diff --git a/debian/bin/check-patches.sh b/debian/bin/check-patches.sh index 44542128e..5885412f8 100755 --- a/debian/bin/check-patches.sh +++ b/debian/bin/check-patches.sh @@ -15,8 +15,12 @@ echo echo "Patches without required headers" echo "================================" xargs egrep -l '^(Subject|Description):' < $TMPDIR/used | xargs egrep -l '^(From|Author|Origin):' > $TMPDIR/goodheaders || test $? = 1 -fgrep -v -f $TMPDIR/goodheaders $TMPDIR/used +fgrep -v -f $TMPDIR/goodheaders $TMPDIR/used || test $? = 1 echo echo "Patches without Origin or Forwarded header" echo "==========================================" -xargs egrep -L '^(Origin|Forwarded):' < $TMPDIR/used || test $? = 1 +xargs egrep -L '^(Origin:|Forwarded: (no\b|not-needed|http))' < $TMPDIR/used || test $? = 1 +echo +echo "Patches to be forwarded" +echo "=======================" +xargs egrep -l '^Forwarded: no\b' < $TMPDIR/used || test $? = 1 diff --git a/debian/bin/gencontrol.py b/debian/bin/gencontrol.py index 6d0e0fdc2..6c0701dce 100755 --- a/debian/bin/gencontrol.py +++ b/debian/bin/gencontrol.py @@ -60,8 +60,7 @@ class Gencontrol(Base): makeflags.update({ 'VERSION': self.version.linux_version, 'UPSTREAMVERSION': self.version.linux_upstream, - 'ABINAME': self.abiname, - 'ABINAME_PART': self.abiname_part, + 'ABINAME': self.abiname_version + self.abiname_part, 'SOURCEVERSION': self.version.complete, }) @@ -130,8 +129,7 @@ class Gencontrol(Base): except KeyError: abiname_part = self.abiname_part makeflags['ABINAME'] = vars['abiname'] = \ - self.version.linux_upstream + abiname_part - makeflags['ABINAME_PART'] = abiname_part + self.abiname_version + abiname_part if foreign_kernel: packages_headers_arch = [] @@ -466,17 +464,21 @@ class Gencontrol(Base): self.abiname_part = '' else: self.abiname_part = '-%s' % self.config['abi', ]['abiname'] - self.abiname = self.version.linux_upstream + self.abiname_part + # We need to keep at least three version components to avoid + # userland breakage (e.g. #742226, #745984). + self.abiname_version = re.sub('^(\d+\.\d+)(?=-|$)', r'\1.0', + self.version.linux_upstream) self.vars = { 'upstreamversion': self.version.linux_upstream, 'version': self.version.linux_version, 'source_upstream': self.version.upstream, 'source_package': self.changelog[0].source, - 'abiname': self.abiname, + 'abiname': self.abiname_version + self.abiname_part, } self.config['version', ] = {'source': self.version.complete, 'upstream': self.version.linux_upstream, - 'abiname': self.abiname} + 'abiname': (self.abiname_version + + self.abiname_part)} distribution = self.changelog[0].distribution if distribution in ('unstable', ): diff --git a/debian/changelog b/debian/changelog index 8818a5134..d6737d0a8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -28,6 +28,594 @@ linux (3.17~rc5-1~exp1) experimental; urgency=medium -- maximilian attems Thu, 18 Sep 2014 23:50:00 +0200 +linux (3.16.7-2) unstable; urgency=medium + + [ Ian Campbell ] + * Disable TSO in mv643xx_eth driver by default (Closes: #764162). + + [ Aurelien Jarno ] + * [i386] Rename 486 flavour to 586 for udebs. (Closes: #768288) + + [ Ben Hutchings ] + * [hppa] udeb: Fix modules in multiple packages (Closes: 768297) + + -- Ben Hutchings Thu, 06 Nov 2014 17:42:26 +0000 + +linux (3.16.7-1) unstable; urgency=medium + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.6 + - rtnetlink: fix VF info size (regression in 3.11) + - myri10ge: check for DMA mapping errors + - Revert "macvlan: simplify the structure port" (regression in 3.16) + - tcp: don't use timestamp from repaired skb-s to calculate RTT (v2) + (regression in 3.15) + - tcp: fix tcp_release_cb() to dispatch via address family for + mtu_reduced() + - tipc: fix message importance range check (regression in 3.15) + - packet: handle too big packets for PACKET_V3 + - bnx2x: Revert UNDI flushing mechanism (regression in 3.14) + - net: ipv6: fib: don't sleep inside atomic lock (regression in 3.15) + - openvswitch: fix panic with multiple vlan headers + - ipv6: fix rtnl locking in setsockopt for anycast and multicast + - l2tp: fix race while getting PMTU on PPP pseudo-wire (regression in 3.15) + - ipv6: restore the behavior of ipv6_sock_ac_drop() + - bonding: fix div by zero while enslaving and transmitting + (regression in 3.12) + - net: filter: fix possible use after free (regression in 3.15) + - net: allow macvlans to move to net namespace (regression in 3.13) + - macvlan: allow to enqueue broadcast pkt on virtual device + (regression in 3.16) + - xfrm: Generate blackhole routes only from route lookup functions + - xfrm: Generate queueing routes only from route lookup functions + - macvtap: Fix race between device delete and open. + - net/mlx4_core: Allow not to specify probe_vf in SRIOV IB mode + (regression in 3.15) + - net/mlx4: Correctly configure single ported VFs from the host + (regression in 3.15) + - gro: fix aggregation for skb using frag_list (regression in 3.13) + - hyperv: Fix bug in netvsc_start_xmit() (potential use-after-free) + - team: avoid race condition in scheduling delayed work + - hyperv: Fix bug in netvsc_send() (potential use-after-free) + - sctp: handle association restarts when the socket is closed. + - net_sched: copy exts->type in tcf_exts_change() (regression in 3.14) + - crypto: caam - fix addressing of struct member + - driver/base/node: remove unnecessary kfree of node struct from + unregister_one_node (regression in 3.15) + https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.7 + - btrfs: wake up transaction thread from SYNC_FS ioctl + - Btrfs: fix up bounds checking in lseek + - Btrfs: don't do async reclaim during log replay + - Btrfs: cleanup error handling in build_backref_tree + - Btrfs: fix build_backref_tree issue with multiple shared blocks + - Btrfs: fix race in WAIT_SYNC ioctl + - fs: Add a missing permission check to do_umount (CVE-2014-7975) + - kvm: fix potentially corrupt mmio cache + - [x86] kvm,vmx: Preserve CR4 across VM entry (CVE-2014-3690) + - be2iscsi: check ip buffer before copying (stack buffer overflow) + - mptfusion: enable no_write_same for vmware scsi disks + - qla2xxx: fix kernel NULL pointer access (regression in 3.16) + (Closes: #764804) + - qla2xxx: Fix shost use-after-free on device removal (regression in 3.14) + - dmaengine: fix xor sources continuation + - [arm64] debug: don't re-enable debug exceptions on return from el1_dbg + - mei: bus: fix possible boundaries violation + - nfsv4: Fixing lease renewal (regression in 3.13) + - lzo: check for length overrun in variable length encoding. + - [armhf] tty: omap-serial: fix division by zero + - NFSv4: Fix lock recovery when CREATE_SESSION/SETCLIENTID_CONFIRM fails + - NFSv4: fix open/lock state recovery error handling + - NFSv4.1: Fix an NFSv4.1 state renewal regression + - nfsd4: reserve adequate space for LOCK op (regression in 3.16) + - NFS: Fix an uninitialised pointer Oops in the writeback error path + - NFS: Fix a bogus warning in nfs_generic_pgio (regression in 3.16.4) + - iwlwifi: mvm: disable BT Co-running by default + - [armel,armhf] PCI: mvebu: Fix uninitialized variable in + mvebu_get_tgt_attr() + - Revert "ath9k_hw: reduce ANI firstep range for older chips" + (regression in 3.15) + - fanotify: enable close-on-exec on events' fd when requested in + fanotify_init() + - futex: Ensure get_futex_key_refs() always implies a barrier + (regression in 3.14) + - [ppc64el] iommu/ddw: Fix endianness + - [arm64] compat: fix compat types affecting struct compat_elf_prpsinfo + - ALSA: emu10k1: Fix deadlock in synth voice lookup + - ALSA: hda - Add missing terminating entry to SND_HDA_PIN_QUIRK macro + - [armhf] mvebu: Netgear RN104: Use Hardware BCH ECC + - [armhf] mvebu: Netgear RN2120: Use Hardware BCH ECC + - [armhf] mvebu: Netgear RN102: Use Hardware BCH ECC + - ecryptfs: avoid to access NULL pointer when write metadata in xattr + - xfs: ensure WB_SYNC_ALL writeback handles partial pages correctly + - [sparc*] Do not disable interrupts in nmi_cpu_busy() + - [sparc*] Fix pcr_ops initialization and usage bugs. + - [sparc*] sun4v TLB error power off events + - [sparc*] Fix corrupted thread fault code. + - [sparc*] find_node adjustment + - [sparc*] Let memset return the address argument + - [sparc*] bpf_jit: fix support for ldx/stx mem and SKF_AD_VLAN_TAG + - [sparc*] bpf_jit: fix loads from negative offsets + - [sparc*] Fix FPU register corruption with AES crypto offload. + - [sparc*] Do not define thread fpregs save area as zero-length array. + - [sparc*] Fix hibernation code refrence to PAGE_OFFSET. + - [sparc*] correctly recognise M6 and M7 cpu type + - [sparc*] T5 PMU + - [sparc*] Switch to 4-level page tables. + - [sparc*] Adjust KTSB assembler to support larger physical addresses. + - [sparc*] Fix physical memory management regressions with large + max_phys_bits. + - [sparc*] Use kernel page tables for vmemmap. + - [sparc*] Increase MAX_PHYS_ADDRESS_BITS to 53. + - [sparc*] sparse irq + - [sparc*] Fix register corruption in top-most kernel stack frame during + boot. + - [sparc*] Implement __get_user_pages_fast(). + + [ Ben Hutchings ] + * [i386] Rename 486 flavour to 586, as it has not worked on 486 processors + since we enabled CC_STACKPROTECTOR (Closes: #766105) + - Select M586TSC instead of M486 + * [x86] r8723au: Backport changes up to Linux 3.17 (Closes: #765685) + * mmc_block: Increase max_devices and set MMC_BLOCK_MINORS to 256 + (Closes: #765621) + * [x86] drm/i915: Initialise userptr mmu_notifier serial to 1 + (Closes: #765590) + * rtsx_usb_ms: Use msleep_interruptible() in polling loop (Closes: #765717) + * Bump ABI to 4 + * Add '.0' to the kernel version string (Closes: #742226, #745984) + * vfs,fuse: Change iov_iter_get_pages() to take both maxsize and maxpages + parameters (Closes: #764285) + * lockd: Try to reconnect if statd has moved (Closes: #767219) + * m25p80: Fix module device ID table + * HID: i2c-hid: call the hid driver's suspend and resume callbacks + (Closes: #767204) + * [x86] drm/i915: Add some L3 registers to the parser whitelist + (Closes: #767148) + * wireless: rt2x00: add new rt2800usb device (thanks to Cyril Brulebois) + (Closes: #766802) + * drivers/net,ipv6: Fix virtio/IPv6 regression in 3.16: + - drivers/net: Disable UFO through virtio + - drivers/net,ipv6: Select IPv6 fragment idents for virtio UFO packets + * [x86] KVM: Check non-canonical addresses upon WRMSR (CVE-2014-3610) + * [x86] KVM: Prevent host from panicking on shared MSR writes. + (CVE-2014-3610) + * [x86] KVM: Improve thread safety in pit (CVE-2014-3611) + * [x86] kvm: vmx: handle invvpid vm exit gracefully (CVE-2014-3646) + * [x86] KVM: Fix wrong masking on relative jump/call + * [x86] KVM: Emulator fixes for eip canonical checks on near branches + (CVE-2014-3647) + * [x86] KVM: Handle errors when RIP is set during far jumps (CVE-2014-3647) + * [x86] KVM: Fix far-jump to non-canonical check + * net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks + (CVE-2014-3673) + * net: sctp: fix panic on duplicate ASCONF chunks (CVE-2014-3687) + * net: sctp: fix remote memory pressure from excessive queueing + (CVE-2014-3688) + * mnt: Prevent pivot_root from creating a loop in the mount tree + (CVE-2014-7970) + * linux-image: Recommend irqbalance if CONFIG_SMP is enabled + (Closes: #577788) + * [armhf] leds: Enable LEDS_PWM as module (for Cubox-i) + * [x86] Backport Thunderbolt support on Apple computers from 3.17 + * [x86] linux-image: Remove lilo from suggested boot loaders + * [amd64] linux-image: Add grub-efi to suggested boot loaders + * [hppa] Reduce SIGRTMIN from 37 to 32 to behave like other Linux + architectures (Closes: #766635) + * [hppa] udeb: Add many more module packages (Closes: #766793) + * iwlwifi: Backport firmware monitor from 3.17 (Closes: #767088) + * bug script: Warn if the running kernel matches the ABI name of the + package but is not the installed version + + [ Mauricio Faria de Oliveira ] + * [ppc64el] Disable CONFIG_CMDLINE{,_BOOL} usage for setting consoles + (Closes: #764745) + + [ Uwe Kleine-König ] + * [armhf] enable rtc driver for i.MX6 + * [armhf] add chipidea usb host driver to usb-modules-$version-armmmp-di + for i.MX6 + * [armhf] enable PCI and NAND driver for Armada 370 + * [armhf] enable RTC, GPIO_PCA953X, SENSORS_G762 and watchdog driver for + Netgear ReadyNAS 102/104 + + [ Ian Campbell ] + * [armhf] Build i2c-s3c2410 statically, it is used by the arndale power + controller. + * [armhf] Backport device tree file for Olimex A20-OLinuXino-LIME. (Closes: #764967) + * [armhf] Enable various drivers for the Nokia N900. Patch from Sebastian + Reichel. (Closes: #766070) + * [arm64] Enable EHCI and OHCI platform USB HCD drivers. + * Enable MTD and MTDBLOCK in top-level config. + * [armhf] Add mtd-modules udeb. Patch from Uwe Kleine-Koenig. + + [ Aurelien Jarno ] + * [mips*] Backport a hugetlb fix for Octeon from 3.18. + * [mips*] Backport math emulation fix for MIPS32r2 from 3.18. + * [mips*] Only define MAX_PHYSMEM_BITS on Loongson-3, until a better fix + is committed upstream. Fixes Loongson-2 kernel and maybe more. Closes: + #764223. + * [mips*/octeon] Add support for the UBNT E200 board (EdgeRouter/EdgeRouter + Pro 8 port). + * [mips*/octeon] Enable SERIAL_8250_DW. Disable KEYBOARD_ATKBD, MOUSE_PS2, + SERIO_I8042. + * [mips*/octeon] Really enable USB_OCTEON_EHCI and USB_OCTEON_OHCI. Closes: + Closes: #762066. + + -- Ben Hutchings Tue, 04 Nov 2014 09:47:27 +0000 + +linux (3.16.5-1) unstable; urgency=medium + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.4 + - module: Clean up ro/nx after early module load failures + (regression in 3.16) + - [armhf] cpufreq: OPP: Avoid sleeping while atomic + - [armhf] drm/tilcdc: Fix various bugs in removal path + - drm/ttm: Fix possible stack overflow by recursive shrinker calls. + - [x86] drm/i915: Fix crash when failing to parse MIPI VBT + (regression in 3.16) + - [x86] drm/i915: read HEAD register back in init_ring_common() to enforce + ordering (Closes: #763583) + - libata: widen Crucial M550 blacklist matching + - pata_scc: propagate return value of scc_wait_after_reset + - pwm: Fix period and polarity in pwm_get() for non-perfect matches + - aio: add missing smp_rmb() in read_events_ring + - [arm64] flush TLS registers during exec + - [arm64] use irq_set_affinity with force=false when migrating irqs + (regression in 3.15) + - [arm*] KVM: Nuke Hyp-mode tlbs before enabling MMU + - [x86] i2c: ismt: use correct length when copy buffer + - ftrace: Use current addr when converting to nop in + __ftrace_replace_code() (regression in 3.16) + - ALSA: core: fix buffer overflow in snd_info_get_line() + - ALSA: firewire-lib/dice: add arrangements of PCM pointer and interrupts + for Dice quirk (regression in 3.16) + - HID: picolcd: sanity check report size in raw_event() callback + (CVE-2014-3186) + - HID: magicmouse: sanity check report size in raw_event() callback + (CVE-2014-3181) + - HID: logitech-dj: prevent false errors to be shown (regression in 3.16.2) + - [x86] drm/i915: Skip load detect when intel_crtc->new_enable==true + (regression in 3.16) + - [x86] drm/i915: fix plane/cursor handling when runtime suspended + (regression in 3.14) + - [x86] drm/i915: Ignore VBT backlight presence check on Acer C720 (4005U) + (regression in 3.15) + - [x86] drm/i915: Wait for vblank before enabling the TV encoder + (regression in 3.16) + - [x86] drm/i915/hdmi: fix hdmi audio state readout (regression in 3.16) + - drm/radeon: Add ability to get and change dpm state when radeon PX card + is turned off (regression in 3.15) + - locks: pass correct "before" pointer to locks_unlink_lock in + generic_add_lease + - ufs: fix deadlocks introduced by sb mutex merge (regression in 3.16) + - USB: serial: fix potential stack buffer overflow + - USB: serial: fix potential heap buffer overflow + - USB: option: reduce interrupt-urb logging verbosity (regression in 3.16) + - [armhf] usb: phy: twl4030-usb: Fix lost interrupts after ID pin goes down + (regression in 3.13) + - [armhf] usb: phy: twl4030-usb: Fix regressions to runtime PM on omaps + (regressions in 3.14, 3.15) + - uwb: init beacon cache entry before registering uwb device + - usb: hub: take hub->hdev reference when processing from eventlist + - USB: EHCI: unlink QHs even after the controller has stopped + - Revert "ACPI / battery: fix wrong value of capacity_now reported when + fully charged" (regression in 3.16) + - [x86] iommu/vt-d: Check return value of acpi_bus_get_device() + (regression in 3.15) + - [armhf/armmp-lpae] iommu/arm-smmu: fix programming of SMMU_CBn_TCR for + stage 1 + - cgroup: check cgroup liveliness before unbreaking kernfs + (regression in 3.15) + - NFSv4: Fix another bug in the close/open_downgrade code + (regression in 3.16.2) + - nfsd4: fix corruption of NFSv4 read data (regression in 3.16) + - nfs: check wait_on_bit_lock err in page_group_lock + - nfs: clear_request_commit while holding i_lock + - nfs: fix nonblocking calls to nfs_page_group_lock + - nfs: use blocking page_group_lock in add_request + - nfs: fix error handling in lock_and_join_requests + - nfs: don't sleep with inode lock in lock_and_join_requests + - nfs: disallow duplicate pages in pgio page vectors + - nfs: can_coalesce_requests must enforce contiguity + - [armhf] 8129/1: errata: work around Cortex-A15 erratum 830321 using dummy + strex + - [armhf] 8133/1: use irq_set_affinity with force=false when migrating irqs + (regression in 3.15) + - [armel,armhf] 8148/1: flush TLS and thumbee register state during exec + - [armel,armhf] 8149/1: perf: Don't sleep while atomic when enabling + per-cpu interrupts (regression in 3.15) + - [armhf] imx: fix .is_enabled() of shared gate clock (regression in 3.16) + - [armhf] 8165/1: alignment: don't break misaligned NEON load/store + - [mips*] Fix MFC1 & MFHC1 emulation for 64-bit MIPS systems + (regression in 3.15) + - ACPICA: Update to GPIO region handler interface. + - gpio / ACPI: Use pin index and bit length + - ACPI / platform / LPSS: disable async suspend/resume of LPSS devices + (regression in 3.16) + - ACPI / hotplug: Generate online uevents for ACPI containers + (regression in 3.14) + - ACPI / video: disable native backlight for ThinkPad X201s + (regression in 3.16) + - regmap: Fix regcache debugfs initialization (regression in 3.15) + - regmap: Fix handling of volatile registers for format_write() chips + - regmap: Don't attempt block writes when syncing cache on single_rw + devices + - cgroup: reject cgroup names with '\n' + - cgroup: delay the clearing of cgrp->kn->priv + - cgroup: fix unbalanced locking (regression in 3.14) + - [s390*] KVM: Fix user triggerable bug in dead code + - [s390*] KVM: mm: try a cow on read only pages for key ops + - [s390*] KVM: mm: Fix storage key corruption during swapping + - [s390*] KVM: mm: Fix guest storage key corruption in + ptep_set_access_flags + - [x86] xen: don't copy bogus duplicate entries into kernel page tables + - [x86] early_ioremap: Increase FIX_BTMAPS_SLOTS to 8 (regression in 3.16) + - shmem: fix nlink for rename overwrite directory + - SMB3: Fix oops when creating symlinks on smb3 + - iio: Fix indio_dev->trig assignment in several drivers + - Target/iser: Don't put isert_conn inside disconnected handler + - target: Fix inverted logic in SE_DEV_ALUA_SUPPORT_STATE_STORE + (regression in 3.13) + - iscsi-target: Fix memory corruption in iscsit_logout_post_handler_diffcid + - SCSI: libiscsi: fix potential buffer overrun in __iscsi_conn_send_pdu + - Revert "iwlwifi: dvm: don't enable CTS to self" (regression in 3.16) + - iwlwifi: mvm: fix endianity issues with Smart Fifo commands + (regression in 3.14) + - iwlwifi: mvm: set MAC_FILTER_IN_BEACON correctly for STA/P2P client + (regression in 3.16) + - workqueue: apply __WQ_ORDERED to create_singlethread_workqueue() + (regression in 3.10) + - futex: Unlock hb->lock in futex_wait_requeue_pi() error path + - block: Fix dev_t minor allocation lifetime + - dm cache: fix race causing dirty blocks to be marked as clean + - percpu: fix pcpu_alloc_pages() failure path + - percpu: perform tlb flush after pcpu_map_pages() failure + - regulatory: add NUL to alpha2 + - lockd: fix rpcbind crash on lockd startup failure (regression in 3.15) + - genhd: fix leftover might_sleep() in blk_free_devt() + - eventpoll: fix uninitialized variable in epoll_ctl + - kcmp: fix standard comparison bug + - fs/notify: don't show f_handle if exportfs_encode_inode_fh failed + - nilfs2: fix data loss with mmap() + - mm, slab: initialize object alignment on cache creation + - fs/cachefiles: add missing \n to kerror conversions (regression in 3.16) + - mm: softdirty: keep bit when zapping file pte + - sched: Fix unreleased llc_shared_mask bit during CPU hotplug + - brcmfmac: handle IF event for P2P_DEVICE interface (regression in 3.12) + - ath9k_htc: fix random decryption failure (regression in 3.15) + - [powerpc,ppc*] Add smp_mb() to arch_spin_is_locked() + - [powerpc,ppc*] Add smp_mb()s to arch_spin_unlock_wait() + - [hppa] Implement new LWS CAS supporting 64 bit operations. + - alarmtimer: Return relative times in timer_gettime + - alarmtimer: Do not signal SIGEV_NONE timers + - alarmtimer: Lock k_itimer during timer callback + - GFS2: fix d_splice_alias() misuses + - IB/qib: Correct reference counting in debugfs qp_stats + - IB/mlx4: Avoid null pointer dereference in mlx4_ib_scan_netdevs() + (regression in 3.14) + - IB/mlx4: Don't duplicate the default RoCE GID (regression in 3.14) + - IB/core: When marshaling uverbs path, clear unused fields + (regression in 3.14) + - mm: Fix unbalanced mutex in dma_pool_create(). (regression in 3.16) + - PCI: Add pci_ignore_hotplug() to ignore hotplug events for a device + (regression in 3.15) + - Revert "PCI: Don't scan random busses in pci_scan_bridge()" + (regression in 3.15) + - drm/nouveau/runpm: fix module unload + - drm/radeon/px: fix module unload + - fs: Fix nasty 32-bit overflow bug in buffer i/o code. + - blk-mq: Avoid race condition with uninitialized requests + - [x86] crypto: ccp - Check for CCP before registering crypto algs + - nl80211: clear skb cb before passing to netlink + - Revert "PCI: Make sure bus number resources stay within their parents + bounds" (regression in 3.15) + - cpufreq: release policy->rwsem on error (regression in 3.14) + - cpufreq: fix cpufreq suspend/resume for intel_pstate (regression in 3.15) + - media: it913x: init tuner on attach (regression in 3.15) + - media: videobuf2-dma-sg: fix for wrong GFP mask to + sg_alloc_table_from_pages (regression in 3.13) + - media: vb2: fix vb2 state check when start_streaming fails + (regression in 3.16.3) + - media: vb2: fix plane index sanity check in vb2_plane_cookie() + - md/raid1: clean up request counts properly in close_sync() + (regression in 3.13) + - md/raid1: be more cautious where we read-balance during resync. + (regression in 3.13) + - md/raid1: make sure resync waits for conflicting writes to complete. + (regression in 3.13) + - md/raid1: Don't use next_resync to determine how far resync has + progressed (regression in 3.13) + - md/raid1: update next_resync under resync_lock. (regression in 3.13) + - md/raid1: count resync requests in nr_pending. (regression in 3.13) + - md/raid1: fix_read_error should act on all non-faulty devices. + - md/raid1: intialise start_next_window for READ case to avoid hang + (regression in 3.13) + - netfilter: xt_hashlimit: perform garbage collection from process context + - mmc: mmci: Reverse IRQ handling for the arm_variant (regression in 3.15) + - partitions: aix.c: off by one bug (regression in 3.11) + - cpufreq: update 'cpufreq_suspended' after stopping governors + - aio: block exit_aio() until all context requests are completed + - ext4: propagate errors up to ext4_find_entry()'s callers + - ext4: avoid trying to kfree an ERR_PTR pointer + https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.5 + - udf: Avoid infinite loop when processing indirect ICBs (CVE-2014-6410) + - ASoC: core: fix possible ZERO_SIZE_PTR pointer dereferencing error. + - perf: fix perf bug in fork() + - mm: memcontrol: do not iterate uninitialized memcgs (regression in 3.14) + - mm: migrate: Close race between migration completion and mprotect + - [x86] ACPI / i915: Update the condition to ignore firmware backlight + change request (regression in 3.16) + - [x86] cpufreq: pcc-cpufreq: Fix wait_event() under spinlock + (regression in 3.15) + - md/raid5: disable 'DISCARD' by default due to safety concerns. + - [x86] drm/i915: Flush the PTEs after updating them before suspend + (regression in 3.12) + - cifs: Fix problem recognizing symlinks (regression in 3.13) + - ring-buffer: Fix infinite spin in reading buffer (regression in 3.16.3) + - mm: numa: Do not mark PTEs pte_numa when splitting huge pages + - media: vb2: fix VBI/poll regression + + [ Ian Campbell ] + * [armhf] Add Exynos5 disk/usb/nic modules to udebs. + * [armhf] Backport BananaPi device tree files. Patch from Karsten + Merker (Closes: #763897). + + [ Ben Hutchings ] + * [hppa/parisc64-smp] Work around gcc 4.8 miscompilation (Closes: #762390) + * [powerpc/powerpc64,ppc64*] video/fb: Change FB_MATROX, FB_RADEON, FB_ATY, + FB_SIS, FB_3DFX, FB_VOODOO1 back to modules (Closes: #748398) + * udeb: Add pata_rdc to pata-modules (Closes: #633128) + * [s390*] 3215: fix tty output containing tabs (Closes: #758264) + * radeon: Don't check for installed firmware if driver is built-in + (Closes: #763305) + * Bump ABI to 3 + * vfs: fold swapping ->d_name.hash into switch_names() + * vfs: Don't exchange "short" filenames unconditionally. (Closes: #763700) + * [hppa,m68k,mips/r4k-ip22,sparc*] bluetooth: Enable BT as module + (Closes: #764524) + + [ Aurelien Jarno ] + * [arm64] Change RTC_DRV_PL031 and RTC_DRV_XGENE from modules to built-ins + as the kernel isn't able to initialize the system clock from a hardware + clock whose driver is a module, and as there is no initramfs mechanism + to do that. + * [armhf] Change RTC_DRV_DA9052, RTC_DRV_IMXDI, RTC_DRV_MC13XXX, + RTC_DRV_MV, RTC_DRV_MXC, RTC_DRV_OMAP, RTC_DRV_PL030, RTC_DRV_PL031, + RTC_DRV_S5M, RTC_DRV_SUNXI, RTC_DRV_VT8500 from modules to built-ins for + the same reason as above. + + -- Ben Hutchings Fri, 10 Oct 2014 09:15:17 +0100 + +linux (3.16.3-2) unstable; urgency=medium + + [ Ben Hutchings ] + * [s390*] syscall: Fix unimplented-syscall entries added before + memfd_create() (fixes FTBFS) (Closes: #762221) + * [armel/kirkwood] Change configuration to reduce kernel image size + (fixes FTBFS) (Closes: #762219) + - block: Change IOSCHED_DEADLINE to module + - gpu: Disable VGA_ARB + + [ Aurelien Jarno ] + * [mips*/octeon] Enable OCTEON_USB, USB_EHCI_HCD, USB_OHCI_HCD, + and USB_OCTEON_EHCI, USB_OCTEON_OHCI (Closes: #762066). + + -- Bastian Blank Sat, 20 Sep 2014 11:43:05 +0200 + +linux (3.16.3-1) unstable; urgency=medium + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3 + - reiserfs: fix corruption introduced by balance_leaf refactor + (regression in 3.16) (Closes: #761457) + - reiserfs: Fix use after free in journal teardown + - media: v4l: vb2: Fix stream start and buffer completion race + - [x86] iommu/vt-d: Exclude devices using RMRRs from IOMMU API domains + - [powerpc*] powerpc/powernv: Fix IOMMU group lost (regression in 3.15) + - [x86] iommu/vt-d: Defer domain removal if device is assigned to a driver + - [x86] iommu/amd: Fix cleanup_domain for mass device removal + - [s390*] locking: Reenable optimistic spinning + - firmware: Do not use WARN_ON(!spin_is_locked()) + - CAPABILITIES: remove undefined caps from all processes + - fanotify: fix double free of pending permission events + - ocfs2: do not write error flag to user structure we cannot copy from/to + - [powerpc*] mm: fix potential infinite loop in dissolve_free_huge_pages() + - drivers/mfd/rtsx_usb.c: export device table (Closes: #761428) + - [powerpc*] mm: Use read barrier when creating real_pte + - [powerpc*] thp: Add write barrier after updating the valid bit + - [powerpc*] thp: Invalidate old 64K based hash page mapping before insert + of 4k pte + - [powerpc*] thp: Handle combo pages in invalidate + - [powerpc*] thp: Invalidate with vpn in loop + - [powerpc*] thp: Use ACCESS_ONCE when loading pmdp + - SCSI: save command pool address of Scsi_Host (regression in 3.15) + - fix regression in SCSI_IOCTL_SEND_COMMAND (regression in 3.16) + - [mips*] GIC: Prevent array overrun + - [mips*] ptrace: Test correct task's flags in task_user_regset_view() + - [mips*] ptrace: Change GP regset to use correct core dump register layout + - [mips*] ptrace: Avoid smp_processor_id() when retrieving FPU IR + - [mips*] syscall: Fix AUDIT value for O32 processes on MIPS64 + - [mips*] scall64-o32: Fix indirect syscall detection + - [mips,powerpc] bfa: Fix undefined bit shift on big-endian architectures + with 32-bit DMA address + - ACPI / hotplug: Check scan handlers in acpi_scan_hot_remove() + (regression in 3.14) + - ACPI: Run fixed event device notifications in process context + (regression in 3.15) + - ACPI / scan: Allow ACPI drivers to bind to PNP device objects + (regression in 3.16) + - ACPI / EC: Add support to disallow QR_EC to be issued when SCI_EVT isn't + set (regression in 3.14.13, 3.16) + - ACPI / EC: Add support to disallow QR_EC to be issued before completing + previous QR_EC (regression in 3.14.13, 3.16) + - ACPI / scan: not cache _SUN value in struct acpi_device_pnp + (regression in 3.14) + - ACPI / video: Add a disable_native_backlight quirk + - ACPI / video: Disable native_backlight on HP ENVY 15 Notebook PC + - ring-buffer: Always reset iterator to reader page + - ring-buffer: Up rb_iter_peek() loop count to 3 + - vfs: get rid of propagate_umount() mistakenly treating slaves as busy. + (regression in 3.15) + - Bluetooth: Fix tracking local SSP authentication requirement + - Bluetooth: Avoid use of session socket after the session gets freed + - vfs: __generic_file_write_iter(): fix handling of sync error after DIO + (regression in 3.16) + - rbd: rework rbd_request_fn() (regression in 3.15) + - vfs: fix copy_tree() regression (regression in 3.14) + - md/raid1,raid10: always abort recover on write error. + - md/raid5: avoid livelock caused by non-aligned writes. + (regression in 3.16) + - md/raid6: avoid data corruption during recovery of double-degraded RAID6 + - md/raid10: fix memory leak when reshaping a RAID10. + - xfs: ensure verifiers are attached to recovered buffers + - xfs: quotacheck leaves dquot buffers without verifiers + - xfs: don't dirty buffers beyond EOF + - xfs: don't zero partial page cache pages during O_DIRECT writes + - xfs: don't zero partial page cache pages during O_DIRECT reads + - libceph: set last_piece in ceph_msg_data_pages_cursor_init() correctly + - libceph: gracefully handle large reply messages from the mon + - libceph: do not hard code max auth ticket len (CVE-2014-6416, + CVE-2014-6417, CVE-2014-6418) + - CIFS: Fix async reading on reconnects + - CIFS: Possible null ptr deref in SMB2_tcon + - CIFS: Fix wrong directory attributes after rename + - mtd/ftl: fix the double free of the buffers allocated in build_maps() + - mtd: nand: omap: Fix 1-bit Hamming code scheme, omap_calculate_ecc() + - dm table: propagate QUEUE_FLAG_NO_SG_MERGE (regression in 3.16) + - KEYS: Fix use-after-free in assoc_array_gc() + - KEYS: Fix termination condition in assoc array garbage collection + (CVE-2014-3631) + + [ Ben Hutchings ] + * sfc: Adding PCI ID for Solarflare 7000 series 40G network adapter. + * sfc: Add 40G link capability decoding + * Bump ABI to 2 (Closes: #761874) + * ata: Enable SATA_ZPODD + * tracing: Enable TRACER_SNAPSHOT + * Add memfd_create() and shared memory sealing (Closes: #760702): + - mm: allow drivers to prevent new writable mappings + - shm: add sealing API + - shm: add memfd_create() syscall + - shm: wait for pins to be released when sealing + - mm: Add memfd_create() system call + - [arm*,m68k,mips*,powerpc*,s390*,sparc*] Wire up memfd_create() + * udeb: Add ccm, ctr to crypto-modules (Closes: #761902) + * [armhf] udeb: Add ehci-platform, ohci-platform and phy-sun4i-usb to + usb-modules (Closes: #761591) + + [ Ian Campbell ] + * [armhf] Enable support for Exynos5 systems. (Closes: #759291) + * [arm64] Enable crypto accelerator modules + * [arm64] Add cdrom-core-modules udeb + + [ Aurelien Jarno ] + * [powerpc/powerpc64,ppc64el] Backport more KVM patches from 3.17. Enable + KVM_BOOK3S_64, KVM_BOOK3S_64_HV, KVM_BOOK3S_64_PR and KVM_XICS. (Closes: + #761656). + + -- Ben Hutchings Thu, 18 Sep 2014 03:32:47 +0100 + linux (3.16.2-3) unstable; urgency=medium [ Ben Hutchings ] diff --git a/debian/config/alpha/config b/debian/config/alpha/config index 1c77b3daa..6e94a000d 100644 --- a/debian/config/alpha/config +++ b/debian/config/alpha/config @@ -415,14 +415,11 @@ CONFIG_MMC_BLOCK=m ## ## file: drivers/mtd/Kconfig ## -CONFIG_MTD=m CONFIG_MTD_REDBOOT_PARTS=y CONFIG_MTD_REDBOOT_DIRECTORY_BLOCK=-1 CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED=y CONFIG_MTD_REDBOOT_PARTS_READONLY=y CONFIG_MTD_CMDLINE_PARTS=y -CONFIG_MTD_BLOCK=m -CONFIG_MTD_BLOCK_RO=m CONFIG_FTL=m CONFIG_NFTL=m CONFIG_NFTL_RW=y diff --git a/debian/config/amd64/defines b/debian/config/amd64/defines index ffb24dfdd..45cd4013f 100644 --- a/debian/config/amd64/defines +++ b/debian/config/amd64/defines @@ -1,7 +1,3 @@ -[abi] -ignore-changes: - module:arch/x86/kvm/* - [base] featuresets: none @@ -13,7 +9,7 @@ debug-info: true image-file: arch/x86/boot/bzImage [image] -bootloaders: grub-pc extlinux lilo +bootloaders: grub-pc grub-efi extlinux configs: install-stem: vmlinuz diff --git a/debian/config/arm64/config b/debian/config/arm64/config index 49211b1bd..9eb461960 100644 --- a/debian/config/arm64/config +++ b/debian/config/arm64/config @@ -7,6 +7,18 @@ CONFIG_SMP=y CONFIG_XEN=y CONFIG_COMPAT=y +## +## file: arch/arm64/crypto/Kconfig +## +CONFIG_ARM64_CRYPTO=y +CONFIG_CRYPTO_SHA1_ARM64_CE=m +CONFIG_CRYPTO_SHA2_ARM64_CE=m +CONFIG_CRYPTO_GHASH_ARM64_CE=m +CONFIG_CRYPTO_AES_ARM64_CE=m +CONFIG_CRYPTO_AES_ARM64_CE_CCM=m +CONFIG_CRYPTO_AES_ARM64_CE_BLK=m +# CONFIG_CRYPTO_AES_ARM64_NEON_BLK is not set + ## ## file: drivers/ata/Kconfig ## @@ -76,8 +88,8 @@ CONFIG_POWER_RESET_XGENE=y ## ## file: drivers/rtc/Kconfig ## -CONFIG_RTC_DRV_PL031=m -CONFIG_RTC_DRV_XGENE=m +CONFIG_RTC_DRV_PL031=y +CONFIG_RTC_DRV_XGENE=y ## ## file: drivers/tty/serial/Kconfig @@ -101,6 +113,14 @@ CONFIG_SERIAL_8250_RUNTIME_UARTS=4 CONFIG_SERIAL_8250_DW=y # CONFIG_SERIAL_8250_EM is not set +## +## file: drivers/usb/host/Kconfig +## +CONFIG_USB_EHCI_HCD=m +CONFIG_USB_EHCI_HCD_PLATFORM=m +CONFIG_USB_OHCI_HCD=m +CONFIG_USB_OHCI_HCD_PLATFORM=m + ## ## file: drivers/virtio/Kconfig ## diff --git a/debian/config/armel/config.kirkwood b/debian/config/armel/config.kirkwood index dc504a520..dc02c4579 100644 --- a/debian/config/armel/config.kirkwood +++ b/debian/config/armel/config.kirkwood @@ -49,6 +49,11 @@ CONFIG_ARM_THUMB=y # CONFIG_CPU_DCACHE_DISABLE is not set # CONFIG_CPU_DCACHE_WRITETHROUGH is not set +## +## file: block/Kconfig.iosched +## +CONFIG_IOSCHED_DEADLINE=m + ## ## file: block/partitions/Kconfig ## @@ -168,6 +173,11 @@ CONFIG_GPIO_SYSFS=y ## # CONFIG_DRM is not set +## +## file: drivers/gpu/vga/Kconfig +## +# CONFIG_VGA_ARB is not set + ## ## file: drivers/hwmon/Kconfig ## diff --git a/debian/config/armhf/config.armmp b/debian/config/armhf/config.armmp index e3610cba1..fc7b72b2f 100644 --- a/debian/config/armhf/config.armmp +++ b/debian/config/armhf/config.armmp @@ -26,6 +26,14 @@ CONFIG_NEON=y #. DEBUG_LL is incompatible with multiplatform # CONFIG_DEBUG_LL is not set +## +## file: arch/arm/mach-exynos/Kconfig +## +CONFIG_ARCH_EXYNOS=y +# CONFIG_ARCH_EXYNOS3 is not set +# CONFIG_ARCH_EXYNOS4 is not set +CONFIG_ARCH_EXYNOS5=y + ## ## file: arch/arm/mach-highbank/Kconfig ## @@ -132,6 +140,7 @@ CONFIG_HW_RANDOM_OMAP=m ## file: drivers/clk/Kconfig ## CONFIG_CLK_TWL6040=m +CONFIG_COMMON_CLK_S2MPS11=m ## ## file: drivers/cpufreq/Kconfig @@ -172,6 +181,7 @@ CONFIG_TI_CPPI41=m CONFIG_GPIO_SYSFS=y CONFIG_GPIO_DA9052=m CONFIG_GPIO_GENERIC_PLATFORM=m +CONFIG_GPIO_PCA953X=m CONFIG_GPIO_TWL4030=y CONFIG_GPIO_TWL6040=y @@ -185,6 +195,11 @@ CONFIG_DRM=m ## CONFIG_DRM_I2C_NXP_TDA998X=m +## +## file: drivers/gpu/drm/omapdrm/Kconfig +## +CONFIG_DRM_OMAP=m + ## ## file: drivers/gpu/drm/tilcdc/Kconfig ## @@ -195,6 +210,11 @@ CONFIG_DRM_TILCDC=m ## CONFIG_IMX_IPUV3_CORE=m +## +## file: drivers/hwmon/Kconfig +## +CONFIG_SENSORS_G762=m + ## ## file: drivers/hwspinlock/Kconfig ## @@ -208,12 +228,19 @@ CONFIG_I2C_CHARDEV=m ## ## file: drivers/i2c/busses/Kconfig ## +CONFIG_I2C_EXYNOS5=m CONFIG_I2C_GPIO=y CONFIG_I2C_IMX=m CONFIG_I2C_MV64XXX=m CONFIG_I2C_OMAP=y +CONFIG_I2C_S3C2410=y CONFIG_I2C_VERSATILE=m +## +## file: drivers/i2c/muxes/Kconfig +## +CONFIG_I2C_ARB_GPIO_CHALLENGE=m + ## ## file: drivers/iio/Kconfig ## @@ -223,6 +250,7 @@ CONFIG_IIO=m ## file: drivers/iio/adc/Kconfig ## CONFIG_TI_AM335X_ADC=m +CONFIG_TWL4030_MADC=m ## ## file: drivers/iio/light/Kconfig @@ -272,6 +300,7 @@ CONFIG_LEDS_CLASS=y CONFIG_LEDS_GPIO=m CONFIG_LEDS_LP5523=m CONFIG_LEDS_DA9052=m +CONFIG_LEDS_PWM=m ## ## file: drivers/leds/trigger/Kconfig @@ -324,6 +353,7 @@ CONFIG_MFD_DA9052_SPI=y CONFIG_MFD_DA9052_I2C=y CONFIG_MFD_MC13XXX_SPI=m CONFIG_MFD_MC13XXX_I2C=m +CONFIG_MFD_SEC_CORE=y CONFIG_MFD_TI_AM335X_TSCADC=m CONFIG_TWL6040_CORE=y @@ -346,6 +376,8 @@ CONFIG_MMC=y ## file: drivers/mmc/host/Kconfig ## CONFIG_MMC_ARMMMCI=m +CONFIG_MMC_DW=m +CONFIG_MMC_DW_EXYNOS=m CONFIG_MMC_SDHCI=m CONFIG_MMC_SDHCI_PLTFM=m CONFIG_MMC_SDHCI_ESDHC_IMX=m @@ -366,6 +398,7 @@ CONFIG_MTD=y ## CONFIG_MTD_NAND=y CONFIG_MTD_NAND_OMAP2=m +CONFIG_MTD_NAND_PXA3xx=m CONFIG_MTD_NAND_GPMI_NAND=m CONFIG_MTD_NAND_ORION=m CONFIG_MTD_NAND_MXC=m @@ -529,6 +562,11 @@ CONFIG_WL18XX=m CONFIG_WLCORE_SPI=m CONFIG_WLCORE_SDIO=m +## +## file: drivers/pci/host/Kconfig +## +CONFIG_PCI_MVEBU=y + ## ## file: drivers/phy/Kconfig ## @@ -536,7 +574,11 @@ CONFIG_OMAP_CONTROL_PHY=m CONFIG_OMAP_USB2=m CONFIG_TI_PIPE3=m CONFIG_TWL4030_USB=m +CONFIG_PHY_EXYNOS5250_SATA=m CONFIG_PHY_SUN4I_USB=m +CONFIG_PHY_SAMSUNG_USB2=m +CONFIG_PHY_EXYNOS5250_USB2=y +CONFIG_PHY_EXYNOS5_USBDRD=m ## ## file: drivers/pinctrl/Kconfig @@ -551,6 +593,7 @@ CONFIG_PINCTRL_WM8850=y ## ## file: drivers/power/Kconfig ## +CONFIG_CHARGER_BQ2415X=m CONFIG_BATTERY_BQ27x00=m CONFIG_CHARGER_ISP1704=m @@ -580,22 +623,29 @@ CONFIG_REGULATOR_ANATOP=m CONFIG_REGULATOR_DA9052=m CONFIG_REGULATOR_MC13783=m CONFIG_REGULATOR_MC13892=m +CONFIG_REGULATOR_S2MPA01=m +CONFIG_REGULATOR_S2MPS11=m +CONFIG_REGULATOR_S5M8767=m CONFIG_REGULATOR_TWL4030=y CONFIG_REGULATOR_VEXPRESS=m ## ## file: drivers/rtc/Kconfig ## -CONFIG_RTC_DRV_DA9052=m -CONFIG_RTC_DRV_IMXDI=m -CONFIG_RTC_DRV_OMAP=m -CONFIG_RTC_DRV_PL030=m -CONFIG_RTC_DRV_PL031=m -CONFIG_RTC_DRV_VT8500=m -CONFIG_RTC_DRV_SUNXI=m -CONFIG_RTC_DRV_MV=m -CONFIG_RTC_DRV_MC13XXX=m -CONFIG_RTC_DRV_MXC=m +CONFIG_RTC_DRV_ISL12057=y +CONFIG_RTC_DRV_DA9052=y +CONFIG_RTC_DRV_IMXDI=y +CONFIG_RTC_DRV_OMAP=y +CONFIG_RTC_DRV_PL030=y +CONFIG_RTC_DRV_PL031=y +CONFIG_RTC_DRV_VT8500=y +CONFIG_RTC_DRV_S5M=y +CONFIG_RTC_DRV_SUNXI=y +CONFIG_RTC_DRV_TWL4030=y +CONFIG_RTC_DRV_MV=y +CONFIG_RTC_DRV_MC13XXX=y +CONFIG_RTC_DRV_MXC=y +CONFIG_RTC_DRV_SNVS=y ## ## file: drivers/scsi/Kconfig @@ -615,6 +665,22 @@ CONFIG_SPI_PL022=m CONFIG_SPI_SUN6I=m CONFIG_SPI_SPIDEV=y +## +## file: drivers/hsi/Kconfig +## +CONFIG_HSI=m + +## +## file: drivers/hsi/controllers/Kconfig +## +CONFIG_OMAP_SSI=m + +## +## file: drivers/hsi/clients/Kconfig +## +CONFIG_NOKIA_MODEM=m +CONFIG_SSI_PROTOCOL=m + ## ## file: drivers/staging/iio/accel/Kconfig ## @@ -658,6 +724,8 @@ CONFIG_SERIAL_OMAP_CONSOLE=y CONFIG_SERIAL_ARC=y CONFIG_SERIAL_ARC_CONSOLE=y CONFIG_SERIAL_ARC_NR_PORTS=1 +CONFIG_SERIAL_SAMSUNG=y +CONFIG_SERIAL_SAMSUNG_CONSOLE=y ## ## file: drivers/tty/serial/8250/Kconfig @@ -685,6 +753,14 @@ CONFIG_USB_CHIPIDEA_UDC=y CONFIG_USB_CHIPIDEA_HOST=y CONFIG_USB_CHIPIDEA_DEBUG=y +## +## file: drivers/usb/dwc3/Kconfig +## +CONFIG_USB_DWC3=m +CONFIG_USB_DWC3_HOST=y +CONFIG_USB_DWC3_EXYNOS=m +# CONFIG_USB_DWC3_PCI is not set + ## ## file: drivers/usb/gadget/Kconfig ## @@ -700,13 +776,20 @@ CONFIG_USB_G_NOKIA=m ## file: drivers/usb/host/Kconfig ## CONFIG_USB_EHCI_HCD=m +CONFIG_USB_EHCI_EXYNOS=m CONFIG_USB_EHCI_MXC=m CONFIG_USB_EHCI_HCD_OMAP=y CONFIG_USB_EHCI_HCD_PLATFORM=m CONFIG_USB_OHCI_HCD=m +CONFIG_USB_OHCI_EXYNOS=m CONFIG_USB_OHCI_HCD_OMAP3=y CONFIG_USB_OHCI_HCD_PLATFORM=m +## +## file: drivers/usb/misc/Kconfig +## +CONFIG_USB_HSIC_USB3503=m + ## ## file: drivers/usb/musb/Kconfig ## @@ -748,6 +831,11 @@ CONFIG_OMAP2_DSS_VENC=y CONFIG_OMAP4_DSS_HDMI=y CONFIG_OMAP2_DSS_SDI=y +## +## file: drivers/video/fbdev/omap2/displays-new/Kconfig +## +CONFIG_DISPLAY_PANEL_SONY_ACX565AKM=m + ## ## file: drivers/video/fbdev/omap2/omapfb/Kconfig ## @@ -764,6 +852,7 @@ CONFIG_VIRTIO_MMIO=m CONFIG_DA9052_WATCHDOG=m CONFIG_ARM_SP805_WATCHDOG=m CONFIG_OMAP_WATCHDOG=m +CONFIG_ORION_WATCHDOG=m CONFIG_SUNXI_WATCHDOG=m CONFIG_TWL4030_WATCHDOG=m CONFIG_IMX2_WDT=m diff --git a/debian/config/config b/debian/config/config index 379bd6b88..12e42292a 100644 --- a/debian/config/config +++ b/debian/config/config @@ -146,8 +146,7 @@ CONFIG_ACPI_INITRD_TABLE_OVERRIDE=y CONFIG_ATA=m CONFIG_ATA_VERBOSE_ERROR=y CONFIG_ATA_ACPI=y -#. TODO: Enable at next ABI bump -# CONFIG_SATA_ZPODD is not set +CONFIG_SATA_ZPODD=y CONFIG_SATA_PMP=y CONFIG_SATA_AHCI=m # CONFIG_SATA_AHCI_PLATFORM is not set @@ -2190,7 +2189,7 @@ CONFIG_SENSORS_LIS3_I2C=m ## ## file: drivers/mmc/card/Kconfig ## -CONFIG_MMC_BLOCK_MINORS=8 +CONFIG_MMC_BLOCK_MINORS=256 CONFIG_MMC_BLOCK_BOUNCE=y CONFIG_SDIO_UART=m # CONFIG_MMC_TEST is not set @@ -2222,6 +2221,9 @@ CONFIG_MMC_REALTEK_USB=m ## ## file: drivers/mtd/Kconfig ## +CONFIG_MTD=m +CONFIG_MTD_BLOCK=m +CONFIG_MTD_BLOCK_RO=m # CONFIG_MTD_TESTS is not set CONFIG_MTD_AR7_PARTS=m CONFIG_RFD_FTL=m @@ -5115,8 +5117,7 @@ CONFIG_FUNCTION_GRAPH_TRACER=y # CONFIG_IRQSOFF_TRACER is not set # CONFIG_SCHED_TRACER is not set CONFIG_FTRACE_SYSCALLS=y -#. TODO: Enable at next ABI bump -# CONFIG_TRACER_SNAPSHOT is not set +CONFIG_TRACER_SNAPSHOT=y ## choice: Branch Profiling CONFIG_BRANCH_PROFILE_NONE=y # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set diff --git a/debian/config/defines b/debian/config/defines index 25e1150ba..75a226cdd 100644 --- a/debian/config/defines +++ b/debian/config/defines @@ -1,5 +1,5 @@ [abi] -abiname: 1 +abiname: 4 [base] arches: diff --git a/debian/config/hppa/config b/debian/config/hppa/config index 6803b1338..d3aaa7f6c 100644 --- a/debian/config/hppa/config +++ b/debian/config/hppa/config @@ -592,12 +592,6 @@ CONFIG_FLATMEM_MANUAL=y ## # CONFIG_HAMRADIO is not set -## -## file: net/bluetooth/Kconfig -## -#. TODO -# CONFIG_BT is not set - ## ## file: net/decnet/Kconfig ## diff --git a/debian/config/i386/config.486 b/debian/config/i386/config.586 similarity index 99% rename from debian/config/i386/config.486 rename to debian/config/i386/config.586 index 4b62dfcb1..9b8527684 100644 --- a/debian/config/i386/config.486 +++ b/debian/config/i386/config.586 @@ -18,7 +18,7 @@ CONFIG_OLPC_XO15_SCI=y ## file: arch/x86/Kconfig.cpu ## ## choice: Processor family -CONFIG_M486=y +CONFIG_M586TSC=y # CONFIG_M686 is not set ## end choice diff --git a/debian/config/i386/defines b/debian/config/i386/defines index a0ea566e7..d5ee7e051 100644 --- a/debian/config/i386/defines +++ b/debian/config/i386/defines @@ -1,7 +1,3 @@ -[abi] -ignore-changes: - module:arch/x86/kvm/* - [base] featuresets: none @@ -18,22 +14,22 @@ part-long-pae: This kernel requires PAE (Physical Address Extension). Turion or Phenom; Transmeta Efficeon; VIA C7; and some other processors. [image] -bootloaders: grub-pc extlinux lilo +bootloaders: grub-pc extlinux configs: install-stem: vmlinuz [relations] headers%gcc-4.8: linux-compiler-gcc-4.8-x86 -[486_description] +[586_description] hardware: older PCs hardware-long: PCs with a single processor not supporting PAE parts: up -[486_image] +[586_image] configs: kernelarch-x86/config-arch-32 - i386/config.486 + i386/config.586 [686-pae_build] debug-info: true diff --git a/debian/config/i386/none/defines b/debian/config/i386/none/defines index b32c5a48f..0af5a1d90 100644 --- a/debian/config/i386/none/defines +++ b/debian/config/i386/none/defines @@ -1,6 +1,6 @@ [base] flavours: - 486 + 586 686-pae amd64 diff --git a/debian/config/kernelarch-mips/config.4kc-malta b/debian/config/kernelarch-mips/config.4kc-malta index aacee7d62..1b7173637 100644 --- a/debian/config/kernelarch-mips/config.4kc-malta +++ b/debian/config/kernelarch-mips/config.4kc-malta @@ -186,10 +186,7 @@ CONFIG_MMC_BLOCK=m ## ## file: drivers/mtd/Kconfig ## -CONFIG_MTD=m CONFIG_MTD_REDBOOT_PARTS=y -CONFIG_MTD_BLOCK=m -CONFIG_MTD_BLOCK_RO=m CONFIG_FTL=m CONFIG_NFTL=m CONFIG_NFTL_RW=y diff --git a/debian/config/kernelarch-mips/config.5kc-malta b/debian/config/kernelarch-mips/config.5kc-malta index 52c525f68..79947a589 100644 --- a/debian/config/kernelarch-mips/config.5kc-malta +++ b/debian/config/kernelarch-mips/config.5kc-malta @@ -189,10 +189,7 @@ CONFIG_MMC_BLOCK=m ## ## file: drivers/mtd/Kconfig ## -CONFIG_MTD=m CONFIG_MTD_REDBOOT_PARTS=y -CONFIG_MTD_BLOCK=m -CONFIG_MTD_BLOCK_RO=m CONFIG_FTL=m CONFIG_NFTL=m CONFIG_NFTL_RW=y diff --git a/debian/config/kernelarch-mips/config.octeon b/debian/config/kernelarch-mips/config.octeon index 6f97995f0..a78fd223f 100644 --- a/debian/config/kernelarch-mips/config.octeon +++ b/debian/config/kernelarch-mips/config.octeon @@ -53,13 +53,18 @@ CONFIG_I2C_OCTEON=y ## file: drivers/input/keyboard/Kconfig ## CONFIG_INPUT_KEYBOARD=y -CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_ATKBD is not set ## ## file: drivers/input/mouse/Kconfig ## CONFIG_INPUT_MOUSE=y -CONFIG_MOUSE_PS2=y +# CONFIG_MOUSE_PS2 is not set + +## +## file: drivers/input/serio/Kconfig +## +# CONFIG_SERIO_I8042 is not set ## ## file: drivers/input/touchscreen/Kconfig @@ -104,6 +109,11 @@ CONFIG_RTC_DRV_DS1307=y ## CONFIG_OCTEON_ETHERNET=y +## +## file: drivers/staging/octeon-usb/Kconfig +## +CONFIG_OCTEON_USB=y + ## ## file: drivers/tty/serial/8250/Kconfig ## @@ -111,6 +121,15 @@ CONFIG_SERIAL_8250=y CONFIG_SERIAL_8250_CONSOLE=y CONFIG_SERIAL_8250_NR_UARTS=2 CONFIG_SERIAL_8250_RUNTIME_UARTS=2 +CONFIG_SERIAL_8250_DW=y + +## +## file: drivers/usb/host/Kconfig +## +CONFIG_USB_EHCI_HCD=m +CONFIG_USB_OCTEON_EHCI=y +CONFIG_USB_OCTEON_OHCI=y +CONFIG_USB_OHCI_HCD=m ## ## file: kernel/power/Kconfig diff --git a/debian/config/kernelarch-mips/config.r4k-ip22 b/debian/config/kernelarch-mips/config.r4k-ip22 index f9071d417..9425d1fb3 100644 --- a/debian/config/kernelarch-mips/config.r4k-ip22 +++ b/debian/config/kernelarch-mips/config.r4k-ip22 @@ -150,11 +150,6 @@ CONFIG_FB=y ## CONFIG_INDYDOG=m -## -## file: net/bluetooth/Kconfig -## -# CONFIG_BT is not set - ## ## file: sound/mips/Kconfig ## diff --git a/debian/config/kernelarch-powerpc/config b/debian/config/kernelarch-powerpc/config index a70cb0d50..92d5e98bf 100644 --- a/debian/config/kernelarch-powerpc/config +++ b/debian/config/kernelarch-powerpc/config @@ -808,34 +808,31 @@ CONFIG_FB_CIRRUS=m # CONFIG_FB_PM2 is not set # CONFIG_FB_CYBER2000 is not set CONFIG_FB_OF=y -CONFIG_FB_CT65550=y # CONFIG_FB_ASILIANT is not set # CONFIG_FB_VGA16 is not set CONFIG_FB_S1D13XXX=m -CONFIG_FB_MATROX=y +CONFIG_FB_MATROX=m CONFIG_FB_MATROX_MILLENIUM=y CONFIG_FB_MATROX_MYSTIQUE=y CONFIG_FB_MATROX_G=y CONFIG_FB_MATROX_I2C=m CONFIG_FB_MATROX_MAVEN=m -CONFIG_FB_RADEON=y +CONFIG_FB_RADEON=m CONFIG_FB_RADEON_I2C=y # CONFIG_FB_RADEON_DEBUG is not set -CONFIG_FB_ATY128=y -CONFIG_FB_ATY=y +CONFIG_FB_ATY=m CONFIG_FB_ATY_CT=y CONFIG_FB_ATY_GENERIC_LCD=y CONFIG_FB_ATY_GX=y CONFIG_FB_SAVAGE=m CONFIG_FB_SAVAGE_I2C=y CONFIG_FB_SAVAGE_ACCEL=y -CONFIG_FB_SIS=y +CONFIG_FB_SIS=m CONFIG_FB_SIS_300=y CONFIG_FB_SIS_315=y CONFIG_FB_NEOMAGIC=m CONFIG_FB_KYRO=m -CONFIG_FB_3DFX=y -CONFIG_FB_VOODOO1=y +CONFIG_FB_VOODOO1=m CONFIG_FB_TRIDENT=m CONFIG_FB_IBM_GXT4500=m # CONFIG_FB_VIRTUAL is not set diff --git a/debian/config/kernelarch-powerpc/config-arch-64 b/debian/config/kernelarch-powerpc/config-arch-64 index d7ae6ec81..2d524df40 100644 --- a/debian/config/kernelarch-powerpc/config-arch-64 +++ b/debian/config/kernelarch-powerpc/config-arch-64 @@ -9,9 +9,16 @@ CONFIG_NUMA=y CONFIG_PPC_64K_PAGES=y ## end choice CONFIG_SCHED_SMT=y -CONFIG_CMDLINE="console=hvsi0 console=hvc0 console=ttyS0,9600 console=tty0" CONFIG_KERNEL_START=0xc000000000000000 +## +## file: arch/powerpc/kvm/Kconfig +## +CONFIG_KVM_BOOK3S_64=m +CONFIG_KVM_BOOK3S_64_HV=m +CONFIG_KVM_BOOK3S_64_PR=m +CONFIG_KVM_XICS=y + ## ## file: arch/powerpc/platforms/Kconfig ## @@ -107,11 +114,7 @@ CONFIG_HVCS=m ## ## file: drivers/video/fbdev/Kconfig ## -# CONFIG_FB_CONTROL is not set -# CONFIG_FB_PLATINUM is not set -# CONFIG_FB_VALKYRIE is not set # CONFIG_FB_IMSTT is not set -# CONFIG_FB_ATY128 is not set ## ## file: drivers/watchdog/Kconfig diff --git a/debian/config/kernelarch-powerpc/config-arch-64-be b/debian/config/kernelarch-powerpc/config-arch-64-be index b662db0d5..7210101f1 100644 --- a/debian/config/kernelarch-powerpc/config-arch-64-be +++ b/debian/config/kernelarch-powerpc/config-arch-64-be @@ -1,3 +1,8 @@ +## +## file: arch/powerpc/Kconfig +## +CONFIG_CMDLINE="console=hvsi0 console=hvc0 console=ttyS0,9600 console=tty0" + ## ## file: arch/powerpc/platforms/cell/Kconfig ## diff --git a/debian/config/kernelarch-powerpc/config-arch-64-le b/debian/config/kernelarch-powerpc/config-arch-64-le index dbe0a4183..be64aa451 100644 --- a/debian/config/kernelarch-powerpc/config-arch-64-le +++ b/debian/config/kernelarch-powerpc/config-arch-64-le @@ -1,3 +1,8 @@ +## +## file: arch/powerpc/Kconfig +## +# CONFIG_CMDLINE_BOOL is not set + ## ## file: arch/powerpc/platforms/Kconfig.cputype ## diff --git a/debian/config/kernelarch-sparc/config b/debian/config/kernelarch-sparc/config index 4cedfef96..ef3176d86 100644 --- a/debian/config/kernelarch-sparc/config +++ b/debian/config/kernelarch-sparc/config @@ -558,11 +558,6 @@ CONFIG_SPARSEMEM_MANUAL=y ## # CONFIG_HAMRADIO is not set -## -## file: net/bluetooth/Kconfig -## -# CONFIG_BT is not set - ## ## file: net/decnet/Kconfig ## diff --git a/debian/config/kernelarch-x86/config b/debian/config/kernelarch-x86/config index 021788b1e..b85540e33 100644 --- a/debian/config/kernelarch-x86/config +++ b/debian/config/kernelarch-x86/config @@ -799,14 +799,11 @@ CONFIG_MMC_SDHCI_ACPI=m ## ## file: drivers/mtd/Kconfig ## -CONFIG_MTD=m CONFIG_MTD_REDBOOT_PARTS=y CONFIG_MTD_REDBOOT_DIRECTORY_BLOCK=-1 # CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED is not set # CONFIG_MTD_REDBOOT_PARTS_READONLY is not set # CONFIG_MTD_CMDLINE_PARTS is not set -CONFIG_MTD_BLOCK=m -CONFIG_MTD_BLOCK_RO=m CONFIG_FTL=m CONFIG_NFTL=m CONFIG_NFTL_RW=y diff --git a/debian/config/m68k/config b/debian/config/m68k/config index 3cbb43d34..4face7868 100644 --- a/debian/config/m68k/config +++ b/debian/config/m68k/config @@ -780,11 +780,6 @@ CONFIG_HZ_PERIODIC=y ## # CONFIG_BATMAN_ADV is not set -## -## file: net/bluetooth/Kconfig -## -# CONFIG_BT is not set - ## ## file: net/can/Kconfig ## diff --git a/debian/config/powerpc/config.powerpc b/debian/config/powerpc/config.powerpc index 5d48b574d..c5897951c 100644 --- a/debian/config/powerpc/config.powerpc +++ b/debian/config/powerpc/config.powerpc @@ -88,7 +88,15 @@ CONFIG_SERIAL_MPC52xx_CONSOLE_BAUD=115200 CONFIG_FB_CONTROL=y CONFIG_FB_PLATINUM=y CONFIG_FB_VALKYRIE=y +CONFIG_FB_CT65550=y CONFIG_FB_IMSTT=y +CONFIG_FB_MATROX=y +CONFIG_FB_RADEON=y +CONFIG_FB_ATY128=y +CONFIG_FB_ATY=y +CONFIG_FB_SIS=y +CONFIG_FB_3DFX=y +CONFIG_FB_VOODOO1=y ## ## file: init/Kconfig diff --git a/debian/installer/arm64/modules/arm64/cdrom-core-modules b/debian/installer/arm64/modules/arm64/cdrom-core-modules new file mode 100644 index 000000000..e264d7aa3 --- /dev/null +++ b/debian/installer/arm64/modules/arm64/cdrom-core-modules @@ -0,0 +1,2 @@ +#include + diff --git a/debian/installer/armhf/modules/armhf-armmp/mmc-modules b/debian/installer/armhf/modules/armhf-armmp/mmc-modules index 4ca43bd0c..5718bd2e0 100644 --- a/debian/installer/armhf/modules/armhf-armmp/mmc-modules +++ b/debian/installer/armhf/modules/armhf-armmp/mmc-modules @@ -3,3 +3,4 @@ sdhci-esdhc-imx mmci omap_hsmmc sunxi-mmc +dw_mmc-exynos diff --git a/debian/installer/armhf/modules/armhf-armmp/mtd-modules b/debian/installer/armhf/modules/armhf-armmp/mtd-modules new file mode 100644 index 000000000..7370cda4e --- /dev/null +++ b/debian/installer/armhf/modules/armhf-armmp/mtd-modules @@ -0,0 +1,3 @@ +#include +mxc_nand +pxa3xx_nand diff --git a/debian/installer/armhf/modules/armhf-armmp/sata-modules b/debian/installer/armhf/modules/armhf-armmp/sata-modules index cc7f38160..f99de0ece 100644 --- a/debian/installer/armhf/modules/armhf-armmp/sata-modules +++ b/debian/installer/armhf/modules/armhf-armmp/sata-modules @@ -3,4 +3,4 @@ ahci_platform ahci_imx ahci_sunxi sata_highbank - +phy-exynos5250-sata diff --git a/debian/installer/armhf/modules/armhf-armmp/usb-modules b/debian/installer/armhf/modules/armhf-armmp/usb-modules index c598dedd8..c0f4e1be9 100644 --- a/debian/installer/armhf/modules/armhf-armmp/usb-modules +++ b/debian/installer/armhf/modules/armhf-armmp/usb-modules @@ -1 +1,7 @@ #include +phy-sun4i-usb +dwc3-exynos +ohci-exynos +ehci-exynos +phy-exynos-usb2 +ci_hdrc_imx diff --git a/debian/installer/hppa/modules/hppa-parisc64-smp/ata-modules b/debian/installer/hppa/modules/hppa-parisc64-smp/ata-modules new file mode 100644 index 000000000..08f295ad2 --- /dev/null +++ b/debian/installer/hppa/modules/hppa-parisc64-smp/ata-modules @@ -0,0 +1 @@ +#include "../hppa/ata-modules" diff --git a/debian/installer/hppa/modules/hppa-parisc64-smp/crc-modules b/debian/installer/hppa/modules/hppa-parisc64-smp/crc-modules new file mode 100644 index 000000000..f75e86b30 --- /dev/null +++ b/debian/installer/hppa/modules/hppa-parisc64-smp/crc-modules @@ -0,0 +1 @@ +#include "../hppa/crc-modules" diff --git a/debian/installer/hppa/modules/hppa-parisc64-smp/event-modules b/debian/installer/hppa/modules/hppa-parisc64-smp/event-modules new file mode 100644 index 000000000..1a5cbb04a --- /dev/null +++ b/debian/installer/hppa/modules/hppa-parisc64-smp/event-modules @@ -0,0 +1 @@ +#include "../hppa/event-modules" diff --git a/debian/installer/hppa/modules/hppa-parisc64-smp/isofs-modules b/debian/installer/hppa/modules/hppa-parisc64-smp/isofs-modules new file mode 100644 index 000000000..9e8e2dfb1 --- /dev/null +++ b/debian/installer/hppa/modules/hppa-parisc64-smp/isofs-modules @@ -0,0 +1 @@ +#include "../hppa/isofs-modules" diff --git a/debian/installer/hppa/modules/hppa-parisc64-smp/jfs-modules b/debian/installer/hppa/modules/hppa-parisc64-smp/jfs-modules new file mode 100644 index 000000000..a3b6beb7d --- /dev/null +++ b/debian/installer/hppa/modules/hppa-parisc64-smp/jfs-modules @@ -0,0 +1 @@ +#include "../hppa/jfs-modules" diff --git a/debian/installer/hppa/modules/hppa-parisc64-smp/mouse-modules b/debian/installer/hppa/modules/hppa-parisc64-smp/mouse-modules new file mode 100644 index 000000000..f9edf83b0 --- /dev/null +++ b/debian/installer/hppa/modules/hppa-parisc64-smp/mouse-modules @@ -0,0 +1 @@ +#include "../hppa/mouse-modules" diff --git a/debian/installer/hppa/modules/hppa-parisc64-smp/nic-shared-modules b/debian/installer/hppa/modules/hppa-parisc64-smp/nic-shared-modules new file mode 100644 index 000000000..fd0b19c80 --- /dev/null +++ b/debian/installer/hppa/modules/hppa-parisc64-smp/nic-shared-modules @@ -0,0 +1 @@ +#include "../hppa/nic-shared-modules" diff --git a/debian/installer/hppa/modules/hppa-parisc64-smp/nic-usb-modules b/debian/installer/hppa/modules/hppa-parisc64-smp/nic-usb-modules new file mode 100644 index 000000000..261192d2e --- /dev/null +++ b/debian/installer/hppa/modules/hppa-parisc64-smp/nic-usb-modules @@ -0,0 +1 @@ +#include "../hppa/nic-usb-modules" diff --git a/debian/installer/hppa/modules/hppa-parisc64-smp/sata-modules b/debian/installer/hppa/modules/hppa-parisc64-smp/sata-modules new file mode 100644 index 000000000..a2ebc2983 --- /dev/null +++ b/debian/installer/hppa/modules/hppa-parisc64-smp/sata-modules @@ -0,0 +1 @@ +#include "../hppa/sata-modules" diff --git a/debian/installer/hppa/modules/hppa-parisc64-smp/scsi-common-modules b/debian/installer/hppa/modules/hppa-parisc64-smp/scsi-common-modules new file mode 100644 index 000000000..933392840 --- /dev/null +++ b/debian/installer/hppa/modules/hppa-parisc64-smp/scsi-common-modules @@ -0,0 +1 @@ +#include "../hppa/scsi-common-modules" diff --git a/debian/installer/hppa/modules/hppa-parisc64-smp/serial-modules b/debian/installer/hppa/modules/hppa-parisc64-smp/serial-modules new file mode 100644 index 000000000..a84a550e8 --- /dev/null +++ b/debian/installer/hppa/modules/hppa-parisc64-smp/serial-modules @@ -0,0 +1 @@ +#include "../hppa/serial-modules" diff --git a/debian/installer/hppa/modules/hppa-parisc64-smp/squashfs-modules b/debian/installer/hppa/modules/hppa-parisc64-smp/squashfs-modules new file mode 100644 index 000000000..f0c79aa4e --- /dev/null +++ b/debian/installer/hppa/modules/hppa-parisc64-smp/squashfs-modules @@ -0,0 +1 @@ +#include "../hppa/squashfs-modules" diff --git a/debian/installer/hppa/modules/hppa-parisc64-smp/usb-serial-modules b/debian/installer/hppa/modules/hppa-parisc64-smp/usb-serial-modules new file mode 100644 index 000000000..1dd05036f --- /dev/null +++ b/debian/installer/hppa/modules/hppa-parisc64-smp/usb-serial-modules @@ -0,0 +1 @@ +#include "../hppa/usb-serial-modules" diff --git a/debian/installer/hppa/modules/hppa/ata-modules b/debian/installer/hppa/modules/hppa/ata-modules new file mode 100644 index 000000000..b81c0f38b --- /dev/null +++ b/debian/installer/hppa/modules/hppa/ata-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/hppa/modules/hppa/crc-modules b/debian/installer/hppa/modules/hppa/crc-modules new file mode 100644 index 000000000..7e00de705 --- /dev/null +++ b/debian/installer/hppa/modules/hppa/crc-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/hppa/modules/hppa/event-modules b/debian/installer/hppa/modules/hppa/event-modules new file mode 100644 index 000000000..f8819afd3 --- /dev/null +++ b/debian/installer/hppa/modules/hppa/event-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/hppa/modules/hppa/isofs-modules b/debian/installer/hppa/modules/hppa/isofs-modules new file mode 100644 index 000000000..da4fa9a3c --- /dev/null +++ b/debian/installer/hppa/modules/hppa/isofs-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/hppa/modules/hppa/jfs-modules b/debian/installer/hppa/modules/hppa/jfs-modules new file mode 100644 index 000000000..7e4d912b9 --- /dev/null +++ b/debian/installer/hppa/modules/hppa/jfs-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/hppa/modules/hppa/mouse-modules b/debian/installer/hppa/modules/hppa/mouse-modules new file mode 100644 index 000000000..15fcb00ea --- /dev/null +++ b/debian/installer/hppa/modules/hppa/mouse-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/hppa/modules/hppa/nic-shared-modules b/debian/installer/hppa/modules/hppa/nic-shared-modules new file mode 100644 index 000000000..cc84b14dc --- /dev/null +++ b/debian/installer/hppa/modules/hppa/nic-shared-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/hppa/modules/hppa/nic-usb-modules b/debian/installer/hppa/modules/hppa/nic-usb-modules new file mode 100644 index 000000000..c479669b4 --- /dev/null +++ b/debian/installer/hppa/modules/hppa/nic-usb-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/hppa/modules/hppa/sata-modules b/debian/installer/hppa/modules/hppa/sata-modules new file mode 100644 index 000000000..071cb860b --- /dev/null +++ b/debian/installer/hppa/modules/hppa/sata-modules @@ -0,0 +1,2 @@ +#include + diff --git a/debian/installer/hppa/modules/hppa/scsi-common-modules b/debian/installer/hppa/modules/hppa/scsi-common-modules new file mode 100644 index 000000000..49739018c --- /dev/null +++ b/debian/installer/hppa/modules/hppa/scsi-common-modules @@ -0,0 +1,2 @@ +#include + diff --git a/debian/installer/hppa/modules/hppa/scsi-modules b/debian/installer/hppa/modules/hppa/scsi-modules index 2c200820d..284481edf 100644 --- a/debian/installer/hppa/modules/hppa/scsi-modules +++ b/debian/installer/hppa/modules/hppa/scsi-modules @@ -4,7 +4,6 @@ lasi700 osst sg st -sym53c8xx zalon7xx megaraid ? megaraid_mbox ? diff --git a/debian/installer/hppa/modules/hppa/serial-modules b/debian/installer/hppa/modules/hppa/serial-modules new file mode 100644 index 000000000..6ab8b8c35 --- /dev/null +++ b/debian/installer/hppa/modules/hppa/serial-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/hppa/modules/hppa/squashfs-modules b/debian/installer/hppa/modules/hppa/squashfs-modules new file mode 100644 index 000000000..42d77887a --- /dev/null +++ b/debian/installer/hppa/modules/hppa/squashfs-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/hppa/modules/hppa/usb-serial-modules b/debian/installer/hppa/modules/hppa/usb-serial-modules new file mode 100644 index 000000000..c0a0dc3bd --- /dev/null +++ b/debian/installer/hppa/modules/hppa/usb-serial-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/i386/kernel-versions b/debian/installer/i386/kernel-versions index d11e761e0..de6f68e3d 100644 --- a/debian/installer/i386/kernel-versions +++ b/debian/installer/i386/kernel-versions @@ -1,3 +1,3 @@ # arch version flavour installedname suffix build-depends -i386 - 486 - - - +i386 - 586 - - - i386 - 686-pae - - - diff --git a/debian/installer/mips/modules/mips-octeon/usb-modules b/debian/installer/mips/modules/mips-octeon/usb-modules index c598dedd8..6c3464a6c 100644 --- a/debian/installer/mips/modules/mips-octeon/usb-modules +++ b/debian/installer/mips/modules/mips-octeon/usb-modules @@ -1 +1,2 @@ #include +octeon-hcd diff --git a/debian/installer/modules/crypto-modules b/debian/installer/modules/crypto-modules index 8b976cfeb..40ee863b6 100644 --- a/debian/installer/modules/crypto-modules +++ b/debian/installer/modules/crypto-modules @@ -4,4 +4,6 @@ twofish_generic serpent_generic sha256_generic cbc ? +ccm +ctr xts diff --git a/debian/installer/modules/mmc-modules b/debian/installer/modules/mmc-modules index 373994720..5bf6e6202 100644 --- a/debian/installer/modules/mmc-modules +++ b/debian/installer/modules/mmc-modules @@ -4,3 +4,5 @@ sdhci-pci ? sdhci-acpi ? ricoh_mmc ? tifm_sd ? +dw_mmc ? +dw_mmc_pltfm ? diff --git a/debian/installer/modules/pata-modules b/debian/installer/modules/pata-modules index 2bce2508e..dd8450d65 100644 --- a/debian/installer/modules/pata-modules +++ b/debian/installer/modules/pata-modules @@ -28,6 +28,7 @@ pata_pdc202xx_old ? pata_piccolo ? pata_qdi ? pata_radisys ? +pata_rdc ? pata_rz1000 ? pata_sc1200 ? pata_serverworks ? diff --git a/debian/installer/modules/usb-modules b/debian/installer/modules/usb-modules index b154dad32..36ed211be 100644 --- a/debian/installer/modules/usb-modules +++ b/debian/installer/modules/usb-modules @@ -1,7 +1,11 @@ ehci-hcd ? ehci-pci ? +ehci-platform ? ohci-hcd ? ohci-pci ? +ohci-platform ? uhci-hcd ? xhci-hcd ? usbcore ? +dwc3 ? +usb3503 ? diff --git a/debian/lib/python/debian_linux/gencontrol.py b/debian/lib/python/debian_linux/gencontrol.py index 7024a4848..62093ad99 100644 --- a/debian/lib/python/debian_linux/gencontrol.py +++ b/debian/lib/python/debian_linux/gencontrol.py @@ -275,7 +275,7 @@ class Gencontrol(object): def subst(match): return vars[match.group(1)] - return re.sub(r'@([-_a-z]+)@', subst, six.text_type(s)) + return re.sub(r'@([-_a-z0-9]+)@', subst, six.text_type(s)) def write(self, packages, makefile): self.write_control(packages.values()) diff --git a/debian/patches/bugfix/all/SUNRPC-Don-t-wake-tasks-during-connection-abort.patch b/debian/patches/bugfix/all/SUNRPC-Don-t-wake-tasks-during-connection-abort.patch new file mode 100644 index 000000000..e85311e08 --- /dev/null +++ b/debian/patches/bugfix/all/SUNRPC-Don-t-wake-tasks-during-connection-abort.patch @@ -0,0 +1,52 @@ +From: Benjamin Coddington +Date: Tue, 23 Sep 2014 12:26:19 -0400 +Subject: [1/2] SUNRPC: Don't wake tasks during connection abort +Origin: https://git.kernel.org/linus/a743419f420a64d442280845c0377a915b76644f +Bug-Debian: https://bugs.debian.org/767219 + +When aborting a connection to preserve source ports, don't wake the task in +xs_error_report. This allows tasks with RPC_TASK_SOFTCONN to succeed if the +connection needs to be re-established since it preserves the task's status +instead of setting it to the status of the aborting kernel_connect(). + +This may also avoid a potential conflict on the socket's lock. + +Signed-off-by: Benjamin Coddington +Cc: stable@vger.kernel.org # 3.14+ +Signed-off-by: Trond Myklebust +--- + include/linux/sunrpc/xprt.h | 1 + + net/sunrpc/xprtsock.c | 4 ++++ + 2 files changed, 5 insertions(+) + +--- a/include/linux/sunrpc/xprt.h ++++ b/include/linux/sunrpc/xprt.h +@@ -357,6 +357,7 @@ int xs_swapper(struct rpc_xprt *xprt, + #define XPRT_CONNECTION_ABORT (7) + #define XPRT_CONNECTION_CLOSE (8) + #define XPRT_CONGESTED (9) ++#define XPRT_CONNECTION_REUSE (10) + + static inline void xprt_set_connected(struct rpc_xprt *xprt) + { +--- a/net/sunrpc/xprtsock.c ++++ b/net/sunrpc/xprtsock.c +@@ -842,6 +842,8 @@ static void xs_error_report(struct sock + dprintk("RPC: xs_error_report client %p, error=%d...\n", + xprt, -err); + trace_rpc_socket_error(xprt, sk->sk_socket, err); ++ if (test_bit(XPRT_CONNECTION_REUSE, &xprt->state)) ++ goto out; + xprt_wake_pending_tasks(xprt, err); + out: + read_unlock_bh(&sk->sk_callback_lock); +@@ -2241,7 +2243,9 @@ static void xs_tcp_setup_socket(struct w + abort_and_exit = test_and_clear_bit(XPRT_CONNECTION_ABORT, + &xprt->state); + /* "close" the socket, preserving the local port */ ++ set_bit(XPRT_CONNECTION_REUSE, &xprt->state); + xs_tcp_reuse_connection(transport); ++ clear_bit(XPRT_CONNECTION_REUSE, &xprt->state); + + if (abort_and_exit) + goto out_eagain; diff --git a/debian/patches/bugfix/all/disable-some-marvell-phys.patch b/debian/patches/bugfix/all/disable-some-marvell-phys.patch index d92626696..5b30bbccd 100644 --- a/debian/patches/bugfix/all/disable-some-marvell-phys.patch +++ b/debian/patches/bugfix/all/disable-some-marvell-phys.patch @@ -2,6 +2,7 @@ From: Ian Campbell Subject: phy/marvell: disable 4-port phys Date: Wed, 20 Nov 2013 08:30:14 +0000 Bug-Debian: https://bugs.debian.org/723177 +Forwarded: http://thread.gmane.org/gmane.linux.debian.devel.bugs.general/1107774/ The Marvell PHY was originally disabled because it can cause networking failures on some systems. According to Lennert Buytenhek this is because some diff --git a/debian/patches/bugfix/all/drivers-net-Disable-UFO-through-virtio.patch b/debian/patches/bugfix/all/drivers-net-Disable-UFO-through-virtio.patch new file mode 100644 index 000000000..347d85d90 --- /dev/null +++ b/debian/patches/bugfix/all/drivers-net-Disable-UFO-through-virtio.patch @@ -0,0 +1,212 @@ +From: Ben Hutchings +Date: Thu, 30 Oct 2014 18:27:12 +0000 +Subject: [1/2] drivers/net: Disable UFO through virtio +Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=3d0ad09412ffe00c9afa201d01effdb6023d09b4 + +IPv6 does not allow fragmentation by routers, so there is no +fragmentation ID in the fixed header. UFO for IPv6 requires the ID to +be passed separately, but there is no provision for this in the virtio +net protocol. + +Until recently our software implementation of UFO/IPv6 generated a new +ID, but this was a bug. Now we will use ID=0 for any UFO/IPv6 packet +passed through a tap, which is even worse. + +Unfortunately there is no distinction between UFO/IPv4 and v6 +features, so disable UFO on taps and virtio_net completely until we +have a proper solution. + +We cannot depend on VM managers respecting the tap feature flags, so +keep accepting UFO packets but log a warning the first time we do +this. + +Signed-off-by: Ben Hutchings +Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data") +Signed-off-by: David S. Miller +--- + drivers/net/macvtap.c | 13 +++++-------- + drivers/net/tun.c | 19 +++++++++++-------- + drivers/net/virtio_net.c | 24 ++++++++++++++---------- + 3 files changed, 30 insertions(+), 26 deletions(-) + +--- a/drivers/net/macvtap.c ++++ b/drivers/net/macvtap.c +@@ -65,7 +65,7 @@ static struct cdev macvtap_cdev; + static const struct proto_ops macvtap_socket_ops; + + #define TUN_OFFLOADS (NETIF_F_HW_CSUM | NETIF_F_TSO_ECN | NETIF_F_TSO | \ +- NETIF_F_TSO6 | NETIF_F_UFO) ++ NETIF_F_TSO6) + #define RX_OFFLOADS (NETIF_F_GRO | NETIF_F_LRO) + #define TAP_FEATURES (NETIF_F_GSO | NETIF_F_SG) + +@@ -569,6 +569,8 @@ static int macvtap_skb_from_vnet_hdr(str + gso_type = SKB_GSO_TCPV6; + break; + case VIRTIO_NET_HDR_GSO_UDP: ++ pr_warn_once("macvtap: %s: using disabled UFO feature; please fix this program\n", ++ current->comm); + gso_type = SKB_GSO_UDP; + break; + default: +@@ -614,8 +616,6 @@ static void macvtap_skb_to_vnet_hdr(cons + vnet_hdr->gso_type = VIRTIO_NET_HDR_GSO_TCPV4; + else if (sinfo->gso_type & SKB_GSO_TCPV6) + vnet_hdr->gso_type = VIRTIO_NET_HDR_GSO_TCPV6; +- else if (sinfo->gso_type & SKB_GSO_UDP) +- vnet_hdr->gso_type = VIRTIO_NET_HDR_GSO_UDP; + else + BUG(); + if (sinfo->gso_type & SKB_GSO_TCP_ECN) +@@ -950,9 +950,6 @@ static int set_offload(struct macvtap_qu + if (arg & TUN_F_TSO6) + feature_mask |= NETIF_F_TSO6; + } +- +- if (arg & TUN_F_UFO) +- feature_mask |= NETIF_F_UFO; + } + + /* tun/tap driver inverts the usage for TSO offloads, where +@@ -963,7 +960,7 @@ static int set_offload(struct macvtap_qu + * When user space turns off TSO, we turn off GSO/LRO so that + * user-space will not receive TSO frames. + */ +- if (feature_mask & (NETIF_F_TSO | NETIF_F_TSO6 | NETIF_F_UFO)) ++ if (feature_mask & (NETIF_F_TSO | NETIF_F_TSO6)) + features |= RX_OFFLOADS; + else + features &= ~RX_OFFLOADS; +@@ -1064,7 +1061,7 @@ static long macvtap_ioctl(struct file *f + case TUNSETOFFLOAD: + /* let the user check for future flags */ + if (arg & ~(TUN_F_CSUM | TUN_F_TSO4 | TUN_F_TSO6 | +- TUN_F_TSO_ECN | TUN_F_UFO)) ++ TUN_F_TSO_ECN)) + return -EINVAL; + + rtnl_lock(); +--- a/drivers/net/tun.c ++++ b/drivers/net/tun.c +@@ -174,7 +174,7 @@ struct tun_struct { + struct net_device *dev; + netdev_features_t set_features; + #define TUN_USER_FEATURES (NETIF_F_HW_CSUM|NETIF_F_TSO_ECN|NETIF_F_TSO| \ +- NETIF_F_TSO6|NETIF_F_UFO) ++ NETIF_F_TSO6) + + int vnet_hdr_sz; + int sndbuf; +@@ -1149,8 +1149,18 @@ static ssize_t tun_get_user(struct tun_s + skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6; + break; + case VIRTIO_NET_HDR_GSO_UDP: ++ { ++ static bool warned; ++ ++ if (!warned) { ++ warned = true; ++ netdev_warn(tun->dev, ++ "%s: using disabled UFO feature; please fix this program\n", ++ current->comm); ++ } + skb_shinfo(skb)->gso_type = SKB_GSO_UDP; + break; ++ } + default: + tun->dev->stats.rx_frame_errors++; + kfree_skb(skb); +@@ -1251,8 +1261,6 @@ static ssize_t tun_put_user(struct tun_s + gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV4; + else if (sinfo->gso_type & SKB_GSO_TCPV6) + gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV6; +- else if (sinfo->gso_type & SKB_GSO_UDP) +- gso.gso_type = VIRTIO_NET_HDR_GSO_UDP; + else { + pr_err("unexpected GSO type: " + "0x%x, gso_size %d, hdr_len %d\n", +@@ -1761,11 +1769,6 @@ static int set_offload(struct tun_struct + features |= NETIF_F_TSO6; + arg &= ~(TUN_F_TSO4|TUN_F_TSO6); + } +- +- if (arg & TUN_F_UFO) { +- features |= NETIF_F_UFO; +- arg &= ~TUN_F_UFO; +- } + } + + /* This gives the user a way to test for new features in future by +--- a/drivers/net/virtio_net.c ++++ b/drivers/net/virtio_net.c +@@ -496,8 +496,17 @@ static void receive_buf(struct receive_q + skb_shinfo(skb)->gso_type = SKB_GSO_TCPV4; + break; + case VIRTIO_NET_HDR_GSO_UDP: ++ { ++ static bool warned; ++ ++ if (!warned) { ++ warned = true; ++ netdev_warn(dev, ++ "host using disabled UFO feature; please fix it\n"); ++ } + skb_shinfo(skb)->gso_type = SKB_GSO_UDP; + break; ++ } + case VIRTIO_NET_HDR_GSO_TCPV6: + skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6; + break; +@@ -836,8 +845,6 @@ static int xmit_skb(struct send_queue *s + hdr->hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV4; + else if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6) + hdr->hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV6; +- else if (skb_shinfo(skb)->gso_type & SKB_GSO_UDP) +- hdr->hdr.gso_type = VIRTIO_NET_HDR_GSO_UDP; + else + BUG(); + if (skb_shinfo(skb)->gso_type & SKB_GSO_TCP_ECN) +@@ -1657,7 +1664,7 @@ static int virtnet_probe(struct virtio_d + dev->features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST; + + if (virtio_has_feature(vdev, VIRTIO_NET_F_GSO)) { +- dev->hw_features |= NETIF_F_TSO | NETIF_F_UFO ++ dev->hw_features |= NETIF_F_TSO + | NETIF_F_TSO_ECN | NETIF_F_TSO6; + } + /* Individual feature bits: what can host handle? */ +@@ -1667,11 +1674,9 @@ static int virtnet_probe(struct virtio_d + dev->hw_features |= NETIF_F_TSO6; + if (virtio_has_feature(vdev, VIRTIO_NET_F_HOST_ECN)) + dev->hw_features |= NETIF_F_TSO_ECN; +- if (virtio_has_feature(vdev, VIRTIO_NET_F_HOST_UFO)) +- dev->hw_features |= NETIF_F_UFO; + + if (gso) +- dev->features |= dev->hw_features & (NETIF_F_ALL_TSO|NETIF_F_UFO); ++ dev->features |= dev->hw_features & NETIF_F_ALL_TSO; + /* (!csum && gso) case will be fixed by register_netdev() */ + } + if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_CSUM)) +@@ -1711,8 +1716,7 @@ static int virtnet_probe(struct virtio_d + /* If we can receive ANY GSO packets, we must allocate large ones. */ + if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_TSO4) || + virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_TSO6) || +- virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_ECN) || +- virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_UFO)) ++ virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_ECN)) + vi->big_packets = true; + + if (virtio_has_feature(vdev, VIRTIO_NET_F_MRG_RXBUF)) +@@ -1910,9 +1914,9 @@ static struct virtio_device_id id_table[ + static unsigned int features[] = { + VIRTIO_NET_F_CSUM, VIRTIO_NET_F_GUEST_CSUM, + VIRTIO_NET_F_GSO, VIRTIO_NET_F_MAC, +- VIRTIO_NET_F_HOST_TSO4, VIRTIO_NET_F_HOST_UFO, VIRTIO_NET_F_HOST_TSO6, ++ VIRTIO_NET_F_HOST_TSO4, VIRTIO_NET_F_HOST_TSO6, + VIRTIO_NET_F_HOST_ECN, VIRTIO_NET_F_GUEST_TSO4, VIRTIO_NET_F_GUEST_TSO6, +- VIRTIO_NET_F_GUEST_ECN, VIRTIO_NET_F_GUEST_UFO, ++ VIRTIO_NET_F_GUEST_ECN, + VIRTIO_NET_F_MRG_RXBUF, VIRTIO_NET_F_STATUS, VIRTIO_NET_F_CTRL_VQ, + VIRTIO_NET_F_CTRL_RX, VIRTIO_NET_F_CTRL_VLAN, + VIRTIO_NET_F_GUEST_ANNOUNCE, VIRTIO_NET_F_MQ, diff --git a/debian/patches/bugfix/all/drivers-net-ipv6-Select-IPv6-fragment-idents-for-vir.patch b/debian/patches/bugfix/all/drivers-net-ipv6-Select-IPv6-fragment-idents-for-vir.patch new file mode 100644 index 000000000..a79539fe2 --- /dev/null +++ b/debian/patches/bugfix/all/drivers-net-ipv6-Select-IPv6-fragment-idents-for-vir.patch @@ -0,0 +1,135 @@ +From: Ben Hutchings +Date: Thu, 30 Oct 2014 18:27:17 +0000 +Subject: [2/2] drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO + packets +Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=5188cd44c55db3e92cd9e77a40b5baa7ed4340f7 + +UFO is now disabled on all drivers that work with virtio net headers, +but userland may try to send UFO/IPv6 packets anyway. Instead of +sending with ID=0, we should select identifiers on their behalf (as we +used to). + +Signed-off-by: Ben Hutchings +Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data") +Signed-off-by: David S. Miller +--- + drivers/net/macvtap.c | 3 +++ + drivers/net/tun.c | 6 +++++- + include/net/ipv6.h | 2 ++ + net/ipv6/output_core.c | 34 ++++++++++++++++++++++++++++++++++ + 4 files changed, 44 insertions(+), 1 deletion(-) + +--- a/drivers/net/macvtap.c ++++ b/drivers/net/macvtap.c +@@ -16,6 +16,7 @@ + #include + #include + ++#include + #include + #include + #include +@@ -572,6 +573,8 @@ static int macvtap_skb_from_vnet_hdr(str + pr_warn_once("macvtap: %s: using disabled UFO feature; please fix this program\n", + current->comm); + gso_type = SKB_GSO_UDP; ++ if (skb->protocol == htons(ETH_P_IPV6)) ++ ipv6_proxy_select_ident(skb); + break; + default: + return -EINVAL; +--- a/drivers/net/tun.c ++++ b/drivers/net/tun.c +@@ -65,6 +65,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -1139,6 +1140,8 @@ static ssize_t tun_get_user(struct tun_s + break; + } + ++ skb_reset_network_header(skb); ++ + if (gso.gso_type != VIRTIO_NET_HDR_GSO_NONE) { + pr_debug("GSO!\n"); + switch (gso.gso_type & ~VIRTIO_NET_HDR_GSO_ECN) { +@@ -1159,6 +1162,8 @@ static ssize_t tun_get_user(struct tun_s + current->comm); + } + skb_shinfo(skb)->gso_type = SKB_GSO_UDP; ++ if (skb->protocol == htons(ETH_P_IPV6)) ++ ipv6_proxy_select_ident(skb); + break; + } + default: +@@ -1189,7 +1194,6 @@ static ssize_t tun_get_user(struct tun_s + skb_shinfo(skb)->tx_flags |= SKBTX_SHARED_FRAG; + } + +- skb_reset_network_header(skb); + skb_probe_transport_header(skb, 0); + + rxhash = skb_get_hash(skb); +--- a/include/net/ipv6.h ++++ b/include/net/ipv6.h +@@ -668,6 +668,8 @@ static inline int ipv6_addr_diff(const s + return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr)); + } + ++void ipv6_proxy_select_ident(struct sk_buff *skb); ++ + int ip6_dst_hoplimit(struct dst_entry *dst); + + static inline int ip6_sk_dst_hoplimit(struct ipv6_pinfo *np, struct flowi6 *fl6, +--- a/net/ipv6/output_core.c ++++ b/net/ipv6/output_core.c +@@ -3,11 +3,45 @@ + * not configured or static. These functions are needed by GSO/GRO implementation. + */ + #include ++#include + #include + #include + #include + #include + ++/* This function exists only for tap drivers that must support broken ++ * clients requesting UFO without specifying an IPv6 fragment ID. ++ * ++ * This is similar to ipv6_select_ident() but we use an independent hash ++ * seed to limit information leakage. ++ * ++ * The network header must be set before calling this. ++ */ ++void ipv6_proxy_select_ident(struct sk_buff *skb) ++{ ++ static u32 ip6_proxy_idents_hashrnd __read_mostly; ++ struct in6_addr buf[2]; ++ struct in6_addr *addrs; ++ u32 hash, id; ++ ++ addrs = skb_header_pointer(skb, ++ skb_network_offset(skb) + ++ offsetof(struct ipv6hdr, saddr), ++ sizeof(buf), buf); ++ if (!addrs) ++ return; ++ ++ net_get_random_once(&ip6_proxy_idents_hashrnd, ++ sizeof(ip6_proxy_idents_hashrnd)); ++ ++ hash = __ipv6_addr_jhash(&addrs[1], ip6_proxy_idents_hashrnd); ++ hash = __ipv6_addr_jhash(&addrs[0], hash); ++ ++ id = ip_idents_reserve(hash, 1); ++ skb_shinfo(skb)->ip6_frag_id = htonl(id); ++} ++EXPORT_SYMBOL_GPL(ipv6_proxy_select_ident); ++ + int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) + { + u16 offset = sizeof(struct ipv6hdr); diff --git a/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch b/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch index 93ec08ec4..4663faad5 100644 --- a/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch +++ b/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch @@ -17,6 +17,9 @@ removed in later patches. This does not cover the case where we fall back to a user-mode helper (which is no longer enabled in Debian). + +NOTE: hw-detect will depend on the "firmware: failed to load %s (%d)\n" +format to detect missing firmware. --- --- a/drivers/base/firmware_class.c +++ b/drivers/base/firmware_class.c diff --git a/debian/patches/bugfix/all/firmware_class-return-specific-errors-from-file-read.patch b/debian/patches/bugfix/all/firmware_class-return-specific-errors-from-file-read.patch index 3d3c606c3..0c8c66b3f 100644 --- a/debian/patches/bugfix/all/firmware_class-return-specific-errors-from-file-read.patch +++ b/debian/patches/bugfix/all/firmware_class-return-specific-errors-from-file-read.patch @@ -1,6 +1,7 @@ From: Ben Hutchings Date: Sat, 14 Dec 2013 17:14:39 +0000 Subject: firmware_class: Return specific errors from file read +Forwarded: no Currently several failure cases are not distinguished and are incorrectly reported as -EINVAL or -ENOENT. diff --git a/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch b/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch index 6d3ad89b8..ed27a84da 100644 --- a/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch +++ b/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch @@ -3,7 +3,7 @@ Date: Sat, 19 Oct 2013 19:43:35 +0100 Subject: kbuild: Use -nostdinc in compile tests Bug-Debian: https://bugs.debian.org/726861 Bug-Debian: https://bugs.debian.org/717557 -Forwarded: no +Forwarded: http://mid.gmane.org/1415235534.3398.35.camel@decadent.org.uk Debian's gcc 4.8 pre-includes by default, which in turn includes . This fails when building a 64-bit diff --git a/debian/patches/bugfix/all/lockd-Try-to-reconnect-if-statd-has-moved.patch b/debian/patches/bugfix/all/lockd-Try-to-reconnect-if-statd-has-moved.patch new file mode 100644 index 000000000..f0f04f205 --- /dev/null +++ b/debian/patches/bugfix/all/lockd-Try-to-reconnect-if-statd-has-moved.patch @@ -0,0 +1,34 @@ +From: Benjamin Coddington +Date: Tue, 23 Sep 2014 12:26:20 -0400 +Subject: [2/2] lockd: Try to reconnect if statd has moved +Origin: https://git.kernel.org/linus/173b3afceebe76fa2205b2c8808682d5b541fe3c +Bug-Debian: https://bugs.debian.org/767219 + +If rpc.statd is restarted, upcalls to monitor hosts can fail with +ECONNREFUSED. In that case force a lookup of statd's new port and retry the +upcall. + +Signed-off-by: Benjamin Coddington +Cc: stable@vger.kernel.org +Signed-off-by: Trond Myklebust +--- + fs/lockd/mon.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/fs/lockd/mon.c b/fs/lockd/mon.c +index daa8e75..9106f42 100644 +--- a/fs/lockd/mon.c ++++ b/fs/lockd/mon.c +@@ -159,6 +159,12 @@ static int nsm_mon_unmon(struct nsm_handle *nsm, u32 proc, struct nsm_res *res, + + msg.rpc_proc = &clnt->cl_procinfo[proc]; + status = rpc_call_sync(clnt, &msg, RPC_TASK_SOFTCONN); ++ if (status == -ECONNREFUSED) { ++ dprintk("lockd: NSM upcall RPC failed, status=%d, forcing rebind\n", ++ status); ++ rpc_force_rebind(clnt); ++ status = rpc_call_sync(clnt, &msg, RPC_TASK_SOFTCONN); ++ } + if (status < 0) + dprintk("lockd: NSM upcall RPC failed, status=%d\n", + status); diff --git a/debian/patches/bugfix/all/mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch b/debian/patches/bugfix/all/mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch new file mode 100644 index 000000000..e2cccaadb --- /dev/null +++ b/debian/patches/bugfix/all/mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch @@ -0,0 +1,42 @@ +From: "Eric W. Biederman" +Date: Wed, 8 Oct 2014 10:42:27 -0700 +Subject: mnt: Prevent pivot_root from creating a loop in the mount tree +Origin: https://git.kernel.org/linus/0d0826019e529f21c84687521d03f60cd241ca7d + +Andy Lutomirski recently demonstrated that when chroot is used to set +the root path below the path for the new ``root'' passed to pivot_root +the pivot_root system call succeeds and leaks mounts. + +In examining the code I see that starting with a new root that is +below the current root in the mount tree will result in a loop in the +mount tree after the mounts are detached and then reattached to one +another. Resulting in all kinds of ugliness including a leak of that +mounts involved in the leak of the mount loop. + +Prevent this problem by ensuring that the new mount is reachable from +the current root of the mount tree. + +[Added stable cc. Fixes CVE-2014-7970. --Andy] + +Cc: stable@vger.kernel.org +Reported-by: Andy Lutomirski +Reviewed-by: Andy Lutomirski +Link: http://lkml.kernel.org/r/87bnpmihks.fsf@x220.int.ebiederm.org +Signed-off-by: "Eric W. Biederman" +Signed-off-by: Andy Lutomirski +--- + fs/namespace.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/fs/namespace.c ++++ b/fs/namespace.c +@@ -2842,6 +2842,9 @@ SYSCALL_DEFINE2(pivot_root, const char _ + /* make sure we can reach put_old from new_root */ + if (!is_path_reachable(old_mnt, old.dentry, &new)) + goto out4; ++ /* make certain new is below the root */ ++ if (!is_path_reachable(new_mnt, new.dentry, &root)) ++ goto out4; + root_mp->m_count++; /* pin it so it won't go away */ + lock_mount_hash(); + detach_mnt(new_mnt, &parent_path); diff --git a/debian/patches/bugfix/all/mtd-m25p80-get-rid-of-spi_get_device_id.patch b/debian/patches/bugfix/all/mtd-m25p80-get-rid-of-spi_get_device_id.patch new file mode 100644 index 000000000..e308907ed --- /dev/null +++ b/debian/patches/bugfix/all/mtd-m25p80-get-rid-of-spi_get_device_id.patch @@ -0,0 +1,46 @@ +From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= +Date: Mon, 29 Sep 2014 11:47:53 +0200 +Subject: [2/4] mtd: m25p80: get rid of spi_get_device_id +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Origin: http://git.infradead.org/l2-mtd.git/commit/90e55b3812a1245bb674afcc4410ddba7db402f6 + +This simplifies the way we use spi_nor framework and will allow us to +drop spi_nor_match_id. + +Signed-off-by: Rafał Miłecki +Signed-off-by: Brian Norris +--- + drivers/mtd/devices/m25p80.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/drivers/mtd/devices/m25p80.c b/drivers/mtd/devices/m25p80.c +index dcda628..822209d 100644 +--- a/drivers/mtd/devices/m25p80.c ++++ b/drivers/mtd/devices/m25p80.c +@@ -197,6 +197,7 @@ static int m25p_probe(struct spi_device *spi) + struct m25p *flash; + struct spi_nor *nor; + enum read_mode mode = SPI_NOR_NORMAL; ++ char *flash_name = NULL; + int ret; + + data = dev_get_platdata(&spi->dev); +@@ -236,12 +237,11 @@ static int m25p_probe(struct spi_device *spi) + * If that's the case, respect "type" and ignore a "name". + */ + if (data && data->type) +- id = spi_nor_match_id(data->type); +- +- /* If we didn't get name from platform, simply use "modalias". */ +- if (!id) +- id = spi_get_device_id(spi); ++ flash_name = data->type; ++ else ++ flash_name = spi->modalias; + ++ id = spi_nor_match_id(flash_name); + ret = spi_nor_scan(nor, id, mode); + if (ret) + return ret; diff --git a/debian/patches/bugfix/all/mtd-m25p80-spi-nor-Fix-module-aliases-for-m25p80.patch b/debian/patches/bugfix/all/mtd-m25p80-spi-nor-Fix-module-aliases-for-m25p80.patch new file mode 100644 index 000000000..faa9fdf44 --- /dev/null +++ b/debian/patches/bugfix/all/mtd-m25p80-spi-nor-Fix-module-aliases-for-m25p80.patch @@ -0,0 +1,125 @@ +From: Ben Hutchings +Date: Tue, 30 Sep 2014 03:14:55 +0100 +Subject: [4/4] mtd: m25p80,spi-nor: Fix module aliases for m25p80 +Origin: http://git.infradead.org/l2-mtd.git/commit/a5b7616c55e188fe3d6ef686bef402d4703ecb62 + +m25p80's device ID table is now spi_nor_ids, defined in spi-nor. The +MODULE_DEVICE_TABLE() macro doesn't work with extern definitions, but +its use was also removed at the same time. Now if m25p80 is built as +a module it doesn't get the necessary aliases to be loaded +automatically. + +A clean solution to this will involve defining the list of device +IDs in spi-nor.h and removing struct spi_device_id from the spi-nor +API, but this is quite a large change. + +As a quick fix suitable for stable, copy the device IDs back into +m25p80. + +Fixes: 03e296f613af ("mtd: m25p80: use the SPI nor framework") +Cc: # 3.16.x: 32f1b7c8352f: mtd: move support for struct flash_platform_data into m25p80 +Cc: # 3.16.x: 90e55b3812a1: mtd: m25p80: get rid of spi_get_device_id +Cc: # 3.16.x: 70f3ce0510af: mtd: spi-nor: make spi_nor_scan() take a chip type name, not spi_device_id +Cc: # 3.16.x +Signed-off-by: Ben Hutchings +Signed-off-by: Brian Norris +--- + drivers/mtd/devices/m25p80.c | 52 ++++++++++++++++++++++++++++++++++++++++++- + drivers/mtd/spi-nor/spi-nor.c | 3 +-- + include/linux/mtd/spi-nor.h | 1 - + 3 files changed, 52 insertions(+), 4 deletions(-) + +--- a/drivers/mtd/devices/m25p80.c ++++ b/drivers/mtd/devices/m25p80.c +@@ -261,12 +261,62 @@ static int m25p_remove(struct spi_device + } + + ++/* ++ * XXX This needs to be kept in sync with spi_nor_ids. We can't share ++ * it with spi-nor, because if this is built as a module then modpost ++ * won't be able to read it and add appropriate aliases. ++ */ ++static const struct spi_device_id m25p_ids[] = { ++ {"at25fs010"}, {"at25fs040"}, {"at25df041a"}, {"at25df321a"}, ++ {"at25df641"}, {"at26f004"}, {"at26df081a"}, {"at26df161a"}, ++ {"at26df321"}, {"at45db081d"}, ++ {"en25f32"}, {"en25p32"}, {"en25q32b"}, {"en25p64"}, ++ {"en25q64"}, {"en25qh128"}, {"en25qh256"}, ++ {"f25l32pa"}, ++ {"mr25h256"}, {"mr25h10"}, ++ {"gd25q32"}, {"gd25q64"}, ++ {"160s33b"}, {"320s33b"}, {"640s33b"}, ++ {"mx25l2005a"}, {"mx25l4005a"}, {"mx25l8005"}, {"mx25l1606e"}, ++ {"mx25l3205d"}, {"mx25l3255e"}, {"mx25l6405d"}, {"mx25l12805d"}, ++ {"mx25l12855e"},{"mx25l25635e"},{"mx25l25655e"},{"mx66l51235l"}, ++ {"mx66l1g55g"}, ++ {"n25q064"}, {"n25q128a11"}, {"n25q128a13"}, {"n25q256a"}, ++ {"n25q512a"}, {"n25q512ax3"}, {"n25q00"}, ++ {"pm25lv512"}, {"pm25lv010"}, {"pm25lq032"}, ++ {"s25sl032p"}, {"s25sl064p"}, {"s25fl256s0"}, {"s25fl256s1"}, ++ {"s25fl512s"}, {"s70fl01gs"}, {"s25sl12800"}, {"s25sl12801"}, ++ {"s25fl129p0"}, {"s25fl129p1"}, {"s25sl004a"}, {"s25sl008a"}, ++ {"s25sl016a"}, {"s25sl032a"}, {"s25sl064a"}, {"s25fl008k"}, ++ {"s25fl016k"}, {"s25fl064k"}, ++ {"sst25vf040b"},{"sst25vf080b"},{"sst25vf016b"},{"sst25vf032b"}, ++ {"sst25vf064c"},{"sst25wf512"}, {"sst25wf010"}, {"sst25wf020"}, ++ {"sst25wf040"}, ++ {"m25p05"}, {"m25p10"}, {"m25p20"}, {"m25p40"}, ++ {"m25p80"}, {"m25p16"}, {"m25p32"}, {"m25p64"}, ++ {"m25p128"}, {"n25q032"}, ++ {"m25p05-nonjedec"}, {"m25p10-nonjedec"}, {"m25p20-nonjedec"}, ++ {"m25p40-nonjedec"}, {"m25p80-nonjedec"}, {"m25p16-nonjedec"}, ++ {"m25p32-nonjedec"}, {"m25p64-nonjedec"}, {"m25p128-nonjedec"}, ++ {"m45pe10"}, {"m45pe80"}, {"m45pe16"}, ++ {"m25pe20"}, {"m25pe80"}, {"m25pe16"}, ++ {"m25px16"}, {"m25px32"}, {"m25px32-s0"}, {"m25px32-s1"}, ++ {"m25px64"}, ++ {"w25x10"}, {"w25x20"}, {"w25x40"}, {"w25x80"}, ++ {"w25x16"}, {"w25x32"}, {"w25q32"}, {"w25q32dw"}, ++ {"w25x64"}, {"w25q64"}, {"w25q128"}, {"w25q80"}, ++ {"w25q80bl"}, {"w25q128"}, {"w25q256"}, {"cat25c11"}, ++ {"cat25c03"}, {"cat25c09"}, {"cat25c17"}, {"cat25128"}, ++ { }, ++}; ++MODULE_DEVICE_TABLE(spi, m25p_ids); ++ ++ + static struct spi_driver m25p80_driver = { + .driver = { + .name = "m25p80", + .owner = THIS_MODULE, + }, +- .id_table = spi_nor_ids, ++ .id_table = m25p_ids, + .probe = m25p_probe, + .remove = m25p_remove, + +--- a/drivers/mtd/spi-nor/spi-nor.c ++++ b/drivers/mtd/spi-nor/spi-nor.c +@@ -429,7 +429,7 @@ struct flash_info { + * more nor chips. This current list focusses on newer chips, which + * have been converging on command sets which including JEDEC ID. + */ +-const struct spi_device_id spi_nor_ids[] = { ++static const struct spi_device_id spi_nor_ids[] = { + /* Atmel -- some are (confusingly) marketed as "DataFlash" */ + { "at25fs010", INFO(0x1f6601, 0, 32 * 1024, 4, SECT_4K) }, + { "at25fs040", INFO(0x1f6604, 0, 64 * 1024, 8, SECT_4K) }, +@@ -590,7 +590,6 @@ const struct spi_device_id spi_nor_ids[] + { "cat25128", CAT25_INFO(2048, 8, 64, 2, SPI_NOR_NO_ERASE | SPI_NOR_NO_FR) }, + { }, + }; +-EXPORT_SYMBOL_GPL(spi_nor_ids); + + static const struct spi_device_id *spi_nor_read_id(struct spi_nor *nor) + { +--- a/include/linux/mtd/spi-nor.h ++++ b/include/linux/mtd/spi-nor.h +@@ -195,6 +195,5 @@ struct spi_nor { + * Return: 0 for success, others for failure. + */ + int spi_nor_scan(struct spi_nor *nor, const char *name, enum read_mode mode); +-extern const struct spi_device_id spi_nor_ids[]; + + #endif diff --git a/debian/patches/bugfix/all/mtd-move-support-for-struct-flash_platform_data-into.patch b/debian/patches/bugfix/all/mtd-move-support-for-struct-flash_platform_data-into.patch new file mode 100644 index 000000000..4d1c73fcd --- /dev/null +++ b/debian/patches/bugfix/all/mtd-move-support-for-struct-flash_platform_data-into.patch @@ -0,0 +1,119 @@ +From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= +Date: Sun, 28 Sep 2014 22:36:54 +0200 +Subject: [1/4] mtd: move support for struct flash_platform_data into m25p80 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Origin: http://git.infradead.org/l2-mtd.git/commit/32f1b7c8352fd33d41bcec3cfb054ccdcfd40a42 + +This "type" seems to be an extra hint for m25p80 about the flash. Some +archs register flash_platform_data with "name" set to "m25p80" and then +with a real flash name set in "type". It seems to be a trick specific +to the m25p80 so let's move it out of spi-nor. +Btw switch to the spi_nor_match_id instead of iterating spi_nor_ids. + +Signed-off-by: Rafał Miłecki +Signed-off-by: Brian Norris +--- + drivers/mtd/devices/m25p80.c | 22 ++++++++++++++++++++-- + drivers/mtd/spi-nor/spi-nor.c | 28 +--------------------------- + 2 files changed, 21 insertions(+), 29 deletions(-) + +--- a/drivers/mtd/devices/m25p80.c ++++ b/drivers/mtd/devices/m25p80.c +@@ -193,11 +193,14 @@ static int m25p_probe(struct spi_device + { + struct mtd_part_parser_data ppdata; + struct flash_platform_data *data; ++ const struct spi_device_id *id = NULL; + struct m25p *flash; + struct spi_nor *nor; + enum read_mode mode = SPI_NOR_NORMAL; + int ret; + ++ data = dev_get_platdata(&spi->dev); ++ + flash = devm_kzalloc(&spi->dev, sizeof(*flash), GFP_KERNEL); + if (!flash) + return -ENOMEM; +@@ -223,11 +226,26 @@ static int m25p_probe(struct spi_device + mode = SPI_NOR_QUAD; + else if (spi->mode & SPI_RX_DUAL) + mode = SPI_NOR_DUAL; +- ret = spi_nor_scan(nor, spi_get_device_id(spi), mode); ++ ++ if (data && data->name) ++ flash->mtd.name = data->name; ++ ++ /* For some (historical?) reason many platforms provide two different ++ * names in flash_platform_data: "name" and "type". Quite often name is ++ * set to "m25p80" and then "type" provides a real chip name. ++ * If that's the case, respect "type" and ignore a "name". ++ */ ++ if (data && data->type) ++ id = spi_nor_match_id(data->type); ++ ++ /* If we didn't get name from platform, simply use "modalias". */ ++ if (!id) ++ id = spi_get_device_id(spi); ++ ++ ret = spi_nor_scan(nor, id, mode); + if (ret) + return ret; + +- data = dev_get_platdata(&spi->dev); + ppdata.of_node = spi->dev.of_node; + + return mtd_device_parse_register(&flash->mtd, NULL, &ppdata, +--- a/drivers/mtd/spi-nor/spi-nor.c ++++ b/drivers/mtd/spi-nor/spi-nor.c +@@ -871,7 +871,6 @@ int spi_nor_scan(struct spi_nor *nor, co + enum read_mode mode) + { + struct flash_info *info; +- struct flash_platform_data *data; + struct device *dev = nor->dev; + struct mtd_info *mtd = nor->mtd; + struct device_node *np = dev->of_node; +@@ -882,28 +881,6 @@ int spi_nor_scan(struct spi_nor *nor, co + if (ret) + return ret; + +- /* Platform data helps sort out which chip type we have, as +- * well as how this board partitions it. If we don't have +- * a chip ID, try the JEDEC id commands; they'll work for most +- * newer chips, even if we don't recognize the particular chip. +- */ +- data = dev_get_platdata(dev); +- if (data && data->type) { +- const struct spi_device_id *plat_id; +- +- for (i = 0; i < ARRAY_SIZE(spi_nor_ids) - 1; i++) { +- plat_id = &spi_nor_ids[i]; +- if (strcmp(data->type, plat_id->name)) +- continue; +- break; +- } +- +- if (i < ARRAY_SIZE(spi_nor_ids) - 1) +- id = plat_id; +- else +- dev_warn(dev, "unrecognized id %s\n", data->type); +- } +- + info = (void *)id->driver_data; + + if (info->jedec_id) { +@@ -941,11 +918,8 @@ int spi_nor_scan(struct spi_nor *nor, co + write_sr(nor, 0); + } + +- if (data && data->name) +- mtd->name = data->name; +- else ++ if (!mtd->name) + mtd->name = dev_name(dev); +- + mtd->type = MTD_NORFLASH; + mtd->writesize = 1; + mtd->flags = MTD_CAP_NORFLASH; diff --git a/debian/patches/bugfix/all/mtd-spi-nor-make-spi_nor_scan-take-a-chip-type-name-.patch b/debian/patches/bugfix/all/mtd-spi-nor-make-spi_nor_scan-take-a-chip-type-name-.patch new file mode 100644 index 000000000..9e580e756 --- /dev/null +++ b/debian/patches/bugfix/all/mtd-spi-nor-make-spi_nor_scan-take-a-chip-type-name-.patch @@ -0,0 +1,162 @@ +From: Ben Hutchings +Date: Mon, 29 Sep 2014 11:47:54 +0200 +Subject: [3/4] mtd: spi-nor: make spi_nor_scan() take a chip type name, not + spi_device_id +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Origin: http://git.infradead.org/l2-mtd.git/commit/70f3ce0510afdad7cbaf27ab7ab961377205c782 + +Drivers currently call spi_nor_match_id() and then spi_nor_scan(). +This adds a dependency on struct spi_device_id which we want to +avoid. Make spi_nor_scan() do it for them. + +Signed-off-by: Ben Hutchings +Signed-off-by: Rafał Miłecki +Signed-off-by: Brian Norris +--- + drivers/mtd/devices/m25p80.c | 4 +--- + drivers/mtd/spi-nor/fsl-quadspi.c | 7 +------ + drivers/mtd/spi-nor/spi-nor.c | 13 +++++++++---- + include/linux/mtd/spi-nor.h | 20 +++----------------- + 4 files changed, 14 insertions(+), 30 deletions(-) + +--- a/drivers/mtd/devices/m25p80.c ++++ b/drivers/mtd/devices/m25p80.c +@@ -193,7 +193,6 @@ static int m25p_probe(struct spi_device + { + struct mtd_part_parser_data ppdata; + struct flash_platform_data *data; +- const struct spi_device_id *id = NULL; + struct m25p *flash; + struct spi_nor *nor; + enum read_mode mode = SPI_NOR_NORMAL; +@@ -241,8 +240,7 @@ static int m25p_probe(struct spi_device + else + flash_name = spi->modalias; + +- id = spi_nor_match_id(flash_name); +- ret = spi_nor_scan(nor, id, mode); ++ ret = spi_nor_scan(nor, flash_name, mode); + if (ret) + return ret; + +--- a/drivers/mtd/spi-nor/fsl-quadspi.c ++++ b/drivers/mtd/spi-nor/fsl-quadspi.c +@@ -881,7 +881,6 @@ static int fsl_qspi_probe(struct platfor + + /* iterate the subnodes. */ + for_each_available_child_of_node(dev->of_node, np) { +- const struct spi_device_id *id; + char modalias[40]; + + /* skip the holes */ +@@ -909,10 +908,6 @@ static int fsl_qspi_probe(struct platfor + if (of_modalias_node(np, modalias, sizeof(modalias)) < 0) + goto map_failed; + +- id = spi_nor_match_id(modalias); +- if (!id) +- goto map_failed; +- + ret = of_property_read_u32(np, "spi-max-frequency", + &q->clk_rate); + if (ret < 0) +@@ -921,7 +916,7 @@ static int fsl_qspi_probe(struct platfor + /* set the chip address for READID */ + fsl_qspi_set_base_addr(q, nor); + +- ret = spi_nor_scan(nor, id, SPI_NOR_QUAD); ++ ret = spi_nor_scan(nor, modalias, SPI_NOR_QUAD); + if (ret) + goto map_failed; + +--- a/drivers/mtd/spi-nor/spi-nor.c ++++ b/drivers/mtd/spi-nor/spi-nor.c +@@ -28,6 +28,8 @@ + + #define JEDEC_MFR(_jedec_id) ((_jedec_id) >> 16) + ++static const struct spi_device_id *spi_nor_match_id(const char *name); ++ + /* + * Read the status register, returning its value in the location + * Return the status register value. +@@ -867,9 +869,9 @@ static int spi_nor_check(struct spi_nor + return 0; + } + +-int spi_nor_scan(struct spi_nor *nor, const struct spi_device_id *id, +- enum read_mode mode) ++int spi_nor_scan(struct spi_nor *nor, const char *name, enum read_mode mode) + { ++ const struct spi_device_id *id = NULL; + struct flash_info *info; + struct device *dev = nor->dev; + struct mtd_info *mtd = nor->mtd; +@@ -881,6 +883,10 @@ int spi_nor_scan(struct spi_nor *nor, co + if (ret) + return ret; + ++ id = spi_nor_match_id(name); ++ if (!id) ++ return -ENOENT; ++ + info = (void *)id->driver_data; + + if (info->jedec_id) { +@@ -1062,7 +1068,7 @@ int spi_nor_scan(struct spi_nor *nor, co + } + EXPORT_SYMBOL_GPL(spi_nor_scan); + +-const struct spi_device_id *spi_nor_match_id(char *name) ++static const struct spi_device_id *spi_nor_match_id(const char *name) + { + const struct spi_device_id *id = spi_nor_ids; + +@@ -1073,7 +1079,6 @@ const struct spi_device_id *spi_nor_matc + } + return NULL; + } +-EXPORT_SYMBOL_GPL(spi_nor_match_id); + + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Huang Shijie "); +--- a/include/linux/mtd/spi-nor.h ++++ b/include/linux/mtd/spi-nor.h +@@ -183,32 +183,18 @@ struct spi_nor { + /** + * spi_nor_scan() - scan the SPI NOR + * @nor: the spi_nor structure +- * @id: the spi_device_id provided by the driver ++ * @name: the chip type name + * @mode: the read mode supported by the driver + * + * The drivers can use this fuction to scan the SPI NOR. + * In the scanning, it will try to get all the necessary information to + * fill the mtd_info{} and the spi_nor{}. + * +- * The board may assigns a spi_device_id with @id which be used to compared with +- * the spi_device_id detected by the scanning. ++ * The chip type name can be provided through the @name parameter. + * + * Return: 0 for success, others for failure. + */ +-int spi_nor_scan(struct spi_nor *nor, const struct spi_device_id *id, +- enum read_mode mode); ++int spi_nor_scan(struct spi_nor *nor, const char *name, enum read_mode mode); + extern const struct spi_device_id spi_nor_ids[]; + +-/** +- * spi_nor_match_id() - find the spi_device_id by the name +- * @name: the name of the spi_device_id +- * +- * The drivers use this function to find the spi_device_id +- * specified by the @name. +- * +- * Return: returns the right spi_device_id pointer on success, +- * and returns NULL on failure. +- */ +-const struct spi_device_id *spi_nor_match_id(char *name); +- + #endif diff --git a/debian/patches/bugfix/all/net-mv643xx-disable-tso-by-default.patch b/debian/patches/bugfix/all/net-mv643xx-disable-tso-by-default.patch new file mode 100644 index 000000000..f8dda00af --- /dev/null +++ b/debian/patches/bugfix/all/net-mv643xx-disable-tso-by-default.patch @@ -0,0 +1,42 @@ +Subject: [1/1] net: mv643xx_eth: Make TSO disabled by default +From: Ezequiel Garcia +Date: Sat, 1 Nov 2014 12:30:20 -0300 +Origin: http://patchwork.ozlabs.org/patch/405792/ + +Data corruption has been observed to be produced by TSO. For instance, +accessing files on a NFS-server with TSO enabled results in different data +transferred each time. + +This has been observed only on Kirkwood platforms, i.e. with the mv643xx_eth +driver. Same tests on platforms using the mvneta ethernet driver have +passed without errors. + +Make TSO disabled by default for now, until we can found a proper fix +for the regression. + +Fixes: 3ae8f4e0b98 ('net: mv643xx_eth: Implement software TSO') +Reported-by: Slawomir Gajzner +Reported-by: Julien D'Ascenzio +Signed-off-by: Ezequiel Garcia +--- + drivers/net/ethernet/marvell/mv643xx_eth.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/marvell/mv643xx_eth.c b/drivers/net/ethernet/marvell/mv643xx_eth.c +index b151a94..8b72780 100644 +--- a/drivers/net/ethernet/marvell/mv643xx_eth.c ++++ b/drivers/net/ethernet/marvell/mv643xx_eth.c +@@ -3110,11 +3110,11 @@ static int mv643xx_eth_probe(struct platform_device *pdev) + dev->watchdog_timeo = 2 * HZ; + dev->base_addr = 0; + +- dev->features = NETIF_F_SG | NETIF_F_IP_CSUM | NETIF_F_TSO; ++ dev->features = NETIF_F_SG | NETIF_F_IP_CSUM; + dev->vlan_features = dev->features; + + dev->features |= NETIF_F_RXCSUM; +- dev->hw_features = dev->features; ++ dev->hw_features = dev->features | NETIF_F_TSO; + + dev->priv_flags |= IFF_UNICAST_FLT; + dev->gso_max_segs = MV643XX_MAX_TSO_SEGS; diff --git a/debian/patches/bugfix/all/net-sctp-fix-panic-on-duplicate-ASCONF-chunks.patch b/debian/patches/bugfix/all/net-sctp-fix-panic-on-duplicate-ASCONF-chunks.patch new file mode 100644 index 000000000..f6fefd250 --- /dev/null +++ b/debian/patches/bugfix/all/net-sctp-fix-panic-on-duplicate-ASCONF-chunks.patch @@ -0,0 +1,87 @@ +From: Daniel Borkmann +Date: Thu, 9 Oct 2014 22:55:32 +0200 +Subject: net: sctp: fix panic on duplicate ASCONF chunks +Origin: https://git.kernel.org/linus/b69040d8e39f20d5215a03502a8e8b4c6ab78395 + +When receiving a e.g. semi-good formed connection scan in the +form of ... + + -------------- INIT[ASCONF; ASCONF_ACK] -------------> + <----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------ + -------------------- COOKIE-ECHO --------------------> + <-------------------- COOKIE-ACK --------------------- + ---------------- ASCONF_a; ASCONF_b -----------------> + +... where ASCONF_a equals ASCONF_b chunk (at least both serials +need to be equal), we panic an SCTP server! + +The problem is that good-formed ASCONF chunks that we reply with +ASCONF_ACK chunks are cached per serial. Thus, when we receive a +same ASCONF chunk twice (e.g. through a lost ASCONF_ACK), we do +not need to process them again on the server side (that was the +idea, also proposed in the RFC). Instead, we know it was cached +and we just resend the cached chunk instead. So far, so good. + +Where things get nasty is in SCTP's side effect interpreter, that +is, sctp_cmd_interpreter(): + +While incoming ASCONF_a (chunk = event_arg) is being marked +!end_of_packet and !singleton, and we have an association context, +we do not flush the outqueue the first time after processing the +ASCONF_ACK singleton chunk via SCTP_CMD_REPLY. Instead, we keep it +queued up, although we set local_cork to 1. Commit 2e3216cd54b1 +changed the precedence, so that as long as we get bundled, incoming +chunks we try possible bundling on outgoing queue as well. Before +this commit, we would just flush the output queue. + +Now, while ASCONF_a's ASCONF_ACK sits in the corked outq, we +continue to process the same ASCONF_b chunk from the packet. As +we have cached the previous ASCONF_ACK, we find it, grab it and +do another SCTP_CMD_REPLY command on it. So, effectively, we rip +the chunk->list pointers and requeue the same ASCONF_ACK chunk +another time. Since we process ASCONF_b, it's correctly marked +with end_of_packet and we enforce an uncork, and thus flush, thus +crashing the kernel. + +Fix it by testing if the ASCONF_ACK is currently pending and if +that is the case, do not requeue it. When flushing the output +queue we may relink the chunk for preparing an outgoing packet, +but eventually unlink it when it's copied into the skb right +before transmission. + +Joint work with Vlad Yasevich. + +Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1 packet") +Signed-off-by: Daniel Borkmann +Signed-off-by: Vlad Yasevich +Signed-off-by: David S. Miller +--- + include/net/sctp/sctp.h | 5 +++++ + net/sctp/associola.c | 2 ++ + 2 files changed, 7 insertions(+) + +--- a/include/net/sctp/sctp.h ++++ b/include/net/sctp/sctp.h +@@ -433,6 +433,11 @@ static inline void sctp_assoc_pending_pm + asoc->pmtu_pending = 0; + } + ++static inline bool sctp_chunk_pending(const struct sctp_chunk *chunk) ++{ ++ return !list_empty(&chunk->list); ++} ++ + /* Walk through a list of TLV parameters. Don't trust the + * individual parameter lengths and instead depend on + * the chunk length to indicate when to stop. Make sure +--- a/net/sctp/associola.c ++++ b/net/sctp/associola.c +@@ -1670,6 +1670,8 @@ struct sctp_chunk *sctp_assoc_lookup_asc + * ack chunk whose serial number matches that of the request. + */ + list_for_each_entry(ack, &asoc->asconf_ack_list, transmitted_list) { ++ if (sctp_chunk_pending(ack)) ++ continue; + if (ack->subh.addip_hdr->serial == serial) { + sctp_chunk_hold(ack); + return ack; diff --git a/debian/patches/bugfix/all/net-sctp-fix-remote-memory-pressure-from-excessive-q.patch b/debian/patches/bugfix/all/net-sctp-fix-remote-memory-pressure-from-excessive-q.patch new file mode 100644 index 000000000..f4cbd12cd --- /dev/null +++ b/debian/patches/bugfix/all/net-sctp-fix-remote-memory-pressure-from-excessive-q.patch @@ -0,0 +1,149 @@ +From: Daniel Borkmann +Date: Thu, 9 Oct 2014 22:55:33 +0200 +Subject: net: sctp: fix remote memory pressure from excessive queueing +Origin: https://git.kernel.org/linus/26b87c7881006311828bb0ab271a551a62dcceb4 + +This scenario is not limited to ASCONF, just taken as one +example triggering the issue. When receiving ASCONF probes +in the form of ... + + -------------- INIT[ASCONF; ASCONF_ACK] -------------> + <----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------ + -------------------- COOKIE-ECHO --------------------> + <-------------------- COOKIE-ACK --------------------- + ---- ASCONF_a; [ASCONF_b; ...; ASCONF_n;] JUNK ------> + [...] + ---- ASCONF_m; [ASCONF_o; ...; ASCONF_z;] JUNK ------> + +... where ASCONF_a, ASCONF_b, ..., ASCONF_z are good-formed +ASCONFs and have increasing serial numbers, we process such +ASCONF chunk(s) marked with !end_of_packet and !singleton, +since we have not yet reached the SCTP packet end. SCTP does +only do verification on a chunk by chunk basis, as an SCTP +packet is nothing more than just a container of a stream of +chunks which it eats up one by one. + +We could run into the case that we receive a packet with a +malformed tail, above marked as trailing JUNK. All previous +chunks are here goodformed, so the stack will eat up all +previous chunks up to this point. In case JUNK does not fit +into a chunk header and there are no more other chunks in +the input queue, or in case JUNK contains a garbage chunk +header, but the encoded chunk length would exceed the skb +tail, or we came here from an entirely different scenario +and the chunk has pdiscard=1 mark (without having had a flush +point), it will happen, that we will excessively queue up +the association's output queue (a correct final chunk may +then turn it into a response flood when flushing the +queue ;)): I ran a simple script with incremental ASCONF +serial numbers and could see the server side consuming +excessive amount of RAM [before/after: up to 2GB and more]. + +The issue at heart is that the chunk train basically ends +with !end_of_packet and !singleton markers and since commit +2e3216cd54b1 ("sctp: Follow security requirement of responding +with 1 packet") therefore preventing an output queue flush +point in sctp_do_sm() -> sctp_cmd_interpreter() on the input +chunk (chunk = event_arg) even though local_cork is set, +but its precedence has changed since then. In the normal +case, the last chunk with end_of_packet=1 would trigger the +queue flush to accommodate possible outgoing bundling. + +In the input queue, sctp_inq_pop() seems to do the right thing +in terms of discarding invalid chunks. So, above JUNK will +not enter the state machine and instead be released and exit +the sctp_assoc_bh_rcv() chunk processing loop. It's simply +the flush point being missing at loop exit. Adding a try-flush +approach on the output queue might not work as the underlying +infrastructure might be long gone at this point due to the +side-effect interpreter run. + +One possibility, albeit a bit of a kludge, would be to defer +invalid chunk freeing into the state machine in order to +possibly trigger packet discards and thus indirectly a queue +flush on error. It would surely be better to discard chunks +as in the current, perhaps better controlled environment, but +going back and forth, it's simply architecturally not possible. +I tried various trailing JUNK attack cases and it seems to +look good now. + +Joint work with Vlad Yasevich. + +Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1 packet") +Signed-off-by: Daniel Borkmann +Signed-off-by: Vlad Yasevich +Signed-off-by: David S. Miller +--- + net/sctp/inqueue.c | 33 +++++++-------------------------- + net/sctp/sm_statefuns.c | 3 +++ + 2 files changed, 10 insertions(+), 26 deletions(-) + +diff --git a/net/sctp/inqueue.c b/net/sctp/inqueue.c +index 4de12af..7e8a16c 100644 +--- a/net/sctp/inqueue.c ++++ b/net/sctp/inqueue.c +@@ -140,18 +140,9 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue) + } else { + /* Nothing to do. Next chunk in the packet, please. */ + ch = (sctp_chunkhdr_t *) chunk->chunk_end; +- + /* Force chunk->skb->data to chunk->chunk_end. */ +- skb_pull(chunk->skb, +- chunk->chunk_end - chunk->skb->data); +- +- /* Verify that we have at least chunk headers +- * worth of buffer left. +- */ +- if (skb_headlen(chunk->skb) < sizeof(sctp_chunkhdr_t)) { +- sctp_chunk_free(chunk); +- chunk = queue->in_progress = NULL; +- } ++ skb_pull(chunk->skb, chunk->chunk_end - chunk->skb->data); ++ /* We are guaranteed to pull a SCTP header. */ + } + } + +@@ -187,24 +178,14 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue) + skb_pull(chunk->skb, sizeof(sctp_chunkhdr_t)); + chunk->subh.v = NULL; /* Subheader is no longer valid. */ + +- if (chunk->chunk_end < skb_tail_pointer(chunk->skb)) { ++ if (chunk->chunk_end + sizeof(sctp_chunkhdr_t) < ++ skb_tail_pointer(chunk->skb)) { + /* This is not a singleton */ + chunk->singleton = 0; + } else if (chunk->chunk_end > skb_tail_pointer(chunk->skb)) { +- /* RFC 2960, Section 6.10 Bundling +- * +- * Partial chunks MUST NOT be placed in an SCTP packet. +- * If the receiver detects a partial chunk, it MUST drop +- * the chunk. +- * +- * Since the end of the chunk is past the end of our buffer +- * (which contains the whole packet, we can freely discard +- * the whole packet. +- */ +- sctp_chunk_free(chunk); +- chunk = queue->in_progress = NULL; +- +- return NULL; ++ /* Discard inside state machine. */ ++ chunk->pdiscard = 1; ++ chunk->chunk_end = skb_tail_pointer(chunk->skb); + } else { + /* We are at the end of the packet, so mark the chunk + * in case we need to send a SACK. +diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c +index bdea3df..3ee27b7 100644 +--- a/net/sctp/sm_statefuns.c ++++ b/net/sctp/sm_statefuns.c +@@ -170,6 +170,9 @@ sctp_chunk_length_valid(struct sctp_chunk *chunk, + { + __u16 chunk_length = ntohs(chunk->chunk_hdr->length); + ++ /* Previously already marked? */ ++ if (unlikely(chunk->pdiscard)) ++ return 0; + if (unlikely(chunk_length < required_length)) + return 0; + diff --git a/debian/patches/bugfix/all/net-sctp-fix-skb_over_panic-when-receiving-malformed.patch b/debian/patches/bugfix/all/net-sctp-fix-skb_over_panic-when-receiving-malformed.patch new file mode 100644 index 000000000..7e5fa1fc6 --- /dev/null +++ b/debian/patches/bugfix/all/net-sctp-fix-skb_over_panic-when-receiving-malformed.patch @@ -0,0 +1,336 @@ +From: Daniel Borkmann +Date: Thu, 9 Oct 2014 22:55:31 +0200 +Subject: net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks +Origin: https://git.kernel.org/linus/9de7922bc709eee2f609cd01d98aaedc4cf5ea74 + +Commit 6f4c618ddb0 ("SCTP : Add paramters validity check for +ASCONF chunk") added basic verification of ASCONF chunks, however, +it is still possible to remotely crash a server by sending a +special crafted ASCONF chunk, even up to pre 2.6.12 kernels: + +skb_over_panic: text:ffffffffa01ea1c3 len:31056 put:30768 + head:ffff88011bd81800 data:ffff88011bd81800 tail:0x7950 + end:0x440 dev: + ------------[ cut here ]------------ +kernel BUG at net/core/skbuff.c:129! +[...] +Call Trace: + + [] skb_put+0x5c/0x70 + [] sctp_addto_chunk+0x63/0xd0 [sctp] + [] sctp_process_asconf+0x1af/0x540 [sctp] + [] ? _read_unlock_bh+0x15/0x20 + [] sctp_sf_do_asconf+0x168/0x240 [sctp] + [] sctp_do_sm+0x71/0x1210 [sctp] + [] ? fib_rules_lookup+0xad/0xf0 + [] ? sctp_cmp_addr_exact+0x32/0x40 [sctp] + [] sctp_assoc_bh_rcv+0xd3/0x180 [sctp] + [] sctp_inq_push+0x56/0x80 [sctp] + [] sctp_rcv+0x982/0xa10 [sctp] + [] ? ipt_local_in_hook+0x23/0x28 [iptable_filter] + [] ? nf_iterate+0x69/0xb0 + [] ? ip_local_deliver_finish+0x0/0x2d0 + [] ? nf_hook_slow+0x76/0x120 + [] ? ip_local_deliver_finish+0x0/0x2d0 + [] ip_local_deliver_finish+0xdd/0x2d0 + [] ip_local_deliver+0x98/0xa0 + [] ip_rcv_finish+0x12d/0x440 + [] ip_rcv+0x275/0x350 + [] __netif_receive_skb+0x4ab/0x750 + [] netif_receive_skb+0x58/0x60 + +This can be triggered e.g., through a simple scripted nmap +connection scan injecting the chunk after the handshake, for +example, ... + + -------------- INIT[ASCONF; ASCONF_ACK] -------------> + <----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------ + -------------------- COOKIE-ECHO --------------------> + <-------------------- COOKIE-ACK --------------------- + ------------------ ASCONF; UNKNOWN ------------------> + +... where ASCONF chunk of length 280 contains 2 parameters ... + + 1) Add IP address parameter (param length: 16) + 2) Add/del IP address parameter (param length: 255) + +... followed by an UNKNOWN chunk of e.g. 4 bytes. Here, the +Address Parameter in the ASCONF chunk is even missing, too. +This is just an example and similarly-crafted ASCONF chunks +could be used just as well. + +The ASCONF chunk passes through sctp_verify_asconf() as all +parameters passed sanity checks, and after walking, we ended +up successfully at the chunk end boundary, and thus may invoke +sctp_process_asconf(). Parameter walking is done with +WORD_ROUND() to take padding into account. + +In sctp_process_asconf()'s TLV processing, we may fail in +sctp_process_asconf_param() e.g., due to removal of the IP +address that is also the source address of the packet containing +the ASCONF chunk, and thus we need to add all TLVs after the +failure to our ASCONF response to remote via helper function +sctp_add_asconf_response(), which basically invokes a +sctp_addto_chunk() adding the error parameters to the given +skb. + +When walking to the next parameter this time, we proceed +with ... + + length = ntohs(asconf_param->param_hdr.length); + asconf_param = (void *)asconf_param + length; + +... instead of the WORD_ROUND()'ed length, thus resulting here +in an off-by-one that leads to reading the follow-up garbage +parameter length of 12336, and thus throwing an skb_over_panic +for the reply when trying to sctp_addto_chunk() next time, +which implicitly calls the skb_put() with that length. + +Fix it by using sctp_walk_params() [ which is also used in +INIT parameter processing ] macro in the verification *and* +in ASCONF processing: it will make sure we don't spill over, +that we walk parameters WORD_ROUND()'ed. Moreover, we're being +more defensive and guard against unknown parameter types and +missized addresses. + +Joint work with Vlad Yasevich. + +Fixes: b896b82be4ae ("[SCTP] ADDIP: Support for processing incoming ASCONF_ACK chunks.") +Signed-off-by: Daniel Borkmann +Signed-off-by: Vlad Yasevich +Acked-by: Neil Horman +Signed-off-by: David S. Miller +--- + include/net/sctp/sm.h | 6 +-- + net/sctp/sm_make_chunk.c | 99 +++++++++++++++++++++++++++--------------------- + net/sctp/sm_statefuns.c | 18 +-------- + 3 files changed, 60 insertions(+), 63 deletions(-) + +diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h +index 7f4eeb3..72a31db 100644 +--- a/include/net/sctp/sm.h ++++ b/include/net/sctp/sm.h +@@ -248,9 +248,9 @@ struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *, + int, __be16); + struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, + union sctp_addr *addr); +-int sctp_verify_asconf(const struct sctp_association *asoc, +- struct sctp_paramhdr *param_hdr, void *chunk_end, +- struct sctp_paramhdr **errp); ++bool sctp_verify_asconf(const struct sctp_association *asoc, ++ struct sctp_chunk *chunk, bool addr_param_needed, ++ struct sctp_paramhdr **errp); + struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, + struct sctp_chunk *asconf); + int sctp_process_asconf_ack(struct sctp_association *asoc, +diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c +index ae0e616..ab734be 100644 +--- a/net/sctp/sm_make_chunk.c ++++ b/net/sctp/sm_make_chunk.c +@@ -3110,50 +3110,63 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, + return SCTP_ERROR_NO_ERROR; + } + +-/* Verify the ASCONF packet before we process it. */ +-int sctp_verify_asconf(const struct sctp_association *asoc, +- struct sctp_paramhdr *param_hdr, void *chunk_end, +- struct sctp_paramhdr **errp) { +- sctp_addip_param_t *asconf_param; ++/* Verify the ASCONF packet before we process it. */ ++bool sctp_verify_asconf(const struct sctp_association *asoc, ++ struct sctp_chunk *chunk, bool addr_param_needed, ++ struct sctp_paramhdr **errp) ++{ ++ sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) chunk->chunk_hdr; + union sctp_params param; +- int length, plen; +- +- param.v = (sctp_paramhdr_t *) param_hdr; +- while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { +- length = ntohs(param.p->length); +- *errp = param.p; ++ bool addr_param_seen = false; + +- if (param.v > chunk_end - length || +- length < sizeof(sctp_paramhdr_t)) +- return 0; ++ sctp_walk_params(param, addip, addip_hdr.params) { ++ size_t length = ntohs(param.p->length); + ++ *errp = param.p; + switch (param.p->type) { ++ case SCTP_PARAM_ERR_CAUSE: ++ break; ++ case SCTP_PARAM_IPV4_ADDRESS: ++ if (length != sizeof(sctp_ipv4addr_param_t)) ++ return false; ++ addr_param_seen = true; ++ break; ++ case SCTP_PARAM_IPV6_ADDRESS: ++ if (length != sizeof(sctp_ipv6addr_param_t)) ++ return false; ++ addr_param_seen = true; ++ break; + case SCTP_PARAM_ADD_IP: + case SCTP_PARAM_DEL_IP: + case SCTP_PARAM_SET_PRIMARY: +- asconf_param = (sctp_addip_param_t *)param.v; +- plen = ntohs(asconf_param->param_hdr.length); +- if (plen < sizeof(sctp_addip_param_t) + +- sizeof(sctp_paramhdr_t)) +- return 0; ++ /* In ASCONF chunks, these need to be first. */ ++ if (addr_param_needed && !addr_param_seen) ++ return false; ++ length = ntohs(param.addip->param_hdr.length); ++ if (length < sizeof(sctp_addip_param_t) + ++ sizeof(sctp_paramhdr_t)) ++ return false; + break; + case SCTP_PARAM_SUCCESS_REPORT: + case SCTP_PARAM_ADAPTATION_LAYER_IND: + if (length != sizeof(sctp_addip_param_t)) +- return 0; +- ++ return false; + break; + default: +- break; ++ /* This is unkown to us, reject! */ ++ return false; + } +- +- param.v += WORD_ROUND(length); + } + +- if (param.v != chunk_end) +- return 0; ++ /* Remaining sanity checks. */ ++ if (addr_param_needed && !addr_param_seen) ++ return false; ++ if (!addr_param_needed && addr_param_seen) ++ return false; ++ if (param.v != chunk->chunk_end) ++ return false; + +- return 1; ++ return true; + } + + /* Process an incoming ASCONF chunk with the next expected serial no. and +@@ -3162,16 +3175,17 @@ int sctp_verify_asconf(const struct sctp_association *asoc, + struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, + struct sctp_chunk *asconf) + { ++ sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) asconf->chunk_hdr; ++ bool all_param_pass = true; ++ union sctp_params param; + sctp_addiphdr_t *hdr; + union sctp_addr_param *addr_param; + sctp_addip_param_t *asconf_param; + struct sctp_chunk *asconf_ack; +- + __be16 err_code; + int length = 0; + int chunk_len; + __u32 serial; +- int all_param_pass = 1; + + chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); + hdr = (sctp_addiphdr_t *)asconf->skb->data; +@@ -3199,9 +3213,14 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, + goto done; + + /* Process the TLVs contained within the ASCONF chunk. */ +- while (chunk_len > 0) { ++ sctp_walk_params(param, addip, addip_hdr.params) { ++ /* Skip preceeding address parameters. */ ++ if (param.p->type == SCTP_PARAM_IPV4_ADDRESS || ++ param.p->type == SCTP_PARAM_IPV6_ADDRESS) ++ continue; ++ + err_code = sctp_process_asconf_param(asoc, asconf, +- asconf_param); ++ param.addip); + /* ADDIP 4.1 A7) + * If an error response is received for a TLV parameter, + * all TLVs with no response before the failed TLV are +@@ -3209,28 +3228,20 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, + * the failed response are considered unsuccessful unless + * a specific success indication is present for the parameter. + */ +- if (SCTP_ERROR_NO_ERROR != err_code) +- all_param_pass = 0; +- ++ if (err_code != SCTP_ERROR_NO_ERROR) ++ all_param_pass = false; + if (!all_param_pass) +- sctp_add_asconf_response(asconf_ack, +- asconf_param->crr_id, err_code, +- asconf_param); ++ sctp_add_asconf_response(asconf_ack, param.addip->crr_id, ++ err_code, param.addip); + + /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add + * an IP address sends an 'Out of Resource' in its response, it + * MUST also fail any subsequent add or delete requests bundled + * in the ASCONF. + */ +- if (SCTP_ERROR_RSRC_LOW == err_code) ++ if (err_code == SCTP_ERROR_RSRC_LOW) + goto done; +- +- /* Move to the next ASCONF param. */ +- length = ntohs(asconf_param->param_hdr.length); +- asconf_param = (void *)asconf_param + length; +- chunk_len -= length; + } +- + done: + asoc->peer.addip_serial++; + +diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c +index c8f6063..bdea3df 100644 +--- a/net/sctp/sm_statefuns.c ++++ b/net/sctp/sm_statefuns.c +@@ -3591,9 +3591,7 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net, + struct sctp_chunk *asconf_ack = NULL; + struct sctp_paramhdr *err_param = NULL; + sctp_addiphdr_t *hdr; +- union sctp_addr_param *addr_param; + __u32 serial; +- int length; + + if (!sctp_vtag_verify(chunk, asoc)) { + sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG, +@@ -3618,17 +3616,8 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net, + hdr = (sctp_addiphdr_t *)chunk->skb->data; + serial = ntohl(hdr->serial); + +- addr_param = (union sctp_addr_param *)hdr->params; +- length = ntohs(addr_param->p.length); +- if (length < sizeof(sctp_paramhdr_t)) +- return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, +- (void *)addr_param, commands); +- + /* Verify the ASCONF chunk before processing it. */ +- if (!sctp_verify_asconf(asoc, +- (sctp_paramhdr_t *)((void *)addr_param + length), +- (void *)chunk->chunk_end, +- &err_param)) ++ if (!sctp_verify_asconf(asoc, chunk, true, &err_param)) + return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, + (void *)err_param, commands); + +@@ -3745,10 +3734,7 @@ sctp_disposition_t sctp_sf_do_asconf_ack(struct net *net, + rcvd_serial = ntohl(addip_hdr->serial); + + /* Verify the ASCONF-ACK chunk before processing it. */ +- if (!sctp_verify_asconf(asoc, +- (sctp_paramhdr_t *)addip_hdr->params, +- (void *)asconf_ack->chunk_end, +- &err_param)) ++ if (!sctp_verify_asconf(asoc, asconf_ack, false, &err_param)) + return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, + (void *)err_param, commands); + diff --git a/debian/patches/bugfix/all/radeon-firmware-is-required-for-drm-and-kms-on-r600-onward.patch b/debian/patches/bugfix/all/radeon-firmware-is-required-for-drm-and-kms-on-r600-onward.patch index 2bfafc736..149e09737 100644 --- a/debian/patches/bugfix/all/radeon-firmware-is-required-for-drm-and-kms-on-r600-onward.patch +++ b/debian/patches/bugfix/all/radeon-firmware-is-required-for-drm-and-kms-on-r600-onward.patch @@ -38,7 +38,7 @@ missing, except for the pre-R600 KMS case. /* * KMS wrapper. * - 2.0.0 - initial interface -@@ -320,6 +323,37 @@ static struct drm_driver driver_old = { +@@ -341,6 +344,42 @@ static struct drm_driver driver_old = { static struct drm_driver kms_driver; @@ -49,6 +49,10 @@ missing, except for the pre-R600 KMS case. + */ +static bool radeon_firmware_installed(void) +{ ++#if IS_BUILTIN(CONFIG_DRM_RADEON) ++ /* It may be too early to tell. Assume it's there. */ ++ return true; ++#else + struct path path; + + if (kern_path("/lib/firmware/radeon", LOOKUP_DIRECTORY | LOOKUP_FOLLOW, @@ -58,6 +62,7 @@ missing, except for the pre-R600 KMS case. + } + + return false; ++#endif +} + +#ifdef CONFIG_DRM_RADEON_UMS @@ -76,7 +81,7 @@ missing, except for the pre-R600 KMS case. static int radeon_kick_out_firmware_fb(struct pci_dev *pdev) { struct apertures_struct *ap; -@@ -346,6 +380,12 @@ static int radeon_pci_probe(struct pci_d +@@ -367,6 +406,12 @@ static int radeon_pci_probe(struct pci_d { int ret; @@ -89,7 +94,7 @@ missing, except for the pre-R600 KMS case. /* Get rid of things like offb */ ret = radeon_kick_out_firmware_fb(pdev); if (ret) -@@ -577,6 +617,7 @@ static struct pci_driver *pdriver; +@@ -586,6 +631,7 @@ static struct pci_driver *pdriver; static struct pci_driver radeon_pci_driver = { .name = DRIVER_NAME, .id_table = pciidlist, diff --git a/debian/patches/bugfix/all/rtsx_usb_ms-use-msleep_interruptible-in-polling-loop.patch b/debian/patches/bugfix/all/rtsx_usb_ms-use-msleep_interruptible-in-polling-loop.patch new file mode 100644 index 000000000..3a7f93e14 --- /dev/null +++ b/debian/patches/bugfix/all/rtsx_usb_ms-use-msleep_interruptible-in-polling-loop.patch @@ -0,0 +1,29 @@ +From: Ben Hutchings +Date: Sun, 26 Oct 2014 03:39:42 +0000 +Subject: rtsx_usb_ms: Use msleep_interruptible() in polling loop +Bug-Debian: https://bugs.debian.org/765717 +Forwarded: http://mid.gmane.org/1415237557.3398.41.camel@decadent.org.uk + +rtsx_usb_ms creates a task that mostly sleeps, but tasks in +uninterruptible sleep still contribute to the load average (for +bug-compatibility with Unix). A load average of ~1 on a system that +should be idle is somewhat alarming. + +Change the sleep to be interruptible, but still ignore signals. + +A better fix might be to replace this loop with a delayed work item. + +diff --git a/drivers/memstick/host/rtsx_usb_ms.c b/drivers/memstick/host/rtsx_usb_ms.c +index a7282b7..7356780 100644 +--- a/drivers/memstick/host/rtsx_usb_ms.c ++++ b/drivers/memstick/host/rtsx_usb_ms.c +@@ -706,7 +706,8 @@ poll_again: + if (host->eject) + break; + +- msleep(1000); ++ if (msleep_interruptible(1000)) ++ flush_signals(current); + } + + complete(&host->detect_ms_exit); diff --git a/debian/patches/bugfix/mips/MIPS-cp1emu-Fix-ISA-restrictions-for-cop1x_op-instru.patch b/debian/patches/bugfix/mips/MIPS-cp1emu-Fix-ISA-restrictions-for-cop1x_op-instru.patch new file mode 100644 index 000000000..9ac7f2010 --- /dev/null +++ b/debian/patches/bugfix/mips/MIPS-cp1emu-Fix-ISA-restrictions-for-cop1x_op-instru.patch @@ -0,0 +1,50 @@ +From: Markos Chandras +Date: Tue, 21 Oct 2014 10:21:54 +0100 +Subject: MIPS: cp1emu: Fix ISA restrictions for cop1x_op instructions +Origin: https://git.kernel.org/linus/a5466d7bba9af83a82cc7c081b2a7d557cde3204 + +Commit 08a07904e1828 ("MIPS: math-emu: Remove most ifdefery") removed +the #ifdef ISA conditions and switched to runtime detection. However, +according to the instruction set manual, the cop1x_op instructions are +available in >=MIPS32r2 as well. This fixes a problem on MIPS32r2 +with the ntpd package which failed to execute with a SIGILL exit code due +to the fact that a madd.d instruction was not being emulated. + +Signed-off-by: Markos Chandras +Fixes: 08a07904e1828 ("MIPS: math-emu: Remove most ifdefery") +Cc: # v3.16+ +Cc: linux-mips@linux-mips.org +Reviewed-by: Paul Burton +Reviewed-by: James Hogan +Cc: Markos Chandras +Patchwork: https://patchwork.linux-mips.org/patch/8173/ +Signed-off-by: Ralf Baechle +--- + arch/mips/math-emu/cp1emu.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/mips/math-emu/cp1emu.c b/arch/mips/math-emu/cp1emu.c +index 7a47277..51a0fde 100644 +--- a/arch/mips/math-emu/cp1emu.c ++++ b/arch/mips/math-emu/cp1emu.c +@@ -1023,7 +1023,7 @@ emul: + goto emul; + + case cop1x_op: +- if (cpu_has_mips_4_5 || cpu_has_mips64) ++ if (cpu_has_mips_4_5 || cpu_has_mips64 || cpu_has_mips32r2) + /* its one of ours */ + goto emul; + +@@ -1068,7 +1068,7 @@ emul: + break; + + case cop1x_op: +- if (!cpu_has_mips_4_5 && !cpu_has_mips64) ++ if (!cpu_has_mips_4_5 && !cpu_has_mips64 && !cpu_has_mips32r2) + return SIGILL; + + sig = fpux_emu(xcp, ctx, ir, fault_addr); +-- +2.1.1 + diff --git a/debian/patches/bugfix/mips/MIPS-tlbex-Properly-fix-HUGE-TLB-Refill-exception-ha.patch b/debian/patches/bugfix/mips/MIPS-tlbex-Properly-fix-HUGE-TLB-Refill-exception-ha.patch new file mode 100644 index 000000000..66c993f88 --- /dev/null +++ b/debian/patches/bugfix/mips/MIPS-tlbex-Properly-fix-HUGE-TLB-Refill-exception-ha.patch @@ -0,0 +1,90 @@ +From: David Daney +Date: Mon, 20 Oct 2014 15:34:23 -0700 +Subject: MIPS: tlbex: Properly fix HUGE TLB Refill exception handler +Origin: https://git.kernel.org/linus/9e0f162a36914937a937358fcb45e0609ef2bfc4 + +In commit 8393c524a25609 (MIPS: tlbex: Fix a missing statement for +HUGETLB), the TLB Refill handler was fixed so that non-OCTEON targets +would work properly with huge pages. The change was incorrect in that +it broke the OCTEON case. + +The problem is shown here: + + xxx0: df7a0000 ld k0,0(k1) + . + . + . + xxxc0: df610000 ld at,0(k1) + xxxc4: 335a0ff0 andi k0,k0,0xff0 + xxxc8: e825ffcd bbit1 at,0x5,0x0 + xxxcc: 003ad82d daddu k1,at,k0 + . + . + . + +In the non-octeon case there is a destructive test for the huge PTE +bit, and then at 0, $k0 is reloaded (that is what the 8393c524a25609 +patch added). + +In the octeon case, we modify k1 in the branch delay slot, but we +never need k0 again, so the new load is not needed, but since k1 is +modified, if we do the load, we load from a garbage location and then +get a nested TLB Refill, which is seen in userspace as either SIGBUS +or SIGSEGV (depending on the garbage). + +The real fix is to only do this reloading if it is needed, and never +where it is harmful. + +Signed-off-by: David Daney +Cc: Huacai Chen +Cc: Fuxin Zhang +Cc: Zhangjin Wu +Cc: stable@vger.kernel.org +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/8151/ +Signed-off-by: Ralf Baechle +--- + arch/mips/mm/tlbex.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/arch/mips/mm/tlbex.c b/arch/mips/mm/tlbex.c +index a08dd53..b5f228e 100644 +--- a/arch/mips/mm/tlbex.c ++++ b/arch/mips/mm/tlbex.c +@@ -1062,6 +1062,7 @@ static void build_update_entries(u32 **p, unsigned int tmp, unsigned int ptep) + struct mips_huge_tlb_info { + int huge_pte; + int restore_scratch; ++ bool need_reload_pte; + }; + + static struct mips_huge_tlb_info +@@ -1076,6 +1077,7 @@ build_fast_tlb_refill_handler (u32 **p, struct uasm_label **l, + + rv.huge_pte = scratch; + rv.restore_scratch = 0; ++ rv.need_reload_pte = false; + + if (check_for_high_segbits) { + UASM_i_MFC0(p, tmp, C0_BADVADDR); +@@ -1264,6 +1266,7 @@ static void build_r4000_tlb_refill_handler(void) + } else { + htlb_info.huge_pte = K0; + htlb_info.restore_scratch = 0; ++ htlb_info.need_reload_pte = true; + vmalloc_mode = refill_noscratch; + /* + * create the plain linear handler +@@ -1300,7 +1303,8 @@ static void build_r4000_tlb_refill_handler(void) + } + #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT + uasm_l_tlb_huge_update(&l, p); +- UASM_i_LW(&p, K0, 0, K1); ++ if (htlb_info.need_reload_pte) ++ UASM_i_LW(&p, htlb_info.huge_pte, 0, K1); + build_huge_update_entries(&p, htlb_info.huge_pte, K1); + build_huge_tlb_write_entry(&p, &l, &r, K0, tlb_random, + htlb_info.restore_scratch); +-- +2.1.1 + diff --git a/debian/patches/bugfix/parisc/parisc-reduce-sigrtmin-from-37-to-32-to-behave-like-.patch b/debian/patches/bugfix/parisc/parisc-reduce-sigrtmin-from-37-to-32-to-behave-like-.patch new file mode 100644 index 000000000..c1b5832e6 --- /dev/null +++ b/debian/patches/bugfix/parisc/parisc-reduce-sigrtmin-from-37-to-32-to-behave-like-.patch @@ -0,0 +1,100 @@ +From: Helge Deller +Date: Fri, 10 Oct 2014 22:20:17 +0200 +Subject: parisc: Reduce SIGRTMIN from 37 to 32 to behave like other Linux + architectures +Origin: https://git.kernel.org/linus/1f25df2eff5b25f52c139d3ff31bc883eee9a0ab +Bug-Debian: https://bugs.debian.org/766635 + +This patch reduces the value of SIGRTMIN on PARISC from 37 to 32, thus +increasing the number of available RT signals and bring it in sync with other +Linux architectures. + +Historically we wanted to natively support HP-UX 32bit binaries with the +PA-RISC Linux port. Because of that we carried the various available signals +from HP-UX (e.g. SIGEMT and SIGLOST) and folded them in between the native +Linux signals. Although this was the right decision at that time, this +required us to increase SIGRTMIN to at least 37 which left us with 27 (64-37) +RT signals. + +Those 27 RT signals haven't been a problem in the past, but with the upcoming +importance of systemd we now got the problem that systemd alloctes (hardcoded) +signals up to SIGRTMIN+29 which is beyond our NSIG of 64. Because of that we +have not been able to use systemd on the PARISC Linux port yet. + +Of course we could ask the systemd developers to not use those hardcoded +values, but this change is very unlikely, esp. with PA-RISC being a niche +architecture. + +The other possibility would be to increase NSIG to e.g. 128, but this would +mean to duplicate most of the existing Linux signal handling code into the +parisc specific Linux kernel tree which would most likely introduce lots of new +bugs beside the code duplication. + +The third option is to drop some HP-UX signals and shuffle some other signals +around to bring SIGRTMIN to 32. This is of course an ABI change, but testing +has shown that existing Linux installations are not visibly affected by this +change - most likely because we move those signals around which are rarely used +and move them to slots which haven't been used in Linux yet. In an existing +installation I was able to exchange either the Linux kernel or glibc (or both) +without affecting the boot process and installed applications. + +Dropping the HP-UX signals isn't an issue either, since support for HP-UX was +basically dropped a few months back with Kernel 3.14 in commit +f5a408d53edef3af07ac7697b8bc54a755628450 already, when we changed EWOULDBLOCK +to be equal to EAGAIN. + +So, even if this is an ABI change, it's better to change it now and thus bring +PARISC Linux in sync with other architectures to avoid other issues in the +future. + +Signed-off-by: Helge Deller +Cc: Carlos O'Donell +Cc: John David Anglin +Cc: James Bottomley +Cc: Aaro Koskinen +Cc: PARISC Linux Kernel Mailinglist +Tested-by: Aaro Koskinen +--- + arch/parisc/include/uapi/asm/signal.h | 16 ++++++---------- + 1 file changed, 6 insertions(+), 10 deletions(-) + +diff --git a/arch/parisc/include/uapi/asm/signal.h b/arch/parisc/include/uapi/asm/signal.h +index f5645d6..10df707 100644 +--- a/arch/parisc/include/uapi/asm/signal.h ++++ b/arch/parisc/include/uapi/asm/signal.h +@@ -8,12 +8,12 @@ + #define SIGTRAP 5 + #define SIGABRT 6 + #define SIGIOT 6 +-#define SIGEMT 7 ++#define SIGSTKFLT 7 + #define SIGFPE 8 + #define SIGKILL 9 + #define SIGBUS 10 + #define SIGSEGV 11 +-#define SIGSYS 12 /* Linux doesn't use this */ ++#define SIGXCPU 12 + #define SIGPIPE 13 + #define SIGALRM 14 + #define SIGTERM 15 +@@ -32,16 +32,12 @@ + #define SIGTTIN 27 + #define SIGTTOU 28 + #define SIGURG 29 +-#define SIGLOST 30 /* Linux doesn't use this either */ +-#define SIGUNUSED 31 +-#define SIGRESERVE SIGUNUSED +- +-#define SIGXCPU 33 +-#define SIGXFSZ 34 +-#define SIGSTKFLT 36 ++#define SIGXFSZ 30 ++#define SIGUNUSED 31 ++#define SIGSYS 31 /* Linux doesn't use this */ + + /* These should not be considered constants from userland. */ +-#define SIGRTMIN 37 ++#define SIGRTMIN 32 + #define SIGRTMAX _NSIG /* it's 44 under HP/UX */ + + /* diff --git a/debian/patches/bugfix/x86/KVM-x86-Check-non-canonical-addresses-upon-WRMSR.patch b/debian/patches/bugfix/x86/KVM-x86-Check-non-canonical-addresses-upon-WRMSR.patch new file mode 100644 index 000000000..a590779b2 --- /dev/null +++ b/debian/patches/bugfix/x86/KVM-x86-Check-non-canonical-addresses-upon-WRMSR.patch @@ -0,0 +1,135 @@ +From: Nadav Amit +Date: Tue, 16 Sep 2014 03:24:05 +0300 +Subject: KVM: x86: Check non-canonical addresses upon WRMSR +Origin: https://git.kernel.org/linus/854e8bb1aa06c578c2c9145fa6bfe3680ef63b23 + +Upon WRMSR, the CPU should inject #GP if a non-canonical value (address) is +written to certain MSRs. The behavior is "almost" identical for AMD and Intel +(ignoring MSRs that are not implemented in either architecture since they would +anyhow #GP). However, IA32_SYSENTER_ESP and IA32_SYSENTER_EIP cause #GP if +non-canonical address is written on Intel but not on AMD (which ignores the top +32-bits). + +Accordingly, this patch injects a #GP on the MSRs which behave identically on +Intel and AMD. To eliminate the differences between the architecutres, the +value which is written to IA32_SYSENTER_ESP and IA32_SYSENTER_EIP is turned to +canonical value before writing instead of injecting a #GP. + +Some references from Intel and AMD manuals: + +According to Intel SDM description of WRMSR instruction #GP is expected on +WRMSR "If the source register contains a non-canonical address and ECX +specifies one of the following MSRs: IA32_DS_AREA, IA32_FS_BASE, IA32_GS_BASE, +IA32_KERNEL_GS_BASE, IA32_LSTAR, IA32_SYSENTER_EIP, IA32_SYSENTER_ESP." + +According to AMD manual instruction manual: +LSTAR/CSTAR (SYSCALL): "The WRMSR instruction loads the target RIP into the +LSTAR and CSTAR registers. If an RIP written by WRMSR is not in canonical +form, a general-protection exception (#GP) occurs." +IA32_GS_BASE and IA32_FS_BASE (WRFSBASE/WRGSBASE): "The address written to the +base field must be in canonical form or a #GP fault will occur." +IA32_KERNEL_GS_BASE (SWAPGS): "The address stored in the KernelGSbase MSR must +be in canonical form." + +This patch fixes CVE-2014-3610. + +Cc: stable@vger.kernel.org +Signed-off-by: Nadav Amit +Signed-off-by: Paolo Bonzini +--- + arch/x86/include/asm/kvm_host.h | 14 ++++++++++++++ + arch/x86/kvm/svm.c | 2 +- + arch/x86/kvm/vmx.c | 2 +- + arch/x86/kvm/x86.c | 27 ++++++++++++++++++++++++++- + 4 files changed, 42 insertions(+), 3 deletions(-) + +--- a/arch/x86/include/asm/kvm_host.h ++++ b/arch/x86/include/asm/kvm_host.h +@@ -989,6 +989,20 @@ static inline void kvm_inject_gp(struct + kvm_queue_exception_e(vcpu, GP_VECTOR, error_code); + } + ++static inline u64 get_canonical(u64 la) ++{ ++ return ((int64_t)la << 16) >> 16; ++} ++ ++static inline bool is_noncanonical_address(u64 la) ++{ ++#ifdef CONFIG_X86_64 ++ return get_canonical(la) != la; ++#else ++ return false; ++#endif ++} ++ + #define TSS_IOPB_BASE_OFFSET 0x66 + #define TSS_BASE_SIZE 0x68 + #define TSS_IOPB_SIZE (65536 / 8) +--- a/arch/x86/kvm/svm.c ++++ b/arch/x86/kvm/svm.c +@@ -3228,7 +3228,7 @@ static int wrmsr_interception(struct vcp + msr.host_initiated = false; + + svm->next_rip = kvm_rip_read(&svm->vcpu) + 2; +- if (svm_set_msr(&svm->vcpu, &msr)) { ++ if (kvm_set_msr(&svm->vcpu, &msr)) { + trace_kvm_msr_write_ex(ecx, data); + kvm_inject_gp(&svm->vcpu, 0); + } else { +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -5246,7 +5246,7 @@ static int handle_wrmsr(struct kvm_vcpu + msr.data = data; + msr.index = ecx; + msr.host_initiated = false; +- if (vmx_set_msr(vcpu, &msr) != 0) { ++ if (kvm_set_msr(vcpu, &msr) != 0) { + trace_kvm_msr_write_ex(ecx, data); + kvm_inject_gp(vcpu, 0); + return 1; +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -948,7 +948,6 @@ void kvm_enable_efer_bits(u64 mask) + } + EXPORT_SYMBOL_GPL(kvm_enable_efer_bits); + +- + /* + * Writes msr value into into the appropriate "register". + * Returns 0 on success, non-0 otherwise. +@@ -956,8 +955,34 @@ EXPORT_SYMBOL_GPL(kvm_enable_efer_bits); + */ + int kvm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) + { ++ switch (msr->index) { ++ case MSR_FS_BASE: ++ case MSR_GS_BASE: ++ case MSR_KERNEL_GS_BASE: ++ case MSR_CSTAR: ++ case MSR_LSTAR: ++ if (is_noncanonical_address(msr->data)) ++ return 1; ++ break; ++ case MSR_IA32_SYSENTER_EIP: ++ case MSR_IA32_SYSENTER_ESP: ++ /* ++ * IA32_SYSENTER_ESP and IA32_SYSENTER_EIP cause #GP if ++ * non-canonical address is written on Intel but not on ++ * AMD (which ignores the top 32-bits, because it does ++ * not implement 64-bit SYSENTER). ++ * ++ * 64-bit code should hence be able to write a non-canonical ++ * value on AMD. Making the address canonical ensures that ++ * vmentry does not fail on Intel after writing a non-canonical ++ * value, and that something deterministic happens if the guest ++ * invokes 64-bit SYSENTER. ++ */ ++ msr->data = get_canonical(msr->data); ++ } + return kvm_x86_ops->set_msr(vcpu, msr); + } ++EXPORT_SYMBOL_GPL(kvm_set_msr); + + /* + * Adapt set_msr() to msr_io()'s calling convention diff --git a/debian/patches/bugfix/x86/KVM-x86-Emulator-fixes-for-eip-canonical-checks-on-n.patch b/debian/patches/bugfix/x86/KVM-x86-Emulator-fixes-for-eip-canonical-checks-on-n.patch new file mode 100644 index 000000000..21a789a8b --- /dev/null +++ b/debian/patches/bugfix/x86/KVM-x86-Emulator-fixes-for-eip-canonical-checks-on-n.patch @@ -0,0 +1,229 @@ +From: Nadav Amit +Date: Thu, 18 Sep 2014 22:39:38 +0300 +Subject: KVM: x86: Emulator fixes for eip canonical checks on near branches +Origin: https://git.kernel.org/linus/234f3ce485d54017f15cf5e0699cff4100121601 + +Before changing rip (during jmp, call, ret, etc.) the target should be asserted +to be canonical one, as real CPUs do. During sysret, both target rsp and rip +should be canonical. If any of these values is noncanonical, a #GP exception +should occur. The exception to this rule are syscall and sysenter instructions +in which the assigned rip is checked during the assignment to the relevant +MSRs. + +This patch fixes the emulator to behave as real CPUs do for near branches. +Far branches are handled by the next patch. + +This fixes CVE-2014-3647. + +Cc: stable@vger.kernel.org +Signed-off-by: Nadav Amit +Signed-off-by: Paolo Bonzini +--- + arch/x86/kvm/emulate.c | 78 ++++++++++++++++++++++++++++++++++---------------- + 1 file changed, 54 insertions(+), 24 deletions(-) + +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -572,7 +572,8 @@ static int emulate_nm(struct x86_emulate + return emulate_exception(ctxt, NM_VECTOR, 0, false); + } + +-static inline void assign_eip_near(struct x86_emulate_ctxt *ctxt, ulong dst) ++static inline int assign_eip_far(struct x86_emulate_ctxt *ctxt, ulong dst, ++ int cs_l) + { + switch (ctxt->op_bytes) { + case 2: +@@ -582,16 +583,25 @@ static inline void assign_eip_near(struc + ctxt->_eip = (u32)dst; + break; + case 8: ++ if ((cs_l && is_noncanonical_address(dst)) || ++ (!cs_l && (dst & ~(u32)-1))) ++ return emulate_gp(ctxt, 0); + ctxt->_eip = dst; + break; + default: + WARN(1, "unsupported eip assignment size\n"); + } ++ return X86EMUL_CONTINUE; ++} ++ ++static inline int assign_eip_near(struct x86_emulate_ctxt *ctxt, ulong dst) ++{ ++ return assign_eip_far(ctxt, dst, ctxt->mode == X86EMUL_MODE_PROT64); + } + +-static inline void jmp_rel(struct x86_emulate_ctxt *ctxt, int rel) ++static inline int jmp_rel(struct x86_emulate_ctxt *ctxt, int rel) + { +- assign_eip_near(ctxt, ctxt->_eip + rel); ++ return assign_eip_near(ctxt, ctxt->_eip + rel); + } + + static u16 get_segment_selector(struct x86_emulate_ctxt *ctxt, unsigned seg) +@@ -1986,13 +1996,15 @@ static int em_grp45(struct x86_emulate_c + case 2: /* call near abs */ { + long int old_eip; + old_eip = ctxt->_eip; +- ctxt->_eip = ctxt->src.val; ++ rc = assign_eip_near(ctxt, ctxt->src.val); ++ if (rc != X86EMUL_CONTINUE) ++ break; + ctxt->src.val = old_eip; + rc = em_push(ctxt); + break; + } + case 4: /* jmp abs */ +- ctxt->_eip = ctxt->src.val; ++ rc = assign_eip_near(ctxt, ctxt->src.val); + break; + case 5: /* jmp far */ + rc = em_jmp_far(ctxt); +@@ -2024,10 +2036,14 @@ static int em_cmpxchg8b(struct x86_emula + + static int em_ret(struct x86_emulate_ctxt *ctxt) + { +- ctxt->dst.type = OP_REG; +- ctxt->dst.addr.reg = &ctxt->_eip; +- ctxt->dst.bytes = ctxt->op_bytes; +- return em_pop(ctxt); ++ int rc; ++ unsigned long eip; ++ ++ rc = emulate_pop(ctxt, &eip, ctxt->op_bytes); ++ if (rc != X86EMUL_CONTINUE) ++ return rc; ++ ++ return assign_eip_near(ctxt, eip); + } + + static int em_ret_far(struct x86_emulate_ctxt *ctxt) +@@ -2305,7 +2321,7 @@ static int em_sysexit(struct x86_emulate + { + const struct x86_emulate_ops *ops = ctxt->ops; + struct desc_struct cs, ss; +- u64 msr_data; ++ u64 msr_data, rcx, rdx; + int usermode; + u16 cs_sel = 0, ss_sel = 0; + +@@ -2321,6 +2337,9 @@ static int em_sysexit(struct x86_emulate + else + usermode = X86EMUL_MODE_PROT32; + ++ rcx = reg_read(ctxt, VCPU_REGS_RCX); ++ rdx = reg_read(ctxt, VCPU_REGS_RDX); ++ + cs.dpl = 3; + ss.dpl = 3; + ops->get_msr(ctxt, MSR_IA32_SYSENTER_CS, &msr_data); +@@ -2338,6 +2357,9 @@ static int em_sysexit(struct x86_emulate + ss_sel = cs_sel + 8; + cs.d = 0; + cs.l = 1; ++ if (is_noncanonical_address(rcx) || ++ is_noncanonical_address(rdx)) ++ return emulate_gp(ctxt, 0); + break; + } + cs_sel |= SELECTOR_RPL_MASK; +@@ -2346,8 +2368,8 @@ static int em_sysexit(struct x86_emulate + ops->set_segment(ctxt, cs_sel, &cs, 0, VCPU_SREG_CS); + ops->set_segment(ctxt, ss_sel, &ss, 0, VCPU_SREG_SS); + +- ctxt->_eip = reg_read(ctxt, VCPU_REGS_RDX); +- *reg_write(ctxt, VCPU_REGS_RSP) = reg_read(ctxt, VCPU_REGS_RCX); ++ ctxt->_eip = rdx; ++ *reg_write(ctxt, VCPU_REGS_RSP) = rcx; + + return X86EMUL_CONTINUE; + } +@@ -2888,10 +2910,13 @@ static int em_aad(struct x86_emulate_ctx + + static int em_call(struct x86_emulate_ctxt *ctxt) + { ++ int rc; + long rel = ctxt->src.val; + + ctxt->src.val = (unsigned long)ctxt->_eip; +- jmp_rel(ctxt, rel); ++ rc = jmp_rel(ctxt, rel); ++ if (rc != X86EMUL_CONTINUE) ++ return rc; + return em_push(ctxt); + } + +@@ -2923,11 +2948,12 @@ static int em_call_far(struct x86_emulat + static int em_ret_near_imm(struct x86_emulate_ctxt *ctxt) + { + int rc; ++ unsigned long eip; + +- ctxt->dst.type = OP_REG; +- ctxt->dst.addr.reg = &ctxt->_eip; +- ctxt->dst.bytes = ctxt->op_bytes; +- rc = emulate_pop(ctxt, &ctxt->dst.val, ctxt->op_bytes); ++ rc = emulate_pop(ctxt, &eip, ctxt->op_bytes); ++ if (rc != X86EMUL_CONTINUE) ++ return rc; ++ rc = assign_eip_near(ctxt, eip); + if (rc != X86EMUL_CONTINUE) + return rc; + rsp_increment(ctxt, ctxt->src.val); +@@ -3257,20 +3283,24 @@ static int em_lmsw(struct x86_emulate_ct + + static int em_loop(struct x86_emulate_ctxt *ctxt) + { ++ int rc = X86EMUL_CONTINUE; ++ + register_address_increment(ctxt, reg_rmw(ctxt, VCPU_REGS_RCX), -1); + if ((address_mask(ctxt, reg_read(ctxt, VCPU_REGS_RCX)) != 0) && + (ctxt->b == 0xe2 || test_cc(ctxt->b ^ 0x5, ctxt->eflags))) +- jmp_rel(ctxt, ctxt->src.val); ++ rc = jmp_rel(ctxt, ctxt->src.val); + +- return X86EMUL_CONTINUE; ++ return rc; + } + + static int em_jcxz(struct x86_emulate_ctxt *ctxt) + { ++ int rc = X86EMUL_CONTINUE; ++ + if (address_mask(ctxt, reg_read(ctxt, VCPU_REGS_RCX)) == 0) +- jmp_rel(ctxt, ctxt->src.val); ++ rc = jmp_rel(ctxt, ctxt->src.val); + +- return X86EMUL_CONTINUE; ++ return rc; + } + + static int em_in(struct x86_emulate_ctxt *ctxt) +@@ -4671,7 +4701,7 @@ special_insn: + break; + case 0x70 ... 0x7f: /* jcc (short) */ + if (test_cc(ctxt->b, ctxt->eflags)) +- jmp_rel(ctxt, ctxt->src.val); ++ rc = jmp_rel(ctxt, ctxt->src.val); + break; + case 0x8d: /* lea r16/r32, m */ + ctxt->dst.val = ctxt->src.addr.mem.ea; +@@ -4700,7 +4730,7 @@ special_insn: + break; + case 0xe9: /* jmp rel */ + case 0xeb: /* jmp rel short */ +- jmp_rel(ctxt, ctxt->src.val); ++ rc = jmp_rel(ctxt, ctxt->src.val); + ctxt->dst.type = OP_NONE; /* Disable writeback. */ + break; + case 0xf4: /* hlt */ +@@ -4820,7 +4850,7 @@ twobyte_insn: + break; + case 0x80 ... 0x8f: /* jnz rel, etc*/ + if (test_cc(ctxt->b, ctxt->eflags)) +- jmp_rel(ctxt, ctxt->src.val); ++ rc = jmp_rel(ctxt, ctxt->src.val); + break; + case 0x90 ... 0x9f: /* setcc r/m8 */ + ctxt->dst.val = test_cc(ctxt->b, ctxt->eflags); diff --git a/debian/patches/bugfix/x86/KVM-x86-Fix-wrong-masking-on-relative-jump-call.patch b/debian/patches/bugfix/x86/KVM-x86-Fix-wrong-masking-on-relative-jump-call.patch new file mode 100644 index 000000000..1c175580c --- /dev/null +++ b/debian/patches/bugfix/x86/KVM-x86-Fix-wrong-masking-on-relative-jump-call.patch @@ -0,0 +1,60 @@ +From: Nadav Amit +Date: Thu, 18 Sep 2014 22:39:37 +0300 +Subject: KVM: x86: Fix wrong masking on relative jump/call +Origin: https://git.kernel.org/linus/05c83ec9b73c8124555b706f6af777b10adf0862 + +Relative jumps and calls do the masking according to the operand size, and not +according to the address size as the KVM emulator does today. + +This patch fixes KVM behavior. + +Cc: stable@vger.kernel.org +Signed-off-by: Nadav Amit +Signed-off-by: Paolo Bonzini +--- + arch/x86/kvm/emulate.c | 27 ++++++++++++++++++++++----- + 1 file changed, 22 insertions(+), 5 deletions(-) + +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -499,11 +499,6 @@ static void rsp_increment(struct x86_emu + masked_increment(reg_rmw(ctxt, VCPU_REGS_RSP), stack_mask(ctxt), inc); + } + +-static inline void jmp_rel(struct x86_emulate_ctxt *ctxt, int rel) +-{ +- register_address_increment(ctxt, &ctxt->_eip, rel); +-} +- + static u32 desc_limit_scaled(struct desc_struct *desc) + { + u32 limit = get_desc_limit(desc); +@@ -577,6 +572,28 @@ static int emulate_nm(struct x86_emulate + return emulate_exception(ctxt, NM_VECTOR, 0, false); + } + ++static inline void assign_eip_near(struct x86_emulate_ctxt *ctxt, ulong dst) ++{ ++ switch (ctxt->op_bytes) { ++ case 2: ++ ctxt->_eip = (u16)dst; ++ break; ++ case 4: ++ ctxt->_eip = (u32)dst; ++ break; ++ case 8: ++ ctxt->_eip = dst; ++ break; ++ default: ++ WARN(1, "unsupported eip assignment size\n"); ++ } ++} ++ ++static inline void jmp_rel(struct x86_emulate_ctxt *ctxt, int rel) ++{ ++ assign_eip_near(ctxt, ctxt->_eip + rel); ++} ++ + static u16 get_segment_selector(struct x86_emulate_ctxt *ctxt, unsigned seg) + { + u16 selector; diff --git a/debian/patches/bugfix/x86/KVM-x86-Handle-errors-when-RIP-is-set-during-far-jum.patch b/debian/patches/bugfix/x86/KVM-x86-Handle-errors-when-RIP-is-set-during-far-jum.patch new file mode 100644 index 000000000..4b2efe5a7 --- /dev/null +++ b/debian/patches/bugfix/x86/KVM-x86-Handle-errors-when-RIP-is-set-during-far-jum.patch @@ -0,0 +1,245 @@ +From: Nadav Amit +Date: Thu, 18 Sep 2014 22:39:39 +0300 +Subject: KVM: x86: Handle errors when RIP is set during far jumps +Origin: https://git.kernel.org/linus/d1442d85cc30ea75f7d399474ca738e0bc96f715 + +Far jmp/call/ret may fault while loading a new RIP. Currently KVM does not +handle this case, and may result in failed vm-entry once the assignment is +done. The tricky part of doing so is that loading the new CS affects the +VMCS/VMCB state, so if we fail during loading the new RIP, we are left in +unconsistent state. Therefore, this patch saves on 64-bit the old CS +descriptor and restores it if loading RIP failed. + +This fixes CVE-2014-3647. + +Cc: stable@vger.kernel.org +Signed-off-by: Nadav Amit +Signed-off-by: Paolo Bonzini +--- + arch/x86/kvm/emulate.c | 118 ++++++++++++++++++++++++++++++++++++------------- + 1 file changed, 88 insertions(+), 30 deletions(-) + +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -1442,7 +1442,9 @@ static int write_segment_descriptor(stru + + /* Does not support long mode */ + static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt, +- u16 selector, int seg, u8 cpl, bool in_task_switch) ++ u16 selector, int seg, u8 cpl, ++ bool in_task_switch, ++ struct desc_struct *desc) + { + struct desc_struct seg_desc, old_desc; + u8 dpl, rpl; +@@ -1574,6 +1576,8 @@ static int __load_segment_descriptor(str + } + load: + ctxt->ops->set_segment(ctxt, selector, &seg_desc, base3, seg); ++ if (desc) ++ *desc = seg_desc; + return X86EMUL_CONTINUE; + exception: + emulate_exception(ctxt, err_vec, err_code, true); +@@ -1584,7 +1588,7 @@ static int load_segment_descriptor(struc + u16 selector, int seg) + { + u8 cpl = ctxt->ops->cpl(ctxt); +- return __load_segment_descriptor(ctxt, selector, seg, cpl, false); ++ return __load_segment_descriptor(ctxt, selector, seg, cpl, false, NULL); + } + + static void write_register_operand(struct operand *op) +@@ -1978,17 +1982,31 @@ static int em_iret(struct x86_emulate_ct + static int em_jmp_far(struct x86_emulate_ctxt *ctxt) + { + int rc; +- unsigned short sel; ++ unsigned short sel, old_sel; ++ struct desc_struct old_desc, new_desc; ++ const struct x86_emulate_ops *ops = ctxt->ops; ++ u8 cpl = ctxt->ops->cpl(ctxt); ++ ++ /* Assignment of RIP may only fail in 64-bit mode */ ++ if (ctxt->mode == X86EMUL_MODE_PROT64) ++ ops->get_segment(ctxt, &old_sel, &old_desc, NULL, ++ VCPU_SREG_CS); + + memcpy(&sel, ctxt->src.valptr + ctxt->op_bytes, 2); + +- rc = load_segment_descriptor(ctxt, sel, VCPU_SREG_CS); ++ rc = __load_segment_descriptor(ctxt, sel, VCPU_SREG_CS, cpl, false, ++ &new_desc); + if (rc != X86EMUL_CONTINUE) + return rc; + +- ctxt->_eip = 0; +- memcpy(&ctxt->_eip, ctxt->src.valptr, ctxt->op_bytes); +- return X86EMUL_CONTINUE; ++ rc = assign_eip_far(ctxt, ctxt->src.val, new_desc.l); ++ if (rc != X86EMUL_CONTINUE) { ++ WARN_ON(!ctxt->mode != X86EMUL_MODE_PROT64); ++ /* assigning eip failed; restore the old cs */ ++ ops->set_segment(ctxt, old_sel, &old_desc, 0, VCPU_SREG_CS); ++ return rc; ++ } ++ return rc; + } + + static int em_grp45(struct x86_emulate_ctxt *ctxt) +@@ -2055,21 +2073,34 @@ static int em_ret(struct x86_emulate_ctx + static int em_ret_far(struct x86_emulate_ctxt *ctxt) + { + int rc; +- unsigned long cs; ++ unsigned long eip, cs; ++ u16 old_cs; + int cpl = ctxt->ops->cpl(ctxt); ++ struct desc_struct old_desc, new_desc; ++ const struct x86_emulate_ops *ops = ctxt->ops; ++ ++ if (ctxt->mode == X86EMUL_MODE_PROT64) ++ ops->get_segment(ctxt, &old_cs, &old_desc, NULL, ++ VCPU_SREG_CS); + +- rc = emulate_pop(ctxt, &ctxt->_eip, ctxt->op_bytes); ++ rc = emulate_pop(ctxt, &eip, ctxt->op_bytes); + if (rc != X86EMUL_CONTINUE) + return rc; +- if (ctxt->op_bytes == 4) +- ctxt->_eip = (u32)ctxt->_eip; + rc = emulate_pop(ctxt, &cs, ctxt->op_bytes); + if (rc != X86EMUL_CONTINUE) + return rc; + /* Outer-privilege level return is not implemented */ + if (ctxt->mode >= X86EMUL_MODE_PROT16 && (cs & 3) > cpl) + return X86EMUL_UNHANDLEABLE; +- rc = load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS); ++ rc = __load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS, 0, false, ++ &new_desc); ++ if (rc != X86EMUL_CONTINUE) ++ return rc; ++ rc = assign_eip_far(ctxt, eip, new_desc.l); ++ if (rc != X86EMUL_CONTINUE) { ++ WARN_ON(!ctxt->mode != X86EMUL_MODE_PROT64); ++ ops->set_segment(ctxt, old_cs, &old_desc, 0, VCPU_SREG_CS); ++ } + return rc; + } + +@@ -2496,19 +2527,24 @@ static int load_state_from_tss16(struct + * Now load segment descriptors. If fault happens at this stage + * it is handled in a context of new task + */ +- ret = __load_segment_descriptor(ctxt, tss->ldt, VCPU_SREG_LDTR, cpl, true); ++ ret = __load_segment_descriptor(ctxt, tss->ldt, VCPU_SREG_LDTR, cpl, ++ true, NULL); + if (ret != X86EMUL_CONTINUE) + return ret; +- ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl, true); ++ ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl, ++ true, NULL); + if (ret != X86EMUL_CONTINUE) + return ret; +- ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl, true); ++ ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl, ++ true, NULL); + if (ret != X86EMUL_CONTINUE) + return ret; +- ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl, true); ++ ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl, ++ true, NULL); + if (ret != X86EMUL_CONTINUE) + return ret; +- ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl, true); ++ ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl, ++ true, NULL); + if (ret != X86EMUL_CONTINUE) + return ret; + +@@ -2633,25 +2669,32 @@ static int load_state_from_tss32(struct + * Now load segment descriptors. If fault happenes at this stage + * it is handled in a context of new task + */ +- ret = __load_segment_descriptor(ctxt, tss->ldt_selector, VCPU_SREG_LDTR, cpl, true); ++ ret = __load_segment_descriptor(ctxt, tss->ldt_selector, VCPU_SREG_LDTR, ++ cpl, true, NULL); + if (ret != X86EMUL_CONTINUE) + return ret; +- ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl, true); ++ ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl, ++ true, NULL); + if (ret != X86EMUL_CONTINUE) + return ret; +- ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl, true); ++ ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl, ++ true, NULL); + if (ret != X86EMUL_CONTINUE) + return ret; +- ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl, true); ++ ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl, ++ true, NULL); + if (ret != X86EMUL_CONTINUE) + return ret; +- ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl, true); ++ ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl, ++ true, NULL); + if (ret != X86EMUL_CONTINUE) + return ret; +- ret = __load_segment_descriptor(ctxt, tss->fs, VCPU_SREG_FS, cpl, true); ++ ret = __load_segment_descriptor(ctxt, tss->fs, VCPU_SREG_FS, cpl, ++ true, NULL); + if (ret != X86EMUL_CONTINUE) + return ret; +- ret = __load_segment_descriptor(ctxt, tss->gs, VCPU_SREG_GS, cpl, true); ++ ret = __load_segment_descriptor(ctxt, tss->gs, VCPU_SREG_GS, cpl, ++ true, NULL); + if (ret != X86EMUL_CONTINUE) + return ret; + +@@ -2934,24 +2977,39 @@ static int em_call_far(struct x86_emulat + u16 sel, old_cs; + ulong old_eip; + int rc; ++ struct desc_struct old_desc, new_desc; ++ const struct x86_emulate_ops *ops = ctxt->ops; ++ int cpl = ctxt->ops->cpl(ctxt); + +- old_cs = get_segment_selector(ctxt, VCPU_SREG_CS); + old_eip = ctxt->_eip; ++ ops->get_segment(ctxt, &old_cs, &old_desc, NULL, VCPU_SREG_CS); + + memcpy(&sel, ctxt->src.valptr + ctxt->op_bytes, 2); +- if (load_segment_descriptor(ctxt, sel, VCPU_SREG_CS)) ++ rc = __load_segment_descriptor(ctxt, sel, VCPU_SREG_CS, cpl, false, ++ &new_desc); ++ if (rc != X86EMUL_CONTINUE) + return X86EMUL_CONTINUE; + +- ctxt->_eip = 0; +- memcpy(&ctxt->_eip, ctxt->src.valptr, ctxt->op_bytes); ++ rc = assign_eip_far(ctxt, ctxt->src.val, new_desc.l); ++ if (rc != X86EMUL_CONTINUE) ++ goto fail; + + ctxt->src.val = old_cs; + rc = em_push(ctxt); + if (rc != X86EMUL_CONTINUE) +- return rc; ++ goto fail; + + ctxt->src.val = old_eip; +- return em_push(ctxt); ++ rc = em_push(ctxt); ++ /* If we failed, we tainted the memory, but the very least we should ++ restore cs */ ++ if (rc != X86EMUL_CONTINUE) ++ goto fail; ++ return rc; ++fail: ++ ops->set_segment(ctxt, old_cs, &old_desc, 0, VCPU_SREG_CS); ++ return rc; ++ + } + + static int em_ret_near_imm(struct x86_emulate_ctxt *ctxt) diff --git a/debian/patches/bugfix/x86/KVM-x86-Improve-thread-safety-in-pit.patch b/debian/patches/bugfix/x86/KVM-x86-Improve-thread-safety-in-pit.patch new file mode 100644 index 000000000..0ec348000 --- /dev/null +++ b/debian/patches/bugfix/x86/KVM-x86-Improve-thread-safety-in-pit.patch @@ -0,0 +1,34 @@ +From: Andy Honig +Date: Wed, 27 Aug 2014 14:42:54 -0700 +Subject: KVM: x86: Improve thread safety in pit +Origin: https://git.kernel.org/linus/2febc839133280d5a5e8e1179c94ea674489dae2 + +There's a race condition in the PIT emulation code in KVM. In +__kvm_migrate_pit_timer the pit_timer object is accessed without +synchronization. If the race condition occurs at the wrong time this +can crash the host kernel. + +This fixes CVE-2014-3611. + +Cc: stable@vger.kernel.org +Signed-off-by: Andrew Honig +Signed-off-by: Paolo Bonzini +--- + arch/x86/kvm/i8254.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c +index 518d864..298781d 100644 +--- a/arch/x86/kvm/i8254.c ++++ b/arch/x86/kvm/i8254.c +@@ -262,8 +262,10 @@ void __kvm_migrate_pit_timer(struct kvm_vcpu *vcpu) + return; + + timer = &pit->pit_state.timer; ++ mutex_lock(&pit->pit_state.lock); + if (hrtimer_cancel(timer)) + hrtimer_start_expires(timer, HRTIMER_MODE_ABS); ++ mutex_unlock(&pit->pit_state.lock); + } + + static void destroy_pit_timer(struct kvm_pit *pit) diff --git a/debian/patches/bugfix/x86/KVM-x86-Prevent-host-from-panicking-on-shared-MSR-wr.patch b/debian/patches/bugfix/x86/KVM-x86-Prevent-host-from-panicking-on-shared-MSR-wr.patch new file mode 100644 index 000000000..3fd1fe0f4 --- /dev/null +++ b/debian/patches/bugfix/x86/KVM-x86-Prevent-host-from-panicking-on-shared-MSR-wr.patch @@ -0,0 +1,81 @@ +From: Andy Honig +Date: Wed, 27 Aug 2014 11:16:44 -0700 +Subject: KVM: x86: Prevent host from panicking on shared MSR writes. +Origin: https://git.kernel.org/linus/8b3c3104c3f4f706e99365c3e0d2aa61b95f969f + +The previous patch blocked invalid writes directly when the MSR +is written. As a precaution, prevent future similar mistakes by +gracefulling handle GPs caused by writes to shared MSRs. + +Cc: stable@vger.kernel.org +Signed-off-by: Andrew Honig +[Remove parts obsoleted by Nadav's patch. - Paolo] +Signed-off-by: Paolo Bonzini +--- + arch/x86/include/asm/kvm_host.h | 2 +- + arch/x86/kvm/vmx.c | 7 +++++-- + arch/x86/kvm/x86.c | 11 ++++++++--- + 3 files changed, 14 insertions(+), 6 deletions(-) + +--- a/arch/x86/include/asm/kvm_host.h ++++ b/arch/x86/include/asm/kvm_host.h +@@ -1061,7 +1061,7 @@ int kvm_cpu_get_interrupt(struct kvm_vcp + void kvm_vcpu_reset(struct kvm_vcpu *vcpu); + + void kvm_define_shared_msr(unsigned index, u32 msr); +-void kvm_set_shared_msr(unsigned index, u64 val, u64 mask); ++int kvm_set_shared_msr(unsigned index, u64 val, u64 mask); + + bool kvm_is_linear_rip(struct kvm_vcpu *vcpu, unsigned long linear_rip); + +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -2615,12 +2615,15 @@ static int vmx_set_msr(struct kvm_vcpu * + default: + msr = find_msr_entry(vmx, msr_index); + if (msr) { ++ u64 old_msr_data = msr->data; + msr->data = data; + if (msr - vmx->guest_msrs < vmx->save_nmsrs) { + preempt_disable(); +- kvm_set_shared_msr(msr->index, msr->data, +- msr->mask); ++ ret = kvm_set_shared_msr(msr->index, msr->data, ++ msr->mask); + preempt_enable(); ++ if (ret) ++ msr->data = old_msr_data; + } + break; + } +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -227,20 +227,25 @@ static void kvm_shared_msr_cpu_online(vo + shared_msr_update(i, shared_msrs_global.msrs[i]); + } + +-void kvm_set_shared_msr(unsigned slot, u64 value, u64 mask) ++int kvm_set_shared_msr(unsigned slot, u64 value, u64 mask) + { + unsigned int cpu = smp_processor_id(); + struct kvm_shared_msrs *smsr = per_cpu_ptr(shared_msrs, cpu); ++ int err; + + if (((value ^ smsr->values[slot].curr) & mask) == 0) +- return; ++ return 0; + smsr->values[slot].curr = value; +- wrmsrl(shared_msrs_global.msrs[slot], value); ++ err = wrmsrl_safe(shared_msrs_global.msrs[slot], value); ++ if (err) ++ return 1; ++ + if (!smsr->registered) { + smsr->urn.on_user_return = kvm_on_user_return; + user_return_notifier_register(&smsr->urn); + smsr->registered = true; + } ++ return 0; + } + EXPORT_SYMBOL_GPL(kvm_set_shared_msr); + diff --git a/debian/patches/bugfix/x86/kvm-vmx-handle-invvpid-vm-exit-gracefully.patch b/debian/patches/bugfix/x86/kvm-vmx-handle-invvpid-vm-exit-gracefully.patch new file mode 100644 index 000000000..ffe371864 --- /dev/null +++ b/debian/patches/bugfix/x86/kvm-vmx-handle-invvpid-vm-exit-gracefully.patch @@ -0,0 +1,72 @@ +From: Petr Matousek +Date: Tue, 23 Sep 2014 20:22:30 +0200 +Subject: kvm: vmx: handle invvpid vm exit gracefully +Origin: https://git.kernel.org/linus/a642fc305053cc1c6e47e4f4df327895747ab485 + +On systems with invvpid instruction support (corresponding bit in +IA32_VMX_EPT_VPID_CAP MSR is set) guest invocation of invvpid +causes vm exit, which is currently not handled and results in +propagation of unknown exit to userspace. + +Fix this by installing an invvpid vm exit handler. + +This is CVE-2014-3646. + +Cc: stable@vger.kernel.org +Signed-off-by: Petr Matousek +Signed-off-by: Paolo Bonzini +--- + arch/x86/include/uapi/asm/vmx.h | 2 ++ + arch/x86/kvm/vmx.c | 9 ++++++++- + 2 files changed, 10 insertions(+), 1 deletion(-) + +--- a/arch/x86/include/uapi/asm/vmx.h ++++ b/arch/x86/include/uapi/asm/vmx.h +@@ -67,6 +67,7 @@ + #define EXIT_REASON_EPT_MISCONFIG 49 + #define EXIT_REASON_INVEPT 50 + #define EXIT_REASON_PREEMPTION_TIMER 52 ++#define EXIT_REASON_INVVPID 53 + #define EXIT_REASON_WBINVD 54 + #define EXIT_REASON_XSETBV 55 + #define EXIT_REASON_APIC_WRITE 56 +@@ -114,6 +115,7 @@ + { EXIT_REASON_EOI_INDUCED, "EOI_INDUCED" }, \ + { EXIT_REASON_INVALID_STATE, "INVALID_STATE" }, \ + { EXIT_REASON_INVD, "INVD" }, \ ++ { EXIT_REASON_INVVPID, "INVVPID" }, \ + { EXIT_REASON_INVPCID, "INVPCID" } + + #endif /* _UAPIVMX_H */ +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -6618,6 +6618,12 @@ static int handle_invept(struct kvm_vcpu + return 1; + } + ++static int handle_invvpid(struct kvm_vcpu *vcpu) ++{ ++ kvm_queue_exception(vcpu, UD_VECTOR); ++ return 1; ++} ++ + /* + * The exit handlers return 1 if the exit was handled fully and guest execution + * may resume. Otherwise they set the kvm_run parameter to indicate what needs +@@ -6663,6 +6669,7 @@ static int (*const kvm_vmx_exit_handlers + [EXIT_REASON_MWAIT_INSTRUCTION] = handle_mwait, + [EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor, + [EXIT_REASON_INVEPT] = handle_invept, ++ [EXIT_REASON_INVVPID] = handle_invvpid, + }; + + static const int kvm_vmx_max_exit_handlers = +@@ -6896,7 +6903,7 @@ static bool nested_vmx_exit_handled(stru + case EXIT_REASON_VMPTRST: case EXIT_REASON_VMREAD: + case EXIT_REASON_VMRESUME: case EXIT_REASON_VMWRITE: + case EXIT_REASON_VMOFF: case EXIT_REASON_VMON: +- case EXIT_REASON_INVEPT: ++ case EXIT_REASON_INVEPT: case EXIT_REASON_INVVPID: + /* + * VMX instructions trap unconditionally. This allows L1 to + * emulate them for its L2 guest, i.e., allows 3-level nesting! diff --git a/debian/patches/bugfix/x86/kvm-x86-fix-far-jump-to-non-canonical-check.patch b/debian/patches/bugfix/x86/kvm-x86-fix-far-jump-to-non-canonical-check.patch new file mode 100644 index 000000000..5b151a4b8 --- /dev/null +++ b/debian/patches/bugfix/x86/kvm-x86-fix-far-jump-to-non-canonical-check.patch @@ -0,0 +1,58 @@ +From: Nadav Amit +Date: Tue, 28 Oct 2014 00:03:43 +0200 +Subject: KVM: x86: Fix far-jump to non-canonical check +Origin: https://git.kernel.org/linus/7e46dddd6f6cd5dbf3c7bd04a7e75d19475ac9f2 + +Commit d1442d85cc30 ("KVM: x86: Handle errors when RIP is set during far +jumps") introduced a bug that caused the fix to be incomplete. Due to +incorrect evaluation, far jump to segment with L bit cleared (i.e., 32-bit +segment) and RIP with any of the high bits set (i.e, RIP[63:32] != 0) set may +not trigger #GP. As we know, this imposes a security problem. + +In addition, the condition for two warnings was incorrect. + +Fixes: d1442d85cc30ea75f7d399474ca738e0bc96f715 +Reported-by: Dan Carpenter +Signed-off-by: Nadav Amit +[Add #ifdef CONFIG_X86_64 to avoid complaints of undefined behavior. - Paolo] +Signed-off-by: Paolo Bonzini +--- + arch/x86/kvm/emulate.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -582,12 +582,14 @@ static inline int assign_eip_far(struct + case 4: + ctxt->_eip = (u32)dst; + break; ++#ifdef CONFIG_X86_64 + case 8: + if ((cs_l && is_noncanonical_address(dst)) || +- (!cs_l && (dst & ~(u32)-1))) ++ (!cs_l && (dst >> 32) != 0)) + return emulate_gp(ctxt, 0); + ctxt->_eip = dst; + break; ++#endif + default: + WARN(1, "unsupported eip assignment size\n"); + } +@@ -1998,7 +2000,7 @@ static int em_jmp_far(struct x86_emulate + + rc = assign_eip_far(ctxt, ctxt->src.val, new_desc.l); + if (rc != X86EMUL_CONTINUE) { +- WARN_ON(!ctxt->mode != X86EMUL_MODE_PROT64); ++ WARN_ON(ctxt->mode != X86EMUL_MODE_PROT64); + /* assigning eip failed; restore the old cs */ + ops->set_segment(ctxt, old_sel, &old_desc, 0, VCPU_SREG_CS); + return rc; +@@ -2092,7 +2094,7 @@ static int em_ret_far(struct x86_emulate + return rc; + rc = assign_eip_far(ctxt, eip, new_desc.l); + if (rc != X86EMUL_CONTINUE) { +- WARN_ON(!ctxt->mode != X86EMUL_MODE_PROT64); ++ WARN_ON(ctxt->mode != X86EMUL_MODE_PROT64); + ops->set_segment(ctxt, old_cs, &old_desc, 0, VCPU_SREG_CS); + } + return rc; diff --git a/debian/patches/debian/i2o-disable-i2o_ext_adaptec-on-64bit.patch b/debian/patches/debian/i2o-disable-i2o_ext_adaptec-on-64bit.patch index b766ca04f..fe1f55f56 100644 --- a/debian/patches/debian/i2o-disable-i2o_ext_adaptec-on-64bit.patch +++ b/debian/patches/debian/i2o-disable-i2o_ext_adaptec-on-64bit.patch @@ -1,6 +1,7 @@ From: Ben Hutchings Date: Fri, 12 Sep 2014 13:24:26 +0100 Subject: i2o: Disable I2O_EXT_ADAPTEC on 64-bit +Forwarded: no The code it enables works uses 32-bit numbers for userland virtual addresses: diff --git a/debian/patches/features/all/mmc_block-increase-max_devices.patch b/debian/patches/features/all/mmc_block-increase-max_devices.patch new file mode 100644 index 000000000..bed87f392 --- /dev/null +++ b/debian/patches/features/all/mmc_block-increase-max_devices.patch @@ -0,0 +1,49 @@ +From: Ben Hutchings +Date: Sun, 26 Oct 2014 02:09:23 +0000 +Subject: mmc_block: Increase max_devices +Bug-Debian: https://bugs.debian.org/765621 +Forwarded: http://mid.gmane.org/1415244909.3398.51.camel@decadent.org.uk + +Currently the driver imposes a limit of 256 total minor numbers, +apparently based on the historic Unix/Linux limit. This is quite +restrictive, particularly if we raise the maximum number of +partitions per card to 256 to match sd. + +In order to make the full minor number space available we would +have to replace the static dev_use and name_use arrays with struct +ida. But we can at least allow use of 256 cards rather than just +256 minors, with only a small change. + +--- +--- a/drivers/mmc/card/block.c ++++ b/drivers/mmc/card/block.c +@@ -78,13 +78,16 @@ static int perdev_minors = CONFIG_MMC_BL + + /* + * We've only got one major, so number of mmcblk devices is +- * limited to 256 / number of minors per device. ++ * limited to (1 << 20) / number of minors per device. It is also ++ * currently limited by the size of the static bitmaps below. + */ + static int max_devices; + +-/* 256 minors, so at most 256 separate devices */ +-static DECLARE_BITMAP(dev_use, 256); +-static DECLARE_BITMAP(name_use, 256); ++#define MAX_DEVICES 256 ++ ++/* TODO: Replace these with struct ida */ ++static DECLARE_BITMAP(dev_use, MAX_DEVICES); ++static DECLARE_BITMAP(name_use, MAX_DEVICES); + + /* + * There is one mmc_blk_data per slot. +@@ -2558,7 +2561,7 @@ static int __init mmc_blk_init(void) + if (perdev_minors != CONFIG_MMC_BLOCK_MINORS) + pr_info("mmcblk: using %d minors per device\n", perdev_minors); + +- max_devices = 256 / perdev_minors; ++ max_devices = min(MAX_DEVICES, (1 << MINORBITS) / perdev_minors); + + res = register_blkdev(MMC_BLOCK_MAJOR, "mmc"); + if (res) diff --git a/debian/patches/features/all/wireless-rt2x00-add-new-rt2800usb-device.patch b/debian/patches/features/all/wireless-rt2x00-add-new-rt2800usb-device.patch new file mode 100644 index 000000000..58df0ff47 --- /dev/null +++ b/debian/patches/features/all/wireless-rt2x00-add-new-rt2800usb-device.patch @@ -0,0 +1,26 @@ +From: Cyril Brulebois +Date: Sun, 26 Oct 2014 12:33:38 +0100 +Subject: wireless: rt2x00: add new rt2800usb device +Bug-Debian: https://bugs.debian.org/766802 +Forwarded: http://article.gmane.org/gmane.linux.kernel/1815824 + +0x1b75 0xa200 AirLive WN-200USB wireless 11b/g/n dongle + +References: https://bugs.debian.org/766802 +Reported-by: Martin Mokrejs +Cc: stable@vger.kernel.org +Signed-off-by: Cyril Brulebois +--- + drivers/net/wireless/rt2x00/rt2800usb.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/wireless/rt2x00/rt2800usb.c ++++ b/drivers/net/wireless/rt2x00/rt2800usb.c +@@ -1111,6 +1111,7 @@ static struct usb_device_id rt2800usb_de + /* Ovislink */ + { USB_DEVICE(0x1b75, 0x3071) }, + { USB_DEVICE(0x1b75, 0x3072) }, ++ { USB_DEVICE(0x1b75, 0xa200) }, + /* Para */ + { USB_DEVICE(0x20b8, 0x8888) }, + /* Pegatron */ diff --git a/debian/patches/features/arm/dts-sun7i-Add-Banana-Pi-board.patch b/debian/patches/features/arm/dts-sun7i-Add-Banana-Pi-board.patch new file mode 100644 index 000000000..98f72f5c2 --- /dev/null +++ b/debian/patches/features/arm/dts-sun7i-Add-Banana-Pi-board.patch @@ -0,0 +1,246 @@ +From: Hans de Goede +Subject: [PATCH v2 3/3] ARM: dts: sun7i: Add Banana Pi board +Date: Wed, 1 Oct 2014 09:26:06 +0200 +Origin: https://git.kernel.org/cgit/linux/kernel/git/mripard/linux.git/commit/?id=8a5b272fbf446ce475bb434b956a45a666936af4 + +The Banana Pi is an A20 based development board using Raspberry Pi compatible +IO headers. It comes with 1 GB RAM, 1 Gb ethernet, 2x USB host, sata, hdmi +and stereo audio out + various expenansion headers: + +http://www.lemaker.org/ + +Signed-off-by: Hans de Goede +Signed-off-by: Maxime Ripard +--- + arch/arm/boot/dts/Makefile | 1 + + arch/arm/boot/dts/sun7i-a20-bananapi.dts | 214 +++++++++++++++++++++++++++++++ + 2 files changed, 215 insertions(+) + create mode 100644 arch/arm/boot/dts/sun7i-a20-bananapi.dts + +--- a/arch/arm/boot/dts/Makefile ++++ b/arch/arm/boot/dts/Makefile +@@ -414,6 +414,7 @@ dtb-$(CONFIG_MACH_SUN6I) += \ + sun6i-a31-hummingbird.dtb \ + sun6i-a31-m9.dtb + dtb-$(CONFIG_MACH_SUN7I) += \ ++ sun7i-a20-bananapi.dtb \ + sun7i-a20-cubieboard2.dtb \ + sun7i-a20-cubietruck.dtb \ + sun7i-a20-i12-tvbox.dtb \ +--- /dev/null ++++ b/arch/arm/boot/dts/sun7i-a20-bananapi.dts +@@ -0,0 +1,214 @@ ++/* ++ * Copyright 2014 Hans de Goede ++ * ++ * Hans de Goede ++ * ++ * This file is dual-licensed: you can use it either under the terms ++ * of the GPL or the X11 license, at your option. Note that this dual ++ * licensing only applies to this file, and not this project as a ++ * whole. ++ * ++ * a) This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public ++ * License along with this library; if not, write to the Free ++ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, ++ * MA 02110-1301 USA ++ * ++ * Or, alternatively, ++ * ++ * b) Permission is hereby granted, free of charge, to any person ++ * obtaining a copy of this software and associated documentation ++ * files (the "Software"), to deal in the Software without ++ * restriction, including without limitation the rights to use, ++ * copy, modify, merge, publish, distribute, sublicense, and/or ++ * sell copies of the Software, and to permit persons to whom the ++ * Software is furnished to do so, subject to the following ++ * conditions: ++ * ++ * The above copyright notice and this permission notice shall be ++ * included in all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES ++ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT ++ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, ++ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING ++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR ++ * OTHER DEALINGS IN THE SOFTWARE. ++ */ ++ ++/dts-v1/; ++/include/ "sun7i-a20.dtsi" ++/include/ "sunxi-common-regulators.dtsi" ++ ++/ { ++ model = "LeMaker Banana Pi"; ++ compatible = "lemaker,bananapi", "allwinner,sun7i-a20"; ++ ++ soc@01c00000 { ++ spi0: spi@01c05000 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&spi0_pins_a>; ++ status = "okay"; ++ }; ++ ++ mmc0: mmc@01c0f000 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&mmc0_pins_a>, <&mmc0_cd_pin_bananapi>; ++ vmmc-supply = <®_vcc3v3>; ++ bus-width = <4>; ++ cd-gpios = <&pio 7 10 0>; /* PH10 */ ++ cd-inverted; ++ status = "okay"; ++ }; ++ ++ usbphy: phy@01c13400 { ++ usb1_vbus-supply = <®_usb1_vbus>; ++ usb2_vbus-supply = <®_usb2_vbus>; ++ status = "okay"; ++ }; ++ ++ ehci0: usb@01c14000 { ++ status = "okay"; ++ }; ++ ++ ohci0: usb@01c14400 { ++ status = "okay"; ++ }; ++ ++ ahci: sata@01c18000 { ++ status = "okay"; ++ }; ++ ++ ehci1: usb@01c1c000 { ++ status = "okay"; ++ }; ++ ++ ohci1: usb@01c1c400 { ++ status = "okay"; ++ }; ++ ++ pinctrl@01c20800 { ++ mmc0_cd_pin_bananapi: mmc0_cd_pin@0 { ++ allwinner,pins = "PH10"; ++ allwinner,function = "gpio_in"; ++ allwinner,drive = <0>; ++ allwinner,pull = <1>; ++ }; ++ ++ gmac_power_pin_bananapi: gmac_power_pin@0 { ++ allwinner,pins = "PH23"; ++ allwinner,function = "gpio_out"; ++ allwinner,drive = <0>; ++ allwinner,pull = <0>; ++ }; ++ ++ led_pins_bananapi: led_pins@0 { ++ allwinner,pins = "PH24"; ++ allwinner,function = "gpio_out"; ++ allwinner,drive = <0>; ++ allwinner,pull = <0>; ++ }; ++ }; ++ ++ ir0: ir@01c21800 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&ir0_pins_a>; ++ status = "okay"; ++ }; ++ ++ uart0: serial@01c28000 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&uart0_pins_a>; ++ status = "okay"; ++ }; ++ ++ uart3: serial@01c28c00 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&uart3_pins_b>; ++ status = "okay"; ++ }; ++ ++ uart7: serial@01c29c00 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&uart7_pins_a>; ++ status = "okay"; ++ }; ++ ++ i2c0: i2c@01c2ac00 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&i2c0_pins_a>; ++ status = "okay"; ++ ++ axp209: pmic@34 { ++ compatible = "x-powers,axp209"; ++ reg = <0x34>; ++ interrupt-parent = <&nmi_intc>; ++ interrupts = <0 8>; ++ ++ interrupt-controller; ++ #interrupt-cells = <1>; ++ }; ++ }; ++ ++ i2c2: i2c@01c2b400 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&i2c2_pins_a>; ++ status = "okay"; ++ }; ++ ++ gmac: ethernet@01c50000 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&gmac_pins_rgmii_a>; ++ phy = <&phy1>; ++ phy-mode = "rgmii"; ++ phy-supply = <®_gmac_3v3>; ++ status = "okay"; ++ ++ phy1: ethernet-phy@1 { ++ reg = <1>; ++ }; ++ }; ++ }; ++ ++ leds { ++ compatible = "gpio-leds"; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&led_pins_bananapi>; ++ ++ green { ++ label = "bananapi:green:usr"; ++ gpios = <&pio 7 24 0>; ++ }; ++ }; ++ ++ reg_usb1_vbus: usb1-vbus { ++ status = "okay"; ++ }; ++ ++ reg_usb2_vbus: usb2-vbus { ++ status = "okay"; ++ }; ++ ++ reg_gmac_3v3: gmac-3v3 { ++ compatible = "regulator-fixed"; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&gmac_power_pin_bananapi>; ++ regulator-name = "gmac-3v3"; ++ regulator-min-microvolt = <3300000>; ++ regulator-max-microvolt = <3300000>; ++ startup-delay-us = <50000>; ++ enable-active-high; ++ gpio = <&pio 7 23 0>; ++ }; ++}; diff --git a/debian/patches/features/arm/dts-sun7i-Add-spi0_pins_a-pinctrl-setting.patch b/debian/patches/features/arm/dts-sun7i-Add-spi0_pins_a-pinctrl-setting.patch new file mode 100644 index 000000000..adb0d58e5 --- /dev/null +++ b/debian/patches/features/arm/dts-sun7i-Add-spi0_pins_a-pinctrl-setting.patch @@ -0,0 +1,29 @@ +From: Hans de Goede +Subject: [PATCH v2 1/3] ARM: dts: sun7i: Add spi0_pins_a pinctrl setting +Date: Wed, 1 Oct 2014 09:26:04 +0200 +Origin: https://git.kernel.org/cgit/linux/kernel/git/mripard/linux.git/commit/?id=a99eb770b4ab561434c9049b7b09cf40e27d3a55 + +Signed-off-by: Hans de Goede +Signed-off-by: Maxime Ripard +--- + arch/arm/boot/dts/sun7i-a20.dtsi | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: linux-3.16.3/arch/arm/boot/dts/sun7i-a20.dtsi +=================================================================== +--- linux-3.16.3.orig/arch/arm/boot/dts/sun7i-a20.dtsi ++++ linux-3.16.3/arch/arm/boot/dts/sun7i-a20.dtsi +@@ -704,6 +704,13 @@ + allwinner,pull = <0>; + }; + ++ spi0_pins_a: spi0@0 { ++ allwinner,pins = "PI10", "PI11", "PI12", "PI13", "PI14"; ++ allwinner,function = "spi0"; ++ allwinner,drive = <0>; ++ allwinner,pull = <0>; ++ }; ++ + spi1_pins_a: spi1@0 { + allwinner,pins = "PI16", "PI17", "PI18", "PI19"; + allwinner,function = "spi1"; diff --git a/debian/patches/features/arm/dts-sun7i-Add-support-for-Olimex-A20-OLinuXino-LIME.patch b/debian/patches/features/arm/dts-sun7i-Add-support-for-Olimex-A20-OLinuXino-LIME.patch new file mode 100644 index 000000000..9e03ef9ec --- /dev/null +++ b/debian/patches/features/arm/dts-sun7i-Add-support-for-Olimex-A20-OLinuXino-LIME.patch @@ -0,0 +1,165 @@ +From: FUKAUMI Naoki +Date: Wed, 20 Aug 2014 14:25:03 +0900 +Subject: [PATCH] ARM: sun7i: Add support for Olimex A20-OLinuXino-LIME +Origin: https://git.kernel.org/linus/a71b4438af8242f383906071205db95a8b8e7b6d + +This patch adds support for Olimex A20-OLinuXino-LIME board. + +Signed-off-by: FUKAUMI Naoki +Signed-off-by: Maxime Ripard +--- + arch/arm/boot/dts/Makefile | 1 + + arch/arm/boot/dts/sun7i-a20-olinuxino-lime.dts | 137 +++++++++++++++++++++++++ + 2 files changed, 138 insertions(+) + create mode 100644 arch/arm/boot/dts/sun7i-a20-olinuxino-lime.dts + +--- a/arch/arm/boot/dts/Makefile ++++ b/arch/arm/boot/dts/Makefile +@@ -418,6 +418,7 @@ dtb-$(CONFIG_MACH_SUN7I) += \ + sun7i-a20-cubieboard2.dtb \ + sun7i-a20-cubietruck.dtb \ + sun7i-a20-i12-tvbox.dtb \ ++ sun7i-a20-olinuxino-lime.dtb \ + sun7i-a20-olinuxino-micro.dtb \ + sun7i-a20-pcduino3.dtb + dtb-$(CONFIG_MACH_SUN8I) += \ +--- /dev/null ++++ b/arch/arm/boot/dts/sun7i-a20-olinuxino-lime.dts +@@ -0,0 +1,137 @@ ++/* ++ * This is based on sun4i-a10-olinuxino-lime.dts ++ * ++ * Copyright 2014 - Hans de Goede ++ * Copyright (c) 2014 FUKAUMI Naoki ++ * ++ * The code contained herein is licensed under the GNU General Public ++ * License. You may obtain a copy of the GNU General Public License ++ * Version 2 or later at the following locations: ++ * ++ * http://www.opensource.org/licenses/gpl-license.html ++ * http://www.gnu.org/copyleft/gpl.html ++ */ ++ ++/dts-v1/; ++/include/ "sun7i-a20.dtsi" ++/include/ "sunxi-common-regulators.dtsi" ++ ++/ { ++ model = "Olimex A20-OLinuXino-LIME"; ++ compatible = "olimex,a20-olinuxino-lime", "allwinner,sun7i-a20"; ++ ++ soc@01c00000 { ++ mmc0: mmc@01c0f000 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&mmc0_pins_a>, <&mmc0_cd_pin_reference_design>; ++ vmmc-supply = <®_vcc3v3>; ++ bus-width = <4>; ++ cd-gpios = <&pio 7 1 0>; /* PH1 */ ++ cd-inverted; ++ status = "okay"; ++ }; ++ ++ usbphy: phy@01c13400 { ++ usb1_vbus-supply = <®_usb1_vbus>; ++ usb2_vbus-supply = <®_usb2_vbus>; ++ status = "okay"; ++ }; ++ ++ ehci0: usb@01c14000 { ++ status = "okay"; ++ }; ++ ++ ohci0: usb@01c14400 { ++ status = "okay"; ++ }; ++ ++ ahci: sata@01c18000 { ++ target-supply = <®_ahci_5v>; ++ status = "okay"; ++ }; ++ ++ ehci1: usb@01c1c000 { ++ status = "okay"; ++ }; ++ ++ ohci1: usb@01c1c400 { ++ status = "okay"; ++ }; ++ ++ pinctrl@01c20800 { ++ ahci_pwr_pin_olinuxinolime: ahci_pwr_pin@1 { ++ allwinner,pins = "PC3"; ++ allwinner,function = "gpio_out"; ++ allwinner,drive = <0>; ++ allwinner,pull = <0>; ++ }; ++ ++ led_pins_olinuxinolime: led_pins@0 { ++ allwinner,pins = "PH2"; ++ allwinner,function = "gpio_out"; ++ allwinner,drive = <1>; ++ allwinner,pull = <0>; ++ }; ++ }; ++ ++ uart0: serial@01c28000 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&uart0_pins_a>; ++ status = "okay"; ++ }; ++ ++ i2c0: i2c@01c2ac00 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&i2c0_pins_a>; ++ status = "okay"; ++ ++ axp209: pmic@34 { ++ compatible = "x-powers,axp209"; ++ reg = <0x34>; ++ interrupt-parent = <&nmi_intc>; ++ interrupts = <0 8>; ++ ++ interrupt-controller; ++ #interrupt-cells = <1>; ++ }; ++ }; ++ ++ gmac: ethernet@01c50000 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&gmac_pins_mii_a>; ++ phy = <&phy1>; ++ phy-mode = "mii"; ++ status = "okay"; ++ ++ phy1: ethernet-phy@1 { ++ reg = <1>; ++ }; ++ }; ++ }; ++ ++ leds { ++ compatible = "gpio-leds"; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&led_pins_olinuxinolime>; ++ ++ green { ++ label = "a20-olinuxino-lime:green:usr"; ++ gpios = <&pio 7 2 0>; ++ default-state = "on"; ++ }; ++ }; ++ ++ reg_ahci_5v: ahci-5v { ++ pinctrl-0 = <&ahci_pwr_pin_olinuxinolime>; ++ gpio = <&pio 2 3 0>; ++ status = "okay"; ++ }; ++ ++ reg_usb1_vbus: usb1-vbus { ++ status = "okay"; ++ }; ++ ++ reg_usb2_vbus: usb2-vbus { ++ status = "okay"; ++ }; ++}; diff --git a/debian/patches/features/arm/dts-sun7i-Add-uart3_pins_b-pinctrl-setting.patch b/debian/patches/features/arm/dts-sun7i-Add-uart3_pins_b-pinctrl-setting.patch new file mode 100644 index 000000000..fc8259fcd --- /dev/null +++ b/debian/patches/features/arm/dts-sun7i-Add-uart3_pins_b-pinctrl-setting.patch @@ -0,0 +1,30 @@ +From: Hans de Goede +Subject: [PATCH v2 2/3] ARM: dts: sun7i: Add uart3_pins_b pinctrl setting +Date: Wed, 1 Oct 2014 09:26:05 +0200 +Origin: https://git.kernel.org/cgit/linux/kernel/git/mripard/linux.git/commit/?id=46e9fd407fad0e9442d0feb9b678d81839ea29a1 + +The uart3_pins_a multiplexes the uart3 pins to port G, add a pinctrl entry +for mapping them to port H (as used on the Bananapi). + +Signed-off-by: Hans de Goede +Signed-off-by: Maxime Ripard +--- + arch/arm/boot/dts/sun7i-a20.dtsi | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/arch/arm/boot/dts/sun7i-a20.dtsi ++++ b/arch/arm/boot/dts/sun7i-a20.dtsi +@@ -618,6 +618,13 @@ + allwinner,pull = <0>; + }; + ++ uart3_pins_b: uart3@1 { ++ allwinner,pins = "PH0", "PH1"; ++ allwinner,function = "uart3"; ++ allwinner,drive = <0>; ++ allwinner,pull = <0>; ++ }; ++ + uart6_pins_a: uart6@0 { + allwinner,pins = "PI12", "PI13"; + allwinner,function = "uart6"; diff --git a/debian/patches/features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch b/debian/patches/features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch index fb0fbc888..0d3ce376c 100644 --- a/debian/patches/features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch +++ b/debian/patches/features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch @@ -1,7 +1,7 @@ From: Aurelien Jarno Date: Sun, 20 Jul 2014 19:16:31 +0200 Subject: MIPS: Loongson 3: Add Loongson LS3A RS780E 1-way machine definition -Forwarded: not yet +Forwarded: no Add a Loongson LS3A RS780E 1-way machine definition, which only differs from other Loongson 3 based machines by the UART base clock speed. diff --git a/debian/patches/features/mips/MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch b/debian/patches/features/mips/MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch new file mode 100644 index 000000000..320c651de --- /dev/null +++ b/debian/patches/features/mips/MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch @@ -0,0 +1,29 @@ +From: Aurelien Jarno +Subject: MIPS: increase MAX_PHYSMEM_BITS on Loongson 3 only +Bug-Debian: https://bugs.debian.org/764223 +Forwarded: no + +Commit c4617318 broke Loongson-2 support and maybe even more by increasing +the value of MAX_PHYSMEM_BITS. At it is currently only needed on +Loongson-3, define it conditionally. + +Note: this should be replace by upstream fix when available. + +diff --git a/arch/mips/include/asm/sparsemem.h b/arch/mips/include/asm/sparsemem.h +index b1071c1..778dca7 100644 +--- a/arch/mips/include/asm/sparsemem.h ++++ b/arch/mips/include/asm/sparsemem.h +@@ -11,7 +11,12 @@ + #else + # define SECTION_SIZE_BITS 28 + #endif +-#define MAX_PHYSMEM_BITS 48 ++ ++#if defined(CONFIG_CPU_LOONGSON3) ++# define MAX_PHYSMEM_BITS 48 ++#else ++# define MAX_PHYSMEM_BITS 35 ++#endif + + #endif /* CONFIG_SPARSEMEM */ + #endif /* _MIPS_SPARSEMEM_H */ diff --git a/debian/patches/features/mips/MIPS-octeon-Add-support-for-the-UBNT-E200-board.patch b/debian/patches/features/mips/MIPS-octeon-Add-support-for-the-UBNT-E200-board.patch new file mode 100644 index 000000000..12db228db --- /dev/null +++ b/debian/patches/features/mips/MIPS-octeon-Add-support-for-the-UBNT-E200-board.patch @@ -0,0 +1,68 @@ +From: Markos Chandras +Date: Fri, 28 Mar 2014 17:22:52 +0000 +Subject: [PATCH 01/12] MIPS: octeon: Add support for the UBNT E200 board +Origin: not submitted yet + +Add support for the UBNT E200 board (EdgeRouter/EdgeRouter Pro 8 port). + +Signed-off-by: Markos Chandras +[bwh: Forward-ported to 3.17: adjust context] +--- + arch/mips/cavium-octeon/executive/cvmx-helper-board.c | 3 +++ + arch/mips/include/asm/octeon/cvmx-bootinfo.h | 2 ++ + arch/mips/include/asm/octeon/octeon-model.h | 3 +++ + 3 files changed, 8 insertions(+) + +--- a/arch/mips/cavium-octeon/executive/cvmx-helper-board.c ++++ b/arch/mips/cavium-octeon/executive/cvmx-helper-board.c +@@ -186,6 +186,8 @@ int cvmx_helper_board_get_mii_address(in + return 7 - ipd_port; + else + return -1; ++ case CVMX_BOARD_TYPE_UBNT_E200: ++ return -1; + case CVMX_BOARD_TYPE_CUST_DSR1000N: + /* + * Port 2 connects to Broadcom PHY (B5081). Other ports (0-1) +@@ -759,6 +761,7 @@ enum cvmx_helper_board_usb_clock_types _ + case CVMX_BOARD_TYPE_LANAI2_G: + case CVMX_BOARD_TYPE_NIC10E_66: + case CVMX_BOARD_TYPE_UBNT_E100: ++ case CVMX_BOARD_TYPE_UBNT_E200: + case CVMX_BOARD_TYPE_CUST_DSR1000N: + return USB_CLOCK_TYPE_CRYSTAL_12; + case CVMX_BOARD_TYPE_NIC10E: +--- a/arch/mips/include/asm/octeon/cvmx-bootinfo.h ++++ b/arch/mips/include/asm/octeon/cvmx-bootinfo.h +@@ -228,6 +228,7 @@ enum cvmx_board_types_enum { + */ + CVMX_BOARD_TYPE_CUST_PRIVATE_MIN = 20001, + CVMX_BOARD_TYPE_UBNT_E100 = 20002, ++ CVMX_BOARD_TYPE_UBNT_E200 = 20003, + CVMX_BOARD_TYPE_CUST_DSR1000N = 20006, + CVMX_BOARD_TYPE_CUST_PRIVATE_MAX = 30000, + +@@ -328,6 +329,7 @@ static inline const char *cvmx_board_typ + /* Customer private range */ + ENUM_BRD_TYPE_CASE(CVMX_BOARD_TYPE_CUST_PRIVATE_MIN) + ENUM_BRD_TYPE_CASE(CVMX_BOARD_TYPE_UBNT_E100) ++ ENUM_BRD_TYPE_CASE(CVMX_BOARD_TYPE_UBNT_E200) + ENUM_BRD_TYPE_CASE(CVMX_BOARD_TYPE_CUST_DSR1000N) + ENUM_BRD_TYPE_CASE(CVMX_BOARD_TYPE_CUST_PRIVATE_MAX) + } +--- a/arch/mips/include/asm/octeon/octeon-model.h ++++ b/arch/mips/include/asm/octeon/octeon-model.h +@@ -105,10 +105,13 @@ + #define OCTEON_CN63XX_PASS2_X (OCTEON_CN63XX_PASS2_0 | OM_IGNORE_MINOR_REVISION) + + #define OCTEON_CN61XX_PASS1_0 0x000d9300 ++#define OCTEON_CN61XX_PASS1_1 0x000d9301 + + #define OCTEON_CN61XX (OCTEON_CN61XX_PASS1_0 | OM_IGNORE_REVISION) + #define OCTEON_CN61XX_PASS1_X (OCTEON_CN61XX_PASS1_0 | OM_IGNORE_MINOR_REVISION) + ++#define OCTEON_UBNT_E200 (OCTEON_CN61XX_PASS1_1 | OM_IGNORE_REVISION) ++ + /* + * CN5XXX models with new revision encoding + */ diff --git a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch index 840bdedf3..1363c6d48 100644 --- a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch +++ b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch @@ -2,6 +2,7 @@ From: Ben Hutchings Date: Fri, 25 Jul 2014 01:16:15 +0100 Subject: x86: Make x32 syscall support conditional on a kernel parameter Bug-Debian: https://bugs.debian.org/708070 +Forwarded: http://mid.gmane.org/1415245982.3398.53.camel@decadent.org.uk Enabling x32 in the standard amd64 kernel would increase its attack surface while provide no benefit to the vast majority of its users. diff --git a/debian/patches/series b/debian/patches/series index 4b09b10bc..0c843de6c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -51,13 +51,30 @@ bugfix/arm/omap-musb-choice.patch bugfix/mips/disable-advansys.patch bugfix/m68k/ethernat-kconfig.patch bugfix/x86/x86-reject-x32-executables-if-x32-abi-not-supported.patch +bugfix/mips/MIPS-cp1emu-Fix-ISA-restrictions-for-cop1x_op-instru.patch +bugfix/mips/MIPS-tlbex-Properly-fix-HUGE-TLB-Refill-exception-ha.patch +bugfix/x86/KVM-x86-Check-non-canonical-addresses-upon-WRMSR.patch +bugfix/x86/KVM-x86-Prevent-host-from-panicking-on-shared-MSR-wr.patch +bugfix/x86/KVM-x86-Improve-thread-safety-in-pit.patch +bugfix/x86/KVM-x86-Fix-wrong-masking-on-relative-jump-call.patch +bugfix/x86/kvm-vmx-handle-invvpid-vm-exit-gracefully.patch +bugfix/x86/KVM-x86-Emulator-fixes-for-eip-canonical-checks-on-n.patch +bugfix/x86/KVM-x86-Handle-errors-when-RIP-is-set-during-far-jum.patch +bugfix/x86/kvm-x86-fix-far-jump-to-non-canonical-check.patch +bugfix/parisc/parisc-reduce-sigrtmin-from-37-to-32-to-behave-like-.patch # Arch features +features/mips/MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch +features/mips/MIPS-octeon-Add-support-for-the-UBNT-E200-board.patch features/powerpc/deb-pkg-add-support-for-powerpc-little-endian.patch features/x86/x86-memtest-WARN-if-bad-RAM-found.patch features/x86/x86-make-x32-syscall-support-conditional.patch features/arm/deb-pkg-add-automatic-support-for-armhf-architecture.patch +features/arm/dts-sun7i-Add-spi0_pins_a-pinctrl-setting.patch +features/arm/dts-sun7i-Add-uart3_pins_b-pinctrl-setting.patch +features/arm/dts-sun7i-Add-Banana-Pi-board.patch +features/arm/dts-sun7i-Add-support-for-Olimex-A20-OLinuXino-LIME.patch # Miscellaneous bug fixes bugfix/all/misc-bmp085-Enable-building-as-a-module.patch @@ -66,6 +83,22 @@ bugfix/all/disable-some-marvell-phys.patch debian/i2o-disable-i2o_ext_adaptec-on-64bit.patch bugfix/all/aic94xx-remove-broken-fallback-for-missing-ctrl-a.patch bugfix/all/builddeb-put-the-dbg-files-into-the-correct-director.patch +bugfix/all/rtsx_usb_ms-use-msleep_interruptible-in-polling-loop.patch +bugfix/all/SUNRPC-Don-t-wake-tasks-during-connection-abort.patch +bugfix/all/lockd-Try-to-reconnect-if-statd-has-moved.patch +bugfix/all/mtd-move-support-for-struct-flash_platform_data-into.patch +bugfix/all/mtd-m25p80-get-rid-of-spi_get_device_id.patch +bugfix/all/mtd-spi-nor-make-spi_nor_scan-take-a-chip-type-name-.patch +bugfix/all/mtd-m25p80-spi-nor-Fix-module-aliases-for-m25p80.patch +bugfix/all/drivers-net-Disable-UFO-through-virtio.patch +bugfix/all/drivers-net-ipv6-Select-IPv6-fragment-idents-for-vir.patch +bugfix/all/net-sctp-fix-skb_over_panic-when-receiving-malformed.patch +bugfix/all/net-sctp-fix-panic-on-duplicate-ASCONF-chunks.patch +bugfix/all/net-sctp-fix-remote-memory-pressure-from-excessive-q.patch +bugfix/all/mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch +bugfix/all/net-mv643xx-disable-tso-by-default.patch # Miscellaneous features features/all/efi-autoload-efivars.patch +features/all/mmc_block-increase-max_devices.patch +features/all/wireless-rt2x00-add-new-rt2800usb-device.patch diff --git a/debian/rules.real b/debian/rules.real index 2c3100651..99e8fb9cb 100644 --- a/debian/rules.real +++ b/debian/rules.real @@ -6,10 +6,12 @@ # expected to be available (need to be exported from the parent process). # SHELL := bash -e +ifdef ARCH DEB_HOST_ARCH := $(shell dpkg-architecture -a'$(ARCH)' -qDEB_HOST_ARCH) DEB_HOST_GNU_TYPE := $(shell dpkg-architecture -a'$(ARCH)' -qDEB_HOST_GNU_TYPE) DEB_HOST_MULTIARCH:= $(shell dpkg-architecture -a'$(ARCH)' -qDEB_HOST_MULTIARCH) DEB_BUILD_ARCH := $(shell dpkg-architecture -a'$(ARCH)' -qDEB_BUILD_ARCH) +endif MAINTAINER := $(shell sed -ne 's,^Maintainer: .[^<]*<\([^>]*\)>,\1,p' debian/control) DISTRIBUTION := $(shell dpkg-parsechangelog | sed -ne 's,^Distribution: ,,p') SOURCE_DATE := $(shell dpkg-parsechangelog | sed -ne 's,^Date: ,,p') @@ -36,7 +38,7 @@ include debian/rules.defs stamp = [ -d $(dir $@) ] || mkdir $(dir $@); touch $@ -setup_env := env -u ABINAME -u ABINAME_PART -u ARCH -u FEATURESET -u FLAVOUR -u VERSION -u LOCALVERSION +setup_env := env -u ABINAME -u ARCH -u FEATURESET -u FLAVOUR -u VERSION -u LOCALVERSION setup_env += DISTRIBUTION_OFFICIAL_BUILD=1 DISTRIBUTOR="$(DISTRIBUTOR)" DISTRIBUTION_VERSION="$(SOURCEVERSION)" KBUILD_BUILD_TIMESTAMP="$(DISTRIBUTOR) $(SOURCEVERSION) ($(SOURCE_DATE_UTC_ISO))" KBUILD_BUILD_USER="$(word 1,$(subst @, ,$(MAINTAINER)))" KBUILD_BUILD_HOST="$(word 2,$(subst @, ,$(MAINTAINER)))" MAKE_CLEAN = $(setup_env) $(MAKE) @@ -366,7 +368,10 @@ endif +$(MAKE_SELF) \ install-image_$(ARCH)_$(FEATURESET)_$(FLAVOUR)_plain_bug \ PACKAGE_DIR='$(PACKAGE_DIR)' PACKAGE_NAME='$(PACKAGE_NAME)' REAL_VERSION='$(REAL_VERSION)' - +$(MAKE_SELF) install-base + +$(MAKE_SELF) install-base GENCONTROL_ARGS='-Vkernel:Recommends='"$$( \ + if grep -q '^CONFIG_SMP=y' $(DIR)/.config; then \ + printf irqbalance,; \ + fi)" install-image_$(ARCH)_$(FEATURESET)_$(FLAVOUR)_plain_dt: DT_INSTALL_DIR = $(PACKAGE_DIR)/usr/lib/linux-image-$(REAL_VERSION) install-image_$(ARCH)_$(FEATURESET)_$(FLAVOUR)_plain_dt: @@ -387,7 +392,7 @@ install-image_$(ARCH)_$(FEATURESET)_$(FLAVOUR)_plain_bug: dh_installdirs usr/share/bug/$(PACKAGE_NAME) dh_install debian/templates/image.plain.bug/* usr/share/bug/$(PACKAGE_NAME) chmod 755 $(PACKAGE_DIR)/usr/share/bug/$(PACKAGE_NAME)/script - echo "RELEASE='$(REAL_VERSION)'" > $(PACKAGE_DIR)/usr/share/bug/$(PACKAGE_NAME)/info + printf "RELEASE='$(REAL_VERSION)'\nDISTRIBUTOR='$(DISTRIBUTOR)'\nSOURCEVERSION='$(SOURCEVERSION)'\n" > $(PACKAGE_DIR)/usr/share/bug/$(PACKAGE_NAME)/info install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): REAL_VERSION = $(ABINAME)$(LOCALVERSION) install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): PACKAGE_NAME = linux-image-$(REAL_VERSION)-dbg diff --git a/debian/templates/control.image.type-plain.in b/debian/templates/control.image.type-plain.in index 3fecc2947..29306e3c1 100644 --- a/debian/templates/control.image.type-plain.in +++ b/debian/templates/control.image.type-plain.in @@ -2,7 +2,7 @@ Package: linux-image-@abiname@@localversion@ Provides: linux-modules-@abiname@@localversion@ Pre-Depends: debconf | debconf-2.0 Depends: kmod | module-init-tools, linux-base (>= 3~), ${misc:Depends} -Recommends: firmware-linux-free (>= 3~) +Recommends: firmware-linux-free (>= 3~), ${kernel:Recommends} Suggests: linux-doc-@version@, debian-kernel-handbook Breaks: at (<< 3.1.12-1+squeeze1) Description: Linux @upstreamversion@ for @class@ diff --git a/debian/templates/image.plain.bug/presubj b/debian/templates/image.plain.bug/presubj index eb9cc3ca4..59b891acb 100644 --- a/debian/templates/image.plain.bug/presubj +++ b/debian/templates/image.plain.bug/presubj @@ -6,9 +6,3 @@ If you are reporting that the kernel fails to boot, please use a digital camera, serial console or netconsole to record the boot messages and attach these to your report. You can use the kernel parameter 'boot_delay=1000' to slow down the boot messages. - -If you are reporting a crash on a system that boots using EFI, it may -be useful to mount the 'pstore' filesystem so that a crash log can be -retrieved from flash memory. You can do this by running (as root): - - mount -t pstore pstore /sys/fs/pstore diff --git a/debian/templates/image.plain.bug/script b/debian/templates/image.plain.bug/script index 9374b2fc4..3926d8f66 100644 --- a/debian/templates/image.plain.bug/script +++ b/debian/templates/image.plain.bug/script @@ -14,6 +14,26 @@ for file in "$dir"/include-*; do done if [ "$RELEASE" == "$(uname -r)" ]; then + running_ver="$(uname -v)" + running_ver="${running_ver#* $DISTRIBUTOR }" + running_ver="${running_ver%% *}" + if [ "$running_ver" != "$SOURCEVERSION" ]; then + cat <