debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

Update to 4.7.3

This commit is contained in:
Ben Hutchings 2016-09-07 22:07:27 +01:00
parent fe8cdc6d83
commit 7dd9d01ac5
5 changed files with 118 additions and 168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
debian/changelog vendored
View File

@ -1,5 +1,122 @@
linux (4.7.2-2) UNRELEASED; urgency=medium
linux (4.7.3-1) UNRELEASED; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.3
- [x86] mm: Disable preemption during CR3 read+write
- [x86] uprobes: Fix RIP-relative handling of EVEX-encoded instructions
- [x86] platform/uv: Skip UV runtime services mapping in the
efi_runtime_disabled case
- SUNRPC: Handle EADDRNOTAVAIL on connection failures
- SUNRPC: allow for upcalls for same uid but different gss service
- [x86] ALSA: hda - Manage power well properly for resume
- efi/capsule: Allocate whole capsule into virtual memory
- virtio: fix memory leak in virtqueue_add()
- vfio/pci: Fix NULL pointer oops in error interrupt setup handling
- tracing: Fix tick_stop tracepoint symbols for user export
- [x86] perf intel-pt: Fix occasional decoding errors when tracing
system-wide
- [amd64] libnvdimm, nd_blk: mask off reserved status bits
- ACPI: CPPC: Return error if _CPC is invalid on a CPU
- ACPI / CPPC: Prevent cpc_desc_ptr points to the invalid data
- genirq/msi: Remove unused MSI_FLAG_IDENTITY_MAP
- genirq/msi: Make sure PCI MSIs are activated early
- usb: ehci: change order of register cleanup during shutdown
- usb: devio, do not warn when allocation fails
- usb: misc: usbtest: add fix for driver hang
- usb: misc: usbtest: usbtest_do_ioctl may return positive integer
- usb: dwc3: gadget: increment request->actual once
- usb: dwc3: gadget: fix for short pkts during chained xfers
- usb: dwc3: gadget: always cleanup all TRBs
- usb: hub: Fix unbalanced reference count/memory leak/deadlocks
- USB: hub: fix up early-exit pathway in hub_activate
- USB: hub: change the locking in hub_activate
- USB: validate wMaxPacketValue entries in endpoint descriptors
- usb/gadget: fix gadgetfs aio support.
- xhci: always handle "Command Ring Stopped" events
- usb: xhci: Fix panic if disconnect
- xhci: don't dereference a xhci member after removing xhci
- USB: serial: fix memleak in driver-registration error path
- uprobes: Fix the memcg accounting
- perf symbols: Fix annotation of objects with debuginfo files
- perf/core: Fix event_function_local()
- perf tools mem: Fix -t store option for record command
- iommu/dma: Don't put uninitialised IOVA domains
- [armhf] iommu/io-pgtable-arm-v7s: Fix attributes when splitting blocks
- [armhf,arm64] iommu/arm-smmu: Fix CMDQ error handling
- [armhf,arm64] iommu/arm-smmu: Disable stalling faults for all endpoints
- [armhf,arm64] iommu/arm-smmu: Don't BUG() if we find aborting STEs with
disable_bypass
- [x86] pinctrl/amd: Remove the default de-bounce time
- i2c: mux: demux-pinctrl: properly roll back when adding adapter fails
- [s390x] dasd: fix hanging device after clear subchannel
- mac80211: fix purging multicast PS buffer queue
- [arm64] kernel: avoid literal load of virtual address with MMU off
- [arm64] avoid TLB conflict with CONFIG_RANDOMIZE_BASE
- [arm64] dts: rockchip: add reset saradc node for rk3368 SoCs
- [arm64] kernel: Fix unmasked debug exceptions when restoring mdscr_el1
- of: fix reference counting in of_graph_get_endpoint_by_regs
- iio: fix sched WARNING "do not call blocking ops when !TASK_RUNNING"
- [x86] drm/amdgpu: Change GART offset to 64-bit
- [x86] drm/amdgpu: fix amdgpu_move_blit on 32bit systems
- [x86] drm/amdgpu: fix lru size grouping v2
- [x86] drm/amdgpu: avoid a possible array overflow
- [x86] drm/amdgpu: skip TV/CV in display parsing
- [x86] drm/amd/amdgpu: sdma resume fail during S4 on CI
- [x86] drm/amd/amdgpu: compute ring test fail during S4 on CI
- [x86] drm/amdgpu: record error code when ring test failed
- [x86] drm/i915: Fix iboost setting for DDI with 4 lanes on SKL
- [x86] drm/i915: Program iboost settings for HDMI/DVI on SKL
- [x86] drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation
entry 2
- [x86] drm/i915: Acquire audio powerwell for HD-Audio registers
- [x86] drm/i915: fix aliasing_ppgtt leak
- [x86] drm/i915/vlv: Make intel_crt_reset() per-encoder
- [x86] drm/i915/vlv: Reset the ADPA in vlv_display_power_well_init()
- [x86] drm/i915/vlv: Disable HPD in valleyview_crt_detect_hotplug()
- [x86] drm/i915: Enable polling when we don't have hpd
- [arm64] mfd: cros_ec: Add cros_ec_cmd_xfer_status() helper
- [arm64] i2c: cros-ec-tunnel: Fix usage of cros_ec_cmd_xfer()
- cdc-acm: fix wrong pipe type on rx interrupt xfers
- mpt3sas: Fix resume on WarpDrive flash cards
- megaraid_sas: Fix probing cards without io port
- dm round robin: do not use this_cpu_ptr() without having preemption
disabled
- gpio: Fix OF build problem on UM
- fs/seq_file: fix out-of-bounds read
- soft_dirty: fix soft_dirty during THP split
- [amd64] dax: fix device-dax region base
- [amd64] mm: silently skip readahead for DAX inodes
- btrfs: waiting on qgroup rescan should not always be interruptible
- btrfs: properly track when rescan worker is running
- btrfs: don't create or leak aliased root while cleaning up orphans
- Revert "floppy: fix open(O_ACCMODE) for ioctl-only open"
- Input: synaptics-rmi4 - fix register descriptor subpacket map construction
- Input: i8042 - break load dependency between atkbd/psmouse and i8042
- Input: i8042 - set up shared ps2_cmd_mutex for AUX ports
- [x86] crypto: qat - fix aes-xts key sizes
- USB: avoid left shift by -1
- usb: chipidea: udc: don't touch DP when controller is in host mode
- USB: fix typo in wMaxPacketSize validation
- usb: gadget: udc: core: don't starve DMA resources
- USB: serial: mos7720: fix non-atomic allocation in write path
- USB: serial: mos7840: fix non-atomic allocation in write path
- [x86] staging/lustre/llite: Close atomic_open race with several openers
- [x86] staging: comedi: daqboard2000: bug fix board type matching code
- [x86] staging: comedi: comedi_test: fix timer race conditions
- [x86] staging: comedi: ni_mio_common: fix AO inttrig backwards
compatibility
- [x86] staging: comedi: ni_mio_common: fix wrong insn_write handler
- ACPI / drivers: fix typo in ACPI_DECLARE_PROBE_ENTRY macro
- ACPI / drivers: replace acpi_probe_lock spinlock with mutex
- ALSA: line6: Remove double line6_pcm_release() after failed acquire.
- ALSA: line6: Give up on the lock while URBs are released.
- ALSA: line6: Fix POD sysfs attributes segfault
- hwmon: (it87) Add missing sysfs attribute group terminator
- hwmon: (iio_hwmon) fix memory leak in name attribute
- sysfs: correctly handle read offset on PREALLOC attrs
- SUNRPC: Fix infinite looping in rpc_clnt_iterate_for_each_xprt
[ Ben Hutchings ]
* [arm64] Add cpu_to_fdt32() when setting Secure Boot flag in FDT
-- Ben Hutchings <ben@decadent.org.uk> Sat, 03 Sep 2016 18:34:31 +0100

62
debian/patches/bugfix/all/aacraid-check-size-values-after-double-fetch-from-us.patch vendored
View File

@ -1,62 +0,0 @@
From: Dave Carroll <david.carroll@microsemi.com>
Date: Fri, 5 Aug 2016 13:44:10 -0600
Subject: aacraid: Check size values after double-fetch from user
Origin: https://git.kernel.org/linus/fa00c437eef8dc2e7b25f8cd868cfa405fcc2bb3
In aacraid's ioctl_send_fib() we do two fetches from userspace, one the
get the fib header's size and one for the fib itself. Later we use the
size field from the second fetch to further process the fib. If for some
reason the size from the second fetch is different than from the first
fix, we may encounter an out-of- bounds access in aac_fib_send(). We
also check the sender size to insure it is not out of bounds. This was
reported in https://bugzilla.kernel.org/show_bug.cgi?id=116751 and was
assigned CVE-2016-6480.
Reported-by: Pengfei Wang <wpengfeinudt@gmail.com>
Fixes: 7c00ffa31 '[SCSI] 2.6 aacraid: Variable FIB size (updated patch)'
Cc: stable@vger.kernel.org
Signed-off-by: Dave Carroll <david.carroll@microsemi.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
---
drivers/scsi/aacraid/commctrl.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
index b381b3718a98..5648b715fed9 100644
--- a/drivers/scsi/aacraid/commctrl.c
+++ b/drivers/scsi/aacraid/commctrl.c
@@ -63,7 +63,7 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg)
struct fib *fibptr;
struct hw_fib * hw_fib = (struct hw_fib *)0;
dma_addr_t hw_fib_pa = (dma_addr_t)0LL;
- unsigned size;
+ unsigned int size, osize;
int retval;
if (dev->in_reset) {
@@ -87,7 +87,8 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg)
* will not overrun the buffer when we copy the memory. Return
* an error if we would.
*/
- size = le16_to_cpu(kfib->header.Size) + sizeof(struct aac_fibhdr);
+ osize = size = le16_to_cpu(kfib->header.Size) +
+ sizeof(struct aac_fibhdr);
if (size < le16_to_cpu(kfib->header.SenderSize))
size = le16_to_cpu(kfib->header.SenderSize);
if (size > dev->max_fib_size) {
@@ -118,6 +119,14 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg)
goto cleanup;
}
+ /* Sanity check the second copy */
+ if ((osize != le16_to_cpu(kfib->header.Size) +
+ sizeof(struct aac_fibhdr))
+ || (size < le16_to_cpu(kfib->header.SenderSize))) {
+ retval = -EINVAL;
+ goto cleanup;
+ }
+
if (kfib->header.Command == cpu_to_le16(TakeABreakPt)) {
aac_adapter_interrupt(dev);
/*

64
debian/patches/bugfix/parisc/parisc-fix-automatic-selection-of-cr16-clocksource.patch vendored
View File

@ -1,64 +0,0 @@
From: Helge Deller <deller@gmx.de>
Date: Fri, 19 Aug 2016 22:39:02 +0200
Subject: [1/2] parisc: Fix automatic selection of cr16 clocksource
Origin: https://git.kernel.org/linus/ae141830b118c3fb5b7eab6fa7c8ab7b7224b0a4
Commit 54b66800907 (parisc: Add native high-resolution sched_clock()
implementation) added support to use the CPU-internal cr16 counters as reliable
clocksource with the help of HAVE_UNSTABLE_SCHED_CLOCK.
Sadly the commit missed to remove the hack which prevented cr16 to become the
default clocksource even on SMP systems.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org # 4.7+
---
arch/parisc/kernel/processor.c | 8 --------
arch/parisc/kernel/time.c | 12 ------------
2 files changed, 20 deletions(-)
--- a/arch/parisc/kernel/processor.c
+++ b/arch/parisc/kernel/processor.c
@@ -51,8 +51,6 @@ EXPORT_SYMBOL(_parisc_requires_coherency
DEFINE_PER_CPU(struct cpuinfo_parisc, cpu_data);
-extern int update_cr16_clocksource(void); /* from time.c */
-
/*
** PARISC CPU driver - claim "device" and initialize CPU data structures.
**
@@ -228,12 +226,6 @@ static int processor_probe(struct parisc
}
#endif
- /* If we've registered more than one cpu,
- * we'll use the jiffies clocksource since cr16
- * is not synchronized between CPUs.
- */
- update_cr16_clocksource();
-
return 0;
}
--- a/arch/parisc/kernel/time.c
+++ b/arch/parisc/kernel/time.c
@@ -220,18 +220,6 @@ static struct clocksource clocksource_cr
.flags = CLOCK_SOURCE_IS_CONTINUOUS,
};
-int update_cr16_clocksource(void)
-{
- /* since the cr16 cycle counters are not synchronized across CPUs,
- we'll check if we should switch to a safe clocksource: */
- if (clocksource_cr16.rating != 0 && num_online_cpus() > 1) {
- clocksource_change_rating(&clocksource_cr16, 0);
- return 1;
- }
-
- return 0;
-}
-
void __init start_cpu_itimer(void)
{
unsigned int cpu = smp_processor_id();

38
debian/patches/bugfix/parisc/parisc-fix-order-of-erefused-define-in-errno.h.patch vendored
View File

@ -1,38 +0,0 @@
From: Helge Deller <deller@gmx.de>
Date: Sat, 20 Aug 2016 11:51:38 +0200
Subject: [2/2] parisc: Fix order of EREFUSED define in errno.h
Origin: https://git.kernel.org/linus/3eb53b20d7bd1374598cfb1feaa081fcac0e76cd
When building gccgo in userspace, errno.h gets parsed and the go include file
sysinfo.go is generated.
Since EREFUSED is defined to the same value as ECONNREFUSED, and ECONNREFUSED
is defined later on in errno.h, this leads to go complaining that EREFUSED
isn't defined yet.
Fix this trivial problem by moving the define of EREFUSED down after
ECONNREFUSED in errno.h (and clean up the indenting while touching this line).
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org
---
arch/parisc/include/uapi/asm/errno.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/parisc/include/uapi/asm/errno.h b/arch/parisc/include/uapi/asm/errno.h
index c0ae62520d15..274d5bc6ecce 100644
--- a/arch/parisc/include/uapi/asm/errno.h
+++ b/arch/parisc/include/uapi/asm/errno.h
@@ -97,10 +97,10 @@
#define ENOTCONN 235 /* Transport endpoint is not connected */
#define ESHUTDOWN 236 /* Cannot send after transport endpoint shutdown */
#define ETOOMANYREFS 237 /* Too many references: cannot splice */
-#define EREFUSED ECONNREFUSED /* for HP's NFS apparently */
#define ETIMEDOUT 238 /* Connection timed out */
#define ECONNREFUSED 239 /* Connection refused */
-#define EREMOTERELEASE 240 /* Remote peer released connection */
+#define EREFUSED ECONNREFUSED /* for HP's NFS apparently */
+#define EREMOTERELEASE 240 /* Remote peer released connection */
#define EHOSTDOWN 241 /* Host is down */
#define EHOSTUNREACH 242 /* No route to host */

3
debian/patches/series vendored
View File

@ -45,8 +45,6 @@ bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch
debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch
# Arch bug fixes
bugfix/parisc/parisc-fix-automatic-selection-of-cr16-clocksource.patch
bugfix/parisc/parisc-fix-order-of-erefused-define-in-errno.h.patch
# Arch features
features/mips/MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch
@ -112,7 +110,6 @@ features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.pa
bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/all/tcp-fix-use-after-free-in-tcp_xmit_retransmit_queue.patch
bugfix/all/aacraid-check-size-values-after-double-fetch-from-us.patch
# ABI maintenance