Merge changes from sid up to 3.16.7-2
svn path=/dists/trunk/linux/; revision=22054
This commit is contained in:
commit
78d8475ba2
|
@ -15,8 +15,12 @@ echo
|
|||
echo "Patches without required headers"
|
||||
echo "================================"
|
||||
xargs egrep -l '^(Subject|Description):' < $TMPDIR/used | xargs egrep -l '^(From|Author|Origin):' > $TMPDIR/goodheaders || test $? = 1
|
||||
fgrep -v -f $TMPDIR/goodheaders $TMPDIR/used
|
||||
fgrep -v -f $TMPDIR/goodheaders $TMPDIR/used || test $? = 1
|
||||
echo
|
||||
echo "Patches without Origin or Forwarded header"
|
||||
echo "=========================================="
|
||||
xargs egrep -L '^(Origin|Forwarded):' < $TMPDIR/used || test $? = 1
|
||||
xargs egrep -L '^(Origin:|Forwarded: (no\b|not-needed|http))' < $TMPDIR/used || test $? = 1
|
||||
echo
|
||||
echo "Patches to be forwarded"
|
||||
echo "======================="
|
||||
xargs egrep -l '^Forwarded: no\b' < $TMPDIR/used || test $? = 1
|
||||
|
|
|
@ -60,8 +60,7 @@ class Gencontrol(Base):
|
|||
makeflags.update({
|
||||
'VERSION': self.version.linux_version,
|
||||
'UPSTREAMVERSION': self.version.linux_upstream,
|
||||
'ABINAME': self.abiname,
|
||||
'ABINAME_PART': self.abiname_part,
|
||||
'ABINAME': self.abiname_version + self.abiname_part,
|
||||
'SOURCEVERSION': self.version.complete,
|
||||
})
|
||||
|
||||
|
@ -130,8 +129,7 @@ class Gencontrol(Base):
|
|||
except KeyError:
|
||||
abiname_part = self.abiname_part
|
||||
makeflags['ABINAME'] = vars['abiname'] = \
|
||||
self.version.linux_upstream + abiname_part
|
||||
makeflags['ABINAME_PART'] = abiname_part
|
||||
self.abiname_version + abiname_part
|
||||
|
||||
if foreign_kernel:
|
||||
packages_headers_arch = []
|
||||
|
@ -466,17 +464,21 @@ class Gencontrol(Base):
|
|||
self.abiname_part = ''
|
||||
else:
|
||||
self.abiname_part = '-%s' % self.config['abi', ]['abiname']
|
||||
self.abiname = self.version.linux_upstream + self.abiname_part
|
||||
# We need to keep at least three version components to avoid
|
||||
# userland breakage (e.g. #742226, #745984).
|
||||
self.abiname_version = re.sub('^(\d+\.\d+)(?=-|$)', r'\1.0',
|
||||
self.version.linux_upstream)
|
||||
self.vars = {
|
||||
'upstreamversion': self.version.linux_upstream,
|
||||
'version': self.version.linux_version,
|
||||
'source_upstream': self.version.upstream,
|
||||
'source_package': self.changelog[0].source,
|
||||
'abiname': self.abiname,
|
||||
'abiname': self.abiname_version + self.abiname_part,
|
||||
}
|
||||
self.config['version', ] = {'source': self.version.complete,
|
||||
'upstream': self.version.linux_upstream,
|
||||
'abiname': self.abiname}
|
||||
'abiname': (self.abiname_version +
|
||||
self.abiname_part)}
|
||||
|
||||
distribution = self.changelog[0].distribution
|
||||
if distribution in ('unstable', ):
|
||||
|
|
|
@ -28,6 +28,594 @@ linux (3.17~rc5-1~exp1) experimental; urgency=medium
|
|||
|
||||
-- maximilian attems <maks@debian.org> Thu, 18 Sep 2014 23:50:00 +0200
|
||||
|
||||
linux (3.16.7-2) unstable; urgency=medium
|
||||
|
||||
[ Ian Campbell ]
|
||||
* Disable TSO in mv643xx_eth driver by default (Closes: #764162).
|
||||
|
||||
[ Aurelien Jarno ]
|
||||
* [i386] Rename 486 flavour to 586 for udebs. (Closes: #768288)
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* [hppa] udeb: Fix modules in multiple packages (Closes: 768297)
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Thu, 06 Nov 2014 17:42:26 +0000
|
||||
|
||||
linux (3.16.7-1) unstable; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.6
|
||||
- rtnetlink: fix VF info size (regression in 3.11)
|
||||
- myri10ge: check for DMA mapping errors
|
||||
- Revert "macvlan: simplify the structure port" (regression in 3.16)
|
||||
- tcp: don't use timestamp from repaired skb-s to calculate RTT (v2)
|
||||
(regression in 3.15)
|
||||
- tcp: fix tcp_release_cb() to dispatch via address family for
|
||||
mtu_reduced()
|
||||
- tipc: fix message importance range check (regression in 3.15)
|
||||
- packet: handle too big packets for PACKET_V3
|
||||
- bnx2x: Revert UNDI flushing mechanism (regression in 3.14)
|
||||
- net: ipv6: fib: don't sleep inside atomic lock (regression in 3.15)
|
||||
- openvswitch: fix panic with multiple vlan headers
|
||||
- ipv6: fix rtnl locking in setsockopt for anycast and multicast
|
||||
- l2tp: fix race while getting PMTU on PPP pseudo-wire (regression in 3.15)
|
||||
- ipv6: restore the behavior of ipv6_sock_ac_drop()
|
||||
- bonding: fix div by zero while enslaving and transmitting
|
||||
(regression in 3.12)
|
||||
- net: filter: fix possible use after free (regression in 3.15)
|
||||
- net: allow macvlans to move to net namespace (regression in 3.13)
|
||||
- macvlan: allow to enqueue broadcast pkt on virtual device
|
||||
(regression in 3.16)
|
||||
- xfrm: Generate blackhole routes only from route lookup functions
|
||||
- xfrm: Generate queueing routes only from route lookup functions
|
||||
- macvtap: Fix race between device delete and open.
|
||||
- net/mlx4_core: Allow not to specify probe_vf in SRIOV IB mode
|
||||
(regression in 3.15)
|
||||
- net/mlx4: Correctly configure single ported VFs from the host
|
||||
(regression in 3.15)
|
||||
- gro: fix aggregation for skb using frag_list (regression in 3.13)
|
||||
- hyperv: Fix bug in netvsc_start_xmit() (potential use-after-free)
|
||||
- team: avoid race condition in scheduling delayed work
|
||||
- hyperv: Fix bug in netvsc_send() (potential use-after-free)
|
||||
- sctp: handle association restarts when the socket is closed.
|
||||
- net_sched: copy exts->type in tcf_exts_change() (regression in 3.14)
|
||||
- crypto: caam - fix addressing of struct member
|
||||
- driver/base/node: remove unnecessary kfree of node struct from
|
||||
unregister_one_node (regression in 3.15)
|
||||
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.7
|
||||
- btrfs: wake up transaction thread from SYNC_FS ioctl
|
||||
- Btrfs: fix up bounds checking in lseek
|
||||
- Btrfs: don't do async reclaim during log replay
|
||||
- Btrfs: cleanup error handling in build_backref_tree
|
||||
- Btrfs: fix build_backref_tree issue with multiple shared blocks
|
||||
- Btrfs: fix race in WAIT_SYNC ioctl
|
||||
- fs: Add a missing permission check to do_umount (CVE-2014-7975)
|
||||
- kvm: fix potentially corrupt mmio cache
|
||||
- [x86] kvm,vmx: Preserve CR4 across VM entry (CVE-2014-3690)
|
||||
- be2iscsi: check ip buffer before copying (stack buffer overflow)
|
||||
- mptfusion: enable no_write_same for vmware scsi disks
|
||||
- qla2xxx: fix kernel NULL pointer access (regression in 3.16)
|
||||
(Closes: #764804)
|
||||
- qla2xxx: Fix shost use-after-free on device removal (regression in 3.14)
|
||||
- dmaengine: fix xor sources continuation
|
||||
- [arm64] debug: don't re-enable debug exceptions on return from el1_dbg
|
||||
- mei: bus: fix possible boundaries violation
|
||||
- nfsv4: Fixing lease renewal (regression in 3.13)
|
||||
- lzo: check for length overrun in variable length encoding.
|
||||
- [armhf] tty: omap-serial: fix division by zero
|
||||
- NFSv4: Fix lock recovery when CREATE_SESSION/SETCLIENTID_CONFIRM fails
|
||||
- NFSv4: fix open/lock state recovery error handling
|
||||
- NFSv4.1: Fix an NFSv4.1 state renewal regression
|
||||
- nfsd4: reserve adequate space for LOCK op (regression in 3.16)
|
||||
- NFS: Fix an uninitialised pointer Oops in the writeback error path
|
||||
- NFS: Fix a bogus warning in nfs_generic_pgio (regression in 3.16.4)
|
||||
- iwlwifi: mvm: disable BT Co-running by default
|
||||
- [armel,armhf] PCI: mvebu: Fix uninitialized variable in
|
||||
mvebu_get_tgt_attr()
|
||||
- Revert "ath9k_hw: reduce ANI firstep range for older chips"
|
||||
(regression in 3.15)
|
||||
- fanotify: enable close-on-exec on events' fd when requested in
|
||||
fanotify_init()
|
||||
- futex: Ensure get_futex_key_refs() always implies a barrier
|
||||
(regression in 3.14)
|
||||
- [ppc64el] iommu/ddw: Fix endianness
|
||||
- [arm64] compat: fix compat types affecting struct compat_elf_prpsinfo
|
||||
- ALSA: emu10k1: Fix deadlock in synth voice lookup
|
||||
- ALSA: hda - Add missing terminating entry to SND_HDA_PIN_QUIRK macro
|
||||
- [armhf] mvebu: Netgear RN104: Use Hardware BCH ECC
|
||||
- [armhf] mvebu: Netgear RN2120: Use Hardware BCH ECC
|
||||
- [armhf] mvebu: Netgear RN102: Use Hardware BCH ECC
|
||||
- ecryptfs: avoid to access NULL pointer when write metadata in xattr
|
||||
- xfs: ensure WB_SYNC_ALL writeback handles partial pages correctly
|
||||
- [sparc*] Do not disable interrupts in nmi_cpu_busy()
|
||||
- [sparc*] Fix pcr_ops initialization and usage bugs.
|
||||
- [sparc*] sun4v TLB error power off events
|
||||
- [sparc*] Fix corrupted thread fault code.
|
||||
- [sparc*] find_node adjustment
|
||||
- [sparc*] Let memset return the address argument
|
||||
- [sparc*] bpf_jit: fix support for ldx/stx mem and SKF_AD_VLAN_TAG
|
||||
- [sparc*] bpf_jit: fix loads from negative offsets
|
||||
- [sparc*] Fix FPU register corruption with AES crypto offload.
|
||||
- [sparc*] Do not define thread fpregs save area as zero-length array.
|
||||
- [sparc*] Fix hibernation code refrence to PAGE_OFFSET.
|
||||
- [sparc*] correctly recognise M6 and M7 cpu type
|
||||
- [sparc*] T5 PMU
|
||||
- [sparc*] Switch to 4-level page tables.
|
||||
- [sparc*] Adjust KTSB assembler to support larger physical addresses.
|
||||
- [sparc*] Fix physical memory management regressions with large
|
||||
max_phys_bits.
|
||||
- [sparc*] Use kernel page tables for vmemmap.
|
||||
- [sparc*] Increase MAX_PHYS_ADDRESS_BITS to 53.
|
||||
- [sparc*] sparse irq
|
||||
- [sparc*] Fix register corruption in top-most kernel stack frame during
|
||||
boot.
|
||||
- [sparc*] Implement __get_user_pages_fast().
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* [i386] Rename 486 flavour to 586, as it has not worked on 486 processors
|
||||
since we enabled CC_STACKPROTECTOR (Closes: #766105)
|
||||
- Select M586TSC instead of M486
|
||||
* [x86] r8723au: Backport changes up to Linux 3.17 (Closes: #765685)
|
||||
* mmc_block: Increase max_devices and set MMC_BLOCK_MINORS to 256
|
||||
(Closes: #765621)
|
||||
* [x86] drm/i915: Initialise userptr mmu_notifier serial to 1
|
||||
(Closes: #765590)
|
||||
* rtsx_usb_ms: Use msleep_interruptible() in polling loop (Closes: #765717)
|
||||
* Bump ABI to 4
|
||||
* Add '.0' to the kernel version string (Closes: #742226, #745984)
|
||||
* vfs,fuse: Change iov_iter_get_pages() to take both maxsize and maxpages
|
||||
parameters (Closes: #764285)
|
||||
* lockd: Try to reconnect if statd has moved (Closes: #767219)
|
||||
* m25p80: Fix module device ID table
|
||||
* HID: i2c-hid: call the hid driver's suspend and resume callbacks
|
||||
(Closes: #767204)
|
||||
* [x86] drm/i915: Add some L3 registers to the parser whitelist
|
||||
(Closes: #767148)
|
||||
* wireless: rt2x00: add new rt2800usb device (thanks to Cyril Brulebois)
|
||||
(Closes: #766802)
|
||||
* drivers/net,ipv6: Fix virtio/IPv6 regression in 3.16:
|
||||
- drivers/net: Disable UFO through virtio
|
||||
- drivers/net,ipv6: Select IPv6 fragment idents for virtio UFO packets
|
||||
* [x86] KVM: Check non-canonical addresses upon WRMSR (CVE-2014-3610)
|
||||
* [x86] KVM: Prevent host from panicking on shared MSR writes.
|
||||
(CVE-2014-3610)
|
||||
* [x86] KVM: Improve thread safety in pit (CVE-2014-3611)
|
||||
* [x86] kvm: vmx: handle invvpid vm exit gracefully (CVE-2014-3646)
|
||||
* [x86] KVM: Fix wrong masking on relative jump/call
|
||||
* [x86] KVM: Emulator fixes for eip canonical checks on near branches
|
||||
(CVE-2014-3647)
|
||||
* [x86] KVM: Handle errors when RIP is set during far jumps (CVE-2014-3647)
|
||||
* [x86] KVM: Fix far-jump to non-canonical check
|
||||
* net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks
|
||||
(CVE-2014-3673)
|
||||
* net: sctp: fix panic on duplicate ASCONF chunks (CVE-2014-3687)
|
||||
* net: sctp: fix remote memory pressure from excessive queueing
|
||||
(CVE-2014-3688)
|
||||
* mnt: Prevent pivot_root from creating a loop in the mount tree
|
||||
(CVE-2014-7970)
|
||||
* linux-image: Recommend irqbalance if CONFIG_SMP is enabled
|
||||
(Closes: #577788)
|
||||
* [armhf] leds: Enable LEDS_PWM as module (for Cubox-i)
|
||||
* [x86] Backport Thunderbolt support on Apple computers from 3.17
|
||||
* [x86] linux-image: Remove lilo from suggested boot loaders
|
||||
* [amd64] linux-image: Add grub-efi to suggested boot loaders
|
||||
* [hppa] Reduce SIGRTMIN from 37 to 32 to behave like other Linux
|
||||
architectures (Closes: #766635)
|
||||
* [hppa] udeb: Add many more module packages (Closes: #766793)
|
||||
* iwlwifi: Backport firmware monitor from 3.17 (Closes: #767088)
|
||||
* bug script: Warn if the running kernel matches the ABI name of the
|
||||
package but is not the installed version
|
||||
|
||||
[ Mauricio Faria de Oliveira ]
|
||||
* [ppc64el] Disable CONFIG_CMDLINE{,_BOOL} usage for setting consoles
|
||||
(Closes: #764745)
|
||||
|
||||
[ Uwe Kleine-König ]
|
||||
* [armhf] enable rtc driver for i.MX6
|
||||
* [armhf] add chipidea usb host driver to usb-modules-$version-armmmp-di
|
||||
for i.MX6
|
||||
* [armhf] enable PCI and NAND driver for Armada 370
|
||||
* [armhf] enable RTC, GPIO_PCA953X, SENSORS_G762 and watchdog driver for
|
||||
Netgear ReadyNAS 102/104
|
||||
|
||||
[ Ian Campbell ]
|
||||
* [armhf] Build i2c-s3c2410 statically, it is used by the arndale power
|
||||
controller.
|
||||
* [armhf] Backport device tree file for Olimex A20-OLinuXino-LIME. (Closes: #764967)
|
||||
* [armhf] Enable various drivers for the Nokia N900. Patch from Sebastian
|
||||
Reichel. (Closes: #766070)
|
||||
* [arm64] Enable EHCI and OHCI platform USB HCD drivers.
|
||||
* Enable MTD and MTDBLOCK in top-level config.
|
||||
* [armhf] Add mtd-modules udeb. Patch from Uwe Kleine-Koenig.
|
||||
|
||||
[ Aurelien Jarno ]
|
||||
* [mips*] Backport a hugetlb fix for Octeon from 3.18.
|
||||
* [mips*] Backport math emulation fix for MIPS32r2 from 3.18.
|
||||
* [mips*] Only define MAX_PHYSMEM_BITS on Loongson-3, until a better fix
|
||||
is committed upstream. Fixes Loongson-2 kernel and maybe more. Closes:
|
||||
#764223.
|
||||
* [mips*/octeon] Add support for the UBNT E200 board (EdgeRouter/EdgeRouter
|
||||
Pro 8 port).
|
||||
* [mips*/octeon] Enable SERIAL_8250_DW. Disable KEYBOARD_ATKBD, MOUSE_PS2,
|
||||
SERIO_I8042.
|
||||
* [mips*/octeon] Really enable USB_OCTEON_EHCI and USB_OCTEON_OHCI. Closes:
|
||||
Closes: #762066.
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Tue, 04 Nov 2014 09:47:27 +0000
|
||||
|
||||
linux (3.16.5-1) unstable; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.4
|
||||
- module: Clean up ro/nx after early module load failures
|
||||
(regression in 3.16)
|
||||
- [armhf] cpufreq: OPP: Avoid sleeping while atomic
|
||||
- [armhf] drm/tilcdc: Fix various bugs in removal path
|
||||
- drm/ttm: Fix possible stack overflow by recursive shrinker calls.
|
||||
- [x86] drm/i915: Fix crash when failing to parse MIPI VBT
|
||||
(regression in 3.16)
|
||||
- [x86] drm/i915: read HEAD register back in init_ring_common() to enforce
|
||||
ordering (Closes: #763583)
|
||||
- libata: widen Crucial M550 blacklist matching
|
||||
- pata_scc: propagate return value of scc_wait_after_reset
|
||||
- pwm: Fix period and polarity in pwm_get() for non-perfect matches
|
||||
- aio: add missing smp_rmb() in read_events_ring
|
||||
- [arm64] flush TLS registers during exec
|
||||
- [arm64] use irq_set_affinity with force=false when migrating irqs
|
||||
(regression in 3.15)
|
||||
- [arm*] KVM: Nuke Hyp-mode tlbs before enabling MMU
|
||||
- [x86] i2c: ismt: use correct length when copy buffer
|
||||
- ftrace: Use current addr when converting to nop in
|
||||
__ftrace_replace_code() (regression in 3.16)
|
||||
- ALSA: core: fix buffer overflow in snd_info_get_line()
|
||||
- ALSA: firewire-lib/dice: add arrangements of PCM pointer and interrupts
|
||||
for Dice quirk (regression in 3.16)
|
||||
- HID: picolcd: sanity check report size in raw_event() callback
|
||||
(CVE-2014-3186)
|
||||
- HID: magicmouse: sanity check report size in raw_event() callback
|
||||
(CVE-2014-3181)
|
||||
- HID: logitech-dj: prevent false errors to be shown (regression in 3.16.2)
|
||||
- [x86] drm/i915: Skip load detect when intel_crtc->new_enable==true
|
||||
(regression in 3.16)
|
||||
- [x86] drm/i915: fix plane/cursor handling when runtime suspended
|
||||
(regression in 3.14)
|
||||
- [x86] drm/i915: Ignore VBT backlight presence check on Acer C720 (4005U)
|
||||
(regression in 3.15)
|
||||
- [x86] drm/i915: Wait for vblank before enabling the TV encoder
|
||||
(regression in 3.16)
|
||||
- [x86] drm/i915/hdmi: fix hdmi audio state readout (regression in 3.16)
|
||||
- drm/radeon: Add ability to get and change dpm state when radeon PX card
|
||||
is turned off (regression in 3.15)
|
||||
- locks: pass correct "before" pointer to locks_unlink_lock in
|
||||
generic_add_lease
|
||||
- ufs: fix deadlocks introduced by sb mutex merge (regression in 3.16)
|
||||
- USB: serial: fix potential stack buffer overflow
|
||||
- USB: serial: fix potential heap buffer overflow
|
||||
- USB: option: reduce interrupt-urb logging verbosity (regression in 3.16)
|
||||
- [armhf] usb: phy: twl4030-usb: Fix lost interrupts after ID pin goes down
|
||||
(regression in 3.13)
|
||||
- [armhf] usb: phy: twl4030-usb: Fix regressions to runtime PM on omaps
|
||||
(regressions in 3.14, 3.15)
|
||||
- uwb: init beacon cache entry before registering uwb device
|
||||
- usb: hub: take hub->hdev reference when processing from eventlist
|
||||
- USB: EHCI: unlink QHs even after the controller has stopped
|
||||
- Revert "ACPI / battery: fix wrong value of capacity_now reported when
|
||||
fully charged" (regression in 3.16)
|
||||
- [x86] iommu/vt-d: Check return value of acpi_bus_get_device()
|
||||
(regression in 3.15)
|
||||
- [armhf/armmp-lpae] iommu/arm-smmu: fix programming of SMMU_CBn_TCR for
|
||||
stage 1
|
||||
- cgroup: check cgroup liveliness before unbreaking kernfs
|
||||
(regression in 3.15)
|
||||
- NFSv4: Fix another bug in the close/open_downgrade code
|
||||
(regression in 3.16.2)
|
||||
- nfsd4: fix corruption of NFSv4 read data (regression in 3.16)
|
||||
- nfs: check wait_on_bit_lock err in page_group_lock
|
||||
- nfs: clear_request_commit while holding i_lock
|
||||
- nfs: fix nonblocking calls to nfs_page_group_lock
|
||||
- nfs: use blocking page_group_lock in add_request
|
||||
- nfs: fix error handling in lock_and_join_requests
|
||||
- nfs: don't sleep with inode lock in lock_and_join_requests
|
||||
- nfs: disallow duplicate pages in pgio page vectors
|
||||
- nfs: can_coalesce_requests must enforce contiguity
|
||||
- [armhf] 8129/1: errata: work around Cortex-A15 erratum 830321 using dummy
|
||||
strex
|
||||
- [armhf] 8133/1: use irq_set_affinity with force=false when migrating irqs
|
||||
(regression in 3.15)
|
||||
- [armel,armhf] 8148/1: flush TLS and thumbee register state during exec
|
||||
- [armel,armhf] 8149/1: perf: Don't sleep while atomic when enabling
|
||||
per-cpu interrupts (regression in 3.15)
|
||||
- [armhf] imx: fix .is_enabled() of shared gate clock (regression in 3.16)
|
||||
- [armhf] 8165/1: alignment: don't break misaligned NEON load/store
|
||||
- [mips*] Fix MFC1 & MFHC1 emulation for 64-bit MIPS systems
|
||||
(regression in 3.15)
|
||||
- ACPICA: Update to GPIO region handler interface.
|
||||
- gpio / ACPI: Use pin index and bit length
|
||||
- ACPI / platform / LPSS: disable async suspend/resume of LPSS devices
|
||||
(regression in 3.16)
|
||||
- ACPI / hotplug: Generate online uevents for ACPI containers
|
||||
(regression in 3.14)
|
||||
- ACPI / video: disable native backlight for ThinkPad X201s
|
||||
(regression in 3.16)
|
||||
- regmap: Fix regcache debugfs initialization (regression in 3.15)
|
||||
- regmap: Fix handling of volatile registers for format_write() chips
|
||||
- regmap: Don't attempt block writes when syncing cache on single_rw
|
||||
devices
|
||||
- cgroup: reject cgroup names with '\n'
|
||||
- cgroup: delay the clearing of cgrp->kn->priv
|
||||
- cgroup: fix unbalanced locking (regression in 3.14)
|
||||
- [s390*] KVM: Fix user triggerable bug in dead code
|
||||
- [s390*] KVM: mm: try a cow on read only pages for key ops
|
||||
- [s390*] KVM: mm: Fix storage key corruption during swapping
|
||||
- [s390*] KVM: mm: Fix guest storage key corruption in
|
||||
ptep_set_access_flags
|
||||
- [x86] xen: don't copy bogus duplicate entries into kernel page tables
|
||||
- [x86] early_ioremap: Increase FIX_BTMAPS_SLOTS to 8 (regression in 3.16)
|
||||
- shmem: fix nlink for rename overwrite directory
|
||||
- SMB3: Fix oops when creating symlinks on smb3
|
||||
- iio: Fix indio_dev->trig assignment in several drivers
|
||||
- Target/iser: Don't put isert_conn inside disconnected handler
|
||||
- target: Fix inverted logic in SE_DEV_ALUA_SUPPORT_STATE_STORE
|
||||
(regression in 3.13)
|
||||
- iscsi-target: Fix memory corruption in iscsit_logout_post_handler_diffcid
|
||||
- SCSI: libiscsi: fix potential buffer overrun in __iscsi_conn_send_pdu
|
||||
- Revert "iwlwifi: dvm: don't enable CTS to self" (regression in 3.16)
|
||||
- iwlwifi: mvm: fix endianity issues with Smart Fifo commands
|
||||
(regression in 3.14)
|
||||
- iwlwifi: mvm: set MAC_FILTER_IN_BEACON correctly for STA/P2P client
|
||||
(regression in 3.16)
|
||||
- workqueue: apply __WQ_ORDERED to create_singlethread_workqueue()
|
||||
(regression in 3.10)
|
||||
- futex: Unlock hb->lock in futex_wait_requeue_pi() error path
|
||||
- block: Fix dev_t minor allocation lifetime
|
||||
- dm cache: fix race causing dirty blocks to be marked as clean
|
||||
- percpu: fix pcpu_alloc_pages() failure path
|
||||
- percpu: perform tlb flush after pcpu_map_pages() failure
|
||||
- regulatory: add NUL to alpha2
|
||||
- lockd: fix rpcbind crash on lockd startup failure (regression in 3.15)
|
||||
- genhd: fix leftover might_sleep() in blk_free_devt()
|
||||
- eventpoll: fix uninitialized variable in epoll_ctl
|
||||
- kcmp: fix standard comparison bug
|
||||
- fs/notify: don't show f_handle if exportfs_encode_inode_fh failed
|
||||
- nilfs2: fix data loss with mmap()
|
||||
- mm, slab: initialize object alignment on cache creation
|
||||
- fs/cachefiles: add missing \n to kerror conversions (regression in 3.16)
|
||||
- mm: softdirty: keep bit when zapping file pte
|
||||
- sched: Fix unreleased llc_shared_mask bit during CPU hotplug
|
||||
- brcmfmac: handle IF event for P2P_DEVICE interface (regression in 3.12)
|
||||
- ath9k_htc: fix random decryption failure (regression in 3.15)
|
||||
- [powerpc,ppc*] Add smp_mb() to arch_spin_is_locked()
|
||||
- [powerpc,ppc*] Add smp_mb()s to arch_spin_unlock_wait()
|
||||
- [hppa] Implement new LWS CAS supporting 64 bit operations.
|
||||
- alarmtimer: Return relative times in timer_gettime
|
||||
- alarmtimer: Do not signal SIGEV_NONE timers
|
||||
- alarmtimer: Lock k_itimer during timer callback
|
||||
- GFS2: fix d_splice_alias() misuses
|
||||
- IB/qib: Correct reference counting in debugfs qp_stats
|
||||
- IB/mlx4: Avoid null pointer dereference in mlx4_ib_scan_netdevs()
|
||||
(regression in 3.14)
|
||||
- IB/mlx4: Don't duplicate the default RoCE GID (regression in 3.14)
|
||||
- IB/core: When marshaling uverbs path, clear unused fields
|
||||
(regression in 3.14)
|
||||
- mm: Fix unbalanced mutex in dma_pool_create(). (regression in 3.16)
|
||||
- PCI: Add pci_ignore_hotplug() to ignore hotplug events for a device
|
||||
(regression in 3.15)
|
||||
- Revert "PCI: Don't scan random busses in pci_scan_bridge()"
|
||||
(regression in 3.15)
|
||||
- drm/nouveau/runpm: fix module unload
|
||||
- drm/radeon/px: fix module unload
|
||||
- fs: Fix nasty 32-bit overflow bug in buffer i/o code.
|
||||
- blk-mq: Avoid race condition with uninitialized requests
|
||||
- [x86] crypto: ccp - Check for CCP before registering crypto algs
|
||||
- nl80211: clear skb cb before passing to netlink
|
||||
- Revert "PCI: Make sure bus number resources stay within their parents
|
||||
bounds" (regression in 3.15)
|
||||
- cpufreq: release policy->rwsem on error (regression in 3.14)
|
||||
- cpufreq: fix cpufreq suspend/resume for intel_pstate (regression in 3.15)
|
||||
- media: it913x: init tuner on attach (regression in 3.15)
|
||||
- media: videobuf2-dma-sg: fix for wrong GFP mask to
|
||||
sg_alloc_table_from_pages (regression in 3.13)
|
||||
- media: vb2: fix vb2 state check when start_streaming fails
|
||||
(regression in 3.16.3)
|
||||
- media: vb2: fix plane index sanity check in vb2_plane_cookie()
|
||||
- md/raid1: clean up request counts properly in close_sync()
|
||||
(regression in 3.13)
|
||||
- md/raid1: be more cautious where we read-balance during resync.
|
||||
(regression in 3.13)
|
||||
- md/raid1: make sure resync waits for conflicting writes to complete.
|
||||
(regression in 3.13)
|
||||
- md/raid1: Don't use next_resync to determine how far resync has
|
||||
progressed (regression in 3.13)
|
||||
- md/raid1: update next_resync under resync_lock. (regression in 3.13)
|
||||
- md/raid1: count resync requests in nr_pending. (regression in 3.13)
|
||||
- md/raid1: fix_read_error should act on all non-faulty devices.
|
||||
- md/raid1: intialise start_next_window for READ case to avoid hang
|
||||
(regression in 3.13)
|
||||
- netfilter: xt_hashlimit: perform garbage collection from process context
|
||||
- mmc: mmci: Reverse IRQ handling for the arm_variant (regression in 3.15)
|
||||
- partitions: aix.c: off by one bug (regression in 3.11)
|
||||
- cpufreq: update 'cpufreq_suspended' after stopping governors
|
||||
- aio: block exit_aio() until all context requests are completed
|
||||
- ext4: propagate errors up to ext4_find_entry()'s callers
|
||||
- ext4: avoid trying to kfree an ERR_PTR pointer
|
||||
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.5
|
||||
- udf: Avoid infinite loop when processing indirect ICBs (CVE-2014-6410)
|
||||
- ASoC: core: fix possible ZERO_SIZE_PTR pointer dereferencing error.
|
||||
- perf: fix perf bug in fork()
|
||||
- mm: memcontrol: do not iterate uninitialized memcgs (regression in 3.14)
|
||||
- mm: migrate: Close race between migration completion and mprotect
|
||||
- [x86] ACPI / i915: Update the condition to ignore firmware backlight
|
||||
change request (regression in 3.16)
|
||||
- [x86] cpufreq: pcc-cpufreq: Fix wait_event() under spinlock
|
||||
(regression in 3.15)
|
||||
- md/raid5: disable 'DISCARD' by default due to safety concerns.
|
||||
- [x86] drm/i915: Flush the PTEs after updating them before suspend
|
||||
(regression in 3.12)
|
||||
- cifs: Fix problem recognizing symlinks (regression in 3.13)
|
||||
- ring-buffer: Fix infinite spin in reading buffer (regression in 3.16.3)
|
||||
- mm: numa: Do not mark PTEs pte_numa when splitting huge pages
|
||||
- media: vb2: fix VBI/poll regression
|
||||
|
||||
[ Ian Campbell ]
|
||||
* [armhf] Add Exynos5 disk/usb/nic modules to udebs.
|
||||
* [armhf] Backport BananaPi device tree files. Patch from Karsten
|
||||
Merker (Closes: #763897).
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* [hppa/parisc64-smp] Work around gcc 4.8 miscompilation (Closes: #762390)
|
||||
* [powerpc/powerpc64,ppc64*] video/fb: Change FB_MATROX, FB_RADEON, FB_ATY,
|
||||
FB_SIS, FB_3DFX, FB_VOODOO1 back to modules (Closes: #748398)
|
||||
* udeb: Add pata_rdc to pata-modules (Closes: #633128)
|
||||
* [s390*] 3215: fix tty output containing tabs (Closes: #758264)
|
||||
* radeon: Don't check for installed firmware if driver is built-in
|
||||
(Closes: #763305)
|
||||
* Bump ABI to 3
|
||||
* vfs: fold swapping ->d_name.hash into switch_names()
|
||||
* vfs: Don't exchange "short" filenames unconditionally. (Closes: #763700)
|
||||
* [hppa,m68k,mips/r4k-ip22,sparc*] bluetooth: Enable BT as module
|
||||
(Closes: #764524)
|
||||
|
||||
[ Aurelien Jarno ]
|
||||
* [arm64] Change RTC_DRV_PL031 and RTC_DRV_XGENE from modules to built-ins
|
||||
as the kernel isn't able to initialize the system clock from a hardware
|
||||
clock whose driver is a module, and as there is no initramfs mechanism
|
||||
to do that.
|
||||
* [armhf] Change RTC_DRV_DA9052, RTC_DRV_IMXDI, RTC_DRV_MC13XXX,
|
||||
RTC_DRV_MV, RTC_DRV_MXC, RTC_DRV_OMAP, RTC_DRV_PL030, RTC_DRV_PL031,
|
||||
RTC_DRV_S5M, RTC_DRV_SUNXI, RTC_DRV_VT8500 from modules to built-ins for
|
||||
the same reason as above.
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Fri, 10 Oct 2014 09:15:17 +0100
|
||||
|
||||
linux (3.16.3-2) unstable; urgency=medium
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* [s390*] syscall: Fix unimplented-syscall entries added before
|
||||
memfd_create() (fixes FTBFS) (Closes: #762221)
|
||||
* [armel/kirkwood] Change configuration to reduce kernel image size
|
||||
(fixes FTBFS) (Closes: #762219)
|
||||
- block: Change IOSCHED_DEADLINE to module
|
||||
- gpu: Disable VGA_ARB
|
||||
|
||||
[ Aurelien Jarno ]
|
||||
* [mips*/octeon] Enable OCTEON_USB, USB_EHCI_HCD, USB_OHCI_HCD,
|
||||
and USB_OCTEON_EHCI, USB_OCTEON_OHCI (Closes: #762066).
|
||||
|
||||
-- Bastian Blank <waldi@debian.org> Sat, 20 Sep 2014 11:43:05 +0200
|
||||
|
||||
linux (3.16.3-1) unstable; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3
|
||||
- reiserfs: fix corruption introduced by balance_leaf refactor
|
||||
(regression in 3.16) (Closes: #761457)
|
||||
- reiserfs: Fix use after free in journal teardown
|
||||
- media: v4l: vb2: Fix stream start and buffer completion race
|
||||
- [x86] iommu/vt-d: Exclude devices using RMRRs from IOMMU API domains
|
||||
- [powerpc*] powerpc/powernv: Fix IOMMU group lost (regression in 3.15)
|
||||
- [x86] iommu/vt-d: Defer domain removal if device is assigned to a driver
|
||||
- [x86] iommu/amd: Fix cleanup_domain for mass device removal
|
||||
- [s390*] locking: Reenable optimistic spinning
|
||||
- firmware: Do not use WARN_ON(!spin_is_locked())
|
||||
- CAPABILITIES: remove undefined caps from all processes
|
||||
- fanotify: fix double free of pending permission events
|
||||
- ocfs2: do not write error flag to user structure we cannot copy from/to
|
||||
- [powerpc*] mm: fix potential infinite loop in dissolve_free_huge_pages()
|
||||
- drivers/mfd/rtsx_usb.c: export device table (Closes: #761428)
|
||||
- [powerpc*] mm: Use read barrier when creating real_pte
|
||||
- [powerpc*] thp: Add write barrier after updating the valid bit
|
||||
- [powerpc*] thp: Invalidate old 64K based hash page mapping before insert
|
||||
of 4k pte
|
||||
- [powerpc*] thp: Handle combo pages in invalidate
|
||||
- [powerpc*] thp: Invalidate with vpn in loop
|
||||
- [powerpc*] thp: Use ACCESS_ONCE when loading pmdp
|
||||
- SCSI: save command pool address of Scsi_Host (regression in 3.15)
|
||||
- fix regression in SCSI_IOCTL_SEND_COMMAND (regression in 3.16)
|
||||
- [mips*] GIC: Prevent array overrun
|
||||
- [mips*] ptrace: Test correct task's flags in task_user_regset_view()
|
||||
- [mips*] ptrace: Change GP regset to use correct core dump register layout
|
||||
- [mips*] ptrace: Avoid smp_processor_id() when retrieving FPU IR
|
||||
- [mips*] syscall: Fix AUDIT value for O32 processes on MIPS64
|
||||
- [mips*] scall64-o32: Fix indirect syscall detection
|
||||
- [mips,powerpc] bfa: Fix undefined bit shift on big-endian architectures
|
||||
with 32-bit DMA address
|
||||
- ACPI / hotplug: Check scan handlers in acpi_scan_hot_remove()
|
||||
(regression in 3.14)
|
||||
- ACPI: Run fixed event device notifications in process context
|
||||
(regression in 3.15)
|
||||
- ACPI / scan: Allow ACPI drivers to bind to PNP device objects
|
||||
(regression in 3.16)
|
||||
- ACPI / EC: Add support to disallow QR_EC to be issued when SCI_EVT isn't
|
||||
set (regression in 3.14.13, 3.16)
|
||||
- ACPI / EC: Add support to disallow QR_EC to be issued before completing
|
||||
previous QR_EC (regression in 3.14.13, 3.16)
|
||||
- ACPI / scan: not cache _SUN value in struct acpi_device_pnp
|
||||
(regression in 3.14)
|
||||
- ACPI / video: Add a disable_native_backlight quirk
|
||||
- ACPI / video: Disable native_backlight on HP ENVY 15 Notebook PC
|
||||
- ring-buffer: Always reset iterator to reader page
|
||||
- ring-buffer: Up rb_iter_peek() loop count to 3
|
||||
- vfs: get rid of propagate_umount() mistakenly treating slaves as busy.
|
||||
(regression in 3.15)
|
||||
- Bluetooth: Fix tracking local SSP authentication requirement
|
||||
- Bluetooth: Avoid use of session socket after the session gets freed
|
||||
- vfs: __generic_file_write_iter(): fix handling of sync error after DIO
|
||||
(regression in 3.16)
|
||||
- rbd: rework rbd_request_fn() (regression in 3.15)
|
||||
- vfs: fix copy_tree() regression (regression in 3.14)
|
||||
- md/raid1,raid10: always abort recover on write error.
|
||||
- md/raid5: avoid livelock caused by non-aligned writes.
|
||||
(regression in 3.16)
|
||||
- md/raid6: avoid data corruption during recovery of double-degraded RAID6
|
||||
- md/raid10: fix memory leak when reshaping a RAID10.
|
||||
- xfs: ensure verifiers are attached to recovered buffers
|
||||
- xfs: quotacheck leaves dquot buffers without verifiers
|
||||
- xfs: don't dirty buffers beyond EOF
|
||||
- xfs: don't zero partial page cache pages during O_DIRECT writes
|
||||
- xfs: don't zero partial page cache pages during O_DIRECT reads
|
||||
- libceph: set last_piece in ceph_msg_data_pages_cursor_init() correctly
|
||||
- libceph: gracefully handle large reply messages from the mon
|
||||
- libceph: do not hard code max auth ticket len (CVE-2014-6416,
|
||||
CVE-2014-6417, CVE-2014-6418)
|
||||
- CIFS: Fix async reading on reconnects
|
||||
- CIFS: Possible null ptr deref in SMB2_tcon
|
||||
- CIFS: Fix wrong directory attributes after rename
|
||||
- mtd/ftl: fix the double free of the buffers allocated in build_maps()
|
||||
- mtd: nand: omap: Fix 1-bit Hamming code scheme, omap_calculate_ecc()
|
||||
- dm table: propagate QUEUE_FLAG_NO_SG_MERGE (regression in 3.16)
|
||||
- KEYS: Fix use-after-free in assoc_array_gc()
|
||||
- KEYS: Fix termination condition in assoc array garbage collection
|
||||
(CVE-2014-3631)
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* sfc: Adding PCI ID for Solarflare 7000 series 40G network adapter.
|
||||
* sfc: Add 40G link capability decoding
|
||||
* Bump ABI to 2 (Closes: #761874)
|
||||
* ata: Enable SATA_ZPODD
|
||||
* tracing: Enable TRACER_SNAPSHOT
|
||||
* Add memfd_create() and shared memory sealing (Closes: #760702):
|
||||
- mm: allow drivers to prevent new writable mappings
|
||||
- shm: add sealing API
|
||||
- shm: add memfd_create() syscall
|
||||
- shm: wait for pins to be released when sealing
|
||||
- mm: Add memfd_create() system call
|
||||
- [arm*,m68k,mips*,powerpc*,s390*,sparc*] Wire up memfd_create()
|
||||
* udeb: Add ccm, ctr to crypto-modules (Closes: #761902)
|
||||
* [armhf] udeb: Add ehci-platform, ohci-platform and phy-sun4i-usb to
|
||||
usb-modules (Closes: #761591)
|
||||
|
||||
[ Ian Campbell ]
|
||||
* [armhf] Enable support for Exynos5 systems. (Closes: #759291)
|
||||
* [arm64] Enable crypto accelerator modules
|
||||
* [arm64] Add cdrom-core-modules udeb
|
||||
|
||||
[ Aurelien Jarno ]
|
||||
* [powerpc/powerpc64,ppc64el] Backport more KVM patches from 3.17. Enable
|
||||
KVM_BOOK3S_64, KVM_BOOK3S_64_HV, KVM_BOOK3S_64_PR and KVM_XICS. (Closes:
|
||||
#761656).
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Thu, 18 Sep 2014 03:32:47 +0100
|
||||
|
||||
linux (3.16.2-3) unstable; urgency=medium
|
||||
|
||||
[ Ben Hutchings ]
|
||||
|
|
|
@ -415,14 +415,11 @@ CONFIG_MMC_BLOCK=m
|
|||
##
|
||||
## file: drivers/mtd/Kconfig
|
||||
##
|
||||
CONFIG_MTD=m
|
||||
CONFIG_MTD_REDBOOT_PARTS=y
|
||||
CONFIG_MTD_REDBOOT_DIRECTORY_BLOCK=-1
|
||||
CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED=y
|
||||
CONFIG_MTD_REDBOOT_PARTS_READONLY=y
|
||||
CONFIG_MTD_CMDLINE_PARTS=y
|
||||
CONFIG_MTD_BLOCK=m
|
||||
CONFIG_MTD_BLOCK_RO=m
|
||||
CONFIG_FTL=m
|
||||
CONFIG_NFTL=m
|
||||
CONFIG_NFTL_RW=y
|
||||
|
|
|
@ -1,7 +1,3 @@
|
|||
[abi]
|
||||
ignore-changes:
|
||||
module:arch/x86/kvm/*
|
||||
|
||||
[base]
|
||||
featuresets:
|
||||
none
|
||||
|
@ -13,7 +9,7 @@ debug-info: true
|
|||
image-file: arch/x86/boot/bzImage
|
||||
|
||||
[image]
|
||||
bootloaders: grub-pc extlinux lilo
|
||||
bootloaders: grub-pc grub-efi extlinux
|
||||
configs:
|
||||
install-stem: vmlinuz
|
||||
|
||||
|
|
|
@ -7,6 +7,18 @@ CONFIG_SMP=y
|
|||
CONFIG_XEN=y
|
||||
CONFIG_COMPAT=y
|
||||
|
||||
##
|
||||
## file: arch/arm64/crypto/Kconfig
|
||||
##
|
||||
CONFIG_ARM64_CRYPTO=y
|
||||
CONFIG_CRYPTO_SHA1_ARM64_CE=m
|
||||
CONFIG_CRYPTO_SHA2_ARM64_CE=m
|
||||
CONFIG_CRYPTO_GHASH_ARM64_CE=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE_CCM=m
|
||||
CONFIG_CRYPTO_AES_ARM64_CE_BLK=m
|
||||
# CONFIG_CRYPTO_AES_ARM64_NEON_BLK is not set
|
||||
|
||||
##
|
||||
## file: drivers/ata/Kconfig
|
||||
##
|
||||
|
@ -76,8 +88,8 @@ CONFIG_POWER_RESET_XGENE=y
|
|||
##
|
||||
## file: drivers/rtc/Kconfig
|
||||
##
|
||||
CONFIG_RTC_DRV_PL031=m
|
||||
CONFIG_RTC_DRV_XGENE=m
|
||||
CONFIG_RTC_DRV_PL031=y
|
||||
CONFIG_RTC_DRV_XGENE=y
|
||||
|
||||
##
|
||||
## file: drivers/tty/serial/Kconfig
|
||||
|
@ -101,6 +113,14 @@ CONFIG_SERIAL_8250_RUNTIME_UARTS=4
|
|||
CONFIG_SERIAL_8250_DW=y
|
||||
# CONFIG_SERIAL_8250_EM is not set
|
||||
|
||||
##
|
||||
## file: drivers/usb/host/Kconfig
|
||||
##
|
||||
CONFIG_USB_EHCI_HCD=m
|
||||
CONFIG_USB_EHCI_HCD_PLATFORM=m
|
||||
CONFIG_USB_OHCI_HCD=m
|
||||
CONFIG_USB_OHCI_HCD_PLATFORM=m
|
||||
|
||||
##
|
||||
## file: drivers/virtio/Kconfig
|
||||
##
|
||||
|
|
|
@ -49,6 +49,11 @@ CONFIG_ARM_THUMB=y
|
|||
# CONFIG_CPU_DCACHE_DISABLE is not set
|
||||
# CONFIG_CPU_DCACHE_WRITETHROUGH is not set
|
||||
|
||||
##
|
||||
## file: block/Kconfig.iosched
|
||||
##
|
||||
CONFIG_IOSCHED_DEADLINE=m
|
||||
|
||||
##
|
||||
## file: block/partitions/Kconfig
|
||||
##
|
||||
|
@ -168,6 +173,11 @@ CONFIG_GPIO_SYSFS=y
|
|||
##
|
||||
# CONFIG_DRM is not set
|
||||
|
||||
##
|
||||
## file: drivers/gpu/vga/Kconfig
|
||||
##
|
||||
# CONFIG_VGA_ARB is not set
|
||||
|
||||
##
|
||||
## file: drivers/hwmon/Kconfig
|
||||
##
|
||||
|
|
|
@ -26,6 +26,14 @@ CONFIG_NEON=y
|
|||
#. DEBUG_LL is incompatible with multiplatform
|
||||
# CONFIG_DEBUG_LL is not set
|
||||
|
||||
##
|
||||
## file: arch/arm/mach-exynos/Kconfig
|
||||
##
|
||||
CONFIG_ARCH_EXYNOS=y
|
||||
# CONFIG_ARCH_EXYNOS3 is not set
|
||||
# CONFIG_ARCH_EXYNOS4 is not set
|
||||
CONFIG_ARCH_EXYNOS5=y
|
||||
|
||||
##
|
||||
## file: arch/arm/mach-highbank/Kconfig
|
||||
##
|
||||
|
@ -132,6 +140,7 @@ CONFIG_HW_RANDOM_OMAP=m
|
|||
## file: drivers/clk/Kconfig
|
||||
##
|
||||
CONFIG_CLK_TWL6040=m
|
||||
CONFIG_COMMON_CLK_S2MPS11=m
|
||||
|
||||
##
|
||||
## file: drivers/cpufreq/Kconfig
|
||||
|
@ -172,6 +181,7 @@ CONFIG_TI_CPPI41=m
|
|||
CONFIG_GPIO_SYSFS=y
|
||||
CONFIG_GPIO_DA9052=m
|
||||
CONFIG_GPIO_GENERIC_PLATFORM=m
|
||||
CONFIG_GPIO_PCA953X=m
|
||||
CONFIG_GPIO_TWL4030=y
|
||||
CONFIG_GPIO_TWL6040=y
|
||||
|
||||
|
@ -185,6 +195,11 @@ CONFIG_DRM=m
|
|||
##
|
||||
CONFIG_DRM_I2C_NXP_TDA998X=m
|
||||
|
||||
##
|
||||
## file: drivers/gpu/drm/omapdrm/Kconfig
|
||||
##
|
||||
CONFIG_DRM_OMAP=m
|
||||
|
||||
##
|
||||
## file: drivers/gpu/drm/tilcdc/Kconfig
|
||||
##
|
||||
|
@ -195,6 +210,11 @@ CONFIG_DRM_TILCDC=m
|
|||
##
|
||||
CONFIG_IMX_IPUV3_CORE=m
|
||||
|
||||
##
|
||||
## file: drivers/hwmon/Kconfig
|
||||
##
|
||||
CONFIG_SENSORS_G762=m
|
||||
|
||||
##
|
||||
## file: drivers/hwspinlock/Kconfig
|
||||
##
|
||||
|
@ -208,12 +228,19 @@ CONFIG_I2C_CHARDEV=m
|
|||
##
|
||||
## file: drivers/i2c/busses/Kconfig
|
||||
##
|
||||
CONFIG_I2C_EXYNOS5=m
|
||||
CONFIG_I2C_GPIO=y
|
||||
CONFIG_I2C_IMX=m
|
||||
CONFIG_I2C_MV64XXX=m
|
||||
CONFIG_I2C_OMAP=y
|
||||
CONFIG_I2C_S3C2410=y
|
||||
CONFIG_I2C_VERSATILE=m
|
||||
|
||||
##
|
||||
## file: drivers/i2c/muxes/Kconfig
|
||||
##
|
||||
CONFIG_I2C_ARB_GPIO_CHALLENGE=m
|
||||
|
||||
##
|
||||
## file: drivers/iio/Kconfig
|
||||
##
|
||||
|
@ -223,6 +250,7 @@ CONFIG_IIO=m
|
|||
## file: drivers/iio/adc/Kconfig
|
||||
##
|
||||
CONFIG_TI_AM335X_ADC=m
|
||||
CONFIG_TWL4030_MADC=m
|
||||
|
||||
##
|
||||
## file: drivers/iio/light/Kconfig
|
||||
|
@ -272,6 +300,7 @@ CONFIG_LEDS_CLASS=y
|
|||
CONFIG_LEDS_GPIO=m
|
||||
CONFIG_LEDS_LP5523=m
|
||||
CONFIG_LEDS_DA9052=m
|
||||
CONFIG_LEDS_PWM=m
|
||||
|
||||
##
|
||||
## file: drivers/leds/trigger/Kconfig
|
||||
|
@ -324,6 +353,7 @@ CONFIG_MFD_DA9052_SPI=y
|
|||
CONFIG_MFD_DA9052_I2C=y
|
||||
CONFIG_MFD_MC13XXX_SPI=m
|
||||
CONFIG_MFD_MC13XXX_I2C=m
|
||||
CONFIG_MFD_SEC_CORE=y
|
||||
CONFIG_MFD_TI_AM335X_TSCADC=m
|
||||
CONFIG_TWL6040_CORE=y
|
||||
|
||||
|
@ -346,6 +376,8 @@ CONFIG_MMC=y
|
|||
## file: drivers/mmc/host/Kconfig
|
||||
##
|
||||
CONFIG_MMC_ARMMMCI=m
|
||||
CONFIG_MMC_DW=m
|
||||
CONFIG_MMC_DW_EXYNOS=m
|
||||
CONFIG_MMC_SDHCI=m
|
||||
CONFIG_MMC_SDHCI_PLTFM=m
|
||||
CONFIG_MMC_SDHCI_ESDHC_IMX=m
|
||||
|
@ -366,6 +398,7 @@ CONFIG_MTD=y
|
|||
##
|
||||
CONFIG_MTD_NAND=y
|
||||
CONFIG_MTD_NAND_OMAP2=m
|
||||
CONFIG_MTD_NAND_PXA3xx=m
|
||||
CONFIG_MTD_NAND_GPMI_NAND=m
|
||||
CONFIG_MTD_NAND_ORION=m
|
||||
CONFIG_MTD_NAND_MXC=m
|
||||
|
@ -529,6 +562,11 @@ CONFIG_WL18XX=m
|
|||
CONFIG_WLCORE_SPI=m
|
||||
CONFIG_WLCORE_SDIO=m
|
||||
|
||||
##
|
||||
## file: drivers/pci/host/Kconfig
|
||||
##
|
||||
CONFIG_PCI_MVEBU=y
|
||||
|
||||
##
|
||||
## file: drivers/phy/Kconfig
|
||||
##
|
||||
|
@ -536,7 +574,11 @@ CONFIG_OMAP_CONTROL_PHY=m
|
|||
CONFIG_OMAP_USB2=m
|
||||
CONFIG_TI_PIPE3=m
|
||||
CONFIG_TWL4030_USB=m
|
||||
CONFIG_PHY_EXYNOS5250_SATA=m
|
||||
CONFIG_PHY_SUN4I_USB=m
|
||||
CONFIG_PHY_SAMSUNG_USB2=m
|
||||
CONFIG_PHY_EXYNOS5250_USB2=y
|
||||
CONFIG_PHY_EXYNOS5_USBDRD=m
|
||||
|
||||
##
|
||||
## file: drivers/pinctrl/Kconfig
|
||||
|
@ -551,6 +593,7 @@ CONFIG_PINCTRL_WM8850=y
|
|||
##
|
||||
## file: drivers/power/Kconfig
|
||||
##
|
||||
CONFIG_CHARGER_BQ2415X=m
|
||||
CONFIG_BATTERY_BQ27x00=m
|
||||
CONFIG_CHARGER_ISP1704=m
|
||||
|
||||
|
@ -580,22 +623,29 @@ CONFIG_REGULATOR_ANATOP=m
|
|||
CONFIG_REGULATOR_DA9052=m
|
||||
CONFIG_REGULATOR_MC13783=m
|
||||
CONFIG_REGULATOR_MC13892=m
|
||||
CONFIG_REGULATOR_S2MPA01=m
|
||||
CONFIG_REGULATOR_S2MPS11=m
|
||||
CONFIG_REGULATOR_S5M8767=m
|
||||
CONFIG_REGULATOR_TWL4030=y
|
||||
CONFIG_REGULATOR_VEXPRESS=m
|
||||
|
||||
##
|
||||
## file: drivers/rtc/Kconfig
|
||||
##
|
||||
CONFIG_RTC_DRV_DA9052=m
|
||||
CONFIG_RTC_DRV_IMXDI=m
|
||||
CONFIG_RTC_DRV_OMAP=m
|
||||
CONFIG_RTC_DRV_PL030=m
|
||||
CONFIG_RTC_DRV_PL031=m
|
||||
CONFIG_RTC_DRV_VT8500=m
|
||||
CONFIG_RTC_DRV_SUNXI=m
|
||||
CONFIG_RTC_DRV_MV=m
|
||||
CONFIG_RTC_DRV_MC13XXX=m
|
||||
CONFIG_RTC_DRV_MXC=m
|
||||
CONFIG_RTC_DRV_ISL12057=y
|
||||
CONFIG_RTC_DRV_DA9052=y
|
||||
CONFIG_RTC_DRV_IMXDI=y
|
||||
CONFIG_RTC_DRV_OMAP=y
|
||||
CONFIG_RTC_DRV_PL030=y
|
||||
CONFIG_RTC_DRV_PL031=y
|
||||
CONFIG_RTC_DRV_VT8500=y
|
||||
CONFIG_RTC_DRV_S5M=y
|
||||
CONFIG_RTC_DRV_SUNXI=y
|
||||
CONFIG_RTC_DRV_TWL4030=y
|
||||
CONFIG_RTC_DRV_MV=y
|
||||
CONFIG_RTC_DRV_MC13XXX=y
|
||||
CONFIG_RTC_DRV_MXC=y
|
||||
CONFIG_RTC_DRV_SNVS=y
|
||||
|
||||
##
|
||||
## file: drivers/scsi/Kconfig
|
||||
|
@ -615,6 +665,22 @@ CONFIG_SPI_PL022=m
|
|||
CONFIG_SPI_SUN6I=m
|
||||
CONFIG_SPI_SPIDEV=y
|
||||
|
||||
##
|
||||
## file: drivers/hsi/Kconfig
|
||||
##
|
||||
CONFIG_HSI=m
|
||||
|
||||
##
|
||||
## file: drivers/hsi/controllers/Kconfig
|
||||
##
|
||||
CONFIG_OMAP_SSI=m
|
||||
|
||||
##
|
||||
## file: drivers/hsi/clients/Kconfig
|
||||
##
|
||||
CONFIG_NOKIA_MODEM=m
|
||||
CONFIG_SSI_PROTOCOL=m
|
||||
|
||||
##
|
||||
## file: drivers/staging/iio/accel/Kconfig
|
||||
##
|
||||
|
@ -658,6 +724,8 @@ CONFIG_SERIAL_OMAP_CONSOLE=y
|
|||
CONFIG_SERIAL_ARC=y
|
||||
CONFIG_SERIAL_ARC_CONSOLE=y
|
||||
CONFIG_SERIAL_ARC_NR_PORTS=1
|
||||
CONFIG_SERIAL_SAMSUNG=y
|
||||
CONFIG_SERIAL_SAMSUNG_CONSOLE=y
|
||||
|
||||
##
|
||||
## file: drivers/tty/serial/8250/Kconfig
|
||||
|
@ -685,6 +753,14 @@ CONFIG_USB_CHIPIDEA_UDC=y
|
|||
CONFIG_USB_CHIPIDEA_HOST=y
|
||||
CONFIG_USB_CHIPIDEA_DEBUG=y
|
||||
|
||||
##
|
||||
## file: drivers/usb/dwc3/Kconfig
|
||||
##
|
||||
CONFIG_USB_DWC3=m
|
||||
CONFIG_USB_DWC3_HOST=y
|
||||
CONFIG_USB_DWC3_EXYNOS=m
|
||||
# CONFIG_USB_DWC3_PCI is not set
|
||||
|
||||
##
|
||||
## file: drivers/usb/gadget/Kconfig
|
||||
##
|
||||
|
@ -700,13 +776,20 @@ CONFIG_USB_G_NOKIA=m
|
|||
## file: drivers/usb/host/Kconfig
|
||||
##
|
||||
CONFIG_USB_EHCI_HCD=m
|
||||
CONFIG_USB_EHCI_EXYNOS=m
|
||||
CONFIG_USB_EHCI_MXC=m
|
||||
CONFIG_USB_EHCI_HCD_OMAP=y
|
||||
CONFIG_USB_EHCI_HCD_PLATFORM=m
|
||||
CONFIG_USB_OHCI_HCD=m
|
||||
CONFIG_USB_OHCI_EXYNOS=m
|
||||
CONFIG_USB_OHCI_HCD_OMAP3=y
|
||||
CONFIG_USB_OHCI_HCD_PLATFORM=m
|
||||
|
||||
##
|
||||
## file: drivers/usb/misc/Kconfig
|
||||
##
|
||||
CONFIG_USB_HSIC_USB3503=m
|
||||
|
||||
##
|
||||
## file: drivers/usb/musb/Kconfig
|
||||
##
|
||||
|
@ -748,6 +831,11 @@ CONFIG_OMAP2_DSS_VENC=y
|
|||
CONFIG_OMAP4_DSS_HDMI=y
|
||||
CONFIG_OMAP2_DSS_SDI=y
|
||||
|
||||
##
|
||||
## file: drivers/video/fbdev/omap2/displays-new/Kconfig
|
||||
##
|
||||
CONFIG_DISPLAY_PANEL_SONY_ACX565AKM=m
|
||||
|
||||
##
|
||||
## file: drivers/video/fbdev/omap2/omapfb/Kconfig
|
||||
##
|
||||
|
@ -764,6 +852,7 @@ CONFIG_VIRTIO_MMIO=m
|
|||
CONFIG_DA9052_WATCHDOG=m
|
||||
CONFIG_ARM_SP805_WATCHDOG=m
|
||||
CONFIG_OMAP_WATCHDOG=m
|
||||
CONFIG_ORION_WATCHDOG=m
|
||||
CONFIG_SUNXI_WATCHDOG=m
|
||||
CONFIG_TWL4030_WATCHDOG=m
|
||||
CONFIG_IMX2_WDT=m
|
||||
|
|
|
@ -146,8 +146,7 @@ CONFIG_ACPI_INITRD_TABLE_OVERRIDE=y
|
|||
CONFIG_ATA=m
|
||||
CONFIG_ATA_VERBOSE_ERROR=y
|
||||
CONFIG_ATA_ACPI=y
|
||||
#. TODO: Enable at next ABI bump
|
||||
# CONFIG_SATA_ZPODD is not set
|
||||
CONFIG_SATA_ZPODD=y
|
||||
CONFIG_SATA_PMP=y
|
||||
CONFIG_SATA_AHCI=m
|
||||
# CONFIG_SATA_AHCI_PLATFORM is not set
|
||||
|
@ -2190,7 +2189,7 @@ CONFIG_SENSORS_LIS3_I2C=m
|
|||
##
|
||||
## file: drivers/mmc/card/Kconfig
|
||||
##
|
||||
CONFIG_MMC_BLOCK_MINORS=8
|
||||
CONFIG_MMC_BLOCK_MINORS=256
|
||||
CONFIG_MMC_BLOCK_BOUNCE=y
|
||||
CONFIG_SDIO_UART=m
|
||||
# CONFIG_MMC_TEST is not set
|
||||
|
@ -2222,6 +2221,9 @@ CONFIG_MMC_REALTEK_USB=m
|
|||
##
|
||||
## file: drivers/mtd/Kconfig
|
||||
##
|
||||
CONFIG_MTD=m
|
||||
CONFIG_MTD_BLOCK=m
|
||||
CONFIG_MTD_BLOCK_RO=m
|
||||
# CONFIG_MTD_TESTS is not set
|
||||
CONFIG_MTD_AR7_PARTS=m
|
||||
CONFIG_RFD_FTL=m
|
||||
|
@ -5115,8 +5117,7 @@ CONFIG_FUNCTION_GRAPH_TRACER=y
|
|||
# CONFIG_IRQSOFF_TRACER is not set
|
||||
# CONFIG_SCHED_TRACER is not set
|
||||
CONFIG_FTRACE_SYSCALLS=y
|
||||
#. TODO: Enable at next ABI bump
|
||||
# CONFIG_TRACER_SNAPSHOT is not set
|
||||
CONFIG_TRACER_SNAPSHOT=y
|
||||
## choice: Branch Profiling
|
||||
CONFIG_BRANCH_PROFILE_NONE=y
|
||||
# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
[abi]
|
||||
abiname: 1
|
||||
abiname: 4
|
||||
|
||||
[base]
|
||||
arches:
|
||||
|
|
|
@ -592,12 +592,6 @@ CONFIG_FLATMEM_MANUAL=y
|
|||
##
|
||||
# CONFIG_HAMRADIO is not set
|
||||
|
||||
##
|
||||
## file: net/bluetooth/Kconfig
|
||||
##
|
||||
#. TODO
|
||||
# CONFIG_BT is not set
|
||||
|
||||
##
|
||||
## file: net/decnet/Kconfig
|
||||
##
|
||||
|
|
|
@ -18,7 +18,7 @@ CONFIG_OLPC_XO15_SCI=y
|
|||
## file: arch/x86/Kconfig.cpu
|
||||
##
|
||||
## choice: Processor family
|
||||
CONFIG_M486=y
|
||||
CONFIG_M586TSC=y
|
||||
# CONFIG_M686 is not set
|
||||
## end choice
|
||||
|
|
@ -1,7 +1,3 @@
|
|||
[abi]
|
||||
ignore-changes:
|
||||
module:arch/x86/kvm/*
|
||||
|
||||
[base]
|
||||
featuresets:
|
||||
none
|
||||
|
@ -18,22 +14,22 @@ part-long-pae: This kernel requires PAE (Physical Address Extension).
|
|||
Turion or Phenom; Transmeta Efficeon; VIA C7; and some other processors.
|
||||
|
||||
[image]
|
||||
bootloaders: grub-pc extlinux lilo
|
||||
bootloaders: grub-pc extlinux
|
||||
configs:
|
||||
install-stem: vmlinuz
|
||||
|
||||
[relations]
|
||||
headers%gcc-4.8: linux-compiler-gcc-4.8-x86
|
||||
|
||||
[486_description]
|
||||
[586_description]
|
||||
hardware: older PCs
|
||||
hardware-long: PCs with a single processor not supporting PAE
|
||||
parts: up
|
||||
|
||||
[486_image]
|
||||
[586_image]
|
||||
configs:
|
||||
kernelarch-x86/config-arch-32
|
||||
i386/config.486
|
||||
i386/config.586
|
||||
|
||||
[686-pae_build]
|
||||
debug-info: true
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
[base]
|
||||
flavours:
|
||||
486
|
||||
586
|
||||
686-pae
|
||||
amd64
|
||||
|
||||
|
|
|
@ -186,10 +186,7 @@ CONFIG_MMC_BLOCK=m
|
|||
##
|
||||
## file: drivers/mtd/Kconfig
|
||||
##
|
||||
CONFIG_MTD=m
|
||||
CONFIG_MTD_REDBOOT_PARTS=y
|
||||
CONFIG_MTD_BLOCK=m
|
||||
CONFIG_MTD_BLOCK_RO=m
|
||||
CONFIG_FTL=m
|
||||
CONFIG_NFTL=m
|
||||
CONFIG_NFTL_RW=y
|
||||
|
|
|
@ -189,10 +189,7 @@ CONFIG_MMC_BLOCK=m
|
|||
##
|
||||
## file: drivers/mtd/Kconfig
|
||||
##
|
||||
CONFIG_MTD=m
|
||||
CONFIG_MTD_REDBOOT_PARTS=y
|
||||
CONFIG_MTD_BLOCK=m
|
||||
CONFIG_MTD_BLOCK_RO=m
|
||||
CONFIG_FTL=m
|
||||
CONFIG_NFTL=m
|
||||
CONFIG_NFTL_RW=y
|
||||
|
|
|
@ -53,13 +53,18 @@ CONFIG_I2C_OCTEON=y
|
|||
## file: drivers/input/keyboard/Kconfig
|
||||
##
|
||||
CONFIG_INPUT_KEYBOARD=y
|
||||
CONFIG_KEYBOARD_ATKBD=y
|
||||
# CONFIG_KEYBOARD_ATKBD is not set
|
||||
|
||||
##
|
||||
## file: drivers/input/mouse/Kconfig
|
||||
##
|
||||
CONFIG_INPUT_MOUSE=y
|
||||
CONFIG_MOUSE_PS2=y
|
||||
# CONFIG_MOUSE_PS2 is not set
|
||||
|
||||
##
|
||||
## file: drivers/input/serio/Kconfig
|
||||
##
|
||||
# CONFIG_SERIO_I8042 is not set
|
||||
|
||||
##
|
||||
## file: drivers/input/touchscreen/Kconfig
|
||||
|
@ -104,6 +109,11 @@ CONFIG_RTC_DRV_DS1307=y
|
|||
##
|
||||
CONFIG_OCTEON_ETHERNET=y
|
||||
|
||||
##
|
||||
## file: drivers/staging/octeon-usb/Kconfig
|
||||
##
|
||||
CONFIG_OCTEON_USB=y
|
||||
|
||||
##
|
||||
## file: drivers/tty/serial/8250/Kconfig
|
||||
##
|
||||
|
@ -111,6 +121,15 @@ CONFIG_SERIAL_8250=y
|
|||
CONFIG_SERIAL_8250_CONSOLE=y
|
||||
CONFIG_SERIAL_8250_NR_UARTS=2
|
||||
CONFIG_SERIAL_8250_RUNTIME_UARTS=2
|
||||
CONFIG_SERIAL_8250_DW=y
|
||||
|
||||
##
|
||||
## file: drivers/usb/host/Kconfig
|
||||
##
|
||||
CONFIG_USB_EHCI_HCD=m
|
||||
CONFIG_USB_OCTEON_EHCI=y
|
||||
CONFIG_USB_OCTEON_OHCI=y
|
||||
CONFIG_USB_OHCI_HCD=m
|
||||
|
||||
##
|
||||
## file: kernel/power/Kconfig
|
||||
|
|
|
@ -150,11 +150,6 @@ CONFIG_FB=y
|
|||
##
|
||||
CONFIG_INDYDOG=m
|
||||
|
||||
##
|
||||
## file: net/bluetooth/Kconfig
|
||||
##
|
||||
# CONFIG_BT is not set
|
||||
|
||||
##
|
||||
## file: sound/mips/Kconfig
|
||||
##
|
||||
|
|
|
@ -808,34 +808,31 @@ CONFIG_FB_CIRRUS=m
|
|||
# CONFIG_FB_PM2 is not set
|
||||
# CONFIG_FB_CYBER2000 is not set
|
||||
CONFIG_FB_OF=y
|
||||
CONFIG_FB_CT65550=y
|
||||
# CONFIG_FB_ASILIANT is not set
|
||||
# CONFIG_FB_VGA16 is not set
|
||||
CONFIG_FB_S1D13XXX=m
|
||||
CONFIG_FB_MATROX=y
|
||||
CONFIG_FB_MATROX=m
|
||||
CONFIG_FB_MATROX_MILLENIUM=y
|
||||
CONFIG_FB_MATROX_MYSTIQUE=y
|
||||
CONFIG_FB_MATROX_G=y
|
||||
CONFIG_FB_MATROX_I2C=m
|
||||
CONFIG_FB_MATROX_MAVEN=m
|
||||
CONFIG_FB_RADEON=y
|
||||
CONFIG_FB_RADEON=m
|
||||
CONFIG_FB_RADEON_I2C=y
|
||||
# CONFIG_FB_RADEON_DEBUG is not set
|
||||
CONFIG_FB_ATY128=y
|
||||
CONFIG_FB_ATY=y
|
||||
CONFIG_FB_ATY=m
|
||||
CONFIG_FB_ATY_CT=y
|
||||
CONFIG_FB_ATY_GENERIC_LCD=y
|
||||
CONFIG_FB_ATY_GX=y
|
||||
CONFIG_FB_SAVAGE=m
|
||||
CONFIG_FB_SAVAGE_I2C=y
|
||||
CONFIG_FB_SAVAGE_ACCEL=y
|
||||
CONFIG_FB_SIS=y
|
||||
CONFIG_FB_SIS=m
|
||||
CONFIG_FB_SIS_300=y
|
||||
CONFIG_FB_SIS_315=y
|
||||
CONFIG_FB_NEOMAGIC=m
|
||||
CONFIG_FB_KYRO=m
|
||||
CONFIG_FB_3DFX=y
|
||||
CONFIG_FB_VOODOO1=y
|
||||
CONFIG_FB_VOODOO1=m
|
||||
CONFIG_FB_TRIDENT=m
|
||||
CONFIG_FB_IBM_GXT4500=m
|
||||
# CONFIG_FB_VIRTUAL is not set
|
||||
|
|
|
@ -9,9 +9,16 @@ CONFIG_NUMA=y
|
|||
CONFIG_PPC_64K_PAGES=y
|
||||
## end choice
|
||||
CONFIG_SCHED_SMT=y
|
||||
CONFIG_CMDLINE="console=hvsi0 console=hvc0 console=ttyS0,9600 console=tty0"
|
||||
CONFIG_KERNEL_START=0xc000000000000000
|
||||
|
||||
##
|
||||
## file: arch/powerpc/kvm/Kconfig
|
||||
##
|
||||
CONFIG_KVM_BOOK3S_64=m
|
||||
CONFIG_KVM_BOOK3S_64_HV=m
|
||||
CONFIG_KVM_BOOK3S_64_PR=m
|
||||
CONFIG_KVM_XICS=y
|
||||
|
||||
##
|
||||
## file: arch/powerpc/platforms/Kconfig
|
||||
##
|
||||
|
@ -107,11 +114,7 @@ CONFIG_HVCS=m
|
|||
##
|
||||
## file: drivers/video/fbdev/Kconfig
|
||||
##
|
||||
# CONFIG_FB_CONTROL is not set
|
||||
# CONFIG_FB_PLATINUM is not set
|
||||
# CONFIG_FB_VALKYRIE is not set
|
||||
# CONFIG_FB_IMSTT is not set
|
||||
# CONFIG_FB_ATY128 is not set
|
||||
|
||||
##
|
||||
## file: drivers/watchdog/Kconfig
|
||||
|
|
|
@ -1,3 +1,8 @@
|
|||
##
|
||||
## file: arch/powerpc/Kconfig
|
||||
##
|
||||
CONFIG_CMDLINE="console=hvsi0 console=hvc0 console=ttyS0,9600 console=tty0"
|
||||
|
||||
##
|
||||
## file: arch/powerpc/platforms/cell/Kconfig
|
||||
##
|
||||
|
|
|
@ -1,3 +1,8 @@
|
|||
##
|
||||
## file: arch/powerpc/Kconfig
|
||||
##
|
||||
# CONFIG_CMDLINE_BOOL is not set
|
||||
|
||||
##
|
||||
## file: arch/powerpc/platforms/Kconfig.cputype
|
||||
##
|
||||
|
|
|
@ -558,11 +558,6 @@ CONFIG_SPARSEMEM_MANUAL=y
|
|||
##
|
||||
# CONFIG_HAMRADIO is not set
|
||||
|
||||
##
|
||||
## file: net/bluetooth/Kconfig
|
||||
##
|
||||
# CONFIG_BT is not set
|
||||
|
||||
##
|
||||
## file: net/decnet/Kconfig
|
||||
##
|
||||
|
|
|
@ -799,14 +799,11 @@ CONFIG_MMC_SDHCI_ACPI=m
|
|||
##
|
||||
## file: drivers/mtd/Kconfig
|
||||
##
|
||||
CONFIG_MTD=m
|
||||
CONFIG_MTD_REDBOOT_PARTS=y
|
||||
CONFIG_MTD_REDBOOT_DIRECTORY_BLOCK=-1
|
||||
# CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED is not set
|
||||
# CONFIG_MTD_REDBOOT_PARTS_READONLY is not set
|
||||
# CONFIG_MTD_CMDLINE_PARTS is not set
|
||||
CONFIG_MTD_BLOCK=m
|
||||
CONFIG_MTD_BLOCK_RO=m
|
||||
CONFIG_FTL=m
|
||||
CONFIG_NFTL=m
|
||||
CONFIG_NFTL_RW=y
|
||||
|
|
|
@ -780,11 +780,6 @@ CONFIG_HZ_PERIODIC=y
|
|||
##
|
||||
# CONFIG_BATMAN_ADV is not set
|
||||
|
||||
##
|
||||
## file: net/bluetooth/Kconfig
|
||||
##
|
||||
# CONFIG_BT is not set
|
||||
|
||||
##
|
||||
## file: net/can/Kconfig
|
||||
##
|
||||
|
|
|
@ -88,7 +88,15 @@ CONFIG_SERIAL_MPC52xx_CONSOLE_BAUD=115200
|
|||
CONFIG_FB_CONTROL=y
|
||||
CONFIG_FB_PLATINUM=y
|
||||
CONFIG_FB_VALKYRIE=y
|
||||
CONFIG_FB_CT65550=y
|
||||
CONFIG_FB_IMSTT=y
|
||||
CONFIG_FB_MATROX=y
|
||||
CONFIG_FB_RADEON=y
|
||||
CONFIG_FB_ATY128=y
|
||||
CONFIG_FB_ATY=y
|
||||
CONFIG_FB_SIS=y
|
||||
CONFIG_FB_3DFX=y
|
||||
CONFIG_FB_VOODOO1=y
|
||||
|
||||
##
|
||||
## file: init/Kconfig
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
#include <cdrom-core-modules>
|
||||
|
|
@ -3,3 +3,4 @@ sdhci-esdhc-imx
|
|||
mmci
|
||||
omap_hsmmc
|
||||
sunxi-mmc
|
||||
dw_mmc-exynos
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
#include <mtd-modules>
|
||||
mxc_nand
|
||||
pxa3xx_nand
|
|
@ -3,4 +3,4 @@ ahci_platform
|
|||
ahci_imx
|
||||
ahci_sunxi
|
||||
sata_highbank
|
||||
|
||||
phy-exynos5250-sata
|
||||
|
|
|
@ -1 +1,7 @@
|
|||
#include <usb-modules>
|
||||
phy-sun4i-usb
|
||||
dwc3-exynos
|
||||
ohci-exynos
|
||||
ehci-exynos
|
||||
phy-exynos-usb2
|
||||
ci_hdrc_imx
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
#include "../hppa/ata-modules"
|
|
@ -0,0 +1 @@
|
|||
#include "../hppa/crc-modules"
|
|
@ -0,0 +1 @@
|
|||
#include "../hppa/event-modules"
|
|
@ -0,0 +1 @@
|
|||
#include "../hppa/isofs-modules"
|
|
@ -0,0 +1 @@
|
|||
#include "../hppa/jfs-modules"
|
|
@ -0,0 +1 @@
|
|||
#include "../hppa/mouse-modules"
|
|
@ -0,0 +1 @@
|
|||
#include "../hppa/nic-shared-modules"
|
|
@ -0,0 +1 @@
|
|||
#include "../hppa/nic-usb-modules"
|
|
@ -0,0 +1 @@
|
|||
#include "../hppa/sata-modules"
|
|
@ -0,0 +1 @@
|
|||
#include "../hppa/scsi-common-modules"
|
|
@ -0,0 +1 @@
|
|||
#include "../hppa/serial-modules"
|
|
@ -0,0 +1 @@
|
|||
#include "../hppa/squashfs-modules"
|
|
@ -0,0 +1 @@
|
|||
#include "../hppa/usb-serial-modules"
|
|
@ -0,0 +1 @@
|
|||
#include <ata-modules>
|
|
@ -0,0 +1 @@
|
|||
#include <crc-modules>
|
|
@ -0,0 +1 @@
|
|||
#include <event-modules>
|
|
@ -0,0 +1 @@
|
|||
#include <isofs-modules>
|
|
@ -0,0 +1 @@
|
|||
#include <jfs-modules>
|
|
@ -0,0 +1 @@
|
|||
#include <mouse-modules>
|
|
@ -0,0 +1 @@
|
|||
#include <nic-shared-modules>
|
|
@ -0,0 +1 @@
|
|||
#include <nic-usb-modules>
|
|
@ -0,0 +1,2 @@
|
|||
#include <sata-modules>
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
#include <scsi-common-modules>
|
||||
|
|
@ -4,7 +4,6 @@ lasi700
|
|||
osst
|
||||
sg
|
||||
st
|
||||
sym53c8xx
|
||||
zalon7xx
|
||||
megaraid ?
|
||||
megaraid_mbox ?
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
#include <serial-modules>
|
|
@ -0,0 +1 @@
|
|||
#include <squashfs-modules>
|
|
@ -0,0 +1 @@
|
|||
#include <usb-serial-modules>
|
|
@ -1,3 +1,3 @@
|
|||
# arch version flavour installedname suffix build-depends
|
||||
i386 - 486 - - -
|
||||
i386 - 586 - - -
|
||||
i386 - 686-pae - - -
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
#include <usb-modules>
|
||||
octeon-hcd
|
||||
|
|
|
@ -4,4 +4,6 @@ twofish_generic
|
|||
serpent_generic
|
||||
sha256_generic
|
||||
cbc ?
|
||||
ccm
|
||||
ctr
|
||||
xts
|
||||
|
|
|
@ -4,3 +4,5 @@ sdhci-pci ?
|
|||
sdhci-acpi ?
|
||||
ricoh_mmc ?
|
||||
tifm_sd ?
|
||||
dw_mmc ?
|
||||
dw_mmc_pltfm ?
|
||||
|
|
|
@ -28,6 +28,7 @@ pata_pdc202xx_old ?
|
|||
pata_piccolo ?
|
||||
pata_qdi ?
|
||||
pata_radisys ?
|
||||
pata_rdc ?
|
||||
pata_rz1000 ?
|
||||
pata_sc1200 ?
|
||||
pata_serverworks ?
|
||||
|
|
|
@ -1,7 +1,11 @@
|
|||
ehci-hcd ?
|
||||
ehci-pci ?
|
||||
ehci-platform ?
|
||||
ohci-hcd ?
|
||||
ohci-pci ?
|
||||
ohci-platform ?
|
||||
uhci-hcd ?
|
||||
xhci-hcd ?
|
||||
usbcore ?
|
||||
dwc3 ?
|
||||
usb3503 ?
|
||||
|
|
|
@ -275,7 +275,7 @@ class Gencontrol(object):
|
|||
def subst(match):
|
||||
return vars[match.group(1)]
|
||||
|
||||
return re.sub(r'@([-_a-z]+)@', subst, six.text_type(s))
|
||||
return re.sub(r'@([-_a-z0-9]+)@', subst, six.text_type(s))
|
||||
|
||||
def write(self, packages, makefile):
|
||||
self.write_control(packages.values())
|
||||
|
|
52
debian/patches/bugfix/all/SUNRPC-Don-t-wake-tasks-during-connection-abort.patch
vendored
Normal file
52
debian/patches/bugfix/all/SUNRPC-Don-t-wake-tasks-during-connection-abort.patch
vendored
Normal file
|
@ -0,0 +1,52 @@
|
|||
From: Benjamin Coddington <bcodding@redhat.com>
|
||||
Date: Tue, 23 Sep 2014 12:26:19 -0400
|
||||
Subject: [1/2] SUNRPC: Don't wake tasks during connection abort
|
||||
Origin: https://git.kernel.org/linus/a743419f420a64d442280845c0377a915b76644f
|
||||
Bug-Debian: https://bugs.debian.org/767219
|
||||
|
||||
When aborting a connection to preserve source ports, don't wake the task in
|
||||
xs_error_report. This allows tasks with RPC_TASK_SOFTCONN to succeed if the
|
||||
connection needs to be re-established since it preserves the task's status
|
||||
instead of setting it to the status of the aborting kernel_connect().
|
||||
|
||||
This may also avoid a potential conflict on the socket's lock.
|
||||
|
||||
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
|
||||
Cc: stable@vger.kernel.org # 3.14+
|
||||
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
|
||||
---
|
||||
include/linux/sunrpc/xprt.h | 1 +
|
||||
net/sunrpc/xprtsock.c | 4 ++++
|
||||
2 files changed, 5 insertions(+)
|
||||
|
||||
--- a/include/linux/sunrpc/xprt.h
|
||||
+++ b/include/linux/sunrpc/xprt.h
|
||||
@@ -357,6 +357,7 @@ int xs_swapper(struct rpc_xprt *xprt,
|
||||
#define XPRT_CONNECTION_ABORT (7)
|
||||
#define XPRT_CONNECTION_CLOSE (8)
|
||||
#define XPRT_CONGESTED (9)
|
||||
+#define XPRT_CONNECTION_REUSE (10)
|
||||
|
||||
static inline void xprt_set_connected(struct rpc_xprt *xprt)
|
||||
{
|
||||
--- a/net/sunrpc/xprtsock.c
|
||||
+++ b/net/sunrpc/xprtsock.c
|
||||
@@ -842,6 +842,8 @@ static void xs_error_report(struct sock
|
||||
dprintk("RPC: xs_error_report client %p, error=%d...\n",
|
||||
xprt, -err);
|
||||
trace_rpc_socket_error(xprt, sk->sk_socket, err);
|
||||
+ if (test_bit(XPRT_CONNECTION_REUSE, &xprt->state))
|
||||
+ goto out;
|
||||
xprt_wake_pending_tasks(xprt, err);
|
||||
out:
|
||||
read_unlock_bh(&sk->sk_callback_lock);
|
||||
@@ -2241,7 +2243,9 @@ static void xs_tcp_setup_socket(struct w
|
||||
abort_and_exit = test_and_clear_bit(XPRT_CONNECTION_ABORT,
|
||||
&xprt->state);
|
||||
/* "close" the socket, preserving the local port */
|
||||
+ set_bit(XPRT_CONNECTION_REUSE, &xprt->state);
|
||||
xs_tcp_reuse_connection(transport);
|
||||
+ clear_bit(XPRT_CONNECTION_REUSE, &xprt->state);
|
||||
|
||||
if (abort_and_exit)
|
||||
goto out_eagain;
|
|
@ -2,6 +2,7 @@ From: Ian Campbell <ijc@hellion.org.uk>
|
|||
Subject: phy/marvell: disable 4-port phys
|
||||
Date: Wed, 20 Nov 2013 08:30:14 +0000
|
||||
Bug-Debian: https://bugs.debian.org/723177
|
||||
Forwarded: http://thread.gmane.org/gmane.linux.debian.devel.bugs.general/1107774/
|
||||
|
||||
The Marvell PHY was originally disabled because it can cause networking
|
||||
failures on some systems. According to Lennert Buytenhek this is because some
|
||||
|
|
|
@ -0,0 +1,212 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Thu, 30 Oct 2014 18:27:12 +0000
|
||||
Subject: [1/2] drivers/net: Disable UFO through virtio
|
||||
Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=3d0ad09412ffe00c9afa201d01effdb6023d09b4
|
||||
|
||||
IPv6 does not allow fragmentation by routers, so there is no
|
||||
fragmentation ID in the fixed header. UFO for IPv6 requires the ID to
|
||||
be passed separately, but there is no provision for this in the virtio
|
||||
net protocol.
|
||||
|
||||
Until recently our software implementation of UFO/IPv6 generated a new
|
||||
ID, but this was a bug. Now we will use ID=0 for any UFO/IPv6 packet
|
||||
passed through a tap, which is even worse.
|
||||
|
||||
Unfortunately there is no distinction between UFO/IPv4 and v6
|
||||
features, so disable UFO on taps and virtio_net completely until we
|
||||
have a proper solution.
|
||||
|
||||
We cannot depend on VM managers respecting the tap feature flags, so
|
||||
keep accepting UFO packets but log a warning the first time we do
|
||||
this.
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data")
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
drivers/net/macvtap.c | 13 +++++--------
|
||||
drivers/net/tun.c | 19 +++++++++++--------
|
||||
drivers/net/virtio_net.c | 24 ++++++++++++++----------
|
||||
3 files changed, 30 insertions(+), 26 deletions(-)
|
||||
|
||||
--- a/drivers/net/macvtap.c
|
||||
+++ b/drivers/net/macvtap.c
|
||||
@@ -65,7 +65,7 @@ static struct cdev macvtap_cdev;
|
||||
static const struct proto_ops macvtap_socket_ops;
|
||||
|
||||
#define TUN_OFFLOADS (NETIF_F_HW_CSUM | NETIF_F_TSO_ECN | NETIF_F_TSO | \
|
||||
- NETIF_F_TSO6 | NETIF_F_UFO)
|
||||
+ NETIF_F_TSO6)
|
||||
#define RX_OFFLOADS (NETIF_F_GRO | NETIF_F_LRO)
|
||||
#define TAP_FEATURES (NETIF_F_GSO | NETIF_F_SG)
|
||||
|
||||
@@ -569,6 +569,8 @@ static int macvtap_skb_from_vnet_hdr(str
|
||||
gso_type = SKB_GSO_TCPV6;
|
||||
break;
|
||||
case VIRTIO_NET_HDR_GSO_UDP:
|
||||
+ pr_warn_once("macvtap: %s: using disabled UFO feature; please fix this program\n",
|
||||
+ current->comm);
|
||||
gso_type = SKB_GSO_UDP;
|
||||
break;
|
||||
default:
|
||||
@@ -614,8 +616,6 @@ static void macvtap_skb_to_vnet_hdr(cons
|
||||
vnet_hdr->gso_type = VIRTIO_NET_HDR_GSO_TCPV4;
|
||||
else if (sinfo->gso_type & SKB_GSO_TCPV6)
|
||||
vnet_hdr->gso_type = VIRTIO_NET_HDR_GSO_TCPV6;
|
||||
- else if (sinfo->gso_type & SKB_GSO_UDP)
|
||||
- vnet_hdr->gso_type = VIRTIO_NET_HDR_GSO_UDP;
|
||||
else
|
||||
BUG();
|
||||
if (sinfo->gso_type & SKB_GSO_TCP_ECN)
|
||||
@@ -950,9 +950,6 @@ static int set_offload(struct macvtap_qu
|
||||
if (arg & TUN_F_TSO6)
|
||||
feature_mask |= NETIF_F_TSO6;
|
||||
}
|
||||
-
|
||||
- if (arg & TUN_F_UFO)
|
||||
- feature_mask |= NETIF_F_UFO;
|
||||
}
|
||||
|
||||
/* tun/tap driver inverts the usage for TSO offloads, where
|
||||
@@ -963,7 +960,7 @@ static int set_offload(struct macvtap_qu
|
||||
* When user space turns off TSO, we turn off GSO/LRO so that
|
||||
* user-space will not receive TSO frames.
|
||||
*/
|
||||
- if (feature_mask & (NETIF_F_TSO | NETIF_F_TSO6 | NETIF_F_UFO))
|
||||
+ if (feature_mask & (NETIF_F_TSO | NETIF_F_TSO6))
|
||||
features |= RX_OFFLOADS;
|
||||
else
|
||||
features &= ~RX_OFFLOADS;
|
||||
@@ -1064,7 +1061,7 @@ static long macvtap_ioctl(struct file *f
|
||||
case TUNSETOFFLOAD:
|
||||
/* let the user check for future flags */
|
||||
if (arg & ~(TUN_F_CSUM | TUN_F_TSO4 | TUN_F_TSO6 |
|
||||
- TUN_F_TSO_ECN | TUN_F_UFO))
|
||||
+ TUN_F_TSO_ECN))
|
||||
return -EINVAL;
|
||||
|
||||
rtnl_lock();
|
||||
--- a/drivers/net/tun.c
|
||||
+++ b/drivers/net/tun.c
|
||||
@@ -174,7 +174,7 @@ struct tun_struct {
|
||||
struct net_device *dev;
|
||||
netdev_features_t set_features;
|
||||
#define TUN_USER_FEATURES (NETIF_F_HW_CSUM|NETIF_F_TSO_ECN|NETIF_F_TSO| \
|
||||
- NETIF_F_TSO6|NETIF_F_UFO)
|
||||
+ NETIF_F_TSO6)
|
||||
|
||||
int vnet_hdr_sz;
|
||||
int sndbuf;
|
||||
@@ -1149,8 +1149,18 @@ static ssize_t tun_get_user(struct tun_s
|
||||
skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6;
|
||||
break;
|
||||
case VIRTIO_NET_HDR_GSO_UDP:
|
||||
+ {
|
||||
+ static bool warned;
|
||||
+
|
||||
+ if (!warned) {
|
||||
+ warned = true;
|
||||
+ netdev_warn(tun->dev,
|
||||
+ "%s: using disabled UFO feature; please fix this program\n",
|
||||
+ current->comm);
|
||||
+ }
|
||||
skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
|
||||
break;
|
||||
+ }
|
||||
default:
|
||||
tun->dev->stats.rx_frame_errors++;
|
||||
kfree_skb(skb);
|
||||
@@ -1251,8 +1261,6 @@ static ssize_t tun_put_user(struct tun_s
|
||||
gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV4;
|
||||
else if (sinfo->gso_type & SKB_GSO_TCPV6)
|
||||
gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV6;
|
||||
- else if (sinfo->gso_type & SKB_GSO_UDP)
|
||||
- gso.gso_type = VIRTIO_NET_HDR_GSO_UDP;
|
||||
else {
|
||||
pr_err("unexpected GSO type: "
|
||||
"0x%x, gso_size %d, hdr_len %d\n",
|
||||
@@ -1761,11 +1769,6 @@ static int set_offload(struct tun_struct
|
||||
features |= NETIF_F_TSO6;
|
||||
arg &= ~(TUN_F_TSO4|TUN_F_TSO6);
|
||||
}
|
||||
-
|
||||
- if (arg & TUN_F_UFO) {
|
||||
- features |= NETIF_F_UFO;
|
||||
- arg &= ~TUN_F_UFO;
|
||||
- }
|
||||
}
|
||||
|
||||
/* This gives the user a way to test for new features in future by
|
||||
--- a/drivers/net/virtio_net.c
|
||||
+++ b/drivers/net/virtio_net.c
|
||||
@@ -496,8 +496,17 @@ static void receive_buf(struct receive_q
|
||||
skb_shinfo(skb)->gso_type = SKB_GSO_TCPV4;
|
||||
break;
|
||||
case VIRTIO_NET_HDR_GSO_UDP:
|
||||
+ {
|
||||
+ static bool warned;
|
||||
+
|
||||
+ if (!warned) {
|
||||
+ warned = true;
|
||||
+ netdev_warn(dev,
|
||||
+ "host using disabled UFO feature; please fix it\n");
|
||||
+ }
|
||||
skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
|
||||
break;
|
||||
+ }
|
||||
case VIRTIO_NET_HDR_GSO_TCPV6:
|
||||
skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6;
|
||||
break;
|
||||
@@ -836,8 +845,6 @@ static int xmit_skb(struct send_queue *s
|
||||
hdr->hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV4;
|
||||
else if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6)
|
||||
hdr->hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV6;
|
||||
- else if (skb_shinfo(skb)->gso_type & SKB_GSO_UDP)
|
||||
- hdr->hdr.gso_type = VIRTIO_NET_HDR_GSO_UDP;
|
||||
else
|
||||
BUG();
|
||||
if (skb_shinfo(skb)->gso_type & SKB_GSO_TCP_ECN)
|
||||
@@ -1657,7 +1664,7 @@ static int virtnet_probe(struct virtio_d
|
||||
dev->features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST;
|
||||
|
||||
if (virtio_has_feature(vdev, VIRTIO_NET_F_GSO)) {
|
||||
- dev->hw_features |= NETIF_F_TSO | NETIF_F_UFO
|
||||
+ dev->hw_features |= NETIF_F_TSO
|
||||
| NETIF_F_TSO_ECN | NETIF_F_TSO6;
|
||||
}
|
||||
/* Individual feature bits: what can host handle? */
|
||||
@@ -1667,11 +1674,9 @@ static int virtnet_probe(struct virtio_d
|
||||
dev->hw_features |= NETIF_F_TSO6;
|
||||
if (virtio_has_feature(vdev, VIRTIO_NET_F_HOST_ECN))
|
||||
dev->hw_features |= NETIF_F_TSO_ECN;
|
||||
- if (virtio_has_feature(vdev, VIRTIO_NET_F_HOST_UFO))
|
||||
- dev->hw_features |= NETIF_F_UFO;
|
||||
|
||||
if (gso)
|
||||
- dev->features |= dev->hw_features & (NETIF_F_ALL_TSO|NETIF_F_UFO);
|
||||
+ dev->features |= dev->hw_features & NETIF_F_ALL_TSO;
|
||||
/* (!csum && gso) case will be fixed by register_netdev() */
|
||||
}
|
||||
if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_CSUM))
|
||||
@@ -1711,8 +1716,7 @@ static int virtnet_probe(struct virtio_d
|
||||
/* If we can receive ANY GSO packets, we must allocate large ones. */
|
||||
if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_TSO4) ||
|
||||
virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_TSO6) ||
|
||||
- virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_ECN) ||
|
||||
- virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_UFO))
|
||||
+ virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_ECN))
|
||||
vi->big_packets = true;
|
||||
|
||||
if (virtio_has_feature(vdev, VIRTIO_NET_F_MRG_RXBUF))
|
||||
@@ -1910,9 +1914,9 @@ static struct virtio_device_id id_table[
|
||||
static unsigned int features[] = {
|
||||
VIRTIO_NET_F_CSUM, VIRTIO_NET_F_GUEST_CSUM,
|
||||
VIRTIO_NET_F_GSO, VIRTIO_NET_F_MAC,
|
||||
- VIRTIO_NET_F_HOST_TSO4, VIRTIO_NET_F_HOST_UFO, VIRTIO_NET_F_HOST_TSO6,
|
||||
+ VIRTIO_NET_F_HOST_TSO4, VIRTIO_NET_F_HOST_TSO6,
|
||||
VIRTIO_NET_F_HOST_ECN, VIRTIO_NET_F_GUEST_TSO4, VIRTIO_NET_F_GUEST_TSO6,
|
||||
- VIRTIO_NET_F_GUEST_ECN, VIRTIO_NET_F_GUEST_UFO,
|
||||
+ VIRTIO_NET_F_GUEST_ECN,
|
||||
VIRTIO_NET_F_MRG_RXBUF, VIRTIO_NET_F_STATUS, VIRTIO_NET_F_CTRL_VQ,
|
||||
VIRTIO_NET_F_CTRL_RX, VIRTIO_NET_F_CTRL_VLAN,
|
||||
VIRTIO_NET_F_GUEST_ANNOUNCE, VIRTIO_NET_F_MQ,
|
135
debian/patches/bugfix/all/drivers-net-ipv6-Select-IPv6-fragment-idents-for-vir.patch
vendored
Normal file
135
debian/patches/bugfix/all/drivers-net-ipv6-Select-IPv6-fragment-idents-for-vir.patch
vendored
Normal file
|
@ -0,0 +1,135 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Thu, 30 Oct 2014 18:27:17 +0000
|
||||
Subject: [2/2] drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO
|
||||
packets
|
||||
Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=5188cd44c55db3e92cd9e77a40b5baa7ed4340f7
|
||||
|
||||
UFO is now disabled on all drivers that work with virtio net headers,
|
||||
but userland may try to send UFO/IPv6 packets anyway. Instead of
|
||||
sending with ID=0, we should select identifiers on their behalf (as we
|
||||
used to).
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data")
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
drivers/net/macvtap.c | 3 +++
|
||||
drivers/net/tun.c | 6 +++++-
|
||||
include/net/ipv6.h | 2 ++
|
||||
net/ipv6/output_core.c | 34 ++++++++++++++++++++++++++++++++++
|
||||
4 files changed, 44 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/drivers/net/macvtap.c
|
||||
+++ b/drivers/net/macvtap.c
|
||||
@@ -16,6 +16,7 @@
|
||||
#include <linux/idr.h>
|
||||
#include <linux/fs.h>
|
||||
|
||||
+#include <net/ipv6.h>
|
||||
#include <net/net_namespace.h>
|
||||
#include <net/rtnetlink.h>
|
||||
#include <net/sock.h>
|
||||
@@ -572,6 +573,8 @@ static int macvtap_skb_from_vnet_hdr(str
|
||||
pr_warn_once("macvtap: %s: using disabled UFO feature; please fix this program\n",
|
||||
current->comm);
|
||||
gso_type = SKB_GSO_UDP;
|
||||
+ if (skb->protocol == htons(ETH_P_IPV6))
|
||||
+ ipv6_proxy_select_ident(skb);
|
||||
break;
|
||||
default:
|
||||
return -EINVAL;
|
||||
--- a/drivers/net/tun.c
|
||||
+++ b/drivers/net/tun.c
|
||||
@@ -65,6 +65,7 @@
|
||||
#include <linux/nsproxy.h>
|
||||
#include <linux/virtio_net.h>
|
||||
#include <linux/rcupdate.h>
|
||||
+#include <net/ipv6.h>
|
||||
#include <net/net_namespace.h>
|
||||
#include <net/netns/generic.h>
|
||||
#include <net/rtnetlink.h>
|
||||
@@ -1139,6 +1140,8 @@ static ssize_t tun_get_user(struct tun_s
|
||||
break;
|
||||
}
|
||||
|
||||
+ skb_reset_network_header(skb);
|
||||
+
|
||||
if (gso.gso_type != VIRTIO_NET_HDR_GSO_NONE) {
|
||||
pr_debug("GSO!\n");
|
||||
switch (gso.gso_type & ~VIRTIO_NET_HDR_GSO_ECN) {
|
||||
@@ -1159,6 +1162,8 @@ static ssize_t tun_get_user(struct tun_s
|
||||
current->comm);
|
||||
}
|
||||
skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
|
||||
+ if (skb->protocol == htons(ETH_P_IPV6))
|
||||
+ ipv6_proxy_select_ident(skb);
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@@ -1189,7 +1194,6 @@ static ssize_t tun_get_user(struct tun_s
|
||||
skb_shinfo(skb)->tx_flags |= SKBTX_SHARED_FRAG;
|
||||
}
|
||||
|
||||
- skb_reset_network_header(skb);
|
||||
skb_probe_transport_header(skb, 0);
|
||||
|
||||
rxhash = skb_get_hash(skb);
|
||||
--- a/include/net/ipv6.h
|
||||
+++ b/include/net/ipv6.h
|
||||
@@ -668,6 +668,8 @@ static inline int ipv6_addr_diff(const s
|
||||
return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr));
|
||||
}
|
||||
|
||||
+void ipv6_proxy_select_ident(struct sk_buff *skb);
|
||||
+
|
||||
int ip6_dst_hoplimit(struct dst_entry *dst);
|
||||
|
||||
static inline int ip6_sk_dst_hoplimit(struct ipv6_pinfo *np, struct flowi6 *fl6,
|
||||
--- a/net/ipv6/output_core.c
|
||||
+++ b/net/ipv6/output_core.c
|
||||
@@ -3,11 +3,45 @@
|
||||
* not configured or static. These functions are needed by GSO/GRO implementation.
|
||||
*/
|
||||
#include <linux/export.h>
|
||||
+#include <net/ip.h>
|
||||
#include <net/ipv6.h>
|
||||
#include <net/ip6_fib.h>
|
||||
#include <net/addrconf.h>
|
||||
#include <net/secure_seq.h>
|
||||
|
||||
+/* This function exists only for tap drivers that must support broken
|
||||
+ * clients requesting UFO without specifying an IPv6 fragment ID.
|
||||
+ *
|
||||
+ * This is similar to ipv6_select_ident() but we use an independent hash
|
||||
+ * seed to limit information leakage.
|
||||
+ *
|
||||
+ * The network header must be set before calling this.
|
||||
+ */
|
||||
+void ipv6_proxy_select_ident(struct sk_buff *skb)
|
||||
+{
|
||||
+ static u32 ip6_proxy_idents_hashrnd __read_mostly;
|
||||
+ struct in6_addr buf[2];
|
||||
+ struct in6_addr *addrs;
|
||||
+ u32 hash, id;
|
||||
+
|
||||
+ addrs = skb_header_pointer(skb,
|
||||
+ skb_network_offset(skb) +
|
||||
+ offsetof(struct ipv6hdr, saddr),
|
||||
+ sizeof(buf), buf);
|
||||
+ if (!addrs)
|
||||
+ return;
|
||||
+
|
||||
+ net_get_random_once(&ip6_proxy_idents_hashrnd,
|
||||
+ sizeof(ip6_proxy_idents_hashrnd));
|
||||
+
|
||||
+ hash = __ipv6_addr_jhash(&addrs[1], ip6_proxy_idents_hashrnd);
|
||||
+ hash = __ipv6_addr_jhash(&addrs[0], hash);
|
||||
+
|
||||
+ id = ip_idents_reserve(hash, 1);
|
||||
+ skb_shinfo(skb)->ip6_frag_id = htonl(id);
|
||||
+}
|
||||
+EXPORT_SYMBOL_GPL(ipv6_proxy_select_ident);
|
||||
+
|
||||
int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
|
||||
{
|
||||
u16 offset = sizeof(struct ipv6hdr);
|
|
@ -17,6 +17,9 @@ removed in later patches.
|
|||
|
||||
This does not cover the case where we fall back to a user-mode helper
|
||||
(which is no longer enabled in Debian).
|
||||
|
||||
NOTE: hw-detect will depend on the "firmware: failed to load %s (%d)\n"
|
||||
format to detect missing firmware.
|
||||
---
|
||||
--- a/drivers/base/firmware_class.c
|
||||
+++ b/drivers/base/firmware_class.c
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Sat, 14 Dec 2013 17:14:39 +0000
|
||||
Subject: firmware_class: Return specific errors from file read
|
||||
Forwarded: no
|
||||
|
||||
Currently several failure cases are not distinguished and are
|
||||
incorrectly reported as -EINVAL or -ENOENT.
|
||||
|
|
|
@ -3,7 +3,7 @@ Date: Sat, 19 Oct 2013 19:43:35 +0100
|
|||
Subject: kbuild: Use -nostdinc in compile tests
|
||||
Bug-Debian: https://bugs.debian.org/726861
|
||||
Bug-Debian: https://bugs.debian.org/717557
|
||||
Forwarded: no
|
||||
Forwarded: http://mid.gmane.org/1415235534.3398.35.camel@decadent.org.uk
|
||||
|
||||
Debian's gcc 4.8 pre-includes <stdc-predef.h> by default, which in
|
||||
turn includes <bits/predefs.h>. This fails when building a 64-bit
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
From: Benjamin Coddington <bcodding@redhat.com>
|
||||
Date: Tue, 23 Sep 2014 12:26:20 -0400
|
||||
Subject: [2/2] lockd: Try to reconnect if statd has moved
|
||||
Origin: https://git.kernel.org/linus/173b3afceebe76fa2205b2c8808682d5b541fe3c
|
||||
Bug-Debian: https://bugs.debian.org/767219
|
||||
|
||||
If rpc.statd is restarted, upcalls to monitor hosts can fail with
|
||||
ECONNREFUSED. In that case force a lookup of statd's new port and retry the
|
||||
upcall.
|
||||
|
||||
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
|
||||
---
|
||||
fs/lockd/mon.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/fs/lockd/mon.c b/fs/lockd/mon.c
|
||||
index daa8e75..9106f42 100644
|
||||
--- a/fs/lockd/mon.c
|
||||
+++ b/fs/lockd/mon.c
|
||||
@@ -159,6 +159,12 @@ static int nsm_mon_unmon(struct nsm_handle *nsm, u32 proc, struct nsm_res *res,
|
||||
|
||||
msg.rpc_proc = &clnt->cl_procinfo[proc];
|
||||
status = rpc_call_sync(clnt, &msg, RPC_TASK_SOFTCONN);
|
||||
+ if (status == -ECONNREFUSED) {
|
||||
+ dprintk("lockd: NSM upcall RPC failed, status=%d, forcing rebind\n",
|
||||
+ status);
|
||||
+ rpc_force_rebind(clnt);
|
||||
+ status = rpc_call_sync(clnt, &msg, RPC_TASK_SOFTCONN);
|
||||
+ }
|
||||
if (status < 0)
|
||||
dprintk("lockd: NSM upcall RPC failed, status=%d\n",
|
||||
status);
|
42
debian/patches/bugfix/all/mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch
vendored
Normal file
42
debian/patches/bugfix/all/mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch
vendored
Normal file
|
@ -0,0 +1,42 @@
|
|||
From: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
Date: Wed, 8 Oct 2014 10:42:27 -0700
|
||||
Subject: mnt: Prevent pivot_root from creating a loop in the mount tree
|
||||
Origin: https://git.kernel.org/linus/0d0826019e529f21c84687521d03f60cd241ca7d
|
||||
|
||||
Andy Lutomirski recently demonstrated that when chroot is used to set
|
||||
the root path below the path for the new ``root'' passed to pivot_root
|
||||
the pivot_root system call succeeds and leaks mounts.
|
||||
|
||||
In examining the code I see that starting with a new root that is
|
||||
below the current root in the mount tree will result in a loop in the
|
||||
mount tree after the mounts are detached and then reattached to one
|
||||
another. Resulting in all kinds of ugliness including a leak of that
|
||||
mounts involved in the leak of the mount loop.
|
||||
|
||||
Prevent this problem by ensuring that the new mount is reachable from
|
||||
the current root of the mount tree.
|
||||
|
||||
[Added stable cc. Fixes CVE-2014-7970. --Andy]
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Reported-by: Andy Lutomirski <luto@amacapital.net>
|
||||
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
|
||||
Link: http://lkml.kernel.org/r/87bnpmihks.fsf@x220.int.ebiederm.org
|
||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
|
||||
---
|
||||
fs/namespace.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
--- a/fs/namespace.c
|
||||
+++ b/fs/namespace.c
|
||||
@@ -2842,6 +2842,9 @@ SYSCALL_DEFINE2(pivot_root, const char _
|
||||
/* make sure we can reach put_old from new_root */
|
||||
if (!is_path_reachable(old_mnt, old.dentry, &new))
|
||||
goto out4;
|
||||
+ /* make certain new is below the root */
|
||||
+ if (!is_path_reachable(new_mnt, new.dentry, &root))
|
||||
+ goto out4;
|
||||
root_mp->m_count++; /* pin it so it won't go away */
|
||||
lock_mount_hash();
|
||||
detach_mnt(new_mnt, &parent_path);
|
|
@ -0,0 +1,46 @@
|
|||
From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <zajec5@gmail.com>
|
||||
Date: Mon, 29 Sep 2014 11:47:53 +0200
|
||||
Subject: [2/4] mtd: m25p80: get rid of spi_get_device_id
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Origin: http://git.infradead.org/l2-mtd.git/commit/90e55b3812a1245bb674afcc4410ddba7db402f6
|
||||
|
||||
This simplifies the way we use spi_nor framework and will allow us to
|
||||
drop spi_nor_match_id.
|
||||
|
||||
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
|
||||
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
|
||||
---
|
||||
drivers/mtd/devices/m25p80.c | 10 +++++-----
|
||||
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/drivers/mtd/devices/m25p80.c b/drivers/mtd/devices/m25p80.c
|
||||
index dcda628..822209d 100644
|
||||
--- a/drivers/mtd/devices/m25p80.c
|
||||
+++ b/drivers/mtd/devices/m25p80.c
|
||||
@@ -197,6 +197,7 @@ static int m25p_probe(struct spi_device *spi)
|
||||
struct m25p *flash;
|
||||
struct spi_nor *nor;
|
||||
enum read_mode mode = SPI_NOR_NORMAL;
|
||||
+ char *flash_name = NULL;
|
||||
int ret;
|
||||
|
||||
data = dev_get_platdata(&spi->dev);
|
||||
@@ -236,12 +237,11 @@ static int m25p_probe(struct spi_device *spi)
|
||||
* If that's the case, respect "type" and ignore a "name".
|
||||
*/
|
||||
if (data && data->type)
|
||||
- id = spi_nor_match_id(data->type);
|
||||
-
|
||||
- /* If we didn't get name from platform, simply use "modalias". */
|
||||
- if (!id)
|
||||
- id = spi_get_device_id(spi);
|
||||
+ flash_name = data->type;
|
||||
+ else
|
||||
+ flash_name = spi->modalias;
|
||||
|
||||
+ id = spi_nor_match_id(flash_name);
|
||||
ret = spi_nor_scan(nor, id, mode);
|
||||
if (ret)
|
||||
return ret;
|
125
debian/patches/bugfix/all/mtd-m25p80-spi-nor-Fix-module-aliases-for-m25p80.patch
vendored
Normal file
125
debian/patches/bugfix/all/mtd-m25p80-spi-nor-Fix-module-aliases-for-m25p80.patch
vendored
Normal file
|
@ -0,0 +1,125 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Tue, 30 Sep 2014 03:14:55 +0100
|
||||
Subject: [4/4] mtd: m25p80,spi-nor: Fix module aliases for m25p80
|
||||
Origin: http://git.infradead.org/l2-mtd.git/commit/a5b7616c55e188fe3d6ef686bef402d4703ecb62
|
||||
|
||||
m25p80's device ID table is now spi_nor_ids, defined in spi-nor. The
|
||||
MODULE_DEVICE_TABLE() macro doesn't work with extern definitions, but
|
||||
its use was also removed at the same time. Now if m25p80 is built as
|
||||
a module it doesn't get the necessary aliases to be loaded
|
||||
automatically.
|
||||
|
||||
A clean solution to this will involve defining the list of device
|
||||
IDs in spi-nor.h and removing struct spi_device_id from the spi-nor
|
||||
API, but this is quite a large change.
|
||||
|
||||
As a quick fix suitable for stable, copy the device IDs back into
|
||||
m25p80.
|
||||
|
||||
Fixes: 03e296f613af ("mtd: m25p80: use the SPI nor framework")
|
||||
Cc: <stable@vger.kernel.org> # 3.16.x: 32f1b7c8352f: mtd: move support for struct flash_platform_data into m25p80
|
||||
Cc: <stable@vger.kernel.org> # 3.16.x: 90e55b3812a1: mtd: m25p80: get rid of spi_get_device_id
|
||||
Cc: <stable@vger.kernel.org> # 3.16.x: 70f3ce0510af: mtd: spi-nor: make spi_nor_scan() take a chip type name, not spi_device_id
|
||||
Cc: <stable@vger.kernel.org> # 3.16.x
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
|
||||
---
|
||||
drivers/mtd/devices/m25p80.c | 52 ++++++++++++++++++++++++++++++++++++++++++-
|
||||
drivers/mtd/spi-nor/spi-nor.c | 3 +--
|
||||
include/linux/mtd/spi-nor.h | 1 -
|
||||
3 files changed, 52 insertions(+), 4 deletions(-)
|
||||
|
||||
--- a/drivers/mtd/devices/m25p80.c
|
||||
+++ b/drivers/mtd/devices/m25p80.c
|
||||
@@ -261,12 +261,62 @@ static int m25p_remove(struct spi_device
|
||||
}
|
||||
|
||||
|
||||
+/*
|
||||
+ * XXX This needs to be kept in sync with spi_nor_ids. We can't share
|
||||
+ * it with spi-nor, because if this is built as a module then modpost
|
||||
+ * won't be able to read it and add appropriate aliases.
|
||||
+ */
|
||||
+static const struct spi_device_id m25p_ids[] = {
|
||||
+ {"at25fs010"}, {"at25fs040"}, {"at25df041a"}, {"at25df321a"},
|
||||
+ {"at25df641"}, {"at26f004"}, {"at26df081a"}, {"at26df161a"},
|
||||
+ {"at26df321"}, {"at45db081d"},
|
||||
+ {"en25f32"}, {"en25p32"}, {"en25q32b"}, {"en25p64"},
|
||||
+ {"en25q64"}, {"en25qh128"}, {"en25qh256"},
|
||||
+ {"f25l32pa"},
|
||||
+ {"mr25h256"}, {"mr25h10"},
|
||||
+ {"gd25q32"}, {"gd25q64"},
|
||||
+ {"160s33b"}, {"320s33b"}, {"640s33b"},
|
||||
+ {"mx25l2005a"}, {"mx25l4005a"}, {"mx25l8005"}, {"mx25l1606e"},
|
||||
+ {"mx25l3205d"}, {"mx25l3255e"}, {"mx25l6405d"}, {"mx25l12805d"},
|
||||
+ {"mx25l12855e"},{"mx25l25635e"},{"mx25l25655e"},{"mx66l51235l"},
|
||||
+ {"mx66l1g55g"},
|
||||
+ {"n25q064"}, {"n25q128a11"}, {"n25q128a13"}, {"n25q256a"},
|
||||
+ {"n25q512a"}, {"n25q512ax3"}, {"n25q00"},
|
||||
+ {"pm25lv512"}, {"pm25lv010"}, {"pm25lq032"},
|
||||
+ {"s25sl032p"}, {"s25sl064p"}, {"s25fl256s0"}, {"s25fl256s1"},
|
||||
+ {"s25fl512s"}, {"s70fl01gs"}, {"s25sl12800"}, {"s25sl12801"},
|
||||
+ {"s25fl129p0"}, {"s25fl129p1"}, {"s25sl004a"}, {"s25sl008a"},
|
||||
+ {"s25sl016a"}, {"s25sl032a"}, {"s25sl064a"}, {"s25fl008k"},
|
||||
+ {"s25fl016k"}, {"s25fl064k"},
|
||||
+ {"sst25vf040b"},{"sst25vf080b"},{"sst25vf016b"},{"sst25vf032b"},
|
||||
+ {"sst25vf064c"},{"sst25wf512"}, {"sst25wf010"}, {"sst25wf020"},
|
||||
+ {"sst25wf040"},
|
||||
+ {"m25p05"}, {"m25p10"}, {"m25p20"}, {"m25p40"},
|
||||
+ {"m25p80"}, {"m25p16"}, {"m25p32"}, {"m25p64"},
|
||||
+ {"m25p128"}, {"n25q032"},
|
||||
+ {"m25p05-nonjedec"}, {"m25p10-nonjedec"}, {"m25p20-nonjedec"},
|
||||
+ {"m25p40-nonjedec"}, {"m25p80-nonjedec"}, {"m25p16-nonjedec"},
|
||||
+ {"m25p32-nonjedec"}, {"m25p64-nonjedec"}, {"m25p128-nonjedec"},
|
||||
+ {"m45pe10"}, {"m45pe80"}, {"m45pe16"},
|
||||
+ {"m25pe20"}, {"m25pe80"}, {"m25pe16"},
|
||||
+ {"m25px16"}, {"m25px32"}, {"m25px32-s0"}, {"m25px32-s1"},
|
||||
+ {"m25px64"},
|
||||
+ {"w25x10"}, {"w25x20"}, {"w25x40"}, {"w25x80"},
|
||||
+ {"w25x16"}, {"w25x32"}, {"w25q32"}, {"w25q32dw"},
|
||||
+ {"w25x64"}, {"w25q64"}, {"w25q128"}, {"w25q80"},
|
||||
+ {"w25q80bl"}, {"w25q128"}, {"w25q256"}, {"cat25c11"},
|
||||
+ {"cat25c03"}, {"cat25c09"}, {"cat25c17"}, {"cat25128"},
|
||||
+ { },
|
||||
+};
|
||||
+MODULE_DEVICE_TABLE(spi, m25p_ids);
|
||||
+
|
||||
+
|
||||
static struct spi_driver m25p80_driver = {
|
||||
.driver = {
|
||||
.name = "m25p80",
|
||||
.owner = THIS_MODULE,
|
||||
},
|
||||
- .id_table = spi_nor_ids,
|
||||
+ .id_table = m25p_ids,
|
||||
.probe = m25p_probe,
|
||||
.remove = m25p_remove,
|
||||
|
||||
--- a/drivers/mtd/spi-nor/spi-nor.c
|
||||
+++ b/drivers/mtd/spi-nor/spi-nor.c
|
||||
@@ -429,7 +429,7 @@ struct flash_info {
|
||||
* more nor chips. This current list focusses on newer chips, which
|
||||
* have been converging on command sets which including JEDEC ID.
|
||||
*/
|
||||
-const struct spi_device_id spi_nor_ids[] = {
|
||||
+static const struct spi_device_id spi_nor_ids[] = {
|
||||
/* Atmel -- some are (confusingly) marketed as "DataFlash" */
|
||||
{ "at25fs010", INFO(0x1f6601, 0, 32 * 1024, 4, SECT_4K) },
|
||||
{ "at25fs040", INFO(0x1f6604, 0, 64 * 1024, 8, SECT_4K) },
|
||||
@@ -590,7 +590,6 @@ const struct spi_device_id spi_nor_ids[]
|
||||
{ "cat25128", CAT25_INFO(2048, 8, 64, 2, SPI_NOR_NO_ERASE | SPI_NOR_NO_FR) },
|
||||
{ },
|
||||
};
|
||||
-EXPORT_SYMBOL_GPL(spi_nor_ids);
|
||||
|
||||
static const struct spi_device_id *spi_nor_read_id(struct spi_nor *nor)
|
||||
{
|
||||
--- a/include/linux/mtd/spi-nor.h
|
||||
+++ b/include/linux/mtd/spi-nor.h
|
||||
@@ -195,6 +195,5 @@ struct spi_nor {
|
||||
* Return: 0 for success, others for failure.
|
||||
*/
|
||||
int spi_nor_scan(struct spi_nor *nor, const char *name, enum read_mode mode);
|
||||
-extern const struct spi_device_id spi_nor_ids[];
|
||||
|
||||
#endif
|
119
debian/patches/bugfix/all/mtd-move-support-for-struct-flash_platform_data-into.patch
vendored
Normal file
119
debian/patches/bugfix/all/mtd-move-support-for-struct-flash_platform_data-into.patch
vendored
Normal file
|
@ -0,0 +1,119 @@
|
|||
From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <zajec5@gmail.com>
|
||||
Date: Sun, 28 Sep 2014 22:36:54 +0200
|
||||
Subject: [1/4] mtd: move support for struct flash_platform_data into m25p80
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Origin: http://git.infradead.org/l2-mtd.git/commit/32f1b7c8352fd33d41bcec3cfb054ccdcfd40a42
|
||||
|
||||
This "type" seems to be an extra hint for m25p80 about the flash. Some
|
||||
archs register flash_platform_data with "name" set to "m25p80" and then
|
||||
with a real flash name set in "type". It seems to be a trick specific
|
||||
to the m25p80 so let's move it out of spi-nor.
|
||||
Btw switch to the spi_nor_match_id instead of iterating spi_nor_ids.
|
||||
|
||||
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
|
||||
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
|
||||
---
|
||||
drivers/mtd/devices/m25p80.c | 22 ++++++++++++++++++++--
|
||||
drivers/mtd/spi-nor/spi-nor.c | 28 +---------------------------
|
||||
2 files changed, 21 insertions(+), 29 deletions(-)
|
||||
|
||||
--- a/drivers/mtd/devices/m25p80.c
|
||||
+++ b/drivers/mtd/devices/m25p80.c
|
||||
@@ -193,11 +193,14 @@ static int m25p_probe(struct spi_device
|
||||
{
|
||||
struct mtd_part_parser_data ppdata;
|
||||
struct flash_platform_data *data;
|
||||
+ const struct spi_device_id *id = NULL;
|
||||
struct m25p *flash;
|
||||
struct spi_nor *nor;
|
||||
enum read_mode mode = SPI_NOR_NORMAL;
|
||||
int ret;
|
||||
|
||||
+ data = dev_get_platdata(&spi->dev);
|
||||
+
|
||||
flash = devm_kzalloc(&spi->dev, sizeof(*flash), GFP_KERNEL);
|
||||
if (!flash)
|
||||
return -ENOMEM;
|
||||
@@ -223,11 +226,26 @@ static int m25p_probe(struct spi_device
|
||||
mode = SPI_NOR_QUAD;
|
||||
else if (spi->mode & SPI_RX_DUAL)
|
||||
mode = SPI_NOR_DUAL;
|
||||
- ret = spi_nor_scan(nor, spi_get_device_id(spi), mode);
|
||||
+
|
||||
+ if (data && data->name)
|
||||
+ flash->mtd.name = data->name;
|
||||
+
|
||||
+ /* For some (historical?) reason many platforms provide two different
|
||||
+ * names in flash_platform_data: "name" and "type". Quite often name is
|
||||
+ * set to "m25p80" and then "type" provides a real chip name.
|
||||
+ * If that's the case, respect "type" and ignore a "name".
|
||||
+ */
|
||||
+ if (data && data->type)
|
||||
+ id = spi_nor_match_id(data->type);
|
||||
+
|
||||
+ /* If we didn't get name from platform, simply use "modalias". */
|
||||
+ if (!id)
|
||||
+ id = spi_get_device_id(spi);
|
||||
+
|
||||
+ ret = spi_nor_scan(nor, id, mode);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
- data = dev_get_platdata(&spi->dev);
|
||||
ppdata.of_node = spi->dev.of_node;
|
||||
|
||||
return mtd_device_parse_register(&flash->mtd, NULL, &ppdata,
|
||||
--- a/drivers/mtd/spi-nor/spi-nor.c
|
||||
+++ b/drivers/mtd/spi-nor/spi-nor.c
|
||||
@@ -871,7 +871,6 @@ int spi_nor_scan(struct spi_nor *nor, co
|
||||
enum read_mode mode)
|
||||
{
|
||||
struct flash_info *info;
|
||||
- struct flash_platform_data *data;
|
||||
struct device *dev = nor->dev;
|
||||
struct mtd_info *mtd = nor->mtd;
|
||||
struct device_node *np = dev->of_node;
|
||||
@@ -882,28 +881,6 @@ int spi_nor_scan(struct spi_nor *nor, co
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
- /* Platform data helps sort out which chip type we have, as
|
||||
- * well as how this board partitions it. If we don't have
|
||||
- * a chip ID, try the JEDEC id commands; they'll work for most
|
||||
- * newer chips, even if we don't recognize the particular chip.
|
||||
- */
|
||||
- data = dev_get_platdata(dev);
|
||||
- if (data && data->type) {
|
||||
- const struct spi_device_id *plat_id;
|
||||
-
|
||||
- for (i = 0; i < ARRAY_SIZE(spi_nor_ids) - 1; i++) {
|
||||
- plat_id = &spi_nor_ids[i];
|
||||
- if (strcmp(data->type, plat_id->name))
|
||||
- continue;
|
||||
- break;
|
||||
- }
|
||||
-
|
||||
- if (i < ARRAY_SIZE(spi_nor_ids) - 1)
|
||||
- id = plat_id;
|
||||
- else
|
||||
- dev_warn(dev, "unrecognized id %s\n", data->type);
|
||||
- }
|
||||
-
|
||||
info = (void *)id->driver_data;
|
||||
|
||||
if (info->jedec_id) {
|
||||
@@ -941,11 +918,8 @@ int spi_nor_scan(struct spi_nor *nor, co
|
||||
write_sr(nor, 0);
|
||||
}
|
||||
|
||||
- if (data && data->name)
|
||||
- mtd->name = data->name;
|
||||
- else
|
||||
+ if (!mtd->name)
|
||||
mtd->name = dev_name(dev);
|
||||
-
|
||||
mtd->type = MTD_NORFLASH;
|
||||
mtd->writesize = 1;
|
||||
mtd->flags = MTD_CAP_NORFLASH;
|
162
debian/patches/bugfix/all/mtd-spi-nor-make-spi_nor_scan-take-a-chip-type-name-.patch
vendored
Normal file
162
debian/patches/bugfix/all/mtd-spi-nor-make-spi_nor_scan-take-a-chip-type-name-.patch
vendored
Normal file
|
@ -0,0 +1,162 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Mon, 29 Sep 2014 11:47:54 +0200
|
||||
Subject: [3/4] mtd: spi-nor: make spi_nor_scan() take a chip type name, not
|
||||
spi_device_id
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Origin: http://git.infradead.org/l2-mtd.git/commit/70f3ce0510afdad7cbaf27ab7ab961377205c782
|
||||
|
||||
Drivers currently call spi_nor_match_id() and then spi_nor_scan().
|
||||
This adds a dependency on struct spi_device_id which we want to
|
||||
avoid. Make spi_nor_scan() do it for them.
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
|
||||
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
|
||||
---
|
||||
drivers/mtd/devices/m25p80.c | 4 +---
|
||||
drivers/mtd/spi-nor/fsl-quadspi.c | 7 +------
|
||||
drivers/mtd/spi-nor/spi-nor.c | 13 +++++++++----
|
||||
include/linux/mtd/spi-nor.h | 20 +++-----------------
|
||||
4 files changed, 14 insertions(+), 30 deletions(-)
|
||||
|
||||
--- a/drivers/mtd/devices/m25p80.c
|
||||
+++ b/drivers/mtd/devices/m25p80.c
|
||||
@@ -193,7 +193,6 @@ static int m25p_probe(struct spi_device
|
||||
{
|
||||
struct mtd_part_parser_data ppdata;
|
||||
struct flash_platform_data *data;
|
||||
- const struct spi_device_id *id = NULL;
|
||||
struct m25p *flash;
|
||||
struct spi_nor *nor;
|
||||
enum read_mode mode = SPI_NOR_NORMAL;
|
||||
@@ -241,8 +240,7 @@ static int m25p_probe(struct spi_device
|
||||
else
|
||||
flash_name = spi->modalias;
|
||||
|
||||
- id = spi_nor_match_id(flash_name);
|
||||
- ret = spi_nor_scan(nor, id, mode);
|
||||
+ ret = spi_nor_scan(nor, flash_name, mode);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
--- a/drivers/mtd/spi-nor/fsl-quadspi.c
|
||||
+++ b/drivers/mtd/spi-nor/fsl-quadspi.c
|
||||
@@ -881,7 +881,6 @@ static int fsl_qspi_probe(struct platfor
|
||||
|
||||
/* iterate the subnodes. */
|
||||
for_each_available_child_of_node(dev->of_node, np) {
|
||||
- const struct spi_device_id *id;
|
||||
char modalias[40];
|
||||
|
||||
/* skip the holes */
|
||||
@@ -909,10 +908,6 @@ static int fsl_qspi_probe(struct platfor
|
||||
if (of_modalias_node(np, modalias, sizeof(modalias)) < 0)
|
||||
goto map_failed;
|
||||
|
||||
- id = spi_nor_match_id(modalias);
|
||||
- if (!id)
|
||||
- goto map_failed;
|
||||
-
|
||||
ret = of_property_read_u32(np, "spi-max-frequency",
|
||||
&q->clk_rate);
|
||||
if (ret < 0)
|
||||
@@ -921,7 +916,7 @@ static int fsl_qspi_probe(struct platfor
|
||||
/* set the chip address for READID */
|
||||
fsl_qspi_set_base_addr(q, nor);
|
||||
|
||||
- ret = spi_nor_scan(nor, id, SPI_NOR_QUAD);
|
||||
+ ret = spi_nor_scan(nor, modalias, SPI_NOR_QUAD);
|
||||
if (ret)
|
||||
goto map_failed;
|
||||
|
||||
--- a/drivers/mtd/spi-nor/spi-nor.c
|
||||
+++ b/drivers/mtd/spi-nor/spi-nor.c
|
||||
@@ -28,6 +28,8 @@
|
||||
|
||||
#define JEDEC_MFR(_jedec_id) ((_jedec_id) >> 16)
|
||||
|
||||
+static const struct spi_device_id *spi_nor_match_id(const char *name);
|
||||
+
|
||||
/*
|
||||
* Read the status register, returning its value in the location
|
||||
* Return the status register value.
|
||||
@@ -867,9 +869,9 @@ static int spi_nor_check(struct spi_nor
|
||||
return 0;
|
||||
}
|
||||
|
||||
-int spi_nor_scan(struct spi_nor *nor, const struct spi_device_id *id,
|
||||
- enum read_mode mode)
|
||||
+int spi_nor_scan(struct spi_nor *nor, const char *name, enum read_mode mode)
|
||||
{
|
||||
+ const struct spi_device_id *id = NULL;
|
||||
struct flash_info *info;
|
||||
struct device *dev = nor->dev;
|
||||
struct mtd_info *mtd = nor->mtd;
|
||||
@@ -881,6 +883,10 @@ int spi_nor_scan(struct spi_nor *nor, co
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
+ id = spi_nor_match_id(name);
|
||||
+ if (!id)
|
||||
+ return -ENOENT;
|
||||
+
|
||||
info = (void *)id->driver_data;
|
||||
|
||||
if (info->jedec_id) {
|
||||
@@ -1062,7 +1068,7 @@ int spi_nor_scan(struct spi_nor *nor, co
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(spi_nor_scan);
|
||||
|
||||
-const struct spi_device_id *spi_nor_match_id(char *name)
|
||||
+static const struct spi_device_id *spi_nor_match_id(const char *name)
|
||||
{
|
||||
const struct spi_device_id *id = spi_nor_ids;
|
||||
|
||||
@@ -1073,7 +1079,6 @@ const struct spi_device_id *spi_nor_matc
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
-EXPORT_SYMBOL_GPL(spi_nor_match_id);
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Huang Shijie <shijie8@gmail.com>");
|
||||
--- a/include/linux/mtd/spi-nor.h
|
||||
+++ b/include/linux/mtd/spi-nor.h
|
||||
@@ -183,32 +183,18 @@ struct spi_nor {
|
||||
/**
|
||||
* spi_nor_scan() - scan the SPI NOR
|
||||
* @nor: the spi_nor structure
|
||||
- * @id: the spi_device_id provided by the driver
|
||||
+ * @name: the chip type name
|
||||
* @mode: the read mode supported by the driver
|
||||
*
|
||||
* The drivers can use this fuction to scan the SPI NOR.
|
||||
* In the scanning, it will try to get all the necessary information to
|
||||
* fill the mtd_info{} and the spi_nor{}.
|
||||
*
|
||||
- * The board may assigns a spi_device_id with @id which be used to compared with
|
||||
- * the spi_device_id detected by the scanning.
|
||||
+ * The chip type name can be provided through the @name parameter.
|
||||
*
|
||||
* Return: 0 for success, others for failure.
|
||||
*/
|
||||
-int spi_nor_scan(struct spi_nor *nor, const struct spi_device_id *id,
|
||||
- enum read_mode mode);
|
||||
+int spi_nor_scan(struct spi_nor *nor, const char *name, enum read_mode mode);
|
||||
extern const struct spi_device_id spi_nor_ids[];
|
||||
|
||||
-/**
|
||||
- * spi_nor_match_id() - find the spi_device_id by the name
|
||||
- * @name: the name of the spi_device_id
|
||||
- *
|
||||
- * The drivers use this function to find the spi_device_id
|
||||
- * specified by the @name.
|
||||
- *
|
||||
- * Return: returns the right spi_device_id pointer on success,
|
||||
- * and returns NULL on failure.
|
||||
- */
|
||||
-const struct spi_device_id *spi_nor_match_id(char *name);
|
||||
-
|
||||
#endif
|
|
@ -0,0 +1,42 @@
|
|||
Subject: [1/1] net: mv643xx_eth: Make TSO disabled by default
|
||||
From: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>
|
||||
Date: Sat, 1 Nov 2014 12:30:20 -0300
|
||||
Origin: http://patchwork.ozlabs.org/patch/405792/
|
||||
|
||||
Data corruption has been observed to be produced by TSO. For instance,
|
||||
accessing files on a NFS-server with TSO enabled results in different data
|
||||
transferred each time.
|
||||
|
||||
This has been observed only on Kirkwood platforms, i.e. with the mv643xx_eth
|
||||
driver. Same tests on platforms using the mvneta ethernet driver have
|
||||
passed without errors.
|
||||
|
||||
Make TSO disabled by default for now, until we can found a proper fix
|
||||
for the regression.
|
||||
|
||||
Fixes: 3ae8f4e0b98 ('net: mv643xx_eth: Implement software TSO')
|
||||
Reported-by: Slawomir Gajzner <slawomir.gajzner@gmail.com>
|
||||
Reported-by: Julien D'Ascenzio <jdascenzio@yahoo.fr>
|
||||
Signed-off-by: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>
|
||||
---
|
||||
drivers/net/ethernet/marvell/mv643xx_eth.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/net/ethernet/marvell/mv643xx_eth.c b/drivers/net/ethernet/marvell/mv643xx_eth.c
|
||||
index b151a94..8b72780 100644
|
||||
--- a/drivers/net/ethernet/marvell/mv643xx_eth.c
|
||||
+++ b/drivers/net/ethernet/marvell/mv643xx_eth.c
|
||||
@@ -3110,11 +3110,11 @@ static int mv643xx_eth_probe(struct platform_device *pdev)
|
||||
dev->watchdog_timeo = 2 * HZ;
|
||||
dev->base_addr = 0;
|
||||
|
||||
- dev->features = NETIF_F_SG | NETIF_F_IP_CSUM | NETIF_F_TSO;
|
||||
+ dev->features = NETIF_F_SG | NETIF_F_IP_CSUM;
|
||||
dev->vlan_features = dev->features;
|
||||
|
||||
dev->features |= NETIF_F_RXCSUM;
|
||||
- dev->hw_features = dev->features;
|
||||
+ dev->hw_features = dev->features | NETIF_F_TSO;
|
||||
|
||||
dev->priv_flags |= IFF_UNICAST_FLT;
|
||||
dev->gso_max_segs = MV643XX_MAX_TSO_SEGS;
|
87
debian/patches/bugfix/all/net-sctp-fix-panic-on-duplicate-ASCONF-chunks.patch
vendored
Normal file
87
debian/patches/bugfix/all/net-sctp-fix-panic-on-duplicate-ASCONF-chunks.patch
vendored
Normal file
|
@ -0,0 +1,87 @@
|
|||
From: Daniel Borkmann <dborkman@redhat.com>
|
||||
Date: Thu, 9 Oct 2014 22:55:32 +0200
|
||||
Subject: net: sctp: fix panic on duplicate ASCONF chunks
|
||||
Origin: https://git.kernel.org/linus/b69040d8e39f20d5215a03502a8e8b4c6ab78395
|
||||
|
||||
When receiving a e.g. semi-good formed connection scan in the
|
||||
form of ...
|
||||
|
||||
-------------- INIT[ASCONF; ASCONF_ACK] ------------->
|
||||
<----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------
|
||||
-------------------- COOKIE-ECHO -------------------->
|
||||
<-------------------- COOKIE-ACK ---------------------
|
||||
---------------- ASCONF_a; ASCONF_b ----------------->
|
||||
|
||||
... where ASCONF_a equals ASCONF_b chunk (at least both serials
|
||||
need to be equal), we panic an SCTP server!
|
||||
|
||||
The problem is that good-formed ASCONF chunks that we reply with
|
||||
ASCONF_ACK chunks are cached per serial. Thus, when we receive a
|
||||
same ASCONF chunk twice (e.g. through a lost ASCONF_ACK), we do
|
||||
not need to process them again on the server side (that was the
|
||||
idea, also proposed in the RFC). Instead, we know it was cached
|
||||
and we just resend the cached chunk instead. So far, so good.
|
||||
|
||||
Where things get nasty is in SCTP's side effect interpreter, that
|
||||
is, sctp_cmd_interpreter():
|
||||
|
||||
While incoming ASCONF_a (chunk = event_arg) is being marked
|
||||
!end_of_packet and !singleton, and we have an association context,
|
||||
we do not flush the outqueue the first time after processing the
|
||||
ASCONF_ACK singleton chunk via SCTP_CMD_REPLY. Instead, we keep it
|
||||
queued up, although we set local_cork to 1. Commit 2e3216cd54b1
|
||||
changed the precedence, so that as long as we get bundled, incoming
|
||||
chunks we try possible bundling on outgoing queue as well. Before
|
||||
this commit, we would just flush the output queue.
|
||||
|
||||
Now, while ASCONF_a's ASCONF_ACK sits in the corked outq, we
|
||||
continue to process the same ASCONF_b chunk from the packet. As
|
||||
we have cached the previous ASCONF_ACK, we find it, grab it and
|
||||
do another SCTP_CMD_REPLY command on it. So, effectively, we rip
|
||||
the chunk->list pointers and requeue the same ASCONF_ACK chunk
|
||||
another time. Since we process ASCONF_b, it's correctly marked
|
||||
with end_of_packet and we enforce an uncork, and thus flush, thus
|
||||
crashing the kernel.
|
||||
|
||||
Fix it by testing if the ASCONF_ACK is currently pending and if
|
||||
that is the case, do not requeue it. When flushing the output
|
||||
queue we may relink the chunk for preparing an outgoing packet,
|
||||
but eventually unlink it when it's copied into the skb right
|
||||
before transmission.
|
||||
|
||||
Joint work with Vlad Yasevich.
|
||||
|
||||
Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1 packet")
|
||||
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
||||
Signed-off-by: Vlad Yasevich <vyasevich@gmail.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
include/net/sctp/sctp.h | 5 +++++
|
||||
net/sctp/associola.c | 2 ++
|
||||
2 files changed, 7 insertions(+)
|
||||
|
||||
--- a/include/net/sctp/sctp.h
|
||||
+++ b/include/net/sctp/sctp.h
|
||||
@@ -433,6 +433,11 @@ static inline void sctp_assoc_pending_pm
|
||||
asoc->pmtu_pending = 0;
|
||||
}
|
||||
|
||||
+static inline bool sctp_chunk_pending(const struct sctp_chunk *chunk)
|
||||
+{
|
||||
+ return !list_empty(&chunk->list);
|
||||
+}
|
||||
+
|
||||
/* Walk through a list of TLV parameters. Don't trust the
|
||||
* individual parameter lengths and instead depend on
|
||||
* the chunk length to indicate when to stop. Make sure
|
||||
--- a/net/sctp/associola.c
|
||||
+++ b/net/sctp/associola.c
|
||||
@@ -1670,6 +1670,8 @@ struct sctp_chunk *sctp_assoc_lookup_asc
|
||||
* ack chunk whose serial number matches that of the request.
|
||||
*/
|
||||
list_for_each_entry(ack, &asoc->asconf_ack_list, transmitted_list) {
|
||||
+ if (sctp_chunk_pending(ack))
|
||||
+ continue;
|
||||
if (ack->subh.addip_hdr->serial == serial) {
|
||||
sctp_chunk_hold(ack);
|
||||
return ack;
|
149
debian/patches/bugfix/all/net-sctp-fix-remote-memory-pressure-from-excessive-q.patch
vendored
Normal file
149
debian/patches/bugfix/all/net-sctp-fix-remote-memory-pressure-from-excessive-q.patch
vendored
Normal file
|
@ -0,0 +1,149 @@
|
|||
From: Daniel Borkmann <dborkman@redhat.com>
|
||||
Date: Thu, 9 Oct 2014 22:55:33 +0200
|
||||
Subject: net: sctp: fix remote memory pressure from excessive queueing
|
||||
Origin: https://git.kernel.org/linus/26b87c7881006311828bb0ab271a551a62dcceb4
|
||||
|
||||
This scenario is not limited to ASCONF, just taken as one
|
||||
example triggering the issue. When receiving ASCONF probes
|
||||
in the form of ...
|
||||
|
||||
-------------- INIT[ASCONF; ASCONF_ACK] ------------->
|
||||
<----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------
|
||||
-------------------- COOKIE-ECHO -------------------->
|
||||
<-------------------- COOKIE-ACK ---------------------
|
||||
---- ASCONF_a; [ASCONF_b; ...; ASCONF_n;] JUNK ------>
|
||||
[...]
|
||||
---- ASCONF_m; [ASCONF_o; ...; ASCONF_z;] JUNK ------>
|
||||
|
||||
... where ASCONF_a, ASCONF_b, ..., ASCONF_z are good-formed
|
||||
ASCONFs and have increasing serial numbers, we process such
|
||||
ASCONF chunk(s) marked with !end_of_packet and !singleton,
|
||||
since we have not yet reached the SCTP packet end. SCTP does
|
||||
only do verification on a chunk by chunk basis, as an SCTP
|
||||
packet is nothing more than just a container of a stream of
|
||||
chunks which it eats up one by one.
|
||||
|
||||
We could run into the case that we receive a packet with a
|
||||
malformed tail, above marked as trailing JUNK. All previous
|
||||
chunks are here goodformed, so the stack will eat up all
|
||||
previous chunks up to this point. In case JUNK does not fit
|
||||
into a chunk header and there are no more other chunks in
|
||||
the input queue, or in case JUNK contains a garbage chunk
|
||||
header, but the encoded chunk length would exceed the skb
|
||||
tail, or we came here from an entirely different scenario
|
||||
and the chunk has pdiscard=1 mark (without having had a flush
|
||||
point), it will happen, that we will excessively queue up
|
||||
the association's output queue (a correct final chunk may
|
||||
then turn it into a response flood when flushing the
|
||||
queue ;)): I ran a simple script with incremental ASCONF
|
||||
serial numbers and could see the server side consuming
|
||||
excessive amount of RAM [before/after: up to 2GB and more].
|
||||
|
||||
The issue at heart is that the chunk train basically ends
|
||||
with !end_of_packet and !singleton markers and since commit
|
||||
2e3216cd54b1 ("sctp: Follow security requirement of responding
|
||||
with 1 packet") therefore preventing an output queue flush
|
||||
point in sctp_do_sm() -> sctp_cmd_interpreter() on the input
|
||||
chunk (chunk = event_arg) even though local_cork is set,
|
||||
but its precedence has changed since then. In the normal
|
||||
case, the last chunk with end_of_packet=1 would trigger the
|
||||
queue flush to accommodate possible outgoing bundling.
|
||||
|
||||
In the input queue, sctp_inq_pop() seems to do the right thing
|
||||
in terms of discarding invalid chunks. So, above JUNK will
|
||||
not enter the state machine and instead be released and exit
|
||||
the sctp_assoc_bh_rcv() chunk processing loop. It's simply
|
||||
the flush point being missing at loop exit. Adding a try-flush
|
||||
approach on the output queue might not work as the underlying
|
||||
infrastructure might be long gone at this point due to the
|
||||
side-effect interpreter run.
|
||||
|
||||
One possibility, albeit a bit of a kludge, would be to defer
|
||||
invalid chunk freeing into the state machine in order to
|
||||
possibly trigger packet discards and thus indirectly a queue
|
||||
flush on error. It would surely be better to discard chunks
|
||||
as in the current, perhaps better controlled environment, but
|
||||
going back and forth, it's simply architecturally not possible.
|
||||
I tried various trailing JUNK attack cases and it seems to
|
||||
look good now.
|
||||
|
||||
Joint work with Vlad Yasevich.
|
||||
|
||||
Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1 packet")
|
||||
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
||||
Signed-off-by: Vlad Yasevich <vyasevich@gmail.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/sctp/inqueue.c | 33 +++++++--------------------------
|
||||
net/sctp/sm_statefuns.c | 3 +++
|
||||
2 files changed, 10 insertions(+), 26 deletions(-)
|
||||
|
||||
diff --git a/net/sctp/inqueue.c b/net/sctp/inqueue.c
|
||||
index 4de12af..7e8a16c 100644
|
||||
--- a/net/sctp/inqueue.c
|
||||
+++ b/net/sctp/inqueue.c
|
||||
@@ -140,18 +140,9 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue)
|
||||
} else {
|
||||
/* Nothing to do. Next chunk in the packet, please. */
|
||||
ch = (sctp_chunkhdr_t *) chunk->chunk_end;
|
||||
-
|
||||
/* Force chunk->skb->data to chunk->chunk_end. */
|
||||
- skb_pull(chunk->skb,
|
||||
- chunk->chunk_end - chunk->skb->data);
|
||||
-
|
||||
- /* Verify that we have at least chunk headers
|
||||
- * worth of buffer left.
|
||||
- */
|
||||
- if (skb_headlen(chunk->skb) < sizeof(sctp_chunkhdr_t)) {
|
||||
- sctp_chunk_free(chunk);
|
||||
- chunk = queue->in_progress = NULL;
|
||||
- }
|
||||
+ skb_pull(chunk->skb, chunk->chunk_end - chunk->skb->data);
|
||||
+ /* We are guaranteed to pull a SCTP header. */
|
||||
}
|
||||
}
|
||||
|
||||
@@ -187,24 +178,14 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue)
|
||||
skb_pull(chunk->skb, sizeof(sctp_chunkhdr_t));
|
||||
chunk->subh.v = NULL; /* Subheader is no longer valid. */
|
||||
|
||||
- if (chunk->chunk_end < skb_tail_pointer(chunk->skb)) {
|
||||
+ if (chunk->chunk_end + sizeof(sctp_chunkhdr_t) <
|
||||
+ skb_tail_pointer(chunk->skb)) {
|
||||
/* This is not a singleton */
|
||||
chunk->singleton = 0;
|
||||
} else if (chunk->chunk_end > skb_tail_pointer(chunk->skb)) {
|
||||
- /* RFC 2960, Section 6.10 Bundling
|
||||
- *
|
||||
- * Partial chunks MUST NOT be placed in an SCTP packet.
|
||||
- * If the receiver detects a partial chunk, it MUST drop
|
||||
- * the chunk.
|
||||
- *
|
||||
- * Since the end of the chunk is past the end of our buffer
|
||||
- * (which contains the whole packet, we can freely discard
|
||||
- * the whole packet.
|
||||
- */
|
||||
- sctp_chunk_free(chunk);
|
||||
- chunk = queue->in_progress = NULL;
|
||||
-
|
||||
- return NULL;
|
||||
+ /* Discard inside state machine. */
|
||||
+ chunk->pdiscard = 1;
|
||||
+ chunk->chunk_end = skb_tail_pointer(chunk->skb);
|
||||
} else {
|
||||
/* We are at the end of the packet, so mark the chunk
|
||||
* in case we need to send a SACK.
|
||||
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
|
||||
index bdea3df..3ee27b7 100644
|
||||
--- a/net/sctp/sm_statefuns.c
|
||||
+++ b/net/sctp/sm_statefuns.c
|
||||
@@ -170,6 +170,9 @@ sctp_chunk_length_valid(struct sctp_chunk *chunk,
|
||||
{
|
||||
__u16 chunk_length = ntohs(chunk->chunk_hdr->length);
|
||||
|
||||
+ /* Previously already marked? */
|
||||
+ if (unlikely(chunk->pdiscard))
|
||||
+ return 0;
|
||||
if (unlikely(chunk_length < required_length))
|
||||
return 0;
|
||||
|
336
debian/patches/bugfix/all/net-sctp-fix-skb_over_panic-when-receiving-malformed.patch
vendored
Normal file
336
debian/patches/bugfix/all/net-sctp-fix-skb_over_panic-when-receiving-malformed.patch
vendored
Normal file
|
@ -0,0 +1,336 @@
|
|||
From: Daniel Borkmann <dborkman@redhat.com>
|
||||
Date: Thu, 9 Oct 2014 22:55:31 +0200
|
||||
Subject: net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks
|
||||
Origin: https://git.kernel.org/linus/9de7922bc709eee2f609cd01d98aaedc4cf5ea74
|
||||
|
||||
Commit 6f4c618ddb0 ("SCTP : Add paramters validity check for
|
||||
ASCONF chunk") added basic verification of ASCONF chunks, however,
|
||||
it is still possible to remotely crash a server by sending a
|
||||
special crafted ASCONF chunk, even up to pre 2.6.12 kernels:
|
||||
|
||||
skb_over_panic: text:ffffffffa01ea1c3 len:31056 put:30768
|
||||
head:ffff88011bd81800 data:ffff88011bd81800 tail:0x7950
|
||||
end:0x440 dev:<NULL>
|
||||
------------[ cut here ]------------
|
||||
kernel BUG at net/core/skbuff.c:129!
|
||||
[...]
|
||||
Call Trace:
|
||||
<IRQ>
|
||||
[<ffffffff8144fb1c>] skb_put+0x5c/0x70
|
||||
[<ffffffffa01ea1c3>] sctp_addto_chunk+0x63/0xd0 [sctp]
|
||||
[<ffffffffa01eadaf>] sctp_process_asconf+0x1af/0x540 [sctp]
|
||||
[<ffffffff8152d025>] ? _read_unlock_bh+0x15/0x20
|
||||
[<ffffffffa01e0038>] sctp_sf_do_asconf+0x168/0x240 [sctp]
|
||||
[<ffffffffa01e3751>] sctp_do_sm+0x71/0x1210 [sctp]
|
||||
[<ffffffff8147645d>] ? fib_rules_lookup+0xad/0xf0
|
||||
[<ffffffffa01e6b22>] ? sctp_cmp_addr_exact+0x32/0x40 [sctp]
|
||||
[<ffffffffa01e8393>] sctp_assoc_bh_rcv+0xd3/0x180 [sctp]
|
||||
[<ffffffffa01ee986>] sctp_inq_push+0x56/0x80 [sctp]
|
||||
[<ffffffffa01fcc42>] sctp_rcv+0x982/0xa10 [sctp]
|
||||
[<ffffffffa01d5123>] ? ipt_local_in_hook+0x23/0x28 [iptable_filter]
|
||||
[<ffffffff8148bdc9>] ? nf_iterate+0x69/0xb0
|
||||
[<ffffffff81496d10>] ? ip_local_deliver_finish+0x0/0x2d0
|
||||
[<ffffffff8148bf86>] ? nf_hook_slow+0x76/0x120
|
||||
[<ffffffff81496d10>] ? ip_local_deliver_finish+0x0/0x2d0
|
||||
[<ffffffff81496ded>] ip_local_deliver_finish+0xdd/0x2d0
|
||||
[<ffffffff81497078>] ip_local_deliver+0x98/0xa0
|
||||
[<ffffffff8149653d>] ip_rcv_finish+0x12d/0x440
|
||||
[<ffffffff81496ac5>] ip_rcv+0x275/0x350
|
||||
[<ffffffff8145c88b>] __netif_receive_skb+0x4ab/0x750
|
||||
[<ffffffff81460588>] netif_receive_skb+0x58/0x60
|
||||
|
||||
This can be triggered e.g., through a simple scripted nmap
|
||||
connection scan injecting the chunk after the handshake, for
|
||||
example, ...
|
||||
|
||||
-------------- INIT[ASCONF; ASCONF_ACK] ------------->
|
||||
<----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------
|
||||
-------------------- COOKIE-ECHO -------------------->
|
||||
<-------------------- COOKIE-ACK ---------------------
|
||||
------------------ ASCONF; UNKNOWN ------------------>
|
||||
|
||||
... where ASCONF chunk of length 280 contains 2 parameters ...
|
||||
|
||||
1) Add IP address parameter (param length: 16)
|
||||
2) Add/del IP address parameter (param length: 255)
|
||||
|
||||
... followed by an UNKNOWN chunk of e.g. 4 bytes. Here, the
|
||||
Address Parameter in the ASCONF chunk is even missing, too.
|
||||
This is just an example and similarly-crafted ASCONF chunks
|
||||
could be used just as well.
|
||||
|
||||
The ASCONF chunk passes through sctp_verify_asconf() as all
|
||||
parameters passed sanity checks, and after walking, we ended
|
||||
up successfully at the chunk end boundary, and thus may invoke
|
||||
sctp_process_asconf(). Parameter walking is done with
|
||||
WORD_ROUND() to take padding into account.
|
||||
|
||||
In sctp_process_asconf()'s TLV processing, we may fail in
|
||||
sctp_process_asconf_param() e.g., due to removal of the IP
|
||||
address that is also the source address of the packet containing
|
||||
the ASCONF chunk, and thus we need to add all TLVs after the
|
||||
failure to our ASCONF response to remote via helper function
|
||||
sctp_add_asconf_response(), which basically invokes a
|
||||
sctp_addto_chunk() adding the error parameters to the given
|
||||
skb.
|
||||
|
||||
When walking to the next parameter this time, we proceed
|
||||
with ...
|
||||
|
||||
length = ntohs(asconf_param->param_hdr.length);
|
||||
asconf_param = (void *)asconf_param + length;
|
||||
|
||||
... instead of the WORD_ROUND()'ed length, thus resulting here
|
||||
in an off-by-one that leads to reading the follow-up garbage
|
||||
parameter length of 12336, and thus throwing an skb_over_panic
|
||||
for the reply when trying to sctp_addto_chunk() next time,
|
||||
which implicitly calls the skb_put() with that length.
|
||||
|
||||
Fix it by using sctp_walk_params() [ which is also used in
|
||||
INIT parameter processing ] macro in the verification *and*
|
||||
in ASCONF processing: it will make sure we don't spill over,
|
||||
that we walk parameters WORD_ROUND()'ed. Moreover, we're being
|
||||
more defensive and guard against unknown parameter types and
|
||||
missized addresses.
|
||||
|
||||
Joint work with Vlad Yasevich.
|
||||
|
||||
Fixes: b896b82be4ae ("[SCTP] ADDIP: Support for processing incoming ASCONF_ACK chunks.")
|
||||
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
||||
Signed-off-by: Vlad Yasevich <vyasevich@gmail.com>
|
||||
Acked-by: Neil Horman <nhorman@tuxdriver.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
include/net/sctp/sm.h | 6 +--
|
||||
net/sctp/sm_make_chunk.c | 99 +++++++++++++++++++++++++++---------------------
|
||||
net/sctp/sm_statefuns.c | 18 +--------
|
||||
3 files changed, 60 insertions(+), 63 deletions(-)
|
||||
|
||||
diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h
|
||||
index 7f4eeb3..72a31db 100644
|
||||
--- a/include/net/sctp/sm.h
|
||||
+++ b/include/net/sctp/sm.h
|
||||
@@ -248,9 +248,9 @@ struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *,
|
||||
int, __be16);
|
||||
struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc,
|
||||
union sctp_addr *addr);
|
||||
-int sctp_verify_asconf(const struct sctp_association *asoc,
|
||||
- struct sctp_paramhdr *param_hdr, void *chunk_end,
|
||||
- struct sctp_paramhdr **errp);
|
||||
+bool sctp_verify_asconf(const struct sctp_association *asoc,
|
||||
+ struct sctp_chunk *chunk, bool addr_param_needed,
|
||||
+ struct sctp_paramhdr **errp);
|
||||
struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
|
||||
struct sctp_chunk *asconf);
|
||||
int sctp_process_asconf_ack(struct sctp_association *asoc,
|
||||
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
|
||||
index ae0e616..ab734be 100644
|
||||
--- a/net/sctp/sm_make_chunk.c
|
||||
+++ b/net/sctp/sm_make_chunk.c
|
||||
@@ -3110,50 +3110,63 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
|
||||
return SCTP_ERROR_NO_ERROR;
|
||||
}
|
||||
|
||||
-/* Verify the ASCONF packet before we process it. */
|
||||
-int sctp_verify_asconf(const struct sctp_association *asoc,
|
||||
- struct sctp_paramhdr *param_hdr, void *chunk_end,
|
||||
- struct sctp_paramhdr **errp) {
|
||||
- sctp_addip_param_t *asconf_param;
|
||||
+/* Verify the ASCONF packet before we process it. */
|
||||
+bool sctp_verify_asconf(const struct sctp_association *asoc,
|
||||
+ struct sctp_chunk *chunk, bool addr_param_needed,
|
||||
+ struct sctp_paramhdr **errp)
|
||||
+{
|
||||
+ sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) chunk->chunk_hdr;
|
||||
union sctp_params param;
|
||||
- int length, plen;
|
||||
-
|
||||
- param.v = (sctp_paramhdr_t *) param_hdr;
|
||||
- while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) {
|
||||
- length = ntohs(param.p->length);
|
||||
- *errp = param.p;
|
||||
+ bool addr_param_seen = false;
|
||||
|
||||
- if (param.v > chunk_end - length ||
|
||||
- length < sizeof(sctp_paramhdr_t))
|
||||
- return 0;
|
||||
+ sctp_walk_params(param, addip, addip_hdr.params) {
|
||||
+ size_t length = ntohs(param.p->length);
|
||||
|
||||
+ *errp = param.p;
|
||||
switch (param.p->type) {
|
||||
+ case SCTP_PARAM_ERR_CAUSE:
|
||||
+ break;
|
||||
+ case SCTP_PARAM_IPV4_ADDRESS:
|
||||
+ if (length != sizeof(sctp_ipv4addr_param_t))
|
||||
+ return false;
|
||||
+ addr_param_seen = true;
|
||||
+ break;
|
||||
+ case SCTP_PARAM_IPV6_ADDRESS:
|
||||
+ if (length != sizeof(sctp_ipv6addr_param_t))
|
||||
+ return false;
|
||||
+ addr_param_seen = true;
|
||||
+ break;
|
||||
case SCTP_PARAM_ADD_IP:
|
||||
case SCTP_PARAM_DEL_IP:
|
||||
case SCTP_PARAM_SET_PRIMARY:
|
||||
- asconf_param = (sctp_addip_param_t *)param.v;
|
||||
- plen = ntohs(asconf_param->param_hdr.length);
|
||||
- if (plen < sizeof(sctp_addip_param_t) +
|
||||
- sizeof(sctp_paramhdr_t))
|
||||
- return 0;
|
||||
+ /* In ASCONF chunks, these need to be first. */
|
||||
+ if (addr_param_needed && !addr_param_seen)
|
||||
+ return false;
|
||||
+ length = ntohs(param.addip->param_hdr.length);
|
||||
+ if (length < sizeof(sctp_addip_param_t) +
|
||||
+ sizeof(sctp_paramhdr_t))
|
||||
+ return false;
|
||||
break;
|
||||
case SCTP_PARAM_SUCCESS_REPORT:
|
||||
case SCTP_PARAM_ADAPTATION_LAYER_IND:
|
||||
if (length != sizeof(sctp_addip_param_t))
|
||||
- return 0;
|
||||
-
|
||||
+ return false;
|
||||
break;
|
||||
default:
|
||||
- break;
|
||||
+ /* This is unkown to us, reject! */
|
||||
+ return false;
|
||||
}
|
||||
-
|
||||
- param.v += WORD_ROUND(length);
|
||||
}
|
||||
|
||||
- if (param.v != chunk_end)
|
||||
- return 0;
|
||||
+ /* Remaining sanity checks. */
|
||||
+ if (addr_param_needed && !addr_param_seen)
|
||||
+ return false;
|
||||
+ if (!addr_param_needed && addr_param_seen)
|
||||
+ return false;
|
||||
+ if (param.v != chunk->chunk_end)
|
||||
+ return false;
|
||||
|
||||
- return 1;
|
||||
+ return true;
|
||||
}
|
||||
|
||||
/* Process an incoming ASCONF chunk with the next expected serial no. and
|
||||
@@ -3162,16 +3175,17 @@ int sctp_verify_asconf(const struct sctp_association *asoc,
|
||||
struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
|
||||
struct sctp_chunk *asconf)
|
||||
{
|
||||
+ sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) asconf->chunk_hdr;
|
||||
+ bool all_param_pass = true;
|
||||
+ union sctp_params param;
|
||||
sctp_addiphdr_t *hdr;
|
||||
union sctp_addr_param *addr_param;
|
||||
sctp_addip_param_t *asconf_param;
|
||||
struct sctp_chunk *asconf_ack;
|
||||
-
|
||||
__be16 err_code;
|
||||
int length = 0;
|
||||
int chunk_len;
|
||||
__u32 serial;
|
||||
- int all_param_pass = 1;
|
||||
|
||||
chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t);
|
||||
hdr = (sctp_addiphdr_t *)asconf->skb->data;
|
||||
@@ -3199,9 +3213,14 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
|
||||
goto done;
|
||||
|
||||
/* Process the TLVs contained within the ASCONF chunk. */
|
||||
- while (chunk_len > 0) {
|
||||
+ sctp_walk_params(param, addip, addip_hdr.params) {
|
||||
+ /* Skip preceeding address parameters. */
|
||||
+ if (param.p->type == SCTP_PARAM_IPV4_ADDRESS ||
|
||||
+ param.p->type == SCTP_PARAM_IPV6_ADDRESS)
|
||||
+ continue;
|
||||
+
|
||||
err_code = sctp_process_asconf_param(asoc, asconf,
|
||||
- asconf_param);
|
||||
+ param.addip);
|
||||
/* ADDIP 4.1 A7)
|
||||
* If an error response is received for a TLV parameter,
|
||||
* all TLVs with no response before the failed TLV are
|
||||
@@ -3209,28 +3228,20 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
|
||||
* the failed response are considered unsuccessful unless
|
||||
* a specific success indication is present for the parameter.
|
||||
*/
|
||||
- if (SCTP_ERROR_NO_ERROR != err_code)
|
||||
- all_param_pass = 0;
|
||||
-
|
||||
+ if (err_code != SCTP_ERROR_NO_ERROR)
|
||||
+ all_param_pass = false;
|
||||
if (!all_param_pass)
|
||||
- sctp_add_asconf_response(asconf_ack,
|
||||
- asconf_param->crr_id, err_code,
|
||||
- asconf_param);
|
||||
+ sctp_add_asconf_response(asconf_ack, param.addip->crr_id,
|
||||
+ err_code, param.addip);
|
||||
|
||||
/* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add
|
||||
* an IP address sends an 'Out of Resource' in its response, it
|
||||
* MUST also fail any subsequent add or delete requests bundled
|
||||
* in the ASCONF.
|
||||
*/
|
||||
- if (SCTP_ERROR_RSRC_LOW == err_code)
|
||||
+ if (err_code == SCTP_ERROR_RSRC_LOW)
|
||||
goto done;
|
||||
-
|
||||
- /* Move to the next ASCONF param. */
|
||||
- length = ntohs(asconf_param->param_hdr.length);
|
||||
- asconf_param = (void *)asconf_param + length;
|
||||
- chunk_len -= length;
|
||||
}
|
||||
-
|
||||
done:
|
||||
asoc->peer.addip_serial++;
|
||||
|
||||
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
|
||||
index c8f6063..bdea3df 100644
|
||||
--- a/net/sctp/sm_statefuns.c
|
||||
+++ b/net/sctp/sm_statefuns.c
|
||||
@@ -3591,9 +3591,7 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net,
|
||||
struct sctp_chunk *asconf_ack = NULL;
|
||||
struct sctp_paramhdr *err_param = NULL;
|
||||
sctp_addiphdr_t *hdr;
|
||||
- union sctp_addr_param *addr_param;
|
||||
__u32 serial;
|
||||
- int length;
|
||||
|
||||
if (!sctp_vtag_verify(chunk, asoc)) {
|
||||
sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
|
||||
@@ -3618,17 +3616,8 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net,
|
||||
hdr = (sctp_addiphdr_t *)chunk->skb->data;
|
||||
serial = ntohl(hdr->serial);
|
||||
|
||||
- addr_param = (union sctp_addr_param *)hdr->params;
|
||||
- length = ntohs(addr_param->p.length);
|
||||
- if (length < sizeof(sctp_paramhdr_t))
|
||||
- return sctp_sf_violation_paramlen(net, ep, asoc, type, arg,
|
||||
- (void *)addr_param, commands);
|
||||
-
|
||||
/* Verify the ASCONF chunk before processing it. */
|
||||
- if (!sctp_verify_asconf(asoc,
|
||||
- (sctp_paramhdr_t *)((void *)addr_param + length),
|
||||
- (void *)chunk->chunk_end,
|
||||
- &err_param))
|
||||
+ if (!sctp_verify_asconf(asoc, chunk, true, &err_param))
|
||||
return sctp_sf_violation_paramlen(net, ep, asoc, type, arg,
|
||||
(void *)err_param, commands);
|
||||
|
||||
@@ -3745,10 +3734,7 @@ sctp_disposition_t sctp_sf_do_asconf_ack(struct net *net,
|
||||
rcvd_serial = ntohl(addip_hdr->serial);
|
||||
|
||||
/* Verify the ASCONF-ACK chunk before processing it. */
|
||||
- if (!sctp_verify_asconf(asoc,
|
||||
- (sctp_paramhdr_t *)addip_hdr->params,
|
||||
- (void *)asconf_ack->chunk_end,
|
||||
- &err_param))
|
||||
+ if (!sctp_verify_asconf(asoc, asconf_ack, false, &err_param))
|
||||
return sctp_sf_violation_paramlen(net, ep, asoc, type, arg,
|
||||
(void *)err_param, commands);
|
||||
|
|
@ -38,7 +38,7 @@ missing, except for the pre-R600 KMS case.
|
|||
/*
|
||||
* KMS wrapper.
|
||||
* - 2.0.0 - initial interface
|
||||
@@ -320,6 +323,37 @@ static struct drm_driver driver_old = {
|
||||
@@ -341,6 +344,42 @@ static struct drm_driver driver_old = {
|
||||
|
||||
static struct drm_driver kms_driver;
|
||||
|
||||
|
@ -49,6 +49,10 @@ missing, except for the pre-R600 KMS case.
|
|||
+ */
|
||||
+static bool radeon_firmware_installed(void)
|
||||
+{
|
||||
+#if IS_BUILTIN(CONFIG_DRM_RADEON)
|
||||
+ /* It may be too early to tell. Assume it's there. */
|
||||
+ return true;
|
||||
+#else
|
||||
+ struct path path;
|
||||
+
|
||||
+ if (kern_path("/lib/firmware/radeon", LOOKUP_DIRECTORY | LOOKUP_FOLLOW,
|
||||
|
@ -58,6 +62,7 @@ missing, except for the pre-R600 KMS case.
|
|||
+ }
|
||||
+
|
||||
+ return false;
|
||||
+#endif
|
||||
+}
|
||||
+
|
||||
+#ifdef CONFIG_DRM_RADEON_UMS
|
||||
|
@ -76,7 +81,7 @@ missing, except for the pre-R600 KMS case.
|
|||
static int radeon_kick_out_firmware_fb(struct pci_dev *pdev)
|
||||
{
|
||||
struct apertures_struct *ap;
|
||||
@@ -346,6 +380,12 @@ static int radeon_pci_probe(struct pci_d
|
||||
@@ -367,6 +406,12 @@ static int radeon_pci_probe(struct pci_d
|
||||
{
|
||||
int ret;
|
||||
|
||||
|
@ -89,7 +94,7 @@ missing, except for the pre-R600 KMS case.
|
|||
/* Get rid of things like offb */
|
||||
ret = radeon_kick_out_firmware_fb(pdev);
|
||||
if (ret)
|
||||
@@ -577,6 +617,7 @@ static struct pci_driver *pdriver;
|
||||
@@ -586,6 +631,7 @@ static struct pci_driver *pdriver;
|
||||
static struct pci_driver radeon_pci_driver = {
|
||||
.name = DRIVER_NAME,
|
||||
.id_table = pciidlist,
|
||||
|
|
29
debian/patches/bugfix/all/rtsx_usb_ms-use-msleep_interruptible-in-polling-loop.patch
vendored
Normal file
29
debian/patches/bugfix/all/rtsx_usb_ms-use-msleep_interruptible-in-polling-loop.patch
vendored
Normal file
|
@ -0,0 +1,29 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Sun, 26 Oct 2014 03:39:42 +0000
|
||||
Subject: rtsx_usb_ms: Use msleep_interruptible() in polling loop
|
||||
Bug-Debian: https://bugs.debian.org/765717
|
||||
Forwarded: http://mid.gmane.org/1415237557.3398.41.camel@decadent.org.uk
|
||||
|
||||
rtsx_usb_ms creates a task that mostly sleeps, but tasks in
|
||||
uninterruptible sleep still contribute to the load average (for
|
||||
bug-compatibility with Unix). A load average of ~1 on a system that
|
||||
should be idle is somewhat alarming.
|
||||
|
||||
Change the sleep to be interruptible, but still ignore signals.
|
||||
|
||||
A better fix might be to replace this loop with a delayed work item.
|
||||
|
||||
diff --git a/drivers/memstick/host/rtsx_usb_ms.c b/drivers/memstick/host/rtsx_usb_ms.c
|
||||
index a7282b7..7356780 100644
|
||||
--- a/drivers/memstick/host/rtsx_usb_ms.c
|
||||
+++ b/drivers/memstick/host/rtsx_usb_ms.c
|
||||
@@ -706,7 +706,8 @@ poll_again:
|
||||
if (host->eject)
|
||||
break;
|
||||
|
||||
- msleep(1000);
|
||||
+ if (msleep_interruptible(1000))
|
||||
+ flush_signals(current);
|
||||
}
|
||||
|
||||
complete(&host->detect_ms_exit);
|
50
debian/patches/bugfix/mips/MIPS-cp1emu-Fix-ISA-restrictions-for-cop1x_op-instru.patch
vendored
Normal file
50
debian/patches/bugfix/mips/MIPS-cp1emu-Fix-ISA-restrictions-for-cop1x_op-instru.patch
vendored
Normal file
|
@ -0,0 +1,50 @@
|
|||
From: Markos Chandras <markos.chandras@imgtec.com>
|
||||
Date: Tue, 21 Oct 2014 10:21:54 +0100
|
||||
Subject: MIPS: cp1emu: Fix ISA restrictions for cop1x_op instructions
|
||||
Origin: https://git.kernel.org/linus/a5466d7bba9af83a82cc7c081b2a7d557cde3204
|
||||
|
||||
Commit 08a07904e1828 ("MIPS: math-emu: Remove most ifdefery") removed
|
||||
the #ifdef ISA conditions and switched to runtime detection. However,
|
||||
according to the instruction set manual, the cop1x_op instructions are
|
||||
available in >=MIPS32r2 as well. This fixes a problem on MIPS32r2
|
||||
with the ntpd package which failed to execute with a SIGILL exit code due
|
||||
to the fact that a madd.d instruction was not being emulated.
|
||||
|
||||
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
|
||||
Fixes: 08a07904e1828 ("MIPS: math-emu: Remove most ifdefery")
|
||||
Cc: <stable@vger.kernel.org> # v3.16+
|
||||
Cc: linux-mips@linux-mips.org
|
||||
Reviewed-by: Paul Burton <paul.burton@imgtec.com>
|
||||
Reviewed-by: James Hogan <james.hogan@imgtec.com>
|
||||
Cc: Markos Chandras <markos.chandras@imgtec.com>
|
||||
Patchwork: https://patchwork.linux-mips.org/patch/8173/
|
||||
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
||||
---
|
||||
arch/mips/math-emu/cp1emu.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/arch/mips/math-emu/cp1emu.c b/arch/mips/math-emu/cp1emu.c
|
||||
index 7a47277..51a0fde 100644
|
||||
--- a/arch/mips/math-emu/cp1emu.c
|
||||
+++ b/arch/mips/math-emu/cp1emu.c
|
||||
@@ -1023,7 +1023,7 @@ emul:
|
||||
goto emul;
|
||||
|
||||
case cop1x_op:
|
||||
- if (cpu_has_mips_4_5 || cpu_has_mips64)
|
||||
+ if (cpu_has_mips_4_5 || cpu_has_mips64 || cpu_has_mips32r2)
|
||||
/* its one of ours */
|
||||
goto emul;
|
||||
|
||||
@@ -1068,7 +1068,7 @@ emul:
|
||||
break;
|
||||
|
||||
case cop1x_op:
|
||||
- if (!cpu_has_mips_4_5 && !cpu_has_mips64)
|
||||
+ if (!cpu_has_mips_4_5 && !cpu_has_mips64 && !cpu_has_mips32r2)
|
||||
return SIGILL;
|
||||
|
||||
sig = fpux_emu(xcp, ctx, ir, fault_addr);
|
||||
--
|
||||
2.1.1
|
||||
|
90
debian/patches/bugfix/mips/MIPS-tlbex-Properly-fix-HUGE-TLB-Refill-exception-ha.patch
vendored
Normal file
90
debian/patches/bugfix/mips/MIPS-tlbex-Properly-fix-HUGE-TLB-Refill-exception-ha.patch
vendored
Normal file
|
@ -0,0 +1,90 @@
|
|||
From: David Daney <david.daney@cavium.com>
|
||||
Date: Mon, 20 Oct 2014 15:34:23 -0700
|
||||
Subject: MIPS: tlbex: Properly fix HUGE TLB Refill exception handler
|
||||
Origin: https://git.kernel.org/linus/9e0f162a36914937a937358fcb45e0609ef2bfc4
|
||||
|
||||
In commit 8393c524a25609 (MIPS: tlbex: Fix a missing statement for
|
||||
HUGETLB), the TLB Refill handler was fixed so that non-OCTEON targets
|
||||
would work properly with huge pages. The change was incorrect in that
|
||||
it broke the OCTEON case.
|
||||
|
||||
The problem is shown here:
|
||||
|
||||
xxx0: df7a0000 ld k0,0(k1)
|
||||
.
|
||||
.
|
||||
.
|
||||
xxxc0: df610000 ld at,0(k1)
|
||||
xxxc4: 335a0ff0 andi k0,k0,0xff0
|
||||
xxxc8: e825ffcd bbit1 at,0x5,0x0
|
||||
xxxcc: 003ad82d daddu k1,at,k0
|
||||
.
|
||||
.
|
||||
.
|
||||
|
||||
In the non-octeon case there is a destructive test for the huge PTE
|
||||
bit, and then at 0, $k0 is reloaded (that is what the 8393c524a25609
|
||||
patch added).
|
||||
|
||||
In the octeon case, we modify k1 in the branch delay slot, but we
|
||||
never need k0 again, so the new load is not needed, but since k1 is
|
||||
modified, if we do the load, we load from a garbage location and then
|
||||
get a nested TLB Refill, which is seen in userspace as either SIGBUS
|
||||
or SIGSEGV (depending on the garbage).
|
||||
|
||||
The real fix is to only do this reloading if it is needed, and never
|
||||
where it is harmful.
|
||||
|
||||
Signed-off-by: David Daney <david.daney@cavium.com>
|
||||
Cc: Huacai Chen <chenhc@lemote.com>
|
||||
Cc: Fuxin Zhang <zhangfx@lemote.com>
|
||||
Cc: Zhangjin Wu <wuzhangjin@gmail.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Cc: linux-mips@linux-mips.org
|
||||
Patchwork: https://patchwork.linux-mips.org/patch/8151/
|
||||
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
||||
---
|
||||
arch/mips/mm/tlbex.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/mips/mm/tlbex.c b/arch/mips/mm/tlbex.c
|
||||
index a08dd53..b5f228e 100644
|
||||
--- a/arch/mips/mm/tlbex.c
|
||||
+++ b/arch/mips/mm/tlbex.c
|
||||
@@ -1062,6 +1062,7 @@ static void build_update_entries(u32 **p, unsigned int tmp, unsigned int ptep)
|
||||
struct mips_huge_tlb_info {
|
||||
int huge_pte;
|
||||
int restore_scratch;
|
||||
+ bool need_reload_pte;
|
||||
};
|
||||
|
||||
static struct mips_huge_tlb_info
|
||||
@@ -1076,6 +1077,7 @@ build_fast_tlb_refill_handler (u32 **p, struct uasm_label **l,
|
||||
|
||||
rv.huge_pte = scratch;
|
||||
rv.restore_scratch = 0;
|
||||
+ rv.need_reload_pte = false;
|
||||
|
||||
if (check_for_high_segbits) {
|
||||
UASM_i_MFC0(p, tmp, C0_BADVADDR);
|
||||
@@ -1264,6 +1266,7 @@ static void build_r4000_tlb_refill_handler(void)
|
||||
} else {
|
||||
htlb_info.huge_pte = K0;
|
||||
htlb_info.restore_scratch = 0;
|
||||
+ htlb_info.need_reload_pte = true;
|
||||
vmalloc_mode = refill_noscratch;
|
||||
/*
|
||||
* create the plain linear handler
|
||||
@@ -1300,7 +1303,8 @@ static void build_r4000_tlb_refill_handler(void)
|
||||
}
|
||||
#ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
|
||||
uasm_l_tlb_huge_update(&l, p);
|
||||
- UASM_i_LW(&p, K0, 0, K1);
|
||||
+ if (htlb_info.need_reload_pte)
|
||||
+ UASM_i_LW(&p, htlb_info.huge_pte, 0, K1);
|
||||
build_huge_update_entries(&p, htlb_info.huge_pte, K1);
|
||||
build_huge_tlb_write_entry(&p, &l, &r, K0, tlb_random,
|
||||
htlb_info.restore_scratch);
|
||||
--
|
||||
2.1.1
|
||||
|
100
debian/patches/bugfix/parisc/parisc-reduce-sigrtmin-from-37-to-32-to-behave-like-.patch
vendored
Normal file
100
debian/patches/bugfix/parisc/parisc-reduce-sigrtmin-from-37-to-32-to-behave-like-.patch
vendored
Normal file
|
@ -0,0 +1,100 @@
|
|||
From: Helge Deller <deller@gmx.de>
|
||||
Date: Fri, 10 Oct 2014 22:20:17 +0200
|
||||
Subject: parisc: Reduce SIGRTMIN from 37 to 32 to behave like other Linux
|
||||
architectures
|
||||
Origin: https://git.kernel.org/linus/1f25df2eff5b25f52c139d3ff31bc883eee9a0ab
|
||||
Bug-Debian: https://bugs.debian.org/766635
|
||||
|
||||
This patch reduces the value of SIGRTMIN on PARISC from 37 to 32, thus
|
||||
increasing the number of available RT signals and bring it in sync with other
|
||||
Linux architectures.
|
||||
|
||||
Historically we wanted to natively support HP-UX 32bit binaries with the
|
||||
PA-RISC Linux port. Because of that we carried the various available signals
|
||||
from HP-UX (e.g. SIGEMT and SIGLOST) and folded them in between the native
|
||||
Linux signals. Although this was the right decision at that time, this
|
||||
required us to increase SIGRTMIN to at least 37 which left us with 27 (64-37)
|
||||
RT signals.
|
||||
|
||||
Those 27 RT signals haven't been a problem in the past, but with the upcoming
|
||||
importance of systemd we now got the problem that systemd alloctes (hardcoded)
|
||||
signals up to SIGRTMIN+29 which is beyond our NSIG of 64. Because of that we
|
||||
have not been able to use systemd on the PARISC Linux port yet.
|
||||
|
||||
Of course we could ask the systemd developers to not use those hardcoded
|
||||
values, but this change is very unlikely, esp. with PA-RISC being a niche
|
||||
architecture.
|
||||
|
||||
The other possibility would be to increase NSIG to e.g. 128, but this would
|
||||
mean to duplicate most of the existing Linux signal handling code into the
|
||||
parisc specific Linux kernel tree which would most likely introduce lots of new
|
||||
bugs beside the code duplication.
|
||||
|
||||
The third option is to drop some HP-UX signals and shuffle some other signals
|
||||
around to bring SIGRTMIN to 32. This is of course an ABI change, but testing
|
||||
has shown that existing Linux installations are not visibly affected by this
|
||||
change - most likely because we move those signals around which are rarely used
|
||||
and move them to slots which haven't been used in Linux yet. In an existing
|
||||
installation I was able to exchange either the Linux kernel or glibc (or both)
|
||||
without affecting the boot process and installed applications.
|
||||
|
||||
Dropping the HP-UX signals isn't an issue either, since support for HP-UX was
|
||||
basically dropped a few months back with Kernel 3.14 in commit
|
||||
f5a408d53edef3af07ac7697b8bc54a755628450 already, when we changed EWOULDBLOCK
|
||||
to be equal to EAGAIN.
|
||||
|
||||
So, even if this is an ABI change, it's better to change it now and thus bring
|
||||
PARISC Linux in sync with other architectures to avoid other issues in the
|
||||
future.
|
||||
|
||||
Signed-off-by: Helge Deller <deller@gmx.de>
|
||||
Cc: Carlos O'Donell <carlos@systemhalted.org>
|
||||
Cc: John David Anglin <dave.anglin@bell.net>
|
||||
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
|
||||
Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
|
||||
Cc: PARISC Linux Kernel Mailinglist <linux-parisc@vger.kernel.org>
|
||||
Tested-by: Aaro Koskinen <aaro.koskinen@iki.fi>
|
||||
---
|
||||
arch/parisc/include/uapi/asm/signal.h | 16 ++++++----------
|
||||
1 file changed, 6 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/arch/parisc/include/uapi/asm/signal.h b/arch/parisc/include/uapi/asm/signal.h
|
||||
index f5645d6..10df707 100644
|
||||
--- a/arch/parisc/include/uapi/asm/signal.h
|
||||
+++ b/arch/parisc/include/uapi/asm/signal.h
|
||||
@@ -8,12 +8,12 @@
|
||||
#define SIGTRAP 5
|
||||
#define SIGABRT 6
|
||||
#define SIGIOT 6
|
||||
-#define SIGEMT 7
|
||||
+#define SIGSTKFLT 7
|
||||
#define SIGFPE 8
|
||||
#define SIGKILL 9
|
||||
#define SIGBUS 10
|
||||
#define SIGSEGV 11
|
||||
-#define SIGSYS 12 /* Linux doesn't use this */
|
||||
+#define SIGXCPU 12
|
||||
#define SIGPIPE 13
|
||||
#define SIGALRM 14
|
||||
#define SIGTERM 15
|
||||
@@ -32,16 +32,12 @@
|
||||
#define SIGTTIN 27
|
||||
#define SIGTTOU 28
|
||||
#define SIGURG 29
|
||||
-#define SIGLOST 30 /* Linux doesn't use this either */
|
||||
-#define SIGUNUSED 31
|
||||
-#define SIGRESERVE SIGUNUSED
|
||||
-
|
||||
-#define SIGXCPU 33
|
||||
-#define SIGXFSZ 34
|
||||
-#define SIGSTKFLT 36
|
||||
+#define SIGXFSZ 30
|
||||
+#define SIGUNUSED 31
|
||||
+#define SIGSYS 31 /* Linux doesn't use this */
|
||||
|
||||
/* These should not be considered constants from userland. */
|
||||
-#define SIGRTMIN 37
|
||||
+#define SIGRTMIN 32
|
||||
#define SIGRTMAX _NSIG /* it's 44 under HP/UX */
|
||||
|
||||
/*
|
135
debian/patches/bugfix/x86/KVM-x86-Check-non-canonical-addresses-upon-WRMSR.patch
vendored
Normal file
135
debian/patches/bugfix/x86/KVM-x86-Check-non-canonical-addresses-upon-WRMSR.patch
vendored
Normal file
|
@ -0,0 +1,135 @@
|
|||
From: Nadav Amit <namit@cs.technion.ac.il>
|
||||
Date: Tue, 16 Sep 2014 03:24:05 +0300
|
||||
Subject: KVM: x86: Check non-canonical addresses upon WRMSR
|
||||
Origin: https://git.kernel.org/linus/854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
|
||||
|
||||
Upon WRMSR, the CPU should inject #GP if a non-canonical value (address) is
|
||||
written to certain MSRs. The behavior is "almost" identical for AMD and Intel
|
||||
(ignoring MSRs that are not implemented in either architecture since they would
|
||||
anyhow #GP). However, IA32_SYSENTER_ESP and IA32_SYSENTER_EIP cause #GP if
|
||||
non-canonical address is written on Intel but not on AMD (which ignores the top
|
||||
32-bits).
|
||||
|
||||
Accordingly, this patch injects a #GP on the MSRs which behave identically on
|
||||
Intel and AMD. To eliminate the differences between the architecutres, the
|
||||
value which is written to IA32_SYSENTER_ESP and IA32_SYSENTER_EIP is turned to
|
||||
canonical value before writing instead of injecting a #GP.
|
||||
|
||||
Some references from Intel and AMD manuals:
|
||||
|
||||
According to Intel SDM description of WRMSR instruction #GP is expected on
|
||||
WRMSR "If the source register contains a non-canonical address and ECX
|
||||
specifies one of the following MSRs: IA32_DS_AREA, IA32_FS_BASE, IA32_GS_BASE,
|
||||
IA32_KERNEL_GS_BASE, IA32_LSTAR, IA32_SYSENTER_EIP, IA32_SYSENTER_ESP."
|
||||
|
||||
According to AMD manual instruction manual:
|
||||
LSTAR/CSTAR (SYSCALL): "The WRMSR instruction loads the target RIP into the
|
||||
LSTAR and CSTAR registers. If an RIP written by WRMSR is not in canonical
|
||||
form, a general-protection exception (#GP) occurs."
|
||||
IA32_GS_BASE and IA32_FS_BASE (WRFSBASE/WRGSBASE): "The address written to the
|
||||
base field must be in canonical form or a #GP fault will occur."
|
||||
IA32_KERNEL_GS_BASE (SWAPGS): "The address stored in the KernelGSbase MSR must
|
||||
be in canonical form."
|
||||
|
||||
This patch fixes CVE-2014-3610.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/include/asm/kvm_host.h | 14 ++++++++++++++
|
||||
arch/x86/kvm/svm.c | 2 +-
|
||||
arch/x86/kvm/vmx.c | 2 +-
|
||||
arch/x86/kvm/x86.c | 27 ++++++++++++++++++++++++++-
|
||||
4 files changed, 42 insertions(+), 3 deletions(-)
|
||||
|
||||
--- a/arch/x86/include/asm/kvm_host.h
|
||||
+++ b/arch/x86/include/asm/kvm_host.h
|
||||
@@ -989,6 +989,20 @@ static inline void kvm_inject_gp(struct
|
||||
kvm_queue_exception_e(vcpu, GP_VECTOR, error_code);
|
||||
}
|
||||
|
||||
+static inline u64 get_canonical(u64 la)
|
||||
+{
|
||||
+ return ((int64_t)la << 16) >> 16;
|
||||
+}
|
||||
+
|
||||
+static inline bool is_noncanonical_address(u64 la)
|
||||
+{
|
||||
+#ifdef CONFIG_X86_64
|
||||
+ return get_canonical(la) != la;
|
||||
+#else
|
||||
+ return false;
|
||||
+#endif
|
||||
+}
|
||||
+
|
||||
#define TSS_IOPB_BASE_OFFSET 0x66
|
||||
#define TSS_BASE_SIZE 0x68
|
||||
#define TSS_IOPB_SIZE (65536 / 8)
|
||||
--- a/arch/x86/kvm/svm.c
|
||||
+++ b/arch/x86/kvm/svm.c
|
||||
@@ -3228,7 +3228,7 @@ static int wrmsr_interception(struct vcp
|
||||
msr.host_initiated = false;
|
||||
|
||||
svm->next_rip = kvm_rip_read(&svm->vcpu) + 2;
|
||||
- if (svm_set_msr(&svm->vcpu, &msr)) {
|
||||
+ if (kvm_set_msr(&svm->vcpu, &msr)) {
|
||||
trace_kvm_msr_write_ex(ecx, data);
|
||||
kvm_inject_gp(&svm->vcpu, 0);
|
||||
} else {
|
||||
--- a/arch/x86/kvm/vmx.c
|
||||
+++ b/arch/x86/kvm/vmx.c
|
||||
@@ -5246,7 +5246,7 @@ static int handle_wrmsr(struct kvm_vcpu
|
||||
msr.data = data;
|
||||
msr.index = ecx;
|
||||
msr.host_initiated = false;
|
||||
- if (vmx_set_msr(vcpu, &msr) != 0) {
|
||||
+ if (kvm_set_msr(vcpu, &msr) != 0) {
|
||||
trace_kvm_msr_write_ex(ecx, data);
|
||||
kvm_inject_gp(vcpu, 0);
|
||||
return 1;
|
||||
--- a/arch/x86/kvm/x86.c
|
||||
+++ b/arch/x86/kvm/x86.c
|
||||
@@ -948,7 +948,6 @@ void kvm_enable_efer_bits(u64 mask)
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(kvm_enable_efer_bits);
|
||||
|
||||
-
|
||||
/*
|
||||
* Writes msr value into into the appropriate "register".
|
||||
* Returns 0 on success, non-0 otherwise.
|
||||
@@ -956,8 +955,34 @@ EXPORT_SYMBOL_GPL(kvm_enable_efer_bits);
|
||||
*/
|
||||
int kvm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
|
||||
{
|
||||
+ switch (msr->index) {
|
||||
+ case MSR_FS_BASE:
|
||||
+ case MSR_GS_BASE:
|
||||
+ case MSR_KERNEL_GS_BASE:
|
||||
+ case MSR_CSTAR:
|
||||
+ case MSR_LSTAR:
|
||||
+ if (is_noncanonical_address(msr->data))
|
||||
+ return 1;
|
||||
+ break;
|
||||
+ case MSR_IA32_SYSENTER_EIP:
|
||||
+ case MSR_IA32_SYSENTER_ESP:
|
||||
+ /*
|
||||
+ * IA32_SYSENTER_ESP and IA32_SYSENTER_EIP cause #GP if
|
||||
+ * non-canonical address is written on Intel but not on
|
||||
+ * AMD (which ignores the top 32-bits, because it does
|
||||
+ * not implement 64-bit SYSENTER).
|
||||
+ *
|
||||
+ * 64-bit code should hence be able to write a non-canonical
|
||||
+ * value on AMD. Making the address canonical ensures that
|
||||
+ * vmentry does not fail on Intel after writing a non-canonical
|
||||
+ * value, and that something deterministic happens if the guest
|
||||
+ * invokes 64-bit SYSENTER.
|
||||
+ */
|
||||
+ msr->data = get_canonical(msr->data);
|
||||
+ }
|
||||
return kvm_x86_ops->set_msr(vcpu, msr);
|
||||
}
|
||||
+EXPORT_SYMBOL_GPL(kvm_set_msr);
|
||||
|
||||
/*
|
||||
* Adapt set_msr() to msr_io()'s calling convention
|
229
debian/patches/bugfix/x86/KVM-x86-Emulator-fixes-for-eip-canonical-checks-on-n.patch
vendored
Normal file
229
debian/patches/bugfix/x86/KVM-x86-Emulator-fixes-for-eip-canonical-checks-on-n.patch
vendored
Normal file
|
@ -0,0 +1,229 @@
|
|||
From: Nadav Amit <namit@cs.technion.ac.il>
|
||||
Date: Thu, 18 Sep 2014 22:39:38 +0300
|
||||
Subject: KVM: x86: Emulator fixes for eip canonical checks on near branches
|
||||
Origin: https://git.kernel.org/linus/234f3ce485d54017f15cf5e0699cff4100121601
|
||||
|
||||
Before changing rip (during jmp, call, ret, etc.) the target should be asserted
|
||||
to be canonical one, as real CPUs do. During sysret, both target rsp and rip
|
||||
should be canonical. If any of these values is noncanonical, a #GP exception
|
||||
should occur. The exception to this rule are syscall and sysenter instructions
|
||||
in which the assigned rip is checked during the assignment to the relevant
|
||||
MSRs.
|
||||
|
||||
This patch fixes the emulator to behave as real CPUs do for near branches.
|
||||
Far branches are handled by the next patch.
|
||||
|
||||
This fixes CVE-2014-3647.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/emulate.c | 78 ++++++++++++++++++++++++++++++++++----------------
|
||||
1 file changed, 54 insertions(+), 24 deletions(-)
|
||||
|
||||
--- a/arch/x86/kvm/emulate.c
|
||||
+++ b/arch/x86/kvm/emulate.c
|
||||
@@ -572,7 +572,8 @@ static int emulate_nm(struct x86_emulate
|
||||
return emulate_exception(ctxt, NM_VECTOR, 0, false);
|
||||
}
|
||||
|
||||
-static inline void assign_eip_near(struct x86_emulate_ctxt *ctxt, ulong dst)
|
||||
+static inline int assign_eip_far(struct x86_emulate_ctxt *ctxt, ulong dst,
|
||||
+ int cs_l)
|
||||
{
|
||||
switch (ctxt->op_bytes) {
|
||||
case 2:
|
||||
@@ -582,16 +583,25 @@ static inline void assign_eip_near(struc
|
||||
ctxt->_eip = (u32)dst;
|
||||
break;
|
||||
case 8:
|
||||
+ if ((cs_l && is_noncanonical_address(dst)) ||
|
||||
+ (!cs_l && (dst & ~(u32)-1)))
|
||||
+ return emulate_gp(ctxt, 0);
|
||||
ctxt->_eip = dst;
|
||||
break;
|
||||
default:
|
||||
WARN(1, "unsupported eip assignment size\n");
|
||||
}
|
||||
+ return X86EMUL_CONTINUE;
|
||||
+}
|
||||
+
|
||||
+static inline int assign_eip_near(struct x86_emulate_ctxt *ctxt, ulong dst)
|
||||
+{
|
||||
+ return assign_eip_far(ctxt, dst, ctxt->mode == X86EMUL_MODE_PROT64);
|
||||
}
|
||||
|
||||
-static inline void jmp_rel(struct x86_emulate_ctxt *ctxt, int rel)
|
||||
+static inline int jmp_rel(struct x86_emulate_ctxt *ctxt, int rel)
|
||||
{
|
||||
- assign_eip_near(ctxt, ctxt->_eip + rel);
|
||||
+ return assign_eip_near(ctxt, ctxt->_eip + rel);
|
||||
}
|
||||
|
||||
static u16 get_segment_selector(struct x86_emulate_ctxt *ctxt, unsigned seg)
|
||||
@@ -1986,13 +1996,15 @@ static int em_grp45(struct x86_emulate_c
|
||||
case 2: /* call near abs */ {
|
||||
long int old_eip;
|
||||
old_eip = ctxt->_eip;
|
||||
- ctxt->_eip = ctxt->src.val;
|
||||
+ rc = assign_eip_near(ctxt, ctxt->src.val);
|
||||
+ if (rc != X86EMUL_CONTINUE)
|
||||
+ break;
|
||||
ctxt->src.val = old_eip;
|
||||
rc = em_push(ctxt);
|
||||
break;
|
||||
}
|
||||
case 4: /* jmp abs */
|
||||
- ctxt->_eip = ctxt->src.val;
|
||||
+ rc = assign_eip_near(ctxt, ctxt->src.val);
|
||||
break;
|
||||
case 5: /* jmp far */
|
||||
rc = em_jmp_far(ctxt);
|
||||
@@ -2024,10 +2036,14 @@ static int em_cmpxchg8b(struct x86_emula
|
||||
|
||||
static int em_ret(struct x86_emulate_ctxt *ctxt)
|
||||
{
|
||||
- ctxt->dst.type = OP_REG;
|
||||
- ctxt->dst.addr.reg = &ctxt->_eip;
|
||||
- ctxt->dst.bytes = ctxt->op_bytes;
|
||||
- return em_pop(ctxt);
|
||||
+ int rc;
|
||||
+ unsigned long eip;
|
||||
+
|
||||
+ rc = emulate_pop(ctxt, &eip, ctxt->op_bytes);
|
||||
+ if (rc != X86EMUL_CONTINUE)
|
||||
+ return rc;
|
||||
+
|
||||
+ return assign_eip_near(ctxt, eip);
|
||||
}
|
||||
|
||||
static int em_ret_far(struct x86_emulate_ctxt *ctxt)
|
||||
@@ -2305,7 +2321,7 @@ static int em_sysexit(struct x86_emulate
|
||||
{
|
||||
const struct x86_emulate_ops *ops = ctxt->ops;
|
||||
struct desc_struct cs, ss;
|
||||
- u64 msr_data;
|
||||
+ u64 msr_data, rcx, rdx;
|
||||
int usermode;
|
||||
u16 cs_sel = 0, ss_sel = 0;
|
||||
|
||||
@@ -2321,6 +2337,9 @@ static int em_sysexit(struct x86_emulate
|
||||
else
|
||||
usermode = X86EMUL_MODE_PROT32;
|
||||
|
||||
+ rcx = reg_read(ctxt, VCPU_REGS_RCX);
|
||||
+ rdx = reg_read(ctxt, VCPU_REGS_RDX);
|
||||
+
|
||||
cs.dpl = 3;
|
||||
ss.dpl = 3;
|
||||
ops->get_msr(ctxt, MSR_IA32_SYSENTER_CS, &msr_data);
|
||||
@@ -2338,6 +2357,9 @@ static int em_sysexit(struct x86_emulate
|
||||
ss_sel = cs_sel + 8;
|
||||
cs.d = 0;
|
||||
cs.l = 1;
|
||||
+ if (is_noncanonical_address(rcx) ||
|
||||
+ is_noncanonical_address(rdx))
|
||||
+ return emulate_gp(ctxt, 0);
|
||||
break;
|
||||
}
|
||||
cs_sel |= SELECTOR_RPL_MASK;
|
||||
@@ -2346,8 +2368,8 @@ static int em_sysexit(struct x86_emulate
|
||||
ops->set_segment(ctxt, cs_sel, &cs, 0, VCPU_SREG_CS);
|
||||
ops->set_segment(ctxt, ss_sel, &ss, 0, VCPU_SREG_SS);
|
||||
|
||||
- ctxt->_eip = reg_read(ctxt, VCPU_REGS_RDX);
|
||||
- *reg_write(ctxt, VCPU_REGS_RSP) = reg_read(ctxt, VCPU_REGS_RCX);
|
||||
+ ctxt->_eip = rdx;
|
||||
+ *reg_write(ctxt, VCPU_REGS_RSP) = rcx;
|
||||
|
||||
return X86EMUL_CONTINUE;
|
||||
}
|
||||
@@ -2888,10 +2910,13 @@ static int em_aad(struct x86_emulate_ctx
|
||||
|
||||
static int em_call(struct x86_emulate_ctxt *ctxt)
|
||||
{
|
||||
+ int rc;
|
||||
long rel = ctxt->src.val;
|
||||
|
||||
ctxt->src.val = (unsigned long)ctxt->_eip;
|
||||
- jmp_rel(ctxt, rel);
|
||||
+ rc = jmp_rel(ctxt, rel);
|
||||
+ if (rc != X86EMUL_CONTINUE)
|
||||
+ return rc;
|
||||
return em_push(ctxt);
|
||||
}
|
||||
|
||||
@@ -2923,11 +2948,12 @@ static int em_call_far(struct x86_emulat
|
||||
static int em_ret_near_imm(struct x86_emulate_ctxt *ctxt)
|
||||
{
|
||||
int rc;
|
||||
+ unsigned long eip;
|
||||
|
||||
- ctxt->dst.type = OP_REG;
|
||||
- ctxt->dst.addr.reg = &ctxt->_eip;
|
||||
- ctxt->dst.bytes = ctxt->op_bytes;
|
||||
- rc = emulate_pop(ctxt, &ctxt->dst.val, ctxt->op_bytes);
|
||||
+ rc = emulate_pop(ctxt, &eip, ctxt->op_bytes);
|
||||
+ if (rc != X86EMUL_CONTINUE)
|
||||
+ return rc;
|
||||
+ rc = assign_eip_near(ctxt, eip);
|
||||
if (rc != X86EMUL_CONTINUE)
|
||||
return rc;
|
||||
rsp_increment(ctxt, ctxt->src.val);
|
||||
@@ -3257,20 +3283,24 @@ static int em_lmsw(struct x86_emulate_ct
|
||||
|
||||
static int em_loop(struct x86_emulate_ctxt *ctxt)
|
||||
{
|
||||
+ int rc = X86EMUL_CONTINUE;
|
||||
+
|
||||
register_address_increment(ctxt, reg_rmw(ctxt, VCPU_REGS_RCX), -1);
|
||||
if ((address_mask(ctxt, reg_read(ctxt, VCPU_REGS_RCX)) != 0) &&
|
||||
(ctxt->b == 0xe2 || test_cc(ctxt->b ^ 0x5, ctxt->eflags)))
|
||||
- jmp_rel(ctxt, ctxt->src.val);
|
||||
+ rc = jmp_rel(ctxt, ctxt->src.val);
|
||||
|
||||
- return X86EMUL_CONTINUE;
|
||||
+ return rc;
|
||||
}
|
||||
|
||||
static int em_jcxz(struct x86_emulate_ctxt *ctxt)
|
||||
{
|
||||
+ int rc = X86EMUL_CONTINUE;
|
||||
+
|
||||
if (address_mask(ctxt, reg_read(ctxt, VCPU_REGS_RCX)) == 0)
|
||||
- jmp_rel(ctxt, ctxt->src.val);
|
||||
+ rc = jmp_rel(ctxt, ctxt->src.val);
|
||||
|
||||
- return X86EMUL_CONTINUE;
|
||||
+ return rc;
|
||||
}
|
||||
|
||||
static int em_in(struct x86_emulate_ctxt *ctxt)
|
||||
@@ -4671,7 +4701,7 @@ special_insn:
|
||||
break;
|
||||
case 0x70 ... 0x7f: /* jcc (short) */
|
||||
if (test_cc(ctxt->b, ctxt->eflags))
|
||||
- jmp_rel(ctxt, ctxt->src.val);
|
||||
+ rc = jmp_rel(ctxt, ctxt->src.val);
|
||||
break;
|
||||
case 0x8d: /* lea r16/r32, m */
|
||||
ctxt->dst.val = ctxt->src.addr.mem.ea;
|
||||
@@ -4700,7 +4730,7 @@ special_insn:
|
||||
break;
|
||||
case 0xe9: /* jmp rel */
|
||||
case 0xeb: /* jmp rel short */
|
||||
- jmp_rel(ctxt, ctxt->src.val);
|
||||
+ rc = jmp_rel(ctxt, ctxt->src.val);
|
||||
ctxt->dst.type = OP_NONE; /* Disable writeback. */
|
||||
break;
|
||||
case 0xf4: /* hlt */
|
||||
@@ -4820,7 +4850,7 @@ twobyte_insn:
|
||||
break;
|
||||
case 0x80 ... 0x8f: /* jnz rel, etc*/
|
||||
if (test_cc(ctxt->b, ctxt->eflags))
|
||||
- jmp_rel(ctxt, ctxt->src.val);
|
||||
+ rc = jmp_rel(ctxt, ctxt->src.val);
|
||||
break;
|
||||
case 0x90 ... 0x9f: /* setcc r/m8 */
|
||||
ctxt->dst.val = test_cc(ctxt->b, ctxt->eflags);
|
60
debian/patches/bugfix/x86/KVM-x86-Fix-wrong-masking-on-relative-jump-call.patch
vendored
Normal file
60
debian/patches/bugfix/x86/KVM-x86-Fix-wrong-masking-on-relative-jump-call.patch
vendored
Normal file
|
@ -0,0 +1,60 @@
|
|||
From: Nadav Amit <namit@cs.technion.ac.il>
|
||||
Date: Thu, 18 Sep 2014 22:39:37 +0300
|
||||
Subject: KVM: x86: Fix wrong masking on relative jump/call
|
||||
Origin: https://git.kernel.org/linus/05c83ec9b73c8124555b706f6af777b10adf0862
|
||||
|
||||
Relative jumps and calls do the masking according to the operand size, and not
|
||||
according to the address size as the KVM emulator does today.
|
||||
|
||||
This patch fixes KVM behavior.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/emulate.c | 27 ++++++++++++++++++++++-----
|
||||
1 file changed, 22 insertions(+), 5 deletions(-)
|
||||
|
||||
--- a/arch/x86/kvm/emulate.c
|
||||
+++ b/arch/x86/kvm/emulate.c
|
||||
@@ -499,11 +499,6 @@ static void rsp_increment(struct x86_emu
|
||||
masked_increment(reg_rmw(ctxt, VCPU_REGS_RSP), stack_mask(ctxt), inc);
|
||||
}
|
||||
|
||||
-static inline void jmp_rel(struct x86_emulate_ctxt *ctxt, int rel)
|
||||
-{
|
||||
- register_address_increment(ctxt, &ctxt->_eip, rel);
|
||||
-}
|
||||
-
|
||||
static u32 desc_limit_scaled(struct desc_struct *desc)
|
||||
{
|
||||
u32 limit = get_desc_limit(desc);
|
||||
@@ -577,6 +572,28 @@ static int emulate_nm(struct x86_emulate
|
||||
return emulate_exception(ctxt, NM_VECTOR, 0, false);
|
||||
}
|
||||
|
||||
+static inline void assign_eip_near(struct x86_emulate_ctxt *ctxt, ulong dst)
|
||||
+{
|
||||
+ switch (ctxt->op_bytes) {
|
||||
+ case 2:
|
||||
+ ctxt->_eip = (u16)dst;
|
||||
+ break;
|
||||
+ case 4:
|
||||
+ ctxt->_eip = (u32)dst;
|
||||
+ break;
|
||||
+ case 8:
|
||||
+ ctxt->_eip = dst;
|
||||
+ break;
|
||||
+ default:
|
||||
+ WARN(1, "unsupported eip assignment size\n");
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static inline void jmp_rel(struct x86_emulate_ctxt *ctxt, int rel)
|
||||
+{
|
||||
+ assign_eip_near(ctxt, ctxt->_eip + rel);
|
||||
+}
|
||||
+
|
||||
static u16 get_segment_selector(struct x86_emulate_ctxt *ctxt, unsigned seg)
|
||||
{
|
||||
u16 selector;
|
245
debian/patches/bugfix/x86/KVM-x86-Handle-errors-when-RIP-is-set-during-far-jum.patch
vendored
Normal file
245
debian/patches/bugfix/x86/KVM-x86-Handle-errors-when-RIP-is-set-during-far-jum.patch
vendored
Normal file
|
@ -0,0 +1,245 @@
|
|||
From: Nadav Amit <namit@cs.technion.ac.il>
|
||||
Date: Thu, 18 Sep 2014 22:39:39 +0300
|
||||
Subject: KVM: x86: Handle errors when RIP is set during far jumps
|
||||
Origin: https://git.kernel.org/linus/d1442d85cc30ea75f7d399474ca738e0bc96f715
|
||||
|
||||
Far jmp/call/ret may fault while loading a new RIP. Currently KVM does not
|
||||
handle this case, and may result in failed vm-entry once the assignment is
|
||||
done. The tricky part of doing so is that loading the new CS affects the
|
||||
VMCS/VMCB state, so if we fail during loading the new RIP, we are left in
|
||||
unconsistent state. Therefore, this patch saves on 64-bit the old CS
|
||||
descriptor and restores it if loading RIP failed.
|
||||
|
||||
This fixes CVE-2014-3647.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/emulate.c | 118 ++++++++++++++++++++++++++++++++++++-------------
|
||||
1 file changed, 88 insertions(+), 30 deletions(-)
|
||||
|
||||
--- a/arch/x86/kvm/emulate.c
|
||||
+++ b/arch/x86/kvm/emulate.c
|
||||
@@ -1442,7 +1442,9 @@ static int write_segment_descriptor(stru
|
||||
|
||||
/* Does not support long mode */
|
||||
static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
|
||||
- u16 selector, int seg, u8 cpl, bool in_task_switch)
|
||||
+ u16 selector, int seg, u8 cpl,
|
||||
+ bool in_task_switch,
|
||||
+ struct desc_struct *desc)
|
||||
{
|
||||
struct desc_struct seg_desc, old_desc;
|
||||
u8 dpl, rpl;
|
||||
@@ -1574,6 +1576,8 @@ static int __load_segment_descriptor(str
|
||||
}
|
||||
load:
|
||||
ctxt->ops->set_segment(ctxt, selector, &seg_desc, base3, seg);
|
||||
+ if (desc)
|
||||
+ *desc = seg_desc;
|
||||
return X86EMUL_CONTINUE;
|
||||
exception:
|
||||
emulate_exception(ctxt, err_vec, err_code, true);
|
||||
@@ -1584,7 +1588,7 @@ static int load_segment_descriptor(struc
|
||||
u16 selector, int seg)
|
||||
{
|
||||
u8 cpl = ctxt->ops->cpl(ctxt);
|
||||
- return __load_segment_descriptor(ctxt, selector, seg, cpl, false);
|
||||
+ return __load_segment_descriptor(ctxt, selector, seg, cpl, false, NULL);
|
||||
}
|
||||
|
||||
static void write_register_operand(struct operand *op)
|
||||
@@ -1978,17 +1982,31 @@ static int em_iret(struct x86_emulate_ct
|
||||
static int em_jmp_far(struct x86_emulate_ctxt *ctxt)
|
||||
{
|
||||
int rc;
|
||||
- unsigned short sel;
|
||||
+ unsigned short sel, old_sel;
|
||||
+ struct desc_struct old_desc, new_desc;
|
||||
+ const struct x86_emulate_ops *ops = ctxt->ops;
|
||||
+ u8 cpl = ctxt->ops->cpl(ctxt);
|
||||
+
|
||||
+ /* Assignment of RIP may only fail in 64-bit mode */
|
||||
+ if (ctxt->mode == X86EMUL_MODE_PROT64)
|
||||
+ ops->get_segment(ctxt, &old_sel, &old_desc, NULL,
|
||||
+ VCPU_SREG_CS);
|
||||
|
||||
memcpy(&sel, ctxt->src.valptr + ctxt->op_bytes, 2);
|
||||
|
||||
- rc = load_segment_descriptor(ctxt, sel, VCPU_SREG_CS);
|
||||
+ rc = __load_segment_descriptor(ctxt, sel, VCPU_SREG_CS, cpl, false,
|
||||
+ &new_desc);
|
||||
if (rc != X86EMUL_CONTINUE)
|
||||
return rc;
|
||||
|
||||
- ctxt->_eip = 0;
|
||||
- memcpy(&ctxt->_eip, ctxt->src.valptr, ctxt->op_bytes);
|
||||
- return X86EMUL_CONTINUE;
|
||||
+ rc = assign_eip_far(ctxt, ctxt->src.val, new_desc.l);
|
||||
+ if (rc != X86EMUL_CONTINUE) {
|
||||
+ WARN_ON(!ctxt->mode != X86EMUL_MODE_PROT64);
|
||||
+ /* assigning eip failed; restore the old cs */
|
||||
+ ops->set_segment(ctxt, old_sel, &old_desc, 0, VCPU_SREG_CS);
|
||||
+ return rc;
|
||||
+ }
|
||||
+ return rc;
|
||||
}
|
||||
|
||||
static int em_grp45(struct x86_emulate_ctxt *ctxt)
|
||||
@@ -2055,21 +2073,34 @@ static int em_ret(struct x86_emulate_ctx
|
||||
static int em_ret_far(struct x86_emulate_ctxt *ctxt)
|
||||
{
|
||||
int rc;
|
||||
- unsigned long cs;
|
||||
+ unsigned long eip, cs;
|
||||
+ u16 old_cs;
|
||||
int cpl = ctxt->ops->cpl(ctxt);
|
||||
+ struct desc_struct old_desc, new_desc;
|
||||
+ const struct x86_emulate_ops *ops = ctxt->ops;
|
||||
+
|
||||
+ if (ctxt->mode == X86EMUL_MODE_PROT64)
|
||||
+ ops->get_segment(ctxt, &old_cs, &old_desc, NULL,
|
||||
+ VCPU_SREG_CS);
|
||||
|
||||
- rc = emulate_pop(ctxt, &ctxt->_eip, ctxt->op_bytes);
|
||||
+ rc = emulate_pop(ctxt, &eip, ctxt->op_bytes);
|
||||
if (rc != X86EMUL_CONTINUE)
|
||||
return rc;
|
||||
- if (ctxt->op_bytes == 4)
|
||||
- ctxt->_eip = (u32)ctxt->_eip;
|
||||
rc = emulate_pop(ctxt, &cs, ctxt->op_bytes);
|
||||
if (rc != X86EMUL_CONTINUE)
|
||||
return rc;
|
||||
/* Outer-privilege level return is not implemented */
|
||||
if (ctxt->mode >= X86EMUL_MODE_PROT16 && (cs & 3) > cpl)
|
||||
return X86EMUL_UNHANDLEABLE;
|
||||
- rc = load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS);
|
||||
+ rc = __load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS, 0, false,
|
||||
+ &new_desc);
|
||||
+ if (rc != X86EMUL_CONTINUE)
|
||||
+ return rc;
|
||||
+ rc = assign_eip_far(ctxt, eip, new_desc.l);
|
||||
+ if (rc != X86EMUL_CONTINUE) {
|
||||
+ WARN_ON(!ctxt->mode != X86EMUL_MODE_PROT64);
|
||||
+ ops->set_segment(ctxt, old_cs, &old_desc, 0, VCPU_SREG_CS);
|
||||
+ }
|
||||
return rc;
|
||||
}
|
||||
|
||||
@@ -2496,19 +2527,24 @@ static int load_state_from_tss16(struct
|
||||
* Now load segment descriptors. If fault happens at this stage
|
||||
* it is handled in a context of new task
|
||||
*/
|
||||
- ret = __load_segment_descriptor(ctxt, tss->ldt, VCPU_SREG_LDTR, cpl, true);
|
||||
+ ret = __load_segment_descriptor(ctxt, tss->ldt, VCPU_SREG_LDTR, cpl,
|
||||
+ true, NULL);
|
||||
if (ret != X86EMUL_CONTINUE)
|
||||
return ret;
|
||||
- ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl, true);
|
||||
+ ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl,
|
||||
+ true, NULL);
|
||||
if (ret != X86EMUL_CONTINUE)
|
||||
return ret;
|
||||
- ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl, true);
|
||||
+ ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl,
|
||||
+ true, NULL);
|
||||
if (ret != X86EMUL_CONTINUE)
|
||||
return ret;
|
||||
- ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl, true);
|
||||
+ ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl,
|
||||
+ true, NULL);
|
||||
if (ret != X86EMUL_CONTINUE)
|
||||
return ret;
|
||||
- ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl, true);
|
||||
+ ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl,
|
||||
+ true, NULL);
|
||||
if (ret != X86EMUL_CONTINUE)
|
||||
return ret;
|
||||
|
||||
@@ -2633,25 +2669,32 @@ static int load_state_from_tss32(struct
|
||||
* Now load segment descriptors. If fault happenes at this stage
|
||||
* it is handled in a context of new task
|
||||
*/
|
||||
- ret = __load_segment_descriptor(ctxt, tss->ldt_selector, VCPU_SREG_LDTR, cpl, true);
|
||||
+ ret = __load_segment_descriptor(ctxt, tss->ldt_selector, VCPU_SREG_LDTR,
|
||||
+ cpl, true, NULL);
|
||||
if (ret != X86EMUL_CONTINUE)
|
||||
return ret;
|
||||
- ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl, true);
|
||||
+ ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl,
|
||||
+ true, NULL);
|
||||
if (ret != X86EMUL_CONTINUE)
|
||||
return ret;
|
||||
- ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl, true);
|
||||
+ ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl,
|
||||
+ true, NULL);
|
||||
if (ret != X86EMUL_CONTINUE)
|
||||
return ret;
|
||||
- ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl, true);
|
||||
+ ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl,
|
||||
+ true, NULL);
|
||||
if (ret != X86EMUL_CONTINUE)
|
||||
return ret;
|
||||
- ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl, true);
|
||||
+ ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl,
|
||||
+ true, NULL);
|
||||
if (ret != X86EMUL_CONTINUE)
|
||||
return ret;
|
||||
- ret = __load_segment_descriptor(ctxt, tss->fs, VCPU_SREG_FS, cpl, true);
|
||||
+ ret = __load_segment_descriptor(ctxt, tss->fs, VCPU_SREG_FS, cpl,
|
||||
+ true, NULL);
|
||||
if (ret != X86EMUL_CONTINUE)
|
||||
return ret;
|
||||
- ret = __load_segment_descriptor(ctxt, tss->gs, VCPU_SREG_GS, cpl, true);
|
||||
+ ret = __load_segment_descriptor(ctxt, tss->gs, VCPU_SREG_GS, cpl,
|
||||
+ true, NULL);
|
||||
if (ret != X86EMUL_CONTINUE)
|
||||
return ret;
|
||||
|
||||
@@ -2934,24 +2977,39 @@ static int em_call_far(struct x86_emulat
|
||||
u16 sel, old_cs;
|
||||
ulong old_eip;
|
||||
int rc;
|
||||
+ struct desc_struct old_desc, new_desc;
|
||||
+ const struct x86_emulate_ops *ops = ctxt->ops;
|
||||
+ int cpl = ctxt->ops->cpl(ctxt);
|
||||
|
||||
- old_cs = get_segment_selector(ctxt, VCPU_SREG_CS);
|
||||
old_eip = ctxt->_eip;
|
||||
+ ops->get_segment(ctxt, &old_cs, &old_desc, NULL, VCPU_SREG_CS);
|
||||
|
||||
memcpy(&sel, ctxt->src.valptr + ctxt->op_bytes, 2);
|
||||
- if (load_segment_descriptor(ctxt, sel, VCPU_SREG_CS))
|
||||
+ rc = __load_segment_descriptor(ctxt, sel, VCPU_SREG_CS, cpl, false,
|
||||
+ &new_desc);
|
||||
+ if (rc != X86EMUL_CONTINUE)
|
||||
return X86EMUL_CONTINUE;
|
||||
|
||||
- ctxt->_eip = 0;
|
||||
- memcpy(&ctxt->_eip, ctxt->src.valptr, ctxt->op_bytes);
|
||||
+ rc = assign_eip_far(ctxt, ctxt->src.val, new_desc.l);
|
||||
+ if (rc != X86EMUL_CONTINUE)
|
||||
+ goto fail;
|
||||
|
||||
ctxt->src.val = old_cs;
|
||||
rc = em_push(ctxt);
|
||||
if (rc != X86EMUL_CONTINUE)
|
||||
- return rc;
|
||||
+ goto fail;
|
||||
|
||||
ctxt->src.val = old_eip;
|
||||
- return em_push(ctxt);
|
||||
+ rc = em_push(ctxt);
|
||||
+ /* If we failed, we tainted the memory, but the very least we should
|
||||
+ restore cs */
|
||||
+ if (rc != X86EMUL_CONTINUE)
|
||||
+ goto fail;
|
||||
+ return rc;
|
||||
+fail:
|
||||
+ ops->set_segment(ctxt, old_cs, &old_desc, 0, VCPU_SREG_CS);
|
||||
+ return rc;
|
||||
+
|
||||
}
|
||||
|
||||
static int em_ret_near_imm(struct x86_emulate_ctxt *ctxt)
|
|
@ -0,0 +1,34 @@
|
|||
From: Andy Honig <ahonig@google.com>
|
||||
Date: Wed, 27 Aug 2014 14:42:54 -0700
|
||||
Subject: KVM: x86: Improve thread safety in pit
|
||||
Origin: https://git.kernel.org/linus/2febc839133280d5a5e8e1179c94ea674489dae2
|
||||
|
||||
There's a race condition in the PIT emulation code in KVM. In
|
||||
__kvm_migrate_pit_timer the pit_timer object is accessed without
|
||||
synchronization. If the race condition occurs at the wrong time this
|
||||
can crash the host kernel.
|
||||
|
||||
This fixes CVE-2014-3611.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Andrew Honig <ahonig@google.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/i8254.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
|
||||
index 518d864..298781d 100644
|
||||
--- a/arch/x86/kvm/i8254.c
|
||||
+++ b/arch/x86/kvm/i8254.c
|
||||
@@ -262,8 +262,10 @@ void __kvm_migrate_pit_timer(struct kvm_vcpu *vcpu)
|
||||
return;
|
||||
|
||||
timer = &pit->pit_state.timer;
|
||||
+ mutex_lock(&pit->pit_state.lock);
|
||||
if (hrtimer_cancel(timer))
|
||||
hrtimer_start_expires(timer, HRTIMER_MODE_ABS);
|
||||
+ mutex_unlock(&pit->pit_state.lock);
|
||||
}
|
||||
|
||||
static void destroy_pit_timer(struct kvm_pit *pit)
|
81
debian/patches/bugfix/x86/KVM-x86-Prevent-host-from-panicking-on-shared-MSR-wr.patch
vendored
Normal file
81
debian/patches/bugfix/x86/KVM-x86-Prevent-host-from-panicking-on-shared-MSR-wr.patch
vendored
Normal file
|
@ -0,0 +1,81 @@
|
|||
From: Andy Honig <ahonig@google.com>
|
||||
Date: Wed, 27 Aug 2014 11:16:44 -0700
|
||||
Subject: KVM: x86: Prevent host from panicking on shared MSR writes.
|
||||
Origin: https://git.kernel.org/linus/8b3c3104c3f4f706e99365c3e0d2aa61b95f969f
|
||||
|
||||
The previous patch blocked invalid writes directly when the MSR
|
||||
is written. As a precaution, prevent future similar mistakes by
|
||||
gracefulling handle GPs caused by writes to shared MSRs.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Andrew Honig <ahonig@google.com>
|
||||
[Remove parts obsoleted by Nadav's patch. - Paolo]
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/include/asm/kvm_host.h | 2 +-
|
||||
arch/x86/kvm/vmx.c | 7 +++++--
|
||||
arch/x86/kvm/x86.c | 11 ++++++++---
|
||||
3 files changed, 14 insertions(+), 6 deletions(-)
|
||||
|
||||
--- a/arch/x86/include/asm/kvm_host.h
|
||||
+++ b/arch/x86/include/asm/kvm_host.h
|
||||
@@ -1061,7 +1061,7 @@ int kvm_cpu_get_interrupt(struct kvm_vcp
|
||||
void kvm_vcpu_reset(struct kvm_vcpu *vcpu);
|
||||
|
||||
void kvm_define_shared_msr(unsigned index, u32 msr);
|
||||
-void kvm_set_shared_msr(unsigned index, u64 val, u64 mask);
|
||||
+int kvm_set_shared_msr(unsigned index, u64 val, u64 mask);
|
||||
|
||||
bool kvm_is_linear_rip(struct kvm_vcpu *vcpu, unsigned long linear_rip);
|
||||
|
||||
--- a/arch/x86/kvm/vmx.c
|
||||
+++ b/arch/x86/kvm/vmx.c
|
||||
@@ -2615,12 +2615,15 @@ static int vmx_set_msr(struct kvm_vcpu *
|
||||
default:
|
||||
msr = find_msr_entry(vmx, msr_index);
|
||||
if (msr) {
|
||||
+ u64 old_msr_data = msr->data;
|
||||
msr->data = data;
|
||||
if (msr - vmx->guest_msrs < vmx->save_nmsrs) {
|
||||
preempt_disable();
|
||||
- kvm_set_shared_msr(msr->index, msr->data,
|
||||
- msr->mask);
|
||||
+ ret = kvm_set_shared_msr(msr->index, msr->data,
|
||||
+ msr->mask);
|
||||
preempt_enable();
|
||||
+ if (ret)
|
||||
+ msr->data = old_msr_data;
|
||||
}
|
||||
break;
|
||||
}
|
||||
--- a/arch/x86/kvm/x86.c
|
||||
+++ b/arch/x86/kvm/x86.c
|
||||
@@ -227,20 +227,25 @@ static void kvm_shared_msr_cpu_online(vo
|
||||
shared_msr_update(i, shared_msrs_global.msrs[i]);
|
||||
}
|
||||
|
||||
-void kvm_set_shared_msr(unsigned slot, u64 value, u64 mask)
|
||||
+int kvm_set_shared_msr(unsigned slot, u64 value, u64 mask)
|
||||
{
|
||||
unsigned int cpu = smp_processor_id();
|
||||
struct kvm_shared_msrs *smsr = per_cpu_ptr(shared_msrs, cpu);
|
||||
+ int err;
|
||||
|
||||
if (((value ^ smsr->values[slot].curr) & mask) == 0)
|
||||
- return;
|
||||
+ return 0;
|
||||
smsr->values[slot].curr = value;
|
||||
- wrmsrl(shared_msrs_global.msrs[slot], value);
|
||||
+ err = wrmsrl_safe(shared_msrs_global.msrs[slot], value);
|
||||
+ if (err)
|
||||
+ return 1;
|
||||
+
|
||||
if (!smsr->registered) {
|
||||
smsr->urn.on_user_return = kvm_on_user_return;
|
||||
user_return_notifier_register(&smsr->urn);
|
||||
smsr->registered = true;
|
||||
}
|
||||
+ return 0;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(kvm_set_shared_msr);
|
||||
|
|
@ -0,0 +1,72 @@
|
|||
From: Petr Matousek <pmatouse@redhat.com>
|
||||
Date: Tue, 23 Sep 2014 20:22:30 +0200
|
||||
Subject: kvm: vmx: handle invvpid vm exit gracefully
|
||||
Origin: https://git.kernel.org/linus/a642fc305053cc1c6e47e4f4df327895747ab485
|
||||
|
||||
On systems with invvpid instruction support (corresponding bit in
|
||||
IA32_VMX_EPT_VPID_CAP MSR is set) guest invocation of invvpid
|
||||
causes vm exit, which is currently not handled and results in
|
||||
propagation of unknown exit to userspace.
|
||||
|
||||
Fix this by installing an invvpid vm exit handler.
|
||||
|
||||
This is CVE-2014-3646.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/include/uapi/asm/vmx.h | 2 ++
|
||||
arch/x86/kvm/vmx.c | 9 ++++++++-
|
||||
2 files changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/arch/x86/include/uapi/asm/vmx.h
|
||||
+++ b/arch/x86/include/uapi/asm/vmx.h
|
||||
@@ -67,6 +67,7 @@
|
||||
#define EXIT_REASON_EPT_MISCONFIG 49
|
||||
#define EXIT_REASON_INVEPT 50
|
||||
#define EXIT_REASON_PREEMPTION_TIMER 52
|
||||
+#define EXIT_REASON_INVVPID 53
|
||||
#define EXIT_REASON_WBINVD 54
|
||||
#define EXIT_REASON_XSETBV 55
|
||||
#define EXIT_REASON_APIC_WRITE 56
|
||||
@@ -114,6 +115,7 @@
|
||||
{ EXIT_REASON_EOI_INDUCED, "EOI_INDUCED" }, \
|
||||
{ EXIT_REASON_INVALID_STATE, "INVALID_STATE" }, \
|
||||
{ EXIT_REASON_INVD, "INVD" }, \
|
||||
+ { EXIT_REASON_INVVPID, "INVVPID" }, \
|
||||
{ EXIT_REASON_INVPCID, "INVPCID" }
|
||||
|
||||
#endif /* _UAPIVMX_H */
|
||||
--- a/arch/x86/kvm/vmx.c
|
||||
+++ b/arch/x86/kvm/vmx.c
|
||||
@@ -6618,6 +6618,12 @@ static int handle_invept(struct kvm_vcpu
|
||||
return 1;
|
||||
}
|
||||
|
||||
+static int handle_invvpid(struct kvm_vcpu *vcpu)
|
||||
+{
|
||||
+ kvm_queue_exception(vcpu, UD_VECTOR);
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* The exit handlers return 1 if the exit was handled fully and guest execution
|
||||
* may resume. Otherwise they set the kvm_run parameter to indicate what needs
|
||||
@@ -6663,6 +6669,7 @@ static int (*const kvm_vmx_exit_handlers
|
||||
[EXIT_REASON_MWAIT_INSTRUCTION] = handle_mwait,
|
||||
[EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor,
|
||||
[EXIT_REASON_INVEPT] = handle_invept,
|
||||
+ [EXIT_REASON_INVVPID] = handle_invvpid,
|
||||
};
|
||||
|
||||
static const int kvm_vmx_max_exit_handlers =
|
||||
@@ -6896,7 +6903,7 @@ static bool nested_vmx_exit_handled(stru
|
||||
case EXIT_REASON_VMPTRST: case EXIT_REASON_VMREAD:
|
||||
case EXIT_REASON_VMRESUME: case EXIT_REASON_VMWRITE:
|
||||
case EXIT_REASON_VMOFF: case EXIT_REASON_VMON:
|
||||
- case EXIT_REASON_INVEPT:
|
||||
+ case EXIT_REASON_INVEPT: case EXIT_REASON_INVVPID:
|
||||
/*
|
||||
* VMX instructions trap unconditionally. This allows L1 to
|
||||
* emulate them for its L2 guest, i.e., allows 3-level nesting!
|
|
@ -0,0 +1,58 @@
|
|||
From: Nadav Amit <namit@cs.technion.ac.il>
|
||||
Date: Tue, 28 Oct 2014 00:03:43 +0200
|
||||
Subject: KVM: x86: Fix far-jump to non-canonical check
|
||||
Origin: https://git.kernel.org/linus/7e46dddd6f6cd5dbf3c7bd04a7e75d19475ac9f2
|
||||
|
||||
Commit d1442d85cc30 ("KVM: x86: Handle errors when RIP is set during far
|
||||
jumps") introduced a bug that caused the fix to be incomplete. Due to
|
||||
incorrect evaluation, far jump to segment with L bit cleared (i.e., 32-bit
|
||||
segment) and RIP with any of the high bits set (i.e, RIP[63:32] != 0) set may
|
||||
not trigger #GP. As we know, this imposes a security problem.
|
||||
|
||||
In addition, the condition for two warnings was incorrect.
|
||||
|
||||
Fixes: d1442d85cc30ea75f7d399474ca738e0bc96f715
|
||||
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
|
||||
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
|
||||
[Add #ifdef CONFIG_X86_64 to avoid complaints of undefined behavior. - Paolo]
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/emulate.c | 8 +++++---
|
||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
--- a/arch/x86/kvm/emulate.c
|
||||
+++ b/arch/x86/kvm/emulate.c
|
||||
@@ -582,12 +582,14 @@ static inline int assign_eip_far(struct
|
||||
case 4:
|
||||
ctxt->_eip = (u32)dst;
|
||||
break;
|
||||
+#ifdef CONFIG_X86_64
|
||||
case 8:
|
||||
if ((cs_l && is_noncanonical_address(dst)) ||
|
||||
- (!cs_l && (dst & ~(u32)-1)))
|
||||
+ (!cs_l && (dst >> 32) != 0))
|
||||
return emulate_gp(ctxt, 0);
|
||||
ctxt->_eip = dst;
|
||||
break;
|
||||
+#endif
|
||||
default:
|
||||
WARN(1, "unsupported eip assignment size\n");
|
||||
}
|
||||
@@ -1998,7 +2000,7 @@ static int em_jmp_far(struct x86_emulate
|
||||
|
||||
rc = assign_eip_far(ctxt, ctxt->src.val, new_desc.l);
|
||||
if (rc != X86EMUL_CONTINUE) {
|
||||
- WARN_ON(!ctxt->mode != X86EMUL_MODE_PROT64);
|
||||
+ WARN_ON(ctxt->mode != X86EMUL_MODE_PROT64);
|
||||
/* assigning eip failed; restore the old cs */
|
||||
ops->set_segment(ctxt, old_sel, &old_desc, 0, VCPU_SREG_CS);
|
||||
return rc;
|
||||
@@ -2092,7 +2094,7 @@ static int em_ret_far(struct x86_emulate
|
||||
return rc;
|
||||
rc = assign_eip_far(ctxt, eip, new_desc.l);
|
||||
if (rc != X86EMUL_CONTINUE) {
|
||||
- WARN_ON(!ctxt->mode != X86EMUL_MODE_PROT64);
|
||||
+ WARN_ON(ctxt->mode != X86EMUL_MODE_PROT64);
|
||||
ops->set_segment(ctxt, old_cs, &old_desc, 0, VCPU_SREG_CS);
|
||||
}
|
||||
return rc;
|
|
@ -1,6 +1,7 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Fri, 12 Sep 2014 13:24:26 +0100
|
||||
Subject: i2o: Disable I2O_EXT_ADAPTEC on 64-bit
|
||||
Forwarded: no
|
||||
|
||||
The code it enables works uses 32-bit numbers for userland virtual
|
||||
addresses:
|
||||
|
|
|
@ -0,0 +1,49 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Sun, 26 Oct 2014 02:09:23 +0000
|
||||
Subject: mmc_block: Increase max_devices
|
||||
Bug-Debian: https://bugs.debian.org/765621
|
||||
Forwarded: http://mid.gmane.org/1415244909.3398.51.camel@decadent.org.uk
|
||||
|
||||
Currently the driver imposes a limit of 256 total minor numbers,
|
||||
apparently based on the historic Unix/Linux limit. This is quite
|
||||
restrictive, particularly if we raise the maximum number of
|
||||
partitions per card to 256 to match sd.
|
||||
|
||||
In order to make the full minor number space available we would
|
||||
have to replace the static dev_use and name_use arrays with struct
|
||||
ida. But we can at least allow use of 256 cards rather than just
|
||||
256 minors, with only a small change.
|
||||
|
||||
---
|
||||
--- a/drivers/mmc/card/block.c
|
||||
+++ b/drivers/mmc/card/block.c
|
||||
@@ -78,13 +78,16 @@ static int perdev_minors = CONFIG_MMC_BL
|
||||
|
||||
/*
|
||||
* We've only got one major, so number of mmcblk devices is
|
||||
- * limited to 256 / number of minors per device.
|
||||
+ * limited to (1 << 20) / number of minors per device. It is also
|
||||
+ * currently limited by the size of the static bitmaps below.
|
||||
*/
|
||||
static int max_devices;
|
||||
|
||||
-/* 256 minors, so at most 256 separate devices */
|
||||
-static DECLARE_BITMAP(dev_use, 256);
|
||||
-static DECLARE_BITMAP(name_use, 256);
|
||||
+#define MAX_DEVICES 256
|
||||
+
|
||||
+/* TODO: Replace these with struct ida */
|
||||
+static DECLARE_BITMAP(dev_use, MAX_DEVICES);
|
||||
+static DECLARE_BITMAP(name_use, MAX_DEVICES);
|
||||
|
||||
/*
|
||||
* There is one mmc_blk_data per slot.
|
||||
@@ -2558,7 +2561,7 @@ static int __init mmc_blk_init(void)
|
||||
if (perdev_minors != CONFIG_MMC_BLOCK_MINORS)
|
||||
pr_info("mmcblk: using %d minors per device\n", perdev_minors);
|
||||
|
||||
- max_devices = 256 / perdev_minors;
|
||||
+ max_devices = min(MAX_DEVICES, (1 << MINORBITS) / perdev_minors);
|
||||
|
||||
res = register_blkdev(MMC_BLOCK_MAJOR, "mmc");
|
||||
if (res)
|
|
@ -0,0 +1,26 @@
|
|||
From: Cyril Brulebois <kibi@debian.org>
|
||||
Date: Sun, 26 Oct 2014 12:33:38 +0100
|
||||
Subject: wireless: rt2x00: add new rt2800usb device
|
||||
Bug-Debian: https://bugs.debian.org/766802
|
||||
Forwarded: http://article.gmane.org/gmane.linux.kernel/1815824
|
||||
|
||||
0x1b75 0xa200 AirLive WN-200USB wireless 11b/g/n dongle
|
||||
|
||||
References: https://bugs.debian.org/766802
|
||||
Reported-by: Martin Mokrejs <mmokrejs@fold.natur.cuni.cz>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Cyril Brulebois <kibi@debian.org>
|
||||
---
|
||||
drivers/net/wireless/rt2x00/rt2800usb.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
--- a/drivers/net/wireless/rt2x00/rt2800usb.c
|
||||
+++ b/drivers/net/wireless/rt2x00/rt2800usb.c
|
||||
@@ -1111,6 +1111,7 @@ static struct usb_device_id rt2800usb_de
|
||||
/* Ovislink */
|
||||
{ USB_DEVICE(0x1b75, 0x3071) },
|
||||
{ USB_DEVICE(0x1b75, 0x3072) },
|
||||
+ { USB_DEVICE(0x1b75, 0xa200) },
|
||||
/* Para */
|
||||
{ USB_DEVICE(0x20b8, 0x8888) },
|
||||
/* Pegatron */
|
|
@ -0,0 +1,246 @@
|
|||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Subject: [PATCH v2 3/3] ARM: dts: sun7i: Add Banana Pi board
|
||||
Date: Wed, 1 Oct 2014 09:26:06 +0200
|
||||
Origin: https://git.kernel.org/cgit/linux/kernel/git/mripard/linux.git/commit/?id=8a5b272fbf446ce475bb434b956a45a666936af4
|
||||
|
||||
The Banana Pi is an A20 based development board using Raspberry Pi compatible
|
||||
IO headers. It comes with 1 GB RAM, 1 Gb ethernet, 2x USB host, sata, hdmi
|
||||
and stereo audio out + various expenansion headers:
|
||||
|
||||
http://www.lemaker.org/
|
||||
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
|
||||
---
|
||||
arch/arm/boot/dts/Makefile | 1 +
|
||||
arch/arm/boot/dts/sun7i-a20-bananapi.dts | 214 +++++++++++++++++++++++++++++++
|
||||
2 files changed, 215 insertions(+)
|
||||
create mode 100644 arch/arm/boot/dts/sun7i-a20-bananapi.dts
|
||||
|
||||
--- a/arch/arm/boot/dts/Makefile
|
||||
+++ b/arch/arm/boot/dts/Makefile
|
||||
@@ -414,6 +414,7 @@ dtb-$(CONFIG_MACH_SUN6I) += \
|
||||
sun6i-a31-hummingbird.dtb \
|
||||
sun6i-a31-m9.dtb
|
||||
dtb-$(CONFIG_MACH_SUN7I) += \
|
||||
+ sun7i-a20-bananapi.dtb \
|
||||
sun7i-a20-cubieboard2.dtb \
|
||||
sun7i-a20-cubietruck.dtb \
|
||||
sun7i-a20-i12-tvbox.dtb \
|
||||
--- /dev/null
|
||||
+++ b/arch/arm/boot/dts/sun7i-a20-bananapi.dts
|
||||
@@ -0,0 +1,214 @@
|
||||
+/*
|
||||
+ * Copyright 2014 Hans de Goede <hdegoede@redhat.com>
|
||||
+ *
|
||||
+ * Hans de Goede <hdegoede@redhat.com>
|
||||
+ *
|
||||
+ * This file is dual-licensed: you can use it either under the terms
|
||||
+ * of the GPL or the X11 license, at your option. Note that this dual
|
||||
+ * licensing only applies to this file, and not this project as a
|
||||
+ * whole.
|
||||
+ *
|
||||
+ * a) This library is free software; you can redistribute it and/or
|
||||
+ * modify it under the terms of the GNU General Public License as
|
||||
+ * published by the Free Software Foundation; either version 2 of the
|
||||
+ * License, or (at your option) any later version.
|
||||
+ *
|
||||
+ * This library is distributed in the hope that it will be useful,
|
||||
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+ * GNU General Public License for more details.
|
||||
+ *
|
||||
+ * You should have received a copy of the GNU General Public
|
||||
+ * License along with this library; if not, write to the Free
|
||||
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
|
||||
+ * MA 02110-1301 USA
|
||||
+ *
|
||||
+ * Or, alternatively,
|
||||
+ *
|
||||
+ * b) Permission is hereby granted, free of charge, to any person
|
||||
+ * obtaining a copy of this software and associated documentation
|
||||
+ * files (the "Software"), to deal in the Software without
|
||||
+ * restriction, including without limitation the rights to use,
|
||||
+ * copy, modify, merge, publish, distribute, sublicense, and/or
|
||||
+ * sell copies of the Software, and to permit persons to whom the
|
||||
+ * Software is furnished to do so, subject to the following
|
||||
+ * conditions:
|
||||
+ *
|
||||
+ * The above copyright notice and this permission notice shall be
|
||||
+ * included in all copies or substantial portions of the Software.
|
||||
+ *
|
||||
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
|
||||
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
|
||||
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
||||
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
||||
+ * OTHER DEALINGS IN THE SOFTWARE.
|
||||
+ */
|
||||
+
|
||||
+/dts-v1/;
|
||||
+/include/ "sun7i-a20.dtsi"
|
||||
+/include/ "sunxi-common-regulators.dtsi"
|
||||
+
|
||||
+/ {
|
||||
+ model = "LeMaker Banana Pi";
|
||||
+ compatible = "lemaker,bananapi", "allwinner,sun7i-a20";
|
||||
+
|
||||
+ soc@01c00000 {
|
||||
+ spi0: spi@01c05000 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&spi0_pins_a>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ mmc0: mmc@01c0f000 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&mmc0_pins_a>, <&mmc0_cd_pin_bananapi>;
|
||||
+ vmmc-supply = <®_vcc3v3>;
|
||||
+ bus-width = <4>;
|
||||
+ cd-gpios = <&pio 7 10 0>; /* PH10 */
|
||||
+ cd-inverted;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ usbphy: phy@01c13400 {
|
||||
+ usb1_vbus-supply = <®_usb1_vbus>;
|
||||
+ usb2_vbus-supply = <®_usb2_vbus>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ ehci0: usb@01c14000 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ ohci0: usb@01c14400 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ ahci: sata@01c18000 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ ehci1: usb@01c1c000 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ ohci1: usb@01c1c400 {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ pinctrl@01c20800 {
|
||||
+ mmc0_cd_pin_bananapi: mmc0_cd_pin@0 {
|
||||
+ allwinner,pins = "PH10";
|
||||
+ allwinner,function = "gpio_in";
|
||||
+ allwinner,drive = <0>;
|
||||
+ allwinner,pull = <1>;
|
||||
+ };
|
||||
+
|
||||
+ gmac_power_pin_bananapi: gmac_power_pin@0 {
|
||||
+ allwinner,pins = "PH23";
|
||||
+ allwinner,function = "gpio_out";
|
||||
+ allwinner,drive = <0>;
|
||||
+ allwinner,pull = <0>;
|
||||
+ };
|
||||
+
|
||||
+ led_pins_bananapi: led_pins@0 {
|
||||
+ allwinner,pins = "PH24";
|
||||
+ allwinner,function = "gpio_out";
|
||||
+ allwinner,drive = <0>;
|
||||
+ allwinner,pull = <0>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ ir0: ir@01c21800 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&ir0_pins_a>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ uart0: serial@01c28000 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&uart0_pins_a>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ uart3: serial@01c28c00 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&uart3_pins_b>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ uart7: serial@01c29c00 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&uart7_pins_a>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ i2c0: i2c@01c2ac00 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&i2c0_pins_a>;
|
||||
+ status = "okay";
|
||||
+
|
||||
+ axp209: pmic@34 {
|
||||
+ compatible = "x-powers,axp209";
|
||||
+ reg = <0x34>;
|
||||
+ interrupt-parent = <&nmi_intc>;
|
||||
+ interrupts = <0 8>;
|
||||
+
|
||||
+ interrupt-controller;
|
||||
+ #interrupt-cells = <1>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ i2c2: i2c@01c2b400 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&i2c2_pins_a>;
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ gmac: ethernet@01c50000 {
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&gmac_pins_rgmii_a>;
|
||||
+ phy = <&phy1>;
|
||||
+ phy-mode = "rgmii";
|
||||
+ phy-supply = <®_gmac_3v3>;
|
||||
+ status = "okay";
|
||||
+
|
||||
+ phy1: ethernet-phy@1 {
|
||||
+ reg = <1>;
|
||||
+ };
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ leds {
|
||||
+ compatible = "gpio-leds";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&led_pins_bananapi>;
|
||||
+
|
||||
+ green {
|
||||
+ label = "bananapi:green:usr";
|
||||
+ gpios = <&pio 7 24 0>;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
+ reg_usb1_vbus: usb1-vbus {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ reg_usb2_vbus: usb2-vbus {
|
||||
+ status = "okay";
|
||||
+ };
|
||||
+
|
||||
+ reg_gmac_3v3: gmac-3v3 {
|
||||
+ compatible = "regulator-fixed";
|
||||
+ pinctrl-names = "default";
|
||||
+ pinctrl-0 = <&gmac_power_pin_bananapi>;
|
||||
+ regulator-name = "gmac-3v3";
|
||||
+ regulator-min-microvolt = <3300000>;
|
||||
+ regulator-max-microvolt = <3300000>;
|
||||
+ startup-delay-us = <50000>;
|
||||
+ enable-active-high;
|
||||
+ gpio = <&pio 7 23 0>;
|
||||
+ };
|
||||
+};
|
|
@ -0,0 +1,29 @@
|
|||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Subject: [PATCH v2 1/3] ARM: dts: sun7i: Add spi0_pins_a pinctrl setting
|
||||
Date: Wed, 1 Oct 2014 09:26:04 +0200
|
||||
Origin: https://git.kernel.org/cgit/linux/kernel/git/mripard/linux.git/commit/?id=a99eb770b4ab561434c9049b7b09cf40e27d3a55
|
||||
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
|
||||
---
|
||||
arch/arm/boot/dts/sun7i-a20.dtsi | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
Index: linux-3.16.3/arch/arm/boot/dts/sun7i-a20.dtsi
|
||||
===================================================================
|
||||
--- linux-3.16.3.orig/arch/arm/boot/dts/sun7i-a20.dtsi
|
||||
+++ linux-3.16.3/arch/arm/boot/dts/sun7i-a20.dtsi
|
||||
@@ -704,6 +704,13 @@
|
||||
allwinner,pull = <0>;
|
||||
};
|
||||
|
||||
+ spi0_pins_a: spi0@0 {
|
||||
+ allwinner,pins = "PI10", "PI11", "PI12", "PI13", "PI14";
|
||||
+ allwinner,function = "spi0";
|
||||
+ allwinner,drive = <0>;
|
||||
+ allwinner,pull = <0>;
|
||||
+ };
|
||||
+
|
||||
spi1_pins_a: spi1@0 {
|
||||
allwinner,pins = "PI16", "PI17", "PI18", "PI19";
|
||||
allwinner,function = "spi1";
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue