[linux] 01/01: Update to 4.9.5
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Sat Jan 21 15:07:34 UTC 2017
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to branch sid
in repository linux.
commit 4686b122fcc4dd67db1bbd32d8d47cb1d9025e5b
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Sat Jan 21 09:20:56 2017 +0100
Update to 4.9.5
---
debian/changelog | 113 ++++++++++++++++++++-
...-reference-added-by-grab_header-in-proc_s.patch | 87 ----------------
.../KVM-x86-Introduce-segmented_write_std.patch | 61 -----------
...x86-fix-emulation-of-MOV-SS-null-selector.patch | 107 -------------------
...trace_btrfs_all_work_done-from-normal_wor.patch | 39 -------
...-free-and-trace-point-in-run_ordered_work.patch | 8 +-
...v-mem-and-dev-kmem-when-securelevel-is-se.patch | 8 +-
debian/patches/series | 3 -
debian/patches/series-rt | 1 -
9 files changed, 116 insertions(+), 311 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 0a37aa9..a2c85f6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-linux (4.9.4-1) UNRELEASED; urgency=medium
+linux (4.9.5-1) UNRELEASED; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.3
@@ -233,6 +233,113 @@ linux (4.9.4-1) UNRELEASED; urgency=medium
- [x86] drm/i915/gen9: Fix PCODE polling during CDCLK change notification
- rtlwifi: Fix enter/exit power_save
- rtlwifi: rtl_usb: Fix missing entry in USB driver's private data
+ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5
+ - Input: xpad - use correct product id for x360w controllers
+ - Input: i8042 - add Pegatron touchpad to noloop table
+ - [armhf] regulator: axp20x: Fix axp809 ldo_io registration error on cold
+ boot
+ - [arm64, armhf] drm/tegra: dpaux: Fix error handling
+ - [arm64, armhf] drm/vc4: Fix a couple error codes in vc4_cl_lookup_bos()
+ - drm/savage: dereferencing an error pointer
+ - zram: revalidate disk under init_lock
+ - zram: support BDI_CAP_STABLE_WRITES
+ - dax: fix deadlock with DAX 4k holes
+ - mm: pmd dirty emulation in page fault handler
+ - mm: fix devm_memremap_pages crash, use mem_hotplug_{begin, done}
+ - ocfs2: fix crash caused by stale lvb with fsdlm plugin
+ - mm, memcg: fix the active list aging for lowmem requests when memcg is enabled
+ - mm: support anonymous stable page
+ - mm/slab.c: fix SLAB freelist randomization duplicate entries
+ (CVE-2017-5546)
+ - mm/hugetlb.c: fix reservation race when freeing surplus pages
+ - [x86] KVM: fix emulation of "MOV SS, null selector" (CVE-2017-2583)
+ - KVM: eventfd: fix NULL deref irqbypass consumer
+ - jump_labels: API for flushing deferred jump label updates
+ - [x86] KVM: flush pending lapic jump label updates on module unload
+ - [x86] KVM: fix NULL deref in vcpu_scan_ioapic
+ - [x86] KVM: add Align16 instruction flag
+ - [x86] KVM: add asm_safe wrapper
+ - [x86] KVM: emulate FXSAVE and FXRSTOR
+ - [x86] KVM: Introduce segmented_write_std (CVE-2017-2584)
+ - efi/libstub/arm*: Pass latest memory map to the kernel
+ - [x86] efi: Prune invalid memory map entries and fix boot regression
+ - [x86] efi: Don't allocate memmap through memblock after mm_init()
+ - nl80211: fix sched scan netlink socket owner destruction
+ - gpio: Move freeing of GPIO hogs before numbing of the device
+ - xfs: Timely free truncated dirty pages
+ - bridge: netfilter: Fix dropping packets that moving through bridge interface
+ - [x86] cpu/AMD: Clean up cpu_llc_id assignment per topology feature
+ - [x86] bugs: Separate AMD E400 erratum and C1E bug
+ - [x86] CPU/AMD: Fix Bulldozer topology
+ - wusbcore: Fix one more crypto-on-the-stack bug
+ - [armhf] usb: musb: fix runtime PM in debugfs
+ - USB: serial: kl5kusb105: fix line-state error handling (CVE-2017-5549)
+ - USB: serial: ch341: fix initial modem-control state
+ - USB: serial: ch341: fix resume after reset
+ - USB: serial: ch341: fix open error handling
+ - USB: serial: ch341: fix control-message error handling
+ - USB: serial: ch341: fix open and resume after B0
+ - i2c: print correct device invalid address
+ - i2c: fix kernel memory disclosure in dev interface
+ - fix a fencepost error in pipe_advance() (CVE-2017-5550)
+ - xhci: fix deadlock at host remove by running watchdog correctly
+ - btrfs: fix crash when tracepoint arguments are freed by wq callbacks
+ - ASoC: hdmi-codec: use unsigned type to structure members with bit-field
+ - Revert "tty: serial: 8250: add CON_CONSDEV to flags"
+ - pid: fix lockdep deadlock warning due to ucount_lock
+ - mnt: Protect the mountpoint hashtable with mount_lock
+ - drivers: char: mem: Fix thinkos in kmem address checks
+ - [armhf] dmaengine: omap-dma: Fix dynamic lch_map allocation
+ - virtio_blk: avoid DMA to stack for the sense buffer
+ - orinoco: Use shash instead of ahash for MIC calculations
+ - sysrq: attach sysrq handler correctly for 32-bit kernel
+ - [arm64, armhf] extcon: return error code on failure
+ - Clearing FIFOs in RS485 emulation mode causes subsequent transmits to
+ break
+ - sysctl: Drop reference added by grab_header in proc_sys_readdir
+ (CVE-2016-9191)
+ - [s390x] net/af_iucv: don't use paged skbs for TX on HiperSockets
+ - [x86] drm/i915/gen9: Fix PCODE polling timeout in stable backport
+ - drm: Clean up planes in atomic commit helper failure path
+ - drm/radeon: update smc firmware selection for SI
+ - drm/radeon: drop verde dpm quirks
+ - [x86] drm/amdgpu: update si kicker smc firmware
+ - [x86] drm/amdgpu: drop verde dpm quirks
+ - USB: serial: ch341: fix modem-control and B0 handling
+ - net/mlx5: Only cancel recovery work when cleaning up device
+ - i2c: piix4: Avoid race conditions with IMC
+ - [x86] cpu: Fix bootup crashes by sanitizing the argument of the
+ 'clearcpuid=' command-line option
+ - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too
+ - btrfs: fix locking when we put back a delayed ref that's too new
+ - btrfs: fix error handling when run_delayed_extent_op fails
+ - NFS: fix typo in parameter description
+ - pNFS: Fix race in pnfs_wait_on_layoutreturn
+ - NFS: Fix a performance regression in readdir
+ - NFSv4.1: nfs4_fl_prepare_ds must be careful about reporting success.
+ - [armhf] i2c: mux: pca954x: fix i2c mux selection caching
+ - [x86] drm/i915/gen9: Fix PCODE polling during SAGV disabling
+ - drm: avoid uninitialized timestamp use in wait_vblank
+ - [arm64, armhf] drm/panel: simple: Check against num_timings when setting
+ preferred for timing
+ - [x86] drm/i915: Move the min_pixclk[] handling to the end of readout
+ - drm: Initialise drm_mm.head_node.allocated
+ - block: Change extern inline to static inline
+ - block: cfq_cpd_alloc() should use @gfp
+ - [x86] ACPI / APEI: Fix NMI notification handling
+ - [x86] powercap/intel_rapl: fix and tidy up error handling
+ - iw_cxgb4: Fix error return code in c4iw_rdev_open()
+ - [arm64, armhf] power: supply: bq27xxx_battery: Fix register map for
+ BQ27510 and BQ27520
+ - blk-mq: Always schedule hctx->next_cpu
+ - [powerpc] mm: Correct process and partition table max size
+ - [powerpc*] ibmebus: Fix further device reference leaks
+ - [powerpc*] ibmebus: Fix device reference leaks in sysfs interface
+ - [powerpc*] powernv: Don't warn on PE init if unfreeze is unsupported
+ - [arm64] hugetlb: fix the wrong address for several functions
+ - [arm64] hugetlb: remove the wrong pmd check in find_num_contig()
+ - [arm64] hugetlb: fix the wrong return value for
+ huge_ptep_set_access_flags
[ Ben Hutchings ]
* [armel,armhf,s390x,x86] linux-headers: Fix regression of multilib compiler
@@ -241,11 +348,7 @@ linux (4.9.4-1) UNRELEASED; urgency=medium
* ath9k: fix NULL pointer dereference (Closes: #851621)
[ Salvatore Bonaccorso ]
- * sysctl: Drop reference added by grab_header in proc_sys_readdir
- (CVE-2016-9191)
* tmpfs: clear S_ISGID when setting posix ACLs (CVE-2017-5551)
- * [x86] KVM: Introduce segmented_write_std (CVE-2017-2584)
- * [x86] KVM: fix emulation of "MOV SS, null selector" (CVE-2017-2583)
[ Roger Shimizu ]
* [armel] Add DT support of Buffalo Linkstation Live v3 (LS-CHL)
diff --git a/debian/patches/bugfix/all/sysctl-Drop-reference-added-by-grab_header-in-proc_s.patch b/debian/patches/bugfix/all/sysctl-Drop-reference-added-by-grab_header-in-proc_s.patch
deleted file mode 100644
index c91cd09..0000000
--- a/debian/patches/bugfix/all/sysctl-Drop-reference-added-by-grab_header-in-proc_s.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-From: Zhou Chengming <zhouchengming1 at huawei.com>
-Date: Fri, 6 Jan 2017 09:32:32 +0800
-Subject: sysctl: Drop reference added by grab_header in proc_sys_readdir
-Origin: https://git.kernel.org/linus/93362fa47fe98b62e4a34ab408c4a418432e7939
-
-Fixes CVE-2016-9191, proc_sys_readdir doesn't drop reference
-added by grab_header when return from !dir_emit_dots path.
-It can cause any path called unregister_sysctl_table will
-wait forever.
-
-The calltrace of CVE-2016-9191:
-
-[ 5535.960522] Call Trace:
-[ 5535.963265] [<ffffffff817cdaaf>] schedule+0x3f/0xa0
-[ 5535.968817] [<ffffffff817d33fb>] schedule_timeout+0x3db/0x6f0
-[ 5535.975346] [<ffffffff817cf055>] ? wait_for_completion+0x45/0x130
-[ 5535.982256] [<ffffffff817cf0d3>] wait_for_completion+0xc3/0x130
-[ 5535.988972] [<ffffffff810d1fd0>] ? wake_up_q+0x80/0x80
-[ 5535.994804] [<ffffffff8130de64>] drop_sysctl_table+0xc4/0xe0
-[ 5536.001227] [<ffffffff8130de17>] drop_sysctl_table+0x77/0xe0
-[ 5536.007648] [<ffffffff8130decd>] unregister_sysctl_table+0x4d/0xa0
-[ 5536.014654] [<ffffffff8130deff>] unregister_sysctl_table+0x7f/0xa0
-[ 5536.021657] [<ffffffff810f57f5>] unregister_sched_domain_sysctl+0x15/0x40
-[ 5536.029344] [<ffffffff810d7704>] partition_sched_domains+0x44/0x450
-[ 5536.036447] [<ffffffff817d0761>] ? __mutex_unlock_slowpath+0x111/0x1f0
-[ 5536.043844] [<ffffffff81167684>] rebuild_sched_domains_locked+0x64/0xb0
-[ 5536.051336] [<ffffffff8116789d>] update_flag+0x11d/0x210
-[ 5536.057373] [<ffffffff817cf61f>] ? mutex_lock_nested+0x2df/0x450
-[ 5536.064186] [<ffffffff81167acb>] ? cpuset_css_offline+0x1b/0x60
-[ 5536.070899] [<ffffffff810fce3d>] ? trace_hardirqs_on+0xd/0x10
-[ 5536.077420] [<ffffffff817cf61f>] ? mutex_lock_nested+0x2df/0x450
-[ 5536.084234] [<ffffffff8115a9f5>] ? css_killed_work_fn+0x25/0x220
-[ 5536.091049] [<ffffffff81167ae5>] cpuset_css_offline+0x35/0x60
-[ 5536.097571] [<ffffffff8115aa2c>] css_killed_work_fn+0x5c/0x220
-[ 5536.104207] [<ffffffff810bc83f>] process_one_work+0x1df/0x710
-[ 5536.110736] [<ffffffff810bc7c0>] ? process_one_work+0x160/0x710
-[ 5536.117461] [<ffffffff810bce9b>] worker_thread+0x12b/0x4a0
-[ 5536.123697] [<ffffffff810bcd70>] ? process_one_work+0x710/0x710
-[ 5536.130426] [<ffffffff810c3f7e>] kthread+0xfe/0x120
-[ 5536.135991] [<ffffffff817d4baf>] ret_from_fork+0x1f/0x40
-[ 5536.142041] [<ffffffff810c3e80>] ? kthread_create_on_node+0x230/0x230
-
-One cgroup maintainer mentioned that "cgroup is trying to offline
-a cpuset css, which takes place under cgroup_mutex. The offlining
-ends up trying to drain active usages of a sysctl table which apprently
-is not happening."
-The real reason is that proc_sys_readdir doesn't drop reference added
-by grab_header when return from !dir_emit_dots path. So this cpuset
-offline path will wait here forever.
-
-See here for details: http://www.openwall.com/lists/oss-security/2016/11/04/13
-
-Fixes: f0c3b5093add ("[readdir] convert procfs")
-Cc: stable at vger.kernel.org
-Reported-by: CAI Qian <caiqian at redhat.com>
-Tested-by: Yang Shukui <yangshukui at huawei.com>
-Signed-off-by: Zhou Chengming <zhouchengming1 at huawei.com>
-Acked-by: Al Viro <viro at ZenIV.linux.org.uk>
-Signed-off-by: Eric W. Biederman <ebiederm at xmission.com>
----
- fs/proc/proc_sysctl.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
-index 55313d9..d4e37ac 100644
---- a/fs/proc/proc_sysctl.c
-+++ b/fs/proc/proc_sysctl.c
-@@ -709,7 +709,7 @@ static int proc_sys_readdir(struct file *file, struct dir_context *ctx)
- ctl_dir = container_of(head, struct ctl_dir, header);
-
- if (!dir_emit_dots(file, ctx))
-- return 0;
-+ goto out;
-
- pos = 2;
-
-@@ -719,6 +719,7 @@ static int proc_sys_readdir(struct file *file, struct dir_context *ctx)
- break;
- }
- }
-+out:
- sysctl_head_finish(head);
- return 0;
- }
---
-2.1.4
-
diff --git a/debian/patches/bugfix/x86/KVM-x86-Introduce-segmented_write_std.patch b/debian/patches/bugfix/x86/KVM-x86-Introduce-segmented_write_std.patch
deleted file mode 100644
index b5ef81a..0000000
--- a/debian/patches/bugfix/x86/KVM-x86-Introduce-segmented_write_std.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From: Steve Rutherford <srutherford at google.com>
-Date: Wed, 11 Jan 2017 18:28:29 -0800
-Subject: KVM: x86: Introduce segmented_write_std
-Origin: https://git.kernel.org/linus/129a72a0d3c8e139a04512325384fe5ac119e74d
-
-Introduces segemented_write_std.
-
-Switches from emulated reads/writes to standard read/writes in fxsave,
-fxrstor, sgdt, and sidt. This fixes CVE-2017-2584, a longstanding
-kernel memory leak.
-
-Since commit 283c95d0e389 ("KVM: x86: emulate FXSAVE and FXRSTOR",
-2016-11-09), which is luckily not yet in any final release, this would
-also be an exploitable kernel memory *write*!
-
-Reported-by: Dmitry Vyukov <dvyukov at google.com>
-Cc: stable at vger.kernel.org
-Fixes: 96051572c819194c37a8367624b285be10297eca
-Fixes: 283c95d0e3891b64087706b344a4b545d04a6e62
-Suggested-by: Paolo Bonzini <pbonzini at redhat.com>
-Signed-off-by: Steve Rutherford <srutherford at google.com>
-Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
-[carnil: backport for 4.9, changes only before 283c95d0e389 in 4.10-rc1]
----
- arch/x86/kvm/emulate.c | 22 ++++++++++++++++++----
- 1 file changed, 18 insertions(+), 4 deletions(-)
-
---- a/arch/x86/kvm/emulate.c
-+++ b/arch/x86/kvm/emulate.c
-@@ -791,6 +791,20 @@ static int segmented_read_std(struct x86
- return ctxt->ops->read_std(ctxt, linear, data, size, &ctxt->exception);
- }
-
-+static int segmented_write_std(struct x86_emulate_ctxt *ctxt,
-+ struct segmented_address addr,
-+ void *data,
-+ unsigned int size)
-+{
-+ int rc;
-+ ulong linear;
-+
-+ rc = linearize(ctxt, addr, size, true, &linear);
-+ if (rc != X86EMUL_CONTINUE)
-+ return rc;
-+ return ctxt->ops->write_std(ctxt, linear, data, size, &ctxt->exception);
-+}
-+
- /*
- * Prefetch the remaining bytes of the instruction without crossing page
- * boundary if they are not in fetch_cache yet.
-@@ -3658,8 +3672,8 @@ static int emulate_store_desc_ptr(struct
- }
- /* Disable writeback. */
- ctxt->dst.type = OP_NONE;
-- return segmented_write(ctxt, ctxt->dst.addr.mem,
-- &desc_ptr, 2 + ctxt->op_bytes);
-+ return segmented_write_std(ctxt, ctxt->dst.addr.mem,
-+ &desc_ptr, 2 + ctxt->op_bytes);
- }
-
- static int em_sgdt(struct x86_emulate_ctxt *ctxt)
diff --git a/debian/patches/bugfix/x86/KVM-x86-fix-emulation-of-MOV-SS-null-selector.patch b/debian/patches/bugfix/x86/KVM-x86-fix-emulation-of-MOV-SS-null-selector.patch
deleted file mode 100644
index f6d2e5d..0000000
--- a/debian/patches/bugfix/x86/KVM-x86-fix-emulation-of-MOV-SS-null-selector.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From: Paolo Bonzini <pbonzini at redhat.com>
-Date: Thu, 12 Jan 2017 15:02:32 +0100
-Subject: KVM: x86: fix emulation of "MOV SS, null selector"
-Origin: https://git.kernel.org/linus/33ab91103b3415e12457e3104f0e4517ce12d0f3
-
-This is CVE-2017-2583. On Intel this causes a failed vmentry because
-SS's type is neither 3 nor 7 (even though the manual says this check is
-only done for usable SS, and the dmesg splat says that SS is unusable!).
-On AMD it's worse: svm.c is confused and sets CPL to 0 in the vmcb.
-
-The fix fabricates a data segment descriptor when SS is set to a null
-selector, so that CPL and SS.DPL are set correctly in the VMCS/vmcb.
-Furthermore, only allow setting SS to a NULL selector if SS.RPL < 3;
-this in turn ensures CPL < 3 because RPL must be equal to CPL.
-
-Thanks to Andy Lutomirski and Willy Tarreau for help in analyzing
-the bug and deciphering the manuals.
-
-Reported-by: Xiaohan Zhang <zhangxiaohan1 at huawei.com>
-Fixes: 79d5b4c3cd809c770d4bf9812635647016c56011
-Cc: stable at nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
----
- arch/x86/kvm/emulate.c | 48 ++++++++++++++++++++++++++++++++++++++----------
- 1 file changed, 38 insertions(+), 10 deletions(-)
-
-diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index f36d0fa..cedbba0 100644
---- a/arch/x86/kvm/emulate.c
-+++ b/arch/x86/kvm/emulate.c
-@@ -1585,7 +1585,6 @@ static int write_segment_descriptor(struct x86_emulate_ctxt *ctxt,
- &ctxt->exception);
- }
-
--/* Does not support long mode */
- static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
- u16 selector, int seg, u8 cpl,
- enum x86_transfer_type transfer,
-@@ -1622,20 +1621,34 @@ static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
-
- rpl = selector & 3;
-
-- /* NULL selector is not valid for TR, CS and SS (except for long mode) */
-- if ((seg == VCPU_SREG_CS
-- || (seg == VCPU_SREG_SS
-- && (ctxt->mode != X86EMUL_MODE_PROT64 || rpl != cpl))
-- || seg == VCPU_SREG_TR)
-- && null_selector)
-- goto exception;
--
- /* TR should be in GDT only */
- if (seg == VCPU_SREG_TR && (selector & (1 << 2)))
- goto exception;
-
-- if (null_selector) /* for NULL selector skip all following checks */
-+ /* NULL selector is not valid for TR, CS and (except for long mode) SS */
-+ if (null_selector) {
-+ if (seg == VCPU_SREG_CS || seg == VCPU_SREG_TR)
-+ goto exception;
-+
-+ if (seg == VCPU_SREG_SS) {
-+ if (ctxt->mode != X86EMUL_MODE_PROT64 || rpl != cpl)
-+ goto exception;
-+
-+ /*
-+ * ctxt->ops->set_segment expects the CPL to be in
-+ * SS.DPL, so fake an expand-up 32-bit data segment.
-+ */
-+ seg_desc.type = 3;
-+ seg_desc.p = 1;
-+ seg_desc.s = 1;
-+ seg_desc.dpl = cpl;
-+ seg_desc.d = 1;
-+ seg_desc.g = 1;
-+ }
-+
-+ /* Skip all following checks */
- goto load;
-+ }
-
- ret = read_segment_descriptor(ctxt, selector, &seg_desc, &desc_addr);
- if (ret != X86EMUL_CONTINUE)
-@@ -1751,6 +1764,21 @@ static int load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
- u16 selector, int seg)
- {
- u8 cpl = ctxt->ops->cpl(ctxt);
-+
-+ /*
-+ * None of MOV, POP and LSS can load a NULL selector in CPL=3, but
-+ * they can load it at CPL<3 (Intel's manual says only LSS can,
-+ * but it's wrong).
-+ *
-+ * However, the Intel manual says that putting IST=1/DPL=3 in
-+ * an interrupt gate will result in SS=3 (the AMD manual instead
-+ * says it doesn't), so allow SS=3 in __load_segment_descriptor
-+ * and only forbid it here.
-+ */
-+ if (seg == VCPU_SREG_SS && selector == 3 &&
-+ ctxt->mode == X86EMUL_MODE_PROT64)
-+ return emulate_exception(ctxt, GP_VECTOR, 0, true);
-+
- return __load_segment_descriptor(ctxt, selector, seg, cpl,
- X86_TRANSFER_NONE, NULL);
- }
---
-2.1.4
-
diff --git a/debian/patches/features/all/rt/btrfs-drop-trace_btrfs_all_work_done-from-normal_wor.patch b/debian/patches/features/all/rt/btrfs-drop-trace_btrfs_all_work_done-from-normal_wor.patch
deleted file mode 100644
index 8c666a7..0000000
--- a/debian/patches/features/all/rt/btrfs-drop-trace_btrfs_all_work_done-from-normal_wor.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From: Sebastian Andrzej Siewior <bigeasy at linutronix.de>
-Date: Wed, 14 Dec 2016 14:44:18 +0100
-Subject: [PATCH] btrfs: drop trace_btrfs_all_work_done() from
- normal_work_helper()
-Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9-rt1.tar.xz
-
-For btrfs_scrubparity_helper() the ->func() is set to
-scrub_parity_bio_endio_worker(). This functions invokes invokes
-scrub_free_parity() which kfrees() the worked object. All is good as
-long as trace events are not enabled because we boom with a backtrace
-like this:
-| Workqueue: btrfs-endio btrfs_endio_helper
-| RIP: 0010:[<ffffffff812f81ae>] [<ffffffff812f81ae>] trace_event_raw_event_btrfs__work__done+0x4e/0xa0
-| Call Trace:
-| [<ffffffff8136497d>] btrfs_scrubparity_helper+0x59d/0x780
-| [<ffffffff81364c49>] btrfs_endio_helper+0x9/0x10
-| [<ffffffff8108af8e>] process_one_work+0x26e/0x7b0
-| [<ffffffff8108b516>] worker_thread+0x46/0x560
-| [<ffffffff81091c4e>] kthread+0xee/0x110
-| [<ffffffff818e166a>] ret_from_fork+0x2a/0x40
-
-So in order to avoid this, I remove the trace point.
-
-Signed-off-by: Sebastian Andrzej Siewior <bigeasy at linutronix.de>
----
- fs/btrfs/async-thread.c | 2 --
- 1 file changed, 2 deletions(-)
-
---- a/fs/btrfs/async-thread.c
-+++ b/fs/btrfs/async-thread.c
-@@ -318,8 +318,6 @@ static void normal_work_helper(struct bt
- set_bit(WORK_DONE_BIT, &work->flags);
- run_ordered_work(wq);
- }
-- if (!need_order)
-- trace_btrfs_all_work_done(work);
- }
-
- void btrfs_init_work(struct btrfs_work *work, btrfs_work_func_t uniq_func,
diff --git a/debian/patches/features/all/rt/btrfs-swap-free-and-trace-point-in-run_ordered_work.patch b/debian/patches/features/all/rt/btrfs-swap-free-and-trace-point-in-run_ordered_work.patch
index 32e7510..0cb5766 100644
--- a/debian/patches/features/all/rt/btrfs-swap-free-and-trace-point-in-run_ordered_work.patch
+++ b/debian/patches/features/all/rt/btrfs-swap-free-and-trace-point-in-run_ordered_work.patch
@@ -22,12 +22,12 @@ Signed-off-by: Sebastian Andrzej Siewior <bigeasy at linutronix.de>
--- a/fs/btrfs/async-thread.c
+++ b/fs/btrfs/async-thread.c
-@@ -288,8 +288,8 @@ static void run_ordered_work(struct __bt
- * we don't want to call the ordered free functions
- * with the lock held though
+@@ -306,8 +306,8 @@ static void run_ordered_work(struct __bt
+ * because the callback could free the structure.
*/
+ wtag = work;
- work->ordered_free(work);
- trace_btrfs_all_work_done(work);
+ trace_btrfs_all_work_done(wq->fs_info, wtag);
+ work->ordered_free(work);
}
spin_unlock_irqrestore(lock, flags);
diff --git a/debian/patches/features/all/securelevel/restrict-dev-mem-and-dev-kmem-when-securelevel-is-se.patch b/debian/patches/features/all/securelevel/restrict-dev-mem-and-dev-kmem-when-securelevel-is-se.patch
index dd8676d..b36cd7f 100644
--- a/debian/patches/features/all/securelevel/restrict-dev-mem-and-dev-kmem-when-securelevel-is-se.patch
+++ b/debian/patches/features/all/securelevel/restrict-dev-mem-and-dev-kmem-when-securelevel-is-se.patch
@@ -25,13 +25,13 @@ Signed-off-by: Matthew Garrett <mjg59 at srcf.ucam.org>
if (!valid_phys_addr_range(p, count))
return -EFAULT;
-@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *f
+@@ -514,6 +517,9 @@ static ssize_t write_kmem(struct file *f
char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
int err = 0;
+ if (get_securelevel() > 0)
+ return -EPERM;
+
- if (!pfn_valid(PFN_DOWN(p)))
- return -EIO;
-
+ if (p < (unsigned long) high_memory) {
+ unsigned long to_write = min_t(unsigned long, count,
+ (unsigned long)high_memory - p);
diff --git a/debian/patches/series b/debian/patches/series
index 49d9efb..8864fae 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -96,10 +96,7 @@ features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.pa
# Security fixes
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
-bugfix/all/sysctl-Drop-reference-added-by-grab_header-in-proc_s.patch
bugfix/all/tmpfs-clear-S_ISGID-when-setting-posix-ACLs.patch
-bugfix/x86/KVM-x86-Introduce-segmented_write_std.patch
-bugfix/x86/KVM-x86-fix-emulation-of-MOV-SS-null-selector.patch
# Fix exported symbol versions
bugfix/ia64/revert-ia64-move-exports-to-definitions.patch
diff --git a/debian/patches/series-rt b/debian/patches/series-rt
index f4b6dc2..e59c7fc 100644
--- a/debian/patches/series-rt
+++ b/debian/patches/series-rt
@@ -37,7 +37,6 @@ features/all/rt/x86-apic-get-rid-of-warning-acpi_ioapic_lock-defined.patch
features/all/rt/rxrpc-remove-unused-static-variables.patch
features/all/rt/rcu-update-make-RCU_EXPEDITE_BOOT-default.patch
features/all/rt/locking-percpu-rwsem-use-swait-for-the-wating-writer.patch
-features/all/rt/btrfs-drop-trace_btrfs_all_work_done-from-normal_wor.patch
features/all/rt/btrfs-swap-free-and-trace-point-in-run_ordered_work.patch
# Wants a different fix for upstream
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list