Update to 4.14.17

Refresh cpupower-fix-checks-for-cpu-existence.patch patch
2018-02-04 13:33:30 +01:00 · 2018-02-04 13:33:30 +01:00 · 0a69e0b046
parent a870b2741a
commit 0a69e0b046
4 changed files with 155 additions and 60 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,4 +1,4 @@
-linux (4.14.16-1) UNRELEASED; urgency=medium
+linux (4.14.17-1) UNRELEASED; urgency=medium

  * New upstream stable update:
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.14
@ -269,9 +269,157 @@ linux (4.14.16-1) UNRELEASED; urgency=medium
    - [arm64] bpf: fix stack_depth tracking in combination with tail calls
    - cpufreq: governor: Ensure sufficiently large sampling intervals
    - nfsd: auth: Fix gid sorting when rootsquash enabled (CVE-2018-1000028)
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.17
+    - futex: Fix OWNER_DEAD fixup
+    - loop: fix concurrent lo_open/lo_release (CVE-2018-5344)
+    - [x86] KVM: Fix CPUID function for word 6 (80000001_ECX)
+    - gpio: Fix kernel stack leak to userspace
+    - ALSA: hda - Reduce the suspend time consumption for ALC256
+    - crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
+    - [x86] crypto: aesni - handle zero length dst buffer
+    - [x86] crypto: aesni - fix typo in generic_gcmaes_decrypt
+    - crypto: gcm - add GCM IV size constant
+    - [x86] crypto: aesni - Use GCM IV size constant
+    - [x86] crypto: aesni - add wrapper for generic gcm(aes)
+    - [x86] crypto: aesni - Fix out-of-bounds access of the data buffer in
+      generic-gcm-aesni
+    - [x86] crypto: aesni - Fix out-of-bounds access of the AAD buffer in
+      generic-gcm-aesni
+    - [arm64] crypto: inside-secure - fix hash when length is a multiple of a
+      block
+    - [arm64] crypto: inside-secure - avoid unmapping DMA memory that was not
+      mapped
+    - crypto: sha3-generic - fixes for alignment and big endian operation
+    - crypto: af_alg - whitelist mask and type
+    - HID: wacom: EKR: ensure devres groups at higher indexes are released
+    - HID: wacom: Fix reporting of touch toggle (WACOM_HID_WD_MUTE_DEVICE)
+      events
+    - igb: Free IRQs when device is hotplugged
+    - ima/policy: fix parsing of fsuuid
+    - scsi: aacraid: Fix udev inquiry race condition
+    - scsi: aacraid: Fix hang in kdump
+    - VFS: Handle lazytime in do_mount()
+    - [arm64,armhf] drm/vc4: Account for interrupts in flight
+    - btrfs: Fix transaction abort during failure in btrfs_rm_dev_item
+    - Btrfs: bail out gracefully rather than BUG_ON
+    - cpupowerutils: bench - Fix cpu online check
+    - cpupower : Fix cpupower working when cpu0 is offline
+    - [x86] KVM: nVMX/nSVM: Don't intercept #UD when running L2
+    - [x86] KVM: emulator: Return to user-mode on L1 CPL=0 emulation failure
+    - [x86] KVM: Don't re-execute instruction when not passing CR2 value
+    - [x86] KVM: Fix operand/address-size during instruction decoding
+    - [x86] KVM: nVMX: Fix mmu context after VMLAUNCH/VMRESUME failure
+    - [x86] KVM: fix em_fxstor() sleeping while in atomic
+    - [x86] KVM: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race
+    - [x86] KVM: ioapic: Clear Remote IRR when entry is switched to
+      edge-triggered
+    - [x86] KVM: ioapic: Preserve read-only values in the redirection table
+    - [x86] KVM: nVMX: Fix vmx_check_nested_events() return value in case an
+      event was reinjected to L2
+    - nvme-fabrics: introduce init command check for a queue that is not alive
+    - nvme-fc: check if queue is ready in queue_rq
+    - nvme-loop: check if queue is ready in queue_rq
+    - nvme-pci: disable APST on Samsung SSD 960 EVO + ASUS PRIME B350M-A
+    - nvme-pci: avoid hmb desc array idx out-of-bound when hmmaxd set.
+    - nvmet-fc: correct ref counting error when deferred rcv used
+    - [s390x] topology: fix compile error in file arch/s390/kernel/smp.c
+    - [s390x] zcrypt: Fix wrong comparison leading to strange load balancing
+    - ACPI / bus: Leave modalias empty for devices which are not present
+    - null_blk: fix dev->badblocks leak
+    - [s390x] fix alloc_pgste check in init_new_context again
+    - rxrpc: The mutex lock returned by rxrpc_accept_call() needs releasing
+    - rxrpc: Provide a different lockdep key for call->user_mutex for kernel calls
+    - rxrpc: Fix service endpoint expiry
+    - bcache: check return value of register_shrinker
+    - drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode
+    - [x86] drm/amdkfd: Fix SDMA ring buffer size calculation
+    - [x86] drm/amdkfd: Fix SDMA oversubsription handling
+    - uapi: fix linux/kfd_ioctl.h userspace compilation errors
+    - nvme-rdma: don't complete requests before a send work request has
+      completed
+    - openvswitch: fix the incorrect flow action alloc size
+    - [armhf] drm/rockchip: dw-mipi-dsi: fix possible un-balanced runtime PM
+      enable
+    - mac80211: use QoS NDP for AP probing
+    - mac80211: fix the update of path metric for RANN frame
+    - btrfs: fix deadlock when writing out space cache
+    - sctp: only allow the asoc reset when the asoc outq is empty
+    - sctp: avoid flushing unsent queue when doing asoc reset
+    - sctp: set sender next_tsn for the old result with ctsn_ack_point plus 1
+    - reiserfs: remove unneeded i_version bump
+    - [x86] KVM: Fix softlockup when get the current kvmclock
+    - [x86] KVM: VMX: Fix rflags cache during vCPU reset
+    - Btrfs: fix list_add corruption and soft lockups in fsync
+    - KVM: Let KVM_SET_SIGNAL_MASK work as advertised
+    - xfs: always free inline data before resetting inode fork during ifree
+    - xfs: log recovery should replay deferred ops in order
+    - xen-netfront: remove warning when unloading module
+    - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)
+    - nfsd: Ensure we check stateid validity in the seqid operation checks
+    - grace: replace BUG_ON by WARN_ONCE in exit_net hook
+    - nfsd: check for use of the closed special stateid
+    - race of lockd inetaddr notifiers vs nlmsvc_rqst change
+    - lockd: fix "list_add double add" caused by legacy signal interface
+    - quota: propagate error from __dquot_initialize
+    - [arm64,armhf] net: mvpp2: fix the txq_init error path
+    - [arm64] net: phy: marvell10g: fix the PHY id mask
+    - bnxt_en: Fix an error handling path in 'bnxt_get_module_eeprom()'
+    - Btrfs: incremental send, fix wrong unlink path after renaming file
+    - nvme-pci: fix NULL pointer dereference in nvme_free_host_mem()
+    - xfs: fortify xfs_alloc_buftarg error handling
+    - drm/amdgpu: don't try to move pinned BOs
+    - quota: Check for register_shrinker() failure.
+    - SUNRPC: Allow connect to return EHOSTUNREACH
+    - kmemleak: add scheduling point to kmemleak_scan()
+    - [armhf] drm/omap: Fix error handling path in 'omap_dmm_probe()'
+    - [armhf] drm/omap: displays: panel-dpi: add backlight dependency
+    - xfs: ubsan fixes
+    - xfs: Properly retry failed dquot items in case of error during buffer
+      writeback
+    - perf/core: Fix memory leak triggered by perf --namespace
+    - scsi: aacraid: Prevent crash in case of free interrupt during scsi EH
+      path
+    - scsi: ufs: ufshcd: fix potential NULL pointer dereference in
+      ufshcd_config_vreg
+    - iwlwifi: mvm: fix the TX queue hang timeout for MONITOR vif type
+    - iwlwifi: fix access to prph when transport is stopped
+    - [arm*] dts: NSP: Disable AHCI controller for HR NSP boards
+    - [arm*] ARM: dts: NSP: Fix PPI interrupt types
+    - media: usbtv: add a new usbid
+    - [x86] xen: Support early interrupts in xen pv guests
+    - usb: gadget: don't dereference g until after it has been null checked
+    - staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID
+    - [arm64,armhf] drm/vc4: Move IRQ enable to PM path
+    - [x86] KVM: emulate #UD while in guest mode
+    - [x86] staging: lustre: separate a connection destroy from free struct
+      kib_conn
+    - tty: fix data race between tty_init_dev and flush of buf
+    - USB: serial: pl2303: new device id for Chilitag
+    - USB: cdc-acm: Do not log urb submission errors on disconnect
+    - CDC-ACM: apply quirk for card reader
+    - USB: serial: io_edgeport: fix possible sleep-in-atomic
+    - usbip: prevent bind loops on devices attached to vhci_hcd
+    - usbip: list: don't list devices attached to vhci_hcd
+    - USB: serial: simple: add Motorola Tetra driver
+    - usb: f_fs: Prevent gadget unbind if it is already unbound
+    - usb: uas: unconditionally bring back host after reset
+    - usb/gadget: Fix "high bandwidth" check in usb_gadget_ep_match_desc()
+    - [x86] mei: me: allow runtime pm for platform with D0i3
+    - serial: 8250_of: fix return code when probe function fails to get reset
+    - serial: 8250_uniphier: fix error return code in uniphier_uart_probe()
+    - [armhf] serial: imx: Only wakeup via RTSDEN bit if the system has
+      RTS/CTS
+    - [armhf] spi: imx: do not access registers while clocks disabled
+    - iio: adc: stm32: fix scan of multiple channels with DMA
+    - iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
+    - test_firmware: fix missing unlock on error in
+      config_num_requests_store()
+    - Input: synaptics-rmi4 - unmask F03 interrupts when port is opened
+    - Input: synaptics-rmi4 - do not delete interrupt memory too early
+    - [x86] efi: Clarify that reset attack mitigation needs appropriate
+      userspace

  [ Salvatore Bonaccorso ]
-  * loop: fix concurrent lo_open/lo_release (CVE-2018-5344)
  * [rt] Update to 4.14.15-rt11
  * [rt] Update to 4.14.15-rt13
  * crypto: ecc - Fix NULL pointer deref. on no default_rng (Closes: #886556)
--- a/debian/patches/bugfix/all/cpupower-fix-checks-for-cpu-existence.patch
+++ b/debian/patches/bugfix/all/cpupower-fix-checks-for-cpu-existence.patch
@ -17,6 +17,10 @@ properly distinguish and report the zero and negative cases.

 Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library")
 Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+[carnil: Update/Refresh patch for 4.14.17: The issue with the
+incorrect check has been fixed with upstream commit 53d1cd6b125f.
+Keep in the patch the distinction and report for the zero and
+negative cases.]
 ---
 --- a/tools/power/cpupower/bench/system.c
 +++ b/tools/power/cpupower/bench/system.c
@ -28,7 +32,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 
 	dprintf("set %s as cpufreq governor\n", governor);
 
-	if (cpupower_is_cpu_online(cpu) != 0) {
+-	if (cpupower_is_cpu_online(cpu) != 1) {
 -		perror("cpufreq_cpu_exists");
 -		fprintf(stderr, "error: cpu %u does not exist\n", cpu);
 +	rc = cpupower_is_cpu_online(cpu);
--- a/debian/patches/bugfix/all/loop-fix-concurrent-lo_open-lo_release.patch
+++ b/debian/patches/bugfix/all/loop-fix-concurrent-lo_open-lo_release.patch
@ -1,56 +0,0 @@
-From: Linus Torvalds <torvalds@linux-foundation.org>
-Date: Fri, 5 Jan 2018 16:26:00 -0800
-Subject: loop: fix concurrent lo_open/lo_release
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Origin: https://git.kernel.org/linus/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-5344
-
-范龙飞 reports that KASAN can report a use-after-free in __lock_acquire.
-The reason is due to insufficient serialization in lo_release(), which
-will continue to use the loop device even after it has decremented the
-lo_refcnt to zero.
-
-In the meantime, another process can come in, open the loop device
-again as it is being shut down. Confusion ensues.
-
-Reported-by: 范龙飞 <long7573@126.com>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Jens Axboe <axboe@kernel.dk>
---
- drivers/block/loop.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/block/loop.c b/drivers/block/loop.c
-index bc8e61506968..d5fe720cf149 100644
--- a/drivers/block/loop.c
-+++ b/drivers/block/loop.c
-@@ -1581,9 +1581,8 @@ static int lo_open(struct block_device *bdev, fmode_t mode)
- 	return err;
- }
- 
-static void lo_release(struct gendisk *disk, fmode_t mode)
-+static void __lo_release(struct loop_device *lo)
- {
-	struct loop_device *lo = disk->private_data;
- 	int err;
- 
- 	if (atomic_dec_return(&lo->lo_refcnt))
-@@ -1610,6 +1609,13 @@ static void lo_release(struct gendisk *disk, fmode_t mode)
- 	mutex_unlock(&lo->lo_ctl_mutex);
- }
- 
-+static void lo_release(struct gendisk *disk, fmode_t mode)
-+{
-+	mutex_lock(&loop_index_mutex);
-+	__lo_release(disk->private_data);
-+	mutex_unlock(&loop_index_mutex);
-+}
-+
- static const struct block_device_operations lo_fops = {
- 	.owner =	THIS_MODULE,
- 	.open =		lo_open,
-- 
-2.15.1
-
--- a/debian/patches/series
+++ b/debian/patches/series
@ -122,7 +122,6 @@ bugfix/all/dccp-cve-2017-8824-use-after-free-in-dccp-code.patch
 bugfix/all/media-dvb-usb-v2-lmedm04-Improve-logic-checking-of-w.patch
 bugfix/all/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_.patch
 bugfix/all/media-hdpvr-fix-an-error-handling-path-in-hdpvr_prob.patch
-bugfix/all/loop-fix-concurrent-lo_open-lo_release.patch

 # Fix exported symbol versions
 bugfix/all/module-disable-matching-missing-version-crc.patch