debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

Update to 4.2-rc5 

Refresh/drop patches as needed.

svn path=/dists/trunk/linux/; revision=22909
This commit is contained in:
Ben Hutchings 2015-08-04 01:30:23 +00:00
parent f2378f0aa3
commit 79f636b4bf
22 changed files with 187 additions and 1231 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
debian/changelog vendored
View File

@ -1,3 +1,9 @@
linux (4.2~rc5-1~exp1) UNRELEASED; urgency=medium
* New upstream release candidate
-- Ben Hutchings <ben@decadent.org.uk> Tue, 04 Aug 2015 01:47:47 +0100
linux (4.1.3-1) unstable; urgency=medium
* New upstream stable update:

76
debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch vendored
View File

@ -96,7 +96,7 @@ upstream submission.
fw_size = firmware->size / sizeof(u32);
--- a/drivers/bluetooth/ath3k.c
+++ b/drivers/bluetooth/ath3k.c
@@ -398,10 +398,8 @@ static int ath3k_load_patch(struct usb_d
@@ -404,10 +404,8 @@ static int ath3k_load_patch(struct usb_d
le32_to_cpu(fw_version.rom_version));
ret = request_firmware(&firmware, filename, &udev->dev);
@ -108,7 +108,7 @@ upstream submission.
pt_rom_version = get_unaligned_le32(firmware->data +
firmware->size - 8);
@@ -461,10 +459,8 @@ static int ath3k_load_syscfg(struct usb_
@@ -467,10 +465,8 @@ static int ath3k_load_syscfg(struct usb_
le32_to_cpu(fw_version.rom_version), clk_value, ".dfu");
ret = request_firmware(&firmware, filename, &udev->dev);
@ -154,7 +154,7 @@ upstream submission.
--- a/drivers/bluetooth/bt3c_cs.c
+++ b/drivers/bluetooth/bt3c_cs.c
@@ -568,10 +568,8 @@ static int bt3c_open(struct bt3c_info *i
@@ -567,10 +567,8 @@ static int bt3c_open(struct bt3c_info *i
/* Load firmware */
err = request_firmware(&firmware, "BT3CPCC.bin", &info->p_dev->dev);
@ -233,7 +233,7 @@ upstream submission.
where = 0;
--- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
+++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
@@ -1521,10 +1521,8 @@ gf100_gr_ctor_fw(struct gf100_gr_priv *p
@@ -1558,10 +1558,8 @@ gf100_gr_ctor_fw(struct gf100_gr_priv *p
if (ret) {
snprintf(f, sizeof(f), "nouveau/%s", fwname);
ret = request_firmware(&fw, f, nv_device_base(device));
@ -262,7 +262,7 @@ upstream submission.
printk(KERN_ERR
--- a/drivers/gpu/drm/radeon/ni.c
+++ b/drivers/gpu/drm/radeon/ni.c
@@ -812,10 +812,6 @@ int ni_init_microcode(struct radeon_devi
@@ -837,10 +837,6 @@ int ni_init_microcode(struct radeon_devi
out:
if (err) {
@ -289,7 +289,7 @@ upstream submission.
rdev->me_fw->size, fw_name);
--- a/drivers/gpu/drm/radeon/r600.c
+++ b/drivers/gpu/drm/radeon/r600.c
@@ -2545,10 +2545,6 @@ int r600_init_microcode(struct radeon_de
@@ -2592,10 +2592,6 @@ int r600_init_microcode(struct radeon_de
out:
if (err) {
@ -457,7 +457,7 @@ upstream submission.
if (!buf) {
--- a/drivers/media/usb/dvb-usb/opera1.c
+++ b/drivers/media/usb/dvb-usb/opera1.c
@@ -452,9 +452,6 @@ static int opera1_xilinx_load_firmware(s
@@ -453,9 +453,6 @@ static int opera1_xilinx_load_firmware(s
info("start downloading fpga firmware %s",filename);
if ((ret = request_firmware(&fw, filename, &dev->dev)) != 0) {
@ -469,7 +469,7 @@ upstream submission.
p = kmalloc(fw->size, GFP_KERNEL);
--- a/drivers/media/dvb-frontends/af9013.c
+++ b/drivers/media/dvb-frontends/af9013.c
@@ -1372,16 +1372,8 @@ static int af9013_download_firmware(stru
@@ -1376,16 +1376,8 @@ static int af9013_download_firmware(stru
/* request the firmware, this will block and timeout */
ret = request_firmware(&fw, fw_file, state->i2c->dev.parent);
@ -504,7 +504,7 @@ upstream submission.
b = fw->data;
--- a/drivers/media/dvb-frontends/cx24116.c
+++ b/drivers/media/dvb-frontends/cx24116.c
@@ -493,13 +493,8 @@ static int cx24116_firmware_ondemand(str
@@ -495,13 +495,8 @@ static int cx24116_firmware_ondemand(str
__func__, CX24116_DEFAULT_FIRMWARE);
ret = request_firmware(&fw, CX24116_DEFAULT_FIRMWARE,
state->i2c->dev.parent);
@ -535,7 +535,7 @@ upstream submission.
if (state->microcode == NULL) {
--- a/drivers/media/dvb-frontends/drxk_hard.c
+++ b/drivers/media/dvb-frontends/drxk_hard.c
@@ -6283,10 +6283,6 @@ static void load_firmware_cb(const struc
@@ -6284,10 +6284,6 @@ static void load_firmware_cb(const struc
dprintk(1, ": %s\n", fw ? "firmware loaded" : "firmware not loaded");
if (!fw) {
@ -1216,7 +1216,7 @@ upstream submission.
if (bp->mips_firmware->size < sizeof(*mips_fw) ||
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
@@ -12981,11 +12981,8 @@ static int bnx2x_init_firmware(struct bn
@@ -13003,11 +13003,8 @@ static int bnx2x_init_firmware(struct bn
BNX2X_DEV_INFO("Loading %s\n", fw_file_name);
rc = request_firmware(&bp->firmware, fw_file_name, &bp->pdev->dev);
@ -1251,7 +1251,7 @@ upstream submission.
u32 n;
- if (request_firmware(&fw, fw_name, &pdev->dev)) {
- pr_alert("Can't locate firmware %s\n", fw_name);
- dev_alert(&pdev->dev, "can't load firmware %s\n", fw_name);
+ if (request_firmware(&fw, fw_name, &pdev->dev))
goto error;
- }
@ -1261,13 +1261,13 @@ upstream submission.
--- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
@@ -1034,12 +1034,8 @@ int t3_get_edc_fw(struct cphy *phy, int
snprintf(buf, sizeof(buf), get_edc_fw_name(edc_idx));
ret = request_firmware(&fw, buf, &adapter->pdev->dev);
fw_name = get_edc_fw_name(edc_idx);
if (fw_name)
ret = request_firmware(&fw, fw_name, &adapter->pdev->dev);
- if (ret < 0) {
- dev_err(&adapter->pdev->dev,
- "could not upgrade firmware: unable to load %s\n",
- buf);
- fw_name);
+ if (ret)
return ret;
- }
@ -1440,7 +1440,7 @@ upstream submission.
&hif_dev->udev->dev);
--- a/drivers/net/wireless/ath/carl9170/usb.c
+++ b/drivers/net/wireless/ath/carl9170/usb.c
@@ -1032,7 +1032,6 @@ static void carl9170_usb_firmware_step2(
@@ -1033,7 +1033,6 @@ static void carl9170_usb_firmware_step2(
return;
}
@ -1504,7 +1504,7 @@ upstream submission.
hdr = (struct b43legacy_fw_header *)((*fw)->data);
--- a/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c
+++ b/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c
@@ -379,19 +379,13 @@ static int brcms_request_fw(struct brcms
@@ -378,19 +378,13 @@ static int brcms_request_fw(struct brcms
sprintf(fw_name, "%s-%d.fw", brcms_firmwares[i],
UCODE_LOADER_API_VER);
status = request_firmware(&wl->fw.fw_bin[i], fw_name, device);
@ -1568,7 +1568,7 @@ upstream submission.
else
--- a/drivers/net/wireless/iwlwifi/iwl-drv.c
+++ b/drivers/net/wireless/iwlwifi/iwl-drv.c
@@ -1119,13 +1119,8 @@ static void iwl_req_fw_callback(const st
@@ -1131,13 +1131,8 @@ static void iwl_req_fw_callback(const st
if (!pieces)
return;
@ -1586,23 +1586,23 @@ upstream submission.
--- a/drivers/net/wireless/libertas_tf/if_usb.c
+++ b/drivers/net/wireless/libertas_tf/if_usb.c
@@ -824,8 +824,6 @@ static int if_usb_prog_firmware(struct i
kparam_block_sysfs_write(fw_name);
kernel_param_lock(THIS_MODULE);
ret = request_firmware(&cardp->fw, lbtf_fw_name, &cardp->udev->dev);
if (ret < 0) {
- pr_err("request_firmware() failed with %#x\n", ret);
- pr_err("firmware %s not found\n", lbtf_fw_name);
kparam_unblock_sysfs_write(fw_name);
kernel_param_unlock(THIS_MODULE);
goto done;
}
--- a/drivers/net/wireless/mwifiex/main.c
+++ b/drivers/net/wireless/mwifiex/main.c
@@ -454,11 +454,8 @@ static void mwifiex_fw_dpc(const struct
@@ -459,11 +459,8 @@ static void mwifiex_fw_dpc(const struct
bool init_failed = false;
struct wireless_dev *wdev;
- if (!firmware) {
- dev_err(adapter->dev,
- "Failed to get firmware %s\n", adapter->fw_name);
- mwifiex_dbg(adapter, ERROR,
- "Failed to get firmware %s\n", adapter->fw_name);
+ if (!firmware)
goto err_dnld_fw;
- }
@ -1856,7 +1856,7 @@ upstream submission.
static inline u16 get_bcdDevice(const struct usb_device *udev)
--- a/drivers/scsi/advansys.c
+++ b/drivers/scsi/advansys.c
@@ -4280,8 +4280,6 @@ static ushort AscInitAsc1000Driver(ASC_D
@@ -4107,8 +4107,6 @@ static int AscInitAsc1000Driver(ASC_DVC_
err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev);
if (err) {
@ -1865,7 +1865,7 @@ upstream submission.
asc_dvc->err_code |= ASC_IERR_MCODE_CHKSUM;
return err;
}
@@ -4613,8 +4611,6 @@ static int AdvInitAsc3550Driver(ADV_DVC_
@@ -4473,8 +4471,6 @@ static int AdvInitAsc3550Driver(ADV_DVC_
err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev);
if (err) {
@ -1874,7 +1874,7 @@ upstream submission.
asc_dvc->err_code = ASC_IERR_MCODE_CHKSUM;
return err;
}
@@ -5129,8 +5125,6 @@ static int AdvInitAsc38C0800Driver(ADV_D
@@ -4973,8 +4969,6 @@ static int AdvInitAsc38C0800Driver(ADV_D
err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev);
if (err) {
@ -1883,7 +1883,7 @@ upstream submission.
asc_dvc->err_code = ASC_IERR_MCODE_CHKSUM;
return err;
}
@@ -5631,8 +5625,6 @@ static int AdvInitAsc38C1600Driver(ADV_D
@@ -5461,8 +5455,6 @@ static int AdvInitAsc38C1600Driver(ADV_D
err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev);
if (err) {
@ -1894,7 +1894,7 @@ upstream submission.
}
--- a/drivers/scsi/aic94xx/aic94xx_init.c
+++ b/drivers/scsi/aic94xx/aic94xx_init.c
@@ -390,8 +390,6 @@ static ssize_t asd_store_update_bios(str
@@ -389,8 +389,6 @@ static ssize_t asd_store_update_bios(str
filename_ptr,
&asd_ha->pcidev->dev);
if (err) {
@ -1930,7 +1930,7 @@ upstream submission.
}
--- a/drivers/scsi/ipr.c
+++ b/drivers/scsi/ipr.c
@@ -4004,10 +4004,8 @@ static ssize_t ipr_store_update_fw(struc
@@ -4010,10 +4010,8 @@ static ssize_t ipr_store_update_fw(struc
len = snprintf(fname, 99, "%s", buf);
fname[len-1] = '\0';
@ -1968,7 +1968,7 @@ upstream submission.
}
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -5414,8 +5414,6 @@ qla2x00_load_risc(scsi_qla_host_t *vha,
@@ -5524,8 +5524,6 @@ qla2x00_load_risc(scsi_qla_host_t *vha,
/* Load firmware blob. */
blob = qla2x00_request_firmware(vha);
if (!blob) {
@ -1977,7 +1977,7 @@ upstream submission.
ql_log(ql_log_info, vha, 0x0084,
"Firmware images can be retrieved from: "QLA_FW_URL ".\n");
return QLA_FUNCTION_FAILED;
@@ -5517,8 +5515,6 @@ qla24xx_load_risc_blob(scsi_qla_host_t *
@@ -5627,8 +5625,6 @@ qla24xx_load_risc_blob(scsi_qla_host_t *
/* Load firmware blob. */
blob = qla2x00_request_firmware(vha);
if (!blob) {
@ -2003,7 +2003,7 @@ upstream submission.
if (qla82xx_validate_firmware_blob(vha,
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -5356,8 +5356,6 @@ qla2x00_request_firmware(scsi_qla_host_t
@@ -5369,8 +5369,6 @@ qla2x00_request_firmware(scsi_qla_host_t
goto out;
if (request_firmware(&blob->fw, blob->name, &ha->pdev->dev)) {
@ -2052,7 +2052,7 @@ upstream submission.
ft1000_enable_interrupts(dev);
--- a/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c
+++ b/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c
@@ -135,10 +135,8 @@ static int ft1000_probe(struct usb_inter
@@ -133,10 +133,8 @@ static int ft1000_probe(struct usb_inter
ft1000dev->bulk_out_endpointAddr);
ret = request_firmware(&dsp_fw, "ft3000.img", &dev->dev);
@ -2161,7 +2161,7 @@ upstream submission.
MODULE_FIRMWARE("rtlwifi/rtl8712u.bin");
--- a/drivers/staging/slicoss/slicoss.c
+++ b/drivers/staging/slicoss/slicoss.c
@@ -391,11 +391,8 @@ static int slic_card_download_gbrcv(stru
@@ -388,11 +388,8 @@ static int slic_card_download_gbrcv(stru
}
ret = request_firmware(&fw, file, &adapter->pcidev->dev);
@ -2174,7 +2174,7 @@ upstream submission.
rcvucodelen = *(u32 *)(fw->data + index);
index += 4;
@@ -469,11 +466,8 @@ static int slic_card_download(struct ada
@@ -466,11 +463,8 @@ static int slic_card_download(struct ada
return -ENOENT;
}
ret = request_firmware(&fw, file, &adapter->pcidev->dev);
@ -2205,7 +2205,7 @@ upstream submission.
if (!buffer)
--- a/drivers/tty/cyclades.c
+++ b/drivers/tty/cyclades.c
@@ -3522,10 +3522,8 @@ static int cyz_load_fw(struct pci_dev *p
@@ -3518,10 +3518,8 @@ static int cyz_load_fw(struct pci_dev *p
int retval;
retval = request_firmware(&fw, "cyzfirm.bin", &pdev->dev);
@ -2610,7 +2610,7 @@ upstream submission.
filename, emu->firmware->size);
--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
@@ -1619,10 +1619,8 @@ static void azx_firmware_cb(const struct
@@ -1734,10 +1734,8 @@ static void azx_firmware_cb(const struct
struct azx *chip = card->private_data;
struct pci_dev *pci = chip->pci;

14
debian/patches/bugfix/all/firmware_class-return-specific-errors-from-file-read.patch vendored
View File

@ -18,7 +18,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
--- a/drivers/base/firmware_class.c
+++ b/drivers/base/firmware_class.c
@@ -293,7 +293,7 @@ static int fw_read_file_contents(struct
@@ -298,7 +298,7 @@ static int fw_read_file_contents(struct
int rc;
if (!S_ISREG(file_inode(file)->i_mode))
@ -27,7 +27,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
size = i_size_read(file_inode(file));
if (size <= 0)
return -EINVAL;
@@ -302,7 +302,7 @@ static int fw_read_file_contents(struct
@@ -307,7 +307,7 @@ static int fw_read_file_contents(struct
return -ENOMEM;
rc = kernel_read(file, 0, buf, size);
if (rc != size) {
@ -36,8 +36,8 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
rc = -EIO;
goto fail;
}
@@ -334,8 +334,10 @@ static int fw_get_filesystem_firmware(st
snprintf(path, PATH_MAX, "%s/%s", fw_path[i], buf->fw_id);
@@ -348,8 +348,10 @@ static int fw_get_filesystem_firmware(st
}
file = filp_open(path, O_RDONLY, 0);
- if (IS_ERR(file))
@ -48,7 +48,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
rc = fw_read_file_contents(file, buf);
fput(file);
if (rc)
@@ -974,13 +976,6 @@ static void kill_requests_without_uevent
@@ -994,13 +996,6 @@ static void kill_requests_without_uevent
#endif
#else /* CONFIG_FW_LOADER_USER_HELPER */
@ -62,7 +62,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
/* No abort during direct loading */
#define is_fw_load_aborted(buf) false
@@ -1129,6 +1124,7 @@ _request_firmware(const struct firmware
@@ -1152,6 +1147,7 @@ _request_firmware(const struct firmware
}
ret = fw_get_filesystem_firmware(device, fw->priv);
@ -70,7 +70,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
if (ret) {
if (!(opt_flags & FW_OPT_NO_WARN))
dev_warn(device,
@@ -1140,6 +1136,7 @@ _request_firmware(const struct firmware
@@ -1163,6 +1159,7 @@ _request_firmware(const struct firmware
opt_flags, timeout);
}
}

39
debian/patches/bugfix/all/keys-ensure-we-free-the-assoc-array-edit-if-edit-is-valid.patch vendored
View File

@ -1,39 +0,0 @@
From: Colin Ian King <colin.king@canonical.com>
Subject: [PATCH] KEYS: ensure we free the assoc array edit if edit is valid
Origin: https://marc.info/?l=oss-security&m=143800676725867&w=2
__key_link_end is not freeing the associated array edit structure
and this leads to a 512 byte memory leak each time an identical
existing key is added with add_key().
The reason the add_key() system call returns okay is that
key_create_or_update() calls __key_link_begin() before checking to see
whether it can update a key directly rather than adding/replacing - which
it turns out it can. Thus __key_link() is not called through
__key_instantiate_and_link() and __key_link_end() must cancel the edit.
CVE-2015-1333
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index e72548b5897e..d33437007ad2 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -1181,9 +1181,11 @@ void __key_link_end(struct key *keyring,
if (index_key->type == &key_type_keyring)
up_write(&keyring_serialise_link_sem);
- if (edit && !edit->dead_leaf) {
- key_payload_reserve(keyring,
- keyring->datalen - KEYQUOTA_LINK_BYTES);
+ if (edit) {
+ if (!edit->dead_leaf) {
+ key_payload_reserve(keyring,
+ keyring->datalen - KEYQUOTA_LINK_BYTES);
+ }
assoc_array_cancel_edit(edit);
}
up_write(&keyring->sem);

9
debian/patches/bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch vendored
View File

@ -26,14 +26,13 @@ space memory from user space. This is an information leak.
Signed-off-by: Benjamin Randazzo <benjamin@randazzo.fr>
Signed-off-by: NeilBrown <neilb@suse.com>
[bwh: Backported to 4.1: using d_path() instead of file_path()]
---
drivers/md/md.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -5735,22 +5735,22 @@ static int get_bitmap_file(struct mddev
@@ -5759,22 +5759,22 @@ static int get_bitmap_file(struct mddev
char *ptr;
int err;
@ -47,7 +46,7 @@ Signed-off-by: NeilBrown <neilb@suse.com>
- /* bitmap disabled, zero the first byte and copy out */
- if (!mddev->bitmap_info.file)
- file->pathname[0] = '\0';
- else if ((ptr = d_path(&mddev->bitmap_info.file->f_path,
- else if ((ptr = file_path(mddev->bitmap_info.file,
- file->pathname, sizeof(file->pathname))),
- IS_ERR(ptr))
- err = PTR_ERR(ptr);
@ -56,8 +55,8 @@ Signed-off-by: NeilBrown <neilb@suse.com>
- sizeof(file->pathname)-(ptr-file->pathname));
+ /* bitmap enabled */
+ if (mddev->bitmap_info.file) {
+ ptr = d_path(&mddev->bitmap_info.file->f_path, file->pathname,
+ sizeof(file->pathname));
+ ptr = file_path(mddev->bitmap_info.file, file->pathname,
+ sizeof(file->pathname));
+ if (IS_ERR(ptr))
+ err = PTR_ERR(ptr);
+ else

9
debian/patches/bugfix/mips/disable-advansys.patch vendored
View File

@ -1,6 +1,6 @@
From: Martin Michlmayr <tbm@cyrius.com>
Date: Sat, 19 Jan 2008 18:25:02 +0000
Subject: [arm, mips] Disable Advansys
Subject: [mips] Disable Advansys
Forwarded: http://thread.gmane.org/gmane.linux.scsi/57291
Florian Lohoff <flo@rfc822.org> reports the following build failure on IP32:
@ -12,14 +12,11 @@ make[5]: *** [__modpost] Error 1
But report:
http://www.mail-archive.com/linux-scsi@vger.kernel.org/msg12773.html
[bwh: Upstream finally accepted this was broken on ARM! But MIPS has
the same problem still.]
--- a/drivers/scsi/Kconfig
+++ b/drivers/scsi/Kconfig
@@ -495,6 +495,7 @@ config SCSI_ADVANSYS
@@ -505,6 +505,7 @@ config SCSI_ADVANSYS
tristate "AdvanSys SCSI support"
depends on SCSI && VIRT_TO_BUS && !ARM
depends on SCSI
depends on ISA || EISA || PCI
+ depends on !MIPS || BROKEN
help

51
debian/patches/bugfix/s390/s390-cachinfo-add-missing-facility-check-to-init_cache_level.patch vendored
View File

@ -1,51 +0,0 @@
From: Heiko Carstens <heiko.carstens@de.ibm.com>
Date: Mon, 27 Jul 2015 09:53:49 +0200
Subject: s390/cachinfo: add missing facility check to init_cache_level()
Origin: https://git.kernel.org/cgit/linux/kernel/git/s390/linux.git/commit/?id=0b991f5cdcd6201e5401f83ca3a672343c3bfc49
Bug-Debian: https://bugs.debian.org/793929
Stephen Powell reported the following crash on a z890 machine:
Kernel BUG at 00000000001219d0 [verbose debug info unavailable]
illegal operation: 0001 ilc:3 [#1] SMP
Krnl PSW : 0704e00180000000 00000000001219d0 (init_cache_level+0x38/0xe0)
R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 EA:3
Krnl Code: 00000000001219c2: a7840056 brc 8,121a6e
00000000001219c6: a7190000 lghi %r1,0
#00000000001219ca: eb101000004c ecag %r1,%r0,0(%r1)
>00000000001219d0: a7390000 lghi %r3,0
00000000001219d4: e310f0a00024 stg %r1,160(%r15)
00000000001219da: a7080000 lhi %r0,0
00000000001219de: a7b9f000 lghi %r11,-4096
00000000001219e2: c0a0002899d9 larl %r10,634d94
Call Trace:
[<0000000000478ee2>] detect_cache_attributes+0x2a/0x2b8
[<000000000097c9b0>] cacheinfo_sysfs_init+0x60/0xc8
[<00000000001001c0>] do_one_initcall+0x98/0x1c8
[<000000000094fdc2>] kernel_init_freeable+0x212/0x2d8
[<000000000062352e>] kernel_init+0x26/0x118
[<000000000062fd2e>] kernel_thread_starter+0x6/0xc
The illegal operation was executed because of a missing facility check,
which should have made sure that the ECAG execution would only be executed
on machines which have the general-instructions-extension facility
installed.
Reported-and-tested-by: Stephen Powell <zlinuxman@wowway.com>
Cc: stable@vger.kernel.org # v4.0+
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
diff --git a/arch/s390/kernel/cache.c b/arch/s390/kernel/cache.c
index bff5e3b..8ba3243 100644
--- a/arch/s390/kernel/cache.c
+++ b/arch/s390/kernel/cache.c
@@ -138,6 +138,8 @@ int init_cache_level(unsigned int cpu)
union cache_topology ct;
enum cache_type ctype;
+ if (!test_facility(34))
+ return -EOPNOTSUPP;
if (!this_cpu_ci)
return -EINVAL;
ct.raw = ecag(EXTRACT_TOPOLOGY, 0, 0);

47
debian/patches/bugfix/x86/0003-x86-asm-entry-64-Remove-pointless-jump-to-irq_return.patch vendored
View File

@ -1,47 +0,0 @@
From: Andy Lutomirski <luto@kernel.org>
Date: Thu, 4 Jun 2015 13:24:29 -0700
Subject: [3/9] x86/asm/entry/64: Remove pointless jump to irq_return
Origin: https://git.kernel.org/linus/5ca6f70f387b4f82903037cc3c5488e2c97dcdbc
INTERRUPT_RETURN turns into a jmp instruction. There's no need
for extra indirection.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: <linux-kernel@vger.kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/2f2318653dbad284a59311f13f08cea71298fd7c.1433449436.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
[bwh: Backported to 4.1: adjust filename, context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
arch/x86/kernel/entry_64.S | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -811,8 +811,6 @@ retint_kernel:
restore_c_regs_and_iret:
RESTORE_C_REGS
REMOVE_PT_GPREGS_FROM_STACK 8
-
-irq_return:
INTERRUPT_RETURN
ENTRY(native_iret)
@@ -1658,7 +1656,7 @@ nmi_restore:
/* Clear the NMI executing stack variable */
movq $0, 5*8(%rsp)
- jmp irq_return
+ INTERRUPT_RETURN
CFI_ENDPROC
END(nmi)

191
debian/patches/bugfix/x86/0004-x86-nmi-Enable-nested-do_nmi-handling-for-64-bit-ker.patch vendored
View File

@ -1,191 +0,0 @@
From: Andy Lutomirski <luto@kernel.org>
Date: Wed, 15 Jul 2015 10:29:33 -0700
Subject: [4/9] x86/nmi: Enable nested do_nmi() handling for 64-bit kernels
Origin: https://git.kernel.org/linus/9d05041679904b12c12421cbcf9cb5f4860a8d7b
32-bit kernels handle nested NMIs in C. Enable the exact same
handling on 64-bit kernels as well. This isn't currently
necessary, but it will become necessary once the asm code starts
allowing limited nesting.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
arch/x86/kernel/nmi.c | 123 +++++++++++++++++++++-----------------------------
1 file changed, 52 insertions(+), 71 deletions(-)
--- a/arch/x86/kernel/nmi.c
+++ b/arch/x86/kernel/nmi.c
@@ -408,15 +408,15 @@ static void default_do_nmi(struct pt_reg
NOKPROBE_SYMBOL(default_do_nmi);
/*
- * NMIs can hit breakpoints which will cause it to lose its
- * NMI context with the CPU when the breakpoint does an iret.
- */
-#ifdef CONFIG_X86_32
-/*
- * For i386, NMIs use the same stack as the kernel, and we can
- * add a workaround to the iret problem in C (preventing nested
- * NMIs if an NMI takes a trap). Simply have 3 states the NMI
- * can be in:
+ * NMIs can hit breakpoints which will cause it to lose its NMI context
+ * with the CPU when the breakpoint or page fault does an IRET.
+ *
+ * As a result, NMIs can nest if NMIs get unmasked due an IRET during
+ * NMI processing. On x86_64, the asm glue protects us from nested NMIs
+ * if the outer NMI came from kernel mode, but we can still nest if the
+ * outer NMI came from user mode.
+ *
+ * To handle these nested NMIs, we have three states:
*
* 1) not running
* 2) executing
@@ -430,15 +430,14 @@ NOKPROBE_SYMBOL(default_do_nmi);
* (Note, the latch is binary, thus multiple NMIs triggering,
* when one is running, are ignored. Only one NMI is restarted.)
*
- * If an NMI hits a breakpoint that executes an iret, another
- * NMI can preempt it. We do not want to allow this new NMI
- * to run, but we want to execute it when the first one finishes.
- * We set the state to "latched", and the exit of the first NMI will
- * perform a dec_return, if the result is zero (NOT_RUNNING), then
- * it will simply exit the NMI handler. If not, the dec_return
- * would have set the state to NMI_EXECUTING (what we want it to
- * be when we are running). In this case, we simply jump back
- * to rerun the NMI handler again, and restart the 'latched' NMI.
+ * If an NMI executes an iret, another NMI can preempt it. We do not
+ * want to allow this new NMI to run, but we want to execute it when the
+ * first one finishes. We set the state to "latched", and the exit of
+ * the first NMI will perform a dec_return, if the result is zero
+ * (NOT_RUNNING), then it will simply exit the NMI handler. If not, the
+ * dec_return would have set the state to NMI_EXECUTING (what we want it
+ * to be when we are running). In this case, we simply jump back to
+ * rerun the NMI handler again, and restart the 'latched' NMI.
*
* No trap (breakpoint or page fault) should be hit before nmi_restart,
* thus there is no race between the first check of state for NOT_RUNNING
@@ -461,49 +460,36 @@ enum nmi_states {
static DEFINE_PER_CPU(enum nmi_states, nmi_state);
static DEFINE_PER_CPU(unsigned long, nmi_cr2);
-#define nmi_nesting_preprocess(regs) \
- do { \
- if (this_cpu_read(nmi_state) != NMI_NOT_RUNNING) { \
- this_cpu_write(nmi_state, NMI_LATCHED); \
- return; \
- } \
- this_cpu_write(nmi_state, NMI_EXECUTING); \
- this_cpu_write(nmi_cr2, read_cr2()); \
- } while (0); \
- nmi_restart:
-
-#define nmi_nesting_postprocess() \
- do { \
- if (unlikely(this_cpu_read(nmi_cr2) != read_cr2())) \
- write_cr2(this_cpu_read(nmi_cr2)); \
- if (this_cpu_dec_return(nmi_state)) \
- goto nmi_restart; \
- } while (0)
-#else /* x86_64 */
+#ifdef CONFIG_X86_64
/*
- * In x86_64 things are a bit more difficult. This has the same problem
- * where an NMI hitting a breakpoint that calls iret will remove the
- * NMI context, allowing a nested NMI to enter. What makes this more
- * difficult is that both NMIs and breakpoints have their own stack.
- * When a new NMI or breakpoint is executed, the stack is set to a fixed
- * point. If an NMI is nested, it will have its stack set at that same
- * fixed address that the first NMI had, and will start corrupting the
- * stack. This is handled in entry_64.S, but the same problem exists with
- * the breakpoint stack.
- *
- * If a breakpoint is being processed, and the debug stack is being used,
- * if an NMI comes in and also hits a breakpoint, the stack pointer
- * will be set to the same fixed address as the breakpoint that was
- * interrupted, causing that stack to be corrupted. To handle this case,
- * check if the stack that was interrupted is the debug stack, and if
- * so, change the IDT so that new breakpoints will use the current stack
- * and not switch to the fixed address. On return of the NMI, switch back
- * to the original IDT.
+ * In x86_64, we need to handle breakpoint -> NMI -> breakpoint. Without
+ * some care, the inner breakpoint will clobber the outer breakpoint's
+ * stack.
+ *
+ * If a breakpoint is being processed, and the debug stack is being
+ * used, if an NMI comes in and also hits a breakpoint, the stack
+ * pointer will be set to the same fixed address as the breakpoint that
+ * was interrupted, causing that stack to be corrupted. To handle this
+ * case, check if the stack that was interrupted is the debug stack, and
+ * if so, change the IDT so that new breakpoints will use the current
+ * stack and not switch to the fixed address. On return of the NMI,
+ * switch back to the original IDT.
*/
static DEFINE_PER_CPU(int, update_debug_stack);
+#endif
-static inline void nmi_nesting_preprocess(struct pt_regs *regs)
+dotraplinkage notrace void
+do_nmi(struct pt_regs *regs, long error_code)
{
+ if (this_cpu_read(nmi_state) != NMI_NOT_RUNNING) {
+ this_cpu_write(nmi_state, NMI_LATCHED);
+ return;
+ }
+ this_cpu_write(nmi_state, NMI_EXECUTING);
+ this_cpu_write(nmi_cr2, read_cr2());
+nmi_restart:
+
+#ifdef CONFIG_X86_64
/*
* If we interrupted a breakpoint, it is possible that
* the nmi handler will have breakpoints too. We need to
@@ -514,22 +500,8 @@ static inline void nmi_nesting_preproces
debug_stack_set_zero();
this_cpu_write(update_debug_stack, 1);
}
-}
-
-static inline void nmi_nesting_postprocess(void)
-{
- if (unlikely(this_cpu_read(update_debug_stack))) {
- debug_stack_reset();
- this_cpu_write(update_debug_stack, 0);
- }
-}
#endif
-dotraplinkage notrace void
-do_nmi(struct pt_regs *regs, long error_code)
-{
- nmi_nesting_preprocess(regs);
-
nmi_enter();
inc_irq_stat(__nmi_count);
@@ -539,8 +511,17 @@ do_nmi(struct pt_regs *regs, long error_
nmi_exit();
- /* On i386, may loop back to preprocess */
- nmi_nesting_postprocess();
+#ifdef CONFIG_X86_64
+ if (unlikely(this_cpu_read(update_debug_stack))) {
+ debug_stack_reset();
+ this_cpu_write(update_debug_stack, 0);
+ }
+#endif
+
+ if (unlikely(this_cpu_read(nmi_cr2) != read_cr2()))
+ write_cr2(this_cpu_read(nmi_cr2));
+ if (this_cpu_dec_return(nmi_state))
+ goto nmi_restart;
}
NOKPROBE_SYMBOL(do_nmi);

53
debian/patches/bugfix/x86/0005-x86-nmi-64-Remove-asm-code-that-saves-cr2.patch vendored
View File

@ -1,53 +0,0 @@
From: Andy Lutomirski <luto@kernel.org>
Date: Wed, 15 Jul 2015 10:29:34 -0700
Subject: [5/9] x86/nmi/64: Remove asm code that saves CR2
Origin: https://git.kernel.org/linus/0e181bb58143cb4a2e8f01c281b0816cd0e4798e
Now that do_nmi saves CR2, we don't need to save it in asm.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Acked-by: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
[bwh: Backported to 4.0: adjust filename, context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
arch/x86/kernel/entry_64.S | 18 ------------------
1 file changed, 18 deletions(-)
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -1621,29 +1621,11 @@ end_repeat_nmi:
call paranoid_entry
DEFAULT_FRAME 0
- /*
- * Save off the CR2 register. If we take a page fault in the NMI then
- * it could corrupt the CR2 value. If the NMI preempts a page fault
- * handler before it was able to read the CR2 register, and then the
- * NMI itself takes a page fault, the page fault that was preempted
- * will read the information from the NMI page fault and not the
- * origin fault. Save it off and restore it if it changes.
- * Use the r12 callee-saved register.
- */
- movq %cr2, %r12
-
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
call do_nmi
- /* Did the NMI take a page fault? Restore cr2 if it did */
- movq %cr2, %rcx
- cmpq %rcx, %r12
- je 1f
- movq %r12, %cr2
-1:
-
testl %ebx,%ebx /* swapgs needed? */
jnz nmi_restore
nmi_swapgs:

112
debian/patches/bugfix/x86/0006-x86-nmi-64-Switch-stacks-on-userspace-NMI-entry.patch vendored
View File

@ -1,112 +0,0 @@
From: Andy Lutomirski <luto@kernel.org>
Date: Wed, 15 Jul 2015 10:29:35 -0700
Subject: [6/9] x86/nmi/64: Switch stacks on userspace NMI entry
Origin: https://git.kernel.org/linus/9b6e6a8334d56354853f9c255d1395c2ba570e0a
Returning to userspace is tricky: IRET can fail, and ESPFIX can
rearrange the stack prior to IRET.
The NMI nesting fixup relies on a precise stack layout and
atomic IRET. Rather than trying to teach the NMI nesting fixup
to handle ESPFIX and failed IRET, punt: run NMIs that came from
user mode on the normal kernel stack.
This will make some nested NMIs visible to C code, but the C
code is okay with that.
As a side effect, this should speed up perf: it eliminates an
RDMSR when NMIs come from user mode.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Reviewed-by: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
[bwh: Backported to 4.1:
- Adjust filename, context
- Use kernel_stack instead of cpu_current_top_of_stack]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -1442,19 +1442,73 @@ ENTRY(nmi)
* a nested NMI that updated the copy interrupt stack frame, a
* jump will be made to the repeat_nmi code that will handle the second
* NMI.
+ *
+ * However, espfix prevents us from directly returning to userspace
+ * with a single IRET instruction. Similarly, IRET to user mode
+ * can fault. We therefore handle NMIs from user space like
+ * other IST entries.
*/
/* Use %rdx as our temp variable throughout */
pushq_cfi %rdx
CFI_REL_OFFSET rdx, 0
+ testb $3, CS-RIP+8(%rsp)
+ jz .Lnmi_from_kernel
+
+ /*
+ * NMI from user mode. We need to run on the thread stack, but we
+ * can't go through the normal entry paths: NMIs are masked, and
+ * we don't want to enable interrupts, because then we'll end
+ * up in an awkward situation in which IRQs are on but NMIs
+ * are off.
+ */
+
+ SWAPGS
+ cld
+ movq %rsp, %rdx
+ movq PER_CPU_VAR(kernel_stack), %rsp
+ pushq 5*8(%rdx) /* pt_regs->ss */
+ pushq 4*8(%rdx) /* pt_regs->rsp */
+ pushq 3*8(%rdx) /* pt_regs->flags */
+ pushq 2*8(%rdx) /* pt_regs->cs */
+ pushq 1*8(%rdx) /* pt_regs->rip */
+ pushq $-1 /* pt_regs->orig_ax */
+ pushq %rdi /* pt_regs->di */
+ pushq %rsi /* pt_regs->si */
+ pushq (%rdx) /* pt_regs->dx */
+ pushq %rcx /* pt_regs->cx */
+ pushq %rax /* pt_regs->ax */
+ pushq %r8 /* pt_regs->r8 */
+ pushq %r9 /* pt_regs->r9 */
+ pushq %r10 /* pt_regs->r10 */
+ pushq %r11 /* pt_regs->r11 */
+ pushq %rbx /* pt_regs->rbx */
+ pushq %rbp /* pt_regs->rbp */
+ pushq %r12 /* pt_regs->r12 */
+ pushq %r13 /* pt_regs->r13 */
+ pushq %r14 /* pt_regs->r14 */
+ pushq %r15 /* pt_regs->r15 */
+
+ /*
+ * At this point we no longer need to worry about stack damage
+ * due to nesting -- we're on the normal thread stack and we're
+ * done with the NMI stack.
+ */
+
+ movq %rsp, %rdi
+ movq $-1, %rsi
+ call do_nmi
+
/*
- * If %cs was not the kernel segment, then the NMI triggered in user
- * space, which means it is definitely not nested.
+ * Return back to user mode. We must *not* do the normal exit
+ * work, because we don't want to enable interrupts. Fortunately,
+ * do_nmi doesn't modify pt_regs.
*/
- cmpl $__KERNEL_CS, 16(%rsp)
- jne first_nmi
+ SWAPGS
+ jmp restore_c_regs_and_iret
+.Lnmi_from_kernel:
/*
* Check the special variable on the stack to see if NMIs are
* executing.

286
debian/patches/bugfix/x86/0007-x86-nmi-64-Improve-nested-NMI-comments.patch vendored
View File

@ -1,286 +0,0 @@
From: Andy Lutomirski <luto@kernel.org>
Date: Wed, 15 Jul 2015 10:29:36 -0700
Subject: [7/9] x86/nmi/64: Improve nested NMI comments
Origin: https://git.kernel.org/linus/0b22930ebad563ae97ff3f8d7b9f12060b4c6e6b
I found the nested NMI documentation to be difficult to follow.
Improve the comments.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
[bwh: Backported to 4.1: adjust filename, context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
arch/x86/kernel/entry_64.S | 159 ++++++++++++++++++++++++++-------------------
arch/x86/kernel/nmi.c | 4 +-
2 files changed, 93 insertions(+), 70 deletions(-)
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -1429,11 +1429,12 @@ ENTRY(nmi)
* If the variable is not set and the stack is not the NMI
* stack then:
* o Set the special variable on the stack
- * o Copy the interrupt frame into a "saved" location on the stack
- * o Copy the interrupt frame into a "copy" location on the stack
+ * o Copy the interrupt frame into an "outermost" location on the
+ * stack
+ * o Copy the interrupt frame into an "iret" location on the stack
* o Continue processing the NMI
* If the variable is set or the previous stack is the NMI stack:
- * o Modify the "copy" location to jump to the repeate_nmi
+ * o Modify the "iret" location to jump to the repeat_nmi
* o return back to the first NMI
*
* Now on exit of the first NMI, we first clear the stack variable
@@ -1510,18 +1511,60 @@ ENTRY(nmi)
.Lnmi_from_kernel:
/*
- * Check the special variable on the stack to see if NMIs are
- * executing.
+ * Here's what our stack frame will look like:
+ * +---------------------------------------------------------+
+ * | original SS |
+ * | original Return RSP |
+ * | original RFLAGS |
+ * | original CS |
+ * | original RIP |
+ * +---------------------------------------------------------+
+ * | temp storage for rdx |
+ * +---------------------------------------------------------+
+ * | "NMI executing" variable |
+ * +---------------------------------------------------------+
+ * | iret SS } Copied from "outermost" frame |
+ * | iret Return RSP } on each loop iteration; overwritten |
+ * | iret RFLAGS } by a nested NMI to force another |
+ * | iret CS } iteration if needed. |
+ * | iret RIP } |
+ * +---------------------------------------------------------+
+ * | outermost SS } initialized in first_nmi; |
+ * | outermost Return RSP } will not be changed before |
+ * | outermost RFLAGS } NMI processing is done. |
+ * | outermost CS } Copied to "iret" frame on each |
+ * | outermost RIP } iteration. |
+ * +---------------------------------------------------------+
+ * | pt_regs |
+ * +---------------------------------------------------------+
+ *
+ * The "original" frame is used by hardware. Before re-enabling
+ * NMIs, we need to be done with it, and we need to leave enough
+ * space for the asm code here.
+ *
+ * We return by executing IRET while RSP points to the "iret" frame.
+ * That will either return for real or it will loop back into NMI
+ * processing.
+ *
+ * The "outermost" frame is copied to the "iret" frame on each
+ * iteration of the loop, so each iteration starts with the "iret"
+ * frame pointing to the final return target.
+ */
+
+ /*
+ * Determine whether we're a nested NMI.
+ *
+ * First check "NMI executing". If it's set, then we're nested.
+ * This will not detect if we interrupted an outer NMI just
+ * before IRET.
*/
cmpl $1, -8(%rsp)
je nested_nmi
/*
- * Now test if the previous stack was an NMI stack.
- * We need the double check. We check the NMI stack to satisfy the
- * race when the first NMI clears the variable before returning.
- * We check the variable because the first NMI could be in a
- * breakpoint routine using a breakpoint stack.
+ * Now test if the previous stack was an NMI stack. This covers
+ * the case where we interrupt an outer NMI after it clears
+ * "NMI executing" but before IRET.
*/
lea 6*8(%rsp), %rdx
/* Compare the NMI stack (rdx) with the stack we came from (4*8(%rsp)) */
@@ -1538,9 +1581,11 @@ ENTRY(nmi)
nested_nmi:
/*
- * Do nothing if we interrupted the fixup in repeat_nmi.
- * It's about to repeat the NMI handler, so we are fine
- * with ignoring this one.
+ * If we interrupted an NMI that is between repeat_nmi and
+ * end_repeat_nmi, then we must not modify the "iret" frame
+ * because it's being written by the outer NMI. That's okay;
+ * the outer NMI handler is about to call do_nmi anyway,
+ * so we can just resume the outer NMI.
*/
movq $repeat_nmi, %rdx
cmpq 8(%rsp), %rdx
@@ -1550,7 +1595,10 @@ nested_nmi:
ja nested_nmi_out
1:
- /* Set up the interrupted NMIs stack to jump to repeat_nmi */
+ /*
+ * Modify the "iret" frame to point to repeat_nmi, forcing another
+ * iteration of NMI handling.
+ */
leaq -1*8(%rsp), %rdx
movq %rdx, %rsp
CFI_ADJUST_CFA_OFFSET 1*8
@@ -1569,60 +1617,23 @@ nested_nmi_out:
popq_cfi %rdx
CFI_RESTORE rdx
- /* No need to check faults here */
+ /* We are returning to kernel mode, so this cannot result in a fault. */
INTERRUPT_RETURN
CFI_RESTORE_STATE
first_nmi:
- /*
- * Because nested NMIs will use the pushed location that we
- * stored in rdx, we must keep that space available.
- * Here's what our stack frame will look like:
- * +-------------------------+
- * | original SS |
- * | original Return RSP |
- * | original RFLAGS |
- * | original CS |
- * | original RIP |
- * +-------------------------+
- * | temp storage for rdx |
- * +-------------------------+
- * | NMI executing variable |
- * +-------------------------+
- * | copied SS |
- * | copied Return RSP |
- * | copied RFLAGS |
- * | copied CS |
- * | copied RIP |
- * +-------------------------+
- * | Saved SS |
- * | Saved Return RSP |
- * | Saved RFLAGS |
- * | Saved CS |
- * | Saved RIP |
- * +-------------------------+
- * | pt_regs |
- * +-------------------------+
- *
- * The saved stack frame is used to fix up the copied stack frame
- * that a nested NMI may change to make the interrupted NMI iret jump
- * to the repeat_nmi. The original stack frame and the temp storage
- * is also used by nested NMIs and can not be trusted on exit.
- */
- /* Do not pop rdx, nested NMIs will corrupt that part of the stack */
+ /* Restore rdx. */
movq (%rsp), %rdx
CFI_RESTORE rdx
- /* Set the NMI executing variable on the stack. */
+ /* Set "NMI executing" on the stack. */
pushq_cfi $1
- /*
- * Leave room for the "copied" frame
- */
+ /* Leave room for the "iret" frame */
subq $(5*8), %rsp
CFI_ADJUST_CFA_OFFSET 5*8
- /* Copy the stack frame to the Saved frame */
+ /* Copy the "original" frame to the "outermost" frame */
.rept 5
pushq_cfi 11*8(%rsp)
.endr
@@ -1630,6 +1641,7 @@ first_nmi:
/* Everything up to here is safe from nested NMIs */
+repeat_nmi:
/*
* If there was a nested NMI, the first NMI's iret will return
* here. But NMIs are still enabled and we can take another
@@ -1638,16 +1650,21 @@ first_nmi:
* it will just return, as we are about to repeat an NMI anyway.
* This makes it safe to copy to the stack frame that a nested
* NMI will update.
- */
-repeat_nmi:
- /*
- * Update the stack variable to say we are still in NMI (the update
- * is benign for the non-repeat case, where 1 was pushed just above
- * to this very stack slot).
+ *
+ * RSP is pointing to "outermost RIP". gsbase is unknown, but, if
+ * we're repeating an NMI, gsbase has the same value that it had on
+ * the first iteration. paranoid_entry will load the kernel
+ * gsbase if needed before we call do_nmi.
+ *
+ * Set "NMI executing" in case we came back here via IRET.
*/
movq $1, 10*8(%rsp)
- /* Make another copy, this one may be modified by nested NMIs */
+ /*
+ * Copy the "outermost" frame to the "iret" frame. NMIs that nest
+ * here must not modify the "iret" frame while we're writing to
+ * it or it will end up containing garbage.
+ */
addq $(10*8), %rsp
CFI_ADJUST_CFA_OFFSET -10*8
.rept 5
@@ -1658,9 +1675,9 @@ repeat_nmi:
end_repeat_nmi:
/*
- * Everything below this point can be preempted by a nested
- * NMI if the first NMI took an exception and reset our iret stack
- * so that we repeat another NMI.
+ * Everything below this point can be preempted by a nested NMI.
+ * If this happens, then the inner NMI will change the "iret"
+ * frame to point back to repeat_nmi.
*/
pushq_cfi $-1 /* ORIG_RAX: no syscall to restart */
ALLOC_PT_GPREGS_ON_STACK
@@ -1687,11 +1704,18 @@ nmi_swapgs:
nmi_restore:
RESTORE_EXTRA_REGS
RESTORE_C_REGS
- /* Pop the extra iret frame at once */
+
+ /* Point RSP at the "iret" frame. */
REMOVE_PT_GPREGS_FROM_STACK 6*8
- /* Clear the NMI executing stack variable */
+ /* Clear "NMI executing". */
movq $0, 5*8(%rsp)
+
+ /*
+ * INTERRUPT_RETURN reads the "iret" frame and exits the NMI
+ * stack in a single instruction. We are returning to kernel
+ * mode, so this cannot result in a fault.
+ */
INTERRUPT_RETURN
CFI_ENDPROC
END(nmi)
--- a/arch/x86/kernel/nmi.c
+++ b/arch/x86/kernel/nmi.c
@@ -408,8 +408,8 @@ static void default_do_nmi(struct pt_reg
NOKPROBE_SYMBOL(default_do_nmi);
/*
- * NMIs can hit breakpoints which will cause it to lose its NMI context
- * with the CPU when the breakpoint or page fault does an IRET.
+ * NMIs can page fault or hit breakpoints which will cause it to lose
+ * its NMI context with the CPU when the breakpoint or page fault does an IRET.
*
* As a result, NMIs can nest if NMIs get unmasked due an IRET during
* NMI processing. On x86_64, the asm glue protects us from nested NMIs

91
debian/patches/bugfix/x86/0008-x86-nmi-64-Reorder-nested-NMI-checks.patch vendored
View File

@ -1,91 +0,0 @@
From: Andy Lutomirski <luto@kernel.org>
Date: Wed, 15 Jul 2015 10:29:37 -0700
Subject: [8/9] x86/nmi/64: Reorder nested NMI checks
Origin: https://git.kernel.org/linus/a27507ca2d796cfa8d907de31ad730359c8a6d06
Check the repeat_nmi .. end_repeat_nmi special case first. The
next patch will rework the RSP check and, as a side effect, the
RSP check will no longer detect repeat_nmi .. end_repeat_nmi, so
we'll need this ordering of the checks.
Note: this is more subtle than it appears. The check for
repeat_nmi .. end_repeat_nmi jumps straight out of the NMI code
instead of adjusting the "iret" frame to force a repeat. This
is necessary, because the code between repeat_nmi and
end_repeat_nmi sets "NMI executing" and then writes to the
"iret" frame itself. If a nested NMI comes in and modifies the
"iret" frame while repeat_nmi is also modifying it, we'll end up
with garbage. The old code got this right, as does the new
code, but the new code is a bit more explicit.
If we were to move the check right after the "NMI executing"
check, then we'd get it wrong and have random crashes.
( Because the "NMI executing" check would jump to the code that would
modify the "iret" frame without checking if the interrupted NMI was
currently modifying it. )
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
[bwh: Backported to 4.1: adjust filename, spacing]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
arch/x86/kernel/entry_64.S | 34 ++++++++++++++++++----------------
1 file changed, 18 insertions(+), 16 deletions(-)
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -1554,7 +1554,24 @@ ENTRY(nmi)
/*
* Determine whether we're a nested NMI.
*
- * First check "NMI executing". If it's set, then we're nested.
+ * If we interrupted kernel code between repeat_nmi and
+ * end_repeat_nmi, then we are a nested NMI. We must not
+ * modify the "iret" frame because it's being written by
+ * the outer NMI. That's okay; the outer NMI handler is
+ * about to about to call do_nmi anyway, so we can just
+ * resume the outer NMI.
+ */
+
+ movq $repeat_nmi, %rdx
+ cmpq 8(%rsp), %rdx
+ ja 1f
+ movq $end_repeat_nmi, %rdx
+ cmpq 8(%rsp), %rdx
+ ja nested_nmi_out
+1:
+
+ /*
+ * Now check "NMI executing". If it's set, then we're nested.
* This will not detect if we interrupted an outer NMI just
* before IRET.
*/
@@ -1581,21 +1598,6 @@ ENTRY(nmi)
nested_nmi:
/*
- * If we interrupted an NMI that is between repeat_nmi and
- * end_repeat_nmi, then we must not modify the "iret" frame
- * because it's being written by the outer NMI. That's okay;
- * the outer NMI handler is about to call do_nmi anyway,
- * so we can just resume the outer NMI.
- */
- movq $repeat_nmi, %rdx
- cmpq 8(%rsp), %rdx
- ja 1f
- movq $end_repeat_nmi, %rdx
- cmpq 8(%rsp), %rdx
- ja nested_nmi_out
-
-1:
- /*
* Modify the "iret" frame to point to repeat_nmi, forcing another
* iteration of NMI handling.
*/

90
debian/patches/bugfix/x86/0009-x86-nmi-64-Use-DF-to-avoid-userspace-RSP-confusing-n.patch vendored
View File

@ -1,90 +0,0 @@
From: Andy Lutomirski <luto@kernel.org>
Date: Wed, 15 Jul 2015 10:29:38 -0700
Subject: x86/nmi/64: Use DF to avoid userspace RSP confusing nested NMI
detection
Origin: https://git.kernel.org/linus/810bc075f78ff2c221536eb3008eac6a492dba2d
We have a tricky bug in the nested NMI code: if we see RSP
pointing to the NMI stack on NMI entry from kernel mode, we
assume that we are executing a nested NMI.
This isn't quite true. A malicious userspace program can point
RSP at the NMI stack, issue SYSCALL, and arrange for an NMI to
happen while RSP is still pointing at the NMI stack.
Fix it with a sneaky trick. Set DF in the region of code that
the RSP check is intended to detect. IRET will clear DF
atomically.
( Note: other than paravirt, there's little need for all this
complexity. We could check RIP instead of RSP. )
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
[bwh: Backported to 4.1: adjust filename, context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
arch/x86/kernel/entry_64.S | 29 +++++++++++++++++++++++++----
1 file changed, 25 insertions(+), 4 deletions(-)
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -1581,7 +1581,14 @@ ENTRY(nmi)
/*
* Now test if the previous stack was an NMI stack. This covers
* the case where we interrupt an outer NMI after it clears
- * "NMI executing" but before IRET.
+ * "NMI executing" but before IRET. We need to be careful, though:
+ * there is one case in which RSP could point to the NMI stack
+ * despite there being no NMI active: naughty userspace controls
+ * RSP at the very beginning of the SYSCALL targets. We can
+ * pull a fast one on naughty userspace, though: we program
+ * SYSCALL to mask DF, so userspace cannot cause DF to be set
+ * if it controls the kernel's RSP. We set DF before we clear
+ * "NMI executing".
*/
lea 6*8(%rsp), %rdx
/* Compare the NMI stack (rdx) with the stack we came from (4*8(%rsp)) */
@@ -1592,10 +1599,16 @@ ENTRY(nmi)
cmpq %rdx, 4*8(%rsp)
/* If it is below the NMI stack, it is a normal NMI */
jb first_nmi
- /* Ah, it is within the NMI stack, treat it as nested */
+
+ /* Ah, it is within the NMI stack. */
+
+ testb $(X86_EFLAGS_DF >> 8), (3*8 + 1)(%rsp)
+ jz first_nmi /* RSP was user controlled. */
CFI_REMEMBER_STATE
+ /* This is a nested NMI. */
+
nested_nmi:
/*
* Modify the "iret" frame to point to repeat_nmi, forcing another
@@ -1710,8 +1723,16 @@ nmi_restore:
/* Point RSP at the "iret" frame. */
REMOVE_PT_GPREGS_FROM_STACK 6*8
- /* Clear "NMI executing". */
- movq $0, 5*8(%rsp)
+ /*
+ * Clear "NMI executing". Set DF first so that we can easily
+ * distinguish the remaining code between here and IRET from
+ * the SYSCALL entry and exit paths. On a native kernel, we
+ * could just inspect RIP, but, on paravirt kernels,
+ * INTERRUPT_RETURN can translate into a jump into a
+ * hypercall page.
+ */
+ std
+ movq $0, 5*8(%rsp) /* clear "NMI executing" */
/*
* INTERRUPT_RETURN reads the "iret" frame and exits the NMI

24
debian/patches/bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch vendored
View File

@ -1,24 +0,0 @@
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Sat, 30 May 2015 14:31:24 +0200
Subject: kvm: x86: fix kvm_apic_has_events to check for NULL pointer
Origin: https://git.kernel.org/linus/ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009
Malicious (or egregiously buggy) userspace can trigger it, but it
should never happen in normal operation.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/lapic.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -165,7 +165,7 @@ static inline u16 apic_logical_id(struct
static inline bool kvm_apic_has_events(struct kvm_vcpu *vcpu)
{
- return vcpu->arch.apic->pending_events;
+ return kvm_vcpu_has_lapic(vcpu) && vcpu->arch.apic->pending_events;
}
bool kvm_apic_pending_eoi(struct kvm_vcpu *vcpu, int vector);

4
debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch vendored
View File

@ -9,8 +9,8 @@ This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -651,8 +651,8 @@ static inline void put_link(struct namei
path_put(link);
@@ -847,8 +847,8 @@ static inline void put_link(struct namei
path_put(&last->link);
}
-int sysctl_protected_symlinks __read_mostly = 0;

12
debian/patches/debian/yama-disable-by-default.patch vendored
View File

@ -15,12 +15,12 @@ Forwarded: not-needed
/* describe a ptrace relationship for potential exception */
struct ptrace_relation {
@@ -425,7 +425,7 @@ static __init int yama_init(void)
@@ -407,7 +407,7 @@ static __init int yama_init(void)
if (!security_module_enable("yama"))
return 0;
#endif
- pr_info("Yama: becoming mindful.\n");
+ pr_info("Yama: disabled by default; enable with sysctl kernel.yama.*\n");
- printk(KERN_INFO "Yama: becoming mindful.\n");
+ printk(KERN_INFO "Yama: disabled by default; enable with sysctl kernel.yama.*\n");
#ifndef CONFIG_SECURITY_YAMA_STACKED
if (register_security(&yama_ops))
#ifdef CONFIG_SYSCTL
if (!register_sysctl_paths(yama_sysctl_path, yama_sysctl_table))

89
debian/patches/features/all/aufs4/aufs4-mmap.patch vendored
View File

@ -8,11 +8,11 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch
aufs4.x-rcN mmap patch
diff --git a/fs/buffer.c b/fs/buffer.c
index c7a5602..8c50a22 100644
[bwh: Adjusted context for 4.2]
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -2450,7 +2450,7 @@ int block_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf,
@@ -2473,7 +2473,7 @@ int block_page_mkwrite(struct vm_area_st
* Update file times before taking page lock. We may end up failing the
* fault so this update may be superfluous but who really cares...
*/
@ -21,11 +21,9 @@ index c7a5602..8c50a22 100644
ret = __block_page_mkwrite(vma, vmf, get_block);
sb_end_pagefault(sb);
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 093ca14..fc1ac03 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1744,7 +1744,7 @@ static int proc_map_files_get_link(struct dentry *dentry, struct path *path)
@@ -1939,7 +1939,7 @@ static int proc_map_files_get_link(struc
down_read(&mm->mmap_sem);
vma = find_exact_vma(mm, vm_start, vm_end);
if (vma && vma->vm_file) {
@ -34,11 +32,9 @@ index 093ca14..fc1ac03 100644
path_get(path);
rc = 0;
}
diff --git a/fs/proc/nommu.c b/fs/proc/nommu.c
index d4a3574..1397181 100644
--- a/fs/proc/nommu.c
+++ b/fs/proc/nommu.c
@@ -45,7 +45,10 @@ static int nommu_region_show(struct seq_file *m, struct vm_region *region)
@@ -45,7 +45,10 @@ static int nommu_region_show(struct seq_
file = region->vm_file;
if (file) {
@ -50,11 +46,9 @@ index d4a3574..1397181 100644
dev = inode->i_sb->s_dev;
ino = inode->i_ino;
}
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 6dee68d..9afa35d 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -279,7 +279,10 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
@@ -279,7 +279,10 @@ show_map_vma(struct seq_file *m, struct
const char *name = NULL;
if (file) {
@ -66,7 +60,7 @@ index 6dee68d..9afa35d 100644
dev = inode->i_sb->s_dev;
ino = inode->i_ino;
pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT;
@@ -1479,7 +1482,7 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
@@ -1479,7 +1482,7 @@ static int show_numa_map(struct seq_file
struct proc_maps_private *proc_priv = &numa_priv->proc_maps;
struct vm_area_struct *vma = v;
struct numa_maps *md = &numa_priv->md;
@ -75,11 +69,9 @@ index 6dee68d..9afa35d 100644
struct mm_struct *mm = vma->vm_mm;
struct mm_walk walk = {
.hugetlb_entry = gather_hugetlb_stats,
diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c
index 599ec2e..de6cd6e 100644
--- a/fs/proc/task_nommu.c
+++ b/fs/proc/task_nommu.c
@@ -160,7 +160,10 @@ static int nommu_vma_show(struct seq_file *m, struct vm_area_struct *vma,
@@ -160,7 +160,10 @@ static int nommu_vma_show(struct seq_fil
file = vma->vm_file;
if (file) {
@ -91,11 +83,9 @@ index 599ec2e..de6cd6e 100644
dev = inode->i_sb->s_dev;
ino = inode->i_ino;
pgoff = (loff_t)vma->vm_pgoff << PAGE_SHIFT;
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 0755b9f..073d61e 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1172,6 +1172,28 @@ static inline int fixup_user_fault(struct task_struct *tsk,
@@ -1173,6 +1173,28 @@ static inline int fixup_user_fault(struc
}
#endif
@ -124,11 +114,9 @@ index 0755b9f..073d61e 100644
extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write);
extern int access_remote_vm(struct mm_struct *mm, unsigned long addr,
void *buf, int len, int write);
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
index 8d37e26..ce89d4c 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -241,6 +241,7 @@ struct vm_region {
@@ -259,6 +259,7 @@ struct vm_region {
unsigned long vm_top; /* region allocated to here */
unsigned long vm_pgoff; /* the offset in vm_file corresponding to vm_start */
struct file *vm_file; /* the backing file or NULL */
@ -136,7 +124,7 @@ index 8d37e26..ce89d4c 100644
int vm_usage; /* region usage count (access under nommu_region_sem) */
bool vm_icache_flushed : 1; /* true if the icache has been flushed for
@@ -305,6 +306,7 @@ struct vm_area_struct {
@@ -323,6 +324,7 @@ struct vm_area_struct {
unsigned long vm_pgoff; /* Offset (within vm_file) in PAGE_SIZE
units, *not* PAGE_CACHE_SIZE */
struct file * vm_file; /* File we map to (can be NULL). */
@ -144,11 +132,9 @@ index 8d37e26..ce89d4c 100644
void * vm_private_data; /* was vm_pte (shared mem) */
#ifndef CONFIG_MMU
diff --git a/kernel/fork.c b/kernel/fork.c
index 03c1eaa..7e215ba 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -456,7 +456,7 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
@@ -461,7 +461,7 @@ static int dup_mmap(struct mm_struct *mm
struct inode *inode = file_inode(file);
struct address_space *mapping = file->f_mapping;
@ -157,11 +143,9 @@ index 03c1eaa..7e215ba 100644
if (tmp->vm_flags & VM_DENYWRITE)
atomic_dec(&inode->i_writecount);
i_mmap_lock_write(mapping);
diff --git a/mm/Makefile b/mm/Makefile
index 98c4eae..3f0c9b9 100644
--- a/mm/Makefile
+++ b/mm/Makefile
@@ -21,7 +21,7 @@ obj-y := filemap.o mempool.o oom_kill.o \
@@ -21,7 +21,7 @@ obj-y := filemap.o mempool.o oom_kill.
mm_init.o mmu_context.o percpu.o slab_common.o \
compaction.o vmacache.o \
interval_tree.o list_lru.o workingset.o \
@ -170,11 +154,9 @@ index 98c4eae..3f0c9b9 100644
obj-y += init-mm.o
diff --git a/mm/filemap.c b/mm/filemap.c
index 6bf5e42..a863d0f 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -2062,7 +2062,7 @@ int filemap_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf)
@@ -2089,7 +2089,7 @@ int filemap_page_mkwrite(struct vm_area_
int ret = VM_FAULT_LOCKED;
sb_start_pagefault(inode->i_sb);
@ -183,11 +165,9 @@ index 6bf5e42..a863d0f 100644
lock_page(page);
if (page->mapping != inode->i_mapping) {
unlock_page(page);
diff --git a/mm/madvise.c b/mm/madvise.c
index d551475..1ebf71b 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -320,12 +320,12 @@ static long madvise_remove(struct vm_area_struct *vma,
@@ -321,12 +321,12 @@ static long madvise_remove(struct vm_are
* vma's reference to the file) can go away as soon as we drop
* mmap_sem.
*/
@ -202,11 +182,9 @@ index d551475..1ebf71b 100644
down_read(&current->mm->mmap_sem);
return error;
}
diff --git a/mm/memory.c b/mm/memory.c
index 22e037e..62096a2 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -2034,7 +2034,7 @@ static inline int wp_page_reuse(struct mm_struct *mm,
@@ -2034,7 +2034,7 @@ static inline int wp_page_reuse(struct m
}
if (!page_mkwrite)
@ -215,11 +193,9 @@ index 22e037e..62096a2 100644
}
return VM_FAULT_WRITE;
diff --git a/mm/mmap.c b/mm/mmap.c
index bb50cac..1ab5e596 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -274,7 +274,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
@@ -274,7 +274,7 @@ static struct vm_area_struct *remove_vma
if (vma->vm_ops && vma->vm_ops->close)
vma->vm_ops->close(vma);
if (vma->vm_file)
@ -228,7 +204,7 @@ index bb50cac..1ab5e596 100644
mpol_put(vma_policy(vma));
kmem_cache_free(vm_area_cachep, vma);
return next;
@@ -886,7 +886,7 @@ again: remove_next = 1 + (end > next->vm_end);
@@ -886,7 +886,7 @@ again: remove_next = 1 + (end > next->
if (remove_next) {
if (file) {
uprobe_munmap(next, next->vm_start, next->vm_end);
@ -247,7 +223,7 @@ index bb50cac..1ab5e596 100644
/* Undo any partial mapping done by a device driver. */
unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
@@ -2473,7 +2473,7 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
@@ -2473,7 +2473,7 @@ static int __split_vma(struct mm_struct
goto out_free_mpol;
if (new->vm_file)
@ -256,7 +232,7 @@ index bb50cac..1ab5e596 100644
if (new->vm_ops && new->vm_ops->open)
new->vm_ops->open(new);
@@ -2492,7 +2492,7 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
@@ -2492,7 +2492,7 @@ static int __split_vma(struct mm_struct
if (new->vm_ops && new->vm_ops->close)
new->vm_ops->close(new);
if (new->vm_file)
@ -265,7 +241,7 @@ index bb50cac..1ab5e596 100644
unlink_anon_vmas(new);
out_free_mpol:
mpol_put(vma_policy(new));
@@ -2635,7 +2635,6 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
@@ -2635,7 +2635,6 @@ SYSCALL_DEFINE5(remap_file_pages, unsign
struct vm_area_struct *vma;
unsigned long populate = 0;
unsigned long ret = -EINVAL;
@ -273,7 +249,7 @@ index bb50cac..1ab5e596 100644
pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. "
"See Documentation/vm/remap_file_pages.txt.\n",
@@ -2679,10 +2678,10 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
@@ -2679,10 +2678,10 @@ SYSCALL_DEFINE5(remap_file_pages, unsign
munlock_vma_pages_range(vma, start, start + size);
}
@ -286,7 +262,7 @@ index bb50cac..1ab5e596 100644
out:
up_write(&mm->mmap_sem);
if (populate)
@@ -2949,7 +2948,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
@@ -2949,7 +2948,7 @@ struct vm_area_struct *copy_vma(struct v
if (anon_vma_clone(new_vma, vma))
goto out_free_mempol;
if (new_vma->vm_file)
@ -295,11 +271,9 @@ index bb50cac..1ab5e596 100644
if (new_vma->vm_ops && new_vma->vm_ops->open)
new_vma->vm_ops->open(new_vma);
vma_link(mm, new_vma, prev, rb_link, rb_parent);
diff --git a/mm/msync.c b/mm/msync.c
index bb04d53..5c24c54 100644
--- a/mm/msync.c
+++ b/mm/msync.c
@@ -84,10 +84,10 @@ SYSCALL_DEFINE3(msync, unsigned long, start, size_t, len, int, flags)
@@ -84,10 +84,10 @@ SYSCALL_DEFINE3(msync, unsigned long, st
start = vma->vm_end;
if ((flags & MS_SYNC) && file &&
(vma->vm_flags & VM_SHARED)) {
@ -312,11 +286,9 @@ index bb04d53..5c24c54 100644
if (error || start >= end)
goto out;
down_read(&mm->mmap_sem);
diff --git a/mm/nommu.c b/mm/nommu.c
index e544508..dd6f74a 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -693,7 +693,7 @@ static void __put_nommu_region(struct vm_region *region)
@@ -671,7 +671,7 @@ static void __put_nommu_region(struct vm
up_write(&nommu_region_sem);
if (region->vm_file)
@ -325,7 +297,7 @@ index e544508..dd6f74a 100644
/* IO memory and memory shared directly out of the pagecache
* from ramfs/tmpfs mustn't be released here */
@@ -858,7 +858,7 @@ static void delete_vma(struct mm_struct *mm, struct vm_area_struct *vma)
@@ -829,7 +829,7 @@ static void delete_vma(struct mm_struct
if (vma->vm_ops && vma->vm_ops->close)
vma->vm_ops->close(vma);
if (vma->vm_file)
@ -334,7 +306,7 @@ index e544508..dd6f74a 100644
put_nommu_region(vma->vm_region);
kmem_cache_free(vm_area_cachep, vma);
}
@@ -1398,7 +1398,7 @@ unsigned long do_mmap_pgoff(struct file *file,
@@ -1354,7 +1354,7 @@ unsigned long do_mmap_pgoff(struct file
goto error_just_free;
}
}
@ -343,7 +315,7 @@ index e544508..dd6f74a 100644
kmem_cache_free(vm_region_jar, region);
region = pregion;
result = start;
@@ -1474,10 +1474,10 @@ error_just_free:
@@ -1429,10 +1429,10 @@ error_just_free:
up_write(&nommu_region_sem);
error:
if (region->vm_file)
@ -354,11 +326,8 @@ index e544508..dd6f74a 100644
- fput(vma->vm_file);
+ vma_fput(vma);
kmem_cache_free(vm_area_cachep, vma);
kleave(" = %d", ret);
return ret;
diff --git a/mm/prfile.c b/mm/prfile.c
new file mode 100644
index 0000000..6c145eb
--- /dev/null
+++ b/mm/prfile.c
@@ -0,0 +1,86 @@

113
debian/patches/features/all/aufs4/aufs4-standalone.patch vendored
View File

@ -8,11 +8,11 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch
aufs4.x-rcN standalone patch
diff --git a/fs/dcache.c b/fs/dcache.c
index bc261e2..8d7951d 100644
[bwh: Adjusted context for 4.2]
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -1269,6 +1269,7 @@ rename_retry:
@@ -1272,6 +1272,7 @@ rename_retry:
seq = 1;
goto again;
}
@ -20,11 +20,9 @@ index bc261e2..8d7951d 100644
/*
* Search for at least 1 mount point in the dentry's subdirs.
diff --git a/fs/file_table.c b/fs/file_table.c
index 294174d..3cea027 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -147,6 +147,7 @@ over:
@@ -146,6 +146,7 @@ over:
}
return ERR_PTR(-ENFILE);
}
@ -32,7 +30,7 @@ index 294174d..3cea027 100644
/**
* alloc_file - allocate and initialize a 'struct file'
@@ -308,6 +309,7 @@ void put_filp(struct file *file)
@@ -307,6 +308,7 @@ void put_filp(struct file *file)
file_free(file);
}
}
@ -40,11 +38,9 @@ index 294174d..3cea027 100644
void __init files_init(unsigned long mempages)
{
diff --git a/fs/inode.c b/fs/inode.c
index ea37cd1..58f5f58 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -58,6 +58,7 @@ static struct hlist_head *inode_hashtable __read_mostly;
@@ -58,6 +58,7 @@ static struct hlist_head *inode_hashtabl
static __cacheline_aligned_in_smp DEFINE_SPINLOCK(inode_hash_lock);
__cacheline_aligned_in_smp DEFINE_SPINLOCK(inode_sb_list_lock);
@ -52,11 +48,9 @@ index ea37cd1..58f5f58 100644
/*
* Empty aops. Can be used for the cases where the user does not
diff --git a/fs/namespace.c b/fs/namespace.c
index 1b9e111..d45b81b 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -463,6 +463,7 @@ void __mnt_drop_write(struct vfsmount *mnt)
@@ -463,6 +463,7 @@ void __mnt_drop_write(struct vfsmount *m
mnt_dec_writers(real_mount(mnt));
preempt_enable();
}
@ -64,7 +58,7 @@ index 1b9e111..d45b81b 100644
/**
* mnt_drop_write - give up write access to a mount
@@ -1768,6 +1769,7 @@ int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg,
@@ -1803,6 +1804,7 @@ int iterate_mounts(int (*f)(struct vfsmo
}
return 0;
}
@ -72,8 +66,6 @@ index 1b9e111..d45b81b 100644
static void cleanup_group_ids(struct mount *mnt, struct mount *end)
{
diff --git a/fs/notify/group.c b/fs/notify/group.c
index d16b62c..06ca6bc 100644
--- a/fs/notify/group.c
+++ b/fs/notify/group.c
@@ -22,6 +22,7 @@
@ -84,7 +76,7 @@ index d16b62c..06ca6bc 100644
#include <linux/fsnotify_backend.h>
#include "fsnotify.h"
@@ -72,6 +73,7 @@ void fsnotify_get_group(struct fsnotify_group *group)
@@ -72,6 +73,7 @@ void fsnotify_get_group(struct fsnotify_
{
atomic_inc(&group->refcnt);
}
@ -92,7 +84,7 @@ index d16b62c..06ca6bc 100644
/*
* Drop a reference to a group. Free it if it's through.
@@ -81,6 +83,7 @@ void fsnotify_put_group(struct fsnotify_group *group)
@@ -81,6 +83,7 @@ void fsnotify_put_group(struct fsnotify_
if (atomic_dec_and_test(&group->refcnt))
fsnotify_final_destroy_group(group);
}
@ -100,7 +92,7 @@ index d16b62c..06ca6bc 100644
/*
* Create a new fsnotify_group and hold a reference for the group returned.
@@ -109,6 +112,7 @@ struct fsnotify_group *fsnotify_alloc_group(const struct fsnotify_ops *ops)
@@ -109,6 +112,7 @@ struct fsnotify_group *fsnotify_alloc_gr
return group;
}
@ -108,11 +100,9 @@ index d16b62c..06ca6bc 100644
int fsnotify_fasync(int fd, struct file *file, int on)
{
diff --git a/fs/notify/mark.c b/fs/notify/mark.c
index 92e48c7..d2c4b68 100644
--- a/fs/notify/mark.c
+++ b/fs/notify/mark.c
@@ -109,6 +109,7 @@ void fsnotify_put_mark(struct fsnotify_mark *mark)
@@ -109,6 +109,7 @@ void fsnotify_put_mark(struct fsnotify_m
mark->free_mark(mark);
}
}
@ -120,7 +110,7 @@ index 92e48c7..d2c4b68 100644
/* Calculate mask of events for a list of marks */
u32 fsnotify_recalc_mask(struct hlist_head *head)
@@ -202,6 +203,7 @@ void fsnotify_destroy_mark(struct fsnotify_mark *mark,
@@ -202,6 +203,7 @@ void fsnotify_destroy_mark(struct fsnoti
fsnotify_destroy_mark_locked(mark, group);
mutex_unlock(&group->mark_mutex);
}
@ -136,7 +126,7 @@ index 92e48c7..d2c4b68 100644
int fsnotify_add_mark(struct fsnotify_mark *mark, struct fsnotify_group *group,
struct inode *inode, struct vfsmount *mnt, int allow_dups)
@@ -455,6 +458,7 @@ void fsnotify_init_mark(struct fsnotify_mark *mark,
@@ -455,6 +458,7 @@ void fsnotify_init_mark(struct fsnotify_
atomic_set(&mark->refcnt, 1);
mark->free_mark = free_mark;
}
@ -144,11 +134,9 @@ index 92e48c7..d2c4b68 100644
static int fsnotify_mark_destroy(void *ignored)
{
diff --git a/fs/open.c b/fs/open.c
index 98e5a52..a94e2e7 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -62,6 +62,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, l
mutex_unlock(&dentry->d_inode->i_mutex);
return ret;
}
@ -156,16 +144,14 @@ index 98e5a52..a94e2e7 100644
long vfs_truncate(struct path *path, loff_t length)
{
@@ -676,6 +677,7 @@ int open_check_o_direct(struct file *f)
@@ -678,6 +679,7 @@ int open_check_o_direct(struct file *f)
}
return 0;
}
+EXPORT_SYMBOL_GPL(open_check_o_direct);
static int do_dentry_open(struct file *f,
int (*open)(struct inode *, struct file *),
diff --git a/fs/read_write.c b/fs/read_write.c
index fd0414e..8ace6ec 100644
struct inode *inode,
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -504,6 +504,7 @@ vfs_readf_t vfs_readf(struct file *file)
@ -176,7 +162,7 @@ index fd0414e..8ace6ec 100644
vfs_writef_t vfs_writef(struct file *file)
{
@@ -515,6 +516,7 @@ vfs_writef_t vfs_writef(struct file *file)
@@ -515,6 +516,7 @@ vfs_writef_t vfs_writef(struct file *fil
return new_sync_write;
return ERR_PTR(-ENOSYS);
}
@ -184,11 +170,9 @@ index fd0414e..8ace6ec 100644
ssize_t __kernel_write(struct file *file, const char *buf, size_t count, loff_t *pos)
{
diff --git a/fs/splice.c b/fs/splice.c
index fa5eee5..bfb3324 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1114,6 +1114,7 @@ long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
@@ -1115,6 +1115,7 @@ long do_splice_from(struct pipe_inode_in
return splice_write(pipe, out, ppos, len, flags);
}
@ -196,7 +180,7 @@ index fa5eee5..bfb3324 100644
/*
* Attempt to initiate a splice from a file to a pipe.
@@ -1140,6 +1141,7 @@ long do_splice_to(struct file *in, loff_t *ppos,
@@ -1141,6 +1142,7 @@ long do_splice_to(struct file *in, loff_
return splice_read(in, ppos, pipe, len, flags);
}
@ -204,11 +188,9 @@ index fa5eee5..bfb3324 100644
/**
* splice_direct_to_actor - splices data directly between two non-pipes
diff --git a/fs/xattr.c b/fs/xattr.c
index 4ef6985..6bb6303 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -207,6 +207,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
@@ -207,6 +207,7 @@ vfs_getxattr_alloc(struct dentry *dentry
*xattr_value = value;
return error;
}
@ -216,11 +198,9 @@ index 4ef6985..6bb6303 100644
/* Compare an extended attribute value with the given value */
int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name,
diff --git a/security/commoncap.c b/security/commoncap.c
index f2875cd..ebf06ec 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -975,9 +975,11 @@ int cap_mmap_addr(unsigned long addr)
@@ -970,12 +970,14 @@ int cap_mmap_addr(unsigned long addr)
}
return ret;
}
@ -232,8 +212,9 @@ index f2875cd..ebf06ec 100644
return 0;
}
+EXPORT_SYMBOL_GPL(cap_mmap_file);
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 188c1d2..426d9af 100644
#ifdef CONFIG_SECURITY
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -7,6 +7,7 @@
@ -244,7 +225,7 @@ index 188c1d2..426d9af 100644
#include <linux/list.h>
#include <linux/uaccess.h>
#include <linux/seq_file.h>
@@ -849,6 +850,7 @@ int __devcgroup_inode_permission(struct inode *inode, int mask)
@@ -849,6 +850,7 @@ int __devcgroup_inode_permission(struct
return __devcgroup_check_permission(type, imajor(inode), iminor(inode),
access);
}
@ -252,75 +233,73 @@ index 188c1d2..426d9af 100644
int devcgroup_inode_mknod(int mode, dev_t dev)
{
diff --git a/security/security.c b/security/security.c
index 8e9b1f4..c1c7cd1 100644
--- a/security/security.c
+++ b/security/security.c
@@ -430,6 +430,7 @@ int security_path_rmdir(struct path *dir, struct dentry *dentry)
@@ -438,6 +438,7 @@ int security_path_rmdir(struct path *dir
return 0;
return security_ops->path_rmdir(dir, dentry);
return call_int_hook(path_rmdir, 0, dir, dentry);
}
+EXPORT_SYMBOL_GPL(security_path_rmdir);
int security_path_unlink(struct path *dir, struct dentry *dentry)
{
@@ -446,6 +447,7 @@ int security_path_symlink(struct path *dir, struct dentry *dentry,
@@ -454,6 +455,7 @@ int security_path_symlink(struct path *d
return 0;
return security_ops->path_symlink(dir, dentry, old_name);
return call_int_hook(path_symlink, 0, dir, dentry, old_name);
}
+EXPORT_SYMBOL_GPL(security_path_symlink);
int security_path_link(struct dentry *old_dentry, struct path *new_dir,
struct dentry *new_dentry)
@@ -454,6 +456,7 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
@@ -462,6 +464,7 @@ int security_path_link(struct dentry *ol
return 0;
return security_ops->path_link(old_dentry, new_dir, new_dentry);
return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);
}
+EXPORT_SYMBOL_GPL(security_path_link);
int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
struct path *new_dir, struct dentry *new_dentry,
@@ -481,6 +484,7 @@ int security_path_truncate(struct path *path)
@@ -489,6 +492,7 @@ int security_path_truncate(struct path *
return 0;
return security_ops->path_truncate(path);
return call_int_hook(path_truncate, 0, path);
}
+EXPORT_SYMBOL_GPL(security_path_truncate);
int security_path_chmod(struct path *path, umode_t mode)
{
@@ -488,6 +492,7 @@ int security_path_chmod(struct path *path, umode_t mode)
@@ -496,6 +500,7 @@ int security_path_chmod(struct path *pat
return 0;
return security_ops->path_chmod(path, mode);
return call_int_hook(path_chmod, 0, path, mode);
}
+EXPORT_SYMBOL_GPL(security_path_chmod);
int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
{
@@ -495,6 +500,7 @@ int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
@@ -503,6 +508,7 @@ int security_path_chown(struct path *pat
return 0;
return security_ops->path_chown(path, uid, gid);
return call_int_hook(path_chown, 0, path, uid, gid);
}
+EXPORT_SYMBOL_GPL(security_path_chown);
int security_path_chroot(struct path *path)
{
@@ -580,6 +586,7 @@ int security_inode_readlink(struct dentry *dentry)
@@ -588,6 +594,7 @@ int security_inode_readlink(struct dentr
return 0;
return security_ops->inode_readlink(dentry);
return call_int_hook(inode_readlink, 0, dentry);
}
+EXPORT_SYMBOL_GPL(security_inode_readlink);
int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd)
{
@@ -594,6 +601,7 @@ int security_inode_permission(struct inode *inode, int mask)
int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
bool rcu)
@@ -603,6 +610,7 @@ int security_inode_permission(struct ino
return 0;
return security_ops->inode_permission(inode, mask);
return call_int_hook(inode_permission, 0, inode, mask);
}
+EXPORT_SYMBOL_GPL(security_inode_permission);
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
{
@@ -716,6 +724,7 @@ int security_file_permission(struct file *file, int mask)
@@ -741,6 +749,7 @@ int security_file_permission(struct file
return fsnotify_perm(file, mask);
}
@ -328,7 +307,7 @@ index 8e9b1f4..c1c7cd1 100644
int security_file_alloc(struct file *file)
{
@@ -775,6 +784,7 @@ int security_mmap_file(struct file *file, unsigned long prot,
@@ -800,6 +809,7 @@ int security_mmap_file(struct file *file
return ret;
return ima_file_mmap(file, prot);
}

22
debian/patches/features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch vendored
View File

@ -7,12 +7,12 @@ Add a Loongson LS3A RS780E 1-way machine definition, which only differs
from other Loongson 3 based machines by the UART base clock speed.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
[bwh: Forward-ported to 3.19]
[bwh: Forward-ported to 4.2]
---
arch/mips/include/asm/bootinfo.h | 1 +
arch/mips/loongson/common/machtype.c | 1 +
arch/mips/loongson/common/serial.c | 1 +
arch/mips/loongson/common/uart_base.c | 1 +
arch/mips/include/asm/bootinfo.h | 1 +
arch/mips/loongson64/common/machtype.c | 1 +
arch/mips/loongson64/common/serial.c | 1 +
arch/mips/loongson64/common/uart_base.c | 1 +
4 files changed, 4 insertions(+)
--- a/arch/mips/include/asm/bootinfo.h
@ -25,8 +25,8 @@ Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
MACH_LOONGSON_END
};
--- a/arch/mips/loongson/common/machtype.c
+++ b/arch/mips/loongson/common/machtype.c
--- a/arch/mips/loongson64/common/machtype.c
+++ b/arch/mips/loongson64/common/machtype.c
@@ -28,6 +28,7 @@ static const char *system_types[] = {
[MACH_LEMOTE_NAS] = "lemote-nas-2f",
[MACH_LEMOTE_LL2F] = "lemote-lynloong-2f",
@ -35,8 +35,8 @@ Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
[MACH_LOONGSON_END] = NULL,
};
--- a/arch/mips/loongson/common/serial.c
+++ b/arch/mips/loongson/common/serial.c
--- a/arch/mips/loongson64/common/serial.c
+++ b/arch/mips/loongson64/common/serial.c
@@ -48,6 +48,7 @@ static struct plat_serial8250_port uart8
[MACH_LEMOTE_NAS] = {PORT_M(3, 3686400), {} },
[MACH_LEMOTE_LL2F] = {PORT(3, 1843200), {} },
@ -45,8 +45,8 @@ Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
[MACH_LOONGSON_END] = {},
};
--- a/arch/mips/loongson/common/uart_base.c
+++ b/arch/mips/loongson/common/uart_base.c
--- a/arch/mips/loongson64/common/uart_base.c
+++ b/arch/mips/loongson64/common/uart_base.c
@@ -25,6 +25,7 @@ void prom_init_loongson_uart_base(void)
{
switch (mips_machtype) {

70
debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch vendored
View File

@ -22,13 +22,13 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Documentation/kernel-parameters.txt | 4 ++++
arch/x86/Kconfig | 8 +++++++
arch/x86/include/asm/elf.h | 8 ++++++-
arch/x86/kernel/entry_64.S | 36 ++++++++++++++++++++++---------
arch/x86/kernel/syscall_64.c | 43 +++++++++++++++++++++++++++++++++++++
arch/x86/entry/entry_64.S | 36 ++++++++++++++++++++++---------
arch/x86/entry/syscall_64.c | 43 +++++++++++++++++++++++++++++++++++++
5 files changed, 88 insertions(+), 11 deletions(-)
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -3516,6 +3516,10 @@ bytes respectively. Such letter suffixes
@@ -3580,6 +3580,10 @@ bytes respectively. Such letter suffixes
switches= [HW,M68k]
@ -41,7 +41,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
on older distributions. When this option is enabled
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2540,6 +2540,14 @@ config X86_X32
@@ -2547,6 +2547,14 @@ config X86_X32
elf32_x86_64 support enabled to compile a kernel with this
option set.
@ -80,57 +80,57 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
#if __USER32_DS != __USER_DS
# error "The following code assumes __USER32_DS == __USER_DS"
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -252,8 +252,12 @@ system_call_fastpath:
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -178,8 +178,12 @@ entry_SYSCALL_64_fastpath:
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
cmpq $__NR_syscall_max, %rax
#else
- andl $__SYSCALL_MASK,%eax
- cmpl $__NR_syscall_max,%eax
+ .globl system_call_fast_compare
+ .globl system_call_fast_compare_end
- andl $__SYSCALL_MASK, %eax
- cmpl $__NR_syscall_max, %eax
+.global system_call_fast_compare
+.global system_call_fast_compare_end
+system_call_fast_compare:
+ cmpq $511,%rax /* x32 syscalls start at 512 */
+ .byte P6_NOP4
+ cmpq $511, %rax /* x32 syscalls start at 512 */
+ .byte P6_NOP4
+system_call_fast_compare_end:
#endif
ja 1f /* return -ENOSYS (already in pt_regs->ax) */
movq %r10,%rcx
@@ -337,8 +341,12 @@ tracesys_phase2:
ja 1f /* return -ENOSYS (already in pt_regs->ax) */
movq %r10, %rcx
@@ -257,8 +261,12 @@ tracesys_phase2:
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
cmpq $__NR_syscall_max, %rax
#else
- andl $__SYSCALL_MASK,%eax
- cmpl $__NR_syscall_max,%eax
+ .globl system_call_trace_compare
+ .globl system_call_trace_compare_end
- andl $__SYSCALL_MASK, %eax
- cmpl $__NR_syscall_max, %eax
+.global system_call_trace_compare
+.global system_call_trace_compare_end
+system_call_trace_compare:
+ cmpq $511,%rax /* x32 syscalls start at 512 */
+ .byte P6_NOP4
+ cmpq $511, %rax /* x32 syscalls start at 512 */
+ .byte P6_NOP4
+system_call_trace_compare_end:
#endif
ja 1f /* return -ENOSYS (already in pt_regs->ax) */
movq %r10,%rcx /* fixup for C */
@@ -488,6 +496,16 @@ opportunistic_sysret_failed:
END(system_call)
ja 1f /* return -ENOSYS (already in pt_regs->ax) */
movq %r10, %rcx /* fixup for C */
@@ -410,6 +418,16 @@ opportunistic_sysret_failed:
END(entry_SYSCALL_64)
+#if __SYSCALL_MASK != ~0
+ /* This replaces the usual comparisons if syscall.x32 is set */
+ .globl system_call_mask_compare
+ .globl system_call_mask_compare_end
+.global system_call_mask_compare
+.global system_call_mask_compare_end
+system_call_mask_compare:
+ andl $__SYSCALL_MASK,%eax
+ cmpl $__NR_syscall_max,%eax
+ andl $__SYSCALL_MASK, %eax
+ cmpl $__NR_syscall_max, %eax
+system_call_mask_compare_end:
+#endif
+
.macro FORK_LIKE func
ENTRY(stub_\func)
CFI_STARTPROC
--- a/arch/x86/kernel/syscall_64.c
+++ b/arch/x86/kernel/syscall_64.c
SAVE_EXTRA_REGS 8
--- a/arch/x86/entry/syscall_64.c
+++ b/arch/x86/entry/syscall_64.c
@@ -3,8 +3,14 @@
#include <linux/linkage.h>
#include <linux/sys.h>

10
debian/patches/series vendored
View File

@ -79,16 +79,6 @@ bugfix/all/kernel-doc-set-man-page-date.patch
# Miscellaneous features
features/all/efi-autoload-efi-pstore.patch
bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch
bugfix/x86/0003-x86-asm-entry-64-Remove-pointless-jump-to-irq_return.patch
bugfix/x86/0004-x86-nmi-Enable-nested-do_nmi-handling-for-64-bit-ker.patch
bugfix/x86/0005-x86-nmi-64-Remove-asm-code-that-saves-cr2.patch
bugfix/x86/0006-x86-nmi-64-Switch-stacks-on-userspace-NMI-entry.patch
bugfix/x86/0007-x86-nmi-64-Improve-nested-NMI-comments.patch
bugfix/x86/0008-x86-nmi-64-Reorder-nested-NMI-checks.patch
bugfix/x86/0009-x86-nmi-64-Use-DF-to-avoid-userspace-RSP-confusing-n.patch
bugfix/all/keys-ensure-we-free-the-assoc-array-edit-if-edit-is-valid.patch
bugfix/s390/s390-cachinfo-add-missing-facility-check-to-init_cache_level.patch
bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch
# Hardening from grsecurity