debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

Update to 4.5.1

This commit is contained in:
Ben Hutchings 2016-04-13 20:37:31 +01:00
parent 062efc4b3f
commit 6e05e68d7a
4 changed files with 212 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

211
debian/changelog vendored
View File

@ -1,4 +1,213 @@
linux (4.5-1~exp2) UNRELEASED; urgency=medium
linux (4.5.1-1~exp1) UNRELEASED; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1
- [x86] entry/compat: Keep TS_COMPAT set during signal delivery
- [x86] perf/intel: Add definition for PT PMI bit
- [x86] KVM: fix missed hardware breakpoints
- [x86] KVM: i8254: change PIT discard tick policy
- [x86] KVM: fix spin_lock_init order on x86
- [x86] KVM: VMX: avoid guest hang on invalid invept instruction
- [x86] KVM: VMX: avoid guest hang on invalid invvpid instruction
- [x86] KVM: VMX: fix nested vpid for old KVM guests
- perf/core: Fix perf_sched_count derailment
- perf tools: Fix checking asprintf return value
- Thermal: Ignore invalid trip points
- sched/cputime: Fix steal_account_process_tick() to always return jiffies
- sched/fair: Avoid using decay_load_missed() with a negative value
- [x86] EDAC/sb_edac: Fix computation of channel address
- [x86] EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr()
- [s390x] fix floating pointer register corruption (again)
- [s390x] cpumf: add missing lpp magic initialization
- [s390x] pci: enforce fmb page boundary rule
- [armhf] pinctrl-bcm2835: Fix cut-and-paste error in "pull" parsing
- [x86] irq: Cure live lock in fixup_irqs()
- [x86] apic: Fix suspicious RCU usage in
smp_trace_call_function_interrupt()
- [amd64] iopl: Properly context-switch IOPL on Xen PV (CVE-2016-3157)
- [x86] mm: TLB_REMOTE_SEND_IPI should count pages
- sg: fix dxferp in from_to case
- aacraid: Fix RRQ overload
- aacraid: Fix memory leak in aac_fib_map_free
- aacraid: Set correct msix count for EEH recovery
- sd: Fix discard granularity when LBPRZ=1
- ncr5380: Correctly clear command pointers and lists after bus reset
- ncr5380: Dont release lock for PIO transfer
- ncr5380: Dont re-enter NCR5380_select()
- ncr5380: Forget aborted commands
- ncr5380: Fix NCR5380_select() EH checks and result handling
- ncr5380: Call scsi_eh_prep_cmnd() and scsi_eh_restore_cmnd() as and when
appropriate
- scsi: storvsc: fix SRB_STATUS_ABORTED handling
- be2iscsi: set the boot_kset pointer to NULL in case of failure
- aic7xxx: Fix queue depth handling
- libnvdimm: Fix security issue with DSM IOCTL.
- libnvdimm, pmem: fix kmap_atomic() leak in error path
- dm snapshot: disallow the COW and origin devices from being identical
- dm: fix excessive dm-mq context switching
- dm thin metadata: don't issue prefetches if a transaction abort
has failed
- dm cache: make sure every metadata function checks fail_io
- dm: fix rq_end_stats() NULL pointer in dm_requeue_original_request()
- usb: retry reset if a device times out
- usb: hub: fix a typo in hub_port_init() leading to wrong logic
- USB: cdc-acm: more sanity checking (CVE-2016-3138)
- USB: iowarrior: fix oops with malicious USB descriptors (incomplete fix
for CVE-2016-2188)
- USB: usb_driver_claim_interface: add sanity checking
- USB: mct_u232: add sanity checking in probe
- USB: digi_acceleport: do sanity checking for the number of ports
- USB: cypress_m8: add endpoint sanity check
- Input: powermate - fix oops with malicious USB descriptors
(CVE-2016-2186)
- ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()
(CVE-2016-2184)
- ALSA: usb-audio: Add sanity checks for endpoint accesses (CVE-2016-2184)
- ALSA: usb-audio: Minor code cleanup in create_fixed_stream_quirk()
- ALSA: usb-audio: Fix double-free in error paths after
snd_usb_add_audio_stream() call
- crypto: ccp - Add hash state import and export support
- crypto: ccp - Limit the amount of information exported
- crypto: ccp - Don't assume export/import areas are aligned
- crypto: ccp - memset request context to zero during import
- crypto: keywrap - memzero the correct memory
- [armel/marvell,armhf] crypto: marvell/cesa - forward
devm_ioremap_resource() error code
- [x86] mei: bus: check if the device is enabled before data transfer
- tpm: fix the rollback in tpm_chip_register()
- tpm_crb: tpm2_shutdown() must be called before tpm_chip_unregister()
- tpm_eventlog.c: fix binary_bios_measurements
- tpm: fix the cleanup of struct tpm_chip
- HID: logitech: fix Dual Action gamepad support
- HID: i2c-hid: fix OOB write in i2c_hid_set_or_send_report()
- HID: multitouch: force retrieving of Win8 signature blob
- HID: fix hid_ignore_special_drivers module parameter
- staging: comedi: ni_tiocmd: change mistaken use of start_src for start_arg
- staging: comedi: ni_mio_common: fix the ni_write[blw]() functions
- tty: Fix GPF in flush_to_ldisc(), part 2
- net: irda: Fix use-after-free in irtty_open()
- 8250: use callbacks to access UART_DLL/UART_DLM
- saa7134: Fix bytesperline not being set correctly for planar formats
- adv7511: TX_EDID_PRESENT is still 1 after a disconnect
- bttv: Width must be a multiple of 16 when capturing planar formats
- coda: fix first encoded frame payload
- media: v4l2-compat-ioctl32: fix missing length copy in put_v4l2_buffer32
- mtip32xx: Avoid issuing standby immediate cmd during FTL rebuild
- mtip32xx: Fix broken service thread handling
- mtip32xx: Remove unwanted code from taskfile error handler
- mtip32xx: Fix for rmmod crash when drive is in FTL rebuild
- mtip32xx: Handle safe removal during IO
- mtip32xx: Handle FTL rebuild failure state during device initialization
- mtip32xx: Implement timeout handler
- mtip32xx: Cleanup queued requests after surprise removal
- ALSA: hda - Fix unexpected resume through regmap code path
- ALSA: hda - Apply reboot D3 fix for CX20724 codec, too
- [x86] ALSA: intel8x0: Add clock quirk entry for AD1981B on IBM
ThinkPad X41.
- ALSA: hda - Don't handle ELD notify from invalid port
- [x86] ALSA: hda - fix the mic mute button and led problem for a Lenovo AIO
- ALSA: hda - Fix unconditional GPIO toggle via automute
- [x86] ALSA: hda - Limit i915 HDMI binding only for HSW and later
- [x86] ALSA: hda - Fix spurious kernel WARNING on Baytrail HDMI
- [x86] ALSA: hda - Really restrict i915 notifier to HSW+
- ALSA: hda - Fix forgotten HDMI monitor_present update
- [x86] ALSA: hda - Workaround for unbalanced i915 power refcount by
concurrent probe
- ALSA: hda - Fix missing ELD update at unplugging
- jbd2: fix FS corruption possibility in jbd2_journal_destroy() on
umount path
- [arm64] Update PTE_RDONLY in set_pte_at() for PROT_NONE permission
- brd: Fix discard request processing
- IB/srpt: Simplify srpt_handle_tsk_mgmt()
- bcache: cleaned up error handling around register_cache()
- bcache: fix race of writeback thread starting before complete
initialization
- bcache: fix cache_set_flush() NULL pointer dereference on OOM
- mm: memcontrol: reclaim when shrinking memory.high below usage
- mm: memcontrol: reclaim and OOM kill when shrinking memory.max below usage
- watchdog: don't run proc_watchdog_update if new value is same as old
- Bluetooth: Fix potential buffer overflow with Add Advertising
- cgroup: ignore css_sets associated with dead cgroups during migration
- [amrhf] net: mvneta: enable change MAC address when interface is up
- brcmfmac: Increase nr of supported flowrings.
- of: alloc anywhere from memblock if range not specified
- vfs: show_vfsstat: do not ignore errors from show_devname method
- splice: handle zero nr_pages in splice_to_pipe()
- quota: Fix possible GPF due to uninitialised pointers
- xfs: fix two memory leaks in xfs_attr_list.c error paths
- raid1: include bio_end_io_list in nr_queued to prevent freeze_array hang
- md/raid5: Compare apples to apples (or sectors to sectors)
- RAID5: check_reshape() shouldn't call mddev_suspend
- RAID5: revert e9e4c377e2f563 to fix a livelock
- raid10: include bio_end_io_list in nr_queued to prevent freeze_array hang
- md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list
- md: multipath: don't hardcopy bio in .make_request path
- fuse: do not use iocb after it may have been freed
- fuse: Add reference counting for fuse_io_priv
- fs/coredump: prevent fsuid=0 dumps into user-controlled directories
- [armhf] drm/vc4: Return -EFAULT on copy_from_user() failure
- [x86] drm/radeon: disable runtime pm on PX laptops without dGPU
power control
- drm/radeon: Don't drop DP 2.7 Ghz link setup on some cards.
- drm/radeon: rework fbdev handling on chips with no connectors
- drm/radeon/mst: fix regression in lane/link handling.
- [x86] drm/amdgpu: disable runtime pm on PX laptops without dGPU
power control
- drm/amdgpu: include the right version of gmc header files for iceland
- drm/amd/powerplay: add uvd/vce dpm enabling flag to fix the performance
issue for CZ
- tracing: Have preempt(irqs)off trace preempt disabled functions
- tracing: Fix crash from reading trace_pipe with sendfile
- tracing: Fix trace_printk() to print when not using bprintk()
- bitops: Do not default to __clear_bit() for __clear_bit_unlock()
- [x86] ideapad-laptop: Add ideapad Y700 (15) to the no_hw_rfkill DMI list
- mmc: block: fix ABI regression of mmc_blk_ioctl
- mmc: mmc_spi: Add Card Detect comments and fix CD GPIO case
- mmc: sdhci: move initialisation of command error member
- mmc: sdhci: clean up command error handling
- mmc: sdhci: fix command response CRC error handling
- mmc: sdhci: further fix for DMA unmapping in sdhci_post_req()
- mmc: sdhci: avoid unnecessary mapping/unmapping of align buffer
- mmc: sdhci: plug DMA mapping leak on error
- mmc: sdhci: fix data timeout
- [armhf] mmc: tegra: Disable UHS-I modes for tegra114
- [armhf] mmc: tegra: properly disable card clock
- mmc: sdhci: Fix override of timeout clk wrt max_busy_timeout
- [armhf] clk: rockchip: rk3368: fix cpuclk mux bit of big cpu-cluster
- [armhf] clk: rockchip: rk3368: fix cpuclk core dividers
- [armhf] clk: rockchip: rk3368: fix parents of video encoder/decoder
- [armhf] clk: rockchip: rk3368: fix hdmi_cec gate-register
- [armhf] clk: rockchip: add hclk_cpubus to the list of rk3188
critical clocks
- [armhf] clk: bcm2835: Fix setting of PLL divider clock rates
- target: Fix target_release_cmd_kref shutdown comp leak
- iser-target: Fix identification of login rx descriptor type
- iser-target: Separate flows for np listeners and connections cma events
- iser-target: Rework connection termination
- nfsd4: fix bad bounds checking
- nfsd: fix deadlock secinfo+readdir compound
- ACPI / PM: Runtime resume devices when waking from hibernate
- writeback, cgroup: fix premature wb_put() in
locked_inode_to_wb_and_lock_list()
- writeback, cgroup: fix use of the wrong bdi_writeback which mismatches
the inode
- Input: synaptics - handle spurious release of trackstick buttons, again
- Input: ati_remote2 - fix crashes on detecting device with invalid
descriptor (CVE-2016-2185)
- ocfs2: o2hb: fix double free bug
- ocfs2/dlm: fix race between convert and recovery
- ocfs2/dlm: fix BUG in dlm_move_lockres_to_recovery_list
- mm/page_alloc: prevent merging between isolated and other pageblocks
- mtd: onenand: fix deadlock in onenand_block_markbad
- [x86] intel_idle: prevent SKL-H boot failure when C8+C9+C10 enabled
- PM / sleep: Clear pm_suspend_global_flags upon hibernate
- scsi_common: do not clobber fixed sense information
- sched/cputime: Fix steal time accounting vs. CPU hotplug
- [x86] perf/pebs: Add workaround for broken OVFL status on HSW+
- [x86] perf/intel/uncore: Remove SBOX support for BDX-DE
- [x86] perf/intel: Fix PEBS warning by only restoring active PMU in pmi
- [x86] perf/intel: Use PAGE_SIZE for PEBS buffer size on Core2
- [x86] perf/intel: Fix PEBS data source interpretation on Nehalem/Westmere
[ Ben Hutchings ]
* mm: exclude ZONE_DEVICE from GFP_ZONE_TABLE

29
debian/patches/bugfix/all/uas-fix-high-order-alloc.patch vendored
View File

@ -1,29 +0,0 @@
From: Hans de Goede <hdegoede@redhat.com>
Date: Fri, 04 Mar 2016 07:18:00 +0000
Subject: uas: Fix high-order alloc
Origin: http://thread.gmane.org/gmane.linux.usb.general/138042/focus=111495
Can you try building a kernel with the following line in drivers/usb/storage/uas.c :
.can_queue = 65536, /* Is there a limit on the _host_ ? */
(around line 815) Replaced with
.can_queue = MAX_CMNDS,
That should help as MAX_CMNDS is 256, so claiming that we can queue more
is not helpful, and that likely is what is causing this quite high order alloc.
Reported-and-tested-by: Yves-Alexis Perez <corsac@corsac.net>
---
--- a/drivers/usb/storage/uas.c
+++ b/drivers/usb/storage/uas.c
@@ -812,7 +812,7 @@ static struct scsi_host_template uas_hos
.slave_configure = uas_slave_configure,
.eh_abort_handler = uas_eh_abort_handler,
.eh_bus_reset_handler = uas_eh_bus_reset_handler,
- .can_queue = 65536, /* Is there a limit on the _host_ ? */
+ .can_queue = MAX_CMNDS, /* Is there a limit on the _host_ ? */
.this_id = -1,
.sg_tablesize = SG_NONE,
.skip_settle_delay = 1,

4
debian/patches/features/all/securelevel/x86-lock-down-io-port-access-when-securelevel-is-ena.patch vendored
View File

@ -33,7 +33,7 @@ Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
return -EPERM;
/*
@@ -103,7 +104,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, leve
@@ -108,7 +109,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, leve
return -EINVAL;
/* Trying to gain more privileges? */
if (level > old) {
@ -41,7 +41,7 @@ Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
+ if (!capable(CAP_SYS_RAWIO) || (get_securelevel() > 0))
return -EPERM;
}
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) |
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -27,6 +27,7 @@

1
debian/patches/series vendored
View File

@ -108,7 +108,6 @@ bugfix/x86/x86-efi-setup-separate-efi-page-tables-in-kexec-path.patch
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/x86/x86-efi-bgrt-fix-kernel-panic-when-mapping-bgrt-data.patch
bugfix/x86/x86-efi-bgrt-replace-early_memremap-with-memremap.patch
bugfix/all/uas-fix-high-order-alloc.patch
bugfix/x86/x86-mm-pat-fix-boot-crash-when-1gb-pages-are-not-supported.patch
bugfix/all/netfilter-x_tables-check-for-size-overflow.patch
bugfix/x86/vmxnet3-fix-lock-imbalance-in-vmxnet3_tq_xmit.patch