From 62e5e3199d40bc6f0bf3f4f87edd01cf051f8281 Mon Sep 17 00:00:00 2001 From: Noah Meyerhans Date: Fri, 25 Oct 2019 13:57:14 -0700 Subject: [PATCH] Remove obsolete patches --- ...fer-overflow-bug-in-check_input_term.patch | 134 ------------------ ...an-OOB-bug-in-parse_audio_mixer_unit.patch | 56 -------- ...M-coalesced_mmio-add-bounds-checking.patch | 79 ----------- ...rlying-storage-no-longer-supports-it.patch | 120 ---------------- ...UNREACH-if-we-can-t-create-route-but.patch | 90 ------------ ...x-secpath-usage-for-IPsec-TX-offload.patch | 49 ------- ...ack-use-consistent-ct-id-hash-calcul.patch | 61 -------- .../all/vhost-make-sure-log_num-in_num.patch | 54 ------- ...ILOCK-unlock-when-xfs_setattr_nonsiz.patch | 63 -------- ..._perf_policy-fix-uninitialized-varia.patch | 96 ------------- ...ck-set-offset-for-kvm-unstable-clock.patch | 45 ------ ...ix-up-botched-merge-of-spectrev1-fix.patch | 44 ------ ...SDP-address-in-boot_params-for-broke.patch | 43 ------ debian/patches/series | 13 -- 14 files changed, 947 deletions(-) delete mode 100644 debian/patches/bugfix/all/ALSA-usb-audio-Fix-a-stack-buffer-overflow-bug-in-check_input_term.patch delete mode 100644 debian/patches/bugfix/all/ALSA-usb-audio-Fix-an-OOB-bug-in-parse_audio_mixer_unit.patch delete mode 100644 debian/patches/bugfix/all/KVM-coalesced_mmio-add-bounds-checking.patch delete mode 100644 debian/patches/bugfix/all/dm-disable-discard-if-the-underlying-storage-no-longer-supports-it.patch delete mode 100644 debian/patches/bugfix/all/ipv4-Return-ENETUNREACH-if-we-can-t-create-route-but.patch delete mode 100644 debian/patches/bugfix/all/ixgbe-Fix-secpath-usage-for-IPsec-TX-offload.patch delete mode 100644 debian/patches/bugfix/all/netfilter-conntrack-use-consistent-ct-id-hash-calcul.patch delete mode 100644 debian/patches/bugfix/all/vhost-make-sure-log_num-in_num.patch delete mode 100644 debian/patches/bugfix/all/xfs-fix-missing-ILOCK-unlock-when-xfs_setattr_nonsiz.patch delete mode 100644 debian/patches/bugfix/x86/tools-x86_energy_perf_policy-fix-uninitialized-varia.patch delete mode 100644 debian/patches/bugfix/x86/x86-kvmclock-set-offset-for-kvm-unstable-clock.patch delete mode 100644 debian/patches/bugfix/x86/x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch delete mode 100644 debian/patches/features/x86/x86-boot-Clear-RSDP-address-in-boot_params-for-broke.patch diff --git a/debian/patches/bugfix/all/ALSA-usb-audio-Fix-a-stack-buffer-overflow-bug-in-check_input_term.patch b/debian/patches/bugfix/all/ALSA-usb-audio-Fix-a-stack-buffer-overflow-bug-in-check_input_term.patch deleted file mode 100644 index 4f7a8deb9..000000000 --- a/debian/patches/bugfix/all/ALSA-usb-audio-Fix-a-stack-buffer-overflow-bug-in-check_input_term.patch +++ /dev/null @@ -1,134 +0,0 @@ -From: Hui Peng -Date: Thu, 15 Aug 2019 00:31:34 -0400 -Subject: ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-15118 -Origin: https://git.kernel.org/linus/19bce474c45be69a284ecee660aa12d8f1e88f18 - -commit 19bce474c45be69a284ecee660aa12d8f1e88f18 upstream. - -`check_input_term` recursively calls itself with input from -device side (e.g., uac_input_terminal_descriptor.bCSourceID) -as argument (id). In `check_input_term`, if `check_input_term` -is called with the same `id` argument as the caller, it triggers -endless recursive call, resulting kernel space stack overflow. - -This patch fixes the bug by adding a bitmap to `struct mixer_build` -to keep track of the checked ids and stop the execution if some id -has been checked (similar to how parse_audio_unit handles unitid -argument). - -Reported-by: Hui Peng -Reported-by: Mathias Payer -Signed-off-by: Hui Peng -Cc: -Signed-off-by: Takashi Iwai -Signed-off-by: Greg Kroah-Hartman ---- - sound/usb/mixer.c | 35 +++++++++++++++++++++++++++-------- - 1 file changed, 27 insertions(+), 8 deletions(-) - -diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c -index 7e1c6c2dc99e..996126a28072 100644 ---- a/sound/usb/mixer.c -+++ b/sound/usb/mixer.c -@@ -83,6 +83,7 @@ struct mixer_build { - unsigned char *buffer; - unsigned int buflen; - DECLARE_BITMAP(unitbitmap, MAX_ID_ELEMS); -+ DECLARE_BITMAP(termbitmap, MAX_ID_ELEMS); - struct usb_audio_term oterm; - const struct usbmix_name_map *map; - const struct usbmix_selector_map *selector_map; -@@ -788,16 +789,25 @@ static int uac_mixer_unit_get_channels(struct mixer_build *state, - * parse the source unit recursively until it reaches to a terminal - * or a branched unit. - */ --static int check_input_term(struct mixer_build *state, int id, -+static int __check_input_term(struct mixer_build *state, int id, - struct usb_audio_term *term) - { - int protocol = state->mixer->protocol; - int err; - void *p1; -+ unsigned char *hdr; - - memset(term, 0, sizeof(*term)); -- while ((p1 = find_audio_control_unit(state, id)) != NULL) { -- unsigned char *hdr = p1; -+ for (;;) { -+ /* a loop in the terminal chain? */ -+ if (test_and_set_bit(id, state->termbitmap)) -+ return -EINVAL; -+ -+ p1 = find_audio_control_unit(state, id); -+ if (!p1) -+ break; -+ -+ hdr = p1; - term->id = id; - - if (protocol == UAC_VERSION_1 || protocol == UAC_VERSION_2) { -@@ -815,7 +825,7 @@ static int check_input_term(struct mixer_build *state, int id, - - /* call recursively to verify that the - * referenced clock entity is valid */ -- err = check_input_term(state, d->bCSourceID, term); -+ err = __check_input_term(state, d->bCSourceID, term); - if (err < 0) - return err; - -@@ -849,7 +859,7 @@ static int check_input_term(struct mixer_build *state, int id, - case UAC2_CLOCK_SELECTOR: { - struct uac_selector_unit_descriptor *d = p1; - /* call recursively to retrieve the channel info */ -- err = check_input_term(state, d->baSourceID[0], term); -+ err = __check_input_term(state, d->baSourceID[0], term); - if (err < 0) - return err; - term->type = UAC3_SELECTOR_UNIT << 16; /* virtual type */ -@@ -912,7 +922,7 @@ static int check_input_term(struct mixer_build *state, int id, - - /* call recursively to verify that the - * referenced clock entity is valid */ -- err = check_input_term(state, d->bCSourceID, term); -+ err = __check_input_term(state, d->bCSourceID, term); - if (err < 0) - return err; - -@@ -963,7 +973,7 @@ static int check_input_term(struct mixer_build *state, int id, - case UAC3_CLOCK_SELECTOR: { - struct uac_selector_unit_descriptor *d = p1; - /* call recursively to retrieve the channel info */ -- err = check_input_term(state, d->baSourceID[0], term); -+ err = __check_input_term(state, d->baSourceID[0], term); - if (err < 0) - return err; - term->type = UAC3_SELECTOR_UNIT << 16; /* virtual type */ -@@ -979,7 +989,7 @@ static int check_input_term(struct mixer_build *state, int id, - return -EINVAL; - - /* call recursively to retrieve the channel info */ -- err = check_input_term(state, d->baSourceID[0], term); -+ err = __check_input_term(state, d->baSourceID[0], term); - if (err < 0) - return err; - -@@ -997,6 +1007,15 @@ static int check_input_term(struct mixer_build *state, int id, - return -ENODEV; - } - -+ -+static int check_input_term(struct mixer_build *state, int id, -+ struct usb_audio_term *term) -+{ -+ memset(term, 0, sizeof(*term)); -+ memset(state->termbitmap, 0, sizeof(state->termbitmap)); -+ return __check_input_term(state, id, term); -+} -+ - /* - * Feature Unit - */ --- -cgit 1.2-0.3.lf.el7 - diff --git a/debian/patches/bugfix/all/ALSA-usb-audio-Fix-an-OOB-bug-in-parse_audio_mixer_unit.patch b/debian/patches/bugfix/all/ALSA-usb-audio-Fix-an-OOB-bug-in-parse_audio_mixer_unit.patch deleted file mode 100644 index 362b284d4..000000000 --- a/debian/patches/bugfix/all/ALSA-usb-audio-Fix-an-OOB-bug-in-parse_audio_mixer_unit.patch +++ /dev/null @@ -1,56 +0,0 @@ -From: Hui Peng -Date: Tue, 13 Aug 2019 22:34:04 -0400 -Subject: ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-15117 -Origin: https://git.kernel.org/linus/daac07156b330b18eb5071aec4b3ddca1c377f2c - -commit daac07156b330b18eb5071aec4b3ddca1c377f2c upstream. - -The `uac_mixer_unit_descriptor` shown as below is read from the -device side. In `parse_audio_mixer_unit`, `baSourceID` field is -accessed from index 0 to `bNrInPins` - 1, the current implementation -assumes that descriptor is always valid (the length of descriptor -is no shorter than 5 + `bNrInPins`). If a descriptor read from -the device side is invalid, it may trigger out-of-bound memory -access. - -``` -struct uac_mixer_unit_descriptor { - __u8 bLength; - __u8 bDescriptorType; - __u8 bDescriptorSubtype; - __u8 bUnitID; - __u8 bNrInPins; - __u8 baSourceID[]; -} -``` - -This patch fixes the bug by add a sanity check on the length of -the descriptor. - -Reported-by: Hui Peng -Reported-by: Mathias Payer -Cc: -Signed-off-by: Hui Peng -Signed-off-by: Takashi Iwai -Signed-off-by: Greg Kroah-Hartman ---- - sound/usb/mixer.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c -index 996126a28072..4b3e1c48ca2f 100644 ---- a/sound/usb/mixer.c -+++ b/sound/usb/mixer.c -@@ -760,6 +760,8 @@ static int uac_mixer_unit_get_channels(struct mixer_build *state, - return -EINVAL; - if (!desc->bNrInPins) - return -EINVAL; -+ if (desc->bLength < sizeof(*desc) + desc->bNrInPins) -+ return -EINVAL; - - switch (state->mixer->protocol) { - case UAC_VERSION_1: --- -cgit 1.2-0.3.lf.el7 - diff --git a/debian/patches/bugfix/all/KVM-coalesced_mmio-add-bounds-checking.patch b/debian/patches/bugfix/all/KVM-coalesced_mmio-add-bounds-checking.patch deleted file mode 100644 index d8fc61ebb..000000000 --- a/debian/patches/bugfix/all/KVM-coalesced_mmio-add-bounds-checking.patch +++ /dev/null @@ -1,79 +0,0 @@ -From: Matt Delco -Date: Mon, 16 Sep 2019 14:16:54 -0700 -Subject: KVM: coalesced_mmio: add bounds checking -Origin: https://git.kernel.org/linus/b60fe990c6b07ef6d4df67bc0530c7c90a62623a -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-14821 - -The first/last indexes are typically shared with a user app. -The app can change the 'last' index that the kernel uses -to store the next result. This change sanity checks the index -before using it for writing to a potentially arbitrary address. - -This fixes CVE-2019-14821. - -Cc: stable@vger.kernel.org -Fixes: 5f94c1741bdc ("KVM: Add coalesced MMIO support (common part)") -Signed-off-by: Matt Delco -Signed-off-by: Jim Mattson -Reported-by: syzbot+983c866c3dd6efa3662a@syzkaller.appspotmail.com -[Use READ_ONCE. - Paolo] -Signed-off-by: Paolo Bonzini -[Salvatore Bonaccorso: backport to 4.19: Adjust for context changes, cherry-pick - commit from stable-queue for 4.19.75] ---- - virt/kvm/coalesced_mmio.c | 17 ++++++++++------- - 1 file changed, 10 insertions(+), 7 deletions(-) - ---- a/virt/kvm/coalesced_mmio.c -+++ b/virt/kvm/coalesced_mmio.c -@@ -40,7 +40,7 @@ static int coalesced_mmio_in_range(struc - return 1; - } - --static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev) -+static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev, u32 last) - { - struct kvm_coalesced_mmio_ring *ring; - unsigned avail; -@@ -52,7 +52,7 @@ static int coalesced_mmio_has_room(struc - * there is always one unused entry in the buffer - */ - ring = dev->kvm->coalesced_mmio_ring; -- avail = (ring->first - ring->last - 1) % KVM_COALESCED_MMIO_MAX; -+ avail = (ring->first - last - 1) % KVM_COALESCED_MMIO_MAX; - if (avail == 0) { - /* full */ - return 0; -@@ -67,24 +67,27 @@ static int coalesced_mmio_write(struct k - { - struct kvm_coalesced_mmio_dev *dev = to_mmio(this); - struct kvm_coalesced_mmio_ring *ring = dev->kvm->coalesced_mmio_ring; -+ __u32 insert; - - if (!coalesced_mmio_in_range(dev, addr, len)) - return -EOPNOTSUPP; - - spin_lock(&dev->kvm->ring_lock); - -- if (!coalesced_mmio_has_room(dev)) { -+ insert = READ_ONCE(ring->last); -+ if (!coalesced_mmio_has_room(dev, insert) || -+ insert >= KVM_COALESCED_MMIO_MAX) { - spin_unlock(&dev->kvm->ring_lock); - return -EOPNOTSUPP; - } - - /* copy data in first free entry of the ring */ - -- ring->coalesced_mmio[ring->last].phys_addr = addr; -- ring->coalesced_mmio[ring->last].len = len; -- memcpy(ring->coalesced_mmio[ring->last].data, val, len); -+ ring->coalesced_mmio[insert].phys_addr = addr; -+ ring->coalesced_mmio[insert].len = len; -+ memcpy(ring->coalesced_mmio[insert].data, val, len); - smp_wmb(); -- ring->last = (ring->last + 1) % KVM_COALESCED_MMIO_MAX; -+ ring->last = (insert + 1) % KVM_COALESCED_MMIO_MAX; - spin_unlock(&dev->kvm->ring_lock); - return 0; - } diff --git a/debian/patches/bugfix/all/dm-disable-discard-if-the-underlying-storage-no-longer-supports-it.patch b/debian/patches/bugfix/all/dm-disable-discard-if-the-underlying-storage-no-longer-supports-it.patch deleted file mode 100644 index 1e7d14946..000000000 --- a/debian/patches/bugfix/all/dm-disable-discard-if-the-underlying-storage-no-longer-supports-it.patch +++ /dev/null @@ -1,120 +0,0 @@ -From: Mike Snitzer -Date: Wed, 3 Apr 2019 12:23:11 -0400 -Subject: dm: disable DISCARD if the underlying storage no longer supports it -Origin: https://git.kernel.org/linus/bcb44433bba5eaff293888ef22ffa07f1f0347d6 -Bug-Debian: https://bugs.debian.org/934331 - -Storage devices which report supporting discard commands like -WRITE_SAME_16 with unmap, but reject discard commands sent to the -storage device. This is a clear storage firmware bug but it doesn't -change the fact that should a program cause discards to be sent to a -multipath device layered on this buggy storage, all paths can end up -failed at the same time from the discards, causing possible I/O loss. - -The first discard to a path will fail with Illegal Request, Invalid -field in cdb, e.g.: - kernel: sd 8:0:8:19: [sdfn] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE - kernel: sd 8:0:8:19: [sdfn] tag#0 Sense Key : Illegal Request [current] - kernel: sd 8:0:8:19: [sdfn] tag#0 Add. Sense: Invalid field in cdb - kernel: sd 8:0:8:19: [sdfn] tag#0 CDB: Write same(16) 93 08 00 00 00 00 00 a0 08 00 00 00 80 00 00 00 - kernel: blk_update_request: critical target error, dev sdfn, sector 10487808 - -The SCSI layer converts this to the BLK_STS_TARGET error number, the sd -device disables its support for discard on this path, and because of the -BLK_STS_TARGET error multipath fails the discard without failing any -path or retrying down a different path. But subsequent discards can -cause path failures. Any discards sent to the path which already failed -a discard ends up failing with EIO from blk_cloned_rq_check_limits with -an "over max size limit" error since the discard limit was set to 0 by -the sd driver for the path. As the error is EIO, this now fails the -path and multipath tries to send the discard down the next path. This -cycle continues as discards are sent until all paths fail. - -Fix this by training DM core to disable DISCARD if the underlying -storage already did so. - -Also, fix branching in dm_done() and clone_endio() to reflect the -mutually exclussive nature of the IO operations in question. - -Cc: stable@vger.kernel.org -Reported-by: David Jeffery -Signed-off-by: Mike Snitzer -[Salvatore Bonaccorso: backported to 4.19: Adjust for context changes in -drivers/md/dm-core.h] -Signed-off-by: Salvatore Bonaccorso -Signed-off-by: Greg Kroah-Hartman - ---- - drivers/md/dm-core.h | 1 + - drivers/md/dm-rq.c | 11 +++++++---- - drivers/md/dm.c | 20 ++++++++++++++++---- - 3 files changed, 24 insertions(+), 8 deletions(-) - ---- a/drivers/md/dm-core.h -+++ b/drivers/md/dm-core.h -@@ -130,6 +130,7 @@ struct mapped_device { - }; - - int md_in_flight(struct mapped_device *md); -+void disable_discard(struct mapped_device *md); - void disable_write_same(struct mapped_device *md); - void disable_write_zeroes(struct mapped_device *md); - ---- a/drivers/md/dm-rq.c -+++ b/drivers/md/dm-rq.c -@@ -295,11 +295,14 @@ static void dm_done(struct request *clon - } - - if (unlikely(error == BLK_STS_TARGET)) { -- if (req_op(clone) == REQ_OP_WRITE_SAME && -- !clone->q->limits.max_write_same_sectors) -+ if (req_op(clone) == REQ_OP_DISCARD && -+ !clone->q->limits.max_discard_sectors) -+ disable_discard(tio->md); -+ else if (req_op(clone) == REQ_OP_WRITE_SAME && -+ !clone->q->limits.max_write_same_sectors) - disable_write_same(tio->md); -- if (req_op(clone) == REQ_OP_WRITE_ZEROES && -- !clone->q->limits.max_write_zeroes_sectors) -+ else if (req_op(clone) == REQ_OP_WRITE_ZEROES && -+ !clone->q->limits.max_write_zeroes_sectors) - disable_write_zeroes(tio->md); - } - ---- a/drivers/md/dm.c -+++ b/drivers/md/dm.c -@@ -910,6 +910,15 @@ static void dec_pending(struct dm_io *io - } - } - -+void disable_discard(struct mapped_device *md) -+{ -+ struct queue_limits *limits = dm_get_queue_limits(md); -+ -+ /* device doesn't really support DISCARD, disable it */ -+ limits->max_discard_sectors = 0; -+ blk_queue_flag_clear(QUEUE_FLAG_DISCARD, md->queue); -+} -+ - void disable_write_same(struct mapped_device *md) - { - struct queue_limits *limits = dm_get_queue_limits(md); -@@ -935,11 +944,14 @@ static void clone_endio(struct bio *bio) - dm_endio_fn endio = tio->ti->type->end_io; - - if (unlikely(error == BLK_STS_TARGET) && md->type != DM_TYPE_NVME_BIO_BASED) { -- if (bio_op(bio) == REQ_OP_WRITE_SAME && -- !bio->bi_disk->queue->limits.max_write_same_sectors) -+ if (bio_op(bio) == REQ_OP_DISCARD && -+ !bio->bi_disk->queue->limits.max_discard_sectors) -+ disable_discard(md); -+ else if (bio_op(bio) == REQ_OP_WRITE_SAME && -+ !bio->bi_disk->queue->limits.max_write_same_sectors) - disable_write_same(md); -- if (bio_op(bio) == REQ_OP_WRITE_ZEROES && -- !bio->bi_disk->queue->limits.max_write_zeroes_sectors) -+ else if (bio_op(bio) == REQ_OP_WRITE_ZEROES && -+ !bio->bi_disk->queue->limits.max_write_zeroes_sectors) - disable_write_zeroes(md); - } - diff --git a/debian/patches/bugfix/all/ipv4-Return-ENETUNREACH-if-we-can-t-create-route-but.patch b/debian/patches/bugfix/all/ipv4-Return-ENETUNREACH-if-we-can-t-create-route-but.patch deleted file mode 100644 index a13b7810b..000000000 --- a/debian/patches/bugfix/all/ipv4-Return-ENETUNREACH-if-we-can-t-create-route-but.patch +++ /dev/null @@ -1,90 +0,0 @@ -From: Stefano Brivio -Date: Wed, 16 Oct 2019 20:52:09 +0200 -Subject: ipv4: Return -ENETUNREACH if we can't create route but saddr is valid -Origin: https://git.kernel.org/linus/595e0651d0296bad2491a4a29a7a43eae6328b02 -Bug-Debian: https://bugs.debian.org/945023 - -...instead of -EINVAL. An issue was found with older kernel versions -while unplugging a NFS client with pending RPCs, and the wrong error -code here prevented it from recovering once link is back up with a -configured address. - -Incidentally, this is not an issue anymore since commit 4f8943f80883 -("SUNRPC: Replace direct task wakeups from softirq context"), included -in 5.2-rc7, had the effect of decoupling the forwarding of this error -by using SO_ERROR in xs_wake_error(), as pointed out by Benjamin -Coddington. - -To the best of my knowledge, this isn't currently causing any further -issue, but the error code doesn't look appropriate anyway, and we -might hit this in other paths as well. - -In detail, as analysed by Gonzalo Siero, once the route is deleted -because the interface is down, and can't be resolved and we return --EINVAL here, this ends up, courtesy of inet_sk_rebuild_header(), -as the socket error seen by tcp_write_err(), called by -tcp_retransmit_timer(). - -In turn, tcp_write_err() indirectly calls xs_error_report(), which -wakes up the RPC pending tasks with a status of -EINVAL. This is then -seen by call_status() in the SUN RPC implementation, which aborts the -RPC call calling rpc_exit(), instead of handling this as a -potentially temporary condition, i.e. as a timeout. - -Return -EINVAL only if the input parameters passed to -ip_route_output_key_hash_rcu() are actually invalid (this is the case -if the specified source address is multicast, limited broadcast or -all zeroes), but return -ENETUNREACH in all cases where, at the given -moment, the given source address doesn't allow resolving the route. - -While at it, drop the initialisation of err to -ENETUNREACH, which -was added to __ip_route_output_key() back then by commit -0315e3827048 ("net: Fix behaviour of unreachable, blackhole and -prohibit routes"), but actually had no effect, as it was, and is, -overwritten by the fib_lookup() return code assignment, and anyway -ignored in all other branches, including the if (fl4->saddr) one: -I find this rather confusing, as it would look like -ENETUNREACH is -the "default" error, while that statement has no effect. - -Also note that after commit fc75fc8339e7 ("ipv4: dont create routes -on down devices"), we would get -ENETUNREACH if the device is down, -but -EINVAL if the source address is specified and we can't resolve -the route, and this appears to be rather inconsistent. - -Reported-by: Stefan Walter -Analysed-by: Benjamin Coddington -Analysed-by: Gonzalo Siero -Signed-off-by: Stefano Brivio -Signed-off-by: David S. Miller ---- - net/ipv4/route.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index 14654876127e..5bc172abd143 100644 ---- a/net/ipv4/route.c -+++ b/net/ipv4/route.c -@@ -2470,14 +2470,17 @@ struct rtable *ip_route_output_key_hash_rcu(struct net *net, struct flowi4 *fl4, - int orig_oif = fl4->flowi4_oif; - unsigned int flags = 0; - struct rtable *rth; -- int err = -ENETUNREACH; -+ int err; - - if (fl4->saddr) { -- rth = ERR_PTR(-EINVAL); - if (ipv4_is_multicast(fl4->saddr) || - ipv4_is_lbcast(fl4->saddr) || -- ipv4_is_zeronet(fl4->saddr)) -+ ipv4_is_zeronet(fl4->saddr)) { -+ rth = ERR_PTR(-EINVAL); - goto out; -+ } -+ -+ rth = ERR_PTR(-ENETUNREACH); - - /* I removed check for oif == dev_out->oif here. - It was wrong for two reasons: --- -2.20.1 - diff --git a/debian/patches/bugfix/all/ixgbe-Fix-secpath-usage-for-IPsec-TX-offload.patch b/debian/patches/bugfix/all/ixgbe-Fix-secpath-usage-for-IPsec-TX-offload.patch deleted file mode 100644 index e249f4200..000000000 --- a/debian/patches/bugfix/all/ixgbe-Fix-secpath-usage-for-IPsec-TX-offload.patch +++ /dev/null @@ -1,49 +0,0 @@ -From: Steffen Klassert -Date: Thu, 12 Sep 2019 13:01:44 +0200 -Subject: ixgbe: Fix secpath usage for IPsec TX offload. -Origin: https://git.kernel.org/linus/f39b683d35dfa93a58f1b400a8ec0ff81296b37c -Bug-Debian: https://bugs.debian.org/930443 -Bug: https://bugzilla.kernel.org/show_bug.cgi?id=204551 - -The ixgbe driver currently does IPsec TX offloading -based on an existing secpath. However, the secpath -can also come from the RX side, in this case it is -misinterpreted for TX offload and the packets are -dropped with a "bad sa_idx" error. Fix this by using -the xfrm_offload() function to test for TX offload. - -Fixes: 592594704761 ("ixgbe: process the Tx ipsec offload") -Reported-by: Michael Marley -Signed-off-by: Steffen Klassert -Signed-off-by: David S. Miller -[Salvatore Bonaccorso: Backport to 4.19.67: cherry-pick patch from 4.19.74 -release with adjusted context] ---- - drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c -index 410d5d3aa393..2c3da1516036 100644 ---- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c -+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c -@@ -34,6 +34,7 @@ - #include - #include - #include -+#include - - #include "ixgbe.h" - #include "ixgbe_common.h" -@@ -8599,7 +8600,8 @@ netdev_tx_t ixgbe_xmit_frame_ring(struct sk_buff *skb, - #endif /* IXGBE_FCOE */ - - #ifdef CONFIG_XFRM_OFFLOAD -- if (skb->sp && !ixgbe_ipsec_tx(tx_ring, first, &ipsec_tx)) -+ if (xfrm_offload(skb) && -+ !ixgbe_ipsec_tx(tx_ring, first, &ipsec_tx)) - goto out_drop; - #endif - tso = ixgbe_tso(tx_ring, first, &hdr_len, &ipsec_tx); --- -2.23.0 - diff --git a/debian/patches/bugfix/all/netfilter-conntrack-use-consistent-ct-id-hash-calcul.patch b/debian/patches/bugfix/all/netfilter-conntrack-use-consistent-ct-id-hash-calcul.patch deleted file mode 100644 index 1bce9264e..000000000 --- a/debian/patches/bugfix/all/netfilter-conntrack-use-consistent-ct-id-hash-calcul.patch +++ /dev/null @@ -1,61 +0,0 @@ -From: Dirk Morris -Date: Thu, 8 Aug 2019 13:57:51 -0700 -Subject: netfilter: conntrack: Use consistent ct id hash calculation -Origin: https://git.kernel.org/linus/656c8e9cc1badbc18eefe6ba01d33ebbcae61b9a - -Change ct id hash calculation to only use invariants. - -Currently the ct id hash calculation is based on some fields that can -change in the lifetime on a conntrack entry in some corner cases. The -current hash uses the whole tuple which contains an hlist pointer which -will change when the conntrack is placed on the dying list resulting in -a ct id change. - -This patch also removes the reply-side tuple and extension pointer from -the hash calculation so that the ct id will will not change from -initialization until confirmation. - -Fixes: 3c79107631db1f7 ("netfilter: ctnetlink: don't use conntrack/expect object addresses as id") -Signed-off-by: Dirk Morris -Acked-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso ---- - net/netfilter/nf_conntrack_core.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c -index a542761e90d1..81a8ef42b88d 100644 ---- a/net/netfilter/nf_conntrack_core.c -+++ b/net/netfilter/nf_conntrack_core.c -@@ -453,13 +453,12 @@ EXPORT_SYMBOL_GPL(nf_ct_invert_tuple); - * table location, we assume id gets exposed to userspace. - * - * Following nf_conn items do not change throughout lifetime -- * of the nf_conn after it has been committed to main hash table: -+ * of the nf_conn: - * - * 1. nf_conn address -- * 2. nf_conn->ext address -- * 3. nf_conn->master address (normally NULL) -- * 4. tuple -- * 5. the associated net namespace -+ * 2. nf_conn->master address (normally NULL) -+ * 3. the associated net namespace -+ * 4. the original direction tuple - */ - u32 nf_ct_get_id(const struct nf_conn *ct) - { -@@ -469,9 +468,10 @@ u32 nf_ct_get_id(const struct nf_conn *ct) - net_get_random_once(&ct_id_seed, sizeof(ct_id_seed)); - - a = (unsigned long)ct; -- b = (unsigned long)ct->master ^ net_hash_mix(nf_ct_net(ct)); -- c = (unsigned long)ct->ext; -- d = (unsigned long)siphash(&ct->tuplehash, sizeof(ct->tuplehash), -+ b = (unsigned long)ct->master; -+ c = (unsigned long)nf_ct_net(ct); -+ d = (unsigned long)siphash(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple, -+ sizeof(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple), - &ct_id_seed); - #ifdef CONFIG_64BIT - return siphash_4u64((u64)a, (u64)b, (u64)c, (u64)d, &ct_id_seed); diff --git a/debian/patches/bugfix/all/vhost-make-sure-log_num-in_num.patch b/debian/patches/bugfix/all/vhost-make-sure-log_num-in_num.patch deleted file mode 100644 index 5681e359a..000000000 --- a/debian/patches/bugfix/all/vhost-make-sure-log_num-in_num.patch +++ /dev/null @@ -1,54 +0,0 @@ -From: yongduan -Date: Wed, 11 Sep 2019 17:44:24 +0800 -Subject: vhost: make sure log_num < in_num -Origin: https://git.kernel.org/linus/060423bfdee3f8bc6e2c1bac97de24d5415e2bc4 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-14835 - -The code assumes log_num < in_num everywhere, and that is true as long as -in_num is incremented by descriptor iov count, and log_num by 1. However -this breaks if there's a zero sized descriptor. - -As a result, if a malicious guest creates a vring desc with desc.len = 0, -it may cause the host kernel to crash by overflowing the log array. This -bug can be triggered during the VM migration. - -There's no need to log when desc.len = 0, so just don't increment log_num -in this case. - -Fixes: 3a4d5c94e959 ("vhost_net: a kernel-level virtio server") -Cc: stable@vger.kernel.org -Reviewed-by: Lidong Chen -Signed-off-by: ruippan -Signed-off-by: yongduan -Acked-by: Michael S. Tsirkin -Reviewed-by: Tyler Hicks -Signed-off-by: Michael S. Tsirkin ---- - drivers/vhost/vhost.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c -index 34ea219936e3..acabf20b069e 100644 ---- a/drivers/vhost/vhost.c -+++ b/drivers/vhost/vhost.c -@@ -2180,7 +2180,7 @@ static int get_indirect(struct vhost_virtqueue *vq, - /* If this is an input descriptor, increment that count. */ - if (access == VHOST_ACCESS_WO) { - *in_num += ret; -- if (unlikely(log)) { -+ if (unlikely(log && ret)) { - log[*log_num].addr = vhost64_to_cpu(vq, desc.addr); - log[*log_num].len = vhost32_to_cpu(vq, desc.len); - ++*log_num; -@@ -2321,7 +2321,7 @@ int vhost_get_vq_desc(struct vhost_virtqueue *vq, - /* If this is an input descriptor, - * increment that count. */ - *in_num += ret; -- if (unlikely(log)) { -+ if (unlikely(log && ret)) { - log[*log_num].addr = vhost64_to_cpu(vq, desc.addr); - log[*log_num].len = vhost32_to_cpu(vq, desc.len); - ++*log_num; --- -2.23.0 - diff --git a/debian/patches/bugfix/all/xfs-fix-missing-ILOCK-unlock-when-xfs_setattr_nonsiz.patch b/debian/patches/bugfix/all/xfs-fix-missing-ILOCK-unlock-when-xfs_setattr_nonsiz.patch deleted file mode 100644 index fda85abee..000000000 --- a/debian/patches/bugfix/all/xfs-fix-missing-ILOCK-unlock-when-xfs_setattr_nonsiz.patch +++ /dev/null @@ -1,63 +0,0 @@ -From: "Darrick J. Wong" -Date: Thu, 22 Aug 2019 20:55:28 -0700 -Subject: xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT -Origin: https://git.kernel.org/linus/1fb254aa983bf190cfd685d40c64a480a9bafaee -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-15538 - -Benjamin Moody reported to Debian that XFS partially wedges when a chgrp -fails on account of being out of disk quota. I ran his reproducer -script: - -# adduser dummy -# adduser dummy plugdev - -# dd if=/dev/zero bs=1M count=100 of=test.img -# mkfs.xfs test.img -# mount -t xfs -o gquota test.img /mnt -# mkdir -p /mnt/dummy -# chown -c dummy /mnt/dummy -# xfs_quota -xc 'limit -g bsoft=100k bhard=100k plugdev' /mnt - -(and then as user dummy) - -$ dd if=/dev/urandom bs=1M count=50 of=/mnt/dummy/foo -$ chgrp plugdev /mnt/dummy/foo - -and saw: - -================================================ -WARNING: lock held when returning to user space! -5.3.0-rc5 #rc5 Tainted: G W ------------------------------------------------- -chgrp/47006 is leaving the kernel with locks still held! -1 lock held by chgrp/47006: - #0: 000000006664ea2d (&xfs_nondir_ilock_class){++++}, at: xfs_ilock+0xd2/0x290 [xfs] - -...which is clearly caused by xfs_setattr_nonsize failing to unlock the -ILOCK after the xfs_qm_vop_chown_reserve call fails. Add the missing -unlock. - -Reported-by: benjamin.moody@gmail.com -Fixes: 253f4911f297 ("xfs: better xfs_trans_alloc interface") -Signed-off-by: Darrick J. Wong -Reviewed-by: Dave Chinner -Tested-by: Salvatore Bonaccorso ---- - fs/xfs/xfs_iops.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c -index ff3c1fae5357..fe285d123d69 100644 ---- a/fs/xfs/xfs_iops.c -+++ b/fs/xfs/xfs_iops.c -@@ -793,6 +793,7 @@ xfs_setattr_nonsize( - - out_cancel: - xfs_trans_cancel(tp); -+ xfs_iunlock(ip, XFS_ILOCK_EXCL); - out_dqrele: - xfs_qm_dqrele(udqp); - xfs_qm_dqrele(gdqp); --- -2.23.0 - diff --git a/debian/patches/bugfix/x86/tools-x86_energy_perf_policy-fix-uninitialized-varia.patch b/debian/patches/bugfix/x86/tools-x86_energy_perf_policy-fix-uninitialized-varia.patch deleted file mode 100644 index 891369e83..000000000 --- a/debian/patches/bugfix/x86/tools-x86_energy_perf_policy-fix-uninitialized-varia.patch +++ /dev/null @@ -1,96 +0,0 @@ -From: Ben Hutchings -Date: Tue, 11 Sep 2018 02:38:36 +0100 -Subject: tools: x86_energy_perf_policy: Fix "uninitialized variable" - warnings at -O2 -Forwarded: https://marc.info/?l=linux-pm&m=153711035626776 - -x86_energy_perf_policy first uses __get_cpuid() to check the maximum -CPUID level and exits if it is too low. It then assumes that later -calls will succeed (which I think is architecturally guaranteed). It -also assumes that CPUID works at all (which is not guaranteed on -x86_32). - -If optimisations are enabled, gcc warns about potentially -uninitialized variables. Fix this by adding an exit-on-error after -every call to __get_cpuid() instead of just checking the maximum -level. - -Signed-off-by: Ben Hutchings ---- - .../x86_energy_perf_policy.c | 26 +++++++++++-------- - 1 file changed, 15 insertions(+), 11 deletions(-) - -diff --git a/tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c b/tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c -index 65bbe627a425..bbef8bcf44d6 100644 ---- a/tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c -+++ b/tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c -@@ -1260,6 +1260,15 @@ void probe_dev_msr(void) - if (system("/sbin/modprobe msr > /dev/null 2>&1")) - err(-5, "no /dev/cpu/0/msr, Try \"# modprobe msr\" "); - } -+ -+static void get_cpuid_or_exit(unsigned int leaf, -+ unsigned int *eax, unsigned int *ebx, -+ unsigned int *ecx, unsigned int *edx) -+{ -+ if (!__get_cpuid(leaf, eax, ebx, ecx, edx)) -+ errx(1, "Processor not supported\n"); -+} -+ - /* - * early_cpuid() - * initialize turbo_is_enabled, has_hwp, has_epb -@@ -1267,15 +1276,10 @@ void probe_dev_msr(void) - */ - void early_cpuid(void) - { -- unsigned int eax, ebx, ecx, edx, max_level; -+ unsigned int eax, ebx, ecx, edx; - unsigned int fms, family, model; - -- __get_cpuid(0, &max_level, &ebx, &ecx, &edx); -- -- if (max_level < 6) -- errx(1, "Processor not supported\n"); -- -- __get_cpuid(1, &fms, &ebx, &ecx, &edx); -+ get_cpuid_or_exit(1, &fms, &ebx, &ecx, &edx); - family = (fms >> 8) & 0xf; - model = (fms >> 4) & 0xf; - if (family == 6 || family == 0xf) -@@ -1289,7 +1293,7 @@ void early_cpuid(void) - bdx_highest_ratio = msr & 0xFF; - } - -- __get_cpuid(0x6, &eax, &ebx, &ecx, &edx); -+ get_cpuid_or_exit(0x6, &eax, &ebx, &ecx, &edx); - turbo_is_enabled = (eax >> 1) & 1; - has_hwp = (eax >> 7) & 1; - has_epb = (ecx >> 3) & 1; -@@ -1307,7 +1311,7 @@ void parse_cpuid(void) - - eax = ebx = ecx = edx = 0; - -- __get_cpuid(0, &max_level, &ebx, &ecx, &edx); -+ get_cpuid_or_exit(0, &max_level, &ebx, &ecx, &edx); - - if (ebx == 0x756e6547 && edx == 0x49656e69 && ecx == 0x6c65746e) - genuine_intel = 1; -@@ -1316,7 +1320,7 @@ void parse_cpuid(void) - fprintf(stderr, "CPUID(0): %.4s%.4s%.4s ", - (char *)&ebx, (char *)&edx, (char *)&ecx); - -- __get_cpuid(1, &fms, &ebx, &ecx, &edx); -+ get_cpuid_or_exit(1, &fms, &ebx, &ecx, &edx); - family = (fms >> 8) & 0xf; - model = (fms >> 4) & 0xf; - stepping = fms & 0xf; -@@ -1341,7 +1345,7 @@ void parse_cpuid(void) - errx(1, "CPUID: no MSR"); - - -- __get_cpuid(0x6, &eax, &ebx, &ecx, &edx); -+ get_cpuid_or_exit(0x6, &eax, &ebx, &ecx, &edx); - /* turbo_is_enabled already set */ - /* has_hwp already set */ - has_hwp_notify = eax & (1 << 8); diff --git a/debian/patches/bugfix/x86/x86-kvmclock-set-offset-for-kvm-unstable-clock.patch b/debian/patches/bugfix/x86/x86-kvmclock-set-offset-for-kvm-unstable-clock.patch deleted file mode 100644 index 0dddf2574..000000000 --- a/debian/patches/bugfix/x86/x86-kvmclock-set-offset-for-kvm-unstable-clock.patch +++ /dev/null @@ -1,45 +0,0 @@ -From: Pavel Tatashin -Date: Sat, 26 Jan 2019 12:49:56 -0500 -Subject: x86/kvmclock: set offset for kvm unstable clock -Origin: https://patchwork.kernel.org/patch/10782557/ -Bug-Debian: https://bugs.debian.org/918036 - -VMs may show incorrect uptime and dmesg printk offsets on hypervisors with -unstable clock. The problem is produced when VM is rebooted without exiting -from qemu. - -The fix is to calculate clock offset not only for stable clock but for -unstable clock as well, and use kvm_sched_clock_read() which substracts -the offset for both clocks. - -This is safe, because pvclock_clocksource_read() does the right thing and -makes sure that clock always goes forward, so once offset is calculated -with unstable clock, we won't get new reads that are smaller than offset, -and thus won't get negative results. - -Thank you Jon DeVree for helping to reproduce this issue. - -Fixes: 857baa87b642 ("sched/clock: Enable sched clock early") - -Reported-by: Dominique Martinet -Signed-off-by: Pavel Tatashin -[carnil: Backport to 4.19 for context changes] ---- - arch/x86/kernel/kvmclock.c | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - ---- a/arch/x86/kernel/kvmclock.c -+++ b/arch/x86/kernel/kvmclock.c -@@ -117,11 +117,8 @@ static u64 kvm_sched_clock_read(void) - - static inline void kvm_sched_clock_init(bool stable) - { -- if (!stable) { -- pv_time_ops.sched_clock = kvm_clock_read; -+ if (!stable) - clear_sched_clock_stable(); -- return; -- } - - kvm_sched_clock_offset = kvm_clock_read(); - pv_time_ops.sched_clock = kvm_sched_clock_read; diff --git a/debian/patches/bugfix/x86/x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch b/debian/patches/bugfix/x86/x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch deleted file mode 100644 index b9daadb14..000000000 --- a/debian/patches/bugfix/x86/x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch +++ /dev/null @@ -1,44 +0,0 @@ -From: Greg Kroah-Hartman -Date: Wed, 4 Sep 2019 12:27:18 +0200 -Subject: x86/ptrace: fix up botched merge of spectrev1 fix -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=69f692bb7e684592aaba779299bc576626d414b4 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-15902 - -I incorrectly merged commit 31a2fbb390fe ("x86/ptrace: Fix possible -spectre-v1 in ptrace_get_debugreg()") when backporting it, as was -graciously pointed out at -https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php - -Resolve the upstream difference with the stable kernel merge to properly -protect things. - -Reported-by: Brad Spengler -Cc: Dianzhang Chen -Cc: Thomas Gleixner -Cc: -Cc: -Signed-off-by: Greg Kroah-Hartman ---- - arch/x86/kernel/ptrace.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index 8d20fb09722c..7f377f8792aa 100644 ---- a/arch/x86/kernel/ptrace.c -+++ b/arch/x86/kernel/ptrace.c -@@ -651,11 +651,10 @@ static unsigned long ptrace_get_debugreg(struct task_struct *tsk, int n) - { - struct thread_struct *thread = &tsk->thread; - unsigned long val = 0; -- int index = n; - - if (n < HBP_NUM) { -+ int index = array_index_nospec(n, HBP_NUM); - struct perf_event *bp = thread->ptrace_bps[index]; -- index = array_index_nospec(index, HBP_NUM); - - if (bp) - val = bp->hw.info.address; --- -2.23.0 - diff --git a/debian/patches/features/x86/x86-boot-Clear-RSDP-address-in-boot_params-for-broke.patch b/debian/patches/features/x86/x86-boot-Clear-RSDP-address-in-boot_params-for-broke.patch deleted file mode 100644 index 77590d118..000000000 --- a/debian/patches/features/x86/x86-boot-Clear-RSDP-address-in-boot_params-for-broke.patch +++ /dev/null @@ -1,43 +0,0 @@ -From: Juergen Gross -Date: Mon, 3 Dec 2018 11:38:11 +0100 -Subject: x86/boot: Clear RSDP address in boot_params for broken loaders -Origin: https://git.kernel.org/linus/182ddd16194cd082f25fa1b063dae3c7c5cce384 - -Gunnar Krueger reported a systemd-boot failure and bisected it down to: - - e6e094e053af75 ("x86/acpi, x86/boot: Take RSDP address from boot params if available") - -In case a broken boot loader doesn't clear its 'struct boot_params', clear -rsdp_addr in sanitize_boot_params(). - -Reported-by: Gunnar Krueger -Tested-by: Gunnar Krueger -Signed-off-by: Juergen Gross -Cc: H. Peter Anvin -Cc: Linus Torvalds -Cc: Peter Zijlstra -Cc: Thomas Gleixner -Cc: bp@alien8.de -Cc: sstabellini@kernel.org -Fixes: e6e094e053af75 ("x86/acpi, x86/boot: Take RSDP address from boot params if available") -Link: http://lkml.kernel.org/r/20181203103811.17056-1-jgross@suse.com -Signed-off-by: Ingo Molnar ---- - arch/x86/include/asm/bootparam_utils.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/arch/x86/include/asm/bootparam_utils.h b/arch/x86/include/asm/bootparam_utils.h -index a07ffd23e4dd..f6f6ef436599 100644 ---- a/arch/x86/include/asm/bootparam_utils.h -+++ b/arch/x86/include/asm/bootparam_utils.h -@@ -36,6 +36,7 @@ static void sanitize_boot_params(struct boot_params *boot_params) - */ - if (boot_params->sentinel) { - /* fields in boot_params are left uninitialized, clear them */ -+ boot_params->acpi_rsdp_addr = 0; - memset(&boot_params->ext_ramdisk_image, 0, - (char *)&boot_params->efi_info - - (char *)&boot_params->ext_ramdisk_image); --- -2.19.2 - diff --git a/debian/patches/series b/debian/patches/series index 3f2ff81f2..95b13f88f 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -76,7 +76,6 @@ bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch bugfix/x86/x86-32-disable-3dnow-in-generic-config.patch bugfix/powerpc/powerpc-fix-mcpu-options-for-spe-only-compiler.patch -bugfix/x86/x86-kvmclock-set-offset-for-kvm-unstable-clock.patch bugfix/arm/ARM-dts-sun8i-h3-add-sy8106a-to-orange-pi-plus.patch bugfix/arm64/arm64-dts-allwinner-a64-Enable-A64-timer-workaround.patch bugfix/mips/MIPS-Loongson-Introduce-and-use-loongson_llsc_mb.patch @@ -91,7 +90,6 @@ features/x86/x86-boot-Add-ACPI-RSDP-address-to-setup_header.patch features/x86/x86-acpi-x86-boot-Take-RSDP-address-for-boot-params-.patch features/x86/x86-boot-Mostly-revert-commit-ae7e1238e68f2a-Add-ACP.patch features/x86/x86-acpi-x86-boot-Take-RSDP-address-from-boot-params.patch -features/x86/x86-boot-Clear-RSDP-address-in-boot_params-for-broke.patch features/arm64/arm64-dts-allwinner-a64-Add-Pine64-LTS-device-tree-f.patch # Miscellaneous bug fixes @@ -103,10 +101,6 @@ bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch debian/revert-objtool-fix-config_stack_validation-y-warning.patch bugfix/all/mt76-use-the-correct-hweight8-function.patch bugfix/all/rtc-s35390a-set-uie_unsupported.patch -bugfix/all/dm-disable-discard-if-the-underlying-storage-no-longer-supports-it.patch -bugfix/all/xfs-fix-missing-ILOCK-unlock-when-xfs_setattr_nonsiz.patch -bugfix/all/ixgbe-Fix-secpath-usage-for-IPsec-TX-offload.patch -bugfix/all/ipv4-Return-ENETUNREACH-if-we-can-t-create-route-but.patch # Miscellaneous features @@ -176,7 +170,6 @@ bugfix/all/libcpupower-hide-private-function.patch bugfix/all/cpupower-fix-checks-for-cpu-existence.patch bugfix/all/tools-lib-api-fs-fs.c-fix-misuse-of-strncpy.patch bugfix/all/usbip-fix-misuse-of-strncpy.patch -bugfix/x86/tools-x86_energy_perf_policy-fix-uninitialized-varia.patch bugfix/x86/tools-turbostat-Add-checks-for-failure-of-fgets-and-.patch bugfix/all/libbpf-add-soname-to-shared-object.patch bugfix/all/libbpf-link-shared-object-with-libelf.patch @@ -298,12 +291,6 @@ features/arm/staging-vc04_services-Use-correct-cache-line-size.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch debian/ntfs-mark-it-as-broken.patch -bugfix/all/netfilter-conntrack-use-consistent-ct-id-hash-calcul.patch -bugfix/all/ALSA-usb-audio-Fix-an-OOB-bug-in-parse_audio_mixer_unit.patch -bugfix/all/ALSA-usb-audio-Fix-a-stack-buffer-overflow-bug-in-check_input_term.patch -bugfix/all/vhost-make-sure-log_num-in_num.patch -bugfix/x86/x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch -bugfix/all/KVM-coalesced_mmio-add-bounds-checking.patch bugfix/x86/taa/0001-KVM-x86-use-Intel-speculation-bugs-and-features-as-d.patch bugfix/x86/taa/0002-x86-msr-Add-the-IA32_TSX_CTRL-MSR.patch bugfix/x86/taa/0003-x86-cpu-Add-a-helper-function-x86_read_arch_cap_msr.patch