diff --git a/debian/changelog b/debian/changelog index 01f0b50a4..23aa3097d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -linux (4.19.34-1) UNRELEASED; urgency=medium +linux (4.19.37-1) UNRELEASED; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.29 @@ -478,7 +478,6 @@ linux (4.19.34-1) UNRELEASED; urgency=medium - loop: access lo_backing_file only when the loop device is Lo_bound - [x86] unwind: Handle NULL pointer calls better in frame unwinder - [x86] unwind: Add hardcoded ORC entry for NULL - - locking/lockdep: Add debug_locks check in __lock_downgrade() - ALSA: hda - Record the current power state before suspend/resume calls - ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec - power: supply: charger-manager: Fix incorrect return value @@ -777,7 +776,6 @@ linux (4.19.34-1) UNRELEASED; urgency=medium - [armhf,arm64] wlcore: Fix memory leak in case wl12xx_fetch_firmware failure - drm/fb-helper: fix leaks in error path of drm_fb_helper_fbdev_setup - - [arm64] clk: meson: clean-up clock registration - [arm64] clk: rockchip: fix frac settings of GPLL clock for rk3328 - [armhf,arm64] dmaengine: tegra: avoid overflow of byte tracking - [x86] Input: soc_button_array - fix mapping of the 5th GPIO in a PNP0C40 @@ -786,6 +784,289 @@ linux (4.19.34-1) UNRELEASED; urgency=medium - ACPI / video: Extend chassis-type detection with a "Lunch Box" check - bcache: fix potential div-zero error of writeback_rate_p_term_inverse - [x86] kprobes: Blacklist non-attachable interrupt functions + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35 + - [x86] kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 + from HLT + - [powerpc*] tm: Limit TM code inside PPC_TRANSACTIONAL_MEM + - [x86] hv_netvsc: Fix unwanted wakeup after tx_disable + - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type + - ipv6: Fix dangling pointer when ipv6 fragment + - ipv6: sit: reset ip header pointer in ipip6_rcv + - net: ethtool: not call vzalloc for zero sized memory request + - net-gro: Fix GRO flush when receiving a GSO packet. + - net/mlx5: Decrease default mr cache size + - netns: provide pure entropy for net_hash_mix() + - net: rds: force to destroy connection if t_sock is NULL in + rds_tcp_kill_sock(). + - net/sched: act_sample: fix divide by zero in the traffic path + - net/sched: fix ->get helper of the matchall cls + - openvswitch: fix flow actions reallocation + - qmi_wwan: add Olicard 600 + - r8169: disable ASPM again + - sctp: initialize _pad of sockaddr_in before copying to user memory + - tcp: Ensure DCTCP reacts to losses + - tcp: fix a potential NULL pointer dereference in tcp_sk_exit + - vrf: check accept_source_route on the original netdevice + - net/mlx5e: Fix error handling when refreshing TIRs + - net/mlx5e: Add a lock on tir list + - nfp: validate the return code from dev_queue_xmit() + - nfp: disable netpoll on representors + - bnxt_en: Improve RX consumer index validity check. + - bnxt_en: Reset device on RX buffer errors. + - net: ip_gre: fix possible use-after-free in erspan_rcv + - net: ip6_gre: fix possible use-after-free in ip6erspan_rcv + - net: core: netif_receive_skb_list: unlist skb before passing to pt->func + - r8169: disable default rx interrupt coalescing on RTL8168 + - net: mlx5: Add a missing check on idr_find, free buf + - net/mlx5e: Update xoff formula + - net/mlx5e: Update xon formula + - kbuild: deb-pkg: fix bindeb-pkg breakage when O= is used + - netfilter: nfnetlink_cttimeout: pass default timeout policy to + obj_to_nlattr + - netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too + - [arm64] kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region + - [x86] tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486) + - tty: ldisc: add sysctl to prevent autoloading of ldiscs + - ACPICA: Clear status of GPEs before enabling them + - ACPICA: Namespace: remove address node from global list after method + termination + - ALSA: seq: Fix OOB-reads from strlcpy + - [x86] ALSA: hda/realtek: Enable headset MIC of Acer TravelMate B114-21 + with ALC233 + - [x86] ALSA: hda/realtek - Add quirk for Tuxedo XC 1509 + - [x86] ALSA: hda - Add two more machines to the power_save_blacklist + - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() + - [arm64] dts: rockchip: fix rk3328 sdmmc0 write errors + - [hppa] Detect QEMU earlier in boot process + - [hppa] regs_return_value() should return gpr28 + - [hppa] also set iaoq_b in instruction_pointer_set() + - alarmtimer: Return correct remaining time + - drm/udl: add a release method and delay modeset teardown + - [x86] kvm: svm: fix potential get_num_contig_pages overflow + - include/linux/bitrev.h: fix constant bitrev + - mm: writeback: use exact memcg dirty counts + - [x86] ASoC: intel: Fix crash at suspend/resume after failed codec + registration + - Btrfs: do not allow trimming when a fs is mounted with the nologreplay + option + - btrfs: prop: fix zstd compression parameter validation + - btrfs: prop: fix vanished compression property after failed set + - [riscv64] Fix syscall_get_arguments() and syscall_set_arguments() + - block: do not leak memory in bio_copy_user_iov() + - block: fix the return errno for direct IO + - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() + - genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n + - virtio: Honour 'may_reduce_num' in vring_create_virtqueue + - [armhf] dts: rockchip: fix rk3288 cpu opp node reference + - [armhf] dts: am335x-evmsk: Correct the regulators for the audio codec + - [armhf] dts: am335x-evm: Correct the regulators for the audio codec + - [arm64] futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value + - [arm64] dts: rockchip: fix rk3328 rgmii high tx error rate + - [arm64] backtrace: Don't bother trying to unwind the userspace stack + - xen: Prevent buffer overflow in privcmd ioctl + - sched/fair: Do not re-read ->h_load_next during hierarchical load + calculation + - [x86] asm: Use stricter assembly constraints in bitops + - [x86] perf/amd: Resolve race condition when disabling PMC + - [x86] perf/amd: Resolve NMI latency issues for active PMCs + - [x86] perf/amd: Remove need to check "running" bit in NMI handler + - PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller + - PCI: pciehp: Ignore Link State Changes after powering off a slot + - dm integrity: change memcmp to strncmp in dm_integrity_ctr + - dm: revert 8f50e358153d ("dm: limit the max bio size as BIO_MAX_PAGES * + PAGE_SIZE") + - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors + - dm integrity: fix deadlock with overlapping I/O + - [arm64] dts: rockchip: fix vcc_host1_5v pin assign on rk3328-rock64 + - [arm64] dts: rockchip: Fix vcc_host1_5v GPIO polarity on rk3328-rock64 + - ACPICA: AML interpreter: add region addresses in global list during + initialization + - [x86] KVM: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887) + - [x86] KVM: nVMX: fix x2APIC VTPR read intercept + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.36 + - inotify: Fix fsnotify_mark refcount leak in + inotify_update_existing_watch() (CVE-2019-9857) + - perf/core: Restore mmap record type correctly + - ext4: avoid panic during forced reboot + - ext4: add missing brelse() in add_new_gdb_meta_bg() + - ext4: report real fs size after failed resize + - ALSA: echoaudio: add a check for ioremap_nocache + - [i386,alpha] ALSA: sb8: add a check for request_region + - drm/udl: use drm_gem_object_put_unlocked. + - IB/mlx4: Fix race condition between catas error reset and aliasguid flows + - i40iw: Avoid panic when handling the inetdev event + - [i386,alpha] ALSA: opl3: fix mismatch between snd_opl3_drum_switch + definition and declaration + - [x86] thermal/intel_powerclamp: fix __percpu declaration of worker_data + - [arm*] thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs + - [x86] thermal/int340x_thermal: Add additional UUIDs + - [x86] thermal/int340x_thermal: fix mode setting + - [x86] thermal/intel_powerclamp: fix truncated kthread name + - scsi: iscsi: flush running unbind operations when removing a session + - sched/cpufreq: Fix 32-bit math overflow + - sched/core: Fix buffer overflow in cgroup2 property cpu.max + - [x86] mm: Don't leak kernel addresses + - [x86] tools/power turbostat: return the exit status of a command + - perf list: Don't forget to drop the reference to the allocated thread_map + - perf config: Fix an error in the config template documentation + - perf config: Fix a memory leak in collect_config() + - perf build-id: Fix memory leak in print_sdt_events() + - perf top: Fix error handling in cmd_top() + - perf hist: Add missing map__put() in error case + - perf evsel: Free evsel->counts in perf_evsel__exit() + - ACPI / utils: Drop reference in test for device presence + - PM / Domains: Avoid a potential deadlock + - [armhf] drm/exynos/mixer: fix MIXER shadow registry synchronisation code + - [arm64] irqchip/mbigen: Don't clear eventid when freeing an MSI + - [x86] hpet: Prevent potential NULL pointer dereference + - [x86] hyperv: Prevent potential NULL pointer dereference + - [i386] cpu/cyrix: Use correct macros for Cyrix calls on Geode processors + - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure + - [x86] iommu/vt-d: Check capability before disabling protected memory + - [x86] hw_breakpoints: Make default case in hw_breakpoint_arch_parse() + return an error + - fix incorrect error code mapping for OBJECTID_NOT_FOUND + - [x86] gart: Exclude GART aperture from kcore + - ext4: prohibit fstrim in norecovery mode + - drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up + - rsi: improve kernel thread handling to fix kernel panic + - f2fs: fix to avoid NULL pointer dereference on se->discard_map + - 9p: do not trust pdu content for stat item size + - 9p locks: add mount option for lock retry interval + - ASoC: Fix UBSAN warning at snd_soc_get/put_volsw_sx() + - f2fs: fix to do sanity check with current segment number + - netfilter: xt_cgroup: shrink size of v2 path + - [arm64] serial: uartps: console_setup() can't be placed to init section + - [powerpc*] pseries: Remove prrn_work workqueue + - media: au0828: cannot kfree dev before usb disconnect + - Bluetooth: Fix debugfs NULL pointer dereference + - HID: i2c-hid: override HID descriptors for certain devices + - pinctrl: core: make sure strcmp() doesn't get a null parameter + - usbip: fix vhci_hcd controller counting + - [x86] ACPI / SBS: Fix GPE storm on recent MacBookPro's + - HID: usbhid: Add quirk for Redragon/Dragonrise Seymur 2 + - [x86] KVM: nVMX: restore host state in nested_vmx_vmexit for VMFail + - netfilter: nf_flow_table: remove flowtable hook flush routine in netns + exit routine + - f2fs: cleanup dirty pages if recover failed + - [armhf,arm64] net: stmmac: Set OWN bit for jumbo frames + - cifs: fallback to older infolevels on findfirst queryinfo retry + - kernel: hung_task.c: disable on suspend + - drm/ttm: Fix bo_global and mem_global kfree error + - [x86] ALSA: hda: fix front speakers on Huawei MBXP + - ACPI: EC / PM: Disable non-wakeup GPEs for suspend-to-idle + - net/rds: fix warn in rds_message_alloc_sgs + - xfrm: destroy xfrm_state synchronously on net exit path + - net: ip6_gre: fix possible NULL pointer dereference in + ip6erspan_set_version + - [x86] iommu/dmar: Fix buffer overflow during PCI bus notification + - scsi: core: Avoid that system resume triggers a kernel warning + - [armhf,arm64] soc/tegra: pmc: Drop locking from + tegra_powergate_is_powered() + - Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk" + - [arm64] coresight: cpu-debug: Support for CA73 CPUs + - [x86] PCI: Blacklist power management of Gigabyte X299 DESIGNARE EX PCIe + ports + - drm/nouveau/volt/gf117: fix speedo readout register + - [armel,armhf] 8839/1: kprobe: make patch_lock a raw_spinlock_t + - [x86] drm/amdkfd: use init_mqd function to allocate object for hid_mqd + (CI) + - appletalk: Fix use-after-free in atalk_proc_exit + - lib/div64.c: off by one in shift + - rxrpc: Fix client call connect/disconnect race + - f2fs: fix to dirty inode for i_mode recovery + - include/linux/swap.h: use offsetof() instead of custom __swapoffset macro + - bpf: fix use after free in bpf_evict_inode + - IB/hfi1: Failed to drain send queue when QP is put into error state + - mm: hide incomplete nr_indirectly_reclaimable in /proc/zoneinfo + - mm: hide incomplete nr_indirectly_reclaimable in sysfs + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37 + - bonding: fix event handling for stacked bonds + - failover: allow name change on IFF_UP slave interfaces + - net: atm: Fix potential Spectre v1 vulnerabilities (CVE-2017-5715) + - net: bridge: fix per-port af_packet sockets + - net: bridge: multicast: use rcu to access port list from + br_multicast_start_querier + - net: Fix missing meta data in skb with vlan packet + - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv + - tcp: tcp_grow_window() needs to respect tcp_space() + - team: set slave to promisc if team is already in promisc mode + - tipc: missing entries in name table of publications + - vhost: reject zero size iova range + - ipv4: recompile ip options in ipv4_link_failure + - ipv4: ensure rcu_read_lock() in ipv4_link_failure() + - [arm64] net: thunderx: raise XDP MTU to 1508 + - [arm64] net: thunderx: don't allow jumbo frames with XDP + - net/mlx5: FPGA, tls, hold rcu read lock a bit longer + - net/mlx5: FPGA, tls, idr remove on flow delete + - route: Avoid crash from dereferencing NULL rt->from + - sch_cake: Use tc_skb_protocol() helper for getting packet protocol + - sch_cake: Make sure we can write the IP header before changing DSCP bits + - nfp: flower: replace CFI with vlan present + - nfp: flower: remove vlan CFI bit from push vlan action + - sch_cake: Simplify logic in cake_select_tin() + - net: IP defrag: encapsulate rbtree defrag code into callable functions + - net: IP6 defrag: use rbtrees for IPv6 defrag + - net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c + - CIFS: keep FileInfo handle live during oplock break + - cifs: Fix use-after-free in SMB2_write + - cifs: Fix use-after-free in SMB2_read + - cifs: fix handle leak in smb2_query_symlink() + - [x86] KVM: Don't clear EFER during SMM transitions for 32-bit vCPU + - [x86] KVM: svm: make sure NMI is injected after nmi_singlestep + - [x86] iio/gyro/bmg160: Use millidegrees for temperature scale + - iio: Fix scan mask selection + - iio: core: fix a possible circular locking dependency + - [x86] iio: accel: kxcjk-1013: restore the range after resume. + - [x86] staging: comedi: vmk80xx: Fix use of uninitialized semaphore + - [x86] staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf + - [x86] staging: comedi: ni_usb6501: Fix use of uninitialized mutex + - [x86] staging: comedi: ni_usb6501: Fix possible double-free of + ->usb_rx_buf + - [x86] ALSA: hda/realtek - add two more pin configuration sets to quirk + table + - ALSA: core: Fix card races between register and disconnect + - [x86] Input: elan_i2c - add hardware ID for multiple Lenovo laptops + - vt: fix cursor when clearing the screen + - scsi: core: set result when the command cannot be dispatched + - Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO" + - [x86] Revert "svm: Fix AVIC incomplete IPI emulation" + - coredump: fix race condition between mmget_not_zero()/get_task_mm() and + core dumping (CVE-2019-3892) + - ipmi: fix sleep-in-atomic in free_user at cleanup SRCU + user->release_barrier + - [x86] crypto: poly1305 - fix overflow during partial reduction + - drm/ttm: fix out-of-bounds read in ttm_put_pages() v2 + - [arm64] futex: Restore oldval initialization to work around buggy + compilers + - [x86] kprobes: Verify stack frame on kretprobe + - kprobes: Mark ftrace mcount handler functions nokprobe + - kprobes: Fix error check when reusing optimized probes + - rt2x00: do not increment sequence number while re-transmitting + - mac80211: do not call driver wake_tx_queue op during reconfig + - drm/amdgpu/gmc9: fix VM_L2_CNTL3 programming + - [x86] perf/amd: Add event map for AMD Family 17h + - [x86] cpu/bugs: Use __initconst for 'const' init data + - [x86] perf: Fix incorrect PEBS_REGS + - [x86] speculation: Prevent deadlock on ssb_state::lock + - timers/sched_clock: Prevent generic sched_clock wrap caused by + tick_freeze() + - nfit/ars: Remove ars_start_flags + - nfit/ars: Introduce scrub_flags + - nfit/ars: Allow root to busy-poll the ARS state machine + - nfit/ars: Avoid stale ARS results + - mmc: sdhci: Fix data command CRC error handling + - mmc: sdhci: Handle auto-command errors + - modpost: file2alias: go back to simple devtable lookup + - modpost: file2alias: check prototype of handler + - [x86] tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete + - tpm: Fix the type of the return value in calc_tpm2_event_size() + - sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup + - device_cgroup: fix RCU imbalance in error case + - ALSA: info: Fix racy addition/deletion of nodes + - [armhf] ASoC: rockchip: add missing INTERLEAVED PCM attribute + - i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array + - kernel/sysctl.c: fix out-of-bounds access when setting file-max [ Ben Hutchings ] * debian/bin/abiupdate.py: Automatically select the correct archive to fetch @@ -827,12 +1108,7 @@ linux (4.19.34-1) UNRELEASED; urgency=medium [ Salvatore Bonaccorso ] * xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (CVE-2015-8553) - * ACPICA: Namespace: remove address node from global list after method - termination - * inotify: Fix fsnotify_mark refcount leak in - inotify_update_existing_watch() (CVE-2019-9857) * [x86] Disable R3964 due to lack of security support - * tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486) [ Aurelien Jarno ] * [mips] Fix indirect syscall tracing & seccomp filtering for big endian diff --git a/debian/patches-rt/0011-sched-fair-Robustify-CFS-bandwidth-timer-locking.patch b/debian/patches-rt/0011-sched-fair-Robustify-CFS-bandwidth-timer-locking.patch index 7cc3a1e08..087136aea 100644 --- a/debian/patches-rt/0011-sched-fair-Robustify-CFS-bandwidth-timer-locking.patch +++ b/debian/patches-rt/0011-sched-fair-Robustify-CFS-bandwidth-timer-locking.patch @@ -25,15 +25,15 @@ Tested-by: Mike Galbraith Signed-off-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/20190107125231.GE14122@hirez.programming.kicks-ass.net Signed-off-by: Sebastian Andrzej Siewior +[bwh: Adjusted to apply on top of commit c3edd427d538 + "sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup"] --- kernel/sched/fair.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) -diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c -index f7c375d1e601..6afda059e882 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c -@@ -4553,7 +4553,7 @@ static u64 distribute_cfs_runtime(struct cfs_bandwidth *cfs_b, +@@ -4553,7 +4553,7 @@ static u64 distribute_cfs_runtime(struct struct rq *rq = rq_of(cfs_rq); struct rq_flags rf; @@ -42,7 +42,7 @@ index f7c375d1e601..6afda059e882 100644 if (!cfs_rq_throttled(cfs_rq)) goto next; -@@ -4570,7 +4570,7 @@ static u64 distribute_cfs_runtime(struct cfs_bandwidth *cfs_b, +@@ -4570,7 +4570,7 @@ static u64 distribute_cfs_runtime(struct unthrottle_cfs_rq(cfs_rq); next: @@ -51,7 +51,7 @@ index f7c375d1e601..6afda059e882 100644 if (!remaining) break; -@@ -4586,7 +4586,7 @@ static u64 distribute_cfs_runtime(struct cfs_bandwidth *cfs_b, +@@ -4586,7 +4586,7 @@ next: * period the timer is deactivated until scheduling resumes; cfs_b->idle is * used to track this state. */ @@ -60,7 +60,7 @@ index f7c375d1e601..6afda059e882 100644 { u64 runtime, runtime_expires; int throttled; -@@ -4628,11 +4628,11 @@ static int do_sched_cfs_period_timer(struct cfs_bandwidth *cfs_b, int overrun) +@@ -4628,11 +4628,11 @@ static int do_sched_cfs_period_timer(str while (throttled && cfs_b->runtime > 0 && !cfs_b->distribute_running) { runtime = cfs_b->runtime; cfs_b->distribute_running = 1; @@ -74,7 +74,7 @@ index f7c375d1e601..6afda059e882 100644 cfs_b->distribute_running = 0; throttled = !list_empty(&cfs_b->throttled_cfs_rq); -@@ -4741,17 +4741,18 @@ static __always_inline void return_cfs_rq_runtime(struct cfs_rq *cfs_rq) +@@ -4741,17 +4741,18 @@ static __always_inline void return_cfs_r static void do_sched_cfs_slack_timer(struct cfs_bandwidth *cfs_b) { u64 runtime = 0, slice = sched_cfs_bandwidth_slice(); @@ -96,7 +96,7 @@ index f7c375d1e601..6afda059e882 100644 return; } -@@ -4762,18 +4763,18 @@ static void do_sched_cfs_slack_timer(struct cfs_bandwidth *cfs_b) +@@ -4762,18 +4763,18 @@ static void do_sched_cfs_slack_timer(str if (runtime) cfs_b->distribute_running = 1; @@ -118,20 +118,23 @@ index f7c375d1e601..6afda059e882 100644 } /* -@@ -4851,20 +4852,21 @@ static enum hrtimer_restart sched_cfs_period_timer(struct hrtimer *timer) +@@ -4853,11 +4854,12 @@ static enum hrtimer_restart sched_cfs_pe { struct cfs_bandwidth *cfs_b = container_of(timer, struct cfs_bandwidth, period_timer); + unsigned long flags; int overrun; int idle = 0; + int count = 0; - raw_spin_lock(&cfs_b->lock); + raw_spin_lock_irqsave(&cfs_b->lock, flags); for (;;) { overrun = hrtimer_forward_now(timer, cfs_b->period); if (!overrun) - break; +@@ -4885,11 +4887,11 @@ static enum hrtimer_restart sched_cfs_pe + count = 0; + } - idle = do_sched_cfs_period_timer(cfs_b, overrun); + idle = do_sched_cfs_period_timer(cfs_b, overrun, flags); @@ -143,6 +146,3 @@ index f7c375d1e601..6afda059e882 100644 return idle ? HRTIMER_NORESTART : HRTIMER_RESTART; } --- -2.20.1 - diff --git a/debian/patches-rt/0014-arm-kprobe-replace-patch_lock-to-raw-lock.patch b/debian/patches-rt/0014-arm-kprobe-replace-patch_lock-to-raw-lock.patch deleted file mode 100644 index 3f93a16bb..000000000 --- a/debian/patches-rt/0014-arm-kprobe-replace-patch_lock-to-raw-lock.patch +++ /dev/null @@ -1,76 +0,0 @@ -From c04aa401b3b76817b02a653adeeb221b31c0769b Mon Sep 17 00:00:00 2001 -From: Yang Shi -Date: Thu, 10 Nov 2016 16:17:55 -0800 -Subject: [PATCH 014/266] arm: kprobe: replace patch_lock to raw lock -Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patches-4.19.31-rt18.tar.xz - -When running kprobe on -rt kernel, the below bug is caught: - -BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:931 -in_atomic(): 1, irqs_disabled(): 128, pid: 14, name: migration/0 -INFO: lockdep is turned off. -irq event stamp: 238 -hardirqs last enabled at (237): [<80b5aecc>] _raw_spin_unlock_irqrestore+0x88/0x90 -hardirqs last disabled at (238): [<80b56d88>] __schedule+0xec/0x94c -softirqs last enabled at (0): [<80225584>] copy_process.part.5+0x30c/0x1994 -softirqs last disabled at (0): [< (null)>] (null) -Preemption disabled at:[<802f2b98>] cpu_stopper_thread+0xc0/0x140 - -CPU: 0 PID: 14 Comm: migration/0 Tainted: G O 4.8.3-rt2 #1 -Hardware name: Freescale LS1021A -[<80212e7c>] (unwind_backtrace) from [<8020cd2c>] (show_stack+0x20/0x24) -[<8020cd2c>] (show_stack) from [<80689e14>] (dump_stack+0xa0/0xcc) -[<80689e14>] (dump_stack) from [<8025a43c>] (___might_sleep+0x1b8/0x2a4) -[<8025a43c>] (___might_sleep) from [<80b5b324>] (rt_spin_lock+0x34/0x74) -[<80b5b324>] (rt_spin_lock) from [<80b5c31c>] (__patch_text_real+0x70/0xe8) -[<80b5c31c>] (__patch_text_real) from [<80b5c3ac>] (patch_text_stop_machine+0x18/0x20) -[<80b5c3ac>] (patch_text_stop_machine) from [<802f2920>] (multi_cpu_stop+0xfc/0x134) -[<802f2920>] (multi_cpu_stop) from [<802f2ba0>] (cpu_stopper_thread+0xc8/0x140) -[<802f2ba0>] (cpu_stopper_thread) from [<802563a4>] (smpboot_thread_fn+0x1a4/0x354) -[<802563a4>] (smpboot_thread_fn) from [<80251d38>] (kthread+0x104/0x11c) -[<80251d38>] (kthread) from [<80207f70>] (ret_from_fork+0x14/0x24) - -Since patch_text_stop_machine() is called in stop_machine() which disables IRQ, -sleepable lock should be not used in this atomic context, so replace patch_lock -to raw lock. - -Signed-off-by: Yang Shi -Signed-off-by: Sebastian Andrzej Siewior ---- - arch/arm/kernel/patch.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/arch/arm/kernel/patch.c b/arch/arm/kernel/patch.c -index a50dc00d79a2..d0a05a3bdb96 100644 ---- a/arch/arm/kernel/patch.c -+++ b/arch/arm/kernel/patch.c -@@ -16,7 +16,7 @@ struct patch { - unsigned int insn; - }; - --static DEFINE_SPINLOCK(patch_lock); -+static DEFINE_RAW_SPINLOCK(patch_lock); - - static void __kprobes *patch_map(void *addr, int fixmap, unsigned long *flags) - __acquires(&patch_lock) -@@ -33,7 +33,7 @@ static void __kprobes *patch_map(void *addr, int fixmap, unsigned long *flags) - return addr; - - if (flags) -- spin_lock_irqsave(&patch_lock, *flags); -+ raw_spin_lock_irqsave(&patch_lock, *flags); - else - __acquire(&patch_lock); - -@@ -48,7 +48,7 @@ static void __kprobes patch_unmap(int fixmap, unsigned long *flags) - clear_fixmap(fixmap); - - if (flags) -- spin_unlock_irqrestore(&patch_lock, *flags); -+ raw_spin_unlock_irqrestore(&patch_lock, *flags); - else - __release(&patch_lock); - } --- -2.20.1 - diff --git a/debian/patches-rt/0110-sched-Move-mmdrop-to-RCU-on-RT.patch b/debian/patches-rt/0110-sched-Move-mmdrop-to-RCU-on-RT.patch index bf41a102e..08ef982a9 100644 --- a/debian/patches-rt/0110-sched-Move-mmdrop-to-RCU-on-RT.patch +++ b/debian/patches-rt/0110-sched-Move-mmdrop-to-RCU-on-RT.patch @@ -8,6 +8,8 @@ Takes sleeping locks and calls into the memory allocator, so nothing we want to do in task switch and oder atomic contexts. Signed-off-by: Thomas Gleixner +[bwh: Adjusted to apply on top of commit 6ff17bc5936e "coredump: fix race + condition between mmget_not_zero()/get_task_mm() and core dumping"] --- include/linux/mm_types.h | 4 ++++ include/linux/sched/mm.h | 11 +++++++++++ @@ -15,8 +17,6 @@ Signed-off-by: Thomas Gleixner kernel/sched/core.c | 18 ++++++++++++++++-- 4 files changed, 44 insertions(+), 2 deletions(-) -diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index 5ed8f6292a53..f430cf0a377e 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h @@ -12,6 +12,7 @@ @@ -27,7 +27,7 @@ index 5ed8f6292a53..f430cf0a377e 100644 #include #include -@@ -482,6 +483,9 @@ struct mm_struct { +@@ -484,6 +485,9 @@ struct mm_struct { bool tlb_flush_batched; #endif struct uprobes_state uprobes_state; @@ -37,11 +37,9 @@ index 5ed8f6292a53..f430cf0a377e 100644 #ifdef CONFIG_HUGETLB_PAGE atomic_long_t hugetlb_usage; #endif -diff --git a/include/linux/sched/mm.h b/include/linux/sched/mm.h -index aebb370a0006..d3db98d1fc49 100644 --- a/include/linux/sched/mm.h +++ b/include/linux/sched/mm.h -@@ -49,6 +49,17 @@ static inline void mmdrop(struct mm_struct *mm) +@@ -49,6 +49,17 @@ static inline void mmdrop(struct mm_stru __mmdrop(mm); } @@ -56,14 +54,12 @@ index aebb370a0006..d3db98d1fc49 100644 +# define mmdrop_delayed(mm) mmdrop(mm) +#endif + - /** - * mmget() - Pin the address space associated with a &struct mm_struct. - * @mm: The address space to pin. -diff --git a/kernel/fork.c b/kernel/fork.c -index b7e0aac93ee5..857ce1a7269f 100644 + /* + * This has to be called after a get_task_mm()/mmget_not_zero() + * followed by taking the mmap_sem for writing before modifying the --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -637,6 +637,19 @@ void __mmdrop(struct mm_struct *mm) +@@ -642,6 +642,19 @@ void __mmdrop(struct mm_struct *mm) } EXPORT_SYMBOL_GPL(__mmdrop); @@ -83,11 +79,9 @@ index b7e0aac93ee5..857ce1a7269f 100644 static void mmdrop_async_fn(struct work_struct *work) { struct mm_struct *mm; -diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index b9c91231d19d..1c791181915d 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c -@@ -2728,9 +2728,13 @@ static struct rq *finish_task_switch(struct task_struct *prev) +@@ -2729,9 +2729,13 @@ static struct rq *finish_task_switch(str * provided by mmdrop(), * - a sync_core for SYNC_CORE. */ @@ -102,7 +96,7 @@ index b9c91231d19d..1c791181915d 100644 } if (unlikely(prev_state == TASK_DEAD)) { if (prev->sched_class->task_dead) -@@ -5558,6 +5562,8 @@ void sched_setnuma(struct task_struct *p, int nid) +@@ -5560,6 +5564,8 @@ void sched_setnuma(struct task_struct *p #endif /* CONFIG_NUMA_BALANCING */ #ifdef CONFIG_HOTPLUG_CPU @@ -111,7 +105,7 @@ index b9c91231d19d..1c791181915d 100644 /* * Ensure that the idle task is using init_mm right before its CPU goes * offline. -@@ -5573,7 +5579,11 @@ void idle_task_exit(void) +@@ -5575,7 +5581,11 @@ void idle_task_exit(void) current->active_mm = &init_mm; finish_arch_post_lock_switch(); } @@ -124,7 +118,7 @@ index b9c91231d19d..1c791181915d 100644 } /* -@@ -5885,6 +5895,10 @@ int sched_cpu_dying(unsigned int cpu) +@@ -5887,6 +5897,10 @@ int sched_cpu_dying(unsigned int cpu) update_max_interval(); nohz_balance_exit_idle(rq); hrtick_clear(rq); @@ -135,6 +129,3 @@ index b9c91231d19d..1c791181915d 100644 return 0; } #endif --- -2.20.1 - diff --git a/debian/patches-rt/0239-net-Add-a-mutex-around-devnet_rename_seq.patch b/debian/patches-rt/0239-net-Add-a-mutex-around-devnet_rename_seq.patch index 1a7927334..692005642 100644 --- a/debian/patches-rt/0239-net-Add-a-mutex-around-devnet_rename_seq.patch +++ b/debian/patches-rt/0239-net-Add-a-mutex-around-devnet_rename_seq.patch @@ -21,11 +21,9 @@ Signed-off-by: Thomas Gleixner net/core/dev.c | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) -diff --git a/net/core/dev.c b/net/core/dev.c -index 7d3f923a0436..5e42a8640e98 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -195,6 +195,7 @@ static unsigned int napi_gen_id = NR_CPUS; +@@ -195,6 +195,7 @@ static unsigned int napi_gen_id = NR_CPU static DEFINE_READ_MOSTLY_HASHTABLE(napi_hash, 8); static seqcount_t devnet_rename_seq; @@ -33,7 +31,7 @@ index 7d3f923a0436..5e42a8640e98 100644 static inline void dev_base_seq_inc(struct net *net) { -@@ -920,7 +921,8 @@ int netdev_get_name(struct net *net, char *name, int ifindex) +@@ -920,7 +921,8 @@ retry: strcpy(name, dev->name); rcu_read_unlock(); if (read_seqcount_retry(&devnet_rename_seq, seq)) { @@ -43,8 +41,8 @@ index 7d3f923a0436..5e42a8640e98 100644 goto retry; } -@@ -1183,20 +1185,17 @@ int dev_change_name(struct net_device *dev, const char *newname) - if (dev->flags & IFF_UP) +@@ -1197,20 +1199,17 @@ int dev_change_name(struct net_device *d + likely(!(dev->priv_flags & IFF_LIVE_RENAME_OK))) return -EBUSY; - write_seqcount_begin(&devnet_rename_seq); @@ -70,7 +68,7 @@ index 7d3f923a0436..5e42a8640e98 100644 if (oldname[0] && !strchr(oldname, '%')) netdev_info(dev, "renamed from %s\n", oldname); -@@ -1209,11 +1208,12 @@ int dev_change_name(struct net_device *dev, const char *newname) +@@ -1223,11 +1222,12 @@ rollback: if (ret) { memcpy(dev->name, oldname, IFNAMSIZ); dev->name_assign_type = old_assign_type; @@ -86,7 +84,7 @@ index 7d3f923a0436..5e42a8640e98 100644 netdev_adjacent_rename_links(dev, oldname); -@@ -1234,7 +1234,8 @@ int dev_change_name(struct net_device *dev, const char *newname) +@@ -1248,7 +1248,8 @@ rollback: /* err >= 0 after dev_alloc_name() or stores the first errno */ if (err >= 0) { err = ret; @@ -96,7 +94,7 @@ index 7d3f923a0436..5e42a8640e98 100644 memcpy(dev->name, oldname, IFNAMSIZ); memcpy(oldname, newname, IFNAMSIZ); dev->name_assign_type = old_assign_type; -@@ -1247,6 +1248,11 @@ int dev_change_name(struct net_device *dev, const char *newname) +@@ -1261,6 +1262,11 @@ rollback: } return err; @@ -108,6 +106,3 @@ index 7d3f923a0436..5e42a8640e98 100644 } /** --- -2.20.1 - diff --git a/debian/patches-rt/series b/debian/patches-rt/series index a3ec3e37d..8f3e5b6e1 100644 --- a/debian/patches-rt/series +++ b/debian/patches-rt/series @@ -11,7 +11,6 @@ 0011-sched-fair-Robustify-CFS-bandwidth-timer-locking.patch 0012-arm-Convert-arm-boot_lock-to-raw.patch 0013-x86-ioapic-Don-t-let-setaffinity-unmask-threaded-EOI.patch -0014-arm-kprobe-replace-patch_lock-to-raw-lock.patch 0016-cgroup-use-irqsave-in-cgroup_rstat_flush_locked.patch 0017-fscache-initialize-cookie-hash-table-raw-spinlocks.patch 0018-Drivers-hv-vmbus-include-header-for-get_irq_regs.patch diff --git a/debian/patches/bugfix/all/ACPICA-Namespace-remove-address-node-from-global-lis.patch b/debian/patches/bugfix/all/ACPICA-Namespace-remove-address-node-from-global-lis.patch deleted file mode 100644 index abe056d33..000000000 --- a/debian/patches/bugfix/all/ACPICA-Namespace-remove-address-node-from-global-lis.patch +++ /dev/null @@ -1,63 +0,0 @@ -From: Erik Schmauss -Date: Mon, 8 Apr 2019 13:42:26 -0700 -Subject: ACPICA: Namespace: remove address node from global list after method - termination -Origin: https://git.kernel.org/linus/c5781ffbbd4f742a58263458145fe7f0ac01d9e0 -Bug: https://bugzilla.kernel.org/show_bug.cgi?id=202475 - -ACPICA commit b233720031a480abd438f2e9c643080929d144c3 - -ASL operation_regions declare a range of addresses that it uses. In a -perfect world, the range of addresses should be used exclusively by -the AML interpreter. The OS can use this information to decide which -drivers to load so that the AML interpreter and device drivers use -different regions of memory. - -During table load, the address information is added to a global -address range list. Each node in this list contains an address range -as well as a namespace node of the operation_region. This list is -deleted at ACPI shutdown. - -Unfortunately, ASL operation_regions can be declared inside of control -methods. Although this is not recommended, modern firmware contains -such code. New module level code changes unintentionally removed the -functionality of adding and removing nodes to the global address -range list. - -A few months ago, support for adding addresses has been re- -implemented. However, the removal of the address range list was -missed and resulted in some systems to crash due to the address list -containing bogus namespace nodes from operation_regions declared in -control methods. In order to fix the crash, this change removes -dynamic operation_regions after control method termination. - -Link: https://github.com/acpica/acpica/commit/b2337200 -Link: https://bugzilla.kernel.org/show_bug.cgi?id=202475 -Fixes: 4abb951b73ff ("ACPICA: AML interpreter: add region addresses in global list during initialization") -Reported-by: Michael J Gruber -Signed-off-by: Erik Schmauss -Signed-off-by: Bob Moore -Cc: 4.20+ # 4.20+ -Signed-off-by: Rafael J. Wysocki ---- - drivers/acpi/acpica/nsobject.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/drivers/acpi/acpica/nsobject.c b/drivers/acpi/acpica/nsobject.c -index 8638f43cfc3d..79d86da1c892 100644 ---- a/drivers/acpi/acpica/nsobject.c -+++ b/drivers/acpi/acpica/nsobject.c -@@ -186,6 +186,10 @@ void acpi_ns_detach_object(struct acpi_namespace_node *node) - } - } - -+ if (obj_desc->common.type == ACPI_TYPE_REGION) { -+ acpi_ut_remove_address_range(obj_desc->region.space_id, node); -+ } -+ - /* Clear the Node entry in all cases */ - - node->object = NULL; --- -2.11.0 - diff --git a/debian/patches/bugfix/all/inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch b/debian/patches/bugfix/all/inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch deleted file mode 100644 index 6a8f5675d..000000000 --- a/debian/patches/bugfix/all/inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch +++ /dev/null @@ -1,46 +0,0 @@ -From: ZhangXiaoxu -Date: Sat, 2 Mar 2019 09:17:32 +0800 -Subject: inotify: Fix fsnotify_mark refcount leak in - inotify_update_existing_watch() -Origin: https://git.kernel.org/linus/62c9d2674b31d4c8a674bee86b7edc6da2803aea -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-9857 - -Commit 4d97f7d53da7dc83 ("inotify: Add flag IN_MASK_CREATE for -inotify_add_watch()") forgot to call fsnotify_put_mark() with -IN_MASK_CREATE after fsnotify_find_mark() - -Fixes: 4d97f7d53da7dc83 ("inotify: Add flag IN_MASK_CREATE for inotify_add_watch()") -Signed-off-by: ZhangXiaoxu -Signed-off-by: Jan Kara ---- - fs/notify/inotify/inotify_user.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c -index e2901fbb9f76..7b53598c8804 100644 ---- a/fs/notify/inotify/inotify_user.c -+++ b/fs/notify/inotify/inotify_user.c -@@ -519,8 +519,10 @@ static int inotify_update_existing_watch(struct fsnotify_group *group, - fsn_mark = fsnotify_find_mark(&inode->i_fsnotify_marks, group); - if (!fsn_mark) - return -ENOENT; -- else if (create) -- return -EEXIST; -+ else if (create) { -+ ret = -EEXIST; -+ goto out; -+ } - - i_mark = container_of(fsn_mark, struct inotify_inode_mark, fsn_mark); - -@@ -548,6 +550,7 @@ static int inotify_update_existing_watch(struct fsnotify_group *group, - /* return the wd */ - ret = i_mark->wd; - -+out: - /* match the get from fsnotify_find_mark() */ - fsnotify_put_mark(fsn_mark); - --- -2.11.0 - diff --git a/debian/patches/bugfix/all/tty-mark-Siemens-R3964-line-discipline-as-BROKEN.patch b/debian/patches/bugfix/all/tty-mark-Siemens-R3964-line-discipline-as-BROKEN.patch deleted file mode 100644 index a00e92e4f..000000000 --- a/debian/patches/bugfix/all/tty-mark-Siemens-R3964-line-discipline-as-BROKEN.patch +++ /dev/null @@ -1,46 +0,0 @@ -From: Greg Kroah-Hartman -Date: Fri, 5 Apr 2019 15:39:26 +0200 -Subject: tty: mark Siemens R3964 line discipline as BROKEN -Origin: https://git.kernel.org/linus/c7084edc3f6d67750f50d4183134c4fb5712a5c8 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-11486 - -The n_r3964 line discipline driver was written in a different time, when -SMP machines were rare, and users were trusted to do the right thing. -Since then, the world has moved on but not this code, it has stayed -rooted in the past with its lovely hand-crafted list structures and -loads of "interesting" race conditions all over the place. - -After attempting to clean up most of the issues, I just gave up and am -now marking the driver as BROKEN so that hopefully someone who has this -hardware will show up out of the woodwork (I know you are out there!) -and will help with debugging a raft of changes that I had laying around -for the code, but was too afraid to commit as odds are they would break -things. - -Many thanks to Jann and Linus for pointing out the initial problems in -this codebase, as well as many reviews of my attempts to fix the issues. -It was a case of whack-a-mole, and as you can see, the mole won. - -Reported-by: Jann Horn -Signed-off-by: Greg Kroah-Hartman -Signed-off-by: Linus Torvalds ---- - drivers/char/Kconfig | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig -index 72866a004f07..466ebd84ad17 100644 ---- a/drivers/char/Kconfig -+++ b/drivers/char/Kconfig -@@ -348,7 +348,7 @@ config XILINX_HWICAP - - config R3964 - tristate "Siemens R3964 line discipline" -- depends on TTY -+ depends on TTY && BROKEN - ---help--- - This driver allows synchronous communication with devices using the - Siemens R3964 packet protocol. Unless you are dealing with special --- -2.11.0 - diff --git a/debian/patches/series b/debian/patches/series index 03037477a..603250676 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -104,7 +104,6 @@ bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch debian/revert-objtool-fix-config_stack_validation-y-warning.patch bugfix/all/mt76-use-the-correct-hweight8-function.patch bugfix/all/revert-net-stmmac-send-tso-packets-always-from-queue.patch -bugfix/all/ACPICA-Namespace-remove-address-node-from-global-lis.patch # Miscellaneous features @@ -148,8 +147,6 @@ features/all/lockdown/lockdown-refer-to-debian-wiki-until-manual-page-exists.pat debian/i386-686-pae-pci-set-pci-nobios-by-default.patch bugfix/all/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch debian/ntfs-mark-it-as-broken.patch -bugfix/all/inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch -bugfix/all/tty-mark-Siemens-R3964-line-discipline-as-BROKEN.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch