From 657307624bf92c3c1ef290a886363df7c8cf4499 Mon Sep 17 00:00:00 2001 From: Romain Perier Date: Wed, 30 May 2018 19:01:25 +0200 Subject: [PATCH] Update to 4.16.13 This updates the debian changelog for listing changes of this stable update. It also removes the patches that have been merged upstream. --- debian/changelog | 283 +++++++++++++++++- ...wn-correctly-sized-SCSI-sense-buffer.patch | 61 ---- ...m-vmx-expose-ssbd-properly-to-guests.patch | 35 --- ...nto-account-that-alloc_dev_data-may-.patch | 33 -- debian/patches/series | 2 - debian/patches/series-rt | 1 - 6 files changed, 282 insertions(+), 133 deletions(-) delete mode 100644 debian/patches/bugfix/all/sr-pass-down-correctly-sized-SCSI-sense-buffer.patch delete mode 100644 debian/patches/bugfix/x86/kvm-vmx-expose-ssbd-properly-to-guests.patch delete mode 100644 debian/patches/features/all/rt/0001-iommu-amd-Take-into-account-that-alloc_dev_data-may-.patch diff --git a/debian/changelog b/debian/changelog index 6192a5805..3a1e41f10 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,285 @@ -linux (4.16.12-2) UNRELEASED; urgency=medium +linux (4.16.13-1) UNRELEASED; urgency=medium + + [ Romain Perier ] + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.13 + - [mips*] c-r4k: Fix data corruption related to cache coherence + - [mips*] ptrace: Expose FIR register through FP regset + - [mips*] Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 + FGRs + - affs_lookup(): close a race with affs_remove_link() + - fix breakage caused by d_find_alias() semantics change + - fs: don't scan the inode cache before SB_BORN is set + - aio: fix io_destroy(2) vs. lookup_ioctx() race + - Btrfs: fix error handling in btrfs_truncate() + - ALSA: timer: Fix pause event notification + - do d_instantiate/unlock_new_inode combinations safely + - mmc: block: propagate correct returned value in mmc_rpmb_ioctl + - mmc: sdhci-iproc: remove hard coded mmc cap 1.8v + - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register + - mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus + - ahci: Add PCI ID for Cannon Lake PCH-LP AHCI + - libata: Blacklist some Sandisk SSDs for NCQ + - libata: blacklist Micron 500IT SSD with MU01 firmware + - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent + - drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros + - [arm64] lse: Add early clobbers to some input/output asm operands + - [arm64] export tishift functions to modules + - [powerpc*] 64s: Clear PCR on boot + - IB/hfi1: Use after free race condition in send context error path + - IB/umem: Use the correct mm during ib_umem_release + - sr: pass down correctly sized SCSI sense buffer + - bcma: fix buffer size caused crash in bcma_core_mips_print_irq() + - idr: fix invalid ptr dereference on item delete + - Revert "ipc/shm: Fix shmat mmap nil-page protection" + - ipc/shm: fix shmat() nil address after round-down when remapping + - mm/kasan: don't vfree() nonexistent vm_area + - kasan: free allocated shadow memory on MEM_CANCEL_ONLINE + - kasan: fix memory hotplug during boot + - kernel/sys.c: fix potential Spectre v1 issue + - PM / core: Fix direct_complete handling for devices with no callbacks + - KVM/VMX: Expose SSBD properly to guests + - KVM: s390: vsie: fix < 8k check for the itdba + - KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed + - kvm: x86: IA32_ARCH_CAPABILITIES is always supported + - x86/kvm: fix LAPIC timer drift when guest uses periodic mode + - [armhf] dts: sun4i: Fix incorrect clocks for displays + - sh: fix debug trap failure to process signals before return to user + - firmware: dmi_scan: Fix UUID length safety check + - nvme: don't send keep-alives to the discovery controller + - Btrfs: clean up resources during umount after trans is aborted + - Btrfs: fix loss of prealloc extents past i_size after fsync log replay + - x86/pgtable: Don't set huge PUD/PMD on non-leaf entries + - x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init + - bnxt_en: Ignore src port field in decap filter nodes + - nvme: expand nvmf_check_if_ready checks + - fs/proc/proc_sysctl.c: fix potential page fault while unregistering + sysctl table + - kasan: fix invalid-free test crashing the kernel + - kasan, slub: fix handling of kasan_slab_free hook + - swap: divide-by-zero when zero length swap file on ssd + - z3fold: fix memory leak + - sr: get/drop reference to device in revalidate and check_events + - Force log to disk before reading the AGF during a fstrim + - cpufreq: CPPC: Initialize shared perf capabilities of CPUs + - powerpc/fscr: Enable interrupts earlier before calling get_user() + - perf tools: Fix perf builds with clang support + - perf clang: Add support for recent clang versions + - dp83640: Ensure against premature access to PHY registers after reset + - ibmvnic: Zero used TX descriptor counter on reset + - genirq/affinity: Don't return with empty affinity masks on error + - mm/ksm: fix interaction with THP + - mm: fix races between address_space dereference and free in + page_evicatable + - mm: thp: fix potential clearing to referenced flag in + page_idle_clear_pte_refs_one() + - Btrfs: bail out on error during replay_dir_deletes + - Btrfs: fix NULL pointer dereference in log_dir_items + - btrfs: Fix possible softlock on single core machines + - IB/rxe: Fix for oops in rxe_register_device on ppc64le arch + - ocfs2/dlm: don't handle migrate lockres if already in shutdown + - [powerpc*] 64s: Fix restore of AMOR on POWER9 after deep sleep + - sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning + - x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead + of this_cpu_has() in build_cr3_noflush() + - KVM: VMX: raise internal error for exception during invalid protected + mode state + - lan78xx: Connect phy early + - fscache: Fix hanging wait on page discarded by writeback + - dmaengine: rcar-dmac: Fix too early/late system suspend/resume callbacks + - [sparc64] Make atomic_xchg() an inline function rather than a macro. + - riscv/spinlock: Strengthen implementations with fences + - platform/x86: dell-smbios: Fix memory leaks in build_tokens_sysfs() + - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() + - net: bgmac: Correctly annotate register space + - bnxt_en: fix clear flags in ethtool reset handling + - [powerpc*] 64s: sreset panic if there is no debugger or crash dump handlers + - btrfs: tests/qgroup: Fix wrong tree backref level + - Btrfs: fix copy_items() return value when logging an inode + - btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers + - btrfs: qgroup: Fix root item corruption when multiple same source + snapshots are created with quota enabled + - rxrpc: Fix resend event time calculation + - rxrpc: Fix Tx ring annotation after initial Tx failure + - rxrpc: Don't treat call aborts as conn aborts + - xen/acpi: off by one in read_acpi_id() + - drivers: macintosh: rack-meter: really fix bogus memsets + - ACPI: acpi_pad: Fix memory leak in power saving threads + - powerpc/mpic: Check if cpu_possible() in mpic_physmask() + - ieee802154: ca8210: fix uninitialised data read + - ath10k: advertize beacon_int_min_gcd + - iommu/amd: Take into account that alloc_dev_data() may return NULL + - intel_th: Use correct method of finding hub + - [m68k] set dma and coherent masks for platform FEC ethernets + - iwlwifi: mvm: check if mac80211_queue is valid in iwl_mvm_disable_txq + - iwlwifi: mvm: take RCU lock before dereferencing + - net/mlx5e: Move all TX timeout logic to be under state lock + - parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode + - perf mmap: Fix accessing unmapped mmap in perf_mmap__read_done() + - hwmon: (nct6775) Fix writing pwmX_mode + - mt76x2: fix possible NULL pointer dereferencing in mt76x2_tx() + - mt76x2: fix warning in ieee80211_get_key_rx_seq() + - [powerpc] perf: Prevent kernel address leak to userspace via BHRB buffer + - [powerpc] perf: Fix kernel address leak via sampling registers + - rsi: fix kernel panic observed on 64bit machine + - tools/thermal: tmon: fix for segfault + - selftests: Print the test we're running to /dev/kmsg + - i40e: hold the RTNL lock while changing interrupt schemes + - net/mlx5: Protect from command bit overflow + - watchdog: davinci_wdt: fix error handling in davinci_wdt_probe() + - net: hns3: fix for the wrong shift problem in hns3_set_txbd_baseinfo + - net: hns3: fix for returning wrong value problem in + hns3_get_rss_indir_size + - net: hns3: fix for returning wrong value problem in hns3_get_rss_key_size + - net: qualcomm: rmnet: check for null ep to avoid null pointer dereference + - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) + - nvme_fc: fix abort race on teardown with lld reject + - nvme-pci: disable APST for Samsung NVMe SSD 960 EVO + ASUS PRIME Z370-A + - ath9k: fix crash in spectral scan + - btrfs: fix null pointer deref when target device is missing + - cxgb4: Setup FW queues before registering netdev + - hv_netvsc: Fix the return status in RX path + - ima: Fix Kconfig to select TPM 2.0 CRB interface + - ima: Fallback to the builtin hash algorithm + - watchdog: aspeed: Allow configuring for alternate boot + - gfs2: Check for the end of metadata in punch_hole + - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS + - [armhf] dts: socfpga: fix GIC PPI warning + - ima: clear IMA_HASH + - ext4: don't complain about incorrect features when probing + - drm/vmwgfx: Unpin the screen object backup buffer when not used + - iommu/mediatek: Fix protect memory setting + - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path + - firmware: fix checking for return values for fw_add_devm_name() + - IB/mlx5: Set the default active rate and width to QDR and 4X + - zorro: Set up z->dev.dma_mask for the DMA API + - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set + - remoteproc: imx_rproc: Fix an error handling path in 'imx_rproc_probe()' + - bcache: fix cached_dev->count usage for bch_cache_set_error() + - ACPICA: Events: add a return on failure from acpi_hw_register_read + - ACPICA: Fix memory leak on unusual memory leak + - bcache: stop dc->writeback_rate_update properly + - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c + - cxgb4: Fix queue free path of ULD drivers + - i2c: mv64xxx: Apply errata delay only in standard mode + - KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use + - perf top: Fix top.c[all] all-graph config option reading + - perf stat: Fix core dump when flag T is used + - IB/core: Honor port_num while resolving GID for IB link layer + - drm/amdkfd: add missing include of mm.h + - coresight: Use %px to print pcsr instead of %p + - ibmvnic: Fix reset return from closed state + - regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()' + - spi: bcm-qspi: fIX some error handling paths + - net/smc: pay attention to MAX_ORDER for CQ entries + - MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset + - powerpc/vas: Fix cleanup when VAS is not configured + - PCI: Restore config space on runtime resume despite being unbound + - watchdog: sprd_wdt: Fix error handling in sprd_wdt_enable() + - watchdog: dw: RMW the control register + - watchdog: aspeed: Fix translation of reset mode to ctrl register + - ipmi_ssif: Fix kernel panic at msg_done_handler + - [arm64] drm/meson: Fix some error handling paths in 'meson_drv_bind_master()' + - [arm64] drm/meson: Fix an un-handled error path in 'meson_drv_bind_master()' + - [powerpc] powernv/npu: Fix deadlock in mmio_invalidate() + - f2fs: flush cp pack except cp pack 2 page at first + - cxl: Check if PSL data-cache is available before issue flush request + - f2fs: fix to set KEEP_SIZE bit in f2fs_zero_range + - f2fs: fix to clear CP_TRIMMED_FLAG + - f2fs: fix to check extent cache in f2fs_drop_extent_tree + - perf/core: Fix installing cgroup events on CPU + - max17042: propagate of_node to power supply device + - perf/core: Fix perf_output_read_group() + - drm/panel: simple: Fix the bus format for the Ontat panel + - hwmon: (pmbus/max8688) Accept negative page register values + - hwmon: (pmbus/adm1275) Accept negative page register values + - [amd64] perf: Properly save/restore the PMU state in the NMI handler + - cdrom: do not call check_disk_change() inside cdrom_open() + - [armhf, arm64] efi: Only register page tables when they exist + - [amd64] perf: Fix large period handling on Broadwell CPUs + - [amd64] perf: Fix event update for auto-reload + - [arm64] dts: qcom: Fix SPI5 config on MSM8996 + - [arm64] soc: qcom: wcnss_ctrl: Fix increment in NV upload + - gfs2: Fix fallocate chunk size + - [amd64] x86/devicetree: Initialize device tree before using it + - [amd64] x86/devicetree: Fix device IRQ settings in DT + - phy: rockchip-emmc: retry calpad busy trimming + - ALSA: vmaster: Propagate slave error + - phy: qcom-qmp: Fix phy pipe clock gating + - drm/bridge: sii902x: Retry status read after DDI I2C + - drm/amdgpu: Clean sdma wptr register when only enable wptr polling + - tools: hv: fix compiler warnings about major/target_fname + - block: null_blk: fix 'Invalid parameters' when loading module + - dmaengine: pl330: fix a race condition in case of threaded irqs + - [powerpc] mm/slice: Remove intermediate bitmap copy + - [powerpc] mm/slice: create header files dedicated to slices + - [powerpc] mm/slice: Enhance for supporting PPC32 + - [powerpc] mm/slice: Fix hugepage allocation at hint address on 8xx + - dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue() + - enic: enable rq before updating rq descriptors + - watchdog: asm9260_wdt: fix error handling in asm9260_wdt_probe() + - hwrng: stm32 - add reset during probe + - pinctrl: devicetree: Fix dt_to_map_one_config handling of hogs + - pinctrl: artpec6: dt: add missing pin group uart5nocts + - vfio-ccw: fence off transport mode + - dmaengine: qcom: bam_dma: get num-channels and num-ees from dt + - drm: omapdrm: dss: Move initialization code from component bind to probe + - [armhf] dts: dra71-evm: Correct evm_sd regulator max voltage + - drm/amdgpu: disable GFX ring and disable PQ wptr in hw_fini + - drm/amdgpu: adjust timeout for ib_ring_tests(v2) + - ibmvnic: Allocate statistics buffers during probe + - [armhf, arm64] net: stmmac: ensure that the device has released ownership + before reading data + - [armhf, arm64] net: stmmac: ensure that the MSS desc is the last desc to + set the own bit + - cpufreq: Reorder cpufreq_online() error code path + - dpaa_eth: fix SG mapping + - PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 + - udf: Provide saner default for invalid uid / gid + - ixgbe: prevent ptp_rx_hang from running when in FILTER_ALL mode + - sh_eth: fix TSU init on SH7734/R8A7740 + - power: supply: ltc2941-battery-gauge: Fix temperature units + - [armhf] dts: bcm283x: Fix probing of bcm2835-i2s + - [armhf] dts: bcm283x: Fix pin function of JTAG pins + - PCMCIA / PM: Avoid noirq suspend aborts during suspend-to-idle + - hwrng: bcm2835 - Handle deferred clock properly + - audit: return on memory error to avoid null pointer dereference + - [armhf, arm64] net: stmmac: call correct function in + stmmac_mac_config_rx_queues_routing() + - rcu: Call touch_nmi_watchdog() while printing stall warnings + - pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI + pins group + - dt-bindings: display: msm/dsi: Fix the PHY regulator supply props + - drm/amd/display: Set vsc pack revision when DPCD revision is >= 1.2 + - dpaa_eth: fix pause capability advertisement logic + - [mips*/octeon] Fix logging messages with spurious periods after newlines + - [arm64] soc: renesas: r8a77970-sysc: fix power area parents + - [armhf] drm/rockchip: Respect page offset for PRIME mmap calls + - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' + specified + - perf report: Fix wrong jump arrow + - perf tests: Use arch__compare_symbol_names to compare symbols + - perf report: Fix memory corruption in --branch-history mode + --branch-history + - perf tests: Fix dwarf unwind for stripped binaries + - selftests/net: fixes psock_fanout eBPF test case + - drm/vblank: Data type fixes for 64-bit vblank sequences. + - netlabel: If PF_INET6, check sk_buff ip header version + - drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen3 + - drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen2 + - selftests: Add FIB onlink tests + - regmap: Correct comparison in regmap_cached + - soc: amlogic: meson-gx-pwrc-vpu: fix error on shutdown when domain is + powered off + - i40e: Add delay after EMP reset for firmware to recover + - [armhf] dts: imx7d: cl-som-imx7: fix pinctrl_enet + - [armhf] dts: porter: Fix HDMI output routing + - regulator: of: Add a missing 'of_node_put()' in an error handling path of + 'of_regulator_match()' + - pinctrl: msm: Use dynamic GPIO numbering + - pinctrl: mcp23s08: spi: Fix regmap debugfs entries + - kdb: make "mdr" command repeat + - drm/vmwgfx: Set dmabuf_size when vmw_dmabuf_init is successful [ Salvatore Bonaccorso ] * sr: pass down correctly sized SCSI sense buffer (CVE-2018-11506) diff --git a/debian/patches/bugfix/all/sr-pass-down-correctly-sized-SCSI-sense-buffer.patch b/debian/patches/bugfix/all/sr-pass-down-correctly-sized-SCSI-sense-buffer.patch deleted file mode 100644 index 7078c34a3..000000000 --- a/debian/patches/bugfix/all/sr-pass-down-correctly-sized-SCSI-sense-buffer.patch +++ /dev/null @@ -1,61 +0,0 @@ -From: Jens Axboe -Date: Mon, 21 May 2018 12:21:14 -0600 -Subject: sr: pass down correctly sized SCSI sense buffer -Origin: https://git.kernel.org/linus/f7068114d45ec55996b9040e98111afa56e010fe -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-11506 - -We're casting the CDROM layer request_sense to the SCSI sense -buffer, but the former is 64 bytes and the latter is 96 bytes. -As we generally allocate these on the stack, we end up blowing -up the stack. - -Fix this by wrapping the scsi_execute() call with a properly -sized sense buffer, and copying back the bits for the CDROM -layer. - -Cc: stable@vger.kernel.org -Reported-by: Piotr Gabriel Kosinski -Reported-by: Daniel Shapira -Tested-by: Kees Cook -Fixes: 82ed4db499b8 ("block: split scsi_request out of struct request") -Signed-off-by: Jens Axboe ---- - drivers/scsi/sr_ioctl.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/drivers/scsi/sr_ioctl.c b/drivers/scsi/sr_ioctl.c -index 2a21f2d48592..35fab1e18adc 100644 ---- a/drivers/scsi/sr_ioctl.c -+++ b/drivers/scsi/sr_ioctl.c -@@ -188,9 +188,13 @@ int sr_do_ioctl(Scsi_CD *cd, struct packet_command *cgc) - struct scsi_device *SDev; - struct scsi_sense_hdr sshdr; - int result, err = 0, retries = 0; -+ unsigned char sense_buffer[SCSI_SENSE_BUFFERSIZE], *senseptr = NULL; - - SDev = cd->device; - -+ if (cgc->sense) -+ senseptr = sense_buffer; -+ - retry: - if (!scsi_block_when_processing_errors(SDev)) { - err = -ENODEV; -@@ -198,10 +202,12 @@ int sr_do_ioctl(Scsi_CD *cd, struct packet_command *cgc) - } - - result = scsi_execute(SDev, cgc->cmd, cgc->data_direction, -- cgc->buffer, cgc->buflen, -- (unsigned char *)cgc->sense, &sshdr, -+ cgc->buffer, cgc->buflen, senseptr, &sshdr, - cgc->timeout, IOCTL_RETRIES, 0, 0, NULL); - -+ if (cgc->sense) -+ memcpy(cgc->sense, sense_buffer, sizeof(*cgc->sense)); -+ - /* Minimal error checking. Ignore cases we know about, and report the rest. */ - if (driver_byte(result) != 0) { - switch (sshdr.sense_key) { --- -2.11.0 - diff --git a/debian/patches/bugfix/x86/kvm-vmx-expose-ssbd-properly-to-guests.patch b/debian/patches/bugfix/x86/kvm-vmx-expose-ssbd-properly-to-guests.patch deleted file mode 100644 index c68abbc36..000000000 --- a/debian/patches/bugfix/x86/kvm-vmx-expose-ssbd-properly-to-guests.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Konrad Rzeszutek Wilk -Date: Mon, 21 May 2018 17:54:49 -0400 -Subject: KVM: VMX: Expose SSBD properly to guests. -Origin: https://www.spinics.net/lists/kvm/msg169259.html - -The X86_FEATURE_SSBD is an synthetic CPU feature - that is -it bit location has no relevance to the real CPUID 0x7.EBX[31] -bit position. For that we need the new CPU feature name. - -Fixes: 52817587e706 ("x86/cpufeatures: Disentangle SSBD enumeration") - -CC: Paolo Bonzini -Cc: "Radim Krčmář" -Cc: Thomas Gleixner -Cc: Ingo Molnar -Cc: "H. Peter Anvin" -Cc: stable@vger.kernel.org -Signed-off-by: Konrad Rzeszutek Wilk ---- - arch/x86/kvm/cpuid.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/arch/x86/kvm/cpuid.c -+++ b/arch/x86/kvm/cpuid.c -@@ -402,8 +402,8 @@ static inline int __do_cpuid_ent(struct - - /* cpuid 7.0.edx*/ - const u32 kvm_cpuid_7_0_edx_x86_features = -- F(AVX512_4VNNIW) | F(AVX512_4FMAPS) | F(SPEC_CTRL) | F(SSBD) | -- F(ARCH_CAPABILITIES); -+ F(AVX512_4VNNIW) | F(AVX512_4FMAPS) | F(SPEC_CTRL) | -+ F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES); - - /* all calls to cpuid_count() should be made on the same cpu */ - get_cpu(); diff --git a/debian/patches/features/all/rt/0001-iommu-amd-Take-into-account-that-alloc_dev_data-may-.patch b/debian/patches/features/all/rt/0001-iommu-amd-Take-into-account-that-alloc_dev_data-may-.patch deleted file mode 100644 index 8ef80f588..000000000 --- a/debian/patches/features/all/rt/0001-iommu-amd-Take-into-account-that-alloc_dev_data-may-.patch +++ /dev/null @@ -1,33 +0,0 @@ -From: Sebastian Andrzej Siewior -Date: Thu, 22 Mar 2018 16:22:33 +0100 -Subject: [PATCH 01/10] iommu/amd: Take into account that alloc_dev_data() may - return NULL -Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.16/older/patches-4.16.8-rt3.tar.xz - -Upstream commit 39ffe39545cd5cb5b8cee9f0469165cf24dc62c2 - -find_dev_data() does not check whether the return value alloc_dev_data() -is NULL. This was okay once because the pointer was returned once as-is. -Since commit df3f7a6e8e85 ("iommu/amd: Use is_attach_deferred -call-back") the pointer may be used within find_dev_data() so a NULL -check is required. - -Cc: Baoquan He -Fixes: df3f7a6e8e85 ("iommu/amd: Use is_attach_deferred call-back") -Signed-off-by: Sebastian Andrzej Siewior -Signed-off-by: Joerg Roedel ---- - drivers/iommu/amd_iommu.c | 2 ++ - 1 file changed, 2 insertions(+) - ---- a/drivers/iommu/amd_iommu.c -+++ b/drivers/iommu/amd_iommu.c -@@ -310,6 +310,8 @@ static struct iommu_dev_data *find_dev_d - - if (dev_data == NULL) { - dev_data = alloc_dev_data(devid); -+ if (!dev_data) -+ return NULL; - - if (translation_pre_enabled(iommu)) - dev_data->defer_attach = true; diff --git a/debian/patches/series b/debian/patches/series index 1f0807613..4c47e7b68 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -142,8 +142,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch debian/i386-686-pae-pci-set-pci-nobios-by-default.patch bugfix/all/xfs-enhance-dinode-verifier.patch bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch -bugfix/x86/kvm-vmx-expose-ssbd-properly-to-guests.patch -bugfix/all/sr-pass-down-correctly-sized-SCSI-sense-buffer.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch diff --git a/debian/patches/series-rt b/debian/patches/series-rt index c62540488..8095535ba 100644 --- a/debian/patches/series-rt +++ b/debian/patches/series-rt @@ -9,7 +9,6 @@ features/all/rt/0001-iommu-amd-Use-raw-locks-on-atomic-context-paths.patch features/all/rt/0002-iommu-amd-Don-t-use-dev_data-in-irte_ga_set_affinity.patch features/all/rt/0003-iommu-amd-Avoid-locking-get_irq_table-from-atomic-co.patch -features/all/rt/0001-iommu-amd-Take-into-account-that-alloc_dev_data-may-.patch features/all/rt/0002-iommu-amd-Turn-dev_data_list-into-a-lock-less-list.patch features/all/rt/0003-iommu-amd-Split-domain-id-out-of-amd_iommu_devtable_.patch features/all/rt/0004-iommu-amd-Split-irq_lookup_table-out-of-the-amd_iomm.patch