if (gap_start <= high_limit && vma->vm_rb.rb_right) { - struct vm_area_struct *right = - rb_entry(vma->vm_rb.rb_right, -@@ -1746,10 +1761,11 @@ unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) - - check_current: - /* Check if current node has a suitable gap */ -- gap_end = vma->vm_start; -+ gap_end = vm_start_gap(vma); - if (gap_end < low_limit) - return -ENOMEM; -- if (gap_start <= high_limit && gap_end - gap_start >= length) -+ if (gap_start <= high_limit && -+ gap_end > gap_start && gap_end - gap_start >= length) - goto found; - - /* Visit left subtree if it looks promising */ -@@ -1772,7 +1788,7 @@ check_current: - struct vm_area_struct, vm_rb); - if (prev == vma->vm_rb.rb_right) { - gap_start = vma->vm_prev ? -- vma->vm_prev->vm_end : 0; -+ vm_end_gap(vma->vm_prev) : 0; - goto check_current; - } - } -@@ -1810,7 +1826,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - unsigned long len, unsigned long pgoff, unsigned long flags) - { - struct mm_struct *mm = current->mm; -- struct vm_area_struct *vma; -+ struct vm_area_struct *vma, *prev; - struct vm_unmapped_area_info info; - - if (len > TASK_SIZE - mmap_min_addr) -@@ -1821,9 +1837,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - - if (addr) { - addr = PAGE_ALIGN(addr); -- vma = find_vma(mm, addr); -+ vma = find_vma_prev(mm, addr, &prev); - if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma)) && -+ (!prev || addr >= vm_end_gap(prev))) - return addr; - } - -@@ -1846,7 +1863,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - const unsigned long len, const unsigned long pgoff, - const unsigned long flags) - { -- struct vm_area_struct *vma; -+ struct vm_area_struct *vma, *prev; - struct mm_struct *mm = current->mm; - unsigned long addr = addr0; - struct vm_unmapped_area_info info; -@@ -1861,9 +1878,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - /* requesting a specific address */ - if (addr) { - addr = PAGE_ALIGN(addr); -- vma = find_vma(mm, addr); -+ vma = find_vma_prev(mm, addr, &prev); - if (TASK_SIZE - len >= addr && addr >= mmap_min_addr && -- (!vma || addr + len <= vma->vm_start)) -+ (!vma || addr + len <= vm_start_gap(vma)) && -+ (!prev || addr >= vm_end_gap(prev))) - return addr; - } - -@@ -1998,21 +2016,19 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, - * update accounting. This is shared with both the - * grow-up and grow-down cases. - */ --static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, unsigned long grow) -+static int acct_stack_growth(struct vm_area_struct *vma, -+ unsigned long size, unsigned long grow) - { - struct mm_struct *mm = vma->vm_mm; - struct rlimit *rlim = current->signal->rlim; -- unsigned long new_start, actual_size; -+ unsigned long new_start; - - /* address space limit tests */ - if (!may_expand_vm(mm, vma->vm_flags, grow)) - return -ENOMEM; - - /* Stack limit test */ -- actual_size = size; -- if (size && (vma->vm_flags & (VM_GROWSUP | VM_GROWSDOWN))) -- actual_size -= PAGE_SIZE; -- if (actual_size > READ_ONCE(rlim[RLIMIT_STACK].rlim_cur)) -+ if (size > READ_ONCE(rlim[RLIMIT_STACK].rlim_cur)) - return -ENOMEM; - - /* mlock limit tests */ -@@ -2050,16 +2066,32 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns - int expand_upwards(struct vm_area_struct *vma, unsigned long address) - { - struct mm_struct *mm = vma->vm_mm; -+ struct vm_area_struct *next; -+ unsigned long gap_addr; - int error = 0; - - if (!(vma->vm_flags & VM_GROWSUP)) - return -EFAULT; - -- /* Guard against wrapping around to address 0. */ -- if (address < PAGE_ALIGN(address+4)) -- address = PAGE_ALIGN(address+4); -- else -+ /* Guard against exceeding limits of the address space. */ -+ address &= PAGE_MASK; -+ if (address >= TASK_SIZE) - return -ENOMEM; -+ address += PAGE_SIZE; -+ -+ /* Enforce stack_guard_gap */ -+ gap_addr = address + stack_guard_gap; -+ -+ /* Guard against overflow */ -+ if (gap_addr < address || gap_addr > TASK_SIZE) -+ gap_addr = TASK_SIZE; -+ -+ next = vma->vm_next; -+ if (next && next->vm_start < gap_addr) { -+ if (!(next->vm_flags & VM_GROWSUP)) -+ return -ENOMEM; -+ /* Check that both stack segments have the same anon_vma? */ -+ } - - /* We must make sure the anon_vma is allocated. */ - if (unlikely(anon_vma_prepare(vma))) -@@ -2104,7 +2136,7 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) - if (vma->vm_next) - vma_gap_update(vma->vm_next); - else -- mm->highest_vm_end = address; -+ mm->highest_vm_end = vm_end_gap(vma); - spin_unlock(&mm->page_table_lock); - - perf_event_mmap(vma); -@@ -2125,6 +2157,8 @@ int expand_downwards(struct vm_area_struct *vma, - unsigned long address) - { - struct mm_struct *mm = vma->vm_mm; -+ struct vm_area_struct *prev; -+ unsigned long gap_addr; - int error; - - address &= PAGE_MASK; -@@ -2132,6 +2166,17 @@ int expand_downwards(struct vm_area_struct *vma, - if (error) - return error; - -+ /* Enforce stack_guard_gap */ -+ gap_addr = address - stack_guard_gap; -+ if (gap_addr > address) -+ return -ENOMEM; -+ prev = vma->vm_prev; -+ if (prev && prev->vm_end > gap_addr) { -+ if (!(prev->vm_flags & VM_GROWSDOWN)) -+ return -ENOMEM; -+ /* Check that both stack segments have the same anon_vma? */ -+ } -+ - /* We must make sure the anon_vma is allocated. */ - if (unlikely(anon_vma_prepare(vma))) - return -ENOMEM; -@@ -2186,28 +2231,25 @@ int expand_downwards(struct vm_area_struct *vma, - return error; - } - --/* -- * Note how expand_stack() refuses to expand the stack all the way to -- * abut the next virtual mapping, *unless* that mapping itself is also -- * a stack mapping. We want to leave room for a guard page, after all -- * (the guard page itself is not added here, that is done by the -- * actual page faulting logic) -- * -- * This matches the behavior of the guard page logic (see mm/memory.c: -- * check_stack_guard_page()), which only allows the guard page to be -- * removed under these circumstances. -- */ -+/* enforced gap between the expanding stack and other mappings. */ -+unsigned long stack_guard_gap = 256UL<<PAGE_SHIFT; -+ -+static int __init cmdline_parse_stack_guard_gap(char *p) -+{ -+ unsigned long val; -+ char *endptr; -+ -+ val = simple_strtoul(p, &endptr, 10); -+ if (!*endptr) -+ stack_guard_gap = val << PAGE_SHIFT; -+ -+ return 0; -+} -+__setup("stack_guard_gap=", cmdline_parse_stack_guard_gap); -+ - #ifdef CONFIG_STACK_GROWSUP - int expand_stack(struct vm_area_struct *vma, unsigned long address) - { -- struct vm_area_struct *next; -- -- address &= PAGE_MASK; -- next = vma->vm_next; -- if (next && next->vm_start == address + PAGE_SIZE) { -- if (!(next->vm_flags & VM_GROWSUP)) -- return -ENOMEM; -- } - return expand_upwards(vma, address); - } - -@@ -2229,14 +2271,6 @@ find_extend_vma(struct mm_struct *mm, unsigned long addr) - #else - int expand_stack(struct vm_area_struct *vma, unsigned long address) - { -- struct vm_area_struct *prev; -- -- address &= PAGE_MASK; -- prev = vma->vm_prev; -- if (prev && prev->vm_end == address) { -- if (!(prev->vm_flags & VM_GROWSDOWN)) -- return -ENOMEM; -- } - return expand_downwards(vma, address); - } - -@@ -2334,7 +2368,7 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, - vma->vm_prev = prev; - vma_gap_update(vma); - } else -- mm->highest_vm_end = prev ? prev->vm_end : 0; -+ mm->highest_vm_end = prev ? vm_end_gap(prev) : 0; - tail_vma->vm_next = NULL; - - /* Kill the cache */ --- -2.12.3 - diff --git a/meta-agl-bsp/recipes-kernel/linux/linux-yocto_4.4.bbappend b/meta-agl-bsp/recipes-kernel/linux/linux-yocto_4.4.bbappend index 5e3594ef1..45c170661 100644 --- a/meta-agl-bsp/recipes-kernel/linux/linux-yocto_4.4.bbappend +++ b/meta-agl-bsp/recipes-kernel/linux/linux-yocto_4.4.bbappend @@ -1,7 +1,14 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:" # Backported fix for CVE-2017-1000364 -SRC_URI_append = " file://4.4-0001-mm-larger-stack-guard-gap-between-vmas.patch \ - file://4.4-0002-Allow-stack-to-grow-up-to-address-space-limit.patch \ - file://4.4-0003-mm-fix-new-crash-in-unmapped_area_topdown.patch \ - " +SRC_URI_append_core2-32-intel-common = "\ + file://4.4-0001-mm-larger-stack-guard-gap-between-vmas.patch \ + file://4.4-0002-Allow-stack-to-grow-up-to-address-space-limit.patch \ + file://4.4-0003-mm-fix-new-crash-in-unmapped_area_topdown.patch \ +" + +SRC_URI_append_corei7-64-intel-common = "\ + file://4.4-0001-mm-larger-stack-guard-gap-between-vmas.patch \ + file://4.4-0002-Allow-stack-to-grow-up-to-address-space-limit.patch \ + file://4.4-0003-mm-fix-new-crash-in-unmapped_area_topdown.patch \ +" diff --git a/meta-agl-bsp/recipes-kernel/linux/linux-yocto_4.8.bbappend b/meta-agl-bsp/recipes-kernel/linux/linux-yocto_4.8.bbappend deleted file mode 100644 index 39b651faa..000000000 --- a/meta-agl-bsp/recipes-kernel/linux/linux-yocto_4.8.bbappend +++ /dev/null @@ -1,4 +0,0 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:" - -# Backported fix for CVE-2017-1000364 -SRC_URI_append = " file://4.8-0001-SEC-Backport-Fix-CVE-2017-1000364-through-backport.patch " |