[linux] 01/03: Update to 3.2.96
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Mon Nov 27 16:47:04 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch wheezy-security
in repository linux.
commit b399a871968fe472286e454baf01e1615e1033f3
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Mon Nov 27 15:16:45 2017 +0000
Update to 3.2.96
Drop several patches that went upstream.
Update drm-3.4.patch.
Avoid or ignore ABI changes as appropriate.
Refresh rt patches.
---
debian/changelog | 216 ++++++++++++++++
debian/config/defines | 1 +
...roperly-check-l2cap-config-option-output-.patch | 273 ---------------------
...-the-required-netlink-attributes-presence.patch | 36 ---
...-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch | 55 -----
.../bugfix/all/sctp-Export-sctp_do_peeloff.patch | 16 +-
...-aty-do-not-leak-uninitialized-padding-in.patch | 31 ---
...realtime_inode-should-be-false-if-no-rt-d.patch | 68 -----
...don-t-allow-l2-to-access-the-hardware-cr8.patch | 35 ---
.../ip6_fib-avoid-abi-change-in-3.2.95.patch | 23 ++
.../debian/libsas-avoid-abi-change-in-3.2.95.patch | 23 ++
.../debian/perf-avoid-abi-change-in-3.2.95.patch | 33 +++
.../debian/sched-avoid-abi-change-in-3.2.94.patch | 33 +++
debian/patches/features/all/drm/drm-3.4.patch | 111 ++++-----
...0-mm-page_alloc-rt-friendly-per-cpu-pages.patch | 33 ++-
.../all/rt/0141-sched-delay-put-task.patch.patch | 12 +-
.../all/rt/0217-fs-block-rt-support.patch.patch | 11 +-
debian/patches/series | 10 +-
18 files changed, 424 insertions(+), 596 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index c2ebc88..8db8b21 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,219 @@
+linux (3.2.96-1) UNRELEASED; urgency=medium
+
+ * New upstream stable update:
+ https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.94
+ - sched/fair, cpumask: Export for_each_cpu_wrap()
+ - sched/topology: Fix building of overlapping sched-groups
+ - mwifiex: fixup error cases in mwifiex_add_virtual_intf()
+ - mceusb: fix memory leaks in error path
+ - perf/core: Correct event creation with PERF_FORMAT_GROUP
+ - usb: usbip: set buffer pointers to NULL after free
+ - usb: Fix typo in the definition of Endpoint[out]Request
+ - PCI: Correct PCI_STD_RESOURCE_END usage
+ - md: don't use flush_signals in userspace processes
+ - udf: Fix races with i_size changes during readpage
+ - udf: Fix deadlock between writeback and udf_setsize()
+ - xhci: Limit USB2 port wake support for AMD Promontory hosts
+ - af_iucv: Move sockaddr length checks to before accessing sa_family in
+ bind and connect handlers
+ - scsi: bnx2i: missing error code in bnx2i_ep_connect()
+ - [x86] PCI: Mark Haswell Power Control Unit as having non-compliant BARs
+ - PCI: Work around poweroff & suspend-to-RAM issue on Macbook Pro 11
+ - PM / Domains: Fix unsafe iteration over modified list of device links
+ - Add USB quirk for HVR-950q to avoid intermittent device resets
+ - btrfs: Don't clear SGID when inheriting ACLs
+ - PCI/PM: Restore the status of PCI devices across hibernation
+ - scsi: ses: do not add a device to an enclosure if enclosure_add_links()
+ fails.
+ - ipv6: always add flag an address that failed DAD with DADFAILED
+ - ipv6: dad: don't remove dynamic addresses if link is down
+ - IB/core: Create common start/end port functions
+ - IB/core: Add inline function to validate port
+ - RDMA/uverbs: Check port number supplied by user verbs cmds
+ - tpm: fix a kernel memory leak in tpm-sysfs.c
+ - cfg80211: Check if PMKID attribute is of expected size
+ - cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
+ - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
+ - fs/dcache.c: fix spin lockup issue on nlru->lock
+ - Input: i8042 - fix crash at boot time
+ - ubifs: Correctly evict xattr inodes
+ - ubifs: Don't leak kernel memory to the MTD
+ - mm: fix overflow check in expand_upwards()
+ - vt: fix unchecked __put_user() in tioclinux ioctls
+ - ext2: Don't clear SGID when inheriting ACLs
+ - ext2: preserve i_mode if ext2_set_acl() fails
+ - ext3: Don't clear SGID when inheriting ACLs
+ - ext3: preserve i_mode if ext2_set_acl() fails
+ - reiserfs: Don't clear SGID when inheriting ACLs
+ - reiserfs: preserve i_mode if __reiserfs_set_acl() fails
+ - ext4: preserve i_mode if __ext4_set_acl() fails
+ - ext4: Don't clear SGID when inheriting ACLs
+ - btrfs: preserve i_mode if __btrfs_set_acl() fails
+ - saa7164: fix endian conversion in saa7164_bus_set()
+ - saa7164: fix double fetch PCIe access condition (CVE-2017-8831)
+ - l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
+ - netfilter: nf_conntrack: fix RCU race in nf_conntrack_find_get
+ - [x86] perf: Check if user fp is valid
+ - net sched filters: fix notification of filter delete with proper handle
+ - sched: add macros to define bitops for task atomic flags
+ - cpuset: PF_SPREAD_PAGE and PF_SPREAD_SLAB should be atomic flags
+ https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.95
+ - fuse: initialize the flock flag in fuse_file on allocation
+ - usb: storage: return on error to avoid a null pointer dereference
+ - libata: array underflow in ata_find_dev()
+ - mount: copy the port field into the cloned nfs_server structure.
+ - [x86] acpi: Prevent out of bound access caused by broken ACPI tables
+ - cxgb4: Fix error codes in c4iw_create_cq()
+ - IB/cxgb3: Fix error codes in iwch_alloc_mr()
+ - RDMA/uverbs: Fix the check for port number
+ - RDMA/core: Initialize port_num in qp_attr
+ - ipv4: initialize fib_trie prior to register_netdev_notifier call.
+ - perf/core: Invert perf_read_group() loops
+ - perf/core: Fix locking for children siblings group read
+ - IB/ipoib: Prevent setting negative values to max_nonsrq_conn_qp
+ - IB/ipoib: Remove double pointer assigning
+ - sctp: don't dereference ptr before leaving _sctp_walk_{params, errors}()
+ - sctp: fix the check for _sctp_walk_params and _sctp_walk_errors
+ - USB: hcd: Mark secondary HCD as dead if the primary one died
+ - net/mlx4_en: Fix wrong indication of Wake-on-LAN (WoL) support
+ - ocfs2: don't clear SGID when inheriting ACLs
+ - RDMA/uverbs: Prevent leak of reserved field
+ - IB/uverbs: Fix device cleanup
+ - xfs: fix inobt inode allocation search optimization
+ - af_key: do not use GFP_KERNEL in atomic contexts
+ - audit: Fix use after free in audit_remove_watch_rule()
+ - ALSA: usb-audio: Add mute TLV for playback volumes on C-Media devices
+ - mm/mempolicy: fix use after free when calling get_mempolicy
+ - ALSA: core: Fix unexpected error at replacing user TLV
+ - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()
+ - ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)
+ - cifs: return ENAMETOOLONG for overlong names in cifs_open()/cifs_lookup()
+ - qlge: avoid memcpy buffer overflow
+ - perf: Tighten (and fix) the grouping condition
+ - perf/core: Fix group {cpu,task} validation
+ - PM/hibernate: touch NMI watchdog when creating snapshot
+ - ipv6: Add rt6_get_cookie() function
+ - ipv6: add rcu grace period before freeing fib6_node
+ - ipv6: Fix may be used uninitialized warning in rt6_check
+ - r8169: Do not increment tx_dropped in TX ring cleaning
+ - xfrm_user: fix info leak in xfrm_notify_sa()
+ - xfrm_user: fix info leak in build_aevent()
+ - dm: convert DM printk macros to pr_<level> macros
+ - dm: fix printk() rate limiting code
+ - l2tp: initialise session's refcount before making it reachable
+ - l2tp: define parameters of l2tp_session_get*() as "const"
+ - l2tp: hold tunnel while looking up sessions in l2tp_netlink
+ - l2tp: hold tunnel while processing genl delete command
+ - l2tp: hold tunnel while handling genl tunnel updates
+ - l2tp: hold tunnel while handling genl TUNNEL_GET commands
+ - l2tp: remove useless duplicate session detection in l2tp_netlink
+ - l2tp: hold tunnel used while creating sessions with netlink
+ - ipv6: fix sparse warning on rt6i_node
+ - cpumask: fix spurious cpumask_of_node() on non-NUMA multi-node configs
+ - CIFS: remove endian related sparse warning
+ - net_sched: fix error recovery at qdisc creation
+ - sch_htb: fix crash on init failure
+ - sch_multiq: fix double free on init failure
+ - sch_hfsc: fix null pointer deref and double free on init failure
+ - sch_cbq: fix null pointer dereferences on init failure
+ - sch_netem: avoid null pointer deref on init failure
+ - sch_tbf: fix two null pointer dereferences on init failure
+ - wl1251: add a missing spin_lock_init()
+ - epoll: fix race between ep_poll_callback(POLLFREE) and
+ ep_free()/ep_remove()
+ - cifs: check MaxPathNameComponentLength != 0 before using it
+ - fix unbalanced page refcounting in bio_map_user_iov (CVE-2017-12190)
+ - mac80211: accept key reinstall without changing anything (CVE-2017-13080)
+ - ALSA: seq: Fix use-after-free at creating a port (CVE-2017-15265)
+ - KEYS: don't let add_key() update an uninstantiated key (CVE-2017-15299)
+ - packet: race condition in packet_bind
+ - packet: hold bind lock when rebinding to fanout hook (CVE-2017-15649)
+ - packet: in packet_do_bind, test fanout with bind_lock held
+ (CVE-2017-15649)
+ - ALSA: usb-audio: Kill stray URB at exiting (CVE-2017-16527)
+ - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
+ (CVE-2017-16529)
+ - USB: fix out-of-bounds in usb_set_configuration (CVE-2017-16531)
+ - usb: usbtest: fix NULL pointer dereference (CVE-2017-16532)
+ - HID: usbhid: fix out-of-bounds bug (CVE-2017-16533)
+ - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
+ (CVE-2017-16535)
+ - ALSA: seq: Enable 'use' locking in all configurations
+ - [x86] drivers/block/DAC960: fix DAC960_V2_IOCTL_Opcode_T -Wenum-compare
+ warning
+ - [x86] drivers/block/DAC960: fix -Wuninitialized warning
+ - [x86] vmw_balloon: fix for a -Wuninitialized warning
+ - [x86] platform: samsung-laptop: Initialize loca variable
+ - aic94xx: Skip reading user settings if flash is not found
+ - [x86] staging: reduce stack usage in prism2fw.c
+ - mct_u232: Fix use of uninitialized pointer in mct_u323_startup()
+ - rc: Fix input deadlock and transmit error in redrat3 driver
+ - libsas: prevent double completion of scmds from eh
+ - [x86] net: am2150: fix nmclan_cs.c shared interrupt handling
+ - [x86] am2150: Update nmclan_cs.c to use update PCMCIA API
+ - Staging: wlan-ng: fix sparse warning in prism2fw.c
+ https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.96
+ - IB/core: Fix the validations of a multicast LID in attach or detach
+ operations
+ - fcntl: Don't use ambiguous SIG_POLL si_codes
+ - PCI: shpchp: Enable bridge bus mastering if MSI is enabled
+ - dlm: avoid double-free on error path in dlm_device_{register,unregister}
+ - [amd64] fsgsbase: Report FSBASE and GSBASE correctly in core dumps
+ - [x86] cs5536: add support for IDE controller variant
+ - block: Relax a check in blk_start_queue()
+ - media: uvcvideo: Prevent heap overflow when accessing mapped controls
+ - [x86] media: lirc_zilog: driver only sends LIRCCODE
+ - media: em28xx: calculate left volume level correctly
+ - USB: core: Avoid race of async_completed() w/ usbdev_release()
+ - usb: quirks: add delay init quirk for Corsair Strafe RGB keyboard
+ - usb: Add device quirk for Logitech HD Pro Webcam C920-C
+ - IB/{qib, hfi1}: Avoid flow control testing for RDMA write operation
+ - net/mlx4_core: Make explicit conversion to 64bit value
+ - scsi: aacraid: Fix command send race condition
+ - qla2xxx: Corrections to returned sysfs error codes.
+ - qla2xxx: Add mutex around optrom calls to serialize accesses.
+ - scsi: qla2xxx: Fix an integer overflow in sysfs code (CVE-2017-14051)
+ - driver core: bus: Fix a potential double free
+ - ftrace: Fix selftest goto location on error
+ - xfs: fix incorrect log_flushed on fsync
+ - l2tp: prevent creation of sessions on terminated tunnels
+ - l2tp: pass tunnel pointer to ->session_create()
+ - genirq: Make sparse_irq_lock protect what it should protect
+ - ipv6: fix memory leak with multiple tables during netns destruction
+ - ipv6: fix typo in fib6_net_exit()
+ - Input: xpad - add a few new VID/PID combinations
+ - Input: xpad - add support for Xbox One controllers
+ - Input: xpad - don't depend on endpoint order
+ - Input: xpad - validate USB endpoint type during probe
+ - smsc95xx: Configure pause time to 0xffff when tx flow control enabled
+ - [x86] KVM: SVM: Add a missing 'break' statement
+ - [x86] KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page
+ Ready" exceptions simultaneously
+ - [x86] Input: i8042 - add Gigabyte P57 to the keyboard reset table
+ - ext4: validate s_first_meta_bg at mount time (CVE-2016-10208)
+ - ext4: fix fencepost in s_first_meta_bg validation
+ - sctp: do not peel off an assoc from one netns to another one
+ (CVE-2017-15115)
+ - USB: serial: console: fix use-after-free after failed setup
+ (CVE-2017-16525)
+ - cx231xx-cards: fix NULL-deref on missing association descriptor
+ (CVE-2017-16536)
+ - media: imon: Fix null-ptr-deref in imon_probe (CVE-2017-16537)
+ - Input: gtco - fix potential out-of-bound access (CVE-2017-16643)
+ - net: cdc_ether: fix divide by 0 on bad descriptors (CVE-2017-16649)
+ - mac80211: don't compare TKIP TX MIC key in reinstall prevention
+ (CVE-2017-13080)
+ - mac80211: Fix null dereference in ieee80211_key_link()
+
+ [ Ben Hutchings ]
+ * sched: Avoid ABI change in 3.2.94
+ * ip6_fib: Avoid ABI change in 3.2.95
+ * libsas: Avoid ABI change in 3.2.95
+ * perf: Avoid ABI change in 3.2.95
+ * mlx4*: Ignore ABI change
+
+ -- Ben Hutchings <ben at decadent.org.uk> Sun, 26 Nov 2017 20:43:54 +0000
+
linux (3.2.93-1) wheezy-security; urgency=high
* New upstream stable update:
diff --git a/debian/config/defines b/debian/config/defines
index e206566..0f667ec 100644
--- a/debian/config/defines
+++ b/debian/config/defines
@@ -79,6 +79,7 @@ ignore-changes:
module:sound/pci/emu10k1/*
module:drivers/md/dm-snapshot
module:sound/core/snd-rawmidi
+ module:drivers/net/ethernet/mellanox/mlx4/*
# Apparently not used from OOT
skb_copy_and_csum_datagram_iovec
module:net/dccp/dccp
diff --git a/debian/patches/bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch b/debian/patches/bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch
deleted file mode 100644
index 5c025d6..0000000
--- a/debian/patches/bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch
+++ /dev/null
@@ -1,273 +0,0 @@
-From: Ben Seri <ben at armis.com>
-Date: Sat, 9 Sep 2017 23:15:59 +0200
-Subject: Bluetooth: Properly check L2CAP config option output buffer length
-Origin: https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-1000251
-
-Validate the output buffer length for L2CAP config requests and responses
-to avoid overflowing the stack buffer used for building the option blocks.
-
-Cc: stable at vger.kernel.org
-Signed-off-by: Ben Seri <ben at armis.com>
-Signed-off-by: Marcel Holtmann <marcel at holtmann.org>
-Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
-[bwh: Backported to 3.2:
- - Drop changes to handling of L2CAP_CONF_EFS, L2CAP_CONF_EWS
- - Drop changes to l2cap_do_create(), l2cap_security_cfm(), and L2CAP_CONF_PENDING
- case in l2cap_config_rsp()
- - In l2cap_config_rsp(), s/buf/req/
- - Adjust context]
----
---- a/net/bluetooth/l2cap_core.c
-+++ b/net/bluetooth/l2cap_core.c
-@@ -68,7 +68,7 @@ static struct sk_buff *l2cap_build_cmd(s
- u8 code, u8 ident, u16 dlen, void *data);
- static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
- void *data);
--static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
-+static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data, size_t data_size);
- static void l2cap_send_disconn_req(struct l2cap_conn *conn,
- struct l2cap_chan *chan, int err);
-
-@@ -787,7 +787,7 @@ static void l2cap_conn_start(struct l2ca
-
- set_bit(CONF_REQ_SENT, &chan->conf_state);
- l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
-- l2cap_build_conf_req(chan, buf), buf);
-+ l2cap_build_conf_req(chan, buf, sizeof(buf)), buf);
- chan->num_conf_req++;
- }
-
-@@ -1825,12 +1825,15 @@ static inline int l2cap_get_conf_opt(voi
- return len;
- }
-
--static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
-+static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val, size_t size)
- {
- struct l2cap_conf_opt *opt = *ptr;
-
- BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
-
-+ if (size < L2CAP_CONF_OPT_SIZE + len)
-+ return;
-+
- opt->type = type;
- opt->len = len;
-
-@@ -1901,11 +1904,12 @@ static inline __u8 l2cap_select_mode(__u
- }
- }
-
--static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
-+static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data, size_t data_size)
- {
- struct l2cap_conf_req *req = data;
- struct l2cap_conf_rfc rfc = { .mode = chan->mode };
- void *ptr = req->data;
-+ void *endptr = data + data_size;
-
- BT_DBG("chan %p", chan);
-
-@@ -1926,7 +1930,7 @@ static int l2cap_build_conf_req(struct l
-
- done:
- if (chan->imtu != L2CAP_DEFAULT_MTU)
-- l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
-+ l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu, endptr - ptr);
-
- switch (chan->mode) {
- case L2CAP_MODE_BASIC:
-@@ -1942,7 +1946,7 @@ done:
- rfc.max_pdu_size = 0;
-
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
-- (unsigned long) &rfc);
-+ (unsigned long) &rfc, endptr - ptr);
- break;
-
- case L2CAP_MODE_ERTM:
-@@ -1956,7 +1960,7 @@ done:
- rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
-
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
-- (unsigned long) &rfc);
-+ (unsigned long) &rfc, endptr - ptr);
-
- if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
- break;
-@@ -1964,7 +1968,8 @@ done:
- if (chan->fcs == L2CAP_FCS_NONE ||
- test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
- chan->fcs = L2CAP_FCS_NONE;
-- l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
-+ l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs,
-+ endptr - ptr);
- }
- break;
-
-@@ -1979,7 +1984,7 @@ done:
- rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
-
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
-- (unsigned long) &rfc);
-+ (unsigned long) &rfc, endptr - ptr);
-
- if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
- break;
-@@ -1987,7 +1992,8 @@ done:
- if (chan->fcs == L2CAP_FCS_NONE ||
- test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
- chan->fcs = L2CAP_FCS_NONE;
-- l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
-+ l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs,
-+ endptr - ptr);
- }
- break;
- }
-@@ -1998,10 +2004,11 @@ done:
- return ptr - data;
- }
-
--static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
-+static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data, size_t data_size)
- {
- struct l2cap_conf_rsp *rsp = data;
- void *ptr = rsp->data;
-+ void *endptr = data + data_size;
- void *req = chan->conf_req;
- int len = chan->conf_len;
- int type, hint, olen;
-@@ -2077,8 +2084,8 @@ done:
- if (chan->num_conf_rsp == 1)
- return -ECONNREFUSED;
-
-- l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
-- sizeof(rfc), (unsigned long) &rfc);
-+ l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
-+ (unsigned long) &rfc, endptr - ptr);
- }
-
-
-@@ -2092,7 +2099,7 @@ done:
- chan->omtu = mtu;
- set_bit(CONF_MTU_DONE, &chan->conf_state);
- }
-- l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
-+ l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu, endptr - ptr);
-
- switch (rfc.mode) {
- case L2CAP_MODE_BASIC:
-@@ -2117,7 +2124,7 @@ done:
- set_bit(CONF_MODE_DONE, &chan->conf_state);
-
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
-- sizeof(rfc), (unsigned long) &rfc);
-+ sizeof(rfc), (unsigned long) &rfc, endptr - ptr);
-
- break;
-
-@@ -2129,8 +2136,8 @@ done:
-
- set_bit(CONF_MODE_DONE, &chan->conf_state);
-
-- l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
-- sizeof(rfc), (unsigned long) &rfc);
-+ l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
-+ (unsigned long) &rfc, endptr - ptr);
-
- break;
-
-@@ -2151,10 +2158,12 @@ done:
- return ptr - data;
- }
-
--static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
-+static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
-+ void *data, size_t size, u16 *result)
- {
- struct l2cap_conf_req *req = data;
- void *ptr = req->data;
-+ void *endptr = data + size;
- int type, olen;
- unsigned long val;
- struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
-@@ -2171,13 +2180,13 @@ static int l2cap_parse_conf_rsp(struct l
- chan->imtu = L2CAP_DEFAULT_MIN_MTU;
- } else
- chan->imtu = val;
-- l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
-+ l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu, endptr - ptr);
- break;
-
- case L2CAP_CONF_FLUSH_TO:
- chan->flush_to = val;
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
-- 2, chan->flush_to);
-+ 2, chan->flush_to, endptr - ptr);
- break;
-
- case L2CAP_CONF_RFC:
-@@ -2191,7 +2200,7 @@ static int l2cap_parse_conf_rsp(struct l
- chan->fcs = 0;
-
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
-- sizeof(rfc), (unsigned long) &rfc);
-+ sizeof(rfc), (unsigned long) &rfc, endptr - ptr);
- break;
- }
- }
-@@ -2250,7 +2259,7 @@ void __l2cap_connect_rsp_defer(struct l2
- return;
-
- l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
-- l2cap_build_conf_req(chan, buf), buf);
-+ l2cap_build_conf_req(chan, buf, sizeof(buf)), buf);
- chan->num_conf_req++;
- }
-
-@@ -2459,7 +2468,7 @@ sendresp:
- u8 buf[128];
- set_bit(CONF_REQ_SENT, &chan->conf_state);
- l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
-- l2cap_build_conf_req(chan, buf), buf);
-+ l2cap_build_conf_req(chan, buf, sizeof(buf)), buf);
- chan->num_conf_req++;
- }
-
-@@ -2509,7 +2518,7 @@ static int l2cap_connect_rsp(struct l2ca
- break;
-
- l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
-- l2cap_build_conf_req(chan, req), req);
-+ l2cap_build_conf_req(chan, req, sizeof(req)), req);
- chan->num_conf_req++;
- break;
-
-@@ -2602,7 +2611,7 @@ static inline int l2cap_config_req(struc
- }
-
- /* Complete config. */
-- len = l2cap_parse_conf_req(chan, rsp);
-+ len = l2cap_parse_conf_req(chan, rsp, sizeof(rsp));
- if (len < 0) {
- l2cap_send_disconn_req(conn, chan, ECONNRESET);
- goto unlock;
-@@ -2635,7 +2644,7 @@ static inline int l2cap_config_req(struc
- if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
- u8 buf[64];
- l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
-- l2cap_build_conf_req(chan, buf), buf);
-+ l2cap_build_conf_req(chan, buf, sizeof(buf)), buf);
- chan->num_conf_req++;
- }
-
-@@ -2687,7 +2696,7 @@ static inline int l2cap_config_rsp(struc
- /* throw out any old stored conf requests */
- result = L2CAP_CONF_SUCCESS;
- len = l2cap_parse_conf_rsp(chan, rsp->data, len,
-- req, &result);
-+ req, sizeof(req), &result);
- if (len < 0) {
- l2cap_send_disconn_req(conn, chan, ECONNRESET);
- goto done;
diff --git a/debian/patches/bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch b/debian/patches/bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch
deleted file mode 100644
index a7d1550..0000000
--- a/debian/patches/bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From: Vladis Dronov <vdronov at redhat.com>
-Date: Tue, 12 Sep 2017 22:21:21 +0000
-Subject: nl80211: check for the required netlink attributes presence
-Origin: https://marc.info/?l=linux-wireless&m=150525493517953&w=2
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-12153
-
-nl80211_set_rekey_data() does not check if the required attributes
-NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing
-NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by
-users with CAP_NET_ADMIN privilege and may result in NULL dereference
-and a system crash. Add a check for the required attributes presence.
-This patch is based on the patch by bo Zhang.
-
-This fixes CVE-2017-12153.
-
-References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046
-Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload")
-Cc: <stable at vger.kernel.org> # v3.1-rc1
-Reported-by: bo Zhang <zhangbo5891001 at gmail.com>
-Signed-off-by: Vladis Dronov <vdronov at redhat.com>
----
- net/wireless/nl80211.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/net/wireless/nl80211.c
-+++ b/net/wireless/nl80211.c
-@@ -5820,6 +5820,9 @@ static int nl80211_set_rekey_data(struct
- if (err)
- return err;
-
-+ if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
-+ !tb[NL80211_REKEY_DATA_KCK])
-+ return -EINVAL;
- if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
- return -ERANGE;
- if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
diff --git a/debian/patches/bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch b/debian/patches/bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch
deleted file mode 100644
index 4af57cd..0000000
--- a/debian/patches/bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From: Xin Long <lucien.xin at gmail.com>
-Date: Sun, 27 Aug 2017 20:25:26 +0800
-Subject: scsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
-Origin: https://patchwork.kernel.org/patch/9923803/
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14489
-
-ChunYu found a kernel crash by syzkaller:
-
-[ 651.617875] kasan: CONFIG_KASAN_INLINE enabled
-[ 651.618217] kasan: GPF could be caused by NULL-ptr deref or user memory access
-[ 651.618731] general protection fault: 0000 [#1] SMP KASAN
-[ 651.621543] CPU: 1 PID: 9539 Comm: scsi Not tainted 4.11.0.cov #32
-[ 651.621938] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
-[ 651.622309] task: ffff880117780000 task.stack: ffff8800a3188000
-[ 651.622762] RIP: 0010:skb_release_data+0x26c/0x590
-[...]
-[ 651.627260] Call Trace:
-[ 651.629156] skb_release_all+0x4f/0x60
-[ 651.629450] consume_skb+0x1a5/0x600
-[ 651.630705] netlink_unicast+0x505/0x720
-[ 651.632345] netlink_sendmsg+0xab2/0xe70
-[ 651.633704] sock_sendmsg+0xcf/0x110
-[ 651.633942] ___sys_sendmsg+0x833/0x980
-[ 651.637117] __sys_sendmsg+0xf3/0x240
-[ 651.638820] SyS_sendmsg+0x32/0x50
-[ 651.639048] entry_SYSCALL_64_fastpath+0x1f/0xc2
-
-It's caused by skb_shared_info at the end of sk_buff was overwritten by
-ISCSI_KEVENT_IF_ERROR when parsing nlmsg info from skb in iscsi_if_rx.
-
-During the loop if skb->len == nlh->nlmsg_len and both are sizeof(*nlh),
-ev = nlmsg_data(nlh) will acutally get skb_shinfo(SKB) instead and set a
-new value to skb_shinfo(SKB)->nr_frags by ev->type.
-
-This patch is to fix it by checking nlh->nlmsg_len properly there to
-avoid over accessing sk_buff.
-
-Reported-by: ChunYu Wang <chunwang at redhat.com>
-Signed-off-by: Xin Long <lucien.xin at gmail.com>
-Acked-by: Chris Leech <cleech at redhat.com>
----
- drivers/scsi/scsi_transport_iscsi.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/scsi/scsi_transport_iscsi.c
-+++ b/drivers/scsi/scsi_transport_iscsi.c
-@@ -2079,7 +2079,7 @@ iscsi_if_rx(struct sk_buff *skb)
- uint32_t group;
-
- nlh = nlmsg_hdr(skb);
-- if (nlh->nlmsg_len < sizeof(*nlh) ||
-+ if (nlh->nlmsg_len < sizeof(*nlh) + sizeof(*ev) ||
- skb->len < nlh->nlmsg_len) {
- break;
- }
diff --git a/debian/patches/bugfix/all/sctp-Export-sctp_do_peeloff.patch b/debian/patches/bugfix/all/sctp-Export-sctp_do_peeloff.patch
index 16ee555..cf4b974 100644
--- a/debian/patches/bugfix/all/sctp-Export-sctp_do_peeloff.patch
+++ b/debian/patches/bugfix/all/sctp-Export-sctp_do_peeloff.patch
@@ -10,8 +10,9 @@ the sctp code with minimal knowledge of the former.
Signed-off-by: Benjamin Poirier <bpoirier at suse.de>
Acked-by: Vlad Yasevich <vladislav.yasevich at hp.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
-[bwh: Adjust context to apply after backport of dfcb9f4f99f1
- ("sctp: deny peeloff operation on asocs with threads sleeping on it")]
+[bwh: Adjust context to apply after backports of dfcb9f4f99f1
+ ("sctp: deny peeloff operation on asocs with threads sleeping on it") and
+ df80cd9b28b9 ("sctp: do not peel off an assoc from one netns to another one")]
---
include/net/sctp/sctp.h | 1 +
net/sctp/socket.c | 24 +++++++++---------------
@@ -29,7 +30,7 @@ Signed-off-by: David S. Miller <davem at davemloft.net>
#define sctp_skb_for_each(pos, head, tmp) \
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
-@@ -4234,14 +4234,16 @@ static int sctp_getsockopt_autoclose(str
+@@ -4235,10 +4235,9 @@ static int sctp_getsockopt_autoclose(str
}
/* Helper routine to branch off an association to a new socket. */
@@ -42,6 +43,9 @@ Signed-off-by: David S. Miller <davem at davemloft.net>
struct socket *sock;
struct sctp_af *af;
int err = 0;
+@@ -4247,6 +4246,9 @@ SCTP_STATIC int sctp_do_peeloff(struct s
+ if (!net_eq(current->nsproxy->net_ns, sock_net(sk)))
+ return -EINVAL;
+ if (!asoc)
+ return -EINVAL;
@@ -49,7 +53,7 @@ Signed-off-by: David S. Miller <davem at davemloft.net>
/* If there is a thread waiting on more sndbuf space for
* sending on this asoc, it cannot be peeled.
*/
-@@ -4276,13 +4278,13 @@ SCTP_STATIC int sctp_do_peeloff(struct s
+@@ -4281,13 +4283,13 @@ SCTP_STATIC int sctp_do_peeloff(struct s
return err;
}
@@ -64,7 +68,7 @@ Signed-off-by: David S. Miller <davem at davemloft.net>
if (len < sizeof(sctp_peeloff_arg_t))
return -EINVAL;
-@@ -4290,15 +4292,7 @@ static int sctp_getsockopt_peeloff(struc
+@@ -4295,15 +4297,7 @@ static int sctp_getsockopt_peeloff(struc
if (copy_from_user(&peeloff, optval, len))
return -EFAULT;
@@ -81,7 +85,7 @@ Signed-off-by: David S. Miller <davem at davemloft.net>
if (retval < 0)
goto out;
-@@ -4309,8 +4303,8 @@ static int sctp_getsockopt_peeloff(struc
+@@ -4314,8 +4308,8 @@ static int sctp_getsockopt_peeloff(struc
goto out;
}
diff --git a/debian/patches/bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch b/debian/patches/bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch
deleted file mode 100644
index 27f6dc4..0000000
--- a/debian/patches/bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Vladis Dronov <vdronov at redhat.com>
-Date: Mon, 4 Sep 2017 16:00:50 +0200
-Subject: video: fbdev: aty: do not leak uninitialized padding in clk to
- userspace
-Origin: https://git.kernel.org/linus/8e75f7a7a00461ef6d91797a60b606367f6e344d
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14156
-
-'clk' is copied to a userland with padding byte(s) after 'vclk_post_div'
-field unitialized, leaking data from the stack. Fix this ensuring all of
-'clk' is initialized to zero.
-
-References: https://github.com/torvalds/linux/pull/441
-Reported-by: sohu0106 <sohu0106 at 126.com>
-Signed-off-by: Vladis Dronov <vdronov at redhat.com>
-Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie at samsung.com>
-[bwh: Backported to 3.2: adjust filename]
----
- drivers/video/aty/atyfb_base.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/video/aty/atyfb_base.c
-+++ b/drivers/video/aty/atyfb_base.c
-@@ -1852,7 +1852,7 @@ static int atyfb_ioctl(struct fb_info *i
- #if defined(DEBUG) && defined(CONFIG_FB_ATY_CT)
- case ATYIO_CLKR:
- if (M64_HAS(INTEGRATED)) {
-- struct atyclk clk;
-+ struct atyclk clk = { 0 };
- union aty_pll *pll = &par->pll;
- u32 dsp_config = pll->ct.dsp_config;
- u32 dsp_on_off = pll->ct.dsp_on_off;
diff --git a/debian/patches/bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch b/debian/patches/bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch
deleted file mode 100644
index 4c35b1c..0000000
--- a/debian/patches/bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From: Richard Wareing <rwareing at fb.com>
-Date: Wed, 13 Sep 2017 09:09:35 +1000
-Subject: xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present
-Origin: https://git.kernel.org/linus/b31ff3cdf540110da4572e3e29bd172087af65cc
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14340
-
-If using a kernel with CONFIG_XFS_RT=y and we set the RHINHERIT flag on
-a directory in a filesystem that does not have a realtime device and
-create a new file in that directory, it gets marked as a real time file.
-When data is written and a fsync is issued, the filesystem attempts to
-flush a non-existent rt device during the fsync process.
-
-This results in a crash dereferencing a null buftarg pointer in
-xfs_blkdev_issue_flush():
-
- BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
- IP: xfs_blkdev_issue_flush+0xd/0x20
- .....
- Call Trace:
- xfs_file_fsync+0x188/0x1c0
- vfs_fsync_range+0x3b/0xa0
- do_fsync+0x3d/0x70
- SyS_fsync+0x10/0x20
- do_syscall_64+0x4d/0xb0
- entry_SYSCALL64_slow_path+0x25/0x25
-
-Setting RT inode flags does not require special privileges so any
-unprivileged user can cause this oops to occur. To reproduce, confirm
-kernel is compiled with CONFIG_XFS_RT=y and run:
-
- # mkfs.xfs -f /dev/pmem0
- # mount /dev/pmem0 /mnt/test
- # mkdir /mnt/test/foo
- # xfs_io -c 'chattr +t' /mnt/test/foo
- # xfs_io -f -c 'pwrite 0 5m' -c fsync /mnt/test/foo/bar
-
-Or just run xfstests with MKFS_OPTIONS="-d rtinherit=1" and wait.
-
-Kernels built with CONFIG_XFS_RT=n are not exposed to this bug.
-
-Fixes: f538d4da8d52 ("[XFS] write barrier support")
-Cc: <stable at vger.kernel.org>
-Signed-off-by: Richard Wareing <rwareing at fb.com>
-Signed-off-by: Dave Chinner <david at fromorbit.com>
-Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
-[bwh: Backported to 3.2: adjust filename]
----
- fs/xfs/xfs_dinode.h | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
---- a/fs/xfs/xfs_dinode.h
-+++ b/fs/xfs/xfs_dinode.h
-@@ -201,7 +201,14 @@ static inline void xfs_dinode_put_rdev(s
- #define XFS_DIFLAG_FILESTREAM (1 << XFS_DIFLAG_FILESTREAM_BIT)
-
- #ifdef CONFIG_XFS_RT
--#define XFS_IS_REALTIME_INODE(ip) ((ip)->i_d.di_flags & XFS_DIFLAG_REALTIME)
-+
-+/*
-+ * make sure we ignore the inode flag if the filesystem doesn't have a
-+ * configured realtime device.
-+ */
-+#define XFS_IS_REALTIME_INODE(ip) \
-+ (((ip)->i_d.di_flags & XFS_DIFLAG_REALTIME) && \
-+ (ip)->i_mount->m_rtdev_targp)
- #else
- #define XFS_IS_REALTIME_INODE(ip) (0)
- #endif
diff --git a/debian/patches/bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch b/debian/patches/bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch
deleted file mode 100644
index cc431f6..0000000
--- a/debian/patches/bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From: Jim Mattson <jmattson at google.com>
-Date: Tue, 12 Sep 2017 13:02:54 -0700
-Subject: kvm: nVMX: Don't allow L2 to access the hardware CR8
-Origin: https://git.kernel.org/linus/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-12154
-
-If L1 does not specify the "use TPR shadow" VM-execution control in
-vmcs12, then L0 must specify the "CR8-load exiting" and "CR8-store
-exiting" VM-execution controls in vmcs02. Failure to do so will give
-the L2 VM unrestricted read/write access to the hardware CR8.
-
-This fixes CVE-2017-12154.
-
-Signed-off-by: Jim Mattson <jmattson at google.com>
-Reviewed-by: David Hildenbrand <david at redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
-[bwh: Backported to 3.2: adjust context]
----
---- a/arch/x86/kvm/vmx.c
-+++ b/arch/x86/kvm/vmx.c
-@@ -6675,6 +6675,14 @@ static void prepare_vmcs02(struct kvm_vc
- exec_control &= ~CPU_BASED_VIRTUAL_NMI_PENDING;
- exec_control &= ~CPU_BASED_TPR_SHADOW;
- exec_control |= vmcs12->cpu_based_vm_exec_control;
-+
-+ if (!(exec_control & CPU_BASED_TPR_SHADOW)) {
-+#ifdef CONFIG_X86_64
-+ exec_control |= CPU_BASED_CR8_LOAD_EXITING |
-+ CPU_BASED_CR8_STORE_EXITING;
-+#endif
-+ }
-+
- /*
- * Merging of IO and MSR bitmaps not currently supported.
- * Rather, exit every time.
diff --git a/debian/patches/debian/ip6_fib-avoid-abi-change-in-3.2.95.patch b/debian/patches/debian/ip6_fib-avoid-abi-change-in-3.2.95.patch
new file mode 100644
index 0000000..baa3fd2
--- /dev/null
+++ b/debian/patches/debian/ip6_fib-avoid-abi-change-in-3.2.95.patch
@@ -0,0 +1,23 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sun, 26 Nov 2017 21:43:27 +0000
+Subject: ip6_fib: Avoid ABI change in 3.2.95
+Forwarded: not-needed
+
+Commit c5cff8561d2d "ipv6: add rcu grace period before freeing
+fib6_node" added an rcu_head field to the end of struct fib6_node.
+As this structure is always allocated and freed inside of the ipv6
+module (or built-in code), we can safely hide it from genksyms.
+
+---
+--- a/include/net/ip6_fib.h
++++ b/include/net/ip6_fib.h
+@@ -63,7 +63,9 @@ struct fib6_node {
+ __u16 fn_flags;
+ __u32 fn_sernum;
+ struct rt6_info *rr_ptr;
++#ifndef __GENKSYMS__
+ struct rcu_head rcu;
++#endif
+ };
+
+ #ifndef CONFIG_IPV6_SUBTREES
diff --git a/debian/patches/debian/libsas-avoid-abi-change-in-3.2.95.patch b/debian/patches/debian/libsas-avoid-abi-change-in-3.2.95.patch
new file mode 100644
index 0000000..4d867e6
--- /dev/null
+++ b/debian/patches/debian/libsas-avoid-abi-change-in-3.2.95.patch
@@ -0,0 +1,23 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sun, 26 Nov 2017 21:44:30 +0000
+Subject: libsas: Avoid ABI change in 3.2.95
+Forwarded: not-needed
+
+Commit a3a142524aa4 "libsas: prevent double completion of scmds from eh"
+added a new enumerator to enum exec_status. This isn't a real ABI change
+because its value was already being stored in enum exec_status. Hide it
+from genksyms.
+
+---
+--- a/include/scsi/libsas.h
++++ b/include/scsi/libsas.h
+@@ -452,7 +452,9 @@ enum exec_status {
+ /* The SAM_STAT_.. codes fit in the lower 6 bits, alias some of
+ * them here to silence 'case value not in enumerated type' warnings
+ */
++#ifndef __GENKSYMS__
+ __SAM_STAT_CHECK_CONDITION = SAM_STAT_CHECK_CONDITION,
++#endif
+
+ SAS_DEV_NO_RESPONSE = 0x80,
+ SAS_DATA_UNDERRUN,
diff --git a/debian/patches/debian/perf-avoid-abi-change-in-3.2.95.patch b/debian/patches/debian/perf-avoid-abi-change-in-3.2.95.patch
new file mode 100644
index 0000000..630e9aa
--- /dev/null
+++ b/debian/patches/debian/perf-avoid-abi-change-in-3.2.95.patch
@@ -0,0 +1,33 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sun, 26 Nov 2017 21:31:22 +0000
+Subject: perf: Avoid ABI change in 3.2.95
+Forwarded: not-needed
+
+Commit c3c87e770458 ('perf: Tighten (and fix) the grouping condition')
+removed perf_event_context::type and its type definition. Add them
+back.
+
+---
+--- a/include/linux/perf_event.h
++++ b/include/linux/perf_event.h
+@@ -866,6 +866,12 @@ struct perf_event {
+ #endif /* CONFIG_PERF_EVENTS */
+ };
+
++/* now unused */
++enum perf_event_context_type {
++ task_context,
++ cpu_context,
++};
++
+ /**
+ * struct perf_event_context - event context structure
+ *
+@@ -873,6 +879,7 @@ struct perf_event {
+ */
+ struct perf_event_context {
+ struct pmu *pmu;
++ enum perf_event_context_type type; /* now unused */
+ /*
+ * Protect the states of the events in the list,
+ * nr_active, and the list:
diff --git a/debian/patches/debian/sched-avoid-abi-change-in-3.2.94.patch b/debian/patches/debian/sched-avoid-abi-change-in-3.2.94.patch
new file mode 100644
index 0000000..cc2368e
--- /dev/null
+++ b/debian/patches/debian/sched-avoid-abi-change-in-3.2.94.patch
@@ -0,0 +1,33 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Mon, 27 Nov 2017 15:02:15 +0000
+Subject: sched: Avoid ABI change in 3.2.94
+Forwarded: not-needed
+
+The backport of commits e0e5070b20e0 "sched: add macros to define bitops
+for task atomic flags" added a new field to struct task_struct which
+will change ABI for most symbols in the kernel.
+
+However, task_struct is always allocated by built-in code and the
+new field is only accessed by built-in code. So move it to the end and
+hide it from genksyms.
+
+---
+--- a/include/linux/sched.h
++++ b/include/linux/sched.h
+@@ -1315,8 +1315,6 @@ struct task_struct {
+ unsigned sched_reset_on_fork:1;
+ unsigned sched_contributes_to_load:1;
+
+- unsigned long atomic_flags; /* Flags needing atomic access. */
+-
+ pid_t pid;
+ pid_t tgid;
+
+@@ -1589,6 +1587,7 @@ struct task_struct {
+ #endif
+ #ifndef __GENKSYMS__
+ unsigned long rt_watchdog_stamp;
++ unsigned long atomic_flags; /* Flags needing atomic access. */
+ #endif
+ };
+
diff --git a/debian/patches/features/all/drm/drm-3.4.patch b/debian/patches/features/all/drm/drm-3.4.patch
index 75fd46e..2c735dd 100644
--- a/debian/patches/features/all/drm/drm-3.4.patch
+++ b/debian/patches/features/all/drm/drm-3.4.patch
@@ -43784,7 +43784,7 @@ index 9b4e5c6d1cfb..39f81115fcf1 100644
return ret;
diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c
-index ca67338e5533..38c0a4720cc8 100644
+index 8ea257ef1139..38c0a4720cc8 100644
--- a/drivers/gpu/drm/i915/i915_dma.c
+++ b/drivers/gpu/drm/i915/i915_dma.c
@@ -781,6 +781,12 @@ static int i915_getparam(struct drm_device *dev, void *data,
@@ -43904,7 +43904,23 @@ index ca67338e5533..38c0a4720cc8 100644
/* overlay on gen2 is broken and can't address above 1G */
if (IS_GEN2(dev))
dma_set_coherent_mask(&dev->pdev->dev, DMA_BIT_MASK(30));
-@@ -2101,12 +2147,14 @@ int i915_driver_load(struct drm_device *dev, unsigned long flags)
+@@ -2059,12 +2105,10 @@ int i915_driver_load(struct drm_device *dev, unsigned long flags)
+ * and the registers being closely associated.
+ *
+ * According to chipset errata, on the 965GM, MSI interrupts may
+- * be lost or delayed, and was defeatured. MSI interrupts seem to
+- * get lost on g4x as well, and interrupt delivery seems to stay
+- * properly dead afterwards. So we'll just disable them for all
+- * pre-gen5 chipsets.
++ * be lost or delayed, but we use them anyways to avoid
++ * stuck interrupts on some machines.
+ */
+- if (INTEL_INFO(dev)->gen >= 5)
++ if (!IS_I945G(dev) && !IS_I945GM(dev))
+ pci_enable_msi(dev->pdev);
+
+ spin_lock_init(&dev_priv->gt_lock);
+@@ -2103,12 +2147,14 @@ int i915_driver_load(struct drm_device *dev, unsigned long flags)
setup_timer(&dev_priv->hangcheck_timer, i915_hangcheck_elapsed,
(unsigned long) dev);
@@ -43924,7 +43940,7 @@ index ca67338e5533..38c0a4720cc8 100644
return 0;
-@@ -2149,7 +2197,7 @@ int i915_driver_unload(struct drm_device *dev)
+@@ -2151,7 +2197,7 @@ int i915_driver_unload(struct drm_device *dev)
unregister_shrinker(&dev_priv->mm.inactive_shrinker);
mutex_lock(&dev->struct_mutex);
@@ -43933,7 +43949,7 @@ index ca67338e5533..38c0a4720cc8 100644
if (ret)
DRM_ERROR("failed to idle hardware: %d\n", ret);
mutex_unlock(&dev->struct_mutex);
-@@ -2202,6 +2250,7 @@ int i915_driver_unload(struct drm_device *dev)
+@@ -2204,6 +2250,7 @@ int i915_driver_unload(struct drm_device *dev)
i915_gem_free_all_phys_object(dev);
i915_gem_cleanup_ringbuffer(dev);
mutex_unlock(&dev->struct_mutex);
@@ -43941,7 +43957,7 @@ index ca67338e5533..38c0a4720cc8 100644
if (I915_HAS_FBC(dev) && i915_powersave)
i915_cleanup_compression(dev);
drm_mm_takedown(&dev_priv->mm.stolen);
-@@ -2267,18 +2316,12 @@ void i915_driver_lastclose(struct drm_device * dev)
+@@ -2269,18 +2316,12 @@ void i915_driver_lastclose(struct drm_device * dev)
i915_gem_lastclose(dev);
@@ -43960,7 +43976,7 @@ index ca67338e5533..38c0a4720cc8 100644
}
void i915_driver_postclose(struct drm_device *dev, struct drm_file *file)
-@@ -2297,11 +2340,11 @@ struct drm_ioctl_desc i915_ioctls[] = {
+@@ -2299,11 +2340,11 @@ struct drm_ioctl_desc i915_ioctls[] = {
DRM_IOCTL_DEF_DRV(I915_IRQ_WAIT, i915_irq_wait, DRM_AUTH),
DRM_IOCTL_DEF_DRV(I915_GETPARAM, i915_getparam, DRM_AUTH),
DRM_IOCTL_DEF_DRV(I915_SETPARAM, i915_setparam, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY),
@@ -43976,7 +43992,7 @@ index ca67338e5533..38c0a4720cc8 100644
DRM_IOCTL_DEF_DRV(I915_SET_VBLANK_PIPE, i915_vblank_pipe_set, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY),
DRM_IOCTL_DEF_DRV(I915_GET_VBLANK_PIPE, i915_vblank_pipe_get, DRM_AUTH),
DRM_IOCTL_DEF_DRV(I915_VBLANK_SWAP, i915_vblank_swap, DRM_AUTH),
-@@ -2329,6 +2372,8 @@ struct drm_ioctl_desc i915_ioctls[] = {
+@@ -2331,6 +2372,8 @@ struct drm_ioctl_desc i915_ioctls[] = {
DRM_IOCTL_DEF_DRV(I915_GEM_MADVISE, i915_gem_madvise_ioctl, DRM_UNLOCKED),
DRM_IOCTL_DEF_DRV(I915_OVERLAY_PUT_IMAGE, intel_overlay_put_image, DRM_MASTER|DRM_CONTROL_ALLOW|DRM_UNLOCKED),
DRM_IOCTL_DEF_DRV(I915_OVERLAY_ATTRS, intel_overlay_attrs, DRM_MASTER|DRM_CONTROL_ALLOW|DRM_UNLOCKED),
@@ -43986,7 +44002,7 @@ index ca67338e5533..38c0a4720cc8 100644
int i915_max_ioctl = DRM_ARRAY_SIZE(i915_ioctls);
diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c
-index e216c21110e4..89f3d4aed664 100644
+index ba62adaebda2..89f3d4aed664 100644
--- a/drivers/gpu/drm/i915/i915_drv.c
+++ b/drivers/gpu/drm/i915/i915_drv.c
@@ -66,7 +66,11 @@ MODULE_PARM_DESC(semaphores,
@@ -44168,7 +44184,9 @@ index e216c21110e4..89f3d4aed664 100644
+ * with forcewake not set correctly
+ */
+ spin_lock_irqsave(&dev_priv->gt_lock, irqflags);
-+
+
+- I915_WRITE(GEN6_GDRST, GEN6_GRDOM_FULL);
+- return wait_for((I915_READ(GEN6_GDRST) & GEN6_GRDOM_FULL) == 0, 500);
+ /* Reset the chip */
+
+ /* GEN6_GDRST is not in the gt power well, no need to check
@@ -44179,9 +44197,7 @@ index e216c21110e4..89f3d4aed664 100644
+
+ /* Spin waiting for the device to ack the reset request */
+ ret = wait_for((I915_READ_NOTRACE(GEN6_GDRST) & GEN6_GRDOM_FULL) == 0, 500);
-
-- I915_WRITE(GEN6_GDRST, GEN6_GRDOM_FULL);
-- return wait_for((I915_READ(GEN6_GDRST) & GEN6_GRDOM_FULL) == 0, 500);
++
+ /* If reset with a user forcewake, try to restore, otherwise turn it off */
+ if (dev_priv->forcewake_count)
+ dev_priv->display.force_wake_get(dev_priv);
@@ -44283,16 +44299,16 @@ index e216c21110e4..89f3d4aed664 100644
.name = DRIVER_NAME,
.desc = DRIVER_DESC,
.date = DRIVER_DATE,
-@@ -974,17 +1000,21 @@ MODULE_LICENSE("GPL and additional rights");
- /* We give fast paths for the really cool registers */
- #define NEEDS_FORCE_WAKE(dev_priv, reg) \
- ((HAS_FORCE_WAKE((dev_priv)->dev)) && \
-- ((reg) < 0x40000) && \
-- ((reg) != FORCEWAKE) && \
-- ((reg) != ECOBUS))
+@@ -971,13 +997,24 @@ MODULE_AUTHOR(DRIVER_AUTHOR);
+ MODULE_DESCRIPTION(DRIVER_DESC);
+ MODULE_LICENSE("GPL and additional rights");
+
++/* We give fast paths for the really cool registers */
++#define NEEDS_FORCE_WAKE(dev_priv, reg) \
++ ((HAS_FORCE_WAKE((dev_priv)->dev)) && \
+ ((reg) < 0x40000) && \
+ ((reg) != FORCEWAKE))
-
++
#define __i915_read(x, y) \
u##x i915_read##x(struct drm_i915_private *dev_priv, u32 reg) { \
u##x val = 0; \
@@ -44310,7 +44326,7 @@ index e216c21110e4..89f3d4aed664 100644
} else { \
val = read##y(dev_priv->regs + reg); \
} \
-@@ -1000,11 +1030,15 @@ __i915_read(64, q)
+@@ -993,11 +1030,15 @@ __i915_read(64, q)
#define __i915_write(x, y) \
void i915_write##x(struct drm_i915_private *dev_priv, u32 reg, u##x val) { \
@@ -44328,7 +44344,7 @@ index e216c21110e4..89f3d4aed664 100644
__i915_write(8, b)
__i915_write(16, w)
diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
-index 61274bf52e5a..a8f00d06a46f 100644
+index 783153a6b98a..a8f00d06a46f 100644
--- a/drivers/gpu/drm/i915/i915_drv.h
+++ b/drivers/gpu/drm/i915/i915_drv.h
@@ -35,6 +35,7 @@
@@ -44674,7 +44690,7 @@ index 61274bf52e5a..a8f00d06a46f 100644
void i915_gem_restore_gtt_mappings(struct drm_device *dev);
int __must_check i915_gem_gtt_bind_object(struct drm_i915_gem_object *obj);
void i915_gem_gtt_rebind_object(struct drm_i915_gem_object *obj,
-@@ -1365,14 +1456,7 @@ extern void intel_display_print_error_state(struct seq_file *m,
+@@ -1365,13 +1456,7 @@ extern void intel_display_print_error_state(struct seq_file *m,
*/
void gen6_gt_force_wake_get(struct drm_i915_private *dev_priv);
void gen6_gt_force_wake_put(struct drm_i915_private *dev_priv);
@@ -44682,10 +44698,9 @@ index 61274bf52e5a..a8f00d06a46f 100644
-
-/* We give fast paths for the really cool registers */
-#define NEEDS_FORCE_WAKE(dev_priv, reg) \
-- (((dev_priv)->info->gen >= 6) && \
+- ((HAS_FORCE_WAKE((dev_priv)->dev)) && \
- ((reg) < 0x40000) && \
-- ((reg) != FORCEWAKE) && \
-- ((reg) != ECOBUS))
+- ((reg) != FORCEWAKE))
+int __gen6_gt_wait_for_fifo(struct drm_i915_private *dev_priv);
#define __i915_read(x, y) \
@@ -47803,7 +47818,7 @@ index fee0ad02c6d0..b4f71c22e07d 100644
drm_encoder_helper_add(&crt->base.base, &intel_crt_helper_funcs);
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index c7b54280e2b7..c975c996ff5f 100644
+index 4a7d597ca80c..c975c996ff5f 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -76,7 +76,7 @@ struct intel_limit {
@@ -49327,24 +49342,7 @@ index c7b54280e2b7..c975c996ff5f 100644
/* Apply the WaDisableRHWOOptimizationForRenderHang workaround. */
I915_WRITE(GEN7_COMMON_SLICE_CHICKEN1,
GEN7_CSC1_RHWO_OPT_DISABLE_IN_RCC);
-@@ -8699,9 +9031,15 @@ static void intel_init_display(struct drm_device *dev)
- if (IS_IVYBRIDGE(dev)) {
- u32 ecobus;
-
-+ /* A small trick here - if the bios hasn't configured MT forcewake,
-+ * and if the device is in RC6, then force_wake_mt_get will not wake
-+ * the device and the ECOBUS read will return zero. Which will be
-+ * (correctly) interpreted by the test below as MT forcewake being
-+ * disabled.
-+ */
- mutex_lock(&dev->struct_mutex);
- __gen6_gt_force_wake_mt_get(dev_priv);
-- ecobus = I915_READ(ECOBUS);
-+ ecobus = I915_READ_NOTRACE(ECOBUS);
- __gen6_gt_force_wake_mt_put(dev_priv);
- mutex_unlock(&dev->struct_mutex);
-
-@@ -8733,6 +9071,7 @@ static void intel_init_display(struct drm_device *dev)
+@@ -8739,6 +9071,7 @@ static void intel_init_display(struct drm_device *dev)
} else if (IS_GEN6(dev)) {
if (SNB_READ_WM0_LATENCY()) {
dev_priv->display.update_wm = sandybridge_update_wm;
@@ -49352,7 +49350,7 @@ index c7b54280e2b7..c975c996ff5f 100644
} else {
DRM_DEBUG_KMS("Failed to read display plane latency. "
"Disable CxSR\n");
-@@ -8746,6 +9085,7 @@ static void intel_init_display(struct drm_device *dev)
+@@ -8752,6 +9085,7 @@ static void intel_init_display(struct drm_device *dev)
dev_priv->display.fdi_link_train = ivb_manual_fdi_link_train;
if (SNB_READ_WM0_LATENCY()) {
dev_priv->display.update_wm = sandybridge_update_wm;
@@ -49360,7 +49358,7 @@ index c7b54280e2b7..c975c996ff5f 100644
} else {
DRM_DEBUG_KMS("Failed to read display plane latency. "
"Disable CxSR\n");
-@@ -8851,24 +9191,24 @@ static void quirk_ssc_force_disable(struct drm_device *dev)
+@@ -8857,24 +9191,24 @@ static void quirk_ssc_force_disable(struct drm_device *dev)
}
/*
@@ -49394,7 +49392,7 @@ index c7b54280e2b7..c975c996ff5f 100644
}
struct intel_quirk {
-@@ -8907,8 +9247,6 @@ static const struct intel_dmi_quirk intel_dmi_quirks[] = {
+@@ -8913,8 +9247,6 @@ static const struct intel_dmi_quirk intel_dmi_quirks[] = {
};
struct intel_quirk intel_quirks[] = {
@@ -49403,7 +49401,7 @@ index c7b54280e2b7..c975c996ff5f 100644
/* HP Mini needs pipe A force quirk (LP: #322104) */
{ 0x27ae, 0x103c, 0x361a, quirk_pipea_force },
-@@ -8946,12 +9284,6 @@ struct intel_quirk intel_quirks[] = {
+@@ -8952,12 +9284,6 @@ struct intel_quirk intel_quirks[] = {
/* Acer/Packard Bell NCL20 */
{ 0x2a42, 0x1025, 0x034b, quirk_invert_brightness },
@@ -49416,7 +49414,7 @@ index c7b54280e2b7..c975c996ff5f 100644
/* Dell XPS13 HD Sandy Bridge */
{ 0x0116, 0x1028, 0x052e, quirk_no_pcm_pwm_enable },
/* Dell XPS13 HD and XPS13 FHD Ivy Bridge */
-@@ -9022,13 +9354,16 @@ void i915_redisable_vga(struct drm_device *dev)
+@@ -9028,13 +9354,16 @@ void i915_redisable_vga(struct drm_device *dev)
void intel_modeset_init(struct drm_device *dev)
{
struct drm_i915_private *dev_priv = dev->dev_private;
@@ -49434,7 +49432,7 @@ index c7b54280e2b7..c975c996ff5f 100644
dev->mode_config.funcs = (void *)&intel_mode_funcs;
intel_init_quirks(dev);
-@@ -9052,6 +9387,9 @@ void intel_modeset_init(struct drm_device *dev)
+@@ -9058,6 +9387,9 @@ void intel_modeset_init(struct drm_device *dev)
for (i = 0; i < dev_priv->num_pipe; i++) {
intel_crtc_init(dev, i);
@@ -49444,7 +49442,7 @@ index c7b54280e2b7..c975c996ff5f 100644
}
/* Just disable it once at startup */
-@@ -9161,15 +9499,14 @@ void intel_connector_attach_encoder(struct intel_connector *connector,
+@@ -9167,15 +9499,14 @@ void intel_connector_attach_encoder(struct intel_connector *connector,
int intel_modeset_vga_set_state(struct drm_device *dev, bool state)
{
struct drm_i915_private *dev_priv = dev->dev_private;
@@ -99574,7 +99572,7 @@ index 93577f2e2954..68daca412cbd 100644
return NULL;
}
diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c
-index 508c64ce5d9e..578207ecc43f 100644
+index 08f2fe7a3374..578207ecc43f 100644
--- a/drivers/gpu/drm/ttm/ttm_page_alloc.c
+++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c
@@ -30,6 +30,9 @@
@@ -99698,7 +99696,7 @@ index 508c64ce5d9e..578207ecc43f 100644
/* store already allocated pages in the pool after
* setting the caching state */
-@@ -606,8 +590,7 @@ static void ttm_page_pool_fill_locked(struct ttm_page_pool *pool,
+@@ -606,10 +590,9 @@ static void ttm_page_pool_fill_locked(struct ttm_page_pool *pool,
++pool->nrefills;
pool->npages += alloc_size;
} else {
@@ -99706,8 +99704,11 @@ index 508c64ce5d9e..578207ecc43f 100644
- "Failed to fill pool (%p).", pool);
+ pr_err("Failed to fill pool (%p)\n", pool);
/* If we have any pages left put them to the pool. */
- list_for_each_entry(p, &pool->list, lru) {
+- list_for_each_entry(p, &new_pages, lru) {
++ list_for_each_entry(p, &pool->list, lru) {
++cpages;
+ }
+ list_splice(&new_pages, &pool->list);
@@ -626,8 +609,10 @@ static void ttm_page_pool_fill_locked(struct ttm_page_pool *pool,
* @return count of pages still required to fulfill the request.
*/
diff --git a/debian/patches/features/all/rt/0110-mm-page_alloc-rt-friendly-per-cpu-pages.patch b/debian/patches/features/all/rt/0110-mm-page_alloc-rt-friendly-per-cpu-pages.patch
index 1e27912..3cfbaa9 100644
--- a/debian/patches/features/all/rt/0110-mm-page_alloc-rt-friendly-per-cpu-pages.patch
+++ b/debian/patches/features/all/rt/0110-mm-page_alloc-rt-friendly-per-cpu-pages.patch
@@ -12,23 +12,22 @@ Contains fixes from:
Signed-off-by: Ingo Molnar <mingo at elte.hu>
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
+[bwh: Forward-ported to 3.2.95: adjust context]
---
mm/page_alloc.c | 55 +++++++++++++++++++++++++++++++++++++++----------------
1 file changed, 39 insertions(+), 16 deletions(-)
-diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index b32ce9009f24..7e3d64fe62e3 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
-@@ -57,6 +57,7 @@
- #include <linux/ftrace_event.h>
+@@ -58,6 +58,7 @@
#include <linux/memcontrol.h>
#include <linux/prefetch.h>
+ #include <linux/nmi.h>
+#include <linux/locallock.h>
#include <asm/tlbflush.h>
#include <asm/div64.h>
-@@ -222,6 +223,18 @@ EXPORT_SYMBOL(nr_node_ids);
+@@ -223,6 +224,18 @@ EXPORT_SYMBOL(nr_node_ids);
EXPORT_SYMBOL(nr_online_nodes);
#endif
@@ -47,7 +46,7 @@ index b32ce9009f24..7e3d64fe62e3 100644
int page_group_by_mobility_disabled __read_mostly;
static void set_pageblock_migratetype(struct page *page, int migratetype)
-@@ -683,13 +696,13 @@ static void __free_pages_ok(struct page *page, unsigned int order)
+@@ -684,13 +697,13 @@ static void __free_pages_ok(struct page
if (!free_pages_prepare(page, order))
return;
@@ -63,7 +62,7 @@ index b32ce9009f24..7e3d64fe62e3 100644
}
/*
-@@ -1067,14 +1080,14 @@ void drain_zone_pages(struct zone *zone, struct per_cpu_pages *pcp)
+@@ -1068,14 +1081,14 @@ void drain_zone_pages(struct zone *zone,
unsigned long flags;
int to_drain;
@@ -80,7 +79,7 @@ index b32ce9009f24..7e3d64fe62e3 100644
}
#endif
-@@ -1094,7 +1107,7 @@ static void drain_pages(unsigned int cpu)
+@@ -1095,7 +1108,7 @@ static void drain_pages(unsigned int cpu
struct per_cpu_pageset *pset;
struct per_cpu_pages *pcp;
@@ -89,7 +88,7 @@ index b32ce9009f24..7e3d64fe62e3 100644
pset = per_cpu_ptr(zone->pageset, cpu);
pcp = &pset->pcp;
-@@ -1102,7 +1115,7 @@ static void drain_pages(unsigned int cpu)
+@@ -1103,7 +1116,7 @@ static void drain_pages(unsigned int cpu
free_pcppages_bulk(zone, pcp->count, pcp);
pcp->count = 0;
}
@@ -98,7 +97,7 @@ index b32ce9009f24..7e3d64fe62e3 100644
}
}
-@@ -1119,7 +1132,14 @@ void drain_local_pages(void *arg)
+@@ -1120,7 +1133,14 @@ void drain_local_pages(void *arg)
*/
void drain_all_pages(void)
{
@@ -113,7 +112,7 @@ index b32ce9009f24..7e3d64fe62e3 100644
}
#ifdef CONFIG_HIBERNATION
-@@ -1175,7 +1195,7 @@ void free_hot_cold_page(struct page *page, int cold)
+@@ -1191,7 +1211,7 @@ void free_hot_cold_page(struct page *pag
migratetype = get_pageblock_migratetype(page);
set_page_private(page, migratetype);
@@ -122,7 +121,7 @@ index b32ce9009f24..7e3d64fe62e3 100644
if (unlikely(wasMlocked))
free_page_mlock(page);
__count_vm_event(PGFREE);
-@@ -1207,7 +1227,7 @@ void free_hot_cold_page(struct page *page, int cold)
+@@ -1223,7 +1243,7 @@ void free_hot_cold_page(struct page *pag
}
out:
@@ -131,7 +130,7 @@ index b32ce9009f24..7e3d64fe62e3 100644
}
/*
-@@ -1302,7 +1322,7 @@ struct page *buffered_rmqueue(struct zone *preferred_zone,
+@@ -1318,7 +1338,7 @@ again:
struct per_cpu_pages *pcp;
struct list_head *list;
@@ -140,7 +139,7 @@ index b32ce9009f24..7e3d64fe62e3 100644
pcp = &this_cpu_ptr(zone->pageset)->pcp;
list = &pcp->lists[migratetype];
if (list_empty(list)) {
-@@ -1334,17 +1354,19 @@ struct page *buffered_rmqueue(struct zone *preferred_zone,
+@@ -1350,17 +1370,19 @@ again:
*/
WARN_ON_ONCE(order > 1);
}
@@ -164,7 +163,7 @@ index b32ce9009f24..7e3d64fe62e3 100644
VM_BUG_ON(bad_range(zone, page));
if (prep_new_page(page, order, gfp_flags))
-@@ -1352,7 +1374,7 @@ struct page *buffered_rmqueue(struct zone *preferred_zone,
+@@ -1368,7 +1390,7 @@ again:
return page;
failed:
@@ -173,7 +172,7 @@ index b32ce9009f24..7e3d64fe62e3 100644
return NULL;
}
-@@ -3737,10 +3759,10 @@ static int __zone_pcp_update(void *data)
+@@ -3753,10 +3775,10 @@ static int __zone_pcp_update(void *data)
pset = per_cpu_ptr(zone->pageset, cpu);
pcp = &pset->pcp;
@@ -186,7 +185,7 @@ index b32ce9009f24..7e3d64fe62e3 100644
}
return 0;
}
-@@ -5106,6 +5128,7 @@ static int page_alloc_cpu_notify(struct notifier_block *self,
+@@ -5122,6 +5144,7 @@ static int page_alloc_cpu_notify(struct
void __init page_alloc_init(void)
{
hotcpu_notifier(page_alloc_cpu_notify, 0);
diff --git a/debian/patches/features/all/rt/0141-sched-delay-put-task.patch.patch b/debian/patches/features/all/rt/0141-sched-delay-put-task.patch.patch
index 281be64..85769fe 100644
--- a/debian/patches/features/all/rt/0141-sched-delay-put-task.patch.patch
+++ b/debian/patches/features/all/rt/0141-sched-delay-put-task.patch.patch
@@ -11,9 +11,9 @@ Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
-@@ -1607,6 +1607,9 @@ struct task_struct {
- #ifndef __GENKSYMS__
+@@ -1608,6 +1608,9 @@ struct task_struct {
unsigned long rt_watchdog_stamp;
+ unsigned long atomic_flags; /* Flags needing atomic access. */
#endif
+#ifdef CONFIG_PREEMPT_RT_BASE
+ struct rcu_head put_rcu;
@@ -21,7 +21,7 @@ Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
};
/* Future-safe accessor for struct task_struct's cpus_allowed. */
-@@ -1804,6 +1807,15 @@ extern struct pid *cad_pid;
+@@ -1810,6 +1813,15 @@ extern struct pid *cad_pid;
extern void free_task(struct task_struct *tsk);
#define get_task_struct(tsk) do { atomic_inc(&(tsk)->usage); } while(0)
@@ -37,7 +37,7 @@ Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
extern void __put_task_struct(struct task_struct *t);
static inline void put_task_struct(struct task_struct *t)
-@@ -1811,6 +1823,7 @@ static inline void put_task_struct(struct task_struct *t)
+@@ -1817,6 +1829,7 @@ static inline void put_task_struct(struc
if (atomic_dec_and_test(&t->usage))
__put_task_struct(t);
}
@@ -45,11 +45,9 @@ Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
extern void task_times(struct task_struct *p, cputime_t *ut, cputime_t *st);
extern void thread_group_times(struct task_struct *p, cputime_t *ut, cputime_t *st);
-diff --git a/kernel/fork.c b/kernel/fork.c
-index 84115e74de17..8b739b021c35 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
-@@ -198,7 +198,18 @@ void __put_task_struct(struct task_struct *tsk)
+@@ -198,7 +198,18 @@ void __put_task_struct(struct task_struc
if (!profile_handoff_task(tsk))
free_task(tsk);
}
diff --git a/debian/patches/features/all/rt/0217-fs-block-rt-support.patch.patch b/debian/patches/features/all/rt/0217-fs-block-rt-support.patch.patch
index d905982..369f960 100644
--- a/debian/patches/features/all/rt/0217-fs-block-rt-support.patch.patch
+++ b/debian/patches/features/all/rt/0217-fs-block-rt-support.patch.patch
@@ -4,29 +4,26 @@ Subject: [PATCH 217/397] fs-block-rt-support.patch
Origin: https://git.kernel.org/cgit/linux/kernel/git/rt/linux-stable-rt.git/commit?id=248dc055bb636716e4941b69937711969097c89a
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
+[bwh: Forward-ported to 3.2.96: blk_start_queue() checks for !in_interrupt()]
---
block/blk-core.c | 2 +-
fs/file.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
-diff --git a/block/blk-core.c b/block/blk-core.c
-index 527f5d57e58a..6795c5483078 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -235,7 +235,7 @@ EXPORT_SYMBOL(blk_delay_queue);
**/
void blk_start_queue(struct request_queue *q)
{
-- WARN_ON(!irqs_disabled());
-+ WARN_ON_NONRT(!irqs_disabled());
+- WARN_ON(!in_interrupt() && !irqs_disabled());
++ WARN_ON_NONRT(!in_interrupt() && !irqs_disabled());
queue_flag_clear(QUEUE_FLAG_STOPPED, q);
__blk_run_queue(q);
-diff --git a/fs/file.c b/fs/file.c
-index 05e88e2aa148..9161ecc506f9 100644
--- a/fs/file.c
+++ b/fs/file.c
-@@ -105,14 +105,14 @@ void free_fdtable_rcu(struct rcu_head *rcu)
+@@ -105,14 +105,14 @@ void free_fdtable_rcu(struct rcu_head *r
kfree(fdt->open_fds);
kfree(fdt);
} else {
diff --git a/debian/patches/series b/debian/patches/series
index 41c2ac1..4a6ea96 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1110,12 +1110,6 @@ bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch
bugfix/x86/vmwgfx-null-pointer-dereference-in-vmw_surface_define_ioctl.patch
bugfix/x86/drm-vmwgfx-fix-integer-overflow-in-vmw_surface_define_ioctl.patch
bugfix/arm/mm-larger-stack-guard-gap-between-vmas-arm-topdown.patch
-bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch
-bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch
-bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch
-bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch
-bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch
-bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch
# ABI maintenance
debian/perf-hide-abi-change-in-3.2.30.patch
@@ -1187,3 +1181,7 @@ debian/net-fix-abi-change-for-sk_filter-changes.patch
debian/net-avoid-abi-change-for-net-fix-sk_mem_reclaim_partial.patch
debian/ptrace-avoid-abi-change-in-3.2.93.patch
debian/xfrm-avoid-abi-change-in-3.2.93.patch
+debian/sched-avoid-abi-change-in-3.2.94.patch
+debian/ip6_fib-avoid-abi-change-in-3.2.95.patch
+debian/libsas-avoid-abi-change-in-3.2.95.patch
+debian/perf-avoid-abi-change-in-3.2.95.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list