From 79f636b4bf7edcbf7c4194b93e4c4fef43b13e1c Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 4 Aug 2015 01:30:23 +0000 Subject: [PATCH] Update to 4.2-rc5 Refresh/drop patches as needed. svn path=/dists/trunk/linux/; revision=22909 --- debian/changelog | 6 + ...-redundant-log-messages-from-drivers.patch | 76 ++--- ...eturn-specific-errors-from-file-read.patch | 14 +- ...he-assoc-array-edit-if-edit-is-valid.patch | 39 --- ...-use-kzalloc-when-bitmap-is-disabled.patch | 9 +- .../bugfix/mips/disable-advansys.patch | 9 +- ...g-facility-check-to-init_cache_level.patch | 51 ---- ...-Remove-pointless-jump-to-irq_return.patch | 47 --- ...ested-do_nmi-handling-for-64-bit-ker.patch | 191 ------------ ...mi-64-Remove-asm-code-that-saves-cr2.patch | 53 ---- ...Switch-stacks-on-userspace-NMI-entry.patch | 112 ------- ...6-nmi-64-Improve-nested-NMI-comments.patch | 286 ------------------ ...x86-nmi-64-Reorder-nested-NMI-checks.patch | 91 ------ ...F-to-avoid-userspace-RSP-confusing-n.patch | 90 ------ ...apic_has_events-to-check-for-null-po.patch | 24 -- ...ink-security-restrictions-by-default.patch | 4 +- .../debian/yama-disable-by-default.patch | 12 +- .../features/all/aufs4/aufs4-mmap.patch | 89 ++---- .../features/all/aufs4/aufs4-standalone.patch | 113 +++---- ...Add-Loongson-LS3A-RS780E-1-way-machi.patch | 22 +- ...make-x32-syscall-support-conditional.patch | 70 ++--- debian/patches/series | 10 - 22 files changed, 187 insertions(+), 1231 deletions(-) delete mode 100644 debian/patches/bugfix/all/keys-ensure-we-free-the-assoc-array-edit-if-edit-is-valid.patch delete mode 100644 debian/patches/bugfix/s390/s390-cachinfo-add-missing-facility-check-to-init_cache_level.patch delete mode 100644 debian/patches/bugfix/x86/0003-x86-asm-entry-64-Remove-pointless-jump-to-irq_return.patch delete mode 100644 debian/patches/bugfix/x86/0004-x86-nmi-Enable-nested-do_nmi-handling-for-64-bit-ker.patch delete mode 100644 debian/patches/bugfix/x86/0005-x86-nmi-64-Remove-asm-code-that-saves-cr2.patch delete mode 100644 debian/patches/bugfix/x86/0006-x86-nmi-64-Switch-stacks-on-userspace-NMI-entry.patch delete mode 100644 debian/patches/bugfix/x86/0007-x86-nmi-64-Improve-nested-NMI-comments.patch delete mode 100644 debian/patches/bugfix/x86/0008-x86-nmi-64-Reorder-nested-NMI-checks.patch delete mode 100644 debian/patches/bugfix/x86/0009-x86-nmi-64-Use-DF-to-avoid-userspace-RSP-confusing-n.patch delete mode 100644 debian/patches/bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch diff --git a/debian/changelog b/debian/changelog index e2b2de889..711ce162c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +linux (4.2~rc5-1~exp1) UNRELEASED; urgency=medium + + * New upstream release candidate + + -- Ben Hutchings Tue, 04 Aug 2015 01:47:47 +0100 + linux (4.1.3-1) unstable; urgency=medium * New upstream stable update: diff --git a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch index b8f6f85e0..24a426d81 100644 --- a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch +++ b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch @@ -96,7 +96,7 @@ upstream submission. fw_size = firmware->size / sizeof(u32); --- a/drivers/bluetooth/ath3k.c +++ b/drivers/bluetooth/ath3k.c -@@ -398,10 +398,8 @@ static int ath3k_load_patch(struct usb_d +@@ -404,10 +404,8 @@ static int ath3k_load_patch(struct usb_d le32_to_cpu(fw_version.rom_version)); ret = request_firmware(&firmware, filename, &udev->dev); @@ -108,7 +108,7 @@ upstream submission. pt_rom_version = get_unaligned_le32(firmware->data + firmware->size - 8); -@@ -461,10 +459,8 @@ static int ath3k_load_syscfg(struct usb_ +@@ -467,10 +465,8 @@ static int ath3k_load_syscfg(struct usb_ le32_to_cpu(fw_version.rom_version), clk_value, ".dfu"); ret = request_firmware(&firmware, filename, &udev->dev); @@ -154,7 +154,7 @@ upstream submission. --- a/drivers/bluetooth/bt3c_cs.c +++ b/drivers/bluetooth/bt3c_cs.c -@@ -568,10 +568,8 @@ static int bt3c_open(struct bt3c_info *i +@@ -567,10 +567,8 @@ static int bt3c_open(struct bt3c_info *i /* Load firmware */ err = request_firmware(&firmware, "BT3CPCC.bin", &info->p_dev->dev); @@ -233,7 +233,7 @@ upstream submission. where = 0; --- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c -@@ -1521,10 +1521,8 @@ gf100_gr_ctor_fw(struct gf100_gr_priv *p +@@ -1558,10 +1558,8 @@ gf100_gr_ctor_fw(struct gf100_gr_priv *p if (ret) { snprintf(f, sizeof(f), "nouveau/%s", fwname); ret = request_firmware(&fw, f, nv_device_base(device)); @@ -262,7 +262,7 @@ upstream submission. printk(KERN_ERR --- a/drivers/gpu/drm/radeon/ni.c +++ b/drivers/gpu/drm/radeon/ni.c -@@ -812,10 +812,6 @@ int ni_init_microcode(struct radeon_devi +@@ -837,10 +837,6 @@ int ni_init_microcode(struct radeon_devi out: if (err) { @@ -289,7 +289,7 @@ upstream submission. rdev->me_fw->size, fw_name); --- a/drivers/gpu/drm/radeon/r600.c +++ b/drivers/gpu/drm/radeon/r600.c -@@ -2545,10 +2545,6 @@ int r600_init_microcode(struct radeon_de +@@ -2592,10 +2592,6 @@ int r600_init_microcode(struct radeon_de out: if (err) { @@ -457,7 +457,7 @@ upstream submission. if (!buf) { --- a/drivers/media/usb/dvb-usb/opera1.c +++ b/drivers/media/usb/dvb-usb/opera1.c -@@ -452,9 +452,6 @@ static int opera1_xilinx_load_firmware(s +@@ -453,9 +453,6 @@ static int opera1_xilinx_load_firmware(s info("start downloading fpga firmware %s",filename); if ((ret = request_firmware(&fw, filename, &dev->dev)) != 0) { @@ -469,7 +469,7 @@ upstream submission. p = kmalloc(fw->size, GFP_KERNEL); --- a/drivers/media/dvb-frontends/af9013.c +++ b/drivers/media/dvb-frontends/af9013.c -@@ -1372,16 +1372,8 @@ static int af9013_download_firmware(stru +@@ -1376,16 +1376,8 @@ static int af9013_download_firmware(stru /* request the firmware, this will block and timeout */ ret = request_firmware(&fw, fw_file, state->i2c->dev.parent); @@ -504,7 +504,7 @@ upstream submission. b = fw->data; --- a/drivers/media/dvb-frontends/cx24116.c +++ b/drivers/media/dvb-frontends/cx24116.c -@@ -493,13 +493,8 @@ static int cx24116_firmware_ondemand(str +@@ -495,13 +495,8 @@ static int cx24116_firmware_ondemand(str __func__, CX24116_DEFAULT_FIRMWARE); ret = request_firmware(&fw, CX24116_DEFAULT_FIRMWARE, state->i2c->dev.parent); @@ -535,7 +535,7 @@ upstream submission. if (state->microcode == NULL) { --- a/drivers/media/dvb-frontends/drxk_hard.c +++ b/drivers/media/dvb-frontends/drxk_hard.c -@@ -6283,10 +6283,6 @@ static void load_firmware_cb(const struc +@@ -6284,10 +6284,6 @@ static void load_firmware_cb(const struc dprintk(1, ": %s\n", fw ? "firmware loaded" : "firmware not loaded"); if (!fw) { @@ -1216,7 +1216,7 @@ upstream submission. if (bp->mips_firmware->size < sizeof(*mips_fw) || --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c -@@ -12981,11 +12981,8 @@ static int bnx2x_init_firmware(struct bn +@@ -13003,11 +13003,8 @@ static int bnx2x_init_firmware(struct bn BNX2X_DEV_INFO("Loading %s\n", fw_file_name); rc = request_firmware(&bp->firmware, fw_file_name, &bp->pdev->dev); @@ -1251,7 +1251,7 @@ upstream submission. u32 n; - if (request_firmware(&fw, fw_name, &pdev->dev)) { -- pr_alert("Can't locate firmware %s\n", fw_name); +- dev_alert(&pdev->dev, "can't load firmware %s\n", fw_name); + if (request_firmware(&fw, fw_name, &pdev->dev)) goto error; - } @@ -1261,13 +1261,13 @@ upstream submission. --- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c +++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c @@ -1034,12 +1034,8 @@ int t3_get_edc_fw(struct cphy *phy, int - snprintf(buf, sizeof(buf), get_edc_fw_name(edc_idx)); - - ret = request_firmware(&fw, buf, &adapter->pdev->dev); + fw_name = get_edc_fw_name(edc_idx); + if (fw_name) + ret = request_firmware(&fw, fw_name, &adapter->pdev->dev); - if (ret < 0) { - dev_err(&adapter->pdev->dev, - "could not upgrade firmware: unable to load %s\n", -- buf); +- fw_name); + if (ret) return ret; - } @@ -1440,7 +1440,7 @@ upstream submission. &hif_dev->udev->dev); --- a/drivers/net/wireless/ath/carl9170/usb.c +++ b/drivers/net/wireless/ath/carl9170/usb.c -@@ -1032,7 +1032,6 @@ static void carl9170_usb_firmware_step2( +@@ -1033,7 +1033,6 @@ static void carl9170_usb_firmware_step2( return; } @@ -1504,7 +1504,7 @@ upstream submission. hdr = (struct b43legacy_fw_header *)((*fw)->data); --- a/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c +++ b/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c -@@ -379,19 +379,13 @@ static int brcms_request_fw(struct brcms +@@ -378,19 +378,13 @@ static int brcms_request_fw(struct brcms sprintf(fw_name, "%s-%d.fw", brcms_firmwares[i], UCODE_LOADER_API_VER); status = request_firmware(&wl->fw.fw_bin[i], fw_name, device); @@ -1568,7 +1568,7 @@ upstream submission. else --- a/drivers/net/wireless/iwlwifi/iwl-drv.c +++ b/drivers/net/wireless/iwlwifi/iwl-drv.c -@@ -1119,13 +1119,8 @@ static void iwl_req_fw_callback(const st +@@ -1131,13 +1131,8 @@ static void iwl_req_fw_callback(const st if (!pieces) return; @@ -1586,23 +1586,23 @@ upstream submission. --- a/drivers/net/wireless/libertas_tf/if_usb.c +++ b/drivers/net/wireless/libertas_tf/if_usb.c @@ -824,8 +824,6 @@ static int if_usb_prog_firmware(struct i - kparam_block_sysfs_write(fw_name); + kernel_param_lock(THIS_MODULE); ret = request_firmware(&cardp->fw, lbtf_fw_name, &cardp->udev->dev); if (ret < 0) { - pr_err("request_firmware() failed with %#x\n", ret); - pr_err("firmware %s not found\n", lbtf_fw_name); - kparam_unblock_sysfs_write(fw_name); + kernel_param_unlock(THIS_MODULE); goto done; } --- a/drivers/net/wireless/mwifiex/main.c +++ b/drivers/net/wireless/mwifiex/main.c -@@ -454,11 +454,8 @@ static void mwifiex_fw_dpc(const struct +@@ -459,11 +459,8 @@ static void mwifiex_fw_dpc(const struct bool init_failed = false; struct wireless_dev *wdev; - if (!firmware) { -- dev_err(adapter->dev, -- "Failed to get firmware %s\n", adapter->fw_name); +- mwifiex_dbg(adapter, ERROR, +- "Failed to get firmware %s\n", adapter->fw_name); + if (!firmware) goto err_dnld_fw; - } @@ -1856,7 +1856,7 @@ upstream submission. static inline u16 get_bcdDevice(const struct usb_device *udev) --- a/drivers/scsi/advansys.c +++ b/drivers/scsi/advansys.c -@@ -4280,8 +4280,6 @@ static ushort AscInitAsc1000Driver(ASC_D +@@ -4107,8 +4107,6 @@ static int AscInitAsc1000Driver(ASC_DVC_ err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); if (err) { @@ -1865,7 +1865,7 @@ upstream submission. asc_dvc->err_code |= ASC_IERR_MCODE_CHKSUM; return err; } -@@ -4613,8 +4611,6 @@ static int AdvInitAsc3550Driver(ADV_DVC_ +@@ -4473,8 +4471,6 @@ static int AdvInitAsc3550Driver(ADV_DVC_ err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); if (err) { @@ -1874,7 +1874,7 @@ upstream submission. asc_dvc->err_code = ASC_IERR_MCODE_CHKSUM; return err; } -@@ -5129,8 +5125,6 @@ static int AdvInitAsc38C0800Driver(ADV_D +@@ -4973,8 +4969,6 @@ static int AdvInitAsc38C0800Driver(ADV_D err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); if (err) { @@ -1883,7 +1883,7 @@ upstream submission. asc_dvc->err_code = ASC_IERR_MCODE_CHKSUM; return err; } -@@ -5631,8 +5625,6 @@ static int AdvInitAsc38C1600Driver(ADV_D +@@ -5461,8 +5455,6 @@ static int AdvInitAsc38C1600Driver(ADV_D err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); if (err) { @@ -1894,7 +1894,7 @@ upstream submission. } --- a/drivers/scsi/aic94xx/aic94xx_init.c +++ b/drivers/scsi/aic94xx/aic94xx_init.c -@@ -390,8 +390,6 @@ static ssize_t asd_store_update_bios(str +@@ -389,8 +389,6 @@ static ssize_t asd_store_update_bios(str filename_ptr, &asd_ha->pcidev->dev); if (err) { @@ -1930,7 +1930,7 @@ upstream submission. } --- a/drivers/scsi/ipr.c +++ b/drivers/scsi/ipr.c -@@ -4004,10 +4004,8 @@ static ssize_t ipr_store_update_fw(struc +@@ -4010,10 +4010,8 @@ static ssize_t ipr_store_update_fw(struc len = snprintf(fname, 99, "%s", buf); fname[len-1] = '\0'; @@ -1968,7 +1968,7 @@ upstream submission. } --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c -@@ -5414,8 +5414,6 @@ qla2x00_load_risc(scsi_qla_host_t *vha, +@@ -5524,8 +5524,6 @@ qla2x00_load_risc(scsi_qla_host_t *vha, /* Load firmware blob. */ blob = qla2x00_request_firmware(vha); if (!blob) { @@ -1977,7 +1977,7 @@ upstream submission. ql_log(ql_log_info, vha, 0x0084, "Firmware images can be retrieved from: "QLA_FW_URL ".\n"); return QLA_FUNCTION_FAILED; -@@ -5517,8 +5515,6 @@ qla24xx_load_risc_blob(scsi_qla_host_t * +@@ -5627,8 +5625,6 @@ qla24xx_load_risc_blob(scsi_qla_host_t * /* Load firmware blob. */ blob = qla2x00_request_firmware(vha); if (!blob) { @@ -2003,7 +2003,7 @@ upstream submission. if (qla82xx_validate_firmware_blob(vha, --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c -@@ -5356,8 +5356,6 @@ qla2x00_request_firmware(scsi_qla_host_t +@@ -5369,8 +5369,6 @@ qla2x00_request_firmware(scsi_qla_host_t goto out; if (request_firmware(&blob->fw, blob->name, &ha->pdev->dev)) { @@ -2052,7 +2052,7 @@ upstream submission. ft1000_enable_interrupts(dev); --- a/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c +++ b/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c -@@ -135,10 +135,8 @@ static int ft1000_probe(struct usb_inter +@@ -133,10 +133,8 @@ static int ft1000_probe(struct usb_inter ft1000dev->bulk_out_endpointAddr); ret = request_firmware(&dsp_fw, "ft3000.img", &dev->dev); @@ -2161,7 +2161,7 @@ upstream submission. MODULE_FIRMWARE("rtlwifi/rtl8712u.bin"); --- a/drivers/staging/slicoss/slicoss.c +++ b/drivers/staging/slicoss/slicoss.c -@@ -391,11 +391,8 @@ static int slic_card_download_gbrcv(stru +@@ -388,11 +388,8 @@ static int slic_card_download_gbrcv(stru } ret = request_firmware(&fw, file, &adapter->pcidev->dev); @@ -2174,7 +2174,7 @@ upstream submission. rcvucodelen = *(u32 *)(fw->data + index); index += 4; -@@ -469,11 +466,8 @@ static int slic_card_download(struct ada +@@ -466,11 +463,8 @@ static int slic_card_download(struct ada return -ENOENT; } ret = request_firmware(&fw, file, &adapter->pcidev->dev); @@ -2205,7 +2205,7 @@ upstream submission. if (!buffer) --- a/drivers/tty/cyclades.c +++ b/drivers/tty/cyclades.c -@@ -3522,10 +3522,8 @@ static int cyz_load_fw(struct pci_dev *p +@@ -3518,10 +3518,8 @@ static int cyz_load_fw(struct pci_dev *p int retval; retval = request_firmware(&fw, "cyzfirm.bin", &pdev->dev); @@ -2610,7 +2610,7 @@ upstream submission. filename, emu->firmware->size); --- a/sound/pci/hda/hda_intel.c +++ b/sound/pci/hda/hda_intel.c -@@ -1619,10 +1619,8 @@ static void azx_firmware_cb(const struct +@@ -1734,10 +1734,8 @@ static void azx_firmware_cb(const struct struct azx *chip = card->private_data; struct pci_dev *pci = chip->pci; diff --git a/debian/patches/bugfix/all/firmware_class-return-specific-errors-from-file-read.patch b/debian/patches/bugfix/all/firmware_class-return-specific-errors-from-file-read.patch index 0c8c66b3f..46a3fe5cc 100644 --- a/debian/patches/bugfix/all/firmware_class-return-specific-errors-from-file-read.patch +++ b/debian/patches/bugfix/all/firmware_class-return-specific-errors-from-file-read.patch @@ -18,7 +18,7 @@ Signed-off-by: Ben Hutchings --- --- a/drivers/base/firmware_class.c +++ b/drivers/base/firmware_class.c -@@ -293,7 +293,7 @@ static int fw_read_file_contents(struct +@@ -298,7 +298,7 @@ static int fw_read_file_contents(struct int rc; if (!S_ISREG(file_inode(file)->i_mode)) @@ -27,7 +27,7 @@ Signed-off-by: Ben Hutchings size = i_size_read(file_inode(file)); if (size <= 0) return -EINVAL; -@@ -302,7 +302,7 @@ static int fw_read_file_contents(struct +@@ -307,7 +307,7 @@ static int fw_read_file_contents(struct return -ENOMEM; rc = kernel_read(file, 0, buf, size); if (rc != size) { @@ -36,8 +36,8 @@ Signed-off-by: Ben Hutchings rc = -EIO; goto fail; } -@@ -334,8 +334,10 @@ static int fw_get_filesystem_firmware(st - snprintf(path, PATH_MAX, "%s/%s", fw_path[i], buf->fw_id); +@@ -348,8 +348,10 @@ static int fw_get_filesystem_firmware(st + } file = filp_open(path, O_RDONLY, 0); - if (IS_ERR(file)) @@ -48,7 +48,7 @@ Signed-off-by: Ben Hutchings rc = fw_read_file_contents(file, buf); fput(file); if (rc) -@@ -974,13 +976,6 @@ static void kill_requests_without_uevent +@@ -994,13 +996,6 @@ static void kill_requests_without_uevent #endif #else /* CONFIG_FW_LOADER_USER_HELPER */ @@ -62,7 +62,7 @@ Signed-off-by: Ben Hutchings /* No abort during direct loading */ #define is_fw_load_aborted(buf) false -@@ -1129,6 +1124,7 @@ _request_firmware(const struct firmware +@@ -1152,6 +1147,7 @@ _request_firmware(const struct firmware } ret = fw_get_filesystem_firmware(device, fw->priv); @@ -70,7 +70,7 @@ Signed-off-by: Ben Hutchings if (ret) { if (!(opt_flags & FW_OPT_NO_WARN)) dev_warn(device, -@@ -1140,6 +1136,7 @@ _request_firmware(const struct firmware +@@ -1163,6 +1159,7 @@ _request_firmware(const struct firmware opt_flags, timeout); } } diff --git a/debian/patches/bugfix/all/keys-ensure-we-free-the-assoc-array-edit-if-edit-is-valid.patch b/debian/patches/bugfix/all/keys-ensure-we-free-the-assoc-array-edit-if-edit-is-valid.patch deleted file mode 100644 index 2eff4b90f..000000000 --- a/debian/patches/bugfix/all/keys-ensure-we-free-the-assoc-array-edit-if-edit-is-valid.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Colin Ian King -Subject: [PATCH] KEYS: ensure we free the assoc array edit if edit is valid -Origin: https://marc.info/?l=oss-security&m=143800676725867&w=2 - -__key_link_end is not freeing the associated array edit structure -and this leads to a 512 byte memory leak each time an identical -existing key is added with add_key(). - -The reason the add_key() system call returns okay is that -key_create_or_update() calls __key_link_begin() before checking to see -whether it can update a key directly rather than adding/replacing - which -it turns out it can. Thus __key_link() is not called through -__key_instantiate_and_link() and __key_link_end() must cancel the edit. - -CVE-2015-1333 - -Signed-off-by: Colin Ian King -Signed-off-by: David Howells ---- - -diff --git a/security/keys/keyring.c b/security/keys/keyring.c -index e72548b5897e..d33437007ad2 100644 ---- a/security/keys/keyring.c -+++ b/security/keys/keyring.c -@@ -1181,9 +1181,11 @@ void __key_link_end(struct key *keyring, - if (index_key->type == &key_type_keyring) - up_write(&keyring_serialise_link_sem); - -- if (edit && !edit->dead_leaf) { -- key_payload_reserve(keyring, -- keyring->datalen - KEYQUOTA_LINK_BYTES); -+ if (edit) { -+ if (!edit->dead_leaf) { -+ key_payload_reserve(keyring, -+ keyring->datalen - KEYQUOTA_LINK_BYTES); -+ } - assoc_array_cancel_edit(edit); - } - up_write(&keyring->sem); diff --git a/debian/patches/bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch b/debian/patches/bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch index 5a7e204ae..9fbf18af9 100644 --- a/debian/patches/bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch +++ b/debian/patches/bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch @@ -26,14 +26,13 @@ space memory from user space. This is an information leak. Signed-off-by: Benjamin Randazzo Signed-off-by: NeilBrown -[bwh: Backported to 4.1: using d_path() instead of file_path()] --- drivers/md/md.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) --- a/drivers/md/md.c +++ b/drivers/md/md.c -@@ -5735,22 +5735,22 @@ static int get_bitmap_file(struct mddev +@@ -5759,22 +5759,22 @@ static int get_bitmap_file(struct mddev char *ptr; int err; @@ -47,7 +46,7 @@ Signed-off-by: NeilBrown - /* bitmap disabled, zero the first byte and copy out */ - if (!mddev->bitmap_info.file) - file->pathname[0] = '\0'; -- else if ((ptr = d_path(&mddev->bitmap_info.file->f_path, +- else if ((ptr = file_path(mddev->bitmap_info.file, - file->pathname, sizeof(file->pathname))), - IS_ERR(ptr)) - err = PTR_ERR(ptr); @@ -56,8 +55,8 @@ Signed-off-by: NeilBrown - sizeof(file->pathname)-(ptr-file->pathname)); + /* bitmap enabled */ + if (mddev->bitmap_info.file) { -+ ptr = d_path(&mddev->bitmap_info.file->f_path, file->pathname, -+ sizeof(file->pathname)); ++ ptr = file_path(mddev->bitmap_info.file, file->pathname, ++ sizeof(file->pathname)); + if (IS_ERR(ptr)) + err = PTR_ERR(ptr); + else diff --git a/debian/patches/bugfix/mips/disable-advansys.patch b/debian/patches/bugfix/mips/disable-advansys.patch index d49cc6d89..1b7afcc3d 100644 --- a/debian/patches/bugfix/mips/disable-advansys.patch +++ b/debian/patches/bugfix/mips/disable-advansys.patch @@ -1,6 +1,6 @@ From: Martin Michlmayr Date: Sat, 19 Jan 2008 18:25:02 +0000 -Subject: [arm, mips] Disable Advansys +Subject: [mips] Disable Advansys Forwarded: http://thread.gmane.org/gmane.linux.scsi/57291 Florian Lohoff reports the following build failure on IP32: @@ -12,14 +12,11 @@ make[5]: *** [__modpost] Error 1 But report: http://www.mail-archive.com/linux-scsi@vger.kernel.org/msg12773.html -[bwh: Upstream finally accepted this was broken on ARM! But MIPS has - the same problem still.] - --- a/drivers/scsi/Kconfig +++ b/drivers/scsi/Kconfig -@@ -495,6 +495,7 @@ config SCSI_ADVANSYS +@@ -505,6 +505,7 @@ config SCSI_ADVANSYS tristate "AdvanSys SCSI support" - depends on SCSI && VIRT_TO_BUS && !ARM + depends on SCSI depends on ISA || EISA || PCI + depends on !MIPS || BROKEN help diff --git a/debian/patches/bugfix/s390/s390-cachinfo-add-missing-facility-check-to-init_cache_level.patch b/debian/patches/bugfix/s390/s390-cachinfo-add-missing-facility-check-to-init_cache_level.patch deleted file mode 100644 index 69fee010c..000000000 --- a/debian/patches/bugfix/s390/s390-cachinfo-add-missing-facility-check-to-init_cache_level.patch +++ /dev/null @@ -1,51 +0,0 @@ -From: Heiko Carstens -Date: Mon, 27 Jul 2015 09:53:49 +0200 -Subject: s390/cachinfo: add missing facility check to init_cache_level() -Origin: https://git.kernel.org/cgit/linux/kernel/git/s390/linux.git/commit/?id=0b991f5cdcd6201e5401f83ca3a672343c3bfc49 -Bug-Debian: https://bugs.debian.org/793929 - -Stephen Powell reported the following crash on a z890 machine: - -Kernel BUG at 00000000001219d0 [verbose debug info unavailable] -illegal operation: 0001 ilc:3 [#1] SMP -Krnl PSW : 0704e00180000000 00000000001219d0 (init_cache_level+0x38/0xe0) - R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 EA:3 -Krnl Code: 00000000001219c2: a7840056 brc 8,121a6e - 00000000001219c6: a7190000 lghi %r1,0 - #00000000001219ca: eb101000004c ecag %r1,%r0,0(%r1) - >00000000001219d0: a7390000 lghi %r3,0 - 00000000001219d4: e310f0a00024 stg %r1,160(%r15) - 00000000001219da: a7080000 lhi %r0,0 - 00000000001219de: a7b9f000 lghi %r11,-4096 - 00000000001219e2: c0a0002899d9 larl %r10,634d94 -Call Trace: - [<0000000000478ee2>] detect_cache_attributes+0x2a/0x2b8 - [<000000000097c9b0>] cacheinfo_sysfs_init+0x60/0xc8 - [<00000000001001c0>] do_one_initcall+0x98/0x1c8 - [<000000000094fdc2>] kernel_init_freeable+0x212/0x2d8 - [<000000000062352e>] kernel_init+0x26/0x118 - [<000000000062fd2e>] kernel_thread_starter+0x6/0xc - -The illegal operation was executed because of a missing facility check, -which should have made sure that the ECAG execution would only be executed -on machines which have the general-instructions-extension facility -installed. - -Reported-and-tested-by: Stephen Powell -Cc: stable@vger.kernel.org # v4.0+ -Signed-off-by: Heiko Carstens -Signed-off-by: Martin Schwidefsky - -diff --git a/arch/s390/kernel/cache.c b/arch/s390/kernel/cache.c -index bff5e3b..8ba3243 100644 ---- a/arch/s390/kernel/cache.c -+++ b/arch/s390/kernel/cache.c -@@ -138,6 +138,8 @@ int init_cache_level(unsigned int cpu) - union cache_topology ct; - enum cache_type ctype; - -+ if (!test_facility(34)) -+ return -EOPNOTSUPP; - if (!this_cpu_ci) - return -EINVAL; - ct.raw = ecag(EXTRACT_TOPOLOGY, 0, 0); diff --git a/debian/patches/bugfix/x86/0003-x86-asm-entry-64-Remove-pointless-jump-to-irq_return.patch b/debian/patches/bugfix/x86/0003-x86-asm-entry-64-Remove-pointless-jump-to-irq_return.patch deleted file mode 100644 index 2865c6f08..000000000 --- a/debian/patches/bugfix/x86/0003-x86-asm-entry-64-Remove-pointless-jump-to-irq_return.patch +++ /dev/null @@ -1,47 +0,0 @@ -From: Andy Lutomirski -Date: Thu, 4 Jun 2015 13:24:29 -0700 -Subject: [3/9] x86/asm/entry/64: Remove pointless jump to irq_return -Origin: https://git.kernel.org/linus/5ca6f70f387b4f82903037cc3c5488e2c97dcdbc - -INTERRUPT_RETURN turns into a jmp instruction. There's no need -for extra indirection. - -Signed-off-by: Andy Lutomirski -Cc: -Cc: Andrew Morton -Cc: Andy Lutomirski -Cc: Borislav Petkov -Cc: Brian Gerst -Cc: Denys Vlasenko -Cc: H. Peter Anvin -Cc: Linus Torvalds -Cc: Peter Zijlstra -Cc: Thomas Gleixner -Link: http://lkml.kernel.org/r/2f2318653dbad284a59311f13f08cea71298fd7c.1433449436.git.luto@kernel.org -Signed-off-by: Ingo Molnar -[bwh: Backported to 4.1: adjust filename, context] -Signed-off-by: Ben Hutchings ---- - arch/x86/kernel/entry_64.S | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - ---- a/arch/x86/kernel/entry_64.S -+++ b/arch/x86/kernel/entry_64.S -@@ -811,8 +811,6 @@ retint_kernel: - restore_c_regs_and_iret: - RESTORE_C_REGS - REMOVE_PT_GPREGS_FROM_STACK 8 -- --irq_return: - INTERRUPT_RETURN - - ENTRY(native_iret) -@@ -1658,7 +1656,7 @@ nmi_restore: - - /* Clear the NMI executing stack variable */ - movq $0, 5*8(%rsp) -- jmp irq_return -+ INTERRUPT_RETURN - CFI_ENDPROC - END(nmi) - diff --git a/debian/patches/bugfix/x86/0004-x86-nmi-Enable-nested-do_nmi-handling-for-64-bit-ker.patch b/debian/patches/bugfix/x86/0004-x86-nmi-Enable-nested-do_nmi-handling-for-64-bit-ker.patch deleted file mode 100644 index cb18ec247..000000000 --- a/debian/patches/bugfix/x86/0004-x86-nmi-Enable-nested-do_nmi-handling-for-64-bit-ker.patch +++ /dev/null @@ -1,191 +0,0 @@ -From: Andy Lutomirski -Date: Wed, 15 Jul 2015 10:29:33 -0700 -Subject: [4/9] x86/nmi: Enable nested do_nmi() handling for 64-bit kernels -Origin: https://git.kernel.org/linus/9d05041679904b12c12421cbcf9cb5f4860a8d7b - -32-bit kernels handle nested NMIs in C. Enable the exact same -handling on 64-bit kernels as well. This isn't currently -necessary, but it will become necessary once the asm code starts -allowing limited nesting. - -Signed-off-by: Andy Lutomirski -Reviewed-by: Steven Rostedt -Cc: Borislav Petkov -Cc: Linus Torvalds -Cc: Peter Zijlstra -Cc: Thomas Gleixner -Cc: stable@vger.kernel.org -Signed-off-by: Ingo Molnar ---- - arch/x86/kernel/nmi.c | 123 +++++++++++++++++++++----------------------------- - 1 file changed, 52 insertions(+), 71 deletions(-) - ---- a/arch/x86/kernel/nmi.c -+++ b/arch/x86/kernel/nmi.c -@@ -408,15 +408,15 @@ static void default_do_nmi(struct pt_reg - NOKPROBE_SYMBOL(default_do_nmi); - - /* -- * NMIs can hit breakpoints which will cause it to lose its -- * NMI context with the CPU when the breakpoint does an iret. -- */ --#ifdef CONFIG_X86_32 --/* -- * For i386, NMIs use the same stack as the kernel, and we can -- * add a workaround to the iret problem in C (preventing nested -- * NMIs if an NMI takes a trap). Simply have 3 states the NMI -- * can be in: -+ * NMIs can hit breakpoints which will cause it to lose its NMI context -+ * with the CPU when the breakpoint or page fault does an IRET. -+ * -+ * As a result, NMIs can nest if NMIs get unmasked due an IRET during -+ * NMI processing. On x86_64, the asm glue protects us from nested NMIs -+ * if the outer NMI came from kernel mode, but we can still nest if the -+ * outer NMI came from user mode. -+ * -+ * To handle these nested NMIs, we have three states: - * - * 1) not running - * 2) executing -@@ -430,15 +430,14 @@ NOKPROBE_SYMBOL(default_do_nmi); - * (Note, the latch is binary, thus multiple NMIs triggering, - * when one is running, are ignored. Only one NMI is restarted.) - * -- * If an NMI hits a breakpoint that executes an iret, another -- * NMI can preempt it. We do not want to allow this new NMI -- * to run, but we want to execute it when the first one finishes. -- * We set the state to "latched", and the exit of the first NMI will -- * perform a dec_return, if the result is zero (NOT_RUNNING), then -- * it will simply exit the NMI handler. If not, the dec_return -- * would have set the state to NMI_EXECUTING (what we want it to -- * be when we are running). In this case, we simply jump back -- * to rerun the NMI handler again, and restart the 'latched' NMI. -+ * If an NMI executes an iret, another NMI can preempt it. We do not -+ * want to allow this new NMI to run, but we want to execute it when the -+ * first one finishes. We set the state to "latched", and the exit of -+ * the first NMI will perform a dec_return, if the result is zero -+ * (NOT_RUNNING), then it will simply exit the NMI handler. If not, the -+ * dec_return would have set the state to NMI_EXECUTING (what we want it -+ * to be when we are running). In this case, we simply jump back to -+ * rerun the NMI handler again, and restart the 'latched' NMI. - * - * No trap (breakpoint or page fault) should be hit before nmi_restart, - * thus there is no race between the first check of state for NOT_RUNNING -@@ -461,49 +460,36 @@ enum nmi_states { - static DEFINE_PER_CPU(enum nmi_states, nmi_state); - static DEFINE_PER_CPU(unsigned long, nmi_cr2); - --#define nmi_nesting_preprocess(regs) \ -- do { \ -- if (this_cpu_read(nmi_state) != NMI_NOT_RUNNING) { \ -- this_cpu_write(nmi_state, NMI_LATCHED); \ -- return; \ -- } \ -- this_cpu_write(nmi_state, NMI_EXECUTING); \ -- this_cpu_write(nmi_cr2, read_cr2()); \ -- } while (0); \ -- nmi_restart: -- --#define nmi_nesting_postprocess() \ -- do { \ -- if (unlikely(this_cpu_read(nmi_cr2) != read_cr2())) \ -- write_cr2(this_cpu_read(nmi_cr2)); \ -- if (this_cpu_dec_return(nmi_state)) \ -- goto nmi_restart; \ -- } while (0) --#else /* x86_64 */ -+#ifdef CONFIG_X86_64 - /* -- * In x86_64 things are a bit more difficult. This has the same problem -- * where an NMI hitting a breakpoint that calls iret will remove the -- * NMI context, allowing a nested NMI to enter. What makes this more -- * difficult is that both NMIs and breakpoints have their own stack. -- * When a new NMI or breakpoint is executed, the stack is set to a fixed -- * point. If an NMI is nested, it will have its stack set at that same -- * fixed address that the first NMI had, and will start corrupting the -- * stack. This is handled in entry_64.S, but the same problem exists with -- * the breakpoint stack. -- * -- * If a breakpoint is being processed, and the debug stack is being used, -- * if an NMI comes in and also hits a breakpoint, the stack pointer -- * will be set to the same fixed address as the breakpoint that was -- * interrupted, causing that stack to be corrupted. To handle this case, -- * check if the stack that was interrupted is the debug stack, and if -- * so, change the IDT so that new breakpoints will use the current stack -- * and not switch to the fixed address. On return of the NMI, switch back -- * to the original IDT. -+ * In x86_64, we need to handle breakpoint -> NMI -> breakpoint. Without -+ * some care, the inner breakpoint will clobber the outer breakpoint's -+ * stack. -+ * -+ * If a breakpoint is being processed, and the debug stack is being -+ * used, if an NMI comes in and also hits a breakpoint, the stack -+ * pointer will be set to the same fixed address as the breakpoint that -+ * was interrupted, causing that stack to be corrupted. To handle this -+ * case, check if the stack that was interrupted is the debug stack, and -+ * if so, change the IDT so that new breakpoints will use the current -+ * stack and not switch to the fixed address. On return of the NMI, -+ * switch back to the original IDT. - */ - static DEFINE_PER_CPU(int, update_debug_stack); -+#endif - --static inline void nmi_nesting_preprocess(struct pt_regs *regs) -+dotraplinkage notrace void -+do_nmi(struct pt_regs *regs, long error_code) - { -+ if (this_cpu_read(nmi_state) != NMI_NOT_RUNNING) { -+ this_cpu_write(nmi_state, NMI_LATCHED); -+ return; -+ } -+ this_cpu_write(nmi_state, NMI_EXECUTING); -+ this_cpu_write(nmi_cr2, read_cr2()); -+nmi_restart: -+ -+#ifdef CONFIG_X86_64 - /* - * If we interrupted a breakpoint, it is possible that - * the nmi handler will have breakpoints too. We need to -@@ -514,22 +500,8 @@ static inline void nmi_nesting_preproces - debug_stack_set_zero(); - this_cpu_write(update_debug_stack, 1); - } --} -- --static inline void nmi_nesting_postprocess(void) --{ -- if (unlikely(this_cpu_read(update_debug_stack))) { -- debug_stack_reset(); -- this_cpu_write(update_debug_stack, 0); -- } --} - #endif - --dotraplinkage notrace void --do_nmi(struct pt_regs *regs, long error_code) --{ -- nmi_nesting_preprocess(regs); -- - nmi_enter(); - - inc_irq_stat(__nmi_count); -@@ -539,8 +511,17 @@ do_nmi(struct pt_regs *regs, long error_ - - nmi_exit(); - -- /* On i386, may loop back to preprocess */ -- nmi_nesting_postprocess(); -+#ifdef CONFIG_X86_64 -+ if (unlikely(this_cpu_read(update_debug_stack))) { -+ debug_stack_reset(); -+ this_cpu_write(update_debug_stack, 0); -+ } -+#endif -+ -+ if (unlikely(this_cpu_read(nmi_cr2) != read_cr2())) -+ write_cr2(this_cpu_read(nmi_cr2)); -+ if (this_cpu_dec_return(nmi_state)) -+ goto nmi_restart; - } - NOKPROBE_SYMBOL(do_nmi); - diff --git a/debian/patches/bugfix/x86/0005-x86-nmi-64-Remove-asm-code-that-saves-cr2.patch b/debian/patches/bugfix/x86/0005-x86-nmi-64-Remove-asm-code-that-saves-cr2.patch deleted file mode 100644 index 32985d13e..000000000 --- a/debian/patches/bugfix/x86/0005-x86-nmi-64-Remove-asm-code-that-saves-cr2.patch +++ /dev/null @@ -1,53 +0,0 @@ -From: Andy Lutomirski -Date: Wed, 15 Jul 2015 10:29:34 -0700 -Subject: [5/9] x86/nmi/64: Remove asm code that saves CR2 -Origin: https://git.kernel.org/linus/0e181bb58143cb4a2e8f01c281b0816cd0e4798e - -Now that do_nmi saves CR2, we don't need to save it in asm. - -Signed-off-by: Andy Lutomirski -Reviewed-by: Steven Rostedt -Acked-by: Borislav Petkov -Cc: Linus Torvalds -Cc: Peter Zijlstra -Cc: Thomas Gleixner -Cc: stable@vger.kernel.org -Signed-off-by: Ingo Molnar -[bwh: Backported to 4.0: adjust filename, context] -Signed-off-by: Ben Hutchings ---- - arch/x86/kernel/entry_64.S | 18 ------------------ - 1 file changed, 18 deletions(-) - ---- a/arch/x86/kernel/entry_64.S -+++ b/arch/x86/kernel/entry_64.S -@@ -1621,29 +1621,11 @@ end_repeat_nmi: - call paranoid_entry - DEFAULT_FRAME 0 - -- /* -- * Save off the CR2 register. If we take a page fault in the NMI then -- * it could corrupt the CR2 value. If the NMI preempts a page fault -- * handler before it was able to read the CR2 register, and then the -- * NMI itself takes a page fault, the page fault that was preempted -- * will read the information from the NMI page fault and not the -- * origin fault. Save it off and restore it if it changes. -- * Use the r12 callee-saved register. -- */ -- movq %cr2, %r12 -- - /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ - movq %rsp,%rdi - movq $-1,%rsi - call do_nmi - -- /* Did the NMI take a page fault? Restore cr2 if it did */ -- movq %cr2, %rcx -- cmpq %rcx, %r12 -- je 1f -- movq %r12, %cr2 --1: -- - testl %ebx,%ebx /* swapgs needed? */ - jnz nmi_restore - nmi_swapgs: diff --git a/debian/patches/bugfix/x86/0006-x86-nmi-64-Switch-stacks-on-userspace-NMI-entry.patch b/debian/patches/bugfix/x86/0006-x86-nmi-64-Switch-stacks-on-userspace-NMI-entry.patch deleted file mode 100644 index 0e85fc428..000000000 --- a/debian/patches/bugfix/x86/0006-x86-nmi-64-Switch-stacks-on-userspace-NMI-entry.patch +++ /dev/null @@ -1,112 +0,0 @@ -From: Andy Lutomirski -Date: Wed, 15 Jul 2015 10:29:35 -0700 -Subject: [6/9] x86/nmi/64: Switch stacks on userspace NMI entry -Origin: https://git.kernel.org/linus/9b6e6a8334d56354853f9c255d1395c2ba570e0a - -Returning to userspace is tricky: IRET can fail, and ESPFIX can -rearrange the stack prior to IRET. - -The NMI nesting fixup relies on a precise stack layout and -atomic IRET. Rather than trying to teach the NMI nesting fixup -to handle ESPFIX and failed IRET, punt: run NMIs that came from -user mode on the normal kernel stack. - -This will make some nested NMIs visible to C code, but the C -code is okay with that. - -As a side effect, this should speed up perf: it eliminates an -RDMSR when NMIs come from user mode. - -Signed-off-by: Andy Lutomirski -Reviewed-by: Steven Rostedt -Reviewed-by: Borislav Petkov -Cc: Linus Torvalds -Cc: Peter Zijlstra -Cc: Thomas Gleixner -Cc: stable@vger.kernel.org -Signed-off-by: Ingo Molnar -[bwh: Backported to 4.1: - - Adjust filename, context - - Use kernel_stack instead of cpu_current_top_of_stack] -Signed-off-by: Ben Hutchings ---- ---- a/arch/x86/kernel/entry_64.S -+++ b/arch/x86/kernel/entry_64.S -@@ -1442,19 +1442,73 @@ ENTRY(nmi) - * a nested NMI that updated the copy interrupt stack frame, a - * jump will be made to the repeat_nmi code that will handle the second - * NMI. -+ * -+ * However, espfix prevents us from directly returning to userspace -+ * with a single IRET instruction. Similarly, IRET to user mode -+ * can fault. We therefore handle NMIs from user space like -+ * other IST entries. - */ - - /* Use %rdx as our temp variable throughout */ - pushq_cfi %rdx - CFI_REL_OFFSET rdx, 0 - -+ testb $3, CS-RIP+8(%rsp) -+ jz .Lnmi_from_kernel -+ -+ /* -+ * NMI from user mode. We need to run on the thread stack, but we -+ * can't go through the normal entry paths: NMIs are masked, and -+ * we don't want to enable interrupts, because then we'll end -+ * up in an awkward situation in which IRQs are on but NMIs -+ * are off. -+ */ -+ -+ SWAPGS -+ cld -+ movq %rsp, %rdx -+ movq PER_CPU_VAR(kernel_stack), %rsp -+ pushq 5*8(%rdx) /* pt_regs->ss */ -+ pushq 4*8(%rdx) /* pt_regs->rsp */ -+ pushq 3*8(%rdx) /* pt_regs->flags */ -+ pushq 2*8(%rdx) /* pt_regs->cs */ -+ pushq 1*8(%rdx) /* pt_regs->rip */ -+ pushq $-1 /* pt_regs->orig_ax */ -+ pushq %rdi /* pt_regs->di */ -+ pushq %rsi /* pt_regs->si */ -+ pushq (%rdx) /* pt_regs->dx */ -+ pushq %rcx /* pt_regs->cx */ -+ pushq %rax /* pt_regs->ax */ -+ pushq %r8 /* pt_regs->r8 */ -+ pushq %r9 /* pt_regs->r9 */ -+ pushq %r10 /* pt_regs->r10 */ -+ pushq %r11 /* pt_regs->r11 */ -+ pushq %rbx /* pt_regs->rbx */ -+ pushq %rbp /* pt_regs->rbp */ -+ pushq %r12 /* pt_regs->r12 */ -+ pushq %r13 /* pt_regs->r13 */ -+ pushq %r14 /* pt_regs->r14 */ -+ pushq %r15 /* pt_regs->r15 */ -+ -+ /* -+ * At this point we no longer need to worry about stack damage -+ * due to nesting -- we're on the normal thread stack and we're -+ * done with the NMI stack. -+ */ -+ -+ movq %rsp, %rdi -+ movq $-1, %rsi -+ call do_nmi -+ - /* -- * If %cs was not the kernel segment, then the NMI triggered in user -- * space, which means it is definitely not nested. -+ * Return back to user mode. We must *not* do the normal exit -+ * work, because we don't want to enable interrupts. Fortunately, -+ * do_nmi doesn't modify pt_regs. - */ -- cmpl $__KERNEL_CS, 16(%rsp) -- jne first_nmi -+ SWAPGS -+ jmp restore_c_regs_and_iret - -+.Lnmi_from_kernel: - /* - * Check the special variable on the stack to see if NMIs are - * executing. diff --git a/debian/patches/bugfix/x86/0007-x86-nmi-64-Improve-nested-NMI-comments.patch b/debian/patches/bugfix/x86/0007-x86-nmi-64-Improve-nested-NMI-comments.patch deleted file mode 100644 index 24d04f15d..000000000 --- a/debian/patches/bugfix/x86/0007-x86-nmi-64-Improve-nested-NMI-comments.patch +++ /dev/null @@ -1,286 +0,0 @@ -From: Andy Lutomirski -Date: Wed, 15 Jul 2015 10:29:36 -0700 -Subject: [7/9] x86/nmi/64: Improve nested NMI comments -Origin: https://git.kernel.org/linus/0b22930ebad563ae97ff3f8d7b9f12060b4c6e6b - -I found the nested NMI documentation to be difficult to follow. -Improve the comments. - -Signed-off-by: Andy Lutomirski -Reviewed-by: Steven Rostedt -Cc: Borislav Petkov -Cc: Linus Torvalds -Cc: Peter Zijlstra -Cc: Thomas Gleixner -Cc: stable@vger.kernel.org -Signed-off-by: Ingo Molnar -[bwh: Backported to 4.1: adjust filename, context] -Signed-off-by: Ben Hutchings ---- - arch/x86/kernel/entry_64.S | 159 ++++++++++++++++++++++++++------------------- - arch/x86/kernel/nmi.c | 4 +- - 2 files changed, 93 insertions(+), 70 deletions(-) - ---- a/arch/x86/kernel/entry_64.S -+++ b/arch/x86/kernel/entry_64.S -@@ -1429,11 +1429,12 @@ ENTRY(nmi) - * If the variable is not set and the stack is not the NMI - * stack then: - * o Set the special variable on the stack -- * o Copy the interrupt frame into a "saved" location on the stack -- * o Copy the interrupt frame into a "copy" location on the stack -+ * o Copy the interrupt frame into an "outermost" location on the -+ * stack -+ * o Copy the interrupt frame into an "iret" location on the stack - * o Continue processing the NMI - * If the variable is set or the previous stack is the NMI stack: -- * o Modify the "copy" location to jump to the repeate_nmi -+ * o Modify the "iret" location to jump to the repeat_nmi - * o return back to the first NMI - * - * Now on exit of the first NMI, we first clear the stack variable -@@ -1510,18 +1511,60 @@ ENTRY(nmi) - - .Lnmi_from_kernel: - /* -- * Check the special variable on the stack to see if NMIs are -- * executing. -+ * Here's what our stack frame will look like: -+ * +---------------------------------------------------------+ -+ * | original SS | -+ * | original Return RSP | -+ * | original RFLAGS | -+ * | original CS | -+ * | original RIP | -+ * +---------------------------------------------------------+ -+ * | temp storage for rdx | -+ * +---------------------------------------------------------+ -+ * | "NMI executing" variable | -+ * +---------------------------------------------------------+ -+ * | iret SS } Copied from "outermost" frame | -+ * | iret Return RSP } on each loop iteration; overwritten | -+ * | iret RFLAGS } by a nested NMI to force another | -+ * | iret CS } iteration if needed. | -+ * | iret RIP } | -+ * +---------------------------------------------------------+ -+ * | outermost SS } initialized in first_nmi; | -+ * | outermost Return RSP } will not be changed before | -+ * | outermost RFLAGS } NMI processing is done. | -+ * | outermost CS } Copied to "iret" frame on each | -+ * | outermost RIP } iteration. | -+ * +---------------------------------------------------------+ -+ * | pt_regs | -+ * +---------------------------------------------------------+ -+ * -+ * The "original" frame is used by hardware. Before re-enabling -+ * NMIs, we need to be done with it, and we need to leave enough -+ * space for the asm code here. -+ * -+ * We return by executing IRET while RSP points to the "iret" frame. -+ * That will either return for real or it will loop back into NMI -+ * processing. -+ * -+ * The "outermost" frame is copied to the "iret" frame on each -+ * iteration of the loop, so each iteration starts with the "iret" -+ * frame pointing to the final return target. -+ */ -+ -+ /* -+ * Determine whether we're a nested NMI. -+ * -+ * First check "NMI executing". If it's set, then we're nested. -+ * This will not detect if we interrupted an outer NMI just -+ * before IRET. - */ - cmpl $1, -8(%rsp) - je nested_nmi - - /* -- * Now test if the previous stack was an NMI stack. -- * We need the double check. We check the NMI stack to satisfy the -- * race when the first NMI clears the variable before returning. -- * We check the variable because the first NMI could be in a -- * breakpoint routine using a breakpoint stack. -+ * Now test if the previous stack was an NMI stack. This covers -+ * the case where we interrupt an outer NMI after it clears -+ * "NMI executing" but before IRET. - */ - lea 6*8(%rsp), %rdx - /* Compare the NMI stack (rdx) with the stack we came from (4*8(%rsp)) */ -@@ -1538,9 +1581,11 @@ ENTRY(nmi) - - nested_nmi: - /* -- * Do nothing if we interrupted the fixup in repeat_nmi. -- * It's about to repeat the NMI handler, so we are fine -- * with ignoring this one. -+ * If we interrupted an NMI that is between repeat_nmi and -+ * end_repeat_nmi, then we must not modify the "iret" frame -+ * because it's being written by the outer NMI. That's okay; -+ * the outer NMI handler is about to call do_nmi anyway, -+ * so we can just resume the outer NMI. - */ - movq $repeat_nmi, %rdx - cmpq 8(%rsp), %rdx -@@ -1550,7 +1595,10 @@ nested_nmi: - ja nested_nmi_out - - 1: -- /* Set up the interrupted NMIs stack to jump to repeat_nmi */ -+ /* -+ * Modify the "iret" frame to point to repeat_nmi, forcing another -+ * iteration of NMI handling. -+ */ - leaq -1*8(%rsp), %rdx - movq %rdx, %rsp - CFI_ADJUST_CFA_OFFSET 1*8 -@@ -1569,60 +1617,23 @@ nested_nmi_out: - popq_cfi %rdx - CFI_RESTORE rdx - -- /* No need to check faults here */ -+ /* We are returning to kernel mode, so this cannot result in a fault. */ - INTERRUPT_RETURN - - CFI_RESTORE_STATE - first_nmi: -- /* -- * Because nested NMIs will use the pushed location that we -- * stored in rdx, we must keep that space available. -- * Here's what our stack frame will look like: -- * +-------------------------+ -- * | original SS | -- * | original Return RSP | -- * | original RFLAGS | -- * | original CS | -- * | original RIP | -- * +-------------------------+ -- * | temp storage for rdx | -- * +-------------------------+ -- * | NMI executing variable | -- * +-------------------------+ -- * | copied SS | -- * | copied Return RSP | -- * | copied RFLAGS | -- * | copied CS | -- * | copied RIP | -- * +-------------------------+ -- * | Saved SS | -- * | Saved Return RSP | -- * | Saved RFLAGS | -- * | Saved CS | -- * | Saved RIP | -- * +-------------------------+ -- * | pt_regs | -- * +-------------------------+ -- * -- * The saved stack frame is used to fix up the copied stack frame -- * that a nested NMI may change to make the interrupted NMI iret jump -- * to the repeat_nmi. The original stack frame and the temp storage -- * is also used by nested NMIs and can not be trusted on exit. -- */ -- /* Do not pop rdx, nested NMIs will corrupt that part of the stack */ -+ /* Restore rdx. */ - movq (%rsp), %rdx - CFI_RESTORE rdx - -- /* Set the NMI executing variable on the stack. */ -+ /* Set "NMI executing" on the stack. */ - pushq_cfi $1 - -- /* -- * Leave room for the "copied" frame -- */ -+ /* Leave room for the "iret" frame */ - subq $(5*8), %rsp - CFI_ADJUST_CFA_OFFSET 5*8 - -- /* Copy the stack frame to the Saved frame */ -+ /* Copy the "original" frame to the "outermost" frame */ - .rept 5 - pushq_cfi 11*8(%rsp) - .endr -@@ -1630,6 +1641,7 @@ first_nmi: - - /* Everything up to here is safe from nested NMIs */ - -+repeat_nmi: - /* - * If there was a nested NMI, the first NMI's iret will return - * here. But NMIs are still enabled and we can take another -@@ -1638,16 +1650,21 @@ first_nmi: - * it will just return, as we are about to repeat an NMI anyway. - * This makes it safe to copy to the stack frame that a nested - * NMI will update. -- */ --repeat_nmi: -- /* -- * Update the stack variable to say we are still in NMI (the update -- * is benign for the non-repeat case, where 1 was pushed just above -- * to this very stack slot). -+ * -+ * RSP is pointing to "outermost RIP". gsbase is unknown, but, if -+ * we're repeating an NMI, gsbase has the same value that it had on -+ * the first iteration. paranoid_entry will load the kernel -+ * gsbase if needed before we call do_nmi. -+ * -+ * Set "NMI executing" in case we came back here via IRET. - */ - movq $1, 10*8(%rsp) - -- /* Make another copy, this one may be modified by nested NMIs */ -+ /* -+ * Copy the "outermost" frame to the "iret" frame. NMIs that nest -+ * here must not modify the "iret" frame while we're writing to -+ * it or it will end up containing garbage. -+ */ - addq $(10*8), %rsp - CFI_ADJUST_CFA_OFFSET -10*8 - .rept 5 -@@ -1658,9 +1675,9 @@ repeat_nmi: - end_repeat_nmi: - - /* -- * Everything below this point can be preempted by a nested -- * NMI if the first NMI took an exception and reset our iret stack -- * so that we repeat another NMI. -+ * Everything below this point can be preempted by a nested NMI. -+ * If this happens, then the inner NMI will change the "iret" -+ * frame to point back to repeat_nmi. - */ - pushq_cfi $-1 /* ORIG_RAX: no syscall to restart */ - ALLOC_PT_GPREGS_ON_STACK -@@ -1687,11 +1704,18 @@ nmi_swapgs: - nmi_restore: - RESTORE_EXTRA_REGS - RESTORE_C_REGS -- /* Pop the extra iret frame at once */ -+ -+ /* Point RSP at the "iret" frame. */ - REMOVE_PT_GPREGS_FROM_STACK 6*8 - -- /* Clear the NMI executing stack variable */ -+ /* Clear "NMI executing". */ - movq $0, 5*8(%rsp) -+ -+ /* -+ * INTERRUPT_RETURN reads the "iret" frame and exits the NMI -+ * stack in a single instruction. We are returning to kernel -+ * mode, so this cannot result in a fault. -+ */ - INTERRUPT_RETURN - CFI_ENDPROC - END(nmi) ---- a/arch/x86/kernel/nmi.c -+++ b/arch/x86/kernel/nmi.c -@@ -408,8 +408,8 @@ static void default_do_nmi(struct pt_reg - NOKPROBE_SYMBOL(default_do_nmi); - - /* -- * NMIs can hit breakpoints which will cause it to lose its NMI context -- * with the CPU when the breakpoint or page fault does an IRET. -+ * NMIs can page fault or hit breakpoints which will cause it to lose -+ * its NMI context with the CPU when the breakpoint or page fault does an IRET. - * - * As a result, NMIs can nest if NMIs get unmasked due an IRET during - * NMI processing. On x86_64, the asm glue protects us from nested NMIs diff --git a/debian/patches/bugfix/x86/0008-x86-nmi-64-Reorder-nested-NMI-checks.patch b/debian/patches/bugfix/x86/0008-x86-nmi-64-Reorder-nested-NMI-checks.patch deleted file mode 100644 index d010de02d..000000000 --- a/debian/patches/bugfix/x86/0008-x86-nmi-64-Reorder-nested-NMI-checks.patch +++ /dev/null @@ -1,91 +0,0 @@ -From: Andy Lutomirski -Date: Wed, 15 Jul 2015 10:29:37 -0700 -Subject: [8/9] x86/nmi/64: Reorder nested NMI checks -Origin: https://git.kernel.org/linus/a27507ca2d796cfa8d907de31ad730359c8a6d06 - -Check the repeat_nmi .. end_repeat_nmi special case first. The -next patch will rework the RSP check and, as a side effect, the -RSP check will no longer detect repeat_nmi .. end_repeat_nmi, so -we'll need this ordering of the checks. - -Note: this is more subtle than it appears. The check for -repeat_nmi .. end_repeat_nmi jumps straight out of the NMI code -instead of adjusting the "iret" frame to force a repeat. This -is necessary, because the code between repeat_nmi and -end_repeat_nmi sets "NMI executing" and then writes to the -"iret" frame itself. If a nested NMI comes in and modifies the -"iret" frame while repeat_nmi is also modifying it, we'll end up -with garbage. The old code got this right, as does the new -code, but the new code is a bit more explicit. - -If we were to move the check right after the "NMI executing" -check, then we'd get it wrong and have random crashes. - -( Because the "NMI executing" check would jump to the code that would - modify the "iret" frame without checking if the interrupted NMI was - currently modifying it. ) - -Signed-off-by: Andy Lutomirski -Reviewed-by: Steven Rostedt -Cc: Borislav Petkov -Cc: Linus Torvalds -Cc: Peter Zijlstra -Cc: Thomas Gleixner -Cc: stable@vger.kernel.org -Signed-off-by: Ingo Molnar -[bwh: Backported to 4.1: adjust filename, spacing] -Signed-off-by: Ben Hutchings ---- - arch/x86/kernel/entry_64.S | 34 ++++++++++++++++++---------------- - 1 file changed, 18 insertions(+), 16 deletions(-) - ---- a/arch/x86/kernel/entry_64.S -+++ b/arch/x86/kernel/entry_64.S -@@ -1554,7 +1554,24 @@ ENTRY(nmi) - /* - * Determine whether we're a nested NMI. - * -- * First check "NMI executing". If it's set, then we're nested. -+ * If we interrupted kernel code between repeat_nmi and -+ * end_repeat_nmi, then we are a nested NMI. We must not -+ * modify the "iret" frame because it's being written by -+ * the outer NMI. That's okay; the outer NMI handler is -+ * about to about to call do_nmi anyway, so we can just -+ * resume the outer NMI. -+ */ -+ -+ movq $repeat_nmi, %rdx -+ cmpq 8(%rsp), %rdx -+ ja 1f -+ movq $end_repeat_nmi, %rdx -+ cmpq 8(%rsp), %rdx -+ ja nested_nmi_out -+1: -+ -+ /* -+ * Now check "NMI executing". If it's set, then we're nested. - * This will not detect if we interrupted an outer NMI just - * before IRET. - */ -@@ -1581,21 +1598,6 @@ ENTRY(nmi) - - nested_nmi: - /* -- * If we interrupted an NMI that is between repeat_nmi and -- * end_repeat_nmi, then we must not modify the "iret" frame -- * because it's being written by the outer NMI. That's okay; -- * the outer NMI handler is about to call do_nmi anyway, -- * so we can just resume the outer NMI. -- */ -- movq $repeat_nmi, %rdx -- cmpq 8(%rsp), %rdx -- ja 1f -- movq $end_repeat_nmi, %rdx -- cmpq 8(%rsp), %rdx -- ja nested_nmi_out -- --1: -- /* - * Modify the "iret" frame to point to repeat_nmi, forcing another - * iteration of NMI handling. - */ diff --git a/debian/patches/bugfix/x86/0009-x86-nmi-64-Use-DF-to-avoid-userspace-RSP-confusing-n.patch b/debian/patches/bugfix/x86/0009-x86-nmi-64-Use-DF-to-avoid-userspace-RSP-confusing-n.patch deleted file mode 100644 index 60e0bda4b..000000000 --- a/debian/patches/bugfix/x86/0009-x86-nmi-64-Use-DF-to-avoid-userspace-RSP-confusing-n.patch +++ /dev/null @@ -1,90 +0,0 @@ -From: Andy Lutomirski -Date: Wed, 15 Jul 2015 10:29:38 -0700 -Subject: x86/nmi/64: Use DF to avoid userspace RSP confusing nested NMI - detection -Origin: https://git.kernel.org/linus/810bc075f78ff2c221536eb3008eac6a492dba2d - -We have a tricky bug in the nested NMI code: if we see RSP -pointing to the NMI stack on NMI entry from kernel mode, we -assume that we are executing a nested NMI. - -This isn't quite true. A malicious userspace program can point -RSP at the NMI stack, issue SYSCALL, and arrange for an NMI to -happen while RSP is still pointing at the NMI stack. - -Fix it with a sneaky trick. Set DF in the region of code that -the RSP check is intended to detect. IRET will clear DF -atomically. - -( Note: other than paravirt, there's little need for all this - complexity. We could check RIP instead of RSP. ) - -Signed-off-by: Andy Lutomirski -Reviewed-by: Steven Rostedt -Cc: Borislav Petkov -Cc: Linus Torvalds -Cc: Peter Zijlstra -Cc: Thomas Gleixner -Cc: stable@vger.kernel.org -Signed-off-by: Ingo Molnar -[bwh: Backported to 4.1: adjust filename, context] -Signed-off-by: Ben Hutchings ---- - arch/x86/kernel/entry_64.S | 29 +++++++++++++++++++++++++---- - 1 file changed, 25 insertions(+), 4 deletions(-) - ---- a/arch/x86/kernel/entry_64.S -+++ b/arch/x86/kernel/entry_64.S -@@ -1581,7 +1581,14 @@ ENTRY(nmi) - /* - * Now test if the previous stack was an NMI stack. This covers - * the case where we interrupt an outer NMI after it clears -- * "NMI executing" but before IRET. -+ * "NMI executing" but before IRET. We need to be careful, though: -+ * there is one case in which RSP could point to the NMI stack -+ * despite there being no NMI active: naughty userspace controls -+ * RSP at the very beginning of the SYSCALL targets. We can -+ * pull a fast one on naughty userspace, though: we program -+ * SYSCALL to mask DF, so userspace cannot cause DF to be set -+ * if it controls the kernel's RSP. We set DF before we clear -+ * "NMI executing". - */ - lea 6*8(%rsp), %rdx - /* Compare the NMI stack (rdx) with the stack we came from (4*8(%rsp)) */ -@@ -1592,10 +1599,16 @@ ENTRY(nmi) - cmpq %rdx, 4*8(%rsp) - /* If it is below the NMI stack, it is a normal NMI */ - jb first_nmi -- /* Ah, it is within the NMI stack, treat it as nested */ -+ -+ /* Ah, it is within the NMI stack. */ -+ -+ testb $(X86_EFLAGS_DF >> 8), (3*8 + 1)(%rsp) -+ jz first_nmi /* RSP was user controlled. */ - - CFI_REMEMBER_STATE - -+ /* This is a nested NMI. */ -+ - nested_nmi: - /* - * Modify the "iret" frame to point to repeat_nmi, forcing another -@@ -1710,8 +1723,16 @@ nmi_restore: - /* Point RSP at the "iret" frame. */ - REMOVE_PT_GPREGS_FROM_STACK 6*8 - -- /* Clear "NMI executing". */ -- movq $0, 5*8(%rsp) -+ /* -+ * Clear "NMI executing". Set DF first so that we can easily -+ * distinguish the remaining code between here and IRET from -+ * the SYSCALL entry and exit paths. On a native kernel, we -+ * could just inspect RIP, but, on paravirt kernels, -+ * INTERRUPT_RETURN can translate into a jump into a -+ * hypercall page. -+ */ -+ std -+ movq $0, 5*8(%rsp) /* clear "NMI executing" */ - - /* - * INTERRUPT_RETURN reads the "iret" frame and exits the NMI diff --git a/debian/patches/bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch b/debian/patches/bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch deleted file mode 100644 index 47de607da..000000000 --- a/debian/patches/bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Paolo Bonzini -Date: Sat, 30 May 2015 14:31:24 +0200 -Subject: kvm: x86: fix kvm_apic_has_events to check for NULL pointer -Origin: https://git.kernel.org/linus/ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009 - -Malicious (or egregiously buggy) userspace can trigger it, but it -should never happen in normal operation. - -Signed-off-by: Paolo Bonzini ---- - arch/x86/kvm/lapic.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/arch/x86/kvm/lapic.h -+++ b/arch/x86/kvm/lapic.h -@@ -165,7 +165,7 @@ static inline u16 apic_logical_id(struct - - static inline bool kvm_apic_has_events(struct kvm_vcpu *vcpu) - { -- return vcpu->arch.apic->pending_events; -+ return kvm_vcpu_has_lapic(vcpu) && vcpu->arch.apic->pending_events; - } - - bool kvm_apic_pending_eoi(struct kvm_vcpu *vcpu, int vector); diff --git a/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch b/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch index 639fb3c34..d487c87f4 100644 --- a/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch +++ b/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch @@ -9,8 +9,8 @@ This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415 --- a/fs/namei.c +++ b/fs/namei.c -@@ -651,8 +651,8 @@ static inline void put_link(struct namei - path_put(link); +@@ -847,8 +847,8 @@ static inline void put_link(struct namei + path_put(&last->link); } -int sysctl_protected_symlinks __read_mostly = 0; diff --git a/debian/patches/debian/yama-disable-by-default.patch b/debian/patches/debian/yama-disable-by-default.patch index f217a22b3..8477b5678 100644 --- a/debian/patches/debian/yama-disable-by-default.patch +++ b/debian/patches/debian/yama-disable-by-default.patch @@ -15,12 +15,12 @@ Forwarded: not-needed /* describe a ptrace relationship for potential exception */ struct ptrace_relation { -@@ -425,7 +425,7 @@ static __init int yama_init(void) +@@ -407,7 +407,7 @@ static __init int yama_init(void) + if (!security_module_enable("yama")) return 0; #endif +- pr_info("Yama: becoming mindful.\n"); ++ pr_info("Yama: disabled by default; enable with sysctl kernel.yama.*\n"); -- printk(KERN_INFO "Yama: becoming mindful.\n"); -+ printk(KERN_INFO "Yama: disabled by default; enable with sysctl kernel.yama.*\n"); - - #ifndef CONFIG_SECURITY_YAMA_STACKED - if (register_security(&yama_ops)) + #ifdef CONFIG_SYSCTL + if (!register_sysctl_paths(yama_sysctl_path, yama_sysctl_table)) diff --git a/debian/patches/features/all/aufs4/aufs4-mmap.patch b/debian/patches/features/all/aufs4/aufs4-mmap.patch index 2901e0d5f..eee90c7f2 100644 --- a/debian/patches/features/all/aufs4/aufs4-mmap.patch +++ b/debian/patches/features/all/aufs4/aufs4-mmap.patch @@ -8,11 +8,11 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch aufs4.x-rcN mmap patch -diff --git a/fs/buffer.c b/fs/buffer.c -index c7a5602..8c50a22 100644 +[bwh: Adjusted context for 4.2] + --- a/fs/buffer.c +++ b/fs/buffer.c -@@ -2450,7 +2450,7 @@ int block_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf, +@@ -2473,7 +2473,7 @@ int block_page_mkwrite(struct vm_area_st * Update file times before taking page lock. We may end up failing the * fault so this update may be superfluous but who really cares... */ @@ -21,11 +21,9 @@ index c7a5602..8c50a22 100644 ret = __block_page_mkwrite(vma, vmf, get_block); sb_end_pagefault(sb); -diff --git a/fs/proc/base.c b/fs/proc/base.c -index 093ca14..fc1ac03 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c -@@ -1744,7 +1744,7 @@ static int proc_map_files_get_link(struct dentry *dentry, struct path *path) +@@ -1939,7 +1939,7 @@ static int proc_map_files_get_link(struc down_read(&mm->mmap_sem); vma = find_exact_vma(mm, vm_start, vm_end); if (vma && vma->vm_file) { @@ -34,11 +32,9 @@ index 093ca14..fc1ac03 100644 path_get(path); rc = 0; } -diff --git a/fs/proc/nommu.c b/fs/proc/nommu.c -index d4a3574..1397181 100644 --- a/fs/proc/nommu.c +++ b/fs/proc/nommu.c -@@ -45,7 +45,10 @@ static int nommu_region_show(struct seq_file *m, struct vm_region *region) +@@ -45,7 +45,10 @@ static int nommu_region_show(struct seq_ file = region->vm_file; if (file) { @@ -50,11 +46,9 @@ index d4a3574..1397181 100644 dev = inode->i_sb->s_dev; ino = inode->i_ino; } -diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index 6dee68d..9afa35d 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c -@@ -279,7 +279,10 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) +@@ -279,7 +279,10 @@ show_map_vma(struct seq_file *m, struct const char *name = NULL; if (file) { @@ -66,7 +60,7 @@ index 6dee68d..9afa35d 100644 dev = inode->i_sb->s_dev; ino = inode->i_ino; pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT; -@@ -1479,7 +1482,7 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1479,7 +1482,7 @@ static int show_numa_map(struct seq_file struct proc_maps_private *proc_priv = &numa_priv->proc_maps; struct vm_area_struct *vma = v; struct numa_maps *md = &numa_priv->md; @@ -75,11 +69,9 @@ index 6dee68d..9afa35d 100644 struct mm_struct *mm = vma->vm_mm; struct mm_walk walk = { .hugetlb_entry = gather_hugetlb_stats, -diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c -index 599ec2e..de6cd6e 100644 --- a/fs/proc/task_nommu.c +++ b/fs/proc/task_nommu.c -@@ -160,7 +160,10 @@ static int nommu_vma_show(struct seq_file *m, struct vm_area_struct *vma, +@@ -160,7 +160,10 @@ static int nommu_vma_show(struct seq_fil file = vma->vm_file; if (file) { @@ -91,11 +83,9 @@ index 599ec2e..de6cd6e 100644 dev = inode->i_sb->s_dev; ino = inode->i_ino; pgoff = (loff_t)vma->vm_pgoff << PAGE_SHIFT; -diff --git a/include/linux/mm.h b/include/linux/mm.h -index 0755b9f..073d61e 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h -@@ -1172,6 +1172,28 @@ static inline int fixup_user_fault(struct task_struct *tsk, +@@ -1173,6 +1173,28 @@ static inline int fixup_user_fault(struc } #endif @@ -124,11 +114,9 @@ index 0755b9f..073d61e 100644 extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write); extern int access_remote_vm(struct mm_struct *mm, unsigned long addr, void *buf, int len, int write); -diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index 8d37e26..ce89d4c 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h -@@ -241,6 +241,7 @@ struct vm_region { +@@ -259,6 +259,7 @@ struct vm_region { unsigned long vm_top; /* region allocated to here */ unsigned long vm_pgoff; /* the offset in vm_file corresponding to vm_start */ struct file *vm_file; /* the backing file or NULL */ @@ -136,7 +124,7 @@ index 8d37e26..ce89d4c 100644 int vm_usage; /* region usage count (access under nommu_region_sem) */ bool vm_icache_flushed : 1; /* true if the icache has been flushed for -@@ -305,6 +306,7 @@ struct vm_area_struct { +@@ -323,6 +324,7 @@ struct vm_area_struct { unsigned long vm_pgoff; /* Offset (within vm_file) in PAGE_SIZE units, *not* PAGE_CACHE_SIZE */ struct file * vm_file; /* File we map to (can be NULL). */ @@ -144,11 +132,9 @@ index 8d37e26..ce89d4c 100644 void * vm_private_data; /* was vm_pte (shared mem) */ #ifndef CONFIG_MMU -diff --git a/kernel/fork.c b/kernel/fork.c -index 03c1eaa..7e215ba 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -456,7 +456,7 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -461,7 +461,7 @@ static int dup_mmap(struct mm_struct *mm struct inode *inode = file_inode(file); struct address_space *mapping = file->f_mapping; @@ -157,11 +143,9 @@ index 03c1eaa..7e215ba 100644 if (tmp->vm_flags & VM_DENYWRITE) atomic_dec(&inode->i_writecount); i_mmap_lock_write(mapping); -diff --git a/mm/Makefile b/mm/Makefile -index 98c4eae..3f0c9b9 100644 --- a/mm/Makefile +++ b/mm/Makefile -@@ -21,7 +21,7 @@ obj-y := filemap.o mempool.o oom_kill.o \ +@@ -21,7 +21,7 @@ obj-y := filemap.o mempool.o oom_kill. mm_init.o mmu_context.o percpu.o slab_common.o \ compaction.o vmacache.o \ interval_tree.o list_lru.o workingset.o \ @@ -170,11 +154,9 @@ index 98c4eae..3f0c9b9 100644 obj-y += init-mm.o -diff --git a/mm/filemap.c b/mm/filemap.c -index 6bf5e42..a863d0f 100644 --- a/mm/filemap.c +++ b/mm/filemap.c -@@ -2062,7 +2062,7 @@ int filemap_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf) +@@ -2089,7 +2089,7 @@ int filemap_page_mkwrite(struct vm_area_ int ret = VM_FAULT_LOCKED; sb_start_pagefault(inode->i_sb); @@ -183,11 +165,9 @@ index 6bf5e42..a863d0f 100644 lock_page(page); if (page->mapping != inode->i_mapping) { unlock_page(page); -diff --git a/mm/madvise.c b/mm/madvise.c -index d551475..1ebf71b 100644 --- a/mm/madvise.c +++ b/mm/madvise.c -@@ -320,12 +320,12 @@ static long madvise_remove(struct vm_area_struct *vma, +@@ -321,12 +321,12 @@ static long madvise_remove(struct vm_are * vma's reference to the file) can go away as soon as we drop * mmap_sem. */ @@ -202,11 +182,9 @@ index d551475..1ebf71b 100644 down_read(¤t->mm->mmap_sem); return error; } -diff --git a/mm/memory.c b/mm/memory.c -index 22e037e..62096a2 100644 --- a/mm/memory.c +++ b/mm/memory.c -@@ -2034,7 +2034,7 @@ static inline int wp_page_reuse(struct mm_struct *mm, +@@ -2034,7 +2034,7 @@ static inline int wp_page_reuse(struct m } if (!page_mkwrite) @@ -215,11 +193,9 @@ index 22e037e..62096a2 100644 } return VM_FAULT_WRITE; -diff --git a/mm/mmap.c b/mm/mmap.c -index bb50cac..1ab5e596 100644 --- a/mm/mmap.c +++ b/mm/mmap.c -@@ -274,7 +274,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) +@@ -274,7 +274,7 @@ static struct vm_area_struct *remove_vma if (vma->vm_ops && vma->vm_ops->close) vma->vm_ops->close(vma); if (vma->vm_file) @@ -228,7 +204,7 @@ index bb50cac..1ab5e596 100644 mpol_put(vma_policy(vma)); kmem_cache_free(vm_area_cachep, vma); return next; -@@ -886,7 +886,7 @@ again: remove_next = 1 + (end > next->vm_end); +@@ -886,7 +886,7 @@ again: remove_next = 1 + (end > next-> if (remove_next) { if (file) { uprobe_munmap(next, next->vm_start, next->vm_end); @@ -247,7 +223,7 @@ index bb50cac..1ab5e596 100644 /* Undo any partial mapping done by a device driver. */ unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); -@@ -2473,7 +2473,7 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2473,7 +2473,7 @@ static int __split_vma(struct mm_struct goto out_free_mpol; if (new->vm_file) @@ -256,7 +232,7 @@ index bb50cac..1ab5e596 100644 if (new->vm_ops && new->vm_ops->open) new->vm_ops->open(new); -@@ -2492,7 +2492,7 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2492,7 +2492,7 @@ static int __split_vma(struct mm_struct if (new->vm_ops && new->vm_ops->close) new->vm_ops->close(new); if (new->vm_file) @@ -265,7 +241,7 @@ index bb50cac..1ab5e596 100644 unlink_anon_vmas(new); out_free_mpol: mpol_put(vma_policy(new)); -@@ -2635,7 +2635,6 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, +@@ -2635,7 +2635,6 @@ SYSCALL_DEFINE5(remap_file_pages, unsign struct vm_area_struct *vma; unsigned long populate = 0; unsigned long ret = -EINVAL; @@ -273,7 +249,7 @@ index bb50cac..1ab5e596 100644 pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. " "See Documentation/vm/remap_file_pages.txt.\n", -@@ -2679,10 +2678,10 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, +@@ -2679,10 +2678,10 @@ SYSCALL_DEFINE5(remap_file_pages, unsign munlock_vma_pages_range(vma, start, start + size); } @@ -286,7 +262,7 @@ index bb50cac..1ab5e596 100644 out: up_write(&mm->mmap_sem); if (populate) -@@ -2949,7 +2948,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2949,7 +2948,7 @@ struct vm_area_struct *copy_vma(struct v if (anon_vma_clone(new_vma, vma)) goto out_free_mempol; if (new_vma->vm_file) @@ -295,11 +271,9 @@ index bb50cac..1ab5e596 100644 if (new_vma->vm_ops && new_vma->vm_ops->open) new_vma->vm_ops->open(new_vma); vma_link(mm, new_vma, prev, rb_link, rb_parent); -diff --git a/mm/msync.c b/mm/msync.c -index bb04d53..5c24c54 100644 --- a/mm/msync.c +++ b/mm/msync.c -@@ -84,10 +84,10 @@ SYSCALL_DEFINE3(msync, unsigned long, start, size_t, len, int, flags) +@@ -84,10 +84,10 @@ SYSCALL_DEFINE3(msync, unsigned long, st start = vma->vm_end; if ((flags & MS_SYNC) && file && (vma->vm_flags & VM_SHARED)) { @@ -312,11 +286,9 @@ index bb04d53..5c24c54 100644 if (error || start >= end) goto out; down_read(&mm->mmap_sem); -diff --git a/mm/nommu.c b/mm/nommu.c -index e544508..dd6f74a 100644 --- a/mm/nommu.c +++ b/mm/nommu.c -@@ -693,7 +693,7 @@ static void __put_nommu_region(struct vm_region *region) +@@ -671,7 +671,7 @@ static void __put_nommu_region(struct vm up_write(&nommu_region_sem); if (region->vm_file) @@ -325,7 +297,7 @@ index e544508..dd6f74a 100644 /* IO memory and memory shared directly out of the pagecache * from ramfs/tmpfs mustn't be released here */ -@@ -858,7 +858,7 @@ static void delete_vma(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -829,7 +829,7 @@ static void delete_vma(struct mm_struct if (vma->vm_ops && vma->vm_ops->close) vma->vm_ops->close(vma); if (vma->vm_file) @@ -334,7 +306,7 @@ index e544508..dd6f74a 100644 put_nommu_region(vma->vm_region); kmem_cache_free(vm_area_cachep, vma); } -@@ -1398,7 +1398,7 @@ unsigned long do_mmap_pgoff(struct file *file, +@@ -1354,7 +1354,7 @@ unsigned long do_mmap_pgoff(struct file goto error_just_free; } } @@ -343,7 +315,7 @@ index e544508..dd6f74a 100644 kmem_cache_free(vm_region_jar, region); region = pregion; result = start; -@@ -1474,10 +1474,10 @@ error_just_free: +@@ -1429,10 +1429,10 @@ error_just_free: up_write(&nommu_region_sem); error: if (region->vm_file) @@ -354,11 +326,8 @@ index e544508..dd6f74a 100644 - fput(vma->vm_file); + vma_fput(vma); kmem_cache_free(vm_area_cachep, vma); - kleave(" = %d", ret); return ret; -diff --git a/mm/prfile.c b/mm/prfile.c -new file mode 100644 -index 0000000..6c145eb + --- /dev/null +++ b/mm/prfile.c @@ -0,0 +1,86 @@ diff --git a/debian/patches/features/all/aufs4/aufs4-standalone.patch b/debian/patches/features/all/aufs4/aufs4-standalone.patch index 1729e1329..c69921b69 100644 --- a/debian/patches/features/all/aufs4/aufs4-standalone.patch +++ b/debian/patches/features/all/aufs4/aufs4-standalone.patch @@ -8,11 +8,11 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch aufs4.x-rcN standalone patch -diff --git a/fs/dcache.c b/fs/dcache.c -index bc261e2..8d7951d 100644 +[bwh: Adjusted context for 4.2] + --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -1269,6 +1269,7 @@ rename_retry: +@@ -1272,6 +1272,7 @@ rename_retry: seq = 1; goto again; } @@ -20,11 +20,9 @@ index bc261e2..8d7951d 100644 /* * Search for at least 1 mount point in the dentry's subdirs. -diff --git a/fs/file_table.c b/fs/file_table.c -index 294174d..3cea027 100644 --- a/fs/file_table.c +++ b/fs/file_table.c -@@ -147,6 +147,7 @@ over: +@@ -146,6 +146,7 @@ over: } return ERR_PTR(-ENFILE); } @@ -32,7 +30,7 @@ index 294174d..3cea027 100644 /** * alloc_file - allocate and initialize a 'struct file' -@@ -308,6 +309,7 @@ void put_filp(struct file *file) +@@ -307,6 +308,7 @@ void put_filp(struct file *file) file_free(file); } } @@ -40,11 +38,9 @@ index 294174d..3cea027 100644 void __init files_init(unsigned long mempages) { -diff --git a/fs/inode.c b/fs/inode.c -index ea37cd1..58f5f58 100644 --- a/fs/inode.c +++ b/fs/inode.c -@@ -58,6 +58,7 @@ static struct hlist_head *inode_hashtable __read_mostly; +@@ -58,6 +58,7 @@ static struct hlist_head *inode_hashtabl static __cacheline_aligned_in_smp DEFINE_SPINLOCK(inode_hash_lock); __cacheline_aligned_in_smp DEFINE_SPINLOCK(inode_sb_list_lock); @@ -52,11 +48,9 @@ index ea37cd1..58f5f58 100644 /* * Empty aops. Can be used for the cases where the user does not -diff --git a/fs/namespace.c b/fs/namespace.c -index 1b9e111..d45b81b 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -463,6 +463,7 @@ void __mnt_drop_write(struct vfsmount *mnt) +@@ -463,6 +463,7 @@ void __mnt_drop_write(struct vfsmount *m mnt_dec_writers(real_mount(mnt)); preempt_enable(); } @@ -64,7 +58,7 @@ index 1b9e111..d45b81b 100644 /** * mnt_drop_write - give up write access to a mount -@@ -1768,6 +1769,7 @@ int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg, +@@ -1803,6 +1804,7 @@ int iterate_mounts(int (*f)(struct vfsmo } return 0; } @@ -72,8 +66,6 @@ index 1b9e111..d45b81b 100644 static void cleanup_group_ids(struct mount *mnt, struct mount *end) { -diff --git a/fs/notify/group.c b/fs/notify/group.c -index d16b62c..06ca6bc 100644 --- a/fs/notify/group.c +++ b/fs/notify/group.c @@ -22,6 +22,7 @@ @@ -84,7 +76,7 @@ index d16b62c..06ca6bc 100644 #include #include "fsnotify.h" -@@ -72,6 +73,7 @@ void fsnotify_get_group(struct fsnotify_group *group) +@@ -72,6 +73,7 @@ void fsnotify_get_group(struct fsnotify_ { atomic_inc(&group->refcnt); } @@ -92,7 +84,7 @@ index d16b62c..06ca6bc 100644 /* * Drop a reference to a group. Free it if it's through. -@@ -81,6 +83,7 @@ void fsnotify_put_group(struct fsnotify_group *group) +@@ -81,6 +83,7 @@ void fsnotify_put_group(struct fsnotify_ if (atomic_dec_and_test(&group->refcnt)) fsnotify_final_destroy_group(group); } @@ -100,7 +92,7 @@ index d16b62c..06ca6bc 100644 /* * Create a new fsnotify_group and hold a reference for the group returned. -@@ -109,6 +112,7 @@ struct fsnotify_group *fsnotify_alloc_group(const struct fsnotify_ops *ops) +@@ -109,6 +112,7 @@ struct fsnotify_group *fsnotify_alloc_gr return group; } @@ -108,11 +100,9 @@ index d16b62c..06ca6bc 100644 int fsnotify_fasync(int fd, struct file *file, int on) { -diff --git a/fs/notify/mark.c b/fs/notify/mark.c -index 92e48c7..d2c4b68 100644 --- a/fs/notify/mark.c +++ b/fs/notify/mark.c -@@ -109,6 +109,7 @@ void fsnotify_put_mark(struct fsnotify_mark *mark) +@@ -109,6 +109,7 @@ void fsnotify_put_mark(struct fsnotify_m mark->free_mark(mark); } } @@ -120,7 +110,7 @@ index 92e48c7..d2c4b68 100644 /* Calculate mask of events for a list of marks */ u32 fsnotify_recalc_mask(struct hlist_head *head) -@@ -202,6 +203,7 @@ void fsnotify_destroy_mark(struct fsnotify_mark *mark, +@@ -202,6 +203,7 @@ void fsnotify_destroy_mark(struct fsnoti fsnotify_destroy_mark_locked(mark, group); mutex_unlock(&group->mark_mutex); } @@ -136,7 +126,7 @@ index 92e48c7..d2c4b68 100644 int fsnotify_add_mark(struct fsnotify_mark *mark, struct fsnotify_group *group, struct inode *inode, struct vfsmount *mnt, int allow_dups) -@@ -455,6 +458,7 @@ void fsnotify_init_mark(struct fsnotify_mark *mark, +@@ -455,6 +458,7 @@ void fsnotify_init_mark(struct fsnotify_ atomic_set(&mark->refcnt, 1); mark->free_mark = free_mark; } @@ -144,11 +134,9 @@ index 92e48c7..d2c4b68 100644 static int fsnotify_mark_destroy(void *ignored) { -diff --git a/fs/open.c b/fs/open.c -index 98e5a52..a94e2e7 100644 --- a/fs/open.c +++ b/fs/open.c -@@ -62,6 +62,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, +@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, l mutex_unlock(&dentry->d_inode->i_mutex); return ret; } @@ -156,16 +144,14 @@ index 98e5a52..a94e2e7 100644 long vfs_truncate(struct path *path, loff_t length) { -@@ -676,6 +677,7 @@ int open_check_o_direct(struct file *f) +@@ -678,6 +679,7 @@ int open_check_o_direct(struct file *f) } return 0; } +EXPORT_SYMBOL_GPL(open_check_o_direct); static int do_dentry_open(struct file *f, - int (*open)(struct inode *, struct file *), -diff --git a/fs/read_write.c b/fs/read_write.c -index fd0414e..8ace6ec 100644 + struct inode *inode, --- a/fs/read_write.c +++ b/fs/read_write.c @@ -504,6 +504,7 @@ vfs_readf_t vfs_readf(struct file *file) @@ -176,7 +162,7 @@ index fd0414e..8ace6ec 100644 vfs_writef_t vfs_writef(struct file *file) { -@@ -515,6 +516,7 @@ vfs_writef_t vfs_writef(struct file *file) +@@ -515,6 +516,7 @@ vfs_writef_t vfs_writef(struct file *fil return new_sync_write; return ERR_PTR(-ENOSYS); } @@ -184,11 +170,9 @@ index fd0414e..8ace6ec 100644 ssize_t __kernel_write(struct file *file, const char *buf, size_t count, loff_t *pos) { -diff --git a/fs/splice.c b/fs/splice.c -index fa5eee5..bfb3324 100644 --- a/fs/splice.c +++ b/fs/splice.c -@@ -1114,6 +1114,7 @@ long do_splice_from(struct pipe_inode_info *pipe, struct file *out, +@@ -1115,6 +1115,7 @@ long do_splice_from(struct pipe_inode_in return splice_write(pipe, out, ppos, len, flags); } @@ -196,7 +180,7 @@ index fa5eee5..bfb3324 100644 /* * Attempt to initiate a splice from a file to a pipe. -@@ -1140,6 +1141,7 @@ long do_splice_to(struct file *in, loff_t *ppos, +@@ -1141,6 +1142,7 @@ long do_splice_to(struct file *in, loff_ return splice_read(in, ppos, pipe, len, flags); } @@ -204,11 +188,9 @@ index fa5eee5..bfb3324 100644 /** * splice_direct_to_actor - splices data directly between two non-pipes -diff --git a/fs/xattr.c b/fs/xattr.c -index 4ef6985..6bb6303 100644 --- a/fs/xattr.c +++ b/fs/xattr.c -@@ -207,6 +207,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, +@@ -207,6 +207,7 @@ vfs_getxattr_alloc(struct dentry *dentry *xattr_value = value; return error; } @@ -216,11 +198,9 @@ index 4ef6985..6bb6303 100644 /* Compare an extended attribute value with the given value */ int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name, -diff --git a/security/commoncap.c b/security/commoncap.c -index f2875cd..ebf06ec 100644 --- a/security/commoncap.c +++ b/security/commoncap.c -@@ -975,9 +975,11 @@ int cap_mmap_addr(unsigned long addr) +@@ -970,12 +970,14 @@ int cap_mmap_addr(unsigned long addr) } return ret; } @@ -232,8 +212,9 @@ index f2875cd..ebf06ec 100644 return 0; } +EXPORT_SYMBOL_GPL(cap_mmap_file); -diff --git a/security/device_cgroup.c b/security/device_cgroup.c -index 188c1d2..426d9af 100644 + + #ifdef CONFIG_SECURITY + --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -7,6 +7,7 @@ @@ -244,7 +225,7 @@ index 188c1d2..426d9af 100644 #include #include #include -@@ -849,6 +850,7 @@ int __devcgroup_inode_permission(struct inode *inode, int mask) +@@ -849,6 +850,7 @@ int __devcgroup_inode_permission(struct return __devcgroup_check_permission(type, imajor(inode), iminor(inode), access); } @@ -252,75 +233,73 @@ index 188c1d2..426d9af 100644 int devcgroup_inode_mknod(int mode, dev_t dev) { -diff --git a/security/security.c b/security/security.c -index 8e9b1f4..c1c7cd1 100644 --- a/security/security.c +++ b/security/security.c -@@ -430,6 +430,7 @@ int security_path_rmdir(struct path *dir, struct dentry *dentry) +@@ -438,6 +438,7 @@ int security_path_rmdir(struct path *dir return 0; - return security_ops->path_rmdir(dir, dentry); + return call_int_hook(path_rmdir, 0, dir, dentry); } +EXPORT_SYMBOL_GPL(security_path_rmdir); int security_path_unlink(struct path *dir, struct dentry *dentry) { -@@ -446,6 +447,7 @@ int security_path_symlink(struct path *dir, struct dentry *dentry, +@@ -454,6 +455,7 @@ int security_path_symlink(struct path *d return 0; - return security_ops->path_symlink(dir, dentry, old_name); + return call_int_hook(path_symlink, 0, dir, dentry, old_name); } +EXPORT_SYMBOL_GPL(security_path_symlink); int security_path_link(struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry) -@@ -454,6 +456,7 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir, +@@ -462,6 +464,7 @@ int security_path_link(struct dentry *ol return 0; - return security_ops->path_link(old_dentry, new_dir, new_dentry); + return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry); } +EXPORT_SYMBOL_GPL(security_path_link); int security_path_rename(struct path *old_dir, struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry, -@@ -481,6 +484,7 @@ int security_path_truncate(struct path *path) +@@ -489,6 +492,7 @@ int security_path_truncate(struct path * return 0; - return security_ops->path_truncate(path); + return call_int_hook(path_truncate, 0, path); } +EXPORT_SYMBOL_GPL(security_path_truncate); int security_path_chmod(struct path *path, umode_t mode) { -@@ -488,6 +492,7 @@ int security_path_chmod(struct path *path, umode_t mode) +@@ -496,6 +500,7 @@ int security_path_chmod(struct path *pat return 0; - return security_ops->path_chmod(path, mode); + return call_int_hook(path_chmod, 0, path, mode); } +EXPORT_SYMBOL_GPL(security_path_chmod); int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) { -@@ -495,6 +500,7 @@ int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) +@@ -503,6 +508,7 @@ int security_path_chown(struct path *pat return 0; - return security_ops->path_chown(path, uid, gid); + return call_int_hook(path_chown, 0, path, uid, gid); } +EXPORT_SYMBOL_GPL(security_path_chown); int security_path_chroot(struct path *path) { -@@ -580,6 +586,7 @@ int security_inode_readlink(struct dentry *dentry) +@@ -588,6 +594,7 @@ int security_inode_readlink(struct dentr return 0; - return security_ops->inode_readlink(dentry); + return call_int_hook(inode_readlink, 0, dentry); } +EXPORT_SYMBOL_GPL(security_inode_readlink); - int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd) - { -@@ -594,6 +601,7 @@ int security_inode_permission(struct inode *inode, int mask) + int security_inode_follow_link(struct dentry *dentry, struct inode *inode, + bool rcu) +@@ -603,6 +610,7 @@ int security_inode_permission(struct ino return 0; - return security_ops->inode_permission(inode, mask); + return call_int_hook(inode_permission, 0, inode, mask); } +EXPORT_SYMBOL_GPL(security_inode_permission); int security_inode_setattr(struct dentry *dentry, struct iattr *attr) { -@@ -716,6 +724,7 @@ int security_file_permission(struct file *file, int mask) +@@ -741,6 +749,7 @@ int security_file_permission(struct file return fsnotify_perm(file, mask); } @@ -328,7 +307,7 @@ index 8e9b1f4..c1c7cd1 100644 int security_file_alloc(struct file *file) { -@@ -775,6 +784,7 @@ int security_mmap_file(struct file *file, unsigned long prot, +@@ -800,6 +809,7 @@ int security_mmap_file(struct file *file return ret; return ima_file_mmap(file, prot); } diff --git a/debian/patches/features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch b/debian/patches/features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch index cab021749..a40d273dc 100644 --- a/debian/patches/features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch +++ b/debian/patches/features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch @@ -7,12 +7,12 @@ Add a Loongson LS3A RS780E 1-way machine definition, which only differs from other Loongson 3 based machines by the UART base clock speed. Signed-off-by: Aurelien Jarno -[bwh: Forward-ported to 3.19] +[bwh: Forward-ported to 4.2] --- - arch/mips/include/asm/bootinfo.h | 1 + - arch/mips/loongson/common/machtype.c | 1 + - arch/mips/loongson/common/serial.c | 1 + - arch/mips/loongson/common/uart_base.c | 1 + + arch/mips/include/asm/bootinfo.h | 1 + + arch/mips/loongson64/common/machtype.c | 1 + + arch/mips/loongson64/common/serial.c | 1 + + arch/mips/loongson64/common/uart_base.c | 1 + 4 files changed, 4 insertions(+) --- a/arch/mips/include/asm/bootinfo.h @@ -25,8 +25,8 @@ Signed-off-by: Aurelien Jarno MACH_LOONGSON_END }; ---- a/arch/mips/loongson/common/machtype.c -+++ b/arch/mips/loongson/common/machtype.c +--- a/arch/mips/loongson64/common/machtype.c ++++ b/arch/mips/loongson64/common/machtype.c @@ -28,6 +28,7 @@ static const char *system_types[] = { [MACH_LEMOTE_NAS] = "lemote-nas-2f", [MACH_LEMOTE_LL2F] = "lemote-lynloong-2f", @@ -35,8 +35,8 @@ Signed-off-by: Aurelien Jarno [MACH_LOONGSON_END] = NULL, }; ---- a/arch/mips/loongson/common/serial.c -+++ b/arch/mips/loongson/common/serial.c +--- a/arch/mips/loongson64/common/serial.c ++++ b/arch/mips/loongson64/common/serial.c @@ -48,6 +48,7 @@ static struct plat_serial8250_port uart8 [MACH_LEMOTE_NAS] = {PORT_M(3, 3686400), {} }, [MACH_LEMOTE_LL2F] = {PORT(3, 1843200), {} }, @@ -45,8 +45,8 @@ Signed-off-by: Aurelien Jarno [MACH_LOONGSON_END] = {}, }; ---- a/arch/mips/loongson/common/uart_base.c -+++ b/arch/mips/loongson/common/uart_base.c +--- a/arch/mips/loongson64/common/uart_base.c ++++ b/arch/mips/loongson64/common/uart_base.c @@ -25,6 +25,7 @@ void prom_init_loongson_uart_base(void) { switch (mips_machtype) { diff --git a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch index db6c72442..5bf7cf467 100644 --- a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch +++ b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch @@ -22,13 +22,13 @@ Signed-off-by: Ben Hutchings Documentation/kernel-parameters.txt | 4 ++++ arch/x86/Kconfig | 8 +++++++ arch/x86/include/asm/elf.h | 8 ++++++- - arch/x86/kernel/entry_64.S | 36 ++++++++++++++++++++++--------- - arch/x86/kernel/syscall_64.c | 43 +++++++++++++++++++++++++++++++++++++ + arch/x86/entry/entry_64.S | 36 ++++++++++++++++++++++--------- + arch/x86/entry/syscall_64.c | 43 +++++++++++++++++++++++++++++++++++++ 5 files changed, 88 insertions(+), 11 deletions(-) --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -3516,6 +3516,10 @@ bytes respectively. Such letter suffixes +@@ -3580,6 +3580,10 @@ bytes respectively. Such letter suffixes switches= [HW,M68k] @@ -41,7 +41,7 @@ Signed-off-by: Ben Hutchings on older distributions. When this option is enabled --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -2540,6 +2540,14 @@ config X86_X32 +@@ -2547,6 +2547,14 @@ config X86_X32 elf32_x86_64 support enabled to compile a kernel with this option set. @@ -80,57 +80,57 @@ Signed-off-by: Ben Hutchings #if __USER32_DS != __USER_DS # error "The following code assumes __USER32_DS == __USER_DS" ---- a/arch/x86/kernel/entry_64.S -+++ b/arch/x86/kernel/entry_64.S -@@ -252,8 +252,12 @@ system_call_fastpath: +--- a/arch/x86/entry/entry_64.S ++++ b/arch/x86/entry/entry_64.S +@@ -178,8 +178,12 @@ entry_SYSCALL_64_fastpath: #if __SYSCALL_MASK == ~0 - cmpq $__NR_syscall_max,%rax + cmpq $__NR_syscall_max, %rax #else -- andl $__SYSCALL_MASK,%eax -- cmpl $__NR_syscall_max,%eax -+ .globl system_call_fast_compare -+ .globl system_call_fast_compare_end +- andl $__SYSCALL_MASK, %eax +- cmpl $__NR_syscall_max, %eax ++.global system_call_fast_compare ++.global system_call_fast_compare_end +system_call_fast_compare: -+ cmpq $511,%rax /* x32 syscalls start at 512 */ -+ .byte P6_NOP4 ++ cmpq $511, %rax /* x32 syscalls start at 512 */ ++ .byte P6_NOP4 +system_call_fast_compare_end: #endif - ja 1f /* return -ENOSYS (already in pt_regs->ax) */ - movq %r10,%rcx -@@ -337,8 +341,12 @@ tracesys_phase2: + ja 1f /* return -ENOSYS (already in pt_regs->ax) */ + movq %r10, %rcx +@@ -257,8 +261,12 @@ tracesys_phase2: #if __SYSCALL_MASK == ~0 - cmpq $__NR_syscall_max,%rax + cmpq $__NR_syscall_max, %rax #else -- andl $__SYSCALL_MASK,%eax -- cmpl $__NR_syscall_max,%eax -+ .globl system_call_trace_compare -+ .globl system_call_trace_compare_end +- andl $__SYSCALL_MASK, %eax +- cmpl $__NR_syscall_max, %eax ++.global system_call_trace_compare ++.global system_call_trace_compare_end +system_call_trace_compare: -+ cmpq $511,%rax /* x32 syscalls start at 512 */ -+ .byte P6_NOP4 ++ cmpq $511, %rax /* x32 syscalls start at 512 */ ++ .byte P6_NOP4 +system_call_trace_compare_end: #endif - ja 1f /* return -ENOSYS (already in pt_regs->ax) */ - movq %r10,%rcx /* fixup for C */ -@@ -488,6 +496,16 @@ opportunistic_sysret_failed: - END(system_call) + ja 1f /* return -ENOSYS (already in pt_regs->ax) */ + movq %r10, %rcx /* fixup for C */ +@@ -410,6 +418,16 @@ opportunistic_sysret_failed: + END(entry_SYSCALL_64) +#if __SYSCALL_MASK != ~0 + /* This replaces the usual comparisons if syscall.x32 is set */ -+ .globl system_call_mask_compare -+ .globl system_call_mask_compare_end ++.global system_call_mask_compare ++.global system_call_mask_compare_end +system_call_mask_compare: -+ andl $__SYSCALL_MASK,%eax -+ cmpl $__NR_syscall_max,%eax ++ andl $__SYSCALL_MASK, %eax ++ cmpl $__NR_syscall_max, %eax +system_call_mask_compare_end: +#endif + .macro FORK_LIKE func ENTRY(stub_\func) - CFI_STARTPROC ---- a/arch/x86/kernel/syscall_64.c -+++ b/arch/x86/kernel/syscall_64.c + SAVE_EXTRA_REGS 8 +--- a/arch/x86/entry/syscall_64.c ++++ b/arch/x86/entry/syscall_64.c @@ -3,8 +3,14 @@ #include #include diff --git a/debian/patches/series b/debian/patches/series index c5e94517f..f76418e29 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -79,16 +79,6 @@ bugfix/all/kernel-doc-set-man-page-date.patch # Miscellaneous features features/all/efi-autoload-efi-pstore.patch -bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch -bugfix/x86/0003-x86-asm-entry-64-Remove-pointless-jump-to-irq_return.patch -bugfix/x86/0004-x86-nmi-Enable-nested-do_nmi-handling-for-64-bit-ker.patch -bugfix/x86/0005-x86-nmi-64-Remove-asm-code-that-saves-cr2.patch -bugfix/x86/0006-x86-nmi-64-Switch-stacks-on-userspace-NMI-entry.patch -bugfix/x86/0007-x86-nmi-64-Improve-nested-NMI-comments.patch -bugfix/x86/0008-x86-nmi-64-Reorder-nested-NMI-checks.patch -bugfix/x86/0009-x86-nmi-64-Use-DF-to-avoid-userspace-RSP-confusing-n.patch -bugfix/all/keys-ensure-we-free-the-assoc-array-edit-if-edit-is-valid.patch -bugfix/s390/s390-cachinfo-add-missing-facility-check-to-init_cache_level.patch bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch # Hardening from grsecurity