Update to 4.7.3
This commit is contained in:
parent
fe8cdc6d83
commit
7dd9d01ac5
|
@ -1,5 +1,122 @@
|
|||
linux (4.7.2-2) UNRELEASED; urgency=medium
|
||||
linux (4.7.3-1) UNRELEASED; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.3
|
||||
- [x86] mm: Disable preemption during CR3 read+write
|
||||
- [x86] uprobes: Fix RIP-relative handling of EVEX-encoded instructions
|
||||
- [x86] platform/uv: Skip UV runtime services mapping in the
|
||||
efi_runtime_disabled case
|
||||
- SUNRPC: Handle EADDRNOTAVAIL on connection failures
|
||||
- SUNRPC: allow for upcalls for same uid but different gss service
|
||||
- [x86] ALSA: hda - Manage power well properly for resume
|
||||
- efi/capsule: Allocate whole capsule into virtual memory
|
||||
- virtio: fix memory leak in virtqueue_add()
|
||||
- vfio/pci: Fix NULL pointer oops in error interrupt setup handling
|
||||
- tracing: Fix tick_stop tracepoint symbols for user export
|
||||
- [x86] perf intel-pt: Fix occasional decoding errors when tracing
|
||||
system-wide
|
||||
- [amd64] libnvdimm, nd_blk: mask off reserved status bits
|
||||
- ACPI: CPPC: Return error if _CPC is invalid on a CPU
|
||||
- ACPI / CPPC: Prevent cpc_desc_ptr points to the invalid data
|
||||
- genirq/msi: Remove unused MSI_FLAG_IDENTITY_MAP
|
||||
- genirq/msi: Make sure PCI MSIs are activated early
|
||||
- usb: ehci: change order of register cleanup during shutdown
|
||||
- usb: devio, do not warn when allocation fails
|
||||
- usb: misc: usbtest: add fix for driver hang
|
||||
- usb: misc: usbtest: usbtest_do_ioctl may return positive integer
|
||||
- usb: dwc3: gadget: increment request->actual once
|
||||
- usb: dwc3: gadget: fix for short pkts during chained xfers
|
||||
- usb: dwc3: gadget: always cleanup all TRBs
|
||||
- usb: hub: Fix unbalanced reference count/memory leak/deadlocks
|
||||
- USB: hub: fix up early-exit pathway in hub_activate
|
||||
- USB: hub: change the locking in hub_activate
|
||||
- USB: validate wMaxPacketValue entries in endpoint descriptors
|
||||
- usb/gadget: fix gadgetfs aio support.
|
||||
- xhci: always handle "Command Ring Stopped" events
|
||||
- usb: xhci: Fix panic if disconnect
|
||||
- xhci: don't dereference a xhci member after removing xhci
|
||||
- USB: serial: fix memleak in driver-registration error path
|
||||
- uprobes: Fix the memcg accounting
|
||||
- perf symbols: Fix annotation of objects with debuginfo files
|
||||
- perf/core: Fix event_function_local()
|
||||
- perf tools mem: Fix -t store option for record command
|
||||
- iommu/dma: Don't put uninitialised IOVA domains
|
||||
- [armhf] iommu/io-pgtable-arm-v7s: Fix attributes when splitting blocks
|
||||
- [armhf,arm64] iommu/arm-smmu: Fix CMDQ error handling
|
||||
- [armhf,arm64] iommu/arm-smmu: Disable stalling faults for all endpoints
|
||||
- [armhf,arm64] iommu/arm-smmu: Don't BUG() if we find aborting STEs with
|
||||
disable_bypass
|
||||
- [x86] pinctrl/amd: Remove the default de-bounce time
|
||||
- i2c: mux: demux-pinctrl: properly roll back when adding adapter fails
|
||||
- [s390x] dasd: fix hanging device after clear subchannel
|
||||
- mac80211: fix purging multicast PS buffer queue
|
||||
- [arm64] kernel: avoid literal load of virtual address with MMU off
|
||||
- [arm64] avoid TLB conflict with CONFIG_RANDOMIZE_BASE
|
||||
- [arm64] dts: rockchip: add reset saradc node for rk3368 SoCs
|
||||
- [arm64] kernel: Fix unmasked debug exceptions when restoring mdscr_el1
|
||||
- of: fix reference counting in of_graph_get_endpoint_by_regs
|
||||
- iio: fix sched WARNING "do not call blocking ops when !TASK_RUNNING"
|
||||
- [x86] drm/amdgpu: Change GART offset to 64-bit
|
||||
- [x86] drm/amdgpu: fix amdgpu_move_blit on 32bit systems
|
||||
- [x86] drm/amdgpu: fix lru size grouping v2
|
||||
- [x86] drm/amdgpu: avoid a possible array overflow
|
||||
- [x86] drm/amdgpu: skip TV/CV in display parsing
|
||||
- [x86] drm/amd/amdgpu: sdma resume fail during S4 on CI
|
||||
- [x86] drm/amd/amdgpu: compute ring test fail during S4 on CI
|
||||
- [x86] drm/amdgpu: record error code when ring test failed
|
||||
- [x86] drm/i915: Fix iboost setting for DDI with 4 lanes on SKL
|
||||
- [x86] drm/i915: Program iboost settings for HDMI/DVI on SKL
|
||||
- [x86] drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation
|
||||
entry 2
|
||||
- [x86] drm/i915: Acquire audio powerwell for HD-Audio registers
|
||||
- [x86] drm/i915: fix aliasing_ppgtt leak
|
||||
- [x86] drm/i915/vlv: Make intel_crt_reset() per-encoder
|
||||
- [x86] drm/i915/vlv: Reset the ADPA in vlv_display_power_well_init()
|
||||
- [x86] drm/i915/vlv: Disable HPD in valleyview_crt_detect_hotplug()
|
||||
- [x86] drm/i915: Enable polling when we don't have hpd
|
||||
- [arm64] mfd: cros_ec: Add cros_ec_cmd_xfer_status() helper
|
||||
- [arm64] i2c: cros-ec-tunnel: Fix usage of cros_ec_cmd_xfer()
|
||||
- cdc-acm: fix wrong pipe type on rx interrupt xfers
|
||||
- mpt3sas: Fix resume on WarpDrive flash cards
|
||||
- megaraid_sas: Fix probing cards without io port
|
||||
- dm round robin: do not use this_cpu_ptr() without having preemption
|
||||
disabled
|
||||
- gpio: Fix OF build problem on UM
|
||||
- fs/seq_file: fix out-of-bounds read
|
||||
- soft_dirty: fix soft_dirty during THP split
|
||||
- [amd64] dax: fix device-dax region base
|
||||
- [amd64] mm: silently skip readahead for DAX inodes
|
||||
- btrfs: waiting on qgroup rescan should not always be interruptible
|
||||
- btrfs: properly track when rescan worker is running
|
||||
- btrfs: don't create or leak aliased root while cleaning up orphans
|
||||
- Revert "floppy: fix open(O_ACCMODE) for ioctl-only open"
|
||||
- Input: synaptics-rmi4 - fix register descriptor subpacket map construction
|
||||
- Input: i8042 - break load dependency between atkbd/psmouse and i8042
|
||||
- Input: i8042 - set up shared ps2_cmd_mutex for AUX ports
|
||||
- [x86] crypto: qat - fix aes-xts key sizes
|
||||
- USB: avoid left shift by -1
|
||||
- usb: chipidea: udc: don't touch DP when controller is in host mode
|
||||
- USB: fix typo in wMaxPacketSize validation
|
||||
- usb: gadget: udc: core: don't starve DMA resources
|
||||
- USB: serial: mos7720: fix non-atomic allocation in write path
|
||||
- USB: serial: mos7840: fix non-atomic allocation in write path
|
||||
- [x86] staging/lustre/llite: Close atomic_open race with several openers
|
||||
- [x86] staging: comedi: daqboard2000: bug fix board type matching code
|
||||
- [x86] staging: comedi: comedi_test: fix timer race conditions
|
||||
- [x86] staging: comedi: ni_mio_common: fix AO inttrig backwards
|
||||
compatibility
|
||||
- [x86] staging: comedi: ni_mio_common: fix wrong insn_write handler
|
||||
- ACPI / drivers: fix typo in ACPI_DECLARE_PROBE_ENTRY macro
|
||||
- ACPI / drivers: replace acpi_probe_lock spinlock with mutex
|
||||
- ALSA: line6: Remove double line6_pcm_release() after failed acquire.
|
||||
- ALSA: line6: Give up on the lock while URBs are released.
|
||||
- ALSA: line6: Fix POD sysfs attributes segfault
|
||||
- hwmon: (it87) Add missing sysfs attribute group terminator
|
||||
- hwmon: (iio_hwmon) fix memory leak in name attribute
|
||||
- sysfs: correctly handle read offset on PREALLOC attrs
|
||||
- SUNRPC: Fix infinite looping in rpc_clnt_iterate_for_each_xprt
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* [arm64] Add cpu_to_fdt32() when setting Secure Boot flag in FDT
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Sat, 03 Sep 2016 18:34:31 +0100
|
||||
|
|
|
@ -1,62 +0,0 @@
|
|||
From: Dave Carroll <david.carroll@microsemi.com>
|
||||
Date: Fri, 5 Aug 2016 13:44:10 -0600
|
||||
Subject: aacraid: Check size values after double-fetch from user
|
||||
Origin: https://git.kernel.org/linus/fa00c437eef8dc2e7b25f8cd868cfa405fcc2bb3
|
||||
|
||||
In aacraid's ioctl_send_fib() we do two fetches from userspace, one the
|
||||
get the fib header's size and one for the fib itself. Later we use the
|
||||
size field from the second fetch to further process the fib. If for some
|
||||
reason the size from the second fetch is different than from the first
|
||||
fix, we may encounter an out-of- bounds access in aac_fib_send(). We
|
||||
also check the sender size to insure it is not out of bounds. This was
|
||||
reported in https://bugzilla.kernel.org/show_bug.cgi?id=116751 and was
|
||||
assigned CVE-2016-6480.
|
||||
|
||||
Reported-by: Pengfei Wang <wpengfeinudt@gmail.com>
|
||||
Fixes: 7c00ffa31 '[SCSI] 2.6 aacraid: Variable FIB size (updated patch)'
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Dave Carroll <david.carroll@microsemi.com>
|
||||
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
|
||||
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
||||
---
|
||||
drivers/scsi/aacraid/commctrl.c | 13 +++++++++++--
|
||||
1 file changed, 11 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
|
||||
index b381b3718a98..5648b715fed9 100644
|
||||
--- a/drivers/scsi/aacraid/commctrl.c
|
||||
+++ b/drivers/scsi/aacraid/commctrl.c
|
||||
@@ -63,7 +63,7 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg)
|
||||
struct fib *fibptr;
|
||||
struct hw_fib * hw_fib = (struct hw_fib *)0;
|
||||
dma_addr_t hw_fib_pa = (dma_addr_t)0LL;
|
||||
- unsigned size;
|
||||
+ unsigned int size, osize;
|
||||
int retval;
|
||||
|
||||
if (dev->in_reset) {
|
||||
@@ -87,7 +87,8 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg)
|
||||
* will not overrun the buffer when we copy the memory. Return
|
||||
* an error if we would.
|
||||
*/
|
||||
- size = le16_to_cpu(kfib->header.Size) + sizeof(struct aac_fibhdr);
|
||||
+ osize = size = le16_to_cpu(kfib->header.Size) +
|
||||
+ sizeof(struct aac_fibhdr);
|
||||
if (size < le16_to_cpu(kfib->header.SenderSize))
|
||||
size = le16_to_cpu(kfib->header.SenderSize);
|
||||
if (size > dev->max_fib_size) {
|
||||
@@ -118,6 +119,14 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
+ /* Sanity check the second copy */
|
||||
+ if ((osize != le16_to_cpu(kfib->header.Size) +
|
||||
+ sizeof(struct aac_fibhdr))
|
||||
+ || (size < le16_to_cpu(kfib->header.SenderSize))) {
|
||||
+ retval = -EINVAL;
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
if (kfib->header.Command == cpu_to_le16(TakeABreakPt)) {
|
||||
aac_adapter_interrupt(dev);
|
||||
/*
|
|
@ -1,64 +0,0 @@
|
|||
From: Helge Deller <deller@gmx.de>
|
||||
Date: Fri, 19 Aug 2016 22:39:02 +0200
|
||||
Subject: [1/2] parisc: Fix automatic selection of cr16 clocksource
|
||||
Origin: https://git.kernel.org/linus/ae141830b118c3fb5b7eab6fa7c8ab7b7224b0a4
|
||||
|
||||
Commit 54b66800907 (parisc: Add native high-resolution sched_clock()
|
||||
implementation) added support to use the CPU-internal cr16 counters as reliable
|
||||
clocksource with the help of HAVE_UNSTABLE_SCHED_CLOCK.
|
||||
|
||||
Sadly the commit missed to remove the hack which prevented cr16 to become the
|
||||
default clocksource even on SMP systems.
|
||||
|
||||
Signed-off-by: Helge Deller <deller@gmx.de>
|
||||
Cc: stable@vger.kernel.org # 4.7+
|
||||
---
|
||||
arch/parisc/kernel/processor.c | 8 --------
|
||||
arch/parisc/kernel/time.c | 12 ------------
|
||||
2 files changed, 20 deletions(-)
|
||||
|
||||
--- a/arch/parisc/kernel/processor.c
|
||||
+++ b/arch/parisc/kernel/processor.c
|
||||
@@ -51,8 +51,6 @@ EXPORT_SYMBOL(_parisc_requires_coherency
|
||||
|
||||
DEFINE_PER_CPU(struct cpuinfo_parisc, cpu_data);
|
||||
|
||||
-extern int update_cr16_clocksource(void); /* from time.c */
|
||||
-
|
||||
/*
|
||||
** PARISC CPU driver - claim "device" and initialize CPU data structures.
|
||||
**
|
||||
@@ -228,12 +226,6 @@ static int processor_probe(struct parisc
|
||||
}
|
||||
#endif
|
||||
|
||||
- /* If we've registered more than one cpu,
|
||||
- * we'll use the jiffies clocksource since cr16
|
||||
- * is not synchronized between CPUs.
|
||||
- */
|
||||
- update_cr16_clocksource();
|
||||
-
|
||||
return 0;
|
||||
}
|
||||
|
||||
--- a/arch/parisc/kernel/time.c
|
||||
+++ b/arch/parisc/kernel/time.c
|
||||
@@ -220,18 +220,6 @@ static struct clocksource clocksource_cr
|
||||
.flags = CLOCK_SOURCE_IS_CONTINUOUS,
|
||||
};
|
||||
|
||||
-int update_cr16_clocksource(void)
|
||||
-{
|
||||
- /* since the cr16 cycle counters are not synchronized across CPUs,
|
||||
- we'll check if we should switch to a safe clocksource: */
|
||||
- if (clocksource_cr16.rating != 0 && num_online_cpus() > 1) {
|
||||
- clocksource_change_rating(&clocksource_cr16, 0);
|
||||
- return 1;
|
||||
- }
|
||||
-
|
||||
- return 0;
|
||||
-}
|
||||
-
|
||||
void __init start_cpu_itimer(void)
|
||||
{
|
||||
unsigned int cpu = smp_processor_id();
|
|
@ -1,38 +0,0 @@
|
|||
From: Helge Deller <deller@gmx.de>
|
||||
Date: Sat, 20 Aug 2016 11:51:38 +0200
|
||||
Subject: [2/2] parisc: Fix order of EREFUSED define in errno.h
|
||||
Origin: https://git.kernel.org/linus/3eb53b20d7bd1374598cfb1feaa081fcac0e76cd
|
||||
|
||||
When building gccgo in userspace, errno.h gets parsed and the go include file
|
||||
sysinfo.go is generated.
|
||||
|
||||
Since EREFUSED is defined to the same value as ECONNREFUSED, and ECONNREFUSED
|
||||
is defined later on in errno.h, this leads to go complaining that EREFUSED
|
||||
isn't defined yet.
|
||||
|
||||
Fix this trivial problem by moving the define of EREFUSED down after
|
||||
ECONNREFUSED in errno.h (and clean up the indenting while touching this line).
|
||||
|
||||
Signed-off-by: Helge Deller <deller@gmx.de>
|
||||
Cc: stable@vger.kernel.org
|
||||
---
|
||||
arch/parisc/include/uapi/asm/errno.h | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/arch/parisc/include/uapi/asm/errno.h b/arch/parisc/include/uapi/asm/errno.h
|
||||
index c0ae62520d15..274d5bc6ecce 100644
|
||||
--- a/arch/parisc/include/uapi/asm/errno.h
|
||||
+++ b/arch/parisc/include/uapi/asm/errno.h
|
||||
@@ -97,10 +97,10 @@
|
||||
#define ENOTCONN 235 /* Transport endpoint is not connected */
|
||||
#define ESHUTDOWN 236 /* Cannot send after transport endpoint shutdown */
|
||||
#define ETOOMANYREFS 237 /* Too many references: cannot splice */
|
||||
-#define EREFUSED ECONNREFUSED /* for HP's NFS apparently */
|
||||
#define ETIMEDOUT 238 /* Connection timed out */
|
||||
#define ECONNREFUSED 239 /* Connection refused */
|
||||
-#define EREMOTERELEASE 240 /* Remote peer released connection */
|
||||
+#define EREFUSED ECONNREFUSED /* for HP's NFS apparently */
|
||||
+#define EREMOTERELEASE 240 /* Remote peer released connection */
|
||||
#define EHOSTDOWN 241 /* Host is down */
|
||||
#define EHOSTUNREACH 242 /* No route to host */
|
||||
|
|
@ -45,8 +45,6 @@ bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch
|
|||
debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch
|
||||
|
||||
# Arch bug fixes
|
||||
bugfix/parisc/parisc-fix-automatic-selection-of-cr16-clocksource.patch
|
||||
bugfix/parisc/parisc-fix-order-of-erefused-define-in-errno.h.patch
|
||||
|
||||
# Arch features
|
||||
features/mips/MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch
|
||||
|
@ -112,7 +110,6 @@ features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.pa
|
|||
bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch
|
||||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||
bugfix/all/tcp-fix-use-after-free-in-tcp_xmit_retransmit_queue.patch
|
||||
bugfix/all/aacraid-check-size-values-after-double-fetch-from-us.patch
|
||||
|
||||
# ABI maintenance
|
||||
|
||||
|
|
Loading…
Reference in New Issue