Release linux (4.5.5-1).
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUAV0te3Oe/yOyVhhEJAQodqBAAjpkEuBm2kSlQD1y8qeb/+1+CxJPcqIH1 DHTyMpFHQvX5VT+vCX83WhiWncMz85z7f0wcElpNaZ/3ExOQzbmrIwsucgXRXVUS txKxHaQQv8uU1m8dgxqjOWP80+IT71H9rBcitfrRqyzLiEhC1mPOfvxjtGTOJWw+ Lohie5WPMMsfrahQGw4srPMcpVRwVKuX5N+azgk6rg8VA7rxyxQaMZRg3rr+N7Aw btwVC5vyL8K5Be0LnveR/PdOosaUU6XzyT7kNT0fLSO9H4bWenielHaduSDI5iU4 WcPRhymrHv0dBDvbyw8vkJMDd+/1x9gWk4/DHFQNw1miaUx87N+vKyC4rZ7Lqc2d 4n/hpq3HjPBZqC07Q0mddeTy7OoN4obYSXTipIu9rWBsTJtcxxwSUVg86+xo03Zg bb0VoEudp9JZGBMLS8PjBJ66d+/p7Q47YnKV7ZwNKyLwRq4AMo65L7PeUJflNHvj UmJrOG/6AJ6bi+eXrWDbwAA8mrwdPPKu+QzBSQ9c6hm4CFmgkgWTH/oA2iPsp7AX iqcPgKp6XA8YLXpiDeCqvMV5cSkGD67cpIcgTB0CrH7KILXD61cP8QEl7eaWiBMW MW9IPDeEBEmEN3ST2tg1H7udEzzpEZXHg4NZ5gOZ7lMZphbILrapJYuUf3PDdZKL Ccz9YH5eSuE= =gSlx -----END PGP SIGNATURE----- Merge tag 'debian/4.5.5-1'
This commit is contained in:
commit
6976b08b12
|
@ -91,6 +91,121 @@ linux (4.6~rc3-1~exp1) experimental; urgency=medium
|
|||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Thu, 14 Apr 2016 23:55:15 +0100
|
||||
|
||||
linux (4.5.5-1) unstable; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
|
||||
- decnet: Do not build routes to devices without decnet private data.
|
||||
- route: do not cache fib route info on local routes with oif
|
||||
- packet: fix heap info leak in PACKET_DIAG_MCLIST sock_diag interface
|
||||
- net: sched: do not requeue a NULL skb
|
||||
- bpf/verifier: reject invalid LD_ABS | BPF_DW instruction
|
||||
- cdc_mbim: apply "NDP to end" quirk to all Huawei devices
|
||||
- soreuseport: fix ordering for mixed v4/v6 sockets
|
||||
- net: use skb_postpush_rcsum instead of own implementations
|
||||
- vlan: pull on __vlan_insert_tag error path and fix csum correction
|
||||
- openvswitch: Orphan skbs before IPv6 defrag
|
||||
- openvswitch: use flow protocol when recalculating ipv6 checksums
|
||||
- net/mlx5_core: Fix soft lockup in steering error flow
|
||||
- net/mlx5e: Device's mtu field is u16 and not int
|
||||
- net/mlx5e: Fix minimum MTU
|
||||
- net/mlx5e: Use vport MTU rather than physical port MTU
|
||||
- ipv4/fib: don't warn when primary address is missing if in_dev is dead
|
||||
- net/mlx4_en: fix spurious timestamping callbacks
|
||||
- net: Implement net_dbg_ratelimited() for CONFIG_DYNAMIC_DEBUG case
|
||||
- gre: do not pull header in ICMP error processing
|
||||
- net_sched: introduce qdisc_replace() helper
|
||||
- net_sched: update hierarchical backlog too
|
||||
- sch_htb: update backlog as well
|
||||
- sch_dsmark: update backlog as well
|
||||
- netem: Segment GSO packets on enqueue
|
||||
- ipv6/ila: fix nlsize calculation for lwtunnel
|
||||
- net/mlx4_en: Fix endianness bug in IPV6 csum calculation
|
||||
- [x86] VSOCK: do not disconnect socket when peer has shutdown SEND only
|
||||
- net: bridge: fix old ioctl unlocked net device walk
|
||||
- bridge: fix igmp / mld query parsing
|
||||
- net: fix a kernel infoleak in x25 module (CVE-2016-4580)
|
||||
- net: thunderx: avoid exposing kernel stack
|
||||
- tcp: refresh skb timestamp at retransmit time
|
||||
- net/route: enforce hoplimit max value
|
||||
- ocfs2: revert using ocfs2_acl_chmod to avoid inode cluster lock hang
|
||||
- ocfs2: fix posix_acl_create deadlock
|
||||
- zsmalloc: fix zs_can_compact() integer overflow
|
||||
- mm: thp: calculate the mapcount correctly for THP pages during WP faults
|
||||
- [x86] crypto: qat - fix invalid pf2vf_resp_wq logic
|
||||
- crypto: testmgr - Use kmalloc memory for RSA input
|
||||
- ALSA: usb-audio: Quirk for yet another Phoenix Audio devices (v2)
|
||||
- ALSA: usb-audio: Yet another Phoneix Audio device quirk
|
||||
- ALSA: hda - Fix subwoofer pin on ASUS N751 and N551
|
||||
- ALSA: hda - Fix white noise on Asus UX501VW headset
|
||||
- ALSA: hda - Fix broken reconfig
|
||||
- [armhf] spi: spi-ti-qspi: Fix FLEN and WLEN settings if bits_per_word is
|
||||
overridden
|
||||
- [armhf] spi: spi-ti-qspi: Handle truncated frames properly
|
||||
- perf diff: Fix duplicated output column
|
||||
- perf/core: Disable the event on a truncated AUX record
|
||||
- vfs: rename: check backing inode being equal
|
||||
- workqueue: fix rebind bound workers warning
|
||||
- [armhf] regulator: s2mps11: Fix invalid selector mask and voltages
|
||||
for buck9
|
||||
- [armhf] regulator: axp20x: Fix axp22x ldo_io voltage ranges
|
||||
- atomic_open(): fix the handling of create_error
|
||||
- qla1280: Don't allocate 512kb of host tags
|
||||
- tools lib traceevent: Do not reassign parg after collapse_tree()
|
||||
- [x86] drm/i915: Update CDCLK_FREQ register on BDW after changing cdclk
|
||||
frequency
|
||||
- drm/radeon: fix PLL sharing on DCE6.1 (v2)
|
||||
- [x86] drm/i915: Bail out of pipe config compute loop on LPT
|
||||
- [x86] Revert "drm/i915: start adding dp mst audio"
|
||||
- [x86] drm/i915/bdw: Add missing delay during L3 SQC credit programming
|
||||
- drm/radeon: fix DP link training issue with second 4K monitor
|
||||
- drm/radeon: fix DP mode validation
|
||||
- [x86] drm/amdgpu: fix DP mode validation
|
||||
- btrfs: reada: Fix in-segment calculation for reada
|
||||
- Btrfs: fix truncate_space_check
|
||||
- btrfs: remove error message from search ioctl for nonexistent tree
|
||||
- btrfs: change max_inline default to 2048
|
||||
- Btrfs: fix unreplayable log after snapshot delete + parent dir fsync
|
||||
- Btrfs: fix file loss on log replay after renaming a file and fsync
|
||||
- Btrfs: fix extent_same allowing destination offset beyond i_size
|
||||
- Btrfs: fix deadlock between direct IO reads and buffered writes
|
||||
- Btrfs: fix race when checking if we can skip fsync'ing an inode
|
||||
- Btrfs: do not collect ordered extents when logging that inode exists
|
||||
- btrfs: csum_tree_block: return proper errno value
|
||||
- btrfs: do not write corrupted metadata blocks to disk
|
||||
- Btrfs: fix invalid reference in replace_path
|
||||
- btrfs: handle non-fatal errors in btrfs_qgroup_inherit()
|
||||
- btrfs: fallback to vmalloc in btrfs_compare_tree
|
||||
- Btrfs: don't use src fd for printk
|
||||
- btrfs: Reset IO error counters before start of device replacing
|
||||
|
||||
[ Salvatore Bonaccorso ]
|
||||
* tipc: check nl sock before parsing nested attributes (CVE-2016-4951)
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* aufs: Update support patches to aufs4.5-20160523
|
||||
- mmap: Fix use-after-free in remap_file_pages(2)
|
||||
* Revert "stmmac: Fix 'eth0: No PHY found' regression" (Closes: #823493)
|
||||
* [x86] kvm:vmx: more complete state update on APICv on/off (CVE-2016-4440)
|
||||
* USB: usbfs: fix potential infoleak in devio (CVE-2016-4482)
|
||||
* ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (CVE-2016-4569)
|
||||
* ALSA: timer: Fix leak in events via snd_timer_user_ccallback or
|
||||
snd_timer_user_tinterrupt (CVE-2016-4578)
|
||||
* dwc3-exynos: Fix deferred probing storm (Closes: #823552; thanks to
|
||||
Steinar H. Gunderson)
|
||||
* Re-apply "[media] videobuf2-v4l2: Verify planes array in buffer dequeueing",
|
||||
reverted upstream in 4.5.5
|
||||
|
||||
[ Roger Shimizu ]
|
||||
* [armhf] Enable SENSORS_PWM_FAN / PWM_SAMSUNG as module, as recommended by
|
||||
Steinar H. Gunderson. (Closes: #824941)
|
||||
* [armhf] For Odroid-U3 (Exynos4) support, enable ARCH_EXYNOS4 / MFD_MAX77686
|
||||
/ RTC_DRV_MAX77686 as built-in, and COMMON_CLK_MAX77686
|
||||
/ REGULATOR_MAX77686 / MMC_SDHCI_S3C as module. Thanks to
|
||||
Vagrant Cascadian. (Closes: #825139)
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Sun, 29 May 2016 22:21:11 +0100
|
||||
|
||||
linux (4.5.4-1) unstable; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
|
|
|
@ -47,7 +47,7 @@ CONFIG_ARCH_BCM2835=y
|
|||
##
|
||||
CONFIG_ARCH_EXYNOS=y
|
||||
# CONFIG_ARCH_EXYNOS3 is not set
|
||||
# CONFIG_ARCH_EXYNOS4 is not set
|
||||
CONFIG_ARCH_EXYNOS4=y
|
||||
CONFIG_ARCH_EXYNOS5=y
|
||||
CONFIG_EXYNOS5420_MCPM=y
|
||||
|
||||
|
@ -176,6 +176,7 @@ CONFIG_HW_RANDOM_OMAP=m
|
|||
##
|
||||
## file: drivers/clk/Kconfig
|
||||
##
|
||||
CONFIG_COMMON_CLK_MAX77686=m
|
||||
CONFIG_COMMON_CLK_S2MPS11=m
|
||||
CONFIG_CLK_TWL6040=m
|
||||
|
||||
|
@ -362,6 +363,7 @@ CONFIG_OMAP_SSI=m
|
|||
##
|
||||
CONFIG_SENSORS_G762=m
|
||||
CONFIG_SENSORS_GPIO_FAN=m
|
||||
CONFIG_SENSORS_PWM_FAN=m
|
||||
|
||||
##
|
||||
## file: drivers/hwspinlock/Kconfig
|
||||
|
@ -532,6 +534,7 @@ CONFIG_MFD_AS3722=y
|
|||
CONFIG_MFD_AXP20X_I2C=y
|
||||
CONFIG_MFD_DA9052_SPI=y
|
||||
CONFIG_MFD_DA9052_I2C=y
|
||||
CONFIG_MFD_MAX77686=y
|
||||
CONFIG_MFD_MC13XXX_SPI=m
|
||||
CONFIG_MFD_MC13XXX_I2C=m
|
||||
CONFIG_MFD_SEC_CORE=y
|
||||
|
@ -565,6 +568,7 @@ CONFIG_MMC_SDHCI_ESDHC_IMX=m
|
|||
CONFIG_MMC_SDHCI_TEGRA=m
|
||||
CONFIG_MMC_SDHCI_PXAV3=m
|
||||
CONFIG_MMC_SDHCI_BCM2835=m
|
||||
CONFIG_MMC_SDHCI_S3C=m
|
||||
CONFIG_MMC_OMAP=m
|
||||
CONFIG_MMC_OMAP_HS=m
|
||||
CONFIG_MMC_MVSDIO=m
|
||||
|
@ -854,6 +858,7 @@ CONFIG_PWM=y
|
|||
CONFIG_PWM_BCM2835=m
|
||||
CONFIG_PWM_IMX=m
|
||||
CONFIG_PWM_ROCKCHIP=m
|
||||
CONFIG_PWM_SAMSUNG=m
|
||||
CONFIG_PWM_SUN4I=m
|
||||
CONFIG_PWM_TEGRA=m
|
||||
CONFIG_PWM_TIECAP=m
|
||||
|
@ -873,6 +878,7 @@ CONFIG_REGULATOR_AXP20X=m
|
|||
CONFIG_REGULATOR_DA9052=m
|
||||
CONFIG_REGULATOR_FAN53555=m
|
||||
CONFIG_REGULATOR_GPIO=m
|
||||
CONFIG_REGULATOR_MAX77686=m
|
||||
CONFIG_REGULATOR_MC13783=m
|
||||
CONFIG_REGULATOR_MC13892=m
|
||||
CONFIG_REGULATOR_PALMAS=y
|
||||
|
@ -901,6 +907,7 @@ CONFIG_RTC_DRV_DA9052=y
|
|||
CONFIG_RTC_DRV_EFI=y
|
||||
CONFIG_RTC_DRV_IMXDI=y
|
||||
CONFIG_RTC_DRV_OMAP=y
|
||||
CONFIG_RTC_DRV_MAX77686=y
|
||||
CONFIG_RTC_DRV_PL030=y
|
||||
CONFIG_RTC_DRV_PL031=y
|
||||
CONFIG_RTC_DRV_VT8500=y
|
||||
|
|
28
debian/patches/bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_cca.patch
vendored
Normal file
28
debian/patches/bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_cca.patch
vendored
Normal file
|
@ -0,0 +1,28 @@
|
|||
From: Kangjie Lu <kangjielu@gmail.com>
|
||||
Date: Tue, 3 May 2016 16:44:20 -0400
|
||||
Subject: [1/2] ALSA: timer: Fix leak in events via snd_timer_user_ccallback
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Origin: https://git.kernel.org/linus/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
|
||||
|
||||
The stack object “r1” has a total size of 32 bytes. Its field
|
||||
“event” and “val” both contain 4 bytes padding. These 8 bytes
|
||||
padding bytes are sent to user without being initialized.
|
||||
|
||||
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
|
||||
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
||||
---
|
||||
sound/core/timer.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
--- a/sound/core/timer.c
|
||||
+++ b/sound/core/timer.c
|
||||
@@ -1247,6 +1247,7 @@ static void snd_timer_user_ccallback(str
|
||||
tu->tstamp = *tstamp;
|
||||
if ((tu->filter & (1 << event)) == 0 || !tu->tread)
|
||||
return;
|
||||
+ memset(&r1, 0, sizeof(r1));
|
||||
r1.event = event;
|
||||
r1.tstamp = *tstamp;
|
||||
r1.val = resolution;
|
28
debian/patches/bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_tin.patch
vendored
Normal file
28
debian/patches/bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_tin.patch
vendored
Normal file
|
@ -0,0 +1,28 @@
|
|||
From: Kangjie Lu <kangjielu@gmail.com>
|
||||
Date: Tue, 3 May 2016 16:44:32 -0400
|
||||
Subject: [2/2] ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Origin: https://git.kernel.org/linus/e4ec8cc8039a7063e24204299b462bd1383184a5
|
||||
|
||||
The stack object “r1” has a total size of 32 bytes. Its field
|
||||
“event” and “val” both contain 4 bytes padding. These 8 bytes
|
||||
padding bytes are sent to user without being initialized.
|
||||
|
||||
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
|
||||
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
||||
---
|
||||
sound/core/timer.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
--- a/sound/core/timer.c
|
||||
+++ b/sound/core/timer.c
|
||||
@@ -1290,6 +1290,7 @@ static void snd_timer_user_tinterrupt(st
|
||||
}
|
||||
if ((tu->filter & (1 << SNDRV_TIMER_EVENT_RESOLUTION)) &&
|
||||
tu->last_resolution != resolution) {
|
||||
+ memset(&r1, 0, sizeof(r1));
|
||||
r1.event = SNDRV_TIMER_EVENT_RESOLUTION;
|
||||
r1.tstamp = tstamp;
|
||||
r1.val = resolution;
|
28
debian/patches/bugfix/all/alsa-timer-fix-leak-in-sndrv_timer_ioctl_params.patch
vendored
Normal file
28
debian/patches/bugfix/all/alsa-timer-fix-leak-in-sndrv_timer_ioctl_params.patch
vendored
Normal file
|
@ -0,0 +1,28 @@
|
|||
From: Kangjie Lu <kangjielu@gmail.com>
|
||||
Date: Tue, 3 May 2016 16:44:07 -0400
|
||||
Subject: ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Origin: https://git.kernel.org/linus/cec8f96e49d9be372fdb0c3836dcf31ec71e457e
|
||||
|
||||
The stack object “tread” has a total size of 32 bytes. Its field
|
||||
“event” and “val” both contain 4 bytes padding. These 8 bytes
|
||||
padding bytes are sent to user without being initialized.
|
||||
|
||||
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
|
||||
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
||||
---
|
||||
sound/core/timer.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
--- a/sound/core/timer.c
|
||||
+++ b/sound/core/timer.c
|
||||
@@ -1755,6 +1755,7 @@ static int snd_timer_user_params(struct
|
||||
if (tu->timeri->flags & SNDRV_TIMER_IFLG_EARLY_EVENT) {
|
||||
if (tu->tread) {
|
||||
struct snd_timer_tread tread;
|
||||
+ memset(&tread, 0, sizeof(tread));
|
||||
tread.event = SNDRV_TIMER_EVENT_EARLY;
|
||||
tread.tstamp.tv_sec = 0;
|
||||
tread.tstamp.tv_nsec = 0;
|
36
debian/patches/bugfix/all/tipc-check-nl-sock-before-parsing-nested-attributes.patch
vendored
Normal file
36
debian/patches/bugfix/all/tipc-check-nl-sock-before-parsing-nested-attributes.patch
vendored
Normal file
|
@ -0,0 +1,36 @@
|
|||
From: Richard Alpe <richard.alpe@ericsson.com>
|
||||
Date: Mon, 16 May 2016 11:14:54 +0200
|
||||
Subject: tipc: check nl sock before parsing nested attributes
|
||||
Origin: https://git.kernel.org/linus/45e093ae2830cd1264677d47ff9a95a71f5d9f9c
|
||||
|
||||
Make sure the socket for which the user is listing publication exists
|
||||
before parsing the socket netlink attributes.
|
||||
|
||||
Prior to this patch a call without any socket caused a NULL pointer
|
||||
dereference in tipc_nl_publ_dump().
|
||||
|
||||
Tested-and-reported-by: Baozeng Ding <sploving1@gmail.com>
|
||||
Signed-off-by: Richard Alpe <richard.alpe@ericsson.com>
|
||||
Acked-by: Jon Maloy <jon.maloy@ericsson.cm>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/tipc/socket.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
|
||||
index 1262889..3b7a799 100644
|
||||
--- a/net/tipc/socket.c
|
||||
+++ b/net/tipc/socket.c
|
||||
@@ -2853,6 +2853,9 @@ int tipc_nl_publ_dump(struct sk_buff *skb, struct netlink_callback *cb)
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
+ if (!attrs[TIPC_NLA_SOCK])
|
||||
+ return -EINVAL;
|
||||
+
|
||||
err = nla_parse_nested(sock, TIPC_NLA_SOCK_MAX,
|
||||
attrs[TIPC_NLA_SOCK],
|
||||
tipc_nl_sock_policy);
|
||||
--
|
||||
2.8.1
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
From: Kangjie Lu <kangjielu@gmail.com>
|
||||
Date: Tue, 3 May 2016 16:32:16 -0400
|
||||
Subject: USB: usbfs: fix potential infoleak in devio
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Origin: https://git.kernel.org/linus/681fef8380eb818c0b845fca5d2ab1dcbab114ee
|
||||
|
||||
The stack object “ci” has a total size of 8 bytes. Its last 3 bytes
|
||||
are padding bytes which are not initialized and leaked to userland
|
||||
via “copy_to_user”.
|
||||
|
||||
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
|
||||
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||
---
|
||||
drivers/usb/core/devio.c | 9 +++++----
|
||||
1 file changed, 5 insertions(+), 4 deletions(-)
|
||||
|
||||
--- a/drivers/usb/core/devio.c
|
||||
+++ b/drivers/usb/core/devio.c
|
||||
@@ -1186,10 +1186,11 @@ static int proc_getdriver(struct usb_dev
|
||||
|
||||
static int proc_connectinfo(struct usb_dev_state *ps, void __user *arg)
|
||||
{
|
||||
- struct usbdevfs_connectinfo ci = {
|
||||
- .devnum = ps->dev->devnum,
|
||||
- .slow = ps->dev->speed == USB_SPEED_LOW
|
||||
- };
|
||||
+ struct usbdevfs_connectinfo ci;
|
||||
+
|
||||
+ memset(&ci, 0, sizeof(ci));
|
||||
+ ci.devnum = ps->dev->devnum;
|
||||
+ ci.slow = ps->dev->speed == USB_SPEED_LOW;
|
||||
|
||||
if (copy_to_user(arg, &ci, sizeof(ci)))
|
||||
return -EFAULT;
|
|
@ -0,0 +1,81 @@
|
|||
From: "Steinar H. Gunderson" <sesse@google.com>
|
||||
Date: Tue, 24 May 2016 20:13:15 +0200
|
||||
Forwarded: http://mid.gmane.org/E1b6Hj3-0001MI-AS@pannekake.samfundet.no
|
||||
Subject: dwc3-exynos: Fix deferred probing storm.
|
||||
Bug-Debian: https://bugs.debian.org/823552
|
||||
|
||||
dwc3-exynos has two problems during init if the regulators are slow
|
||||
to come up (for instance if the I2C bus driver is not on the initramfs)
|
||||
and return probe deferral. First, every time this happens, the driver
|
||||
leaks the USB phys created; they need to be deallocated on error.
|
||||
|
||||
Second, since the phy devices are created before the regulators fail,
|
||||
this means that there's a new device to re-trigger deferred probing,
|
||||
which causes it to essentially go into a busy loop of re-probing the
|
||||
device until the regulators come up.
|
||||
|
||||
Move the phy creation to after the regulators have succeeded, and also
|
||||
fix cleanup on failure. On my ODROID XU4 system (with Debian's initramfs
|
||||
which doesn't contain the I2C driver), this reduces the number of probe
|
||||
attempts (for each of the two controllers) from more than 2000 to eight.
|
||||
|
||||
Signed-off-by: Steinar H. Gunderson <sesse@google.com>
|
||||
Reviewed-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
|
||||
Reviewed-by: Vivek Gautam <gautam.vivek@samsung.com>
|
||||
Fixes: d720f057fda4 ("usb: dwc3: exynos: add nop transceiver support")
|
||||
Cc: <stable@vger.kernel.org>
|
||||
---
|
||||
drivers/usb/dwc3/dwc3-exynos.c | 19 +++++++++++--------
|
||||
1 file changed, 11 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/drivers/usb/dwc3/dwc3-exynos.c b/drivers/usb/dwc3/dwc3-exynos.c
|
||||
index dd5cb55..2f1fb7e 100644
|
||||
--- a/drivers/usb/dwc3/dwc3-exynos.c
|
||||
+++ b/drivers/usb/dwc3/dwc3-exynos.c
|
||||
@@ -128,12 +128,6 @@ static int dwc3_exynos_probe(struct platform_device *pdev)
|
||||
|
||||
platform_set_drvdata(pdev, exynos);
|
||||
|
||||
- ret = dwc3_exynos_register_phys(exynos);
|
||||
- if (ret) {
|
||||
- dev_err(dev, "couldn't register PHYs\n");
|
||||
- return ret;
|
||||
- }
|
||||
-
|
||||
exynos->dev = dev;
|
||||
|
||||
exynos->clk = devm_clk_get(dev, "usbdrd30");
|
||||
@@ -183,20 +177,29 @@ static int dwc3_exynos_probe(struct platform_device *pdev)
|
||||
goto err3;
|
||||
}
|
||||
|
||||
+ ret = dwc3_exynos_register_phys(exynos);
|
||||
+ if (ret) {
|
||||
+ dev_err(dev, "couldn't register PHYs\n");
|
||||
+ goto err4;
|
||||
+ }
|
||||
+
|
||||
if (node) {
|
||||
ret = of_platform_populate(node, NULL, NULL, dev);
|
||||
if (ret) {
|
||||
dev_err(dev, "failed to add dwc3 core\n");
|
||||
- goto err4;
|
||||
+ goto err5;
|
||||
}
|
||||
} else {
|
||||
dev_err(dev, "no device node, failed to add dwc3 core\n");
|
||||
ret = -ENODEV;
|
||||
- goto err4;
|
||||
+ goto err5;
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
+err5:
|
||||
+ platform_device_unregister(exynos->usb2_phy);
|
||||
+ platform_device_unregister(exynos->usb3_phy);
|
||||
err4:
|
||||
regulator_disable(exynos->vdd10);
|
||||
err3:
|
||||
|
||||
|
101
debian/patches/bugfix/x86/kvm-vmx-more-complete-state-update-on-apicv-on-off.patch
vendored
Normal file
101
debian/patches/bugfix/x86/kvm-vmx-more-complete-state-update-on-apicv-on-off.patch
vendored
Normal file
|
@ -0,0 +1,101 @@
|
|||
From: Roman Kagan <rkagan@virtuozzo.com>
|
||||
Subject: kvm:vmx: more complete state update on APICv on/off
|
||||
Date: Wed, 18 May 2016 17:48:20 +0300
|
||||
Origin: http://article.gmane.org/gmane.comp.emulators.kvm.devel/152191
|
||||
|
||||
The function to update APICv on/off state (in particular, to deactivate
|
||||
it when enabling Hyper-V SynIC), used to be incomplete: it didn't adjust
|
||||
APICv-related fields among secondary processor-based VM-execution
|
||||
controls.
|
||||
|
||||
As a result, Windows 2012 guests would get stuck when SynIC-based
|
||||
auto-EOI interrupt intersected with e.g. an IPI in the guest.
|
||||
|
||||
In addition, the MSR intercept bitmap wasn't updated to correspond to
|
||||
whether "virtualize x2APIC mode" was enabled. This path used not to be
|
||||
triggered, since Windows didn't use x2APIC but rather their own
|
||||
synthetic APIC access MSRs; however it represented a security risk
|
||||
because the guest running in a SynIC-enabled VM could switch to x2APIC
|
||||
and thus obtain direct access to host APIC MSRs (thanks to Yang Zhang
|
||||
<yang.zhang.wz@gmail.com> for spotting this).
|
||||
|
||||
The patch fixes those omissions.
|
||||
|
||||
Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
|
||||
Cc: Steve Rutherford <srutherford@google.com>
|
||||
Cc: Yang Zhang <yang.zhang.wz@gmail.com>
|
||||
---
|
||||
arch/x86/kvm/vmx.c | 48 ++++++++++++++++++++++++++++++------------------
|
||||
1 file changed, 30 insertions(+), 18 deletions(-)
|
||||
|
||||
--- a/arch/x86/kvm/vmx.c
|
||||
+++ b/arch/x86/kvm/vmx.c
|
||||
@@ -2397,7 +2397,9 @@ static void vmx_set_msr_bitmap(struct kv
|
||||
|
||||
if (is_guest_mode(vcpu))
|
||||
msr_bitmap = vmx_msr_bitmap_nested;
|
||||
- else if (vcpu->arch.apic_base & X2APIC_ENABLE) {
|
||||
+ else if (cpu_has_secondary_exec_ctrls() &&
|
||||
+ (vmcs_read32(SECONDARY_VM_EXEC_CONTROL) &
|
||||
+ SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE)) {
|
||||
if (is_long_mode(vcpu))
|
||||
msr_bitmap = vmx_msr_bitmap_longmode_x2apic;
|
||||
else
|
||||
@@ -4758,6 +4760,19 @@ static void vmx_refresh_apicv_exec_ctrl(
|
||||
struct vcpu_vmx *vmx = to_vmx(vcpu);
|
||||
|
||||
vmcs_write32(PIN_BASED_VM_EXEC_CONTROL, vmx_pin_based_exec_ctrl(vmx));
|
||||
+ if (cpu_has_secondary_exec_ctrls()) {
|
||||
+ if (kvm_vcpu_apicv_active(vcpu))
|
||||
+ vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL,
|
||||
+ SECONDARY_EXEC_APIC_REGISTER_VIRT |
|
||||
+ SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);
|
||||
+ else
|
||||
+ vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL,
|
||||
+ SECONDARY_EXEC_APIC_REGISTER_VIRT |
|
||||
+ SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);
|
||||
+ }
|
||||
+
|
||||
+ if (cpu_has_vmx_msr_bitmap())
|
||||
+ vmx_set_msr_bitmap(vcpu);
|
||||
}
|
||||
|
||||
static u32 vmx_exec_control(struct vcpu_vmx *vmx)
|
||||
@@ -6313,23 +6328,20 @@ static __init int hardware_setup(void)
|
||||
|
||||
set_bit(0, vmx_vpid_bitmap); /* 0 is reserved for host */
|
||||
|
||||
- if (enable_apicv) {
|
||||
- for (msr = 0x800; msr <= 0x8ff; msr++)
|
||||
- vmx_disable_intercept_msr_read_x2apic(msr);
|
||||
-
|
||||
- /* According SDM, in x2apic mode, the whole id reg is used.
|
||||
- * But in KVM, it only use the highest eight bits. Need to
|
||||
- * intercept it */
|
||||
- vmx_enable_intercept_msr_read_x2apic(0x802);
|
||||
- /* TMCCT */
|
||||
- vmx_enable_intercept_msr_read_x2apic(0x839);
|
||||
- /* TPR */
|
||||
- vmx_disable_intercept_msr_write_x2apic(0x808);
|
||||
- /* EOI */
|
||||
- vmx_disable_intercept_msr_write_x2apic(0x80b);
|
||||
- /* SELF-IPI */
|
||||
- vmx_disable_intercept_msr_write_x2apic(0x83f);
|
||||
- }
|
||||
+ for (msr = 0x800; msr <= 0x8ff; msr++)
|
||||
+ vmx_disable_intercept_msr_read_x2apic(msr);
|
||||
+
|
||||
+ /* According SDM, in x2apic mode, the whole id reg is used. But in
|
||||
+ * KVM, it only use the highest eight bits. Need to intercept it */
|
||||
+ vmx_enable_intercept_msr_read_x2apic(0x802);
|
||||
+ /* TMCCT */
|
||||
+ vmx_enable_intercept_msr_read_x2apic(0x839);
|
||||
+ /* TPR */
|
||||
+ vmx_disable_intercept_msr_write_x2apic(0x808);
|
||||
+ /* EOI */
|
||||
+ vmx_disable_intercept_msr_write_x2apic(0x80b);
|
||||
+ /* SELF-IPI */
|
||||
+ vmx_disable_intercept_msr_write_x2apic(0x83f);
|
||||
|
||||
if (enable_ept) {
|
||||
kvm_mmu_set_mask_ptes(0ull,
|
|
@ -49,6 +49,7 @@ bugfix/mips/MIPS-Disable-preemption-during-prctl-PR_SET_FP_MODE.patch
|
|||
bugfix/mips/MIPS-Force-CPUs-to-lose-FP-context-during-mode-switc.patch
|
||||
bugfix/x86/revert-sp5100_tco-fix-the-device-check-for-SB800-and.patch
|
||||
bugfix/powerpc/powerpc-fix-sstep-compile-on-powerpcspe.patch
|
||||
bugfix/arm/dwc3-exynos-fix-deferred-probing-storm.patch
|
||||
|
||||
# Arch features
|
||||
features/mips/MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch
|
||||
|
@ -103,6 +104,12 @@ bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch
|
|||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||
bugfix/all/KVM-MTRR-remove-MSR-0x2f8.patch
|
||||
bugfix/all/media-videobuf2-v4l2-verify-planes-array-in-buffer-d.patch
|
||||
bugfix/all/tipc-check-nl-sock-before-parsing-nested-attributes.patch
|
||||
bugfix/x86/kvm-vmx-more-complete-state-update-on-apicv-on-off.patch
|
||||
bugfix/all/usb-usbfs-fix-potential-infoleak-in-devio.patch
|
||||
bugfix/all/alsa-timer-fix-leak-in-sndrv_timer_ioctl_params.patch
|
||||
bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_cca.patch
|
||||
bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_tin.patch
|
||||
|
||||
# Tools bug fixes
|
||||
bugfix/all/usbip-document-tcp-wrappers.patch
|
||||
|
|
Loading…
Reference in New Issue