Update to 4.9.1

Drop two obsolete patches.

"ptrace: being capable wrt a process requires mapped uids/gids"
appears to be obsoleted by upstream commit bfedb589252c "mm: Add
a user_ns owner to mm_struct and fix ptrace permission checks".

debian/changelog

@@ -1,7 +1,9 @@
-linux (4.9-1~exp1) UNRELEASED; urgency=medium
+linux (4.9.1-1~exp1) UNRELEASED; urgency=medium
 
   * New upstream release: https://kernelnewbies.org/Linux_4.9
     - Revert "default exported asm symbols to zero"
+  * New upstream stable update:
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.1
 
   [ Ben Hutchings ]
   * Set ABI to trunk

debian/patches/bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch

@@ -1,102 +0,0 @@
-From: Jann Horn <jann@thejh.net>
-Subject: ptrace: being capable wrt a process requires mapped uids/gids
-Date: Sat, 26 Dec 2015 03:52:31 +0100
-Origin: https://lkml.org/lkml/2015/12/25/71
-
-ptrace_has_cap() checks whether the current process should be
-treated as having a certain capability for ptrace checks
-against another process. Until now, this was equivalent to
-has_ns_capability(current, target_ns, CAP_SYS_PTRACE).
-
-However, if a root-owned process wants to enter a user
-namespace for some reason without knowing who owns it and
-therefore can't change to the namespace owner's uid and gid
-before entering, as soon as it has entered the namespace,
-the namespace owner can attach to it via ptrace and thereby
-gain access to its uid and gid.
-
-While it is possible for the entering process to switch to
-the uid of a claimed namespace owner before entering,
-causing the attempt to enter to fail if the claimed uid is
-wrong, this doesn't solve the problem of determining an
-appropriate gid.
-
-With this change, the entering process can first enter the
-namespace and then safely inspect the namespace's
-properties, e.g. through /proc/self/{uid_map,gid_map},
-assuming that the namespace owner doesn't have access to
-uid 0.
-Changed in v2: The caller needs to be capable in the
-namespace into which tcred's uids/gids can be mapped.
-
-Signed-off-by: Jann Horn <jann@thejh.net>
----
- kernel/ptrace.c | 33 ++++++++++++++++++++++++++++-----
- 1 file changed, 28 insertions(+), 5 deletions(-)
-
---- a/kernel/ptrace.c
-+++ b/kernel/ptrace.c
-@@ -20,6 +20,7 @@
- #include <linux/uio.h>
- #include <linux/audit.h>
- #include <linux/pid_namespace.h>
-+#include <linux/user_namespace.h>
- #include <linux/syscalls.h>
- #include <linux/uaccess.h>
- #include <linux/regset.h>
-@@ -207,12 +208,34 @@ static int ptrace_check_attach(struct ta
- 	return ret;
- }
- 
--static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode)
-+static bool ptrace_has_cap(const struct cred *tcred, unsigned int mode)
- {
-+	struct user_namespace *tns = tcred->user_ns;
-+
-+	/* When a root-owned process enters a user namespace created by a
-+	 * malicious user, the user shouldn't be able to execute code under
-+	 * uid 0 by attaching to the root-owned process via ptrace.
-+	 * Therefore, similar to the capable_wrt_inode_uidgid() check,
-+	 * verify that all the uids and gids of the target process are
-+	 * mapped into a namespace below the current one in which the caller
-+	 * is capable.
-+	 * No fsuid/fsgid check because __ptrace_may_access doesn't do it
-+	 * either.
-+	 */
-+	while (
-+	    !kuid_has_mapping(tns, tcred->euid) ||
-+	    !kuid_has_mapping(tns, tcred->suid) ||
-+	    !kuid_has_mapping(tns, tcred->uid)  ||
-+	    !kgid_has_mapping(tns, tcred->egid) ||
-+	    !kgid_has_mapping(tns, tcred->sgid) ||
-+	    !kgid_has_mapping(tns, tcred->gid)) {
-+		tns = tns->parent;
-+	}
-+
- 	if (mode & PTRACE_MODE_NOAUDIT)
--		return has_ns_capability_noaudit(current, ns, CAP_SYS_PTRACE);
-+		return has_ns_capability_noaudit(current, tns, CAP_SYS_PTRACE);
- 	else
--		return has_ns_capability(current, ns, CAP_SYS_PTRACE);
-+		return has_ns_capability(current, tns, CAP_SYS_PTRACE);
- }
- 
- /* Returns 0 on success, -errno on denial. */
-@@ -264,7 +287,7 @@ static int __ptrace_may_access(struct ta
- 	    gid_eq(caller_gid, tcred->sgid) &&
- 	    gid_eq(caller_gid, tcred->gid))
- 		goto ok;
--	if (ptrace_has_cap(tcred->user_ns, mode))
-+	if (ptrace_has_cap(tcred, mode))
- 		goto ok;
- 	rcu_read_unlock();
- 	return -EPERM;
-@@ -275,7 +298,7 @@ ok:
- 		dumpable = get_dumpable(task->mm);
- 	rcu_read_lock();
- 	if (dumpable != SUID_DUMP_USER &&
--	    !ptrace_has_cap(__task_cred(task)->user_ns, mode)) {
-+	    !ptrace_has_cap(__task_cred(task), mode)) {
- 		rcu_read_unlock();
- 		return -EPERM;
- 	}

debian/patches/bugfix/x86/x86-kbuild-enable-modversions-for-symbols-exported-f.patch

@@ -1,59 +0,0 @@
-From: Adam Borowski <kilobyte@angband.pl>
-Date: Tue, 29 Nov 2016 14:51:17 +0100
-Subject: x86/kbuild: enable modversions for symbols exported from asm
-Origin: https://lists.debian.org/20161129135118.24696-1-kilobyte@angband.pl
-
-Commit 4efca4ed ("kbuild: modversions for EXPORT_SYMBOL() for asm") adds
-modversion support for symbols exported from asm files. Architectures
-must include C-style declarations for those symbols in asm/asm-prototypes.h
-in order for them to be versioned.
-
-Add these declarations for x86, and an architecture-independent file that
-can be used for common symbols.
-
-User impact: kernels may fail to load modules at all when
-CONFIG_MODVERSIONS=y.
-
-Signed-off-by: Adam Borowski <kilobyte@angband.pl>
-Tested-by: Kalle Valo <kvalo@codeaurora.org>
-Acked-by: Nicholas Piggin <npiggin@gmail.com>
-Tested-by: Peter Wu <peter@lekensteyn.nl>
-Tested-by: Oliver Hartkopp <socketcan@hartkopp.net>
----
- arch/x86/include/asm/asm-prototypes.h | 12 ++++++++++++
- include/asm-generic/asm-prototypes.h  |  7 +++++++
- 2 files changed, 19 insertions(+)
- create mode 100644 arch/x86/include/asm/asm-prototypes.h
- create mode 100644 include/asm-generic/asm-prototypes.h
-
-diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h
-new file mode 100644
-index 000000000000..ae87224df613
---- /dev/null
-+++ b/arch/x86/include/asm/asm-prototypes.h
-@@ -0,0 +1,12 @@
-+#include <asm/ftrace.h>
-+#include <asm/uaccess.h>
-+#include <asm/string.h>
-+#include <asm/page.h>
-+#include <asm/checksum.h>
-+
-+#include <asm-generic/asm-prototypes.h>
-+
-+#include <asm/page.h>
-+#include <asm/pgtable.h>
-+#include <asm/special_insns.h>
-+#include <asm/preempt.h>
-diff --git a/include/asm-generic/asm-prototypes.h b/include/asm-generic/asm-prototypes.h
-new file mode 100644
-index 000000000000..df13637e4017
---- /dev/null
-+++ b/include/asm-generic/asm-prototypes.h
-@@ -0,0 +1,7 @@
-+#include <linux/bitops.h>
-+extern void *__memset(void *, int, __kernel_size_t);
-+extern void *__memcpy(void *, const void *, __kernel_size_t);
-+extern void *__memmove(void *, const void *, __kernel_size_t);
-+extern void *memset(void *, int, __kernel_size_t);
-+extern void *memcpy(void *, const void *, __kernel_size_t);
-+extern void *memmove(void *, const void *, __kernel_size_t);

debian/patches/series

@@ -93,7 +93,6 @@ features/all/securelevel/arm64-efi-disable-secure-boot-if-shim-is-in-insecure.pa
 features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch
 
 # Security fixes
-bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch
 debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
 
 # Fix exported symbol versions
@@ -102,7 +101,6 @@ bugfix/sparc/revert-sparc-move-exports-to-definitions.patch
 bugfix/s390/revert-s390-move-exports-to-definitions.patch
 bugfix/m68k/revert-m68k-move-exports-to-definitions.patch
 bugfix/alpha/revert-alpha-move-exports-to-actual-definitions.patch
-bugfix/x86/x86-kbuild-enable-modversions-for-symbols-exported-f.patch
 bugfix/powerpc/powerpc-remove-mac-on-linux-hooks.patch
 bugfix/powerpc/powerpc-fix-missing-crcs-add-yet-more-asm-prototypes.patch
 bugfix/all/module-disable-matching-missing-version-crc.patch