From 6e05e68d7a096261e650a2f4a03fed9f65a32092 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Wed, 13 Apr 2016 20:37:31 +0100 Subject: [PATCH] Update to 4.5.1 --- debian/changelog | 211 +++++++++++++++++- .../bugfix/all/uas-fix-high-order-alloc.patch | 29 --- ...-port-access-when-securelevel-is-ena.patch | 4 +- debian/patches/series | 1 - 4 files changed, 212 insertions(+), 33 deletions(-) delete mode 100644 debian/patches/bugfix/all/uas-fix-high-order-alloc.patch diff --git a/debian/changelog b/debian/changelog index 9f58aab48..3c9772e7e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,213 @@ -linux (4.5-1~exp2) UNRELEASED; urgency=medium +linux (4.5.1-1~exp1) UNRELEASED; urgency=medium + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1 + - [x86] entry/compat: Keep TS_COMPAT set during signal delivery + - [x86] perf/intel: Add definition for PT PMI bit + - [x86] KVM: fix missed hardware breakpoints + - [x86] KVM: i8254: change PIT discard tick policy + - [x86] KVM: fix spin_lock_init order on x86 + - [x86] KVM: VMX: avoid guest hang on invalid invept instruction + - [x86] KVM: VMX: avoid guest hang on invalid invvpid instruction + - [x86] KVM: VMX: fix nested vpid for old KVM guests + - perf/core: Fix perf_sched_count derailment + - perf tools: Fix checking asprintf return value + - Thermal: Ignore invalid trip points + - sched/cputime: Fix steal_account_process_tick() to always return jiffies + - sched/fair: Avoid using decay_load_missed() with a negative value + - [x86] EDAC/sb_edac: Fix computation of channel address + - [x86] EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr() + - [s390x] fix floating pointer register corruption (again) + - [s390x] cpumf: add missing lpp magic initialization + - [s390x] pci: enforce fmb page boundary rule + - [armhf] pinctrl-bcm2835: Fix cut-and-paste error in "pull" parsing + - [x86] irq: Cure live lock in fixup_irqs() + - [x86] apic: Fix suspicious RCU usage in + smp_trace_call_function_interrupt() + - [amd64] iopl: Properly context-switch IOPL on Xen PV (CVE-2016-3157) + - [x86] mm: TLB_REMOTE_SEND_IPI should count pages + - sg: fix dxferp in from_to case + - aacraid: Fix RRQ overload + - aacraid: Fix memory leak in aac_fib_map_free + - aacraid: Set correct msix count for EEH recovery + - sd: Fix discard granularity when LBPRZ=1 + - ncr5380: Correctly clear command pointers and lists after bus reset + - ncr5380: Dont release lock for PIO transfer + - ncr5380: Dont re-enter NCR5380_select() + - ncr5380: Forget aborted commands + - ncr5380: Fix NCR5380_select() EH checks and result handling + - ncr5380: Call scsi_eh_prep_cmnd() and scsi_eh_restore_cmnd() as and when + appropriate + - scsi: storvsc: fix SRB_STATUS_ABORTED handling + - be2iscsi: set the boot_kset pointer to NULL in case of failure + - aic7xxx: Fix queue depth handling + - libnvdimm: Fix security issue with DSM IOCTL. + - libnvdimm, pmem: fix kmap_atomic() leak in error path + - dm snapshot: disallow the COW and origin devices from being identical + - dm: fix excessive dm-mq context switching + - dm thin metadata: don't issue prefetches if a transaction abort + has failed + - dm cache: make sure every metadata function checks fail_io + - dm: fix rq_end_stats() NULL pointer in dm_requeue_original_request() + - usb: retry reset if a device times out + - usb: hub: fix a typo in hub_port_init() leading to wrong logic + - USB: cdc-acm: more sanity checking (CVE-2016-3138) + - USB: iowarrior: fix oops with malicious USB descriptors (incomplete fix + for CVE-2016-2188) + - USB: usb_driver_claim_interface: add sanity checking + - USB: mct_u232: add sanity checking in probe + - USB: digi_acceleport: do sanity checking for the number of ports + - USB: cypress_m8: add endpoint sanity check + - Input: powermate - fix oops with malicious USB descriptors + (CVE-2016-2186) + - ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk() + (CVE-2016-2184) + - ALSA: usb-audio: Add sanity checks for endpoint accesses (CVE-2016-2184) + - ALSA: usb-audio: Minor code cleanup in create_fixed_stream_quirk() + - ALSA: usb-audio: Fix double-free in error paths after + snd_usb_add_audio_stream() call + - crypto: ccp - Add hash state import and export support + - crypto: ccp - Limit the amount of information exported + - crypto: ccp - Don't assume export/import areas are aligned + - crypto: ccp - memset request context to zero during import + - crypto: keywrap - memzero the correct memory + - [armel/marvell,armhf] crypto: marvell/cesa - forward + devm_ioremap_resource() error code + - [x86] mei: bus: check if the device is enabled before data transfer + - tpm: fix the rollback in tpm_chip_register() + - tpm_crb: tpm2_shutdown() must be called before tpm_chip_unregister() + - tpm_eventlog.c: fix binary_bios_measurements + - tpm: fix the cleanup of struct tpm_chip + - HID: logitech: fix Dual Action gamepad support + - HID: i2c-hid: fix OOB write in i2c_hid_set_or_send_report() + - HID: multitouch: force retrieving of Win8 signature blob + - HID: fix hid_ignore_special_drivers module parameter + - staging: comedi: ni_tiocmd: change mistaken use of start_src for start_arg + - staging: comedi: ni_mio_common: fix the ni_write[blw]() functions + - tty: Fix GPF in flush_to_ldisc(), part 2 + - net: irda: Fix use-after-free in irtty_open() + - 8250: use callbacks to access UART_DLL/UART_DLM + - saa7134: Fix bytesperline not being set correctly for planar formats + - adv7511: TX_EDID_PRESENT is still 1 after a disconnect + - bttv: Width must be a multiple of 16 when capturing planar formats + - coda: fix first encoded frame payload + - media: v4l2-compat-ioctl32: fix missing length copy in put_v4l2_buffer32 + - mtip32xx: Avoid issuing standby immediate cmd during FTL rebuild + - mtip32xx: Fix broken service thread handling + - mtip32xx: Remove unwanted code from taskfile error handler + - mtip32xx: Fix for rmmod crash when drive is in FTL rebuild + - mtip32xx: Handle safe removal during IO + - mtip32xx: Handle FTL rebuild failure state during device initialization + - mtip32xx: Implement timeout handler + - mtip32xx: Cleanup queued requests after surprise removal + - ALSA: hda - Fix unexpected resume through regmap code path + - ALSA: hda - Apply reboot D3 fix for CX20724 codec, too + - [x86] ALSA: intel8x0: Add clock quirk entry for AD1981B on IBM + ThinkPad X41. + - ALSA: hda - Don't handle ELD notify from invalid port + - [x86] ALSA: hda - fix the mic mute button and led problem for a Lenovo AIO + - ALSA: hda - Fix unconditional GPIO toggle via automute + - [x86] ALSA: hda - Limit i915 HDMI binding only for HSW and later + - [x86] ALSA: hda - Fix spurious kernel WARNING on Baytrail HDMI + - [x86] ALSA: hda - Really restrict i915 notifier to HSW+ + - ALSA: hda - Fix forgotten HDMI monitor_present update + - [x86] ALSA: hda - Workaround for unbalanced i915 power refcount by + concurrent probe + - ALSA: hda - Fix missing ELD update at unplugging + - jbd2: fix FS corruption possibility in jbd2_journal_destroy() on + umount path + - [arm64] Update PTE_RDONLY in set_pte_at() for PROT_NONE permission + - brd: Fix discard request processing + - IB/srpt: Simplify srpt_handle_tsk_mgmt() + - bcache: cleaned up error handling around register_cache() + - bcache: fix race of writeback thread starting before complete + initialization + - bcache: fix cache_set_flush() NULL pointer dereference on OOM + - mm: memcontrol: reclaim when shrinking memory.high below usage + - mm: memcontrol: reclaim and OOM kill when shrinking memory.max below usage + - watchdog: don't run proc_watchdog_update if new value is same as old + - Bluetooth: Fix potential buffer overflow with Add Advertising + - cgroup: ignore css_sets associated with dead cgroups during migration + - [amrhf] net: mvneta: enable change MAC address when interface is up + - brcmfmac: Increase nr of supported flowrings. + - of: alloc anywhere from memblock if range not specified + - vfs: show_vfsstat: do not ignore errors from show_devname method + - splice: handle zero nr_pages in splice_to_pipe() + - quota: Fix possible GPF due to uninitialised pointers + - xfs: fix two memory leaks in xfs_attr_list.c error paths + - raid1: include bio_end_io_list in nr_queued to prevent freeze_array hang + - md/raid5: Compare apples to apples (or sectors to sectors) + - RAID5: check_reshape() shouldn't call mddev_suspend + - RAID5: revert e9e4c377e2f563 to fix a livelock + - raid10: include bio_end_io_list in nr_queued to prevent freeze_array hang + - md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list + - md: multipath: don't hardcopy bio in .make_request path + - fuse: do not use iocb after it may have been freed + - fuse: Add reference counting for fuse_io_priv + - fs/coredump: prevent fsuid=0 dumps into user-controlled directories + - [armhf] drm/vc4: Return -EFAULT on copy_from_user() failure + - [x86] drm/radeon: disable runtime pm on PX laptops without dGPU + power control + - drm/radeon: Don't drop DP 2.7 Ghz link setup on some cards. + - drm/radeon: rework fbdev handling on chips with no connectors + - drm/radeon/mst: fix regression in lane/link handling. + - [x86] drm/amdgpu: disable runtime pm on PX laptops without dGPU + power control + - drm/amdgpu: include the right version of gmc header files for iceland + - drm/amd/powerplay: add uvd/vce dpm enabling flag to fix the performance + issue for CZ + - tracing: Have preempt(irqs)off trace preempt disabled functions + - tracing: Fix crash from reading trace_pipe with sendfile + - tracing: Fix trace_printk() to print when not using bprintk() + - bitops: Do not default to __clear_bit() for __clear_bit_unlock() + - [x86] ideapad-laptop: Add ideapad Y700 (15) to the no_hw_rfkill DMI list + - mmc: block: fix ABI regression of mmc_blk_ioctl + - mmc: mmc_spi: Add Card Detect comments and fix CD GPIO case + - mmc: sdhci: move initialisation of command error member + - mmc: sdhci: clean up command error handling + - mmc: sdhci: fix command response CRC error handling + - mmc: sdhci: further fix for DMA unmapping in sdhci_post_req() + - mmc: sdhci: avoid unnecessary mapping/unmapping of align buffer + - mmc: sdhci: plug DMA mapping leak on error + - mmc: sdhci: fix data timeout + - [armhf] mmc: tegra: Disable UHS-I modes for tegra114 + - [armhf] mmc: tegra: properly disable card clock + - mmc: sdhci: Fix override of timeout clk wrt max_busy_timeout + - [armhf] clk: rockchip: rk3368: fix cpuclk mux bit of big cpu-cluster + - [armhf] clk: rockchip: rk3368: fix cpuclk core dividers + - [armhf] clk: rockchip: rk3368: fix parents of video encoder/decoder + - [armhf] clk: rockchip: rk3368: fix hdmi_cec gate-register + - [armhf] clk: rockchip: add hclk_cpubus to the list of rk3188 + critical clocks + - [armhf] clk: bcm2835: Fix setting of PLL divider clock rates + - target: Fix target_release_cmd_kref shutdown comp leak + - iser-target: Fix identification of login rx descriptor type + - iser-target: Separate flows for np listeners and connections cma events + - iser-target: Rework connection termination + - nfsd4: fix bad bounds checking + - nfsd: fix deadlock secinfo+readdir compound + - ACPI / PM: Runtime resume devices when waking from hibernate + - writeback, cgroup: fix premature wb_put() in + locked_inode_to_wb_and_lock_list() + - writeback, cgroup: fix use of the wrong bdi_writeback which mismatches + the inode + - Input: synaptics - handle spurious release of trackstick buttons, again + - Input: ati_remote2 - fix crashes on detecting device with invalid + descriptor (CVE-2016-2185) + - ocfs2: o2hb: fix double free bug + - ocfs2/dlm: fix race between convert and recovery + - ocfs2/dlm: fix BUG in dlm_move_lockres_to_recovery_list + - mm/page_alloc: prevent merging between isolated and other pageblocks + - mtd: onenand: fix deadlock in onenand_block_markbad + - [x86] intel_idle: prevent SKL-H boot failure when C8+C9+C10 enabled + - PM / sleep: Clear pm_suspend_global_flags upon hibernate + - scsi_common: do not clobber fixed sense information + - sched/cputime: Fix steal time accounting vs. CPU hotplug + - [x86] perf/pebs: Add workaround for broken OVFL status on HSW+ + - [x86] perf/intel/uncore: Remove SBOX support for BDX-DE + - [x86] perf/intel: Fix PEBS warning by only restoring active PMU in pmi + - [x86] perf/intel: Use PAGE_SIZE for PEBS buffer size on Core2 + - [x86] perf/intel: Fix PEBS data source interpretation on Nehalem/Westmere [ Ben Hutchings ] * mm: exclude ZONE_DEVICE from GFP_ZONE_TABLE diff --git a/debian/patches/bugfix/all/uas-fix-high-order-alloc.patch b/debian/patches/bugfix/all/uas-fix-high-order-alloc.patch deleted file mode 100644 index 25b4fae4b..000000000 --- a/debian/patches/bugfix/all/uas-fix-high-order-alloc.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: Hans de Goede -Date: Fri, 04 Mar 2016 07:18:00 +0000 -Subject: uas: Fix high-order alloc -Origin: http://thread.gmane.org/gmane.linux.usb.general/138042/focus=111495 - -Can you try building a kernel with the following line in drivers/usb/storage/uas.c : - - .can_queue = 65536, /* Is there a limit on the _host_ ? */ - -(around line 815) Replaced with - - .can_queue = MAX_CMNDS, - -That should help as MAX_CMNDS is 256, so claiming that we can queue more -is not helpful, and that likely is what is causing this quite high order alloc. - -Reported-and-tested-by: Yves-Alexis Perez ---- ---- a/drivers/usb/storage/uas.c -+++ b/drivers/usb/storage/uas.c -@@ -812,7 +812,7 @@ static struct scsi_host_template uas_hos - .slave_configure = uas_slave_configure, - .eh_abort_handler = uas_eh_abort_handler, - .eh_bus_reset_handler = uas_eh_bus_reset_handler, -- .can_queue = 65536, /* Is there a limit on the _host_ ? */ -+ .can_queue = MAX_CMNDS, /* Is there a limit on the _host_ ? */ - .this_id = -1, - .sg_tablesize = SG_NONE, - .skip_settle_delay = 1, diff --git a/debian/patches/features/all/securelevel/x86-lock-down-io-port-access-when-securelevel-is-ena.patch b/debian/patches/features/all/securelevel/x86-lock-down-io-port-access-when-securelevel-is-ena.patch index b62f47511..8201450f2 100644 --- a/debian/patches/features/all/securelevel/x86-lock-down-io-port-access-when-securelevel-is-ena.patch +++ b/debian/patches/features/all/securelevel/x86-lock-down-io-port-access-when-securelevel-is-ena.patch @@ -33,7 +33,7 @@ Signed-off-by: Matthew Garrett return -EPERM; /* -@@ -103,7 +104,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, leve +@@ -108,7 +109,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, leve return -EINVAL; /* Trying to gain more privileges? */ if (level > old) { @@ -41,7 +41,7 @@ Signed-off-by: Matthew Garrett + if (!capable(CAP_SYS_RAWIO) || (get_securelevel() > 0)) return -EPERM; } - regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); + regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -27,6 +27,7 @@ diff --git a/debian/patches/series b/debian/patches/series index 342528080..dc17cfc9a 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -108,7 +108,6 @@ bugfix/x86/x86-efi-setup-separate-efi-page-tables-in-kexec-path.patch debian/i386-686-pae-pci-set-pci-nobios-by-default.patch bugfix/x86/x86-efi-bgrt-fix-kernel-panic-when-mapping-bgrt-data.patch bugfix/x86/x86-efi-bgrt-replace-early_memremap-with-memremap.patch -bugfix/all/uas-fix-high-order-alloc.patch bugfix/x86/x86-mm-pat-fix-boot-crash-when-1gb-pages-are-not-supported.patch bugfix/all/netfilter-x_tables-check-for-size-overflow.patch bugfix/x86/vmxnet3-fix-lock-imbalance-in-vmxnet3_tq_xmit.patch