debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

Update to 4.9.6 

Drop patches which are included in it.
This commit is contained in:
Ben Hutchings 2017-01-26 19:24:33 +00:00
parent b5cdf98158
commit a873a1d79d
5 changed files with 95 additions and 298 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
debian/changelog vendored
View File

@ -1,4 +1,4 @@
linux (4.9.5-1) UNRELEASED; urgency=medium
linux (4.9.6-1) UNRELEASED; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.3
@ -344,6 +344,100 @@ linux (4.9.5-1) UNRELEASED; urgency=medium
- [arm64] hugetlb: remove the wrong pmd check in find_num_contig()
- [arm64] hugetlb: fix the wrong return value for
huge_ptep_set_access_flags
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6
- IB/core: Release allocated memory in cache setup failure
- IB/rxe: Increase max number of completions to 32k
- IB/rxe: avoid putting a large struct rxe_qp on stack
- IB/mlx5: Avoid system crash when enabling many VFs
- IB/mlx5: Fix reported max SGE calculation
- IB/mlx5: Assign SRQ type earlier
- IB/mlx5: Wait for all async command completions to complete
- IB/mlx4: Set traffic class in AH
- IB/mlx4: Fix out-of-range array index in destroy qp flow
- IB/mlx4: Handle well-known-gid in mad_demux processing
- IB/mlx4: Fix port query for 56Gb Ethernet links
- IB/mlx4: When no DMFS for IPoIB, don't allow NET_IF QPs
- IB/mlx4: Check if GRH is available before using it
- IB/IPoIB: Remove can't use GFP_NOIO warning
- perf trace: Use the syscall raw_syscalls:sys_enter timestamp
- perf mem: Fix --all-user/--all-kernel options
- perf trace: Check if MAP_32BIT is defined (again)
- perf diff: Do not overwrite valid build id
- perf callchain: Fixup help/config for no-unwinding
- perf scripting: Avoid leaking the scripting_context variable
- perf jit: Enable jitdump support without dwarf
- [armhf] dts: bcm283x: fix typo in mailbox address
- [armhf] dts: imx6q-cm-fx6: fix fec pinctrl
- [armhf] dts: omap3: Add DTS for Logic PD SOM-LV 37xx Dev Kit
- tmpfs: clear S_ISGID when setting posix ACLs (CVE-2017-5551)
- [x86] PCI: Ignore _CRS on Supermicro X8DTH-i/6/iF/6F
- rcu: Narrow early boot window of illegal synchronous grace periods
- sunrpc: don't call sleeping functions from the notifier block callbacks
- svcrpc: don't leak contexts on PROC_DESTROY
- libnvdimm, namespace: fix pmem namespace leak, delete when size set to
zero
- fuse: clear FR_PENDING flag when moving requests out of pending queue
- fuse: fix time_to_jiffies nsec sanity check
- PCI: Enumerate switches below PCI-to-PCIe bridges
- HID: corsair: fix DMA buffers on stack (CVE-2017-5547)
- HID: corsair: fix control-transfer error handling
- mmc: sdhci-acpi: Only powered up enabled acpi child devices
- ieee802154: atusb: do not use the stack for buffers to make them DMA able
(CVE-2017-5548)
- [s390x] KVM: do not expose random data via facility bitmap
- [armhf,arm64] KVM: vgic: Fix deadlock on error handling
- [powerpc*] icp-opal: Fix missing KVM case and harden replay
- [powerpc*] perf: Fix PM_BRU_CMPL event code for power9
- [powerpc*] ptrace: Preserve previous fprs/vsrs on short regset write
- [powerpc*] ptrace: Preserve previous TM fprs/vsrs on short regset write
- [powerpc*] Ignore reserved field in DCSR and PVR reads and writes
- [x86] ioapic: Restore IO-APIC irq_chip retrigger callback
- qla2xxx: Fix crash due to null pointer access
- mac80211: implement multicast forwarding on fast-RX path
- ubifs: Fix journal replay wrt. xattr nodes
- [armhf] clocksource/exynos_mct: Clear interrupt when cpu is shut down
- svcrdma: avoid duplicate dma unmapping during error recovery
- ceph: fix bad endianness handling in parse_reply_info_extra
- [armhf] dts: OMAP5 / DRA7: indicate that SATA port 0 is available.
- [arm64] avoid returning from bad_mode
- [arm64] ptrace: Preserve previous registers for short regset write
- [arm64] ptrace: Avoid uninitialised struct padding in fpr_set()
- [arm64] ptrace: Reject attempts to set incomplete hardware breakpoint
fields
- Input: ALPS - fix TrackStick support for SS5 hardware
- libceph: ceph_x_encrypt_buflen() takes in_len
- libceph: old_key in process_one_ticket() is redundant
- libceph: introduce ceph_x_encrypt_offset()
- libceph: introduce ceph_crypt() for in-place en/decryption
- libceph: rename and align ceph_x_authorizer::reply_buf
- libceph: tweak calcu_signature() a little
- libceph: switch ceph_x_encrypt() to ceph_crypt()
- libceph: switch ceph_x_decrypt() to ceph_crypt()
- libceph: remove now unused ceph_*{en,de}crypt*() functions
- [armhf] dts: Add an empty chosen node to top level DTSI
- [armel,armhf] 8613/1: Fix the uaccess crash on PB11MPCore
- ceph: fix scheduler warning due to nested blocking
- ceph: fix ceph_get_caps() interruption
- ceph: fix endianness of getattr mask in ceph_d_revalidate
- ceph: fix endianness bug in frag_tree_split_cmp
- libceph: make sure ceph_aes_crypt() IV is aligned
- xprtrdma: Make FRWR send queue entry accounting more accurate
- xprtrdma: Squelch "max send, max recv" messages at connect time
- [arm64] mm: avoid name clash in __page_to_voff()
- [arm64] Fix swiotlb fallback allocation
- swiotlb: Convert swiotlb_force from int to enum
- swiotlb: Add swiotlb=noforce debug option
- scsi: ses: Fix SAS device detection in enclosure
- scsi: mpt3sas: fix hang on ata passthrough commands
- [armhf] PM / devfreq: exynos-bus: Fix the wrong return value
- PM / devfreq: Fix the bug of devfreq_add_device when governor is NULL
- mtd: spi-nor: Off by one in cqspi_setup_flash()
- mtd: spi-nor: Fix some error codes in cqspi_setup_flash()
- [x86] ite-cir: initialize use_demodulator before using it
- [armhf] dmaengine: pl330: Fix runtime PM support for terminated transfers
- [armhf] soc: ti: wkup_m3_ipc: Fix error return code in wkup_m3_ipc_probe()
- libceph: uninline ceph_crypto_key_destroy()
- libceph: stop allocating a new cipher on every crypto request
[ Ben Hutchings ]
* [armel,armhf,s390x,x86] linux-headers: Fix regression of multilib compiler
@ -365,12 +459,6 @@ linux (4.9.5-1) UNRELEASED; urgency=medium
* fs: Disable LOGFS, as it is unmaintained and will be removed in 4.10
* [rt] genpatch.py: Verify tag and tarball signatures
[ Salvatore Bonaccorso ]
* tmpfs: clear S_ISGID when setting posix ACLs (CVE-2017-5551)
* HID: corsair: fix DMA buffers on stack (CVE-2017-5547)
* ieee802154: atusb: do not use the stack for buffers to make them DMA able
(CVE-2017-5548)
[ Roger Shimizu ]
* [armel] Add DT support of Buffalo Linkstation Live v3 (LS-CHL)
* drivers/input: Enable TOUCHSCREEN_GOODIX as module (Closes: #851821).

144
debian/patches/bugfix/all/HID-corsair-fix-DMA-buffers-on-stack.patch vendored
View File

@ -1,144 +0,0 @@
From: Johan Hovold <johan@kernel.org>
Date: Thu, 12 Jan 2017 18:17:42 +0100
Subject: HID: corsair: fix DMA buffers on stack
Origin: https://git.kernel.org/linus/6d104af38b570d37aa32a5803b04c354f8ed513d
Not all platforms support DMA to the stack, and specifically since v4.9
this is no longer supported on x86 with VMAP_STACK either.
Note that the macro-mode buffer was larger than necessary.
Fixes: 6f78193ee9ea ("HID: corsair: Add Corsair Vengeance K90 driver")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
---
drivers/hid/hid-corsair.c | 54 ++++++++++++++++++++++++++++++++++++-----------
1 file changed, 42 insertions(+), 12 deletions(-)
diff --git a/drivers/hid/hid-corsair.c b/drivers/hid/hid-corsair.c
index 717704e..5971907 100644
--- a/drivers/hid/hid-corsair.c
+++ b/drivers/hid/hid-corsair.c
@@ -148,7 +148,11 @@ static enum led_brightness k90_backlight_get(struct led_classdev *led_cdev)
struct usb_interface *usbif = to_usb_interface(dev->parent);
struct usb_device *usbdev = interface_to_usbdev(usbif);
int brightness;
- char data[8];
+ char *data;
+
+ data = kmalloc(8, GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0),
K90_REQUEST_STATUS,
@@ -158,16 +162,22 @@ static enum led_brightness k90_backlight_get(struct led_classdev *led_cdev)
if (ret < 0) {
dev_warn(dev, "Failed to get K90 initial state (error %d).\n",
ret);
- return -EIO;
+ ret = -EIO;
+ goto out;
}
brightness = data[4];
if (brightness < 0 || brightness > 3) {
dev_warn(dev,
"Read invalid backlight brightness: %02hhx.\n",
data[4]);
- return -EIO;
+ ret = -EIO;
+ goto out;
}
- return brightness;
+ ret = brightness;
+out:
+ kfree(data);
+
+ return ret;
}
static enum led_brightness k90_record_led_get(struct led_classdev *led_cdev)
@@ -253,7 +263,11 @@ static ssize_t k90_show_macro_mode(struct device *dev,
struct usb_interface *usbif = to_usb_interface(dev->parent);
struct usb_device *usbdev = interface_to_usbdev(usbif);
const char *macro_mode;
- char data[8];
+ char *data;
+
+ data = kmalloc(2, GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0),
K90_REQUEST_GET_MODE,
@@ -263,7 +277,8 @@ static ssize_t k90_show_macro_mode(struct device *dev,
if (ret < 0) {
dev_warn(dev, "Failed to get K90 initial mode (error %d).\n",
ret);
- return -EIO;
+ ret = -EIO;
+ goto out;
}
switch (data[0]) {
@@ -277,10 +292,15 @@ static ssize_t k90_show_macro_mode(struct device *dev,
default:
dev_warn(dev, "K90 in unknown mode: %02hhx.\n",
data[0]);
- return -EIO;
+ ret = -EIO;
+ goto out;
}
- return snprintf(buf, PAGE_SIZE, "%s\n", macro_mode);
+ ret = snprintf(buf, PAGE_SIZE, "%s\n", macro_mode);
+out:
+ kfree(data);
+
+ return ret;
}
static ssize_t k90_store_macro_mode(struct device *dev,
@@ -320,7 +340,11 @@ static ssize_t k90_show_current_profile(struct device *dev,
struct usb_interface *usbif = to_usb_interface(dev->parent);
struct usb_device *usbdev = interface_to_usbdev(usbif);
int current_profile;
- char data[8];
+ char *data;
+
+ data = kmalloc(8, GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0),
K90_REQUEST_STATUS,
@@ -330,16 +354,22 @@ static ssize_t k90_show_current_profile(struct device *dev,
if (ret < 0) {
dev_warn(dev, "Failed to get K90 initial state (error %d).\n",
ret);
- return -EIO;
+ ret = -EIO;
+ goto out;
}
current_profile = data[7];
if (current_profile < 1 || current_profile > 3) {
dev_warn(dev, "Read invalid current profile: %02hhx.\n",
data[7]);
- return -EIO;
+ ret = -EIO;
+ goto out;
}
- return snprintf(buf, PAGE_SIZE, "%d\n", current_profile);
+ ret = snprintf(buf, PAGE_SIZE, "%d\n", current_profile);
+out:
+ kfree(data);
+
+ return ret;
}
static ssize_t k90_store_current_profile(struct device *dev,
--
2.1.4

99
debian/patches/bugfix/all/ieee802154-atusb-do-not-use-the-stack-for-buffers-to.patch vendored
View File

@ -1,99 +0,0 @@
From: Stefan Schmidt <stefan@osg.samsung.com>
Date: Thu, 15 Dec 2016 18:40:14 +0100
Subject: ieee802154: atusb: do not use the stack for buffers to make them DMA
able
Origin: https://git.kernel.org/linus/05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655
From 4.9 we should really avoid using the stack here as this will not be DMA
able on various platforms. This changes the buffers already being present in
time of 4.9 being released. This should go into stable as well.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Stefan Schmidt <stefan@osg.samsung.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---
drivers/net/ieee802154/atusb.c | 31 +++++++++++++++++++++++++++----
1 file changed, 27 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ieee802154/atusb.c b/drivers/net/ieee802154/atusb.c
index 1253f86..fa3e8c3 100644
--- a/drivers/net/ieee802154/atusb.c
+++ b/drivers/net/ieee802154/atusb.c
@@ -117,13 +117,26 @@ static int atusb_read_reg(struct atusb *atusb, uint8_t reg)
{
struct usb_device *usb_dev = atusb->usb_dev;
int ret;
+ uint8_t *buffer;
uint8_t value;
+ buffer = kmalloc(1, GFP_KERNEL);
+ if (!buffer)
+ return -ENOMEM;
+
dev_dbg(&usb_dev->dev, "atusb: reg = 0x%x\n", reg);
ret = atusb_control_msg(atusb, usb_rcvctrlpipe(usb_dev, 0),
ATUSB_REG_READ, ATUSB_REQ_FROM_DEV,
- 0, reg, &value, 1, 1000);
- return ret >= 0 ? value : ret;
+ 0, reg, buffer, 1, 1000);
+
+ if (ret >= 0) {
+ value = buffer[0];
+ kfree(buffer);
+ return value;
+ } else {
+ kfree(buffer);
+ return ret;
+ }
}
static int atusb_write_subreg(struct atusb *atusb, uint8_t reg, uint8_t mask,
@@ -608,9 +621,13 @@ static const struct ieee802154_ops atusb_ops = {
static int atusb_get_and_show_revision(struct atusb *atusb)
{
struct usb_device *usb_dev = atusb->usb_dev;
- unsigned char buffer[3];
+ unsigned char *buffer;
int ret;
+ buffer = kmalloc(3, GFP_KERNEL);
+ if (!buffer)
+ return -ENOMEM;
+
/* Get a couple of the ATMega Firmware values */
ret = atusb_control_msg(atusb, usb_rcvctrlpipe(usb_dev, 0),
ATUSB_ID, ATUSB_REQ_FROM_DEV, 0, 0,
@@ -631,15 +648,20 @@ static int atusb_get_and_show_revision(struct atusb *atusb)
dev_info(&usb_dev->dev, "Please update to version 0.2 or newer");
}
+ kfree(buffer);
return ret;
}
static int atusb_get_and_show_build(struct atusb *atusb)
{
struct usb_device *usb_dev = atusb->usb_dev;
- char build[ATUSB_BUILD_SIZE + 1];
+ char *build;
int ret;
+ build = kmalloc(ATUSB_BUILD_SIZE + 1, GFP_KERNEL);
+ if (!build)
+ return -ENOMEM;
+
ret = atusb_control_msg(atusb, usb_rcvctrlpipe(usb_dev, 0),
ATUSB_BUILD, ATUSB_REQ_FROM_DEV, 0, 0,
build, ATUSB_BUILD_SIZE, 1000);
@@ -648,6 +670,7 @@ static int atusb_get_and_show_build(struct atusb *atusb)
dev_info(&usb_dev->dev, "Firmware: build %s\n", build);
}
+ kfree(build);
return ret;
}
--
2.1.4

45
debian/patches/bugfix/all/tmpfs-clear-S_ISGID-when-setting-posix-ACLs.patch vendored
View File

@ -1,45 +0,0 @@
From: Gu Zheng <guzheng1@huawei.com>
Date: Mon, 9 Jan 2017 09:34:48 +0800
Subject: tmpfs: clear S_ISGID when setting posix ACLs
Origin: https://git.kernel.org/linus/497de07d89c1410d76a15bec2bb41f24a2a89f31
This change was missed the tmpfs modification in In CVE-2016-7097
commit 073931017b49 ("posix_acl: Clear SGID bit when setting
file permissions")
It can test by xfstest generic/375, which failed to clear
setgid bit in the following test case on tmpfs:
touch $testfile
chown 100:100 $testfile
chmod 2755 $testfile
_runas -u 100 -g 101 -- setfacl -m u::rwx,g::rwx,o::rwx $testfile
Signed-off-by: Gu Zheng <guzheng1@huawei.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
fs/posix_acl.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/fs/posix_acl.c b/fs/posix_acl.c
index 5955220..c9d48dc 100644
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -922,11 +922,10 @@ int simple_set_acl(struct inode *inode, struct posix_acl *acl, int type)
int error;
if (type == ACL_TYPE_ACCESS) {
- error = posix_acl_equiv_mode(acl, &inode->i_mode);
- if (error < 0)
- return 0;
- if (error == 0)
- acl = NULL;
+ error = posix_acl_update_mode(inode,
+ &inode->i_mode, &acl);
+ if (error)
+ return error;
}
inode->i_ctime = current_time(inode);
--
2.1.4

3
debian/patches/series vendored
View File

@ -99,9 +99,6 @@ features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.pa
# Security fixes
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/all/tmpfs-clear-S_ISGID-when-setting-posix-ACLs.patch
bugfix/all/HID-corsair-fix-DMA-buffers-on-stack.patch
bugfix/all/ieee802154-atusb-do-not-use-the-stack-for-buffers-to.patch
# Fix exported symbol versions
bugfix/ia64/revert-ia64-move-exports-to-definitions.patch