openwrtv4/target/linux/brcm2708/patches-4.9/950-0060-config-Enable-CONFIG_MEMCG-but-leave-it-disabled-due.patch
Stijn Tintel 2d02a4f5bd kernel: update 4.9 to 4.9.44
Refresh patches.
Adapt 704-phy-no-genphy-soft-reset.patch.
Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch.
Compile-tested on brcm2708/bcm2708 and x86/64.
Runtime-tested on brcm2708/bcm2708 and x86/64.

Fixes the following vulnerabilities:
- CVE-2017-7533
- CVE-2017-1000111
- CVE-2017-1000112

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-17 12:34:34 +02:00

50 lines
1.2 KiB
Diff

From c50fe09c78e9b87137e0188139c774bd4f12dcb2 Mon Sep 17 00:00:00 2001
From: popcornmix <popcornmix@gmail.com>
Date: Wed, 18 Dec 2013 22:16:19 +0000
Subject: [PATCH] config: Enable CONFIG_MEMCG, but leave it disabled (due to
memory cost). Enable with cgroup_enable=memory.
---
kernel/cgroup.c | 24 +++++++++++++++++++++++-
1 file changed, 23 insertions(+), 1 deletion(-)
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -5632,7 +5632,7 @@ int __init cgroup_init_early(void)
return 0;
}
-static u16 cgroup_disable_mask __initdata;
+static u16 cgroup_disable_mask __initdata = 1<<0;
/**
* cgroup_init - cgroup initialization
@@ -6173,6 +6173,28 @@ static int __init cgroup_no_v1(char *str
}
__setup("cgroup_no_v1=", cgroup_no_v1);
+static int __init cgroup_enable(char *str)
+{
+ struct cgroup_subsys *ss;
+ char *token;
+ int i;
+
+ while ((token = strsep(&str, ",")) != NULL) {
+ if (!*token)
+ continue;
+
+ for_each_subsys(ss, i) {
+ if (strcmp(token, ss->name) &&
+ strcmp(token, ss->legacy_name))
+ continue;
+
+ cgroup_disable_mask &= ~(1 << i);
+ }
+ }
+ return 1;
+}
+__setup("cgroup_enable=", cgroup_enable);
+
/**
* css_tryget_online_from_dir - get corresponding css from a cgroup dentry
* @dentry: directory dentry of interest