Commit cc3c6eb2 authored by Lorenzo "Palinuro" Faletra's avatar Lorenzo "Palinuro" Faletra
Browse files

Import Debian changes 4.9.30-1parrot30

linux (4.9.30-1parrot30) testing; urgency=medium

  * Import new upstream release.

linux (4.9.30-1) unstable; urgency=medium

  * New upstream stable update:
    - [arm64] Revert "mmc: sdhci-msm: Enable few quirks"
    - ping: implement proper locking
    - [sparc64] kern_addr_valid regression
    - [sparc64] Fix kernel panic due to erroneous #ifdef surrounding
    - net: neigh: guard against NULL solicit() method
    - net: phy: handle state correctly in phy_stop_machine
    - bpf: improve verifier packet range checks
    - net/mlx5: Avoid dereferencing uninitialized pointer
    - l2tp: hold tunnel socket when handling control frames in l2tp_ip
      and l2tp_ip6
    - l2tp: purge socket queues in the .destruct() callback
    - net/packet: fix overflow in check for tp_frame_nr
    - net/packet: fix overflow in check for tp_reserve
    - l2tp: take reference on sessions being dumped
    - l2tp: fix PPP pseudo-wire auto-loading
    - net: ipv4: fix multipath RTM_GETROUTE behavior when iif is given
    - sctp: listen on the sock only when it's state is listening or
    - tcp: clear saved_syn in tcp_disconnect()
    - ipv6: Fix idev->addr_list corruption
    - net-timestamp: avoid use-after-free in ip_recv_error
    - net: vrf: Fix setting NLM_F_EXCL flag when adding l3mdev rule
    - dp83640: don't recieve time stamps twice
    - gso: Validate assumption of frag_list segementation
    - net: ipv6: RTF_PCPU should not be settable from userspace
    - netpoll: Check for skb->queue_mapping
    - ip6mr: fix notification device destruction
    - net/mlx5: Fix driver load bad flow when having fw
      initializing timeout
    - net/mlx5e: Fix small packet threshold
    - net/mlx5e: Fix ETHTOOL_GRXCLSRLALL handling
    - macvlan: Fix device ref leak when purging bc_queue
    - net: ipv6: regenerate host route if moved to gc list
    - net: phy: fix auto-negotiation stall due to unavailable interrupt
    - ipv6: check skb->protocol before lookup for nexthop
    - tcp: memset ca_priv data to 0 properly
    - ipv6: check raw payload size correctly in ioctl
    - ALSA: oxfw: fix regression to handle Stanton SCS.1m/1d
    - ALSA: firewire-lib: fix inappropriate assignment between
      signed/unsigned type
    - ALSA: seq: Don't break snd_use_lock_sync() loop by timeout
    - [mips*] KGDB: Use kernel context for sleeping threads
    - [mips*] Avoid BUG warning in arch_check_elf
    - p9_client_readdir() fix
    - [x86] ASoC: intel: Fix PM and non-atomic crash in bytcr drivers
    - Input: i8042 - add Clevo P650RS to the i8042 reset list
    - nfsd: check for oversized NFSv2/v3 arguments
    - nfsd4: minor NFSv2/v3 write decoding cleanup
    - nfsd: stricter decoding of write-like NFSv2/v3 ops
    - ceph: fix recursion between ceph_set_acl() and __ceph_setattr()
    - macsec: avoid heap overflow in skb_to_sgvec
    - net: can: usb: gs_usb: Fix buffer on stack
    - [x86] ftrace: Fix triple fault with graph tracing and suspend-to-ram
    - timerfd: Protect the might cancel mechanism proper
    - Handle mismatched open calls
    - [x86] tpm_tis: use default timeout value if chip reports it as zero
    - scsi: storvsc: Workaround for virtual DVD SCSI version
    - [powerpc, x86] hwmon: (it87) Avoid registering the same chip on both SIO
    - 8250_pci: Fix potential use-after-free in error path
    - ceph: try getting buffer capability for readahead/fadvise
    - cpu/hotplug: Serialize callback invocations proper
    - dm ioctl: prevent stack leak in dm ioctl call
    - 9p: fix a potential acl leak
    - hwmon: (it87) Fix pwm4 detection for IT8620 and IT8628
    - [x86] tpm: fix RC value check in tpm2_seal_trusted
    - [x86] tmp: use pdev for parent device in tpm_chip_alloc
    - cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores
    - [powerpc*] mm: Fixup wrong LPCR_VRMASD value
    - [powerpc*] powernv: Fix opal_exit tracepoint opcode
    - [powerpc*] Correctly disable latent entropy GCC plugin on
    - [x86] perf/x86/intel/pt: Add format strings for PTWRITE and power
      event tracing
    - [arm64] dts: r8a7795: Mark EthernetAVB device node disabled
    - [arm64] dts: qcom: Fix ipq board clock rates
    - [arm64] Improve detection of user/non-user mappings in
    - [armhf] OMAP5 / DRA7: Fix HYP mode boot for thumb2 build
    - [armhf] dts: sun7i: lamobo-r1: Fix CPU port RGMII settings
    - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print
    - mwifiex: remove redundant dma padding in AMSDU
    - mwifiex: Avoid skipping WEP key deletion for AP
    - iwlwifi: fix MODULE_FIRMWARE for 6030
    - iwlwifi: mvm: don't restart HW if suspend fails with unified image
    - iwlwifi: mvm: overwrite skb info later
    - iwlwifi: pcie: don't increment / decrement a bool
    - iwlwifi: pcie: trans: Remove unused 'shift_param'
    - iwlwifi: pcie: fix the set of DMA memory mask
    - iwlwifi: mvm: fix reorder timer re-arming
    - iwlwifi: mvm: Use aux queue for offchannel frames in dqa
    - iwlwifi: mvm/pcie: adjust A-MSDU tx_cmd length in PCIe
    - iwlwifi: mvm: fix pending frame counter calculation
    - iwlwifi: mvm: fix references to first_agg_queue in DQA mode
    - iwlwifi: mvm: synchronize firmware DMA paging memory
    - iwlwifi: mvm: writing zero bytes to debugfs causes a crash
    - [x86] ioapic: Restore IO-APIC irq_chip retrigger callback
    - [amd64] x86/pci-calgary: Fix iommu_free() comparison of unsigned
      expression >= 0
    - [x86] kprobes/x86: Fix kernel panic when certain exception-
      handling addresses are probed
    - [x86] platform/intel-mid: Correct MSI IRQ line for watchdog device
    - [x86] KVM: nVMX: initialize PML fields in vmcs02
    - [x86] KVM: nVMX: do not leak PML full vmexit to L1
    - [arm64, armhf] usb: dwc2: host: use msleep() for long delay
    - [armhf] usb: host: ehci-exynos: Decrese node refcount on
      exynos_ehci_get_phy() error paths
    - [armhf] usb: host: ohci-exynos: Decrese node refcount on
      exynos_ehci_get_phy() error paths
    - [arm64, armhf] usb: chipidea: Only read/write OTGSC from one place
    - [arm64, armhf] usb: chipidea: Handle extcon events properly
    - USB: serial: keyspan_pda: fix receive sanity checks
    - USB: serial: digi_acceleport: fix incomplete rx sanity check
    - USB: serial: ssu100: fix control-message error handling
    - USB: serial: io_edgeport: fix epic-descriptor handling
    - USB: serial: ti_usb_3410_5052: fix control-message error handling
    - USB: serial: ark3116: fix open error handling
    - USB: serial: ftdi_sio: fix latency-timer error handling
    - USB: serial: quatech2: fix control-message error handling
    - USB: serial: mct_u232: fix modem-status error handling
    - USB: serial: io_edgeport: fix descriptor error handling
    - [armhf] clk: rockchip: add "," to
      mux_pll_src_apll_dpll_gpll_usb480m_p on rk3036
    - phy: qcom-usb-hs: Add depends on EXTCON
    - scsi: qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr
    - scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m
    - scsi: smartpqi: fix time handling
    - [mips*] R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix
    - brcmfmac: Ensure pointer correctly set if skb data location
    - brcmfmac: Make skb header writable before use
    - [x86] staging/lustre/llite: move root_squash from sysfs to debugfs
    - [x86] staging: wlan-ng: add missing byte order conversion
    - ALSA: hda - Fix deadlock of controller device lock at unbinding
    - [sparc64] fix fault handling in NGbzero.S and GENbzero.S
    - macsec: dynamically allocate space for sglist
    - tcp: do not underestimate skb->truesize in tcp_trim_head()
    - bpf: enhance verifier to understand stack pointer arithmetic
    - [arm64] bpf: fix jit branch offset related to ldimm64
    - tcp: fix wraparound issue in tcp_lp
    - net: ipv6: Do not duplicate DAD on link up
    - net: usb: qmi_wwan: add Telit ME910 support
    - tcp: do not inherit fastopen_req from parent
    - ipv4, ipv6: ensure raw socket message is big enough to hold
      an IP header
    - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string
    - ipv6: initialize route null entry in addrconf_init()
    - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf
    - bnxt_en: allocate enough space for ->ntp_fltr_bmap
    - bpf: don't let ldimm64 leak map addresses on unprivileged
    - f2fs: sanity check segment count
    - xen: Revert commits da72ff5bfcb0 and 72a9b186292d
    - [arm64, armhf] wlcore: Pass win_size taken from
      ieee80211_sta to FW
    - [arm64, armhf] wlcore: Add RX_BA_WIN_SIZE_CHANGE_EVENT event
    - drm/ttm: fix use-after-free races in vm fault handling
    - block: get rid of blk_integrity_revalidate()
    - [x86] xen: adjust early dom0 p2m handling to xen hypervisor behavior
    - target: Fix compare_and_write_callback handling for non GOOD status
    - target/fileio: Fix zero-length READ and WRITE handling
    - iscsi-target: Set session_fall_back_to_erl0 when forcing reinstatement
    - usb: xhci: bInterval quirk for TI TUSB73x0
    - usb: host: xhci: print correct command ring address
    - USB: Proper handling of Race Condition when two USB class drivers try to
      call init_usb_class simultaneously
    - USB: Revert "cdc-wdm: fix "out-of-sync" due to missing notifications"
    - [x86] staging: vt6656: use off stack for in buffer USB transfers.
    - [x86] staging: vt6656: use off stack for out buffer USB transfers.
    - [x86] staging: comedi: jr3_pci: fix possible null pointer dereference
    - [x86] staging: comedi: jr3_pci: cope with jiffies wraparound
    - usb: misc: add missing continue in switch
    - usb: gadget: legacy gadgets are optional
    - usb: Make sure usb/phy/of gets built-in
    - usb: hub: Fix error loop seen after hub communication errors
    - usb: hub: Do not attempt to autosuspend disconnected devices
    - [x86] boot: Fix BSS corruption/overwrite bug in early x86 kernel startup
    - [amd64] pmem: Fix cache flushing for iovec write < 8 bytes
    - [x86] perf: Fix Broadwell-EP DRAM RAPL events
    - [x86] KVM: fix user triggerable warning in kvm_apic_accept_events()
    - [armhf,arm64] KVM: fix races in kvm_psci_vcpu_on
    - [arm64] KVM: Fix decoding of Rt/Rt2 when trapping AArch32 CP accesses
    - block: fix blk_integrity_register to use template's interval_exp if not 0
    - crypto: algif_aead - Require setkey before accept(2)
    - [x86] crypto: ccp - Use only the relevant interrupt bits
    - [x86] crypto: ccp - Disable interrupts early on unload
    - [x86] crypto: ccp - Change ISR handler method for a v3 CCP
    - [x86] crypto: ccp - Change ISR handler method for a v5 CCP
    - dm era: save spacemap metadata root after the pre-commit
    - dm rq: check blk_mq_register_dev() return value in
    - dm thin: fix a memory leak when passing discard bio down
    - vfio/type1: Remove locked page accounting workqueue
    - iov_iter: don't revert iov buffer if csum error
    - IB/core: Fix sysfs registration error flow
    - IB/core: For multicast functions, verify that LIDs are multicast LIDs
    - IB/IPoIB: ibX: failed to create mcg debug file
    - IB/mlx4: Fix ib device initialization error flow
    - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level
    - IB/hfi1: Prevent kernel QP post send hard lockups
    - perf auxtrace: Fix no_size logic in addr_filter__resolve_kernel_syms()
    - ext4: evict inline data when writing to memory map
    - fs/xattr.c: zero out memory copied to userspace in getxattr
    - ceph: fix memory leak in __ceph_setxattr()
    - fs/block_dev: always invalidate cleancache in invalidate_bdev()
    - mm: prevent potential recursive reclaim due to clearing PF_MEMALLOC
    - Fix match_prepath()
    - Set unicode flag on cifs echo request to avoid Mac error
    - SMB3: Work around mount failure when using SMB3 dialect to Macs
    - CIFS: fix mapping of SFM_SPACE and SFM_PERIOD
    - cifs: fix leak in FSCTL_ENUM_SNAPS response handling
    - cifs: fix CIFS_ENUMERATE_SNAPSHOTS oops
    - CIFS: fix oplock break deadlocks
    - cifs: fix CIFS_IOC_GET_MNT_INFO oops
    - CIFS: add misssing SFM mapping for doublequote
    - padata: free correct variable
    - device-dax: fix cdev leak
    - fscrypt: fix context consistency check when key(s) unavailable
    - [armhf] serial: samsung: Use right device for DMA-mapping calls
    - [armhf] serial: omap: fix runtime-pm handling on unbind
    - [armhf] serial: omap: suspend device on probe errors
    - tty: pty: Fix ldisc flush after userspace become aware of the data already
    - Bluetooth: Fix user channel for 32bit userspace on 64bit kernel
    - Bluetooth: hci_bcm: add missing tty-device sanity check
    - Bluetooth: hci_intel: add missing tty-device sanity check
    - ipmi: Fix kernel panic at ipmi_ssif_thread()
    - libnvdimm, region: fix flush hint detection crash
    - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify
    - libnvdimm, pfn: fix 'npfns' vs section alignment
    - [powerpc*/*64*] pstore: Fix flags to enable dumps on powerpc
    - pstore: Shut down worker when unregistering
    - usb: misc: legousbtower: Fix buffers on stack
    - usb: misc: legousbtower: Fix memory leak
    - USB: ene_usb6250: fix DMA to the stack
    - watchdog: pcwd_usb: fix NULL-deref at probe
    - char: lp: fix possible integer overflow in lp_setup() (CVE-2017-1000363)
    - USB: core: replace %p with %pK
    - tpm_tis_core: Choose appropriate timeout for reading burstcount
    - ALSA: hda: Fix cpu lockup when stopping the cmd dmas
    - [armhf] tegra: paz00: Mark panel regulator as enabled on boot
    - fanotify: don't expose EOPENSTALE to userspace
    - tpm_tis_spi: Use single function to transfer data
    - tpm_tis_spi: Abort transfer when too many wait states are signaled
    - tpm_tis_spi: Check correct byte for wait state indicator
    - tpm_tis_spi: Remove limitation of transfers to MAX_SPI_FRAMESIZE bytes
    - tpm_tis_spi: Add small delay after last transfer
    - tpm: msleep() delays - replace with usleep_range() in i2c nuvoton driver
    - tpm: add sleep only for retry in i2c_nuvoton_write_status()
    - tpm_crb: check for bad response size
    - mlx5: Fix mlx5_ib_map_mr_sg mr length
    - infiniband: call ipv6 route lookup via the stub interface
    - dm btree: fix for dm_btree_find_lowest_key()
    - dm raid: select the Kconfig option CONFIG_MD_RAID0
    - dm bufio: avoid a possible ABBA deadlock
    - dm bufio: check new buffer allocation watermark every 30 seconds
    - dm mpath: split and rename activate_path() to prepare for its expanded use
    - dm cache metadata: fail operations if fail_io mode has been established
    - dm bufio: make the parameter "retain_bytes" unsigned long
    - dm thin metadata: call precommit before saving the roots
    - dm space map disk: fix some book keeping in the disk space map
    - md: update slab_cache before releasing new stripes when stripes resizing
    - md: MD_CLOSING needs to be cleared after called md_set_readonly or
    - rtlwifi: rtl8821ae: setup 8812ae RFE according to device type
    - mwifiex: MAC randomization should not be persistent
    - mwifiex: pcie: fix cmd_buf use-after-free in remove/reset
    - ima: accept previously set IMA_NEW_FILE
    - [x86] KVM: Fix load damaged SSEx MXCSR register
    - [x86] KVM: Fix potential preemption when get the current kvmclock
    - [x86] KVM: Fix read out-of-bounds vulnerability in kvm pio emulation
    - [i386] fix 32-bit case of __get_user_asm_u64()
    - [armhf] regulator: rk808: Fix RK818 LDO2
    - [s390x] kdump: Add final note
    - [s390x] cputime: fix incorrect system time
    - ath9k_htc: Add support of AirTies 1eda:2315 AR9271 device
    - ath9k_htc: fix NULL-deref at probe
    - [x86] drm/amdgpu: Make display watermark calculations more accurate
    - [x86] drm/amdgpu: Avoid overflows/divide-by-zero in latency_watermark
    - [x86] drm/amdgpu: Add missing lb_vblank_lead_lines setup to DCE-6 path.
    - drm/nouveau/therm: remove ineffective workarounds for alarm bugs
    - drm/nouveau/tmr: ack interrupt before processing alarms
    - drm/nouveau/tmr: fix corruption of the pending list when rescheduling an
    - drm/nouveau/tmr: avoid processing completed alarms when adding a new one
    - drm/nouveau/tmr: handle races with hw when updating the next alarm time
    - [armhf] gpio: omap: return error if requested debounce time is not
    - cdc-acm: fix possible invalid access when processing notification
    - ohci-pci: add qemu quirk
    - [powerpc*] cxl: Force context lock during EEH flow
    - [powerpc*] cxl: Route eeh events to all drivers in
    - proc: Fix unbalanced hard link numbers
    - of: fix sparse warning in of_pci_range_parser_one
    - of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes()
    - of: fdt: add missing allocation-failure check
    - [powerpc*/*64*] ibmvscsis: Do not send aborted task response
    - [x86] IIO: bmp280-core.c: fix error in humidity calculation
    - IB/hfi1: Return an error on memory allocation failure
    - IB/hfi1: Fix a subcontext memory leak
    - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes
    - pid_ns: Fix race between setns'ed fork() and zap_pid_ns_processes()
    - USB: serial: ftdi_sio: fix setting latency for unprivileged users
    - USB: serial: ftdi_sio: add Olimex ARM-USB-TINY(H) PIDs
    - USB: chaoskey: fix Alea quirk on big-endian hosts
    - f2fs: check entire encrypted bigname when finding a dentry
    - fscrypt: avoid collisions when presenting long encrypted filenames
    - libnvdimm: fix clear length of nvdimm_forget_poison()
    - xhci: remove GFP_DMA flag from allocation
    - usb: host: xhci-plat: propagate return value of platform_get_irq()
    - xhci: apply PME_STUCK_QUIRK and MISSING_CAS quirk for Denverton
    - usb: host: xhci-mem: allocate zeroed Scratchpad Buffer
    - net: irda: irda-usb: fix firmware name on big-endian hosts
    - usbvision: fix NULL-deref at probe
    - mceusb: fix NULL-deref at probe
    - ttusb2: limit messages to buffer size
    - [armhf,arm64] usb: dwc3: gadget: Prevent losing events in event cache
    - [armhf] usb: musb: tusb6010_omap: Do not reset the other direction's
      packet size
    - [armhf] usb: musb: Fix trying to suspend while active for OTG
    - USB: iowarrior: fix info ioctl on big-endian hosts
    - usb: serial: option: add Telit ME910 support
    - USB: serial: qcserial: add more Lenovo EM74xx device IDs
    - USB: serial: mct_u232: fix big-endian baud-rate handling
    - USB: serial: io_ti: fix div-by-zero in set_termios
    - USB: hub: fix SS hub-descriptor handling
    - USB: hub: fix non-SS hub-descriptor handling
    - ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487)
    - iio: hid-sensor: Store restore poll and hysteresis on S3
    - gspca: konica: add missing endpoint sanity check
    - dib0700: fix NULL-deref at probe
    - zr364xx: enforce minimum size when reading header
    - dvb-frontends/cxd2841er: define symbol_rate_min/max in T/C fe-ops
    - digitv: limit messages to buffer size
    - dw2102: limit messages to buffer size
    - cx231xx-audio: fix init error path
    - cx231xx-audio: fix NULL-deref at probe
    - cx231xx-cards: fix NULL-deref at probe
    - [powerpc*] mm: Ensure IRQs are off in switch_mm()
    - [powerpc*] eeh: Avoid use after free in eeh_handle_special_event()
    - [powerpc*] book3s/mce: Move add_taint() later in virtual mode
    - [powerpc*] pseries: Fix of_node_put() underflow during DLPAR remove
    - [powerpc*] iommu: Do not call PageTransHuge() on tail pages
    - [powerpc*] tm: Fix FP and VMX register corruption
    - [arm64] KVM: Do not use stack-protector to compile EL2 code
    - [armhf] KVM: Do not use stack-protector to compile HYP code
    - [armhf] KVM: plug potential guest hardware debug leakage
    - [armel,armhf] 8662/1: module: split core and init PLT sections
    - [armhf] dts: imx6sx-sdb: Remove OPP override
    - [arm64] dts: hi6220: Reset the mmc hosts
    - [arm64] xchg: hazard against entire exchange variable
    - [arm64] ensure extension of smp_store_release value
    - [arm64] armv8_deprecated: ensure extension of addr
    - [arm64] uaccess: ensure extension of access_ok() addr
    - [arm64] documentation: document tagged pointer stack constraints
    - [x86] staging: rtl8192e: rtl92e_fill_tx_desc fix write to mapped out
    - [x86] staging: rtl8192e: fix 2 byte alignment of register BSSIDR.
    - [x86] staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of
    - [x86] staging: rtl8192e: GetTs Fix invalid TID 7 warning.
    - [x86] iommu/vt-d: Flush the IOTLB to get rid of the initial kdump mappings
    - stackprotector: Increase the per-task stack canary's random range from 32
      bits to 64 bits on 64-bit platforms
    - uwb: fix device quirk on big-endian hosts
    - genirq: Fix chained interrupt data ordering
    - nvme: unmap CMB and remove sysfs file in reset path
    - [alpha] osf_wait4(): fix infoleak
    - tracing/kprobes: Enforce kprobes teardown after testing
    - [x86] PCI: hv: Allocate interrupt descriptors with GFP_ATOMIC
    - [x86] PCI: hv: Specify CPU_AFFINITY_ALL for MSI affinity when >= 32 CPUs
    - PCI: Fix pci_mmap_fits() for HAVE_PCI_RESOURCE_TO_USER platforms
    - PCI: Fix another sanity check bug in /proc/pci mmap
    - PCI: Only allow WC mmap on prefetchable resources
    - PCI: Freeze PME scan before suspending devices
    - [armel,armhf] mtd: nand: orion: fix clk handling
    - [armhf] mtd: nand: omap2: Fix partition creation via cmdline mtdparts
    - mtd: nand: add ooblayout for old hamming layout
    - [x86] drm/edid: Add 10 bpc quirk for LGD 764 panel in HP zBook 17 G2
    - NFSv4: Fix a hang in OPEN related to server reboot
    - NFS: Fix use after free in write error path
    - NFS: Use GFP_NOIO for two allocations in writeback
    - nfsd: fix undefined behavior in nfsd4_layout_verify
    - nfsd: encoders mustn't use unitialized values in error cases
    - drivers: char: mem: Check for address space wraparound with mmap()
    - [x86] drm/i915/gvt: Disable access to stolen memory as a guest

  [ Aurelien Jarno ]
  * [mips*/*-malta] Enable POWER_RESET and POWER_RESET_SYSCON.

  [ Uwe Kleine-König ]
  * [arm64] Enable DRM modules (Closes: #863344)
  * Ignore ABI changes in chipidea driver

  [ Ben Hutchings ]
  * Ignore ABI changes in ccp and hid-sensors
  * [mips*el/loongson-3] Revert "MIPS: Loongson-3: Select
    MIPS_L1_CACHE_SHIFT_6" to avoid ABI change
  * SUNRPC: Refactor svc_set_num_threads()
  * NFSv4: Fix callback server shutdown (CVE-2017-9059) (Closes: #862357)
  * uapi: fix linux/if.h userspace compilation errors (see #822393, #824442)
  * debian/control: Fix compiler build-dependencies for cross-building
    (Closes: #863907)
  * Add Debian package version to "hung task" log messages
  * btrfs: warn about RAID5/6 being experimental at mount time (Closes: #863290)
  * [x86] pinctrl: cherryview: Add a quirk to make Acer Chromebook keyboard
    work again (Closes: #862723)
  * [arm64] serial: pl011: add console matching function (Closes: #861898)
  * [rt] Add new GPG subkeys for Sebastian Andrzej Siewior
  * [rt] Update to 4.9.30-rt20:
    - rtmutex: Deboost before waking up the top waiter
    - sched/rtmutex/deadline: Fix a PI crash for deadline tasks
    - sched/deadline/rtmutex: Dont miss the dl_runtime/dl_period update
    - rtmutex: Clean up
    - sched/rtmutex: Refactor rt_mutex_setprio()
    - sched,tracing: Update trace_sched_pi_setprio()
    - rtmutex: Fix PI chain order integrity
    - rtmutex: Fix more prio comparisons
    - rtmutex: Plug preempt count leak in rt_mutex_futex_unlock()
    - futex: Avoid freeing an active timer
    - futex: Fix small (and harmless looking) inconsistencies
    - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock()
    - Revert "timers: Don't wake ktimersoftd on every tick"
    - futex/rtmutex: Cure RT double blocking issue
    - random: avoid preempt_disable()ed section

  [ Salvatore Bonaccorso ]
  * tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
  * dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890)
  * ipv6: Prevent overrun when parsing v6 header options (CVE-2017-9074)
  * sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (CVE-2017-9075)
  * ipv6/dccp: do not inherit ipv6_mc_list from parent (CVE-2017-9076,
  * crypto: skcipher - Add missing API setkey checks (CVE-2017-9211)
  * ipv6: fix out of bound writes in __ip6_append_data() (CVE-2017-9242)

  [ Cyril Brulebois ]
  * udeb: Add efivarfs to efi-modules, which can be needed to retrieve
    firmware or configuration bits from d-i. (Closes: #862555)

  [ John Paul Adrian Glaubitz ]
  * [m68k] udeb: Build loop-modules package (Closes: #862813)
parents 003df7dd ba8e2437
......@@ -296,7 +296,7 @@ static void iommu_free(struct iommu_table *tbl, dma_addr_t dma_addr,
/* were we called with bad_dma_address? */
if (unlikely((dma_addr >= DMA_ERROR_CODE) && (dma_addr < badend))) {
if (unlikely(dma_addr < badend)) {
WARN(1, KERN_ERR "Calgary: driver tried unmapping bad DMA "
"address 0x%Lx\n", dma_addr);
......@@ -846,12 +846,6 @@ void kvm_cpuid(struct kvm_vcpu *vcpu, u32 *eax, u32 *ebx, u32 *ecx, u32 *edx)
if (!best)
best = check_cpuid_limit(vcpu, function, index);
* Perfmon not yet supported for L2 guest.
if (is_guest_mode(vcpu) && function == 0xa)
best = NULL;
if (best) {
*eax = best->eax;
*ebx = best->ebx;
......@@ -8051,8 +8051,6 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu)
return true;
if (kvm_register_read(vcpu, VCPU_REGS_RAX) == 0xa)
return false;
return true;
return nested_cpu_has(vmcs12, CPU_BASED_HLT_EXITING);
......@@ -8137,6 +8135,9 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu)
return nested_cpu_has2(vmcs12, SECONDARY_EXEC_XSAVES);
return false;
/* We don't expose PML support to L1. */
return false;
return true;
......@@ -10073,6 +10074,18 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
if (enable_pml) {
* Conceptually we want to copy the PML address and index from
* vmcs01 here, and then back to vmcs01 on nested vmexit. But,
* since we always flush the log on each vmexit, this happens
* to be equivalent to simply resetting the fields in vmcs02.
vmcs_write64(PML_ADDRESS, page_to_phys(vmx->pml_pg));
vmcs_write16(GUEST_PML_INDEX, PML_ENTITY_NUM - 1);
if (nested_cpu_has_ept(vmcs12)) {
......@@ -1735,6 +1735,7 @@ static u64 __get_kvmclock_ns(struct kvm *kvm)
struct kvm_arch *ka = &kvm->arch;
struct pvclock_vcpu_time_info hv_clock;
u64 ret;
if (!ka->use_master_clock) {
......@@ -1746,10 +1747,17 @@ static u64 __get_kvmclock_ns(struct kvm *kvm)
hv_clock.system_time = ka->master_kernel_ns + ka->kvmclock_offset;
/* both __this_cpu_read() and rdtsc() should be on the same cpu */
kvm_get_time_scale(NSEC_PER_SEC, __this_cpu_read(cpu_tsc_khz) * 1000LL,
return __pvclock_read_cycles(&hv_clock, rdtsc());
ret = __pvclock_read_cycles(&hv_clock, rdtsc());
return ret;
u64 get_kvmclock_ns(struct kvm *kvm)
......@@ -3051,6 +3059,12 @@ static int kvm_vcpu_ioctl_x86_set_vcpu_events(struct kvm_vcpu *vcpu,
(events-> > 31 || events-> == NMI_VECTOR))
return -EINVAL;
/* INITs are latched while in SMM */
if (events->flags & KVM_VCPUEVENT_VALID_SMM &&
(events->smi.smm || events->smi.pending) &&
vcpu->arch.mp_state == KVM_MP_STATE_INIT_RECEIVED)
return -EINVAL;
vcpu->arch.exception.pending = events->exception.injected;
vcpu-> = events->;
......@@ -3225,11 +3239,14 @@ static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
struct kvm_xsave *guest_xsave)
u64 xstate_bv =
*(u64 *)&guest_xsave->region[XSAVE_HDR_OFFSET / sizeof(u32)];
u32 mxcsr = *(u32 *)&guest_xsave->region[XSAVE_MXCSR_OFFSET / sizeof(u32)];
if (boot_cpu_has(X86_FEATURE_XSAVE)) {
......@@ -3237,11 +3254,13 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
* CPUID leaf 0xD, index 0, EDX:EAX. This is for compatibility
* with old userspace.
if (xstate_bv & ~kvm_supported_xcr0())
if (xstate_bv & ~kvm_supported_xcr0() ||
mxcsr & ~mxcsr_feature_mask)
return -EINVAL;
load_xsave(vcpu, (u8 *)guest_xsave->region);
} else {
if (xstate_bv & ~XFEATURE_MASK_FPSSE)
if (xstate_bv & ~XFEATURE_MASK_FPSSE ||
mxcsr & ~mxcsr_feature_mask)
return -EINVAL;
guest_xsave->region, sizeof(struct fxregs_state));
......@@ -4744,16 +4763,20 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt,
static int kernel_pio(struct kvm_vcpu *vcpu, void *pd)
/* TODO: String I/O for in kernel device */
int r;
int r = 0, i;
if (vcpu->
r = kvm_io_bus_read(vcpu, KVM_PIO_BUS, vcpu->arch.pio.port,
vcpu->arch.pio.size, pd);
r = kvm_io_bus_write(vcpu, KVM_PIO_BUS,
vcpu->arch.pio.port, vcpu->arch.pio.size,
for (i = 0; i < vcpu->arch.pio.count; i++) {
if (vcpu->
r = kvm_io_bus_read(vcpu, KVM_PIO_BUS, vcpu->arch.pio.port,
vcpu->arch.pio.size, pd);
r = kvm_io_bus_write(vcpu, KVM_PIO_BUS,
vcpu->arch.pio.port, vcpu->arch.pio.size,
if (r)
pd += vcpu->arch.pio.size;
return r;
......@@ -4791,6 +4814,8 @@ static int emulator_pio_in_emulated(struct x86_emulate_ctxt *ctxt,
if (vcpu->arch.pio.count)
goto data_avail;
memset(vcpu->arch.pio_data, 0, size * count);
ret = emulator_pio_in_out(vcpu, size, port, val, count, true);
if (ret) {
......@@ -7162,6 +7187,12 @@ int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vcpu *vcpu,
mp_state->mp_state != KVM_MP_STATE_RUNNABLE)
return -EINVAL;
/* INITs are latched while in SMM */
if ((is_smm(vcpu) || vcpu->arch.smi_pending) &&
(mp_state->mp_state == KVM_MP_STATE_SIPI_RECEIVED ||
mp_state->mp_state == KVM_MP_STATE_INIT_RECEIVED))
return -EINVAL;
if (mp_state->mp_state == KVM_MP_STATE_SIPI_RECEIVED) {
vcpu->arch.mp_state = KVM_MP_STATE_INIT_RECEIVED;
set_bit(KVM_APIC_SIPI, &vcpu->arch.apic->pending_events);
......@@ -447,7 +447,7 @@ void __init xen_msi_init(void)
int __init pci_xen_hvm_init(void)
if (!xen_feature(XENFEAT_hvm_pirqs))
if (!xen_have_vector_callback || !xen_feature(XENFEAT_hvm_pirqs))
return 0;
......@@ -19,7 +19,7 @@
#include <asm/intel_scu_ipc.h>
#include <asm/io_apic.h>
static struct platform_device wdt_dev = {
.name = "intel_mid_wdt",
......@@ -125,7 +125,7 @@ int poke_user(struct task_struct *child, long addr, long data)
else if ((addr >= offsetof(struct user, u_debugreg[0])) &&
(addr <= offsetof(struct user, u_debugreg[7]))) {
addr -= offsetof(struct user, u_debugreg[0]);
addr = addr >> 2;
addr = addr >> 3;
if ((addr == 4) || (addr == 5))
return -EIO;
child->thread.arch.debugregs[addr] = data;
......@@ -137,6 +137,8 @@ struct shared_info xen_dummy_shared_info;
void *xen_initial_gdt;
RESERVE_BRK(shared_info_page_brk, PAGE_SIZE);
__read_mostly int xen_have_vector_callback;
static int xen_cpu_up_prepare(unsigned int cpu);
static int xen_cpu_up_online(unsigned int cpu);
......@@ -1521,7 +1523,10 @@ static void __init xen_pvh_early_guest_init(void)
if (!xen_feature(XENFEAT_auto_translated_physmap))
if (!xen_feature(XENFEAT_hvm_callback_vector))
xen_have_vector_callback = 1;
xen_pvh_early_cpu_init(0, false);
......@@ -1860,7 +1865,9 @@ static int xen_cpu_up_prepare(unsigned int cpu)
if (xen_pv_domain() || xen_feature(XENFEAT_hvm_safe_pvclock))
if (xen_pv_domain() ||
(xen_have_vector_callback &&
rc = xen_smp_intr_init(cpu);
......@@ -1876,7 +1883,9 @@ static int xen_cpu_dead(unsigned int cpu)
if (xen_pv_domain() || xen_feature(XENFEAT_hvm_safe_pvclock))
if (xen_pv_domain() ||
(xen_have_vector_callback &&
return 0;
......@@ -1915,8 +1924,8 @@ static void __init xen_hvm_guest_init(void)
if (xen_feature(XENFEAT_hvm_callback_vector))
xen_have_vector_callback = 1;
......@@ -1954,7 +1963,7 @@ bool xen_hvm_need_lapic(void)
return false;
if (!xen_hvm_domain())
return false;
if (xen_feature(XENFEAT_hvm_pirqs))
if (xen_feature(XENFEAT_hvm_pirqs) && xen_have_vector_callback)
return false;
return true;
......@@ -2028,7 +2028,8 @@ static unsigned long __init xen_read_phys_ulong(phys_addr_t addr)
* Translate a virtual address to a physical one without relying on mapped
* page tables.
* page tables. Don't rely on big pages being aligned in (guest) physical
* space!
static phys_addr_t __init xen_early_virt_to_phys(unsigned long vaddr)
......@@ -2049,7 +2050,7 @@ static phys_addr_t __init xen_early_virt_to_phys(unsigned long vaddr)
if (!pud_present(pud))
return 0;
pa = pud_pfn(pud) << PAGE_SHIFT;
pa = pud_val(pud) & PTE_PFN_MASK;
if (pud_large(pud))
return pa + (vaddr & ~PUD_MASK);
......@@ -2057,7 +2058,7 @@ static phys_addr_t __init xen_early_virt_to_phys(unsigned long vaddr)
if (!pmd_present(pmd))
return 0;
pa = pmd_pfn(pmd) << PAGE_SHIFT;
pa = pmd_val(pmd) & PTE_PFN_MASK;
if (pmd_large(pmd))
return pa + (vaddr & ~PMD_MASK);
......@@ -765,6 +765,8 @@ static void __init xen_hvm_smp_prepare_cpus(unsigned int max_cpus)
void __init xen_hvm_smp_init(void)
if (!xen_have_vector_callback)
smp_ops.smp_prepare_cpus = xen_hvm_smp_prepare_cpus;
smp_ops.smp_send_reschedule = xen_smp_send_reschedule;
smp_ops.cpu_die = xen_cpu_die;
......@@ -432,6 +432,11 @@ static void xen_hvm_setup_cpu_clockevents(void)
void __init xen_hvm_init_time_ops(void)
/* vector callback is needed otherwise we cannot receive interrupts
* on cpu > 0 and at this point we don't know how many cpus are
* available */
if (!xen_have_vector_callback)
if (!xen_feature(XENFEAT_hvm_safe_pvclock)) {
printk(KERN_INFO "Xen doesn't support pvclock on HVM,"
"disable pv timer\n");
......@@ -412,12 +412,13 @@ void blk_integrity_register(struct gendisk *disk, struct blk_integrity *template
bi->interval_exp = ilog2(queue_logical_block_size(disk->queue));
bi->interval_exp = template->interval_exp ? :
bi->profile = template->profile ? template->profile : &nop_profile;
bi->tuple_size = template->tuple_size;
bi->tag_size = template->tag_size;
disk->queue->backing_dev_info.capabilities |= BDI_CAP_STABLE_WRITES;
......@@ -430,26 +431,11 @@ EXPORT_SYMBOL(blk_integrity_register);
void blk_integrity_unregister(struct gendisk *disk)
disk->queue->backing_dev_info.capabilities &= ~BDI_CAP_STABLE_WRITES;
memset(&disk->queue->integrity, 0, sizeof(struct blk_integrity));
void blk_integrity_revalidate(struct gendisk *disk)
struct blk_integrity *bi = &disk->queue->integrity;
if (!(disk->flags & GENHD_FL_UP))
if (bi->profile)
disk->queue->backing_dev_info.capabilities |=
disk->queue->backing_dev_info.capabilities &=
void blk_integrity_add(struct gendisk *disk)
if (kobject_init_and_add(&disk->integrity_kobj, &integrity_ktype,
......@@ -447,7 +447,6 @@ int rescan_partitions(struct gendisk *disk, struct block_device *bdev)
if (disk->fops->revalidate_disk)
check_disk_size_change(disk, bdev);
bdev->bd_invalidated = 0;
if (!get_capacity(disk) || !(state = check_partition(disk, bdev)))
......@@ -44,6 +44,11 @@ struct aead_async_req {
char iv[];
struct aead_tfm {
struct crypto_aead *aead;
bool has_key;
struct aead_ctx {
struct aead_sg_list tsgl;
struct aead_async_rsgl first_rsgl;
......@@ -732,24 +737,146 @@ static struct proto_ops algif_aead_ops = {
.poll = aead_poll,
static int aead_check_key(struct socket *sock)
int err = 0;
struct sock *psk;
struct alg_sock *pask;
struct aead_tfm *tfm;
struct sock *sk = sock->sk;
struct alg_sock *ask = alg_sk(sk);
if (ask->refcnt)
goto unlock_child;
psk = ask->parent;
pask = alg_sk(ask->parent);
tfm = pask->private;
err = -ENOKEY;
lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
if (!tfm->has_key)
goto unlock;
if (!pask->refcnt++)
ask->refcnt = 1;
err = 0;
return err;
static int aead_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
size_t size)
int err;
err = aead_check_key(sock);
if (err)
return err;
return aead_sendmsg(sock, msg, size);
static ssize_t aead_sendpage_nokey(struct socket *sock, struct page *page,
int offset, size_t size, int flags)
int err;
err = aead_check_key(sock);
if (err)
return err;
return aead_sendpage(sock, page, offset, size, flags);
static int aead_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
size_t ignored, int flags)
int err;
err = aead_check_key(sock);
if (err)
return err;
return aead_recvmsg(sock, msg, ignored, flags);
static struct proto_ops algif_aead_ops_nokey = {
.family = PF_ALG,
.connect = sock_no_connect,
.socketpair = sock_no_socketpair,
.getname = sock_no_getname,
.ioctl = sock_no_ioctl,
.listen = sock_no_listen,
.shutdown = sock_no_shutdown,
.getsockopt = sock_no_getsockopt,
.mmap = sock_no_mmap,
.bind = sock_no_bind,
.accept = sock_no_accept,
.setsockopt = sock_no_setsockopt,
.release = af_alg_release,
.sendmsg = aead_sendmsg_nokey,
.sendpage = aead_sendpage_nokey,
.recvmsg = aead_recvmsg_nokey,
.poll = aead_poll,
static void *aead_bind(const char *name, u32 type, u32 mask)
return crypto_alloc_aead(name, type, mask);
struct aead_tfm *tfm;
struct crypto_aead *aead;
tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
if (!tfm)
return ERR_PTR(-ENOMEM);
aead = crypto_alloc_aead(name, type, mask);
if (IS_ERR(aead)) {
return ERR_CAST(aead);
tfm->aead = aead;
return tfm;
static void aead_release(void *private)
struct aead_tfm *tfm = private;
static int aead_setauthsize(void *private, unsigned int authsize)
return crypto_aead_setauthsize(private, authsize);
struct aead_tfm *tfm = private;
return crypto_aead_setauthsize(tfm->aead, authsize);
static int aead_setkey(void *private, const u8 *key, unsigned int keylen)
return crypto_aead_setkey(private, key, keylen);
struct aead_tfm *tfm = private;
int err;
err = crypto_aead_setkey(tfm->aead, key, keylen);
tfm->has_key = !err;
return err;
static void aead_sock_destruct(struct sock *sk)
......@@ -766,12 +893,14 @@ static void aead_sock_destruct(struct sock *sk)
static int aead_accept_parent(void *private, struct sock *sk)
static int aead_accept_parent_nokey(void *private, struct sock *sk)
struct aead_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
unsigned int len = sizeof(*ctx) + crypto_aead_reqsize(private);
unsigned int ivlen = crypto_aead_ivsize(private);
struct aead_tfm *tfm = private;
struct crypto_aead *aead = tfm->aead;
unsigned int len = sizeof(*ctx) + crypto_aead_reqsize(aead);
unsigned int ivlen = crypto_aead_ivsize(aead);
ctx = sock_kmalloc(sk, len, GFP_KERNEL);
if (!ctx)
......@@ -798,7 +927,7 @@ static int aead_accept_parent(void *private, struct sock *sk)
ask->private = ctx;
aead_request_set_tfm(&ctx->aead_req, private);
aead_request_set_tfm(&ctx->aead_req, aead);
aead_request_set_callback(&ctx->aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG,
af_alg_complete, &ctx->completion);
......@@ -807,13 +936,25 @@ static int aead_accept_parent(void *private, struct sock *sk)
return 0;
static int aead_accept_parent(void *private, struct sock *sk)
struct aead_tfm *tfm = private;
if (!tfm->has_key)
return -ENOKEY;
return aead_accept_parent_nokey(private, sk);
static const struct af_alg_type algif_type_aead = {
.bind = aead_bind,
.release = aead_release,
.setkey = aead_setkey,
.setauthsize = aead_setauthsize,
.accept = aead_accept_parent,
.accept_nokey = aead_accept_parent_nokey,
.ops = &algif_aead_ops,
.ops_nokey = &algif_aead_ops_nokey,
.name = "aead",
.owner = THIS_MODULE
This diff is collapsed.
This diff is collapsed.