From 4ac6860c3b2ddb62d13b143a196161f85aa36a0e Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sat, 29 Oct 2016 00:36:56 +0100 Subject: [PATCH] Update to 4.9-rc2 Drop/refresh patches as appropriate. --- debian/changelog | 9 + debian/config/defines | 2 +- ...-redundant-log-messages-from-drivers.patch | 62 +-- ...sgid-bit-when-setting-file-permissio.patch | 433 ------------------ ...uired-for-drm-and-kms-on-r600-onward.patch | 6 +- .../features/all/aufs4/aufs4-base.patch | 48 +- .../features/all/aufs4/aufs4-mmap.patch | 77 ++-- .../features/all/aufs4/aufs4-standalone.patch | 92 ++-- ...i-table-override-if-securelevel-is-s.patch | 11 +- ...-and-dev-kmem-when-securelevel-is-se.patch | 13 +- ...x53-add-support-for-usb-armory-board.patch | 262 ----------- ...make-x32-syscall-support-conditional.patch | 14 +- debian/patches/series | 2 - 13 files changed, 134 insertions(+), 897 deletions(-) delete mode 100644 debian/patches/bugfix/all/posix_acl-clear-sgid-bit-when-setting-file-permissio.patch delete mode 100644 debian/patches/features/arm/arm-dts-imx53-add-support-for-usb-armory-board.patch diff --git a/debian/changelog b/debian/changelog index 3ebda2f42..cfd6ed167 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +linux (4.9~rc2-1~exp1) UNRELEASED; urgency=medium + + * New upstream release candidate + + [ Ben Hutchings ] + * [rt] Disable until it is updated for 4.9 or later + + -- Ben Hutchings Sat, 29 Oct 2016 00:08:55 +0100 + linux (4.8.5-1) unstable; urgency=medium * New upstream stable update: diff --git a/debian/config/defines b/debian/config/defines index a8af9160a..5b35a8d11 100644 --- a/debian/config/defines +++ b/debian/config/defines @@ -47,7 +47,7 @@ debug-info: true signed-modules: true [featureset-rt_base] -enabled: true +enabled: false [description] part-long-up: This kernel is not suitable for SMP (multi-processor, diff --git a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch index 47dbce3df..a63fc4a66 100644 --- a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch +++ b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch @@ -53,7 +53,7 @@ upstream submission. /* disable MPU */ --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c -@@ -900,10 +900,8 @@ static enum ucode_state request_microcod +@@ -917,10 +917,8 @@ static enum ucode_state request_microcod if (c->x86 >= 0x15) snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86); @@ -92,11 +92,11 @@ upstream submission. return err; - } - fw_data = (__le32 *) firmware->data; + fw_data = (const __le32 *)firmware->data; fw_size = firmware->size / sizeof(u32); --- a/drivers/bluetooth/ath3k.c +++ b/drivers/bluetooth/ath3k.c -@@ -420,10 +420,8 @@ static int ath3k_load_patch(struct usb_d +@@ -422,10 +422,8 @@ static int ath3k_load_patch(struct usb_d le32_to_cpu(fw_version.rom_version)); ret = request_firmware(&firmware, filename, &udev->dev); @@ -108,7 +108,7 @@ upstream submission. pt_rom_version = get_unaligned_le32(firmware->data + firmware->size - 8); -@@ -483,10 +481,8 @@ static int ath3k_load_syscfg(struct usb_ +@@ -485,10 +483,8 @@ static int ath3k_load_syscfg(struct usb_ le32_to_cpu(fw_version.rom_version), clk_value, ".dfu"); ret = request_firmware(&firmware, filename, &udev->dev); @@ -122,15 +122,15 @@ upstream submission. release_firmware(firmware); --- a/drivers/bluetooth/bcm203x.c +++ b/drivers/bluetooth/bcm203x.c -@@ -191,7 +191,6 @@ static int bcm203x_probe(struct usb_inte - } +@@ -189,7 +189,6 @@ static int bcm203x_probe(struct usb_inte + return -ENOMEM; if (request_firmware(&firmware, "BCM2033-MD.hex", &udev->dev) < 0) { - BT_ERR("Mini driver request failed"); usb_free_urb(data->urb); return -EIO; } -@@ -216,7 +215,6 @@ static int bcm203x_probe(struct usb_inte +@@ -214,7 +213,6 @@ static int bcm203x_probe(struct usb_inte release_firmware(firmware); if (request_firmware(&firmware, "BCM2033-FW.bin", &udev->dev) < 0) { @@ -203,7 +203,7 @@ upstream submission. fw->size, fw_name); --- a/drivers/dma/imx-sdma.c +++ b/drivers/dma/imx-sdma.c -@@ -1408,11 +1408,8 @@ static void sdma_load_firmware(const str +@@ -1433,11 +1433,8 @@ static void sdma_load_firmware(const str const struct sdma_script_start_addrs *addr; unsigned short *ram_code; @@ -233,7 +233,7 @@ upstream submission. where = 0; --- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c -@@ -1740,10 +1740,8 @@ gf100_gr_ctor_fw(struct gf100_gr *gr, co +@@ -1765,10 +1765,8 @@ gf100_gr_ctor_fw(struct gf100_gr *gr, co int ret; ret = nvkm_firmware_get(device, fwname, &fw); @@ -316,7 +316,7 @@ upstream submission. ret = qib_ibsd_ucode_loaded(dd->pport, fw); --- a/drivers/input/touchscreen/atmel_mxt_ts.c +++ b/drivers/input/touchscreen/atmel_mxt_ts.c -@@ -2193,10 +2193,8 @@ static int mxt_load_fw(struct device *de +@@ -2714,10 +2714,8 @@ static int mxt_load_fw(struct device *de int ret; ret = request_firmware(&fw, fn, dev); @@ -765,7 +765,7 @@ upstream submission. b[0] = 0xaa; --- a/drivers/media/usb/ttusb-dec/ttusb_dec.c +++ b/drivers/media/usb/ttusb-dec/ttusb_dec.c -@@ -1290,11 +1290,8 @@ static int ttusb_dec_boot_dsp(struct ttu +@@ -1296,11 +1296,8 @@ static int ttusb_dec_boot_dsp(struct ttu dprintk("%s\n", __func__); result = request_firmware(&fw_entry, dec->firmware_name, &dec->udev->dev); @@ -930,7 +930,7 @@ upstream submission. printk(KERN_ERR "ERROR: Firmware size mismatch " --- a/drivers/media/pci/cx23885/cx23885-cards.c +++ b/drivers/media/pci/cx23885/cx23885-cards.c -@@ -2279,11 +2279,7 @@ void cx23885_card_setup(struct cx23885_d +@@ -2341,11 +2341,7 @@ void cx23885_card_setup(struct cx23885_d cinfo.rev, filename); ret = request_firmware(&fw, filename, &dev->pci->dev); @@ -975,7 +975,7 @@ upstream submission. pr_err("Firmware size mismatch (have %zd, expected %d)\n", --- a/drivers/media/usb/gspca/vicam.c +++ b/drivers/media/usb/gspca/vicam.c -@@ -244,10 +244,8 @@ static int sd_init(struct gspca_dev *gsp +@@ -243,10 +243,8 @@ static int sd_init(struct gspca_dev *gsp ret = request_ihex_firmware(&fw, VICAM_FIRMWARE, &gspca_dev->dev->dev); @@ -1032,7 +1032,7 @@ upstream submission. --- a/drivers/media/usb/s2255/s2255drv.c +++ b/drivers/media/usb/s2255/s2255drv.c -@@ -2302,10 +2302,8 @@ static int s2255_probe(struct usb_interf +@@ -2297,10 +2297,8 @@ static int s2255_probe(struct usb_interf } /* load the first chunk */ if (request_firmware(&dev->fw_data->fw, @@ -1185,7 +1185,7 @@ upstream submission. if (bp->mips_firmware->size < sizeof(*mips_fw) || --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c -@@ -13466,11 +13466,8 @@ static int bnx2x_init_firmware(struct bn +@@ -13489,11 +13489,8 @@ static int bnx2x_init_firmware(struct bn BNX2X_DEV_INFO("Loading %s\n", fw_file_name); rc = request_firmware(&bp->firmware, fw_file_name, &bp->pdev->dev); @@ -1338,7 +1338,7 @@ upstream submission. fw->size, fw_name[predef]); --- a/drivers/net/usb/kaweth.c +++ b/drivers/net/usb/kaweth.c -@@ -396,10 +396,8 @@ static int kaweth_download_firmware(stru +@@ -392,10 +392,8 @@ static int kaweth_download_firmware(stru int ret; ret = request_firmware(&fw, fwname, &kaweth->dev->dev); @@ -1405,7 +1405,7 @@ upstream submission. --- a/drivers/net/wireless/ath/carl9170/usb.c +++ b/drivers/net/wireless/ath/carl9170/usb.c -@@ -1033,7 +1033,6 @@ static void carl9170_usb_firmware_step2( +@@ -1031,7 +1031,6 @@ static void carl9170_usb_firmware_step2( return; } @@ -1547,7 +1547,7 @@ upstream submission. name_pre, tag); --- a/drivers/net/wireless/marvell/libertas_tf/if_usb.c +++ b/drivers/net/wireless/marvell/libertas_tf/if_usb.c -@@ -824,8 +824,6 @@ static int if_usb_prog_firmware(struct i +@@ -818,8 +818,6 @@ static int if_usb_prog_firmware(struct i kernel_param_lock(THIS_MODULE); ret = request_firmware(&cardp->fw, lbtf_fw_name, &cardp->udev->dev); if (ret < 0) { @@ -1558,7 +1558,7 @@ upstream submission. } --- a/drivers/net/wireless/marvell/mwifiex/main.c +++ b/drivers/net/wireless/marvell/mwifiex/main.c -@@ -515,11 +515,8 @@ static void mwifiex_fw_dpc(const struct +@@ -524,11 +524,8 @@ static void mwifiex_fw_dpc(const struct bool init_failed = false; struct wireless_dev *wdev; @@ -1652,7 +1652,7 @@ upstream submission. --- a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c +++ b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c -@@ -1669,7 +1669,6 @@ static int ezusb_probe(struct usb_interf +@@ -1667,7 +1667,6 @@ static int ezusb_probe(struct usb_interf if (ezusb_firmware_download(upriv, &firmware) < 0) goto error; } else { @@ -1773,7 +1773,7 @@ upstream submission. wl1251_error("nvs size is not multiple of 32 bits: %zu", --- a/drivers/net/wireless/ti/wlcore/main.c +++ b/drivers/net/wireless/ti/wlcore/main.c -@@ -747,10 +747,8 @@ static int wl12xx_fetch_firmware(struct +@@ -756,10 +756,8 @@ static int wl12xx_fetch_firmware(struct ret = request_firmware(&fw, fw_name, wl->dev); @@ -1892,7 +1892,7 @@ upstream submission. } --- a/drivers/scsi/ipr.c +++ b/drivers/scsi/ipr.c -@@ -4014,10 +4014,8 @@ static ssize_t ipr_store_update_fw(struc +@@ -4041,10 +4041,8 @@ static ssize_t ipr_store_update_fw(struc if (endline) *endline = '\0'; @@ -1930,7 +1930,7 @@ upstream submission. } --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c -@@ -5637,8 +5637,6 @@ qla2x00_load_risc(scsi_qla_host_t *vha, +@@ -5656,8 +5656,6 @@ qla2x00_load_risc(scsi_qla_host_t *vha, /* Load firmware blob. */ blob = qla2x00_request_firmware(vha); if (!blob) { @@ -1939,7 +1939,7 @@ upstream submission. ql_log(ql_log_info, vha, 0x0084, "Firmware images can be retrieved from: "QLA_FW_URL ".\n"); return QLA_FUNCTION_FAILED; -@@ -5740,8 +5738,6 @@ qla24xx_load_risc_blob(scsi_qla_host_t * +@@ -5759,8 +5757,6 @@ qla24xx_load_risc_blob(scsi_qla_host_t * /* Load firmware blob. */ blob = qla2x00_request_firmware(vha); if (!blob) { @@ -1965,7 +1965,7 @@ upstream submission. if (qla82xx_validate_firmware_blob(vha, --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c -@@ -5539,8 +5539,6 @@ qla2x00_request_firmware(scsi_qla_host_t +@@ -5620,8 +5620,6 @@ qla2x00_request_firmware(scsi_qla_host_t goto out; if (request_firmware(&blob->fw, blob->name, &ha->pdev->dev)) { @@ -2086,7 +2086,7 @@ upstream submission. MODULE_FIRMWARE("rtlwifi/rtl8712u.bin"); --- a/drivers/staging/slicoss/slicoss.c +++ b/drivers/staging/slicoss/slicoss.c -@@ -404,11 +404,8 @@ static int slic_card_download_gbrcv(stru +@@ -376,11 +376,8 @@ static int slic_card_download_gbrcv(stru } ret = request_firmware(&fw, file, &adapter->pcidev->dev); @@ -2099,7 +2099,7 @@ upstream submission. rcvucodelen = *(u32 *)(fw->data + index); index += 4; -@@ -482,11 +479,8 @@ static int slic_card_download(struct ada +@@ -454,11 +451,8 @@ static int slic_card_download(struct ada return -ENOENT; } ret = request_firmware(&fw, file, &adapter->pcidev->dev); @@ -2130,7 +2130,7 @@ upstream submission. if (!buffer) --- a/drivers/tty/cyclades.c +++ b/drivers/tty/cyclades.c -@@ -3499,10 +3499,8 @@ static int cyz_load_fw(struct pci_dev *p +@@ -3495,10 +3495,8 @@ static int cyz_load_fw(struct pci_dev *p int retval; retval = request_firmware(&fw, "cyzfirm.bin", &pdev->dev); @@ -2367,7 +2367,7 @@ upstream submission. --- a/drivers/usb/serial/ti_usb_3410_5052.c +++ b/drivers/usb/serial/ti_usb_3410_5052.c -@@ -1536,10 +1536,8 @@ static int ti_download_firmware(struct t +@@ -1702,10 +1702,8 @@ static int ti_download_firmware(struct t } check_firmware: @@ -2526,7 +2526,7 @@ upstream submission. filename, emu->firmware->size); --- a/sound/pci/hda/hda_intel.c +++ b/sound/pci/hda/hda_intel.c -@@ -1781,10 +1781,8 @@ static void azx_firmware_cb(const struct +@@ -1812,10 +1812,8 @@ static void azx_firmware_cb(const struct struct azx *chip = card->private_data; struct pci_dev *pci = chip->pci; @@ -2611,7 +2611,7 @@ upstream submission. "too short firmware size %d (expected %d)\n", --- a/sound/soc/codecs/wm2000.c +++ b/sound/soc/codecs/wm2000.c -@@ -889,10 +889,8 @@ static int wm2000_i2c_probe(struct i2c_c +@@ -891,10 +891,8 @@ static int wm2000_i2c_probe(struct i2c_c } ret = request_firmware(&fw, filename, &i2c->dev); diff --git a/debian/patches/bugfix/all/posix_acl-clear-sgid-bit-when-setting-file-permissio.patch b/debian/patches/bugfix/all/posix_acl-clear-sgid-bit-when-setting-file-permissio.patch deleted file mode 100644 index 32418167d..000000000 --- a/debian/patches/bugfix/all/posix_acl-clear-sgid-bit-when-setting-file-permissio.patch +++ /dev/null @@ -1,433 +0,0 @@ -From: Jan Kara -Date: Mon, 19 Sep 2016 17:39:09 +0200 -Subject: posix_acl: Clear SGID bit when setting file permissions -Origin: https://git.kernel.org/linus/073931017b49d9458aa351605b43a7e34598caef - -When file permissions are modified via chmod(2) and the user is not in -the owning group or capable of CAP_FSETID, the setgid bit is cleared in -inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file -permissions as well as the new ACL, but doesn't clear the setgid bit in -a similar way; this allows to bypass the check in chmod(2). Fix that. - -References: CVE-2016-7097 -Reviewed-by: Christoph Hellwig -Reviewed-by: Jeff Layton -Signed-off-by: Jan Kara -Signed-off-by: Andreas Gruenbacher ---- - fs/9p/acl.c | 40 +++++++++++++++++----------------------- - fs/btrfs/acl.c | 6 ++---- - fs/ceph/acl.c | 6 ++---- - fs/ext2/acl.c | 12 ++++-------- - fs/ext4/acl.c | 12 ++++-------- - fs/f2fs/acl.c | 6 ++---- - fs/gfs2/acl.c | 12 +++--------- - fs/hfsplus/posix_acl.c | 4 ++-- - fs/jffs2/acl.c | 9 ++++----- - fs/jfs/acl.c | 6 ++---- - fs/ocfs2/acl.c | 10 ++++------ - fs/orangefs/acl.c | 15 +++++---------- - fs/posix_acl.c | 31 +++++++++++++++++++++++++++++++ - fs/reiserfs/xattr_acl.c | 8 ++------ - fs/xfs/xfs_acl.c | 13 ++++--------- - include/linux/posix_acl.h | 1 + - 16 files changed, 89 insertions(+), 102 deletions(-) - -diff --git a/fs/9p/acl.c b/fs/9p/acl.c -index 5b6a1743ea17..b3c2cc79c20d 100644 ---- a/fs/9p/acl.c -+++ b/fs/9p/acl.c -@@ -276,32 +276,26 @@ static int v9fs_xattr_set_acl(const struct xattr_handler *handler, - switch (handler->flags) { - case ACL_TYPE_ACCESS: - if (acl) { -- umode_t mode = inode->i_mode; -- retval = posix_acl_equiv_mode(acl, &mode); -- if (retval < 0) -+ struct iattr iattr; -+ -+ retval = posix_acl_update_mode(inode, &iattr.ia_mode, &acl); -+ if (retval) - goto err_out; -- else { -- struct iattr iattr; -- if (retval == 0) { -- /* -- * ACL can be represented -- * by the mode bits. So don't -- * update ACL. -- */ -- acl = NULL; -- value = NULL; -- size = 0; -- } -- /* Updte the mode bits */ -- iattr.ia_mode = ((mode & S_IALLUGO) | -- (inode->i_mode & ~S_IALLUGO)); -- iattr.ia_valid = ATTR_MODE; -- /* FIXME should we update ctime ? -- * What is the following setxattr update the -- * mode ? -+ if (!acl) { -+ /* -+ * ACL can be represented -+ * by the mode bits. So don't -+ * update ACL. - */ -- v9fs_vfs_setattr_dotl(dentry, &iattr); -+ value = NULL; -+ size = 0; - } -+ iattr.ia_valid = ATTR_MODE; -+ /* FIXME should we update ctime ? -+ * What is the following setxattr update the -+ * mode ? -+ */ -+ v9fs_vfs_setattr_dotl(dentry, &iattr); - } - break; - case ACL_TYPE_DEFAULT: -diff --git a/fs/btrfs/acl.c b/fs/btrfs/acl.c -index 53bb7af4e5f0..247b8dfaf6e5 100644 ---- a/fs/btrfs/acl.c -+++ b/fs/btrfs/acl.c -@@ -79,11 +79,9 @@ static int __btrfs_set_acl(struct btrfs_trans_handle *trans, - case ACL_TYPE_ACCESS: - name = XATTR_NAME_POSIX_ACL_ACCESS; - if (acl) { -- ret = posix_acl_equiv_mode(acl, &inode->i_mode); -- if (ret < 0) -+ ret = posix_acl_update_mode(inode, &inode->i_mode, &acl); -+ if (ret) - return ret; -- if (ret == 0) -- acl = NULL; - } - ret = 0; - break; -diff --git a/fs/ceph/acl.c b/fs/ceph/acl.c -index 4f67227f69a5..d0b6b342dff9 100644 ---- a/fs/ceph/acl.c -+++ b/fs/ceph/acl.c -@@ -95,11 +95,9 @@ int ceph_set_acl(struct inode *inode, struct posix_acl *acl, int type) - case ACL_TYPE_ACCESS: - name = XATTR_NAME_POSIX_ACL_ACCESS; - if (acl) { -- ret = posix_acl_equiv_mode(acl, &new_mode); -- if (ret < 0) -+ ret = posix_acl_update_mode(inode, &new_mode, &acl); -+ if (ret) - goto out; -- if (ret == 0) -- acl = NULL; - } - break; - case ACL_TYPE_DEFAULT: -diff --git a/fs/ext2/acl.c b/fs/ext2/acl.c -index 42f1d1814083..e725aa0890e0 100644 ---- a/fs/ext2/acl.c -+++ b/fs/ext2/acl.c -@@ -190,15 +190,11 @@ ext2_set_acl(struct inode *inode, struct posix_acl *acl, int type) - case ACL_TYPE_ACCESS: - name_index = EXT2_XATTR_INDEX_POSIX_ACL_ACCESS; - if (acl) { -- error = posix_acl_equiv_mode(acl, &inode->i_mode); -- if (error < 0) -+ error = posix_acl_update_mode(inode, &inode->i_mode, &acl); -+ if (error) - return error; -- else { -- inode->i_ctime = CURRENT_TIME_SEC; -- mark_inode_dirty(inode); -- if (error == 0) -- acl = NULL; -- } -+ inode->i_ctime = CURRENT_TIME_SEC; -+ mark_inode_dirty(inode); - } - break; - -diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c -index c6601a476c02..dfa519979038 100644 ---- a/fs/ext4/acl.c -+++ b/fs/ext4/acl.c -@@ -193,15 +193,11 @@ __ext4_set_acl(handle_t *handle, struct inode *inode, int type, - case ACL_TYPE_ACCESS: - name_index = EXT4_XATTR_INDEX_POSIX_ACL_ACCESS; - if (acl) { -- error = posix_acl_equiv_mode(acl, &inode->i_mode); -- if (error < 0) -+ error = posix_acl_update_mode(inode, &inode->i_mode, &acl); -+ if (error) - return error; -- else { -- inode->i_ctime = ext4_current_time(inode); -- ext4_mark_inode_dirty(handle, inode); -- if (error == 0) -- acl = NULL; -- } -+ inode->i_ctime = ext4_current_time(inode); -+ ext4_mark_inode_dirty(handle, inode); - } - break; - -diff --git a/fs/f2fs/acl.c b/fs/f2fs/acl.c -index 4dcc9e28dc5c..31344247ce89 100644 ---- a/fs/f2fs/acl.c -+++ b/fs/f2fs/acl.c -@@ -210,12 +210,10 @@ static int __f2fs_set_acl(struct inode *inode, int type, - case ACL_TYPE_ACCESS: - name_index = F2FS_XATTR_INDEX_POSIX_ACL_ACCESS; - if (acl) { -- error = posix_acl_equiv_mode(acl, &inode->i_mode); -- if (error < 0) -+ error = posix_acl_update_mode(inode, &inode->i_mode, &acl); -+ if (error) - return error; - set_acl_inode(inode, inode->i_mode); -- if (error == 0) -- acl = NULL; - } - break; - -diff --git a/fs/gfs2/acl.c b/fs/gfs2/acl.c -index 363ba9e9d8d0..2524807ee070 100644 ---- a/fs/gfs2/acl.c -+++ b/fs/gfs2/acl.c -@@ -92,17 +92,11 @@ int __gfs2_set_acl(struct inode *inode, struct posix_acl *acl, int type) - if (type == ACL_TYPE_ACCESS) { - umode_t mode = inode->i_mode; - -- error = posix_acl_equiv_mode(acl, &mode); -- if (error < 0) -+ error = posix_acl_update_mode(inode, &inode->i_mode, &acl); -+ if (error) - return error; -- -- if (error == 0) -- acl = NULL; -- -- if (mode != inode->i_mode) { -- inode->i_mode = mode; -+ if (mode != inode->i_mode) - mark_inode_dirty(inode); -- } - } - - if (acl) { -diff --git a/fs/hfsplus/posix_acl.c b/fs/hfsplus/posix_acl.c -index ab7ea2506b4d..9b92058a1240 100644 ---- a/fs/hfsplus/posix_acl.c -+++ b/fs/hfsplus/posix_acl.c -@@ -65,8 +65,8 @@ int hfsplus_set_posix_acl(struct inode *inode, struct posix_acl *acl, - case ACL_TYPE_ACCESS: - xattr_name = XATTR_NAME_POSIX_ACL_ACCESS; - if (acl) { -- err = posix_acl_equiv_mode(acl, &inode->i_mode); -- if (err < 0) -+ err = posix_acl_update_mode(inode, &inode->i_mode, &acl); -+ if (err) - return err; - } - err = 0; -diff --git a/fs/jffs2/acl.c b/fs/jffs2/acl.c -index bc2693d56298..2a0f2a1044c1 100644 ---- a/fs/jffs2/acl.c -+++ b/fs/jffs2/acl.c -@@ -233,9 +233,10 @@ int jffs2_set_acl(struct inode *inode, struct posix_acl *acl, int type) - case ACL_TYPE_ACCESS: - xprefix = JFFS2_XPREFIX_ACL_ACCESS; - if (acl) { -- umode_t mode = inode->i_mode; -- rc = posix_acl_equiv_mode(acl, &mode); -- if (rc < 0) -+ umode_t mode; -+ -+ rc = posix_acl_update_mode(inode, &mode, &acl); -+ if (rc) - return rc; - if (inode->i_mode != mode) { - struct iattr attr; -@@ -247,8 +248,6 @@ int jffs2_set_acl(struct inode *inode, struct posix_acl *acl, int type) - if (rc < 0) - return rc; - } -- if (rc == 0) -- acl = NULL; - } - break; - case ACL_TYPE_DEFAULT: -diff --git a/fs/jfs/acl.c b/fs/jfs/acl.c -index 21fa92ba2c19..3a1e1554a4e3 100644 ---- a/fs/jfs/acl.c -+++ b/fs/jfs/acl.c -@@ -78,13 +78,11 @@ static int __jfs_set_acl(tid_t tid, struct inode *inode, int type, - case ACL_TYPE_ACCESS: - ea_name = XATTR_NAME_POSIX_ACL_ACCESS; - if (acl) { -- rc = posix_acl_equiv_mode(acl, &inode->i_mode); -- if (rc < 0) -+ rc = posix_acl_update_mode(inode, &inode->i_mode, &acl); -+ if (rc) - return rc; - inode->i_ctime = CURRENT_TIME; - mark_inode_dirty(inode); -- if (rc == 0) -- acl = NULL; - } - break; - case ACL_TYPE_DEFAULT: -diff --git a/fs/ocfs2/acl.c b/fs/ocfs2/acl.c -index 2162434728c0..164307b99405 100644 ---- a/fs/ocfs2/acl.c -+++ b/fs/ocfs2/acl.c -@@ -241,13 +241,11 @@ int ocfs2_set_acl(handle_t *handle, - case ACL_TYPE_ACCESS: - name_index = OCFS2_XATTR_INDEX_POSIX_ACL_ACCESS; - if (acl) { -- umode_t mode = inode->i_mode; -- ret = posix_acl_equiv_mode(acl, &mode); -- if (ret < 0) -- return ret; -+ umode_t mode; - -- if (ret == 0) -- acl = NULL; -+ ret = posix_acl_update_mode(inode, &mode, &acl); -+ if (ret) -+ return ret; - - ret = ocfs2_acl_set_mode(inode, di_bh, - handle, mode); -diff --git a/fs/orangefs/acl.c b/fs/orangefs/acl.c -index 28f2195cd798..7a3754488312 100644 ---- a/fs/orangefs/acl.c -+++ b/fs/orangefs/acl.c -@@ -73,14 +73,11 @@ int orangefs_set_acl(struct inode *inode, struct posix_acl *acl, int type) - case ACL_TYPE_ACCESS: - name = XATTR_NAME_POSIX_ACL_ACCESS; - if (acl) { -- umode_t mode = inode->i_mode; -- /* -- * can we represent this with the traditional file -- * mode permission bits? -- */ -- error = posix_acl_equiv_mode(acl, &mode); -- if (error < 0) { -- gossip_err("%s: posix_acl_equiv_mode err: %d\n", -+ umode_t mode; -+ -+ error = posix_acl_update_mode(inode, &mode, &acl); -+ if (error) { -+ gossip_err("%s: posix_acl_update_mode err: %d\n", - __func__, - error); - return error; -@@ -90,8 +87,6 @@ int orangefs_set_acl(struct inode *inode, struct posix_acl *acl, int type) - SetModeFlag(orangefs_inode); - inode->i_mode = mode; - mark_inode_dirty_sync(inode); -- if (error == 0) -- acl = NULL; - } - break; - case ACL_TYPE_DEFAULT: -diff --git a/fs/posix_acl.c b/fs/posix_acl.c -index 59d47ab0791a..bfc3ec388322 100644 ---- a/fs/posix_acl.c -+++ b/fs/posix_acl.c -@@ -626,6 +626,37 @@ posix_acl_create(struct inode *dir, umode_t *mode, - } - EXPORT_SYMBOL_GPL(posix_acl_create); - -+/** -+ * posix_acl_update_mode - update mode in set_acl -+ * -+ * Update the file mode when setting an ACL: compute the new file permission -+ * bits based on the ACL. In addition, if the ACL is equivalent to the new -+ * file mode, set *acl to NULL to indicate that no ACL should be set. -+ * -+ * As with chmod, clear the setgit bit if the caller is not in the owning group -+ * or capable of CAP_FSETID (see inode_change_ok). -+ * -+ * Called from set_acl inode operations. -+ */ -+int posix_acl_update_mode(struct inode *inode, umode_t *mode_p, -+ struct posix_acl **acl) -+{ -+ umode_t mode = inode->i_mode; -+ int error; -+ -+ error = posix_acl_equiv_mode(*acl, &mode); -+ if (error < 0) -+ return error; -+ if (error == 0) -+ *acl = NULL; -+ if (!in_group_p(inode->i_gid) && -+ !capable_wrt_inode_uidgid(inode, CAP_FSETID)) -+ mode &= ~S_ISGID; -+ *mode_p = mode; -+ return 0; -+} -+EXPORT_SYMBOL(posix_acl_update_mode); -+ - /* - * Fix up the uids and gids in posix acl extended attributes in place. - */ -diff --git a/fs/reiserfs/xattr_acl.c b/fs/reiserfs/xattr_acl.c -index dbed42f755e0..27376681c640 100644 ---- a/fs/reiserfs/xattr_acl.c -+++ b/fs/reiserfs/xattr_acl.c -@@ -242,13 +242,9 @@ __reiserfs_set_acl(struct reiserfs_transaction_handle *th, struct inode *inode, - case ACL_TYPE_ACCESS: - name = XATTR_NAME_POSIX_ACL_ACCESS; - if (acl) { -- error = posix_acl_equiv_mode(acl, &inode->i_mode); -- if (error < 0) -+ error = posix_acl_update_mode(inode, &inode->i_mode, &acl); -+ if (error) - return error; -- else { -- if (error == 0) -- acl = NULL; -- } - } - break; - case ACL_TYPE_DEFAULT: -diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c -index b6e527b8eccb..8a0dec89ca56 100644 ---- a/fs/xfs/xfs_acl.c -+++ b/fs/xfs/xfs_acl.c -@@ -257,16 +257,11 @@ xfs_set_acl(struct inode *inode, struct posix_acl *acl, int type) - return error; - - if (type == ACL_TYPE_ACCESS) { -- umode_t mode = inode->i_mode; -- error = posix_acl_equiv_mode(acl, &mode); -- -- if (error <= 0) { -- acl = NULL; -- -- if (error < 0) -- return error; -- } -+ umode_t mode; - -+ error = posix_acl_update_mode(inode, &mode, &acl); -+ if (error) -+ return error; - error = xfs_set_mode(inode, mode); - if (error) - return error; -diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h -index d5d3d741f028..bf1046d0397b 100644 ---- a/include/linux/posix_acl.h -+++ b/include/linux/posix_acl.h -@@ -93,6 +93,7 @@ extern int set_posix_acl(struct inode *, int, struct posix_acl *); - extern int posix_acl_chmod(struct inode *, umode_t); - extern int posix_acl_create(struct inode *, umode_t *, struct posix_acl **, - struct posix_acl **); -+extern int posix_acl_update_mode(struct inode *, umode_t *, struct posix_acl **); - - extern int simple_set_acl(struct inode *, struct posix_acl *, int); - extern int simple_acl_create(struct inode *, struct inode *); diff --git a/debian/patches/bugfix/all/radeon-firmware-is-required-for-drm-and-kms-on-r600-onward.patch b/debian/patches/bugfix/all/radeon-firmware-is-required-for-drm-and-kms-on-r600-onward.patch index ffd144394..6065c3955 100644 --- a/debian/patches/bugfix/all/radeon-firmware-is-required-for-drm-and-kms-on-r600-onward.patch +++ b/debian/patches/bugfix/all/radeon-firmware-is-required-for-drm-and-kms-on-r600-onward.patch @@ -26,7 +26,7 @@ missing, except for the pre-R600 case. --- --- a/drivers/gpu/drm/radeon/radeon_drv.c +++ b/drivers/gpu/drm/radeon/radeon_drv.c -@@ -42,6 +42,8 @@ +@@ -43,6 +43,8 @@ #include "drm_crtc_helper.h" #include "radeon_kfd.h" @@ -35,9 +35,9 @@ missing, except for the pre-R600 case. /* * KMS wrapper. -@@ -309,6 +311,29 @@ MODULE_DEVICE_TABLE(pci, pciidlist); +@@ -309,6 +311,29 @@ static struct drm_driver kms_driver; - static struct drm_driver kms_driver; + bool radeon_device_is_virtual(void); +/* Test that /lib/firmware/radeon is a directory (or symlink to a + * directory). We could try to match the udev search path, but let's diff --git a/debian/patches/features/all/aufs4/aufs4-base.patch b/debian/patches/features/all/aufs4/aufs4-base.patch index 330185af9..7e5098da8 100644 --- a/debian/patches/features/all/aufs4/aufs4-base.patch +++ b/debian/patches/features/all/aufs4/aufs4-base.patch @@ -8,11 +8,11 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch aufs4.8 base patch -diff --git a/MAINTAINERS b/MAINTAINERS -index f593300..8a17054 100644 +[bwh: Forward-ported to 4.9: adjust context] + --- a/MAINTAINERS +++ b/MAINTAINERS -@@ -2256,6 +2256,19 @@ F: include/linux/audit.h +@@ -2285,6 +2285,19 @@ F: include/linux/audit.h F: include/uapi/linux/audit.h F: kernel/audit* @@ -32,11 +32,9 @@ index f593300..8a17054 100644 AUXILIARY DISPLAY DRIVERS M: Miguel Ojeda Sandonis W: http://miguelojeda.es/auxdisplay.htm -diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index c9f2107..005e292 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c -@@ -701,6 +701,24 @@ static inline int is_loop_device(struct file *file) +@@ -701,6 +701,24 @@ static inline int is_loop_device(struct return i && S_ISBLK(i->i_mode) && MAJOR(i->i_rdev) == LOOP_MAJOR; } @@ -61,8 +59,6 @@ index c9f2107..005e292 100644 /* loop sysfs attributes */ static ssize_t loop_attr_show(struct device *dev, char *page, -diff --git a/fs/dcache.c b/fs/dcache.c -index 5c7cc95..df0268c 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -1164,7 +1164,7 @@ enum d_walk_ret { @@ -74,8 +70,6 @@ index 5c7cc95..df0268c 100644 enum d_walk_ret (*enter)(void *, struct dentry *), void (*finish)(void *)) { -diff --git a/fs/fcntl.c b/fs/fcntl.c -index 350a2c8..6f42279 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -29,7 +29,7 @@ @@ -87,7 +81,7 @@ index 350a2c8..6f42279 100644 { struct inode * inode = file_inode(filp); int error = 0; -@@ -60,6 +60,8 @@ static int setfl(int fd, struct file * filp, unsigned long arg) +@@ -60,6 +60,8 @@ static int setfl(int fd, struct file * f if (filp->f_op->check_flags) error = filp->f_op->check_flags(arg); @@ -96,11 +90,9 @@ index 350a2c8..6f42279 100644 if (error) return error; -diff --git a/fs/inode.c b/fs/inode.c -index 7e3ef3a..675fe84 100644 --- a/fs/inode.c +++ b/fs/inode.c -@@ -1593,7 +1593,7 @@ EXPORT_SYMBOL(generic_update_time); +@@ -1642,7 +1642,7 @@ EXPORT_SYMBOL(generic_update_time); * This does the actual work of updating an inodes time or version. Must have * had called mnt_want_write() before calling this. */ @@ -109,11 +101,9 @@ index 7e3ef3a..675fe84 100644 { int (*update_time)(struct inode *, struct timespec *, int); -diff --git a/fs/read_write.c b/fs/read_write.c -index 66215a7..a1da117 100644 --- a/fs/read_write.c +++ b/fs/read_write.c -@@ -515,6 +515,28 @@ ssize_t __vfs_write(struct file *file, const char __user *p, size_t count, +@@ -515,6 +515,28 @@ ssize_t __vfs_write(struct file *file, c } EXPORT_SYMBOL(__vfs_write); @@ -142,11 +132,9 @@ index 66215a7..a1da117 100644 ssize_t __kernel_write(struct file *file, const char *buf, size_t count, loff_t *pos) { mm_segment_t old_fs; -diff --git a/fs/splice.c b/fs/splice.c -index dd9bf7e..9326c2a 100644 --- a/fs/splice.c +++ b/fs/splice.c -@@ -1111,8 +1111,8 @@ EXPORT_SYMBOL(generic_splice_sendpage); +@@ -859,8 +859,8 @@ EXPORT_SYMBOL(generic_splice_sendpage); /* * Attempt to initiate a splice from pipe to file. */ @@ -157,7 +145,7 @@ index dd9bf7e..9326c2a 100644 { ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, loff_t *, size_t, unsigned int); -@@ -1128,9 +1128,9 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out, +@@ -876,9 +876,9 @@ static long do_splice_from(struct pipe_i /* * Attempt to initiate a splice from a file to a pipe. */ @@ -170,8 +158,6 @@ index dd9bf7e..9326c2a 100644 { ssize_t (*splice_read)(struct file *, loff_t *, struct pipe_inode_info *, size_t, unsigned int); -diff --git a/include/linux/file.h b/include/linux/file.h -index 7444f5f..bdac0be 100644 --- a/include/linux/file.h +++ b/include/linux/file.h @@ -19,6 +19,7 @@ struct dentry; @@ -182,11 +168,9 @@ index 7444f5f..bdac0be 100644 static inline void fput_light(struct file *file, int fput_needed) { -diff --git a/include/linux/fs.h b/include/linux/fs.h -index 901e25d..a71aa9e 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h -@@ -1275,6 +1275,7 @@ extern void fasync_free(struct fasync_struct *); +@@ -1290,6 +1290,7 @@ extern void fasync_free(struct fasync_st /* can be called from interrupts */ extern void kill_fasync(struct fasync_struct **, int, int); @@ -194,7 +178,7 @@ index 901e25d..a71aa9e 100644 extern void __f_setown(struct file *filp, struct pid *, enum pid_type, int force); extern void f_setown(struct file *filp, unsigned long arg, int force); extern void f_delown(struct file *filp); -@@ -1699,6 +1700,7 @@ struct file_operations { +@@ -1715,6 +1716,7 @@ struct file_operations { ssize_t (*sendpage) (struct file *, struct page *, int, size_t, loff_t *, int); unsigned long (*get_unmapped_area)(struct file *, unsigned long, unsigned long, unsigned long, unsigned long); int (*check_flags)(int); @@ -202,7 +186,7 @@ index 901e25d..a71aa9e 100644 int (*flock) (struct file *, int, struct file_lock *); ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, loff_t *, size_t, unsigned int); ssize_t (*splice_read)(struct file *, loff_t *, struct pipe_inode_info *, size_t, unsigned int); -@@ -1759,6 +1761,12 @@ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector, +@@ -1768,6 +1770,12 @@ ssize_t rw_copy_check_uvector(int type, struct iovec *fast_pointer, struct iovec **ret_pointer); @@ -215,7 +199,7 @@ index 901e25d..a71aa9e 100644 extern ssize_t __vfs_read(struct file *, char __user *, size_t, loff_t *); extern ssize_t __vfs_write(struct file *, const char __user *, size_t, loff_t *); extern ssize_t vfs_read(struct file *, char __user *, size_t, loff_t *); -@@ -2123,6 +2131,7 @@ extern int current_umask(void); +@@ -2140,6 +2148,7 @@ extern int current_umask(void); extern void ihold(struct inode * inode); extern void iput(struct inode *); extern int generic_update_time(struct inode *, struct timespec *, int); @@ -223,14 +207,12 @@ index 901e25d..a71aa9e 100644 /* /sys/fs */ extern struct kobject *fs_kobj; -diff --git a/include/linux/splice.h b/include/linux/splice.h -index da2751d..2e0fca6 100644 --- a/include/linux/splice.h +++ b/include/linux/splice.h -@@ -83,4 +83,10 @@ extern void splice_shrink_spd(struct splice_pipe_desc *); - extern void spd_release_page(struct splice_pipe_desc *, unsigned int); +@@ -86,4 +86,10 @@ extern void spd_release_page(struct spli extern const struct pipe_buf_operations page_cache_pipe_buf_ops; + extern const struct pipe_buf_operations default_pipe_buf_ops; + +extern long do_splice_from(struct pipe_inode_info *pipe, struct file *out, + loff_t *ppos, size_t len, unsigned int flags); diff --git a/debian/patches/features/all/aufs4/aufs4-mmap.patch b/debian/patches/features/all/aufs4/aufs4-mmap.patch index 5e2f68da2..98b1946e7 100644 --- a/debian/patches/features/all/aufs4/aufs4-mmap.patch +++ b/debian/patches/features/all/aufs4/aufs4-mmap.patch @@ -8,11 +8,11 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch aufs4.8 mmap patch -diff --git a/fs/proc/base.c b/fs/proc/base.c -index ac0df4d..42255e5 100644 +[bwh: Forward-ported to 4.9: adjust context] + --- a/fs/proc/base.c +++ b/fs/proc/base.c -@@ -1938,7 +1938,7 @@ static int map_files_get_link(struct dentry *dentry, struct path *path) +@@ -1952,7 +1952,7 @@ static int map_files_get_link(struct den down_read(&mm->mmap_sem); vma = find_exact_vma(mm, vm_start, vm_end); if (vma && vma->vm_file) { @@ -21,11 +21,9 @@ index ac0df4d..42255e5 100644 path_get(path); rc = 0; } -diff --git a/fs/proc/nommu.c b/fs/proc/nommu.c -index f8595e8..cb8eda0 100644 --- a/fs/proc/nommu.c +++ b/fs/proc/nommu.c -@@ -45,7 +45,10 @@ static int nommu_region_show(struct seq_file *m, struct vm_region *region) +@@ -45,7 +45,10 @@ static int nommu_region_show(struct seq_ file = region->vm_file; if (file) { @@ -37,11 +35,9 @@ index f8595e8..cb8eda0 100644 dev = inode->i_sb->s_dev; ino = inode->i_ino; } -diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index f6fa99e..2750949 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c -@@ -298,7 +298,10 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) +@@ -291,7 +291,10 @@ show_map_vma(struct seq_file *m, struct const char *name = NULL; if (file) { @@ -53,7 +49,7 @@ index f6fa99e..2750949 100644 dev = inode->i_sb->s_dev; ino = inode->i_ino; pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT; -@@ -1634,7 +1637,7 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1627,7 +1630,7 @@ static int show_numa_map(struct seq_file struct proc_maps_private *proc_priv = &numa_priv->proc_maps; struct vm_area_struct *vma = v; struct numa_maps *md = &numa_priv->md; @@ -62,11 +58,9 @@ index f6fa99e..2750949 100644 struct mm_struct *mm = vma->vm_mm; struct mm_walk walk = { .hugetlb_entry = gather_hugetlb_stats, -diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c -index faacb0c..17b43be 100644 --- a/fs/proc/task_nommu.c +++ b/fs/proc/task_nommu.c -@@ -163,7 +163,10 @@ static int nommu_vma_show(struct seq_file *m, struct vm_area_struct *vma, +@@ -155,7 +155,10 @@ static int nommu_vma_show(struct seq_fil file = vma->vm_file; if (file) { @@ -78,11 +72,9 @@ index faacb0c..17b43be 100644 dev = inode->i_sb->s_dev; ino = inode->i_ino; pgoff = (loff_t)vma->vm_pgoff << PAGE_SHIFT; -diff --git a/include/linux/mm.h b/include/linux/mm.h -index ef815b9..a772481 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h -@@ -1278,6 +1278,28 @@ static inline int fixup_user_fault(struct task_struct *tsk, +@@ -1266,6 +1266,28 @@ static inline int fixup_user_fault(struc } #endif @@ -108,11 +100,9 @@ index ef815b9..a772481 100644 +#define vmr_fput(region) vmr_do_fput(region, __func__, __LINE__) +#endif /* !CONFIG_MMU */ + - extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write); + extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, + unsigned int gup_flags); extern int access_remote_vm(struct mm_struct *mm, unsigned long addr, - void *buf, int len, int write); -diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index 903200f..55fc528 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h @@ -275,6 +275,7 @@ struct vm_region { @@ -131,11 +121,9 @@ index 903200f..55fc528 100644 void * vm_private_data; /* was vm_pte (shared mem) */ #ifndef CONFIG_MMU -diff --git a/kernel/fork.c b/kernel/fork.c -index beb3172..ad4cfa8 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -477,7 +477,7 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -621,7 +621,7 @@ static __latent_entropy int dup_mmap(str struct inode *inode = file_inode(file); struct address_space *mapping = file->f_mapping; @@ -144,11 +132,9 @@ index beb3172..ad4cfa8 100644 if (tmp->vm_flags & VM_DENYWRITE) atomic_dec(&inode->i_writecount); i_mmap_lock_write(mapping); -diff --git a/mm/Makefile b/mm/Makefile -index 2ca1faf..6b9da3f 100644 --- a/mm/Makefile +++ b/mm/Makefile -@@ -40,7 +40,7 @@ obj-y := filemap.o mempool.o oom_kill.o \ +@@ -37,7 +37,7 @@ obj-y := filemap.o mempool.o oom_kill. mm_init.o mmu_context.o percpu.o slab_common.o \ compaction.o vmacache.o \ interval_tree.o list_lru.o workingset.o \ @@ -157,11 +143,9 @@ index 2ca1faf..6b9da3f 100644 obj-y += init-mm.o -diff --git a/mm/filemap.c b/mm/filemap.c -index 2d0986a..4a31bad 100644 --- a/mm/filemap.c +++ b/mm/filemap.c -@@ -2284,7 +2284,7 @@ int filemap_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf) +@@ -2303,7 +2303,7 @@ int filemap_page_mkwrite(struct vm_area_ int ret = VM_FAULT_LOCKED; sb_start_pagefault(inode->i_sb); @@ -170,11 +154,9 @@ index 2d0986a..4a31bad 100644 lock_page(page); if (page->mapping != inode->i_mapping) { unlock_page(page); -diff --git a/mm/memory.c b/mm/memory.c -index 793fe0f..45f39f3 100644 --- a/mm/memory.c +++ b/mm/memory.c -@@ -2113,7 +2113,7 @@ static inline int wp_page_reuse(struct fault_env *fe, pte_t orig_pte, +@@ -2117,7 +2117,7 @@ static inline int wp_page_reuse(struct f } if (!page_mkwrite) @@ -183,11 +165,9 @@ index 793fe0f..45f39f3 100644 } return VM_FAULT_WRITE; -diff --git a/mm/mmap.c b/mm/mmap.c -index ca9d91b..f3ebc5a 100644 --- a/mm/mmap.c +++ b/mm/mmap.c -@@ -163,7 +163,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) +@@ -170,7 +170,7 @@ static struct vm_area_struct *remove_vma if (vma->vm_ops && vma->vm_ops->close) vma->vm_ops->close(vma); if (vma->vm_file) @@ -196,7 +176,7 @@ index ca9d91b..f3ebc5a 100644 mpol_put(vma_policy(vma)); kmem_cache_free(vm_area_cachep, vma); return next; -@@ -790,7 +790,7 @@ again: +@@ -879,7 +879,7 @@ again: if (remove_next) { if (file) { uprobe_munmap(next, next->vm_start, next->vm_end); @@ -205,7 +185,7 @@ index ca9d91b..f3ebc5a 100644 } if (next->anon_vma) anon_vma_merge(vma, next); -@@ -1574,8 +1574,8 @@ out: +@@ -1727,8 +1727,8 @@ out: return addr; unmap_and_free_vma: @@ -215,7 +195,7 @@ index ca9d91b..f3ebc5a 100644 /* Undo any partial mapping done by a device driver. */ unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); -@@ -2380,7 +2380,7 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2533,7 +2533,7 @@ static int __split_vma(struct mm_struct goto out_free_mpol; if (new->vm_file) @@ -224,7 +204,7 @@ index ca9d91b..f3ebc5a 100644 if (new->vm_ops && new->vm_ops->open) new->vm_ops->open(new); -@@ -2399,7 +2399,7 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2552,7 +2552,7 @@ static int __split_vma(struct mm_struct if (new->vm_ops && new->vm_ops->close) new->vm_ops->close(new); if (new->vm_file) @@ -233,7 +213,7 @@ index ca9d91b..f3ebc5a 100644 unlink_anon_vmas(new); out_free_mpol: mpol_put(vma_policy(new)); -@@ -2550,7 +2550,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, +@@ -2703,7 +2703,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsign struct vm_area_struct *vma; unsigned long populate = 0; unsigned long ret = -EINVAL; @@ -242,7 +222,7 @@ index ca9d91b..f3ebc5a 100644 pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.\n", current->comm, current->pid); -@@ -2625,10 +2625,27 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, +@@ -2778,10 +2778,27 @@ SYSCALL_DEFINE5(remap_file_pages, unsign } } @@ -271,7 +251,7 @@ index ca9d91b..f3ebc5a 100644 out: up_write(&mm->mmap_sem); if (populate) -@@ -2903,7 +2920,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -3056,7 +3073,7 @@ struct vm_area_struct *copy_vma(struct v if (anon_vma_clone(new_vma, vma)) goto out_free_mempol; if (new_vma->vm_file) @@ -280,11 +260,9 @@ index ca9d91b..f3ebc5a 100644 if (new_vma->vm_ops && new_vma->vm_ops->open) new_vma->vm_ops->open(new_vma); vma_link(mm, new_vma, prev, rb_link, rb_parent); -diff --git a/mm/nommu.c b/mm/nommu.c -index 95daf81..5086a29 100644 --- a/mm/nommu.c +++ b/mm/nommu.c -@@ -644,7 +644,7 @@ static void __put_nommu_region(struct vm_region *region) +@@ -636,7 +636,7 @@ static void __put_nommu_region(struct vm up_write(&nommu_region_sem); if (region->vm_file) @@ -293,7 +271,7 @@ index 95daf81..5086a29 100644 /* IO memory and memory shared directly out of the pagecache * from ramfs/tmpfs mustn't be released here */ -@@ -802,7 +802,7 @@ static void delete_vma(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -794,7 +794,7 @@ static void delete_vma(struct mm_struct if (vma->vm_ops && vma->vm_ops->close) vma->vm_ops->close(vma); if (vma->vm_file) @@ -302,7 +280,7 @@ index 95daf81..5086a29 100644 put_nommu_region(vma->vm_region); kmem_cache_free(vm_area_cachep, vma); } -@@ -1328,7 +1328,7 @@ unsigned long do_mmap(struct file *file, +@@ -1320,7 +1320,7 @@ unsigned long do_mmap(struct file *file, goto error_just_free; } } @@ -311,7 +289,7 @@ index 95daf81..5086a29 100644 kmem_cache_free(vm_region_jar, region); region = pregion; result = start; -@@ -1403,10 +1403,10 @@ error_just_free: +@@ -1395,10 +1395,10 @@ error_just_free: up_write(&nommu_region_sem); error: if (region->vm_file) @@ -324,9 +302,6 @@ index 95daf81..5086a29 100644 kmem_cache_free(vm_area_cachep, vma); return ret; -diff --git a/mm/prfile.c b/mm/prfile.c -new file mode 100644 -index 0000000..b323b8a --- /dev/null +++ b/mm/prfile.c @@ -0,0 +1,86 @@ diff --git a/debian/patches/features/all/aufs4/aufs4-standalone.patch b/debian/patches/features/all/aufs4/aufs4-standalone.patch index 8c89bb93a..49139afc2 100644 --- a/debian/patches/features/all/aufs4/aufs4-standalone.patch +++ b/debian/patches/features/all/aufs4/aufs4-standalone.patch @@ -8,8 +8,6 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch aufs4.8 standalone patch -diff --git a/fs/dcache.c b/fs/dcache.c -index df0268c..76280ee 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -1272,6 +1272,7 @@ rename_retry: @@ -20,11 +18,9 @@ index df0268c..76280ee 100644 /* * Search for at least 1 mount point in the dentry's subdirs. -diff --git a/fs/exec.c b/fs/exec.c -index 6fcfb3f..ed9d646 100644 --- a/fs/exec.c +++ b/fs/exec.c -@@ -104,6 +104,7 @@ bool path_noexec(const struct path *path) +@@ -104,6 +104,7 @@ bool path_noexec(const struct path *path return (path->mnt->mnt_flags & MNT_NOEXEC) || (path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC); } @@ -32,11 +28,9 @@ index 6fcfb3f..ed9d646 100644 #ifdef CONFIG_USELIB /* -diff --git a/fs/fcntl.c b/fs/fcntl.c -index 6f42279..04fd33c 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c -@@ -82,6 +82,7 @@ int setfl(int fd, struct file * filp, unsigned long arg) +@@ -82,6 +82,7 @@ int setfl(int fd, struct file * filp, un out: return error; } @@ -44,8 +38,6 @@ index 6f42279..04fd33c 100644 static void f_modown(struct file *filp, struct pid *pid, enum pid_type type, int force) -diff --git a/fs/file_table.c b/fs/file_table.c -index ad17e05..ae9f267 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -147,6 +147,7 @@ over: @@ -80,11 +72,9 @@ index ad17e05..ae9f267 100644 void __init files_init(void) { -diff --git a/fs/inode.c b/fs/inode.c -index 675fe84..da063d3 100644 --- a/fs/inode.c +++ b/fs/inode.c -@@ -1602,6 +1602,7 @@ int update_time(struct inode *inode, struct timespec *time, int flags) +@@ -1651,6 +1651,7 @@ int update_time(struct inode *inode, str return update_time(inode, time, flags); } @@ -92,11 +82,9 @@ index 675fe84..da063d3 100644 /** * touch_atime - update the access time -diff --git a/fs/namespace.c b/fs/namespace.c -index 7bb2cda..88ec098 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -463,6 +463,7 @@ void __mnt_drop_write(struct vfsmount *mnt) +@@ -466,6 +466,7 @@ void __mnt_drop_write(struct vfsmount *m mnt_dec_writers(real_mount(mnt)); preempt_enable(); } @@ -104,7 +92,7 @@ index 7bb2cda..88ec098 100644 /** * mnt_drop_write - give up write access to a mount -@@ -1812,6 +1813,7 @@ int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg, +@@ -1823,6 +1824,7 @@ int iterate_mounts(int (*f)(struct vfsmo } return 0; } @@ -112,8 +100,6 @@ index 7bb2cda..88ec098 100644 static void cleanup_group_ids(struct mount *mnt, struct mount *end) { -diff --git a/fs/notify/group.c b/fs/notify/group.c -index b47f7cf..618bc9e 100644 --- a/fs/notify/group.c +++ b/fs/notify/group.c @@ -22,6 +22,7 @@ @@ -124,7 +110,7 @@ index b47f7cf..618bc9e 100644 #include #include "fsnotify.h" -@@ -100,6 +101,7 @@ void fsnotify_get_group(struct fsnotify_group *group) +@@ -100,6 +101,7 @@ void fsnotify_get_group(struct fsnotify_ { atomic_inc(&group->refcnt); } @@ -132,7 +118,7 @@ index b47f7cf..618bc9e 100644 /* * Drop a reference to a group. Free it if it's through. -@@ -109,6 +111,7 @@ void fsnotify_put_group(struct fsnotify_group *group) +@@ -109,6 +111,7 @@ void fsnotify_put_group(struct fsnotify_ if (atomic_dec_and_test(&group->refcnt)) fsnotify_final_destroy_group(group); } @@ -140,7 +126,7 @@ index b47f7cf..618bc9e 100644 /* * Create a new fsnotify_group and hold a reference for the group returned. -@@ -137,6 +140,7 @@ struct fsnotify_group *fsnotify_alloc_group(const struct fsnotify_ops *ops) +@@ -137,6 +140,7 @@ struct fsnotify_group *fsnotify_alloc_gr return group; } @@ -148,11 +134,9 @@ index b47f7cf..618bc9e 100644 int fsnotify_fasync(int fd, struct file *file, int on) { -diff --git a/fs/notify/mark.c b/fs/notify/mark.c -index d3fea0b..5fc06ad 100644 --- a/fs/notify/mark.c +++ b/fs/notify/mark.c -@@ -113,6 +113,7 @@ void fsnotify_put_mark(struct fsnotify_mark *mark) +@@ -113,6 +113,7 @@ void fsnotify_put_mark(struct fsnotify_m mark->free_mark(mark); } } @@ -160,7 +144,7 @@ index d3fea0b..5fc06ad 100644 /* Calculate mask of events for a list of marks */ u32 fsnotify_recalc_mask(struct hlist_head *head) -@@ -230,6 +231,7 @@ void fsnotify_destroy_mark(struct fsnotify_mark *mark, +@@ -230,6 +231,7 @@ void fsnotify_destroy_mark(struct fsnoti mutex_unlock(&group->mark_mutex); fsnotify_free_mark(mark); } @@ -176,7 +160,7 @@ index d3fea0b..5fc06ad 100644 int fsnotify_add_mark(struct fsnotify_mark *mark, struct fsnotify_group *group, struct inode *inode, struct vfsmount *mnt, int allow_dups) -@@ -533,6 +536,7 @@ void fsnotify_init_mark(struct fsnotify_mark *mark, +@@ -533,6 +536,7 @@ void fsnotify_init_mark(struct fsnotify_ atomic_set(&mark->refcnt, 1); mark->free_mark = free_mark; } @@ -184,11 +168,9 @@ index d3fea0b..5fc06ad 100644 /* * Destroy all marks in destroy_list, waits for SRCU period to finish before -diff --git a/fs/open.c b/fs/open.c -index 4fd6e25..ec6f532 100644 --- a/fs/open.c +++ b/fs/open.c -@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, +@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, l inode_unlock(dentry->d_inode); return ret; } @@ -196,7 +178,7 @@ index 4fd6e25..ec6f532 100644 long vfs_truncate(const struct path *path, loff_t length) { -@@ -678,6 +679,7 @@ int open_check_o_direct(struct file *f) +@@ -695,6 +696,7 @@ int open_check_o_direct(struct file *f) } return 0; } @@ -204,8 +186,6 @@ index 4fd6e25..ec6f532 100644 static int do_dentry_open(struct file *f, struct inode *inode, -diff --git a/fs/read_write.c b/fs/read_write.c -index a1da117..c643215 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -525,6 +525,7 @@ vfs_readf_t vfs_readf(struct file *file) @@ -216,7 +196,7 @@ index a1da117..c643215 100644 vfs_writef_t vfs_writef(struct file *file) { -@@ -536,6 +537,7 @@ vfs_writef_t vfs_writef(struct file *file) +@@ -536,6 +537,7 @@ vfs_writef_t vfs_writef(struct file *fil return new_sync_write; return ERR_PTR(-ENOSYS); } @@ -224,11 +204,9 @@ index a1da117..c643215 100644 ssize_t __kernel_write(struct file *file, const char *buf, size_t count, loff_t *pos) { -diff --git a/fs/splice.c b/fs/splice.c -index 9326c2a..0606690 100644 --- a/fs/splice.c +++ b/fs/splice.c -@@ -1124,6 +1124,7 @@ long do_splice_from(struct pipe_inode_info *pipe, struct file *out, +@@ -872,6 +872,7 @@ long do_splice_from(struct pipe_inode_in return splice_write(pipe, out, ppos, len, flags); } @@ -236,7 +214,7 @@ index 9326c2a..0606690 100644 /* * Attempt to initiate a splice from a file to a pipe. -@@ -1153,6 +1154,7 @@ long do_splice_to(struct file *in, loff_t *ppos, +@@ -901,6 +902,7 @@ long do_splice_to(struct file *in, loff_ return splice_read(in, ppos, pipe, len, flags); } @@ -244,20 +222,16 @@ index 9326c2a..0606690 100644 /** * splice_direct_to_actor - splices data directly between two non-pipes -diff --git a/fs/xattr.c b/fs/xattr.c -index c243905..b60dc60 100644 --- a/fs/xattr.c +++ b/fs/xattr.c -@@ -214,6 +214,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, +@@ -290,6 +290,7 @@ vfs_getxattr_alloc(struct dentry *dentry *xattr_value = value; return error; } +EXPORT_SYMBOL_GPL(vfs_getxattr_alloc); ssize_t - vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) -diff --git a/kernel/task_work.c b/kernel/task_work.c -index d513051..e056d54 100644 + __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, --- a/kernel/task_work.c +++ b/kernel/task_work.c @@ -119,3 +119,4 @@ void task_work_run(void) @@ -265,11 +239,9 @@ index d513051..e056d54 100644 } } +EXPORT_SYMBOL_GPL(task_work_run); -diff --git a/security/commoncap.c b/security/commoncap.c -index 14540bd..4e3b242 100644 --- a/security/commoncap.c +++ b/security/commoncap.c -@@ -1066,12 +1066,14 @@ int cap_mmap_addr(unsigned long addr) +@@ -1061,12 +1061,14 @@ int cap_mmap_addr(unsigned long addr) } return ret; } @@ -284,8 +256,6 @@ index 14540bd..4e3b242 100644 #ifdef CONFIG_SECURITY -diff --git a/security/device_cgroup.c b/security/device_cgroup.c -index 03c1652..f88c84b 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -7,6 +7,7 @@ @@ -296,7 +266,7 @@ index 03c1652..f88c84b 100644 #include #include #include -@@ -849,6 +850,7 @@ int __devcgroup_inode_permission(struct inode *inode, int mask) +@@ -849,6 +850,7 @@ int __devcgroup_inode_permission(struct return __devcgroup_check_permission(type, imajor(inode), iminor(inode), access); } @@ -304,11 +274,9 @@ index 03c1652..f88c84b 100644 int devcgroup_inode_mknod(int mode, dev_t dev) { -diff --git a/security/security.c b/security/security.c -index 4838e7f..36c741e 100644 --- a/security/security.c +++ b/security/security.c -@@ -434,6 +434,7 @@ int security_path_rmdir(const struct path *dir, struct dentry *dentry) +@@ -443,6 +443,7 @@ int security_path_rmdir(const struct pat return 0; return call_int_hook(path_rmdir, 0, dir, dentry); } @@ -316,7 +284,7 @@ index 4838e7f..36c741e 100644 int security_path_unlink(const struct path *dir, struct dentry *dentry) { -@@ -450,6 +451,7 @@ int security_path_symlink(const struct path *dir, struct dentry *dentry, +@@ -459,6 +460,7 @@ int security_path_symlink(const struct p return 0; return call_int_hook(path_symlink, 0, dir, dentry, old_name); } @@ -324,7 +292,7 @@ index 4838e7f..36c741e 100644 int security_path_link(struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry) -@@ -458,6 +460,7 @@ int security_path_link(struct dentry *old_dentry, const struct path *new_dir, +@@ -467,6 +469,7 @@ int security_path_link(struct dentry *ol return 0; return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry); } @@ -332,7 +300,7 @@ index 4838e7f..36c741e 100644 int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry, -@@ -485,6 +488,7 @@ int security_path_truncate(const struct path *path) +@@ -494,6 +497,7 @@ int security_path_truncate(const struct return 0; return call_int_hook(path_truncate, 0, path); } @@ -340,7 +308,7 @@ index 4838e7f..36c741e 100644 int security_path_chmod(const struct path *path, umode_t mode) { -@@ -492,6 +496,7 @@ int security_path_chmod(const struct path *path, umode_t mode) +@@ -501,6 +505,7 @@ int security_path_chmod(const struct pat return 0; return call_int_hook(path_chmod, 0, path, mode); } @@ -348,7 +316,7 @@ index 4838e7f..36c741e 100644 int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) { -@@ -499,6 +504,7 @@ int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) +@@ -508,6 +513,7 @@ int security_path_chown(const struct pat return 0; return call_int_hook(path_chown, 0, path, uid, gid); } @@ -356,7 +324,7 @@ index 4838e7f..36c741e 100644 int security_path_chroot(const struct path *path) { -@@ -584,6 +590,7 @@ int security_inode_readlink(struct dentry *dentry) +@@ -593,6 +599,7 @@ int security_inode_readlink(struct dentr return 0; return call_int_hook(inode_readlink, 0, dentry); } @@ -364,7 +332,7 @@ index 4838e7f..36c741e 100644 int security_inode_follow_link(struct dentry *dentry, struct inode *inode, bool rcu) -@@ -599,6 +606,7 @@ int security_inode_permission(struct inode *inode, int mask) +@@ -608,6 +615,7 @@ int security_inode_permission(struct ino return 0; return call_int_hook(inode_permission, 0, inode, mask); } @@ -372,7 +340,7 @@ index 4838e7f..36c741e 100644 int security_inode_setattr(struct dentry *dentry, struct iattr *attr) { -@@ -758,6 +766,7 @@ int security_file_permission(struct file *file, int mask) +@@ -779,6 +787,7 @@ int security_file_permission(struct file return fsnotify_perm(file, mask); } @@ -380,7 +348,7 @@ index 4838e7f..36c741e 100644 int security_file_alloc(struct file *file) { -@@ -817,6 +826,7 @@ int security_mmap_file(struct file *file, unsigned long prot, +@@ -838,6 +847,7 @@ int security_mmap_file(struct file *file return ret; return ima_file_mmap(file, prot); } diff --git a/debian/patches/features/all/securelevel/acpi-disable-acpi-table-override-if-securelevel-is-s.patch b/debian/patches/features/all/securelevel/acpi-disable-acpi-table-override-if-securelevel-is-s.patch index 3dfc71d97..0491b2f65 100644 --- a/debian/patches/features/all/securelevel/acpi-disable-acpi-table-override-if-securelevel-is-s.patch +++ b/debian/patches/features/all/securelevel/acpi-disable-acpi-table-override-if-securelevel-is-s.patch @@ -15,6 +15,7 @@ do not allow ACPI tables to be overridden if securelevel is set. Signed-off-by: Linn Crosetto [bwh: Forward-ported to 4.7: ACPI override code moved to drivers/acpi/tables.c] +[bwh: Forward-ported to 4.9: adjust context] --- arch/x86/kernel/setup.c | 12 ++++++------ drivers/acpi/tables.c | 6 ++++++ @@ -22,7 +23,7 @@ Signed-off-by: Linn Crosetto --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1155,6 +1155,12 @@ void __init setup_arch(char **cmdline_p) +@@ -1153,6 +1153,12 @@ void __init setup_arch(char **cmdline_p) /* Allocate bigger log buffer */ setup_log_buf(1); @@ -35,7 +36,7 @@ Signed-off-by: Linn Crosetto reserve_initrd(); acpi_table_upgrade(); -@@ -1163,12 +1169,6 @@ void __init setup_arch(char **cmdline_p) +@@ -1161,12 +1167,6 @@ void __init setup_arch(char **cmdline_p) io_delay_init(); @@ -50,15 +51,15 @@ Signed-off-by: Linn Crosetto */ --- a/drivers/acpi/tables.c +++ b/drivers/acpi/tables.c -@@ -36,6 +36,7 @@ +@@ -35,6 +35,7 @@ + #include #include #include - #include +#include #include "internal.h" #ifdef CONFIG_ACPI_CUSTOM_DSDT -@@ -543,6 +544,12 @@ void __init acpi_table_upgrade(void) +@@ -545,6 +546,12 @@ void __init acpi_table_upgrade(void) if (table_nr == 0) return; diff --git a/debian/patches/features/all/securelevel/restrict-dev-mem-and-dev-kmem-when-securelevel-is-se.patch b/debian/patches/features/all/securelevel/restrict-dev-mem-and-dev-kmem-when-securelevel-is-se.patch index 48cf73dd7..dd8676dab 100644 --- a/debian/patches/features/all/securelevel/restrict-dev-mem-and-dev-kmem-when-securelevel-is-se.patch +++ b/debian/patches/features/all/securelevel/restrict-dev-mem-and-dev-kmem-when-securelevel-is-se.patch @@ -8,15 +8,14 @@ modification of the kernel at runtime. Prevent this if securelevel has been set. Signed-off-by: Matthew Garrett +[bwh: Forward-ported to 4.9: adjust context] --- drivers/char/mem.c | 6 ++++++ 1 file changed, 6 insertions(+) -diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index cef0d40a3d74..c810f1e15c73 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c -@@ -167,6 +167,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf, +@@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *fi if (p != *ppos) return -EFBIG; @@ -26,13 +25,13 @@ index cef0d40a3d74..c810f1e15c73 100644 if (!valid_phys_addr_range(p, count)) return -EFAULT; -@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf, +@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *f char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ int err = 0; + if (get_securelevel() > 0) + return -EPERM; + - if (p < (unsigned long) high_memory) { - unsigned long to_write = min_t(unsigned long, count, - (unsigned long)high_memory - p); + if (!pfn_valid(PFN_DOWN(p))) + return -EIO; + diff --git a/debian/patches/features/arm/arm-dts-imx53-add-support-for-usb-armory-board.patch b/debian/patches/features/arm/arm-dts-imx53-add-support-for-usb-armory-board.patch deleted file mode 100644 index dc5cf39bb..000000000 --- a/debian/patches/features/arm/arm-dts-imx53-add-support-for-usb-armory-board.patch +++ /dev/null @@ -1,262 +0,0 @@ -From: Andrej Rosano -Date: Mon, 5 Sep 2016 12:11:17 +0200 -Subject: ARM: dts: imx53: add support for USB armory board -Origin: https://git.kernel.org/linus/17028ca2a5030a2e97f87b3290f814ba860480c0 -Bug-Debian: https://bugs.debian.org/840137 - -Add support for Inverse Path USB armory board, an open source -flash-drive sized computer based on NXP i.MX53 SoC. - -https://inversepath.com/usbarmory - -Signed-off-by: Andrej Rosano -Tested-by: Vagrant Cascadian -Signed-off-by: Shawn Guo ---- - arch/arm/boot/dts/Makefile | 1 + - arch/arm/boot/dts/imx53-usbarmory.dts | 224 ++++++++++++++++++++++++++++++++++ - 2 files changed, 225 insertions(+) - create mode 100644 arch/arm/boot/dts/imx53-usbarmory.dts - -diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile -index 5dcc2394fbad..f79cac25afa8 100644 ---- a/arch/arm/boot/dts/Makefile -+++ b/arch/arm/boot/dts/Makefile -@@ -315,6 +315,7 @@ dtb-$(CONFIG_SOC_IMX53) += \ - imx53-smd.dtb \ - imx53-tx53-x03x.dtb \ - imx53-tx53-x13x.dtb \ -+ imx53-usbarmory.dtb \ - imx53-voipac-bsb.dtb - dtb-$(CONFIG_SOC_IMX6Q) += \ - imx6dl-apf6dev.dtb \ -diff --git a/arch/arm/boot/dts/imx53-usbarmory.dts b/arch/arm/boot/dts/imx53-usbarmory.dts -new file mode 100644 -index 000000000000..6782d7fc5961 ---- /dev/null -+++ b/arch/arm/boot/dts/imx53-usbarmory.dts -@@ -0,0 +1,224 @@ -+/* -+ * USB armory MkI device tree file -+ * https://inversepath.com/usbarmory -+ * -+ * Copyright (C) 2015, Inverse Path -+ * Andrej Rosano -+ * -+ * This file is dual-licensed: you can use it either under the terms -+ * of the GPL or the X11 license, at your option. Note that this dual -+ * licensing only applies to this file, and not this project as a -+ * whole. -+ * -+ * a) This file is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License as -+ * published by the Free Software Foundation; either version 2 of the -+ * License, or (at your option) any later version. -+ * -+ * This file is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * Or, alternatively, -+ * -+ * b) Permission is hereby granted, free of charge, to any person -+ * obtaining a copy of this software and associated documentation -+ * files (the "Software"), to deal in the Software without -+ * restriction, including without limitation the rights to use, -+ * copy, modify, merge, publish, distribute, sublicense, and/or -+ * sell copies of the Software, and to permit persons to whom the -+ * Software is furnished to do so, subject to the following -+ * conditions: -+ * -+ * The above copyright notice and this permission notice shall be -+ * included in all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES -+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT -+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, -+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -+ * OTHER DEALINGS IN THE SOFTWARE. -+ */ -+ -+/dts-v1/; -+#include "imx53.dtsi" -+ -+/ { -+ model = "Inverse Path USB armory"; -+ compatible = "inversepath,imx53-usbarmory", "fsl,imx53"; -+}; -+ -+/ { -+ chosen { -+ stdout-path = &uart1; -+ }; -+ -+ memory { -+ reg = <0x70000000 0x20000000>; -+ }; -+ -+ leds { -+ compatible = "gpio-leds"; -+ pinctrl-names = "default"; -+ pinctrl-0 = <&pinctrl_led>; -+ -+ user { -+ label = "LED"; -+ gpios = <&gpio4 27 GPIO_ACTIVE_LOW>; -+ linux,default-trigger = "heartbeat"; -+ }; -+ }; -+}; -+ -+/* -+ * Not every i.MX53 P/N supports clock > 800MHz. -+ * As USB armory does not mount a specific P/N set a safe clock upper limit. -+ */ -+&cpu0 { -+ operating-points = < -+ /* kHz */ -+ 166666 850000 -+ 400000 900000 -+ 800000 1050000 -+ >; -+}; -+ -+&esdhc1 { -+ pinctrl-names = "default"; -+ pinctrl-0 = <&pinctrl_esdhc1>; -+ status = "okay"; -+}; -+ -+&iomuxc { -+ pinctrl_esdhc1: esdhc1grp { -+ fsl,pins = < -+ MX53_PAD_SD1_DATA0__ESDHC1_DAT0 0x1d5 -+ MX53_PAD_SD1_DATA1__ESDHC1_DAT1 0x1d5 -+ MX53_PAD_SD1_DATA2__ESDHC1_DAT2 0x1d5 -+ MX53_PAD_SD1_DATA3__ESDHC1_DAT3 0x1d5 -+ MX53_PAD_SD1_CMD__ESDHC1_CMD 0x1d5 -+ MX53_PAD_SD1_CLK__ESDHC1_CLK 0x1d5 -+ >; -+ }; -+ -+ pinctrl_i2c1_pmic: i2c1grp { -+ fsl,pins = < -+ MX53_PAD_EIM_D21__I2C1_SCL 0x80 -+ MX53_PAD_EIM_D28__I2C1_SDA 0x80 -+ >; -+ }; -+ -+ pinctrl_led: ledgrp { -+ fsl,pins = < -+ MX53_PAD_DISP0_DAT6__GPIO4_27 0x1e4 -+ >; -+ }; -+ -+ /* -+ * UART mode pin header configration -+ * 3 - GPIO5[26], pull-down 100K -+ * 4 - GPIO5[27], pull-down 100K -+ * 5 - TX, pull-up 100K -+ * 6 - RX, pull-up 100K -+ * 7 - GPIO5[30], pull-down 100K -+ */ -+ pinctrl_uart1: uart1grp { -+ fsl,pins = < -+ MX53_PAD_CSI0_DAT8__GPIO5_26 0xc0 -+ MX53_PAD_CSI0_DAT9__GPIO5_27 0xc0 -+ MX53_PAD_CSI0_DAT10__UART1_TXD_MUX 0x1e4 -+ MX53_PAD_CSI0_DAT11__UART1_RXD_MUX 0x1e4 -+ MX53_PAD_CSI0_DAT12__GPIO5_30 0xc0 -+ >; -+ }; -+}; -+ -+&i2c1 { -+ pinctrl-0 = <&pinctrl_i2c1_pmic>; -+ status = "okay"; -+ -+ ltc3589: pmic@34 { -+ compatible = "lltc,ltc3589-2"; -+ reg = <0x34>; -+ -+ regulators { -+ sw1_reg: sw1 { -+ regulator-min-microvolt = <591930>; -+ regulator-max-microvolt = <1224671>; -+ lltc,fb-voltage-divider = <100000 158000>; -+ regulator-ramp-delay = <7000>; -+ regulator-boot-on; -+ regulator-always-on; -+ }; -+ -+ sw2_reg: sw2 { -+ regulator-min-microvolt = <704123>; -+ regulator-max-microvolt = <1456803>; -+ lltc,fb-voltage-divider = <180000 191000>; -+ regulator-ramp-delay = <7000>; -+ regulator-boot-on; -+ regulator-always-on; -+ }; -+ -+ sw3_reg: sw3 { -+ regulator-min-microvolt = <1341250>; -+ regulator-max-microvolt = <2775000>; -+ lltc,fb-voltage-divider = <270000 100000>; -+ regulator-ramp-delay = <7000>; -+ regulator-boot-on; -+ regulator-always-on; -+ }; -+ -+ bb_out_reg: bb-out { -+ regulator-min-microvolt = <3387341>; -+ regulator-max-microvolt = <3387341>; -+ lltc,fb-voltage-divider = <511000 158000>; -+ regulator-boot-on; -+ regulator-always-on; -+ }; -+ -+ ldo1_reg: ldo1 { -+ regulator-min-microvolt = <1306329>; -+ regulator-max-microvolt = <1306329>; -+ lltc,fb-voltage-divider = <100000 158000>; -+ regulator-boot-on; -+ regulator-always-on; -+ }; -+ -+ ldo2_reg: ldo2 { -+ regulator-min-microvolt = <704123>; -+ regulator-max-microvolt = <1456806>; -+ lltc,fb-voltage-divider = <180000 191000>; -+ regulator-ramp-delay = <7000>; -+ regulator-boot-on; -+ regulator-always-on; -+ }; -+ -+ ldo3_reg: ldo3 { -+ regulator-min-microvolt = <2800000>; -+ regulator-max-microvolt = <2800000>; -+ regulator-boot-on; -+ }; -+ -+ ldo4_reg: ldo4 { -+ regulator-min-microvolt = <1200000>; -+ regulator-max-microvolt = <3200000>; -+ }; -+ }; -+ }; -+}; -+ -+&uart1 { -+ pinctrl-names = "default"; -+ pinctrl-0 = <&pinctrl_uart1>; -+ status = "okay"; -+}; -+ -+&usbotg { -+ dr_mode = "peripheral"; -+ status = "okay"; -+}; diff --git a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch index 755dda35c..d606fbfc6 100644 --- a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch +++ b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch @@ -28,7 +28,7 @@ Signed-off-by: Ben Hutchings --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -3877,6 +3877,10 @@ bytes respectively. Such letter suffixes +@@ -4005,6 +4005,10 @@ bytes respectively. Such letter suffixes switches= [HW,M68k] @@ -41,7 +41,7 @@ Signed-off-by: Ben Hutchings on older distributions. When this option is enabled --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -2665,6 +2665,14 @@ config X86_X32 +@@ -2721,6 +2721,14 @@ config X86_X32 elf32_x86_64 support enabled to compile a kernel with this option set. @@ -77,7 +77,7 @@ Signed-off-by: Ben Hutchings # error "The following code assumes __USER32_DS == __USER_DS" --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S -@@ -193,8 +193,12 @@ entry_SYSCALL_64_fastpath: +@@ -195,8 +195,12 @@ entry_SYSCALL_64_fastpath: #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max, %rax #else @@ -92,7 +92,7 @@ Signed-off-by: Ben Hutchings #endif ja 1f /* return -ENOSYS (already in pt_regs->ax) */ movq %r10, %rcx -@@ -324,6 +328,16 @@ opportunistic_sysret_failed: +@@ -331,6 +335,16 @@ opportunistic_sysret_failed: jmp restore_c_regs_and_iret END(entry_SYSCALL_64) @@ -165,15 +165,15 @@ Signed-off-by: Ben Hutchings +#endif --- a/arch/x86/entry/common.c +++ b/arch/x86/entry/common.c -@@ -334,6 +334,7 @@ __visible void do_syscall_64(struct pt_r +@@ -264,6 +264,7 @@ __visible void do_syscall_64(struct pt_r { - struct thread_info *ti = pt_regs_to_thread_info(regs); + struct thread_info *ti = current_thread_info(); unsigned long nr = regs->orig_ax; + unsigned int syscall_mask, nr_syscalls_enabled; enter_from_user_mode(); local_irq_enable(); -@@ -346,8 +347,19 @@ __visible void do_syscall_64(struct pt_r +@@ -276,8 +277,19 @@ __visible void do_syscall_64(struct pt_r * table. The only functional difference is the x32 bit in * regs->orig_ax, which changes the behavior of some syscalls. */ diff --git a/debian/patches/series b/debian/patches/series index a1f66d422..de5129d79 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -54,7 +54,6 @@ features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch features/mips/MIPS-octeon-Add-support-for-the-UBNT-E200-board.patch features/x86/x86-memtest-WARN-if-bad-RAM-found.patch features/x86/x86-make-x32-syscall-support-conditional.patch -features/arm/arm-dts-imx53-add-support-for-usb-armory-board.patch # Miscellaneous bug fixes bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch @@ -95,7 +94,6 @@ features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.pa bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch debian/i386-686-pae-pci-set-pci-nobios-by-default.patch bugfix/all/net-add-recursion-limit-to-gro.patch -bugfix/all/posix_acl-clear-sgid-bit-when-setting-file-permissio.patch bugfix/all/KEYS-Fix-short-sprintf-buffer-in-proc-keys-show-func.patch # ABI maintenance