[linux] 01/01: Update to 4.9.10

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Thu Feb 16 19:06:50 UTC 2017 

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch sid
in repository linux.

commit 10f2dad56962b104213df0dc44e967d6e1dd2cc4
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Thu Feb 16 19:03:31 2017 +0000

    Update to 4.9.10
---
 debian/changelog                                   | 64 ++++++++++++++++--
 ...-rxe-Fix-mem_check_range-integer-overflow.patch | 38 -----------
 ...use-nr_cpumask_bits-for-parsing-functions.patch | 77 ----------------------
 .../selinux-fix-off-by-one-in-setprocattr.patch    | 65 ------------------
 debian/patches/series                              |  3 -
 5 files changed, 60 insertions(+), 187 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index acafac6..da5338d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-linux (4.9.9-1) UNRELEASED; urgency=medium
+linux (4.9.10-1) UNRELEASED; urgency=medium
 
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7
@@ -161,6 +161,65 @@ linux (4.9.9-1) UNRELEASED; urgency=medium
     - iw_cxgb4: set correct FetchBurstMax for QPs
     - fs: break out of iomap_file_buffered_write on fatal signals
     - [x86] drm/i915/execlists: Reset RING registers upon resume
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10
+    - [x86] cpufreq: intel_pstate: Disable energy efficiency optimization
+    - acpi, nfit: fix acpi_nfit_flush_probe() crash
+    - [x86] libnvdimm, namespace: do not delete namespace-id 0
+    - [x86] libnvdimm, pfn: fix memmap reservation size versus 4K alignment
+    - dm rq: cope with DM device destruction while in dm_old_request_fn()
+    - crypto: algif_aead - Fix kernel panic on list_del
+    - [x86] crypto: qat - fix bar discovery for c62x
+    - [x86] crypto: qat - zero esram only for DH85x devices
+    - [x86] crypto: ccp - Fix DMA operations when IOMMU is enabled
+    - [x86] crypto: ccp - Fix double add when creating new DMA command
+    - Input: uinput - fix crash when mixing old and new init style
+    - selinux: fix off-by-one in setprocattr (CVE-2017-2618)
+    - [x86] Revert "x86/ioapic: Restore IO-APIC irq_chip retrigger callback"
+    - rtlwifi: rtl8192ce: Fix loading of incorrect firmware
+    - cpumask: use nr_cpumask_bits for parsing functions (Closes: #848682)
+    - [armel,armhf] 8643/3: arm/ptrace: Preserve previous registers for short
+      regset write
+    - [x86] drm/i915: fix use-after-free in page_flip_completed()
+    - [x86] drm/i915/bxt: Add MST support when do DPLL calculation
+    - drm/atomic: Fix double free in drm_atomic_state_default_clear
+    - target: Don't BUG_ON during NodeACL dynamic -> explicit conversion
+    - target: Use correct SCSI status during EXTENDED_COPY exception
+    - target: Fix early transport_generic_handle_tmr abort scenario
+    - target: Fix multi-session dynamic se_node_acl double free OOPs
+    - target: Fix COMPARE_AND_WRITE ref leak for non GOOD status
+    - [armhf] dts: imx6dl: fix GPIO4 range
+    - [armhf] 8642/1: LPAE: catch pending imprecise abort on unmask
+    - [x86] drm/i915: Always convert incoming exec offsets to non-canonical
+    - nl80211: Fix mesh HT operation check
+    - mac80211: Fix adding of mesh vendor IEs
+    - net/mlx5e: Modify TIRs hash only when it's needed
+    - [x86] Drivers: hv: vmbus: Base host signaling strictly on the ring state
+    - [x86] Drivers: hv: vmbus: On write cleanup the logic to interrupt the host
+    - [x86] Drivers: hv: vmbus: On the read path cleanup the logic to interrupt
+      the host
+    - [x86] Drivers: hv: vmbus: finally fix hv_need_to_signal_on_read()
+    - [s390x] scsi: zfcp: fix use-after-free by not tracing WKA port open/close
+      on failed send
+    - scsi: aacraid: Fix INTx/MSI-x issue with older controllers
+    - scsi: mpt3sas: disable ASPM for MPI2 controllers
+    - scsi: qla2xxx: Avoid that issuing a LIP triggers a kernel crash
+    - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls
+    - [powerpc*] mm/radix: Update ERAT flushes when invalidating TLB
+    - [powerpc*] powernv: Fix CPU hotplug to handle waking on HVI
+    - xen-netfront: Delete rx_refill_timer in xennet_disconnect_backend()
+    - ALSA: hda - adding a new NV HDMI/DP codec ID in the driver
+    - ALSA: seq: Fix race at creating a queue
+    - ALSA: seq: Don't handle loop timeout at snd_seq_pool_done()
+    - Revert "ALSA: line6: Only determine control port properties if needed"
+    - [x86] mm/ptdump: Fix soft lockup in page table walker
+    - [x86] CPU/AMD: Bring back Compute Unit ID
+    - [x86] CPU/AMD: Fix Zen SMT topology
+    - IB/rxe: Fix resid update
+    - IB/rxe: Fix mem_check_range integer overflow (CVE-2016-8636)
+    - stacktrace, lockdep: Fix address, newline ugliness
+    - perf diff: Fix -o/--order option behavior (again)
+    - perf diff: Fix segfault on 'perf diff -o N' option
+    - perf/core: Fix crash in perf_event_read()
 
   [ Ben Hutchings ]
   * Bump ABI to 2
@@ -184,7 +243,6 @@ linux (4.9.9-1) UNRELEASED; urgency=medium
     - rt: Drop mutex_disable() on !DEBUG configs and the GPL suffix from export
       symbol
     - cpuset: Convert callback_lock to raw_spinlock_t
-  * cpumask: use nr_cpumask_bits for parsing functions (Closes: #848682)
   * pegasus: Use heap buffers for all register access (Closes: #852556)
   * test-patches: Use the pkg.linux.notools build profile
   * test-patches: Set default number of jobs to number of available processors
@@ -196,8 +254,6 @@ linux (4.9.9-1) UNRELEASED; urgency=medium
   * [armel] ARM: orion5x: fix Makefile for linkstation-lschl.dtb
 
   [ Salvatore Bonaccorso ]
-  * IB/rxe: Fix mem_check_range integer overflow (CVE-2016-8636)
-  * selinux: fix off-by-one in setprocattr (CVE-2017-2618)
   * ipv4: keep skb->dst around in presence of IP options (CVE-2017-5970)
   * sctp: avoid BUG_ON on sctp_wait_for_sndbuf (CVE-2017-5986)
 
diff --git a/debian/patches/bugfix/all/IB-rxe-Fix-mem_check_range-integer-overflow.patch b/debian/patches/bugfix/all/IB-rxe-Fix-mem_check_range-integer-overflow.patch
deleted file mode 100644
index 952a7a1..0000000
--- a/debian/patches/bugfix/all/IB-rxe-Fix-mem_check_range-integer-overflow.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From: Eyal Itkin <eyal.itkin at gmail.com>
-Date: Tue, 7 Feb 2017 16:45:19 +0300
-Subject: IB/rxe: Fix mem_check_range integer overflow
-Origin: https://git.kernel.org/linus/647bf3d8a8e5777319da92af672289b2a6c4dc66
-
-Update the range check to avoid integer-overflow in edge case.
-Resolves CVE 2016-8636.
-
-Signed-off-by: Eyal Itkin <eyal.itkin at gmail.com>
-Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
-Reviewed-by: Leon Romanovsky <leonro at mellanox.com>
-Signed-off-by: Doug Ledford <dledford at redhat.com>
----
- drivers/infiniband/sw/rxe/rxe_mr.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/drivers/infiniband/sw/rxe/rxe_mr.c b/drivers/infiniband/sw/rxe/rxe_mr.c
-index d0faca294006..86a6585b847d 100644
---- a/drivers/infiniband/sw/rxe/rxe_mr.c
-+++ b/drivers/infiniband/sw/rxe/rxe_mr.c
-@@ -59,9 +59,11 @@ int mem_check_range(struct rxe_mem *mem, u64 iova, size_t length)
- 
- 	case RXE_MEM_TYPE_MR:
- 	case RXE_MEM_TYPE_FMR:
--		return ((iova < mem->iova) ||
--			((iova + length) > (mem->iova + mem->length))) ?
--			-EFAULT : 0;
-+		if (iova < mem->iova ||
-+		    length > mem->length ||
-+		    iova > mem->iova + mem->length - length)
-+			return -EFAULT;
-+		return 0;
- 
- 	default:
- 		return -EFAULT;
--- 
-2.11.0
-
diff --git a/debian/patches/bugfix/all/cpumask-use-nr_cpumask_bits-for-parsing-functions.patch b/debian/patches/bugfix/all/cpumask-use-nr_cpumask_bits-for-parsing-functions.patch
deleted file mode 100644
index 1d36806..0000000
--- a/debian/patches/bugfix/all/cpumask-use-nr_cpumask_bits-for-parsing-functions.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-Date: Mon, 6 Feb 2017 13:24:42 -0500
-From: Tejun Heo <tj at kernel.org>
-Subject: cpumask: use nr_cpumask_bits for parsing functions
-Bug-Debian: https://bugs.debian.org/848682
-Origin: https://lkml.org/lkml/2017/2/6/720
-
-513e3d2d11c9 ("cpumask: always use nr_cpu_ids in formatting and
-parsing functions") converted both cpumask printing and parsing
-functions to use nr_cpu_ids instead of nr_cpumask_bits.  While this
-was okay for the printing functions as it just picked one of the two
-output formats that we were alternating between depending on a kernel
-config, doing the same for parsing wasn't okay.
-
-nr_cpumask_bits can be either nr_cpu_ids or NR_CPUS.  We can always
-use nr_cpu_ids but that is a variable while NR_CPUS is a constant, so
-it can be more efficient to use NR_CPUS when we can get away with it.
-Converting the printing functions to nr_cpu_ids makes sense because it
-affects how the masks get presented to userspace and doesn't break
-anything; however, using nr_cpu_ids for parsing functions can
-incorrectly leave the higher bits uninitialized while reading in these
-masks from userland.  As all testing and comparison functions use
-nr_cpumask_bits which can be larger than nr_cpu_ids, the parsed
-cpumasks can erroneously yield false negative results.
-
-This made the taskstats interface incorrectly return -EINVAL even when
-the inputs were correct.
-
-Fix it by restoring the parse functions to use nr_cpumask_bits instead
-of nr_cpu_ids.
-
-Signed-off-by: Tejun Heo <tj at kernel.org>
-Fixes: 513e3d2d11c9 ("cpumask: always use nr_cpu_ids in formatting and parsing functions")
-Cc: stable at vger.kernel.org # v4.0+
-Reported-by: Martin Steigerwald <martin.steigerwald at teamix.de>
-Debugged-by: Ben Hutchings <ben.hutchings at codethink.co.uk>
----
- include/linux/cpumask.h |    8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
---- a/include/linux/cpumask.h
-+++ b/include/linux/cpumask.h
-@@ -560,7 +560,7 @@ static inline void cpumask_copy(struct c
- static inline int cpumask_parse_user(const char __user *buf, int len,
- 				     struct cpumask *dstp)
- {
--	return bitmap_parse_user(buf, len, cpumask_bits(dstp), nr_cpu_ids);
-+	return bitmap_parse_user(buf, len, cpumask_bits(dstp), nr_cpumask_bits);
- }
- 
- /**
-@@ -575,7 +575,7 @@ static inline int cpumask_parselist_user
- 				     struct cpumask *dstp)
- {
- 	return bitmap_parselist_user(buf, len, cpumask_bits(dstp),
--				     nr_cpu_ids);
-+				     nr_cpumask_bits);
- }
- 
- /**
-@@ -590,7 +590,7 @@ static inline int cpumask_parse(const ch
- 	char *nl = strchr(buf, '\n');
- 	unsigned int len = nl ? (unsigned int)(nl - buf) : strlen(buf);
- 
--	return bitmap_parse(buf, len, cpumask_bits(dstp), nr_cpu_ids);
-+	return bitmap_parse(buf, len, cpumask_bits(dstp), nr_cpumask_bits);
- }
- 
- /**
-@@ -602,7 +602,7 @@ static inline int cpumask_parse(const ch
-  */
- static inline int cpulist_parse(const char *buf, struct cpumask *dstp)
- {
--	return bitmap_parselist(buf, cpumask_bits(dstp), nr_cpu_ids);
-+	return bitmap_parselist(buf, cpumask_bits(dstp), nr_cpumask_bits);
- }
- 
- /**
diff --git a/debian/patches/bugfix/all/selinux-fix-off-by-one-in-setprocattr.patch b/debian/patches/bugfix/all/selinux-fix-off-by-one-in-setprocattr.patch
deleted file mode 100644
index fcb9491..0000000
--- a/debian/patches/bugfix/all/selinux-fix-off-by-one-in-setprocattr.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From: Stephen Smalley <sds at tycho.nsa.gov>
-Date: Tue, 31 Jan 2017 11:54:04 -0500
-Subject: selinux: fix off-by-one in setprocattr
-Origin: https://git.kernel.org/linus/0c461cb727d146c9ef2d3e86214f498b78b7d125
-
-SELinux tries to support setting/clearing of /proc/pid/attr attributes
-from the shell by ignoring terminating newlines and treating an
-attribute value that begins with a NUL or newline as an attempt to
-clear the attribute.  However, the test for clearing attributes has
-always been wrong; it has an off-by-one error, and this could further
-lead to reading past the end of the allocated buffer since commit
-bb646cdb12e75d82258c2f2e7746d5952d3e321a ("proc_pid_attr_write():
-switch to memdup_user()").  Fix the off-by-one error.
-
-Even with this fix, setting and clearing /proc/pid/attr attributes
-from the shell is not straightforward since the interface does not
-support multiple write() calls (so shells that write the value and
-newline separately will set and then immediately clear the attribute,
-requiring use of echo -n to set the attribute), whereas trying to use
-echo -n "" to clear the attribute causes the shell to skip the
-write() call altogether since POSIX says that a zero-length write
-causes no side effects. Thus, one must use echo -n to set and echo
-without -n to clear, as in the following example:
-$ echo -n unconfined_u:object_r:user_home_t:s0 > /proc/$$/attr/fscreate
-$ cat /proc/$$/attr/fscreate
-unconfined_u:object_r:user_home_t:s0
-$ echo "" > /proc/$$/attr/fscreate
-$ cat /proc/$$/attr/fscreate
-
-Note the use of /proc/$$ rather than /proc/self, as otherwise
-the cat command will read its own attribute value, not that of the shell.
-
-There are no users of this facility to my knowledge; possibly we
-should just get rid of it.
-
-UPDATE: Upon further investigation it appears that a local process
-with the process:setfscreate permission can cause a kernel panic as a
-result of this bug.  This patch fixes CVE-2017-2618.
-
-Signed-off-by: Stephen Smalley <sds at tycho.nsa.gov>
-[PM: added the update about CVE-2017-2618 to the commit description]
-Cc: stable at vger.kernel.org # 3.5: d6ea83ec6864e
-Signed-off-by: Paul Moore <paul at paul-moore.com>
-
-Signed-off-by: James Morris <james.l.morris at oracle.com>
----
- security/selinux/hooks.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index c7c6619..d98550a 100644
---- a/security/selinux/hooks.c
-+++ b/security/selinux/hooks.c
-@@ -5887,7 +5887,7 @@ static int selinux_setprocattr(struct task_struct *p,
- 		return error;
- 
- 	/* Obtain a SID for the context, if one was specified. */
--	if (size && str[1] && str[1] != '\n') {
-+	if (size && str[0] && str[0] != '\n') {
- 		if (str[size-1] == '\n') {
- 			str[size-1] = 0;
- 			size--;
--- 
-2.1.4
-
diff --git a/debian/patches/series b/debian/patches/series
index 9ae396f..9f05b49 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -73,7 +73,6 @@ bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch
 bugfix/all/nbd-use-loff_t-for-blocksize-and-nbd_set_size-args.patch
 bugfix/all/ath9k-fix-null-pointer-dereference.patch
 bugfix/all/nbd-fix-64-bit-division.patch
-bugfix/all/cpumask-use-nr_cpumask_bits-for-parsing-functions.patch
 bugfix/all/pegasus-use-heap-buffers-for-all-register-access.patch
 
 # Miscellaneous features
@@ -104,8 +103,6 @@ features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.pa
 
 # Security fixes
 debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
-bugfix/all/IB-rxe-Fix-mem_check_range-integer-overflow.patch
-bugfix/all/selinux-fix-off-by-one-in-setprocattr.patch
 bugfix/all/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch
 bugfix/all/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list