From 8b31e1c0a6a0731269f15eb8cc81d72e7161a2f6 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Fri, 6 May 2016 22:52:01 +0100 Subject: [PATCH] Update to 4.5.3 Drop changes which were included or superceded upstream. Fix ABI changes. --- debian/changelog | 181 +++++++++++++++++- debian/config/defines | 2 + ...ip-fix-potential-out-of-bounds-write.patch | 45 ----- ...rash-on-detecting-device-without-end.patch | 53 ----- ...vocation-from-mem_cgroup_move_charge.patch | 42 ---- ...c-bmp085-Enable-building-as-a-module.patch | 29 --- ...-xen-suppress-hugetlbfs-in-PV-guests.patch | 73 ------- .../cgroup-fix-abi-change-in-4.5.3.patch | 32 ++++ .../debian/ib-fix-abi-change-in-4.5.3.patch | 20 ++ .../v4l2-fix-abi-changes-in-4.5.3.patch | 65 +++++++ debian/patches/series | 10 +- 11 files changed, 304 insertions(+), 248 deletions(-) delete mode 100644 debian/patches/bugfix/all/USB-usbip-fix-potential-out-of-bounds-write.patch delete mode 100644 debian/patches/bugfix/all/input-gtco-fix-crash-on-detecting-device-without-end.patch delete mode 100644 debian/patches/bugfix/all/memcg-remove-lru_add_drain_all-invocation-from-mem_cgroup_move_charge.patch delete mode 100644 debian/patches/bugfix/all/misc-bmp085-Enable-building-as-a-module.patch delete mode 100644 debian/patches/bugfix/x86/x86-xen-suppress-hugetlbfs-in-PV-guests.patch create mode 100644 debian/patches/debian/cgroup-fix-abi-change-in-4.5.3.patch create mode 100644 debian/patches/debian/ib-fix-abi-change-in-4.5.3.patch create mode 100644 debian/patches/debian/v4l2-fix-abi-changes-in-4.5.3.patch diff --git a/debian/changelog b/debian/changelog index 95880d321..616734672 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,183 @@ -linux (4.5.2-2) UNRELEASED; urgency=medium +linux (4.5.3-1) UNRELEASED; urgency=medium + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3 + - mmc: block: Use the mmc host device index as the mmcblk device index + - block: partition: initialize percpuref before sending out KOBJ_ADD + - block: loop: fix filesystem corruption in case of aio/dio + - [arm64] efi: Don't apply MEMBLOCK_NOMAP to UEFI memory map mapping + - [x86] mce: Avoid using object after free in genpool + - [x86] kvm: do not leak guest xcr0 into host interrupt handlers + - [arm*] KVM: Handle forward time correction gracefully + - [armhf] mvebu: Correct unit address for linksys + - [armhf] OMAP2: Fix up interconnect barrier initialization for DRA7 + - [armhf] OMAP2+: hwmod: Fix updating of sysconfig register + - assoc_array: don't call compare_object() on a node + - [x86] usb: xhci: applying XHCI_PME_STUCK_QUIRK to Intel BXT B0 host + - xhci: resume USB 3 roothub first + - usb: host: xhci: add a new quirk XHCI_NO_64BIT_SUPPORT + - usb: xhci: fix wild pointers in xhci_mem_cleanup + - xhci: fix 10 second timeout on removal of PCI hotpluggable xhci + controllers + - usb: host: xhci-plat: Make enum xhci_plat_type start at a non zero value + - usb: hcd: out of bounds access in for_each_companion + - usb: gadget: f_fs: Fix use-after-free + - dm cache metadata: fix READ_LOCK macros and cleanup WRITE_LOCK macros + - dm cache metadata: fix cmd_read_lock() acquiring write lock + - lib: lz4: fixed zram with lz4 on big endian machines + - debugfs: Make automount point inodes permanently empty + - dmaengine: dw: fix master selection + - [armhf] dmaengine: omap-dma: Fix polled channel completion detection + and handling + - dmaengine: edma: Remove dynamic TPTC power management feature + - mtd: nand: pxa3xx_nand: fix dmaengine initialization + - sched/cgroup: Fix/cleanup cgroup teardown/init + - [x86] EDAC, sb_edac.c: Repair damage introduced when "fixing" + channel address + - [x86] EDAC, sb_edac.c: Take account of channel hashing when needed + - ALSA: hda - Don't trust the reported actual power state + - [x86] ALSA: hda/realtek - Add ALC3234 headset mode for Optiplex 9020m + - ALSA: hda - Keep powering up ADCs on Cirrus codecs + - [x86] ALSA: hda - add PCI ID for Intel Broxton-T + - ALSA: pcxhr: Fix missing mutex unlock + - [x86] ALSA: hda - Add dock support for ThinkPad X260 + - [x86] ALSA: hda - Update BCLK also at hotplug for i915 HSW/BDW + - asm-generic/futex: Re-enable preemption in futex_atomic_cmpxchg_inatomic() + - futex: Handle unlock_pi race gracefully + - futex: Acknowledge a new waiter in counter before plist + - drm/nouveau/core: use vzalloc for allocating ramht + - drm/qxl: fix cursor position with non-zero hotspot + - [x86] drm/i915: Fix race condition in intel_dp_destroy_mst_connector() + - Revert "drm/radeon: disable runtime pm on PX laptops without dGPU + power control" + - [armhf] Revert "PCI: imx6: Add support for active-low reset GPIO" + - usbvision: revert commit 588afcc1 + - [x86] Revert "drm/amdgpu: disable runtime pm on PX laptops without dGPU + power control" + - cpufreq: intel_pstate: Fix processing for turbo activation ratio + - [s390x] pci: add extra padding to function measurement block + - iwlwifi: pcie: lower the debug level for RSA semaphore access + - iwlwifi: mvm: fix memory leak in paging + - crypto: rsa-pkcs1pad - fix dst len + - [x86] crypto: ccp - Prevent information leakage on export + - crypto: sha1-mb - use corrcet pointer while completing jobs + - [powerpc*] scan_features() updates incorrect bits for REAL_LE + - [powerpc*] Update cpu_user_features2 in scan_features() + - [powerpc*] Update TM user feature bits in scan_features() + - nl80211: check netlink protocol in socket release notification + - netlink: don't send NETLINK_URELEASE for unbound sockets + - pinctrl: single: Fix pcs_parse_bits_in_pinctrl_entry to use __ffs than ffs + - [x86] iommu/amd: Fix checking of pci dma aliases + - iommu/dma: Restore scatterlist offsets correctly + - [x86] drm/amdgpu: when suspending, if uvd/vce was running. need to cancel + delay work. + - [x86] drm/amdgpu: use defines for CRTCs and AMFT blocks + - [x86] drm/amdgpu: bump the afmt limit for CZ, ST, Polaris + - [x86] amdgpu/uvd: add uvd fw version for amdgpu + - [x86] drm/amdgpu: fix regression on CIK (v2) + - drm/radeon: add a quirk for a XFX R9 270X + - drm/radeon: fix initial connector audio value + - drm/radeon: forbid mapping of userptr bo through radeon device file + - drm/radeon: fix vertical bars appear on monitor (v2) + - [mips*el/loongson-3] drm: Loongson-3 doesn't fully support wc memory + - drm/nouveau/gr/gf100: select a stream master to fixup tfb offset queries + - drm/dp/mst: Validate port in drm_dp_payload_send_msg() + - drm/dp/mst: Restore primary hub guid on resume + - drm/dp/mst: Get validated port ref in drm_dp_update_payload_part1() + - [x86] drm/i915: Pass the correct encoder to intel_ddi_clk_select() + with MST + - [x86] drm/i915: Cleanup phys status page too + - [x86] drm/i915: Use the active wm config for merging on ILK-BDW + - [x86] drm/i915: Start WM computation from scratch on ILK-BDW + - [x86] drm/i915: skl_update_scaler() wants a rotation bitmask instead of + bit number + - [x86] drm/amdkfd: uninitialized variable in + dbgdev_wave_control_set_registers() + - [x86] drm/i915/skl: Fix DMC load on Skylake J0 and K0 + - [x86] drm/i915/skl: Fix spurious gpu hang with gt3/gt4 revs + - [x86] drm/i915: Fixup the free space logic in ring_prepare + - [x86] drm/i915: Force ringbuffers to not be at offset 0 + - [x86] drm/i915: Use fw_domains_put_with_fifo() on HSW + - drm/ttm: fix kref count mess in ttm_bo_move_to_lru_tail + - [x86] perf intel-pt: Fix segfault tracing transactions + - [armhf] i2c: exynos5: Fix possible ABBA deadlock by keeping I2C + clock prepared + - ACPICA / Interpreter: Fix a regression triggered because of wrong Linux + ECDT support + - [x86] mmc: sdhci-acpi: Reduce Baytrail eMMC/SD/SDIO hangs + - [x86] toshiba_acpi: Fix regression caused by hotkey enabling value + - [x86] EDAC: i7core, sb_edac: Don't return NOTIFY_BAD from mce_decoder + callback + - [x86] ASoC: ssm4567: Reset device before regcache_sync() + - [x86] ASoC: rt5640: Correct the digital interface data select + - vb2-memops: Fix over allocation of frame vectors + - media: vb2: Fix regression on poll() for RW mode + - videobuf2-core: Check user space planes array in dqbuf + - videobuf2-v4l2: Verify planes array in buffer dequeueing + - v4l2-dv-timings.h: fix polarity for 4k formats + - IB/core: Fix oops in ib_cache_gid_set_default_gid + - mwifiex: fix IBSS data path issue. + - IB/mlx5: Expose correct max_sge_rd limit + - IB/security: Restrict use of the write() interface + - efi: Fix out-of-bounds read in variable_matches() + - efi: Expose non-blocking set_variable() wrapper to efivars + - [x86] apic: Handle zero vector gracefully in clear_vector_irq() + - workqueue: fix ghost PENDING flag while doing MQ IO + - slub: clean up code for kmem cgroup support to kmem_cache_free_bulk + - cgroup, cpuset: replace cpuset_post_attach_flush() with + cgroup_subsys->post_attach callback + - memcg: relocate charge moving from ->attach to ->post_attach + - mm: exclude HugeTLB pages from THP page_mapped() logic + - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check + - numa: fix /proc//numa_maps for THP + - mm: vmscan: reclaim highmem zone if buffer_heads is over limit + - mm/hwpoison: fix wrong num_poisoned_pages accounting + - locking/mcs: Fix mcs_spin_lock() ordering + - [armhf] spi/rockchip: Make sure spi clk is on in rockchip_spi_set_cs + - [armhf] irqchip/sunxi-nmi: Fix error check of of_io_request_and_map() + - [armhf] regulator: s5m8767: fix get_register() error handling + - scsi_dh: force modular build if SCSI is a module + - lib/mpi: Endianness fix + - [x86] misc: mic/scif: fix wrap around tests + - PM / OPP: Initialize u_volt_min/max to a valid value + - PM / Domains: Fix removal of a subdomain + - drivers/misc/ad525x_dpot: AD5274 fix RDAC read back errors + - perf evlist: Reference count the cpu and thread maps at set_maps() + - perf tools: Fix perf script python database export crash + - [x86] mm/kmmio: Fix mmiotrace for hugepages + - ext4: fix NULL pointer dereference in ext4_mark_inode_dirty() + - f2fs crypto: fix corrupted symlink in encrypted case + - f2fs: slightly reorganize read_raw_super_block + - f2fs: cover large section in sanity check of super + - ext4/fscrypto: avoid RCU lookup in d_revalidate + - f2fs: do f2fs_balance_fs when block is allocated + - f2fs: don't need to call set_page_dirty for io error + - f2fs crypto: handle unexpected lack of encryption keys + - f2fs crypto: make sure the encryption info is initialized on opendir(2) + - bus: uniphier-system-bus: fix condition of overlap check + - mtd: spi-nor: remove micron_quad_enable() + - mtd: brcmnand: Fix v7.1 register offsets + - mtd: nand: Drop mtd.owner requirement in nand_scan + - perf hists browser: Only offer symbol scripting when a symbol is under + the cursor + - perf hists browser: Fix dump to show correct callchain style + - perf tools: handle spaces in file names obtained from /proc/pid/maps + - NTB: Remove _addr functions from ntb_hw_amd + - perf/core: Don't leak event in the syscall error path + - perf/core: Fix time tracking bug with multiplexing + - perf hists: Fix determination of a callchain node's childlessness + - [armhf] OMAP3: Add cpuidle parameters table for omap3430 + - [armhf] dts: armada-375: use armada-370-sata for SATA + - [armhf] dts: am33xx: Fix GPMC dma properties + - btrfs: fix memory leak of fs_info in block group cache + - btrfs: cleaner_kthread() doesn't need explicit freeze + - [armhf] thermal: rockchip: fix a impossible condition caused by the + warning + - sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects + a race + - megaraid_sas: add missing curly braces in ioctl handler + - tpm: fix checks for policy digest existence in tpm2_seal_trusted() + - tpm: fix: set continueSession attribute for the unseal operation [ Uwe Kleine-König ] * [armhf] enable I2C_MUX_PCA954x, MMC_SDHCI_PXAV3, AHCI_MVEBU diff --git a/debian/config/defines b/debian/config/defines index dee2f8de9..849b7ee7c 100644 --- a/debian/config/defines +++ b/debian/config/defines @@ -1,5 +1,7 @@ [abi] abiname: 2 +ignore-changes: + module:sound/hda/* [base] arches: diff --git a/debian/patches/bugfix/all/USB-usbip-fix-potential-out-of-bounds-write.patch b/debian/patches/bugfix/all/USB-usbip-fix-potential-out-of-bounds-write.patch deleted file mode 100644 index 2a2c4bdb4..000000000 --- a/debian/patches/bugfix/all/USB-usbip-fix-potential-out-of-bounds-write.patch +++ /dev/null @@ -1,45 +0,0 @@ -From: Ignat Korchagin -Date: Thu, 17 Mar 2016 18:00:29 +0000 -Subject: USB: usbip: fix potential out-of-bounds write -Origin: https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb - -Fix potential out-of-bounds write to urb->transfer_buffer -usbip handles network communication directly in the kernel. When receiving a -packet from its peer, usbip code parses headers according to protocol. As -part of this parsing urb->actual_length is filled. Since the input for -urb->actual_length comes from the network, it should be treated as untrusted. -Any entity controlling the network may put any value in the input and the -preallocated urb->transfer_buffer may not be large enough to hold the data. -Thus, the malicious entity is able to write arbitrary data to kernel memory. - -Signed-off-by: Ignat Korchagin -Signed-off-by: Greg Kroah-Hartman ---- - drivers/usb/usbip/usbip_common.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/drivers/usb/usbip/usbip_common.c b/drivers/usb/usbip/usbip_common.c -index facaaf0..e40da77 100644 ---- a/drivers/usb/usbip/usbip_common.c -+++ b/drivers/usb/usbip/usbip_common.c -@@ -741,6 +741,17 @@ int usbip_recv_xbuff(struct usbip_device *ud, struct urb *urb) - if (!(size > 0)) - return 0; - -+ if (size > urb->transfer_buffer_length) { -+ /* should not happen, probably malicious packet */ -+ if (ud->side == USBIP_STUB) { -+ usbip_event_add(ud, SDEV_EVENT_ERROR_TCP); -+ return 0; -+ } else { -+ usbip_event_add(ud, VDEV_EVENT_ERROR_TCP); -+ return -EPIPE; -+ } -+ } -+ - ret = usbip_recv(ud->tcp_socket, urb->transfer_buffer, size); - if (ret != size) { - dev_err(&urb->dev->dev, "recv xbuf, %d\n", ret); --- -2.1.4 - diff --git a/debian/patches/bugfix/all/input-gtco-fix-crash-on-detecting-device-without-end.patch b/debian/patches/bugfix/all/input-gtco-fix-crash-on-detecting-device-without-end.patch deleted file mode 100644 index 8908aff65..000000000 --- a/debian/patches/bugfix/all/input-gtco-fix-crash-on-detecting-device-without-end.patch +++ /dev/null @@ -1,53 +0,0 @@ -From: Vladis Dronov -Date: Thu, 31 Mar 2016 10:53:42 -0700 -Subject: Input: gtco - fix crash on detecting device without endpoints -Origin: https://git.kernel.org/linus/162f98dea487206d9ab79fc12ed64700667a894d - -The gtco driver expects at least one valid endpoint. If given malicious -descriptors that specify 0 for the number of endpoints, it will crash in -the probe function. Ensure there is at least one endpoint on the interface -before using it. - -Also let's fix a minor coding style issue. - -The full correct report of this issue can be found in the public -Red Hat Bugzilla: - -https://bugzilla.redhat.com/show_bug.cgi?id=1283385 - -Reported-by: Ralf Spenneberg -Signed-off-by: Vladis Dronov -Cc: stable@vger.kernel.org -Signed-off-by: Dmitry Torokhov ---- - drivers/input/tablet/gtco.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/drivers/input/tablet/gtco.c b/drivers/input/tablet/gtco.c -index 3a7f3a4a4396..7c18249d6c8e 100644 ---- a/drivers/input/tablet/gtco.c -+++ b/drivers/input/tablet/gtco.c -@@ -858,6 +858,14 @@ static int gtco_probe(struct usb_interface *usbinterface, - goto err_free_buf; - } - -+ /* Sanity check that a device has an endpoint */ -+ if (usbinterface->altsetting[0].desc.bNumEndpoints < 1) { -+ dev_err(&usbinterface->dev, -+ "Invalid number of endpoints\n"); -+ error = -EINVAL; -+ goto err_free_urb; -+ } -+ - /* - * The endpoint is always altsetting 0, we know this since we know - * this device only has one interrupt endpoint -@@ -879,7 +887,7 @@ static int gtco_probe(struct usb_interface *usbinterface, - * HID report descriptor - */ - if (usb_get_extra_descriptor(usbinterface->cur_altsetting, -- HID_DEVICE_TYPE, &hid_desc) != 0){ -+ HID_DEVICE_TYPE, &hid_desc) != 0) { - dev_err(&usbinterface->dev, - "Can't retrieve exta USB descriptor to get hid report descriptor length\n"); - error = -EIO; diff --git a/debian/patches/bugfix/all/memcg-remove-lru_add_drain_all-invocation-from-mem_cgroup_move_charge.patch b/debian/patches/bugfix/all/memcg-remove-lru_add_drain_all-invocation-from-mem_cgroup_move_charge.patch deleted file mode 100644 index c0b894645..000000000 --- a/debian/patches/bugfix/all/memcg-remove-lru_add_drain_all-invocation-from-mem_cgroup_move_charge.patch +++ /dev/null @@ -1,42 +0,0 @@ -From: Tejun Heo -Subject: memcg: remove lru_add_drain_all() invocation from mem_cgroup_move_charge() -Date: Thu, 21 Apr 2016 11:56:52 -0400 -Origin: http://permalink.gmane.org/gmane.linux.kernel.cgroups/15918 -Bug-Debian: https://bugs.debian.org/822084 - -mem_cgroup_move_charge() invokes lru_add_drain_all() so that the pvec -pages can be moved too. lru_add_drain_all() schedules and flushes -work items on system_wq which depends on being able to create new -kworkers to make forward progress. Since 1ed1328792ff ("sched, -cgroup: replace signal_struct->group_rwsem with a global -percpu_rwsem"), a new task can't be created while in the cgroup -migration path and the described lru_add_drain_all() invocation can -easily lead to a deadlock. - -Charge moving is best-effort and whether the pvec pages are migrated -or not doesn't really matter. Don't call it during charge moving. -Eventually, we want to move the actual charge moving outside the -migration path. - -Signed-off-by: Tejun Heo -Debugged-and-tested-by: Petr Mladek -Reported-by: Cyril Hrubis -Reported-by: Johannes Weiner -Suggested-by: Michal Hocko -Acked-by: Michal Hocko -Fixes: 1ed1328792ff ("sched, cgroup: replace signal_struct->group_rwsem with a global percpu_rwsem") -Cc: stable@vger.kernel.org # v4.4+ ---- - mm/memcontrol.c | 1 - - 1 file changed, 1 deletion(-) - ---- a/mm/memcontrol.c -+++ b/mm/memcontrol.c -@@ -4922,7 +4922,6 @@ static void mem_cgroup_move_charge(struc - .mm = mm, - }; - -- lru_add_drain_all(); - /* - * Signal mem_cgroup_begin_page_stat() to take the memcg's - * move_lock while we're moving its pages to another memcg. diff --git a/debian/patches/bugfix/all/misc-bmp085-Enable-building-as-a-module.patch b/debian/patches/bugfix/all/misc-bmp085-Enable-building-as-a-module.patch deleted file mode 100644 index c3c5a629f..000000000 --- a/debian/patches/bugfix/all/misc-bmp085-Enable-building-as-a-module.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: Ben Hutchings -Date: Mon, 24 Jun 2013 05:28:00 +0100 -Subject: misc/bmp085: Enable building as a module -Forwarded: http://thread.gmane.org/gmane.linux.kernel/1514281 - -Commit 985087dbcb02 'misc: add support for bmp18x chips to the bmp085 -driver' changed the BMP085 config symbol to a boolean. I see no -reason why the shared code cannot be built as a module, so change it -back to tristate. - -Cc: Eric Andersson -Signed-off-by: Ben Hutchings ---- - drivers/misc/Kconfig | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig -index c002d86..7a68184 100644 ---- a/drivers/misc/Kconfig -+++ b/drivers/misc/Kconfig -@@ -451,7 +451,7 @@ config ARM_CHARLCD - still useful. - - config BMP085 -- bool -+ tristate - depends on SYSFS - - config BMP085_I2C diff --git a/debian/patches/bugfix/x86/x86-xen-suppress-hugetlbfs-in-PV-guests.patch b/debian/patches/bugfix/x86/x86-xen-suppress-hugetlbfs-in-PV-guests.patch deleted file mode 100644 index 4fe6018f4..000000000 --- a/debian/patches/bugfix/x86/x86-xen-suppress-hugetlbfs-in-PV-guests.patch +++ /dev/null @@ -1,73 +0,0 @@ -From: Jan Beulich -Date: Thu, 14 Apr 2016 20:38:30 +0200 -Subject: x86/xen: suppress hugetlbfs in PV guests -Origin: http://xenbits.xen.org/xsa/xsa174.patch - -Huge pages are not normally available to PV guests. Not suppressing -hugetlbfs use results in an endless loop of page faults when user mode -code tries to access a hugetlbfs mapped area (since the hypervisor -denies such PTEs to be created, but error indications can't be -propagated out of xen_set_pte_at(), just like for various of its -siblings), and - once killed in an oops like this: - -kernel BUG at .../fs/hugetlbfs/inode.c:428! -invalid opcode: 0000 [#1] SMP -Modules linked in: ... -Supported: Yes -CPU: 2 PID: 6088 Comm: hugetlbfs Tainted: G W 4.4.0-2016-01-20-pv #2 -Hardware name: ... -task: ffff8808059205c0 ti: ffff880803c84000 task.ti: ffff880803c84000 -RIP: e030:[] [] remove_inode_hugepages+0x25b/0x320 -RSP: e02b:ffff880803c879a8 EFLAGS: 00010202 -RAX: 000000000077a4db RBX: ffffea001acff000 RCX: 0000000078417d38 -RDX: 0000000000000000 RSI: 000000007e154fa7 RDI: ffff880805d70960 -RBP: 0000000000000960 R08: 0000000000000000 R09: 0000000000000000 -R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 -R13: ffff880807486018 R14: 0000000000000000 R15: ffff880803c87af0 -FS: 00007f85fa8b8700(0000) GS:ffff88080b640000(0000) knlGS:0000000000000000 -CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b -CR2: 00007f85fa000000 CR3: 0000000001a0a000 CR4: 0000000000040660 -Stack: - ffff880000000fb0 ffff880803c87a18 ffff880803c87ae8 ffff8808059205c0 - ffff880803c87af0 ffff880803c87ae8 ffff880807486018 0000000000000000 - ffffffff81bf6e60 ffff880807486168 000003ffffffffff 0000000003c87758 -Call Trace: - [] hugetlbfs_evict_inode+0x15/0x40 - [] evict+0xbd/0x1b0 - [] __dentry_kill+0x19a/0x1f0 - [] dput+0x1fe/0x220 - [] __fput+0x155/0x200 - [] task_work_run+0x60/0xa0 - [] do_exit+0x160/0x400 - [] do_group_exit+0x3b/0xa0 - [] get_signal+0x1ed/0x470 - [] do_signal+0x14/0x110 - [] prepare_exit_to_usermode+0xe9/0xf0 - [] retint_user+0x8/0x13 - -This is XSA-174. - -Reported-by: Vitaly Kuznetsov -Signed-off-by: Jan Beulich -Cc: stable@vger.kernel.org ---- -v2: Make Xen-inspecific, by using cpu_has_pse. ---- - arch/x86/include/asm/hugetlb.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/arch/x86/include/asm/hugetlb.h b/arch/x86/include/asm/hugetlb.h -index f8a29d2..e6a8613 100644 ---- a/arch/x86/include/asm/hugetlb.h -+++ b/arch/x86/include/asm/hugetlb.h -@@ -4,6 +4,7 @@ - #include - #include - -+#define hugepages_supported() cpu_has_pse - - static inline int is_hugepage_only_range(struct mm_struct *mm, - unsigned long addr, --- -2.8.0.rc3 - diff --git a/debian/patches/debian/cgroup-fix-abi-change-in-4.5.3.patch b/debian/patches/debian/cgroup-fix-abi-change-in-4.5.3.patch new file mode 100644 index 000000000..b0c0e66b1 --- /dev/null +++ b/debian/patches/debian/cgroup-fix-abi-change-in-4.5.3.patch @@ -0,0 +1,32 @@ +From: Ben Hutchings +Date: Sat, 07 May 2016 13:39:16 +0100 +Subject: cgroups: Fix ABI change in 4.5.3 +Forwarded: not-needed + +The cgroup_subsys structure is instantiated statically in non-modular +code, and should not be used by modules (or at least, none of its +operations should be invoked from modules). So move the new member +to the end of the structure and hide it from genksyms. + +--- +--- a/include/linux/cgroup-defs.h ++++ b/include/linux/cgroup-defs.h +@@ -442,7 +442,6 @@ struct cgroup_subsys { + int (*can_attach)(struct cgroup_taskset *tset); + void (*cancel_attach)(struct cgroup_taskset *tset); + void (*attach)(struct cgroup_taskset *tset); +- void (*post_attach)(void); + int (*can_fork)(struct task_struct *task); + void (*cancel_fork)(struct task_struct *task); + void (*fork)(struct task_struct *task); +@@ -501,6 +500,10 @@ struct cgroup_subsys { + * specifies the mask of subsystems that this one depends on. + */ + unsigned int depends_on; ++ ++#ifndef __GENKSYMS__ ++ void (*post_attach)(void); ++#endif + }; + + extern struct percpu_rw_semaphore cgroup_threadgroup_rwsem; diff --git a/debian/patches/debian/ib-fix-abi-change-in-4.5.3.patch b/debian/patches/debian/ib-fix-abi-change-in-4.5.3.patch new file mode 100644 index 000000000..5a2235a6f --- /dev/null +++ b/debian/patches/debian/ib-fix-abi-change-in-4.5.3.patch @@ -0,0 +1,20 @@ +From: Ben Hutchings +Date: Fri, 06 May 2016 22:59:30 +0100 +Subject: IB: Fix ABI change in 4.5.3 +Forwarded: not-needed + +Hide the new #include from genksyms. + +--- +--- a/include/rdma/ib.h ++++ b/include/rdma/ib.h +@@ -34,7 +34,9 @@ + #define _RDMA_IB_H + + #include ++#ifndef __GENKSYMS__ + #include ++#endif + + struct ib_addr { + union { diff --git a/debian/patches/debian/v4l2-fix-abi-changes-in-4.5.3.patch b/debian/patches/debian/v4l2-fix-abi-changes-in-4.5.3.patch new file mode 100644 index 000000000..4c63bff48 --- /dev/null +++ b/debian/patches/debian/v4l2-fix-abi-changes-in-4.5.3.patch @@ -0,0 +1,65 @@ +From: Ben Hutchings +Date: Sat, 07 May 2016 01:39:00 +0100 +Subject: videobuf2: Avoid ABI change in 4.5.3 +Forwarded: not-needed + +The new flag in vb2_queue doesn't grow the structure but only uses +up padding, so just hide it from genksyms. + +Move the new member of vb2_buf_ops to the end and add another flag +in vb2_queue to indicate whether it's valid. Hide them both from +genksyms. Set and check the flag as necessary. + +--- +--- a/drivers/media/v4l2-core/videobuf2-core.c ++++ b/drivers/media/v4l2-core/videobuf2-core.c +@@ -1665,7 +1665,8 @@ static int __vb2_get_done_vb(struct vb2_ + * Only remove the buffer from done_list if v4l2_buffer can handle all + * the planes. + */ +- ret = call_bufop(q, verify_planes_array, *vb, pb); ++ ret = q->have_verify_planes_array ? ++ call_bufop(q, verify_planes_array, *vb, pb) : 0; + if (!ret) + list_del(&(*vb)->done_entry); + spin_unlock_irqrestore(&q->done_lock, flags); +--- a/drivers/media/v4l2-core/videobuf2-v4l2.c ++++ b/drivers/media/v4l2-core/videobuf2-v4l2.c +@@ -767,6 +767,7 @@ int vb2_queue_init(struct vb2_queue *q) + q->buf_struct_size = sizeof(struct vb2_v4l2_buffer); + + q->buf_ops = &v4l2_buf_ops; ++ q->have_verify_planes_array = 1; + q->is_multiplanar = V4L2_TYPE_IS_MULTIPLANAR(q->type); + q->is_output = V4L2_TYPE_IS_OUTPUT(q->type); + q->copy_timestamp = (q->timestamp_flags & V4L2_BUF_FLAG_TIMESTAMP_MASK) +--- a/include/media/videobuf2-core.h ++++ b/include/media/videobuf2-core.h +@@ -387,11 +387,14 @@ struct vb2_ops { + * the vb2_buffer struct. + */ + struct vb2_buf_ops { +- int (*verify_planes_array)(struct vb2_buffer *vb, const void *pb); + void (*fill_user_buffer)(struct vb2_buffer *vb, void *pb); + int (*fill_vb2_buffer)(struct vb2_buffer *vb, const void *pb, + struct vb2_plane *planes); + void (*copy_timestamp)(struct vb2_buffer *vb, const void *pb); ++#ifndef __GENKSYMS__ ++ /* Only valid if vb2_queue::have_verify_planes_array is set */ ++ int (*verify_planes_array)(struct vb2_buffer *vb, const void *pb); ++#endif + }; + + /** +@@ -470,7 +473,11 @@ struct vb2_queue { + unsigned fileio_read_once:1; + unsigned fileio_write_immediately:1; + unsigned allow_zero_bytesused:1; ++#ifndef __GENKSYMS__ + unsigned quirk_poll_must_check_waiting_for_buffers:1; ++ unsigned have_verify_planes_array:1; ++ /* 27 bits spare */ ++#endif + + struct mutex *lock; + void *owner; diff --git a/debian/patches/series b/debian/patches/series index 6211c5bf8..9486b2107 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -73,7 +73,6 @@ features/arm/device-tree/ARM-dts-kirkwood-add-kirkwood-nsa320.dtb-to-Makefile.pa features/arm/device-tree/ARM-dts-orion5x-add-device-tree-for-kurobox-pro.patch # Miscellaneous bug fixes -bugfix/all/misc-bmp085-Enable-building-as-a-module.patch bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch bugfix/all/disable-some-marvell-phys.patch bugfix/all/rtsx_usb_ms-use-msleep_interruptible-in-polling-loop.patch @@ -81,7 +80,6 @@ bugfix/all/mm-zone_device-depends-on-sparsemem_vmemmap.patch bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch -bugfix/all/memcg-remove-lru_add_drain_all-invocation-from-mem_cgroup_move_charge.patch # Miscellaneous features features/all/mm-exclude-zone_device-from-gfp_zone_table.patch @@ -129,11 +127,13 @@ bugfix/all/netfilter-x_tables-check-for-size-overflow.patch bugfix/all/netfilter-x_tables-validate-e-target_offset-early.patch bugfix/all/netfilter-x_tables-make-sure-e-next_offset-covers-re.patch bugfix/x86/x86-mm-32-enable-full-randomization-on-i386-and-x86_.patch -bugfix/x86/x86-xen-suppress-hugetlbfs-in-PV-guests.patch -bugfix/all/USB-usbip-fix-potential-out-of-bounds-write.patch + +# ABI maintenance +debian/ib-fix-abi-change-in-4.5.3.patch +debian/v4l2-fix-abi-changes-in-4.5.3.patch +debian/cgroup-fix-abi-change-in-4.5.3.patch # Tools bug fixes -bugfix/all/input-gtco-fix-crash-on-detecting-device-without-end.patch bugfix/all/usbip-document-tcp-wrappers.patch bugfix/all/kbuild-fix-recordmcount-dependency.patch bugfix/all/usbip-include-uninstalled-linux-usbip-h.patch