Commit cc3c6eb2 authored by Lorenzo "Palinuro" Faletra's avatar Lorenzo "Palinuro" Faletra
Browse files

Import Debian changes 4.9.30-1parrot30

linux (4.9.30-1parrot30) testing; urgency=medium

  * Import new upstream release.

linux (4.9.30-1) unstable; urgency=medium

  * New upstream stable update:
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.26
    - [arm64] Revert "mmc: sdhci-msm: Enable few quirks"
    - ping: implement proper locking
    - [sparc64] kern_addr_valid regression
    - [sparc64] Fix kernel panic due to erroneous #ifdef surrounding
      pmd_write()
    - net: neigh: guard against NULL solicit() method
    - net: phy: handle state correctly in phy_stop_machine
    - bpf: improve verifier packet range checks
    - net/mlx5: Avoid dereferencing uninitialized pointer
    - l2tp: hold tunnel socket when handling control frames in l2tp_ip
      and l2tp_ip6
    - l2tp: purge socket queues in the .destruct() callback
    - net/packet: fix overflow in check for tp_frame_nr
    - net/packet: fix overflow in check for tp_reserve
    - l2tp: take reference on sessions being dumped
    - l2tp: fix PPP pseudo-wire auto-loading
    - net: ipv4: fix multipath RTM_GETROUTE behavior when iif is given
    - sctp: listen on the sock only when it's state is listening or
      closed
    - tcp: clear saved_syn in tcp_disconnect()
    - ipv6: Fix idev->addr_list corruption
    - net-timestamp: avoid use-after-free in ip_recv_error
    - net: vrf: Fix setting NLM_F_EXCL flag when adding l3mdev rule
    - dp83640: don't recieve time stamps twice
    - gso: Validate assumption of frag_list segementation
    - net: ipv6: RTF_PCPU should not be settable from userspace
    - netpoll: Check for skb->queue_mapping
    - ip6mr: fix notification device destruction
    - net/mlx5: Fix driver load bad flow when having fw
      initializing timeout
    - net/mlx5e: Fix small packet threshold
    - net/mlx5e: Fix ETHTOOL_GRXCLSRLALL handling
    - macvlan: Fix device ref leak when purging bc_queue
    - net: ipv6: regenerate host route if moved to gc list
    - net: phy: fix auto-negotiation stall due to unavailable interrupt
    - ipv6: check skb->protocol before lookup for nexthop
    - tcp: memset ca_priv data to 0 properly
    - ipv6: check raw payload size correctly in ioctl
    - ALSA: oxfw: fix regression to handle Stanton SCS.1m/1d
    - ALSA: firewire-lib: fix inappropriate assignment between
      signed/unsigned type
    - ALSA: seq: Don't break snd_use_lock_sync() loop by timeout
    - [mips*] KGDB: Use kernel context for sleeping threads
    - [mips*] Avoid BUG warning in arch_check_elf
    - p9_client_readdir() fix
    - [x86] ASoC: intel: Fix PM and non-atomic crash in bytcr drivers
    - Input: i8042 - add Clevo P650RS to the i8042 reset list
    - nfsd: check for oversized NFSv2/v3 arguments
    - nfsd4: minor NFSv2/v3 write decoding cleanup
    - nfsd: stricter decoding of write-like NFSv2/v3 ops
    - ceph: fix recursion between ceph_set_acl() and __ceph_setattr()
    - macsec: avoid heap overflow in skb_to_sgvec
    - net: can: usb: gs_usb: Fix buffer on stack
    - [x86] ftrace: Fix triple fault with graph tracing and suspend-to-ram
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.27
    - timerfd: Protect the might cancel mechanism proper
    - Handle mismatched open calls
    - [x86] tpm_tis: use default timeout value if chip reports it as zero
    - scsi: storvsc: Workaround for virtual DVD SCSI version
    - [powerpc, x86] hwmon: (it87) Avoid registering the same chip on both SIO
      addresses
    - 8250_pci: Fix potential use-after-free in error path
    - ceph: try getting buffer capability for readahead/fadvise
    - cpu/hotplug: Serialize callback invocations proper
    - dm ioctl: prevent stack leak in dm ioctl call
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.28
    - 9p: fix a potential acl leak
    - hwmon: (it87) Fix pwm4 detection for IT8620 and IT8628
    - [x86] tpm: fix RC value check in tpm2_seal_trusted
    - [x86] tmp: use pdev for parent device in tpm_chip_alloc
    - cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores
    - [powerpc*] mm: Fixup wrong LPCR_VRMASD value
    - [powerpc*] powernv: Fix opal_exit tracepoint opcode
    - [powerpc*] Correctly disable latent entropy GCC plugin on
      prom_init.o
    - [x86] perf/x86/intel/pt: Add format strings for PTWRITE and power
      event tracing
    - [arm64] dts: r8a7795: Mark EthernetAVB device node disabled
    - [arm64] dts: qcom: Fix ipq board clock rates
    - [arm64] Improve detection of user/non-user mappings in
      set_pte(_at)
    - [armhf] OMAP5 / DRA7: Fix HYP mode boot for thumb2 build
    - [armhf] dts: sun7i: lamobo-r1: Fix CPU port RGMII settings
    - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print
    - mwifiex: remove redundant dma padding in AMSDU
    - mwifiex: Avoid skipping WEP key deletion for AP
    - iwlwifi: fix MODULE_FIRMWARE for 6030
    - iwlwifi: mvm: don't restart HW if suspend fails with unified image
    - iwlwifi: mvm: overwrite skb info later
    - iwlwifi: pcie: don't increment / decrement a bool
    - iwlwifi: pcie: trans: Remove unused 'shift_param'
    - iwlwifi: pcie: fix the set of DMA memory mask
    - iwlwifi: mvm: fix reorder timer re-arming
    - iwlwifi: mvm: Use aux queue for offchannel frames in dqa
    - iwlwifi: mvm/pcie: adjust A-MSDU tx_cmd length in PCIe
    - iwlwifi: mvm: fix pending frame counter calculation
    - iwlwifi: mvm: fix references to first_agg_queue in DQA mode
    - iwlwifi: mvm: synchronize firmware DMA paging memory
    - iwlwifi: mvm: writing zero bytes to debugfs causes a crash
    - [x86] ioapic: Restore IO-APIC irq_chip retrigger callback
    - [amd64] x86/pci-calgary: Fix iommu_free() comparison of unsigned
      expression >= 0
    - [x86] kprobes/x86: Fix kernel panic when certain exception-
      handling addresses are probed
    - [x86] platform/intel-mid: Correct MSI IRQ line for watchdog device
    - [x86] KVM: nVMX: initialize PML fields in vmcs02
    - [x86] KVM: nVMX: do not leak PML full vmexit to L1
    - [arm64, armhf] usb: dwc2: host: use msleep() for long delay
    - [armhf] usb: host: ehci-exynos: Decrese node refcount on
      exynos_ehci_get_phy() error paths
    - [armhf] usb: host: ohci-exynos: Decrese node refcount on
      exynos_ehci_get_phy() error paths
    - [arm64, armhf] usb: chipidea: Only read/write OTGSC from one place
    - [arm64, armhf] usb: chipidea: Handle extcon events properly
    - USB: serial: keyspan_pda: fix receive sanity checks
    - USB: serial: digi_acceleport: fix incomplete rx sanity check
    - USB: serial: ssu100: fix control-message error handling
    - USB: serial: io_edgeport: fix epic-descriptor handling
    - USB: serial: ti_usb_3410_5052: fix control-message error handling
    - USB: serial: ark3116: fix open error handling
    - USB: serial: ftdi_sio: fix latency-timer error handling
    - USB: serial: quatech2: fix control-message error handling
    - USB: serial: mct_u232: fix modem-status error handling
    - USB: serial: io_edgeport: fix descriptor error handling
    - [armhf] clk: rockchip: add "," to
      mux_pll_src_apll_dpll_gpll_usb480m_p on rk3036
    - phy: qcom-usb-hs: Add depends on EXTCON
    - scsi: qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr
    - scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m
    - scsi: smartpqi: fix time handling
    - [mips*] R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix
    - brcmfmac: Ensure pointer correctly set if skb data location
      changes
    - brcmfmac: Make skb header writable before use
    - [x86] staging/lustre/llite: move root_squash from sysfs to debugfs
    - [x86] staging: wlan-ng: add missing byte order conversion
    - ALSA: hda - Fix deadlock of controller device lock at unbinding
    - [sparc64] fix fault handling in NGbzero.S and GENbzero.S
    - macsec: dynamically allocate space for sglist
    - tcp: do not underestimate skb->truesize in tcp_trim_head()
    - bpf: enhance verifier to understand stack pointer arithmetic
    - [arm64] bpf: fix jit branch offset related to ldimm64
    - tcp: fix wraparound issue in tcp_lp
    - net: ipv6: Do not duplicate DAD on link up
    - net: usb: qmi_wwan: add Telit ME910 support
    - tcp: do not inherit fastopen_req from parent
    - ipv4, ipv6: ensure raw socket message is big enough to hold
      an IP header
    - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string
    - ipv6: initialize route null entry in addrconf_init()
    - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf
    - bnxt_en: allocate enough space for ->ntp_fltr_bmap
    - bpf: don't let ldimm64 leak map addresses on unprivileged
      (CVE-2017-9150)
    - f2fs: sanity check segment count
    - xen: Revert commits da72ff5bfcb0 and 72a9b186292d
    - [arm64, armhf] wlcore: Pass win_size taken from
      ieee80211_sta to FW
    - [arm64, armhf] wlcore: Add RX_BA_WIN_SIZE_CHANGE_EVENT event
    - drm/ttm: fix use-after-free races in vm fault handling
    - block: get rid of blk_integrity_revalidate()
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.29
    - [x86] xen: adjust early dom0 p2m handling to xen hypervisor behavior
    - target: Fix compare_and_write_callback handling for non GOOD status
    - target/fileio: Fix zero-length READ and WRITE handling
    - iscsi-target: Set session_fall_back_to_erl0 when forcing reinstatement
    - usb: xhci: bInterval quirk for TI TUSB73x0
    - usb: host: xhci: print correct command ring address
    - USB: Proper handling of Race Condition when two USB class drivers try to
      call init_usb_class simultaneously
    - USB: Revert "cdc-wdm: fix "out-of-sync" due to missing notifications"
    - [x86] staging: vt6656: use off stack for in buffer USB transfers.
    - [x86] staging: vt6656: use off stack for out buffer USB transfers.
    - [x86] staging: comedi: jr3_pci: fix possible null pointer dereference
    - [x86] staging: comedi: jr3_pci: cope with jiffies wraparound
    - usb: misc: add missing continue in switch
    - usb: gadget: legacy gadgets are optional
    - usb: Make sure usb/phy/of gets built-in
    - usb: hub: Fix error loop seen after hub communication errors
    - usb: hub: Do not attempt to autosuspend disconnected devices
    - [x86] boot: Fix BSS corruption/overwrite bug in early x86 kernel startup
    - [amd64] pmem: Fix cache flushing for iovec write < 8 bytes
    - [x86] perf: Fix Broadwell-EP DRAM RAPL events
    - [x86] KVM: fix user triggerable warning in kvm_apic_accept_events()
    - [armhf,arm64] KVM: fix races in kvm_psci_vcpu_on
    - [arm64] KVM: Fix decoding of Rt/Rt2 when trapping AArch32 CP accesses
    - block: fix blk_integrity_register to use template's interval_exp if not 0
    - crypto: algif_aead - Require setkey before accept(2)
    - [x86] crypto: ccp - Use only the relevant interrupt bits
    - [x86] crypto: ccp - Disable interrupts early on unload
    - [x86] crypto: ccp - Change ISR handler method for a v3 CCP
    - [x86] crypto: ccp - Change ISR handler method for a v5 CCP
    - dm era: save spacemap metadata root after the pre-commit
    - dm rq: check blk_mq_register_dev() return value in
      dm_mq_init_request_queue()
    - dm thin: fix a memory leak when passing discard bio down
    - vfio/type1: Remove locked page accounting workqueue
    - iov_iter: don't revert iov buffer if csum error
    - IB/core: Fix sysfs registration error flow
    - IB/core: For multicast functions, verify that LIDs are multicast LIDs
    - IB/IPoIB: ibX: failed to create mcg debug file
    - IB/mlx4: Fix ib device initialization error flow
    - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level
    - IB/hfi1: Prevent kernel QP post send hard lockups
    - perf auxtrace: Fix no_size logic in addr_filter__resolve_kernel_syms()
    - ext4: evict inline data when writing to memory map
    - fs/xattr.c: zero out memory copied to userspace in getxattr
    - ceph: fix memory leak in __ceph_setxattr()
    - fs/block_dev: always invalidate cleancache in invalidate_bdev()
    - mm: prevent potential recursive reclaim due to clearing PF_MEMALLOC
    - Fix match_prepath()
    - Set unicode flag on cifs echo request to avoid Mac error
    - SMB3: Work around mount failure when using SMB3 dialect to Macs
    - CIFS: fix mapping of SFM_SPACE and SFM_PERIOD
    - cifs: fix leak in FSCTL_ENUM_SNAPS response handling
    - cifs: fix CIFS_ENUMERATE_SNAPSHOTS oops
    - CIFS: fix oplock break deadlocks
    - cifs: fix CIFS_IOC_GET_MNT_INFO oops
    - CIFS: add misssing SFM mapping for doublequote
    - padata: free correct variable
    - device-dax: fix cdev leak
    - fscrypt: fix context consistency check when key(s) unavailable
    - [armhf] serial: samsung: Use right device for DMA-mapping calls
    - [armhf] serial: omap: fix runtime-pm handling on unbind
    - [armhf] serial: omap: suspend device on probe errors
    - tty: pty: Fix ldisc flush after userspace become aware of the data already
    - Bluetooth: Fix user channel for 32bit userspace on 64bit kernel
    - Bluetooth: hci_bcm: add missing tty-device sanity check
    - Bluetooth: hci_intel: add missing tty-device sanity check
    - ipmi: Fix kernel panic at ipmi_ssif_thread()
    - libnvdimm, region: fix flush hint detection crash
    - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify
    - libnvdimm, pfn: fix 'npfns' vs section alignment
    - [powerpc*/*64*] pstore: Fix flags to enable dumps on powerpc
    - pstore: Shut down worker when unregistering
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.30
    - usb: misc: legousbtower: Fix buffers on stack
    - usb: misc: legousbtower: Fix memory leak
    - USB: ene_usb6250: fix DMA to the stack
    - watchdog: pcwd_usb: fix NULL-deref at probe
    - char: lp: fix possible integer overflow in lp_setup() (CVE-2017-1000363)
    - USB: core: replace %p with %pK
    - tpm_tis_core: Choose appropriate timeout for reading burstcount
    - ALSA: hda: Fix cpu lockup when stopping the cmd dmas
    - [armhf] tegra: paz00: Mark panel regulator as enabled on boot
    - fanotify: don't expose EOPENSTALE to userspace
    - tpm_tis_spi: Use single function to transfer data
    - tpm_tis_spi: Abort transfer when too many wait states are signaled
    - tpm_tis_spi: Check correct byte for wait state indicator
    - tpm_tis_spi: Remove limitation of transfers to MAX_SPI_FRAMESIZE bytes
    - tpm_tis_spi: Add small delay after last transfer
    - tpm: msleep() delays - replace with usleep_range() in i2c nuvoton driver
    - tpm: add sleep only for retry in i2c_nuvoton_write_status()
    - tpm_crb: check for bad response size
    - mlx5: Fix mlx5_ib_map_mr_sg mr length
    - infiniband: call ipv6 route lookup via the stub interface
    - dm btree: fix for dm_btree_find_lowest_key()
    - dm raid: select the Kconfig option CONFIG_MD_RAID0
    - dm bufio: avoid a possible ABBA deadlock
    - dm bufio: check new buffer allocation watermark every 30 seconds
    - dm mpath: split and rename activate_path() to prepare for its expanded use
    - dm cache metadata: fail operations if fail_io mode has been established
    - dm bufio: make the parameter "retain_bytes" unsigned long
    - dm thin metadata: call precommit before saving the roots
    - dm space map disk: fix some book keeping in the disk space map
    - md: update slab_cache before releasing new stripes when stripes resizing
    - md: MD_CLOSING needs to be cleared after called md_set_readonly or
      do_md_stop
    - rtlwifi: rtl8821ae: setup 8812ae RFE according to device type
    - mwifiex: MAC randomization should not be persistent
    - mwifiex: pcie: fix cmd_buf use-after-free in remove/reset
    - ima: accept previously set IMA_NEW_FILE
    - [x86] KVM: Fix load damaged SSEx MXCSR register
    - [x86] KVM: Fix potential preemption when get the current kvmclock
      timestamp
    - [x86] KVM: Fix read out-of-bounds vulnerability in kvm pio emulation
    - [i386] fix 32-bit case of __get_user_asm_u64()
    - [armhf] regulator: rk808: Fix RK818 LDO2
    - [s390x] kdump: Add final note
    - [s390x] cputime: fix incorrect system time
    - ath9k_htc: Add support of AirTies 1eda:2315 AR9271 device
    - ath9k_htc: fix NULL-deref at probe
    - [x86] drm/amdgpu: Make display watermark calculations more accurate
    - [x86] drm/amdgpu: Avoid overflows/divide-by-zero in latency_watermark
      calculations.
    - [x86] drm/amdgpu: Add missing lb_vblank_lead_lines setup to DCE-6 path.
    - drm/nouveau/therm: remove ineffective workarounds for alarm bugs
    - drm/nouveau/tmr: ack interrupt before processing alarms
    - drm/nouveau/tmr: fix corruption of the pending list when rescheduling an
      alarm
    - drm/nouveau/tmr: avoid processing completed alarms when adding a new one
    - drm/nouveau/tmr: handle races with hw when updating the next alarm time
    - [armhf] gpio: omap: return error if requested debounce time is not
      possible
    - cdc-acm: fix possible invalid access when processing notification
    - ohci-pci: add qemu quirk
    - [powerpc*] cxl: Force context lock during EEH flow
    - [powerpc*] cxl: Route eeh events to all drivers in
      cxl_pci_error_detected()
    - proc: Fix unbalanced hard link numbers
    - of: fix sparse warning in of_pci_range_parser_one
    - of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes()
    - of: fdt: add missing allocation-failure check
    - [powerpc*/*64*] ibmvscsis: Do not send aborted task response
    - [x86] IIO: bmp280-core.c: fix error in humidity calculation
    - IB/hfi1: Return an error on memory allocation failure
    - IB/hfi1: Fix a subcontext memory leak
    - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes
    - pid_ns: Fix race between setns'ed fork() and zap_pid_ns_processes()
    - USB: serial: ftdi_sio: fix setting latency for unprivileged users
    - USB: serial: ftdi_sio: add Olimex ARM-USB-TINY(H) PIDs
    - USB: chaoskey: fix Alea quirk on big-endian hosts
    - f2fs: check entire encrypted bigname when finding a dentry
    - fscrypt: avoid collisions when presenting long encrypted filenames
    - libnvdimm: fix clear length of nvdimm_forget_poison()
    - xhci: remove GFP_DMA flag from allocation
    - usb: host: xhci-plat: propagate return value of platform_get_irq()
    - xhci: apply PME_STUCK_QUIRK and MISSING_CAS quirk for Denverton
    - usb: host: xhci-mem: allocate zeroed Scratchpad Buffer
    - net: irda: irda-usb: fix firmware name on big-endian hosts
    - usbvision: fix NULL-deref at probe
    - mceusb: fix NULL-deref at probe
    - ttusb2: limit messages to buffer size
    - [armhf,arm64] usb: dwc3: gadget: Prevent losing events in event cache
    - [armhf] usb: musb: tusb6010_omap: Do not reset the other direction's
      packet size
    - [armhf] usb: musb: Fix trying to suspend while active for OTG
      configurations
    - USB: iowarrior: fix info ioctl on big-endian hosts
    - usb: serial: option: add Telit ME910 support
    - USB: serial: qcserial: add more Lenovo EM74xx device IDs
    - USB: serial: mct_u232: fix big-endian baud-rate handling
    - USB: serial: io_ti: fix div-by-zero in set_termios
    - USB: hub: fix SS hub-descriptor handling
    - USB: hub: fix non-SS hub-descriptor handling
    - ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487)
    - iio: hid-sensor: Store restore poll and hysteresis on S3
    - gspca: konica: add missing endpoint sanity check
    - dib0700: fix NULL-deref at probe
    - zr364xx: enforce minimum size when reading header
    - dvb-frontends/cxd2841er: define symbol_rate_min/max in T/C fe-ops
    - digitv: limit messages to buffer size
    - dw2102: limit messages to buffer size
    - cx231xx-audio: fix init error path
    - cx231xx-audio: fix NULL-deref at probe
    - cx231xx-cards: fix NULL-deref at probe
    - [powerpc*] mm: Ensure IRQs are off in switch_mm()
    - [powerpc*] eeh: Avoid use after free in eeh_handle_special_event()
    - [powerpc*] book3s/mce: Move add_taint() later in virtual mode
    - [powerpc*] pseries: Fix of_node_put() underflow during DLPAR remove
    - [powerpc*] iommu: Do not call PageTransHuge() on tail pages
    - [powerpc*] tm: Fix FP and VMX register corruption
    - [arm64] KVM: Do not use stack-protector to compile EL2 code
    - [armhf] KVM: Do not use stack-protector to compile HYP code
    - [armhf] KVM: plug potential guest hardware debug leakage
    - [armel,armhf] 8662/1: module: split core and init PLT sections
    - [armhf] dts: imx6sx-sdb: Remove OPP override
    - [arm64] dts: hi6220: Reset the mmc hosts
    - [arm64] xchg: hazard against entire exchange variable
    - [arm64] ensure extension of smp_store_release value
    - [arm64] armv8_deprecated: ensure extension of addr
    - [arm64] uaccess: ensure extension of access_ok() addr
    - [arm64] documentation: document tagged pointer stack constraints
    - [x86] staging: rtl8192e: rtl92e_fill_tx_desc fix write to mapped out
      memory.
    - [x86] staging: rtl8192e: fix 2 byte alignment of register BSSIDR.
    - [x86] staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of
      EPROM_CMD.
    - [x86] staging: rtl8192e: GetTs Fix invalid TID 7 warning.
    - [x86] iommu/vt-d: Flush the IOTLB to get rid of the initial kdump mappings
    - stackprotector: Increase the per-task stack canary's random range from 32
      bits to 64 bits on 64-bit platforms
    - uwb: fix device quirk on big-endian hosts
    - genirq: Fix chained interrupt data ordering
    - nvme: unmap CMB and remove sysfs file in reset path
    - [alpha] osf_wait4(): fix infoleak
    - tracing/kprobes: Enforce kprobes teardown after testing
    - [x86] PCI: hv: Allocate interrupt descriptors with GFP_ATOMIC
    - [x86] PCI: hv: Specify CPU_AFFINITY_ALL for MSI affinity when >= 32 CPUs
    - PCI: Fix pci_mmap_fits() for HAVE_PCI_RESOURCE_TO_USER platforms
    - PCI: Fix another sanity check bug in /proc/pci mmap
    - PCI: Only allow WC mmap on prefetchable resources
    - PCI: Freeze PME scan before suspending devices
    - [armel,armhf] mtd: nand: orion: fix clk handling
    - [armhf] mtd: nand: omap2: Fix partition creation via cmdline mtdparts
    - mtd: nand: add ooblayout for old hamming layout
    - [x86] drm/edid: Add 10 bpc quirk for LGD 764 panel in HP zBook 17 G2
    - NFSv4: Fix a hang in OPEN related to server reboot
    - NFS: Fix use after free in write error path
    - NFS: Use GFP_NOIO for two allocations in writeback
    - nfsd: fix undefined behavior in nfsd4_layout_verify
    - nfsd: encoders mustn't use unitialized values in error cases
    - drivers: char: mem: Check for address space wraparound with mmap()
    - [x86] drm/i915/gvt: Disable access to stolen memory as a guest

  [ Aurelien Jarno ]
  * [mips*/*-malta] Enable POWER_RESET and POWER_RESET_SYSCON.

  [ Uwe Kleine-König ]
  * [arm64] Enable DRM modules (Closes: #863344)
  * Ignore ABI changes in chipidea driver

  [ Ben Hutchings ]
  * Ignore ABI changes in ccp and hid-sensors
  * [mips*el/loongson-3] Revert "MIPS: Loongson-3: Select
    MIPS_L1_CACHE_SHIFT_6" to avoid ABI change
  * SUNRPC: Refactor svc_set_num_threads()
  * NFSv4: Fix callback server shutdown (CVE-2017-9059) (Closes: #862357)
  * uapi: fix linux/if.h userspace compilation errors (see #822393, #824442)
  * debian/control: Fix compiler build-dependencies for cross-building
    (Closes: #863907)
  * Add Debian package version to "hung task" log messages
  * btrfs: warn about RAID5/6 being experimental at mount time (Closes: #863290)
  * [x86] pinctrl: cherryview: Add a quirk to make Acer Chromebook keyboard
    work again (Closes: #862723)
  * [arm64] serial: pl011: add console matching function (Closes: #861898)
  * [rt] Add new GPG subkeys for Sebastian Andrzej Siewior
  * [rt] Update to 4.9.30-rt20:
    - rtmutex: Deboost before waking up the top waiter
    - sched/rtmutex/deadline: Fix a PI crash for deadline tasks
    - sched/deadline/rtmutex: Dont miss the dl_runtime/dl_period update
    - rtmutex: Clean up
    - sched/rtmutex: Refactor rt_mutex_setprio()
    - sched,tracing: Update trace_sched_pi_setprio()
    - rtmutex: Fix PI chain order integrity
    - rtmutex: Fix more prio comparisons
    - rtmutex: Plug preempt count leak in rt_mutex_futex_unlock()
    - futex: Avoid freeing an active timer
    - futex: Fix small (and harmless looking) inconsistencies
    - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock()
    - Revert "timers: Don't wake ktimersoftd on every tick"
    - futex/rtmutex: Cure RT double blocking issue
    - random: avoid preempt_disable()ed section

  [ Salvatore Bonaccorso ]
  * tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
    (CVE-2017-0605)
  * dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890)
  * ipv6: Prevent overrun when parsing v6 header options (CVE-2017-9074)
  * sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (CVE-2017-9075)
  * ipv6/dccp: do not inherit ipv6_mc_list from parent (CVE-2017-9076,
    CVE-2017-9077)
  * crypto: skcipher - Add missing API setkey checks (CVE-2017-9211)
  * ipv6: fix out of bound writes in __ip6_append_data() (CVE-2017-9242)

  [ Cyril Brulebois ]
  * udeb: Add efivarfs to efi-modules, which can be needed to retrieve
    firmware or configuration bits from d-i. (Closes: #862555)

  [ John Paul Adrian Glaubitz ]
  * [m68k] udeb: Build loop-modules package (Closes: #862813)
parents 003df7dd ba8e2437
......@@ -28,24 +28,32 @@
#define segment_eq(a, b) ((a).seg == (b).seg)
#define __kernel_ok (segment_eq(get_fs(), KERNEL_DS))
/*
* Explicitly allow NULL pointers here. Parts of the kernel such
* as readv/writev use access_ok to validate pointers, but want
* to allow NULL pointers for various reasons. NULL pointers are
* safe to allow through because the first page is not mappable on
* Meta.
*
* We also wish to avoid letting user code access the system area
* and the kernel half of the address space.
*/
#define __user_bad(addr, size) (((addr) > 0 && (addr) < META_MEMORY_BASE) || \
((addr) > PAGE_OFFSET && \
(addr) < LINCORE_BASE))
static inline int __access_ok(unsigned long addr, unsigned long size)
{
return __kernel_ok || !__user_bad(addr, size);
/*
* Allow access to the user mapped memory area, but not the system area
* before it. The check extends to the top of the address space when
* kernel access is allowed (there's no real reason to user copy to the
* system area in any case).
*/
if (likely(addr >= META_MEMORY_BASE && addr < get_fs().seg &&
size <= get_fs().seg - addr))
return true;
/*
* Explicitly allow NULL pointers here. Parts of the kernel such
* as readv/writev use access_ok to validate pointers, but want
* to allow NULL pointers for various reasons. NULL pointers are
* safe to allow through because the first page is not mappable on
* Meta.
*/
if (!addr)
return true;
/* Allow access to core code memory area... */
if (addr >= LINCORE_CODE_BASE && addr <= LINCORE_CODE_LIMIT &&
size <= LINCORE_CODE_LIMIT + 1 - addr)
return true;
/* ... but no other areas. */
return false;
}
#define access_ok(type, addr, size) __access_ok((unsigned long)(addr), \
......@@ -186,8 +194,13 @@ do { \
extern long __must_check __strncpy_from_user(char *dst, const char __user *src,
long count);
#define strncpy_from_user(dst, src, count) __strncpy_from_user(dst, src, count)
static inline long
strncpy_from_user(char *dst, const char __user *src, long count)
{
if (!access_ok(VERIFY_READ, src, 1))
return -EFAULT;
return __strncpy_from_user(dst, src, count);
}
/*
* Return the size of a string (including the ending 0)
*
......
......@@ -1368,6 +1368,7 @@ config CPU_LOONGSON3
select WEAK_ORDERING
select WEAK_REORDERING_BEYOND_LLSC
select MIPS_PGD_C0_CONTEXT
select MIPS_L1_CACHE_SHIFT_6
select GPIOLIB
help
The Loongson 3 processor implements the MIPS64R2 instruction
......
......@@ -80,7 +80,7 @@ static unsigned int calculate_min_delta(void)
}
/* Sorted insert of 75th percentile into buf2 */
for (k = 0; k < i; ++k) {
for (k = 0; k < i && k < ARRAY_SIZE(buf2); ++k) {
if (buf1[ARRAY_SIZE(buf1) - 1] < buf2[k]) {
l = min_t(unsigned int,
i, ARRAY_SIZE(buf2) - 1);
......
......@@ -257,7 +257,7 @@ int arch_check_elf(void *_ehdr, bool has_interpreter, void *_interp_ehdr,
else if ((prog_req.fr1 && prog_req.frdefault) ||
(prog_req.single && !prog_req.frdefault))
/* Make sure 64-bit MIPS III/IV/64R1 will not pick FR1 */
state->overall_fp_mode = ((current_cpu_data.fpu_id & MIPS_FPIR_F64) &&
state->overall_fp_mode = ((raw_current_cpu_data.fpu_id & MIPS_FPIR_F64) &&
cpu_has_mips_r2_r6) ?
FP_FR1 : FP_FR0;
else if (prog_req.fr1)
......
......@@ -244,9 +244,6 @@ static int compute_signal(int tt)
void sleeping_thread_to_gdb_regs(unsigned long *gdb_regs, struct task_struct *p)
{
int reg;
struct thread_info *ti = task_thread_info(p);
unsigned long ksp = (unsigned long)ti + THREAD_SIZE - 32;
struct pt_regs *regs = (struct pt_regs *)ksp - 1;
#if (KGDB_GDB_REG_SIZE == 32)
u32 *ptr = (u32 *)gdb_regs;
#else
......@@ -254,25 +251,46 @@ void sleeping_thread_to_gdb_regs(unsigned long *gdb_regs, struct task_struct *p)
#endif
for (reg = 0; reg < 16; reg++)
*(ptr++) = regs->regs[reg];
*(ptr++) = 0;
/* S0 - S7 */
for (reg = 16; reg < 24; reg++)
*(ptr++) = regs->regs[reg];
*(ptr++) = p->thread.reg16;
*(ptr++) = p->thread.reg17;
*(ptr++) = p->thread.reg18;
*(ptr++) = p->thread.reg19;
*(ptr++) = p->thread.reg20;
*(ptr++) = p->thread.reg21;
*(ptr++) = p->thread.reg22;
*(ptr++) = p->thread.reg23;
for (reg = 24; reg < 28; reg++)
*(ptr++) = 0;
/* GP, SP, FP, RA */
for (reg = 28; reg < 32; reg++)
*(ptr++) = regs->regs[reg];
*(ptr++) = regs->cp0_status;
*(ptr++) = regs->lo;
*(ptr++) = regs->hi;
*(ptr++) = regs->cp0_badvaddr;
*(ptr++) = regs->cp0_cause;
*(ptr++) = regs->cp0_epc;
*(ptr++) = (long)p;
*(ptr++) = p->thread.reg29;
*(ptr++) = p->thread.reg30;
*(ptr++) = p->thread.reg31;
*(ptr++) = p->thread.cp0_status;
/* lo, hi */
*(ptr++) = 0;
*(ptr++) = 0;
/*
* BadVAddr, Cause
* Ideally these would come from the last exception frame up the stack
* but that requires unwinding, otherwise we can't know much for sure.
*/
*(ptr++) = 0;
*(ptr++) = 0;
/*
* PC
* use return address (RA), i.e. the moment after return from resume()
*/
*(ptr++) = p->thread.reg31;
}
void kgdb_arch_set_pc(struct pt_regs *regs, unsigned long pc)
......
......@@ -433,8 +433,8 @@ static int multu_func(struct pt_regs *regs, u32 ir)
rs = regs->regs[MIPSInst_RS(ir)];
res = (u64)rt * (u64)rs;
rt = res;
regs->lo = (s64)rt;
regs->hi = (s64)(res >> 32);
regs->lo = (s64)(s32)rt;
regs->hi = (s64)(s32)(res >> 32);
MIPS_R2_STATS(muls);
......@@ -670,9 +670,9 @@ static int maddu_func(struct pt_regs *regs, u32 ir)
res += ((((s64)rt) << 32) | (u32)rs);
rt = res;
regs->lo = (s64)rt;
regs->lo = (s64)(s32)rt;
rs = res >> 32;
regs->hi = (s64)rs;
regs->hi = (s64)(s32)rs;
MIPS_R2_STATS(dsps);
......@@ -728,9 +728,9 @@ static int msubu_func(struct pt_regs *regs, u32 ir)
res = ((((s64)rt) << 32) | (u32)rs) - res;
rt = res;
regs->lo = (s64)rt;
regs->lo = (s64)(s32)rt;
rs = res >> 32;
regs->hi = (s64)rs;
regs->hi = (s64)(s32)rs;
MIPS_R2_STATS(dsps);
......
......@@ -388,8 +388,8 @@ config DISABLE_MPROFILE_KERNEL
be disabled also.
If you have a toolchain which supports mprofile-kernel, then you can
enable this. Otherwise leave it disabled. If you're not sure, say
"N".
disable this. Otherwise leave it enabled. If you're not sure, say
"Y".
config MPROFILE_KERNEL
depends on PPC64 && CPU_LITTLE_ENDIAN
......
......@@ -70,8 +70,9 @@ extern void drop_cop(unsigned long acop, struct mm_struct *mm);
* switch_mm is the entry point called from the architecture independent
* code in kernel/sched/core.c
*/
static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
struct task_struct *tsk)
static inline void switch_mm_irqs_off(struct mm_struct *prev,
struct mm_struct *next,
struct task_struct *tsk)
{
/* Mark this context has been used on the new CPU */
if (!cpumask_test_cpu(smp_processor_id(), mm_cpumask(next)))
......@@ -110,6 +111,18 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
switch_mmu_context(prev, next, tsk);
}
static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
struct task_struct *tsk)
{
unsigned long flags;
local_irq_save(flags);
switch_mm_irqs_off(prev, next, tsk);
local_irq_restore(flags);
}
#define switch_mm_irqs_off switch_mm_irqs_off
#define deactivate_mm(tsk,mm) do { } while (0)
/*
......
......@@ -337,7 +337,7 @@
#define LPCR_DPFD_SH 52
#define LPCR_DPFD (ASM_CONST(7) << LPCR_DPFD_SH)
#define LPCR_VRMASD_SH 47
#define LPCR_VRMASD (ASM_CONST(1) << LPCR_VRMASD_SH)
#define LPCR_VRMASD (ASM_CONST(0x1f) << LPCR_VRMASD_SH)
#define LPCR_VRMA_L ASM_CONST(0x0008000000000000)
#define LPCR_VRMA_LP0 ASM_CONST(0x0001000000000000)
#define LPCR_VRMA_LP1 ASM_CONST(0x0000800000000000)
......
......@@ -15,7 +15,7 @@ CFLAGS_btext.o += -fPIC
endif
CFLAGS_cputable.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
CFLAGS_init.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
CFLAGS_prom_init.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
CFLAGS_btext.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
CFLAGS_prom.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
......
......@@ -724,7 +724,7 @@ static int eeh_reset_device(struct eeh_pe *pe, struct pci_bus *bus,
*/
#define MAX_WAIT_FOR_RECOVERY 300
static void eeh_handle_normal_event(struct eeh_pe *pe)
static bool eeh_handle_normal_event(struct eeh_pe *pe)
{
struct pci_bus *frozen_bus;
struct eeh_dev *edev, *tmp;
......@@ -736,7 +736,7 @@ static void eeh_handle_normal_event(struct eeh_pe *pe)
if (!frozen_bus) {
pr_err("%s: Cannot find PCI bus for PHB#%d-PE#%x\n",
__func__, pe->phb->global_number, pe->addr);
return;
return false;
}
eeh_pe_update_time_stamp(pe);
......@@ -870,7 +870,7 @@ static void eeh_handle_normal_event(struct eeh_pe *pe)
pr_info("EEH: Notify device driver to resume\n");
eeh_pe_dev_traverse(pe, eeh_report_resume, NULL);
return;
return false;
excess_failures:
/*
......@@ -915,8 +915,12 @@ static void eeh_handle_normal_event(struct eeh_pe *pe)
pci_lock_rescan_remove();
pci_hp_remove_devices(frozen_bus);
pci_unlock_rescan_remove();
/* The passed PE should no longer be used */
return true;
}
}
return false;
}
static void eeh_handle_special_event(void)
......@@ -982,7 +986,14 @@ static void eeh_handle_special_event(void)
*/
if (rc == EEH_NEXT_ERR_FROZEN_PE ||
rc == EEH_NEXT_ERR_FENCED_PHB) {
eeh_handle_normal_event(pe);
/*
* eeh_handle_normal_event() can make the PE stale if it
* determines that the PE cannot possibly be recovered.
* Don't modify the PE state if that's the case.
*/
if (eeh_handle_normal_event(pe))
continue;
eeh_pe_state_clear(pe, EEH_PE_RECOVERING);
} else {
pci_lock_rescan_remove();
......
......@@ -735,8 +735,14 @@ END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
andis. r15,r14,(DBSR_IC|DBSR_BT)@h
beq+ 1f
#ifdef CONFIG_RELOCATABLE
ld r15,PACATOC(r13)
ld r14,interrupt_base_book3e@got(r15)
ld r15,__end_interrupts@got(r15)
#else
LOAD_REG_IMMEDIATE(r14,interrupt_base_book3e)
LOAD_REG_IMMEDIATE(r15,__end_interrupts)
#endif
cmpld cr0,r10,r14
cmpld cr1,r10,r15
blt+ cr0,1f
......@@ -799,8 +805,14 @@ kernel_dbg_exc:
andis. r15,r14,(DBSR_IC|DBSR_BT)@h
beq+ 1f
#ifdef CONFIG_RELOCATABLE
ld r15,PACATOC(r13)
ld r14,interrupt_base_book3e@got(r15)
ld r15,__end_interrupts@got(r15)
#else
LOAD_REG_IMMEDIATE(r14,interrupt_base_book3e)
LOAD_REG_IMMEDIATE(r15,__end_interrupts)
#endif
cmpld cr0,r10,r14
cmpld cr1,r10,r15
blt+ cr0,1f
......
......@@ -205,6 +205,8 @@ static void machine_check_process_queued_event(struct irq_work *work)
{
int index;
add_taint(TAINT_MACHINE_CHECK, LOCKDEP_NOW_UNRELIABLE);
/*
* For now just print it to console.
* TODO: log this error event to FSP or nvram.
......
......@@ -561,6 +561,7 @@ static ssize_t nvram_pstore_read(u64 *id, enum pstore_type_id *type,
static struct pstore_info nvram_pstore_info = {
.owner = THIS_MODULE,
.name = "nvram",
.flags = PSTORE_FLAGS_DMESG,
.open = nvram_pstore_open,
.read = nvram_pstore_read,
.write = nvram_pstore_write,
......
......@@ -839,6 +839,25 @@ static void tm_reclaim_thread(struct thread_struct *thr,
if (!MSR_TM_SUSPENDED(mfmsr()))
return;
/*
* If we are in a transaction and FP is off then we can't have
* used FP inside that transaction. Hence the checkpointed
* state is the same as the live state. We need to copy the
* live state to the checkpointed state so that when the
* transaction is restored, the checkpointed state is correct
* and the aborted transaction sees the correct state. We use
* ckpt_regs.msr here as that's what tm_reclaim will use to
* determine if it's going to write the checkpointed state or
* not. So either this will write the checkpointed registers,
* or reclaim will. Similarly for VMX.
*/
if ((thr->ckpt_regs.msr & MSR_FP) == 0)
memcpy(&thr->ckfp_state, &thr->fp_state,
sizeof(struct thread_fp_state));
if ((thr->ckpt_regs.msr & MSR_VEC) == 0)
memcpy(&thr->ckvr_state, &thr->vr_state,
sizeof(struct thread_vr_state));
giveup_all(container_of(thr, struct task_struct, thread));
tm_reclaim(thr, thr->ckpt_regs.msr, cause);
......
......@@ -302,8 +302,6 @@ long machine_check_early(struct pt_regs *regs)
__this_cpu_inc(irq_stat.mce_exceptions);
add_taint(TAINT_MACHINE_CHECK, LOCKDEP_NOW_UNRELIABLE);
if (cur_cpu_spec && cur_cpu_spec->machine_check_early)
handled = cur_cpu_spec->machine_check_early(regs);
return handled;
......@@ -737,6 +735,8 @@ void machine_check_exception(struct pt_regs *regs)
__this_cpu_inc(irq_stat.mce_exceptions);
add_taint(TAINT_MACHINE_CHECK, LOCKDEP_NOW_UNRELIABLE);
/* See if any machine dependent calls. In theory, we would want
* to call the CPU first, and call the ppc_md. one if the CPU
* one returns a positive number. However there is existing code
......
......@@ -81,7 +81,7 @@ struct page *new_iommu_non_cma_page(struct page *page, unsigned long private,
gfp_t gfp_mask = GFP_USER;
struct page *new_page;
if (PageHuge(page) || PageTransHuge(page) || PageCompound(page))
if (PageCompound(page))
return NULL;
if (PageHighMem(page))
......@@ -100,7 +100,7 @@ static int mm_iommu_move_page_from_cma(struct page *page)
LIST_HEAD(cma_migrate_pages);
/* Ignore huge pages for now */
if (PageHuge(page) || PageTransHuge(page) || PageCompound(page))
if (PageCompound(page))
return -EBUSY;
lru_add_drain();
......
......@@ -146,7 +146,7 @@ opal_tracepoint_entry:
opal_tracepoint_return:
std r3,STK_REG(R31)(r1)
mr r4,r3
ld r0,STK_REG(R23)(r1)
ld r3,STK_REG(R23)(r1)
bl __trace_opal_exit
ld r3,STK_REG(R31)(r1)
addi r1,r1,STACKFRAMESIZE
......
......@@ -288,7 +288,6 @@ int dlpar_detach_node(struct device_node *dn)
if (rc)
return rc;
of_node_put(dn); /* Must decrement the refcount */
return 0;
}
......
......@@ -426,6 +426,20 @@ static void *nt_vmcoreinfo(void *ptr)
return nt_init_name(ptr, 0, vmcoreinfo, size, "VMCOREINFO");
}
/*
* Initialize final note (needed for /proc/vmcore code)
*/
static void *nt_final(void *ptr)
{
Elf64_Nhdr *note;
note = (Elf64_Nhdr *) ptr;
note->n_namesz = 0;
note->n_descsz = 0;
note->n_type = 0;
return PTR_ADD(ptr, sizeof(Elf64_Nhdr));
}
/*
* Initialize ELF header (new kernel)
*/
......@@ -513,6 +527,7 @@ static void *notes_init(Elf64_Phdr *phdr, void *ptr, u64 notes_offset)
if (sa->prefix != 0)
ptr = fill_cpu_elf_notes(ptr, cpu++, sa);
ptr = nt_vmcoreinfo(ptr);
ptr = nt_final(ptr);
memset(phdr, 0, sizeof(*phdr));
phdr->p_type = PT_NOTE;
phdr->p_offset = notes_offset;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment