[kernel] r22261 - in dists/sid/linux/debian: . config patches patches/bugfix/all patches/bugfix/s390 patches/bugfix/x86 patches/debian patches/features/x86
Ben Hutchings
benh at moszumanska.debian.org
Fri Jan 16 00:04:09 UTC 2015
Author: benh
Date: Fri Jan 16 00:04:09 2015
New Revision: 22261
Log:
Update to 3.16.7-ckt4
- Drop various patches that were applied upstream
- Refresh "add sysctl to disallow unprivileged CLONE_NEWUSER by default"
- Fix/ignore ABI changes as appropriate
- Explicitly disable the new CONFIG_IWLWIFI_UAPSD symbol
Added:
dists/sid/linux/debian/patches/debian/userns-fix-abi-change-in-3.16.7-ckt4.patch
Deleted:
dists/sid/linux/debian/patches/bugfix/all/batman-adv-calculate-extra-tail-size-based-on-queued.patch
dists/sid/linux/debian/patches/bugfix/all/deal-with-deadlock-in-d_walk.patch
dists/sid/linux/debian/patches/bugfix/all/isofs-fix-infinite-looping-over-ce-entries.patch
dists/sid/linux/debian/patches/bugfix/all/isofs-fix-unchecked-printing-of-er-records.patch
dists/sid/linux/debian/patches/bugfix/all/keys-close-race-between-key-lookup-and-freeing.patch
dists/sid/linux/debian/patches/bugfix/all/move-d_rcu-from-overlapping-d_child-to-overlapping-d.patch
dists/sid/linux/debian/patches/bugfix/s390/s390-3215-fix-hanging-console-issue.patch
dists/sid/linux/debian/patches/bugfix/s390/s390-3215-fix-tty-output-containing-tabs.patch
dists/sid/linux/debian/patches/bugfix/x86/x86-kvm-clear-paravirt_enabled-on-kvm-guests-for-esp.patch
dists/sid/linux/debian/patches/bugfix/x86/x86-tls-validate-tls-entries-to-protect-espfix.patch
dists/sid/linux/debian/patches/bugfix/x86/x86_64-switch_to-load-tls-descriptors-before-switchi.patch
dists/sid/linux/debian/patches/features/x86/platform-chrome-chromeos_laptop-add-support-for-acer.patch
Modified:
dists/sid/linux/debian/changelog
dists/sid/linux/debian/config/config
dists/sid/linux/debian/config/defines
dists/sid/linux/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
dists/sid/linux/debian/patches/series
Modified: dists/sid/linux/debian/changelog
==============================================================================
--- dists/sid/linux/debian/changelog Wed Jan 14 12:43:36 2015 (r22260)
+++ dists/sid/linux/debian/changelog Fri Jan 16 00:04:09 2015 (r22261)
@@ -1,4 +1,4 @@
-linux (3.16.7-ckt3-1) UNRELEASED; urgency=medium
+linux (3.16.7-ckt4-1) UNRELEASED; urgency=medium
* New upstream stable update:
http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt3
@@ -83,6 +83,159 @@
- bond: Check length of IFLA_BOND_ARP_IP_TARGET attributes
- gre: Set inner mac header in gro complete (regression in 3.16.7-ckt1)
- [mips*] bpf: Fix broken BPF_MOD
+ http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt4
+ - [x86] drm/i915: don't warn if backlight unexpectedly enabled
+ (Closes: #757805)
+ - [x86] drm/i915/dp: only use training pattern 3 on platforms that
+ support it (regression in 3.15)
+ - btrfs: don't go readonly on existing qgroup items
+ - writeback: fix a subtle race condition in I_DIRTY clearing
+ - [s390*] KVM: flush CPU on load control
+ - UBI: Fix double free after do_sync_erase()
+ - [x86] Drivers: hv: util: make struct hv_do_fcopy match Hyper-V host
+ messages (regression for amd64 in 3.16.7)
+ - Drivers: hv: vmbus: Fix a race condition when unregistering a device
+ - misc: genwqe: check for error from get_user_pages_fast()
+ - drbd: merge_bvec_fn: properly remap bvm->bi_bdev
+ - PCI: Restore detection of read-only BARs
+ - scsi: correct return values for .eh_abort_handler implementations
+ - genhd: check for int overflow in disk_expand_part_tbl()
+ - Btrfs: make sure we wait on logged extents when fsycning two subvols
+ - Btrfs: make sure logged extents complete in the current transaction V3
+ - Btrfs: do not move em to modified list when unpinning
+ - [armhf] mvebu: disable I/O coherency on non-SMP situations on
+ Armada 370/375/38x/XP
+ - nfs41: fix nfs4_proc_layoutget error handling
+ - USB: cdc-acm: check for valid interfaces
+ - HID: i2c-hid: fix race condition reading reports
+ - [armhf] mfd: twl4030-power: Fix regression with missing compatible flag
+ (regression in 3.16)
+ - [armhf] serial: samsung: wait for transfer completion before clock
+ disable
+ - n_tty: Fix read_buf race condition, increment read_head after pushing
+ data (regression in 3.12)
+ - dm cache: only use overwrite optimisation for promotion when in
+ writeback mode
+ - dm cache: dirty flag was mistakenly being cleared when promoting via
+ overwrite
+ - dm bufio: fix memleak when using a dm_buffer's inline bio
+ - iwlwifi: dvm: fix flush support for old firmware (regression in
+ 3.16.7-ckt1)
+ - iwlwifi: mvm: update values for Smart Fifo (regression in 3.14)
+ - iommu/vt-d: Fix an off-by-one bug in __domain_mapping()
+ - dm crypt: use memzero_explicit for on-stack buffer
+ - mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by
+ mount (regression in 3.16.3)
+ - umount: Disallow unprivileged mount force
+ - md/raid5: fetch_block must fetch all the blocks handle_stripe_dirtying
+ wants.
+ - [x86] drm/i915: Only warn the first time we attempt to mmio whilst
+ suspended (regression in 3.15)
+ - drm/vmwgfx: Fix error printout on signals pending
+ - drm/radeon: check the right ring in radeon_evict_flags()
+ - swiotlb-xen: pass dev_addr to xen_dma_unmap_page and
+ xen_dma_sync_single_for_cpu
+ - [armhf/armmp] swiotlb-xen: remove BUG_ON in xen_bus_to_phys
+ - swiotlb-xen: call xen_dma_sync_single_for_device when appropriate
+ - swiotlb-xen: pass dev_addr to swiotlb_tbl_unmap_single
+ - [powerpc] book3s: Fix partial invalidation of TLBs in MCE code.
+ - [armhf] clocksource: arch_timer: Fix code to use physical timers when
+ requested (regression in 3.11)
+ - userns: Prevent evasion of group negative permissions through a userns
+ (CVE-2014-8989):
+ + Don't allow setgroups until a gid mapping has been setablished
+ + Don't allow unprivileged creation of gid mappings
+ + Add a knob to disable setgroups on a per user namespace basis
+ + Allow setting gid_maps without privilege when setgroups is disabled
+ - KEYS: Fix stale key registration at error path
+ - blk-mq: Fix a use-after-free
+ - blk-mq: Fix a race between bt_clear_tag() and bt_get()
+ - nfsd4: fix xdr4 count of server in fs_location4 (regression in 3.16)
+ - [x86] drm/i915: Don't complain about stolen conflicts on gen3
+ (regression in 3.12)
+ - [x86] kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit
+ (CVE-2014-8134)
+ - blk-mq: Fix uninitialized kobject at CPU hotplugging
+ - ncpfs: return proper error from NCP_IOC_SETROOT ioctl
+ - [armhf] rtc: omap: fix clock-source configuration (regression in 3.16)
+ - exit: pidns: alloc_pid() leaks pid_namespace if child_reaper is exiting
+ - [amd64] switch_to(): Load TLS descriptors before switching DS and ES
+ (CVE-2014-9419)
+ - [x86] KVM: nVMX: Disable unrestricted mode if ept=0 (regression in 3.13)
+ - [x86] KVM: em_ret_far overrides cpl (follow-up to CVE-2014-3647 fix)
+ - pstore-ram: Fix hangs by using write-combine mappings
+ - HID: i2c-hid: prevent buffer overflow in early IRQ
+ - mac80211: fix multicast LED blinking and counter (regression in
+ 3.16.7-ckt2)
+ - cfg80211: avoid mem leak on driver hint set
+ - nl80211: check matches array length before acessing it
+ - cfg80211: don't WARN about two consecutive Country IE hint
+ (regression in 3.14)
+ - tracing/sched: Check preempt_count() for current when reading task->state
+ (regression in 3.13)
+ - [x86] tls: Validate TLS entries to protect espfix (CVE-2014-8133)
+ - [x86] tls: Disallow unusual TLS segments
+ - isofs: Fix infinite looping over CE entries (CVE-2014-9420)
+ - mac80211: free management frame keys when removing station
+ - ceph: do_sync is never initialized (regression in 3.12)
+ - mnt: Fix a memory stomp in umount (regression in 3.14)
+ - ocfs2: fix journal commit deadlock
+ - md/bitmap: always wait for writes on unplug.
+ - [armhf] mmc: omap_hsmmc: Fix UHS card with DDR50 support (regression in
+ 3.16)
+ - [x86] mmc: sdhci-pci-o2micro: Fix Dell E5440 issue (regression in 3.14)
+ - dm space map metadata: fix sm_bootstrap_get_nr_blocks()
+ - dm thin: fix a race in thin_dtr
+ - eCryptfs: Force RO mount when encrypted view is enabled
+ - eCryptfs: Remove buggy and unnecessary write in file name decode routine
+ - tcm_loop: Fix wrong I_T nexus association
+ - Btrfs: fix fs corruption on transaction abort if device supports discard
+ - [x86] perf/intel/uncore: Make sure only uncore events are collected
+ - perf: Fix events installation during moving group
+ - iscsi,iser-target: Initiate termination only once (regression in 3.16.4)
+ - iser-target: Fix flush + disconnect completion handling
+ - iser-target: Parallelize CM connection establishment
+ - iser-target: Fix connected_handler + teardown flow race
+ - iser-target: Handle ADDR_CHANGE event for listener cm_id
+ - iser-target: Fix implicit termination of connections
+ - iser-target: Allocate PI contexts dynamically
+ - iser-target: Fix NULL dereference in SW mode DIF
+ - iscsi,iser-target: Expose supported protection ops according to t10_pi
+ - genirq: Prevent proc race against freeing of irq descriptors
+ - [powerpc] powernv: Switch off MMU before entering nap/sleep/rvwinkle mode
+ - [x86] storvsc: ring buffer failures may result in I/O freeze
+ - iscsi-target: Fail connection on short sendmsg writes
+ - [x86] drm/i915: Invalidate media caches on gen7
+ - [x86] drm/i915: Force the CS stall for invalidate flushes
+ - dm thin: fix inability to discard blocks when in out-of-data-space mode
+ - dm thin: fix missing out-of-data-space to write mode transition if blocks
+ are released
+ - dm: fix missed error code if .end_io isn't implemented by target_type
+ - [armhf] i2c: mv64xxx: rework offload support to fix several problems
+ (regression in 3.12)
+ - [x86] tls: Don't validate lm in set_thread_area() after all
+ - ALSA: usb-audio: extend KEF X300A FU 10 tweak to Arcam rPAC
+ - tick/powerclamp: Remove tick_nohz_idle abuse
+ - audit: don't attempt to lookup PIDs when changing PID filtering audit
+ rules (regression in 3.15)
+ - audit: use supplied gfp_mask from audit_buffer in
+ kauditd_send_multicast_skb (regression in 3.16)
+ - [arm64] kernel: fix __cpu_suspend mm switch on warm-boot
+ - audit: restore AUDIT_LOGINUID unset ABI (regression in 3.10)
+ - Btrfs: fix loop writing of async reclaim
+ - isofs: Fix unchecked printing of ER records (CVE-2014-9584)
+ - crypto: af_alg - fix backlog handling
+ - udf: Check path length when reading symlink
+ - udf: Verify i_size when loading inode
+ - udf: Verify symlink size before loading it
+ - udf: Check component length before reading it
+ - [x86] platform/chrome: chromeos_laptop - Add support for Acer C720
+ (Closes: #774209)
+ - batman-adv: Calculate extra tail size based on queued fragments
+ (Closes: #774155) (CVE-2014-9428)
+ - vfs: move d_rcu from overlapping d_child to overlapping d_alias
+ - vfs: deal with deadlock in d_walk() (CVE-2014-8559)
+ - KEYS: close race between key lookup and freeing (CVE-2014-9529)
[ Ben Hutchings ]
* [sh4] Build with gcc-4.8 (Closes: #772602)
@@ -93,13 +246,11 @@
* PCI: Fix ABI change in 3.16.7-ckt3
* Ignore some ABI changes that don't appear to affect OOT modules:
- Removal of __add_pages(), __remove_pages(), of_device_is_stdout_path(),
- clk_divider_ro_ops
+ clk_divider_ro_ops, tick_nohz_idle_enter, tick_nohz_idle_exit
- Changes to ASoC functions
* [arm64] Enable PSTORE as built-in and EFI_VARS_PSTORE as module;
ensure efivars and efi-pstore are loaded on EFI systems (Closes: #773309)
* hwmon: Enable SENSORS_NCT6683 as module (Closes: #774372)
- * [x86] platform/chrome: chromeos_laptop - Add support for Acer C720
- (Closes: #774209)
* udeb: Add i2c-designware-{core,platform} to i2c-modules and i2c-hid to
input-modules (Closes: #772578)
* [x86] ACPI / video: Run _BCL before deciding registering backlight
@@ -107,24 +258,13 @@
* [amd64] Enable EFI_MIXED to support Bay Trail systems
* efi: Expose underlying UEFI firmware platform size to userland, to
support installation on Bay Trail systems (Closes: #775191)
- * [x86] tls: Validate TLS entries to protect espfix (CVE-2014-8133)
- * [x86] kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit
- (CVE-2014-8134)
- * [amd64] switch_to(): Load TLS descriptors before switching DS and ES
- (CVE-2014-9419)
- * isofs: Fix infinite looping over CE entries (CVE-2014-9420)
- * batman-adv: Calculate extra tail size based on queued fragments
- (Closes: #774155) (CVE-2014-9428)
- * KEYS: close race between key lookup and freeing (CVE-2014-9529)
- * isofs: Fix unchecked printing of ER records (CVE-2014-9584)
- * vfs: Fix potential deadlock in dcache (CVE-2014-8559)
- - move d_rcu from overlapping d_child to overlapping d_alias
+ * vfs: Changes for compatibility with CVE-2014-8559 fix:
- aufs: move d_rcu from overlapping d_child to overlapping d_alias
- vfs: Avoid ABI change for dentry union changes
- - deal with deadlock in d_walk()
* [powerpc/powerpc{,-smp}] video/fb: Change FB_RADEON back to module
(Closes: #748398) (thanks to John Paul Adrian Glaubitz for thoroughly
testing this change)
+ * userns: Fix ABI change in 3.16.7-ckt4
[ Ian Campbell ]
* [armhf] Enable support for support OMAP5432 uEVM by enabling:
Modified: dists/sid/linux/debian/config/config
==============================================================================
--- dists/sid/linux/debian/config/config Wed Jan 14 12:43:36 2015 (r22260)
+++ dists/sid/linux/debian/config/config Fri Jan 16 00:04:09 2015 (r22261)
@@ -3051,6 +3051,7 @@
CONFIG_IWLDVM=m
CONFIG_IWLMVM=m
# CONFIG_IWLWIFI_BCAST_FILTERING is not set
+# CONFIG_IWLWIFI_UAPSD is not set
# CONFIG_IWLWIFI_DEBUG is not set
# CONFIG_IWLWIFI_DEVICE_TRACING is not set
Modified: dists/sid/linux/debian/config/defines
==============================================================================
--- dists/sid/linux/debian/config/defines Wed Jan 14 12:43:36 2015 (r22260)
+++ dists/sid/linux/debian/config/defines Fri Jan 16 00:04:09 2015 (r22261)
@@ -12,6 +12,8 @@
module:sound/soc/*
# Not needed by modules at all
clk_divider_ro_ops
+ tick_nohz_idle_enter
+ tick_nohz_idle_exit
[base]
arches:
Modified: dists/sid/linux/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
==============================================================================
--- dists/sid/linux/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch Wed Jan 14 12:43:36 2015 (r22260)
+++ dists/sid/linux/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch Fri Jan 16 00:04:09 2015 (r22261)
@@ -15,7 +15,7 @@
---
--- a/kernel/fork.c
+++ b/kernel/fork.c
-@@ -83,6 +83,11 @@
+@@ -86,6 +86,11 @@
#define CREATE_TRACE_POINTS
#include <trace/events/task.h>
@@ -27,7 +27,7 @@
/*
* Protected counters by write_lock_irq(&tasklist_lock)
-@@ -1144,6 +1149,10 @@ static struct task_struct *copy_process(
+@@ -1149,6 +1154,10 @@ static struct task_struct *copy_process(
if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
return ERR_PTR(-EINVAL);
@@ -38,7 +38,7 @@
/*
* Thread groups must share signals as well, and detached threads
* can only be started up within the thread group.
-@@ -1831,6 +1840,12 @@ SYSCALL_DEFINE1(unshare, unsigned long,
+@@ -1843,6 +1852,12 @@ SYSCALL_DEFINE1(unshare, unsigned long,
if (unshare_flags & CLONE_NEWNS)
unshare_flags |= CLONE_FS;
@@ -53,7 +53,7 @@
goto bad_unshare_out;
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
-@@ -104,6 +104,9 @@ extern int core_uses_pid;
+@@ -103,6 +103,9 @@ extern int core_uses_pid;
extern char core_pattern[];
extern unsigned int core_pipe_limit;
#endif
@@ -63,7 +63,7 @@
extern int pid_max;
extern int pid_max_min, pid_max_max;
extern int percpu_pagelist_fraction;
-@@ -482,6 +485,15 @@ static struct ctl_table kern_table[] = {
+@@ -489,6 +492,15 @@ static struct ctl_table kern_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec,
},
@@ -89,5 +89,5 @@
+int unprivileged_userns_clone;
+
static struct kmem_cache *user_ns_cachep __read_mostly;
+ static DEFINE_MUTEX(userns_state_mutex);
- static bool new_idmap_permitted(const struct file *file,
Added: dists/sid/linux/debian/patches/debian/userns-fix-abi-change-in-3.16.7-ckt4.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux/debian/patches/debian/userns-fix-abi-change-in-3.16.7-ckt4.patch Fri Jan 16 00:04:09 2015 (r22261)
@@ -0,0 +1,45 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Thu, 15 Jan 2015 23:16:35 +0000
+Subject: userns: Fix ABI change in 3.16.7-ckt4
+Forwarded: not-needed
+
+The fix for CVE-2014-8989 added a new member to struct user_namespace.
+This is always allocated, and the new member is always used, in
+non-modular code. Move it to the end of the structure and hide it
+from genksyms.
+
+Also hide the new #include in kernel/groups.c.
+
+---
+--- a/include/linux/user_namespace.h
++++ b/include/linux/user_namespace.h
+@@ -31,13 +31,16 @@ struct user_namespace {
+ kuid_t owner;
+ kgid_t group;
+ unsigned int proc_inum;
+- unsigned long flags;
+
+ /* Register of per-UID persistent keyrings for this namespace */
+ #ifdef CONFIG_PERSISTENT_KEYRINGS
+ struct key *persistent_keyring_register;
+ struct rw_semaphore persistent_keyring_register_sem;
+ #endif
++
++#ifndef __GENKSYMS__
++ unsigned long flags;
++#endif
+ };
+
+ extern struct user_namespace init_user_ns;
+--- a/kernel/groups.c
++++ b/kernel/groups.c
+@@ -6,7 +6,9 @@
+ #include <linux/slab.h>
+ #include <linux/security.h>
+ #include <linux/syscalls.h>
++#ifndef __GENKSYMS__
+ #include <linux/user_namespace.h>
++#endif
+ #include <asm/uaccess.h>
+
+ /* init to 2 - one for init_task, one to ensure it is never freed */
Modified: dists/sid/linux/debian/patches/series
==============================================================================
--- dists/sid/linux/debian/patches/series Wed Jan 14 12:43:36 2015 (r22260)
+++ dists/sid/linux/debian/patches/series Fri Jan 16 00:04:09 2015 (r22261)
@@ -51,17 +51,12 @@
bugfix/mips/disable-advansys.patch
bugfix/arm/ixp4xx_iobe.patch
bugfix/m68k/ethernat-kconfig.patch
-bugfix/s390/s390-3215-fix-hanging-console-issue.patch
-bugfix/s390/s390-3215-fix-tty-output-containing-tabs.patch
bugfix/x86/drm-i915-initialise-userptr-mmu_notifier-serial-to-1.patch
bugfix/x86/drm-i915-Add-some-L3-registers-to-the-parser-whiteli.patch
bugfix/parisc/parisc-reduce-sigrtmin-from-37-to-32-to-behave-like-.patch
bugfix/arm64/arm64-add-missing-dts-entry-for-X-Gene-platform.patch
bugfix/arm64/arm64-removed-using-of-the-mask-attribute-in-the-dts.patch
bugfix/x86/acpi-video-run-_bcl-before-deciding-registering-back.patch
-bugfix/x86/x86-tls-validate-tls-entries-to-protect-espfix.patch
-bugfix/x86/x86-kvm-clear-paravirt_enabled-on-kvm-guests-for-esp.patch
-bugfix/x86/x86_64-switch_to-load-tls-descriptors-before-switchi.patch
# Arch features
features/mips/MIPS-Support-hard-limit-of-cpu-count-nr_cpu_ids.patch
@@ -128,7 +123,6 @@
features/arm64/dtb-Add-10GbE-node-to-APM-X-Gene-SoC-device-tree.patch
features/arm64/dtb-Add-SGMII-based-1GbE-node-to-APM-X-Gene-SoC-devi.patch
features/arm64/dtb-xgene-fix-Backward-compatibility-with-older-firm.patch
-features/x86/platform-chrome-chromeos_laptop-add-support-for-acer.patch
# Miscellaneous bug fixes
bugfix/all/misc-bmp085-Enable-building-as-a-module.patch
@@ -156,13 +150,7 @@
bugfix/all/xen-netback-do-not-report-success-if-backend_create_.patch
bugfix/all/netback-don-t-store-invalid-vif-pointer.patch
bugfix/all/xen-netback-support-frontends-without-feature-rx-not.patch
-bugfix/all/isofs-fix-infinite-looping-over-ce-entries.patch
-bugfix/all/batman-adv-calculate-extra-tail-size-based-on-queued.patch
-bugfix/all/keys-close-race-between-key-lookup-and-freeing.patch
-bugfix/all/isofs-fix-unchecked-printing-of-er-records.patch
-bugfix/all/move-d_rcu-from-overlapping-d_child-to-overlapping-d.patch
bugfix/all/aufs-move-d_rcu-from-overlapping-d_child-to-overlapping-d.patch
-bugfix/all/deal-with-deadlock-in-d_walk.patch
bugfix/all/net-mv643xx-disable-tso-by-default.patch
# memfd_create() & kdbus backport
@@ -497,3 +485,4 @@
debian/arm-thread_info-fix-abi-change-in-3.16.7-ckt3.patch
debian/pci-fix-abi-change-in-3.16.7-ckt3.patch
debian/vfs-avoid-abi-change-for-dentry-union-changes.patch
+debian/userns-fix-abi-change-in-3.16.7-ckt4.patch
More information about the Kernel-svn-changes
mailing list