From 8008ae41deeb69052e0f1b51552ef4875e629ffc Mon Sep 17 00:00:00 2001 From: Romain Perier Date: Thu, 15 Nov 2018 13:50:41 +0100 Subject: [PATCH] Update to 4.19.2 --- debian/changelog | 272 +++++++++++++++++- .../arm-disable-NEON-in-kernel-mode.patch | 25 +- ...irq-processing-in-irq-thread-context.patch | 61 ++-- .../x86/x86-boot-fix-efi-stub-alignment.patch | 40 --- .../enable-cold-boot-attack-mitigation.patch | 14 +- debian/patches/series | 1 - 6 files changed, 316 insertions(+), 97 deletions(-) delete mode 100644 debian/patches/bugfix/x86/x86-boot-fix-efi-stub-alignment.patch diff --git a/debian/changelog b/debian/changelog index d2e2d8b3f..6a8bc3a0d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -linux (4.19.1-1~exp1) UNRELEASED; urgency=medium +linux (4.19.2-1~exp1) UNRELEASED; urgency=medium * New upstream release: https://kernelnewbies.org/Linux_4.19 * New upstream stable update: @@ -26,6 +26,269 @@ linux (4.19.1-1~exp1) UNRELEASED; urgency=medium - [sparc64] Make corrupted user stacks more debuggable. - [sparc64] Wire up compat getpeername and getsockname. - net: bridge: remove ipv6 zero address check in mcast queries + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2 + - bpf: fix partial copy of map_ptr when dst is scalar + - [mips*] VDSO: Reduce VDSO_RANDOMIZE_SIZE to 64MB for 64bit + - [armhf] mtd: rawnand: marvell: fix the IRQ handler complete() condition + - bcache: trace missed reading by cache_missed + - bcache: fix ioctl in flash device + - bcache: correct dirty data statistics + - bcache: fix miss key refill->end in writeback + - jffs2: free jffs2_sb_info through jffs2_kill_sb() + - block: setup bounce bio_sets properly + - block: make sure discard bio is aligned with logical block size + - block: make sure writesame bio is aligned with logical block size + - cpufreq: conservative: Take limits changes into account properly + - [arm64, armhf] dma-mapping: fix panic caused by passing empty cma command + line argument + - [powerpc*, x86, alpha, hppa] pcmcia: Implement CLKRUN protocol disabling + for Ricoh bridges + - [arm64, x86] ACPI / OSL: Use 'jiffies' as the time bassis for + acpi_os_get_timer() + - ACPICA: AML interpreter: add region addresses in global list during + initialization + - acpi, nfit: Fix Address Range Scrub completion tracking + - [arm64] ipmi: Fix timer race with module unload + - [x86] ALSA: hda - Add quirk for ASUS G751 laptop + - [x86] ALSA: hda - Fix headphone pin config for ASUS G751 + - [x86] ALSA: hda/realtek - Fix the problem of the front MIC on the + Lenovo M715 + - [x86] ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) + - [powerpc*, mips*, arm64, x86, alpha] ALSA: hda: Add 2 more models to the + power_save blacklist + - [powerpc*, mips*, x86, alpha] ALSA: ca0106: Disable IZD on SB0570 DAC to + fix audio pops + - ALSA: hda - Fix incorrect clearance of thinkpad_acpi hooks + - [x86] speculation: Enable cross-hyperthread spectre v2 STIBP mitigation + - [x86] xen: Fix boot loader version reported for PVH guests + - [x86] kvm/nVMX: allow bare VMXON state migration + - [x86] mm/pat: Disable preemption around __flush_tlb_all() + - [x86] numa_emulation: Fix uniform-split numa emulation + - [armhf] dts: exynos: Disable pull control for MAX8997 interrupts on Origen + - [arm64] net: socionext: Reset tx queue in ndo_stop + - net: loopback: clear skb->tstamp before netif_rx() + - locking/lockdep: Fix debug_locks off performance problem + - [m68k] ataflop: fix error handling during setup + - swim: fix cleanup on setup error + - [arm64] cpufeature: ctr: Fix cpu capability check for late CPUs + - [x86] hv_netvsc: fix vf serial matching with pci slot info + - nfp: devlink port split support for 1x100G CXP NIC + - tun: Consistently configure generic netdev params via rtnetlink + - s390/sthyi: Fix machine name validity indication + - perf tools: Free temporary 'sys' string in read_event_files() + - perf tools: Cleanup trace-event-info 'tdata' leak + - perf tools: Free 'printk' string in parse_ftrace_printk() + - perf strbuf: Match va_{add,copy} with va_end + - cpupower: Fix coredump on VMWare + - bcache: Populate writeback_rate_minimum attribute + - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 + - [arm64, x86] sdhci: acpi: add free_slot callback + - iwlwifi: pcie: avoid empty free RB queue + - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface + - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI + - [x86] olpc: Indicate that legacy PC XO-1 platform should not register RTC + - [arm64] wlcore: Fix BUG with clear completion on timeout + - [arm64, x86] ACPI / processor: Fix the return value of + acpi_processor_ids_walk() + - [arm64, armhf] cpufreq: dt: Try freeing static OPPs only if we have added + them + - ath10k: fix tx status flag setting for management frames + - signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack + - Bluetooth: hci_qca: Remove hdev dereference in qca_close(). + - [x86] efi: Call efi_parse_options() from efi_main() + - [arm64, armhf] pinctrl: sunxi: fix 'pctrl->functions' allocation in + sunxi_pinctrl_build_state + - [arm64] pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux + - block, bfq: correctly charge and reset entity service in all cases + - [arm64] entry: Allow handling of undefined instructions from EL1 + - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() + - [armhf] spi: gpio: No MISO does not imply no RX + - [arm64, x86] ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail + DMA controllers + - [arm64] pinctrl: qcom: spmi-mpp: Fix drive strength setting + - bpf/verifier: fix verifier instability + - [arm64] pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant + - [arm64] pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant + - [arm64, armhf] net: dsa: mv88e6xxx: Fix writing to a PHY page. + - rsi: fix memory alignment issue in ARM32 platforms + - libertas_tf: prevent underflow in process_cmdrequest() + - iwlwifi: mvm: fix BAR seq ctrl reporting + - ixgbevf: VF2VF TCP RSS + - wil6210: fix RX buffers release and unmap + - ath10k: schedule hardware restart if WMI command times out + - libata: Apply NOLPM quirk for SAMSUNG MZ7TD256HAFV-000L9 + - cifs: fix a credits leak for compund commands + - f2fs: fix to account IO correctly for cgroup writeback + - MD: Memory leak when flush bio size is zero + - md: fix memleak for mempool + - of: Add missing exports of node name compare functions + - [m68k] scsi: esp_scsi: Track residual for PIO transfers + - scsi: ufs: Schedule clk gating work on correct queue + - [x86] KVM: nVMX: Clear reserved bits of #DB exit qualification + - scsi: megaraid_sas: fix a missing-check bug + - RDMA/core: Do not expose unsupported counters + - IB/ipoib: Clear IPCB before icmp_send + - [x86] usb: typec: tcpm: Report back negotiated PPS voltage and current + - [x86] tpm: suppress transmit cmd error logs when TPM 1.2 is + disabled/deactivated + - f2fs: clear PageError on the read path + - [x86] Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask + - [x86] VMCI: Resource wildcard match fixed + - [arm64, x86] PCI / ACPI: Enable wake automatically for power managed + bridges + - xprtrdma: Reset credit grant properly after a disconnect + - [arm64, armhf] usb: dwc2: fix call to vbus supply exit routine, call it + unlocked + - [arm64, armhf] usb: dwc2: fix a race with external vbus supply + - ext4: fix argument checking in EXT4_IOC_MOVE_EXT + - MD: fix invalid stored role for a disk + - scsi: qla2xxx: Fix recursive mailbox timeout + - f2fs: fix to recover inode's crtime during POR + - f2fs: fix to recover inode's i_flags during POR + - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice + - [arm64, armhf] usb: chipidea: Prevent unbalanced IRQ disable + - [x86] driver/dma/ioat: Call del_timer_sync() without holding prep_lock + - [x86] ASoC: AMD: Fix capture unstable in beginning for some runs + - IB/ipoib: Use dev_port to expose network interface port numbers + - IB/mlx5: Allow transition of DCI QP to reset + - uio: ensure class is registered before devices + - scsi: lpfc: Correct soft lockup when running mds diagnostics + - scsi: lpfc: Correct race with abort on completion path + - f2fs: avoid sleeping under spin_lock + - f2fs: report error if quota off error during umount + - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace + init + - f2fs: fix to flush all dirty inodes recovered in readonly fs + - IB/rxe: fix for duplicate request processing and ack psns + - [powerpc*, mips*, arm64, x86, alpha] ALSA: hda: Check the non-cached + stream buffers more explicitly + - cpupower: Fix AMD Family 0x17 msr_pstate size + - Revert "f2fs: fix to clear PG_checked flag in set_page_dirty()" + - f2fs: fix missing up_read + - f2fs: fix to recover cold bit of inode block during POR + - f2fs: fix to account IO correctly + - [armhf] dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings + - [armhf] dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250 + - [x86] tpm: Restore functionality to xen vtpm driver. + - xen/blkfront: avoid NULL blkfront_info dereference on device removal + - xen/balloon: Support xend-based toolstack + - [x86] xen: fix race in xen_qlock_wait() + - [x86] xen: make xen_qlock_wait() nestable + - [x86] xen/pvh: increase early stack size + - [x86] xen/pvh: don't try to unplug emulated devices + - libertas: don't set URB_ZERO_PACKET on IN USB transfer + - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten + - [x86] usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage + - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() + - scsi: sched/wait: Add wait_event_lock_irq_timeout for TASK_UNINTERRUPTIBLE + usage + - scsi: target: Fix target_wait_for_sess_cmds breakage with active signals + - [x86] libnvdimm: Hold reference on parent while scheduling async init + - [x86] libnvdimm, region: Fail badblocks listing for inactive regions + - [x86] libnvdimm, pmem: Fix badblocks population for 'raw' namespaces + - [x86] ASoC: intel: skylake: Add missing break in skl_tplg_get_token() + - IB/mlx5: Fix MR cache initialization + - IB/rxe: Revise the ib_wr_opcode enum + - gfs2_meta: ->mount() can get NULL dev_name + - ext4: fix EXT4_IOC_SWAP_BOOT + - ext4: initialize retries variable in ext4_da_write_inline_data_begin() + - ext4: fix setattr project check in fssetxattr ioctl + - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR + - ext4: fix use-after-free race in ext4_remount()'s error path + - selinux: fix mounting of cgroup2 under older policies + - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 + - HID: hiddev: fix potential Spectre v1 + - [mips*, arm64, x86] EDAC: Add Family 17h, models 10h-2fh support + - [x86] EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting + - [x86] EDAC, skx_edac: Fix logical channel intermediate decoding + - [armhf] dts: dra7: Fix up unaligned access setting for PCIe EP + - PCI/ASPM: Fix link_state teardown on device removal + - PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk + - [powerpc*] signal/GenWQE: Fix sending of SIGKILL + - signal: Guard against negative signal numbers in copy_siginfo_from_user32 + - crypto: lrw - Fix out-of bounds access on counter overflow + - [x86] crypto: aesni - don't use GFP_ATOMIC allocation if the request + doesn't cross a page in gcm + - crypto: speck - remove Speck + - mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range() + - userfaultfd: disable irqs when taking the waitqueue lock + - hugetlbfs: dirty pages as they are added to pagecache + - mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly + - [arm64, armhf] KVM: Ensure only THP is candidate for adjustment + - [arm64] KVM: Fix caching of host MDCR_EL2 value + - [armhf] w1: omap-hdq: fix missing bus unregister at removal + - smb3: allow stats which track session and share reconnects to be reset + - smb3: do not attempt cifs operation in smb3 query info error path + - smb3: on kerberos mount if server doesn't specify auth type use krb5 + - printk: Fix panic caused by passing log_buf_len to command line + - genirq: Fix race on spurious interrupt detection + - [x86] tpm: fix response size validation in tpm_get_random() + - NFSv4.1: Fix the r/wsize checking + - nfs: Fix a missed page unlock after pg_doio() + - nfsd: correctly decrement odstate refcount in error path + - dm ioctl: harden copy_params()'s copy_from_user() from malicious users + - dm zoned: fix metadata block ref counting + - dm zoned: fix various dmz_get_mblock() issues + - media: ov7670: make "xclk" clock optional + - [powerpc64] module elfv1: Set opd addresses after module relocation + - [powerpc*] msi: Fix compile error on mpc83xx + - [powerpc*] tm: Fix HFSCR bit for no suspend case + - MIPS: OCTEON: fix out of bounds array access on CN68XX + - [mips*, arm64, armhf] rtc: ds1307: fix ds1339 wakealarm support + - rtc: cmos: Fix non-ACPI undefined reference to `hpet_rtc_interrupt' + - rtc: cmos: Remove the `use_acpi_alarm' module parameter for !ACPI + - [armhf] power: supply: twl4030-charger: fix OF sibling-node lookup + - [arm64, armhf] iommu/arm-smmu: Ensure that page-table updates are visible + before TLBI + - Revert "media: dvbsky: use just one mutex for serializing device R/W ops" + - [x86] xen: fix xen_qlock_wait() + - xen: remove size limit of privcmd-buf mapping interface + - xen-blkfront: fix kernel panic with negotiate_mq error path + - media: em28xx: use a default format if TRY_FMT fails + - media: tvp5150: avoid going past array on v4l2_querymenu() + - media: em28xx: fix input name for Terratec AV 350 + - media: em28xx: make v4l2-compliance happier by starting sequence on zero + - media: em28xx: fix handler for vidioc_s_input() + - [arm64] rpmsg: smd: fix memory leak on channel create + - [armhf] dts: socfpga: Fix SDRAM node address for Arria10 + - btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled + - btrfs: Handle owner mismatch gracefully when walking up tree + - btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid + deadlock + - btrfs: fix error handling in free_log_tree + - btrfs: fix error handling in btrfs_dev_replace_start + - btrfs: Enhance btrfs_trim_fs function to handle error better + - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem + - btrfs: iterate all devices during trim, instead of fs_devices::alloc_list + - btrfs: don't attempt to trim devices that don't support it + - btrfs: keep trim from interfering with transaction commits + - btrfs: wait on caching when putting the bg cache + - btrfs: don't clean dirty pages during buffered writes + - btrfs: release metadata before running delayed refs + - btrfs: protect space cache inode alloc with GFP_NOFS + - btrfs: reset max_extent_size on clear in a bitmap + - btrfs: make sure we create all new block groups + - btrfs: fix warning when replaying log after fsync of a tmpfile + - btrfs: fix wrong dentries after fsync of file that got its parent replaced + - btrfs: qgroup: Dirty all qgroups before rescan + - btrfs: fix null pointer dereference on compressed write path error + - btrfs: fix assertion on fsync of regular file when using no-holes feature + - btrfs: fix deadlock when writing out free space caches + - btrfs: reset max_extent_size properly + - btrfs: set max_extent_size properly + - btrfs: don't use ctl->free_space for max_extent_size + - btrfs: only free reserved extent if we didn't insert it + - btrfs: fix insert_reserved error handling + - btrfs: don't run delayed_iputs in commit + - btrfs: move the dio_sem higher up the callchain + - Btrfs: fix use-after-free during inode eviction + - Btrfs: fix use-after-free when dumping free space + - net: sched: Remove TCA_OPTIONS from policy + - userns: also map extents in the reverse map to kernel IDs + - bpf: wait for running BPF programs when updating map-in-map + - [x86] vga_switcheroo: Fix missing gpu_bound call at audio client + registration + - MD: fix invalid stored role for a disk - try2 [ Ben Hutchings ] * linux-perf: Enable verbose output for build-time feature detection @@ -50,8 +313,15 @@ linux (4.19.1-1~exp1) UNRELEASED; urgency=medium [ Romain Perier ] * [rt] Update to 4.19.1-rt3 + * [rt] Update patch arm-disable-NEON-in-kernel-mode.patch, so it can be + applied onto 4.19.2 + * [rt] Update patch + irq-allow-disabling-of-softirq-processing-in-irq-thread-context.patch, so + it can be applied onto 4.19.2 * [amd64] Enable AMD pinctrl driver (Closes: #908954) * Enable Diffie-Hellman operations on retained keys (Closes: #911998) + * Update patch features/all/lockdown/enable-cold-boot-attack-mitigation.patch, + so it can be applied onto 4.19.2 -- Ben Hutchings Mon, 08 Oct 2018 18:45:06 +0100 diff --git a/debian/patches-rt/arm-disable-NEON-in-kernel-mode.patch b/debian/patches-rt/arm-disable-NEON-in-kernel-mode.patch index 430659d65..5bb2452da 100644 --- a/debian/patches-rt/arm-disable-NEON-in-kernel-mode.patch +++ b/debian/patches-rt/arm-disable-NEON-in-kernel-mode.patch @@ -14,11 +14,13 @@ stay on due to possible EFI callbacks so here I disable each algorithm. Cc: stable-rt@vger.kernel.org Signed-off-by: Sebastian Andrzej Siewior --- - arch/arm/Kconfig | 2 +- - arch/arm64/crypto/Kconfig | 30 +++++++++++++++--------------- - arch/arm64/crypto/crc32-ce-glue.c | 3 ++- - 3 files changed, 18 insertions(+), 17 deletions(-) + arch/arm/Kconfig | 2 +- + arch/arm64/crypto/Kconfig | 28 ++++++++++++++-------------- + arch/arm64/crypto/crc32-ce-glue.c | 3 ++- + 3 files changed, 17 insertions(+), 16 deletions(-) +diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig +index e8cd55a5b04c..956b68441ee4 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -2160,7 +2160,7 @@ config NEON @@ -30,6 +32,8 @@ Signed-off-by: Sebastian Andrzej Siewior help Say Y to include support for NEON in kernel mode. +diff --git a/arch/arm64/crypto/Kconfig b/arch/arm64/crypto/Kconfig +index d51944ff9f91..0d4b3f0cfba6 100644 --- a/arch/arm64/crypto/Kconfig +++ b/arch/arm64/crypto/Kconfig @@ -19,43 +19,43 @@ config CRYPTO_SHA512_ARM64 @@ -142,18 +146,11 @@ Signed-off-by: Sebastian Andrzej Siewior select CRYPTO_BLKCIPHER select CRYPTO_AES_ARM64_NEON_BLK select CRYPTO_AES_ARM64 -@@ -121,7 +121,7 @@ config CRYPTO_AES_ARM64_BS - - config CRYPTO_SPECK_NEON - tristate "NEON accelerated Speck cipher algorithms" -- depends on KERNEL_MODE_NEON -+ depends on KERNEL_MODE_NEON && !PREEMPT_RT_BASE - select CRYPTO_BLKCIPHER - select CRYPTO_SPECK - +diff --git a/arch/arm64/crypto/crc32-ce-glue.c b/arch/arm64/crypto/crc32-ce-glue.c +index 34b4e3d46aab..ae055cdad8cf 100644 --- a/arch/arm64/crypto/crc32-ce-glue.c +++ b/arch/arm64/crypto/crc32-ce-glue.c -@@ -208,7 +208,8 @@ static struct shash_alg crc32_pmull_algs +@@ -208,7 +208,8 @@ static struct shash_alg crc32_pmull_algs[] = { { static int __init crc32_pmull_mod_init(void) { diff --git a/debian/patches-rt/irq-allow-disabling-of-softirq-processing-in-irq-thread-context.patch b/debian/patches-rt/irq-allow-disabling-of-softirq-processing-in-irq-thread-context.patch index 2943a3e98..0eca9102b 100644 --- a/debian/patches-rt/irq-allow-disabling-of-softirq-processing-in-irq-thread-context.patch +++ b/debian/patches-rt/irq-allow-disabling-of-softirq-processing-in-irq-thread-context.patch @@ -12,16 +12,17 @@ thread context. Signed-off-by: Thomas Gleixner --- - include/linux/interrupt.h | 2 ++ - include/linux/irq.h | 4 +++- - kernel/irq/manage.c | 13 ++++++++++++- - kernel/irq/settings.h | 12 ++++++++++++ - kernel/softirq.c | 9 +++++++++ - 5 files changed, 38 insertions(+), 2 deletions(-) + include/linux/interrupt.h | 2 ++ + include/linux/irq.h | 4 +++- + kernel/irq/manage.c | 15 +++++++++++++++ + kernel/irq/settings.h | 12 ++++++++++++ + 4 files changed, 32 insertions(+), 1 deletion(-) +diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h +index eeceac3376fc..4a60c2618a6e 100644 --- a/include/linux/interrupt.h +++ b/include/linux/interrupt.h -@@ -62,6 +62,7 @@ +@@ -61,6 +61,7 @@ * interrupt handler after suspending interrupts. For system * wakeup devices users need to implement wakeup detection in * their interrupt handlers. @@ -29,7 +30,7 @@ Signed-off-by: Thomas Gleixner */ #define IRQF_SHARED 0x00000080 #define IRQF_PROBE_SHARED 0x00000100 -@@ -75,6 +76,7 @@ +@@ -74,6 +75,7 @@ #define IRQF_NO_THREAD 0x00010000 #define IRQF_EARLY_RESUME 0x00020000 #define IRQF_COND_SUSPEND 0x00040000 @@ -37,6 +38,8 @@ Signed-off-by: Thomas Gleixner #define IRQF_TIMER (__IRQF_TIMER | IRQF_NO_SUSPEND | IRQF_NO_THREAD) +diff --git a/include/linux/irq.h b/include/linux/irq.h +index 201de12a9957..c8fa3f632cec 100644 --- a/include/linux/irq.h +++ b/include/linux/irq.h @@ -69,6 +69,7 @@ enum irqchip_irq_state; @@ -63,26 +66,30 @@ Signed-off-by: Thomas Gleixner #define IRQ_NO_BALANCING_MASK (IRQ_PER_CPU | IRQ_NO_BALANCING) +diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c +index 9dbdccab3b6a..748e7cd2b053 100644 --- a/kernel/irq/manage.c +++ b/kernel/irq/manage.c -@@ -967,7 +967,15 @@ irq_forced_thread_fn(struct irq_desc *de - local_bh_disable(); - ret = action->thread_fn(action->irq, action->dev_id); +@@ -932,6 +932,18 @@ irq_forced_thread_fn(struct irq_desc *desc, struct irqaction *action) + irq_finalize_oneshot(desc, action); -- local_bh_enable(); + local_bh_enable(); + /* + * Interrupts which have real time requirements can be set up + * to avoid softirq processing in the thread handler. This is + * safe as these interrupts do not raise soft interrupts. + */ -+ if (irq_settings_no_softirq_call(desc)) -+ _local_bh_enable(); -+ else ++ if (irq_settings_no_softirq_call(desc)) { ++ if (WARN_ON(current->softirq_nestcnt == 0)) ++ return ret; ++ if (--current->softirq_nestcnt == 0) ++ migrate_enable(); ++ } else + local_bh_enable(); return ret; } -@@ -1476,6 +1484,9 @@ static int +@@ -1441,6 +1453,9 @@ __setup_irq(unsigned int irq, struct irq_desc *desc, struct irqaction *new) irqd_set(&desc->irq_data, IRQD_NO_BALANCING); } @@ -92,6 +99,8 @@ Signed-off-by: Thomas Gleixner if (irq_settings_can_autoenable(desc)) { irq_startup(desc, IRQ_RESEND, IRQ_START_COND); } else { +diff --git a/kernel/irq/settings.h b/kernel/irq/settings.h +index e43795cd2ccf..47e2f9e23586 100644 --- a/kernel/irq/settings.h +++ b/kernel/irq/settings.h @@ -17,6 +17,7 @@ enum { @@ -110,7 +119,7 @@ Signed-off-by: Thomas Gleixner #undef IRQF_MODIFY_MASK #define IRQF_MODIFY_MASK GOT_YOU_MORON -@@ -41,6 +43,16 @@ irq_settings_clr_and_set(struct irq_desc +@@ -41,6 +43,16 @@ irq_settings_clr_and_set(struct irq_desc *desc, u32 clr, u32 set) desc->status_use_accessors |= (set & _IRQF_MODIFY_MASK); } @@ -127,21 +136,3 @@ Signed-off-by: Thomas Gleixner static inline bool irq_settings_is_per_cpu(struct irq_desc *desc) { return desc->status_use_accessors & _IRQ_PER_CPU; ---- a/kernel/softirq.c -+++ b/kernel/softirq.c -@@ -598,6 +598,15 @@ void __local_bh_enable(void) - } - EXPORT_SYMBOL(__local_bh_enable); - -+void _local_bh_enable(void) -+{ -+ if (WARN_ON(current->softirq_nestcnt == 0)) -+ return; -+ if (--current->softirq_nestcnt == 0) -+ migrate_enable(); -+} -+EXPORT_SYMBOL(_local_bh_enable); -+ - int in_serving_softirq(void) - { - return current->flags & PF_IN_SOFTIRQ; diff --git a/debian/patches/bugfix/x86/x86-boot-fix-efi-stub-alignment.patch b/debian/patches/bugfix/x86/x86-boot-fix-efi-stub-alignment.patch deleted file mode 100644 index 5c38bf02c..000000000 --- a/debian/patches/bugfix/x86/x86-boot-fix-efi-stub-alignment.patch +++ /dev/null @@ -1,40 +0,0 @@ -From: Ben Hutchings -Date: Wed, 05 Sep 2018 17:28:12 +0100 -Subject: x86: boot: Fix EFI stub alignment -Forwarded: https://lore.kernel.org/lkml/20180916152246.GG4765@decadent.org.uk/T/#u - -We currently align the end of the compressed image to a multiple of -16. However the PE-COFF header included in the EFI stub says that the -file alignment is 32 bytes, and when adding an EFI signature to the -file it must first be padded to this alignment. - -sbsigntool commands warn about this: - - warning: file-aligned section .text extends beyond end of file - warning: checksum areas are greater than image size. Invalid section table? - -Worse, pesign-at least when creating a detached signature—uses the -hash of the unpadded file, resulting in an invalid signature if -padding is required. - -Avoid both these problems by increasing alignment to 32 bytes when -CONFIG_EFI_STUB is enabled. - -Signed-off-by: Ben Hutchings ---- ---- a/arch/x86/boot/tools/build.c -+++ b/arch/x86/boot/tools/build.c -@@ -391,6 +391,13 @@ int main(int argc, char ** argv) - die("Unable to mmap '%s': %m", argv[2]); - /* Number of 16-byte paragraphs, including space for a 4-byte CRC */ - sys_size = (sz + 15 + 4) / 16; -+#ifdef CONFIG_EFI_STUB -+ /* -+ * COFF requires minimum 32-byte alignment of sections, and -+ * adding a signature is problematic without that alignment. -+ */ -+ sys_size = (sys_size + 1) & ~1; -+#endif - - /* Patch the setup code with the appropriate size parameters */ - buf[0x1f1] = setup_sectors-1; diff --git a/debian/patches/features/all/lockdown/enable-cold-boot-attack-mitigation.patch b/debian/patches/features/all/lockdown/enable-cold-boot-attack-mitigation.patch index 2b089959c..793858708 100644 --- a/debian/patches/features/all/lockdown/enable-cold-boot-attack-mitigation.patch +++ b/debian/patches/features/all/lockdown/enable-cold-boot-attack-mitigation.patch @@ -8,9 +8,11 @@ Origin: https://github.com/mjg59/linux/commit/02d999574936dd234a508c0112a0200c13 arch/x86/boot/compressed/eboot.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) +diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c +index 8b4c5e001157..0813490ca6e0 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c -@@ -604,6 +604,22 @@ void setup_graphics(struct boot_params * +@@ -371,6 +371,22 @@ void setup_graphics(struct boot_params *boot_params) } } @@ -33,16 +35,16 @@ Origin: https://github.com/mjg59/linux/commit/02d999574936dd234a508c0112a0200c13 /* * Because the x86 boot code expects to be passed a boot_params we * need to create one ourselves (usually the bootloader would create -@@ -989,6 +1005,12 @@ struct boot_params *efi_main(struct efi_ - setup_boot_services32(efi_early); +@@ -765,6 +781,12 @@ efi_main(struct efi_config *c, struct boot_params *boot_params) + ((u64)boot_params->ext_cmd_line_ptr << 32)); + efi_parse_options((char *)cmdline_paddr); - /* ++ /* + * Ask the firmware to clear memory if we don't have a clean + * shutdown + */ + enable_reset_attack_mitigation(); + -+ /* + /* * If the boot loader gave us a value for secure_boot then we use that, * otherwise we ask the BIOS. - */ diff --git a/debian/patches/series b/debian/patches/series index cf8bffd9f..57872c847 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -75,7 +75,6 @@ bugfix/powerpc/powerpc-lib-sstep-fix-building-for-powerpcspe.patch bugfix/powerpc/powerpc-lib-makefile-don-t-pull-in-quad.o-for-32-bit.patch bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch -bugfix/x86/x86-boot-fix-efi-stub-alignment.patch bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch bugfix/x86/x86-32-disable-3dnow-in-generic-config.patch