debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

Update to 4.18.8 

- Drop security fixes included in it
- mm: Avoid ABI change in 4.18.7
This commit is contained in:
Ben Hutchings 2018-09-16 23:56:13 +01:00
parent 0fdc9e52d3
commit ee7d2e20ff
5 changed files with 231 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

204
debian/changelog vendored
View File

@ -1,4 +1,4 @@
linux (4.18.7-1) UNRELEASED; urgency=medium
linux (4.18.8-1) UNRELEASED; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7
@ -139,6 +139,205 @@ linux (4.18.7-1) UNRELEASED; urgency=medium
- udf: Fix mounting of Win7 created UDF filesystems
- cpuidle: menu: Retain tick when shallow state is selected
- [arm64] mm: always enable CONFIG_HOLES_IN_ZONE
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.8
- act_ife: fix a potential use-after-free
- ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT
state
- net: sched: Fix memory exposure from short TCA_U32_SEL
- qlge: Fix netdev features configuration.
- r8152: disable RX aggregation on new Dell TB16 dock
- tcp: do not restart timewait timer on rst reception
- vti6: remove !skb->ignore_df check from vti6_xmit()
- act_ife: move tcfa_lock down to where necessary
- act_ife: fix a potential deadlock
- net: sched: action_ife: take reference to meta module
- bnxt_en: Clean up unused functions.
- bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA.
- net/sched: act_pedit: fix dump of extended layered op
- tipc: fix a missing rhashtable_walk_exit()
- [x86] hv_netvsc: Fix a deadlock by getting rtnl lock earlier in
netvsc_probe()
- tipc: fix the big/little endian issue in tipc_dest
- sctp: remove useless start_fail from sctp_ht_iter in proc
- erspan: set erspan_ver to 1 by default when adding an erspan dev
- ipv6: don't get lwtstate twice in ip6_rt_copy_init()
- net/ipv6: init ip6 anycast rt->dst.input as ip6_input
- net/ipv6: Only update MTU metric if it set
- net/ipv6: Put lwtstate when destroying fib6_info
- net/mlx5: Fix SQ offset in QPs with small RQ
- r8169: set RxConfig after tx/rx is enabled for RTL8169sb/8110sb devices
- [armhf,arm64] Revert "net: stmmac: Do not keep rearming the coalesce
timer in stmmac_xmit"
- ip6_vti: fix creating fallback tunnel device for vti6
- ip6_vti: fix a null pointer deference when destroy vti6 tunnel
- nfp: wait for posted reconfigs when disabling the device
- sctp: hold transport before accessing its asoc in sctp_transport_get_next
- vhost: correctly check the iova range when waking virtqueue
- [x86] hv_netvsc: ignore devices that are not PCI
- cifs: check if SMB2 PDU size has been padded and suppress the warning
- hfsplus: don't return 0 when fill_super() failed
- hfs: prevent crash on exit from failed search
- sunrpc: Don't use stack buffer with scatterlist
- fork: don't copy inconsistent signal handler state to child
- fs/proc/vmcore.c: hide vmcoredd_mmap_dumps() for nommu builds
- reiserfs: change j_timestamp type to time64_t
- [armhf,arm64] iommu/rockchip: Handle errors returned from PM framework
- hfsplus: fix NULL dereference in hfsplus_lookup() (CVE-2018-14617)
- [armhf,arm64] iommu/rockchip: Move irq request past pm_runtime_enable
- fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries
- fat: validate ->i_start before using
- workqueue: skip lockdep wq dependency in cancel_work_sync()
- workqueue: re-add lockdep dependencies for flushing
- scripts: modpost: check memory allocation results
- apparmor: fix an error code in __aa_create_ns()
- virtio: pci-legacy: Validate queue pfn
- [x86] mce: Add notifier_block forward declaration
- i2c: core: ACPI: Make acpi_gsb_i2c_read_bytes() check i2c_transfer return
value
- IB/hfi1: Invalid NUMA node information can cause a divide by zero
- [armhf,arm64] pwm: meson: Fix mux clock names
- [powerpc*] topology: Get topology for shared processors at boot
- mm/fadvise.c: fix signed overflow UBSAN complaint
- mm: make DEFERRED_STRUCT_PAGE_INIT explicitly depend on SPARSEMEM
- fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
- [x86] platform: intel_punit_ipc: fix build errors
- bpf, sockmap: fix map elem deletion race with smap_stop_sock
- tcp, ulp: fix leftover icsk_ulp_ops preventing sock from reattach
- bpf, sockmap: fix sock_map_ctx_update_elem race with exist/noexist
- net/xdp: Fix suspicious RCU usage warning
- bpf, sockmap: fix leakage of smap_psock_map_entry
- netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses
- [s390x] kdump: Fix memleak in nt_vmcoreinfo
- ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
- mfd: sm501: Set coherent_dma_mask when creating subdevices
- netfilter: x_tables: do not fail xt_alloc_table_info too easilly
- [x86] platform: asus-nb-wmi: Add keymap entry for lid flip action on
UX360
- netfilter: fix memory leaks on netlink_dump_start error
- tcp, ulp: add alias for all ulp modules
- ubi: Initialize Fastmap checkmapping correctly
- ACPICA: ACPICA: add status check for acpi_hw_read before assigning return
value
- [arm*] perf arm spe: Fix uninitialized record error variable
- [arm64] net: hns3: Fix for command format parsing error in
hclge_is_all_function_id_zero
- block: don't warn for flush on read-only device
- [arm64] net: hns3: Fix for phy link issue when using marvell phy driver
- PCI: Match Root Port's MPS to endpoint's MPSS as necessary
- drm/amd/display: Guard against null crtc in CRC IRQ
- perf tools: Check for null when copying nsinfo.
- f2fs: avoid race between zero_range and background GC
- f2fs: fix avoid race between truncate and background GC
- net/9p/trans_fd.c: fix race by holding the lock
- net/9p: fix error path of p9_virtio_probe
- f2fs: fix to clear PG_checked flag in set_page_dirty()
- [armhf,arm64] pinctrl: axp209: Fix NULL pointer dereference after
allocation
- bpf: fix bpffs non-array map seq_show issue
- [powerpc*] uaccess: Enable get_user(u64, *p) on 32-bit
- [powerpc*] Fix size calculation using resource_size()
- [powerpc*] perf probe powerpc: Fix trace event post-processing
- block: bvec_nr_vecs() returns value for wrong slab
- brcmfmac: fix brcmf_wiphy_wowl_params() NULL pointer dereference
- [s390x] dasd: fix hanging offline processing due to canceled worker
- [s390x] dasd: fix panic for failed online processing
- ACPI / scan: Initialize status to ACPI_STA_DEFAULT
- blk-mq: count the hctx as active before allocating tag
- scsi: aic94xx: fix an error code in aic94xx_init()
- NFSv4: Fix error handling in nfs4_sp4_select_mode()
- Input: do not use WARN() in input_alloc_absinfo()
- xen/balloon: fix balloon initialization for PVH Dom0
- [armhf] PCI: mvebu: Fix I/O space end address calculation
- dm kcopyd: avoid softlockup in run_complete_job
- [x86] staging: comedi: ni_mio_common: fix subdevice flags for PFI
subdevice
- ASoC: rt5677: Fix initialization of rt5677_of_match.data
- [armhf] iommu/omap: Fix cache flushes on L2 table entries
- selinux: cleanup dentry and inodes on error in selinuxfs
- RDS: IB: fix 'passing zero to ERR_PTR()' warning
- cfq: Suppress compiler warnings about comparisons
- smb3: fix reset of bytes read and written stats
- CIFS: fix memory leak and remove dead code
- SMB3: Number of requests sent should be displayed for SMB3 not just CIFS
- smb3: if server does not support posix do not allow posix mount option
- [powerpcspe] platforms/85xx: fix t1042rdb_diu.c build errors & warning
- [powerpc*] 64s: Make rfi_flush_fallback a little more robust
- [powerpc*] pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX.
- [armhf,arm64] clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in
rk3399
- drm/amd/display: Read back max backlight value at boot
- [x86] KVM: vmx: track host_state.loaded using a loaded_vmcs pointer
- [x86] kvm: nVMX: Fix fault vector for VMX operation at CPL > 0
- [armhf] drm/etnaviv: fix crash in GPU suspend when init failed due to
buffer placement
- btrfs: Exit gracefully when chunk map cannot be inserted to the tree
- btrfs: replace: Reset on-disk dev stats value after replace
- btrfs: fix in-memory value of total_devices after seed device deletion
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been
initialized (CVE-2018-14609)
- btrfs: tree-checker: Detect invalid and empty essential trees
(CVE-2018-14612)
- btrfs: check-integrity: Fix NULL pointer dereference for degraded mount
- btrfs: lift uuid_mutex to callers of btrfs_open_devices
- btrfs: Don't remove block group that still has pinned down bytes
- btrfs: Fix a C compliance issue
- [armhf,arm64] rockchip: Force CONFIG_PM on Rockchip systems
- btrfs: do btrfs_free_stale_devices outside of device_list_add
- btrfs: extend locked section when adding a new device in device_list_add
- btrfs: rename local devices for fs_devices in btrfs_free_stale_devices(
- btrfs: use device_list_mutex when removing stale devices
- btrfs: lift uuid_mutex to callers of btrfs_scan_one_device
- btrfs: lift uuid_mutex to callers of btrfs_parse_early_options
- btrfs: reorder initialization before the mount locks uuid_mutex
- btrfs: fix mount and ioctl device scan ioctl race
- [x86] drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks"
- [x86] drm/i915: Nuke the LVDS lid notifier
- [x86] drm/i915: Increase LSPCON timeout
- [x86] drm/i915: Free write_buf that we allocated with kzalloc.
- drm/amdgpu: update uvd_v6_0_ring_vm_funcs to use new nop packet
- drm/amdgpu: fix a reversed condition
- drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode
- drm/amd/pp: Convert voltage unit in mV*4 to mV on CZ/ST
- drm/amd/powerplay: fixed uninitialized value
- drm/amd/pp/Polaris12: Fix a chunk of registers missed to program
- drm/edid: Quirk Vive Pro VR headset non-desktop.
- drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80
- drm/amd/display: fix type of variable
- drm/amd/display: Don't share clk source between DP and HDMI
- drm/amd/display: update clk for various HDMI color depths
- drm/amd/display: Use requested HDMI aspect ratio
- drm/amd/display: Report non-DP display as disconnected without EDID
- [armhf,arm64] drm/rockchip: lvds: add missing of_node_put
- [armhf,arm64] drm/rockchip: vop: split out core clock enablement into
separate functions
- [armhf,arm64] drm/rockchip: vop: fix irq disabled after vop driver probed
- drm/amd/display: Pass connector id when executing VBIOS CT
- drm/amd/display: Check if clock source in use before disabling
- drm/amdgpu: update tmr mc address
- drm/amdgpu:add tmr mc address into amdgpu_firmware_info
- drm/amdgpu:add new firmware id for VCN
- drm/amdgpu:add VCN support in PSP driver
- drm/amdgpu:add VCN booting with firmware loaded by PSP
- drm/amdgpu: fix incorrect use of fcheck
- drm/amdgpu: fix incorrect use of drm_file->pid
- [x86] drm/i915: Re-apply "Perform link quality check, unconditionally
during long pulse"
- uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member
name
- mm: respect arch_dup_mmap() return value
- [x86] drm/i915: set DP Main Stream Attribute for color range on DDI
platforms
- [i386] tsc: Prevent result truncation on 32bit
- drm/amdgpu: Keep track of amount of pinned CPU visible VRAM
- drm/amdgpu: Make pin_size values atomic
- drm/amdgpu: Warn and update pin_size values when destroying a pinned BO
- drm/amdgpu: Don't warn on destroying a pinned BO
- debugobjects: Make stack check warning more informative
- [i386] pae: use 64 bit atomic xchg function in native_ptep_get_and_clear
- [x86] xen: don't write ptes directly in 32-bit PV guests
- [x86] kvm: Set highest physical address bits in non-present/reserved SPTEs
- [x86] kvm: avoid unused variable warning
- HID: redragon: fix num lock and caps lock LEDs
[ Ben Hutchings ]
* [x86] wireless: Enable R8822BE as module (Closes: #908330)
@ -155,9 +354,6 @@ linux (4.18.7-1) UNRELEASED; urgency=medium
[ Salvatore Bonaccorso ]
* mac80211: don't update the PM state of a peer upon a multicast frame
(Closes: #887045, #886292)
* btrfs: relocation: Only remove reloc rb_trees if reloc control has been
initialized (CVE-2018-14609)
* hfsplus: fix NULL dereference in hfsplus_lookup() (CVE-2018-14617)
[ Romain Perier ]
* [x86] Enable TI TPS6598x USB Power Delivery controller family

64
debian/patches/bugfix/all/btrfs-relocation-Only-remove-reloc-rb_trees-if-reloc.patch vendored
View File

@ -1,64 +0,0 @@
From: Qu Wenruo <wqu@suse.com>
Date: Tue, 3 Jul 2018 17:10:07 +0800
Subject: btrfs: relocation: Only remove reloc rb_trees if reloc control has
been initialized
Origin: https://git.kernel.org/linus/389305b2aa68723c754f88d9dbd268a400e10664
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-14609
Invalid reloc tree can cause kernel NULL pointer dereference when btrfs
does some cleanup of the reloc roots.
It turns out that fs_info::reloc_ctl can be NULL in
btrfs_recover_relocation() as we allocate relocation control after all
reloc roots have been verified.
So when we hit: note, we haven't called set_reloc_control() thus
fs_info::reloc_ctl is still NULL.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=199833
Reported-by: Xu Wen <wen.xu@gatech.edu>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Tested-by: Gu Jinxiang <gujx@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
---
fs/btrfs/relocation.c | 23 ++++++++++++-----------
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
index 229f721cbde9..b98d7a594542 100644
--- a/fs/btrfs/relocation.c
+++ b/fs/btrfs/relocation.c
@@ -1281,18 +1281,19 @@ static void __del_reloc_root(struct btrfs_root *root)
struct mapping_node *node = NULL;
struct reloc_control *rc = fs_info->reloc_ctl;
- spin_lock(&rc->reloc_root_tree.lock);
- rb_node = tree_search(&rc->reloc_root_tree.rb_root,
- root->node->start);
- if (rb_node) {
- node = rb_entry(rb_node, struct mapping_node, rb_node);
- rb_erase(&node->rb_node, &rc->reloc_root_tree.rb_root);
+ if (rc) {
+ spin_lock(&rc->reloc_root_tree.lock);
+ rb_node = tree_search(&rc->reloc_root_tree.rb_root,
+ root->node->start);
+ if (rb_node) {
+ node = rb_entry(rb_node, struct mapping_node, rb_node);
+ rb_erase(&node->rb_node, &rc->reloc_root_tree.rb_root);
+ }
+ spin_unlock(&rc->reloc_root_tree.lock);
+ if (!node)
+ return;
+ BUG_ON((struct btrfs_root *)node->data != root);
}
- spin_unlock(&rc->reloc_root_tree.lock);
-
- if (!node)
- return;
- BUG_ON((struct btrfs_root *)node->data != root);
spin_lock(&fs_info->trans_lock);
list_del_init(&root->root_list);
--
2.19.0

56
debian/patches/bugfix/all/hfsplus-fix-NULL-dereference-in-hfsplus_lookup.patch vendored
View File

@ -1,56 +0,0 @@
From: =?UTF-8?q?Ernesto=20A=2E=20Fern=C3=A1ndez?=
<ernesto.mnd.fernandez@gmail.com>
Date: Thu, 23 Aug 2018 17:00:25 -0700
Subject: hfsplus: fix NULL dereference in hfsplus_lookup()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Origin: https://git.kernel.org/linus/a7ec7a4193a2eb3b5341243fc0b621c1ac9e4ec4
An HFS+ filesystem can be mounted read-only without having a metadata
directory, which is needed to support hardlinks. But if the catalog
data is corrupted, a directory lookup may still find dentries claiming
to be hardlinks.
hfsplus_lookup() does check that ->hidden_dir is not NULL in such a
situation, but mistakenly does so after dereferencing it for the first
time. Reorder this check to prevent a crash.
This happens when looking up corrupted catalog data (dentry) on a
filesystem with no metadata directory (this could only ever happen on a
read-only mount). Wen Xu sent the replication steps in detail to the
fsdevel list: https://bugzilla.kernel.org/show_bug.cgi?id=200297
Link: http://lkml.kernel.org/r/20180712215344.q44dyrhymm4ajkao@eaf
Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com>
Reported-by: Wen Xu <wen.xu@gatech.edu>
Cc: Viacheslav Dubeyko <slava@dubeyko.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
fs/hfsplus/dir.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/hfsplus/dir.c b/fs/hfsplus/dir.c
index c5a70f83dbe7..f37662675c3a 100644
--- a/fs/hfsplus/dir.c
+++ b/fs/hfsplus/dir.c
@@ -77,13 +77,13 @@ static struct dentry *hfsplus_lookup(struct inode *dir, struct dentry *dentry,
cpu_to_be32(HFSP_HARDLINK_TYPE) &&
entry.file.user_info.fdCreator ==
cpu_to_be32(HFSP_HFSPLUS_CREATOR) &&
+ HFSPLUS_SB(sb)->hidden_dir &&
(entry.file.create_date ==
HFSPLUS_I(HFSPLUS_SB(sb)->hidden_dir)->
create_date ||
entry.file.create_date ==
HFSPLUS_I(d_inode(sb->s_root))->
- create_date) &&
- HFSPLUS_SB(sb)->hidden_dir) {
+ create_date)) {
struct qstr str;
char name[32];
--
2.19.0

30
debian/patches/debian/abi/mm-avoid-abi-change-in-4.18.7.patch vendored Normal file
View File

@ -0,0 +1,30 @@
From: Ben Hutchings <ben@decadent.org.uk>
Date: Mon, 17 Sep 2018 01:11:22 +0100
Subject: mm: Avoid ABI change in 4.18.7
Forwarded: not-needed
Commit 8bfd9029bc79 "powerpc/64s: Fix page table fragment refcount race
vs speculative references" introduced a union with another alternate use
for one of the words in struct page.
The layout of the structure is unchanged, and this use is private to
the powerpc page table allocator, so it's not actually an ABI change.
Therefore hide it from genksyms.
---
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -139,10 +139,14 @@ struct page {
unsigned long _pt_pad_1; /* compound_head */
pgtable_t pmd_huge_pte; /* protected by page->ptl */
unsigned long _pt_pad_2; /* mapping */
+#ifndef __GENKSYMS__
union {
struct mm_struct *pt_mm; /* x86 pgds only */
atomic_t pt_frag_refcount; /* powerpc */
};
+#else
+ struct mm_struct *pt_mm; /* x86 pgds only */
+#endif
#if ALLOC_SPLIT_PTLOCKS
spinlock_t *ptl;
#else

3
debian/patches/series vendored
View File

@ -142,8 +142,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
# Security fixes
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/all/Revert-net-increase-fragment-memory-usage-limits.patch
bugfix/all/btrfs-relocation-Only-remove-reloc-rb_trees-if-reloc.patch
bugfix/all/hfsplus-fix-NULL-dereference-in-hfsplus_lookup.patch
# Fix exported symbol versions
bugfix/all/module-disable-matching-missing-version-crc.patch
@ -168,3 +166,4 @@ bugfix/all/usbip-fix-misuse-of-strncpy.patch
debian/wireless-disable-regulatory.db-direct-loading.patch
# ABI maintenance
debian/abi/mm-avoid-abi-change-in-4.18.7.patch