parent
544f15ac72
commit
2202083eb0
|
@ -1,4 +1,71 @@
|
|||
linux (4.17.2-1) UNRELEASED; urgency=medium
|
||||
linux (4.17.3-1) UNRELEASED; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.3
|
||||
- net: aquantia: fix unsigned numvecs comparison with less than zero
|
||||
- bonding: re-evaluate force_primary when the primary slave name changes
|
||||
- cdc_ncm: avoid padding beyond end of skb
|
||||
- ipv6: allow PMTU exceptions to local routes
|
||||
- [armhf,arm64] net: dsa: add error handling for pskb_trim_rcsum
|
||||
- net/sched: act_simple: fix parsing of TCA_DEF_DATA
|
||||
- tcp: verify the checksum of the first data segment in a new connection
|
||||
- socket: close race condition between sock_close() and sockfs_setattr()
|
||||
(CVE-2018-12232)
|
||||
- udp: fix rx queue len reported by diag and proc interface
|
||||
- net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds
|
||||
vlan
|
||||
- ACPICA: AML parser: attempt to continue loading table after error
|
||||
- ext4: fix hole length detection in ext4_ind_map_blocks()
|
||||
- ext4: update mtime in ext4_punch_hole even if no blocks are released
|
||||
- ext4: do not allow external inodes for inline data (CVE-2018-11412)
|
||||
- ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget()
|
||||
- ext4: correctly handle a zero-length xattr with a non-zero e_value_offs
|
||||
(CVE-2018-10840)
|
||||
- ext4: fix fencepost error in check for inode count overflow during resize
|
||||
- driver core: Don't ignore class_dir_create_and_add() failure.
|
||||
- Btrfs: allow empty subvol= again
|
||||
- Btrfs: fix clone vs chattr NODATASUM race
|
||||
- Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2()
|
||||
- btrfs: return error value if create_io_em failed in cow_file_range
|
||||
- btrfs: scrub: Don't use inode pages for device replace
|
||||
- ALSA: usb-audio: Disable the quirk for Nura headset
|
||||
- ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
|
||||
- [x86] MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read()
|
||||
- smb3: fix various xid leaks
|
||||
- smb3: on reconnect set PreviousSessionId field
|
||||
- CIFS: 511c54a2f69195b28afb9dd119f03787b1625bb4 adds a check for session
|
||||
expiry
|
||||
- cifs: For SMB2 security informaion query, check for minimum sized
|
||||
security descriptor instead of sizeof FileAllInformation class
|
||||
- nbd: fix nbd device deletion
|
||||
- nbd: update size when connected
|
||||
- nbd: use bd_set_size when updating disk size
|
||||
- blk-mq: reinit q->tag_set_list entry only after grace period
|
||||
- bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue
|
||||
- cpufreq: Fix new policy initialization during limits updates via sysfs
|
||||
- cpufreq: governors: Fix long idle detection logic in load calculation
|
||||
- libata: zpodd: small read overflow in eject_tray()
|
||||
- libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
|
||||
- nvme/pci: Sync controller reset for AER slot_reset
|
||||
- [x86] vector: Fix the args of vector_alloc tracepoint
|
||||
- [x86] apic/vector: Prevent hlist corruption and leaks
|
||||
- [x86] apic: Provide apic_ack_irq()
|
||||
- [x86] ioapic: Use apic_ack_irq()
|
||||
- [x86] platform/uv: Use apic_ack_irq()
|
||||
- irq_remapping: Use apic_ack_irq()
|
||||
- genirq/generic_pending: Do not lose pending affinity update
|
||||
- genirq/affinity: Defer affinity setting if irq chip is busy
|
||||
- genirq/migration: Avoid out of line call if pending is not set
|
||||
- [x86] intel_rdt: Enable CMT and MBM on new Skylake stepping
|
||||
- media: uvcvideo: Prevent setting unavailable flags
|
||||
- media: rc: ensure input/lirc device can be opened after register
|
||||
- iwlwifi: fw: harden page loading code
|
||||
- [x86] HID: intel_ish-hid: ipc: register more pm callbacks to support
|
||||
hibernation
|
||||
- HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large
|
||||
- vhost: fix info leak due to uninitialized memory (CVE-2018-1118)
|
||||
- fs/binfmt_misc.c: do not allow offset overflow
|
||||
- mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* [amd64,arm64,armhf] android: Build modules to support Anbox
|
||||
|
@ -11,13 +78,6 @@ linux (4.17.2-1) UNRELEASED; urgency=medium
|
|||
* [mips*] Increase RELOCATION_TABLE_SIZE to 0x00140000 (fixes FTBFS)
|
||||
* Set ABI to 1
|
||||
* [x86,arm64] Disable code signing for upload to unstable
|
||||
* vhost: fix info leak due to uninitialized memory (CVE-2018-1118)
|
||||
* ext4: correctly handle a zero-length xattr with a non-zero e_value_offs
|
||||
(CVE-2018-10840)
|
||||
* ext4: do not allow external inodes for inline data (CVE-2018-11412)
|
||||
* ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget()
|
||||
* socket: close race condition between sock_close() and sockfs_setattr()
|
||||
(CVE-2018-12232)
|
||||
* [x86] virt: vbox: Only copy_from_user the request-header once
|
||||
(CVE-2018-12633)
|
||||
* [x86] vboxguest: Enable VBOXGUEST and DRM_VBOXVIDEO as modules
|
||||
|
|
|
@ -1,61 +0,0 @@
|
|||
From: Theodore Ts'o <tytso@mit.edu>
|
||||
Date: Tue, 22 May 2018 17:14:07 -0400
|
||||
Subject: ext4: bubble errors from ext4_find_inline_data_nolock() up to
|
||||
ext4_iget()
|
||||
Origin: https://git.kernel.org/linus/eb9b5f01c33adebc31cbc236c02695f605b0e417
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-11412
|
||||
|
||||
If ext4_find_inline_data_nolock() returns an error it needs to get
|
||||
reflected up to ext4_iget(). In order to fix this,
|
||||
ext4_iget_extra_inode() needs to return an error (and not return
|
||||
void).
|
||||
|
||||
This is related to "ext4: do not allow external inodes for inline
|
||||
data" (which fixes CVE-2018-11412) in that in the errors=continue
|
||||
case, it would be useful to for userspace to receive an error
|
||||
indicating that file system is corrupted.
|
||||
|
||||
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||||
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
|
||||
Cc: stable@kernel.org
|
||||
---
|
||||
fs/ext4/inode.c | 10 +++++++---
|
||||
1 file changed, 7 insertions(+), 3 deletions(-)
|
||||
|
||||
--- a/fs/ext4/inode.c
|
||||
+++ b/fs/ext4/inode.c
|
||||
@@ -4701,19 +4701,21 @@ static blkcnt_t ext4_inode_blocks(struct
|
||||
}
|
||||
}
|
||||
|
||||
-static inline void ext4_iget_extra_inode(struct inode *inode,
|
||||
+static inline int ext4_iget_extra_inode(struct inode *inode,
|
||||
struct ext4_inode *raw_inode,
|
||||
struct ext4_inode_info *ei)
|
||||
{
|
||||
__le32 *magic = (void *)raw_inode +
|
||||
EXT4_GOOD_OLD_INODE_SIZE + ei->i_extra_isize;
|
||||
+
|
||||
if (EXT4_GOOD_OLD_INODE_SIZE + ei->i_extra_isize + sizeof(__le32) <=
|
||||
EXT4_INODE_SIZE(inode->i_sb) &&
|
||||
*magic == cpu_to_le32(EXT4_XATTR_MAGIC)) {
|
||||
ext4_set_inode_state(inode, EXT4_STATE_XATTR);
|
||||
- ext4_find_inline_data_nolock(inode);
|
||||
+ return ext4_find_inline_data_nolock(inode);
|
||||
} else
|
||||
EXT4_I(inode)->i_inline_off = 0;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
int ext4_get_projid(struct inode *inode, kprojid_t *projid)
|
||||
@@ -4893,7 +4895,9 @@ struct inode *ext4_iget(struct super_blo
|
||||
ei->i_extra_isize = sizeof(struct ext4_inode) -
|
||||
EXT4_GOOD_OLD_INODE_SIZE;
|
||||
} else {
|
||||
- ext4_iget_extra_inode(inode, raw_inode, ei);
|
||||
+ ret = ext4_iget_extra_inode(inode, raw_inode, ei);
|
||||
+ if (ret)
|
||||
+ goto bad_inode;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,65 +0,0 @@
|
|||
From: Theodore Ts'o <tytso@mit.edu>
|
||||
Date: Wed, 23 May 2018 11:31:03 -0400
|
||||
Subject: ext4: correctly handle a zero-length xattr with a non-zero
|
||||
e_value_offs
|
||||
Origin: https://git.kernel.org/linus/8a2b307c21d4b290e3cbe33f768f194286d07c23
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10840
|
||||
|
||||
Ext4 will always create ext4 extended attributes which do not have a
|
||||
value (where e_value_size is zero) with e_value_offs set to zero. In
|
||||
most places e_value_offs will not be used in a substantive way if
|
||||
e_value_size is zero.
|
||||
|
||||
There was one exception to this, which is in ext4_xattr_set_entry(),
|
||||
where if there is a maliciously crafted file system where there is an
|
||||
extended attribute with e_value_offs is non-zero and e_value_size is
|
||||
0, the attempt to remove this xattr will result in a negative value
|
||||
getting passed to memmove, leading to the following sadness:
|
||||
|
||||
[ 41.225365] EXT4-fs (loop0): mounted filesystem with ordered data mode. Opts: (null)
|
||||
[ 44.538641] BUG: unable to handle kernel paging request at ffff9ec9a3000000
|
||||
[ 44.538733] IP: __memmove+0x81/0x1a0
|
||||
[ 44.538755] PGD 1249bd067 P4D 1249bd067 PUD 1249c1067 PMD 80000001230000e1
|
||||
[ 44.538793] Oops: 0003 [#1] SMP PTI
|
||||
[ 44.539074] CPU: 0 PID: 1470 Comm: poc Not tainted 4.16.0-rc1+ #1
|
||||
...
|
||||
[ 44.539475] Call Trace:
|
||||
[ 44.539832] ext4_xattr_set_entry+0x9e7/0xf80
|
||||
...
|
||||
[ 44.539972] ext4_xattr_block_set+0x212/0xea0
|
||||
...
|
||||
[ 44.540041] ext4_xattr_set_handle+0x514/0x610
|
||||
[ 44.540065] ext4_xattr_set+0x7f/0x120
|
||||
[ 44.540090] __vfs_removexattr+0x4d/0x60
|
||||
[ 44.540112] vfs_removexattr+0x75/0xe0
|
||||
[ 44.540132] removexattr+0x4d/0x80
|
||||
...
|
||||
[ 44.540279] path_removexattr+0x91/0xb0
|
||||
[ 44.540300] SyS_removexattr+0xf/0x20
|
||||
[ 44.540322] do_syscall_64+0x71/0x120
|
||||
[ 44.540344] entry_SYSCALL_64_after_hwframe+0x21/0x86
|
||||
|
||||
https://bugzilla.kernel.org/show_bug.cgi?id=199347
|
||||
|
||||
This addresses CVE-2018-10840.
|
||||
|
||||
Reported-by: "Xu, Wen" <wen.xu@gatech.edu>
|
||||
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||||
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
|
||||
Cc: stable@kernel.org
|
||||
Fixes: dec214d00e0d7 ("ext4: xattr inode deduplication")
|
||||
---
|
||||
fs/ext4/xattr.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/fs/ext4/xattr.c
|
||||
+++ b/fs/ext4/xattr.c
|
||||
@@ -1688,7 +1688,7 @@ static int ext4_xattr_set_entry(struct e
|
||||
|
||||
/* No failures allowed past this point. */
|
||||
|
||||
- if (!s->not_found && here->e_value_offs) {
|
||||
+ if (!s->not_found && here->e_value_size && here->e_value_offs) {
|
||||
/* Remove the old value. */
|
||||
void *first_val = s->base + min_offs;
|
||||
size_t offs = le16_to_cpu(here->e_value_offs);
|
|
@ -1,43 +0,0 @@
|
|||
From: Theodore Ts'o <tytso@mit.edu>
|
||||
Date: Tue, 22 May 2018 16:15:24 -0400
|
||||
Subject: ext4: do not allow external inodes for inline data
|
||||
Origin: https://git.kernel.org/linus/117166efb1ee8f13c38f9e96b258f16d4923f888
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-11412
|
||||
|
||||
The inline data feature was implemented before we added support for
|
||||
external inodes for xattrs. It makes no sense to support that
|
||||
combination, but the problem is that there are a number of extended
|
||||
attribute checks that are skipped if e_value_inum is non-zero.
|
||||
|
||||
Unfortunately, the inline data code is completely e_value_inum
|
||||
unaware, and attempts to interpret the xattr fields as if it were an
|
||||
inline xattr --- at which point, Hilarty Ensues.
|
||||
|
||||
This addresses CVE-2018-11412.
|
||||
|
||||
https://bugzilla.kernel.org/show_bug.cgi?id=199803
|
||||
|
||||
Reported-by: Jann Horn <jannh@google.com>
|
||||
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
|
||||
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||||
Fixes: e50e5129f384 ("ext4: xattr-in-inode support")
|
||||
Cc: stable@kernel.org
|
||||
---
|
||||
fs/ext4/inline.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
--- a/fs/ext4/inline.c
|
||||
+++ b/fs/ext4/inline.c
|
||||
@@ -144,6 +144,12 @@ int ext4_find_inline_data_nolock(struct
|
||||
goto out;
|
||||
|
||||
if (!is.s.not_found) {
|
||||
+ if (is.s.here->e_value_inum) {
|
||||
+ EXT4_ERROR_INODE(inode, "inline data xattr refers "
|
||||
+ "to an external xattr inode");
|
||||
+ error = -EFSCORRUPTED;
|
||||
+ goto out;
|
||||
+ }
|
||||
EXT4_I(inode)->i_inline_off = (u16)((void *)is.s.here -
|
||||
(void *)ext4_raw_inode(&is.iloc));
|
||||
EXT4_I(inode)->i_inline_size = EXT4_MIN_INLINE_DATA_SIZE +
|
|
@ -1,43 +0,0 @@
|
|||
From 52acf73b6e9a6962045feb2ba5a8921da2201915 Mon Sep 17 00:00:00 2001
|
||||
From: Dexuan Cui <decui@microsoft.com>
|
||||
Date: Wed, 6 Jun 2018 21:32:51 +0000
|
||||
Subject: [PATCH] hv_netvsc: Fix a network regression after ifdown/ifup
|
||||
|
||||
Recently people reported the NIC stops working after
|
||||
"ifdown eth0; ifup eth0". It turns out in this case the TX queues are not
|
||||
enabled, after the refactoring of the common detach logic: when the NIC
|
||||
has sub-channels, usually we enable all the TX queues after all
|
||||
sub-channels are set up: see rndis_set_subchannel() ->
|
||||
netif_device_attach(), but in the case of "ifdown eth0; ifup eth0" where
|
||||
the number of channels doesn't change, we also must make sure the TX queues
|
||||
are enabled. The patch fixes the regression.
|
||||
|
||||
Fixes: 7b2ee50c0cd5 ("hv_netvsc: common detach logic")
|
||||
Signed-off-by: Dexuan Cui <decui@microsoft.com>
|
||||
Cc: Stephen Hemminger <sthemmin@microsoft.com>
|
||||
Cc: K. Y. Srinivasan <kys@microsoft.com>
|
||||
Cc: Haiyang Zhang <haiyangz@microsoft.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
drivers/net/hyperv/netvsc_drv.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c
|
||||
index bef4d55a108c..8eec156418ea 100644
|
||||
--- a/drivers/net/hyperv/netvsc_drv.c
|
||||
+++ b/drivers/net/hyperv/netvsc_drv.c
|
||||
@@ -127,8 +127,10 @@ static int netvsc_open(struct net_device *net)
|
||||
}
|
||||
|
||||
rdev = nvdev->extension;
|
||||
- if (!rdev->link_state)
|
||||
+ if (!rdev->link_state) {
|
||||
netif_carrier_on(net);
|
||||
+ netif_tx_wake_all_queues(net);
|
||||
+ }
|
||||
|
||||
if (vf_netdev) {
|
||||
/* Setting synthetic device up transparently sets
|
||||
--
|
||||
2.17.1
|
||||
|
|
@ -1,87 +0,0 @@
|
|||
From: Cong Wang <xiyou.wangcong@gmail.com>
|
||||
Date: Thu, 7 Jun 2018 13:39:49 -0700
|
||||
Subject: socket: close race condition between sock_close() and
|
||||
sockfs_setattr()
|
||||
Origin: https://git.kernel.org/linus/6d8c50dcb029872b298eea68cc6209c866fd3e14
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-12232
|
||||
|
||||
fchownat() doesn't even hold refcnt of fd until it figures out
|
||||
fd is really needed (otherwise is ignored) and releases it after
|
||||
it resolves the path. This means sock_close() could race with
|
||||
sockfs_setattr(), which leads to a NULL pointer dereference
|
||||
since typically we set sock->sk to NULL in ->release().
|
||||
|
||||
As pointed out by Al, this is unique to sockfs. So we can fix this
|
||||
in socket layer by acquiring inode_lock in sock_close() and
|
||||
checking against NULL in sockfs_setattr().
|
||||
|
||||
sock_release() is called in many places, only the sock_close()
|
||||
path matters here. And fortunately, this should not affect normal
|
||||
sock_close() as it is only called when the last fd refcnt is gone.
|
||||
It only affects sock_close() with a parallel sockfs_setattr() in
|
||||
progress, which is not common.
|
||||
|
||||
Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.")
|
||||
Reported-by: shankarapailoor <shankarapailoor@gmail.com>
|
||||
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
|
||||
Cc: Lorenzo Colitti <lorenzo@google.com>
|
||||
Cc: Al Viro <viro@zeniv.linux.org.uk>
|
||||
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/socket.c | 18 +++++++++++++++---
|
||||
1 file changed, 15 insertions(+), 3 deletions(-)
|
||||
|
||||
--- a/net/socket.c
|
||||
+++ b/net/socket.c
|
||||
@@ -537,7 +537,10 @@ static int sockfs_setattr(struct dentry
|
||||
if (!err && (iattr->ia_valid & ATTR_UID)) {
|
||||
struct socket *sock = SOCKET_I(d_inode(dentry));
|
||||
|
||||
- sock->sk->sk_uid = iattr->ia_uid;
|
||||
+ if (sock->sk)
|
||||
+ sock->sk->sk_uid = iattr->ia_uid;
|
||||
+ else
|
||||
+ err = -ENOENT;
|
||||
}
|
||||
|
||||
return err;
|
||||
@@ -586,12 +589,16 @@ EXPORT_SYMBOL(sock_alloc);
|
||||
* an inode not a file.
|
||||
*/
|
||||
|
||||
-void sock_release(struct socket *sock)
|
||||
+static void __sock_release(struct socket *sock, struct inode *inode)
|
||||
{
|
||||
if (sock->ops) {
|
||||
struct module *owner = sock->ops->owner;
|
||||
|
||||
+ if (inode)
|
||||
+ inode_lock(inode);
|
||||
sock->ops->release(sock);
|
||||
+ if (inode)
|
||||
+ inode_unlock(inode);
|
||||
sock->ops = NULL;
|
||||
module_put(owner);
|
||||
}
|
||||
@@ -605,6 +612,11 @@ void sock_release(struct socket *sock)
|
||||
}
|
||||
sock->file = NULL;
|
||||
}
|
||||
+
|
||||
+void sock_release(struct socket *sock)
|
||||
+{
|
||||
+ __sock_release(sock, NULL);
|
||||
+}
|
||||
EXPORT_SYMBOL(sock_release);
|
||||
|
||||
void __sock_tx_timestamp(__u16 tsflags, __u8 *tx_flags)
|
||||
@@ -1146,7 +1158,7 @@ static int sock_mmap(struct file *file,
|
||||
|
||||
static int sock_close(struct inode *inode, struct file *filp)
|
||||
{
|
||||
- sock_release(SOCKET_I(inode));
|
||||
+ __sock_release(SOCKET_I(inode), inode);
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Sat, 12 May 2018 00:33:10 +0300
|
||||
Subject: vhost: fix info leak due to uninitialized memory
|
||||
Origin: https://git.kernel.org/linus/670ae9caaca467ea1bfd325cb2a5c98ba87f94ad
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-1118
|
||||
|
||||
struct vhost_msg within struct vhost_msg_node is copied to userspace.
|
||||
Unfortunately it turns out on 64 bit systems vhost_msg has padding after
|
||||
type which gcc doesn't initialize, leaking 4 uninitialized bytes to
|
||||
userspace.
|
||||
|
||||
This padding also unfortunately means 32 bit users of this interface are
|
||||
broken on a 64 bit kernel which will need to be fixed separately.
|
||||
|
||||
Fixes: CVE-2018-1118
|
||||
Cc: stable@vger.kernel.org
|
||||
Reported-by: Kevin Easton <kevin@guarana.org>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Reported-by: syzbot+87cfa083e727a224754b@syzkaller.appspotmail.com
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
---
|
||||
drivers/vhost/vhost.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
--- a/drivers/vhost/vhost.c
|
||||
+++ b/drivers/vhost/vhost.c
|
||||
@@ -2345,6 +2345,9 @@ struct vhost_msg_node *vhost_new_msg(str
|
||||
struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL);
|
||||
if (!node)
|
||||
return NULL;
|
||||
+
|
||||
+ /* Make sure all padding within the structure is initialized. */
|
||||
+ memset(&node->msg, 0, sizeof node->msg);
|
||||
node->vq = vq;
|
||||
node->msg.type = type;
|
||||
return node;
|
|
@ -91,7 +91,6 @@ bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch
|
|||
debian/revert-objtool-fix-config_stack_validation-y-warning.patch
|
||||
bugfix/all/i40e-build-for-64-bit-targets-only.patch
|
||||
bugfix/all/ib-fix-rdma_rxe-and-infiniband_rdmavt-dependencies-f.patch
|
||||
bugfix/all/hv_netvsc-Fix-a-network-regression-after-ifdown-ifup.patch
|
||||
|
||||
# Miscellaneous features
|
||||
|
||||
|
@ -131,11 +130,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
|
|||
|
||||
# Security fixes
|
||||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||
bugfix/all/vhost-fix-info-leak-due-to-uninitialized-memory.patch
|
||||
bugfix/all/ext4-correctly-handle-a-zero-length-xattr-with-a-non.patch
|
||||
bugfix/all/ext4-do-not-allow-external-inodes-for-inline-data.patch
|
||||
bugfix/all/ext4-bubble-errors-from-ext4_find_inline_data_nolock.patch
|
||||
bugfix/all/socket-close-race-condition-between-sock_close-and-s.patch
|
||||
bugfix/x86/virt-vbox-Only-copy_from_user-the-request-header-onc.patch
|
||||
|
||||
# Fix exported symbol versions
|
||||
|
|
Loading…
Reference in New Issue