[linux] 03/03: Update to 4.9.16

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Mon Mar 20 03:19:36 UTC 2017 

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch sid
in repository linux.

commit b303c03f3b3c930e6e47f5064e6a26e4212cd72b
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Sun Mar 19 20:52:51 2017 +0000

    Update to 4.9.16
    
    Drop one patch included in it
---
 debian/changelog                                   | 33 ++++++++-
 ...nt-remove-the-atomicity-from-ucount-count.patch | 83 ----------------------
 debian/patches/series                              |  1 -
 3 files changed, 31 insertions(+), 86 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index debf942..e6b6d5f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-linux (4.9.15-1) UNRELEASED; urgency=medium
+linux (4.9.16-1) UNRELEASED; urgency=medium
 
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.14
@@ -201,6 +201,36 @@ linux (4.9.15-1) UNRELEASED; urgency=medium
     - mm: do not call mem_cgroup_free() from within mem_cgroup_alloc()
     - fat: fix using uninitialized fields of fat_inode/fsinfo_inode
     - [x86] drivers: hv: Turn off write permission on the hypercall page
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.16
+    - USB: serial: digi_acceleport: fix OOB data sanity check
+    - USB: serial: digi_acceleport: fix OOB-event processing
+    - crypto: improve gcc optimization flags for serpent and wp512
+    - ucount: Remove the atomicity from ucount->count (CVE-2017-6874)
+    - dw2102: don't do DMA on stack
+    - i2c: add missing of_node_put in i2c_mux_del_adapters
+    - [ppc64el] Emulation support for load/store instructions on LE
+    - [powerpc*] xics: Work around limitations of OPAL XICS priority handling
+    - PCI: Prevent VPD access for QLogic ISP2722
+    - usb: gadget: dummy_hcd: clear usb_gadget region before registration
+    - usb: dwc3: gadget: make Set Endpoint Configuration macros safe
+    - [armhf] usb: dwc3-omap: Fix missing break in dwc3_omap_set_mailbox()
+    - usb: gadget: function: f_fs: pass companion descriptor along
+    - Revert "usb: gadget: uvc: Add missing call for additional setup data"
+    - usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci
+      controllers
+    - USB: serial: safe_serial: fix information leak in completion handler
+    - USB: serial: omninet: fix reference leaks at open
+    - USB: iowarrior: fix NULL-deref at probe (CVE-2016-2188)
+    - USB: iowarrior: fix NULL-deref in write
+    - USB: serial: io_ti: fix NULL-deref in interrupt callback
+    - USB: serial: io_ti: fix information leak in completion handler
+    - [armhf] serial: samsung: Continue to work if DMA request fails
+    - [s390x] KVM: Fix guest migration for huge guests resulting in panic
+    - [armhf.arm64] KVM: Let vcpu thread modify its own active state
+    - dm: flush queued bios when process blocks to avoid deadlock
+    - rc: raw decoder for keymap protocol is not loaded on register
+    - ext4: don't BUG when truncating encrypted inodes on the orphan list
+    - IB/mlx5: Verify that Q counters are supported
 
   [ Ben Hutchings ]
   * [media] dvb-usb: don't use stack for firmware load or reset
@@ -211,7 +241,6 @@ linux (4.9.15-1) UNRELEASED; urgency=medium
     - timer/hrtimer: check properly for a running timer
   * [rt] Refresh one patch that had a textual conflict with 4.9.14
   * Ignore various ABI changes that shouldn't affect OOT modules
-  * ucount: Remove the atomicity from ucount->count (CVE-2017-6874)
   * userns: Avoid ABI change for CVE-2017-6874 fix
   * [amd64] Don't WARN about expected W+X pages on Xen (see #852324)
   * fjes: Disable auto-loading, as this driver matches a very common ACPI ID
diff --git a/debian/patches/bugfix/all/ucount-remove-the-atomicity-from-ucount-count.patch b/debian/patches/bugfix/all/ucount-remove-the-atomicity-from-ucount-count.patch
deleted file mode 100644
index 0a40cfb..0000000
--- a/debian/patches/bugfix/all/ucount-remove-the-atomicity-from-ucount-count.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From: "Eric W. Biederman" <ebiederm at xmission.com>
-Date: Sun, 5 Mar 2017 15:03:22 -0600
-Subject: ucount: Remove the atomicity from ucount->count
-Origin: https://git.kernel.org/linus/040757f738e13caaa9c5078bca79aa97e11dde88
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-6874
-
-Always increment/decrement ucount->count under the ucounts_lock.  The
-increments are there already and moving the decrements there means the
-locking logic of the code is simpler.  This simplification in the
-locking logic fixes a race between put_ucounts and get_ucounts that
-could result in a use-after-free because the count could go zero then
-be found by get_ucounts and then be freed by put_ucounts.
-
-A bug presumably this one was found by a combination of syzkaller and
-KASAN.  JongWhan Kim reported the syzkaller failure and Dmitry Vyukov
-spotted the race in the code.
-
-Cc: stable at vger.kernel.org
-Fixes: f6b2db1a3e8d ("userns: Make the count of user namespaces per user")
-Reported-by: JongHwan Kim <zzoru007 at gmail.com>
-Reported-by: Dmitry Vyukov <dvyukov at google.com>
-Reviewed-by: Andrei Vagin <avagin at gmail.com>
-Signed-off-by: "Eric W. Biederman" <ebiederm at xmission.com>
----
- include/linux/user_namespace.h |  2 +-
- kernel/ucount.c                | 18 +++++++++++-------
- 2 files changed, 12 insertions(+), 8 deletions(-)
-
---- a/include/linux/user_namespace.h
-+++ b/include/linux/user_namespace.h
-@@ -65,7 +65,7 @@ struct ucounts {
- 	struct hlist_node node;
- 	struct user_namespace *ns;
- 	kuid_t uid;
--	atomic_t count;
-+	int count;
- 	atomic_t ucount[UCOUNT_COUNTS];
- };
- 
---- a/kernel/ucount.c
-+++ b/kernel/ucount.c
-@@ -139,7 +139,7 @@ static struct ucounts *get_ucounts(struc
- 
- 		new->ns = ns;
- 		new->uid = uid;
--		atomic_set(&new->count, 0);
-+		new->count = 0;
- 
- 		spin_lock_irq(&ucounts_lock);
- 		ucounts = find_ucounts(ns, uid, hashent);
-@@ -150,8 +150,10 @@ static struct ucounts *get_ucounts(struc
- 			ucounts = new;
- 		}
- 	}
--	if (!atomic_add_unless(&ucounts->count, 1, INT_MAX))
-+	if (ucounts->count == INT_MAX)
- 		ucounts = NULL;
-+	else
-+		ucounts->count += 1;
- 	spin_unlock_irq(&ucounts_lock);
- 	return ucounts;
- }
-@@ -160,13 +162,15 @@ static void put_ucounts(struct ucounts *
- {
- 	unsigned long flags;
- 
--	if (atomic_dec_and_test(&ucounts->count)) {
--		spin_lock_irqsave(&ucounts_lock, flags);
-+	spin_lock_irqsave(&ucounts_lock, flags);
-+	ucounts->count -= 1;
-+	if (!ucounts->count)
- 		hlist_del_init(&ucounts->node);
--		spin_unlock_irqrestore(&ucounts_lock, flags);
-+	else
-+		ucounts = NULL;
-+	spin_unlock_irqrestore(&ucounts_lock, flags);
- 
--		kfree(ucounts);
--	}
-+	kfree(ucounts);
- }
- 
- static inline bool atomic_inc_below(atomic_t *v, int u)
diff --git a/debian/patches/series b/debian/patches/series
index ef86a9f..8298e5d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -119,7 +119,6 @@ debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
 bugfix/x86/kvm-fix-page-struct-leak-in-handle_vmon.patch
 debian/time-mark-timer_stats-as-broken.patch
 bugfix/all/sctp-deny-peeloff-operation-on-asocs-with-threads-sl.patch
-bugfix/all/ucount-remove-the-atomicity-from-ucount-count.patch
 
 # Fix exported symbol versions
 bugfix/ia64/revert-ia64-move-exports-to-definitions.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list