Update to 4.14.17
Refresh cpupower-fix-checks-for-cpu-existence.patch patch
This commit is contained in:
parent
a870b2741a
commit
0a69e0b046
|
@ -1,4 +1,4 @@
|
|||
linux (4.14.16-1) UNRELEASED; urgency=medium
|
||||
linux (4.14.17-1) UNRELEASED; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.14
|
||||
|
@ -269,9 +269,157 @@ linux (4.14.16-1) UNRELEASED; urgency=medium
|
|||
- [arm64] bpf: fix stack_depth tracking in combination with tail calls
|
||||
- cpufreq: governor: Ensure sufficiently large sampling intervals
|
||||
- nfsd: auth: Fix gid sorting when rootsquash enabled (CVE-2018-1000028)
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.17
|
||||
- futex: Fix OWNER_DEAD fixup
|
||||
- loop: fix concurrent lo_open/lo_release (CVE-2018-5344)
|
||||
- [x86] KVM: Fix CPUID function for word 6 (80000001_ECX)
|
||||
- gpio: Fix kernel stack leak to userspace
|
||||
- ALSA: hda - Reduce the suspend time consumption for ALC256
|
||||
- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
|
||||
- [x86] crypto: aesni - handle zero length dst buffer
|
||||
- [x86] crypto: aesni - fix typo in generic_gcmaes_decrypt
|
||||
- crypto: gcm - add GCM IV size constant
|
||||
- [x86] crypto: aesni - Use GCM IV size constant
|
||||
- [x86] crypto: aesni - add wrapper for generic gcm(aes)
|
||||
- [x86] crypto: aesni - Fix out-of-bounds access of the data buffer in
|
||||
generic-gcm-aesni
|
||||
- [x86] crypto: aesni - Fix out-of-bounds access of the AAD buffer in
|
||||
generic-gcm-aesni
|
||||
- [arm64] crypto: inside-secure - fix hash when length is a multiple of a
|
||||
block
|
||||
- [arm64] crypto: inside-secure - avoid unmapping DMA memory that was not
|
||||
mapped
|
||||
- crypto: sha3-generic - fixes for alignment and big endian operation
|
||||
- crypto: af_alg - whitelist mask and type
|
||||
- HID: wacom: EKR: ensure devres groups at higher indexes are released
|
||||
- HID: wacom: Fix reporting of touch toggle (WACOM_HID_WD_MUTE_DEVICE)
|
||||
events
|
||||
- igb: Free IRQs when device is hotplugged
|
||||
- ima/policy: fix parsing of fsuuid
|
||||
- scsi: aacraid: Fix udev inquiry race condition
|
||||
- scsi: aacraid: Fix hang in kdump
|
||||
- VFS: Handle lazytime in do_mount()
|
||||
- [arm64,armhf] drm/vc4: Account for interrupts in flight
|
||||
- btrfs: Fix transaction abort during failure in btrfs_rm_dev_item
|
||||
- Btrfs: bail out gracefully rather than BUG_ON
|
||||
- cpupowerutils: bench - Fix cpu online check
|
||||
- cpupower : Fix cpupower working when cpu0 is offline
|
||||
- [x86] KVM: nVMX/nSVM: Don't intercept #UD when running L2
|
||||
- [x86] KVM: emulator: Return to user-mode on L1 CPL=0 emulation failure
|
||||
- [x86] KVM: Don't re-execute instruction when not passing CR2 value
|
||||
- [x86] KVM: Fix operand/address-size during instruction decoding
|
||||
- [x86] KVM: nVMX: Fix mmu context after VMLAUNCH/VMRESUME failure
|
||||
- [x86] KVM: fix em_fxstor() sleeping while in atomic
|
||||
- [x86] KVM: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race
|
||||
- [x86] KVM: ioapic: Clear Remote IRR when entry is switched to
|
||||
edge-triggered
|
||||
- [x86] KVM: ioapic: Preserve read-only values in the redirection table
|
||||
- [x86] KVM: nVMX: Fix vmx_check_nested_events() return value in case an
|
||||
event was reinjected to L2
|
||||
- nvme-fabrics: introduce init command check for a queue that is not alive
|
||||
- nvme-fc: check if queue is ready in queue_rq
|
||||
- nvme-loop: check if queue is ready in queue_rq
|
||||
- nvme-pci: disable APST on Samsung SSD 960 EVO + ASUS PRIME B350M-A
|
||||
- nvme-pci: avoid hmb desc array idx out-of-bound when hmmaxd set.
|
||||
- nvmet-fc: correct ref counting error when deferred rcv used
|
||||
- [s390x] topology: fix compile error in file arch/s390/kernel/smp.c
|
||||
- [s390x] zcrypt: Fix wrong comparison leading to strange load balancing
|
||||
- ACPI / bus: Leave modalias empty for devices which are not present
|
||||
- null_blk: fix dev->badblocks leak
|
||||
- [s390x] fix alloc_pgste check in init_new_context again
|
||||
- rxrpc: The mutex lock returned by rxrpc_accept_call() needs releasing
|
||||
- rxrpc: Provide a different lockdep key for call->user_mutex for kernel calls
|
||||
- rxrpc: Fix service endpoint expiry
|
||||
- bcache: check return value of register_shrinker
|
||||
- drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode
|
||||
- [x86] drm/amdkfd: Fix SDMA ring buffer size calculation
|
||||
- [x86] drm/amdkfd: Fix SDMA oversubsription handling
|
||||
- uapi: fix linux/kfd_ioctl.h userspace compilation errors
|
||||
- nvme-rdma: don't complete requests before a send work request has
|
||||
completed
|
||||
- openvswitch: fix the incorrect flow action alloc size
|
||||
- [armhf] drm/rockchip: dw-mipi-dsi: fix possible un-balanced runtime PM
|
||||
enable
|
||||
- mac80211: use QoS NDP for AP probing
|
||||
- mac80211: fix the update of path metric for RANN frame
|
||||
- btrfs: fix deadlock when writing out space cache
|
||||
- sctp: only allow the asoc reset when the asoc outq is empty
|
||||
- sctp: avoid flushing unsent queue when doing asoc reset
|
||||
- sctp: set sender next_tsn for the old result with ctsn_ack_point plus 1
|
||||
- reiserfs: remove unneeded i_version bump
|
||||
- [x86] KVM: Fix softlockup when get the current kvmclock
|
||||
- [x86] KVM: VMX: Fix rflags cache during vCPU reset
|
||||
- Btrfs: fix list_add corruption and soft lockups in fsync
|
||||
- KVM: Let KVM_SET_SIGNAL_MASK work as advertised
|
||||
- xfs: always free inline data before resetting inode fork during ifree
|
||||
- xfs: log recovery should replay deferred ops in order
|
||||
- xen-netfront: remove warning when unloading module
|
||||
- nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)
|
||||
- nfsd: Ensure we check stateid validity in the seqid operation checks
|
||||
- grace: replace BUG_ON by WARN_ONCE in exit_net hook
|
||||
- nfsd: check for use of the closed special stateid
|
||||
- race of lockd inetaddr notifiers vs nlmsvc_rqst change
|
||||
- lockd: fix "list_add double add" caused by legacy signal interface
|
||||
- quota: propagate error from __dquot_initialize
|
||||
- [arm64,armhf] net: mvpp2: fix the txq_init error path
|
||||
- [arm64] net: phy: marvell10g: fix the PHY id mask
|
||||
- bnxt_en: Fix an error handling path in 'bnxt_get_module_eeprom()'
|
||||
- Btrfs: incremental send, fix wrong unlink path after renaming file
|
||||
- nvme-pci: fix NULL pointer dereference in nvme_free_host_mem()
|
||||
- xfs: fortify xfs_alloc_buftarg error handling
|
||||
- drm/amdgpu: don't try to move pinned BOs
|
||||
- quota: Check for register_shrinker() failure.
|
||||
- SUNRPC: Allow connect to return EHOSTUNREACH
|
||||
- kmemleak: add scheduling point to kmemleak_scan()
|
||||
- [armhf] drm/omap: Fix error handling path in 'omap_dmm_probe()'
|
||||
- [armhf] drm/omap: displays: panel-dpi: add backlight dependency
|
||||
- xfs: ubsan fixes
|
||||
- xfs: Properly retry failed dquot items in case of error during buffer
|
||||
writeback
|
||||
- perf/core: Fix memory leak triggered by perf --namespace
|
||||
- scsi: aacraid: Prevent crash in case of free interrupt during scsi EH
|
||||
path
|
||||
- scsi: ufs: ufshcd: fix potential NULL pointer dereference in
|
||||
ufshcd_config_vreg
|
||||
- iwlwifi: mvm: fix the TX queue hang timeout for MONITOR vif type
|
||||
- iwlwifi: fix access to prph when transport is stopped
|
||||
- [arm*] dts: NSP: Disable AHCI controller for HR NSP boards
|
||||
- [arm*] ARM: dts: NSP: Fix PPI interrupt types
|
||||
- media: usbtv: add a new usbid
|
||||
- [x86] xen: Support early interrupts in xen pv guests
|
||||
- usb: gadget: don't dereference g until after it has been null checked
|
||||
- staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID
|
||||
- [arm64,armhf] drm/vc4: Move IRQ enable to PM path
|
||||
- [x86] KVM: emulate #UD while in guest mode
|
||||
- [x86] staging: lustre: separate a connection destroy from free struct
|
||||
kib_conn
|
||||
- tty: fix data race between tty_init_dev and flush of buf
|
||||
- USB: serial: pl2303: new device id for Chilitag
|
||||
- USB: cdc-acm: Do not log urb submission errors on disconnect
|
||||
- CDC-ACM: apply quirk for card reader
|
||||
- USB: serial: io_edgeport: fix possible sleep-in-atomic
|
||||
- usbip: prevent bind loops on devices attached to vhci_hcd
|
||||
- usbip: list: don't list devices attached to vhci_hcd
|
||||
- USB: serial: simple: add Motorola Tetra driver
|
||||
- usb: f_fs: Prevent gadget unbind if it is already unbound
|
||||
- usb: uas: unconditionally bring back host after reset
|
||||
- usb/gadget: Fix "high bandwidth" check in usb_gadget_ep_match_desc()
|
||||
- [x86] mei: me: allow runtime pm for platform with D0i3
|
||||
- serial: 8250_of: fix return code when probe function fails to get reset
|
||||
- serial: 8250_uniphier: fix error return code in uniphier_uart_probe()
|
||||
- [armhf] serial: imx: Only wakeup via RTSDEN bit if the system has
|
||||
RTS/CTS
|
||||
- [armhf] spi: imx: do not access registers while clocks disabled
|
||||
- iio: adc: stm32: fix scan of multiple channels with DMA
|
||||
- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
|
||||
- test_firmware: fix missing unlock on error in
|
||||
config_num_requests_store()
|
||||
- Input: synaptics-rmi4 - unmask F03 interrupts when port is opened
|
||||
- Input: synaptics-rmi4 - do not delete interrupt memory too early
|
||||
- [x86] efi: Clarify that reset attack mitigation needs appropriate
|
||||
userspace
|
||||
|
||||
[ Salvatore Bonaccorso ]
|
||||
* loop: fix concurrent lo_open/lo_release (CVE-2018-5344)
|
||||
* [rt] Update to 4.14.15-rt11
|
||||
* [rt] Update to 4.14.15-rt13
|
||||
* crypto: ecc - Fix NULL pointer deref. on no default_rng (Closes: #886556)
|
||||
|
|
|
@ -17,6 +17,10 @@ properly distinguish and report the zero and negative cases.
|
|||
|
||||
Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library")
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
[carnil: Update/Refresh patch for 4.14.17: The issue with the
|
||||
incorrect check has been fixed with upstream commit 53d1cd6b125f.
|
||||
Keep in the patch the distinction and report for the zero and
|
||||
negative cases.]
|
||||
---
|
||||
--- a/tools/power/cpupower/bench/system.c
|
||||
+++ b/tools/power/cpupower/bench/system.c
|
||||
|
@ -28,7 +32,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|||
|
||||
dprintf("set %s as cpufreq governor\n", governor);
|
||||
|
||||
- if (cpupower_is_cpu_online(cpu) != 0) {
|
||||
- if (cpupower_is_cpu_online(cpu) != 1) {
|
||||
- perror("cpufreq_cpu_exists");
|
||||
- fprintf(stderr, "error: cpu %u does not exist\n", cpu);
|
||||
+ rc = cpupower_is_cpu_online(cpu);
|
||||
|
|
|
@ -1,56 +0,0 @@
|
|||
From: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Date: Fri, 5 Jan 2018 16:26:00 -0800
|
||||
Subject: loop: fix concurrent lo_open/lo_release
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Origin: https://git.kernel.org/linus/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-5344
|
||||
|
||||
范龙飞 reports that KASAN can report a use-after-free in __lock_acquire.
|
||||
The reason is due to insufficient serialization in lo_release(), which
|
||||
will continue to use the loop device even after it has decremented the
|
||||
lo_refcnt to zero.
|
||||
|
||||
In the meantime, another process can come in, open the loop device
|
||||
again as it is being shut down. Confusion ensues.
|
||||
|
||||
Reported-by: 范龙飞 <long7573@126.com>
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Signed-off-by: Jens Axboe <axboe@kernel.dk>
|
||||
---
|
||||
drivers/block/loop.c | 10 ++++++++--
|
||||
1 file changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
|
||||
index bc8e61506968..d5fe720cf149 100644
|
||||
--- a/drivers/block/loop.c
|
||||
+++ b/drivers/block/loop.c
|
||||
@@ -1581,9 +1581,8 @@ static int lo_open(struct block_device *bdev, fmode_t mode)
|
||||
return err;
|
||||
}
|
||||
|
||||
-static void lo_release(struct gendisk *disk, fmode_t mode)
|
||||
+static void __lo_release(struct loop_device *lo)
|
||||
{
|
||||
- struct loop_device *lo = disk->private_data;
|
||||
int err;
|
||||
|
||||
if (atomic_dec_return(&lo->lo_refcnt))
|
||||
@@ -1610,6 +1609,13 @@ static void lo_release(struct gendisk *disk, fmode_t mode)
|
||||
mutex_unlock(&lo->lo_ctl_mutex);
|
||||
}
|
||||
|
||||
+static void lo_release(struct gendisk *disk, fmode_t mode)
|
||||
+{
|
||||
+ mutex_lock(&loop_index_mutex);
|
||||
+ __lo_release(disk->private_data);
|
||||
+ mutex_unlock(&loop_index_mutex);
|
||||
+}
|
||||
+
|
||||
static const struct block_device_operations lo_fops = {
|
||||
.owner = THIS_MODULE,
|
||||
.open = lo_open,
|
||||
--
|
||||
2.15.1
|
||||
|
|
@ -122,7 +122,6 @@ bugfix/all/dccp-cve-2017-8824-use-after-free-in-dccp-code.patch
|
|||
bugfix/all/media-dvb-usb-v2-lmedm04-Improve-logic-checking-of-w.patch
|
||||
bugfix/all/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_.patch
|
||||
bugfix/all/media-hdpvr-fix-an-error-handling-path-in-hdpvr_prob.patch
|
||||
bugfix/all/loop-fix-concurrent-lo_open-lo_release.patch
|
||||
|
||||
# Fix exported symbol versions
|
||||
bugfix/all/module-disable-matching-missing-version-crc.patch
|
||||
|
|
Loading…
Reference in New Issue