diff --git a/debian/changelog b/debian/changelog index b5ea13d9b..24ef89cac 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +linux (4.5~rc6-1~exp1) UNRELEASED; urgency=medium + + * New upstream release candidate + + -- Ben Hutchings Wed, 02 Mar 2016 14:24:38 +0000 + linux (4.5~rc5-1~exp1) experimental; urgency=medium * New upstream release candidate diff --git a/debian/patches/bugfix/all/af_unix-don-t-set-err-in-unix_stream_read_generic-unless-there-was-an-error.patch b/debian/patches/bugfix/all/af_unix-don-t-set-err-in-unix_stream_read_generic-unless-there-was-an-error.patch deleted file mode 100644 index 3eec17f72..000000000 --- a/debian/patches/bugfix/all/af_unix-don-t-set-err-in-unix_stream_read_generic-unless-there-was-an-error.patch +++ /dev/null @@ -1,65 +0,0 @@ -From: Rainer Weikusat -Date: Mon, 08 Feb 2016 18:47:19 +0000 -Subject: af_unix: Don't set err in unix_stream_read_generic unless there was an error -Origin: http://mid.gmane.org/87bn7rrqdk.fsf@doppelsaurus.mobileactivedefense.com - -The present unix_stream_read_generic contains various code sequences of -the form - -err = -EDISASTER; -if () - goto out; - -This has the unfortunate side effect of possibly causing the error code -to bleed through to the final - -out: - return copied ? : err; - -and then to be wrongly returned if no data was copied because the caller -didn't supply a data buffer, as demonstrated by the program available at - -http://pad.lv/1540731 - -Change it such that err is only set if an error condition was detected. - -Fixes: 3822b5c2fc62 ("af_unix: Revert 'lock_interruptible' in stream receive code") -Reported-by: Joseph Salisbury -Signed-off-by: Rainer Weikusat ---- ---- a/net/unix/af_unix.c -+++ b/net/unix/af_unix.c -@@ -2275,13 +2275,15 @@ static int unix_stream_read_generic(stru - size_t size = state->size; - unsigned int last_len; - -- err = -EINVAL; -- if (sk->sk_state != TCP_ESTABLISHED) -+ if (unlikely(sk->sk_state != TCP_ESTABLISHED)) { -+ err = -EINVAL; - goto out; -+ } - -- err = -EOPNOTSUPP; -- if (flags & MSG_OOB) -+ if (unlikely(flags & MSG_OOB)) { -+ err = -EOPNOTSUPP; - goto out; -+ } - - target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); - timeo = sock_rcvtimeo(sk, noblock); -@@ -2327,9 +2329,11 @@ again: - goto unlock; - - unix_state_unlock(sk); -- err = -EAGAIN; -- if (!timeo) -+ if (!timeo) { -+ err = -EAGAIN; - break; -+ } -+ - mutex_unlock(&u->readlock); - - timeo = unix_stream_data_wait(sk, timeo, last, diff --git a/debian/patches/bugfix/all/af_unix-guard-against-other-sk-in-unix_dgram_sendmsg.patch b/debian/patches/bugfix/all/af_unix-guard-against-other-sk-in-unix_dgram_sendmsg.patch deleted file mode 100644 index c61eaf6be..000000000 --- a/debian/patches/bugfix/all/af_unix-guard-against-other-sk-in-unix_dgram_sendmsg.patch +++ /dev/null @@ -1,40 +0,0 @@ -From: Rainer Weikusat -Date: Thu, 11 Feb 2016 19:37:27 +0000 -Subject: af_unix: Guard against other == sk in unix_dgram_sendmsg -Origin: http://mid.gmane.org/87r3gj11jc.fsf_-_@doppelsaurus.mobileactivedefense.com - -The unix_dgram_sendmsg routine use the following test - -if (unlikely(unix_peer(other) != sk && unix_recvq_full(other))) { - -to determine if sk and other are in an n:1 association (either -established via connect or by using sendto to send messages to an -unrelated socket identified by address). This isn't correct as the -specified address could have been bound to the sending socket itself or -because this socket could have been connected to itself by the time of -the unix_peer_get but disconnected before the unix_state_lock(other). In -both cases, the if-block would be entered despite other == sk which -might either block the sender unintentionally or lead to trying to unlock -the same spin lock twice for a non-blocking send. Add a other != sk -check to guard against this. - -Fixes: 7d267278a9ec ("unix: avoid use-after-free in ep_remove_wait_queue") -Reported-By: Philipp Hahn -Signed-off-by: Rainer Weikusat ---- ---- a/net/unix/af_unix.c -+++ b/net/unix/af_unix.c -@@ -1781,7 +1781,12 @@ restart_locked: - goto out_unlock; - } - -- if (unlikely(unix_peer(other) != sk && unix_recvq_full(other))) { -+ /* other == sk && unix_peer(other) != sk if -+ * - unix_peer(sk) == NULL, destination address bound to sk -+ * - unix_peer(sk) == sk by time of get but disconnected before lock -+ */ -+ if (other != sk && -+ unlikely(unix_peer(other) != sk && unix_recvq_full(other))) { - if (timeo) { - timeo = unix_wait_for_peer(other, timeo); - diff --git a/debian/patches/bugfix/all/iff_no_queue-fix-for-drivers-not-calling-ether_setup.patch b/debian/patches/bugfix/all/iff_no_queue-fix-for-drivers-not-calling-ether_setup.patch deleted file mode 100644 index defcd9602..000000000 --- a/debian/patches/bugfix/all/iff_no_queue-fix-for-drivers-not-calling-ether_setup.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Phil Sutter -Date: Wed, 17 Feb 2016 15:37:43 +0100 -Subject: IFF_NO_QUEUE: Fix for drivers not calling ether_setup() -Origin: http://mid.gmane.org/1455719863-25730-1-git-send-email-phil@nwl.cc - -My implementation around IFF_NO_QUEUE driver flag assumed that leaving -tx_queue_len untouched (specifically: not setting it to zero) by drivers -would make it possible to assign a regular qdisc to them without having -to worry about setting tx_queue_len to a useful value. This was only -partially true: I overlooked that some drivers don't call ether_setup() -and therefore not initialize tx_queue_len to the default value of 1000. -Consequently, removing the workarounds in place for that case in qdisc -implementations which cared about it (namely, pfifo, bfifo, gred, htb, -plug and sfb) leads to problems with these specific interface types and -qdiscs. - -Luckily, there's already a sanitization point for drivers setting -tx_queue_len to zero, which can be reused to assign the fallback value -most qdisc implementations used, which is 1. - -Fixes: 348e3435cbefa ("net: sched: drop all special handling of tx_queue_len == 0") -Tested-by: Mathieu Desnoyers -Signed-off-by: Phil Sutter ---- - net/core/dev.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -7125,8 +7125,10 @@ struct net_device *alloc_netdev_mqs(int - dev->priv_flags = IFF_XMIT_DST_RELEASE | IFF_XMIT_DST_RELEASE_PERM; - setup(dev); - -- if (!dev->tx_queue_len) -+ if (!dev->tx_queue_len) { - dev->priv_flags |= IFF_NO_QUEUE; -+ dev->tx_queue_len = 1; -+ } - - dev->num_tx_queues = txqs; - dev->real_num_tx_queues = txqs; diff --git a/debian/patches/series b/debian/patches/series index 4c77ac769..eff715db2 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -67,8 +67,6 @@ features/all/grsecurity/grkernsec_perf_harden.patch # Security fixes bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch -bugfix/all/af_unix-guard-against-other-sk-in-unix_dgram_sendmsg.patch -bugfix/all/af_unix-don-t-set-err-in-unix_stream_read_generic-unless-there-was-an-error.patch bugfix/x86/x86-mm-page-align-the-_end-symbol-to-avoid-pfn-conve.patch bugfix/x86/x86-mm-pat-ensure-cpa-pfn-only-contains-page-frame-n.patch bugfix/x86/x86-efi-map-ram-into-the-identity-page-table-for-mix.patch @@ -76,6 +74,5 @@ bugfix/x86/x86-efi-hoist-page-table-switching-code-into-efi_cal.patch bugfix/x86/x86-efi-build-our-own-page-table-structures.patch bugfix/x86/x86-efi-setup-separate-efi-page-tables-in-kexec-path.patch debian/i386-686-pae-pci-set-pci-nobios-by-default.patch -bugfix/all/iff_no_queue-fix-for-drivers-not-calling-ether_setup.patch bugfix/x86/x86-efi-bgrt-fix-kernel-panic-when-mapping-bgrt-data.patch bugfix/x86/x86-efi-bgrt-replace-early_memremap-with-memremap.patch