mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-30 16:14:12 +00:00
1d94f72439
Rebased patches:
* generic: 273-batman-adv-Convert-packet.h-to-uapi-header.patch
* ipq806x: 0065-arm-override-compiler-flags.patch
* mvebu: 513-arm64-dts-marvell-armada37xx-Add-emmc-sdio-pinctrl-d.patch
Removed patches:
Fixed upstream:
* ar71xx: 821-serial-core-add-support-for-boot-console-with-arbitr.patch
* ath79: 921-serial-core-add-support-for-boot-console-with-arbitr.patch
- in 4.14.256 via 9112e7ef87149b3d8093e7446d784117f6e18d69
* mvebu: 527-PCI-aardvark-allow-to-specify-link-capability.patch
- in 4.14.257 via 62a3dc9b65a2b24800fc4267b8cf590fad135034
* mvebu: 524-PCI-aardvark-set-host-and-device-to-the-same-MAX-payload-size.patch
- should be hopefully fixed by the bunch of changes in .256 and .257
Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia.
Fixes: CVE-2021-3640
Signed-off-by: Petr Štetiar <ynezz@true.cz>
86 lines
2.3 KiB
Diff
86 lines
2.3 KiB
Diff
From 66b3e537b50cd2b46b71edb6ffeef633d1224d10 Mon Sep 17 00:00:00 2001
|
|
From: Phil Elwell <phil@raspberrypi.org>
|
|
Date: Mon, 27 Nov 2017 17:14:54 +0000
|
|
Subject: [PATCH] cgroup: Disable cgroup "memory" by default
|
|
|
|
Some Raspberry Pis have limited RAM and most users won't use the
|
|
cgroup memory support so it is disabled by default. Enable with:
|
|
|
|
cgroup_enable=memory
|
|
|
|
See: https://github.com/raspberrypi/linux/issues/1950
|
|
|
|
Signed-off-by: Phil Elwell <phil@raspberrypi.org>
|
|
---
|
|
kernel/cgroup/cgroup.c | 38 ++++++++++++++++++++++++++++++++++++++
|
|
1 file changed, 38 insertions(+)
|
|
|
|
--- a/kernel/cgroup/cgroup.c
|
|
+++ b/kernel/cgroup/cgroup.c
|
|
@@ -5242,6 +5242,9 @@ int __init cgroup_init_early(void)
|
|
return 0;
|
|
}
|
|
|
|
+static u16 cgroup_enable_mask __initdata;
|
|
+static int __init cgroup_disable(char *str);
|
|
+
|
|
/**
|
|
* cgroup_init - cgroup initialization
|
|
*
|
|
@@ -5279,6 +5282,12 @@ int __init cgroup_init(void)
|
|
|
|
mutex_unlock(&cgroup_mutex);
|
|
|
|
+ /*
|
|
+ * Apply an implicit disable, knowing that an explicit enable will
|
|
+ * prevent if from doing anything.
|
|
+ */
|
|
+ cgroup_disable("memory");
|
|
+
|
|
for_each_subsys(ss, ssid) {
|
|
if (ss->early_init) {
|
|
struct cgroup_subsys_state *css =
|
|
@@ -5660,6 +5669,10 @@ static int __init cgroup_disable(char *s
|
|
strcmp(token, ss->legacy_name))
|
|
continue;
|
|
|
|
+ /* An explicit cgroup_enable overrides a disable */
|
|
+ if (cgroup_enable_mask & (1 << i))
|
|
+ continue;
|
|
+
|
|
static_branch_disable(cgroup_subsys_enabled_key[i]);
|
|
pr_info("Disabling %s control group subsystem\n",
|
|
ss->name);
|
|
@@ -5669,6 +5682,31 @@ static int __init cgroup_disable(char *s
|
|
}
|
|
__setup("cgroup_disable=", cgroup_disable);
|
|
|
|
+static int __init cgroup_enable(char *str)
|
|
+{
|
|
+ struct cgroup_subsys *ss;
|
|
+ char *token;
|
|
+ int i;
|
|
+
|
|
+ while ((token = strsep(&str, ",")) != NULL) {
|
|
+ if (!*token)
|
|
+ continue;
|
|
+
|
|
+ for_each_subsys(ss, i) {
|
|
+ if (strcmp(token, ss->name) &&
|
|
+ strcmp(token, ss->legacy_name))
|
|
+ continue;
|
|
+
|
|
+ cgroup_enable_mask |= 1 << i;
|
|
+ static_branch_enable(cgroup_subsys_enabled_key[i]);
|
|
+ pr_info("Enabling %s control group subsystem\n",
|
|
+ ss->name);
|
|
+ }
|
|
+ }
|
|
+ return 1;
|
|
+}
|
|
+__setup("cgroup_enable=", cgroup_enable);
|
|
+
|
|
/**
|
|
* css_tryget_online_from_dir - get corresponding css from a cgroup dentry
|
|
* @dentry: directory dentry of interest
|