debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

Update to 4.19.37 

* Refresh/drop patches as appropriate
This commit is contained in:
Ben Hutchings 2019-04-28 18:55:53 +01:00
parent ad494c2131
commit 7ebc9f9504
10 changed files with 316 additions and 289 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

292
debian/changelog vendored
View File

@ -1,4 +1,4 @@
linux (4.19.34-1) UNRELEASED; urgency=medium
linux (4.19.37-1) UNRELEASED; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.29
@ -478,7 +478,6 @@ linux (4.19.34-1) UNRELEASED; urgency=medium
- loop: access lo_backing_file only when the loop device is Lo_bound
- [x86] unwind: Handle NULL pointer calls better in frame unwinder
- [x86] unwind: Add hardcoded ORC entry for NULL
- locking/lockdep: Add debug_locks check in __lock_downgrade()
- ALSA: hda - Record the current power state before suspend/resume calls
- ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
- power: supply: charger-manager: Fix incorrect return value
@ -777,7 +776,6 @@ linux (4.19.34-1) UNRELEASED; urgency=medium
- [armhf,arm64] wlcore: Fix memory leak in case wl12xx_fetch_firmware
failure
- drm/fb-helper: fix leaks in error path of drm_fb_helper_fbdev_setup
- [arm64] clk: meson: clean-up clock registration
- [arm64] clk: rockchip: fix frac settings of GPLL clock for rk3328
- [armhf,arm64] dmaengine: tegra: avoid overflow of byte tracking
- [x86] Input: soc_button_array - fix mapping of the 5th GPIO in a PNP0C40
@ -786,6 +784,289 @@ linux (4.19.34-1) UNRELEASED; urgency=medium
- ACPI / video: Extend chassis-type detection with a "Lunch Box" check
- bcache: fix potential div-zero error of writeback_rate_p_term_inverse
- [x86] kprobes: Blacklist non-attachable interrupt functions
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35
- [x86] kvm: nVMX: NMI-window and interrupt-window exiting should wake L2
from HLT
- [powerpc*] tm: Limit TM code inside PPC_TRANSACTIONAL_MEM
- [x86] hv_netvsc: Fix unwanted wakeup after tx_disable
- ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
- ipv6: Fix dangling pointer when ipv6 fragment
- ipv6: sit: reset ip header pointer in ipip6_rcv
- net: ethtool: not call vzalloc for zero sized memory request
- net-gro: Fix GRO flush when receiving a GSO packet.
- net/mlx5: Decrease default mr cache size
- netns: provide pure entropy for net_hash_mix()
- net: rds: force to destroy connection if t_sock is NULL in
rds_tcp_kill_sock().
- net/sched: act_sample: fix divide by zero in the traffic path
- net/sched: fix ->get helper of the matchall cls
- openvswitch: fix flow actions reallocation
- qmi_wwan: add Olicard 600
- r8169: disable ASPM again
- sctp: initialize _pad of sockaddr_in before copying to user memory
- tcp: Ensure DCTCP reacts to losses
- tcp: fix a potential NULL pointer dereference in tcp_sk_exit
- vrf: check accept_source_route on the original netdevice
- net/mlx5e: Fix error handling when refreshing TIRs
- net/mlx5e: Add a lock on tir list
- nfp: validate the return code from dev_queue_xmit()
- nfp: disable netpoll on representors
- bnxt_en: Improve RX consumer index validity check.
- bnxt_en: Reset device on RX buffer errors.
- net: ip_gre: fix possible use-after-free in erspan_rcv
- net: ip6_gre: fix possible use-after-free in ip6erspan_rcv
- net: core: netif_receive_skb_list: unlist skb before passing to pt->func
- r8169: disable default rx interrupt coalescing on RTL8168
- net: mlx5: Add a missing check on idr_find, free buf
- net/mlx5e: Update xoff formula
- net/mlx5e: Update xon formula
- kbuild: deb-pkg: fix bindeb-pkg breakage when O= is used
- netfilter: nfnetlink_cttimeout: pass default timeout policy to
obj_to_nlattr
- netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too
- [arm64] kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region
- [x86] tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486)
- tty: ldisc: add sysctl to prevent autoloading of ldiscs
- ACPICA: Clear status of GPEs before enabling them
- ACPICA: Namespace: remove address node from global list after method
termination
- ALSA: seq: Fix OOB-reads from strlcpy
- [x86] ALSA: hda/realtek: Enable headset MIC of Acer TravelMate B114-21
with ALC233
- [x86] ALSA: hda/realtek - Add quirk for Tuxedo XC 1509
- [x86] ALSA: hda - Add two more machines to the power_save_blacklist
- mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd()
- [arm64] dts: rockchip: fix rk3328 sdmmc0 write errors
- [hppa] Detect QEMU earlier in boot process
- [hppa] regs_return_value() should return gpr28
- [hppa] also set iaoq_b in instruction_pointer_set()
- alarmtimer: Return correct remaining time
- drm/udl: add a release method and delay modeset teardown
- [x86] kvm: svm: fix potential get_num_contig_pages overflow
- include/linux/bitrev.h: fix constant bitrev
- mm: writeback: use exact memcg dirty counts
- [x86] ASoC: intel: Fix crash at suspend/resume after failed codec
registration
- Btrfs: do not allow trimming when a fs is mounted with the nologreplay
option
- btrfs: prop: fix zstd compression parameter validation
- btrfs: prop: fix vanished compression property after failed set
- [riscv64] Fix syscall_get_arguments() and syscall_set_arguments()
- block: do not leak memory in bio_copy_user_iov()
- block: fix the return errno for direct IO
- genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
- genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n
- virtio: Honour 'may_reduce_num' in vring_create_virtqueue
- [armhf] dts: rockchip: fix rk3288 cpu opp node reference
- [armhf] dts: am335x-evmsk: Correct the regulators for the audio codec
- [armhf] dts: am335x-evm: Correct the regulators for the audio codec
- [arm64] futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
- [arm64] dts: rockchip: fix rk3328 rgmii high tx error rate
- [arm64] backtrace: Don't bother trying to unwind the userspace stack
- xen: Prevent buffer overflow in privcmd ioctl
- sched/fair: Do not re-read ->h_load_next during hierarchical load
calculation
- [x86] asm: Use stricter assembly constraints in bitops
- [x86] perf/amd: Resolve race condition when disabling PMC
- [x86] perf/amd: Resolve NMI latency issues for active PMCs
- [x86] perf/amd: Remove need to check "running" bit in NMI handler
- PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
- PCI: pciehp: Ignore Link State Changes after powering off a slot
- dm integrity: change memcmp to strncmp in dm_integrity_ctr
- dm: revert 8f50e358153d ("dm: limit the max bio size as BIO_MAX_PAGES *
PAGE_SIZE")
- dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors
- dm integrity: fix deadlock with overlapping I/O
- [arm64] dts: rockchip: fix vcc_host1_5v pin assign on rk3328-rock64
- [arm64] dts: rockchip: Fix vcc_host1_5v GPIO polarity on rk3328-rock64
- ACPICA: AML interpreter: add region addresses in global list during
initialization
- [x86] KVM: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
- [x86] KVM: nVMX: fix x2APIC VTPR read intercept
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.36
- inotify: Fix fsnotify_mark refcount leak in
inotify_update_existing_watch() (CVE-2019-9857)
- perf/core: Restore mmap record type correctly
- ext4: avoid panic during forced reboot
- ext4: add missing brelse() in add_new_gdb_meta_bg()
- ext4: report real fs size after failed resize
- ALSA: echoaudio: add a check for ioremap_nocache
- [i386,alpha] ALSA: sb8: add a check for request_region
- drm/udl: use drm_gem_object_put_unlocked.
- IB/mlx4: Fix race condition between catas error reset and aliasguid flows
- i40iw: Avoid panic when handling the inetdev event
- [i386,alpha] ALSA: opl3: fix mismatch between snd_opl3_drum_switch
definition and declaration
- [x86] thermal/intel_powerclamp: fix __percpu declaration of worker_data
- [arm*] thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs
- [x86] thermal/int340x_thermal: Add additional UUIDs
- [x86] thermal/int340x_thermal: fix mode setting
- [x86] thermal/intel_powerclamp: fix truncated kthread name
- scsi: iscsi: flush running unbind operations when removing a session
- sched/cpufreq: Fix 32-bit math overflow
- sched/core: Fix buffer overflow in cgroup2 property cpu.max
- [x86] mm: Don't leak kernel addresses
- [x86] tools/power turbostat: return the exit status of a command
- perf list: Don't forget to drop the reference to the allocated thread_map
- perf config: Fix an error in the config template documentation
- perf config: Fix a memory leak in collect_config()
- perf build-id: Fix memory leak in print_sdt_events()
- perf top: Fix error handling in cmd_top()
- perf hist: Add missing map__put() in error case
- perf evsel: Free evsel->counts in perf_evsel__exit()
- ACPI / utils: Drop reference in test for device presence
- PM / Domains: Avoid a potential deadlock
- [armhf] drm/exynos/mixer: fix MIXER shadow registry synchronisation code
- [arm64] irqchip/mbigen: Don't clear eventid when freeing an MSI
- [x86] hpet: Prevent potential NULL pointer dereference
- [x86] hyperv: Prevent potential NULL pointer dereference
- [i386] cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
- drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure
- [x86] iommu/vt-d: Check capability before disabling protected memory
- [x86] hw_breakpoints: Make default case in hw_breakpoint_arch_parse()
return an error
- fix incorrect error code mapping for OBJECTID_NOT_FOUND
- [x86] gart: Exclude GART aperture from kcore
- ext4: prohibit fstrim in norecovery mode
- drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up
- rsi: improve kernel thread handling to fix kernel panic
- f2fs: fix to avoid NULL pointer dereference on se->discard_map
- 9p: do not trust pdu content for stat item size
- 9p locks: add mount option for lock retry interval
- ASoC: Fix UBSAN warning at snd_soc_get/put_volsw_sx()
- f2fs: fix to do sanity check with current segment number
- netfilter: xt_cgroup: shrink size of v2 path
- [arm64] serial: uartps: console_setup() can't be placed to init section
- [powerpc*] pseries: Remove prrn_work workqueue
- media: au0828: cannot kfree dev before usb disconnect
- Bluetooth: Fix debugfs NULL pointer dereference
- HID: i2c-hid: override HID descriptors for certain devices
- pinctrl: core: make sure strcmp() doesn't get a null parameter
- usbip: fix vhci_hcd controller counting
- [x86] ACPI / SBS: Fix GPE storm on recent MacBookPro's
- HID: usbhid: Add quirk for Redragon/Dragonrise Seymur 2
- [x86] KVM: nVMX: restore host state in nested_vmx_vmexit for VMFail
- netfilter: nf_flow_table: remove flowtable hook flush routine in netns
exit routine
- f2fs: cleanup dirty pages if recover failed
- [armhf,arm64] net: stmmac: Set OWN bit for jumbo frames
- cifs: fallback to older infolevels on findfirst queryinfo retry
- kernel: hung_task.c: disable on suspend
- drm/ttm: Fix bo_global and mem_global kfree error
- [x86] ALSA: hda: fix front speakers on Huawei MBXP
- ACPI: EC / PM: Disable non-wakeup GPEs for suspend-to-idle
- net/rds: fix warn in rds_message_alloc_sgs
- xfrm: destroy xfrm_state synchronously on net exit path
- net: ip6_gre: fix possible NULL pointer dereference in
ip6erspan_set_version
- [x86] iommu/dmar: Fix buffer overflow during PCI bus notification
- scsi: core: Avoid that system resume triggers a kernel warning
- [armhf,arm64] soc/tegra: pmc: Drop locking from
tegra_powergate_is_powered()
- Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk"
- [arm64] coresight: cpu-debug: Support for CA73 CPUs
- [x86] PCI: Blacklist power management of Gigabyte X299 DESIGNARE EX PCIe
ports
- drm/nouveau/volt/gf117: fix speedo readout register
- [armel,armhf] 8839/1: kprobe: make patch_lock a raw_spinlock_t
- [x86] drm/amdkfd: use init_mqd function to allocate object for hid_mqd
(CI)
- appletalk: Fix use-after-free in atalk_proc_exit
- lib/div64.c: off by one in shift
- rxrpc: Fix client call connect/disconnect race
- f2fs: fix to dirty inode for i_mode recovery
- include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
- bpf: fix use after free in bpf_evict_inode
- IB/hfi1: Failed to drain send queue when QP is put into error state
- mm: hide incomplete nr_indirectly_reclaimable in /proc/zoneinfo
- mm: hide incomplete nr_indirectly_reclaimable in sysfs
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
- bonding: fix event handling for stacked bonds
- failover: allow name change on IFF_UP slave interfaces
- net: atm: Fix potential Spectre v1 vulnerabilities (CVE-2017-5715)
- net: bridge: fix per-port af_packet sockets
- net: bridge: multicast: use rcu to access port list from
br_multicast_start_querier
- net: Fix missing meta data in skb with vlan packet
- net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
- tcp: tcp_grow_window() needs to respect tcp_space()
- team: set slave to promisc if team is already in promisc mode
- tipc: missing entries in name table of publications
- vhost: reject zero size iova range
- ipv4: recompile ip options in ipv4_link_failure
- ipv4: ensure rcu_read_lock() in ipv4_link_failure()
- [arm64] net: thunderx: raise XDP MTU to 1508
- [arm64] net: thunderx: don't allow jumbo frames with XDP
- net/mlx5: FPGA, tls, hold rcu read lock a bit longer
- net/mlx5: FPGA, tls, idr remove on flow delete
- route: Avoid crash from dereferencing NULL rt->from
- sch_cake: Use tc_skb_protocol() helper for getting packet protocol
- sch_cake: Make sure we can write the IP header before changing DSCP bits
- nfp: flower: replace CFI with vlan present
- nfp: flower: remove vlan CFI bit from push vlan action
- sch_cake: Simplify logic in cake_select_tin()
- net: IP defrag: encapsulate rbtree defrag code into callable functions
- net: IP6 defrag: use rbtrees for IPv6 defrag
- net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c
- CIFS: keep FileInfo handle live during oplock break
- cifs: Fix use-after-free in SMB2_write
- cifs: Fix use-after-free in SMB2_read
- cifs: fix handle leak in smb2_query_symlink()
- [x86] KVM: Don't clear EFER during SMM transitions for 32-bit vCPU
- [x86] KVM: svm: make sure NMI is injected after nmi_singlestep
- [x86] iio/gyro/bmg160: Use millidegrees for temperature scale
- iio: Fix scan mask selection
- iio: core: fix a possible circular locking dependency
- [x86] iio: accel: kxcjk-1013: restore the range after resume.
- [x86] staging: comedi: vmk80xx: Fix use of uninitialized semaphore
- [x86] staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
- [x86] staging: comedi: ni_usb6501: Fix use of uninitialized mutex
- [x86] staging: comedi: ni_usb6501: Fix possible double-free of
->usb_rx_buf
- [x86] ALSA: hda/realtek - add two more pin configuration sets to quirk
table
- ALSA: core: Fix card races between register and disconnect
- [x86] Input: elan_i2c - add hardware ID for multiple Lenovo laptops
- vt: fix cursor when clearing the screen
- scsi: core: set result when the command cannot be dispatched
- Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO"
- [x86] Revert "svm: Fix AVIC incomplete IPI emulation"
- coredump: fix race condition between mmget_not_zero()/get_task_mm() and
core dumping (CVE-2019-3892)
- ipmi: fix sleep-in-atomic in free_user at cleanup SRCU
user->release_barrier
- [x86] crypto: poly1305 - fix overflow during partial reduction
- drm/ttm: fix out-of-bounds read in ttm_put_pages() v2
- [arm64] futex: Restore oldval initialization to work around buggy
compilers
- [x86] kprobes: Verify stack frame on kretprobe
- kprobes: Mark ftrace mcount handler functions nokprobe
- kprobes: Fix error check when reusing optimized probes
- rt2x00: do not increment sequence number while re-transmitting
- mac80211: do not call driver wake_tx_queue op during reconfig
- drm/amdgpu/gmc9: fix VM_L2_CNTL3 programming
- [x86] perf/amd: Add event map for AMD Family 17h
- [x86] cpu/bugs: Use __initconst for 'const' init data
- [x86] perf: Fix incorrect PEBS_REGS
- [x86] speculation: Prevent deadlock on ssb_state::lock
- timers/sched_clock: Prevent generic sched_clock wrap caused by
tick_freeze()
- nfit/ars: Remove ars_start_flags
- nfit/ars: Introduce scrub_flags
- nfit/ars: Allow root to busy-poll the ARS state machine
- nfit/ars: Avoid stale ARS results
- mmc: sdhci: Fix data command CRC error handling
- mmc: sdhci: Handle auto-command errors
- modpost: file2alias: go back to simple devtable lookup
- modpost: file2alias: check prototype of handler
- [x86] tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
- tpm: Fix the type of the return value in calc_tpm2_event_size()
- sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
- device_cgroup: fix RCU imbalance in error case
- ALSA: info: Fix racy addition/deletion of nodes
- [armhf] ASoC: rockchip: add missing INTERLEAVED PCM attribute
- i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array
- kernel/sysctl.c: fix out-of-bounds access when setting file-max
[ Ben Hutchings ]
* debian/bin/abiupdate.py: Automatically select the correct archive to fetch
@ -827,12 +1108,7 @@ linux (4.19.34-1) UNRELEASED; urgency=medium
[ Salvatore Bonaccorso ]
* xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
(CVE-2015-8553)
* ACPICA: Namespace: remove address node from global list after method
termination
* inotify: Fix fsnotify_mark refcount leak in
inotify_update_existing_watch() (CVE-2019-9857)
* [x86] Disable R3964 due to lack of security support
* tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486)
[ Aurelien Jarno ]
* [mips] Fix indirect syscall tracing & seccomp filtering for big endian

26
debian/patches-rt/0011-sched-fair-Robustify-CFS-bandwidth-timer-locking.patch vendored
View File

@ -25,15 +25,15 @@ Tested-by: Mike Galbraith <efault@gmx.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20190107125231.GE14122@hirez.programming.kicks-ass.net
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
[bwh: Adjusted to apply on top of commit c3edd427d538
"sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup"]
---
kernel/sched/fair.c | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index f7c375d1e601..6afda059e882 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -4553,7 +4553,7 @@ static u64 distribute_cfs_runtime(struct cfs_bandwidth *cfs_b,
@@ -4553,7 +4553,7 @@ static u64 distribute_cfs_runtime(struct
struct rq *rq = rq_of(cfs_rq);
struct rq_flags rf;
@ -42,7 +42,7 @@ index f7c375d1e601..6afda059e882 100644
if (!cfs_rq_throttled(cfs_rq))
goto next;
@@ -4570,7 +4570,7 @@ static u64 distribute_cfs_runtime(struct cfs_bandwidth *cfs_b,
@@ -4570,7 +4570,7 @@ static u64 distribute_cfs_runtime(struct
unthrottle_cfs_rq(cfs_rq);
next:
@ -51,7 +51,7 @@ index f7c375d1e601..6afda059e882 100644
if (!remaining)
break;
@@ -4586,7 +4586,7 @@ static u64 distribute_cfs_runtime(struct cfs_bandwidth *cfs_b,
@@ -4586,7 +4586,7 @@ next:
* period the timer is deactivated until scheduling resumes; cfs_b->idle is
* used to track this state.
*/
@ -60,7 +60,7 @@ index f7c375d1e601..6afda059e882 100644
{
u64 runtime, runtime_expires;
int throttled;
@@ -4628,11 +4628,11 @@ static int do_sched_cfs_period_timer(struct cfs_bandwidth *cfs_b, int overrun)
@@ -4628,11 +4628,11 @@ static int do_sched_cfs_period_timer(str
while (throttled && cfs_b->runtime > 0 && !cfs_b->distribute_running) {
runtime = cfs_b->runtime;
cfs_b->distribute_running = 1;
@ -74,7 +74,7 @@ index f7c375d1e601..6afda059e882 100644
cfs_b->distribute_running = 0;
throttled = !list_empty(&cfs_b->throttled_cfs_rq);
@@ -4741,17 +4741,18 @@ static __always_inline void return_cfs_rq_runtime(struct cfs_rq *cfs_rq)
@@ -4741,17 +4741,18 @@ static __always_inline void return_cfs_r
static void do_sched_cfs_slack_timer(struct cfs_bandwidth *cfs_b)
{
u64 runtime = 0, slice = sched_cfs_bandwidth_slice();
@ -96,7 +96,7 @@ index f7c375d1e601..6afda059e882 100644
return;
}
@@ -4762,18 +4763,18 @@ static void do_sched_cfs_slack_timer(struct cfs_bandwidth *cfs_b)
@@ -4762,18 +4763,18 @@ static void do_sched_cfs_slack_timer(str
if (runtime)
cfs_b->distribute_running = 1;
@ -118,20 +118,23 @@ index f7c375d1e601..6afda059e882 100644
}
/*
@@ -4851,20 +4852,21 @@ static enum hrtimer_restart sched_cfs_period_timer(struct hrtimer *timer)
@@ -4853,11 +4854,12 @@ static enum hrtimer_restart sched_cfs_pe
{
struct cfs_bandwidth *cfs_b =
container_of(timer, struct cfs_bandwidth, period_timer);
+ unsigned long flags;
int overrun;
int idle = 0;
int count = 0;
- raw_spin_lock(&cfs_b->lock);
+ raw_spin_lock_irqsave(&cfs_b->lock, flags);
for (;;) {
overrun = hrtimer_forward_now(timer, cfs_b->period);
if (!overrun)
break;
@@ -4885,11 +4887,11 @@ static enum hrtimer_restart sched_cfs_pe
count = 0;
}
- idle = do_sched_cfs_period_timer(cfs_b, overrun);
+ idle = do_sched_cfs_period_timer(cfs_b, overrun, flags);
@ -143,6 +146,3 @@ index f7c375d1e601..6afda059e882 100644
return idle ? HRTIMER_NORESTART : HRTIMER_RESTART;
}
--
2.20.1

76
debian/patches-rt/0014-arm-kprobe-replace-patch_lock-to-raw-lock.patch vendored
View File

@ -1,76 +0,0 @@
From c04aa401b3b76817b02a653adeeb221b31c0769b Mon Sep 17 00:00:00 2001
From: Yang Shi <yang.shi@linaro.org>
Date: Thu, 10 Nov 2016 16:17:55 -0800
Subject: [PATCH 014/266] arm: kprobe: replace patch_lock to raw lock
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patches-4.19.31-rt18.tar.xz
When running kprobe on -rt kernel, the below bug is caught:
BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:931
in_atomic(): 1, irqs_disabled(): 128, pid: 14, name: migration/0
INFO: lockdep is turned off.
irq event stamp: 238
hardirqs last enabled at (237): [<80b5aecc>] _raw_spin_unlock_irqrestore+0x88/0x90
hardirqs last disabled at (238): [<80b56d88>] __schedule+0xec/0x94c
softirqs last enabled at (0): [<80225584>] copy_process.part.5+0x30c/0x1994
softirqs last disabled at (0): [< (null)>] (null)
Preemption disabled at:[<802f2b98>] cpu_stopper_thread+0xc0/0x140
CPU: 0 PID: 14 Comm: migration/0 Tainted: G O 4.8.3-rt2 #1
Hardware name: Freescale LS1021A
[<80212e7c>] (unwind_backtrace) from [<8020cd2c>] (show_stack+0x20/0x24)
[<8020cd2c>] (show_stack) from [<80689e14>] (dump_stack+0xa0/0xcc)
[<80689e14>] (dump_stack) from [<8025a43c>] (___might_sleep+0x1b8/0x2a4)
[<8025a43c>] (___might_sleep) from [<80b5b324>] (rt_spin_lock+0x34/0x74)
[<80b5b324>] (rt_spin_lock) from [<80b5c31c>] (__patch_text_real+0x70/0xe8)
[<80b5c31c>] (__patch_text_real) from [<80b5c3ac>] (patch_text_stop_machine+0x18/0x20)
[<80b5c3ac>] (patch_text_stop_machine) from [<802f2920>] (multi_cpu_stop+0xfc/0x134)
[<802f2920>] (multi_cpu_stop) from [<802f2ba0>] (cpu_stopper_thread+0xc8/0x140)
[<802f2ba0>] (cpu_stopper_thread) from [<802563a4>] (smpboot_thread_fn+0x1a4/0x354)
[<802563a4>] (smpboot_thread_fn) from [<80251d38>] (kthread+0x104/0x11c)
[<80251d38>] (kthread) from [<80207f70>] (ret_from_fork+0x14/0x24)
Since patch_text_stop_machine() is called in stop_machine() which disables IRQ,
sleepable lock should be not used in this atomic context, so replace patch_lock
to raw lock.
Signed-off-by: Yang Shi <yang.shi@linaro.org>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
---
arch/arm/kernel/patch.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm/kernel/patch.c b/arch/arm/kernel/patch.c
index a50dc00d79a2..d0a05a3bdb96 100644
--- a/arch/arm/kernel/patch.c
+++ b/arch/arm/kernel/patch.c
@@ -16,7 +16,7 @@ struct patch {
unsigned int insn;
};
-static DEFINE_SPINLOCK(patch_lock);
+static DEFINE_RAW_SPINLOCK(patch_lock);
static void __kprobes *patch_map(void *addr, int fixmap, unsigned long *flags)
__acquires(&patch_lock)
@@ -33,7 +33,7 @@ static void __kprobes *patch_map(void *addr, int fixmap, unsigned long *flags)
return addr;
if (flags)
- spin_lock_irqsave(&patch_lock, *flags);
+ raw_spin_lock_irqsave(&patch_lock, *flags);
else
__acquire(&patch_lock);
@@ -48,7 +48,7 @@ static void __kprobes patch_unmap(int fixmap, unsigned long *flags)
clear_fixmap(fixmap);
if (flags)
- spin_unlock_irqrestore(&patch_lock, *flags);
+ raw_spin_unlock_irqrestore(&patch_lock, *flags);
else
__release(&patch_lock);
}
--
2.20.1

33
debian/patches-rt/0110-sched-Move-mmdrop-to-RCU-on-RT.patch vendored
View File

@ -8,6 +8,8 @@ Takes sleeping locks and calls into the memory allocator, so nothing
we want to do in task switch and oder atomic contexts.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
[bwh: Adjusted to apply on top of commit 6ff17bc5936e "coredump: fix race
condition between mmget_not_zero()/get_task_mm() and core dumping"]
---
include/linux/mm_types.h | 4 ++++
include/linux/sched/mm.h | 11 +++++++++++
@ -15,8 +17,6 @@ Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
kernel/sched/core.c | 18 ++++++++++++++++--
4 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
index 5ed8f6292a53..f430cf0a377e 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -12,6 +12,7 @@
@ -27,7 +27,7 @@ index 5ed8f6292a53..f430cf0a377e 100644
#include <linux/page-flags-layout.h>
#include <linux/workqueue.h>
@@ -482,6 +483,9 @@ struct mm_struct {
@@ -484,6 +485,9 @@ struct mm_struct {
bool tlb_flush_batched;
#endif
struct uprobes_state uprobes_state;
@ -37,11 +37,9 @@ index 5ed8f6292a53..f430cf0a377e 100644
#ifdef CONFIG_HUGETLB_PAGE
atomic_long_t hugetlb_usage;
#endif
diff --git a/include/linux/sched/mm.h b/include/linux/sched/mm.h
index aebb370a0006..d3db98d1fc49 100644
--- a/include/linux/sched/mm.h
+++ b/include/linux/sched/mm.h
@@ -49,6 +49,17 @@ static inline void mmdrop(struct mm_struct *mm)
@@ -49,6 +49,17 @@ static inline void mmdrop(struct mm_stru
__mmdrop(mm);
}
@ -56,14 +54,12 @@ index aebb370a0006..d3db98d1fc49 100644
+# define mmdrop_delayed(mm) mmdrop(mm)
+#endif
+
/**
* mmget() - Pin the address space associated with a &struct mm_struct.
* @mm: The address space to pin.
diff --git a/kernel/fork.c b/kernel/fork.c
index b7e0aac93ee5..857ce1a7269f 100644
/*
* This has to be called after a get_task_mm()/mmget_not_zero()
* followed by taking the mmap_sem for writing before modifying the
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -637,6 +637,19 @@ void __mmdrop(struct mm_struct *mm)
@@ -642,6 +642,19 @@ void __mmdrop(struct mm_struct *mm)
}
EXPORT_SYMBOL_GPL(__mmdrop);
@ -83,11 +79,9 @@ index b7e0aac93ee5..857ce1a7269f 100644
static void mmdrop_async_fn(struct work_struct *work)
{
struct mm_struct *mm;
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index b9c91231d19d..1c791181915d 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -2728,9 +2728,13 @@ static struct rq *finish_task_switch(struct task_struct *prev)
@@ -2729,9 +2729,13 @@ static struct rq *finish_task_switch(str
* provided by mmdrop(),
* - a sync_core for SYNC_CORE.
*/
@ -102,7 +96,7 @@ index b9c91231d19d..1c791181915d 100644
}
if (unlikely(prev_state == TASK_DEAD)) {
if (prev->sched_class->task_dead)
@@ -5558,6 +5562,8 @@ void sched_setnuma(struct task_struct *p, int nid)
@@ -5560,6 +5564,8 @@ void sched_setnuma(struct task_struct *p
#endif /* CONFIG_NUMA_BALANCING */
#ifdef CONFIG_HOTPLUG_CPU
@ -111,7 +105,7 @@ index b9c91231d19d..1c791181915d 100644
/*
* Ensure that the idle task is using init_mm right before its CPU goes
* offline.
@@ -5573,7 +5579,11 @@ void idle_task_exit(void)
@@ -5575,7 +5581,11 @@ void idle_task_exit(void)
current->active_mm = &init_mm;
finish_arch_post_lock_switch();
}
@ -124,7 +118,7 @@ index b9c91231d19d..1c791181915d 100644
}
/*
@@ -5885,6 +5895,10 @@ int sched_cpu_dying(unsigned int cpu)
@@ -5887,6 +5897,10 @@ int sched_cpu_dying(unsigned int cpu)
update_max_interval();
nohz_balance_exit_idle(rq);
hrtick_clear(rq);
@ -135,6 +129,3 @@ index b9c91231d19d..1c791181915d 100644
return 0;
}
#endif
--
2.20.1

19
debian/patches-rt/0239-net-Add-a-mutex-around-devnet_rename_seq.patch vendored
View File

@ -21,11 +21,9 @@ Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
net/core/dev.c | 34 ++++++++++++++++++++--------------
1 file changed, 20 insertions(+), 14 deletions(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index 7d3f923a0436..5e42a8640e98 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -195,6 +195,7 @@ static unsigned int napi_gen_id = NR_CPUS;
@@ -195,6 +195,7 @@ static unsigned int napi_gen_id = NR_CPU
static DEFINE_READ_MOSTLY_HASHTABLE(napi_hash, 8);
static seqcount_t devnet_rename_seq;
@ -33,7 +31,7 @@ index 7d3f923a0436..5e42a8640e98 100644
static inline void dev_base_seq_inc(struct net *net)
{
@@ -920,7 +921,8 @@ int netdev_get_name(struct net *net, char *name, int ifindex)
@@ -920,7 +921,8 @@ retry:
strcpy(name, dev->name);
rcu_read_unlock();
if (read_seqcount_retry(&devnet_rename_seq, seq)) {
@ -43,8 +41,8 @@ index 7d3f923a0436..5e42a8640e98 100644
goto retry;
}
@@ -1183,20 +1185,17 @@ int dev_change_name(struct net_device *dev, const char *newname)
if (dev->flags & IFF_UP)
@@ -1197,20 +1199,17 @@ int dev_change_name(struct net_device *d
likely(!(dev->priv_flags & IFF_LIVE_RENAME_OK)))
return -EBUSY;
- write_seqcount_begin(&devnet_rename_seq);
@ -70,7 +68,7 @@ index 7d3f923a0436..5e42a8640e98 100644
if (oldname[0] && !strchr(oldname, '%'))
netdev_info(dev, "renamed from %s\n", oldname);
@@ -1209,11 +1208,12 @@ int dev_change_name(struct net_device *dev, const char *newname)
@@ -1223,11 +1222,12 @@ rollback:
if (ret) {
memcpy(dev->name, oldname, IFNAMSIZ);
dev->name_assign_type = old_assign_type;
@ -86,7 +84,7 @@ index 7d3f923a0436..5e42a8640e98 100644
netdev_adjacent_rename_links(dev, oldname);
@@ -1234,7 +1234,8 @@ int dev_change_name(struct net_device *dev, const char *newname)
@@ -1248,7 +1248,8 @@ rollback:
/* err >= 0 after dev_alloc_name() or stores the first errno */
if (err >= 0) {
err = ret;
@ -96,7 +94,7 @@ index 7d3f923a0436..5e42a8640e98 100644
memcpy(dev->name, oldname, IFNAMSIZ);
memcpy(oldname, newname, IFNAMSIZ);
dev->name_assign_type = old_assign_type;
@@ -1247,6 +1248,11 @@ int dev_change_name(struct net_device *dev, const char *newname)
@@ -1261,6 +1262,11 @@ rollback:
}
return err;
@ -108,6 +106,3 @@ index 7d3f923a0436..5e42a8640e98 100644
}
/**
--
2.20.1

1
debian/patches-rt/series vendored
View File

@ -11,7 +11,6 @@
0011-sched-fair-Robustify-CFS-bandwidth-timer-locking.patch
0012-arm-Convert-arm-boot_lock-to-raw.patch
0013-x86-ioapic-Don-t-let-setaffinity-unmask-threaded-EOI.patch
0014-arm-kprobe-replace-patch_lock-to-raw-lock.patch
0016-cgroup-use-irqsave-in-cgroup_rstat_flush_locked.patch
0017-fscache-initialize-cookie-hash-table-raw-spinlocks.patch
0018-Drivers-hv-vmbus-include-header-for-get_irq_regs.patch

63
debian/patches/bugfix/all/ACPICA-Namespace-remove-address-node-from-global-lis.patch vendored
View File

@ -1,63 +0,0 @@
From: Erik Schmauss <erik.schmauss@intel.com>
Date: Mon, 8 Apr 2019 13:42:26 -0700
Subject: ACPICA: Namespace: remove address node from global list after method
termination
Origin: https://git.kernel.org/linus/c5781ffbbd4f742a58263458145fe7f0ac01d9e0
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=202475
ACPICA commit b233720031a480abd438f2e9c643080929d144c3
ASL operation_regions declare a range of addresses that it uses. In a
perfect world, the range of addresses should be used exclusively by
the AML interpreter. The OS can use this information to decide which
drivers to load so that the AML interpreter and device drivers use
different regions of memory.
During table load, the address information is added to a global
address range list. Each node in this list contains an address range
as well as a namespace node of the operation_region. This list is
deleted at ACPI shutdown.
Unfortunately, ASL operation_regions can be declared inside of control
methods. Although this is not recommended, modern firmware contains
such code. New module level code changes unintentionally removed the
functionality of adding and removing nodes to the global address
range list.
A few months ago, support for adding addresses has been re-
implemented. However, the removal of the address range list was
missed and resulted in some systems to crash due to the address list
containing bogus namespace nodes from operation_regions declared in
control methods. In order to fix the crash, this change removes
dynamic operation_regions after control method termination.
Link: https://github.com/acpica/acpica/commit/b2337200
Link: https://bugzilla.kernel.org/show_bug.cgi?id=202475
Fixes: 4abb951b73ff ("ACPICA: AML interpreter: add region addresses in global list during initialization")
Reported-by: Michael J Gruber <mjg@fedoraproject.org>
Signed-off-by: Erik Schmauss <erik.schmauss@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Cc: 4.20+ <stable@vger.kernel.org> # 4.20+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
---
drivers/acpi/acpica/nsobject.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/acpi/acpica/nsobject.c b/drivers/acpi/acpica/nsobject.c
index 8638f43cfc3d..79d86da1c892 100644
--- a/drivers/acpi/acpica/nsobject.c
+++ b/drivers/acpi/acpica/nsobject.c
@@ -186,6 +186,10 @@ void acpi_ns_detach_object(struct acpi_namespace_node *node)
}
}
+ if (obj_desc->common.type == ACPI_TYPE_REGION) {
+ acpi_ut_remove_address_range(obj_desc->region.space_id, node);
+ }
+
/* Clear the Node entry in all cases */
node->object = NULL;
--
2.11.0

46
debian/patches/bugfix/all/inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch vendored
View File

@ -1,46 +0,0 @@
From: ZhangXiaoxu <zhangxiaoxu5@huawei.com>
Date: Sat, 2 Mar 2019 09:17:32 +0800
Subject: inotify: Fix fsnotify_mark refcount leak in
inotify_update_existing_watch()
Origin: https://git.kernel.org/linus/62c9d2674b31d4c8a674bee86b7edc6da2803aea
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-9857
Commit 4d97f7d53da7dc83 ("inotify: Add flag IN_MASK_CREATE for
inotify_add_watch()") forgot to call fsnotify_put_mark() with
IN_MASK_CREATE after fsnotify_find_mark()
Fixes: 4d97f7d53da7dc83 ("inotify: Add flag IN_MASK_CREATE for inotify_add_watch()")
Signed-off-by: ZhangXiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
---
fs/notify/inotify/inotify_user.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
index e2901fbb9f76..7b53598c8804 100644
--- a/fs/notify/inotify/inotify_user.c
+++ b/fs/notify/inotify/inotify_user.c
@@ -519,8 +519,10 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
fsn_mark = fsnotify_find_mark(&inode->i_fsnotify_marks, group);
if (!fsn_mark)
return -ENOENT;
- else if (create)
- return -EEXIST;
+ else if (create) {
+ ret = -EEXIST;
+ goto out;
+ }
i_mark = container_of(fsn_mark, struct inotify_inode_mark, fsn_mark);
@@ -548,6 +550,7 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
/* return the wd */
ret = i_mark->wd;
+out:
/* match the get from fsnotify_find_mark() */
fsnotify_put_mark(fsn_mark);
--
2.11.0

46
debian/patches/bugfix/all/tty-mark-Siemens-R3964-line-discipline-as-BROKEN.patch vendored
View File

@ -1,46 +0,0 @@
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 5 Apr 2019 15:39:26 +0200
Subject: tty: mark Siemens R3964 line discipline as BROKEN
Origin: https://git.kernel.org/linus/c7084edc3f6d67750f50d4183134c4fb5712a5c8
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-11486
The n_r3964 line discipline driver was written in a different time, when
SMP machines were rare, and users were trusted to do the right thing.
Since then, the world has moved on but not this code, it has stayed
rooted in the past with its lovely hand-crafted list structures and
loads of "interesting" race conditions all over the place.
After attempting to clean up most of the issues, I just gave up and am
now marking the driver as BROKEN so that hopefully someone who has this
hardware will show up out of the woodwork (I know you are out there!)
and will help with debugging a raft of changes that I had laying around
for the code, but was too afraid to commit as odds are they would break
things.
Many thanks to Jann and Linus for pointing out the initial problems in
this codebase, as well as many reviews of my attempts to fix the issues.
It was a case of whack-a-mole, and as you can see, the mole won.
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
drivers/char/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
index 72866a004f07..466ebd84ad17 100644
--- a/drivers/char/Kconfig
+++ b/drivers/char/Kconfig
@@ -348,7 +348,7 @@ config XILINX_HWICAP
config R3964
tristate "Siemens R3964 line discipline"
- depends on TTY
+ depends on TTY && BROKEN
---help---
This driver allows synchronous communication with devices using the
Siemens R3964 packet protocol. Unless you are dealing with special
--
2.11.0

3
debian/patches/series vendored
View File

@ -104,7 +104,6 @@ bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch
debian/revert-objtool-fix-config_stack_validation-y-warning.patch
bugfix/all/mt76-use-the-correct-hweight8-function.patch
bugfix/all/revert-net-stmmac-send-tso-packets-always-from-queue.patch
bugfix/all/ACPICA-Namespace-remove-address-node-from-global-lis.patch
# Miscellaneous features
@ -148,8 +147,6 @@ features/all/lockdown/lockdown-refer-to-debian-wiki-until-manual-page-exists.pat
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/all/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
debian/ntfs-mark-it-as-broken.patch
bugfix/all/inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch
bugfix/all/tty-mark-Siemens-R3964-line-discipline-as-BROKEN.patch
# Fix exported symbol versions
bugfix/all/module-disable-matching-missing-version-crc.patch