From 431395942ee0a9555859e08379914f0031d4b356 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 11 Aug 2015 21:48:34 +0200 Subject: [PATCH] Update to 4.1.5 --- debian/changelog | 332 +++++++++++++++++- ...he-assoc-array-edit-if-edit-is-valid.patch | 39 -- ...g-facility-check-to-init_cache_level.patch | 51 --- debian/patches/series | 2 - 4 files changed, 331 insertions(+), 93 deletions(-) delete mode 100644 debian/patches/bugfix/all/keys-ensure-we-free-the-assoc-array-edit-if-edit-is-valid.patch delete mode 100644 debian/patches/bugfix/s390/s390-cachinfo-add-missing-facility-check-to-init_cache_level.patch diff --git a/debian/changelog b/debian/changelog index 56829a71c..5c9c2af0f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,334 @@ -linux (4.1.3-2) UNRELEASED; urgency=medium +linux (4.1.5-1) UNRELEASED; urgency=medium + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4 + - [armhf] pinctrl: mvebu: armada-370: fix spi0 pin description + - [armhf] pinctrl: mvebu: armada-xp: remove non-existing NAND pins + - [armhf] pinctrl: mvebu: armada-xp: remove non-existing VDD cpu_pd + functions + - [armhf] pinctrl: mvebu: armada-xp: fix functions of MPP48 + - Bluetooth: Fix race condition with user channel and setup stage + - Bluetooth: btusb: Fix memory leak in Intel setup routine + - Bluetooth: btusb: Fix secure send command length alignment on Intel 8260 + - Bluetooth: btusb: Correct typo in Roper Class 1 Bluetooth Dongle + - Bluetooth: btbcm: allow btbcm_read_verbose_config to fail on Apple + - ath9k: fix DMA stop sequence for AR9003+ + - ath9k_htc: memory corruption calling set_bit() + - rtlwifi: Remove the clear interrupt routine from all drivers + - ieee802154: Fix sockaddr_ieee802154 implicit padding information leak. + - staging: vt6656: check ieee80211_bss_conf bssid not NULL + - staging: vt6655: check ieee80211_bss_conf bssid not NULL + - staging: vt6655: device_rx_srv check sk_buff is NULL + - staging: rtl8712: prevent buffer overrun in recvbuf2recvframe + - staging: comedi: cb_pcimdas: fix handlers for DI and DO subdevices + - hid-sensor: Fix suspend/resume delay + - ext4: fix race between truncate and __ext4_journalled_writepage() + - ext4: call sync_blockdev() before invalidate_bdev() in put_super() + - ext4: don't retry file block mapping on bigalloc fs with non-extent file + - ext4: set lazytime on remount if MS_LAZYTIME is set by mount + - ext4: fix fencepost error in lazytime optimization + - bufferhead: Add _gfp version for sb_getblk() + - ext4: avoid deadlocks in the writeback path by using sb_getblk_gfp + - ext4: fix reservation release on invalidatepage for delalloc fs + - ext4: be more strict when migrating to non-extent based file + - ext4: correctly migrate a file with a hole at the beginning + - ext4: replace open coded nofail allocation in ext4_free_blocks() + - jbd2: use GFP_NOFS in jbd2_cleanup_journal_tail() + - jbd2: fix ocfs2 corrupt when updating journal superblock fails + - NFC: st21nfcb: Remove inappropriate kfree on a devm_kzalloc pointer + - NFC: st21nfcb: Do not remove header once the payload is sent + - NFC: st21nfcb: remove st21nfcb_nci_i2c_disable + - [armhf] rtc: snvs: fix wakealarm by call enable_irq_wake earlier + - i2c: mux: Use __i2c_transfer() instead of calling parent's master_xfer() + - i2c: use parent adapter quirks in mux + - vb2: Don't WARN when v4l2_buffer.bytesused is 0 for multiplanar buffers + - media: Fix regression in some more dib0700 based devices + - rc-core: fix dib0700 scancode generation for RC5 + - cx18: add missing caps for the PCM video device + - cx24117: fix a buffer overflow when checking userspace params + - af9013: Don't accept invalid bandwidth + - saa7164: fix querycap warning + - s5h1420: fix a buffer overflow when checking userspace params + - cx24116: fix a buffer overflow when checking userspace params + - [armhf] ASoC: omap: fix up SND_OMAP_SOC_OMAP_ABE_TWL6040 dependency, again + - libata: Do not blacklist Micron M500DC + - libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for HP 250GB SATA disk + VB0250EAVER + - libata: increase the timeout when setting transfer mode + - libata: Fall back to unqueued READ LOG EXT if the DMA variant fails + - libata: Expose TRIM capability in sysfs + - libata: add ATA_HORKAGE_NOTRIM + - libata: add ATA_HORKAGE_MAX_SEC_1024 to revert back to previous + max_sectors limit + - libata: Do not blacklist M510DC + - libata: force disable trim for SuperSSpeed S238 + - [armhf] usb: dwc3: gadget: return error if command sent to DGCMD register + fails + - [armhf] usb: dwc3: gadget: return error if command sent to DEPCMD + register fails + - [armhf] usb: dwc3: gadget: don't clear EP_BUSY too early + - [armhf] usb: dwc3: Reset the transfer resource index on SET_INTERFACE + - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port + reset + - USB: devio: fix a condition in async_completed() + - [armhf] phy: twl4030-usb: remove incorrect pm_runtime_get_sync() in + probe function. + - [armhf] usb: phy: mxs: suspend to RAM causes NULL pointer dereference + - usb: gadget: composite: Fix NULL pointer dereference + - usb: gadget: f_fs: do not set cancel function on synchronous {read,write} + - usb: gadget: mv_udc_core: fix phy_regs I/O memory leak + - usb: f_mass_storage: limit number of reported LUNs + - [armhf] usb: musb: host: rely on port_mode to call musb_start() + - USB: cp210x: add ID for Aruba Networks controllers + - USB: option: add 2020:4000 ID + - USB: serial: Destroy serial_minors IDR on module exit + - USB: OHCI: Fix race between ED unlink and URB submission + - usb: core: lpm: set lpm_capable for root hub device + - usb: xhci: Bugfix for NULL pointer deference in xhci_endpoint_init() + function + - dm cache: fix race when issuing a POLICY_REPLACE operation + - dm stats: fix divide by zero if 'number_of_areas' arg is zero + - dm space map metadata: fix occasional leak of a metadata block on resize + - dm btree remove: fix bug in redistribute3 + - dm thin: allocate the cell_sort_array dynamically + - dm btree: silence lockdep lock inversion in dm_btree_del() + - mmc: block: Add missing mmc_blk_put() in power_ro_lock_show() + - block: loop: convert to per-device workqueue + - block: loop: avoiding too many pending per work I/O + - block: Do a full clone when splitting discard bios + - drm/vgem: Set unique to "vgem" + - [armhf] drm/tegra: dpaux: Fix transfers larger than 4 bytes + - drm/qxl: Do not cause spice-server to clean our objects + - drm/qxl: Do not leak memory if qxl_release_list_add fails + - drm/atomic: fix out of bounds read in for_each_*_in_state helpers + - drm/radeon: take the mode_config mutex when dealing with hpds (v2) + - drm/radeon: clean up radeon_audio_enable + - [x86] drm/i915/ppgtt: Break loop in gen8_ppgtt_clear_range failure path + - [x86] drm/i915: Fix IPS related flicker + - [x86] drm/i915: fix backlight after resume on 855gm + - [x86] drm/i915: Declare the swizzling unknown for L-shaped configurations + - [x86] drm/i915: Snapshot seqno of most recently submitted request. + - [x86] drm/i915: Forward all core DRM ioctls to core compat handling + - [x86] Revert "drm/i915: Declare the swizzling unknown for L-shaped + configurations" + - [x86] drm/i915: Use two 32bit reads for select 64bit REG_READ ioctls + - drm/radeon: compute ring fix hibernation (CI GPU family) v2. + - drm/radeon: SDMA fix hibernation (CI GPU family). + - Revert "drm/radeon: dont switch vt on suspend" + - drm/radeon: only check the sink type on DP connectors + - drm/radeon: fix HDP flushing + - drm/radeon: Handle irqs only based on irq ring, not irq status regs. + - drm/radeon: Clean up reference counting and pinning of the cursor BOs + - drm/radeon: unpin cursor BOs on suspend and pin them again on resume (v2) + - drm/radeon: Don't flush the GART TLB if rdev->gart.ptr == NULL + - drm/radeon: add a dpm quirk for Sapphire Radeon R9 270X 2GB GDDR5 + - drm/radeon: fix user ptr race condition + - drm/radeon/ci: silence a harmless PCC warning + - drm: add a check for x/y in drm_mode_setcrtc + - drm: Provide compat ioctl for addfb2.1 + - drm: Stop resetting connector state to unknown + - libata: Fix regression when the NCQ Send and Receive log page is absent + - xfs: fix remote symlinks on V5/CRC filesystems + - xfs: don't truncate attribute extents if no extents exist + - w1_therm reference count family data + - tpm, tpm_crb: fix le64_to_cpu conversions in crb_acpi_add() + - vTPM: set virtual device before passing to ibmvtpm_reset_crq + - tpm: Fix initialization of the cdev + - tpm, tpm_crb: fail when TPM2 ACPI table contents look corrupted + - KEYS: fix "ca_keys=" partial key matching + - KEYS: ensure we free the assoc array edit if edit is valid + - tracing/filter: Do not WARN on operand count going below zero + - tracing/filter: Do not allow infix to exceed end of string + - tracing: Fix typo from "static inlin" to "static inline" + - tracing: Have branch tracer use recursive field of task struct + - tracing: Fix sample output of dynamic arrays + - [armel,armhf] dmaengine: mv_xor: bug fix for racing condition in + descriptors cleanup + - md: clear mddev->private when it has been freed. + - md: unlock mddev_lock on an error path. + - md: Skip cluster setup for dm-raid + - Btrfs: don't invalidate root dentry when subvolume deletion fails + - md: fix a build warning + - Btrfs: use kmem_cache_free when freeing entry in inode cache + - Btrfs: fix race between caching kthread and returning inode to inode cache + - Btrfs: fix fsync data loss after append write + - Btrfs: fix memory leak in the extent_same ioctl + - Btrfs: fix list transaction->pending_ordered corruption + - Btrfs: fix file corruption after cloning inline extents + - selinux: don't waste ebitmap space when importing NetLabel categories + - selinux: fix mprotect PROT_EXEC regression caused by mm change + - fuse: initialize fc->release before calling it + - crush: fix a bug in tree bucket decode + - ACPI / resources: free memory on error in add_region_before() + - ACPI / PNP: Reserve ACPI resources at the fs_initcall_sync stage + - ACPI / LPSS: Fix up acpi_lpss_create_device() + - ACPICA: Tables: Enable both 32-bit and 64-bit FACS + - ACPICA: Tables: Fix an issue that FACS initialization is performed twice + - ACPICA: Tables: Enable default 64-bit FADT addresses favor + - ACPI / PCI: Fix regressions caused by resource_size_t overflow with + 32-bit kernel + - [armhf] serial: samsung: only use earlycon for console + - mmc: card: Fixup request missing in mmc_blk_issue_rw_rq + - mmc: sdhci: Restore behavior while creating OCR mask + - PM / clk: Fix clock error check in __pm_clk_add() + - RDMA/ocrdma: fix double free on pd + - tty: remove platform_sysrq_reset_seq + - mm/hugetlb: introduce minimum hugepage order + - PM / sleep: Increase default DPM watchdog timeout to 60 + - firmware: dmi_scan: Only honor end-of-table for 64-bit tables + - __bitmap_parselist: fix bug in empty string handling + - security_syslog() should be called once only + - mac80211: fix the beacon csa counter for mesh and ibss + - iwlwifi: mvm: fix ROC reference accounting + - cfg80211: ignore netif running state when changing iftype + - mac80211: prevent possible crypto tx tailroom corruption + - e1000e: Cleanup handling of VLAN_HLEN as a part of max frame size + - clocksource: exynos_mct: Avoid blocking calls in the cpu hotplug notifier + - [x86] ideapad_laptop: Lenovo G50-30 fix rfkill reports wireless blocked + - [x86] ideapad: fix software rfkill setting + - of/address: use atomic allocation in pci_register_io_range() + - [x86] dell-laptop: Fix allocating & freeing SMI buffer page + - ovl: lookup whiteouts outside iterate_dir() + - of: return NUMA_NO_NODE from fallback of_node_to_nid() + - watchdog: omap: assert the counter being stopped before reprogramming + - gpiolib: Add missing dummies for the unified device properties interface + - clk: Fix JSON output in debugfs + - pNFS: Fix a memory leak when attempted pnfs fails + - pNFS/flexfiles: Fix the reset of struct pgio_header when resending + - NFS: Fix size of NFSACL SETACL operations + - nfs: fixing infinite OPEN loop in 4.0 stateid recovery + - nfs: increase size of EXCHANGE_ID name string buffer + - NFS: Ensure we set NFS_CONTEXT_RESEND_WRITES when requeuing writes + - nfs: fix potential credential leak in ff_layout_update_mirror_cred + - nfs: always update creds in mirror, even when we have an already + connected ds + - SUNRPC: Fix a memory leak in the backchannel code + - 9p: forgetting to cancel request on interrupted zero-copy RPC + - 9p: don't leave a half-initialized inode sitting around + - rbd: use GFP_NOIO in rbd_obj_request_create() + - [x86] agp/intel: Fix typo in needs_ilk_vtd_wa() + - [mips] EDAC, octeon: Fix broken build due to model helper renames + - p9_client_write(): avoid double p9_free_req() + - [arm64] smp: Fix suspicious RCU usage with ipi tracepoints + - [arm64] bpf: fix out-of-bounds read in bpf2a64_offset() + - [arm64] bpf: fix endianness conversion bugs + - [arm64] Don't report clear pmds and puds as huge + - [armel,armhf] 8393/1: smp: Fix suspicious RCU usage with ipi tracepoints + - [armel,armhf] 8397/1: fix vdsomunge not to depend on glibc specific + error.h + - hpfs: kstrdup() out of memory handling + - hpfs: hpfs_error: Remove static buffer, use vsprintf extension %pV instead + - Fix firmware loader uevent buffer NULL pointer dereference + - mm: avoid setting up anonymous pages into file mapping + - [x86] mpx: Do not set ->vm_ops on MPX VMAs + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.5 + - [powerpc*] powernv: Fix race in updating core_idle_state + - Revert "Input: synaptics - allocate 3 slots to keep stability in image + sensors" + - [hppa] Fix some PTE/TLB race conditions and optimize __flush_tlb_range + based on timing results + - [hppa] mm: Fix a memory leak related to pmd not attached to the pgd + - [armel,armhf] 8404/1: dma-mapping: fix off-by-one error in bitmap size + check + - [armhf] imx6: gpc: always enable PU domain if CONFIG_PM is not set + - [mips*] c-r4k: Fix cache flushing for MT cores + - [mips*] Require O32 FP64 support for MIPS64 with O32 compat + - can: replace timestamp as unique skb attribute + - can: rcar_can: fix IRQ check + - can: c_can: Fix default pinmux glitch at init + - can: rcar_can: print signed IRQ # + - can: mcp251x: fix resume when device is down + - vfs: freeing unlinked file indefinitely delayed + - [x86] init: Clear 'init_level4_pgt' earlier + - [x86] kasan: Fix KASAN shadow region page tables + - [x86] kasan: Flush TLBs after switching CR3 + - [x86] kasan: Fix boot crash on AMD processors + - crypto: omap-des - Fix unmapping of dma channels + - [s390x] process: fix sfpc inline assembly + - [s390x] sclp: clear upper register halves in _sclp_print_early + - [s390x] nmi: fix vector register corruption + - [s390x] bpf: clear correct BPF accumulator register + - bio integrity: do not assume bio_integrity_pool exists if bioset exists + - dma-debug: skip debug_dma_assert_idle() when disabled + - genirq: Prevent resend to interrupts marked IRQ_NESTED_THREAD + - ALSA: usb-audio: Add MIDI support for Steinberg MI2/MI4 + - ALSA: line6: Fix -EBUSY error during active monitoring + - ALSA: pcm: Fix lockdep warning with nonatomic PCM ops + - [x86] ALSA: hda - Add headset mic support for Acer Aspire V5-573G + - ALSA: hda: add new AMD PCI IDs with proper driver caps + - ALSA: hda - Add new GPU codec ID 0x10de007d to snd-hda + - [x86] ALSA: hda - Add headset mic pin quirk for a Dell device + - [x86] ALSA: hda - Apply fixup for another Toshiba Satellite S50D + - [x86] ALSA: hda - Apply a fixup to Dell Vostro 5480 + - ALSA: usb-audio: add dB range mapping for some devices + - [x86] ALSA: hda - Fix MacBook Pro 5,2 quirk + - [x86] perf: Fix static_key bug in load_mm_cr4() + - Revert "dm: only run the queue on completion if congested or no requests + pending" + - [arm64] irqchip/gicv3-its: Fix mapping of LPIs to collections + - scsi: fix host max depth checking for the 'queue_depth' sysfs interface + - scsi: fix memory leak with scsi-mq + - st: null pointer dereference panic caused by use after kref_put by st_open + - drivers: clk: st: Fix flexgen lock init + - drivers: clk: st: Fix mux bit-setting for Cortex A9 clocks + - drivers: clk: st: Incorrect register offset used for lock_status + - mac80211: clear subdir_stations when removing debugfs + - mnt: Clarify and correct the disconnect logic in umount_tree + - mnt: In detach_mounts detach the appropriate unmounted mount + - ftrace: Fix breakage of set_ftrace_pid + - [x86] iommu/vt-d: Fix VM domain ID leak + - [armhf] mmc: omap_hsmmc: Fix DTO and DCRC handling + - mmc: sdhci check parameters before call dma_free_coherent + - mmc: sdhci-esdhc: Make 8BIT bus work + - HID: cp2112: fix to force single data-report reply + - iwlwifi: mvm: fix antenna selection when BT is active + - iwlwifi: nvm: remove mac address byte swapping in 8000 family + - iwlwifi: pcie: prepare the device before accessing it + - md/raid1: fix test for 'was read error from last working device'. + - [armhf] spi: imx: Fix small DMA transfers + - Input: usbtouchscreen - avoid unresponsive TSC-30 touch screen + - blkcg: fix gendisk reference leak in blkg_conf_prep() + - [armhf] regulator: s2mps11: Fix GPIO suspend enable shift wrapping bug + - ata: pmp: add quirk for Marvell 4140 SATA PMP + - usb-storage: ignore ZTE MF 823 card reader in mode 0x1225 + - [armhf] Revert "serial: imx: initialized DMA w/o HW flow enabled" + - serial: core: Fix crashes while echoing when closing + - xhci: Calculate old endpoints correctly on device reset + - xhci: report U3 when link is in resume state + - xhci: prevent bus_suspend if SS port resuming in phase 1 + - xhci: do not report PLC when link is in internal resume state + - mei: prevent unloading mei hw modules while the device is opened. + - [x86] mm: Add parenthesis for TLB tracepoint size calculation + - efi: Handle memory error structures produced based on old versions of + standard + - [arm64] efi: map the entire UEFI vendor string before reading it + - efi: Check for NULL efi kernel parameters + - [x86] efi: Use all 64 bit of efi_memmap in setup_e820() + - rds: rds_ib_device.refcount overflow + - n_tty: signal and flush atomically + - blk-mq: set default timeout as 30 seconds + - [x86] perf/intel/cqm: Return cached counter value from IRQ context + - vhost: actually track log eventfd file + - NFS: Don't revalidate the mapping if both size and change attr are up to + date + - NFSv4: We must set NFS_OPEN_STATE flag in nfs_resync_open_stateid_locked + - NFS: Fix a memory leak in nfs_do_recoalesce + - IB/ipoib: Fix CONFIG_INFINIBAND_IPOIB_CM + - iscsi-target: Fix use-after-free during TPG session shutdown + - iscsi-target: Fix iscsit_start_kthreads failure OOPs + - iscsi-target: Fix iser explicit logout TX kthread leak + - [x86] intel_pstate: Add get_scaling cpu_defaults param to Knights Landing + - qla2xxx: Fix hardware lock/unlock issue causing kernel panic. + - qla2xxx: release request queue reservation. + - qla2xxx: Remove msleep in qlt_send_term_exchange + - qla2xxx: fix command initialization in target mode. + - qla2xxx: kill sessions/log out initiator on RSCN and port down events + - drm/nouveau/fbcon/nv11-: correctly account for ring space usage + - drm/nouveau/kms/nv50-: guard against enabling cursor on disabled heads + - drm/nouveau: hold mutex when calling nouveau_abi16_fini() + - drm/nouveau/drm/nv04-nv40/instmem: protect access to priv->heap by mutex + - xfs: remote attribute headers contain an invalid LSN + - xfs: remote attributes need to be considered data [ Ian Campbell ] * [armhf] Enable cpufreq on some sunxi platforms (Closes: #793185) diff --git a/debian/patches/bugfix/all/keys-ensure-we-free-the-assoc-array-edit-if-edit-is-valid.patch b/debian/patches/bugfix/all/keys-ensure-we-free-the-assoc-array-edit-if-edit-is-valid.patch deleted file mode 100644 index 2eff4b90f..000000000 --- a/debian/patches/bugfix/all/keys-ensure-we-free-the-assoc-array-edit-if-edit-is-valid.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Colin Ian King -Subject: [PATCH] KEYS: ensure we free the assoc array edit if edit is valid -Origin: https://marc.info/?l=oss-security&m=143800676725867&w=2 - -__key_link_end is not freeing the associated array edit structure -and this leads to a 512 byte memory leak each time an identical -existing key is added with add_key(). - -The reason the add_key() system call returns okay is that -key_create_or_update() calls __key_link_begin() before checking to see -whether it can update a key directly rather than adding/replacing - which -it turns out it can. Thus __key_link() is not called through -__key_instantiate_and_link() and __key_link_end() must cancel the edit. - -CVE-2015-1333 - -Signed-off-by: Colin Ian King -Signed-off-by: David Howells ---- - -diff --git a/security/keys/keyring.c b/security/keys/keyring.c -index e72548b5897e..d33437007ad2 100644 ---- a/security/keys/keyring.c -+++ b/security/keys/keyring.c -@@ -1181,9 +1181,11 @@ void __key_link_end(struct key *keyring, - if (index_key->type == &key_type_keyring) - up_write(&keyring_serialise_link_sem); - -- if (edit && !edit->dead_leaf) { -- key_payload_reserve(keyring, -- keyring->datalen - KEYQUOTA_LINK_BYTES); -+ if (edit) { -+ if (!edit->dead_leaf) { -+ key_payload_reserve(keyring, -+ keyring->datalen - KEYQUOTA_LINK_BYTES); -+ } - assoc_array_cancel_edit(edit); - } - up_write(&keyring->sem); diff --git a/debian/patches/bugfix/s390/s390-cachinfo-add-missing-facility-check-to-init_cache_level.patch b/debian/patches/bugfix/s390/s390-cachinfo-add-missing-facility-check-to-init_cache_level.patch deleted file mode 100644 index 69fee010c..000000000 --- a/debian/patches/bugfix/s390/s390-cachinfo-add-missing-facility-check-to-init_cache_level.patch +++ /dev/null @@ -1,51 +0,0 @@ -From: Heiko Carstens -Date: Mon, 27 Jul 2015 09:53:49 +0200 -Subject: s390/cachinfo: add missing facility check to init_cache_level() -Origin: https://git.kernel.org/cgit/linux/kernel/git/s390/linux.git/commit/?id=0b991f5cdcd6201e5401f83ca3a672343c3bfc49 -Bug-Debian: https://bugs.debian.org/793929 - -Stephen Powell reported the following crash on a z890 machine: - -Kernel BUG at 00000000001219d0 [verbose debug info unavailable] -illegal operation: 0001 ilc:3 [#1] SMP -Krnl PSW : 0704e00180000000 00000000001219d0 (init_cache_level+0x38/0xe0) - R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 EA:3 -Krnl Code: 00000000001219c2: a7840056 brc 8,121a6e - 00000000001219c6: a7190000 lghi %r1,0 - #00000000001219ca: eb101000004c ecag %r1,%r0,0(%r1) - >00000000001219d0: a7390000 lghi %r3,0 - 00000000001219d4: e310f0a00024 stg %r1,160(%r15) - 00000000001219da: a7080000 lhi %r0,0 - 00000000001219de: a7b9f000 lghi %r11,-4096 - 00000000001219e2: c0a0002899d9 larl %r10,634d94 -Call Trace: - [<0000000000478ee2>] detect_cache_attributes+0x2a/0x2b8 - [<000000000097c9b0>] cacheinfo_sysfs_init+0x60/0xc8 - [<00000000001001c0>] do_one_initcall+0x98/0x1c8 - [<000000000094fdc2>] kernel_init_freeable+0x212/0x2d8 - [<000000000062352e>] kernel_init+0x26/0x118 - [<000000000062fd2e>] kernel_thread_starter+0x6/0xc - -The illegal operation was executed because of a missing facility check, -which should have made sure that the ECAG execution would only be executed -on machines which have the general-instructions-extension facility -installed. - -Reported-and-tested-by: Stephen Powell -Cc: stable@vger.kernel.org # v4.0+ -Signed-off-by: Heiko Carstens -Signed-off-by: Martin Schwidefsky - -diff --git a/arch/s390/kernel/cache.c b/arch/s390/kernel/cache.c -index bff5e3b..8ba3243 100644 ---- a/arch/s390/kernel/cache.c -+++ b/arch/s390/kernel/cache.c -@@ -138,6 +138,8 @@ int init_cache_level(unsigned int cpu) - union cache_topology ct; - enum cache_type ctype; - -+ if (!test_facility(34)) -+ return -EOPNOTSUPP; - if (!this_cpu_ci) - return -EINVAL; - ct.raw = ecag(EXTRACT_TOPOLOGY, 0, 0); diff --git a/debian/patches/series b/debian/patches/series index a7a3c9dc3..ee3abd845 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -89,8 +89,6 @@ bugfix/x86/0006-x86-nmi-64-Switch-stacks-on-userspace-NMI-entry.patch bugfix/x86/0007-x86-nmi-64-Improve-nested-NMI-comments.patch bugfix/x86/0008-x86-nmi-64-Reorder-nested-NMI-checks.patch bugfix/x86/0009-x86-nmi-64-Use-DF-to-avoid-userspace-RSP-confusing-n.patch -bugfix/all/keys-ensure-we-free-the-assoc-array-edit-if-edit-is-valid.patch -bugfix/s390/s390-cachinfo-add-missing-facility-check-to-init_cache_level.patch bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch # Hardening from grsecurity