Release linux (4.8.15-2).
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlhtitEACgkQ57/I7JWG EQlPqQ//V6+eUGkATmlFFyxsM91OsMgZyxtt0Pzf7XvFg4gBr+hJIaJwxasVRZGi w/r4uYHmiX7fLrXnanT+RekT1zCGQBOLUvm2Rlwi845PAl9fMCSb+9Jiz60THeN7 cHg7JEvNhTEEDpLK1FJlU3fiMqb5LRdUTkz+RkhKRfITm4/bT3h0Ow72/Xy6JsrI nAf/AyncvBCQvrIUXYyfyHUPhkYMk8L7bC6G4o803kFdPYTb1WR2gRbpsI6jSVs8 YFbrfMpH1foPHiTVWP+inDN9LA2TO8QGMvAuCAQzQuLzKztrU0i/1shjDfaN61qx xQhXE08TwNnkDZQCtIFZrLkRPSFlLqFqVWyL9eyPAYNAnZeugxB6F3HOWk5cKWqj NPpZ10zAnKliPnL7z+eFlxLq34UgVqqe1FeRB5iBEC2dQYEs3LuB1RF2zFOuZ74T cvXKJJhuR4iMNcAOax6Uab+3iyC/PGm5VSiCL+IPbD7H9IaXLcICE8l1r0zRs5Sa Um4YQKTy8kFK/CRsEOB8CofXMuBXLzEw2xeNn6187d/ZeA7uiUsyd2nVkXnO0FNt B2JkV6kwO99WAnNwTZSwF7QJJe8ir7X4X1qdk00sqNYiDff/CBHjRT1gLRzNyOuJ r9QFKRt4UGF3XGpE89czRRoHfP9WkdrmdmP1i/DnkSVO6L8/y6Y= =AxAX -----END PGP SIGNATURE----- Merge tag 'debian/4.8.15-2'
This commit is contained in:
commit
97ab9059a9
|
@ -92,6 +92,43 @@ linux (4.9~rc3-1~exp1) experimental; urgency=medium
|
|||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Thu, 03 Nov 2016 16:51:55 -0600
|
||||
|
||||
linux (4.8.15-2) unstable; urgency=medium
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* [x86] Enable INTEL_VBTN as module (Closes: #848967)
|
||||
* debian/control: Change build-dependency on asciidoc to prefer the new
|
||||
asciidoc-base, so we don't pull in LaTeX unnecessarily
|
||||
* [x86] Enable LEDS_DELL_NETBOOKS and DELL_SMBIOS as modules; re-enable
|
||||
DELL_LAPTOP and DELL_WMI as modules (Closes: #849674)
|
||||
* [powerpc*] boot: Request no dynamic linker for boot wrapper
|
||||
(Closes: #848851, FTBFS on ppc6el)
|
||||
* cpufreq: Enable CPU_FREQ_GOV_SCHEDUTIL as module
|
||||
* [x86] ACPI: Enable DPTF_POWER as module
|
||||
* [x86] perf: Enable PERF_EVENTS_AMD_POWER as module
|
||||
* [x86] perf: Change PERF_EVENTS_INTEL_{CSTATE,RAPL,UNCORE} from built-in
|
||||
to modules
|
||||
* PCI: Enable PCIE_DPC (except for armel/versatile)
|
||||
* [amd64] PCI: Enable PCI_HYPERV as module
|
||||
* inet: Enable INET_DIAG_DESTROY
|
||||
* tcp: Enable TCP_CONG_NV as module
|
||||
* ipv6: Enable IPV6_ILA as module
|
||||
* net/sched: Enable NET_CLS_MATCHALL, NET_ACT_IFE, NET_IFE_SKBMARK,
|
||||
NET_IFE_SKBPRIO as modules
|
||||
* hci_uart: Enable BT_HCIUART_AG6XX
|
||||
* nvme: Enable NVME_RDMA, NVME_TARGET, NVME_TARGET_RDMA as modules
|
||||
* [amd64] mic: Enable VOP_BUS and VOP as modules; re-enable INTEL_MIC_HOST as
|
||||
module
|
||||
* debian/control: Add Salvatore Bonaccorso to Uploaders
|
||||
* [rt] Update to 4.8.15-rt10 (no functional change)
|
||||
|
||||
[ Salvatore Bonaccorso ]
|
||||
* sg_write()/bsg_write() is not fit to be called under KERNEL_DS
|
||||
(CVE-2016-10088)
|
||||
* kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)
|
||||
(CVE-2016-9588)
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Wed, 04 Jan 2017 19:39:36 +0000
|
||||
|
||||
linux (4.8.15-1) unstable; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
|
|
|
@ -9,10 +9,12 @@ CONFIG_CALGARY_IOMMU_ENABLED_BY_DEFAULT=y
|
|||
# CONFIG_MAXSMP is not set
|
||||
CONFIG_NR_CPUS=512
|
||||
CONFIG_X86_16BIT=y
|
||||
CONFIG_X86_VSYSCALL_EMULATION=y
|
||||
CONFIG_NUMA=y
|
||||
CONFIG_AMD_NUMA=y
|
||||
CONFIG_X86_64_ACPI_NUMA=y
|
||||
CONFIG_NUMA_EMU=y
|
||||
CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
|
||||
CONFIG_EFI_MIXED=y
|
||||
CONFIG_KEXEC_FILE=y
|
||||
CONFIG_KEXEC_VERIFY_SIG=y
|
||||
|
@ -133,10 +135,12 @@ CONFIG_MAC_EMUMOUSEBTN=y
|
|||
##
|
||||
CONFIG_INTEL_MIC_BUS=m
|
||||
CONFIG_SCIF_BUS=m
|
||||
CONFIG_VOP_BUS=m
|
||||
CONFIG_INTEL_MIC_HOST=m
|
||||
# CONFIG_INTEL_MIC_CARD is not set
|
||||
CONFIG_SCIF=m
|
||||
CONFIG_MIC_COSM=m
|
||||
CONFIG_VOP=m
|
||||
|
||||
##
|
||||
## file: drivers/net/Kconfig
|
||||
|
@ -153,6 +157,11 @@ CONFIG_FUJITSU_ES=m
|
|||
##
|
||||
CONFIG_NVDIMM_PFN=y
|
||||
|
||||
##
|
||||
## file: drivers/pci/Kconfig
|
||||
##
|
||||
CONFIG_PCI_HYPERV=y
|
||||
|
||||
##
|
||||
## file: drivers/scsi/Kconfig
|
||||
##
|
||||
|
|
|
@ -495,6 +495,11 @@ CONFIG_MWIFIEX_SDIO=m
|
|||
##
|
||||
CONFIG_PCI_MVEBU=y
|
||||
|
||||
##
|
||||
## file: drivers/pci/pcie/Kconfig
|
||||
##
|
||||
# CONFIG_PCIE_DPC is not set
|
||||
|
||||
##
|
||||
## file: drivers/pcmcia/Kconfig
|
||||
##
|
||||
|
|
|
@ -5,6 +5,8 @@ CONFIG_OPROFILE=m
|
|||
CONFIG_KPROBES=y
|
||||
CONFIG_JUMP_LABEL=y
|
||||
# CONFIG_STATIC_KEYS_SELFTEST is not set
|
||||
#. Until we work out how to package them
|
||||
# CONFIG_GCC_PLUGINS is not set
|
||||
## choice: Stack Protector buffer overflow detection
|
||||
CONFIG_CC_STACKPROTECTOR_STRONG=y
|
||||
## end choice
|
||||
|
@ -161,6 +163,7 @@ CONFIG_ACPI_TABLE_UPGRADE=y
|
|||
# CONFIG_ACPI_BGRT is not set
|
||||
# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set
|
||||
# CONFIG_PMIC_OPREGION is not set
|
||||
# CONFIG_ACPI_CONFIGFS is not set
|
||||
|
||||
##
|
||||
## file: drivers/acpi/nfit/Kconfig
|
||||
|
@ -353,6 +356,7 @@ CONFIG_BT_HCIUART_3WIRE=y
|
|||
CONFIG_BT_HCIUART_INTEL=y
|
||||
CONFIG_BT_HCIUART_BCM=y
|
||||
CONFIG_BT_HCIUART_QCA=y
|
||||
CONFIG_BT_HCIUART_AG6XX=y
|
||||
# CONFIG_BT_HCIBTUART is not set
|
||||
CONFIG_BT_MRVL=m
|
||||
CONFIG_BT_MRVL_SDIO=m
|
||||
|
@ -437,6 +441,7 @@ CONFIG_CPU_FREQ_GOV_POWERSAVE=m
|
|||
CONFIG_CPU_FREQ_GOV_USERSPACE=m
|
||||
CONFIG_CPU_FREQ_GOV_ONDEMAND=m
|
||||
CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m
|
||||
CONFIG_CPU_FREQ_GOV_SCHEDUTIL=m
|
||||
# CONFIG_CPUFREQ_DT is not set
|
||||
|
||||
##
|
||||
|
@ -2594,6 +2599,7 @@ CONFIG_MTD_NAND_CS553X=m
|
|||
CONFIG_MTD_NAND_NANDSIM=m
|
||||
# CONFIG_MTD_NAND_PLATFORM is not set
|
||||
# CONFIG_MTD_NAND_HISI504 is not set
|
||||
# CONFIG_MTD_NAND_MTK is not set
|
||||
|
||||
##
|
||||
## file: drivers/mtd/onenand/Kconfig
|
||||
|
@ -2608,6 +2614,7 @@ CONFIG_MTD_ONENAND_2X_PROGRAM=y
|
|||
## file: drivers/mtd/spi-nor/Kconfig
|
||||
##
|
||||
CONFIG_MTD_SPI_NOR=m
|
||||
# CONFIG_MTD_MT81xx_NOR is not set
|
||||
CONFIG_MTD_SPI_NOR_USE_4K_SECTORS=y
|
||||
|
||||
##
|
||||
|
@ -2677,6 +2684,11 @@ CONFIG_CAN_CALC_BITTIMING=y
|
|||
##
|
||||
# CONFIG_CAN_CC770 is not set
|
||||
|
||||
##
|
||||
## file: drivers/net/can/ifi_canfd/Kconfig
|
||||
##
|
||||
# CONFIG_CAN_IFI_CANFD is not set
|
||||
|
||||
##
|
||||
## file: drivers/net/can/m_can/Kconfig
|
||||
##
|
||||
|
@ -3629,12 +3641,18 @@ CONFIG_NFC_PORT100=m
|
|||
## file: drivers/nfc/pn533/Kconfig
|
||||
##
|
||||
CONFIG_NFC_PN533_USB=m
|
||||
# CONFIG_NFC_PN533_I2C is not set
|
||||
|
||||
##
|
||||
## file: drivers/nfc/st21nfca/Kconfig
|
||||
##
|
||||
# CONFIG_NFC_ST21NFCA_I2C is not set
|
||||
|
||||
##
|
||||
## file: drivers/nfc/st95hf/Kconfig
|
||||
##
|
||||
# CONFIG_NFC_ST95HF is not set
|
||||
|
||||
##
|
||||
## file: drivers/ntb/Kconfig
|
||||
##
|
||||
|
@ -3644,6 +3662,15 @@ CONFIG_NFC_PN533_USB=m
|
|||
## file: drivers/nvme/host/Kconfig
|
||||
##
|
||||
CONFIG_BLK_DEV_NVME=m
|
||||
# CONFIG_BLK_DEV_NVME_SCSI is not set
|
||||
CONFIG_NVME_RDMA=m
|
||||
|
||||
##
|
||||
## file: drivers/nvme/target/Kconfig
|
||||
##
|
||||
CONFIG_NVME_TARGET=m
|
||||
# CONFIG_NVME_TARGET_LOOP is not set
|
||||
CONFIG_NVME_TARGET_RDMA=m
|
||||
|
||||
##
|
||||
## file: drivers/of/Kconfig
|
||||
|
@ -3676,6 +3703,11 @@ CONFIG_PCI_IOV=y
|
|||
# CONFIG_PCI_PRI is not set
|
||||
# CONFIG_PCI_PASID is not set
|
||||
|
||||
##
|
||||
## file: drivers/pci/host/Kconfig
|
||||
##
|
||||
# CONFIG_PCIE_DW_PLAT is not set
|
||||
|
||||
##
|
||||
## file: drivers/pci/hotplug/Kconfig
|
||||
##
|
||||
|
@ -3688,6 +3720,7 @@ CONFIG_PCIEPORTBUS=y
|
|||
CONFIG_HOTPLUG_PCI_PCIE=y
|
||||
CONFIG_PCIEASPM=y
|
||||
# CONFIG_PCIEASPM_DEBUG is not set
|
||||
CONFIG_PCIE_DPC=y
|
||||
|
||||
##
|
||||
## file: drivers/pci/pcie/aer/Kconfig
|
||||
|
@ -5590,6 +5623,7 @@ CONFIG_MODVERSIONS=y
|
|||
CONFIG_MODULE_SIG_SHA256=y
|
||||
## end choice
|
||||
# CONFIG_MODULE_COMPRESS is not set
|
||||
# CONFIG_TRIM_UNUSED_KSYMS is not set
|
||||
|
||||
##
|
||||
## file: kernel/gcov/Kconfig
|
||||
|
@ -5834,6 +5868,7 @@ CONFIG_IO_STRICT_DEVMEM=y
|
|||
## file: mm/Kconfig
|
||||
##
|
||||
CONFIG_MEMORY_HOTPLUG=y
|
||||
# CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE is not set
|
||||
CONFIG_MEMORY_HOTREMOVE=y
|
||||
CONFIG_BALLOON_COMPACTION=y
|
||||
CONFIG_COMPACTION=y
|
||||
|
@ -5855,6 +5890,7 @@ CONFIG_ZSWAP=y
|
|||
CONFIG_ZBUD=y
|
||||
CONFIG_ZSMALLOC=m
|
||||
# CONFIG_PGTABLE_MAPPING is not set
|
||||
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
|
||||
|
||||
##
|
||||
## file: mm/Kconfig.debug
|
||||
|
@ -5884,6 +5920,7 @@ CONFIG_LWTUNNEL=y
|
|||
## file: net/6lowpan/Kconfig
|
||||
##
|
||||
CONFIG_6LOWPAN=m
|
||||
# CONFIG_6LOWPAN_DEBUGFS is not set
|
||||
CONFIG_6LOWPAN_NHC=m
|
||||
CONFIG_6LOWPAN_NHC_DEST=m
|
||||
CONFIG_6LOWPAN_NHC_FRAGMENT=m
|
||||
|
@ -5937,6 +5974,7 @@ CONFIG_BT_BREDR=y
|
|||
CONFIG_BT_HS=y
|
||||
CONFIG_BT_LE=y
|
||||
CONFIG_BT_6LOWPAN=m
|
||||
# CONFIG_BT_LEDS is not set
|
||||
# CONFIG_BT_SELFTEST is not set
|
||||
CONFIG_BT_DEBUGFS=y
|
||||
|
||||
|
@ -6095,6 +6133,7 @@ CONFIG_INET_XFRM_MODE_TUNNEL=m
|
|||
CONFIG_INET_XFRM_MODE_BEET=m
|
||||
CONFIG_INET_DIAG=m
|
||||
CONFIG_INET_UDP_DIAG=m
|
||||
CONFIG_INET_DIAG_DESTROY=y
|
||||
CONFIG_TCP_CONG_ADVANCED=y
|
||||
CONFIG_TCP_CONG_BIC=m
|
||||
CONFIG_TCP_CONG_CUBIC=y
|
||||
|
@ -6103,6 +6142,7 @@ CONFIG_TCP_CONG_HTCP=m
|
|||
CONFIG_TCP_CONG_HSTCP=m
|
||||
CONFIG_TCP_CONG_HYBLA=m
|
||||
CONFIG_TCP_CONG_VEGAS=m
|
||||
CONFIG_TCP_CONG_NV=m
|
||||
CONFIG_TCP_CONG_SCALABLE=m
|
||||
CONFIG_TCP_CONG_LP=m
|
||||
CONFIG_TCP_CONG_VENO=m
|
||||
|
@ -6170,6 +6210,7 @@ CONFIG_INET6_AH=m
|
|||
CONFIG_INET6_ESP=m
|
||||
CONFIG_INET6_IPCOMP=m
|
||||
CONFIG_IPV6_MIP6=y
|
||||
CONFIG_IPV6_ILA=m
|
||||
CONFIG_INET6_XFRM_MODE_TRANSPORT=m
|
||||
CONFIG_INET6_XFRM_MODE_TUNNEL=m
|
||||
CONFIG_INET6_XFRM_MODE_BEET=m
|
||||
|
@ -6219,6 +6260,11 @@ CONFIG_IP6_NF_NAT=m
|
|||
CONFIG_IP6_NF_TARGET_MASQUERADE=m
|
||||
CONFIG_IP6_NF_TARGET_NPT=m
|
||||
|
||||
##
|
||||
## file: net/kcm/Kconfig
|
||||
##
|
||||
# CONFIG_AF_KCM is not set
|
||||
|
||||
##
|
||||
## file: net/l2tp/Kconfig
|
||||
##
|
||||
|
@ -6267,6 +6313,11 @@ CONFIG_NET_MPLS_GSO=y
|
|||
CONFIG_MPLS_ROUTING=m
|
||||
CONFIG_MPLS_IPTUNNEL=m
|
||||
|
||||
##
|
||||
## file: net/ncsi/Kconfig
|
||||
##
|
||||
# CONFIG_NET_NCSI is not set
|
||||
|
||||
##
|
||||
## file: net/netfilter/Kconfig
|
||||
##
|
||||
|
@ -6554,6 +6605,7 @@ CONFIG_NET_CLS_FLOW=m
|
|||
CONFIG_NET_CLS_CGROUP=m
|
||||
CONFIG_NET_CLS_BPF=m
|
||||
CONFIG_NET_CLS_FLOWER=m
|
||||
CONFIG_NET_CLS_MATCHALL=m
|
||||
CONFIG_NET_EMATCH=y
|
||||
CONFIG_NET_EMATCH_STACK=32
|
||||
CONFIG_NET_EMATCH_CMP=m
|
||||
|
@ -6577,6 +6629,9 @@ CONFIG_NET_ACT_CSUM=m
|
|||
CONFIG_NET_ACT_VLAN=m
|
||||
CONFIG_NET_ACT_BPF=m
|
||||
CONFIG_NET_ACT_CONNMARK=m
|
||||
CONFIG_NET_ACT_IFE=m
|
||||
CONFIG_NET_IFE_SKBMARK=m
|
||||
CONFIG_NET_IFE_SKBPRIO=m
|
||||
CONFIG_NET_CLS_IND=y
|
||||
|
||||
##
|
||||
|
@ -6600,6 +6655,11 @@ CONFIG_RPCSEC_GSS_KRB5=m
|
|||
CONFIG_SUNRPC_DEBUG=y
|
||||
CONFIG_SUNRPC_XPRT_RDMA=m
|
||||
|
||||
##
|
||||
## file: net/switchdev/Kconfig
|
||||
##
|
||||
# CONFIG_NET_SWITCHDEV is not set
|
||||
|
||||
##
|
||||
## file: net/tipc/Kconfig
|
||||
##
|
||||
|
|
|
@ -6,3 +6,4 @@ CONFIG_WAKEUP_LATENCY_HIST=y
|
|||
CONFIG_RCU_EXPERT=y
|
||||
#. Certificate paths are resolved relative to debian/build/source_rt
|
||||
CONFIG_SYSTEM_TRUSTED_KEYS="../../certs/benh@debian.org.cert.pem"
|
||||
CONFIG_HWLAT_DETECTOR=m
|
||||
|
|
|
@ -18,6 +18,7 @@ CONFIG_HYPERVISOR_GUEST=y
|
|||
CONFIG_PARAVIRT=y
|
||||
# CONFIG_PARAVIRT_DEBUG is not set
|
||||
CONFIG_PARAVIRT_SPINLOCKS=y
|
||||
# CONFIG_QUEUED_LOCK_STAT is not set
|
||||
CONFIG_KVM_GUEST=y
|
||||
# CONFIG_KVM_DEBUG_FS is not set
|
||||
# CONFIG_PARAVIRT_TIME_ACCOUNTING is not set
|
||||
|
@ -111,6 +112,14 @@ CONFIG_OPTIMIZE_INLINING=y
|
|||
# CONFIG_DEBUG_NMI_SELFTEST is not set
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
|
||||
##
|
||||
## file: arch/x86/events/Kconfig
|
||||
##
|
||||
CONFIG_PERF_EVENTS_INTEL_UNCORE=m
|
||||
CONFIG_PERF_EVENTS_INTEL_RAPL=m
|
||||
CONFIG_PERF_EVENTS_INTEL_CSTATE=m
|
||||
CONFIG_PERF_EVENTS_AMD_POWER=m
|
||||
|
||||
##
|
||||
## file: arch/x86/kvm/Kconfig
|
||||
##
|
||||
|
@ -202,6 +211,11 @@ CONFIG_ACPI_APEI_MEMORY_FAILURE=y
|
|||
# CONFIG_ACPI_APEI_EINJ is not set
|
||||
# CONFIG_ACPI_APEI_ERST_DEBUG is not set
|
||||
|
||||
##
|
||||
## file: drivers/acpi/dptf/Kconfig
|
||||
##
|
||||
CONFIG_DPTF_POWER=m
|
||||
|
||||
##
|
||||
## file: drivers/ata/Kconfig
|
||||
##
|
||||
|
@ -820,6 +834,7 @@ CONFIG_ISDN_DIVAS_MAINT=m
|
|||
## file: drivers/leds/Kconfig
|
||||
##
|
||||
CONFIG_LEDS_CLEVO_MAIL=m
|
||||
CONFIG_LEDS_DELL_NETBOOKS=m
|
||||
CONFIG_LEDS_MENF21BMC=m
|
||||
|
||||
##
|
||||
|
@ -1317,6 +1332,7 @@ CONFIG_ACER_WMI=m
|
|||
CONFIG_ACERHDF=m
|
||||
CONFIG_ALIENWARE_WMI=m
|
||||
CONFIG_ASUS_LAPTOP=m
|
||||
CONFIG_DELL_SMBIOS=m
|
||||
CONFIG_DELL_LAPTOP=m
|
||||
CONFIG_DELL_WMI=m
|
||||
CONFIG_DELL_WMI_AIO=m
|
||||
|
@ -1355,6 +1371,7 @@ CONFIG_ACPI_TOSHIBA=m
|
|||
CONFIG_TOSHIBA_BT_RFKILL=m
|
||||
CONFIG_TOSHIBA_HAPS=m
|
||||
CONFIG_ACPI_CMPC=m
|
||||
CONFIG_INTEL_VBTN=m
|
||||
CONFIG_INTEL_IPS=m
|
||||
CONFIG_IBM_RTL=m
|
||||
CONFIG_SAMSUNG_LAPTOP=m
|
||||
|
|
65
debian/patches/bugfix/all/kvm-nVMX-Allow-L1-to-intercept-software-exceptions-B.patch
vendored
Normal file
65
debian/patches/bugfix/all/kvm-nVMX-Allow-L1-to-intercept-software-exceptions-B.patch
vendored
Normal file
|
@ -0,0 +1,65 @@
|
|||
From: Jim Mattson <jmattson@google.com>
|
||||
Date: Mon, 12 Dec 2016 11:01:37 -0800
|
||||
Subject: kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)
|
||||
Origin: https://git.kernel.org/linus/ef85b67385436ddc1998f45f1d6a210f935b3388
|
||||
|
||||
When L2 exits to L0 due to "exception or NMI", software exceptions
|
||||
(#BP and #OF) for which L1 has requested an intercept should be
|
||||
handled by L1 rather than L0. Previously, only hardware exceptions
|
||||
were forwarded to L1.
|
||||
|
||||
Signed-off-by: Jim Mattson <jmattson@google.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/vmx.c | 11 +++++------
|
||||
1 file changed, 5 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
|
||||
index c41d7ffdda5a..24db5fb6f575 100644
|
||||
--- a/arch/x86/kvm/vmx.c
|
||||
+++ b/arch/x86/kvm/vmx.c
|
||||
@@ -1389,10 +1389,10 @@ static inline bool nested_cpu_has_posted_intr(struct vmcs12 *vmcs12)
|
||||
return vmcs12->pin_based_vm_exec_control & PIN_BASED_POSTED_INTR;
|
||||
}
|
||||
|
||||
-static inline bool is_exception(u32 intr_info)
|
||||
+static inline bool is_nmi(u32 intr_info)
|
||||
{
|
||||
return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VALID_MASK))
|
||||
- == (INTR_TYPE_HARD_EXCEPTION | INTR_INFO_VALID_MASK);
|
||||
+ == (INTR_TYPE_NMI_INTR | INTR_INFO_VALID_MASK);
|
||||
}
|
||||
|
||||
static void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 exit_reason,
|
||||
@@ -5728,7 +5728,7 @@ static int handle_exception(struct kvm_vcpu *vcpu)
|
||||
if (is_machine_check(intr_info))
|
||||
return handle_machine_check(vcpu);
|
||||
|
||||
- if ((intr_info & INTR_INFO_INTR_TYPE_MASK) == INTR_TYPE_NMI_INTR)
|
||||
+ if (is_nmi(intr_info))
|
||||
return 1; /* already handled by vmx_vcpu_run() */
|
||||
|
||||
if (is_no_device(intr_info)) {
|
||||
@@ -8170,7 +8170,7 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu)
|
||||
|
||||
switch (exit_reason) {
|
||||
case EXIT_REASON_EXCEPTION_NMI:
|
||||
- if (!is_exception(intr_info))
|
||||
+ if (is_nmi(intr_info))
|
||||
return false;
|
||||
else if (is_page_fault(intr_info))
|
||||
return enable_ept;
|
||||
@@ -8765,8 +8765,7 @@ static void vmx_complete_atomic_exit(struct vcpu_vmx *vmx)
|
||||
kvm_machine_check();
|
||||
|
||||
/* We need to handle NMIs before interrupts are enabled */
|
||||
- if ((exit_intr_info & INTR_INFO_INTR_TYPE_MASK) == INTR_TYPE_NMI_INTR &&
|
||||
- (exit_intr_info & INTR_INFO_VALID_MASK)) {
|
||||
+ if (is_nmi(exit_intr_info)) {
|
||||
kvm_before_handle_nmi(&vmx->vcpu);
|
||||
asm("int $2");
|
||||
kvm_after_handle_nmi(&vmx->vcpu);
|
||||
--
|
||||
2.11.0
|
||||
|
48
debian/patches/bugfix/all/sg_write-bsg_write-is-not-fit-to-be-called-under-KER.patch
vendored
Normal file
48
debian/patches/bugfix/all/sg_write-bsg_write-is-not-fit-to-be-called-under-KER.patch
vendored
Normal file
|
@ -0,0 +1,48 @@
|
|||
From: Al Viro <viro@zeniv.linux.org.uk>
|
||||
Date: Fri, 16 Dec 2016 13:42:06 -0500
|
||||
Subject: sg_write()/bsg_write() is not fit to be called under KERNEL_DS
|
||||
Origin: https://git.kernel.org/linus/128394eff343fc6d2f32172f03e24829539c5835
|
||||
|
||||
Both damn things interpret userland pointers embedded into the payload;
|
||||
worse, they are actually traversing those. Leaving aside the bad
|
||||
API design, this is very much _not_ safe to call with KERNEL_DS.
|
||||
Bail out early if that happens.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
||||
---
|
||||
block/bsg.c | 3 +++
|
||||
drivers/scsi/sg.c | 3 +++
|
||||
2 files changed, 6 insertions(+)
|
||||
|
||||
diff --git a/block/bsg.c b/block/bsg.c
|
||||
index 8a05a404ae70..a57046de2f07 100644
|
||||
--- a/block/bsg.c
|
||||
+++ b/block/bsg.c
|
||||
@@ -655,6 +655,9 @@ bsg_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos)
|
||||
|
||||
dprintk("%s: write %Zd bytes\n", bd->name, count);
|
||||
|
||||
+ if (unlikely(segment_eq(get_fs(), KERNEL_DS)))
|
||||
+ return -EINVAL;
|
||||
+
|
||||
bsg_set_block(bd, file);
|
||||
|
||||
bytes_written = 0;
|
||||
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
|
||||
index 070332eb41f3..dbe5b4b95df0 100644
|
||||
--- a/drivers/scsi/sg.c
|
||||
+++ b/drivers/scsi/sg.c
|
||||
@@ -581,6 +581,9 @@ sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos)
|
||||
sg_io_hdr_t *hp;
|
||||
unsigned char cmnd[SG_MAX_CDB_SIZE];
|
||||
|
||||
+ if (unlikely(segment_eq(get_fs(), KERNEL_DS)))
|
||||
+ return -EINVAL;
|
||||
+
|
||||
if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
|
||||
return -ENXIO;
|
||||
SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp,
|
||||
--
|
||||
2.11.0
|
||||
|
69
debian/patches/bugfix/powerpc/powerpc-boot-request-no-dynamic-linker-for-boot-wrap.patch
vendored
Normal file
69
debian/patches/bugfix/powerpc/powerpc-boot-request-no-dynamic-linker-for-boot-wrap.patch
vendored
Normal file
|
@ -0,0 +1,69 @@
|
|||
From: Nicholas Piggin <npiggin@gmail.com>
|
||||
Date: Mon, 28 Nov 2016 12:42:26 +1100
|
||||
Subject: powerpc/boot: Request no dynamic linker for boot wrapper
|
||||
Origin: https://git.kernel.org/linus/ff45000fcb56b5b0f1a14a865d3541746d838a0a
|
||||
Bug-Debian: https://bugs.debian.org/848851
|
||||
|
||||
The boot wrapper performs its own relocations and does not require
|
||||
PT_INTERP segment. However currently we don't tell the linker that.
|
||||
|
||||
Prior to binutils 2.28 that works OK. But since binutils commit
|
||||
1a9ccd70f9a7 ("Fix the linker so that it will not silently generate ELF
|
||||
binaries with invalid program headers. Fix readelf to report such
|
||||
invalid binaries.") binutils tries to create a program header segment
|
||||
due to PT_INTERP, and the link fails because there is no space for it:
|
||||
|
||||
ld: arch/powerpc/boot/zImage.pseries: Not enough room for program headers, try linking with -N
|
||||
ld: final link failed: Bad value
|
||||
|
||||
So tell the linker not to do that, by passing --no-dynamic-linker.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Reported-by: Anton Blanchard <anton@samba.org>
|
||||
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
|
||||
[mpe: Drop dependency on ld-version.sh and massage change log]
|
||||
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
|
||||
---
|
||||
arch/powerpc/boot/wrapper | 24 +++++++++++++++++++++++-
|
||||
1 file changed, 23 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/arch/powerpc/boot/wrapper
|
||||
+++ b/arch/powerpc/boot/wrapper
|
||||
@@ -181,6 +181,28 @@ case "$elfformat" in
|
||||
elf32-powerpc) format=elf32ppc ;;
|
||||
esac
|
||||
|
||||
+ld_version()
|
||||
+{
|
||||
+ # Poached from scripts/ld-version.sh, but we don't want to call that because
|
||||
+ # this script (wrapper) is distributed separately from the kernel source.
|
||||
+ # Extract linker version number from stdin and turn into single number.
|
||||
+ awk '{
|
||||
+ gsub(".*\\)", "");
|
||||
+ gsub(".*version ", "");
|
||||
+ gsub("-.*", "");
|
||||
+ split($1,a, ".");
|
||||
+ print a[1]*100000000 + a[2]*1000000 + a[3]*10000;
|
||||
+ exit
|
||||
+ }'
|
||||
+}
|
||||
+
|
||||
+# Do not include PT_INTERP segment when linking pie. Non-pie linking
|
||||
+# just ignores this option.
|
||||
+LD_VERSION=$(${CROSS}ld --version | ld_version)
|
||||
+LD_NO_DL_MIN_VERSION=$(echo 2.26 | ld_version)
|
||||
+if [ "$LD_VERSION" -ge "$LD_NO_DL_MIN_VERSION" ] ; then
|
||||
+ nodl="--no-dynamic-linker"
|
||||
+fi
|
||||
|
||||
platformo=$object/"$platform".o
|
||||
lds=$object/zImage.lds
|
||||
@@ -446,7 +468,7 @@ if [ "$platform" != "miboot" ]; then
|
||||
text_start="-Ttext $link_address"
|
||||
fi
|
||||
#link everything
|
||||
- ${CROSS}ld -m $format -T $lds $text_start $pie -o "$ofile" \
|
||||
+ ${CROSS}ld -m $format -T $lds $text_start $pie $nodl -o "$ofile" \
|
||||
$platformo $tmp $object/wrapper.a
|
||||
rm $tmp
|
||||
fi
|
|
@ -47,6 +47,7 @@ debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch
|
|||
|
||||
# Arch bug fixes
|
||||
bugfix/arm64/arm64-mm-limit-task_size_64-for-compatibility.patch
|
||||
bugfix/powerpc/powerpc-boot-request-no-dynamic-linker-for-boot-wrap.patch
|
||||
|
||||
# Arch features
|
||||
features/mips/MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch
|
||||
|
@ -105,6 +106,8 @@ bugfix/x86/x86-kbuild-enable-modversions-for-symbols-exported-f.patch
|
|||
bugfix/powerpc/powerpc-remove-mac-on-linux-hooks.patch
|
||||
bugfix/powerpc/powerpc-fix-missing-crcs-add-yet-more-asm-prototypes.patch
|
||||
bugfix/all/module-disable-matching-missing-version-crc.patch
|
||||
bugfix/all/sg_write-bsg_write-is-not-fit-to-be-called-under-KER.patch
|
||||
bugfix/all/kvm-nVMX-Allow-L1-to-intercept-software-exceptions-B.patch
|
||||
|
||||
# ABI maintenance
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Section: kernel
|
||||
Priority: optional
|
||||
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
|
||||
Uploaders: Bastian Blank <waldi@debian.org>, maximilian attems <maks@debian.org>, Ben Hutchings <ben@decadent.org.uk>
|
||||
Uploaders: Bastian Blank <waldi@debian.org>, maximilian attems <maks@debian.org>, Ben Hutchings <ben@decadent.org.uk>, Salvatore Bonaccorso <carnil@debian.org>
|
||||
Standards-Version: 3.9.8
|
||||
Build-Depends:
|
||||
debhelper (>= 10.1~),
|
||||
|
@ -26,7 +26,7 @@ Build-Depends:
|
|||
# not have M-A: allowed but need unqualified name for newer versions
|
||||
openssl (>= 1.1.0-1~) <!stage1> | openssl:native <!stage1>,
|
||||
# used by upstream to build perf documentation
|
||||
asciidoc <!stage1 !nodoc !pkg.linux.notools>,
|
||||
asciidoc-base <!stage1 !nodoc !pkg.linux.notools> | asciidoc <!stage1 !nodoc !pkg.linux.notools>,
|
||||
xmlto <!stage1 !nodoc !pkg.linux.notools>,
|
||||
# used by upstream to build perf
|
||||
bison <!stage1 !pkg.linux.notools !nopython>,
|
||||
|
|
Loading…
Reference in New Issue